IBM adds NIST’s new public-key encryption and digital signatures algorithms to defend against attacks by future quantum computers. While the need for it may be years away, IBM has added additional mainframe protection against future quantum-based security attacks. When Big Blue rolled out the newest iteration of its mainframe – the z16—in April, one of its core design pillars was a promise to protect organizations from anticipated quantum-based security threats. Specifically, the z16 supports the Crypto Express8S adapter to deliver quantum-safe APIs that will let enterprises start developing quantum-safe cryptography along with classical cryptography and to modernize existing applications and build new applications, IBM stated. To that support IBM has now added the four U.S. National Institute of Standards and Technology (NIST) algorithms that were chosen this month to create a post-quantum cryptography (PQC) standard built upon encryption algorithms that can protect against future quantum processor-based attacks. Additional technology will be added to the standard in the future. IBM was deeply involved in the building of those algorithms, as it developed technology for three of the four. The NIST algorithms are designed for two of the main tasks for which public-key cryptography is typically used: public key encapsulation, which is used for public-key encryption and key establishment; and digital signatures, which are used for identity authentication and non-repudiation, according to Anne Dames, Distinguished Engineer, Cryptographic Technology at IBM, who wrote a blog about the technology. For public-key encryption and key-establishment, the key encapsulation mechanism (KEM) NIST selected is the CRYSTALS-Kyber algorithm. CRYSTALS-Kyber is the primary algorithm in the KEM category, according to Dames. “For digital signatures, NIST selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+. CRYSTALS-Dilithium is the primary algorithm in the signature category. Three of these selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ is based on hash functions,” Dames stated. The IBM z16 is designed to help organizations stay ahead of quantum threats, leveraging CRYSTALS-Kyber and CRYSTALS-Dilithium as the underpinnings of its key encapsulation and digital signature capabilities. One of the more current threats the new algorithms could help protect against is the “harvest now decrypt later” attack scenario, in which attackers steal encrypted data in present time with the idea that they can decrypt it later with a quantum computer. “Widely used public-key encryption systems, which rely on math problems that even the fastest conventional computers find intractable, ensure these websites and messages are inaccessible to unwelcome third parties,” NIST wrote in a blog about the algorithms. “However, a sufficiently capable quantum computer, which would be based on different technology than the conventional computers we have today, could solve these math problems quickly, defeating encryption systems,” NIST stated. “To counter this threat, the four quantum-resistant algorithms rely on math problems that both conventional and quantum computers should have difficulty solving, thereby defending privacy both now and down the road.” Related content brandpost Sponsored by Zscaler Eliminating Lateral Threat Movement INSIDE factory, branch, and campus networks Enhancing network security: Zscaler's Zero Trust Device Segmentation for protecting against lateral attacks—learn more today. By Zscaler Nov 06, 2024 9 mins Networking Security how-to Buyer’s guide: Data protection for hybrid clouds To safeguard enterprise data in hybrid cloud environments, organizations need to apply basic data security techniques such as encryption, data-loss prevention (DLP), secure web gateways (SWGs), and cloud-access security brokers (CASBs). But such secu By Neal Weinberg Nov 04, 2024 13 mins Cloud Management Data and Information Security Hybrid Cloud brandpost Sponsored by Zscaler Business continuity that enables users to continue secure operations, even during a catastrophic event By Zscaler Oct 28, 2024 7 mins Security brandpost Sponsored by Zscaler Lessons learned: 4 Zscaler deployments later Capitec's CTO outlines the transition to a Zscaler-based zero trust architecture, highlighting the challenges faced, the importance of quick deployment, user-friendly policies, effective use of the ZIA dashboard, and the benefits of using the la By Andrew Baker - CTO, Capitec Oct 28, 2024 7 mins Security PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe