By decade’s end, practical quantum computing solutions could impact computing strategies across industries. But it will also profoundly alter how we secure our digital data fabric through cryptography. Organizations are already examining how to upgrade their cybersecurity to prepare for this new computational era.
At this year’s Think event, the premier IBM conference for business and technology leaders, we announced our quantum-safe roadmap, and how we plan to use technology to equip industries with the cybersecurity capabilities required for this new era. Supporting that roadmap is IBM Quantum Safe technology: a comprehensive set of tools, capabilities, and approaches combined with deep expertise for an end-to-end journey to make your organization quantum safe. We’re excited to present our IBM Quantum Safe Roadmap — and launch the era of quantum safe.
This roadmap serves as a commitment to transparency, predictability, and confidence as we guide industries along their journey to post-quantum cryptography. There’s a lot happening at once — new algorithms, standards, best practices, and guidance from federal agencies. We hope that this roadmap will serve as a navigational tool through this complex landscape.
Last July, the National Institute of Standards and Technology (NIST) announced that they had selected four quantum-resistant algorithms for standardization — IBM, in collaboration with a number of industry and academic partners, contributed CRYSTALS-Kyber public-key encryption, CRYSTALS-Dilithium digital signature algorithms, and the Falcon digital signature algorithm to NIST. Read more.three of which were developed by IBM, alongside academic and industry collaborators. That announcement was the world’s wake-up call to start the quantum-safe transition. At IBM, we had already started making our technology quantum safe, including the IBM z16 mainframe, and IBM Tape storage technology. But we realized that our clients have unique needs when it comes to embarking on their own quantum-safe transitions.
Our end goal for clients is crypto-agility in the increasingly fast-paced world of cybersecurity. Crypto-agility is the ability to protect your systems against emerging vulnerabilities, adapt to meet new compliance requirements, and respond to breaches in a way that maximizes resource efficiency and minimizes operational disruption.
This need for agility is why we launched IBM Quantum Safe. We see the journey to quantum safe as comprising three key actions:
- Discover: Identify cryptography usage, analyze dependencies and generate a Cryptography Bill of Materials (CBOM).
- Observe: Analyze cryptography posture of compliance and vulnerabilities and prioritize remediation based on risks.
- Transform: Remediate and mitigate with crypto-agility and built-in automation.
Around those three actions, we developed an end-to-end solution to prepare clients for the post-quantum era: IBM Quantum Safe technology. Included are three technology capabilities, one corresponding with each of the three actions of this quantum-safe transition.
For the Discover stage, we developed IBM Quantum Safe Explorer. Explorer scans the source code and object code to surface all cryptographically relevant artifacts, pinpoint their locations, and uncover dependencies. Explorer generates a call graph that catalogs cryptographic artifacts, producing a knowledge base that is arranged into a Cryptography Bill of Materials (CBOM).
For the Observe stage, we developed IBM Quantum Safe Advisor. Advisor integrates with network and security scanners in your IT environment, consolidating and managing CBOMs and collecting metadata from other network components to generate a comprehensive cryptographic inventory. With its policy-based enrichment, Advisor creates a prioritized list of at-risk assets and data flows, equipping you to analyze your cryptographic posture and compliance.
And for the Transform stage, we developed IBM Quantum Safe Remediator, which allows you to test quantum-safe remediation patterns so that you understand the potential impact on systems and assets. Remediator enables you to address any pattern that suits your organization to be quantum safe. It allows you to work with different quantum-safe algorithms, certificates and key management services. It also helps you achieve crypto-agility so that you can quickly adapt to changing policies and threats without significant operational or budgetary implications. Remediator supports a hybrid implementation approach that allows you to use classical and quantum-safe cryptography as you transition toward Federal Information Processing Standards Publication (FIPS) certified quantum-safe algorithms.
The transition to post-quantum cryptography has already begun. Last year, the White House sent out a memorandum1 to the heads of executive departments and agencies declaring that all agencies were required to submit a cryptographic inventory of systems that would be vulnerable to a cryptographically relevant quantum computer. Today, we’re tracking quantum-safe milestones into the future, and maturing our technology to help organizations, including US federal agencies, hit these milestones. We’re calling this our IBM Quantum Safe Roadmap.
We’re releasing Explorer and Advisor and the first generation of Remediator with these milestones in mind. This year, we expect organizations that work with us to use these tools to complete their cryptography inventory and create a CBOM. We’re already working with government agencies to help them complete these inventories on high-priority applications.
It’s prudent that organizations begin creating their CBOMs this year since in 2024, NIST will publish its post-quantum cryptography standards. Once in place, organizations will have explicit regulations based on these standards. They’ll also have to ensure their teams and users understand how these systems work and communicate any potential workflow changes.
Then in 2025, the National Security Administration (NSA) will require owners and operators of national security systems to prefer quantum-safe algorithms2 while configuring their systems. Use of these algorithms will be mandatory for commercial products used in these systems. This means that in about two years, organizations working with the federal government will need to begin their quantum-safe transition. By then, Remediator will offer a hybrid approach, enabling traditional as well quantum-safe cryptography.
We expect that the demand of these timelines will dictate the pace of the quantum-safe upgrade for organizations working across industries in the United States, and around the world. So, in the next couple of years, we hope that organizations have a quantum-safe strategy in place and are well along the way for their quantum-safe transition.
Updating cryptosystems might sound daunting. We hope that with the IBM Quantum Safe technology, organizations will find the transition to be pain-free, and feel empowered by their crypto-agility and prepared to take on future cryptographic threats.
We’re excited to enter this new era of computing. And by making the world quantum safe, we’ll have the peace of mind that our data will be secure in this new era.
For more information about IBM Quantum Safe technology, visit: https://www.ibm.com/quantum/quantum-safe
Secure your data for the era of quantum computing
Wednesday, May 10
10:00 AM - 10:30 AM US EDT
Stage 1, Think Forum, Level 4, Sapphire Falls
Session Type: Solution Spotlight
Session Topic: What’s Next in Computing
Quantum computers are maturing quickly. This paradigm shift in computing technology will bring immense business opportunity, but it also comes with a challenge: mature quantum computers will be able to break the two most widely used security protocols in the world. Data considered securely protected today is already lost to a future quantum adversary if stolen or harvested. All data — past, present, and future — that is not protected using quantum-safe security will be at risk. The longer that the migration to quantum safe standards is postponed, the more data remains at risk. Learn how to prepare today to protect your data tomorrow.
- Ray Harishankar, IBM Fellow, IBM Quantum
- Edward Mays, Deputy Assistant Commissioner, Infrastructure and Support Services, US Customs and Border Protection
Date10 May 2023
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET. MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf. 18 November 2022 ↩
National Security Agency. Announcing the Commercial National Security Algorithm Suite 2.0. https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF. 7 September 2022. ↩