Quantum related technologies have the potential to massively disrupt a number of areas of IT. In particular, there will be a significant impact on the financial services industry because of the opportunities that such computing power will enable. However, with these opportunities also come threats to some conventional security techniques and even business models. While quantum computers are not anticipated to become mainstream until around 2025, there is much that businesses can and should do to prepare for this next digital revolution. A proper awareness of the threats posed can allow businesses to deploy quantum safe security right now.
What Exactly Is Quantum Computing?
Quantum computers, unlike today’s classical computers, make use of a quantum-mechanical phenomenon that allows data to be represented as quantum bits (or “qubits”). These are not constrained to conventional 0 or 1 binary values, but instead can be a combination of 0 and 1 at the same time. A set of qubits is able to represent exponentially more values than their “bit” counterparts, allowing them to deliver computation and algorithm solving rates much faster than with more conventional technology. Quantum computing only recently entered the commercial arena – in 2008, D-wave was the first company to claim to have a quantum computer for purchase. Though is still under debate whether one can really call it an actual quantum computer, it was at the start of a rapidly developing and heavily invested field of development. Today’s qubits are able to maintain a quantum state for only a few milliseconds before interferences make them “decohere” and the information they were processing gets lost. Quantum computers are still under development, and the first general-purpose quantum computers are expected to arrive within five years.
“We’re seeing the convergence of better algorithmic efficiency on one hand, and better qubits on the other”, says John Sarrao, associate director for theory, simulation and computation at Los Alamos National Laboratory. Whatever the future of quantum computers may be, the power of change will not only be derived from the hardware itself, but also from the algorithms that can be executed. While there are huge opportunities to utilise these algorithms for functions similar to those executed in the present day IT landscape, there are also great opportunities to develop a new breed of algorithms for completely new use cases.
What Are the Consequences for Financial Services?
Financial services are one of the markets most dependent on IT because of a reliance on security and the need to deliver differentiated services. New ways of communicating and interacting with financial services digitally (e.g. online and mobile banking, peer-to-peer payment platforms and digital currencies), as well as the continuing improvements in computing power, have led to increased concerns over cybersecurity. It is an ongoing challenge for encryption methods to keep pace with the sophistication and processing power of technology that is capable of compromising the protection they offer. Quantum computers promise such a leap forward in computing speed that they could open up wide-scale and systemic breaches of existing security and governance mechanisms. Such developments would be disastrous to the financial services market if they are not properly anticipated and managed. Hence much of fintech today is focused on quantum computing, which comes with both benefits and threats to financial services:
Generally, quantum algorithms would require logarithmically fewer calculations than a classical computer to achieve the same result, and therefore be much faster. One particularly interesting application for banking is algorithmic trading. This uses algorithms to automatically initiate stock trades according to pre-defined strategies. Becoming proficient in running these algorithms for high-frequency trading can offer a significant advantage over those without such a capability.
Pattern recognition algorithms can be effectively used to spot fraudulent activities and reduce data breaches. This is done via machine learning, whose goal is to accelerate the learning rate of artificial neural networks. Using classical techniques, and particularly in the complicated mathematical world of the banking sector, it is very difficult to train a neural network in big-data applications. Having fast learning neural networks thanks to quantum computers will provide levels of insight and understanding to help fight fraudulent activities which were previously inconceivable.
The basic algorithm for the public-key/private-key of blockchains is not quantum safe. This puts the development of crypto-currency markets at risk since currently their keys are sent via the internet. In theory, having acquired a quantum computer, it will be possible to take any number of public keys and rapidly de-crypt them to determine their private key counterparts. The first person to perform this feat could use such knowledge to execute the largest bank robbery in the history of mankind.
In a similar way, some algorithms which could be run with quantum computers can decrypt RSA keys (one of the most common cryptography technique) rendering them practically useless. In fact, there are many cryptography standards in use today that are not quantum safe. It is advisable for any institution to perform a quantum risk assessment to determine the risks associated with their current encryption infrastructure. It should be noted that if the outcome of such an assessment shows serious gaps in security, the institutions’ core business will be rendered extremely vulnerable with the advent of quantum computers.
Fighting the Quantum Menace
Possible elements of a solution to these threats include the development of new encryption algorithms and methods that are resistant to attacks from quantum computers (“post-quantum cryptography”). Such solutions range from the use of encryption algorithms where increasing complexity drives an exponential increase in solution runtime even for quantum computers; through to the creation of all new encryption methods that would be problematic for a quantum computer.
Another technique with a lot of potential is quantum key distribution (QKD), which uses quantum technology as a defence to ensure privacy in data exchange. Quantum states are affected by the very act of measuring them, so it is relatively easy to detect if quantum keys have been intercepted and read by 3rd parties during the process of exchange.
The adoption of at least one of these techniques will be vital in coming years to anyone who wishes to transmit sensitive or confidential data securely. There are already QKD solutions available commercially, as well as post-quantum cryptography methods, and it is an active research area for many academic institutions and government organizations, including the NSA.