Zhang Renfu, president and director of Huishang Bank in China’s Anhui Province, told DigFin the bank is using quantum communication between its main data center and its back-up center.
“It’s mainly for data security. We must be responsible for
our customers, and quantum communication is really safe,” Zhang said.
Huishang bank has also applied quantum encryption to transmit digital certificate between its branches and the China Financial Certification Authority (CFCA), ensuring the security of certificate issuance management.
Jane Melia, vice president of strategic business development at QuintessenceLabs, a cyber-security institute in Canberra, Australia, says some financial institutions are piloting quantum communications.
So far these banks are keeping quiet about their activities. “Not all customers want to reveal how they are securing their information, since that can make them a target for attackers,” said Melia. (One bank, CBA, previously shared some of its work with DigFin.)
Most financial security infrastructure (as well as security
in other fields, from e-commerce to routine software updates) is based on
This is a system used for when a password is not sufficient,
and works by binding a public key (a code generated by an algorithm to lock or
unlock information) to an individual or an organization, while a third party
serves to validate that identity.
Today’s infrastructure is vulnerable to the brute
computational power that quantum computing will bring. A quantum hack could
disrupt the verification process, inserting false messages; it could even do so
across a network, making it possible to corrupt blockchains (whose security
lies in part on decentralization, requiring 51% of nodes to be hacked).
“When a quantum computer becomes practical, the economic markets will be severely impaired,” says the U.S. National Institute of Standards and Technology (NIST) on its website.
Ding Jintai, professor at University of Cincinnati, an active researcher of post-quantum cryptography, told DigFin that financial institutions should start to prepare for the future where they must migrate their entire communications to quantum-proof systems.
“For financial institutions with sensitive data that
requires long-term security, like ten to 15 years, they must act now,” Ding
said. It’s likely that by the late 2020s a quantum computer will be able to
reveal all sensitive data passing through financial networks today.
To fight against future quantum computers' massive computational power, a new cryptography is emerging based on physics instead of relying just on mathematics.
Quantum Key Distribution (QKD) may replace today's infrastructure. QKD is a secure communication method which involves quantum mechanics. It enables two parties to produce a shared random secret key known only to them. The two parties can detect any third party trying to gain knowledge of the key because the process of measuring a quantum system disturbs the system.
Although it works, the technology still faces challenges of scalability.
"QKD is limited in distance at the moment, with throughput decreasing significantly with distance. For commercial throughputs, we are talking of a few tens of kilometers, making it practical today for links to data centers of similar deployments,” Melia said. “This will change in the coming years as quantum repeaters mature, and with the development of free-space links to satellites.”
Financial institutions must act now
Ding jintai, University of Cincinnati
China has been making the most progress. In 2016, it launched the world’s first quantum-communications satellite, called Mencius, named after the ancient Chinese philosopher.
The satellite enabled the world’s first intercontinental quantum communication between China and Austria, over 7,600 kilometers on Earth.
In November 2018, it followed up with the world’s first quantum-security comms trunk line, connecting Beijing and Shanghai (a distance of about 2,000 kilometers). Signals are transmitted between them via transfer stations in Jinan and Hefei.
Bank of Communications, ICBC and Alibaba Group are using the trunk line to send encrypted messages, according to local media. And as DigFin reported, Bank of Shanghai is working on new payments tech that is quantum-proof.
How long till decryption doomsday?
The threat by quantum computing to security has been known
since the 1990s when it was first raised by MIT professor Peter Shor; the Shor
Algorithm defines how quantum computing can outpace conventional cryptography.
Only recently, however, have research institutions around the world begun to define standards for “quantum-safe” data. In November 2017, NIST received 70 submissions from the likes of Amazon, Google and Microsoft, as well as academics such as Ding, for proposals to mitigate quantum-comm attacks.
The goal, Ding says, is to develop a standard to be adopted by the U.S. government. “Then every single industry would have to adopt it, and replace their existing infrastructure,” he said.
The work is gaining urgency as quantum computing is developing faster than expected. Broadly speaking, a computer with 50 qubits maintained in a stable state is considered a quantum computer (see our Glossary primer). Companies have released computers with more qubits, but which are less stable. Intel unveiled a short-term 49-qubit computer in January 2018, while Google has announced a 72-qubit quantum chip, albeit one that only lasts for a short time. Others such as Microsoft say they are working on more stable versions.
The upshot, though, is that quantum computing’s future is no
longer a question of “if”, but “when”. Arvind Krishna, director of IBM
Research, recently predicted at a conference that quantum computers will be
deployable “in a little more than five years”.
NIST’s website says: “It is believed by many that the
realization of large-scale quantum computers is more an engineering challenge
than a theoretical one.”
So the race is on – and it is increasingly likely that
quantum communications will arrive before most banks are ready. It’s a race
that a handful of firms like Huishang Bank are hoping to win.