Sibos 2022: Breaking finance – how quantum technology will kill secrets
In 2018, Innotribe dedicated a full day to quantum technologies (QT). Now, four years later, they return to the topic at Sibos 2022 in “Quantum, Revisited”, with Jaya Baloo, Avast chief information security officer (CISO) and Stacey Jeffrey, a senior quantum researcher at CWI, a Dutch research institute for mathematics and computer science.
With a technology such as QT that promises both to revolutionise, or upend, industries and also feels permanently on the horizon, just out of reach, measuring its development in years and not the usual weeks and months is sensible.
But the technology is on the verge of some fundamental breakthroughs, which, once they materialise will change the way we look at technology forever, including fintech, with significant repercussions for everything from banking to state secrets.
Baloo and Jeffrey began by outlining what quantum technologies actually are. The moniker embraces quantum computing, quantum communications, quantum mechanics, quantum simulation and quantum physics.
What the quantum?
“The big one that people have maybe heard of is that if we build computers based on the laws of quantum physics, they can do certain things that would not be possible or would be much slower on a regular computer,” Jeffrey says.
For example, there are certain problems that can be solved much faster, which may have huge impacts in financial services, in industry, in science and the development of new technologies. But there’s also new security applications that could potentially be built using this kind of technology that would be actually impossible without using quantum mechanics.
Jeffrey says it’s important to emphasise that “these quantum computers are something that are still being built” and a lot of these applications also come with potential threats. One of the most famous applications of quantum computers, “when we’ve actually built big fully working scalable quantum computers”, would be using them to attack encryption systems that are widely used today, including RSA encryption, a public-key cryptosystem that is used for secure data transmission in banking, for example.
As such, the implications for banking, or just browsing the web, could be huge. The asymmetric algorithms that are used for multiple applications across financial services could pose a significant cybersecurity risk when quantum computers can run algorithms that break encryption.
That’s why organisations such as the World Economic Forum are looking at the problem from both a “threats and opportunities” perspective, issuing two reports on the subject, one on the opportunities of a quantum economy and one on security.
“If we know that the quantum economy is coming, that this post-quantum future is going to arrive, how do we actually transition to a quantum-secure place to manage and mitigate that threat?,” Baloo says.
Because QT is still in the early stages but promises so much, there is a risk disillusionment and disinterest could set in. The hype cycle, propagated by the media and welcomed by capital-hungry research institutions, could create quantum fatigue.
But, Baloo says, “if you take a look at the majority of innovative struggles that we’ve had over the years, part of the reason that we had fuel for that innovation to occur is partially thanks to that hype”.
In truth, hype is what propels companies like IBM, Microsoft and Google to get behind QT in the first place, and they promise enormous gains from an investment perspective, including solving foundational scientific and economic problems. “And all of those promises are where that hype is being derived from.”
“I think we should be spending this money on QT, because I think it’s a very promising technology,” Jeffrey says. She believes there are lots of potential applications, but as a scientist, for Jeffrey there’s a problem when “we’re making really misleading claims”.
“It’s very nice to make claims that people can understand but a lot of the things that we know how to do with quantum computing are not so understandable.”
“One thing that we really fear is that we’re making all of these big promises, that get amplified in the headlines, and people may get the impression that every year we’ve finally invented a quantum computer which, again, hasn’t been developed yet in any meaningful way,” Jeffrey says.
The truth is progress is slow, and there is a risk of a ‘quantum winter’, named after a similar phenomenon in artificial intelligence (AI). The AI winter occurred when “there was a lot of hope and promise behind AI a number of decades ago”, before a theoretical negative result caused interest and research in the field to “implode”. As a result, there was a long period of no research in AI and researchers found it “impossible” to get their research funded. Which is why AI has now come back with the rebrand “machine learning” (ML), Jeffrey says.
“One of the things that we worry about is that something similar could happen in the field of quantum, that people just decide that it doesn’t work.” But if you ask people in science and in academia, “they say it’s actually moving along as expected. The timeline has even moved forward a little bit since I started working in the field”.
Capture now, decrypt later
All technology is dual use: it can be used for good, or it can be used for bad. In order to make use of the quantum computing advantage we need to be able to mitigate some of the negative consequences, “specifically in cybersecurity”, Baloo says. “The best way to do that is to get started now.”
Governments across the world are capturing large volumes of encrypted internet traffic with the intention, once a quantum computer is up and running, of decrypting that information.
“We now have a quantum computer, and look, we have a whole bunch of old secrets.” And sometimes those old secrets are “super useful” at predicting the behaviour of new things.
“Old secrets can still have a long-term impact,” Baloo adds. Disinvestment in quantum would also mean disinvestment in the security technologies needed to mitigate any quantum threat.
“If you have a budget, which threads will you work on? The ones that are in the next five-year horizon or the ones that no one is talking about?” As a result, financial institutions may have no budget to look at their cryptographic algorithms and how they should swap them out with post-quantum algorithms or money for researching quantum communications opportunities.
“And that means that we’re giving an advantage to any one country or company that would be developing such an advantage in secret,” Baloo says.