BIS Project Leap: Quantum‑Proofing Payments With Hybrid PQC Is Feasible – Now Comes the Hard Part
Table of Contents
9 Jun 2023 – The Bank for International Settlements (BIS) has released a report under Project Leap demonstrating – via a realistic central‑bank payments connectivity experiment – that post‑quantum cryptography (PQC) can be deployed today in a hybrid mode without breaking core operational expectations for secure inter‑site connectivity.
The report’s headline message is not “wait for quantum computers,” but “assume data is being harvested now.” Because adversaries can capture encrypted traffic today and decrypt later (“harvest now, decrypt later”), long‑lived financial confidentiality and trust anchors become a present‑day risk management issue – not a future research problem.
Project Leap’s engineering conclusion is also a governance conclusion: the main barriers are (i) cryptographic agility in legacy stacks (including hardware) and (ii) ecosystem migration coordination, not whether PQC algorithms exist. Migration planning must start immediately – well before final standards land – using hybrid designs to preserve interoperability and allow algorithm swap‑outs as standards evolve.
What the BIS report actually did
Project Leap Phase 1 built a quantum‑safe site‑to‑site IPsec VPN tunnel between the Bank of France and the Deutsche Bundesbank, spanning a public cloud environment on one side and a more constrained legacy/private environment on the other.
The tunnel used hybrid cryptography: classical public‑key mechanisms alongside PQ key‑encapsulation mechanisms (KEMs) and PQ digital signatures, with X.509 certificates adapted for PQ use. The experiment transported ISO 20022 payment messages through the tunnel and stress‑tested three dimensions: cryptographic agility, performance, and security assurance under configuration changes and fault scenarios.
Crucially, the report frames this as a “network‑layer first” step: a pragmatic way to reduce “data in transit” exposure while buying time to address harder application and transport layer migrations needed for a complete chain of trust.
Key findings and the real technical frictions
The report’s security framing is orthodox and correct: Shor‑style attacks threaten widely used public‑key systems (eg RSA/ECC), while Grover‑style attacks shift symmetric security economics (mitigated in practice by moving to AES‑256 for long‑term protection).
On feasibility, Leap found PQC deployment is operationally viable now, especially in hybrid mode, which simultaneously (a) avoids “security regression” if either the legacy or PQ component weakens and (b) supports orderly algorithm replacement as guidance changes.
Performance results are nuanced in a way many boardrooms miss: after a tunnel is established, bulk data performance is largely unaffected because payload encryption remains symmetric (AES‑256). The overhead concentrates in session establishment and authentication, where additional hybrid steps and larger signatures/keys can increase setup time. In Leap’s measurements, most tested hybrid configurations still established tunnels in well under ~1 second, but combinations involving hash‑based signatures (eg SPHINCS+) were noticeably slower—useful as a hedge family, costly for tight‑latency use cases. Hardware acceleration mattered (eg AVX2 benefits), and “legacy” environments amplified some performance penalties.
Cryptographic agility emerges as the central engineering requirement. Leap reports that KEM agility was straightforward (swap‑in/swap‑out), while signature agility was less turnkey because common negotiation/config assumptions are not yet designed for many PQ signature variants. The report explicitly flags hardware and embedded constraints: HSMs, firewalls, and smart cards are likely to be the least agile components and therefore the earliest procurement and redesign battleground.
Recommendations, priorities, and a pragmatic timeline
Leap’s recommended sequence is effectively: inventory → roadmap → implementation, aligned with a “time‑to‑migrate vs time‑to‑quantum vs data‑lifetime” risk model. The report argues this is urgent because large‑scale migrations historically take many years (often decades), and because long‑lived financial data intercepted today may remain valuable when quantum decryption arrives.
Where I agree most strongly with the report: central banks and FMIs should treat PQC as an operational resilience program, not a crypto library upgrade. The US Office of Management and Budget memo from late 2022 is a useful signal of how quickly “quantum migration” is becoming an auditable planning expectation in critical infrastructure, even before final PQ standards.
BIS recommendations vs likely industry actions
| BIS / Project Leap recommendation | Likely industry action (2023 reality) | Priority correction |
|---|---|---|
| Start a crypto inventory and quantum risk assessment now | Partial inventories; focus on “obvious” TLS endpoints only | Treat inventory as continuous (incl. PKI, HSMs, signing services, backups, archived data) |
| Use hybrid PQC to preserve interoperability during transition | Wait for “final standards,” delaying pilots | Pilot hybrid in low‑blast‑radius links (site‑to‑site VPN, internal PKI) and build rollout muscle |
| Build cryptographic agility to swap algorithms as guidance evolves | Hard‑coded crypto in apps/appliances persists | Make agility a procurement and architecture requirement; plan early replacement of non‑agile hardware |
| Test performance/security trade‑offs per use case | Overgeneralize from vendor benchmarks | Require workload‑specific tests (latency, handshake frequency, cert sizes, logging/PKI tooling) |
| Expand beyond network layer to full chain of trust | Stop at “VPN done” | Roadmap application + transport migration (TLS, SSH, signing, attestation) |
| Invest in scarce skills (cryptographers, engineers, operators) | Understaffed programs and “checkbox” training | Build internal PQC competence centers; fund exercises and red‑team‑style validation |
Implications for central banks, FMIs, and the crypto/PQC community
For central banks and financial market infrastructures, Leap is a proof‑point that “payments‑grade PQC” is not speculative: hybrid PQ tunnels can be engineered with manageable operational overhead, but only if institutions confront legacy rigidity early and coordinate migration across participants. The systemic relevance is clear: cyber compromise is already a recognized financial stability risk, and quantum decryption would undermine not just confidentiality but also authentication and integrity anchors (eg signatures and certificates).
For the broader crypto ecosystem, the report’s reminder about digital signatures is the uncomfortable part: any scheme whose long‑term trust depends on RSA/ECC‑style assumptions needs a credible PQ signature path. Additionally, “harvest now, decrypt later” is not limited to bank wires—it applies to encrypted key backups, compliance archives, and any sensitive communications whose value persists.
For the PQC community, Leap implicitly endorses a strategy of operational experimentation under uncertainty: deploy hybrid, measure, and preserve the ability to replace algorithms as standards and cryptanalysis evolve – exactly the posture advocated by national guidance and NIST migration work.
My take on what this means for post‑quantum readiness
Project Leap doesn’t just say “PQC works.” It removes the last credible excuse for inaction in critical financial infrastructure: we can prototype, we can measure, and we can begin migration before a crisis forces rushed upgrades.
The hard problem is institutional: cryptographic inventory, procurement leverage over appliance vendors, interoperability governance across FMIs, and sustained staffing. If leaders continue to treat PQC as a 2028–2035 concern, they will arrive there with 1998‑style crypto agility – exactly the mismatch that made prior deprecations (MD5‑class failures) drag on for a decade. Leap’s most valuable contribution is making agility – and migration discipline – non‑optional.
Quantum Upside & Quantum Risk - Handled
My company - Applied Quantum - helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto‑inventory, crypto‑agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof‑of‑value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.
