Visa, JPMorgan Are Already Preparing for Potential Quantum Cyberattacks
October 09 2020 - 11:23AM
Dow Jones News
By Sara Castellanos
Financial services companies are preparing for a time when a
powerful quantum computer could break some of the most widespread
cryptographic methods currently used in cybersecurity.
Experts say quantum-computing cyberattacks could be more than a
decade away, based on the technology's rate of progress, but the
consequences could be so severe that companies and cryptographers
world-wide are preparing now. Visa Inc. and JPMorgan Chase &
Co., for example, are researching methods capable of thwarting such
an attack, developing new processes and closely following the race
for new encryption standards.
"The data we have is sensitive, and it is vast in quantity, so
protecting that data is job number one for us," said Rajat Taneja,
president of technology at Visa.
Nearly six years ago, researchers at Visa began studying
so-called post-quantum cryptography, which refers to the new
cryptographic methods that could be used to withstand an attack
from a quantum computer.
Researchers at Visa have published four peer-reviewed papers
about cryptographic systems that could be used against a
quantum-computing attack, and a fifth is in the works, Mr. Taneja
said. Dozens of security experts and software engineers across the
firm have contributed to the research.
Quantum computers are still in the early stages of development.
The machines harness the properties of quantum physics, including
superposition and entanglement, to radically speed up complex
calculations related to finance, health care and manufacturing that
are intractable for today's computers. While traditional computers
store information as either zeros or ones, quantum computers use
quantum bits, or qubits, which represent and store information as
both zeros and ones simultaneously.
Some researchers estimate that it would take a machine with 250
million qubits to break today's public-key cryptography, a widely
used encryption method that could be particularly vulnerable.
While today's early-stage quantum computers are far less
powerful, much of the financial industry is secured by public-key
cryptography, ranging from online banking and online transactions
to banking mobile apps, Mr. Taneja said.
A popular public-key cryptography method, RSA, would be
especially at risk. RSA is vulnerable to quantum computers because
it is based on integer factorization, which is essentially reverse
multiplication, using numbers that can be about 1,000 digits
long.
Regular computers -- even supercomputers -- can't factor such
long numbers fast enough to beat these defenses. Quantum computers,
though, may be able to solve integer factorization problems many
millions of times faster.
Security experts and the companies developing quantum computers,
such as Alphabet Inc.'s Google and Microsoft Corp., have been aware
of the threat for years. Hundreds of the world's top cryptographers
are involved in a competition to develop new encryption standards
for the U.S., which would guard against both classical and
quantum-computing cyberattacks.
A quantum computing attack could compromise not only data in the
path of the attack but also the digital-signature algorithms used
to verify the identity of some secure websites, said Yassir Nawaz,
an executive director at JPMorgan responsible for securing emerging
technologies at the bank.
That could allow bad actors to create fake identities for
websites, as well as fake software downloads and software updates.
JPMorgan executives have been aware of the threat for years, he
said. "We've been actively discussing within the firm as to how
we'd address this," Mr. Nawaz said. "But the reality is that this
is something that affects the entire ecosystem."
JPMorgan is developing processes to help identify high-priority
data sets that need to be protected for several years and could be
at risk if a powerful quantum computer becomes available, Mr. Nawaz
said. "We need to have a process that lets us identify and
inventory that data," he said.
That data would then be first in line to be secured by new
encryption standards that could withstand a quantum cyberattack, he
said. New encryption standards are being developed now, in a
cryptography competition led by the National Institute of Standards
and Technology, an agency of the U.S. Department of Commerce.
Visa and JPMorgan plan to begin adopting NIST's new standards
when they become available, which will require coordination with
industry organizations. It can take as long as 15 years for
internet activity to be secured by the new encryption methods,
experts say.
"I don't believe one day we'll flip a switch and everything will
be post-quantum (encryption)," Mr. Nawaz said. "It's going to take
a long time, starting with the high-risk data."
Write to Sara Castellanos at sara.castellanos@wsj.com
(END) Dow Jones Newswires
October 09, 2020 11:08 ET (15:08 GMT)
Copyright (c) 2020 Dow Jones & Company, Inc.
JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From Apr 2024 to May 2024
JP Morgan Chase (NYSE:JPM)
Historical Stock Chart
From May 2023 to May 2024