Quantum physics is not itself a true revolution.
The discovery of the laws that underpin it has been used as part of numerous technical evolutions for many years such as transistors or in medicine. The latest discoveries as well as popularization made by press have recently unveiled the subject to the public the way they love to do it, with much drama and without explanation, leading to misunderstanding and false ideas. It holds both promises and threats for our current cryptographic system.
To understand the quantum and post-quantum future and the threats it poses to payments and transactions, it is important to firstly review the difference between quantum computer, quantum cryptography and post-quantum cryptography.
Quantum computers take computing power to a new level and it will be hundreds and even thousands of times more powerful than most sophisticated computers we have in the world today.
The incredible speed at which it operates will revolutionize some specific processing beyond recognition. It has the potential to break most security systems that currently exist, particularly many public-key cryptosystems and customers, businesses, governments alike will be exposed to a much greater risk of security breaches as this technology becomes available.
It will have a direct effect on electronic payment security as the enhanced processing speed means it is capable of breaking encryptions that built today’s digital pillars of payments and transactions.
Quantum cryptography, on the other hand, is a protocol for transmission of data. It relies more on physics rather than mathematics as a key aspects of its security model. It offers new encryption through quantum key distribution (QKD), which will assure secure communication in a quantum computer era but the solution must also fit economically with business processes.
QKD makes it possible for users to securely distribute keys to each other, which enables them to secure communication channels and, eventually, build entire encryption systems that are considered most secure and unbreakable. Quantum cryptography is applied occasionally but it is much more complicated and expensive than good old cryptography that is currently applied everywhere.
Post-quantum cryptography or quantum safe cryptography is a new set of cryptographic algorithms that is currently being developed to guarantee security even if the quantum computer becomes reality. With post-quantum cryptography, algorithms can be applied in the same places as current cryptography. For example, the NewHope algorithm for post-quantum key exchange is already applied by Google for interested users and works inside TLS without you noticing at all.
What’s next for the payment industry?
The arrival of quantum computers is potentially game changing. However, any claims that quantum computing is close to breach the currently used cryptography systems are highly exaggerated. There is a way to go before the technology can be rolled out at scale and, therefore, we won’t see such powerful quantum computers very soon, not in several decades at least.
Still, research in quantum computers is advancing very quickly which suggest a tipping point is on the horizon. For banks and financial institutions, and those that rely on systems to store, process and protect classified information for a very long lifetime, the time to act is now and they should start preparing to replace the algorithms, while there is still time.
For the payments industry, it is important to be prepared and remember that early payment systems used classic cryptography systems for keeping our transaction systems running. The following preparation steps are recommended:
• Using “pluggable” systems such as TLS that allow changes to a different algorithm when needed
• Be prepared to go back to the “old fashioned” symmetric algorithms, since these are easy to protect against quantum computers
Thanks to the fact that quantum computers can be used for much more than breaking crypto systems, we will not be surprised by a quantum computer breaking all of our systems. Instead, a much simpler quantum computer can be used for things that are very likely to become popular and well known, such as medicine and chemistry research.
If these things are going to become useful for businesses, we know that the time has come to protect our cryptography.
The payment security systems need to be re-designed and future-proofed with advanced cryptography in order to protect against the possibility of quantum computing breaching existing IT and payment security protocols. A worldwide project established by the US National Institute of Standards and Technology (NIST) and joined by academics, technology laboratories and industrials is aimed exactly at addressing quantum risk in payments and develop quantum-resistant cryptographic tools to protect payments from quantum attacks.
Quantum-resistant cryptography or post-quantum cryptography develops cryptographic systems that are secure and able to protect existing communications protocols and networks from attacks from large-scale quantum and classical computers.
Payment technology leaders and solutions providers should play a major role in creating standards of quantum-resistant security, which will help guide the development of cryptographic systems and the certification procedures for these. I would advise people to keep abreast of the evolution of quantum computers and quantum cryptography, and start to formulate a plan to be prepared and think about quantum-resistant cryptography.