IBM’s Algorithms have been adopted by the US standards and technology body NIST as the world’s first post-quantum cryptography standards
As the quantum computing era continues to approach, businesses face a double-pronged challenge: harnessing the immense potential of these technologies while safeguarding global data from the unprecedented threats they pose.
The rise of quantum computing promises to revolutionise industries ranging from healthcare to finance, but it also presents a looming risk to the cryptographic systems that have long protected our digital infrastructure. Enter post-quantum cryptography – a field rapidly emerging as the keystone for securing the digital future in a quantum world.
The quantum threat to modern cryptography
Once a distant theoretical concept, quantum computers are now approaching a stage where they could disrupt the very foundation of cybersecurity. Unlike classical computers, which process information in binary bits – 0s and 1s – quantum computers leverage qubits, enabling them to perform complex calculations at unprecedented speeds. But while this technology has the potential to unlock new frontiers in computational power, quantum computing also poses a grave threat to traditional encryption methods like RSA and ECC (Elliptic Curve Cryptography), both of which are foundational to today’s internet security.
Given that much of the world’s data security relies on the assumption that current encryption methods are infeasible to crack with classical computers, the advent of quantum computers capable of executing these algorithms could render today’s encryption obsolete. This impending reality has prompted a global race to develop quantum-resistant cryptographic techniques, collectively known as post-quantum cryptography.
“Research suggests that within three years, there is a one in seven chance that quantum computers will break the most used computer encryption systems — this number goes as high as 50% by 2031,” Andersen Cheng, CEO of Post-Quantum, told Technology Magazine recently. “Therefore, failing to secure your digital infrastructure against the threat of quantum computing leaves your data and systems vulnerable to attack.”
NIST and IBM lead the charge
In response to the quantum threat, the U.S. National Institute of Standards and Technology (NIST) has taken the lead in developing a framework for post-quantum cryptography. In August 2024, NIST formalised the first set of post-quantum cryptographic standards, marking a watershed moment in cybersecurity.
Highlighting the industry’s involvement in this critical transition, IBM has announced that two of its developed algorithms, ML-KEM (formerly CRYSTALS-Kyber) and ML-DSA (formerly CRYSTALS-Dilithium), have been included in NIST’s standards.
“IBM’s mission in quantum computing is two-fold: to bring useful quantum computing to the world and to make the world quantum-safe,” IBM’s Vice President of Quantum Jay Gambetta explained.
Jay Gambetta is a IBM Fellow and VP of IBM Quantum
The third published algorithm, SLH-DSA (initially submitted as SPHINCS+) was co-developed by a researcher who has since joined IBM, and a fourth IBM-developed algorithm, FN-DSA has been selected for future standardisation.
The tech giant has already begun integrating PQC into its products, such as IBM z16 and IBM Cloud, and announced the IBM Quantum Platform will soon begin to transition to the new PQC algorithms.
An industry’s efforts in quantum security
This move by IBM demonstrates how major tech companies are not only developing quantum computing technology but also actively working to establish and implement quantum-safe security standards.
Global telecom leader Telefónica last month announced they had developed a quantum security architecture solution.
The solution incorporates Quantum Key Distribution (QKD) and post-quantum cryptographic algorithms, adhering to standards set by the European Telecommunications Standards Institute (ETSI) – the European equivalent of NIST.
This initiative not only addresses future quantum threats but also aims to provide immediate protection against “harvest now, decrypt later” attacks.
A fearless future
As NIST pushes for the adoption of PQC standards, these industry developments highlight a growing consensus on the need for quantum-safe security measures.
The race to secure our digital infrastructure against quantum threats is accelerating, with government agencies, tech giants, and telecommunications companies all playing crucial roles.
The transition to post-quantum cryptography will be a complex and lengthy process, requiring significant investment and collaboration across industries.
However, the proactive steps taken by companies like IBM and Telefónica demonstrate that the private sector is not waiting for quantum computers to become a reality before acting. Instead, they are actively shaping the future of cybersecurity, ensuring that when large-scale quantum computers do arrive, our digital infrastructure will be ready to withstand their computational power.
