By Dr Ali El Kaafarani, CEO and founder, PQShield
At its core, the threat posed by quantum computers is due to the exponentially higher processing power they possess as a result of being guided by a completely different computing paradigm than today’s conventional computers. Because of this, quantum computers can easily solve the mathematical problems (Integer Factorisation used in RSA, Discrete Logarithm problem used in Elliptic Curve Cryptography) used in the most common form of modern encryption – public-key cryptography – which virtually every device, organisation and business relies on today.
The likes of JP Morgan, Barclays, Visa, and BBVA are monitoring the technological advancements in quantum computing technology from leading players like Google, IBM and IonQ as well as the global encryption standardisation projects trying to mitigate the risks. However, the path to a quantum-secure future is by no means clear: precise timelines are uncertain for the development of quantum computing technology, adding to the risk, so the need to prepare for it today is crystal clear.
This is especially true for banks and other highly regulated businesses, which must demonstrate to regulators that their systems meet the highest standards of security, trustworthiness, reliability and interoperability, to safeguard the valuable financial data that they collect and store.
However, preparing for this transition will be both time-consuming and complicated. It will also occur against the backdrop of a sector which is already struggling with the impact of using legacy cybersecurity and IT systems – and the quantum threat is only set to crystallise this problem further. The scale of the threat and its relative immediacy demand a response now.
Where are banks vulnerable to the quantum threat?
For businesses and organisations which need to ensure data integrity and confidentiality for the long-term, this presents heightened information security risk. For banks which hold highly valuable information and IP on behalf of some of the world’s leading corporations and individuals, the need for information integrity and security is particularly acute.
A single powerful quantum computer will be able to break the current public key encryption algorithms (cryptography) used by virtually every financial institution today, threatening to compromise everything from client data, to the secure websites and software they use to interact with customers, to the hardware used to authenticate, encrypt and decrypt payments.
Adding to this problem is the fact that quantum decryption can be applied retrospectively. The groundwork for a ‘harvest now, decrypt later’ attack could be laid today, with encrypted data collected and stored for future decryption when quantum computers become available.
For financial services specifically, cryptography in banking has long been used to ensure the security of transactions and data transfers, bank cards and ATM machines and online payments and mobile apps.
However, public-key cryptography may not be their only problem, some banks still use some types of symmetric key cryptography, eg. 3DES, which can also be broken by a quantum computer.
By their nature, banks and other financial institutions are virtually riddled with crypto operations, involving many interconnected players and layers, which must all work together to safeguard financial information. At the heart of banking and payments cryptography lies Hardware Security Modules (HSMs), that store and generate keys using cryptographic algorithms used to authenticate and validate information as well as transactions. In fact, the financial services industry is one of the most prolific users of HSMs in the world.
The road ahead to quantum-secure cryptography
Since 2016 (following the NSA’s warning on the quantum threat), NIST’s post-quantum cryptography standardisation project has been working to establish a clear roadmap to guide us toward a quantum- secure future, with the new algorithms replacing the current classical-security standards in applications. With over 80 submissions from over six different continents, it has truly been a global effort followed closely by academia, industry and government.
Last year, the initiative entered its third and final stage selecting seven finalist algorithms (two of which were co-authored by members of the PQShield team). NIST recently confirmed that it would select its ‘winners’ towards the end of this year, which will be standardised by NIST following an additional phase of consultation and evaluation, around 2024. It is widely expected that their new standards will become a requirement for companies doing business with the US government within 3-5 years, making this both a technical and business necessity.
We are in a transition phase but that doesn’t mean we should be waiting until the end of it to begin preparations. In fact, NIST itself says that companies can and should start preparing for the transition now: “It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks”. By the end of this year, we will know which exact algorithms are going to replace RSA and ECC, meaning there will be little excuse not to begin implementing post-quantum solutions using the NIST chosen algorithms in hybrid mode.
This next wave of cryptography standards being established by NIST will represent one of the biggest cryptography transitions in living memory. Historically, it’s taken up to two decades to deploy the modern cryptography that we use today and more than a decade to replace any deprecated algorithm (e.g. SHA1, RC4, etc), so early preparation is vital.
Preparing for the quantum future, today
Switching from one cryptosystem to another within a given security solution may seem trivial, but it is highly unlikely to be a simple drop‐in task, particularly for some banks which are already a generation behind requiring a double leapfrog (e.g. to replace deprecated algorithms such as 3DES) to get up to speed with the upcoming NIST-mandated standard. Additionally for banks, as heavily regulated businesses, they will likely be subject to the oversight of dozens of regulators around the world on issues around data security.
The ease or difficulty with which certain cryptographic algorithms can be switched out of embedded hardware and software in a bank’s existing security infrastructure – which, as we have discussed, is extensive – will be a key determinant of success. Crypto‐agility allows for a smoother transition between standards and updates as the process progresses.
Assessing and improving crypto-agility begins with an audit of currently deployed systems to assess the different hardware and software encryption protocols already in use to then identify which parts of it are not crypto‐agile and need to be prioritised for future proofing. This process may include systems scans via appropriate tools, a system architecture review considering best practices, looking at reconfiguration or hardware/software co-design to improve security and system design. This should also take into account challenges related to backward compatibility (without compromising security!)and interoperability with legacy systems or devices.
For banks, this audit could revolve around looking at the list of components provided in Section 3 of the NIST whitepaper on “Migration to Post-Quantum Cryptography”. However, there is no such thing as being perfectly crypto-agile, if you abstract it too much it will become infeasible. Aim to establish a good, not necessarily perfect, baseline during the analysis phase.
This will allow banks to experiment, test and deploy hybrid cryptosystems which combine conventional public‐key algorithms with post‐quantum primitives to provide additional security assurance and compliance with standards such as FIPS 140‐3 as well as the myriad of other key management standards they may be subject to.
Banks like JP Morgan have already started this process and are auditing their systems for high-risk data which will be prioritised once security protocol standardisation has been achieved. This is a process which will take years though. Financial institutions can and should begin at least auditing their systems for crypto-agility now, in anticipation of the findings because by the time they have to it will likely be too late.
It is not unfeasible that a bad actor would choose to conceal the existence of a high-functioning quantum computer to maintain its technical edge over adversaries. So the prudent way forward – applying the same principles for other types of ‘insurance’ and risk-mitigation – is to start preparing for the worst now because it’s a question of when, not if, the quantum threat will be realised.