IBM predicts Lattice Cryptography will be big within 5 years to stop hackers

IBM’s mission is to help their clients change the way the world works. There’s no better example of that than IBM Research’s annual “5 in 5” technology predictions. Each year, they showcase some of the biggest breakthroughs coming out of IBM Research’s global labs – five technologies that they believe will fundamentally reshape business and society in the next five years. This innovation is informed by research taking place at IBM Labs, leading-edge work taking place with our clients, and trends we see in the tech/business landscape.

Later today, they’ll introduce the scientists behind this year’s 5 in 5 at a Science Slam held at the site of IBM’s biggest client event of the year: Think 2018 in Las Vegas. Watch it live or catch the replay here. Science Slams give their researchers the opportunity to convey the importance of their work to a general audience in a very short span of time — approximately 5 minutes. They have found this to be an extremely useful exercise that makes our innovation more accessible by distilling it down to its core essentials.

Here is one of the five predictions.

Hackers gonna hack. Until they encounter lattice cryptography.

The scale and sophistication of cyber-attacks escalates every year, as do the stakes.

In five years, new methods of attack will make today’s security measures woefully inadequate. 

For example, many years from now, a fault-tolerant, universal quantum computer with millions of qubits could quickly sift through the probabilities and decrypt even the strongest common encryption, rendering this foundational security methodology obsolete.

IBM researchers are developing a new security method designed to address this inevitability. It’s built on an underlying architecture known as lattice cryptography, which hides data inside complex algebraic structures called lattices. 

Here’s how it works. In mathematics, lattices present problems that are considered very hard to solve. One of these problems is called the Shortest Vector Problem: finding the point in the grid closest to the origin. The difficulty in solving these problems is useful for cryptographers, because they can apply this intractability to protect information, even when quantum computers are strong enough to crack today’s encryption techniques.

Lattice-based cryptography isn’t only for thwarting future quantum computers. This cryptographic Swiss army knife of algebra is also the basis of another encryption technology called Fully Homomorphic Encryption (FHE). 

Today, files are encrypted while in transit and at rest, but decrypted while in use. This process provides hackers ample opportunity to view or steal unencrypted files. 

Cryptographic secure-computation technologies, such FHE, eliminate this vulnerability by allowing the calculation of data by parties even while the file remains encrypted.

Until recently, FHE was too slow and expensive to be used broadly. But algorithmic tuning and hardware acceleration techniques have reduced the time and expense of using FHE by many orders of magnitude. Calculations that would have required years can now be done in hours or even minutes.

FHE and other secure-computation tools could make it possible for many cooperating parties to perform calculations on a file without ever seeing sensitive data or exposing it to hackers. 

For example, a consumer credit reporting agency could analyze and produce credit scores without ever decrypting the personal data. And primary care physicians could share patient medical records with specialists, labs, or genomics researchers and pharmaceutical companies in a way that enables each party to access pertinent data without ever revealing the identity of the patient. 

The good news is that the security community is already preparing for the future. In fact, this past December, IBM scientists submitted their post-quantum encryption techniques to the National Institute of Standards and Technology for consideration as a global standard; another step towards ending the cyber-security arms race.