Banque de France & MAS Complete Landmark Post-Quantum Email Security Experiment

6 Nov 2024 – The Banque de France (BDF) and the Monetary Authority of Singapore (MAS) have successfully completed a groundbreaking cross-border experiment in post-quantum cryptography (PQC), carried out between Paris and Singapore using ordinary internet infrastructure. This joint trial marks an important milestone in fortifying digital communications against future quantum-enabled cyber threats. By demonstrating quantum-resistant encryption and digital signatures on real-world email systems, the project showcases tangible progress toward protecting sensitive data in the financial sector from the looming risk of quantum computer attacks.

Why Quantum Threats Demand Action Now

Future quantum computers could break today’s encryption, endangering everything from banking transactions to personal communications. Financial authorities worldwide are thus racing to adopt PQC – encryption algorithms designed to withstand quantum attacks – before large quantum machines materialize. The BDF-MAS experiment underlines the urgency: it aims to “strengthen communication and data security in the face of quantum computing advancements”, calling the successful test “a crucial milestone” in safeguarding international electronic communications. In other words, the threat of quantum-powered decryption is not science fiction but a ticking clock influencing cybersecurity strategy today. Forward-thinking institutions are acting now so that critical infrastructure stays secure well into the quantum era.

Notably, MAS’s Deputy Managing Director (Corporate Development), Ms. Jacqueline Loh, framed the situation succinctly: “The looming threat of quantum-powered decryption is transforming cybersecurity strategies in financial services globally. The focus is now shifting towards cryptographic agility and ensuring systems can adapt by integrating with quantum-resistant algorithms. Financial institutions that prepare early for the quantum era will not only mitigate future risks but also position themselves to retain public trust in digital financial services.”

In short, early preparation and adaptability in cryptography – often called cryptographic agility – have become critical. Banks and regulators that start upgrading their cryptography now will be far better positioned to protect customer data and maintain trust when quantum technology arrives.

Inside the Cross-Continent PQC Email Trial

The joint BDF-MAS project zeroed in on a ubiquitous yet sensitive medium: email. Emails often carry confidential information, making them prime targets for interception. The experiment was the first of its kind for these institutions, trialing quantum-resistant algorithms for signing and encrypting emails without requiring any exotic hardware or special networks. Instead, it relied on standard email infrastructure and software – a deliberate choice to prove that PQC can be integrated into existing systems with minimal disruption.

Hybrid cryptography was the cornerstone of the solution. The project followed a hybrid approach, “combining the robustness of current algorithms with post-quantum algorithms to ensure security and compatibility with existing systems, while preparing for the cybersecurity threats posed by quantum computing.” In practice, this meant using traditional encryption (like RSA) together with new PQC algorithms in each email transaction. By doubling up, the system maintains backward compatibility and gains an extra layer of safety: even if one algorithm were to be cracked in the future, the other would still protect the message. This two-pronged defense is crucial during the transition period – PQC algorithms are promising but new, so keeping classical crypto in the loop hedges against any unforeseen weaknesses.

Key Findings and How It Worked

According to the official report and press release, the experiment yielded several important findings and demonstrated the practical feasibility of PQC in everyday communications:

Successful Quantum-Safe Email Exchange: Using Microsoft Outlook as the email client, paired with a post-quantum email plugin, BDF and MAS “successfully exchanged digitally-signed and encrypted emails using PQC algorithms, namely CRYSTALS-Dilithium and CRYSTALS-Kyber.”  Dilithium (for digital signatures) and Kyber (for encryption) are among the leading PQC algorithms selected by NIST as new cryptographic standards. The fact that two major central banks could seamlessly send secure emails across continents with these algorithms – without altering the underlying email platforms – is a strong proof-of-concept for quantum-safe communication. The use of a plugin provided by CryptoNext Security integrated into Outlook further “showcases the practical viability and effectiveness” of deploying PQC within widely-used applications.

Beyond Algorithms: Adapting Standards and Infrastructure: The trial revealed that simply standardizing PQC algorithms isn’t enough; the surrounding protocols and infrastructure also need to evolve. As the banks noted, adopting PQC at scale will require updating application protocols and standards – such as public key infrastructure (PKI), digital certificates, key exchange mechanisms, and secure email formats – to handle the new algorithms. In this experiment, the teams had to engineer a hybrid S/MIME email format because no off-the-shelf standard existed for mixing classical and PQC algorithms in one message. This underscores a broader industry challenge: email clients, servers, and certificate authorities must learn to recognize and properly process quantum-resistant encryption and signatures. The report emphasizes that PQC standardization efforts must extend beyond math libraries to practical interoperability of systems. In other words, the whole ecosystem – not just the cryptography – needs to be quantum-ready.

Potential for Quantum-Safe Payments: Encouragingly, BDF and MAS see this email trial as a springboard to bigger applications. “There is potential to integrate this technology into payment networks,” they stated, to “future-proof their security measures against the looming threat of quantum computing, ensuring the long-term integrity and confidentiality of sensitive financial data.”  In the financial world, cross-border payment instructions and transactions are as sensitive as emails – if not more – and often rely on cryptographic protections. Demonstrating PQC in email is a first step toward using it to safeguard high-value financial data flowing through payment systems. The experiment’s success suggests that quantum-resistant encryption could be woven into payment networks to protect money transfers and financial messaging in the years ahead.

Testing Real-World Scenarios (Including Failures)

To prove the solution’s robustness, the BDF-MAS team didn’t stop at the “happy path” of normal email exchanges. They conducted a battery of functional tests and exception handling scenarios to mirror real-world usage. On the functional side, they tested sending and receiving emails that were signed-only, encrypted-only, and both signed-and-encrypted, including cases with file attachments and multiple recipients. Every scenario verified that recipients could correctly verify signatures and decrypt messages under various conditions. Notably, even with the added PQC components (which involve larger keys and ciphertexts), the user experience in Outlook remained essentially seamless – a critical factor for adoption.

Just as important were the exception handling tests: these deliberately introduced problems to see how the system would react. For example, what if someone tried to send a PQC-encrypted email to a recipient whose certificate wasn’t in the system? Or what if an attacker sent a bogus “quantum-safe” signed email using a mismatched key? The custom Outlook plugin proved its worth here. According to the report, “exception handling mechanisms were essential to prevent the inadvertent transmission of emails to recipients lacking imported certificates, as well as to authenticate senders and detect fake or mismatched digital signatures.” In practice, the plugin blocked emails that couldn’t be properly encrypted (due to missing recipient PQC keys) and flagged any signature anomalies. This kind of resilience check is vital: it shows that a PQC-enabled system can fail safely, maintaining security rather than blindly sending unreadable ciphertext or trusting an invalid signature.

Overcoming Challenges

Implementing PQC within an existing email ecosystem did come with challenges. The project team had to navigate issues like mail servers encountering an unfamiliar email format (the hybrid S/MIME structure) and email security filters potentially balking at the new attachments or headers. In some early runs, automated scanners or client applications treated the hybrid messages as suspicious simply because they didn’t recognize the format. The team traced these hiccups to the “hybridised S/MIME content type and attachment extensions” used in the pilot, which caused downstream complications with standard email processing. They also noted that Microsoft Outlook’s built-in security features had to coexist with the external plugin; for instance, Outlook would try to interpret digital signatures itself, creating a conflict with the plugin’s processes. These are the sort of practical wrinkles one can only find by hands-on experimentation. Each issue provides a lesson for future implementations – for example, standards bodies may need to define how hybrid S/MIME messages should be formatted, so that mail servers and clients can uniformly handle them without confusion.

Despite those hurdles, none proved insurmountable. The successful outcomes, even after troubleshooting, gave BDF and MAS confidence that the approach is technically sound. Moreover, performance was encouraging: the report observed that the larger key sizes of PQC algorithms did not significantly slow down or burden the email process in this trial. For low-volume applications like person-to-person email, the impact of using Dilithium signatures and Kyber encryption was negligible. This is a reassuring sign that adding PQC to common communications won’t grind them to a halt. However, the report wisely notes that high-volume systems (like payment networks processing thousands of transactions) might face different performance considerations. Further research will investigate whether those larger key sizes and more complex cryptographic operations could introduce latency or computational load issues at scale. In essence, PQC works for email – next, the team will explore if it scales for the fast-paced world of financial transactions.

From Secure Emails to Quantum-Safe Payments

Having proven that quantum-resistant cryptography can be retrofitted onto email, BDF and MAS are already planning the next phase of their collaboration. The goal: extend post-quantum security to “critical financial transactions, particularly cross-border transactions on payment networks.” This is a natural progression. Securing emails was a crucial first step, but the ultimate prize is securing the payments and settlement systems that underpin global finance. These systems (think interbank payment networks, SWIFT messages, real-time gross settlement systems, etc.) are rife with sensitive data and high-value instructions that must remain confidential and tamper-proof for decades. They also operate at high speed and volume, so any cryptographic solution must be highly efficient as well as secure.

The experiment’s success suggests that integrating PQC into such payment pipelines is feasible, but it will require careful coordination. Upgrading a payment network to quantum-safe encryption is a much bigger endeavor than an email pilot: it involves multiple banks, possibly different software vendors, and legacy infrastructure that cannot be disrupted. As BDF and MAS noted, this next stage will involve evaluating the viability, coordination, and limitations of rolling out PQC in existing payment infrastructure. Questions to tackle include how to manage larger cryptographic keys in transaction messages, how to update or augment PKI for financial institutions, and how to phase in new algorithms without breaking interoperability between international partners. The fact that two major central banks are addressing these questions together is a positive sign. It indicates a proactive stance: rather than waiting for quantum attacks to hit, they are future-proofing critical financial systems now.

BDF’s First Deputy Governor, Denis Beau, highlighted the central bank’s motivation, noting that while quantum computing brings promise, “it also brings a threat to cybersecurity, particularly in protecting our communications.” He explained that Banque de France, as a central bank, has been “anticipating and multiplying experiments in post-quantum cryptography with its partners since 2022”, and this first cooperation with MAS “reassure[s] us of our ability to make our inter-institutional communications resilient.”. In other words, early experiments like this build confidence that vital financial links – whether email or payment rails – can be made quantum-safe before threats materialize. Both institutions expressed satisfaction that their partnership will continue into a second phase focused on payments.

The Case for Early Cryptographic Agility in Finance

One clear message from this initiative is the importance of cryptographic agility. Cryptographic agility means having systems designed to switch or upgrade cryptographic algorithms with relative ease. In an era of rapidly evolving threats, agility is as important as the strength of any single algorithm. The BDF-MAS trial used a hybrid approach in part to maintain agility: by layering new algorithms alongside old ones, they make it easier to drop one or the other in the future if needed. More broadly, financial institutions and regulators are recognizing that they must be ready to pivot their cryptographic tools on short notice – whether due to quantum breakthroughs or any other unforeseen vulnerability in current ciphers.

MAS’s Jacqueline Loh explicitly pointed out that “the focus is now shifting towards cryptographic agility and ensuring systems can adapt by integrating with quantum-resistant algorithms”, as those who prepare early will be best placed to handle the transition to the quantum era. This proactive philosophy is a departure from the more static, set-and-forget approach to encryption of past decades. Historically, banks might adopt a standard (say RSA or ECC) and stick with it for many years. But with quantum computing on the horizon, that complacency is no longer viable. Sophisticated adversaries could be harvesting encrypted data now to decrypt later when quantum tools become available – a tactic the security community has warned about. Early adoption of PQC, even before quantum computers exist at scale, mitigates that “harvest-now, decrypt-later” risk by ensuring that intercepted data stays indecipherable. In essence, investing in PQC today is like installing a vault door before the thieves have the super-crowbar – it might seem premature, but it could save untold costs and crises down the line.

The trial also reinforces that agility isn’t solely a technical challenge; it’s an organizational and governance challenge. BDF and MAS had to coordinate across different jurisdictions, involve industry partners (like CryptoNext for the email plugin), and align with global standards bodies. Their effort to comply with guidance from agencies like ANSSI (France’s cybersecurity authority), NIST in the U.S., as well as BSI, ENISA, ETSI, and the IETF shows a determination to stay in sync with emerging global standards. By aligning their experiment with international recommendations – and using NIST’s 2022 PQC choices (Kyber, Dilithium) as the foundation – they not only future-proof their own work but also contribute to shaping those standards through practical feedback. This kind of agility, where policy and technology evolve hand-in-hand, will be essential for the financial industry to navigate the quantum transition smoothly.

International Collaboration for a Quantum-Safe Future

Perhaps one of the most heartening aspects of the BDF-MAS experiment is the model of international collaboration it provides. Cybersecurity threats, especially ones as far-reaching as quantum decryption, do not respect borders. It’s fitting, then, that a European central bank and an Asian financial regulator joined forces to tackle this challenge together. By pooling expertise and coordinating their efforts, they’ve sent a strong signal that quantum readiness is a global concern requiring global solutions. The official statement from the two institutions underscored “the importance of international cooperation in addressing emerging cyber threats.” In other words, no single bank, company, or country can go it alone in the face of quantum risk – we’re all in this together.

The success of this joint experiment is encouraging news for the international financial community. It demonstrates that even large, security-conscious organizations like central banks can innovate quickly when faced with a common threat. It also provides a template that others can study and replicate. We can imagine a not-so-distant future where quantum-safe email plugins, hybrid certificate authorities, and PQC-enabled transaction networks are standard practice across banks worldwide – thanks in part to the trail blazed by projects like this. As BDF and MAS move into their next phase on payments, they will likely bring in more partners and share insights with other institutions. This kind of knowledge exchange and collective effort will accelerate the global transition to quantum-safe cryptography, much as past collaborations (like international encryption standards or cybersecurity forums) helped raise the security bar universally.