JPMorgan Chase readies for post-quantum security world
Expanding the reach of quantum communications, QKD. Literally
These days it seems every major company is outlining a quantum strategy, even if those plans are nebulous at best. However, in areas like financial services, especially at global banks like JPMorgan Chase, getting a handle on both quantum computing and quantum security are top priorities.
It all boils down to the next generation of secure transactions. As the reliability and capability of quantum computers expands those systems are more prepared to crack traditional modes of securing encrypted data. The best defense in this post-quantum security world are quantum communications and specifically, quantum key distribution (QKD).
Think of quantum communications as two parties agreeing on the same key using photonic-based quantum technology. Those parties agree on a key by measuring particles as they lose fidelity. As the distance increases between the two servers and particles break it becomes impractical to get them to agree on the same key, so getting distances ever-longer is one of the most pressing challenges when it comes to post-quantum security.
Spearheading this effort is Marco Pistoia, distinguished engineer and head of the Future Lab for Applied Research and Engineering (FLARE) at JPMorgan Chase. Pistoia jumped to the bank after a 24-year career at IBM Research where he focused on security.
He spent the early decades of his career working on static program analysis for security (analyzing programs without executing them, something that sounds easy but is exponentially complex and takes quantum-class resources to do for practical use). He then moved into quantum algorithms and noticed that JPMorgan Chase was leading the way in future quantum security.
As Pistoia tells The Register, “This is technology that is solid and provably secure,” but we are several years from seeing the impact in terms of security even in the most forward-looking banking environments. “With quantum key distribution (QKD), maybe it will be a hybrid solution with post-quantum cryptography and QKD but the impact of this combination will be very reliable, secure networks we can use confidently, especially in financial institutions where we run very delicate transactions.”
JPMorgan Chase is watching quantum computing for the emerging threat quantum hacks present but for the real work, it’s all about long-distance QKD.
“When it comes to security, the QKD boxes that generate keys from different parties are already available, so in our experiments that’s what we used to get the 100km distance. Two parties still have to be relatively close to each other, which is good for metro areas but we need much longer distance QKD for it to be operational and have an impact,” Pistoia tells us.
On that point that this is all future-focused, one of the non-technical (in terms of qubits or algorithms) to arriving at post-quantum security is the National Institute of Standards and Technology (NIST). JPMorgan Chase is waiting on (and working with) NIST to provide recommendations about the algorithms that should be used. “But this is time that should be used in an intelligent way,” Pistoia explains.
“We need to start to identify where the vulnerable parts of a network are in company infrastructure and those should be captured in a database so when recommendations from NIST are ready we know exactly what need to address in hardware, software, and most challenging, in third party components.”
- IBM forges entanglement to double quantum simulations by 'cutting up a larger circuit into smaller circuits'
- D-Wave to go public after $1.2 billion merger deal with SPAC
- Quantum computing to grow by 50 per cent per year until 2027, when revenue will still be chump change
- Baidu's AI predictions for 2022: Autonomous driving! Quantum computing! Space! Human-machine symbiosis!
Under the leadership of JPMorgan Chase’s Future Lab for Applied Research and Engineering (FLARE) and Global Network Infrastructure teams, researchers from all three organizations collaborated to achieve the following notable results:
• A QKD channel was multiplexed on the same fiber as ultra-high bandwidth 800 Gbps optical channels for the first time and used to provide keys for encryption of the data stream
• Co-existence of the quantum channel with two 800 Gbps and eight 100 Gbps channels was demonstrated for a 70km fiber, with a key rate sufficient to support up to 258 AES-256 encrypted channels at a key refresh rate of 1 key/sec.
• Operation of QKD and the ten high-bandwidth channels was demonstrated for distances up to 100km.
• The proof of concept network infrastructure relied on Toshiba’s Multiplexed QKD System, manufactured by Toshiba Europe at their Cambridge UK base, and Ciena’s Waveserver 5 platform, equipped with 800Gbps optical-layer encryption and open APIs running over Ciena’s 6500 photonic solution. The tests were conducted in JPMorgan Chase’s fiber optic production simulation lab. On the research block now are technologies that sound familiar from the good old Wi-Fi days: repeaters, for instance or more future-focused, trusted nodes. In short, there’s still a long way to go.
Luckily, for at least the next couple of years, there’s time. But mounting qubit counts and reliability along with quantum algorithm advances could push us into the world of post-quantum security before we’re ready. It’s better to be first to security than first to found out the old ways don’t work without notice.
“What we’ll see in the next couple of years is more companies will start to look closer at post-quantum cryptography and quantum key distribution. This seems to be the strategy for the future. To protect the confidentiality and integrity of data, it’s good to start migrating now, even if quantum computing is years away. It’s important to be proactive about this,” he adds. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust