TOKYO—Nomura Holdings, Inc. (Representative Executive Officer and President, Kentaro Okuda, hereinafter “Nomura HD”), Nomura Securities Co., Ltd. (Representative Director and President, Toshio Morita, hereinafter “Nomura Securities”), National Institute of Information and Communications Technology (President, Hideyuki Tokuda, Ph.D. hereinafter “NICT”), Toshiba Corporation (Representative Executive Officer and President and CEO, Nobuaki Kurumatani), and NEC Corporation (President and CEO, Takashi Niino, hereinafter “NEC”) will jointly verify the effectiveness and practicality of quantum cryptography technology in order to strengthen the security of data communications and storage in the financial sector. The tests will commence in December 2020.
 
This first-of-its-kind joint verification test in Japan will be conducted as part of the Cross-ministerial Strategic Innovation Promotion Program (SIP) "Photonics and Quantum Technology for Society 5.0” (Management Agency: National Institutes for Quantum and Radiological Science and Technology).

Background

The threat of cyberattacks on financial institutions is increasing, and there are growing concerns about its impact on the financial system. Since the Japanese Financial Services Agency announced the “Policy Approaches to Strengthen Cyber Security in the Financial Sector” in 2015, financial organizations in the country have been working to strengthen its security system. In recent years, the industry has been facing dramatic changes due to the acceleration of digitization and increased collaboration between companies beginning with application programming interface (API) integration. These environmental changes have brought more attention within the industry for the need to further strengthen security measures on financial systems.
 
Thus far, cryptographic technology is widely used to ensure the security of data communications within and outside the financial system. The current encryption code requires extremely complicated calculations to be decrypted by a third party, and it is said to take astronomical computation time to decrypt it. Therefore, it has been understood that it is realistically impossible for the content of the communication will be decrypted and/or intercepted. On the other hand, rapid progress in research and development of quantum computer technology is a potential threat to the current encryption technology, as it is known to be able to decrypt current cryptography at an extremely high speed.
 
In the financial sector, the protection of customer information is top priority, and there is an urgent need for new safety measures in preparation for such future threats.

About This Project

In this project, 5 parties including Nomura HD, Nomura Securities, NICT, Toshiba and NEC will test the use of quantum cryptography, the only cryptography system that in theory cannot be decrypted by any third party (eavesdropper who has unbounded computational power, including large scale quantum computing), to verify the applicability of the technology to the financial sector.
 
This is the first attempt in Japan to actually install and verify the equipment required for quantum cryptography in an actual system environment operating at a financial institution.

Overview of the Joint Verification Test

The five parties will conduct experiments to securely transmit pseudo-data (fictitious data) such as customer information and stock transaction data held by Nomura Securities by quantum cryptography. Also, the parties will verify the operation of the quantum secure cloud system, which performs backup storage and secure calculation processing using the secret sharing scheme for multiple data servers in remote locations.
 
Specifically, the joint verification tests will be conducted under the environment shown in Figure 1. The quantum key distribution system developed by Toshiba will be installed at Nomura Securities, and NICT’s quantum cryptographic network “the Tokyo QKD Network” which has been operating since 2010, will be extended to the Nomura Securities site.
 
Figure 1
Figure 1. An image of the verification test environment of quantum cryptography and quantum secure cloud system
The process of encryption/decryption of quantum cryptography is a simple logical sum of transmitted information/coded message and cryptographic keys (see Figure 2 below), which enables lower-latency encrypted communication than conventional cryptographic methods. For this reason, it is suitable for encrypted communication in transaction processing, which requires extremely low-latency communications.
 
In order to verify the level of low-latency, the tests will examine whether processing delays will occur when quantum cryptography is used in stock trading operations that requires transaction processing in milliseconds or less, large-capacity and high-speed communications.
 
In addition, in regards to the quantum secure cloud systems, internal measures will be updated to minimize the impact of any external intrusions into the system. This project will work on advancing safe and convenient access management technologies, as well as considering how to implement secure computation function that extracts and processes statistical information while maintaining confidentiality of customer data. 
 
In the future, based on the results of this test, the five parties will work on ways to utilize quantum cryptography and quantum secure cloud systems to strengthen cybersecurity in the financial sector and develop appropriate implementation plans.

Implementation Structure

This joint verification test will be conducted under the following structure.
  • Nomura HD and Nomura Securities: Providing its own system; generation of pseudo-data (fictitious data) compatible with actual financial practice; and verification of the applicability to financial practice, etc.
  • NICT: Operation and administration of Tokyo QKD Network; the provision of quantum secure cloud system; and functional validation in the financial environment.
  • Toshiba: Installation and operational support of quantum key distribution system; investigation and construction of a collaborative system using quantum cryptography and cryptographic communication applications based on experience and knowledge from other field experiments.
  • NEC: Investigation and construction of a collaborative system using quantum key distribution system and authentication technology for access management, based on experience and knowledge from development, operation and field demonstrations of quantum key distribution systems.
Cross-ministerial Strategic Innovation Promotion Program (SIP)
The SIP is a national program led by the Council for Science, Technology and Innovation (CSTI) of the Japanese Government with interdisciplinary management to realize scientific and technological innovation in Japan. It promotes interdisciplinary research and development which covers fundamental study to industrial application with industry-academia-government cooperation.

https://www.jst.go.jp/sip/en/index.html

API integration
API (Application Programming Interface) refers to procedures that define interactions between multiple software, and the connection method between different systems that calls on some of the functions of other systems based on the API, called the API integration.
Quantum cryptography
A cryptographic technology which uses a quantum key distribution (QKD) device that uses photons to share encryption keys, and an encryption technology that uses the encryption keys to encrypt and decrypt information using the one-time pad method. This technology makes it possible to realize extremely secure communication that cannot be deciphered in principle by any computer including a quantum computer.

Figure 2
Figure 2. Configuration of Quantum Cryptographic Lines
Quantum secure cloud system
The quantum secure cloud system is a cloud system that combines quantum cryptography and secret sharing technology to enable secure data distribution, storage, and utilization. The establishment of this technology not only ensures high security which cannot be tampered with or decoded, but also enables, for example, the collection, analysis, processing, and use of highly confidential data such as personal information and corporate information accumulated in medical care, new materials, manufacturing, and financial fields.
Figure 3
Figure 3. Image of the implementation of a quantum secure cloud system
Secret sharing
A technique in which original data is divided into multiple n distributed data (shares) with no meaning, and original data can be recovered only if more than k shares are collected (n > k). It provides confidentiality such that it is even impossible by quantum computer to recover the original data from less than k shares.
Tokyo QKD Network
This network is a testbed for Quantum Key Distribution (QKD) networks which NICT has been building and operating in Tokyo since 2010. QKD equipment developed by various industrial and academic institutions such as NEC, Toshiba, NTT-NICT, and Gakushuin University and others have been installed in this network. In addition to research and development for practical application of QKD network technology including R&D for equipment improvement, long-term operation tests, and interconnection and network operation tests, the Tokyo QKD Network is also proceeding with research and development of new security applications that integrates QKD network with modern security technology.

Contact information

Nomura Holdings, Group Corporate Communications Dept.

Tel: +81 3 3278 0591

National Institute of Information and Communications Technology,
Public Relations Department, Press Office

E-mail: publicity_atmark_nict.go.jp

Toshiba Corporation, Media Relation Group

Tel: +81 3 3457 2100

NEC Corporation, Corporate Communications Division

Tel: +81 3 3798 6511