Financial data can be safely protected from threats created by the unprecedented processing power of quantum computers, according to the findings of technical experimentation by the Bank for International Settlements (BIS) Innovation Hub’s Eurosystem centre working with France and Germany’s central banks.
Once they reach sufficient size and power, quantum computers will be able to ‘easily’ break the cryptographic encryption schemes currently used to ensure secure financial transactions and data, the parties involved in ‘Project Leap’ warn in an announcement accompanying a 50-page report published this week.
This risk – which experts refer to ‘Q Day’ – is described as ‘one of the most significant cybersecurity threats facing the financial system, potentially exposing all transactions and much of our existing stored financial data to attack.’
The experimentation involved the sending of test payment messages via a ‘quantum-resistant virtual private network (VPN) tunnel’ between servers located in Paris and Frankfurt. The French and German cities are home to the respective headquarters of the Banque de France and Deutsche Bundesbank (the two central banks host the dual-centre BIS Innovation hub Eurosystem centre, while Frankfurt is also home to the European Central Bank).
The experimentation’s conclusion that a quantum-safe financial system’s viability has been ‘proven’ tees up the parties’ next challenge of ‘building a complete chain of trust for central bank applications in the post-quantum world, acting as a blueprint for the financial system’.
*** JOIN GLOBAL GOVERNMENT FINTECH’S LINKEDIN COMMUNITY ***
‘New breakthrough… could happen at any time’
The report, ‘Project Leap: Quantum-proofing the financial system’, details the experimentation and technical findings ‘to help guide the global transition towards new cryptographic protocols’.
It is uncertain precisely when an operational quantum computer will be built that is powerful enough to break current cryptographic protocols, the report notes. Expert opinion is that ‘this likely to take place in the next 10–15 years’ but the ‘rapid pace of advances in the industry make prediction difficult: a new breakthrough that completely changes the outlook could happen at any time.’
‘Already, malicious actors can intercept and store confidential, classically encrypted data with the intention of decrypting it later when quantum machines become powerful enough to do so. This means that data stored or transmitted today are, in fact, exposed to “harvest now, decrypt later” attacks by a future quantum computer,’ the report warns. ‘The long-term sensitivity of financial data means that the potential future existence of a quantum computer effectively renders today’s systems insecure.’
It goes on to explain that it is already feasible to implement quantum-resistant cryptographic protocols. However, implementing them in financial systems raises a number of challenges. Specifically, the ‘lack of flexibility’ in legacy systems means that a ‘major transition effort’ will be needed, the report states.
The report points out that Project Leap’s results have been achieved in a ‘test environment’ and ‘more work will be needed to explore complex real-life environments’.
A second phase of exploration is therefore on the cards in order to ‘investigate more network architectures, test different types of hardware, and incorporate additional communications layers to build a complete chain of trust, as well as to include additional central bank processes.’
*** RECEIVE OUR FREE EDITORIAL NEWSLETTER ***
‘Central banks need to prepare’
The report is careful to note that quantum computing has the potential to benefit many sectors – including financial services where quantum computers could, for example, ‘support the use of artificial intelligence or improve financial modelling’.
But the involved parties’ emphasis is on analysing how quantum computing increases the vulnerability of the global financial system.
“Project Leap makes an important contribution to mitigating the threat posed by quantum computers to the confidentiality of financial data and the stability and integrity of the global financial system,” summarised Raphael Auer, who is head of the BIS Innovation Hub’s Eurosystem centre. “While we do not know exactly when quantum computers will be strong enough to crack today’s encryption, central banks need to prepare themselves. Project Leap is a blueprint for how they can do so.”
Project Leap also involved a private sector partner, CryptoNext Security. The Paris-headquartered company was founded in 2019 as a start-up after 20-plus years of its founders’ academic research at the Sorbonne University, INRIA and CNRS in Paris.
CryptoNext Security is part of the European Quantum Communication Infrastructure (EuroQCI) initiative through its involvement, announced in April, in a 30-month ‘FranceQCI’ project. EuroQCI, which was launched by the European Union (EU) in 2019, aims to build a secure quantum communication network infrastructure to span the EU (including the 27-member bloc’s overseas territories). As such, it is one of the main pillars of the EU’s cybersecurity strategy.
