The US National Institute of Standards and Technology (NIST) recently published the first round of winners in the six-year competition to determine which algorithms will protect our data from the threat of quantum decryption.
Three of the four winning entries were co-designed with IBM. And the person who wrote the fourth has since been hired by Big Blue.
I spoke with Scott Crowder, vice president of IBM Quantum, to get a sense of the significance of the NIST announcement and to try to understand the magnitude of the problem.
As it turns out, the big idea here is to make the world “quantum safe” before the… hack-now-decrypt-later time bomb goes off.
As Crowder puts it, “the story begins in the mid-1990s with Shor’s Algorithm.” A mathematician named Peter Shor devised a method of decoding that was based on using classical computers to turn coding problems into something that can be solved, and then quantum mechanics to speed up the process.
Basically, Shor and other math wizards taught us that there was a ticking clock on our current coding models.
The world’s population faces two immediate risks:
- It seems inevitable that adversaries will eventually have access to technology that will allow extremely smart criminals to break our current global encryption.
- “Hackers” have been stealing encrypted data for decades and storing it for later use in a so-called “store now, decrypt later” (SNDL) attack.
It is difficult to overestimate the seriousness of these threats. At worst for threat vector one, we see the world’s banking, transportation, military and energy systems come under the complete control of terrorists and criminal hacking organizations.
And when it comes to threat number two, as Crowder explained to me, there’s just no way for anyone to know how much of the world’s important data is on hackers’ storage drives, waiting to be sold to bad players with access to technology and algorithms that can finally break into it.
We’re not sure when the threat will move from “future risk” to “current challenge,” and that’s where IBM, NIST and the world’s greatest math wizards come in.
How do you prepare for a problem that actually doesn’t exist yet? We can’t wait for quantum computers to move from lab experiments to everyday tools before we figure out how to protect our banks and power plants.
But figuring out how to encrypt data against an attack that only exists in theory is one of the biggest STEM challenges out there. And it requires a combination of experience and infrastructure that few organizations in the world have.
We have a long history of security research. And we have a long history of quantum research.
As for NIST, that expertise paid off when three of the four algorithms accepted — the math genius we all hope will make the world’s data quantum safe — were submitted by IBM researchers.
And, as mentioned above, IBM went ahead and hired the person in charge of the fourth. Crowder made it very clear during our interview that the company intends to avert this threat, but he also went to great lengths to explain that this was a collaboration between the world’s mathematicians.
I went into the interview believing that the real threat was that some evil genius would somehow gain access to a powerful futuristic quantum computer and use it to hack into the world’s banks and trains and all that.
And I wasn’t far off except for the hardware part. Crowder explained that this is less a matter of computer versus computer and more a matter of solving the problem before the theoretical math needed to break the current encryption standard is no longer theoretical.
Once NIST is done accepting all algorithms and introducing the final standards, the real work begins. Until now, mega corporations like IBM and the rockstar math wizards who work for them and do amazing work on the fringes of science, technology, engineering and math have paved the way for the forces of good to triumph.
After the algorithms are invented, they need to be implemented. And that means countless hours spent finding, labeling, and securing data. It’s up to data scientists, IT leaders and B2B service specialists around the world to make the slow journey to ‘quantum security’.
This part of the work may not be as exciting as the showdown of good and evil between today’s mathematicians and tomorrow’s criminals, but it’s what will ultimately make the difference between the kind of threat Y2K actually proposed and the one we put it on. were most afraid of.
NIST, IBM and the STEM geniuses responsible for our new protection standards are pioneering our vanguard defense against the coming quantum pocalypse.
Read more about the term “quantum safe” here on IBM’s blog, and more about the algorithms and their selection process here on the official NIST government website.