Fintech is looking to quantum-proof its assets

No one knows when the first quantum computer capable of cracking today’s commonly used encryption algorithms will arrive, but it could be sooner rather than later.

Back in 2020, Google CEO Sundar Pinchai estimated that a device capable of breaking current asymmetric cryptosystems in minutes would likely be realized in five or ten years. If he was right, then the window for action has narrowed to a possible three years. But nobody really knows.

The real concern is that a device that could break the RSA and elliptic curve-based encryption that protects almost all traffic over the web today would be achieved out of sight, in a nation-state’s secret labs. When that happens, all bets are off.

Last November, the US Office of Management and Budget released a memo outlining plans to “prioritize the timely and fair transition of cryptographic systems to quantum-resistant cryptography.”

Moving towards quantum-secure alternatives to RSA and elliptic curve got a little easier after the US National Institute of Science and Technology (NIST) finally announced the winners of its post-quantum (PQ) cryptography competition last summer. But these are not drop-in replacements, meaning old and new will have to live side by side until the time comes to switch over, or PQ encryption will be built on top of the existing infrastructure.

The perceived complexity, along with the unknown timescale, causes some organizations to delay the day of reckoning.

However, there are those whose size, sector or risk profile tip the balance towards acting now. One such company is Swiss-based fintech firm VeroWay, which offers what it describes as “dynamic alternative core banking and digital fulfillment software solution,” meaning a digital wallet platform for fiat and cryptocurrencies.

“As a leader in secure wallet technology and digital fulfillment, we recognize the urgent need to maximize security for the storage of digital assets and transactions,” said CTO Sean Prescott.

VeroWay is partnering with California-based quantum security company QuSecure to improve the algorithms used in their public key infrastructure (PKI). “Specifically, we are using QuSecure’s post-quantum resilient keys for quantum entropy, while generating additional public/private pairs to protect the user’s digital asset vault,” Prescott said Data processing. “With QuSecure’s solution, we can ensure that the randomness has an unprecedented entropy that ensures we comply with the standards of RSA, but feed the system with the right key strength and quantum security.”

VeroWay claims 15 million registered users, each with a digital vault that allows them to manage their digital assets from anywhere in the world. These vaults are protected using RSA cryptography, enhanced to increase the key size, and the company uses a quantum random number generator from QuSecure to “layer another PKI over the existing one”.

It also aims to quantum secure the traffic between user devices and vaults by implementing a quantum-safe VPN based on QuSecure’s quantum-resistant encryption software QuProtect.

“On the human-to-machine side, QuProtect allows each connection—desktop, mobile, etc.—and session to be wrapped in an additional post-quantum-protected Q-VPN session, further protecting every transaction and interaction with our infrastructure from potential attackers,” Prescott said.

“Over the next few weeks, VeroWay and QuSecure will generate millions of new and additional keys to further secure our segregated and self-managed digital asset vault system. This will essentially build a ‘quantum shield’ around our entire infrastructure.”

“We’re doing it in a way that doesn’t replace or break our current established and patent-protected VeroWay platform infrastructure, but instead enhances it to be the first and only new banking infrastructure platform with post-quantum protection and security.”

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *