Section III: Potential Threats to Cybersecurity

Overview

The financial services industry heavily relies on cryptography to safeguard digital information. Whether to securely store customers’ personally identifiable information (PII), access the internet through a virtual private network (VPN) or ensure the integrity of a trade order placed on a mobile application, cryptographic algorithms play a central role in many critical functions within the financial system. Such algorithms are based on mathematical problems that are prohibitively time-consuming for today’s classical computers to solve. For instance, a hacker would need trillions of years using a conventional computer to break the encryption securing internet-based communications, such as a VPN.62

Quantum computing is uniquely positioned to offer, in the future, a streamlined way to crack today’s standard encryption safeguards. This is possible because quantum computing can leverage specialized algorithms to significantly reduce the amount of time to solve the mathematical problems behind today’s encryption. At a high level, this type of solution is possible because a quantum computer uses qubits in superposition to simultaneously see across several potential solutions to an algorithm (i.e., quantum parallelism) and select the correct one.63

The following section highlights the potential quantum-related threats, methods for mitigating those threats and areas of consideration for firms seeking quantum resistance.

Potential Quantum Security Threat

Encryption is widely discussed as the main vulnerability for firms to a quantum attack. This is due to a quantum computer’s ability to leverage algorithms to degrade certain security methods, such as asymmetric key cryptography (systems using different pairs of private/public keys between sender and recipient for encryption), hashing (systems using algorithms to scramble a message of any size into a coded fixed-length value), and symmetric key cryptography (systems using a shared private key between sender and recipient for encryption).64 There are two principal algorithms that hackers could use in a quantum attack on encrypted data:

  • Shor’s Algorithm. Shor’s Algorithm is particularly efficient at solving the mathematical problems that underlie asymmetric key cryptography. Shor’s Algorithm provides quantum computers exponential speedup advantages for conducting calculations to break asymmetric key encryption. In other words, if a classical computer required 2^50 steps to break encryption based on asymmetric key infrastructure, it might only take a quantum computer only 50 steps.65 Hackers could use Shor’s Algorithm to engineer an attack on a crypto standard such as RSA (Rivest-Shamir-Adleman), which is a common standard for securing data transmission.
  • Grover’s Algorithm. Grover’s Algorithm is not as well-suited for breaking asymmetric key cryptography but, instead, hackers may use it to provide so-called quantum speedup advantages in breaking symmetric key cryptography and hashing, where the time to find a possible solution is drastically reduced. For example, a computation that requires 1,0002 (or 1,000,000) steps for a classical computer may require 1,000 steps for a quantum computer.66 Hackers could also deploy Grover’s Algorithm to weaken a standard such as Advanced Encryption Standard (AES), which is commonly used to protect sensitive data.

Given the significant speedup advantage Shor’s Algorithm offers, the threat of a quantum attack is potentially greatest with asymmetric key encryption. Although Grover’s Algorithm may be improved upon, in its current state, symmetric key cryptography and hashing are still generally regarded to be quantum-resistant.67 For example, a quantum computer with over 6,000 logical qubits would still need over 1032 years to break AES-256 symmetric key encryption using Grover’s algorithm.68 However, a quantum computer with 2,000 logical qubits using Shor’s Algorithm could potentially only need less than four hours to break asymmetric encryption based on the RSA-1024 standard.69

Methods of Quantum Resistance

We discuss the NIST standards for upgrading existing encryption practices that will likely influence the financial services industry in greater detail below. In addition, we note other methods for providing quantum resistance.

  • New Cryptographic Standards. In response to the rising threat to today’s encryption standards, NIST has focused on creating readily available replacement algorithms with mathematical properties that would be difficult to break even if large-scale quantum computers became available.70

Cybersecurity specialists have been developing post-quantum cryptography (PQC) standards for public key encryption standards that could protect key exchange and signature applications. In a competition that resembles a previous effort that produced new hashing algorithms,71 NIST submitted a call for proposals for new algorithms in 2016, with designs submitted by more than 80 teams from 25 countries.72 NIST evaluated proposals based primarily on security and performance criteria73 and narrowed the candidates in three successive rounds, with the most recent round occurring in the first half of 2022.74 NIST reportedly plans to release draft PQC standards in 2023 for public comment and may seek to publish final standards in 2024.75 In addition, NIST recently developed a factsheet to inform organizations on matters related to migration to post-quantum cryptography.76

Noteworthy among NIST’s efforts is that it identified a group of four encryption algorithms that are expected to be a part of its new standards. In addition, NIST identified four other algorithms that remain under consideration for inclusion in the new standards. NIST has pursued a portfolio approach of selecting a variety of algorithms in recognition of the need to identify suitable tools for different encryption applications and systems as well as the need for redundancy in case any of the tools prove vulnerable.77

  • Key Length Upgrades. Perhaps the most expeditious route to quantum resistance is a lengthening of existing keys. For example, today’s standard of RSA-204878 could be extended to 4096-bits to lengthen the amount of time required to break encryption. Nevertheless, this solution may only be a short-term one, due to the exponential speed quantum computing offers.79 Moreover, lengthening key sizes may be disruptive and introduce potential hardware incompatibility (e.g., for certain smart cards) and operational issues.80
  • Quantum Communications. Another way to potentially bypass a quantum attack is to remove the mathematical equations involved in cryptography that can be decoded by a quantum computer. Instead, quantum computing could be leveraged in a way where keys could be shared through qubits that travel in a state of superposition, potentially making them extremely difficult for bad actors to intercept.81 However, as with any new and emerging technology, quantum communications may also present new challenges and vulnerabilities.82

Firm Considerations for Quantum Resistance

The use of cryptography is embedded in almost every firm’s data, including storage and transmission. In addition, cryptography is the basis for securing more than 90 percent of internet-based connections83 and plays a significant role on blockchain platforms.84 Cryptography may play a key role in firms’ data security architecture through a variety of ways, including securing communication links with customers and other firms, verifying identify (including through the use of digital signatures or certifications) and securing sensitive information. Accordingly, some firms have begun exploring potential upgrades to their cryptographic security in light of the potential disruptions that any future quantum attack may pose and considering the time that it may take to finalize a set of new cryptographic algorithms, implement them in firms’ hardware and software stacks, and adequately train personnel.85

Considering all that is involved in designing and implementing new standards, the path to quantum resistance could encompass a sequence of steps that takes several years. The National Academy of Science has indicated that it would take at least a decade to fully replace a widely used cryptographic standard, and this would come after the already lengthy PQC design and standardization process is complete.86 After NIST finalizes its suite of new algorithms, the selections are likely to be considered for broader standardizations for public infrastructure, such as the internet.87

Some firms have begun to monitor the progress of encryption updates designed to provide enhanced protection through quantum-resistant encryption. Potential factors to consider include, for example, re-encrypting sensitive data or re-signing documents while older versions are destroyed. The steps towards quantum resistance may be involved and complex and may have implications for operational performance. In light of this, some standard-setting bodies have started to prescribe steps that can be taken toward achieving quantum resistance. Of note are guidance from NIST and the European Telecommunications Standards Institute (ETSI), a non-profit standardization organization in the areas of information and communications.

  • ETSI guidance. In a technical paper published in 2020, ETSI lays out three main steps to work towards Fully Quantum-Safe Cryptographic State (FQSCS).88 The first involves an inventory compilation so that any migration effort can be informed by the assets that will most likely be impacted. The second step involves redesigning or retiring assets and employing quantum-safe or classical algorithms, as needed, and adopting an agile stance to upgrade when appropriate. The third step entails the execution phase and managing the transition through simulations and exercises to ensure that nothing has been overlooked in the initial inventory and planning stages.89
  • NIST guidance. The National Cybersecurity Center of Excellence (NCCoE), which is part of NIST, sought to raise awareness by issuing a publication detailing the potential steps and associated challenges of migrating to PQC.90 The publication assessed the quantum risks and complexities involved in migrating key assets and enumerated considerations for a migration plan, some of which mirror the ETSI report, including taking inventory of the ways that cryptography is used in the enterprise to inform how a migration plan may be formed.91 NCCoE has since collaborated with public and private stakeholders to continue to raise awareness and develop processes for a migration plan.92