Abstract
Almost every individual and organization heavily relies on the financial market’s highly secured and high-performing digital infrastructures, a combination which is a challenge in itself. Cryptography plays an essential role for both aspects. The development of new high technology always initiates a shift in cryptography requirements. While some of those shifts can be realized by adjustments of existing cryptographic algorithms, the development of quantum computers demands a paradigm shift in cryptography.
The Project Leap of the Bank for International Settlement states: “Quantum computers represent a serious threat for the financial system […]. While functional quantum computers are not yet available, the security threat needs to be urgently addressed. Already, malicious actors can intercept and store confidential, classically encrypted data with the intention of decrypting it later when quantum machines become powerful enough to do so. This means that data stored or transmitted today are, in fact, exposed to “harvest now, decrypt later” attacks by a future quantum computer. The long term sensitivity of financial data means that the potential future existence of a quantum computer effectively renders today’s systems insecure.”
Quantum computers already exist, and malicious actors are already collecting confidential, classically-encrypted data. While today’s quantum computers are not yet capable of breaking classical encryption, this is forecasted to change in the coming decade, not only enabling attacks on non-quantum-safe financial infrastructure, but also allowing attackers to then decrypt and misuse all the data that they are already collecting today.
The current geopolitical situation increases the severity of the quantum threat. State-motivated actors can already act under the long-term strategies of their respective governments. The development of quantum computers in a geopolitical context is therefore also often referred to as a “war race”.
A mitigation of the inherent risk is offered by post-quantum cryptography (PQC), sometimes known as quantum-proof, quantum-safe or quantum-resistant cryptography: cryptographic algorithms (usually public-key algorithms) that have been specifically designed to defend against attacks by quantum computers. For the last eight years, a concerted effort has been made to develop and standardize these algorithms, resulting in the recent ratification of the NIST Post-Quantum Cryptography Standards. Worldwide, governments and regulatory bodies recognize these standards, and are working on regulations that mandate the transition to post-quantum cryptography.
This whitepaper summarizes the current state of the PQC standards and the governmental regulations, outlines generic financial market threats that can be mitigated by post-quantum cryptography, and proposes mitigation measures.
