 Hello everyone and thank you for joining us today. I'm Gosia Steindl, IBM Fellow and CTO of Hybrid Cloud Research. We are looking forward to a lively discussion about the latest cryptography research. Following the program you'll have the ability to submit questions to an IBM speaker. We'll save the last few minutes for questions and try to get through as many as we can. And now let's talk about cryptography. Cryptography has been around for millennia. The first encrypted messages were disordered hieroglyphs carved on tombs in ancient Egypt. At IBM we began exploring cryptography in the 1960s when IBM chairman Thomas Watson Jr set up a cryptography research group. The group created an encryption method named Lucifer to protect the data for a cash dispensing system that IBM had developed for Lloyds Bank in the United Kingdom. In 1971 Lloyds Bank bought the code and IBM worked to integrate Lucifer into its commercial product, the ATM. And today cryptography remains a key part of IBM's business and the priority for IBM research, one of the largest industrial research organizations in the world. In this session we'll discuss three critical emerging areas of data privacy and cryptography, confidential computing, quantum safe encryption and fully homomorphic encryption. Each of these is solving a different piece of the data security equation. Let's start with one area of security research that companies today are actively using, confidential computing. Confidential computing provides hardware level privacy assurance by encrypting data within a secure enclave that not even the cloud provider can view or access. In 2018 IBM became the first cloud provider to offer confidential computing for use in production. Currently clients in the financial services, telecommunications, consumer healthcare and government industries all use confidential computing capabilities from IBM. To share more let's turn to Hillary Hunter, IBM fellow and vice president and CTO IBM Cloud. Thanks Gershey, it's such a pleasure to be here today. You know to jump off on what you said, for IBM our cloud strategy has always put the security and privacy of our clients data at the forefront. We believe our clients and only our clients should have access to their sensitive data and to their data overall and one of the ways that we're making that happen in technology is through confidential computing that you just described. These capabilities allow company running workloads in the cloud or on premises to have full privacy and control over their workload even though they don't necessarily own the infrastructure in the cloud context when the workload is hosted. IBM has been working with confidential computing now for around a decade and we were the first to market as you mentioned with a commercially available solution in 2018. But we've worked since then with a handful of companies across different industries who are using our confidential computing capabilities to ensure that critical data can be processed with complete privacy and we're going to talk about a few other keywords in this space but I am delighted to have one of those clients here with us today and want to welcome Samuel Brock who is the co-founder and CTO of DIA which is an open source financial information platform. Welcome Samuel. Thanks for the warm welcome and thanks for being able to be here. Yeah welcome everyone. Wonderful thank you. So Samuel just to kick us off here can you talk me through a little bit about DIA in the space that you're working in? Yes so we are a financial data provider providing data mainly on blockchain financial markets so our main focus lies in decentralized finance and everything which has to do with with on-chain reporting on on different data sources. It's a very fast moving space and it's also a space where a lot of data is handled in a very short amount of time so we need a reliable and scalable solution while also we have obviously customers who are very decentralized and very spread out about many jurisdictions and we want to show them that they can that they can rely on our data and that our data is always with the highest protected with the highest level of integrity. Yeah it's interesting because I kind of hear you saying that data privacy is important to you because it's important to your end clients right? It's part of being able to use something like confidential competing as part of the core value proposition that you then pass along to your clients. Yes so for confidential computing I mean one of the one of the advantages in our space is that we don't have personal data in the in the traditional sense so data privacy is not a concern in the in the privacy sense that people's data is concerned so we have financial data it's public data in the end but what we care about a lot is data integrity and also the ability to to be very sure that no one else can tamper with our calculations with our database so that everything is really in a in the secure enclave but without the disability or without the the problems we would have for example when doing it completely decentralized which introduces a lot of costs a lot of latency a lot of complexity so we try to get to the sweet spot of having decentralization only for parts where we actually really need it and to use a centralized secure system when possible. Yeah I think it's such a great example because you've introduced that word integrity and I think across many different industries people understand that both privacy and integrity are important there's high value capabilities and then there's a lot of capabilities as you're dealing with across different industries where the integrity of transactions and the consistency and the ability to know and trust that process is important and that applies to many different types of industries that's great thank you. So I know you looked at a lot of different technologies can you just elaborate a little bit more on where you ended there as to why confidential computing versus general computing how did you make that decision to to leverage confidential computing and secure enclaves to establish that data integrity and privacy. So with traditional cloud computing let's call it like that there's always a problem that we have to yeah we have to trust the cloud provider in some sense that the data is or that that the yeah on one side that the data and databases that are hosted there is not tampered with or not changed on the other side that also the computing itself so the code is which is run is not changed I mean there's obviously protocols for that so you can you can run it in a multi-cloud environment and then have it synchronized but again that introduces latency introduces complexity on top of that then the question comes up who controls the system on top of it is it running on-prem or is it also running in a cloud. Obviously I mean the cost of every attack will increase with every level of security you add but also the the potential benefits are very high because in yeah in our blockchain world we essentially working with programmable money so if someone finds a bug or someone can find a way to to access and to to change our data there's suddenly a very high monetary value so there's a concept called cost of corruption and this this cost of corruption can be very it can be very even for attacks which are very expensive can be very beneficial to to to do them if you have like a monetary value directly coming out of the attack. Yeah and I know when we when we met earlier you know we were chatting a little bit about some analogies that that we've tried to help folks understand sort of those degrees of of security and the cost of attack as you said you know in our daily lives you know a hotel has has video cameras outside and a security person at the front desk and you use your key card to even get on the elevator you use it to get into your room but yet we all know there's a there's a vault there that we may choose to additionally put very particularly sensitive things into in that room and so it's always a matter of degrees and for the type of work that you're doing really you know securing the integrity of transactions and data is is that much more important to then make a specific confidential computing choice that's great thank you so so I'm going to wrap us up here thank you so much for being with us today Samuel I think that was a great articulation of the practical application of confidential computing and it's great to see your work live on our cloud and you all pursuing those opportunities in the market so thank you for being with us today. Thank you. Thank you so much Hilary and Samuel now that we have learned about the promise of existing technologies like confidential computing and just how far we've come since the advent of cryptography it's time to discuss what's ahead at IBM we believe that quantum computing is a large part of the future of computing and currently have deployed more than 20 quantum computing systems but quantum computers are really good at factoring large numbers and the strength of today's cryptography depends on the difficulty of factoring so clearly quantum computing poses a potential security challenge for more than three years IBM research the national institute of standards and technology and the broader crypto cryptography community have been examining new approaches to encryption and data protection to keep our most sensitive data safe from quantum computers let's learn more from NIST and hear from IBM researchers about our latest advances in this field. Hello my name is Dustin Moody I'm a mathematician with the national institute of standards and technology usually known as NIST I'd like to thank IBM for the invitation to come and talk a little bit about post-quantum cryptography and what NIST is doing to address this threat just an obvious disclaimer I don't speak for the entire federal government and because I'm speaking in an IBM event that does not mean we endorse any products or anything like that so over the past few decades there's been a lot of research and work towards building what's called a quantum computer a quantum computer would operate on a fundamentally different paradigm than our current classical computing technology that we use today and if such a large-scale quantum computer were actually able to be completed and constructed it would have a lot of positive applications because it has a tremendous potential for improving computational power so there would be a very lot of positive applications in science and medicine and so on but there would also be a consequence with regards to the field of cryptography and in my area at NIST we work on creating standards for cryptography which tell the government and other organizations how they can safely use cryptography for their application needs and it's been known for a while that with a large-scale quantum computer that there are some attacks which would completely break some of the crypto systems which we use today these are called public key crypto systems and they are standardized in some of our our documents at NIST and even though we don't yet have a such a quantum computer around people are actively working on building one they're actually you could already be under a threat of attack from one before one is built and this is because somebody could take your your data and information which is encrypted using our current crypto systems and they could just hold on to it they can't read it because it's encrypted but they can wait until the quantum computer comes along and then they're able to crack into it and you may not be providing protection that you hope for the amount of time that you do thus it's important to already be thinking about this project and getting to work on making sure we can counter this threat now all of this depends on when a quantum computer will be built and the answer is nobody knows for sure people are actively working on it working very hard making a lot of good progress there are some experts who have estimated that it's it's possible that in 10 years 15 years you know maybe we might have one of these around and so that's why NIST has been working on this project for quite some time want to emphasize that this is a a field called post quantum cryptography it's to search for crypto systems which would replace the ones that would be broken by an attack from quantum computers there's another type of cryptography that sometimes kind of gets lumped in with this because it has the word quantum in it and that's quantum key distribution or qkd that's a that's a different application and i'm not talking about that in 2016 at NIST we issued a we published a short report explaining post quantum crypto and talking about what we would be doing to work towards standardizing the crypto systems in essence we kicked off a large international competition and the scope of that was for public key digital signatures and public key encryption or key exchange algorithms and we pledged to run a process that would be open and transparent to select the the most secure and best crypto systems that came out of this process our criteria were number one security and number two performance besides a number of other characteristics that we hope the the algorithms that we received would have and this was open to everyone we received a large number of submissions and we posted them on our website the complete specifications as well as a code that you could download and implement this so internally at NIST we are testing these and we encourage people from around the world to evaluate them as well we structured our process to be in a series of rounds where at the end of each round we would select a smaller number of algorithms to move on to the next round and for us to focus on currently we're in the the middle of the third round we have seven finalist algorithms and eight alternate algorithms that are currently being looked at we expect towards the start of 2022 or so we will select a small number of them to begin being standardized as the first quantum-resistant algorithms to be included in our our standards for public key cryptography we'll then put those out for public comments and hope to have the the final version completely ready and published by around 2024 we definitely want people to be aware of the the threat and what's going on with what's called post-quantum cryptography and to be planning ahead there will be a transition to these algorithms and like any crypto transition it's not always it's not going to be necessarily easy and that's particularly the case here because we're dealing with algorithms that are a lot more complex in terms of the math they use and some of the characteristics that they have they also have things like larger key sizes so we as much as possible we're trying to prepare as much as we can and encourage others to do so so we encourage companies and organizations to you know do an internal analysis of this look at the crypto you're using is it threatened by quantum computers be aware of what's going on and the sooner that you plan ahead you'll be able to get ahead of the curve and not be left scrambling at the end once again thanks for the opportunity to speak and if you have any questions for me the good folks at IBM will send those my way or give you my contact information thank you very much so good morning my name is Vadim Lubashevsky and I'm a research scientist here at IBM in Zurich so we just heard Dustin from NIST talk a little bit about the importance of switching to quantum safe cryptography and he also mentioned that NIST narrowed down the selection list for the new standard to about seven finalists so I'll now talk a little bit about what IBM's role in this is and how we're planning for this quantum safe future so IBM has contributed five of the initial 69 schemes that started out in this standardization process in 2017 and four of these five are now among the seven finalists and the remaining one is an alternate so we've definitely got some internal expertise in this field and we're taking this transformation to quantum safe crypto pretty seriously so in fact IBM has already incorporated quantum safe crypto into a good number of its products so for example IBM cloud and redhead open shift and the cryptography that we've incorporated comes from a family of schemes that we submitted to NIST which we call crystals it's an acronym for a cryptographic suite of algebraic lattices and these schemes derive their security from the fact that they are based on the presumed algorithmic hardness of something called lattice problems and these lattice problems are mathematical problems that have been studied for many decades and they seem to be resistant to quantum attacks so luckily for us they're also something that lead to very efficient cryptographic schemes and what's more and you'll hear an example of this later in this broadcast is that the mathematics of lattices also allows us to construct things that can't be done in any other way so they have benefits even beyond just quantum safety so for these reasons cryptography based on lattice problems really might become very important in the future and i guess this point might be interesting to ask what are these problems what do they look like and how do they differ from classical problems upon which crypto now is based so a classical problem which maybe you've heard of if you know something about cryptography upon which some of today's cryptography is based is called factoring so i mean there for example i give you a number like let's say 713 and what you're supposed to do is to find the two numbers 23 and 31 in this case whose product is 713 right so for classical computers this factoring problem is quite difficult at least we believe it's quite difficult when these numbers are big so if the number i gave you is a thousand digits i mean i gave you a three digit numbers that's not hard but if it were a thousand digits then the best algorithm on the best supercomputer would probably not finish for billions of years now a powerful enough quantum computer on the other hand can solve this problem in a couple of hours and this is where the problem comes in for security so now what are these lattice problems that we believe to be hard even one even for quantum computers right so the easiest way to explain what a lattice problem is is as follows so suppose someone creates a random list you know for this for this example let's just say it's six numbers between zero and a hundred and everyone knows this list me you the bad guys everyone i mean in fact if you were wondering what's behind me that's the list right so here's this list and then it's completely public and what i do is i pick three of these numbers i don't tell you what they are and i write down their sum so let's say i write down the sum just you know so you see what this 130 so now your job is to figure out which three numbers i picked or what are the three numbers that sum to 138 right so i guess there's no way for you to tell me right now if you have the answer maybe you can type it into the questions and the communications team will let me know if somebody gets it no i'll wait a few seconds no no okay well anyway it doesn't matter right i mean the numbers were 28 39 71 right so it's kind of hard right but i'm sure if you had enough time you would you would figure this out um but it seems like you know if we took had more numbers uh than for classical and quantum computers this problem would be extremely hard so if we had a list of you know a thousand thousand digit numbers um then uh you know this problem seems like it would be hard even for quantum and classical cryptography classical computers right and upon this problem we can build very efficient and expressive quantum safe cryptography now as i said before some of this cryptography is already in systems today and it's not just IBM who's experimenting with the crystals library other enterprises are too and the software is open source so anyone can go ahead and use it now and so so far from these experiments we've noticed that the efficiency of the schemes is such that the end user won't notice any difference so in fact sometimes the new scheme is even faster so the quantum threat is not an existential one for cryptography we will have security it's just that we need to do the work to switch over to different cryptographic algorithms so um i'd like you to walk away remembering just a few key points so first is you do not need to do anything quantum to fight against the quantum computer there are many normal mathematical problems um which are suited to quantum to cryptography that a quantum computer uh most likely can solve and in the vast majority of cases if today's cryptography is replaced with lattice cryptography the end user won't see any negative effects uh in fact in some cases it may even lead to a speedup and uh third is there are many good reasons to start using quantum safe crypto now and these were mentioned by Dustin for example i mean the most important one is i guess that your data now can be harvested and stored until a quantum computer is built at which point it can be decrypted so all confidential data from today can become a completely leaked and insecure when a quantum computer is built and you know to prevent something like this because it's already efficient there is no really no reason not to start switching over to quantum safe crypto now and if you plan to do your switch you know you can do it in an agile fashion meaning you'll be able to later plug in any scheme that may eventually be standardized so don't hard code your scheme in but do the transition so that any scheme can be plugged in as a black box and so thank you for your attention thank you Vadim for giving us a peek into the insights of quantum safe encryption and how it can protect us against threats from future technologies we learned earlier that confidential computing is one way IBM is helping clients solve the challenge of maintaining the privacy of data in the cloud it allows us to encrypt application data when it is in use but what can be done to protect the data from the application itself that's where the prospect of fully homomorphic encryption comes into play over the past 10 years IBM has taken something so complicated that only a few people could use and turned it into 10 lines of simple code today we are excited to share the latest advancements in this technology and how IBM is working to bring it from the research lab into early adoption by clients our private information and data are being shared more widely than ever before and often we're the ones sharing it we share our data in exchange for convenience and improved services as long as our personal accounts remain untouched we think nothing of it and for most giving up our personal information is required to interact in the digital world both at work and to utilize basic everyday services so how do we know our data is safe while most of the sensitive data we share is encrypted encrypted data is useless to hackers and thieves as it's translated into complex code or cipher text that can't be read by humans that's a good thing but while encryption safeguards our data as it's being stored or transferred the data must be decrypted or translated back into clear text to be processed this provides a window of opportunity where your data is exposed making it vulnerable to cyber criminals privacy violations and other misuse IBM is combating this problem with fully homomorphic encryption or FHE which is changing the paradigm of security it's a technique that enables computers to process sensitive data while it's still encrypted for example every time you hop in the car and fire up your phone's navigation app the app needs to know where you are where you're going and any stops along the way in order to give you the best route with FHE the app could still provide those same directions without the service behind it needing to see or save that information about you maybe you don't care about an app knowing your location maybe the convenience outweighs the risks but what if this data was much more sensitive like say healthcare records or your personal banking data suddenly the stakes are much higher the ability to apply AI machine learning and other computing functions to data without exposing more private information is the essence of what fully homomorphic encryption enables first in vision in the 1970s an IBM researcher pioneered the mathematical framework to make FHE possible in 2009 but FHE was too slow for everyday usage because of the enormous computing power it required back in 2011 it took 30 minutes to process a single bit using FHE but by 2015 we could compare two human genomes with FHE in less than an hour and now through software and hardware advances the time has come for companies to start experimenting with FHE FHE will be a game changer for security in the hybrid cloud era unlocking new business opportunities with its ability to process regulated and sensitive data FHE will drive wider enterprise adoption of hybrid cloud platforms especially in highly regulated industries like financial services and healthcare FHE could also impact mergers and acquisitions where due diligence could be performed without violating the privacy of account holders shareholders and clients even airlines hotels and restaurants could utilize FHE to offer packages and promotions without giving their partners access to details of closely held customer data sets but first things first companies need to get their hands on this technology to begin developing real-world usages for FHE within their unique industries with the launch of IBM security's homomorphic encryption services clients will gain access to both the tools and cryptography expertise needed to start building prototypes for their own FHE enabled applications pushing forward on this new frontier of security is part of what positions IBM as the leader in hybrid cloud all the while protecting the privacy and trust of clients and keeping your data safe hello my name is Eric Moss and i'm responsible for strategy within the IBM security business unit part of which means getting technologies like fully homomorphic encryption out of the lab and into the hands of our clients so let's first understand FHE as you just heard it's a unique form of encryption and it's going to allow us to compute upon data that's still in an encrypted state but to better understand that let's first revisit some of the classical encryption models that we know well we have data at rest and this has historically allowed us to protect data that's being stored whether on a disk or in a database then we had data in transit and this allowed us to protect the confidentiality of data as we transmitted it between point a and point b over a network what's been missing has been this ability to compute upon data while it's still encrypted keeping the data in a protected state while a CPU can compute upon that data so let's look at an example of this let's say we have an application and that application needs to perform some type of statistical analysis on a data set well in order for that application to do its job the app first needs to decrypt the data in order to access it then it can perform a statistical analysis in the form of computation on that data but the act of decrypting the data itself puts the data in a vulnerable and exposed state with FHE we now have the ability to actually keep the data encrypted never exposing it during the computation process this has been somewhat akin to a missing leg in a three-legged crypto stool we've had the ability to encrypt the data at rest and in transit but we have not historically had the ability to keep the data encrypted while it's being utilized this is being made possible by some of the same lattice encryption techniques and mathematics that you heard Vadim discuss so again let's look at why this is important to our clients and to businesses at large first let's acknowledge the fact that our clients are facing two really large forces against their business the first is in security but the other one is a business force on the security front companies are facing multiple pressures in the form of increased regulations both industry as well as government regulations that are pushing for better privacy controls the punitive fines and damages that go along with this are significant on the flip side though these lines are looking at the business pressures that they're facing they're looking to improve the use of their data data as a competitive differentiator in the form of collaboration or monetization and they also have an increasing reliance upon that data for their day-to-day operations an example of this could be seen in the health care ecosystem the health care ecosystem relies heavily upon collaboration between health care providers insurers clinical researchers the ecosystem is is quite vast and they must have the ability to seamlessly provide high quality services through data collaboration but with that is also the need to provide trust and the ability to secure this data and the ability to secure that data is paramount to their trust in the broader public's eye in this case FHE will allow us to secure that type of collaboration extracting the value of the data while still preserving the privacy of it meanwhile FHE allows us to provide a certain type of security that can follow the data this differs somewhat from the confidential computing that we discussed earlier as it's not reliant upon any type of special hardware and it allows us to ensure that even data in untrusted environments where we have no control over the hardware can remain secure so where are we today with homomorphic encryption you heard IBM has been working on FHE for more than a decade and we're finally reaching an apex where we believe this is ready for clients to begin adopting in a more widespread manner it's been historically complex not just in terms of the calculations that are performed on the data but it requires a lot of computing power and the skills and learning curve have typically been very steep for the normal client out there but there's some good news here researchers have been working as we discussed to refine this process making FHE much more efficient than it has been in the past and we now have technologies that are going to allow our clients to more easily adopt FHE and that becomes the next challenge widespread adoption there's currently very few organizations here that have the skills and expertise to currently use FHE but IBM research has been helping in this space by delivering not only open source and toolkits to help encourage that adoption but IBM security has recently launched its first commercial offering on IBM fully homomorphic encryption services back in December this is aimed at helping our clients start to begin to prototype and experiment with fully homomorphic encryption with two primary goals first getting our clients educated on how to build FHE enabled applications and then giving them the tools and hosting environments in order to run those types of applications so how is FHE going to be used in the near term as you heard highly regulated industries such as financial services and healthcare will be some of the early adopters in this space they have both the need to unlock the value of that data but also extreme pressures to secure and preserve the privacy of the data that they're computing upon but rather than just tell you about that here let's talk to one of my colleagues Omri and IBM research who can show us a demonstration thanks Eric working on FHE we wanted to allow our customers to take advantage of all the benefits of working in the cloud while adhering to different privacy regulations and concerns what only a few years ago was only theoretically possible is becoming a reality our goal is to make this transition as seamless as possible improving performance and allowing data scientists and developers without any crypto skills a frictionless move to analytics over encrypted data in the demo I'm about to show you we worked on a use case for such a regulated industry the healthcare industry in this demo a hospital is sending private healthcare records to the cloud for analysis now this could be done to analyze DNA for genetic issues or us will be shown here to alert regarding a possible risk for certain condition now prior to FHE such analytics on the cloud were very challenging since the data had to be decrypted prior to processing so this uh interfered with different regulations and privacy concerns but now we are able to upload the data encrypted analyze it while encrypted using a machine learning model which is in and of itself also encrypted get the result of the analysis encrypted and send them back to the hospital or the patient for decryption so let's start the demo as you can see what was one what once took hundreds of lines of code and advanced crypto skills a can now is now accessible to data scientists a whom with less than a dozen line of lines of code you can see marked here can leverage the capabilities a of FHE now if we run this code give me a sec now if we run this code you can see that what was just five years ago would have taken a few hours is now processed in much less than a second if you can see here 0.069 seconds to be exact and thank you thank you omri you've just seen three crucial technologies that are shaping the future of secure computing around the world confidential computing quantum safe encryption and fully homomorphic encryption these capabilities were born in IBM research and we are working with partners and clients some of whom you have met today to commercialize and integrate them into our everyday lives thank you for joining us today and stay well