HSBC banks on quantum to lock down comms network

British-based bank HSBC is to test a pilot quantum-secured metro network in London, in the hopes of preparing for potential security threats in the future. Meanwhile, Vodafone is looking to protect users of its phone network against a potential quantum threat to encryption codes.

HSBC said it intends to use a quantum-secured metro network to evaluate secure transmission of data across standard fiber-optic cables between its global headquarters at Canary Wharf in London's Docklands, and a datacenter 62km (38 miles) away in the county of Berkshire.

According to the bank, it will make use of the network for carrying financial transactions and secure video communications, as well as for one-time-pad encryption, and will be testing the network's use in edge computing by connecting an AWS Snowball Edge device.

The network in question was announced last year by BT and uses quantum key distribution (QKD) over standard 10Gbps fiber-optic connections to secure end-to-end transmissions. The QKD hardware and the key management systems are provided by Toshiba, and the whole system is a three-year commercial trial to gauge the viability of a quantum-secured metro network.

BT has already had accounting firm EY testing out the network to link two of its sites in London, one at Canary Wharf and one other near London Bridge.

QKD is a method of securely distributing encryption keys by encoding the information into the quantum states of individual photons. Once this is accomplished, information can be exchanged normally using the keys to encrypt transmissions. The tricky part is building the network so the QKD can use the same optical fibers as the data traffic rather than needing dedicated lines.

HSBC said its exploration of quantum-secure communications is intended to glean crucial evidence into the effectiveness of the technology and drive the development of future applications for financial security.

"Our customers, clients and employees expect us to have safe and secure operations and resilient cybersecurity, so we must stay ahead of the curve," Colin Bell, CEO of HSBC Bank and HSBC Europe, said in a statement.

HSBC is recruiting highly trained experts, while running the trials, and investing in strategic partnerships to explore how to deploy these technologies as they develop, he added.

The bank said it processed 4.5 billion payments for customers last year, worth an estimated £3.5 trillion, and those transactions rely on encryption to protect customers from potential fraud or theft.

Quantum-safe VPN, anyone?

Meanwhile, Vodafone is more worried about the potential of quantum systems to be able to break encryption codes and is testing out a quantum-safe virtual private network (VPN) for smartphones.

The telecom giant said it has joined forces with SandboxAQ, a startup spun off from Google's parent company Alphabet last year, to carry out proof-of-concept testing for a quantum-safe VPN using standard smartphones.

Vodafone said the VPN had been adapted to use encryption codes developed by the US National Institute of Standards and Technology (NIST), known as post-quantum cryptography (PQC) algorithms, which are supposed to be resistant to cracking by quantum methods.

• Intel sprinkles 12-qubit quantum test chips into the hands of researchers
• IBM asks UChicago, UTokyo for help building a 100K qubit quantum supercomputer
• A lone Nvidia GPU speeds past the physics-straining might of a quantum computer – in these apps at least
• You don't have to wait for quantum computing to prepare for it

We trust that Vodafone and SandboxAQ are not using the NIST algorithm that was cracked in an hour by security researchers last year.

According to Vodafone's Head of Research and Development, Luke Ibbetson, the company is worried about so-called "Store Now, Decrypt Later" attacks, where malicious actors may harvest encrypted sensitive communications hoping to decode it using quantum systems in the future.

"Although cryptographically relevant quantum computers may remain some years off, the threat posed by quantum-empowered attackers is already here today," Ibbetson claimed.

Vodafone said it has been testing multiple PQC algorithms with an eye to how they may impact performance during activities such as web browsing, chat app use, video and audio streaming, and mobile gaming. It reports that a hybrid cryptographic approach using classical and "best-fit" PQC algorithms had minimal impact on the quality of service, while still providing post-quantum security.

The telco acknowledged that a transition to PQC will take time and resources, but said it is important to start acting now. Vodafone said it will continue to test new solutions and combine its work with broader industry groups to address the need for global standards to protect data. ®