金融体系的量子准备：路线图

Quantum-readiness for thefinancial system: a roadmap byRaphael Auer,Donna Dodson,Angela Dupont,Maryam Haghighi, Nicolas Margaine, Danica Marsden,Sarah McCarthy and Andras Valko Monetary and Economic Department July 2025 JEL classification: C19, C63, C8, M15, G1, G17. Keywords: central banking, quantum computing,quantum-safe cryptography, quantum-readiness,cryptographic agility, financial stability, financialsystem, cyber security. TheviewsexpressedarethoseoftheauthorsandnotnecessarilytheviewsoftheBIS. This publication is available on the BIS website (www.bis.org). ©Bank for International Settlements 2025. All rights reserved. Brief excerpts may bereproduced or translated provided the source is stated. Quantum-readiness for the financial system: aroadmap Raphael Auer, Donna Dodson, Angela Dupont, Maryam Haghighi,Nicolas Margaine, Danica Marsden, Sarah McCarthy and Andras Valko1 Abstract Quantum computers may in the future break today’s widely used encryption. Thispaper provides a framework to support the financial system in the transition toquantum-safe cryptographic infrastructures. It emphasises the need to start thetransition today – with broad awareness and cryptographic inventory as criticalfoundations. While post-quantum cryptography offers a viable near-term solution,implementationchallenges–including performance trade-offs and systemintegration – require coordinated planning. We caution against regarding this changeas simple algorithm replacement. Ensuring the continued security and resilience ofthe global financial system may involve cryptographic agility, defence in depth, hybridmodelsand phased migration.Quantum key distribution may hold long-termpotential, but several national security agencies note that it still faces infrastructurechallenges that limit its immediate applicability. Keywords:central banking,quantum computing,quantum-safe cryptography,quantum-readiness, cryptographic agility, financial stability, financial system, cybersecurity. JEL classification: C19, C63, C8, M15, G1, G17. 1.Introduction The rapid advancement of quantum computing presents both opportunities and risksforthe financial sector(Auer et al(2024)).Quantum computers may offeropportunities for innovation as they can solve certain classes of problems better thanclassical computers. At the same time, they pose a significant threat to the globalfinancial system due to their expected ability to break some of the encryptionmethods that are widely used in today’s financial systems. Whilesmall-scale quantum computers exist today,the timeline for theappearance of a cryptographically relevant quantum computer (CRQC), ie a computercapableof compromising current public key cryptography,remains uncertain.However, if current trends continue, a CRQC may be realised as soon as in the nextdecade (Graph 1). Each year, the Global Risk Institute releases theQuantum threattimeline report, which synthesises the insights of leading experts on the current stateof quantum computing and the threat it poses for cyber security. The 2024 reportindicates that 27% of experts expect the emergence of a CRQC to take place within10 years and 50% expect it within the next 15 years.2 We note that the dangers posed by quantum computers are more imminent thantheir development horizon. Risks to data confidentiality, integrity and authenticationextend to data harvested today, intended to be decrypted later – a scenario termed“harvest now, decrypt later” (HNDL) (Auer et al (2024)). Given this uncertainty and thecomplexity involved in migrating cryptographic infrastructures, organisations musturgently initiate preparations today. Cyber incidents within the financial system canthreaten global stability, making cybersecurity a critical concern for central banks andfinancial institutions (CPMI-IOSCO (2016); Doerr et al (2022)). In view of these developments, this paper outlines a strategic and pragmaticapproach for public and private sector financial actors alike to transition towards quantum-safecryptographic environments.Specifically,we emphasise raisinginternal awareness, implementing robust governance structures and maintainingcomprehensive cryptographic inventories. Rather than simply replacing existingalgorithms, our recommended actions include employing defence in depth strategies,prioritising resilience, adopting cryptographic agility,3using hybrid cryptographicschemes and implementing phased migration plans. Notably, initiatives such as theBIS Innovation Hub’s Project Leap – the first phase of which was conducted jointlywith the Bank of France and Deutsche Bundesbank – demonstrate the feasibility andurgency of quantum-safe preparations through practical experimentation with post-quantum cryptographic solutions (BIS (2023)).4 The remainder of this paper proceeds as follows. Section 2 explores the technicalfoundations of cryptography and the implications of quantum computing for financialsystems and potential quantum-safe solutions. Sec