If you have ever logged in with a password, made an online payment, or updated your operating system, you have used cryptography. For centuries, humans have relied on different practices at the intersection of art and science to obscure and conceal language – to keep secrets secret. It is an act intuitively grounded in the necessity of hiding sensitive data from the eyes of undesired information-seekers. Cryptography, derived from the combination of the Greek words kryptos, meaning ‘hidden’ and graphein, meaning ‘to write’, ensures that valuable information delivered by message is accessible only to its intended receiver via knowledge of a specific key, allowing the recipient to decrypt and interpret this message.

Data cryptography plays a critical role in ensuring the confidentiality as well as integrity of information. And although its history is primarily one concerning military and government usage, today’s cryptographic systems transcend the needs of purely strategic applications and permeate ordinary life. The digitalisation of payment systems and identity verification services have made encryption ubiquitous – especially within the financial world where money has transformed into data. However, the seamlessness and democratisation of cryptography introduces an inherent challenge: any vulnerability in these widely adopted systems could have far-reaching consequences. As cryptography plays a central role in both finance and cybersecurity, assessing its resilience has become increasingly important. There is one cryptographic development that looms especially large for financial risk-analysts, however: the emergence of quantum computing.

Beyond 1s and 0s

The quantum world is bizarre. Albert Einstein notoriously defined quantum mechanics as “spooky action at a distance”, due to the often counterintuitive and unusual behaviour of particles at a sub-atomic level. Quantum mechanics emerged as a field during the first half of the 20th century, not long before computer science also formalised as a discipline. Grasping the peculiarities of quantum mechanics is no easy task. However, as David Morin, a senior lecturer in physics at Harvard University assures: “lack of understanding can be forgiven in the case of quantum mechanics, because no one really understands it”.

Quantum computing emerged as a theoretical field in the 1980s, but was only brought to reality in 1998, when researchers at Oxford University built the first quantum computer. In classical computing, a device executing an algorithm uses a stream of electrical impulses distinguished in binary through bits, i.e. 1s and 0s. This means that all information can only be encoded in one of the two states. The essential unit of quantum computing, on the other hand, is a quantum bit, or qubit. Due to a phenomenon called superposition, qubits can have the values of zero and one at the same time. Without risking falling too deep into quantum theory, this means that operations usually taking thousands of years to complete for classical computers might require only a few hours from a fully functional quantum computer. This is what encapsulates the so-called quantum ‘advantage’ or ‘supremacy’, making quantum computers not just exponentially more powerful, but fundamentally different from classical computers on a technical level.

Though its theoretical underpinnings can be traced back to almost a century ago, quantum computers as usable technological devices are still undergoing development. In 2023, the start-up Atom Computing beat the previous record holder, IBM, in developing the most qubit-rich quantum computer at 1000-qubits. Richness in qubits, however, is not enough to make a quantum computer functional. The more qubits a quantum computer has, the more susceptible it becomes to ‘noise,’ which refers to unintended interactions with the environment or errors in qubit states. These disturbances can corrupt the delicate quantum calculations, requiring sophisticated error-correction techniques to ensure reliable results.

IBM is aiming to develop the world’s first fully functional quantum computer within the next decade. Several other big-tech players are also participating in this race, such as Google, Microsoft and Amazon, but small start-ups and universities are also proving capable in delivering breakthroughs in the field. Quantum computing is expected to enable tremendous technological advancements in numerous fields, like drug discovery and personalised medicine, material science and logistics. Unsurprisingly, quantum computing also has the potential to be immensely disruptive. Its misgoverned rise could shake the very foundations of the modern cryptography principles that are pillars of financial cybersecurity – confidentiality, integrity, authentication and non-repudiation.

Cybersecurity rifts in the financial architecture

To understand the cybersecurity risks of the quantum revolution, it’s important to clarify the role cryptographic systems have in the financial world. We can distinguish three types of cryptographic algorithms: hashing, symmetric keys, and asymmetric (or ‘public’) keys. The mathematical problems underpinning these algorithms are sufficiently complex that they are considered unbreakable with current technology. Unfortunately, that is exactly what quantum computing could change.

Asymmetric key cryptography is by far the system most vulnerable to quantum computing and is used ubiquitously in the financial world. It is built on something known as factorisation and discrete logarithm problems, whose decryption would usually require unfeasible timeframes with classical computers. In a future where quantum computing has reached its full potential, however, malicious actors with access to its technology would have the capability to steal these cryptographic keys and compromise a whole slew of institutional services. Asymmetric cryptography is widely used in digital transactions, such as mobile banking, payment card verification, and digital signatures. An actor with sufficient quantum computing power would also be able to compromise emerging technologies within finance, such as Central Bank Digital Currencies and Blockchain networks. The IMF stresses that business-to-business privacy and VPN communications would be impacted too, which poses a threat to the stability and survival of entire industries and institutions.

It doesn’t take an expert to realise that the quantum revolution risks sending shockwaves throughout modern society, affecting the trust we associate with financial institutions and the complexity of our social contracts. It’s a technology also under scrutiny by the global catastrophic risk community. According to Professor of Computer Science, Roman Yamplskiy, quantum computing will act as a paradigm shift for the global economy and could potentially ruin many countries’ economies. For example, if asymmetric encryption methods become obsolete before robust post-quantum alternatives are implemented, it could erode trust in banking systems and financial markets, enabling large-scale fraud, economic sabotage, and identity theft. It’s also a technology that will likely only be in the hands of a few affluent countries, who could then act in a god-like position.

Of course, not every consequence stemming from the quantum revolution is a negative one – nor is every foundation of the financial architecture is under threat. For instance, there are certain advanced cryptographic systems, such as symmetric (rather than asymmetric), lattice, and hash cryptography, which are expected to remain quantum resistant. To break symmetric cryptography, for example, a classical computer would require 7 billion years. A quantum computer would still require half the time. However, these alternative forms of cryptography are not as ubiquitous as asymmetric cryptography is, which tends to be more consumerfacing and close to personal finances.

The quest humanity faces while it develops quantum computing and approaches Q-day is not about estimating how much time there is left before current systems fall into pieces and chaos, but how to future-proof said systems and govern a harmless transition to a post-quantum world, while benefitting from its groundbreaking advantages. Alongside speculation on ill-purposed actors and applications, there are already efforts in place to develop and improve technological solutions to step up the financial system’s resilience, like post-quantum and quantum cryptography. However, what arguably underpins a safe approach to the transformative power of a quantum revolution is foremost a shift in mindset from governments and corporations.

---