The World Economic Forum (WEF) recently issued a strong warning about the potential vulnerability of central bank digital currencies (CBDCs) to decryption attacks from quantum computers. Quantum computers are still largely in the experimental phase, with only a few proofs-of-concept and a handful of laboratories claiming to have solved problems that traditional computers cannot handle. However, there is still some time before “Q-Day,” the hypothetical point at which bad actors can crack standard encryption with quantum computers.
While encryption threats could impact various industries, the digital asset sector faces a significant challenge. The WEF states that this heightened threat has the potential to “break” CBDCs. In a blog post on May 21, the WEF emphasized the need for central banks to include cryptographic agility in CBDC systems to protect against quantum cyberattacks targeting payment infrastructure.
It is worth noting that there is no consensus among physicists regarding the timeline for when quantum computers will become powerful enough to pose a threat to current encryption methods. Predictions range from a few years to several decades.
In light of this, the WEF identified three specific threats to CBDCs that could arise from quantum computing. Firstly, quantum computers could be used to break “in motion encryption,” allowing attackers to intercept transactions in real-time. The blog post also mentioned identity impersonation as a threat, where quantum systems could be used to break encryption protecting identity verification systems, leading to the insertion of spoofed identity assets.
Lastly, the WEF highlighted the commonly cited threat of “Harvest now, decrypt later.” In this scenario, attackers steal encrypted data and store it for decryption by future quantum systems. Victims may remain unaware that their data has been stolen for years or even decades before the threat becomes a reality.
To address these threats, the WEF recommends building CBDCs with quantum-proof protections at their core, using a methodology known as “cryptographic agility.”