While the financial services world is woefully unprepared for the coming impact of quantum computing, Mario Galatovic has a few suggestions for them.
Galatovic is the vice president of products and alliances at Utimaco, a cybersecurity and compliance solutions provider. While public use of quantum computing is likely a decade away, finance and automobile industries must address it now.
Quantum computing explained in five sentences
In traditional computing, information is encoded in bits with values of either zero or one. With quantum computing, information is encoded in qubits, two-level quantum systems where the two primary states are usually written as zero, one, or a combination of both.
Think of traditional computing as black and white, while quantum computing is black, white, and a lot of grey in between, Galatovic explained. The space between zero and one can have a nearly infinite number of values in it. Take 10 qubits, and you get higher rates that foster more complex transactions.
Why you have to prepare for quantum computing yesterday
A decade gives me plenty of time, you say? Not if you develop products with a shelf life of a decade or more, Galatovic said. Using cars as an example, he said one built today could be on the road until 2034 or 2036. With many cars essentially being large computers, how can you guarantee that the algorithms protecting the systems of a 2022 model will keep them safe in 2034?
Most industries see these problems and are working on them, Galatovic said. Forward-thinking companies have dedicated teams building post-quantum-ready systems. Some are already in use.
Entire industries, and national governments, must develop accepted standards for post-quantum cryptographic standards, Galatovic said. There is some progress, as, on July 5, the National Institute of Standards and Technology (NIST) announced four quantum-resistant cryptographic algorithms. The quartet was expected to become part of NIST’s post-quantum cryptographic standard, which was to be finalized by 2025.
“Just two weeks later, the first algorithm was broken already,” Galatovic said.
Information that fintechs take from customers may be secure today, but will it be 12 years from now? As long as it has value, that information needs to be protected. Given the level of change quantum computing will bring, fintechs need to update their security systems constantly.
That diligence must extend to partners and third-party service providers. Galatovic likens it to the standards Germany’s energy companies maintain on data security. Specific algorithms must be deployed at various infrastructure points.
Financial services are waaaaay behind
Many financial institutions are much further behind, Galatovic added. They haven’t even adopted modern legacy algorithms, never mind preparing for the future.
“A lot of the banking standards are still working with a symmetric cryptographic algorithm, which is from 2012 or earlier,” he said.
“Then it was no longer considered safe or secure because you could easily break it. But many financial transaction systems are still based on this; they did not even go to an AES algorithm, which is the next iteration of symmetric.”
Individualism plays a role. While competing brands see the need for some compatibility, they want to do their own thing. The growing number of third-party service and payment providers have similar motivations.
“That is where the concept of open APIs kicks in,” Galatovic said.
Working on common standards
In Europe, countries like France have worked on mandating algorithms. It’s a start, but governments have to find a common standard. That has to filter down to banks and tech providers.
Smart countries established working groups for quantum computing that bring the necessary players together. Some have international representation.
Related:
If the cryptocurrency industry is serious about fostering widespread adoption, it will also have to adopt standards, too, Galatovic said. When the industry was being formed, quantum computing wasn’t a consideration. Algorithms protecting blockchains and transactions were considered future-proof at the time.
“These ledgers or blockchain solutions need to fork the existing ledger and start it again, with more modern newer, maybe crypto HR algorithms, to be sure the same blockchain or ledger is still secure,” Galatovic said. “Multiple forks… There will be an initial fork, which will then be stopped. But you take all the information on it, and fork number one keeps getting new information onto the ledger. And this one basically leaves a history book beside the current one.”