18-07-2023 | By Liam Critchey
Digital payments and digital banking have become more and more popular over the last decade or so and have replaced cash transactions in many parts of society. The adoption of online banking and digital payments was also accelerated during the COVID-19 pandemic when most transactions involved no cash at all in preventing viral transmission.
While physical money is not obsolete, it is less commonly used in many parts of the world (especially the Western world). If society is to switch to digital payments being the main way of paying, then they need to have a similar level of security as physical payments—especially being tamper-resistant and untraceable. However, digital payments also need an extra layer of security because, unlike physical notes, digital payments are susceptible to digital attackers and data breaches, so digital payment providers need to be more vigilant in the prevention of cyberattacks.
 Recent advancements in quantum technologies have shown great potential in enhancing the security of digital transactions. Quantum cryptography, for instance, offers a level of security that is theoretically unbreakable, making it an attractive solution for securing digital payments.
Current Security Measures in Digital Payment
Current digital payment technology is already encrypted. In today’s transactions, the sensitive banking data inputted by a customer is turned into random tokens and the unique sequence is secured with a cryptographic function called a cryptogram. However, as many will know, banking data is just as privy to data breaches and cyber-attacks if a high enough computational power is used.
Like many areas of cybersecurity today, quantum technologies have the potential to create a more secure communication channel between two user points. Quantum communication channels have the potential to protect digital transaction channels by a much greater degree than classical methods, even against attacks with infinite computational power.
Inside a Quantum Research Facility
Turning Towards Quantum Cryptography
Quantum cryptography has been a rapidly growing area of interest when it comes to both the cybersecurity and quantum technology fields, with the potential for quantum channels to run alongside classical communication channels and provide an enhanced level of security. Current classical cryptography systems rely on computationally hard mathematical problems, but it’s possible to replace these with new quantum systems that are resistant to high-powered computational attacks—as a high computational power can still break through these classic computational problems if enough computational power is used.
 The Quantum Communications Hub, a major collaboration of university and industrial partners funded through the UK National Quantum Technologies Programme is accelerating the development and commercialisation of quantum secure communications technologies. This includes Quantum Key Distribution (QKD), a mature quantum technology that enables ultra-secure distribution of encryption keys.
There have been some developments in the field so far that use quantum technology to provide an extra layer of security. However, with the development of quantum algorithms comes the good and the bad, so while quantum algorithms can be used as a protection against cyberattacks, they could also be used to perform an attack as they can have a much higher degree of computational power than classical algorithms. So new cryptographic systems also need to be resistant to quantum attacks as well, and while a number of potential solutions have been developed to some degree, some of them are still privy to being broken by high-powered computational attacks.
Quantum Key Distribution (QKD) the Conventional Choice for Trusted Parties
Quantum mechanical laws can provide an added layer of security against high-powered computational attacks. The general field of information security is growing, with quantum key distribution (QKD) being the most widely matured and implemented quantum technology today. QKD allows to trusted parties to communicate over a public channel without the fear of the data being intercepted by classical computational attacks.
QKD uses a quantum channel alongside a classical channel, where a secure key (a randomly distributed number sequence) is generated from the random polarisation of photons. In QKD, both the classical and quantum channels generate a sequence, but the data is held in the quantum channel. So, if a hack takes place in the classical channel, the users can see that an attack was attempted (as there will be an imperfection in the signals), but no data can be obtained. QKDs have been growing in use for communications between trusted parties, and it’s now possible to secure connections over 500 km when using optical fibres and 1000 km when using satellites.
However, most digital payments nowadays are not made between two trusted parties, and most payments are usually between a customer and a merchant. This can take the form of contactless purchases between in-person interactions between a merchant and a customer or through an online banking purchase. This brings its own set of challenges when trying to integrate quantum-based security systems as these digital payments are susceptible to attack from external hackers (or from a direct malicious transaction due to unscrupulous merchants), but QKD is not a suitable cryptography method in these instances.
For transactions of this nature, there needs to be a binding commitment between the customer, the merchant, and the bank (or the payment provider if it’s a third party) to guarantee that the transaction is valid. This is typically done using a cryptogram, which uses a hash function to guarantee a one-time purchase. However, because not all the parties are trusted in merchant-customer purchases, QKD cannot be used to provide a guarantee on the validity of the transaction because the cryptogram (which is the classical output) is handled by the untrusted parties themselves—rendering the safety of the communication useless if the merchant is the one who is the perpetrator of the malicious transaction. So, for these types of digital transactions, other quantum technologies are being sought to provide a greater degree of security.
Quantum Light Could offer A Solution for Untrusted Parties
There have been a number of investigations into using quantum light in the banking space. Previous studies have looked at using quantum light to prevent banknote counterfeiting, as well as preventing double spending with either tokens or credit cards. However, introducing these concepts into everyday spending scenarios is no easy task because the quantum states need to be stored across much longer time periods—such as days or months—to ensure that users can spend flexibly using their normal, everyday habits. Unfortunately, the required time frames are well beyond what is possible with quantum storage operations today—which range from a few microseconds to a few minutes.
While quantum storage is not feasible, quantum light can provide a number of practical security advantages compared to classical methods for everyday payments. Researchers have now used quantum light to guarantee a one-time purchase. Like classical payments, the system involves a customer, a merchant, and a bank/credit card institute.
In this system, none of the classical or quantum communication channels are deemed to be trusted other than an initial step between the customer and the bank that is required to create an account. Other than the bank, it is assumed that any of the other parties could act maliciously.
When a payment is made, the bank sends a set of quantum states (in the form of quantum light) to the customer’s device. The device then measures the quantum states and converts them into a quantum-secured token, i.e., a quantum cryptogram. The customer then uses this token to pay the merchant, and the merchant contacts the bank for payment verification. If it’s accepted, then the money is transferred by the bank from the customer’s account to the merchant’s account.
Advantages and Challenges of Quantum Light-Based Payment Systems
In this quantum payment process, the cheating probability is very low and is resistant to noise and loss-dependent attacks. For the customer, the implementation of such a quantum system does not require any challenging technology implementation other than single-photon detection. The sensitive information belonging to the customer is guaranteed to be sealed, and no cross-communication protocols are required to validate a transaction when multiple verifier branches are involved.
Additionally, any feasible payment system must be able to reject payments without compromising the sensitive data of the customer. In this system, the payment is sent over the quantum channel and the cryptogram over the classical channel. If the cryptogram comes back malformed, then the payment will be rejected. This behaves in a similar way to QKD, where the quantum channel transmits the sensitive data and the classical channel checks for any malicious intent (in this case, a malicious payment or a hack in the case of QKD).
The current system does have longer than ideal communication time in its current state (this can be rectified with stronger light sources), but it presents an opportunity to develop a new quantum cryptographic system that can be used with untrustworthy parties. This approach does not hinge on long-term quantum storage or the use of trusted agents and authenticated channels, so it could be more accessible for everyday payments compared to other quantum cryptography methods.
The Quantum Communications Hub and Its Contributions to Quantum Secure Communications
The Quantum Communications Hub, a major collaboration of university and industrial partners, has been instrumental in accelerating the development and commercialisation of quantum secure communications technologies. Some of their notable achievements include the creation of the UK's first Quantum Network, the miniaturisation of QKD technologies, and the demonstration of free-space QKD between handheld devices2.
Their vision for the future includes extending the UK Quantum Network, further miniaturising QKD technologies, overcoming distance limitations of terrestrial fibre-based QKD, and developing new quantum sources, detectors, and protocols beyond QKD2.
The University of Oxford is working on the development of miniature, reliable, low-cost, handheld QKD systems. These systems have the potential to provide future contactless payment methods and a wide range of other applications. They are also working on combining fibre QKD with free-space QKD to create secure wireless systems that could be used in next-generation mobile networks2.
Conclusion: The Future of Quantum Secure Payments
The evolution of digital payments is moving at a rapid pace, and the integration of quantum technologies presents a promising path towards enhanced security. Quantum cryptography, particularly Quantum Key Distribution (QKD), has already shown its potential in securing communications between trusted parties. However, the challenge lies in adapting these technologies for transactions involving untrusted parties, which constitute a significant portion of digital payments today.
The use of quantum light in digital payments is a promising development that could overcome some of these challenges. While there are still hurdles to overcome, such as the need for long-term quantum storage and the development of more robust light sources, the potential benefits are significant. The ability to guarantee one-time purchases and protect sensitive customer data, even in the presence of potentially malicious parties, could revolutionise the security of digital transactions.
With ongoing research and development in institutions such as the Quantum Communications Hub at the University of Oxford, the future of quantum secure payments looks promising. As these technologies continue to mature, they could potentially become a standard feature of digital transactions, providing an unprecedented level of security and trust in the digital payment landscape2.