For decades, financial institutions have used encryption to maintain the security and privacy of computer-based information. Most of today’s encryption methods use algorithms that might break only after thousands of years of nonstop processing by the world’s largest conventional computers. Experts now realize that in the next decade quantum-based computers will likely have the power to break those codes in mere seconds.
Related: Educating the Industry on Post-Quantum Security Risks
DTCC’s latest white paper, Post-Quantum Security Considerations for the Financial Industry, brings this near-term risk into focus for the financial industry, to identify initial steps financial institutions can take, and to provoke a more intentional dialogue about how the industry can act now to ward off post-quantum risk. With this in mind, DTCC Connection sat down with DTCC’s Ronald Jones, Director, Architecture & Enterprise Services, to dive into the topic of quantum computing and how it stands to impact the financial services industry.
DC: For those of us without a technology background, can you explain what “quantum computers” are and how it compares to classic computers?
RJ: Although both are computers, there are stark differences between classic computers, which have been around for over 70 years, and quantum computing, which many experts believe will be commercially available this decade. Quantum computers are not simply classical computers on steroids, there is a fundamental difference in processing information.
The fundamental difference between these two types of computers is in how they process information. Classical computing process information in a defined binary state of either off (0) or on (1). Quantum computing, however, operates laws of quantum mechanics that utilize quantum bits. These quantum bits, or qubits, are different from classical bits because qubits can exist in multiple states at the same time. Instead of existing as (0) or on (1), they can also exist as both. It is this entanglement of qubits makes a quantum computer much more powerful than a classical computer for processing information.
DC: What are some of the benefits of using quantum computing?
RJ: A significant benefit of quantum computing will be solving “needle in the haystack” type of problems to understand the impact of risk and uncertainty in various scenarios. These scenarios can be projected using multiple probability simulations, which are referred to as Monte Carlo simulations.
One specific example of quantum computing benefiting everyone is weather forecasting. With the endless number of variables that impact a weather forecast, classical computers are unable to properly forecast long-term weather events. Using Monte Carlo simulations, quantum computing will serve as a valuable resource on both a local and global scale for more advanced and accurate warnings of extreme weather events.
Potentially, through quantum developed algorithms, quantum computers will be able to execute complex Quantum Monte Carlo (QMC) simulations for financial modeling.
DC: How is quantum computing used in the financial services industry?
RJ: The use of quantum computing in the financial services industry is still evolving. Several of the world’s largest banks have increased their funding in algorithm research. Currently banks are utilizing cloud vendors such as IBM, Microsoft, Google, and Amazon technologies to access quantum computing for algorithm research. Researchers access quantum computing services through public and private cloud offerings.
Potentially, through quantum developed algorithms, quantum computers will be able to execute complex Quantum Monte Carlo (QMC) simulations for financial modeling. QMC algorithms involve solving problems in finance like pricing simple options and credit risk calculations.
DC: How will the maturity of quantum computing impact risk for the financial industry?
RJ: Cryptography is one risk that quantum computing poses to all industries. In 1994, mathematician Peter Shor, developed a quantum computer algorithm for finding prime numbers of an integer. Shor’s algorithm coupled with a quantum computer with adequate number of qubits can be used to break public-key cryptography. This risk requires quantum computing to reach a level of maturity to execute specific algorithms designed to break today’s trusted cryptography. Once this maturity is achieved, which is likely to be in the next decade, malicious actors will have the capability to decrypt and read communication transmissions that are currently trusted as confidential. For example, e-commerce purchasing communications or online banking transactions will be at risk once a quantum computer is mature enough to decrypt these communications.
DC: What is DTCC doing to prepare for a post-quantum computing world?
RJ: At DTCC we are aware of the risk that quantum computing poses to our industry. This awareness has led us to monitor industry updates with the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), National Institute of Standards and Technology (NIST), and the U.S. Department of Homeland Security (DHS). We have taken early steps to educate ourselves on the risks, inventory encryption methods in use, and determine if and where the organization has post-quantum risk. In addition, we published a white paper to identify initial steps financial institutions can take, and to create intentional dialogue about how our industry can act now to ward off post-quantum risk.
To learn more about how DTCC is taking steps to prepare for a post-quantum environment, read our whitepaper: Post-Quantum Security Considerations for the Financial Industry.