IBM Corp. is looking to make enterprise workloads deployed on its public cloud resistant to tomorrow’s encryption-breaking quantum computers.

As a first step to that end, the company today introduced  “quantum-safe cryptography” capabilities for three services in IBM Cloud: Red Hat OpenShift on IBM Cloud, Cloud Kubernetes Service and Key Protect. Customers using the services can now secure data with an encryption algorithm that will have a better chance of withstanding future quantum attacks, according to the company. 

Today’s quantum systems possess only a small fraction of the computing power of a standard server. However, it’s believed that future systems with better hardware will be capable of performing certain calculations far faster than even the most powerful supercomputers. Breaking traditional encryption is one task at which tomorrow’s theoretical large-scale quantum computers are expected to be especially adept.

Of particular concern is the security of the network connections used to transport packets between consumer devices, “internet of things” systems and data centers worldwide. Most connections rely on an encryption scheme known as public-key cryptography to protect data in transit. It protects data by hiding the decryption key behind long sets of mathematical calculations that are too complex for classical machines but could theoretically be solved in minutes by a sufficiently advanced quantum computer.

Enter IBM Cloud’s new quantum-safe cryptography features. The platform now provides the option to encrypt connections using Kyber, an encryption algorithm developed by IBM to withstand unscrambling attempts in the quantum computing era. Kyber is a third-round candidate currently being evaluated by the U.S. National Institute for Standards and Technology as part of a multiyear initiative to standardize quantum-safe cryptography algorithms.

Red Hat OpenShift on IBM Cloud, the first service receiving the new encryption capability, is a managed version of the OpenShift application platform. Cloud Kubernetes Service, meanwhile, is a managed Kubernetes offering. Containerized applications deployed on the two services can leverage quantum-safe cryptography to secure the TLS connections they use to send data to other services. 

Quantum-safe encryption is also coming to Key Protect, an IBM Cloud service that enterprises use to manage the encryption keys protecting their information. Customers can apply the new Kyber-powered encryption to the connections over which they send keys and related data. Additionally, a “hybrid mode” provides the option to combine quantum-safe cryptography with standard public-private encryption algorithms for added security.

Besides the public cloud, IBM is also working to apply quantum-safe cryptography to other areas. Last year, IBM researchers debuted what they described as the world’s first quantum-safe tape drive: a modified drive from the company’s TS1160 product series. It’s equipped with specialized encryption algorithms implemented at the firmware layer.

The fast rate at which quantum computers’ performance is increasing could eventually lead other cloud providers to also consider adding quantum-safe encryption to their platforms. Honeywell International Corp. in March set a goal of boosting its quantum computers’ speed by a factor of 100,000 in five years, while IBM has been improving its own systems at a rapid pace.

Photo: IBM