Quantum Computers and Post-Quantum Security

The rise of quantum computing is reshaping risk models across finance, where asymmetric encryption underpins everything from interbank settlements to retail payments. While today’s quantum machines remain limited, their theoretical ability to solve factoring and discrete‑log problems threatens RSA and elliptic‑curve schemes that protect transaction data. This creates a unique security dilemma: data intercepted now can be stored and decrypted later once quantum hardware matures, prompting regulators and operators to act before the threat materialises.

SIX’s response illustrates a pragmatic, phased strategy. First, the firm conducts a full cryptographic inventory, mapping every protocol, hardware security module, and API that relies on vulnerable algorithms. Next, it builds crypto‑agility into its architecture, allowing hybrid deployments where NIST‑approved post‑quantum algorithms—ML‑KEM for key exchange and ML‑DSA/SLH‑DSA for signatures—run alongside legacy RSA/ECC. This approach spreads migration costs over several years, aligns with SwissBanking guidelines, and reduces the risk of a disruptive, emergency switch‑over. Pilot tests on cloud‑based quantum processors also help SIX gauge where quantum acceleration could add value beyond security, such as in risk‑simulation models.

Industry‑wide, the SIX initiative signals that the “quantum‑ready” era is arriving faster than many expected. NIST’s PQC standards provide a clear roadmap, but adoption hinges on awareness, expertise, and coordinated regulatory frameworks. Financial institutions that delay risk falling behind in both compliance and innovation, as competitors may leverage quantum‑enhanced analytics for fraud detection or portfolio optimization. Early, risk‑based planning—starting with inventory, building agility, and running hybrid pilots—offers the safest path to protect legacy data while positioning firms to capture the upside of quantum computing as it matures.