Government and industry experts recommend moving to quantum-safe cryptography

Hardware gets upgraded. The passwords to the applications running on that hardware need to be updated. Underneath this, the encryption that protects these systems and data must stay up-to-date, too. And now, with the specter of future fault-tolerant quantum computers being able to decrypt today’s public key encryption standards — like RSA and ECC — there’s new urgency to create and deploy quantum-safe cryptography.

One company making the move to this new layer of security is Vodafone. The multinational telco’s vast infrastructure includes a mix of its network, vendor hardware, and customer data. Luke Ibbetson, Vodafone’s head of Group R&D, recently joined an IBM-sponsored, The Economist-hosted panel discussion on the topic with Dr. Lily Chen from the US government’s National Institute of Standards and Technology (NIST), and Dr. Scott Crowder, IBM Quantum’s vice president of adoption and business development.

“[At Vodafone] we’re working with IBM on use cases to understand how quantum computing can create better services for our customers — as well as working with IBM and [telco industry organization] The GSMA Post-Quantum Telco Network Taskforce will undertake the crucial step of charting a roadmap to quantum-safe networks and operational criteria. Read more.GSMA on preparing for how we protect customer data and our networks with quantum-safe cryptography,” said Ibbetson.

The challenges of a quantum-safe transition

“There’s this pop-sci notion that computers — if they get large enough — can solve any problem, which isn't true. That's a good thing because we have hard math problems to solve that we can use for cryptography," said Crowder. "However, quantum information science has been proven to have much better algorithms for calculating certain math problems, including the math that could decrypt today's public key encryption.”

Crowder added that quantum computers capable of running these calculations are still a ways off in the future. However, making the transition to quantum-safe cryptography is a massive organizational challenge that needs to be started sooner rather than later.

“The issue of “Harvest-now, decrypt-later” attacks refer to the theft of sensitive encrypted data for decryption using future quantum computers. This is especially critical for governments and highly regulated industries like finance, healthcare, and telco.‘harvest now, decrypt later’ was one of our motivators to pursue quantum-safe cryptography,” said Ibbetson. “Some of our data needs to be secure for years. And we realised that the size and complexity of our networks — from replacing hardware implemented by our vendors to devices capable of being ‘quantum-safe,’ down to SIM cards — means we need to [start the] transition now.”

The other challenge in the transition to quantum-safe cryptography, as Chen explained, is that it takes a long time to adopt, and costs a significant amount to develop standards.

“Public key encryption has been used for two important things: establishing keys to protect data like your VPN, and as a digital signature to block malware. It’s incredibly important these capabilities be quantum resistant. But [because quantum computers aren’t capable of this decryption], theory does not equal practical security. So, we at NIST need to understand where public key encryption is used, where post-quantum cryptography could be dropped in as a replacement, and develop ways to test the post-quantum cryptography algorithms,” said Chen.

In July of last year, NIST announced four post-quantum cryptography algorithms for standardization. The organization expects to publish standards in 2024.

Quantum-safe deployment is like a moving-target Y2K

Like the updates needed before “Most of us remember Y2K, the panic that consumed the final years of the last millennium. The whole world feared that, when the clocks flipped from 1999 to 2000, the digital systems that governed our lives would crash. Crisis was averted 22 years ago — but now we have to dodge another one. Call it “YQK” — except this time, the ‘Q’ stands for ‘quantum.’” — Dario Gil, SVP and Director of IBM ResearchY2K, governments and businesses know they need to update their systems and data to quantum-safe cryptography before fully fault-tolerant quantum computers exist. The differences? YQK doesn’t have a deadline. And as technology changes over time, so will its cryptography.

To help map this complexity, IBM created a cryptography bill of materials (CBOM). This CBOM is a quantum safe cryptography-like extension of the well-known software bill of materials concept from software supply chains that allows systems and software to be described using a standardized list of components, libraries, and dependencies.

According to Ibbetson, moving to quantum-safe cryptography means tradeoffs: “These [quantum-safe] algorithms are not one-size fits all. They can’t be [directly] swapped out with current cryptography installations.”

“[Using the] CBOM, we also need to understand the importance of certain data, and what to prioritize and protect over time. We don’t have to replace everything all at once but need to understand where attacks may happen, first.”

Vodafone has regular refresh cycles for network equipment. Ibbetson explained that where possible, the company will use such opportunities to replace equipment and introduce the capability to run quantum-safe algorithms.

“Our customers are already asking for quantum-safe networks. And by collaborating with IBM and GSMA, these efforts will ripple through other industry bodies that [demonstrate] how these [eventual] standards can scale” — and stay ahead of YQK.

Watch the replay

Commercializing Quantum Insight Hour
How to safe-guard data with post-quantum cryptography algorithms Commercializing Quantum Insight Hour