The Monetary Authority of Singapore (MAS) has this week signed an agreement to collaborate with four major banks and two tech companies on the increasingly hot topic of quantum security.
A Memorandum of Understanding (MoU) paves the way for the organisations to pool brainpower to study the application of what is known as ‘Quantum Key Distribution (QKD)’ in financial services.
QKD is a secure communication method for exchanging cryptographic keys only known between shared parties. It can help financial institutions such as banks to protect the exchange of cryptographic keys to address cybersecurity threats posed by quantum computing.
‘Quantum computing technology has been developing rapidly and has demonstrated potential to break commonly used cryptography and encryption algorithms. This poses a major cybersecurity concern,’ MAS states in its (14 August) announcement.
The collaboration, which will involve proof-of-concept development and trials, follows other MAS quantum-related MAS initiatives over recent months. The authority just last month announced the launched of a ‘quantum track’ under its ‘Financial Sector Technology and Innovation Grant Scheme (FSTI 3.0)’ to provide funding support for quantum projects and capabilities; and, in February, the authority issued all financial institutions with an advisory on addressing the cybersecurity risks associated with quantum, and provided recommendations to safeguard against the identified threats, including to carry out proof-of-concept trials with quantum security solutions.
*** RECEIVE GLOBAL GOVERNMENT FINTECH’S FREE EDITORIAL NEWSLETTER ***
Three focus areas
In the coming months, MAS and participating banks – DBS, HSBC, OCBC and UOB – will experiment with QKD solutions jointly provided by SPTel and SpeQtral in three areas.
First, they will ‘conduct’ a QKD proof-of-concept sandbox (isolated test space) on financial sector use cases to ‘evaluate its viability, effectiveness and applicability to financial services, and determine the feasibility of using QKD for quantum-safe communications within the financial sector’.
Second, they will ‘validate the security properties’ of QKD, such as detecting eavesdropping attempts and preventing unauthorised access or tampering of QKD transmissions. This will help to verify QKD’s capability to provide robust security for sensitive data transfers, and enhance trust in its deployment within the sector, MAS states in its announcement.
Third, they will ‘enhance technical competencies through knowledge exchange to equip MoU participants with the skillsets to support the transition towards adopting quantum security solutions when they are commercially available.’
“The proof-of-concept trials will help MAS and financial institutions better understand QKD’s potential impact on operations and address challenges early,” said MAS assistant managing director (technology) Vincent Loy. “These technology trials can also inform and shape technology and cyber risk management policies towards quantum-proofing our financial systems. We are excited to partner the industry on this initiative and look forward to the learnings and experience that it will bring to our financial sector.”
*** JOIN GLOBAL GOVERNMENT FINTECH ON LINKEDIN ***
‘Growing importance of topic’
The industry partners involved in the MAS collaboration are looking forward to their participation.
“While DBS has been familiarising ourselves with quantum computing’s potential to transform financial services, we are keenly aware of the dangers this fast-developing technology can bring,” said DBS group chief information officer Eugene Huang.
He described the MoU as “represent[ing] a significant step forward in safeguarding Singapore’s financial sector against looming cybersecurity risks associated with quantum, and underscores DBS’s own commitment to leveraging innovation to ensure that banking services remain safe, secure, and resilient.”
“In particular, by participating in the development of QKD use cases, we are not only enhancing our defences but also setting new standards for futureproofing our financial systems against bad actors seeking to exploit encryption technology,” Huang added.
SpeQtral co-founder and chief executive officer Lum Chune Yang said: “MAS’s initiatives on galvanising awareness and action within the financial services sector in preparation for the quantum-safe transition underscores the growing importance of this topic within the digital infrastructure spaces.”
RELATED ARTICLE Quantum-safe financial system viability ‘proven’ in experiment – a news story (6 June 2023) on findings of technical experimentation by the Bank for International Settlements (BIS) Innovation Hub’s Eurosystem centre (working with France and Germany’s central banks) – see below
Great ‘Leap’ forwards
The Switzerland-headquartered Bank for International Settlements (BIS) has been striving to prepare central banks and the global financial system for a transition to post-quantum cryptography through an initiative called ‘Project Leap’.
Technical experimentation by the BIS Innovation Hub’s Eurosystem centre, working with France and Germany’s central banks, led to the publication of a report – ‘Project Leap: Quantum-proofing the financial system’ – in June last year.
It is uncertain precisely when an operational quantum computer will be built that is powerful enough to break current cryptographic protocols, the report noted. Expert opinion is that ‘this likely to take place in the next 10–15 years’ but the ‘rapid pace of advances in the industry make prediction difficult: a new breakthrough that completely changes the outlook could happen at any time’, the 50-page report warned.
‘Already, malicious actors can intercept and store confidential, classically encrypted data with the intention of decrypting it later when quantum machines become powerful enough to do so. This means that data stored or transmitted today are, in fact, exposed to “harvest now, decrypt later” attacks by a future quantum computer,’ the report stated. ‘The long-term sensitivity of financial data means that the potential future existence of a quantum computer effectively renders today’s systems insecure.’
Nonetheless, the BIS-led experimentation concluded last year that financial data can be ‘quantum-proofed’. But it acknowledged that results had been achieved in a ‘test environment’ and more work would be needed to ‘explore complex real-life environments’.
