A Quantum-Safe Future

A few months ago, Germany’s first commercial quantum computer was inaugurated. This computational genius can perform some operations in just a fraction of a second and has great potential to better solve problems in areas of optimization, pattern recognition, and materials science. In the future, the quantum computer is expected to be capable of decrypting the current encryption technologies of conventional computers. What implications does this have for IT security in companies?  

We spoke with Dr. Joachim Schäfer, EMEA Encryption Services Capability Lead at IBM, who helps other companies implement encryption services and bring quantum technology to the industry and scientific communities.

Schäfer: A quantum computer functions very differently from a conventional computer. It exploits the laws of quantum mechanics that apply at the microscopic level. They enable a new type of computing which IBM has now introduced for the first time in Germany. By using quantum bits running on superconducting circuits, IBM’s quantum computer takes advantage of various quantum effects to perform mathematical calculations that are fundamentally intractable for classical computers. The quantum computers use interference and entanglement, the quantum mechanical phenomena, to find the solutions using quantum algorithms.

Schäfer: Our quantum computing systems run 24/7/365 to make services available for users. We have systems in Germany as well as in New York, USA, and Japan.  Since 2016, we have deployed more than 40 systems for services, and as of now (Sept. 2021), a total 21 quantum computing systems are being serviced via IBM Cloud.

Schäfer: Currently, there is no so-called “quantum advantage”. This means that quantum computers do not yet offer any commercial benefit over conventional computers. However, we anticipate that they will surpass the effective computing power of conventional computers for certain use cases and complex calculations in the future. Our Development Roadmap published in February this year shows how we will undertake the journey to quantum advantage. We expect that by 2023 with 1,000+ qubits, we will be able to demonstrate the quantum advantage.  

Schäfer: We see three areas where a quantum computer could bring benefits. The first is in simulating microscopic systems, such as nature itself and related fields. In chemistry, materials science or, for example, in pharmaceuticals development, calculations by a quantum computer could help to better understand microscopic processes or improve material compositions.  Another potential lies in artificial intelligence. Quantum technology will facilitate pattern recognition: this could create many new business areas for IT companies through quantum machine learning.  We also expect that a quantum computer will be able to calculate certain optimization problems and Monte Carlo simulations more quickly. The latter is relevant in the financial industry and especially in investment banking.

Schäfer: There is a quantum algorithm, the so-called “Shor algorithm,” which can break conventional asymmetric encryption algorithms. Practically, however, this can only work on a fault-tolerant quantum computer. And these do not yet exist today. Although systems today are still protected by conventional encryption, companies will need many years to implement new, “quantum-safe” encryption technologies.

Schäfer: Quantum-safe encryption technologies are resistant to known quantum attacks such as the Shor algorithm.  Consequently, there will be new quantum-safe encryption standards in the future. Currently, the US-based National Institute of Standard Technology (NIST) is organizing a competition for quantum-safe encryption. Quantum-safe crypto algorithms are compared with each other, and candidates for a final standard are being selected. IBM itself has also submitted three quantum-safe algorithms. NIST is expected to publish a first draft of the new standard in 2022-2024 after evaluating the submissions. This standard will then be used in various encryption protocols to make communications with, for example, websites, applications, and virtual private networks quantum-safe.  The end user will probably hardly notice anything of the quantum-safe cryptography used in the background (if at all).

Schäfer: For companies, on the other hand, it becomes very complicated: New protocols and algorithms must be tested for performance and compatibility. To do this, companies should first check where they use encryption – this applies to, for example, applications, servers, and databases. We, therefore, recommend that companies become more “crypto-agile”. They should prepare for quantum-safe encryption now to more easily adapt to new crypto standards once they become available. We see crypto-agility as one of the key competencies for the future. However, many companies have yet to begin this “journey to a quantum-safe future”. Note that IBM is already now offering quantum-safe cryptography support for key management and application transactions in IBM Cloud.

Schäfer: There are various starting points here. In the development cycle of products, encryption should already be better taken into account and implemented in the design phase. In this way, companies can reduce future effort required to make products quantum-safe. To achieve this, developers need to be better trained in this area. Another option is to make architectures more crypto-agile. Companies may – depending on the use case – introduce “crypto gateways”, for example, to make applications independent of the actual encryption algorithms. In such an architecture, quantum-safe encryption can later be built in and centrally controlled. Of course, there are many more ways to become crypto-agile.

Dr. Joachim Schäfer is EMEA Encryption Services capability lead at IBM. He is a physicist and did his PHD in quantum communication at the Université libre in Brussels. As Quantum Ambassador of IBM, Dr. Schäfer shapes the dialogue between science and industry. He also supports different clients in implementing encryption technology and improving the safety of quantum physics.

Hanna Sissmann is a PR Trainee in the Communications Team at eco – Association of the Internet Industry. She has a focus on Social Media, video and audio content and makes complex tech topics comprehensible. She is also responsible for the German podcast “Das Ohr am Netz”, bringing together a line-up of interesting guests, and highlighting Internet industry topics and stories. Before she started at eco in 2020, she studied communications and politics in Dusseldorf and Münster.