Home Technology Bankers are scared of quantum computers

Bankers are scared of quantum computers

Bankers are scared of quantum computers

Full-fledged quantum computers are emerging as the most dangerous threat to bank data security (photo: CC0 Public Domain)

In its June report, the Bank for International Settlements (BIS) based in Basel identified the threat of quantum platforms as the main danger for the coming years, about seven years to be exact. Some financial institutions already implement tools to mitigate the risk of hacking.

BIS experts expect full-fledged quantum computers to appear in the next 10-15 years. They will become the most dangerous threat to the security of banking data in the world. It would take them hours or even minutes to decrypt traditionally encrypted data using RSA and ECC, which would take classical computers thousands of years.

Quantum algorithms, and especially the well-known Peter Shore algorithm, easily decompose large numbers into prime factors and thus decipher a key or message much faster than a classical computer. Another issue is that factoring cryptographically significant (long) keys requires quantum systems of hundreds of thousands or even millions of qubits.

Such quantum platforms are unlikely to appear in the foreseeable future. And here lies another danger. Sensitive data can be recorded now and disclosed 10 or more years later. This method is not applicable for banking transactions, but for a whole range of information, including personal and state secrets, it is a fully working option.

At the end of last year, there was an alarming announcement from Chinese researchers about multiplying the speed of Shor’s algorithm. On an experimental 10-qubit platform, they succeeded in breaking a 48-bit RSA key and made a prediction that the 2,048-bit RSA key now widely used in banking and other sectors could be broken by a 372-qubit system in the very near future .

Fujitsu experts later disproved these concerns, showing that to quickly hack RSA-2048, a quantum computer with at least 10,000 qubits and 2.25 trillion gates (logic elements) connected to them is needed. That obviously won’t happen in the near future, but the threat remains.

To mitigate quantum threats, BIS experts recommend moving to post-quantum encryption (in the simplest case, this is increasing the length of RSA keys) and new equipment, in particular for quantum cryptography, which will eliminate the danger of interception of sensitive information .

The BIS says most of the world’s central banks already have the capacity to implement post-quantum algorithms, although more assessments are needed to understand which systems may be most vulnerable to the threat of hacking attacks from quantum devices. This means that by 2025, most central banks will be actively using post-quantum algorithms alongside conventional encryption algorithms.

At one of the past RSA cybersecurity conferences, a prediction was made that the cracking of conventional keys by quantum systems will begin as early as 2027. That is why many international companies are actively working on post-quantum cryptography algorithms. There is completely new math, and it is designed to counter “intelligently” quantum hacking algorithms.

At the same time, algorithms for data transfer between operators and data centers, electronic document management systems, information and analytical systems, online banking and payment terminals, as well as electronic signature infrastructure remain the most vulnerable to quantum hacking.

According to BCG’s 2022 estimate, a financial institution is about 300 times more likely to be hacked than any other type of organization, and data from S&P Global suggests that the chances of attacks increase with the size of the financial institution. Even the very fact of hacking without data theft or other damage is accompanied by direct losses, which will undermine customer confidence in banking services and mechanisms.

In March of this year, S&P conducted a simulation of a successful attack against a large European bank (with revenues of over 1 billion euros). In the worst case, this would result in direct losses of around 7% of capital, apart from reputational damage and lost profits in the future. What will happen in a real attack is anybody’s guess. Sometimes reality surpasses even the worst imagined nightmares.


Please enter your comment!
Please enter your name here