• Security

HSBC: Post-Quantum Cryptography Migration for Global Banking

HSBC

HSBC initiated a quantum-safe cryptography migration program across customer TLS traffic, settlement systems, and inter-bank channels, benchmarking NIST PQC finalists on banking server hardware and piloting QKD for highest-security internal links.

Key Outcome
Kyber-768 TLS handshake adds under 2ms latency at banking scale. Dilithium-3 signature verification 3x slower than ECDSA but within acceptable bounds. Identified 40% of internal systems using legacy RSA requiring migration. Full PQC roadmap published targeting 2030 completion.

The Problem

HSBC processes trillions of dollars in transactions annually. The cryptography protecting that activity, RSA-2048 and ECDSA on P-256, is broken by Shor’s algorithm on a fault-tolerant quantum computer. Two timelines matter: “harvest now, decrypt later” attacks mean inter-bank settlements recorded today can be decrypted in 10-15 years, and HSBC operates dozens of banking systems across 65 countries where cryptographic migration takes years.

HSBC’s quantum security program inventoried cryptographic exposure, then benchmarked NIST PQC finalists (CRYSTALS-Kyber for key exchange, CRYSTALS-Dilithium for signatures) on real banking server hardware.

Kyber and Dilithium Benchmarks

# liboqs Python bindings: pip install liboqs-python
import oqs
import time

def benchmark_kem(algorithm: str, iterations: int = 1000):
    """Benchmark Kyber key generation, encapsulation, and decapsulation."""
    kem = oqs.KeyEncapsulation(algorithm)
    t0 = time.perf_counter()
    public_key = kem.generate_keypair()
    keygen_ms = (time.perf_counter() - t0) * 1000

    t0 = time.perf_counter()
    for _ in range(iterations):
        ciphertext, _ = kem.encap_secret(public_key)
    encap_ms = (time.perf_counter() - t0) / iterations * 1000

    t0 = time.perf_counter()
    for _ in range(iterations):
        kem.decap_secret(ciphertext)
    decap_ms = (time.perf_counter() - t0) / iterations * 1000
    kem.free()
    print(f"{algorithm}: keygen={keygen_ms:.2f}ms encap={encap_ms:.2f}ms "
          f"decap={decap_ms:.2f}ms pubkey={len(public_key)}B ct={len(ciphertext)}B")

def benchmark_signature(algorithm: str, message: bytes, iterations: int = 1000):
    """Benchmark Dilithium signing and verification throughput."""
    sig = oqs.Signature(algorithm)
    public_key = sig.generate_keypair()

    t0 = time.perf_counter()
    for _ in range(iterations):
        signature = sig.sign(message)
    sign_ms = (time.perf_counter() - t0) / iterations * 1000

    t0 = time.perf_counter()
    for _ in range(iterations):
        sig.verify(message, signature, public_key)
    verify_ms = (time.perf_counter() - t0) / iterations * 1000
    sig.free()
    print(f"{algorithm}: sign={sign_ms:.3f}ms verify={verify_ms:.3f}ms "
          f"sigsize={len(signature)}B tput={1000/verify_ms:.0f}ops/s")

payment_msg = b'{"amount": 100000.00, "currency": "USD", "from": "HSBCGB", "to": "DEUTDE"}'
benchmark_kem("Kyber768")
benchmark_signature("Dilithium3", payment_msg)

Hybrid TLS: Classical and Post-Quantum Together

HSBC’s test deployment used hybrid TLS, combining classical ECDH with Kyber in a single handshake. This means the session key is secure if either algorithm remains unbroken, protecting against both quantum and classical cryptanalytic advances.

# Hybrid key derivation: combine ECDH and Kyber shared secrets
import hashlib
import os

def hybrid_session_key(ecdh_shared_secret: bytes, kyber_shared_secret: bytes,
                        context: bytes = b"HSBC-TLS-hybrid-v1") -> bytes:
    """
    Derive a session key from both ECDH and Kyber shared secrets.
    Security holds as long as at least one primitive is unbroken.
    """
    combined = ecdh_shared_secret + kyber_shared_secret + context
    session_key = hashlib.sha3_256(combined).digest()  # 256-bit AES key
    return session_key

# Simulate hybrid handshake
ecdh_secret = os.urandom(32)   # would come from actual ECDH exchange
kyber_secret = os.urandom(32)  # would come from Kyber decapsulation
key = hybrid_session_key(ecdh_secret, kyber_secret)
print(f"Hybrid session key: {key.hex()}")
print(f"Key length: {len(key) * 8} bits (suitable for AES-256)")

Inventory, Results, and Migration Roadmap

HSBC’s system audit found 40% of internal systems using RSA-2048 or smaller (immediate migration priority), 35% using ECDSA/ECDH, and 10% symmetric-only (AES-256 is already quantum-safe). A parallel QKD pilot used ID Quantique hardware for highest-security inter-datacenter links, refreshing AES-256 session keys with information-theoretically secure QKD-derived randomness.

Performance benchmarks on banking server hardware:

  • Kyber-768 TLS handshake adds under 2ms, negligible vs typical 20-100ms API round-trip times
  • Dilithium-3 verification is 3x slower than ECDSA P-256 but remains within peak payment throughput capacity
  • Dilithium-3 signatures are 2.4 KB vs 64 bytes for ECDSA, increasing network overhead but not latency

HSBC published a phased roadmap: PQC library integration by 2025, hybrid TLS for customer systems and Dilithium for new payment infrastructure by 2027, full RSA retirement by 2030. The roadmap aligns with SWIFT’s quantum-safe working group guidance.

Learn more: Post-Quantum Cryptography Reference