In December of last year, Nomura Holdings, Nomura Securities, the National Institute of Information and Communications Technology (NICT), Toshiba, and NEC began the first joint testing program to confirm the effectiveness and feasibility of quantum cryptography for strengthening security in data communications and storage in the financial domain. The joint test program was carried out as part of the “Photonics and Quantum Technology for Society 5.0” program (operated by the National Institutes for Quantum and Radiological Science and Technology), a Cross-ministerial Strategic Innovation Promotion Program (SIP) led by the Cabinet Office.
Financial institutions have been working to strengthen cyber security in recent years, with rising concerns over the increasing threat of cyber-attacks on financial institutions, and the effects thereof on financial systems, while the Financial Services Agency recently published their Policy of Approach to Strengthen the Cyber Security in the financial Industries. With the recent acceleration of digitalization and increased sharing of information between companies via APIs (Application Programming Interfaces) in particular, the environments in which such systems operate are changing significantly, and cyber security in the financial domain needs to be strengthened even further.
Encryption technology is currently used widely throughout society to ensure the security of data communications within and between systems, and there has hitherto been little concern that those communications could realistically be decrypted or intercepted. However, with rapid advances in the research and development of quantum computing, the potential risk that communications can be decrypted is rising fast.
Finding new security measures against such future threats is a particularly urgent mission for the financial industry, where the protection of customer data is of the highest priority.
In light of these developments, the five companies have begun testing the applicability of quantum cryptography to the financial domain as a new security measure and “the only encryption technology that cannot be decrypted by a third party (wiretapper) irrespective of the theoretical extent of their computer processing capabilities.”
This test program will involve the anonymous transfer of pseudo-data (fake data), representing the customer information and stock transaction data held by Nomura Securities, using quantum encryption, and the operation verification of a quantum security cloud system for the secure backup or calculation of data by remotely distributing it anonymously across multiple data servers.
Specifically, quantum encryption devices developed by Toshiba have been installed at locations operated by Nomura Securities. Meanwhile, the Tokyo QKD Network, a quantum encryption network operated by NICT since 2010, has been extended to the Nomura Security locations to build the testing environment for the joint test, including quantum encryption and a quantum security cloud system.
Accordingly, this is the first such effort in Japan in which quantum encryption devices have been installed in actually functioning systems in a financial institution.
Encryption and decryption in quantum cryptography involves the transferred data /simple logical sum of the encrypted data with the encryption key, and can therefore occur with less latency than traditional encryption methods, making it ideal for the processing of encrypted transactions that require extremely low latency.
For this reason, the test program will test whether latency is introduced by quantum encryption into the processing of stock trades, which require a massive volume of high-speed communications where each transaction must be completed in less than a millisecond.
Furthermore, advancement of highly secure and convenient access control technology and mounting of anonymous statistical functionality to extract and process statistical data while maintaining the anonymity of highly confidential customer data in the quantum secure cloud system will be verified. This will serve to improve internal security measures to limit the scope of impact in the event that internal company systems do experience a security breach.
In the future, the five companies will begin planning usage scenarios and adoption plans for quantum encryption and quantum secure cloud systems to strengthen security in the financial industry based on the outcome of the test program.