You may have heard about quantum computers and possibly read about the future threat quantum computers might pose to cryptography. What are quantum computers, and should the financial services industry as defined by ISO TC 68 be worried? These are the questions this document will try to address.
What’s a Quantum Computer?
To fully understand what a quantum computer is probably requires a Ph.D. in quantum physics, but generally speaking, a quantum computer is a device that uses the quantum mechanical phenomena superposition and entanglement to solve certain specific problems much faster than classical computers. Where a classical computer uses bits, which can be either 0 or 1, on or off, as its basic building block, a quantum computer uses qubits and a qubit carries much more information than a simple bit.1 Qubits can exist in an intricate superposition between 0 and 1. This richness enables quantum computers, in principle, to solve certain specific problems dramatically faster than classical computers could. For example, a quantum computer could solve certain problems in days where classical computers would take years or more.
What Kind of Threat Would a Quantum Computer Pose to the Financial Services Industry?
While the promise of quantum computing is to solve certain specific problems dramatically faster than otherwise possible, currently quantum computers lack the stability and fault tolerance required to solve most real-world problems. As the technologies behind quantum computers mature, initially, quantum computers may provide advantages in AI and chemistry (see reference [9] and [10]), and in time, much more advanced quantum computers could potentially be a threat to the protections provided by today’s cryptography. Cryptography2 is used pervasively throughout the financial services industry and it can be divided into asymmetric (e.g., public key) and symmetric key (e.g., T-DEA or AES) cryptography. Public key algorithms are used mainly for digital signatures and key establishment, and symmetric algorithms are used for encryption and message integrity. Examples of public key cryptography include the authentication and key establishment that takes place when establishing any secure Internet session, or the digital signatures that are applied to digital documents or for code signing.