Project Leap addresses the threat that future quantum computers represent to financial stability, and helps prepare central banks and the global financial system for a transition to post-quantum cryptography.
Project Leap was launched by the BIS Innovation Hub’s Eurosystem Centre together with the Bank of France and Deutsche Bundesbank, the project partners within the Eurosystem, to prepare central banks and the global financial system for a transition towards quantum-resistant encryption.
Why quantum computers represent a cyber threat to financial data
Quantum computers, should they reach sufficient size and power, may be able to break the encryption schemes widely used today to ensure secure financial transactions and data. This makes quantum computing one of the most important cybersecurity threats facing the financial system, potentially exposing all financial transactions and much of our existing stored financial data to attack.
While it is still unclear when quantum computing technology might be adopted on a large scale, its potential as a cyber threat to the financial system is already a matter of concern. Malicious actors can intercept and store confidential, classically encrypted data with the intention of decrypting it later when quantum computers become powerful enough to do so. This means that data stored or transmitted today are, in fact, exposed to “harvest now, decrypt later” attacks by a future quantum computer.
Recognising these potential risks to its systems and data, the financial sector needs to pre-emptively implement robust quantum communication and data protection technologies. Given the long-term sensitivity of financial data and the complexity of central bank IT systems, a transition phase should be initiated well in advance so that quantum-resistant encryption schemes can be implemented.
Preparing for the cyber threat of quantum computers
The first phase of project Leap tested the implementation of post-quantum cryptographic protocols between two central banks with the aim of advancing the central banking community’s knowledge of post-quantum cryptography.
To achieve this goal, one traditional public key algorithm was implemented alongside several quantum-resistant algorithms in a hybrid cyphering mode, with the aim of maintaining the confidentiality of messages sent across two distanced IT systems. The quantum-resistant communication channel was first tested with payment messages transmitted between the Bank of France and the Deutsche Bundesbank. The objective was to test how existing products and processes perform using quantum-resistant technology.
To foster a broader understanding of post-quantum cryptography, the first phase of Project Leap explored solutions that embody the notion of cryptographic agility and it demonstrated that applying new quantum-resistant schemes is possible. Central banks will need to allow for a transition phase in their cyber security roadmaps, so that they are prepared once the final standards are published.
Retrieved from : https://www.bis.org/about/bisih/topics/cyber_security/leap.htm