Quantum computers pose a risk to the protection of data, both at rest and in transit. While today’s standards of encryption are sufficient to protect against binary computers, the computational power of Quantum computers break these standards. New quantum resilient encryption algorithms and standards are needed to protect against the Quantum threat. 

Luckily, the realisation of the quantum threat is not new, in 2016 NIST made a call for proposals of new algorithms and standards that were resistant to quantum computers attacks. Since then several algorithms have been submitted with three quantum resistant algorithms being recently announced by NIST as finalized. (two of which were developed by IBM! You can read IBM’s press release here).

While this progress takes us closer to being able to adopt quantum safe standards, there is still work that needs to be done before these standards will be available and production ready. However, there are still changes we can make in preparation for quantum safe. In this blog post I am to provide some guidance on actions you can take to prepare for quantum safe standards.

How long before we can be Quantum Safe?

For products to be able to claim to be quantum safe quantum safe algorithms must be adopted throughout for all cryptography. Some of the quantum safe algorithms are available today and have been for some time. Others are in progress needing standardization and widespread adoption.

For Symmetric encryption and hashing of data, today’s (modern) algorithms are sufficient so long as they are paired with an adequate key size. AES-128 and SHA-256 both are quantum resilient, although these are the minimums and utilizing AES-256 and SHA-384 are recommended.

Asymmetric encryption is where the problem lies. Shor’s algorithm breaks traditional RSA and ECC encryption, enabling a sufficiently powerful quantum computers the ability to crack the secret keys used to encrypt TLS communication within hours^[1]. Until quantum resistant algorithms are standardized and adopted quantum computers pose a threat to TLS communications.

While some quantum safe algorithms have been finalized, their usage within TLS and how to perform a Quantum safe TLS handshake is still being standardized. This is a crucial step that is needed to make sure that all cryptographic libraries can implement the quantum safe communications in a universal way enabling one cryptographic library to communicate securely with another. Once this is complete, cryptographic libraries will then need to implement and release a version that can be adopted by products, such as IBM MQ, who in turn will then need to enable and provide mechanisms to configure quantum safe communications.

While we are closer than we were last year, there is still work to be done by the global secure communications community.

Is IBM MQ affected?

Any product that uses cryptography for protecting data in transit or at rest is affected. IBM MQ uses cryptography in several places, for example:

• TLS communication.
• AMS message level protection.
• Password protection.

All of these are areas of concern that may need updating to be quantum safe.

What actions can i take now?

While there is still work that is necessary to make a production ready quantum safe communication system available, there are steps that you can take now to prepare for their arrival.

1. Adopt TLS 1.3 – It is unlikely that any  new quantum resistant algorithms will be made available to TLS 1.2. Adopting TLS 1.3 now will make it easier to switch to the any new Quantum resistant Cipher Specs when they are released.
   • TLS 1.3 is supported in IBM MQ from version 9.1.4 CD / 9.2 LTS.
2. Ensure you are utilizing AES-128 (or higher) within AMS policies and the Cipher Spec used for TLS.
3. Ensure you are using SHA-256 (or higher) within your AMS policies and the Cipher Specs used for TLS.
4. Consider how you manage certificates – When Quantum encryption arrives, new certificate signing algorithms will be available. However, it is likely that confidence in this technology will cause a cross over period where both quantum and traditional certificates are required for secure communications. This will effectively double the number of certificates you need to manage.
   • IBM MQ supports PKCS#12 keystores from version 9.3 LTS. Using an industry standard keystore format enables you to utilize any certificate management solution.

Conclusion

Taking steps to becoming Quantum safe should be on your roadmap. While changes are needed within IBM MQ for you to be able to completely adopt Quantum Safe cryptography, there are changes that can be made today that will be needed once Quantum Safe technologies become realised.

If you want to know more about Quantum computers Bloomberg recently released a short documentary on them that shows the innovations within Quantum Computing and what some institutes are doing to prepare.

Footnotes

[1]  A study performed by the National Academies of Sciences, Engineering and Medicine in 2019 estimates that a Quantum computer with 8.05x10⁶ physical Qubits could break TLS communication using RSA 1024 bit in 3.58 hours.