Back to top
How would quantum security breaches affect commerce?
Blockchains and cryptocurrencies
Cybersecurity risk
Quantum computers represent a giant step forward in processing power. While they won’t replace classic computers, they have the power to solve certain problems that are too large or complex for the computers we use today to tackle — particularly problems with a massive number of possible solutions.
To read more about the technologies transforming our world, sign up for Mastercard Signals.
Sign up for Mastercard Signals
Read more about Mastercard's activity in this space
Produced by Mastercard Foundry
View sources
Hide sources
1. https://www.globenewswire.com/news-release/2020/04/06/2011932/0/en/Worldwide-Quantum-Computing-Market-2019-to-2030-Drivers-Restraints-and-Opportunities.html
2. https://ibm-research.medium.com/exxonmobil-ibm-scientists-explore-state-of-art-quantum-algorithms-to-solve-routing-formulations-e7ce39f8741c
3. https://www.qutube.nl/quantum-algorithms/shors-algorithm
3.1 https://www.brinknews.com/quantum-computing-will-breach-your-data-security/
4. https://newsroom.ibm.com/2022-11-09-IBM-Unveils-400-Qubit-Plus-Quantum-Processor-and-Next-Generation-IBM-Quantum-System-Two
5. https://www.cfr.org/backgrounder/cryptocurrencies-digital-dollars-and-future-money0
6. https://www.cnn.com/2022/04/14/politics/fbi-north-korea-hackers-crypto/index.html
7. https://csrc.nist.gov/projects/post-quantum-cryptography
8. https://www.congress.gov/bill/117th-congress/house-bill/7535
9.https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022
10. https://www.wired.com/story/new-attack-sike-post-quantum-computing-encryption-algorithm/
11. https://physicsworld.com/a/quantum-cryptography-network-spans-4600-km-in-china/
12. https://www.mastercard.com/news/perspectives/2021/taking-a-quantum-leap-into-the-future-of-financial-services/
13. https://www.mastercard.com/news/press/2022/october/mastercard-and-partners-deliver-first-contactless-cards-for-quantum-world/
Despite the exciting possibilities, quantum computers have a dark side: the potential to be used as weapons against the world’s information security infrastructure.
An algorithm developed in the 1990s showed that a powerful quantum computer will easily break traditional public key cryptography (PKC) — which is used to secure all web traffic and the transmission of financial data worldwide.
For example, consider RSA, a public key encryption algorithm widely used today. It has been estimated that a quantum computer with 20 million qubits (the quantum equivalent of bits in a classical computer) will be able to defeat RSA encryption in eight hours.
This won’t happen overnight. The most powerful quantum processor today is IBM’s Osprey, which has 433-qubits — a far cry from the necessary 20 million. However, at the rate quantum devices are improving, there will likely be devices with tens of millions of qubits within 10-12 years.
Harvest now, decrypt later
Global response to the looming threat
Mastercard is committed to ensuring the protection of its stakeholders in a post-quantum world.
As part of a $13-million research initiative based in Ireland, for example, Mastercard is working with IBM, the Tyndall National Institute, University College Dublin, and others to accelerate quantum computing research in financial services.
In October 2022 Mastercard announced the approval of the first credit cards for issuers that are compatible with the new EMVCo® contactless specifications designed to protect against attacks from both traditional and quantum computers.
Mastercard’s Commitment
A U.S. Bank study found that poor cash flow management is behind 82% of business failures.
82%
Data Perspective
of treasury teams seek visibility into their cash positions at least daily (Strategic Treasurer, 2021).
92%
Data Perspective
Companies rely on PKC to secure transactions, safeguard communications, and perform authentication processes — but PKC will be vulnerable to attack following the advent of quantum computing. This threatens business systems by allowing attackers to position themselves between the user and the system where they can intercept or alter data (known as a man-in-the-middle attack.) Even controls such as VPN connections that remote workers rely on to connect securely to corporate environments could be exposed, allowing access to sensitive internal resources.
Large-scale quantum computers pose security threats beyond the decryption of sensitive data. Most prominent blockchains enforce security with digital signatures that rely on the same underlying algorithms as public key infrastructure (PKI) —leaving them susceptible to attacks from future quantum computers. This includes digital currencies on blockchain, which were valued at more than $1T globally in early 2023.
Quantum key distribution
PQC is the quest for cryptographic algorithms that will address the threat from large-scale quantum computers, and quantum key distribution (QKD) technology aims to use quantum technology itself to protect potentially insecure communications channels.
Today, this process is typically accomplished by public-key cryptography which, as noted above, will be susceptible to quantum attacks in the future. QKD, on the other hand, offers a potential solution by distributing symmetric keys over quantum communications channels.
Experiments in QKD are active and ongoing as the technology supporting quantum communications continues to improve. Some companies are developing satellite-based systems to enable QKD at scale while others are exploring QKD approaches using ground-based photonic optical fiber. So far, these systems tend to have limited range and bandwidth. Similar to quantum computing, they are not yet ready for large-scale, commercial adoption.
Meanwhile, nations and regional blocs are supporting quantum communications research and development. China, for example, has developed a 4,600-kilometer QKD network that uses both fiber optics and satellites to link Beijing, Shanghai, Hefei and Jinan.
Preparing for future quantum attacks
We know that sufficiently powerful quantum computers will pose a major threat to existing cryptographic security systems. It’s unclear when that might be, but reasonable estimates suggest we’ll see such devices within 10 to 15 years.
In parallel with the development of powerful quantum computers, we’re seeing the emergence of PQC and QKD technologies to help mitigate these threats. It is essential for organizations to prepare for this quantum future to ensure they can rapidly adopt and deploy effective security schemes as they become available at scale.
This will require more than a quick patch or platform upgrade. Vast numbers of systems and organizations will be impacted, solutions will be rolled out incrementally, PQC algorithms are relatively new and untested at scale, and the cost of implementing PQC and QKD systems at scale are unknown.
IBM, Google, D-Wave and other companies are in a race to develop to develop practical quantum computers. Large-scale commercial applications are expected by the late 2020s or early 2030s.
Optimization
Simulation
Machine learning
energy distribution, marketing offers
genomic analysis, trading strategies, climate change modelling
molecular interactions, materials research
Create an inventory of existing cryptography used in source code, on networks, and in databases.
Prioritize the development of quantum skills.
IBM and MobilExxon explored the use of quantum algorithms to solve the ultimate supply chain riddle: What are the most efficient routes for 50,000 ships that move $14 trillion in goods — up to 200,000 containers per ship — to countless destinations for thousands of companies
each year?
This technology is poised to create breakthroughs across industries — finance, healthcare, energy, logistics and more — with use
cases targeting:
1
2
3
4
8
9
10
11
12
Quantum computing won’t be available for several years, but the threat is real today because of activities referred to as “harvest now, decrypt later.”
Researchers suspect that sensitive data protected with PKC is being stolen or “harvested” today by criminals, including nation-state actors, who intend to store it until quantum computing advances enough to decrypt it. This
tactic won’t impact data with a short shelf life, such as temporary credentials, banking and credit card information, or corporate earnings. However, certain data types — including trade secrets, biometrics, healthcare records and classified intelligence — are relevant for decades or lifetimes, making them prime targets for this type of criminal activity.
As a result, organizations don’t have the luxury of waiting for mainstream adoption in the next decade to address quantum security risks.
Governments have been working for years to get ahead of the threat. The US National Institute of Standards and Technology (NIST) and similar bodies around the world are developing new forms of cryptography — dubbed post-quantum cryptography (PQC) — to protect critical digital infrastructure. Officials are calling for key government systems to adopt PQC — a collective term for new public-key encryption approaches that are resistant to quantum computers —well before large-scale quantum computers are available.
NIST in the US and equivalent agencies in other countries are spearheading the process of evaluating and selecting PQC algorithms that are expected to be quantum resistant. In August 2022, NIST published the outcome of its program, which started in 2017. In that publication, the agency identified four promising algorithms. One of these is an encryption algorithm and the other three address digital signature security.
Given the level of effort and complexity involved in evaluating the suitability of new cryptographic algorithms, many large organizations are closely following the NIST standards and expect to use them in their own approaches to PQC.
While the NIST process has been thorough and robust, there is concern it produced only a single candidate to potentially replace RSA. In August 2022, security researchers using commodity hardware available today cracked another candidate, the SIKE algorithm, that had made it to the latter stages of the NIST process. This indicates the security of such algorithms is still being established and proven.
6
7
PKC
Public key cryptography is widely used for information security today — and it could be susceptible to quantum computers in a decade.
RSA
A public key encryption algorithm used to protect sensitive data. Its acronym comes from the names of the researchers who developed it: Ron Rivest, Adi Shamir and Leonard Adleman.
PKI
Public key infrastructure consists of the policies, procedures and technologies used to manage public key encryption.
PQC
Governments today are working to develop post-quantum cryptography that will mitigate the future quantum security threat.
QKD
Quantum key distribution technology uses quantum technology itself to securely send keys over quantum communications channels.
0.1
0.3
0.5
0.7
Identify and engage partners and vendors.
Employ agility in critical systems to be ready to deploy fixes as they become available.
0.2
Assess vulnerabilities and risks by determining which systems, networks, and devices rely on PKI today.
0.4
Monitor efforts to develop solutions and understand what will be required to deploy PQC.
0.6
Design multi-year roadmaps that roll up into the enterprise technology strategic plan.
Specific steps organizations can take today include the following:
Identify and engage partners and vendors.
$65b
The quantum computing market is projected to grow from $500M in 2019 to $65B in 2030, a CAGR of 56%.
>$1t
global value of digital currencies on blockchain in early 2023
This includes digital currencies on blockchain, which were valued at more than $1T globally in early 2023.
4
$600m
FBI says North Korean hackers stole more than $600 million in cryptocurrency in single hack
In addition, public blockchains including Bitcoin and Ethereum make their data available by design, so criminals with access to a sufficiently powerful quantum computer could access and re-write any part of the blockchain, inserting or deleting transactions to their benefit.
Organizations in the financial sector must assess quantum security threats when they develop cryptocurrency and other blockchain-related that rely on PKC. Without quantum-safe encryption, trust in blockchain technologies and transactions will be lost.
5
1
within the next 20 years, sufficiently large quantum computers will be able to break essentially all public-key schemes currently in use
PKC
RSA
PKI
PQC
QKD
cybersecurity terms
Public key cryptography is widely used for information security today — and it could be susceptible to quantum computers in a decade.
PKC
RSA
A public key encryption algorithm used to protect sensitive data. Its acronym comes from the names of the researchers who developed it: Ron Rivest, Adi Shamir and Leonard Adleman.
Public key infrastructure consists of the policies, procedures and technologies used to manage public key encryption.
PKI
QKD
Quantum key distribution technology uses quantum technology itself to securely send keys over quantum communications channels.
(click on each for more detail)
Spatial audio
Spatial audio makes immersive experiences more natural by replicating the way sounds behave in real life — where they originate from specific locations in a 360-degree sphere. With spatial audio, users can differentiate each sound based on its distance, volume and direction. Turn your head and sounds shift just as they do in a real three-dimensional space.
PQC
Governments today are working to develop post-quantum cryptography that will mitigate the future quantum security threat.
3.1
Security in the quantum age
Next-gen processing power comes with great promise - and unprecedented cyber risk
Signals
