IBM researchers say they have unlocked the key to keep data safe from quantum computing attacks, and the vendor now offers quantum-safe cryptography support for key management and application transactions in IBM Cloud.

This makes it the industry’s “most holistic” quantum-safe cryptography for securing data, IBM Cloud execs claim, and it does this via open standards and open source technology.

While quantum computing, when it becomes more widely available, promises to solve and advance all manners of scientific research, it also poses an existential cybersecurity risk, because this same supercomputing power can also be used to break today’s most secure encryption methods. This means attackers using quantum computers will be able to easily decode everything from intellectual property to credit card information and even government secrets.

Although this is still five to 10 years out, “we need to be prepared so that the algorithms are ready for the future,” said Raj Nagaratnam, distinguished engineer and CTO for cloud security at IBM. If an attacker today steals sensitive data protected by transport layer security (TLS) protocols or public and private encryption keys, “it has the risk of being broken by quantum computers in the future.”

IBM’s strategy for long-term security centers around the standardization of open source tools such as CRYSTALS and Open Quantum Safe, Nagaratnam explained. It also includes new encryption capabilities that can help customers adopt a quantum-safe cryptography approach for data in transit within IBM Cloud. This can help enterprises prepare for future threats in which hackers harvest encrypted data today with the intent to decrypt it later.

The Cryptographic Suite for Algebraic Lattices, or CRYSTALS, is a lattice cryptography platform based on two quantum-resistant cryptographic primitives: Kyber, which is a secure key encapsulation mechanism; and Dilithium, which is a secure digital signature algorithm. These are essentially hardened mathematical problems that researchers haven’t been able to break using regular or quantum computers. IBM donated these algorithms to the Open Quantum Safe open source project, and also submitted CRYSTALS to the National Institute for Standards and Technology (NIST) for standardization.

“NIST has been going through peer reviews of top experts, algorithm cryptographers, etc. around the world to narrow down from 10 submissions to the last few that are finalists, and IBM’s algorithm is part of the final list,” Nagaratnam said.

Also today, IBM Key Project — a cloud-based service that provides lifecycle management for encryption keys used in IBM Cloud services and customers’ applications — introduced a new capability to use quantum-safe cryptography-enabled TLS connections to better protect data during the key lifecycle management.

IBM Cloud also announced quantum-safe cryptography support for application transactions. This means when cloud-native containerized applications run on Red Hat OpenShift on IBM Cloud or IBM Kubernetes Services, secured TLC connections protect these application transactions using quantum-safe cryptography support during data in transit, which protects against potential breaches.

And finally, IBM Cloud today extended its Hyper Protect Crypto services to secure application transactions and sensitive data, and provided customers with “Keep Your Own Key.” This new capability is built on FIPS-140-2 Level 4-certified hardware, which is the highest level of security offered by cloud providers for cryptographic modules and allows customers to have exclusive key control, as opposed to the cloud provider controlling the keys. This means customers maintain the authority over their data and workloads protected by the keys.

“When you look at the fullest degree of protection, of not only the data keys, but also the data that goes to the application, we are going to bring that holistic view of quantum-safe,” Nagaratnam said.