Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News The Pillars of Future Cryptography at IBM

The Pillars of Future Cryptography at IBM

This item in japanese

In a recent webinar, IBM summarized the latest advances in cryptographic technologies the company has been working on, including confidential cryptography, quantum-safe encryption, and fully homomorphic cryptography.

According to Gosia Steinder, IBM hybrid cloud research CTO, each of those technologies is solving a different piece of the security equation.

Confidential computing is IBM moniker for security enclave-based cryptography in the cloud:

Confidential computing provides hardware-level privacy assurance by encrypting data within a secure enclave that not even the cloud provider can view or access.

This enables users to run workloads in the cloud or on-premises with the maximum privacy and control even when they don't own the infrastructure they are using, says Hillery Hunter, IBM VP and CTO of IBM Cloud.

Confidential computing is not only relevant to guarantee data privacy on the Cloud, but also to ensure data integrity and to prevent anyone from tampering with the data, says Samuel Brack, CTO of open-source financial platform DIA. The alternative to using confidential cryptography would be a decentralized approach with increased costs and reduced performance, he adds.

Looking at the future, quantum computing is known to pose a serious challenge to cryptography, says IBM cryptography researcher Vadim Lyubashevsky. As he explains, some of today's cryptography is based on factoring, a problem which is considered hard on classical computers but quantum computers can effectively solve. For example, says Lyubashevsky, a prime integer with a thousand digits could require billions of years to be factored on classical hardware, while a quantum computer could in a couple of hours.

A particularly worrisome dimension of this is highlighted by Dustin Moody, mathematician at NIST, who is working at defining standards for post-quantum cryptography. Indeed, while quantum hardware is not yet there, the mere possibility of its existence means encrypted data is potentially under a threat of attack now. In fact, somebody could take hold of that data and wait for quantum hardware to be available to decrypt it. As a consequence of this, he says, you may not be protecting your data for the amount of time you hope you do.

As Moody recounts, NIST is running an open process to select the best crypto systems, based on security and performance. Currently there are seven encryption schemes that advanced to round 2 in the selection process, out of 69 initial competitors. The expectation is to be able to have a draft standard for the first quantum resistant algorithms at the beginning of 2022, with the prospect of completing its standardization by 2024 after a process of public comment.

Transition will not be easy, though, says Moody:

We're dealing with algorithms that are a lot more complex in terms of the math they use and some of the characteristics that they have also have things like larger key sizes so we as much as possible are trying to prepare as much as we can and encourage others to do so.

Four of the quantum-safe algorithms that made it to phase 2 were initially proposed by IBM, highlights Lyubashevsky, and they are available through the open source Cryptographic suite for algebraic lattices (CRYSTALS).

These schemes derive their security from the fact that they are based on the presumed algorithmic hardness of something called lattice problems.

In other words, counter to integer factoring, lattice problems are thought to be hard even for quantum computers. To understand what lattice problems look like, Lyubashevsky suggests a simple example. Say you have a public list of six numbers. You pick three of them and then calculate their sum. The problem consists in finding which three numbers you chose from their sum. When you deal with thousands of thousand-digit numbers, it seems this problem would be hard for quantum computers. Lattice problems are just one possible approach to post-quantum cryptography.

As mentioned, IBM is providing an implementation for CRYSTALS, which makes it possible to carry through experiments to assess their performance.

We've noticed that the efficiency of the schemes is such that the end user won't notice any difference. In fact, sometimes the new scheme is even faster. So, the quantum threat is not an existential one for cryptography. We will have security.

According to Lyubashevsky, there is no reason to wait further before switching to lattice cryptography using CRYSTALS. The critical point would be not to hard-code the scheme you use but make it replaceable as a black box. In this way, you are prepared for when standardized quantum-safe schemes become eventually available.

The final front on which IBM is working regarding cryptography is fully homomorphic encryption, which brings the promise of enabling computing data while in its encrypted form. This makes away with the need to decrypt the data before processing it, which leaves it in a vulnerable and exposed state.

IBM FHE has made great advances from its inception to the initial implementation in 2011, which was painfully slow, to 2015, when it became possible to compare two fully encrypted genomes with FHE in less than an hour. FHE is today ready to be used by any companies, from small to large, says IBM.

Eric Maass, strategy and emerging technology director at IBM, explains that FHE is made possible by some of the same lattice encryption techniques and mathematics used in CRYSTALS.

Adopting FHE in a more widespread manner has been historically complex not just in terms of the calculations that are performed on the data. It also requires a lot of computing power and the skills and learning curve have typically been very steep.

While confidential cryptography is a rather mature technology, homomorphic encryption and post-quantum cryptography are research fields that still attract lots of efforts. IBM is not the only company investing on homomorphic encryption. Microsoft, for instance, released SEAL (Simple Encrypted Arithmetic Library), and Google recently unveiled its Private Join and Compute tool. Similarly, a number of efforts towards quantum-safe computing are ongoing at several other companies, including Google, which selected NewHope, Microsoft, with PICNIC, and others.

Rate this Article