back to article Why is IBM selling post-quantum crypto when it's still a pre-quantum company?

IBM's most exciting mainframe yet, the  z16, is finally here.  Just three years after the z15, at this rate IBM has until 2212 to buy the z80 trademark from Zilog. It's good for hybrid cloud, apparently, but the two main advances are real-time AI fraud detection, and "industry-first" quantum-safe cryptography,  the stuff that …

  1. Doctor Syntax Silver badge

    "t's only competing in that category against itself."

    To be exact, it's competing against its previous model. By and large that's how the entire industry has worked for decades.

    For instance I've lost track of the number of ways to connect storage to CPUs over the last 40 years or so. Need more storage to hold the accumulated data and bloated software? You can't connect it to that old computer, you'll have to buy a whole new system.

  2. haiku

    Why are you surprised: IBM invented "vapourware"

    As in "dream-on ware" a.k.a. as a "statement of direction".

    Normally trundled out when the competition launches a better product and/or IBM Sales become fearful.

    Easily identified by the preceding luncheon and the protecting NDA's

  3. Pascal Monett Silver badge

    "Have you seen the forms?"

    I went to check them out.

    The most interesting thing I find is that there isn't a dollar quote anywhere to be seen.

    You get a boatload of MSU ranges and corresponding AWLC percentage reductions (could somebody translate that into English ?), but after skimming over the blah blah I couldn't for the life of me tell you how much one would cost.

    Of course, I'm sure a call to my nearest friendly IBM salesperson would guarantee a quote and a nice monthly charge in the blink of an eye.

    1. stiine Silver badge

      Re: "Have you seen the forms?"

      no, and there's a formatting error in the last paragraph.

      1. NoneSuch Silver badge

        Re: "Have you seen the forms?"

        Report the error to the link at the bottom of every article. It is usually fixed in minutes.

        1. David 132 Silver badge
          Thumb Up

          Re: "Have you seen the forms?"

          I think @stiine means the formatting error in the last paragraph of the linked IBM "pricing-but-not-pricing" form.

          How dare you suggest that there might be an error in anything produced by the fine editorial team at El Reg?

    2. Anonymous Coward
      Anonymous Coward

      Re: "Have you seen the forms?"

      "The most interesting thing I find is that there isn't a dollar quote anywhere to be seen."

      At this level of hardware, there's no such thing as a MSRP or (car analogy) a window sticker price. The price is whatever the sales team thinks they can get out of you.

      Sure, there are other variables, like how far they are from hitting quarterly sales goals or escallator clauses, but it comes down to what they can wrangle out of you.

      I haven't dealt with IBM sales, but I've experienced it in other industries. Sales team shows up on site, each of them wearing a suit that cost more than my car, and then the negotiations begin.

    3. Santa from Exeter

      Re: "Have you seen the forms?"

      Of course there isn't a 'Dollar Price', that would be like saying "How much for a Ford".

      How many cores do you want?

      How Many LPARS do you want?

      Do you have a Z/OS workload or is it all Linux guests?

      Beginning to get the picture?

    4. Roland6 Silver badge

      Re: "Have you seen the forms?"

      >The most interesting thing I find is that there isn't a dollar quote anywhere to be seen.

      The most interesting thing I noted, because it wasn't mentioned is export licencing and prohibition...

      " "industry-first" quantum-safe cryptography, the stuff that even pesky quantum computers can't crack."

      That suggests the z16 is capable of creating stuff that is uncrackable by quantum computers and thus the NSA... Which would suggest the US won't want this technology reaching undesirables such as China and Russia...

  4. Roger 11


    It would the apex of stupidity if IT giants and states wouldn't invest in quantum technology. Of course, it has yet to become practical., but hey, we started with telegraph before the telephone became for real.

    1. Yet Another Anonymous coward Silver badge

      Re: Meh.

      IBM announced to shareholders that 90% of their sales are quantum computers (well semiconductors are quantum aren't they?)

      1. David 132 Silver badge

        Re: Meh.

        "Quantum" in the sense of "a discrete quantity"?

      2. Roland6 Silver badge

        Re: Meh.

        >well semiconductors are quantum aren't they?

        It depends on what the Executive incentive scheme says and whether it has been approved or not...

  5. Anonymous Coward
    Anonymous Coward


    Lotus Domino and Webspehere. It's enough to drag you back into the horrors of the mid 90s

  6. Anonymous Coward
    Anonymous Coward

    "Also known as post-quantum cryptography or PQC,"

    Also, also known as PRC, or Post Retirement Competition, where it's a race to see which occurs first - retirement or the arrival of quantum computers. I'm putting my money on retirement.

  7. MrMerrymaker

    Why IBM anything? A universal answer

    They don't, broadly, know what they're doing, so will latch onto something before it hits inevitable roadblocks (such as them not really having a handle on it)

    1. Roland6 Silver badge

      Re: Why IBM anything? A universal answer

      I suspect the malaise infecting IBM is also infecting many other big companies, with the activist investors et al not really being interested in the product, just in the financial numbers and what they are doing to the stock price.

      Part of Apple's wilderness years can be attributed to its senior executives having no concept of how innovative technology companies work and being overly focused on short-term shareholder returns - under Job's they perceived that Apple was spending too much on product development and not enough on directly competing with IBM/Microsoft.

      I suspect this executive rot is also a contributor to the product development mess Microsoft are in with Windows...

  8. Displacement Activity

    Acronyms, please

    PQC= Post Quantum Crypto; agreed. But you say 'QC' is Quantum Computer. It makes more sense for it to be Quantum Crypto, without the Post.

    QC= provably secure Quantum Crypto (barring engineering failures, at any rate); in production now, with people buying it, protecting data in transit. PQC = an algorithm which is not provably secure (I think), but which is not thought to be amenable to attack by an algorithm which has yet to be written, running on a computer which has yet to be built.

    1. Anonymous Coward
      Anonymous Coward

      Re: Acronyms, please

      Post Quantum Crypto.

      -- Post Quantum Cryptography, as in the NIST PQC competition

      -- Post Quantum Crypto as in muppets buying *coins that are only worth what the next Ponzi mark will pay

      You should add CRQC (via NSA) to your acronym list.

  9. sreynolds Silver badge

    one does not simply walk into Mordor

    I used to have a 12 core or so PowerPC model with 384G or RAM available for me, and running as root - back in the days when the average developers desktop had 1G of RAM - for testing some DB2 transnational middleware.I think that it used in the tens of KW range of power, so you will probably need all three phases.

    The company used to sell their software for "free" and get the commission from the big blue - for selling the Iron and DB2. They used to lend us that kind of hardware before it was sold off.

  10. sreynolds Silver badge


    I would wait to see if some smarty pants finds some algorithm for those lattices that are used in the Quantum "safe" algos

    1. Bartholomew Bronze badge

      Re: Latticies

      The IACR (International Association for Cryptologic Research) have published a few papers about initial attacks on the current lattice algorithms (WARNING: they are all heavy on the crypto maths) plug the following into your personal search engine of choice: attack against lattice

    2. Michael Wojcik Silver badge

      Re: Latticies

      Wait how long? "some algorithm" to do what?

      If you'd waited until MD5 and SHA-1 were broken to decide what cryptographic hash to use, you'd have waited until SHA-2 was standardized in 2001 to do any asymmetric cryptography, HMACs, etc.

      There are certain kinds of proofs of security that we can, in principle, find or create (depending on your stance on mathematical Platonism) for algorithms. We can say "under these assumptions, we can prove a lower bound on the amount of work needed to reverse this construction without the secret", for example. We can talk about Random Oracle proofs and the like.

      We can't prove something is secure in an absolute sense, because 1) that would involve either proving a negative (there is no viable attack) or exhausting all possibilities; and 2) there's no such thing as "secure in an absolute sense". It's a nonsense concept.

      And we use lots of cryptography which doesn't have particularly strong proofs. There's no proof of the hardness of factoring; there's just no published algorithm for general integer factoring that's better for large integers than GNFS. (There are special cases, such as when the factors are relatively close to one another and you can use Fermat's, where other algorithms are better.)

      That's why we have a three-stage NIST competition for PQC, which is now in stage three. And things continue to shake out; Rainbow was broken just a few weeks ago.

      But we can say some useful things about PQC. Like, for example, that if there's an algorithm in complexity class BQP for solving lattice problems, then the complexity hierarchy collapses, which would be a Pretty Big Deal and seems Rather Unlikely.

      The oldest PQC schemes, McEliece and NTRU, look to be reasonably secure. They've received a lot of attention. The problem is they're expensive. So people come up with related schemes that use smaller keys or smaller signatures or are faster or whatever, and then other people try to break them. (Well, that's one problem. They also don't have some results we'd be happy to see.)

      Most of these schemes are variants on McEliece, which is conceptually pretty simple. You have a matrix-based error-correcting code. You inject some noise into your generator matrix using a permutation P and a linear transformation S. P and S become the private key; if you know them, you can remove the noise and correct out the errors that were injected into the message.

      I think it's a little early to be advertising baked-in PQC, since the NIST competition is still running. Even if we get practical quantum supremacy in, say, the next few years, breaking RSA or ECC with decent key sizes will be expensive; attackers won't be breaking everything left and right. And applications that deal directly with cryptographic resources such as keys and signatures will probably need changes to handle the huge keys and signatures typical of these algorithms, so organizations will be slow to switch to PQC.

      1. sreynolds Silver badge

        Re: Latticies

        First you wait for the early adopter muppets to iron out the bugs.

        Then you wait for version two or three (SSL joke here) when it works.

        And the wait isn't a scientific decision. Its more of an engineering decision based on:

        Quantum computing probability of working, reliability of current prime number and some EC algos. versus AES key size (is Grover;s the only algo I know).

        And for how long does your stuff need to be secret? Most countries release their archives are 20,25 50 years etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022