SIX Builds Quantum Security for DLT-Based Exchange

SIX Digital Exchange (SDX), an end-to-end platform for trading digital assets based on distributed-ledger technology (DLT), is developing its architecture to be quantum-safe.

As part of its wider security strategy for the digital exchange and central securities depository, SIX is building post-quantum encryption into its technology to future-proof against organized cybercriminals with access to quantum technologies.  

While they do contain vulnerabilities, DLT networks like blockchain are secured with advanced cryptography and are considered generally secure against present-day technologies or traditional computing. However, researchers at the National Institute of Standards and Technology (NIST) warn that a quantum computer could be powerful enough to crack even blockchain encryption.

Information infrastructure like the internet and distributed ledgers are underpinned by mathematical problems, such as encryption algorithms like RSA and elliptic curve cryptography, which are deemed too complex for conventional computers to crack. In theory, however, a quantum computer could decrypt these complex ciphers.

Many experts believe that commercial uses of quantum computing are years away, as these computers not only cost millions of dollars to buy, but are also extremely expensive to run due to the vast amounts of electricity required to maintain the conditions for quantum mechanics to work, which in some cases require the temperature to in the range of -400 degrees Fahrenheit.

Jochen Duerr, chief risk officer at SIX Group, does not view the risk of quantum computing capabilities falling into the wrong hands as such a distant problem. He says that there is an arms race when it comes to securing DLT networks, and that state-organized criminals are well-resourced and shouldn’t be underestimated.

“There are threat actors that get more and more access [to advanced technologies]…and if you talk about state actors, they have access to a substantial amount of funding,” says Duerr, though he declined to get into specifics as to just how they will create a quantum-safe architecture.

Further to SIX’s security strategy, the company will develop round-the-clock surveillance and security alerts on SDX. “Security doesn’t have a nine-to-five working day, so you need to make sure that that you provide 24/7 security protection and detection opportunity,” Duerr says.

SIX is building post-quantum resiliency into SDX’s architecture as one of the key security deliverables for the project, ahead of its full launch. SDX was originally scheduled to go live in late 2019, but SIX pushed the deadline back to this year. Now, the exchange expects that the first services of the SDX end-to-end platform will be rolled out all through 2020 on a use-case-by-use-case basis.

“We will go ahead in a use-case, staggered approach with our customers and with our shareholder banks,” Duerr says. “Therefore, it will also depend on their readiness and ability to go live with us. So, in other words, it will be a piloted approach, step-by-step, over the course of this year.”

SIX would not specify which of its digital services will be available this year.