Quantum computing holds the promise of delivering new insights that could lead to medical breakthroughs and scientific discoveries across a number of disciplines. It could also become a double-edged sword, as quantum computing may also create new exposures, such as the ability to quickly solve the difficult math problems that are the basis of some forms of encryption. But while large-scale, fault-tolerant quantum computers are likely years if not decades away, organizations that rely on cloud technology will want cloud providers to take steps now to help ensure they can stay ahead of these future threats. IBM Research scientists and IBM Cloud developers are working on the forefront to develop new methods to stay ahead of malicious actors.

Hillery Hunter, an IBM Fellow, Vice President and CTO of IBM Cloud, explains how IBM is bringing together its expertise in cloud and quantum computing with decades of cryptographic research to ensure that the IBM Cloud is providing advanced security for organizations as powerful quantum computers become a reality.

It’s probably best to start this conversation with a quick overview of IBM history in cloud and quantum computing.

IBM offers one of the only clouds that provides access to real quantum hardware and simulators. Our quantum devices are accessed through the IBM Q Experience platform, which offers a virtual interface for coding a real quantum computer through the cloud, and Qiskit, our open source quantum software development kit. We first made these quantum computers available in 2016. As of today, users have executed more than 30 million experiments across our hardware and simulators on the quantum cloud platform and published over 200 third-party research papers.

As a pioneer in quantum computing, we are taking seriously both the exciting possibilities and the potential consequences of the technology. This includes taking steps now to help businesses keep their data secure in the cloud and on premises.

How does security play into this? Why is it important to have a cloud that has security for quantum-based threats?

An organization’s data is one of their most valuable assets, and studies show that a data breach can cost $3.92 million on average. We recognized early that quantum computing could pose new cybersecurity challenges for data in the future. Specifically, the encryption methods used today to protect data in motion and at rest could be compromised by large quantum computers with millions of fault tolerant quantum bits or qubits. For perspective, the largest IBM quantum system today has 53 qubits.

To prepare for this eventuality, IBM researchers are developing a lattice cryptography suite called CRYSTALS. The algorithms in that suite are based on mathematical problems that have been studied since the 1980s and have not yet succumbed to any algorithmic attacks (that have been made public), either through classical or quantum computing. We’re working on this with academic and commercial partners.

These advancements build on the leading position of IBM in quantum computing, as well as decades of research in cryptography to protect data at rest and in motion.

How is IBM preparing its cloud for the post-quantum world?

We can advise clients today on quantum security and we’ll start unveiling quantum-safe cryptography services on our public cloud next year. This is designed to better help organizations keep their data secured while it is in-transit within IBM Cloud. To accomplish this, we are enhancing TLS and SSL implementations in IBM Cloud services by using algorithms designed to be quantum-safe, and leveraging open standards and open-source technology. IBM is also evaluating how we can provide services that include quantum-safe digital signatures, a high expectation in e-commerce.

While that work is underway, IBM Security is also offering a quantum risk assessment to help businesses discern how their technology may fare against threats and steps they can take today to prepare for future threats.

IBM also contributed CRYSTALS to the open source community. How will this advance cryptography?

Open-source technology is core to the IBM Cloud strategy. That’s why IBM developers and researchers have long been working with the open-source community to develop the technology that’s needed to keep data secured in the cloud.

It will take a community effort to advance quantum-safe cryptography and we believe that, as an industry, quantum-safe algorithms must be tested, interoperable and easily consumable in common security standards. IBM Research has joined OpenQuantumSafe.org and is contributing CRYSTALS to further develop open standards implementations of our cryptographic algorithms. We have also submitted these algorithms to the National Institute of Standards and Technology for standardization.

Some organizations might not worry about these security risks until quantum computing is widespread. Why should they be acting now?

Although large-scale quantum computers are not yet commercially available, tackling quantum cybersecurity issues now has significant advantages. Theoretically, data can be harvested and stored today and potentially decrypted in the future with a fault-tolerant quantum computer. While the industry is still finalizing quantum-safe cryptography standards, businesses and other organizations need to get a head start.

To get a head start, who better to partner with than a cloud company with real quantum hardware, leading cryptographers, open-source technology and an open-source standards commitment?

Resources:

• Read the quantum security announcement in the IBM Newsroom.
• Learn more about the quantum data risk assessment service from IBM Security.
• Check out the seminar in the IBM Research Security Subscription service.
• Download the IBM Institute for Business Value report: Wielding a double-edged sword: Preparing cybersecurity now for a quantum world.

IBM statements regarding its plans, directions and intent are subject to change or withdrawal without notice at the sole discretion of IBM. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release and timing of any future features or functionality described for our products remains at our sole discretion.