IBM, Microsoft, others form post-quantum cryptography coalition



IBM Quantum and Microsoft have formed a coalition to tackle post-quantum cryptography alongside not-for-profit research tank MITRE, United Kingdom-based cryptography firm PQShield, Google sibling company SandboxAQ and the University of Waterloo.

Post-quantum cryptography (PQC) addresses the potential threat posed by quantum computers of the future. Current cryptography schemes rely on mathematical problems to stymie decryption attempts.

Cracking or bypassing such encryption with a classical computer would be nearly impossible. Some experts estimate that it would take a binary computer system roughly 300 trillion years to break a 1,024-bit or 2,048-bit RSA key.

RSA, named for the computer scientists who first discussed it, is largely considered the standard for encryption.

Theoretically speaking, however, a quantum computer with sufficient hardware and architecture should be able to break RSA and similar encryption schemes within a matter of weeks, days or even hours.

According to a press release from MITRE:

“Preparing for a PQC transition includes developing standards for the algorithms; creating secure, reliable, and efficient implementations of those algorithms; and integrating the new post-quantum algorithms into cryptographic libraries and protocols.”

Technologies such as blockchain and cryptocurrency, which rely on mathematical encryption, could be particularly vulnerable to decryption attacks by the theoretical quantum computers of the future. However, it’s currently unclear how long it could be before such threats could come to fruition.

Related: Scientists warn the ‘quantum revolution’ may stagnate economic growth

One study conducted in 2022 determined that it would take a quantum computer with 300 million qubits (a very generalized measure of the potential processing power of a quantum system) to crack the Bitcoin blockchain fast enough to do any damage. By comparison, today’s most advanced quantum computers average a little over 100 qubits.

However, per the architecture described in that paper, it’s possible that more advanced qubit arrangements, chipsets and optimization algorithms could significantly change the calculus involved and drop the theoretical 300-million-qubit requirement exponentially. For this reason, the global technology community is turning to quantum-safe encryption.

The National Institute of Standards and Technology (NIST) chose four proposed post-quantum encryption algorithms in 2022 — CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+ and Falcon — as candidates for a PQC-safe encryption standard.

On Aug. 24, 2023, NIST announced that three of the algorithms had been accepted for standardization, with the fourth, Falcon, expected to follow suit in 2024.

Now that the algorithms have been accepted and (mostly) standardized, the coalition is set to begin its mission of using the deep knowledge and hands-on experience amassed by its members to ensure key institutions such as government, banking, telecommunications and transportation services are able to transition from current to post-quantum encryption.