In theory, quantum computers will be able to break encryption protection, at least for the smallest keys. Quantum also has potential for finance, for example in portfolio management.
Use and protection, two fields of investigation for the Banque de France. On the second, the central bank is participating in the Leap project, alongside the BIS Innovation Hub and its German counterpart, the Deutsche Bundesbank.
A security channel between the German cloud and the French on-premise
The objective of Leap is to respond to the problem posed by quantum computing in the field of finance. “The quantum threat is one of the most significant cybersecurity issues facing the financial system today,” the players recall.
Indeed, “it could expose all financial transactions and much of our stored financial data to attack. » How to anticipate this risk and protect the confidentiality of this sensitive information?
This is the purpose of Leap, which is to update and replace the security algorithms on which the financial system depends critically. In this context, the three banking players conducted an experiment around a “secure communication channel. »
Through this channel, in this case a VPN tunnel qualified as “quantum resistant”, the two European central banks exchanged test payment messages between servers located in Paris and Frankfurt.
Chain of Trust for Central Banking Applications
This experiment is presented as a success, the channel developed making it possible, in theory however, to secure critical financial data. The partners see this channel as creating a “complete chain of trust for central bank applications in the post-quantum world.” »
“This solution helps protect highly sensitive communications that may potentially be intercepted now from being decrypted later,” Leap craftsmen insist. To achieve this, the approach is to create a quantum-safe environment.
This requires the implementation of a hybrid encryption strategy, that is to say combining a traditional public key algorithm and a quantum-resistant algorithm. The experiment carried out applied this policy for exchanges between a public cloud and an on-premise infrastructure.
Significant impacts on performance
The virtual private network used for the exchanges is not a classic VPN. This was configured using a modified version of an IPsec-based VPN solution, strongSwan. Leap also uses a library of post-quantum algorithms
The experiment aimed to test several combinations of algorithms and to measure their performance, particularly in terms of latency. Leap also helped find answers in terms of flexibility. This issue is critical.
“Today, a significant number of information systems suffer from a lack of cryptographic agility because these systems are not designed to be easily replaced. The choice of strongSwan is justified by this problem.
Leap therefore establishes the feasibility of implementing post-quantum solutions. However, VPN has a downside with a significant impact on performance. As a result, some applications, such as instant payment, will require a trade-off between security and performance.