Publication of the month - February

By Jayne Rowe, Research Impact Manager

In the modern world we live in, faster is always better, right? Faster food delivery, faster entertainment, faster healthcare, and of course faster technology across all elements of our life. But I wonder how often we actually stop to consider the implications of bigger, better faster. A new article co-authored by colleagues at Wrexham University, published in FinTech Journal, does just that, it considers some of the potential impacts of quantum computing. The article is titled Global Roadmaps for Post-Quantum Era in Finance: Policies, Timelines, and a Pragmatic Playbook for Migration and it is written by Computing colleagues Dr Colin Kuka, Dr Phoey Lee Teh, and Leanne Davies, alongside Business School colleague Dr Sanar Muhyaddin. 

Now, if you are wondering what quantum computing is, you are not alone. It was a new concept to me, but after a quick search, I was reliably informed that it’s “a type of computer that uses the principles of quantum physics to process information in a completely different way from a normal (classical) computer”. So, what does that mean without getting too technical?

How it works

Classical computers use bits, 0 (off) and 1 (on), and our day-to-day tech such as smart phones and laptops are designed using these bits. Whereas quantum computers use quantum bits (qubits), 0, 1, and both 0 and 1 at the same time (superposition). Qubits, two or more, can also be entangled meaning they are linked even if separated by large distances. 

In practice

Quantum computers operate differently; they can explore many options at once. The article discusses Google’s 53-qubit Sycamore processor which, in 2019, sampled a quantum circuit one million times. This task would have taken a state-of-the-art classical supercomputer around 10,000 years….but it took the quantum computer just 200 seconds! I wonder what it is capable of today.

Possible implications

Kuka et al. highlight that the cryptography that we rely on in our current digital economy may be at risk as quantum computing advances.  Cryptography converts information into secure formats to prevent unauthorised access, and it is widely applied in things such as secure web browsing, payment systems, passwords, electronic signatures, and more. It is suggested that such data can be harvested today under a “harvest now, decrypt later” (HNDL) approach, and retrospectively compromised as quantum computing develops and decryption capabilities grow. Examples given in the article include:

• Exposure of previous online communications
• Forging of payment network infrastructures
• Falsifying of documents
• Stored customer data being revealed

 Figure 1.  Conceptual overview of the depth of quantum-enabled cyber threats

Navigating the path to the post-quantum era

The authors talk about practical defence to such cybersecurity risks including building crypto-agility and beginning the transition to post-quantum cryptography (PQC) now, and what challenges this presents, particularly in the finance realms. Some highlights include:

• The US, UK, EU, Canada, Australia and a number of Asian jurisdictions have already set out expectations, timelines and frameworks for the transition to PQC prior to 2035
• A six principle (cryptographic agility, risk prioritisation, hybrid deployment, vendor and supply-chain alignment, independent testing and measurement, and supervisory engagement) risk-based migration strategy - ‘playbook’
• The interdependencies of the financial systems and impact of varying adoption rates, based on previous payment system transitions

In summary

The key message I takeaway is that the transition to PQC is already underway and is no longer just a hypothetical requirement, the race is on and the adoption has begun. However, the level and speed at which is this underway across the financial sectors is varied due to the complex nature of requirements. The early adopters will need to run dual systems whilst the rest of the sector catches up, but this increases the risk of attack such as HNDL. Guidance details three waves of progress towards PQC and the timeframes:

• Wave 1— Foundations and No-Regret Actions (to ∼2027)
• Wave 2—Active Transition to PQC (2025–2030)
• Wave 3—Cleanup and Decommissioning of Classical Cryptography (2030–2035+)

A nice quote from the authors that rounds things off nicely is “Achieving quantum safety requires not only technical change but also strategic leadership and international collaboration to ensure that the financial system evolves in step with global cryptographic policy and technological innovation”.

Read the article in full.