The US National Institute of Standards and Technology (NIST) recently published the first round of winners in its six-year-long competition to determine which algorithms will protect our data from the threat of quantum decryption.
Three of the four winning entries were designed in tandem with IBM. And the person who wrote the fourth has since been hired by Big Blue.
I spoke to Scott Crowder, vice president of IBM Quantum, to get a feel for the significance of the NIST announcement and to try and understand the scope of the problem.
It turns out the big idea here involves making the world “quantum safe,” before the hack-now-decrypt-later time-bomb goes off.
As Crowder puts it, “the story starts in the mid-nineties with Shor’s Algorithm.” A mathematician named Peter Shor came up with a decryption method that relied on using classical computing to turn encryption problems into something that can be solved, and then quantum mechanics to speed up the process.
Basically, Shor and other math wizards taught us there was a ticking clock on our current encryption models.
The global population faces two imminent risks:
- It appears inevitable that bad actors will eventually have access to technology that will allow extremely smart criminals to break our current world-wide encryption.
- “Hackers” have been stealing encrypted data for decades and storing it for later use in what’s called a “store now, decrypt later” (SNDL) attack.
It’s difficult to overstate the severity of these threats. In the worst-case scenario for threat vector one, we see the world’s banking, transportation, military, and energy systems fall under the complete control of terrorists and criminal hacking organizations.
And when it comes to threat number two, as Crowder explained to me, there’s simply no way for anyone to know how much of the world’s important data is sitting around on hackers’ storage drives just waiting to be sold to bad actors with access to technology and algorithms capable of finally cracking into them.
We can’t be sure when the threat will go from “future risk” to “current challenge,” and that’s where IBM, NIST, and the world’s greatest math wizards come in.
How do you prepare for a problem that doesn’t actually exist yet? We can’t wait for quantum computers to go from laboratory experiments to everyday-use tools before we figure out how to protect our banks and power plants.
But figuring out how to encrypt data against an attack that only exists in theory is among the biggest STEM challenges there are. And it requires a combination of experience and infrastructure that few organizations on the planet are equipped with.
We’ve got a long history of security research. And we’ve got a long history of quantum research.
As far as NIST is concerned, that expertise paid off when three out of the four accepted algorithms — the genius-level math that we’re all hoping will make the world’s data quantum-safe — were submitted by IBM researchers.
And, as mentioned above, IBM went ahead and hired the person responsible for the fourth. Crowder made it very clear during our interview that the company intends to head this threat off, but he also took great pains to explain that this was a collaborative effort between the world’s mathematicians.
I went into the interview believing the real threat was that some evil genius might somehow gain access to a powerful futuristic quantum computer and use it to hack the world’s banks and trains and whatnot.
And I wasn’t too far off except for the hardware part. Crowder explained that this is less a case of computer versus computer and more a case of solving the problem before the theoretical mathematics required to break the current encryption standard are no longer theoretical.
Once NIST finishes accepting all the algorithms and putting its final standards into place, the real work begins. Until now, it’s been mega-businesses such as IBM and the rockstar math wizards who work for them doing mind-blowing work at the very edges of science, technology, engineering, and math who’ve paved the way for the forces of good to prevail.
After the algorithms are invented, they have to be implemented. And that means innumerable hours spent finding, labeling, and securing data. It’ll be down to data scientists, IT leaders, and B2B service specialists around the globe to perform the slow trudge towards becoming “quantum safe.”
This leg of work might not be as exciting as the good-versus-evil showdown happening between today’s mathematicians and tomorrow’s criminals, but it’s what will ultimately make the difference between the kind of threat Y2K actually proposed and the one we feared the most.
NIST, IBM, and the STEM geniuses responsible for our new standards of protection are pioneering our vanguard defense against the coming quantumpocalypse.