Executive summary
- New JWG research finds that whilst quantum presents new business opportunities it also poses big risks to data security
- Black hats are harvesting data now to monetize in 10 years’ time
- US’ NIST project has moved first to develop post-quantum crypto standards after determining that in the next twenty years, quantum computers will be built to break all public-key schemes in use today
- Funding and preparation for information security systems is required in 2022 to be ready for the 2030s
- Join us at JWG’s 6th Annual RegTech conference on the 16th of November for further discussion on ‘non-financial’ risks, including quantum
A risk for today
From healthcare to financial services, new technology risks have been mitigated at the time they are deployed, which according to the science, could still be another 10-15 years into the future for Quantum. But can the sector afford to wait?
By exploring the ways in which a quantum computer can process financial information, we suddenly start to see the risks that it poses and why these are important to address sooner, rather than later.
What is the quantum problem?
By definition, a quantum computer uses more advanced processors and as a result, plays by a different set of rules than those constraining current computers.
The most significant differences lie within their data processing capabilities. Where a classical computer ‘thinks’ in 0’s or 1’s (known as bits and bytes), a quantum computer uses qubits which enable superposition which allows the computer to perform billions of copies of computation at one time.[1]
Additional horsepower makes quantum computers much quicker, sometimes achieving what would take a classical computer years, in a matter of minutes or seconds. It also means that they are capable of completing highly complex tasks, such as fraud detection without any limitation.
This could lead to huge product innovation and risk management advantages within the sector, but also present significant risk.
NIST’s post-quantum risk project
NIST, the National Institute of Standards and Technology, expects quantum computers to be capable of breaking all public-key schemes within the next twenty years[2] and have launched a Post-Quantum Cryptography project to develop a cryptographic system that can secure against both classical and quantum computers..
The results of this project would need to be put in place today in order to discourage an espionage practice known as ‘Harvest and Decrypt’ – the act of harvesting sensitive data in the hopes of, further down the line, using a more advanced system to essentially break the encryption that once protected said data.
Whilst the project hopes to achieve a system that can interoperate with existing networks, it seems likely that large and significant changes will be required to a financial intuitions’ security infrastructure to secure data against the threat posed by quantum computing.[3]
What can we do today?
With full-scale quantum computing is at least 10-15 years away from the mainstream[4], there are many firms that have already started to explore the potential solutions.
Quantum computing is an opportunity that should not be underestimated. It is large and complex but can have numerous advantages for the financial sector. However, now is the time to prepare for the inevitable security and data risks.
For financial institutions, developing a quantum strategy will be key in protecting data and keeping pace with innovation – but only if they look to implement it sooner rather than later.
For more RegTech/SupTech information:
Region | Document | Overview | |
---|---|---|---|
United States | NIST: Post Quantum Cryptography | NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. | |
United States | NIST: Migration To Post-Quantum Cryptography | This is the formal post-quantum cryptography project description, released by NIST. This document describes the challenges associated with migration from current public-key cryptographic algorithms. | |
United Kingdom | UK Finance: The Quantum Opportunity | This paper seeks to help firms in their quantum journey by identifying areas of opportunity. | |
United Kingdom | FCA Financial Conduct Authority: Quantum Leap | The FCA held a workshop which views and proposals for quantum were heard from experts in technology and finance. They call for regulators to start engaging with bodies in the security field such as NIST. |
Want to get more involved?
If you’re interested in learning more about non-financial risk, including the quantum opportunity and emerging technologies such as Artificial Intelligence, then join us at the 6th JWG RegTech conference, virtual and on-demand from the 16th to the 17th of November 2021.
* https://publications.jrc.ec.europa.eu/repository/bitstream/JRC110412/quantum_computing_report_v5.4.pdf
[1] https://www.fca.org.uk/insight/quantum-leap-financial-services
[2] https://csrc.nist.gov/projects/post-quantum-cryptography
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf
[4] https://publications.jrc.ec.europa.eu/repository/bitstream/JRC110412/quantum_computing_report_v5.4.pdf