Quantum computing is no longer a distant dream; it is rapidly becoming a reality with profound implications for data security. Quantum-safe cryptography refers to cryptographic methods that are more resistant to attacks from both classical and quantum computers. This is crucial because quantum computers are expected to eventually break current encryption algorithms like RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography). Cybercriminals, anticipating this future capability, are already intercepting and storing encrypted data—a tactic known as "harvest now, decrypt later" with the intent to decrypt it once quantum computing becomes powerful enough, CIOs must lead their organizations in preparing for this quantum-safe cryptography by developing a quantum-safe strategy that protects long-lived sensitive data from future breaches^[3]. The longer we delay adopting and transitioning to quantum-safe standards, the greater the risk of such data breaches.

The quantum era brings immense potential for solving complex problems but also poses unprecedented challenges to data security. Organizations must act now to build a roadmap for a quantum-safe future, ensuring their critical applications, supply chain, and infrastructure remain secure.

Why Quantum-Safe Matters Now

Today’s encryption, such as RSA, protects some of our most critical data from unauthorized access. While it would take today's most powerful classical computers an astronomical timeframe to decrypt - or hundreds of thousands of years, to break RSA-2048 encryption, a Cryptographically Relevant Quantum Computer (CRQC) could achieve this feat within hours, jeopardizing sensitive data worldwide ^[6].

Each day, 2.5 quintillion bytes of new data are generated, further amplifying the stakes. As this massive influx of data increases, postponing the adoption of quantum-safe standards only heightens risk exposure and the potential for catastrophic breaches.

Quantum-safe (AKA Post Quantum Cryptography) has emerged as the solution. The concept of quantum-safe involves developing new algorithms more resilient to quantum-enabled attacks, ensuring long-term security for data and systems critical to business operations, national security, and infrastructure. These quantum-safe algorithms are vital for maintaining the confidentiality and integrity of encrypted communications in a quantum-enabled future.^[7]  

IBM’s Leadership in Quantum and Quantum Safe

IBM Research has been at the forefront of quantum-safe cryptography since 2016, actively contributing to the National Institute of Standards and Technology (NIST) PQC competition. In 2022, after rigorous evaluation and testing, NIST selected four algorithms out of 82 submitted for standardization^[1]:

1. ML-KEM (FKA CRYSTALS-Kyber) – A lattice-based algorithm for key establishment, offering robust quantum resistance, efficient encryption, and small key sizes, making it ideal for hybrid cloud and edge use cases.
2. ML-DSA (FKA CRYSTALS-Dilithium) – highly efficient lattice-based digital signature algorithm ensuring secure authentication and verification for high-speed operations.
3. SLH-DSA (FKA SPHINCS+) – A stateless hash-based signature scheme, providing diversity with resilience against broader attack vectors, albeit with larger key and signature sizes.
4. FALCON – An alternative lattice-based digital signature algorithm, notable for its compact signatures and resource efficiency.

IBM Research Team significantly contributed to three of these algorithms—CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON—cementing its role as a leader in advancing quantumsafe. These innovations ensure secure encryption and authentication for critical data in the quantum era.^{[6] [7]}

Further solidifying its commitment, IBM’s z16 system, the first quantum-safe platform, integrates ML-KEM and ML-DSA to secure data at rest and in transit. IBM also offers a suite of software, IBM Quantum Safe, to help organizations identify cryptographic vulnerabilities and transition seamlessly to quantum-safe cryptography, addressing challenges like updating legacy systems, managing larger key sizes, and minimizing operational disruptions. By combining innovative algorithms with robust implementation frameworks, IBM provides a comprehensive approach to safeguard enterprises against quantum-risks.

Importance of Cryptographic Agility and IBM Quantum Safe Offering 

Crypto-agility means that a system, platform, application, or organization can rapidly adapt its cryptographic mechanisms and algorithms in response to changing threats, technological advances, or vulnerabilities. It enables an organization's systems to transition seamlessly between cryptographic algorithms, ensuring adaptability to evolving standards and threats without significant disruption.^{[2] [6] [7] [8]}

For organizations migrating applications to the cloud, cryptographic agility is especially critical to ensure secure and uninterrupted operations while adopting quantum-safe cryptography. A hybrid approach, supporting both classical and quantum-safe algorithms, ensures a smooth transition while safeguarding critical systems.^{[6] [7]}  

IBM emphasizes cryptographic agility as a strategic imperative, integrating this capability into its quantum-safe solutions. IBM Quantum Safe offers the most comprehensive solution to support discovering, assessing, and remediating cryptographic vulnerabilities:

• IBM Quantum Safe Explorer: discovery of cryptography usage across the application portfolio and create a Cryptography Bill of Materials (CBOM) to drive remediation strategy  
• IBM Guardium Quantum Safe: cryptographic security posture management with policy-driving analysis, tracking, and remediation  
• IBM Quantum Safe Remediator: mitigate "harvest now, decrypt later" scenarios by establishing best possible quantum-safe protocol between clients, applications, and servers in the network.

These tools collectively enable enterprises to identify vulnerabilities, prioritize risks, and implement quantum-safe solutions without disrupting operations. By fostering cryptographic agility—a strategic imperative rather than just a technical requirement—organizations can modernize their security practices, stay ahead of evolving threats, and safeguard their data.  

IBM’s Quantum Safe Roadmap provides a structured approach to help organizations transition to quantum-safe cryptographic standards while maintaining security and operational continuity.  

Conclusion

The quantum computing era will unfold over time, bringing transformative advancements that could redefine industries. However, this same power poses an immediate and unprecedented threat to today’s cryptographic systems. The lifecycle of your data encompassing its creation, storage, transmission, and eventual archiving represents an extended window of vulnerability. Cybercriminals employing "harvest now, decrypt later" tactics exploit this window, intercepting data today with the intent to decrypt it using future quantum capabilities. Transitioning to quantum-safe cryptography is not just about protecting data but ensuring the integrity, confidentiality, and trustworthiness of digital systems throughout their lifecycle.

IBM stands at the forefront of this transition. With decades of expertise in cryptography, IBM provides the tools, strategies, and leadership needed to navigate the quantum era. From pioneering quantum-safe algorithms to offering end-to-end solutions.

The true challenge isn’t whether quantum computing will affect your organization, but whether you’ll be prepared when it does. By adopting quantum-safe solutions, enterprises can protect their data, maintain trust, and secure their future in an evolving digital landscape. The quantum-enabled risk is real, but so are the solutions. Security in the quantum era is no longer a distant concern; the risk is real, and the time to act is now.

References

1. Moody, Dustin. “Let’s Get Ready to Rumble—The NIST PQC ‘Competition.’” NIST.  Accessed October 11, 2022
2. Chen, Lily et al. “Report on Post-Quantum Cryptography.” NISTIR 8105. April 2016. 
3. IBM Blog: Quantum-Safe Cryptography CIOs must prepare their organizations today for quantum-safe cryptography
4. NIST Official Post-Quantum Cryptography (PQC) Competition Page:  PQC Cryptography
5. Mosca, Michele, Dr. and Dr. Marco Piani. “2021 Quantum Threat Timeline Report.” Global Risk Institute. January 24, 2022
6. “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” The White House. May 4, 2022. 
7. Candelon, François, Maxime Courtaux, Gabriel Nahas, and Jean-François Bobier. “The U.S., China, and Europe are ramping up a quantum computing arms race. Here’s what they’ll need to do to win.” Fortune. September 2, 2022. 
8. Crypto-agility and quantum-safe readiness : Maximize your Quantum-Safe journey by establishing a broad framework of cryptographic agility.