How a Post-Quantum Approach to Cryptography Can Help Protect Mainframe Data
July 01, 2025 -- As the industry gets closer to achieving a cryptographically relevant quantum computer, the security of data—operational, personal and financial—will be more critical than ever. Protecting that data from this newest risk vector will become a top priority for many enterprises.
Unfortunately, the public key cryptographic algorithms defined in current standards, which were developed and published in the 1970s, rely on mathematical problems that challenge classical computers. These industry standards are still used in some of today’s data protection schemes. Someday soon, a cryptographically relevant quantum computer might break those cryptography standards, thereby compromising sensitive data.
Although such a machine does not yet exist, cyberattackers can steal encrypted data today, store it and then wait for quantum computing decryption technologies to evolve. Known as “harvest now, decrypt later,” this strategy underscores the need for post-quantum, also known as quantum-safe or quantum-resistant, cryptography. Although no practical quantum attacks currently exist, some data stored today might remain sensitive for decades. As quantum computing advances, the risks to traditional encryption methods increase.
Cyberattackers put a bullseye on the mainframe
The mainframe isn’t immune to this threat. It’s an attractive target for cybercriminals because it stores and processes vast amounts of sensitive data in companies across all industries. In addition, many applications use cryptographic methods that aren’t quantum resistant, leaving them and the data they rely on and store vulnerable to quantum attacks. Understanding your use of cryptography is critical to using the mainframe’s robust security capabilities to help protect your sensitive data and assets.
The security of transactional data is especially critical to enterprises in banking, healthcare and defense. To protect this mission-critical data, these enterprises are clamoring for post-quantum cryptography (PQC) that uses a type of encryption believed to withstand attacks from quantum computers. Adopting PQC is intended to help ensure that mission-critical data residing on the mainframe remains protected now and in the future.
Crackerjack cryptographers try cracking the code
PQC is built on mathematical problems and algorithms designed to resist quantum attacks and protect information assets. In 2016, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) held a global competition among cryptography experts to develop cryptographic algorithms resistant to being broken by quantum computing methods. This was followed by 8 years of rigorous testing by encryption and cryptography experts and enthusiasts worldwide.
Scores of algorithms yield 3 new standards
In 2022, NIST selected 4 unbroken algorithms for standardization from the 82 cryptographic algorithms submitted by individuals and teams across academia and industry. IBM Research, with industry and academic partners, developed 3 of them. The 4th selected algorithm was co-developed by a researcher who has since joined IBM.
In August 2024, NIST published the first 3 post-quantum cryptographic algorithms, including 2 that were developed by IBM Research and its partners. A draft of the 4th algorithm is expected to be published soon. According to Jay Gambetta, Vice President of Quantum and an IBM Fellow with IBM Research, “NIST’s publication of their first three post-quantum cryptography standards marks a significant step in efforts to build a quantum-safe future alongside quantum computing.”
Transitioning to PQC can be challenging. The first step toward creating a quantum-safe mainframe environment is to identify and fix potential vulnerabilities. This process entails classifying cryptographic algorithms as quantum resistant or quantum vulnerable and then remediating those deemed quantum vulnerable.
IBM Z: The mainframe platform that’s up to the challenge
According to Gambetta, “IBM’s mission in quantum computing is twofold: to bring useful quantum computing to the world and to make the world quantum-safe.” Demonstrating this commitment, the IBM Z system became an early adopter of the 2 primary algorithms selected for PQC standardization by NIST with the launch of the IBM z16 system in April 2022. Security is engineered into the z16 system with 2 of the 4 NIST-standardized cryptographic algorithms built into the platform tier. The system uses cryptographic methods designed to help protect against attacks from both classical and quantum computers.
Queuing up quantum safety for today and the future
The importance of PQC for enterprise mainframe data—today and into the future—is difficult to overstate. PQC is a vital component of mainframe security in today’s complex and vulnerable enterprise computing environment. By adopting a suitable set of NIST-standardized post-quantum cryptographic algorithms, you’ll be better able to employ defenses against certain attacks from classical and quantum computers, helping to ensure the continued security and integrity of your mission-critical mainframe data and enterprise systems.