Quantum Computing and the Financial System: Spooky Action at a Distance?
  • 1 https://isni.org/isni/0000000404811396, International Monetary Fund

Contributor Notes

The era of quantum computing is about to begin, with profound implications for the global economy and the financial system. Rapid development of quantum computing brings both benefits and risks. Quantum computers can revolutionize industries and fields that require significant computing power, including modeling financial markets, designing new effective medicines and vaccines, and empowering artificial intelligence, as well as creating a new and secure way of communication (quantum Internet). But they would also crack many of the current encryption algorithms and threaten financial stability by compromising the security of mobile banking, e-commerce, fintech, digital currencies, and Internet information exchange. While the work on quantum-safe encryption is still in progress, financial institutions should take steps now to prepare for the cryptographic transition, by assessing future and retroactive risks from quantum computers, taking an inventory of their cryptographic algorithms (especially public keys), and building cryptographic agility to improve the overall cybersecurity resilience.

Abstract

The era of quantum computing is about to begin, with profound implications for the global economy and the financial system. Rapid development of quantum computing brings both benefits and risks. Quantum computers can revolutionize industries and fields that require significant computing power, including modeling financial markets, designing new effective medicines and vaccines, and empowering artificial intelligence, as well as creating a new and secure way of communication (quantum Internet). But they would also crack many of the current encryption algorithms and threaten financial stability by compromising the security of mobile banking, e-commerce, fintech, digital currencies, and Internet information exchange. While the work on quantum-safe encryption is still in progress, financial institutions should take steps now to prepare for the cryptographic transition, by assessing future and retroactive risks from quantum computers, taking an inventory of their cryptographic algorithms (especially public keys), and building cryptographic agility to improve the overall cybersecurity resilience.

I cannot seriously believe in it [...] physics should represent a reality in time and space, free from spooky action at a distance.

Albert Einstein 2

I. Introduction

The quantum revolution is underway, with the pace of innovations accelerating in recent years. The most notable and much discussed example of quantum technology is quantum computing—the use of quantum physics to perform calculations that are intractable for even the most powerful current and future classical supercomputers. 3 Leading technological companies have already developed working prototypes of quantum computers and provided access to them for researchers through their cloud services. Around the world, dozens of known projects are underway, from major corporations to startups and universities, to build quantum systems using different core technologies. If one of them overcomes current technological obstacles and creates a fully functional quantum computer or finds a way to use the existing models to solve practical computational tasks that are beyond the limits of conventional computers, it would have profound implications.

Quantum computing has the potential to transform the global economy and the financial sector, by accelerating scientific discovery and innovation. Fully functional quantum computers—when they appear—should revolutionize industries and fields that require significant computing power for simulations and optimizations that are too complex for conventional computers. For the financial system, quantum machines can greatly reduce the time to analyze complex risk positions or run Monte Carlo simulations, as well as increase their accuracy. Quantum computing can also speed up machine learning and artificial intelligence.

Beyond computing, quantum technologies give rise to novel ways of fast and secure data transmission (i.e., quantum Internet), which has been successfully tested, and, at least in theory, will be unbreakable. Yet another long-term prospect is quantum cryptography, which could enhance cybersecurity.

However, quantum computers would also crack many cryptographic algorithms underpinning today’s cybersecurity. Algorithms enabling security of the financial system, including Internet communications, mobile banking transactions, and digital currencies and distributed ledger technologies, could become obsolete or would require a significant upgrade. For some applications it may be already too late because of retroactive risks presented by quantum computers, as any information assumed secure today can be captured and stored, and then deciphered once efficient quantum computers are created. 4 Infact, almost any encrypted personal or financial message sent and recorded today may be deciphered by a powerful quantum computer in the future. Most financial institutions and regulators have not internalized these novel risks yet.

While waiting for quantum-safe encryption standards, financial system regulators can play an important role by raising awareness of potential risks. Financial institutions should take steps now to prepare for a cryptographic transition. They should assess future and retroactive risks from quantum computers, including from information that has already been captured or that may be captured now, stored and exploited years later. Financial institutions should develop plans to migrate current cryptography to quantum-resistant algorithms. As a first step, they should take an inventory of public-key cryptography used within the institution, as well as by partners and third-party suppliers. These will eventually need to be transitioned to post-quantum cryptography once standards are available. And finally, they should build cryptographic agility to improve the overall cybersecurity resilience going forward. Past experiences of algorithm replacements, even though much simpler than the transition to post-quantum standards, show that they can be extremely disruptive and often take years or decades to accomplish. Therefore, the time for action is now.

The rest of the paper is organized as follows. Section II describes key concepts of quantum computing, sections III and IV discuss potential benefits and risks of quantum computers, and section V summarizes the main messages and presents the way forward. To complete the picture, paper’s annexes provide a glossary of technical terms (Annex I), a brief history of encryption, cryptoanalysis and digital computers (Annex II), and a description of the main cryptographic algorithms currently in use and their vulnerabilities (Annexes III and IV).

II. What is Quantum Computing?

Quantum computing is the use of quantum phenomena such as superposition a n d entanglement to perform computations. The basic unit of a quantum computer is qubit (short for quantum bit), typically realized by quantum properties of subatomic particles, like the spin of electrons or the polarization of a photon. While each bit, its counterpart in digital computers, represents a value of either zero or one, qubits represent both zero and one (or some combination of both) at the same time, a phenomenon called superposition. Quantum entanglement is a special connection between pairs or groups of quantum elements, whereas changing the state of one element affects other entangled elements instantly, regardless of the distance between them. This is a so counterintuitive phenomenon that Albert Einstein famously derided entanglement as “spooky action at a distance” (Macmillan, 1971). By entangling qubits, the number of represented states rises exponentially, making it possible to explore a huge number of possibilities instantly and conduct parallel calculations on a scale that is beyond the reach of traditional computers. Thanks to superposition and entanglement, adding just a few extra fully functioning qubits can lead to exponential leaps in processing power.

Theoretically, quantum computers can outpace current (and future) traditional computers, the so-called quantum “supremacy” or quantum advantage. It is possible to model quantum computers’ states with traditional computers, but the resources required for it rise exponentially. One qubit can have values of zero and one at the same time and can be modeled with two traditional logical bits each holding values of zero or one. For two qubits, four traditional bits are needed; for three qubits, eight bits, and so on. To model a quantum computer with 54 qubits, one would need 254 = 18,014,398,509,481,984, which is about 18 quadrillion bits of traditional logical memory. As of end-20 19, there was only one supercomputer in the world that had such a large memory—Summit (OLCF-4) supercomputer developed by IBM for Oak Ridge National Laboratory. To model a quantum computer with 72 qubits, one would need 272, about 5 Sextillion bits. This can be achieved, for example, by stacking together 262 thousand Summit-type supercomputers. A 100-qu bit quantum computer would require more bits than all atoms of planet earth, and a 280-qubits would require more bits than all atoms in the known universe. These numerical examples illustrate the exponential power of quantum computers.

Quantum computers are not only more powerful, they are also fundamentally different from today’s digital computers. They require different algorithms and infrastructure to solve existing and new mathematical problems. For illustration purposes, some complex computational tasks could be compared to a maze (e.g., finding the fastest route between two cities or the most efficient supply chain). This maze has multitude of ways leading nowhere and only one leading to the exit. Traditional computer tries to solve this problem the same way we might try to escape a maze—by trying every possible corridor and turning back at dead ends until we eventually find the way out. This can take very long time. But superposition allows a quantum computer to try all the possible paths at once (i.e., quantum parallelism). This drastically reduces the time needed to find the solution, the so-called quantum speedup.

The quantum speedup depends, among other things, on the computational problems and the algorithms used. Grover’s and Shor’s algorithms are the two best known quantum algorithms. They yield a polynomial speedup and an exponential speedup, respectively, over their classical counterparts (Kothari, 2020). A polynomial speedup is when a quantum computer solves a problem in time T, but a classical computer needs time T2. For example, Grover’s algorithm can solve a problem on a quantum computer with 1,000 steps that would take 1,000,000 steps on a classical computer. This type of algorithms can be used for the so-called NP-complete problems, described as looking for a needle in an exponentially large haystack (e .g., finding symmetric keys and hash functions). An exponential speedup is where a quantum computer takes time T but a classical computer takes time 2T. If T is 100, there is huge difference between 100 and 2100—more than all atoms of planet earth. This type of algorithms includes Shor’s algorithm, which can break asymmetric (public) keys. Such impressive speedups are one of the most promising and compelling aspects of quantum computers.

Motivated by their potential power, researchers from leading technological companies are developing working prototypes of quantum computers. In 2019, Google engineers used their quantum machine powered by 54-qu bit Sycamore processor—which had 53 qubits working at that moment—to perform a specific computation task in just 200 seconds, while they estimated that the most powerful digital supercomputer available at that time would take 10,000 years to execute that task. Google engineers presented it as proof of quantum “supremacy”, which is the confirmation that quantum computers may perform tasks virtually impossible for traditional computers (Arute et al., 2019). A competing research team from IBM disputed Google’s claims, while promoting their own quantum computers. IBM claims that Google’s estimates are inaccurate, and that the world’s fastest computer, Summit—built by IBM—could be modified to obtain the same results in about 3 days (Pednault et al., 2019), though they have not shown that in practice. Cementing claims for quantum advantage, in December 2020 a team of researchers from the University of Science and Technology of China in Hefei announced that their photon quantum computer, named Jiuzhang, performed in 200 seconds a calculation that on one of the most powerful supercomputers in the world would take 2.5 billion years to complete (Zhong et al., 2020). Importantly, they carried out the task on a photonic quantum computer working at room temperature.

Alongside, many other technological companies—from industry leaders to start-ups a n d universities—are working on quantum computers, increasing the probability of a breakthrough. As of January 2021, IBM has deployed 28 quantum computers for public and commercial use through its cloud services. In September 2020, IBM released a roadmap to produce a 1,000-plus qubit device called Quantum Condor by the end of 2023. Effectively, it means doubling or tripling the number of cubits in the quantum computer each year. Microsoft and Amazon also have launched beta versions of quantum computing cloud services—Microsoft Azure and AWS Bracket—powered by suppliers such as 1Qbit, Rigetti, IonQ, and D-Wave. Around the world, there are at least 87 known projects underway to build quantum systems using different core technologies. 5

To reap the benefits of quantum computing, researchers need to build quantum machines that compute with lower error rates. Superposition and entanglement are fragile states. The interaction of qubits with the environment produces computation errors. Any external disturbances or noise, such as heat, light or vibrations, inevitably yanks qubits out of their quantum state and turns them into regular bits. Classical computers are also prone to random computational errors, albeit in much lower rates. By employing redundancy, error correction processes enable classical computers to produce practical, error-free computations. However, such techniques are not applicable to quantum physics because of the no-cloning principle: it is physically impossible to copy the running state of a qubit.

In 1994, Peter Shor proposed a theoretical quantum error correcting code, achieved by storing the information of one qubit onto a highly entangled state of several qubits. This scheme uses many ordinary qubits to create a single error-free entity: the formers are denominated as physical qubits, whereas the latter as logical qubits. But just adding more qubits might not boost a machine’s performance. The frequency of errors in delicate qubits and their operations, caused by noises, tends to increase as more qubits are connected. IBM has developed the concept of quantum volume to measure progress in quantum computing, which adjusts the number of qubits, among other things, for error rate and the quality of connectivity between qubits.6 IBM expects that quantum volume will be more than doubling every year. Today’s quantum devices have error rates that are too high, which are one of the most pressing issues for quantum computers.

The race to build better quantum computers is intensifying, with companies using different technologies. It is possible to classify early quantum computing hardware community into two general categories or types. First, quantum computers based on the quantum gates and quantum circuits are the most similar to our current classical computers based on logical gates.7 The other great family of quantum computers are analog quantum computers. These quantum computers directly manipulate the interactions between qubits without breaking these actions into gate operations. The best-kn own analog machines are quantum annealers. Some experimental quantum annealers are already commercially available, the most prominent example is the D-Wave processor, with over 5,000 qubits. This machine has been heavily tested in laboratories and companies worldwide, including Google, LANL, Texas A&M, USC. Companies are also using several strategies to implement physical qubits. For example, Alibaba, IBM, Google, D-Wave, and Rigetti use superconducting qubits, IonQ uses trapped ion qubits, while Xanadu and the University of Science and Technology of China are developing photonic quantum computers.

For the foreseeable future, quantum computers are expected to complement, not replace, classical computers. While desk quantum computers are far away, public can already have access to quantum computing through cloud services provided by companies such as IBM and D-Wave. People can use their classical computers to perform calculations on quantum computers and receive the results back on their classical computers. In the near future, quantum applications would probably be hybrid, since quantum and classical computing technologies have complementary strengths (National Academies of Sciences, 2019).

III. Potential Benefits of Quantum Computing

Quantum computers can transform the financial system, as they can solve many problems considerably faster and more accurately than the most powerful classical computers. Simulation, optimization, and machine learning (ML) are three areas where quantum computers can have an advantage over classical computers (Bouland et al. 2020; Egger et al., 2020; and Orus et al. 2019):

  • Simulations: Monte Carlo-based methods. The use of simulations by the financial sector is ubiquitous. For example, Monte Carlo methods are used to price financial instruments and to manage risks. However, Monte Carlo simulations are computationally intensive, often leading to tradeoffs between accuracy and efficiency. Quantum computing could perform simulations such as pricing and risk management almost in real time, without the need to take unrealistic assumptions to simplify the models.

  • Optimization models. Financial institutions make myriad of optimization calculations every day. For example, to determine the best investment strategy for a portfolio of assets, allocate capital, manage cash in ATM networks, or increase productivity. Some of these optimization problems are hard, if not impossible, for traditional computers to tackle. Approximations are used to solve the problems within a reasonable time frame. Quantum computers could perform much more accurate optimizations in a fraction of the time without the necessity to use approximations.

  • Machine learning (ML) methods, including neural networks and deep learning. Financial institutions are increasingly using ML. Examples include estimating the risk level of loans by credit scoring and detecting frauds by finding patterns that deviate from normal behavior. However, such ML tasks face the curse of dimensionality. The time needed to train an ML algorithm on classical computers increases exponentially with the number of dimensions considered. Even if the classical computer can handle these tasks, it would take too much time. Quantum computers have the potential to outperform classical algorithms by accelerating ML tasks (quantum speedup), enabling them to tackle more complex analyses while increasing accuracy.

Beyond finance, quantum computing has the potential to be a catalyst for scientific discovery and innovation. An important application of quantum computing is for models of particle physics, which are often extraordinarily complex and require vast amounts of computing time for numerical simulation. Quantum computers would enable precision modeling of molecular interactions and finding optimal configurations for chemical reactions. They can transform areas such as energy storage, chemical engineering, material science, drug discovery and vaccines, simulation, optimization, and machine learning. Specifically, this would allow the design of new materials such as lightweight batteries for cars and airplanes, or new catalysts that can produce fertilizers more efficiently—a process which today accounts for over 2 percent of the world’s carbon emissions (Martinis and Boixo, 2019). Quantum computers could also improve weather forecasts, optimize traffic routes and supply chains, and help us better understand climate change.

Beyond computing, quantum technologies give rise to novel ways of data transmission, storing and manipulating. Quantum networks can transmit information in the form of entangled qubits between remote quantum processors almost instantaneously (quantum teleportation) and securely using quantum key distribution (QKD). Until recently, such networks could function only in laboratory conditions, but experiments confirmed their viability for long-distance secure communications (Boaron et al., 2018). Moreover, data could be transmitted wirelessly through quantum satellite in space. Scientists in China were able to transmit data using quantum satellite launched in 2016 between mobile ground station in Jinan (in north-east China) and a fixed station in Shanghai. ICBC bank and the People’s Bank of China are using satellite-based QKD for information exchanges between distant cities, such as Beijing and Urumqi in the far north-west.8 9 In the Netherlands, a team from Delft University of Technology is building a network connecting four cities with quantum technology. They have demonstrated that it can send entangled quantum particles over long distances.10 In the U.S., a consortium of major institutions led by Caltech have demonstrated sustained, high-fidelity quantum teleportation over long distances. They achieved the successful teleportation of qubits across 44 kilometers of fiber in two testbeds: the Caltech Quantum Network and the Fermilab Quantum Network.11

Another promising venue is quantum sensing devices. Advances have been reported in quantum radar, imaging, metrology, and navigation, which would enable greater precision and sensitivity. For example, medicine has started to reap the benefits of quantum sensors, by revolutionizing the detection and treatment of diseases. In the U.S., the Defense Advanced Research Projects Agency (DARPA) is running the Quantum-Assisted Sensing and Readout (QuASAR) program. Building on established control and readout techniques from atomic physics, it aims to develop a suite of measurement devices that could find application in the areas of biological imaging, inertial navigation and robust global positioning systems.12

IV. Potential Risks of Quantum Computing

While quantum computing has tremendous potential to benefit the society, it brings new risks and challenges. The massive computing power of quantum machines threatens modern cryptography, with far-reaching implications for the financial stability and privacy. Quantum computers can solve what is known in complexity theory as hard mathematical problems exponentially faster than the most powerful classical supercomputers, potentially making today’s main cryptographic standards obsolete. In particular, quantum computing has the potential to make asymmetric cryptography (public-key cryptography) obsolete, while reducing the strength of other cryptographic keys and hashes.

Today’s cryptography is based on three main types of algorithms: symmetric keys, asymmetric (public) keys, and algorithmic hash functions, or hashing (see Annex III and IV for further descriptions). These cryptographic algorithms, for the most part, have had the upper hand in maintaining the necessary security to protect data, provide integrity checks and digital signatures. They are generally deemed secure and unbreakable with today’s most advanced hardware and cryptanalysis techniques using conventional computers.

With symmetric-key encryption, an attacker needs to find the secret key shared between the sender and receiver to decrypt the cipher message as shown in Figure 1 (top panel). 13 Conversely, with public-key encryption, the attacker needs to find the receivers’ private key, knowing their public key, to decrypt the message (middle panel). Asymmetric encryption algorithms are widely used to secure communications over the Internet. Successful attacks against these standard cryptographic algorithms would compromise secure connections, endangering the security of banking, e-commerce, and other services. With hash functions (bottom panel), an attacker would attempt to find a hash-collision to match the output digest with a crafted and different input, allowing to produce counterfeit authentication digests for transactions or documents.

Figure 1:
Figure 1:

Types of Cryptographic Algorithms

Citation: IMF Working Papers 2021, 071; 10.5089/9781513572727.001.A001

Source: Authors

Risks from quantum computing vary depending on the types of cryptographic algorithms:

  • Symmetric cryptography, under certain conditions, is believed to be quantum resistant. Current security standards recommend the usage of AES algorithm with 256 bits keys for symmetric encryption. Known as AES 256, this algorithm is widely used for multiple purposes, such as securing Internet websites or wireless networks. An attacker would have to try 2256 combinations to break a 256-bit AES key using brute force, an effort that would require a timespan of over 7 billion years to be executed by a classical supercomputer, half the current age of the universe (CISA, 2019). A quantum computer may reduce the complexity of breaking symmetric encryption key by half, for example, by using Grover’s algorithm (Grassl et al., 2015). However, it would still have to run for millions of years to break a single AES key using known methods. This leads most experts to believe that that algorithm is quantum resistant for now, and so are other symmetric encryption methods of the similar nature.

  • Hashing functions are also believed to be quantum resistant under determined conditions. Hashing generates unique fixed-size codes according to arbitrary inputs. They are used to validate information and are leveraged in several cryptographic methods for diverse purposes, such as validating information or generating authentication codes. Their novelty stems from the quasi impossibility to reverse them. Given a determined hash code, it would take thousands of years to produce inputs that generate the same code (this is called a collision attack). As with symmetric cryptography, using Grover’s algorithm, a quantum computer could reduce the time to reverse a hash function from 2n to 2n/2, n being the number of bits used for the hash output. Therefore, longer hash functions like the SHA-3 family, which typically generate 256-bits outputs, are considered quantum safe and expected to remain as approved standards for now.

  • Public (or asymmetric) keys, however, can become obsolete with quantum computing. Theoretically, a fully functioning quantum computer can break an asymmetric key in a few hours by using Shor’s algorithm and related optimizations (Gidney et al., 2019). Furthermore, researchers believe that advancements in quantum computing will reach a level of optimization that would allow quantum computers to break today’s public keys in less time than it takes to generate them using digital computers (Monz et al, 2016 and Anschuetz et al, 2018).

Critical protocols behind digital data and communication security of the financial sector rely heavily on public-key cryptography. In the age of the Internet, public keys aim to achieve critical security services underpinning the financial sector. These include (Burr and Lyons-Burke, 1999): (i) authentication/authorization (the ability to corroborate the identity of a party that originated particular data, transaction, or participates in a protocol); (ii) privacy/confidentiality (the ability to ensure that unauthorized individuals are not able to access protected data); and (iii) integrity (the ability to know that data has not been altered). For example, today’s digital certificates and digital signatures are based on asymmetric keys. These critical security services supporting the financial sector would be compromised by a sufficiently powerful quantum computer, threatening sensitive information managed and communicated by financial institutions an d central banks. Putting it simply, an attacker who can forge signatures can effectively spend other people’s funds or masquerade as any entity.

Figure 2 shows some potential impacts of quantum computers on the different communication protocols used by the financial system:

  • 1. Online/Mobile Banking. Using a quantum computer, an attacker may compromise public keys for standard Internet protocols and eavesdrop on any communications between users and financial institutions. Furthermore, an attacker may compromise the authentication and authorization schemes, whether it’s session-toke n or public-key based financial system to produce counterfeit transactions. Moreover, in the case of central bank digital currencies (CBDC) and blockchain networks, attackers may extract valid wallet keys from publicly available records, granting them the ability to appropriate of users’ credits and tokens.

  • 2. Payment Transactions and Cash Withdrawals. ATMs are connected through private networks. This makes it easy for attackers to tap into connections relying on public-key encryption and use the same venues applicable to online or mobile banking to forge transactions.

  • 3. Business to Business Privacy. Corporate point-to-point networks also use public-key encryption to build secure channels, authenticate and authorize data exchanges between businesses. By compromising such channels, attackers would have full access to information that, once captured, would allow them easy points of entry to invade corporate internal networks, by impersonating users or servers through man-in-the-middle attacks. By forging certificates, for instance, attackers would be able to add their own resources to the enterprise network. Another form of attacks may be to record available encrypted data now, and decrypt it once a quantum computer is available, allowing them to reveal current trade secrets in the future, for instance.

  • 4. VPN Communications. VPN connections are used by staff of financial institutions to work from home and to access organizational internal and sensitive resources. Such connections typically use public-key encryption to authenticate business and workstations which would be vulnerable to the same issues as the business-to-business connections.

Figure 2:
Figure 2:

Quantum Computing: Selected Risks to the Financial Sector

Citation: IMF Working Papers 2021, 071; 10.5089/9781513572727.001.A001

Source: Authors

Other applications relying on public-key cryptography include popular blockchain-based digital assets such as Bitcoin or Ethereum and password-protected web applications. The best known of these protocols is HTTPS, used by 96 percent of Internet websites (Google Report, 2020). Therefore, quantum computing is an existential threat to many business sectors that rely on asymmetric cryptography for their day-to-day operations (ETSI, 2020).

While the ability to use longer keys renders symmetric encryption and hashing quantum-safe today, they are not immune to further advances in quantum computing. As the quantum computing field becomes widely researched and understood, new schemes and algorithms emerge continuously. Shor’s algorithm, for instance, has been improved several times since its inception, mainly to reduce its processing requirements. New algorithms and analysis are created that significantly lessen the quantum hardware capability needed to solve problems that go beyond the realm of classical supercomputers (Cade, 2020). It is, therefore, reasonable to assume that, as research progresses, new algorithms would be discovered to target today’s advanced symmetric cryptography and cryptographic hashing functions and turning them obsolete, as in the case of public-key cryptography.

Achieving a quantum-safe environment will require a different mindset by governments, firms, and individuals. More than 50 percent of organizations, including government agencies, admit running outdated software.14 Past experiences with replacing the data encryption standard (DES) and various hash functions (SHA-1, MD5) suggest that it takes at least a decade to replace a widely deployed cryptographic algorithm (National Academies of Sciences, 2019). Migration to quantum-resistant algorithms is likely to be much more complex than previous experiences, given the ubiquitous use of public keys. Therefore, even if all product providers made their software quantum-resistant, public and private organizations alike would need a different approach to obsolescence management. This would be even more complicated and expensive for legacy systems that no longer have software updates issued by their manufacturers.

V. The Way Forward

We are on the threshold of the quantum computing age. Quantum computers can speed up the process of scientific discovery, from designing new materials for more efficient batteries to creating better drugs and vaccines. Quantum computers could also transform the financial system as they would solve many problems considerably faster and more accurately than the most powerful classical supercomputers. Leveraging on quantum computers’ potential will also require new approaches and algorithms. This includes developing new error-correction schemes, creating new programming languages, forming communities of potential users, and developing common standards to ensure the interoperability between different quantum computing approaches and communications.

Quantum computers may also cause substantial disruptions, including undermining the financial stability. An important risk of quantum computing relates to the existing encryption algorithms that could become obsolete, especially the widely used public-key algorithms. Cryptoanalysis history is full of cautionary tales about perceived unbreakable cryptography made obsolete by new technologies (Annex II). The race has already started to develop new quantum-safe encryption standards and algorithms. For example, in the U.S., the National Institute of Standards and Technology (NIST) is running a competition for a quantum-safe encryption algorithm, targeting to announce a winner by 2024 (NIST, 2020). If fully functional quantum computers become a reality before or shortly after that, organizations (firms and governments) would have a narrow window to mitigate this risk. In Europe, the European Telecommunication Standards Institute (ETSI) is spearheading deployment of quantum-safe standards (ETSI, 2015, 2017, 2020). These works feed into activities of other standard-setting bodies such as the International Telecommunications Union (ITU) and the Internet Engineering Task Force (IETF).

While waiting for quantum resistant standards, financial system’s regulators can play an important role by raising awareness of the financial community to the current and forthcoming risks and challenges. First, financial institutions should develop plans to migrate current cryptography to quantum-resistant algorithms. ETSI (2020) has outlined a framework of actions that an organization should take to enable migration to a quantum-safe cryptographic state. The framework comprises three stages: (i) inventory compilation, (ii) preparation of the migration plan, and (iii) migration execution:

  • Inventory compilation. An organization cannot plan migration without prior knowledge of its assets that quantum computing would affect. Thus, the first stage of migration is to identify the set of cryptographic assets (both hardware and software) and processes in the system. The framework would require managing the business process, allocating a budget and ensuring accountability. The costs could be significant, including financial, temporal, organizational and for technical provisions.

  • Preparation of the migration plan. The migration plan would determine whether an asset identified in stage 1 will be migrated or retired, as some assets may become obsolete through redesign. Sequencing the migration is important given the interdependency of assets. If backwards compatibility is required during the migration, then the application will have to support both classical and quantum-safe algorithms. This may be achieved by using individual classical and quantum -safe algorithms, or by using hybrid algorithms depending on the existing cryptographic agility. For example, in November 2020, IBM announced plans to add quantum-safe cryptography to its cloud services, on top of the current standards.15 Provisions for cryptographic agility should be considered for any new or updated cryptography. If a vulnerability is found in the quantum-safe algorithm, it may be necessary to switch to a different one, although sometimes the vulnerability may be addressed by patches and updates. Ensuring cryptographic agility will make these upgrades easier.

  • Migration execution. The role of this stage is to implement the migration plan from stage 2 against the inventory from stage 1. This stage also includes mitigation management. A key element of mitigation management is conducting exercises to simulate and test the migration plan to determine its viability. These exercises are important, as they can uncover missing inventory elements (it is probable that the inventory will be incomplete).

This framework assumes an orderly, planned migration. However, immediate availability of a viable quantum computer that is used to attack public keys could require immediate transition to a quantum-safe cryptography. In this case, an emergency migration could require quick simultaneous execution of key measures outlined above.

Given the pace of innovations and uncertainty about when quantum-safe standards become available, financial institutions should build cryptographic agility. This is a property that permits smooth changing or upgrading cryptographic algorithms or parameters to improve the overall cybersecurity resilience in the future. Over the longer term, there may be a need to implement quantum cryptographic methods to reduce cybersecurity risks.

Beyond the financial stability, quantum computing raises important privacy risks, and regulators should work with industry experts to understand these risks. Regulations such as the United States Gramm-Leach-Bliley Act (Gramm-Leach, 1999), or the European’s General Data Protection Regulation (GDPR, 2018) already guide the protection of information, but may require further scrutiny to ensure quantum-resistant encryption of data exchange and storage. Importantly, given that quantum computers represent retroactive risks, the time for action is now.

The IMF has an important role to play in raising the awareness of its members about financial stability risks from quantum computers an d promoting quantum-safe standards and practices. At the multilateral level, IMF should encourage member countries to collaborate closely in developing common standards and protocols to ensure interoperability. At the bilateral level, it should encourage country authorities to develop encryption migration plans in the financial sector surveillance, for example, as part of the dialogue on ensuring operational resilience of financial institutions, markets, and infrastructure.

Quantum Computing and the Financial System: Spooky Action at a Distance?
Author: Jose Deodoro, Mr. Michael Gorbanyov, Majid Malaika, and Tahsin Saadi Sedik