After 60 years of research and development, small working quantum computers now exist. It is predicted that large-scale stable quantum computers will be able to, in minutes, solve the intractable problems that the classes of cryptography protecting information on the Internet and in industry are based upon. These problems were originally selected because they are believed to be infeasible to solve on classical computing architectures, possibly requiring hundreds of thousands of years to compute, and thus providing a high degree of security. If quantum computers can reduce the solution times to minutes, they pose a major threat to these forms of cryptography.
Created by the ASC X9 Quantum Computing Risk Study Group after more than a year of research, the paper provides background on the principles of quantum computing, and covers the state of the industry, quantum's threat to current cryptography, predictions about when this major threat may be realized, and actions that can be taken now to mitigate the risks. This paper will be updated as changes occur in the industry, and it is available for download at no charge.
This report discusses the basics of quantum computers and the quantum algorithms that break classical cryptography, and then shows how those algorithms could be used to attack classical cryptosystems, including secure authentication and communication. The report offers general recommendations for mitigating the impacts of quantum computing. It also provides a background in the main branches of mathematics that are thought to yield quantum-safe cryptographic schemes. The report is also available for download at no charge.
As described in the new white paper and Technical Report, the advent of quantum computing will make cybersecurity attacks more difficult to prevent, placing the financial services industry at greater risk. Currently deployed standards may not offer sufficient security. The new standard will augment the extensible and algorithm-agnostic CMS messages in the current X9.73 standard, in order to help the financial services industry transition to quantum-safe solutions. The work has been assigned to X9's F4 subcommittee on Cybersecurity and Cryptographic Solutions. Interested parties are invited to participate in this effort.
"X9 has been out in front of the industry in recognizing the quantum threat and has begun the groundwork necessary to fortify our standards against quantum-enabled attackers", stated Philip Lafrance, Standards Manager at ISARA Corporation, editor of the Technical Report and a participant in the creation of the white paper. "It has been a pleasure to work with such a qualified and experienced group of individuals in producing these two reports, and our collective mission is to continue to educate the community about the coming quantum threat, and successfully update our standards in time to mitigate it."