IBM Cloud for SAP

Cloud for SAP Community

Join us to learn more about deploying SAP landscape on IBM Cloud from this community of collaborative experts and IBM Cloud product users.

 View Only

IBM–SAP Collaboration Delivers the First Quantum‑Safe SAP CommonCryptoLib

By Turgut Aslan posted 6 days ago

  

Quantum computing is advancing rapidly. Current projections suggest that by around 2029, quantum computers may reach the maturity needed to solve certain complex problems that would require unrealistic amounts of time or energy on classical computers.


One practical area already affected today is cryptography. Modern IT communication and transactions—whether browsing social platforms or conducting business—rely on cryptographic algorithms that will be vulnerable to future quantum attacks. This risk also includes “harvest now, decrypt later” scenarios, where encrypted data is collected today with the intention of decrypting it once quantum‑capable systems become available.


The good news: quantum‑safe algorithms already exist. These algorithms are based on mathematical problems considered extremely difficult to solve— even with quantum computers. On August 13, 2024, NIST finalized the first three Post‑Quantum Cryptography (PQC) standards: ML‑KEM, ML‑DSA, and SLH‑DSA. Notably, two of these (ML‑KEM and ML‑DSA) were contributed by IBM’s Zürich Research Lab.


IBM has made quantum‑resistant algorithms freely available through libOQS, which are integrated there by IBM Research Zurich. As part of a close collaboration between IBM and SAP during the past two years, SAP has integrated relevant parts of the libOQS implementations of ML-KEM and ML-DSA into the SAP Cryptographic Library.


On Friday, December 12th, 2025, SAP announced the release of the new SAP Cryptographic Library 8.6, now featuring quantum‑safe cryptography:


👉 Read the SAP Community Blog


For software vendors, the time to adopt, test, and integrate post‑quantum cryptography is now, if it hasn’t started already. Organizations should at minimum assess the quantum‑related risks to their data. Regulatory frameworks in both the U.S. and Europe already outline expectations for PQC migration:


    • High‑risk applications must transition by end of 2030.
    • Medium‑risk applications must have a transition plan and begin migration, targeting end of 2035.

Which of your critical systems should be evaluated first for quantum‑related risk?

Image Source: IBM Image Gallery

0 comments
15 views

Permalink

https://community.ibm.com/community/user/blogs/turgut-aslan/2025/12/16/sap-quantum-safe-commoncryptolib