A quantum-proof financial world: that's the scenario the U.S. Securities and Exchange Commission (SEC) wants to begin building.
On September 3, the organization presented the Post-Quantum Financial Infrastructure Framework (PQFIF), a plan that seeks to anticipate the day when traditional cryptographic algorithms are no longer secure against quantum computing, affecting Bitcoin, international banking and digital security.
According to the SEC:
“The U.S. digital asset ecosystem, built on current cryptographic standards, faces an existential threat from the rapid advancement of quantum computing. A cryptographically relevant quantum computer could breach the fundamental security protecting trillions of dollars in assets, creating systemic risk, catastrophic losses for investors, and a complete erosion of market confidence.”
Post-Quantum Financial Infrastructure Framework, SEC.
The SEC outlined a plan to protect the global financial system from quantum computing. Source: SEC.
Bitcoin, Ethereum, and digital assets in the spotlight
In the case of crypto assets, the document describes a mechanism used (understood as a simulation or test) to "protect crypto asset custody systems, including institutional wallets for Bitcoin, Ethereum, and stablecoins, which process $50 billion in daily transactions."
Two main measures were adopted in this process:
- Replacing the ECDSA algorithm with ML-DSA in institutional wallets to resist quantum attacks.
- Implementation of "quantum-safe wrappers in blockchain APIs," while maintaining compatibility with public and private networks.
The SEC's proposal is to replace current algorithms that protect transaction signatures, such as Bitcoin's ECDSA, which is potentially vulnerable to quantum computing. Instead, the SEC adopted the ML-DSA algorithm developed by the National Institute of Standards and Technology (NIST).
The algorithms endorsed by NIST, known as post-quantum, are designed to resist attacks from quantum computers that could break cryptography in the future.
As for the implementation of "quantum-safe wrappers" in the APIs (Application Programming Interfaces) used by cryptocurrency networks, this means adding a layer of protection to the communication channels between applications and networks.
This way, blockchains would be able to withstand attacks from quantum computers. The key to this approach, according to the SEC, is that it maintains compatibility with both public networks, such as Bitcoin or Ethereum, and private networks used in institutional financial environments.
According to the SEC, the result of this mechanism was that "100% of cryptoasset transactions" were protected against quantum threats, with an additional latency of only 8 milliseconds due to the implementation of security measures.
How would anti-quantum migration be implemented?
The SEC explained a pilot plan to migrate crypto assets stored in institutional wallets to quantum-resistant addresses.
That pilot plan was carried out (it is also understood that it was a simulation) with a global investment bank with a presence in 40 countries, which is required to comply with quantum-resistant standards by 2030.
Challenges identified include reliance on legacy systems, conflicting regulations across 12 jurisdictions, and the need to ensure operational continuity without interruptions during market hours.
The plan was divided into three phases:
- Discovery and Assessment (6 weeks): Infrastructure scanning, risk analysis, and migration plan generation.
- Pilot implementation (12 weeks): Testing on trading platforms and client portals, with deployment of hybrid keys and updating of security modules.
- Complete deployment (18 months): migration of banking systems, customer applications and file storage.
The outcome of the described scenario is a migration completed "eight months ahead of schedule, with 22% savings compared to the initial budget, 5% performance improvements, and 100% regulatory compliance across all jurisdictions."
Risks and time horizon
The SEC's plan also addresses when a quantum computer capable of breaking current cryptography might emerge.
Based on the Global Risk Institute's Quantum Threat Timeline Report, updated in 2025, the projection is as follows:
- By 2034: Between 17% and 34% probability that a computer capable of breaking RSA-2048 exists within 24 hours.
- By 2044: the probability rises to around 79%.
The report notes that these projections are uncertain and subject to unpredictable scientific developments. Some experts suggest the timescales could be shorter, while others consider them overly optimistic.
Vulnerabilities in traditional finance
Finally, the document also lists critical areas of traditional financial infrastructure that rely on algorithms such as RSA or elliptic curves ( ECC ), both of which are vulnerable to quantum attacks:
Online payment gateways, which use RSA and ECC to validate merchant credentials. Online banking platforms that rely on cryptography for login and transaction processes, ECC-based mobile payment applications to authenticate users, interbank transfer systems such as SWIFT or the Federal Reserve and credit and debit card processing. The SEC maintains that these sectors should immediately begin an orderly transition to post-quantum standards.