Will Quantum Computing be the doom of the Payment Industry?

By 09/10/2019 Blog

Will Quantum Computing be the doom of the Payment Industry?

Research in Quantum Computing has been going on for a number of years. When I was in university in the 90s this was a hot subject. In 1994, Peter Shor developed a Quantum algorithm for factoring integers. This scared the intelligence community and started the research in algorithms that didn’t rely on the industry standard for public key cryptography, RSA.

Nevertheless, RSA is still the most widespread Public Key Cryptography in use although recent years have seen a large growth in the use of Elliptic Curve Cryptography.

This can be seen in recent smartcards and specially in the IoT devices that need key sizes where RSA would be too slow due to constraints on computing power.

RSA is still the predominant Public Key Algorithm used in the Payment Industry and a true quantum computer would be clear disruptor of this algorithm and the security technology we use in the Payment Industry today.

In the recent weeks there has been a lot of talk about the Quantum Computing research that Google revealed. Google has been part of a hard battle with rivals such as Intel and IBM to develop Quantum Computers.

A brief paper was leaked from Google showing they had made a big step forward with their quantum computer research.

Google claims to have achieved what is known as “Quantum Supremacy” which means that a Quantum Computer outperforms a classical computer for a certain pre-defined calculation.

Does this mean that the Public Key Cryptography as we know it is unsecure?

Google performed a calculation in 200 seconds that would require 10.000 years for the biggest classical super computer currently known.

Although this is a huge advancement, it does not currently threaten Public Key Cryptography.

The experiment was specially crafted for the Google Quantum Computer and we are still years from having a practical Quantum Computer that can implement the Shor algorithm.

It is however a wake-up call for the Payment Industry in the sense that we should start looking at other options than the aging RSA algorithm.

PCI, the Payment Card Industry is looking into elliptic curves but even though these algorithms are faster than RSA, they can also be broken by the Shor algorithm on a Quantum Computer.

With the advancements in Quantum Computing, a new research area has risen. The field of “Post Quantum Cryptography”.

Practical public key algorithms exists today that can resist the powers of a Quantum Computer. This means that even though the Payment Industry isn’t broken yet by the Google quantum computer, we have a safe alternative if that happens.

NSA, the American National Security Agency that employs the largest number of mathematicians in the world is coming up with a new standard suite of Post Quantum Cryptographic algorithms that can resist the powers of a quantum computer.

These standards are estimated to be published in 2024.

Mads Rasmussen
Product Manager

Cryptera A/S