In August of this year, I was asked to present on the IBM z16 which was announced in April. While digging into the announcement material, I discovered IBM Z was introducing capabilities that are described as “Quantum Safe.”
My curiosity, inherent need to question things, and a touch of cynicism rose to the surface, and I asked myself, “What is Quantum Safe?”
Modern computing is built on a binary representation of two states. It’s either “on” or “off,” like a light bulb, but never at the same time. In the quantum world, that light bulb could take on the superposition and be “on” and “off” at the same time. This has important ramifications for computing.
What was known in the computing world as a bit is, in the quantum world, a qubit, which takes the state from the atomic level, protons and electrons, into the subatomic level that involve protons, neutrons, photons and electrons jumping their orbits. As my colleague Pete would say, “My head just exploded.”
Qubits seem to be the common measurement criteria to determine where the quantum computing world is on computational power. IBM is offering 16 qubits on their cloud and Google is at 49 qubits on theirs, but large-scale quantum computers with hundreds or even thousands of qubits do not yet exist. Advancement is slow due to the subatomic testing and verification required.
The potential for quantum computing is seemingly limitless. Presently today several companies are offering low end cloud-based quantum computing to attract developers into the field as development partners, sharing ideas and concepts for future applications.
This could lead to advancements in the human genome research to help cure cancer, certain diseases, or the common cold. Analyze weather data and patterns and gain insight into aspects of climate change that we cannot envision today. Quantum could help drive advancement in new power sources which could help with how we source and consume energy around the planet. However, with all the potential benefits quantum offers, there is also the potential to do harm.
In May 2019, the MIT Technology Review published an article on data which was seemingly protected by 2048-bit RSA encryption is now vulnerable to being exposed. Encryption techniques of present day provide the ability to easily encrypt the data but the process to decrypt the data is more difficult unless you have the right key. Today’s compute technologies are estimated to take years (15-20) to break into the data without the key, and frankly no one has wanted to embark on an effort that will take years to produce results.
This is why today’s encryption methods are considered secure – it would take too long to decode the data.
But if decoding time is the limiting factor and I can shorten that time frame, the data becomes vulnerable.
Researchers have found a more efficient way for quantum computers to perform code-breaking calculations. In theory they could take data encrypted by 2048-bit RSA encryption and decrypt it in 8 hours using fewer quantum resources than originally thought. Time is no longer the limiting factor, and this capability could present itself in three to five years with advancements in Quantum computing.
This presents a significant cyber risk for governments, financial institutions, insurance and healthcare or any organization that stores data. Bad actors around the world know this and they are working on their own quantum technologies but more importantly they are embarking on “Data Harvesting” campaigns to collect the data now and expose it later. All kinds of PII (Personally Identifiable Information) of everyone around the planet will be known.
And the PII never changes. It’s “cradle to grave” information that starts with Social Security numbers, name and address history, education records, employment records, financial investment history, mortgage, credit card, and the list goes on. This data can be present on laptops, smart phones, and tablets.
The IBM Zurich-based cryptography team began researching how to quantum-proof the IBM zSystems platform back in 2015. The zSystems platform has always had a focus on security, and many of the components involving cryptography were already in the platform.
In 2016, the National Institute of Standards and Technology (NIST) called upon the world’s leading cryptographers to design and validate encryption methods that could resist attacks from a future quantum computer. Earlier this year, NIST published the quantum-safe standards with three of the four developed with the help of IBM researchers.
In April, IBM announced the IBM z16 with the new Telum processor, analytical accelerators which could deliver real-time analytics, at scale, for credit card transactions and the industry’s first quantum-safe system. IBM z16 also introduced Secure Boot, which inhibits bad actors from injecting malware into the boot process to take over the system during startup. In addition, with the Crypto Express 8S hardware security module, you can take advantage of both classical and quantum-safe cryptographic technology to protect and secure your data from harvesting sensitive information.
Quantum computing is a revolutionary concept with benefits and risks which we can all see coming. Cybersecurity Awareness Month is a great time to begin thinking today about the impacts of quantum technologies and securing data for tomorrow. Contact us to learn more.
About the author
John Duffy Jr. is an IBM Z Solution Advisor with LRS IT Solutions. He has been involved with mainframes since 1981 in various roles from Operations, Technical Support, Consulting, and Technical Sales, and he spent 21 years working with IBM.