On 5 November 2024, Banque de France (“BDF“) and the Monetary Authority of Singapore (“MAS“) announced the completion of a groundbreaking joint experiment in post-quantum cryptography (“PQC“) conducted across continents over conventional Internet technologies.
- Signing and encryption of emails: The joint BDF-MAS initiative trialled the first use of quantum-resistant cryptographic algorithms for the signing and encryption of emails. The goal was to strengthen the current level of security for electronic communications in the future, while retaining compatibility with existing Internet standards, technologies and communication channels. Emails are particularly sensitive as they may carry confidential information, making them a prime target for cyberattacks. The trial demonstrated the practical feasibility and effectiveness of these new security methods.
- Hybrid approach:The project followed a hybrid approach, combining the robustness of current algorithms with post-quantum algorithms to ensure security and compatibility with existing systems, while preparing for the cybersecurity threats posed by quantum computing.
- Technical report: A technical report detailing the results and takeaways from the experiment was also published on the same day. The key findings include:
- Successful exchange of digitally-signed and encrypted emails using Microsoft Outlook with a PQC email plugin: BDF and MAS successfully exchanged digitally-signed and encrypted emails using Microsoft Outlook with a PQC email plugin, applying PQC algorithms such as CRYSTALS-Dilithium and CRYSTALS-Kyber.
- Standardised application protocols and systems: It is insufficient to just standardise PQC cryptographic algorithms and libraries for digital signatures and encryption. Application protocols and standards like public key infrastructure, digital certificates, key exchanges and secure emails must also be standardised to incorporate PQC cryptographic algorithms to facilitate adoption and interoperability of PQC.
- Potential to integrate PQC technology into payment networks: Such integration will enable financial institutions to future-proof their security measures against the looming threat of quantum computing, thereby ensuring the long-term integrity and confidentiality of sensitive financial data.
- Potential for more secure financial systems: In the next stage, BDF and MAS will work to extend PQC to critical financial transactions, particularly cross-border transactions on payment networks.
Click on the following links for more information (available on the MAS website at www.mas.gov.sg):
- MAS Media Release titled “Banque de France and Monetary Authority of Singapore Conduct Groundbreaking Post-quantum Cryptography Experiment to Enhance Communication Security”
- MAS Technical Report titled “Post-Quantum Cryptography”
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.