Safeguarding central bank digital currency systems in the post-quantum computing age

Quantum computing is a disruptive force that will revolutionize data-intensive tasks across sectors. Yet, it poses a unique cybersecurity threat as it could be used to break current data encryption schemes.

As industry players modernize financial markets, an emphasis must be placed on building quantum-resistant financial systems in the era of central bank digital currencies (CBDCs).

More than 98% of the global economy’s central banks are exploring CBDCs to improve cross-border payment efficiency, enhance financial inclusion, and preserve the role of central bank money in the next generation of financial markets.

In parallel, the private sector is pursuing scalable quantum computers that can operate at scale to create $1.3 trillion in value by 2025.

Quantum computers employ quantum bits (qubits) that can exist in a multidimensional state (i.e., can be a 0, 1, or any part of 0 and 1) to solve complex problems like optimizing financial portfolios or discovering new drugs better than classical supercomputers.

Yet, bad actors can also wield this novel technology to break some public key encryption mechanisms of our most critical systems.

CBDC systems rely on cryptographic mechanisms to safeguard “in-motion” data being transmitted, like many systems, such as sensitive customer, transaction, and market data. Thus, CBDC and other national payment systems, such as RTGS systems, are vulnerable to the quantum threat.

The interconnected nature of these systems with platforms like settlement and clearing systems underscores the importance of mitigating attacks to prevent financial contagion.

There is growing consensus that CBDC systems are poised to modernize cross-border payments, which can involve certain data-sharing activities across jurisdictions and between institutions. As such, distributed ledger technology (DLT) is often experimented with as the infrastructure for CBDC systems, with examples including mBridge, Icebreaker and Mariana.

A bad actor could use quantum computers to intercept a CBDC system’s networked communication to impersonate individuals and steal financial assets. Broadly, there are three types of quantum attack methods:

The implications of such incidents are not to be underestimated. A 2021 study by the Hudson Institute demonstrated that a theoretical quantum attack on the US real-time gross settlement (RTGS) system (“Fedwire Funds Service”) could result in a 10-17% decline in real GDP following the attack, which could then trigger a six-month recession and trillions in indirect losses.

Quantum computers are deemed a threat to CBDC systems because they can break in-motion encryption standards, such as RSA and elliptic-curve cryptography (ECC), which are universally used in financial systems.

While not yet widely practicable, experts predict there will be around 5,000 operational quantum computers by 2030. With the emergence of quantum computing, it is ever-more important to understand how to defend our critical infrastructure against such attacks.

Cryptographic agility is a capability that provides the ability to orchestrate and rotate cryptographic algorithms based on real-time threats easily and to thwart evolving attack techniques.

For example, current asymmetric encryptions like RSA and ECC must be augmented with NIST-candidate lattice-based algorithms like Module-Lattice-Based Encapsulation-Method (ML-KEM/Kyber), Module-Lattice-Based Digital Signature Algorithm (ML-DSA/Dilithium), or Stateless Hash-Based Digital Signature Algorithms (SLH-DSA/SPHINCS+).

Other examples of the mechanisms that are expected to be implemented this year are:

Implementing KEM and DSA across CBDC systems’ four layers – network, application, data flow and code – will be paramount to prevent network interception, identity impersonation and harvest now, decrypt later.

Central banks and financial institutions should therefore embrace quantum-resistant strategies when designing and building CBDC systems, including:

While potenitally valuable in other ways, DLT does not add cryptographic agility benefits to defend against a quantum attack compared to conventional systems because protection is needed at all four layers, not just at the application level where smart contracts exist.

However, emerging evidence indicates DLT could greatly benefit CBOMs for multiple parties as it facilitates a trustlessly validated inventory of encryptions.

International efforts are under way to uncover approaches for safeguarding the next generation of national payment systems, including CBDCs.

The World Economic Forum has formed the Quantum Economy Network that recently developed guidance for the Financial Sector on Informing Global Regulatory Approaches, given the key role of regulators to trigger industry action.

The Bank for International Settlements (BIS) has published the results of the first phase of Project Leap, advancing quantum-safe cryptography research for financial systems. Meanwhile, Project Tourbillon is another BIS initiative exploring the replacement of RSA encryption methods with quantum-safe, lattice-based schemes in the CBDC context.

A notable private sector effort is the Quantum Security Maturity Index, originated by Accenture and other companies, to speed up and improve the security of the civilized world by defending against this fast-growing threat to cryptography.

As central banks pursue CBDCs, cryptographic agility must be at the core of the approach to safeguard financial infrastructure from quantum cyber-attacks.

Without this, CBDC systems and critical infrastructure could be exposed and result in significant economic damages. Deep public and private sector collaboration on instituting cyber-resilience beyond an organization’s four walls will be key to successfully deterring the quantum threat.