Quantum Computing: The New Era of Encryption

Quantum computers are not faster versions of classic computers; they work in a fundamentally different way. While conventional computers work with bits that assume either the state 0 or 1, quantum computers use so-called qubits. Thanks to superposition, these can represent several states simultaneously and be connected to each other through quantum entanglement. This opens up entirely new possibilities. Quantum computers can solve certain complex problems in seconds that would take classical computers years or even centuries to solve.

However, the fascinating possibilities offered by quantum computers also entail serious risks. The closer we get to the practical application of this technology, the more pressing becomes a question that is no longer purely theoretical.

One of the greatest dangers arises from data that is intercepted today but will only be decrypted in the future using a method that will be available by then. ‘Harvest now, decrypt later’ is the catchy phrase that has been circulating for some time.

An ISACA study shows that almost two-thirds of the 2,600 IT and security experts surveyed globally fear that quantum computing could undermine existing encryption methods. But only five per cent of companies have a strategy for dealing with this challenge. They cannot wait to make their data ‘quantum-secure’.

On 25 September 2025, important steps were taken for global financial security in the quantum age. The US organisation X9 and DigiCert signed the first root certificate for a so-called Financial PKI, a digital infrastructure for securing financial data. What is new about this is that it is based on quantum-secure algorithms, i.e. encryption methods that are designed to withstand future quantum computers.

With the rapid advancement of quantum computers, there is growing concern that today's encryption methods will soon no longer be secure enough. Project Leap is Europe's response to the quantum threat. The project is an initiative of the BIS Innovation Hub Eurosystem Centre, together with partners such as Nexi, Swift and several central banks. In the current phase, ProjectLeap 2, the focus is on practical implementation: liquidity transfers between central banks secured with digital signatures based on post-quantum cryptography are being tested. The aim is not only to ensure security, but also to test the interoperability and performance of these new methods in a realistic environment.

Banks and insurance companies need to start thinking now about how to protect themselves against ‘harvest now, decrypt later’ attacks. The U.S. Institute for Standards and Technology (NIST) has taken a first step in this direction by publishing post-quantum cryptography standards. A study conducted by a British quantum start-up in 2022 also shows how serious the issue of data security is. According to the study:

• Bitcoin encryption could be cracked within 24 hours, or even faster with sufficient computing power (‘QBits’).
• RSA-2048 is already considered insecure because a method exists to crack it, but there is no quantum computer that can apply it yet.

Overall, it is to be expected that a system will rapidly emerge from the ‘noise’ that will suddenly be ready for the market. In the period from now until around 2030, several prototypes are likely to be developed that will provide initial indications of how powerful PQC (post-quantum cryptography) really needs to be. PPI shares the Bundesbank's assessment that, from 2030 onwards, quantum architectures are likely to emerge that companies can use for their purposes, but which will also force them to effectively secure their architectures.

We will refrain from presenting all the technical details of quantum computing here. What is important is the realisation that real risks already exist today, even if they may only materialise in a few years' time. Banks and insurance companies should start evaluating quantum-secure solutions and designing their encryption and infrastructure in such a way that it remains flexible and future-proof. Cryptographic agility means preparing systems specifically for the requirements of the quantum world.

Hybrid methods that combine classic cryptographic methods with PQC can also be used to ensure the smoothest possible transition and increased security during the migration phase. The Federal Office for Information Security (BSI) has also called for this.

The first step on this path is to create a kind of cryptography inventory. Banks and insurance companies should identify which cryptographic methods are used where in the company and prioritise them according to the level of risk posed by quantum computing. RSA and ECC are among the most common methods used to protect data and signatures. In addition, a list should be made of which data needs to be protected from unauthorised access and possible decryption at a later date. Logically, this includes personal data that is also relevant to the GDPR, financial data and, in the case of insurance companies, health data. Systems used by third-party providers must also be reviewed.

Next, a strategy should be developed for introducing PQC and planning the migration. Hybrid methods that use both classic and PQC methods are just as suitable for this as the algorithms recommended by NIST. The key factor is likely to be establishing flexible IT architectures or redesigning existing ones so that future cryptographic methods can be integrated quickly. Finally, a robust project roadmap for PQC and a dedicated cryptographic testing system are needed, as well as training. Companies should also prepare for regulatory changes. Both the US authorities and the European Commission already have PQC on their radar.

PPI is currently developing a ‘PQC Readiness Check’. Essentially, this will involve an assessment of the current situation to help identify the most pressing tasks and tackle them first.

Despite all caution, it should not be forgotten that quantum computing also offers many opportunities. The new technology can be used to calculate failure probabilities more accurately and run through more complex scenarios. Risk management can also be improved. More accurate risk assessments in turn lead to lower capital buffers and thus to higher earnings potential for banks.

In general, financial products can be simulated more quickly and accurately, which has a positive effect on their risk assessment – positive in the sense that these risks are easier to identify. Certain big data scenarios can also be mapped using quantum computing.

HSBC, in collaboration with IBM, has demonstrated the world's first known example of quantum-assisted algorithmic trading in the corporate bond market. Using current quantum computers, it was possible to achieve up to 34% better predictions than with traditional methods whether a trade would be concluded at the offered price.

Despite all the dangers, we are gaining a tool that will enable companies to navigate better through the data world in which we now live. However, as with driving a car, the rule is: fasten your seatbelt first, then drive off.