Did you know that IBM DataPower v10.6.2 includes a Tech Preview for new algorithms that protect your encrypted data in transit from the threat of attack by malicious actors using quantum computers? Find out below why this important innovation is paving the way to ensure your continued enterprise security!
Why is quantum-safe encryption important?
Most of the world’s encrypted traffic depends upon “asymmetric encryption” where a public and private key pair are used to secure traffic between different endpoints, to avoid the need to securely exchange a shared encryption key between the sender and receiver.
Any time you use a web browser to view a website, do online shopping or transfer money through your bank accounts the metaphorical green padlock of TLS encryption ensures that data such as your username and password, personal details and commercially sensitive secrets are encrypted in transit as they cross the internet so that they cannot be intercepted my malicious actors snooping on network traffic. The same is true across the business world – whether that data is shared internally between departments, between and enterprise and its customers (B2C) or between an enterprise and its partners or ecosystem (B2B).
However, many of the world’s most widely used encryption algorithms such as RSA and elliptic curve cryptography are based on the mathematical premise that it’s computationally infeasible to factor a large integer into its prime number factors – which is true for the classical computers with which we are all familiar, but is threatening to be broken by the emerging world of quantum computers, which will be able to solve certain types of mathematical problem like that in a matter of hours.
Quantum-safe encryption (also referred to as post-quantum cryptography or PQC) is used to describe new styles of encryption technique that don’t depend upon prime number factorisation and so will remain secure even in the face of powerful future quantum computers.
How worried should I be?
As far as the publicly described state-of-the-art for quantum computers go, we’re not yet in the position that the world’s encryption can be broken – but given the importance of the data that we all secure it’s critical to solve this problem before quantum computing matures to that point!
The first concrete example using quantum computers to factor an integer into its prime factors was demonstrated by IBM in 2001 using something called Shor’s algorithm – but only to factor the number 15 (4 bits) into 3 x 5. More recently in 2019 there was an attempt to factorize the number 35 (6 bits) on an IBM Q System One machine which was unsuccessful because scaling this process to larger numbers relies on the quantum computer remaining free of noise and errors – which is a major challenge today as the size of the quantum device increases.
With typical encryption today relying on numbers that are 1024 or 2048 bits in length we are still a significant way off this being an everyday concern. However, quantum computers are improving rapidly – and there is also the likelihood that given the value of the commercial, national security or malicious actor implications of succeeding in this quest we won’t be told publicly when it does actually happen, so it’s important to work now to transition to more secure encryption techniques!
An additional concern is that this isn’t just about the ability to crack encryption in real-time; for certain types of data that maintain the importance of their content over the long term malicious actors might choose to “harvest now, decrypt later” – i.e. save away a copy of large volumes of encrypted data now, with the intention of decrypting it in months or years’ time when access to reliable quantum computers becomes possible – a point which is sometimes referred to as “Y2Q” or “Q-Day”.
How is IBM and DataPower leading the way in this area?
With IBM being a leader in both quantum computing and IT security it won’t come as a surprise to see that we are at the forefront of efforts to address this problem.
IBM Researchers in Zurich are responsible for developing two new cryptographic schemes, along with a third co-developed by a scientist who since joined IBM Research were adopted by the standards body NIST in August 2024 as standards to strengthen public-key cryptography:
- ML-KEM, standardized as FIPS 203 (derived from CRYSTALS-Kyber) — a key encapsulation mechanism (KEM) which allows the two endpoints to securely establish a shared secret that can then be used for symmetric encryption of data
- ML-DSA, standardized as FIPS 204 (derived from CRYSTALS-Dilithium) — a module lattice-based digital signature algorithm chosen to be used for general-purpose digital signature protocols
- SLH-DSA, standardized as FIPS 205 (derived from SPHINCS+) — a stateless hash-based digital signature scheme
These algorithms avoid the same weaknesses as traditional encryption techniques because they don’t depend on the technique of factoring large integers into their prime factors. The “ML” prefix here stands for “module lattice” which refers to mathematical objects in n-dimensional space, and proofs that certain problems in this domain such as the “shortest vector problem” are computationally infeasible, even for quantum computers. “SLH” refers to stateless hash-based scheme which is a different area of mathematics that again does not depend upon prime factorisation. The intention from NIST is to have two completely different style of quantum-safe algorithm in play so that in the event one approach is subsequently found to be broken there will still be a separate path that should not be affected by the same vector.
In the Technical Preview as part of DataPower v10.6.2 we have introduced three flavors of the ML-KEM algorithm: ML-KEM-512, ML-KEM-768 and ML-KEM-1024 that enable quantum-safe encryption. These can be configured for both connections into DataPower (using the TLS server profile) and out of DataPower (TLS client profile).
These three options all use the same ML-KEM algorithm, but with increasing sizes of public/private key generation which provides higher security as they increase, and the expense of decreasing end-to-end performance. The ML-KEM 512/768/1024 configurations are described as providing quantum-safe encryption at a level roughly equivalent to AES-128, AES-192 and AES-256 respectively.
We also offer a series of “hybrid” algorithms that use a combination of the quantum-safe ML-KEM algorithm coupled with classical algorithms to leverage the strengths of both styles in specific parts of the encryption process while mitigating the drawbacks.
What else do I need to know?
The actions taken by both IBM and the industry along with the NIST standards body represent major steps forward in the work to protect the world’s sensitive data from the impending challenges on quantum computing – however there is much work still to be done!
In particular, from a practical perspective while the algorithms described above have been standardized by NIST, there is not yet a standardized way to embed these algorithms into runtime protocols such as TLS, SSH, X.509 etc and so the industry does not yet have the ability for different implementations of these algorithms to interoperate with each other.
Progress towards the protocol standardization is underway, for example DataPower’s implementation for the Tech Preview internally makes use of technology from the Open Quantum Safe (OQS) initiative – which provides both the “liboqs” library that implements the algorithms, and a prototype integration of those algorithms into the TLS protocol. This means that today a DataPower tech preview instance can communicate using quantum-safe algorithms with another DataPower tech preview instance – and with other processes that are also using the Open Quantum Safe implementations, which could include the OQS provider for OpenSSL.
As work in this area matures over time, I expect an industry standard solution to the protocol question to be agreed, and subsequently embedded into all the relevant technology stacks, so that quantum-safe encryption algorithms we can used successfully between any two compliant endpoints in the same way as exists today for conventional encryption algorithms.
Summary
The rapidly growing strength of quantum computers pose a significant security threat to the world’s current approaches to encrypting sensitive data by rendering it feasible to crack data encrypted with conventional algorithms.
IBM is at the forefront of work to develop new encryption algorithms that will continue to be secure even from the power of quantum computers, and IBM DataPower – along with other IBM offerings – are delivering technical previews for use of these quantum-safe algorithms so that enterprises can prepare to transition to this more advanced security mechanism in order to securely protect their sensitive business data.
References