Mastercard preps for the post-quantum cybersecurity threat
Entities in the private and public sector are preparing by following one of two tracks: working on a whole new set of quantum-resistant algorithms on which to base the private keys (post-quantum cryptography, PQC) or using quantum physics to do the same (quantum key distribution, QKD). Mastercard’s project focuses on the latter method. Other enterprises in the financial sector are also exploring QKD.
On a parallel track, public institutions such as the National Institute of Standards and Commerce (NIST) are following the “harden-the algorithms” PQC approach. NIST has selected four quantum-resistant algorithms and is in the process of standardizing them. The final ones are expected to be available in the first half of 2024 and NIST has established a quantum-readiness roadmap for enterprises to follow.
The Mastercard project
Given that Mastercard has embraced the quantum key distribution method, its pilot project determined the architectural requirements and limitations of QKD and the operational readiness of the QKD systems.
Mastercard’s Maddaloni reports that the team tested the quantum key distribution solution over a dark fiber network. Toshiba and ID Quantique were used to produce the keys. Two networking vendors that Mastercard has worked with in the past were also brought in. Their input from an IP Ethernet networking perspective helped, Maddaloni says. The goal was to conduct an inventory of the types of networking capabilities within Mastercard’s network, which has thousands of endpoints connected with a few different telecommunications capabilities. “We wanted to look at whether the quantum key distribution capabilities work in that environment,” Maddaloni says.
“The availability of QKD-enabled services and equipment is very specialized and currently quite limited,” Maddaloni says. “Not many hardware vendors have features available that can integrate with the QKD systems.” Designing the test was also challenging. QKD requires individual photons to arrive at precise times, and quantum states used for encryption can be easily disturbed by external factors such as noise, temperature changes, and vibration, among other factors.
“The project was designed to meet these challenges and deliver provable results and validation of the technology potential,” Maddaloni adds. And it was successful.