Singapore, France monetary authorities test quantum-proof security

The Singapore Monetary Authority and Banque de France have trialed post-quantum computing encryption to secure international banking systems against quantum threats, successfully exchanging encrypted emails via a PQC plugin on Microsoft Outlook.
The Singapore Monetary Authority and Banque de France have trialed post-quantum computing encryption to secure international banking systems against quantum threats, successfully exchanging encrypted emails via a PQC plugin on Microsoft Outlook.

The Singapore Monetary Authority (MAS) and Banque de France (BDF) have completed an experiment with post-quantum computing (PQC) to address the “looming threat” quantum computing poses to payment networks. They looked at securing emails on Microsoft Outlook as a first step in integrating PQC into the international banking system.

Future proofing information exchange

The BDF and MAS exchanged digitally signed and encrypted emails using a PQC email plugin, the BDF said in a statement. The exchanges succeeded using existing internet infrastructure and post-quantum encryption standards established by the United States Department of Commerce National Institute of Standards and Technology in August.

The MAS released a technical report on the experiment. The research is timely for future-proofing the financial system, it said:

“The ‘harvest now, decrypt later’ scenario exacerbates this threat [posed by quantum computing] by allowing adversaries to intercept and store encrypted data now and awaits the development of quantum computers to decrypt it later.”

Additional standardization will be necessary to assure the confidentiality, authentication, and integrity of payment networks, the research found. No standards exist yet for hybridizing PQC security algorithms for public key infrastructure, digital certificates and key exchanges with the “classical” algorithms in use.

This is an urgent need that must be addressed by international organizations, the agencies concluded.

\t \t\t \t\t \t \t \t\t

BDF sending an email to MAS using a hybrid signature and hybrid encryption. Source: MAS

\t

In addition, the PQC keys needed for decrypting messages are significantly larger than those currently seen. The new key format may trigger existing security measures if all email servers are not consistently updated. This experiment looked at Outlook alone.

Related: US tech exec warns China is ‘a decade ahead’ on quantum

PQC requires international coordination

These challenges may become a bigger issue for financial applications, which entail much more frequent transactions and high levels of cross-border cooperation. The current results “reassure us of our ability to make our inter-institutional communications resilient,” BDF first deputy governor Denis Beau said. The agencies intend to examine the remaining challenges in the next phase of their research.

Source: ISO 20022.... LET'S DO IT

Singapore and France have been researching PQC on several fronts. The BDF and the German central bank are participants in the Bank for International Settlements’ Project Leap, which also aims to develop PQC solutions for payment networks. Singapore offers developers co-funding for PQC technology centers and use cases. France and Singapore also cooperate extensively on central bank digital currency research.

Magazine: Advanced AI system is already ‘self-aware’ — ASI Alliance founder