MWC25: Vodafone and IBM talk quantum-safe cryptography
By Ray Le Maistre
Mar 5, 2025
To embed our video on your website copy and paste the code below:
<iframe src="https://www.youtube.com/embed/WW2uPcufD_o?modestbranding=1&rel=0" width="970" height="546" frameborder="0" scrolling="auto" allowfullscreen></iframe>
Ray Le Maistre, TelecomTV (00:08):
So we're in Barcelona for MWC 25 and we're here to talk about quantum safe cryptography, which I believe is one of the most important topics that the industry needs to be looking at and thinking about right now. And I'm here with Luke Ibbetson. He's head of group r and D at Vodafone, and I'm here with Lory Thorpe, who is Quantum Safe Industry lead at IBM, Lory. Luke, thanks so much for joining us today. So Luke, can you tell us why this topic is important to Vodafone and give us a bit of background because this is something that Vodafone has been working on for quite a few years already, isn't it?
Luke Ibbetson, Vodafone (00:43):
Yeah, so we've been interested in how we might use quantum computers in the future working with IBM to figure out how within telco environment we could use the fantastic machines. But that also means that we are very aware of the threats that quantum computing poses to vulnerable form to cryptography. So the way that we protect almost every aspect of our digital lives today in terms of banking or making a phone call or making any kind of transaction that involves the assumption that e data is going to be held confidential, it's potentially unraveled by quantum computing. So we've been working on an industry basis. We set up a GSMA industry level task force called the Post Ponta Telco Network task force in 2022, together with IBM to try and understand what it takes for the telco industry to undertake this migration towards forms of new forms of cryptography that are safe against quantum attack. Okay. So Lory, we've been working with the NIST standards as well, so maybe we talk about that.
Lory Thorpe, IBM (01:49):
Yeah, so last year there was a very important milestone from a quantum safe point of view. The first set of standards of post quantum cryptography standards were released in August last year. This is a starting point for many activities in terms of preparing the industry for post quantum cryptography migration, and that a lot of that work is the work that the post content telco network task force has been doing to collect and gather the ecosystem to prepare the standards, prepare the products, prepare the migration strategies that will be adopted in order to perform this evolution of cryptography.
Luke Ibbetson, Vodafone (02:30):
Okay. Still seeing quite an awareness gap in terms of people's understanding of what this threat actually is and how long it might take for us to fix it. When you look at the complexity of a telecommunications environment, which relies on a great deal of interoperability between different suppliers all using different forms of cryptography that we need to be updating. So it's a little bit daunting when you start thinking about how deeply embedded this stuff is. It is why we're starting to mobilize the industry to plan ahead and make this transition one that was cost effective, but also makes us safe in the right period of time.
Ray Le Maistre, TelecomTV (03:07):
But I think fortunately there are companies that have been thinking about this and working on this for a number of years. IBM of course being one of them. Lory, could you just give us a little bit more background about what IBM has been doing in this space in recent years?
Lory Thorpe, IBM (03:22):
So IBM has been working for many years now on the development of the algorithms. So IBM participated in the NIST standardization process over the last 10 years or so, and we actually co-developed the three algorithms that have been recently standardized. That process is continuing because we need more algorithms that are able to meet the requirements of the different use cases. So that process is ongoing. In addition to that, IBM is also developing capabilities to help enterprises and to help telcos with their quantum safe migration and with their cryptography evolution and management of cryptography going forward. So we've developed a suite of products that will help enterprise do that in an efficient way to help automate because we believe that the automation component will be really critical in how cryptography is managed going forward.
Ray Le Maistre, TelecomTV (04:24):
Okay, excellent. Now, I mean Vodafone and IBM here at MWC 25, you have some news to announce about a code development. Can you tell us a little bit about that?
Luke Ibbetson, Vodafone (04:34):
We do, yes. So we've been looking to see how we could make a start on protecting some of our existing security products. So we've taken secure net, which is the security product that serves millions of customers today, and we started to look at how we can apply some of the remediation techniques that Lory mentioned a moment ago from this toolkit of approaches that might help us expedite the protection of products in the post quantum era. So we're very excited to be demonstrating the first prototype of this today at the show so we can demonstrate how our secure net product could be made quantum safe with the introduction of some very, very cool IBM capabilities and we'll be working on this together for a little while there.
Ray Le Maistre, TelecomTV (05:15):
And Lory, who needs to be paying attention to this that might be here at M WC 25?
Lory Thorpe, IBM (05:21):
Quantum Safe is a journey, it's a going to be a long journey and we want, first of all, we need the executive sponsors to be aware of the threat. We also believe that there is huge benefit in early planning. So that is one of the other aspects that we we're trying to raise that awareness around how early planning can really benefit an organization because this will be a long journey. It will be potentially quite a challenging journey in some cases where with telco we've got the standards, we've got the interoperability, we've got some of the challenges of legacy equipment that need to be taken into consideration, and that planning will really help to make that journey less complex and a lot more cost-effective, effective. So some of these capabilities that we're trialing, that we're developing are about supporting that journey and underpinning that journey in a way that helps telcos help enterprises to plan and to manage dependencies in the right way.
Luke Ibbetson, Vodafone (06:33):
And if I could just build on that very quickly. Yeah, the other thing that we'll very aware of is that our chief security officers and all of their peers across the industry face a myriad of complex security cyber challenges every single day. This is one of many. So I think one of the challenges that we have is making sure the awareness is raised to the extent that it is taken in context of the broader security framework that we have to operate in. So I think making sure that we have the right sponsorship for this, that the right funding is in place to do it in a graceful way and not in a panic at the end, I think is very much what we're aiming for.
Lory Thorpe, IBM (07:06):
Absolutely.
Luke Ibbetson, Vodafone (07:07):
We know that some of the use cases in telco are even more challenging in terms of the adoption of this type of cryptography. So IOT is one example, and as one of the world's largest iot providers, we're very keen to make sure that we get ahead of the curve in making sure that everything we deploy is protected in the right timeframe. So we published top about the iot, the
Lory Thorpe, IBM (07:29):
Document. Yeah. So last week we published through the post Quantum Telco network task force, we published a document that talks about post quantum cryptography and iot, which is probably one of the more challenging use cases that we'll be faced with because of some of the performance constraints that some of the IOT devices have because of the long lifecycle of IOT use cases. As an example, if we think of connected cars or we think of connected smart meters, these are some examples where we know that there are going to be some use case specific challenges that will need to be addressed as part of that post quantum cryptography migration. So this document is a starting point for first of all, engaging the ecosystem, but second of all, also sort of to promote that planning and in both the migration of existing iot solutions, but also taking into consideration what is going to be required for new IOT solutions that are being deployed.
Luke Ibbetson, Vodafone (08:36):
So we start to set requirements quite early to make sure that we've got the right degree of agility as we deploy these things. People talk about avoiding creating cryptographic debts, which is what you're doing if you're deploying a solution now that you know is not going to be quantum safe or able to make quantum safe in the future, creating more debt. So we're very keen to consciously avoid this and as part of the journey we're on and to make sure that we mitigate against
Lory Thorpe, IBM (09:00):
That. And one of the exciting things that we're also doing as part of that is we are engaging with other organizations. So this paper with iot, we wrote that in conjunction with the IOT strategy group. Within the GSMA, we're also collaborating with 5G aa, the 5G Automotive Association. And that sort of helps to bring the right expertise to the table, but also helps to have a more rounded view around the requirements from the wider ecosystem, wider IT
Luke Ibbetson, Vodafone (09:32):
Ecosystem. Okay. Well closely with other sectors such as finance as well. So I think there's a lot of insight we're trying to get from J Industries to help see how we navigate this from within the telco. So exciting times and we're making good progress.
Ray Le Maistre, TelecomTV (09:45):
Well, let's hope by the end of MWC 25 more people are talking about quantum, say cryptography and understanding what it means for this industry. So Lory, Luke, thanks very much for joining us today and pinning us.
Luke Ibbetson, Vodafone (09:59):
Thank you. Thank you.
Ray Le Maistre, TelecomTV (09:59):
Thank you very much.
So we're in Barcelona for MWC 25 and we're here to talk about quantum safe cryptography, which I believe is one of the most important topics that the industry needs to be looking at and thinking about right now. And I'm here with Luke Ibbetson. He's head of group r and D at Vodafone, and I'm here with Lory Thorpe, who is Quantum Safe Industry lead at IBM, Lory. Luke, thanks so much for joining us today. So Luke, can you tell us why this topic is important to Vodafone and give us a bit of background because this is something that Vodafone has been working on for quite a few years already, isn't it?
Luke Ibbetson, Vodafone (00:43):
Yeah, so we've been interested in how we might use quantum computers in the future working with IBM to figure out how within telco environment we could use the fantastic machines. But that also means that we are very aware of the threats that quantum computing poses to vulnerable form to cryptography. So the way that we protect almost every aspect of our digital lives today in terms of banking or making a phone call or making any kind of transaction that involves the assumption that e data is going to be held confidential, it's potentially unraveled by quantum computing. So we've been working on an industry basis. We set up a GSMA industry level task force called the Post Ponta Telco Network task force in 2022, together with IBM to try and understand what it takes for the telco industry to undertake this migration towards forms of new forms of cryptography that are safe against quantum attack. Okay. So Lory, we've been working with the NIST standards as well, so maybe we talk about that.
Lory Thorpe, IBM (01:49):
Yeah, so last year there was a very important milestone from a quantum safe point of view. The first set of standards of post quantum cryptography standards were released in August last year. This is a starting point for many activities in terms of preparing the industry for post quantum cryptography migration, and that a lot of that work is the work that the post content telco network task force has been doing to collect and gather the ecosystem to prepare the standards, prepare the products, prepare the migration strategies that will be adopted in order to perform this evolution of cryptography.
Luke Ibbetson, Vodafone (02:30):
Okay. Still seeing quite an awareness gap in terms of people's understanding of what this threat actually is and how long it might take for us to fix it. When you look at the complexity of a telecommunications environment, which relies on a great deal of interoperability between different suppliers all using different forms of cryptography that we need to be updating. So it's a little bit daunting when you start thinking about how deeply embedded this stuff is. It is why we're starting to mobilize the industry to plan ahead and make this transition one that was cost effective, but also makes us safe in the right period of time.
Ray Le Maistre, TelecomTV (03:07):
But I think fortunately there are companies that have been thinking about this and working on this for a number of years. IBM of course being one of them. Lory, could you just give us a little bit more background about what IBM has been doing in this space in recent years?
Lory Thorpe, IBM (03:22):
So IBM has been working for many years now on the development of the algorithms. So IBM participated in the NIST standardization process over the last 10 years or so, and we actually co-developed the three algorithms that have been recently standardized. That process is continuing because we need more algorithms that are able to meet the requirements of the different use cases. So that process is ongoing. In addition to that, IBM is also developing capabilities to help enterprises and to help telcos with their quantum safe migration and with their cryptography evolution and management of cryptography going forward. So we've developed a suite of products that will help enterprise do that in an efficient way to help automate because we believe that the automation component will be really critical in how cryptography is managed going forward.
Ray Le Maistre, TelecomTV (04:24):
Okay, excellent. Now, I mean Vodafone and IBM here at MWC 25, you have some news to announce about a code development. Can you tell us a little bit about that?
Luke Ibbetson, Vodafone (04:34):
We do, yes. So we've been looking to see how we could make a start on protecting some of our existing security products. So we've taken secure net, which is the security product that serves millions of customers today, and we started to look at how we can apply some of the remediation techniques that Lory mentioned a moment ago from this toolkit of approaches that might help us expedite the protection of products in the post quantum era. So we're very excited to be demonstrating the first prototype of this today at the show so we can demonstrate how our secure net product could be made quantum safe with the introduction of some very, very cool IBM capabilities and we'll be working on this together for a little while there.
Ray Le Maistre, TelecomTV (05:15):
And Lory, who needs to be paying attention to this that might be here at M WC 25?
Lory Thorpe, IBM (05:21):
Quantum Safe is a journey, it's a going to be a long journey and we want, first of all, we need the executive sponsors to be aware of the threat. We also believe that there is huge benefit in early planning. So that is one of the other aspects that we we're trying to raise that awareness around how early planning can really benefit an organization because this will be a long journey. It will be potentially quite a challenging journey in some cases where with telco we've got the standards, we've got the interoperability, we've got some of the challenges of legacy equipment that need to be taken into consideration, and that planning will really help to make that journey less complex and a lot more cost-effective, effective. So some of these capabilities that we're trialing, that we're developing are about supporting that journey and underpinning that journey in a way that helps telcos help enterprises to plan and to manage dependencies in the right way.
Luke Ibbetson, Vodafone (06:33):
And if I could just build on that very quickly. Yeah, the other thing that we'll very aware of is that our chief security officers and all of their peers across the industry face a myriad of complex security cyber challenges every single day. This is one of many. So I think one of the challenges that we have is making sure the awareness is raised to the extent that it is taken in context of the broader security framework that we have to operate in. So I think making sure that we have the right sponsorship for this, that the right funding is in place to do it in a graceful way and not in a panic at the end, I think is very much what we're aiming for.
Lory Thorpe, IBM (07:06):
Absolutely.
Luke Ibbetson, Vodafone (07:07):
We know that some of the use cases in telco are even more challenging in terms of the adoption of this type of cryptography. So IOT is one example, and as one of the world's largest iot providers, we're very keen to make sure that we get ahead of the curve in making sure that everything we deploy is protected in the right timeframe. So we published top about the iot, the
Lory Thorpe, IBM (07:29):
Document. Yeah. So last week we published through the post Quantum Telco network task force, we published a document that talks about post quantum cryptography and iot, which is probably one of the more challenging use cases that we'll be faced with because of some of the performance constraints that some of the IOT devices have because of the long lifecycle of IOT use cases. As an example, if we think of connected cars or we think of connected smart meters, these are some examples where we know that there are going to be some use case specific challenges that will need to be addressed as part of that post quantum cryptography migration. So this document is a starting point for first of all, engaging the ecosystem, but second of all, also sort of to promote that planning and in both the migration of existing iot solutions, but also taking into consideration what is going to be required for new IOT solutions that are being deployed.
Luke Ibbetson, Vodafone (08:36):
So we start to set requirements quite early to make sure that we've got the right degree of agility as we deploy these things. People talk about avoiding creating cryptographic debts, which is what you're doing if you're deploying a solution now that you know is not going to be quantum safe or able to make quantum safe in the future, creating more debt. So we're very keen to consciously avoid this and as part of the journey we're on and to make sure that we mitigate against
Lory Thorpe, IBM (09:00):
That. And one of the exciting things that we're also doing as part of that is we are engaging with other organizations. So this paper with iot, we wrote that in conjunction with the IOT strategy group. Within the GSMA, we're also collaborating with 5G aa, the 5G Automotive Association. And that sort of helps to bring the right expertise to the table, but also helps to have a more rounded view around the requirements from the wider ecosystem, wider IT
Luke Ibbetson, Vodafone (09:32):
Ecosystem. Okay. Well closely with other sectors such as finance as well. So I think there's a lot of insight we're trying to get from J Industries to help see how we navigate this from within the telco. So exciting times and we're making good progress.
Ray Le Maistre, TelecomTV (09:45):
Well, let's hope by the end of MWC 25 more people are talking about quantum, say cryptography and understanding what it means for this industry. So Lory, Luke, thanks very much for joining us today and pinning us.
Luke Ibbetson, Vodafone (09:59):
Thank you. Thank you.
Ray Le Maistre, TelecomTV (09:59):
Thank you very much.
Please note that video transcripts are provided for reference only – content may vary from the published video or contain inaccuracies.
Luke Ibbetson, Head of Research & Development, Vodafone Group, Lory Thorpe, Quantum Safe Industry Lead, IBM
Luke Ibbetson, head of research and development at Vodafone Group, and Lory Thorpe, quantum safe industry lead at IBM, discuss the increasing importance of quantum-safe cryptography and a new proof of concept that explores how cutting-edge quantum-safe technology can help to protect smartphone users.
Recorded March 2025
