HSBC has achieved a milestone in the financial sector by successfully piloting quantum-secure technology for the buying and selling of tokenized physical gold. This development may revolutionize the protection of digital assets, and how financial operations respond against future quantum computing threats. The trial is an important step forward in the application of post-quantum cryptography (PQC) to secure distributed ledger technology (DLT), putting HSBC at the forefront of quantum cybersecurity in the financial services industry.
Quantum-Safe Technology for Tokenized Gold
HSBC first made headlines in the digital assets space by introducing tokenized physical gold to institutional investors in 2023. This service allowed clients to buy and trade fractions of physical gold using distributed ledger technology, offering a way to participate in the precious metals market. HSBC built on this foundation by expanding the offering to retail investors in Hong Kong, enabling them to purchase fractional ownership of gold through its HSBC Gold Token platform. In the latest pilot, HSBC partnered with Quantinum to test quantum-secure methods designed to protect these tokenized gold assets. The trial explored the application of Quantinuum’s Quantum Origin randomness technology and PQC algorithms, which are currently in the process of being standardized by the US National Institute of Standards and Technology (NIST). These algorithms are expected to provide strong security against future quantum computing threats.
The pilot demonstrated the interoperability of HSBC’s gold tokens across various distributed ledgers, including the capability to convert the tokens into ERC-20 fungible tokens. This feature enhances the distribution and integration of the tokens with other DLT platforms and digital wallets, making them more usable to global investors.
Quantum Computing Threats and Cybersecurity
Quantum computing is a field quickly advancing, bringing about risks to current cryptographic systems. Experts predict that within the next five to ten years, quantum computers will become powerful enough to break existing encryption algorithms, potentially exposing sensitive digital information. Known as “Q-Day,” this event would leave financial institutions, governments, and other sectors vulnerable to cyberattacks unless they transition to quantum-secure cryptography. The algorithms tested in HSBC’s pilot are part of an initiative by NIST to develop post-quantum cryptography standards. These standards aim to protect digital assets from potential future quantum attacks by providing strong encryption methods that can withstand the computational power of quantum machines.
Philip Intallura, Global Head of Quantum Technologies at HSBC, stated the importance of these advancements, explaining that the pilot successfully showed the feasibility of deploying quantum-safe technologies in a real-world business environment. This initiative is a continuation of HSBC’s efforts to future-proof its digital assets and financial services against emerging cybersecurity threats.
Quantum-Origin Technology and Post-Quantum Cryptography
Quantinuum’s Quantum Origin technology played a large role in the HSBC pilot. This technology generates true quantum randomness, which is necessary for creating secure cryptographic keys. Unlike classical random number generators, which rely on algorithms that could be deciphered by quantum computers, quantum randomness ensures that the keys are truly unpredictable and thus more resistant to hacking attempts. During the trial, HSBC also tested PQC algorithms, which are being standardized by NIST to protect systems from quantum computing attacks. These algorithms fall into two main categories: digital signatures and key encapsulation mechanisms (KEMs). Digital signatures authenticate data and verify the identity of the sender, while KEMs establish shared secret keys between two parties over public networks, enabling secure communication and data protection.
NIST’s involvement in this standardization process is positive for the entire industry. As noted by Dr. Lily Chen, Leader of NIST’s Cryptographic Technology Group, quantum computing brings both opportunities and risks in the space of cybersecurity. The new standards are designed to protect all types of devices, from smartphones to servers, ensuring that digital infrastructure remains secure as quantum technology develops.
The Need for Quantum-Secure Cryptography
Financial institutions, especially those handling large volumes of sensitive data, are among the first to recognize the need for quantum-secure cryptography. As quantum computing advances, the possibility of harvest now, decrypt later attacks becomes real. In these attacks, cybercriminals steal encrypted data with the intent of decrypting it once quantum computers become powerful enough. Richard Marty, Chief Technology Officer at LGT Financial Services, voiced his concern, stressing the importance of implementing quantum-secure solutions as soon as possible. The goal is to minimize the age of encrypted data when quantum attacks become feasible, thereby maintaining trust and security in financial markets. Dr. Ali El Kaafarani, CEO of PQShield, further described the adoption of quantum-secure cryptography as one of the largest cybersecurity transitions in history. He urged organizations across industries to modernize their cryptographic systems in line with the new NIST standards to ensure they are prepared for the quantum era.
As quantum computing continues to develop, the adoption of post-quantum cryptography will be necessary in protecting sensitive data and maintaining the safety of digital systems. Organizations are urged to begin transitioning to quantum-secure solutions now, as waiting until “Q-Day” could leave them vulnerable to the latest cyber threats.
Photo credits: AD, AdobeStock