Large US banks are racing to get ahead of quantum computing powered encryption breakers, by showing interest and investing early in quantum key distribution (QKD), the only known prevention mechanism
“This is like the space or arms race and it’s the sort of race the US can’t afford to come second in,” says John Prisco, CEO of Quantum Xchange, the quantum security firm, describing the real threat the move to quantum computing will have on global cybersecurity.
“We have several large financial institutions now that are piloting this product,” says Prisco, declining to name which banks they were working with, only that they had received interest from the “JPMorgans, the Citibanks, the Morgan Stanleys, the Goldman Sachs types of companies”.
“By the end of September, we should have many of these pilots converted into customers. I think that’s very likely and a reasonable timeframe – we may do it sooner,” says Prisco.
The momentum Prisco suggests comes from the fact that it is a “hollow debate” around how long quantum computing will take to break current encryption: “What’s happening today is that data is stolen with the current classical key – harvesting attacks. Nefarious actors are storing data along with the key because they’re going to have a computer that can crack it,” says Prisco.
According to Olivier Pfeiffer, head of finance and critical infrastructure markets at Swiss cryptographers, ID Quantique, QKD exploits a fundamental principle of quantum physics – observation causes perturbation – to exchange cryptographic keys over optical fibre networks with provable security.
“An eavesdropper intercepting keys transmitted on the QKD channel [the network between sender and receiver] will necessarily translate into a perturbation that can be detected by the sender and recipient.
“By using QKD to distribute keys and use them with symmetrical encryption, such as the widely used AES 256 type, it is impossible to decrypt the data now and after the arrival of the quantum computer,” said Pfeiffer by email.
Banks are waking up
And new research from analyst Inside Quantum Technology suggests that firms are taking note, estimating that the QKD market will grow to $980m by 2024 compared to $85m in 2019.
Likewise, the Chinese government has invested $10bn in a national quantum computing programme, while the US has enacted the quantum initiative act which has appropriate $1.2bn to protect critical infrastructure.
And while a quantum computer may not be developed in the short term, firms still run the risk of losing sensitive information even today, warn vendors.
“It’s hack now, decrypt later. Break into the CIA, take all their heavily encrypted data and wait for someone with a quantum computer,” says Lawrence Gasman, president of Inside Quantum Technology, explaining how financial institutions move critical and large data from headquarters to back-up or recovery facilities.
“Increasingly QKD is looking like a good option to protect that,” says Gasman. “It’s not just important, it’s not just protecting it from quantum computers, but being 100% certain that it’s as protected as it ever could be.”
To provide that ultimate layer of security to banks’ data in transit, Quantum Xchange has leased 850km of optical fibre from company Zayo to create a QKD network, according to Prisco.
“We’ve created a metropolitan area network in lower Manhattan and across the river to New Jersey, primarily to address the financial services market. A lot of back office operations for the top financial services have moved out of Manhattan over to New Jersey,” adding that, within a 25 mile radius, the NYSE, NASDAQ and the Chicago Board of Trade have operations.
“The banks are trying to use QKD as a differentiator against their brethren,” he says. “If they have a high net worth individual they’re selling it as the most secure way to protect your personally identifiable information.
“If it’s a hedge fund, it’s critical that they protect their algorithms, particularly if they’re transmitting or making adjustments to their software, they want to know they have the most secure link possible,” says Prisco.
While Prisco believes banks should invest in QKD early to avoid becoming susceptible to harvesting attacks, Pfeiffer believes the opportunity for QKD goes beyond.
“In particular, a central bank showed interest in linking their main national points of presence using QKD to ensure the confidentiality of their critical data,” said Pfeiffer. “By doing so, the data in transit links can be considered physically safe.
“New blockchain banking topologies, which are progressively adopted, show multiple vulnerabilities in their storage of private-public key pairs. We have started a new project, which includes QKD, for the storage of private keys in digital asset custody applications,” he said.