2024年量子技术在金融消息传递中的应用报告（英文版）-量子经济发展联盟

Quantum

Technologyfor

SecuringFinancialMessaging

July2024

QED-CMemberProprietary

QED-CMemberProprietary

i|SecuringFinancialMessaging

QED-CMemberProprietary

Acknowledgments

ThankyoutotheQuantumEconomicDevelopmentConsortium(QED-C®)UseCasesTechnicalAdvisoryCommittee.Additionally,thisreportwouldnothavebeenpossiblewithouttheleadershipandcontributionsofthemembersoftheworkshoporganizingcommittee.

PeterBordow,WellsFargo

ScottBuchholz,Deloitte

JohnBuselli,IBM

TerryCronin,Toshiba

CarlDukatz,Accenture

MehdiNamazi,Qunnect

SimonPatkovic,IDQuantique

BrunoHuttner,IDQuantique

JohnPrisco,SafeQuantum

TaherehRezaei,WellsFargo

KeeperSharkey,ODE,L3C

CatherineSimondi,IDQuantiqueColinSoutar,Deloitte

JeffStapleton,WellsFargo

ThankyoutoAccentureforprovidingworkshopfacilities.

TheNationalInstituteofStandardsandTechnology(NIST)providedfinancialsupportforthisstudy.

AboutQED-C

QED-Cisanindustry-drivenconsortiummanagedbySRIInternational.Withadiverse

membershiprepresentingindustry,academia,government,andotherstakeholders,theconsortiumseekstoenableandgrowthequantumindustryandassociatedsupplychain.

FormoreaboutQED-C,visitourwebsiteat

.

SuggestedCitation

QuantumEconomicDevelopmentConsortium(QED-C®).QuantumTechnologyforSecuringFinancialMessaging.Arlington,VA.May2024.

/financial24.

GovernmentPurposeRights

AgreementNo.:OTA-2019-0001

ContractorName:SRIInternational

ContractorAddress:333RavenswoodAvenue,MenloPark,CA94025

ExpirationDate:Perpetual

Use,duplication,ordisclosureissubjecttotherestrictionsasstatedintheAgreementbetweenNISTandSRI.

Non-USGovernmentNotice

Copyright©2024SRIInternational.Allrightsreserved.

Disclaimer

ThispublicationoftheQuantumEconomicDevelopmentConsortium,whichismanagedbySRIInternational,doesnotnecessarilyrepresenttheviewsofSRIInternational,anyindividualmemberofQED-C,oranygovernmentagency.

QED-CMemberProprietary

ii|SecuringFinancialMessaging

QED-CMemberProprietary

TableofContents

ExecutiveSummary ii

Introduction 3

Quantum-ResistantSecurityApproaches 6

CurrentCryptographyTools 6

Post-QuantumCryptography 7

QuantumKeyDistribution 9

CombinedMethods 11

CurrentandEmergentTechnologies 12

KeyThemesofUseCases 14

Theme1:CurrentThreat 14

Theme2:CombinedSystems 15

Theme3:Quantum-ResistantSecurityasaService 16

ImpactandFeasibilityofSelectedUseCases 17

Classification 19

ImplementationDetailsofSelectedUseCases 20

Cross-BorderTransactions 20

PhysicalInfrastructure 21

QuantumSecurityasaService 22

Post-QuantumTLS:ConnectingCustomers 23

QuantumCommunicationsServiceProvider 24

Recommendations 26

AppendixA:Methodology 29

AppendixB:QuantumSecurityUseCasesforFinancialServices 36

AppendixC:WorkshopAttendees 40

1|SecuringFinancialMessaging

QED-CMemberProprietary

ExecutiveSummary

Thefinancialindustrydependsonsecuremessagingintransactionssentbetweenbanks,merchants,customers,andgovernmentagencies;creditcardauthorizations;wiretransfers;accountinformation;andothertypesofcommunications.The

monetaryandsystemicvalueoffinancialmessagingmakesitespeciallyvulnerabletocybersecurityattacks.Cryptographyisthereforecentraltotrustinthefinancial

systemandcriticaltothefinancialindustryandtotheeconomiesthatrelyonit.

Theadventofquantumcomputingcreatesanewcybersecuritychallengefor

financialinstitutions,asquantumcomputerswillonedaybecomepowerfulenoughtobreakmanyofthecryptographicalgorithmscurrentlyusedtoprotectdataand

communications.MostnotableistheabilityforquantumcomputerstorunShor’s

algorithm,whichthreatensmanyofthecommonlydeployedencryptionmethods

usedtoprotectmessaging.RunningShor’salgorithmrequiresacryptographically

relevantquantumcomputer(CRQC),whichislikelystillyearsinthefuture.However,theconceptof“harvestnow,decryptlater”meansthatencrypteddatatakentodaycompoundoverallrisk.Furthermore,thetechnologyupgradepathtopost-quantumsecurityreadinesswilltakemanyyears.Financialinstitutionsneedtotakesteps

todaytomitigatefuturerisks.

TherearetwotechnologiesthatprovidedifferentformsofsecurityagainstaCRQC:post-quantumcryptography(PQC)andquantumkeydistribution(QKD);wedescribeeach.Theyofferdifferentbenefitsand,ifcombined,mayprovideincreased

protection.

Thetwotechnologieshavepotentialapplicationsinthefollowinghigh-feasibility,high-impactusecasesidentifiedbystakeholdersinquantumsecurityandfinancialservices:

•moresecurecross-bordertransactions,

•security-enablingphysicalinfrastructure,

•third-partyvalidationoffinancialinstitutions’quantumsecurityposture,

•post-quantumtransportlayersecurity,and

•quantumcommunicationsserviceproviders.

Threeimportantthemesemergedduringthisstudy:

1.ThethreatposedbyafutureCRQCrequiresimmediateevaluationof

exposurerisktoacybersecuritybreachduetothethreatposedbyharvestnow,decryptlater.

2.Combinedapproachesthatemploymultipletechnologiesmayincreasesecurity.

2|SecuringFinancialMessaging

QED-CMemberProprietary

3.Third-partyserviceproviderscanhelpensuretimelyriskmitigationbysmallerinstitutions.

Inaddition,threerecommendationsaresuggestedforadvancingsecurityinthefinancialindustry:

1.SupportthefinancialindustryinimplementationofPQCstandards:FederalagenciesshouldsupportmigrationtoPQCalgorithmsbysharinginformationandresourceswithfinancialinstitutionsandbyprovidinggrantstohelp

institutionsimplementthenewalgorithms.Grantstostateandlocal

governmententitiesthathandlesensitivefinancialinformationshouldalsobeconsidered.Whilelargefinancialinstitutionswillhavethefinancialand

technologicalresourcestoswiftlyimplementthechange,small,community-basedbanksandcreditunions—ofwhichtherearethousandsintheUnitedStates—aremorevulnerableastheyhavefewerresourcesandthuswillbelessprepared.Federalgrantsorloanstosmallandmedium-sizedfinancial

institutionstosupportPQCtechnologyadoptioncouldbevitaltomaintainingarobust,quantum-resistantfinancialindustry.

2.Increasequantumexpertiseatfinancialinstitutions:Thefinancialindustryshouldgrowin-housequantumexpertisetoraiseawarenessofthe

implicationsofquantumtechnologiesintermsofbothbenefitsandrisks.

Financialinstitutionsshouldhirequantumnetworkingandsecurityexpertstoassistwithconductinganinventoryofquantum-vulnerablecryptographic

assetsandimplementingPQCstandards.Financialinstitutionscanalso

partnerwithcompaniesdevelopingQKDtotrialthistechnologyasitgrowsinitscapabilities.Investmentbankscanfurtherstayattheforefrontofquantumtechnologybyinvestingincompaniesthatofferquantumcommunications

andsecurityasaservice.

3.ExploreQKD+PQCcombinedapproaches:WhileQKDandPQCeachhave

advantagesandlimitations,usingbothtechnologiesinacombinedapproachcouldleadtohigherlevelsofsecuritythaneitherapproachonitsown.The

UnitedStatesgovernmenthasprioritizeddeployingPQCbutshouldalsofundR&DinQKD-relatedtechnologiestoensurethatthenationstayscompetitiveandprotected.FederalagenciesshouldinvesttodayinresearchthataimstomakeQKDmorescalableandcertifiable.InvestmentsinR&DonapproachesthatcombineQKD,PQC,andclassicalcryptographywilldriveinnovationin

waysthatsupportcryptographicdefense-in-depth.Thefinancialservices

sectorstandsreadytocollaboratewithtelecommunicationscompanies,

researchers,andgovernmenttohelpassessandadvancecombined

approachesforpossibleimplementationbeforeaCRQCbecomesavailable.

3|SecuringFinancialMessaging

QED-CMemberProprietary

Introduction

Thefinancialsectoristhedrivingforcebehindmanyinnovativedevelopmentsin

informationtechnologiesandservices.Withover$100trillioninassetsatstake,

1

theindustrydependsonandinvestsincutting-edgecybersecuritysystemsand

protocolstoprotectitselfanditscustomers.Whileappropriatelycautiousand

conservativeaboutadoptingnoveltechnologies,financialinstitutionsareconstantlyassessingtechnologicaladvancesthatcouldbethebasisofnewproductsand

business—orthatposenewthreats.

Cyberthreatsanddatabreachescreateriskstothestabilityofthefinancialsystemandthreatencustomertrust.Theproblemscanbecompoundedbythecomplexityofthesystemsinvolved.Financialservicesfirmshavenotonlytechnologicaldebt

fromlegacysystemsbutalsocomplexinformationtechnology(IT)landscapes

comprisinginternallydevelopedandthird-partyapplications,cloudstorageandsoftware,software-as-a-service(SaaS)capabilities,andotherintegrated

technologiesthatcreatealargeattacksurfaceformaliciousactorstoattempttoexploit.Examplesofattacksinclude:

•creditcardskimmersatanATMorgasstationposeathreattocustomersthroughaphysicaldevice,

•phishingemailstoabankemployeecoulddownloadmalwareandharvestafinancialinstitution’sdata,and

•weakpointsinafiberopticnetworkcouldbeleveragedbycybercriminalsforransomordataexfiltration.

Merchants,customers,wiretransactions,financialinstitutiondata,andnetwork

infrastructurearealltargetsofcybersecuritythreats.In2023distributeddenial-of-service(DDoS)attacks—cyberattacksthatattempttomakeaserverornetwork

unavailabletousersbyoverwhelmingitwithinternettraffic—targetedthefinancialservicessectorasneverbefore.

2

Asthethreatlandscapecontinuestoevolve,sodoesthesolutionspace.Theabilitytocontrolthequantumpropertiesandbehaviorofmaterials,devices,andsystemsisattheheartofquantumcomputers,quantumsensors,quantumnetworks,and

communicationtechnologies,andthesetechnologiescreatebothbenefitsandrisksforbusinesses’cybersecurity.

1Heredia,Lubasha,SimonBartletta,JoeCarrubba,DeanFrankle,ChrisMcIntyre,EdoardoPalmisani,AnastasiosPanagiotou,NeilPardasani,KedraNewsomReeves,ThomasSchulte,andBenSheridan.

2021.The$100TrillionMachine.BostonConsultingGroup,July2021,

https://web-

/79/bf/d1d361854084a9624a0cbce3bf07/bcg-global-asset-management-2021-jul-

2021.pdf

2FS-ISAC.2024.DDoS:HeretoStay.Reston,VA.

/hubfs/Knowledge/DDoS/FSISAC_DDoS-HereToStay.pdf

4|SecuringFinancialMessaging

QED-CMemberProprietary

Therapidprogressionofquantumcomputingcapabilitiesposesanewfoundationalrisktothefinancialindustryandtheclassicalencryptionprotocolsthatenable

virtuallyalldigitaltransactions.Acryptographicallyrelevantquantumcomputer

(CRQC)wouldbreakwidespreaddataencryptionmethods,suchaspublic-key

cryptography.Accordingtocurrentbestestimates,thelikelihoodthataquantum

computercapableofbreakingRSA-2048within24hourswillemergewithinthenexttenyearsismateriallyhigh.

3

Furthermore,anyclassicallyencryptedcommunicationtransmittedthroughanunprotectednetwork,suchastheinternet,isatrisktoday,

andpossiblyalreadysubjecttoexfiltration.Through“harvestnow,decryptlater”

attacks,anadversarycaninterceptandstoreencrypteddatauntilaCRQCis

available.Thismakesthequantumthreatoneofthemostimportantcybersecurityissuesfacingthefinancialsystem,potentiallyexposingallfinancialtransactionsandmuchoftheexistingstoredfinancialdatatoattack.

Thestakesarehigh,giventhatdataprotectionmechanismsforinternet

communications,digitalsignatures,passwords,contracts,andotherdocuments

wouldbecomeinstantlyobsoleteassoonasasufficientlypowerfulquantum

computerbecameoperational.Asjustoneexample,aCRQCcoulddestroythe

integrityoftoday’sdigitallysignedcontractsbecausethevalidityofthesigner’s

identitycouldnolongerbeensured.

4

Theimplicationsextendtothefoundationoffinancialmessaginginfrastructure,whichreliesoncryptographytosecureledgers

andprotectrecordsintransit.AnattackerwithaccesstoaCRQCcouldmanipulatepreviouslyencrypteddata,tamperwithrecords,rewriteassetownershiprules,andgeneratefraudulenttransactions.Evenwherelong-termconfidentialityisnota

seriousconcern,expectedmigrationtimesformanycomplexdigitalsystemsare

alreadystartingtoexceedthepotentialtimelinesforaCRQC.Thescaleofthethreattotheglobalfinancialsectorrequiresthecommunitytofocustodayonensuring

cybersecurityinthefuturequantumworld.

ThisreportreviewsthechallengesandthreatsposedbyCRQCsandconsiderstwoprimarytechnologiesforaddressingthem:

1.Post-quantumcryptography(PQC)issoftware-basedandinvolvesupgrading

existingmathematicalcryptographicalgorithmswithnewalgorithmsthatarebelievedtoberesistanttoattackbyaquantumcomputer.

2.Quantumkeydistribution(QKD)isahardware-basedapproachthatcreateshighlysecurecommunicationchannelsbyusingtheprinciplesofquantummechanicstoestablishasharedsecretkeybetweentwoparties.

3Mosca,Michele,andMarcoPiani.2022.QuantumThreatTimelineReport2022.Toronto:GlobalRiskInstitute.

/publication/2022-quantum-threat-timeline-report/

4BankforInternationalSettlements.2023.ProjectLeap:Quantum-ProofingtheFinancialSystem.Basel.

/publ/othp67.pdf

5|SecuringFinancialMessaging

QED-CMemberProprietary

PQCandQKDarebothconsideredquantum-resistant(alsoknownasquantum-safe)fortheirabilitytoresistattacksfromafuturequantumcomputer.Thisreport

considersthestrengthsandweaknessesofeachapproachandassessesstrategiesforachievingsecurityacrossthefinancialsectorusingthesetechnologies.Itisbasedonaworkshopthatbroughttogetherexpertsfromthefinancialservicesindustry,

QKDtechnologyproviders,PQCsuppliers/integrators,andotherquantum

technologystakeholders.TheworkshopmethodologyisdescribedinAppendixA,thelistof60quantumsecurityusecasesgeneratedbytheparticipantsisin

AppendixB,andtheworkshopattendeesarelistedinAppendixC.

6|SecuringFinancialMessaging

QED-CMemberProprietary

Quantum-ResistantSecurityApproaches

Cybersecurityisanevolvingchallengeofprotectinginformationagainstavarietyofever-changingthreats.Emergingquantumtechnologiesincludequantum

computers,whichpresentnovelandsophisticatedthreats,andquantum

communicationtechniques,whichcanprovideprotectioninthefaceofthesethreats.

Theprimarythreattosecurityfromquantumcomputersisrootedintheirabilityto

processcomplexcalculationsthatclassicalcomputerscannot.Manycurrentlyusedsecurityprotocolsthatrelyonpublic-keycryptography,suchasRivest-Shamir-

Adleman(RSA),eitherwillnolongerbesecureorwillbegreatlyweakenedbythe

processingcapabilitiesofCRQCs.

5

Forexample,Shor’salgorithm,aquantum

algorithmdesignedbyPeterShorin1994,providesamethodforefficientlyfactoringlargenumbers.Thelimitationsofclassicalcomputerstoperformthiscomplex

calculationarethemathematicalfoundationofpublic-keycryptographyinusetoday.

Thefieldofcryptographyhasbeenawareofthethreatposedbyquantum

computers,andtwotechnologieshavebeendevelopedtoaddressit:post-quantum

cryptographyandquantumkeydistribution.Eachapproachhasthepotentialto

substantiallybenefitinstitutionsseekingtoimprovethesecurityoftheirinformationandassets.Furthermore,acombinedapproachthatlayersQKDandPQC

technologiesontopofexistingsecurityprotocolscouldfurtherincreasethesecurityoffinancialmessagesanddata.

CurrentCryptographyTools

Mostencryptionusedinthefinancialservicesindustrytodayreliesonhash

functions,symmetriccryptography,and/orasymmetriccryptography.Hash

functionsprocessaninputtoyieldanoutputthatcannotbeusedtorecoverthe

input.Whilehashfunctionsareknowntobequantum-resistant,itmaybenecessarytodoublethesizeoftheinputtoberesistanttoaquantumcomputerattackusing

Grover’salgorithm.

6

Symmetricorsecret-keycryptographyisusedmostlyfordataencryptionand

sometimesforauthenticationandintegrity(i.e.,verificationthatthedatahavenot

beenaltered).Thesamesecretkeyisusedforencryption/signatureononesideandfordecryption/verificationontheotherside.Sinceitreliesonsharedsecretkeys,

symmetriccryptographyrequiresacomplementarykeyexchangeprotocolto

5QuantumEconomicDevelopmentConsortium(QED-C).2021.GuidetoaQuantum-SafeOrganization.Arlington,VA.

/guide-to-a-quantum-safe-organization/

6Preston,RichardH.2022.ApplyingGrover’sAlgorithmtoHashFunctions:ASoftwarePerspective.IEEETransactionsonQuantumEngineeringPP(99):1–12.doi:10.1109/TQE.2022.3233526

7|SecuringFinancialMessaging

QED-CMemberProprietary

distributethekeysfromonepartytotheother.Thesekeysaretypicallytoolongtoremember,andgreatcaremustbetakeninhowtheyareshared.Thereareafewpotentialmethodsforkeyexchange:awrittenkeycanbephysicallycarriedina

lockedsuitcasewitharmedguardsinabulletproofvehiclefromonelocationto

another;oritcanbeimplementedtechnicallybyusingsoftware-/firmware-basedasymmetriccryptography,overaseparatetrustednetwork,orbyusingQKD.

Thewidelyusedtransportlayersecurity(TLS)protocolusesasymmetric

cryptographyfortheexchangeofsecretsessionkeysforconnectionstointernet

websites.Forfasterencryption,dedicatedhardwareknownaslinkencryptors—anapproachtocommunicationssecuritythatencryptsanddecryptsallnetworktrafficateachnetworkroutingpoint—canreachencryptionspeedsofhundredsof

gigabits.Importantly,asymmetriccryptographyisusedbothforkeyexchange(inconjunctionwithsymmetriccryptographyforencryption)toprotectthedatabeingsentandfordigitalsignaturetoverifytheidentityofthesenderandreceiver.

Traditionalcryptographicalgorithms,suchasRSAandDiffie-Helmann,create

securitybyrelyingonamismatchinthecomputationaldifficultyofcertainproblems,suchasthoseinvolvingfactorizationanddiscretelogarithms.Theseproblemsare

relativelyeasytocomputeinonedirection,andexceedinglyexpensiveforclassicalcomputerstoreverse.

7

Algorithmsforquantumcomputersthatleveragethe

principlesofquantummechanics,suchasShor’salgorithmforintegerfactorization,canunderminethecomputationalcomplexityofthefactorizationchallenge.

Therefore,thecurrentlyusedasymmetricalgorithmsmustbereplacedbynewPQCquantum-resistantones.

Post-QuantumCryptography

PQCisamathematicalupgradetoasymmetricalgorithmsthatisusedtoprotectITsystemsandcanrunonexisting,everydayclassicalcomputers.PQCinvolvesthe

useofcryptographicbuildingblocks,called“primitives,”toconstructmorecomplexcryptographicprotocolsbasedonhardmathematicalproblemsthatwillbeabletoresistattacksfrombothclassicalandquantumcomputers.PQCisasoftware-basedapproachand,although“quantum”isinitsname,doesnotleveragequantum

technology.

AchallengeofPQCistheidentificationofsuchhardmathematicalproblemsthatareimpervious(accordingtocurrentknowledge)todecryptionwithclassicaland

quantumcomputers.Quantumcomputingasafieldisyoung,andthereremain

unknownsaboutwhatalgorithmsmaybedeveloped.Moreover,newalgorithmsthat

7Xu,Guobin,JianzhouMao,EricSakk,andShuangbaoPaulWang.2023.AnOverviewofQuantum-SafeApproaches:QuantumKeyDistributionandPost-QuantumCryptography.IEEE57thAnnual

ConferenceonInformationSciencesandSystems.

/abstract/document/10089619

8|SecuringFinancialMessaging

QED-CMemberProprietary

runonclassicalcomputersalsomayholdsurprisesintheirabilitytobreakproblemsthoughttobecomputationallyexpensive.

Contendersforhardmathematicalproblemsthatcanreplaceexistingmethodsto

generatecryptographicprimitivesincludelattice-based,hash-based,code-based,

andmultivariatecryptography,andisogenyofellipticcurves.

8

Eachcategoryoffersadistinctapproachtothenextgenerationofsecuritythatcanprotectdigital

informationagainstquantumthreats.

Lattice-basedcryptographyreliesonproblemsderivedfromlatticetheory,suchasfindingtheshortestvectorinahigh-dimensionallattice.Hash-basedcryptographyisafamilyofalgorithmsthattransformdataofarbitrarysizeintofixed-sizestrings,i.e.,hashvalues.Code-basedcryptographyisbasedonerror-correctingcodes,

multivariatecryptographyisbasedonsolvingmultivariatequadraticequationsoverafinitefieldknowntobeNP-hard,andisogeny-basedcryptographyinvolves

computingtheisogenygiventwoellipticcurves.

FourinitialalgorithmshavebeenchosenbytheNationalInstituteofStandardsandTechnology(NIST)forstandardizationofPQC,threeofwhicharelattice-based

(CRYSTALS-Kyber,CRYSTALS-Dilithium,andFalcon)andonehash-based

(SPHINCS+).

9

ThemultiplePQCstandardshavearangeofrequirementsandtrade-offs;differentstandardswillworkindifferentusecases.

PQCisexpectedtobewidelyadoptedbecauseitisaccessibletoclassical

computersandcanbeimplementedoncurrenthardwareorwithfewinfrastructureadditions.

10

NISTisintheprocessoffinalizingtheinitialPQCstandards,and

CRYSTALS-KyberandCRYSTALS-Dilithiumarebeingpreparedforreleasethisyearforkeyencapsulationandsignature,respectively(FalconandSPHINCS+willcome

later).Bothalgorithmsinvolvelatticecryptography,whichofferssubstantial

advantages,includingservingasabuildingblockforidentification-basedencryption.Thesealgorithmsfacilitateextremelyefficientandfastimplementationswhen

comparedtoRSAencryption,and,critically,theycansupporthybridcloudandedgeusecases.

NISTisalsocontinuingtoexplorenewPQCschemestoaddtothisinitialset.The

objectiveistoenableadditionalgeneral-purposesignatureschemesandkey

encapsulationmechanismsforsecretkeyexchangethatarenotsolelylattice-basedandthatmayprovideevenfasterperformanceandsmallerkeysizes.

8Dam,Duc-Thuan,Thai-HaTran,Van-PhucHoang,Cong-KhaPham,andTrong-ThucHoang.2023.ASurveyofPost-QuantumCryptography:StartofaNewRace.Cryptography7(3):40.

/2410-387X/7/3/40

9NationalInstituteofStandardsandTechnology,2024.Post-QuantumCryptography:Selected

Algorithms2022.

/projects/post-quantum-cryptography/selected-algorithms-

2022

10QED-C(2021),op.cit.

/guide-to-a-quantum-safe-organization/

9|SecuringFinancialMessaging

QED-CMemberProprietary

QuantumKeyDistribution

Generally,datatransmittedoncurrentnetworkscanbecopiedbyanyonewhocan

capturetheinformationthroughtechniquessuchasinterception,sniffing,and

spoofing.Cryptographyisusedtomakedataunintelligiblewithoutknowingthekeys,mitigatingtheriskoftheftofdataintransit.

Quantumphysicsoffersanotherapproachforpreventingthetheftofinformation.

QKDestablishesakeysharedbetweentwopartiesbyleveragingtheprinciplesofquantummechanics,suchasthesuperpositionandentanglementofquantum

states,toprotectagainsteavesdroppingattempts.Whenakeytransmissionis

intercepted,thequantumeffectsproduceevidenceoftamperingthatcannotbeavoidedregardlessofthecomputationalresourcesoftheeavesdropper.

11

ImplementationofQKDdoesnotrequireaquantumcomputer,butitdoesrequirespecialtechnologyfortransmittingandreceivingdata.

QKDinvolvessendinginformationintheformofbothphotonsandbitsthrough

quantumandclassicalchannels,respectively.Thequantumchannelusedtosend

thestreamofphotonsistypicallyeitheranopticalfiberorfreespace,andacrucial

characteristicofthechannelistheabilitytopreservethequantumpropertiesofthephoton.Theclassicalchannelisusedtosharetheinformationnecessarytocorrelateandauthenticatetheinformationsentinthequantumchannel(see

Figure

1).The

principlesofquantummechanicsmeanthatanattackerattemptingtoeavesdroponthequantumchannelwouldperturbthestreamofphotonsthroughtheactof

measurement,andthustheeavesdroppingwouldbedetectableasadisruptiontothekeysharing.

Figure1:IllustrationofaQKDsystembetweentwoparties

CommercialkeydistributionservicesareavailableandmanyprotocolsforQKDhavebeenproposed,includingBB84anditsvariants,B92andE91,andthemorerecentlydevelopedcoherentone-wayprotocol.

12

In2022ToshibaandBTlauncheda

11Alléaume,R.,C.Branciard,J.Bouda,T.Debuisschert,M.Dianati,etal.2014.UsingQuantumKeyDistributionforCryptographicPurposes:ASurvey.TheoreticalComputerScience560,part1:62–81.

/science/article/pii/S0304397514006963

12Xuetal.(2023),op.cit.

/abstract/document/10089619

10|SecuringFinancialMessaging

QED-CMemberProprietary

metropolitannetworkinLondonthatusesQKDandcanbedeployedoverexistingfibernetworks;EYandHSBChavebothsigneduptotrialthenetwork.

13

Similarly,IDQuantique(IDQ)iscollaboratingwithtelecommunicationsoperatorsSingtelin

SingaporeandSKTelecominKorea,aswellasotherEuropeantelecommunicationsoperators,tocreatenationwidequantumnetworkstoprovidequantum-safe-as-a-servicetotheirenterprisecustomers.

14

IDQisalsodirectlyengagedinprojectswiththeFidelityCenterforAppliedTechnology,JPMC,HanwhaBank,andotherbanksinEurope.

AlthoughQKDisrelativelymature,thereremainpracticalchallengestoits

implementation.First,itrequiresspecializedhardware,includingsingle-photonsourcesanddetectors,whichaddstoimplementationandmaintenancecosts.

Second,sincequantumprinciplespreventtheuseofopticalamplifiersonthe

quantumchann