Advanced tape technologies

Storage solutions for Big Data


Quantum computing is an emerging form of computing technology that takes advantage of quantum mechanical phenomena to solve certain types of problem that are effectively impossible to solve on classical computers. Quantum Advantage will occur when quantum computers surpass today’s classical computers at which point they are expected to enable dramatic advances in areas such as chemistry, material sciences, finance and artificial intelligence, but at the same time they will also impact information security.

Quantum Computing Safe Tape DriveMagnetic tape drives, which were invented more than 60 years ago, are used extensively today for archiving data, due to their low cost and minimal energy requirements. Tapes are also known for being highly secure, since they use a combination of symmetric and asymmetric encryption and also provide an airgap. However, at the current rate of progress in quantum computing, it is expected that asymmetric encryption may become insecure within the next 10-30 years. Since tape systems are often used to archive data for decades it’s important to begin implementing quantum computing safe cryptography now to provide clients sufficient time to migrate to this new technology before their data becomes vulnerable.

In order to prepare for the impact that quantum computers are expected to have on data security, IBM Research has been developing cryptographic algorithms that are resistant to the potential security concerns posed by quantum computers. The jointly developed quantum computing safe algorithms are part of a lattice cryptography suite called CRYSTALS. The algorithms are based on the hardness of mathematical problems that have been studied since the 1980s and have not succumbed to any algorithmic attacks, either classical or quantum. CRYSTALS is developed in collaboration with several academic and commercial partners including ENS Lyon, Ruhr Universitaet Bochum, CWI and Radboud University. The CRYSTALS suite includes two quantum resistant cryptographic primitives - Kyber, a secure key encapsulation mechanism, and Dilithium, a secure digital signature algorithm. Both of these algorithms are candidates in the second round of the National Institute of Standards and Technology (NIST) Post Quantum Cryptography standardization process.

Quantum Computing Safe Tape DriveRecently, IBM Research – Zurich in collaboration with IBM Tape Development in Tucson have prototyped and tested an enterprise class tape drive that implements Quantum Computing-Safe Encryption Technology. The new prototype IBM tape drive is based on an IBM TS1160 tape drive and uses both Kyber and Dillithium in combination with symmetric AES-256 encryption to enable the world’s first quantum computing safe tape drive. The new algorithms are implemented as part of the tape drive’s firmware and could be provided to customers as a firmware upgrade for existing tape drives and/or included in the firmware of future generations of tape drives. IBM tape drives were the first storage technology to provide built-in encryption starting with the TS1120 Enterprise Tape and once again IBM Tape R&D is leading the industry in preparation for the NIST quantum computing-safe standardization. In addition to encryption, tape provides a further layer of security via an airgap between the data stored on a cartridge and the outside world, i.e. data stored on a cartridge cannot be read or modified unless it is mounted in a tape drive. With the development of quantum computing-safe tape encryption technology, IBM Tape continues the legacy of tape leadership in security and encryption and reaffirms its long-term commitment to this critical part of modern storage infrastructure.

Quantum Computing Safe Tape Questions

What are the new encryption algorithms and how are they used?

The quantum safe tape drive uses two new algorithms, Kyber and Dilithium, in combination with the well-established symmetric AES-256 algorithm.

Kyber is a secure key encapsulation mechanism whose security relies on the hardness of the module-LWE problem. The IBM Quantum Computing Safe Tape Drive uses Kyber for secure transport of keys between the tape drive and key manager. Kyber provides three different parameter sets aiming at different security levels. The IBM Quantum Computing Safe Tape drive prototype uses Kyber-1024 which provides the highest level of security, roughly equivalent to AES-256.

Dilithium is a secure digital signature scheme whose security relies on the module-LWE and module-SIS problems. The IBM Quantum Computing Safe Tape Drive uses Dilithium for authentication between the tape drive and key manager and for verification of tape drive firmware images.

Encryption of the data written to a tape cartridge is performed using the symmetric AES-256 algorithm which is considered to be post quantum secure.

When will the NIST Post Quantum Cryptography standardization process be complete?

NIST expects draft standards to become available in the 2022 to 2024 time frame, depending on how the standardization process proceeds. Currently, the standardization process is in the second round of analysis of submitted algorithms. In this second round, 26 of the 69 submissions accepted in the first round are under consideration, including Kyber and Dilithium. In the 2020/2021 time frame, NIST expects to either make a selection or begin a third round of analysis. After selection, the process will move to the standards drafting phase with expected completion in the 2022 to 2024 time frame.

Will NIST select a single technology as a standard?

Probably not. NIST anticipates that several algorithms emerge from the standardization process as “good choices” and does not expect to “pick a winner” from the submissions.

Are there other standardization efforts under way?

Yes. Other standards organizations including ETSI, ISO and ANSI are currently ramping up post quantum cryptographic efforts.

When will Quantum computers become available that are sufficiently large to be a security issue for encrypted tape archives?

This is a very difficult question to answer. Estimates range from 10-30 years. It has been estimated that on the order of one million physical qubits will be required to form a sufficient number of logical qubits to attack the cryptographic schemes in common use today. The actual number of physical qubits required is difficult to determine as it depends on the cryptographic algorithm and key length used to protect the data in the archive as well as several other factors including: the stability (coherence time) of the physical qubits and the error rates achieved, the efficiency of the quantum error correction scheme used as well as improvements in quantum algorithms. Advances in these areas are difficult to predict and could have a dramatic impact on the number of physical qubits required and hence on when the security of archives will be at risk.