金融体系的量子准备：路线图（英）

TheviewsexpressedarethoseoftheauthorsandnotnecessarilytheviewsoftheBIS.This publication is available on the BIS website (www.bis.org).©Bank for International Settlements 2025. All rights reserved. Brief excerpts may bereproduced or translated provided the source is stated.ISSN 1682-7651 (online)ISBN 978-92-9259-869-3 (online) BIS Paper No 158Quantum-readiness for the financial system: aroadmapRaphael Auer, Donna Dodson, Angela Dupont, Maryam Haghighi,Nicolas Margaine, Danica Marsden, Sarah McCarthy and Andras Valko1AbstractQuantum computers may in the future break today’s widely used encryption. Thispaper provides a framework to support the financial system in the transition toquantum-safe cryptographic infrastructures. It emphasises the need to start thetransition today – with broad awareness and cryptographic inventory as criticalfoundations. While post-quantum cryptography offers a viable near-term solution,implementationchallenges–including performance trade-offs and systemintegration – require coordinated planning. We caution against regarding this changeas simple algorithm replacement. Ensuring the continued security and resilience ofthe global financial system may involve cryptographic agility, defence in depth, hybridmodelsand phased migration.Quantum key distribution may hold long-termpotential, but several national security agencies note that it still faces infrastructurechallenges that limit its immediate applicability.Keywords:central banking,quantum computing,quantum-safe cryptography,quantum-readiness, cryptographic agility, financial stability, financial system, cybersecurity.JEL classification: C19, C63, C8, M15, G1, G17.1Raphael Auer and Andras Valko are with the Bank for International Settlements (BIS), MaryamHaghighi and Danica Marsden are with the Bank of Canada, Sarah McCarthy is with the University ofWaterloo and Donna Doodson is a former employee of the National Institute of Standards andTechnology. Angela Dupont is with the BIS and the Bank of France. Nicolas Margaine works at Bankof France. The views expressed are those of the authors and not necessarily those of the BIS, the Bankof Canada or the Bank of France. We thank Marc Farag, Jermy Prenio, Brian Ritchot, Pietro Tiberi andWilliam Zhang for valuable comments on earlier drafts. 1 21.IntroductionThe rapid advancement of quantum computing presents both opportunities and risksforthe financial sector(Auer et al(2024)).Quantum computers may offeropportunities for innovation as they can solve certain classes of problems better thanclassical computers. At the same time, they pose a significant threat to the globalfinancial system due to their expected ability to break some of the encryptionmethods that are widely used in today’s financial systems.Whilesmall-scale quantum computers exist today,the timeline for theappearance of a cryptographically relevant quantum computer (CRQC), ie a computercapableof compromising current public key cryptography,remains uncertain.However, if current trends continue, a CRQC may be realised as soon as in the nextdecade (Graph 1). Each year, the Global Risk Institute releases theQuantum threattimeline report, which synthesises the insights of leading experts on the current stateof quantum computing and the threat it poses for cyber security. The 2024 reportindicates that 27% of experts expect the emergence of a CRQC to take place within10 years and 50% expect it within the next 15 years.We note that the dangers posed by quantum computers are more imminent thantheir development horizon. Risks to data confidentiality, integrity and authenticationextend to data harvested today, intended to be decrypted later – a scenario termed“harvest now, decrypt later” (HNDL) (Auer et al (2024)). Given this uncertainty and thecomplexity involved in migrating cryptographic infrastructures, organisations musturgently initiate preparations today. Cyber incidents within the financial system canthreaten global stability, making cybersecurity a critical concern for central banks andfinancial institutions (CPMI-IOSCO (2016); Doerr et al (2022)).In view of these developments, this paper outlines a strategic and pragmaticapproach for public and private sector financial actors alike to transition towards2Global Risk Institute (2024) provides a range with a pessimistic interpretation and an optimisticinterpretation, indicating that between 19 and 34% of experts expect the emergence of a CRQC within10 years.Evolution of quantum computing capabilities over timeSource: authors’ elaboration based on companies’ communications. BIS Paper No 1582 BIS Paper No 1583quantum-safecryptographic environments.Specifically,we emphasise raisinginternal awareness, implementing robust governance structures and maintainingcomprehensive cryptographic inventories. Rather than simply replacing existingalgorithms, our recommended actions include employing defence in depth strategies,prioritising resilience, adopting cryptographic agility,3using hybrid