The World Economic Forum (WEF) recently issued a stark warning concerning the potential vulnerability of central bank digital currencies (CBDCs) to decryption attacks from quantum computer systems.
Quantum computers are largely still in the experimental phase. Various proof-of-concepts exist, and a handful of laboratories claim to have solved bespoke problems with quantum systems that traditional, binary computers couldn’t solve within a reasonable amount of time.
But for the most part, there’s still a bit of time between now and “Q-Day,” the hypothetical point at which bad actors will have the ability to crack standard encryption with quantum computers.
While threats to encryption would ostensibly affect every industry, the digital assets sector faces one of the largest reckonings. This outsized threat has the potential to “break” CBDCs, according to the WEF.
Citing this danger, the WEF wrote in a May 21 blog post that “central banks must embed cryptographic agility into CBDC systems to defend against quantum cyberattacks targeting payment infrastructure.”
Per the blog post:
“More than 98% of the global economy’s central banks are exploring CBDCs … In parallel, the private sector is pursuing scalable quantum computers that can operate at scale to create $1.3 trillion in value by 2025.”
It bears mention that there’s no consensus among physicists as to when quantum computers will progress to the point where their power, utility, and availability make them a threat to current encryption methods. Predictions range from a few years from now to decades.
Related: Ripple publishes math prof’s warning: ‘Public-key cryptosystems should be replaced’
To that end, the WEF identified three specific threats to CBDCs that could be posed by quantum computing.
Firstly, according to the WEF quantum computers could be used to break “in motion encryption” thus allowing bad actors to intercept transactions as they occur.
The blog post also cites identity impersonation as a threat vector, we assume they mean using quantum systems to break encryption protecting identity verification systems so that spoofed identity assets can be inserted.
Finally, the WEF identified the most commonly cited threat posed by quantum computers: “harvest now, decrypt later.” Much like it sounds, in this attack vector bad actors steal encrypted data and store it for decryption by a future quantum system later.
Under this paradigm, victims could be unaware that their data has been stolen for years or even decades before the threat materializes.
In order to mitigate or eliminate these threats, the WEF recommends that CBDCs be built with quantum-proof protections at their core through a methodology called “cryptographic agility”.
According to the WEF:
“Cryptographic agility is a capability that provides the ability to orchestrate and rotate cryptographic algorithms based on real-time threats easily and to thwart evolving attack techniques.