Post Quantum Cryptography and IBM LinuxONE
Stefan Schmitt
Love to discuss topics around Technology | LinuxONE | Mainframe | Security | Leadership
The last month I had the honor to speak about Post Quantum Cryptography (PQC) at an IBM Conference in Montpellier. It is the first Business Trip and first face 2 face conference I attend for over 2 Years now. I have to say if feels like the first time again. In addition the topic is new. Don't get scared now, I will not go into the details of how the new Algorithms work as I would need a lot more time to understand the mathematic used as the base for these fascinating functions. At the WW IBM zSystems Security Conference everything was about ways and methods to secure and use value out of your System Z.
So where are we on IBM Z and LinuxONE currently in regards Quantum safe encryption. I would say pretty far. Let's start first with what are we talking about overall.
Post Quantum Cryptography, where are we?
The journey to Quantum safe did already start several years ago. There are maybe two dates to mention. In 1994 Peter Shor documented an quantum algorithm which would be capable to break current cryptography using a strong quantum computer, it is also known as Shor's Algorithm. This changed the way state of the art encryption has been looked at. In 2001 IBM Research provided the first proof of Shor's Algorithm and factorised the number 15 into the prime numbers 3 and 5 using 7Qbits. (In case you want to try Shor's Algorithm use https://qiskit.org/textbook/ch-algorithms/shor.html)
In 2016 the National Institute of Standards and Technology (NIST) launched a project to search the new set of algorithms for a post Quantum era and that's the second date I wanted to mention. Still state of the art encryption was not broken in 2016, as it is not broken Today (2022), but there where other reasons to prepare for that point in time. Encryption is used to protect data. Some of the data, if not the majority, is expected to be stored for a long time: Months, Years sometime as well decades. Stolen data could be decrypted at a later point in time. This "Harvest now and decrypt later" attack adds a new view to the security of this type of data. Beside the additional threat, it is known to the security community that moving from one standard to another standard is not executed over night, especially as we do not talk about drop in replacements here. And last but not least, selecting a new set of trusted algorithms takes time as it needs to be done carefully and transparent. The goal was and is to define the new state of the art encryption methodology before our data gets at risk.
Since 2016 the NIST team, in cooperation with the World Wide Crypto Community, reviewed, tested and validated all submissions and shortened a list of 80 entries to only 15 which build the base for the 3rd round. At the end of the 3rd round four standard candidates had been selected and a set of alternatives which are evaluated in a 4th round. IBM was part of this initiative from the beginning and IBM Research did submit or participated in algorithm submissions on their own as well. Out of the 4 standard candidates 3 had been developed with participation by IBM (All of them are Lattice based). The primary recommended algorithm for Key Encapsulation Mechanism (KEM) and for Digital Signatures had been provided with participation by IBM (CRYSTAL-Kyber and CRYSTAL-Dilithium). This is a great recognition for the work IBM has done in this area and is still doing.
领英推荐
Why do I need to care now, or should I freak out already?
As mentioned in the last section, you need a powerful Quantum computer to break current RSA 2k keys based encryption. On the other hand the race on Quantum is on full speed. The Quantum Threat Timeline report shows the expectations of SME's within the Quantum space and they expect to have such a Quantum computer available within a 15 to 30 years timeline. With the time it takes to the change and adopt the current used algorithms to new standardised algorithms Now is the time to start getting familiar with the changes, with the environment that need to change and start playing around.
It is the time to prepare for what comes. And there it is really great that the IBM Crypto Card, available on z15, z16 and LinuxONE), provides the IBM supported algorithms already Today. Allowing you to already work on migration projects and getting familiar with the new methods and usage while you have time to act and not only react based on urgency.
In addition IBM z16 and LinuxONE already included some known migration strategies to protect the data in z16 and LinuxONE as well using a combination of Post Quantum algorithms and current state of the art.
conclusion
In my mind now is the right place to start on a migration strategy and build an inventory of what is currently on use and how fast it is needed to act. IBM will stay active in this area and will work with the community and our customers to build migration models and patterns to be ready and have proven blueprints available to help all of us to be ready. Am I afraid, I have to say no, worried yes, but as well exited on the options and possibilities which are available already.
A complete talk from the NIST team on how they worked on this project https://www.youtube.com/watch?v=Y3-epZxBkVU