Implementing Quantum-Safe Security on the IBM Quantum Platform

Published:

The Quantum Threat: Preparing for a Post-Quantum World

As we stand on the brink of a technological revolution, the advent of quantum computing is set to redefine the landscape of cybersecurity. When quantum computers achieve the scale and error correction capabilities necessary to fully realize Shor’s algorithm, they will possess the power to unravel the cryptographic protections that secure much of the world’s sensitive data. This is not a distant possibility; experts predict that such capabilities could emerge as soon as the end of this decade. Consequently, today’s information systems face a significant vulnerability known as “harvest now, decrypt later.” This scenario involves malicious actors collecting encrypted data now, with the intent of decrypting it using future quantum technology. Public-key cryptography systems, including those utilized by IBM, are particularly at risk.

The Emergence of Post-Quantum Cryptography Standards

In response to these looming threats, the U.S. National Institute of Standards and Technology (NIST) has taken a proactive step by publishing its first set of post-quantum cryptography (PQC) standards. These new encryption algorithms are designed to withstand both quantum and classical code-breaking methods. Notably, two of these standards were developed by cryptography experts at IBM Research in Zurich, while a third was co-developed by a scientist now working at IBM. This commitment to PQC research underscores IBM’s dedication to creating a quantum-safe world through its portfolio of IBM Quantum Safe™ products and services.

However, the journey toward quantum safety begins within IBM itself. The company has launched several initiatives aimed at fortifying its quantum computing platform and hardware against the threat of “harvest now, decrypt later” cyberattacks. Collaborations with the quantum and open-source communities are also underway to ensure that clients and the broader world remain protected.

Making IBM Quantum™ Quantum-Safe

IBM Quantum is implementing a comprehensive, long-term strategy to integrate quantum-safe security protocols across all its hardware, software, and services. A primary focus of this initiative is to make the IBM Quantum Platform (IQP) quantum-safe. This platform provides cloud-based access to IBM’s fleet of utility-scale quantum computers through the Qiskit software development kit.

The transformation to quantum-safe security for the IBM Quantum Platform will occur in several carefully planned stages. Each stage aims to extend post-quantum cryptography to new areas of the hardware and software stack until the entire system is secured. The first stage of this process has already been completed.

Currently, efforts are underway to implement post-quantum encryption to enable quantum-safe Transport Layer Security (TLS) on the IBM Quantum Platform. This quantum-safe TLS will protect data from the client workstation through the firewall and into the various IBM Quantum services operating in the cloud. The IBM Quantum Safe Remediator™ tool’s Istio open-source service mesh facilitates this quantum-safe TLS, ensuring that connections are secure by default while still supporting standard legacy connections.

The goal is for researchers and developers using IBM’s services to submit quantum computational tasks in a manner that is quantum-safe from the client all the way to the cloud services layer. Following this achievement, the focus will shift to extending quantum-safe communications to the Qiskit Runtime and beyond, ultimately securing all IBM hardware and software.

Utilizing IBM Quantum Safe Tools

IBM Quantum Safe offers a suite of powerful software tools to assist enterprises in their transition to quantum-safe practices. These tools include IBM Quantum Safe Explorer™, IBM Quantum Safe Posture Management, and IBM Quantum Safe Remediator. Notably, IBM itself is leveraging these capabilities to enhance its security posture.

IBM Quantum Safe Explorer enables Chief Information Officers (CIOs) and application developers to scan business applications across their organization and create a Cryptographic Bill of Materials (CBOM). This tool streamlines the identification of cryptographic artifacts and helps leaders address vulnerabilities to ensure the proper implementation of quantum-safe algorithms.

IBM Quantum Safe Posture Management provides a comprehensive overview of an organization’s cryptographic inventory across networks, systems, and applications. It allows Chief Information Security Officers (CISOs) to define cryptographic policies tailored to their organization and facilitates risk assessment and management through contextual analysis of vulnerabilities and compliance.

The IBM Quantum Safe Remediator is designed to mitigate the risks associated with “harvest now, decrypt later” scenarios. It offers an adaptive proxy to enable quantum-safe TLS communications, protecting most data-in-transit. Additionally, it includes a Test Harness that allows users to evaluate the performance of post-quantum algorithms before implementing changes to their cryptographic systems.

These tools are currently available, with ongoing enhancements to the Quantum Safe Portfolio. IBM has also made strides in securing its infrastructure offerings for the quantum future, exemplified by the industry’s first quantum-safe system, the IBM z16™.

Collaborating for Quantum Safety

Recognizing the importance of open-source software in the computing ecosystem, IBM has invested significant effort into bringing quantum-safe security to the open-source community. In 2022, IBM collaborated with the Linux Foundation and the Open Quantum Safe community to establish a foundation aimed at addressing the cryptographic security challenges posed by quantum computing. This initiative culminated in the formation of the Post-Quantum Cryptography Alliance (PQCA), dedicated to advancing and adopting post-quantum cryptography.

The PQCA has gathered a diverse group of industry members and contributors, including AWS, NVIDIA, and the University of Waterloo. The alliance invites participation in its bi-weekly Technical Advisory Committee meetings, fostering collaboration and knowledge sharing.

IBM has also made substantial contributions to various open-source projects related to post-quantum cryptography, including the Open Quantum Safe project, the Post-Quantum Code Package, and enhancements to widely used libraries such as OpenSSL and cURL. These contributions aim to facilitate the broader adoption of post-quantum cryptography and ensure that open-source software remains secure in a quantum future.

Looking Ahead: The Future of Quantum Safety

As IBM continues to push the boundaries of quantum computing, it remains vigilant in addressing the implications of this rapidly evolving technology. While it may take years before a quantum computer can effectively break public-key encryption, the threat of “harvest now, decrypt later” schemes necessitates urgent action in developing novel encryption methods.

IBM’s extensive work in developing post-quantum encryption algorithms as part of the NIST quantum-safe competition reflects its commitment to cybersecurity. The company is proud to have contributed to each of the three recently standardized algorithms.

The mission to secure the entirety of IBM’s computing stack is ongoing. The initial focus on the quantum platform will expand to encompass all IBM products. IBM will continue to share its progress publicly, lead initiatives within the PQCA, and monitor developments in the NIST competition. Feedback from the open-source community and NIST will guide IBM’s efforts to create a quantum-safe world.

For enterprises embarking on their quantum-safe journey, IBM offers a range of tools and services designed to facilitate this transformation while providing insights and control over their cryptographic posture. By collaborating with IBM Quantum Safe users, the company continually refines its toolset and educational resources, reinforcing its commitment to making the world quantum safe.

In conclusion, as we navigate the complexities of quantum computing, the importance of proactive measures in cybersecurity cannot be overstated. The future is quantum, and with it comes the responsibility to ensure that our digital landscape remains secure against emerging threats.

Related articles

Recent articles