IBM bolsters quantum cryptography for z16 mainframe

While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks.

When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated.

To that support IBM has now added the four U.S. National Institute of Standards and Technology (NIST) algorithms that were chosen this month to create a post-quantum cryptography (PQC) standard built upon encryption algorithms that can protect against future quantum processor-based attacks. Additional technology will be added to the standard in the future.

IBM was deeply involved in the building of those algorithms, as it developed technology for three of the four.

The NIST algorithms are designed for two of the main tasks for which public-key cryptography is typically used: public key encapsulation, which is used for public-key encryption and key establishment; and digital signatures, which are used for identity authentication and non-repudiation, according to Anne Dames, Distinguished Engineer, Cryptographic Technology at IBM, who wrote a blog about the technology.

For public-key encryption and key-establishment, the key encapsulation mechanism (KEM) NIST selected is the CRYSTALS-Kyber algorithm. CRYSTALS-Kyber is the primary algorithm in the KEM category, according to Dames.

“For digital signatures, NIST selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+. CRYSTALS-Dilithium is the primary algorithm in the signature category. Three of these selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ is based on hash functions,” Dames stated.

The IBM z16 is designed to help organizations stay ahead of quantum threats, leveraging CRYSTALS-Kyber and CRYSTALS-Dilithium as the underpinnings of its key encapsulation and digital signature capabilities.

One of the more current threats the new algorithms could help protect against is the “harvest now decrypt later” attack scenario, in which attackers steal encrypted data in present time with the idea that they can decrypt it later with a quantum computer.

“Widely used public-key encryption systems, which rely on math problems that even the fastest conventional computers find intractable, ensure these websites and messages are inaccessible to unwelcome third parties,” NIST wrote in a blog about the algorithms. 

“However, a sufficiently capable quantum computer, which would be based on different technology than the conventional computers we have today, could solve these math problems quickly, defeating encryption systems,” NIST stated. “To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road.”