HSBC tests post-quantum VPN tunnel for digital ledgers

HSBC has worked with Quantinuum to trial “the first application” of quantum-secure technology for distributing tokenised physical gold. The HSBC Gold Token for retail investors in Hong Kong allows the bank’s customers to acquire fractional ownership of physical gold. Moving these tokens over financial networks requires encryption that cannot be broken by high-performance quantum computers and does not impact performance.

HSBC said that the trial demonstrates the commitment of its foreign exchange and commodities businesses to safeguard critical applications from potential future quantum computing attacks.

According to HSBC, the work with Quantinuum also shows a cost- effective approach to protecting existing production distributed ledger technology (DLT) in the short and medium term without the need for re-architecting the DLT. 

HSBC said it has also demonstrated the interoperability of its gold tokens by using post-quantum cryptography (PQC) to move digital assets safely across distributed ledgers via secure networks. This includes the capability to convert HSBC’s gold tokens into ERC-20 fungible tokens, thereby enhancing distribution and interoperability with other DLTs and digital wallets. HSBC said the approach it has taken addresses clients’ evolving needs and regulations.

In a whitepaper looking at the trial, HSBC said that although DLT and asset tokenisation offer significant benefits, it is crucial to enhance and future-proof the security measures surrounding these technologies, which involves migrating to quantum-safe cryptography to ensure the continued resilience of its financial systems against both current and emerging cryptographic threats.

“Despite the robust security offered by distributed ledgers and blockchain through encryption and decentralised consensus mechanisms, the rapid advancement of the quantum computing cyber threats necessitates a proactive approach to future-proofing these systems,” the company said.

“It is crucial to not only maintain but to continue to enhance the security measures surrounding distributed ledgers, ensuring that they remain resilient against both current and emerging cyber threats.”

PQC is the approach the industry is taking to protect against cryptographic keys being broken by powerful quantum computers. HSBC said that a major concern of implementing PQC into distributed ledgers is the potential impact on performance.

“These new algorithms have larger key sizes for the cryptography and may have significant effect on the operational use of distributed ledgers,” the company explained in the whitepaper.

“It has been argued that the signature and larger key sizes used in PQC systems would cause an increase in block size and signature time. This has the unfortunate consequence of affecting the performance, efficiency and execution speed of the whole distributed network.”

The trial, which is aligned with Project Leap – an initiative to quantum-proof financial systems – uses a PQC-VPN tunnel in a gold tokenisation environment. HSBC said it observed minimal impact on performance levels when sending data through the tunnel, irrespective of the size of the data.

Philip Intallura, global head of quantum technologies at HSBC, said: “HSBC was the first international bank to offer tokenised physical gold and is now building on that innovation with cutting-edge cybersecurity protection for the future. This pilot successfully demonstrated the viability of deploying these advanced technologies for a real-world business environment.”