Update: This article has been edited to include information from Mike Silverman, FS-ISAC's chief strategy and innovation officer.
A financial services industry group focused on cybersecurity released a set of four white papers on Thursday outlining the impact that quantum computing will have on the payments ecosystem, and specific changes that the industry will need to make over the coming years to protect the ecosystem from these machines.
"While there's no deadline driving this transition, the need to upgrade systems in preparation for the eventuality of quantum computing is clear," Silverman told American Banker. "FS-ISAC recommends starting the migration to PQC now, as there are years of work ahead.
Quantum computers operate in a totally different paradigm compared to the classical computers that are familiar to everyone today. In lieu of bits and bytes, quantum computers have qubits. They can run certain calculations in seconds that would take a classical supercomputer thousands of years to complete.
At least, that is the theory. Quantum computers that exist today in labs at the likes of IBM, Google and Microsoft are largely experimental machines that cannot yet outperform classical computers in meaningful ways.
However, because of the huge theoretical benefits that scientists and researchers have proven quantum computers can have, global investments in the field have
One of the consequences of quantum computers excelling at particular types of math is that many encryption algorithms used to protect data today will become obsolete once quantum computers are powerful enough to break them. Researchers have published algorithms that a large enough quantum computer could run to quickly break encryption keys, whereas these keys are virtually impossible for classical computers to break.
A brief introduction to encryption
There are two major types of encryption: symmetric and asymmetric. In symmetric encryption, the key that is used to encrypt the data is the same key that is used to later decrypt it. In asymmetric encryption, one key — often the so-called public key — is used to encrypt the data, and another key — the private key — is used to decrypt it. As such, asymmetric encryption is also known as public-key encryption.
Academics have shown that quantum computers, once powerful enough, will be able to crack the asymmetric encryption algorithms that are commonly used today. These algorithms are RSA (an initialism for Rivest–Shamir–Adleman, the three inventors of the algorithm) and elliptic-curve cryptography.
However, certain symmetric encryption algorithms used today are effectively invulnerable to quantum computers. These are the Advanced Encryption Standard, or AES, algorithms, published by the National Institute of Standards and Technology, or NIST, in 2001.
Use cases that employ AES will remain safe for the foreseeable future, according to FS-ISAC and NIST. However, use cases that employ RSA or the like will need to transition to using quantum-proof encryption algorithms finalized by NIST, according to the FS-ISAC reports.
One such quantum-proof algorithm currently exists: the Module-Lattice-Based Key-Encapsulation Mechanism, or ML-KEM.
Researchers submitted an earlier version of ML-KEM to NIST in 2017, when the agency first started collecting submissions for its post-quantum cryptography project. At that time, it was known as Crystals-Kyber.
ML-KEM is the only public-key encryption algorithm that survived from a field of 49 that NIST considered — a credit to its robustness and overall security.
Replacing RSA with ML-KEM — or any other quantum-proof encryption algorithm that NIST finalizes over the coming years — will not be simple, and one of the clearest examples of the difficulties that will come with this transition come in the form of EMV chips.
How EMV chips will need to change
EMV chips are the computers inside modern debit and credit cards. A card with an EMV chip has a square, metallic contact patch that connects to the point of sale, or POS, to process a payment. The chip not only stores card information; it also runs encryption-related calculations using data from the POS and payment network to securely authenticate a payment.
EMV chips do not currently support keys or certificates related to ML-KEM, meaning that billions of cards currently in circulation do not fully support post-quantum cryptography.
Quantum computing is not the only security threat to the payments ecosystem. Many EMV chips store cryptographic information (keys and certificates) derived from an algorithm called Triple DES, or 3DES. Triple DES is an encryption standard developed by NIST and published in 1981, but in 2016, security researchers identified a major vulnerability in the encryption standard.
As such, NIST declared Triple DES to be deprecated in 2019 and recommended disallowing support by 2023. However, Triple DES is commonly used to encode certain information used by card networks to authenticate transactions, and there are some technical barriers to moving the industry forward.
"It is not clear if the current EMV standard is compatible with AES" because of the different amounts of data that Triple DES and AES use for encryption, reads one of the papers FS-ISAC published Thursday
"Even if this is resolved," the paper continues, "there will be challenges with implementation as chips must be made compatible while maintaining their tamper-resistance and provisioning systems" and hardware security modules on the chip would need to be able to support the new algorithm.
However, today, there is "no publicly available information regarding changing EMV," according to the FS-ISAC paper.
EMV chip problems are one of the many challenges
As detailed in the FS-ISAC papers, challenges with moving EMV chips to modern encryption standards are one of the many difficulties that the payments industry faces as the quantum computing threat looms.
Authorizing transactions with the magnetic stripes on cards requires the use of Triple DES. Because of this, as well as how easy it is for bad actors to simply copy these stripes, FS-ISAC's recommended mitigation is to simply retire the technology — something Mastercard for one is already doing.
Online card payments (also known as card-not-present payments) are also vulnerable. If an attacker obtained many three-digit CVV values (the numbers on the back of a card, used to authenticate online transactions), they could theoretically derive the keys that are used to generate these values, which could then lead to "the compromise of other cards and widespread fraud on many cards," according to the FS-ISAC papers.
Overall, the papers paint a clear picture that the payment card industry must respond to the quantum computing threat over the coming years by refining the standards in widespread use today, to protect card data and prevent quantum-enabled fraud in the future.
"Moving the cryptographic infrastructure from its current algorithms to crypto-resilient algorithms is a significant piece of work and will require the participation of multiple stakeholders across the card payment infrastructure," reads one of the FS-ISAC papers.
