Quantum computing is set to reshape financial services. We explore the risks and opportunities inherent in this cutting-edge technology.
In a nutshell:
- Quantum computing may offer financial services firms significant opportunities for the enhancement of their services and operations across a range of use cases in the near future.
- But it may also present risks for data security, blockchain-based technologies and central bank digital currencies, by enabling widely-used encryption protocols to be swiftly undermined; there is some evidence that quantum-based “hack now, decrypt later” attacks may already be taking place.
- Firms and their regulators should be taking precautionary steps now, identifying where and how high-risk data is held, with a view to transitioning to quantum-safe algorithms and quantum-proof cryptographic keys.
An interesting quantum phenomenon that quantum computers exploit is quantum interference. For example, we can devise quantum algorithms such that all the possible ways to get to the wrong answer interfere with themselves and cancel each other out, while leaving only the possibility of getting to the right answer."
- Martin Laforest, Senior manager, Scientific Outreach, Institute for Quantum Computing at the University of Waterloo
Quantum computers can perform calculations that could not practicably be done with classical computers. Even though there are still some limitations to be overcome before the technology can readily be exploited commercially, the potential opportunities and risks need to be weighed up now.
Quantum computing is based on the principles of quantum theory. It is one of many kinds of technologies which exploit quantum theory. Quantum computing first emerged as a theoretical discipline in the 1980s, although in the first decades, progress towards practical application was relatively slow (and expensive), since quantum computers require very specific physical conditions to operate in, are highly unstable, and susceptible to electromagnetic interference, which can cause errors in their calculations.
Broadly speaking, quantum computers operate as follows:
- Quantum computing uses quantum bits (qubits), which are atomic or subatomic objects (eg, photons or electrons) that have both wave- and particle-like physical properties. Unlike bits used in classical computers that exist in only one state of 0 or 1, qubits exist in more than one state at the same time – this is known as superposition.
- Qubits can only exist in a superposition of values until they are measured, at which point they collapse and immediately revert to a value of either 0 or 1. The state of superposition is very fragile, and one of the key challenges in developing a functional quantum computer is to eliminate all sources of noise and errors which could result in such collapse.
- When qubits are be linked on the quantum level (which is known as entanglement), their values are correlated such that measurement of one qubit instantly affects the other entangled qubits. By encoding data into entangled qubits and performing operations which leverage quantum theory on those qubits, in mere hours we can, with quantum computers, solve problems that would take a classic computer or super-computer tens of thousands of years. However, as the number of entangled qubits on a quantum computing processor increase, so does the difficulty in maintaining their fragile states.
Researchers have recently made some significant breakthroughs in addressing these issues including (to name but a few): in 2019, Google's quantum computer was reportedly the first to perform a calculation that would be practically impossible for a classical computer ("quantum advantage"); in June 2022, Australia's Silicon Quantum Computing created the first integrated circuit manufactured at atomic scale; in August 2022, Quantinuum found a way to scale the number of qubits to increase performance and reduce the error rate; and in October 2022, researchers from China, the UK and the US devised a temperature control technique to keep qubits stable for longer. All this is still really "laying the groundwork" for more complex computations that might eventually solve industry-relevant problems. Nonetheless, the pace is picking up - IBM envisages that delivery of its new quantum system in 2023 will prove to be an inflection point after which the errors of quantum computing will decrease exponentially; Google aims to have a commercial grade quantum computer by 2029.
In the short term, the resources involved in obtaining access to and operating quantum computers will likely only be justified for a relatively small group of problems. However, for those particular problems, which for financial services would include addressing the difficulty classical computers have in factoring large numbers, and searching large datasets such as unordered lists, quantum computing could be a game-changer. It is also likely to involve the use of quantum-as-a-service providers (such as Microsoft’s Azure Quantum or D-Wave's Advantage) in the short to medium term.
Potential uses of quantum computing for financial institutions include optimisation of trading algorithms, risk profiling and management, enhanced compliance operations and detection of financial crime, customer targeting and prediction. The Monetary Authority of Singapore is supporting a research project which aims to develop quantum computing based credit scoring methods for trade finance. IBM has even posited that quantum computing could forecast financial crashes. First movers such as JP Morgan, Goldman Sachs, BBVA and Santander (amongst others) have established quantum research teams who use experimental systems to explore potential use cases such as portfolio optimisation, speeding up derivatives pricing, simulation and machine learning.
One quantum computing risk to consider now
Quantum Computing is expected to break today’s public-key cryptographic algorithms and expose data. It is crucial to investigate multiple avenues of mitigating quantum threats through cryptography."
- Marco Pistoia, JPMorgan Chase
However, with a more significant number of entangled qubits on a quantum computing processor than is currently practicable, a quantum computer would also be able to break existing encryption systems that use public-key cryptography. This would present what has been described as 'a Y2K threat' for financial institutions and also cryptocurrencies and other blockchain-based technologies (including central bank digital currencies) which use encryption mechanisms vulnerable to quantum computing – a threat to the integrity and stability of financial services.
The crystallisation of that threat is not, however, something that will only emerge with the advent of commercial grade quantum computing – firms may already be subject to “hack now, decrypt later” attacks whose impacts will only be fully understood in the future when stolen encrypted data is decrypted with a quantum computer.
Regulators are beginning to focus on these issues. The UK's FCA held a virtual workshop with a range of stakeholders to consider the possible impacts of quantum computing for security and encryption, and competition in financial services, amongst other policy considerations. Other regulators, including Singapore's MAS, the French AMF, Germany's BaFin, Hong Kong's HKMA, and Canada’s OSFI, have alluded to the risks quantum computing may pose for blockchain applications and many widely used security procedures.
In the US, the National Institute of Standards and Technology (NIST) (a public/private collaboration) has been working on developing a post-quantum cryptographic standard – four algorithms have been selected for standardisation and the standards are expected to be published by 2024; work on digital signatures algorithms is ongoing. NIST has urged firms to start preparing for the migration to post-quantum cryptography now: “It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks”. The European Telecommunication Standards Institute has separately proposed a three-stage action framework for migration to such standards.
A number of larger banks have already started work on what will likely prove to be a very long term transformation project. Typically, such projects start with the formation of an expert team, and an audit of current operating systems, network services and applications, to identify and inventory where and how high-risk data is held. Hardware and software encryption protocols currently in use are assessed, taking into account their purpose, to identify those which are vulnerable to quantum computers, with a view to prioritising them for future-proofing so that work on adopting relevant standards can begin as soon as these are available. Financial services firms should also start including in all future projects consideration of the quantum-related risks and any steps that will be eventually be required to transition them to quantum-safe protocols.
As the FCA noted, "it is critical that all parts of the financial services sector start collaborating now to ensure this is a quantum leap for the better and not a stumble into the unknown”.