For the financial services industry, cybersecurity is an important enabler of customer experiences, risk management, and supply chain orchestration. But in the face of increasingly open digital infrastructures and accelerated business transformation, new security threats are emerging that call for a leap forward in safety measures.
Due to its groundbreaking ability to quickly solve the difficult math problems that are the basis of some forms of encryption, quantum computing may lead to new vulnerabilities in the data protection space. This requires development of new encryption techniques and approaches that are resilient to post-quantum techniques, such as Shor’s algorithm.
Investing in post-quantum cybersecurity is a worthwhile long-term strategy to provide more robust safeguards for critical and personal data. While post-quantum cryptography standards are still being finalized, enterprise leaders in the financial services industry and elsewhere can benefit from researching post-quantum’s capabilities and identifying how it can help them protect consumer information in an exponentially more efficient way.
Wells Fargo is one of the early players in researching quantum’s abilities and threats in financial services and is collaborating with the National Institute of Standards and Technology (NIST) and other standards agencies to gain insights into how post-quantum cryptography (PQC) can protect cyberspaces. The quantum future may be a decade away or more, but this forward-thinking approach illustrates how to build out core defensive infrastructure by exploring quantum techniques and collaborating with innovative players.
Image Credits: Getty Images
The quantum advantage
Concerns are rising over the power of future quantum computers, and the need for post-quantum cryptography, but this is not new. NIST issued a request for submission for quantum-safe cryptographic algorithms back in 2016, kicking off a years-long process of competitive development in an effort to create a public-private co-development ecosystem and paving the way for the switch to quantum safe encryption.
Wells Fargo was introduced to quantum computing’s potential in 2019. At that time, the financial services company was exploring the potential advantages of using quantum computing in AI development and the threats to post-quantum cryptography, working jointly with academic research teams. Today, Wells Fargo is a partner in the IBM Quantum Network, exploring the development of practical applications for financial services, using IBM Quantum technologies, and collaborating with IBM scientists, and other members of the network.
The quantum advantage boils down to two specific phenomena, both of which will allow quantum computers to solve problems intractable for today’s conventional machines. The first is superposition, which is the ability of a quantum system to represent multiple states with less classical bits at the same time. This lets a quantum computer represent an exponentially larger set of states, thus allowing the system to deal with much larger problems than traditional computers.
The other key quantum phenomenon is entanglement, which occurs when a pair of qubits can act in ways that are causal, meaning that operating on one instantly reflects in the state of the other. The phenomena of quantum entanglement enables new communication patterns within a quantum system, which is much faster than classical data transfer. Though this may seem trivial, this massive reduction in state transfer time can speed up the overall system exponentially.
As a result, quantum computers are able to tackle issues that traditional computers don’t have the power to solve, such as those involving complex optimization steps or very large stochastic processes (i.e. processes with high degree of randomized behaviors), like the ones found in the modeling of typical what-if scenarios.
“We got into quantum from a perspective of quantum-safe cryptography and then quickly branched into discovering how some quantum techniques are also very effective in a classical environment,” says Chintan Mehta, CIO for digital technology and innovation at Wells Fargo. “Everybody should be thinking of quantum from that perspective. Not ‘how can I acquire a super powerful quantum computer?’ but ‘is there a quantum technique I can use to make my current computing and data techniques faster?’”
For a variety of financial use cases, quantum approaches may provide great potential for efficiency gains. For example, quantum computers could run Monte Carlo simulations to determine the optimal portfolio of stocks in impressive time. The simulations analyze risk-and-return trade-offs on combinations of investments to create a portfolio based on a customer’s goals and risk tolerance.
The power of quantum cybersecurity
With the power of quantum computing also comes a challenge to much of today’s cryptographic landscape. Current cryptographic protocols that protect most of the private communications and transactions worldwide (everything from HTTPS, digital signatures, signing of security certificates) use asymmetric key structures (such as pairs of related keys—one public key and one private key) to encrypt and decrypt a message and protect it from unauthorized access or use.
The most widely used asymmetric algorithms are based on difficult mathematical problems, such as factoring large numbers, which can take thousands of years to solve even on today’s most powerful supercomputers. But this would not be the case for quantum computers: Using Shor’s algorithm, they could deliver an exponential increase in speed of prime factorization and break the key infrastructure by “guessing” the prime factors used in the encryption in hours or even minutes.
Even though quantum computers, capable of executing Shor’s algorithm are not yet commercially available, initiating quantum-safe cybersecurity solutions can offer significant advantages now. Quantum-safe encryption would be sufficiently powerful to prevent intrusion by even the most powerful classical or quantum computers.
“From a security standpoint, not engaging with quantum capabilities could expose you to threat actors who do have quantum skills and resources, which can then compromise your infrastructure and quickly get to the data,” Mehta says.
In July 2022, after extensive evaluation and testing, NIST chose a few algorithms as candidates to be standardized for most quantum use cases, such as CRYSTALS-Kyber for key establishment and CRYSTALS-Dilithium for digital signatures, all of which offer many benefits, including serving as the basis for ID-based encryption and, critically, the ability to fend off attacks from a future quantum computer. Because of the cost implications and potential security implications of functional quantum computing ecosystems, it is very likely that the first set of fully industrialized quantum systems will be deployed by nation states, and most likely for defensive (possibly offensive) capabilities.
Outside of that context, the potential of quantum computing to speed up mathematical steps in machine learning and AI will likely be the core of value creation. Fraud management, for example, is a fundamentally critical use case for financial institutions that increasingly depends on AI based solutions. Fraud detection systems remain highly probabilistic with rapidly evolving fraud vectors; by some estimates fraud models return 80 percent false positives, which then requires multiple manual layers of additional checking to catch fraud. The data modeling capabilities of quantum computers are expected to prove superior in analyzing complex data structures to find patterns, perform classifications and more accurately detect fraud vectors.
Taking the quantum leap
Mehta predicts that financial institutions that are already looking into the future of quantum computing are likely to see significant benefits. But the key first step is dispelling reality from myth and gaining a better understanding of what quantum does and is able to do. With those insights in hand, companies can then develop the skills to visualize a potential solution. Companies could start by answering some of these core questions:
- Which parts of the enterprise are limited by computing resources?
- Is there significant customer value to solve for those limitations differently?
- What areas of the enterprise and customer transactions will be at risk because of quantum capabilities?
- How will deploying quantum capabilities change the current technology stack?
- How will existing systems and staff interface with a quantum system?
- What new skills will be required to write quantum algorithms?
“It’s crucial to have a basic understanding of quantum capabilities because, if nothing else, it will allow you to tell apart the hype and hypotheticals from the fundamental realities of quantum,” Mehta says.
It’s highly unlikely that companies will own their own quantum computers. Instead, Mehta believes the technology will be cloud-based concentrated among a few major players. Therefore, businesses should focus their efforts on finding solutions to business issues as opposed to building out their own infrastructure for quantum computing. Businesses should also assess potential threats throughout their organizations, for example, identifying where to best adopt post-quantum cybersecurity methods and emerging security solutions.
As a member of the IBM Quantum Network, Wells Fargo is part of a community of Fortune 500 companies, startups, academic institutions, and research labs that collaborate to advance quantum computing and explore its real-world applications. Although success as defined by deploying quantum systems capable of delivering applications with advantages over classical systems is years away, early exploration of breakthroughs in quantum computing and AI will ultimately reimagine the financial sector and make banking faster, easier, and safer.