A Comprehensive Framework Proposal for Understanding the Transition of the U.S. Financial System to Quantum Security

Global Digital Development Research Report Volume 3 Issue 38 (2025/9/15-2025/9/21)

This issue reviews the comprehensive framework proposal related to the transition of the U.S. financial system to quantum safety, for reference.

In today's rapidly advancing quantum computing technology, traditional encryption systems are facing unprecedented challenges. In September 2025, a policy proposal titled "Post-Quantum Financial Infrastructure Framework (PQFIF)" was formally submitted to the U.S. Crypto Assets Task Force (U.S. Crypto Assets Task Force - SEC), systematically proposing a comprehensive framework for the U.S. financial system's transition to "quantum safety." This document is not only a technical proposal but also a strategically significant policy blueprint aimed at ensuring that the U.S. maintains its leading position in global financial competition and fortifies its financial security before the arrival of the quantum era.

1. Policy Documents and Their Background

This document is jointly drafted by a cross-industry working group, aimed at providing a strategic and technical roadmap for the quantum-safe transition of the U.S. digital asset ecosystem. The document clearly states that the public key cryptosystems (such as ECDSA, RSA, etc.) relied upon by the current financial system are extremely vulnerable in the face of quantum computing. Once a cryptographically relevant quantum computer (CRQC) emerges, existing cryptographic mechanisms will face the risk of being completely compromised.

In terms of policy background, the U.S. government has repeatedly released strong signals to promote the transition to post-quantum cryptography (PQC). The executive order from January 2025, NSM-10 (National Security Memorandum 10), and the joint initiatives from agencies such as CISA, NSA, and NIST all explicitly require federal systems to fully migrate to PQC standards by 2035. As a critical infrastructure, finance is particularly at the forefront.

2. Safeguarding Trillions in Assets and Market Confidence

The core value of PQFIF lies in its foresight and systematization; it is not only a technological upgrade but also a direct response to the "Harvest Now, Decrypt Later (HNDL)" attack strategy. Attackers have begun to collect encrypted data in large quantities, planning to decrypt it once quantum computers mature, which poses a significant threat to the long-term confidentiality of financial data.

The implementation of this framework will directly support the three core missions of the U.S. SEC:

Protecting Investors: Preventing asset theft and data breaches caused by quantum attacks;

Maintain Market Integrity: Avoid systemic collapse caused by the failure of cryptocurrency;

Promoting Responsible Innovation: Providing a sustainable security foundation for the digital asset ecosystem.

Three, the Four Pillars of the Core Framework

PQFIF is designed as an end-to-end automated architecture that encompasses the entire lifecycle management from discovery, planning, implementation to monitoring. Its core includes:

Automated Quantum Vulnerability Assessment, utilizing AI-driven scanning tools to comprehensively identify quantum vulnerable algorithms in systems (such as RSA, ECC), and build a cryptographic asset inventory and dependency map.

Risk-based migration planning, utilizing the "Mosca theorem" and CARAF framework, prioritizing high-risk systems (such as payment processors, HSMs, digital custody systems).

Hybrid cryptography implementation, running traditional and post-quantum algorithms simultaneously during the transition period to ensure backward compatibility and business continuity. Supports NIST standard algorithms (ML-KEM, ML-DSA, SLH-DSA, HQC).

Continuous monitoring and compliance automation, integrating quantum threat intelligence platforms, dynamically adjusting migration strategies, and automatically generating compliance reports across multiple jurisdictions.

4. Cloud-native, Modular, Scalable

PQFIF adopts a cloud-native architecture, divided into control plane, data plane, management plane, and security plane, supporting zero trust and deep defense strategies. Its technical highlights include:

Cryptographic Agility: Supports seamless switching of algorithms to avoid facing the risk of "algorithm obsolescence" in the future;

Cross-chain and Cross-system Integration: Supports blockchain APIs, traditional banking systems, and cross-border payment networks;

Hardware Security Module (HSM) Upgrade: Supports PQC key management and quantum-safe backup;

Real-time Compliance Engine: Automatically aligns with domestic and international standards such as NSM-10, CNSA 2.0, DORA, ISO/IEC, etc.

V. Four Stage Advancement

The document presents a clear four-phase implementation path:

Foundation Phase (0–6 months): High-level commitment, budget allocation, comprehensive asset discovery and risk assessment;

Pilot Phase (6–18 months): Key system pilot migration and hybrid cryptography deployment;

Comprehensive Promotion (18–36 Months): Enterprise-level promotion and legacy system integration;

Optimization Phase (Over 36 Months): Continuous monitoring, algorithm updates, and quantum enhancement service development.

6. Risks and Challenges

Despite a comprehensive framework, multiple challenges still arise during the implementation process:

Technical Complexity: PQC algorithms have high computational overhead and large signature sizes, which significantly affect performance;

Skills Gap: There is a severe shortage of professionals who possess both PQC and financial system knowledge.

Third-party dependencies: The progress of supplier PQC varies, and coordination is difficult;

Compliance Complexity: Standards vary across multiple jurisdictions, requiring dynamic adaptation;

Cost Control: The federal government estimates that the total migration cost will reach $7.1 billion, and financial institutions need to plan carefully.

It is recommended that documents alleviate the above challenges through pilot verification, phased investment, collaboration with academia to cultivate talent, and prioritizing cloud service provider hosting solutions.

7. Quantum security is not the endpoint, but a new starting point

PQFIF is not just a defensive framework; it is a strategic engine that drives the comprehensive modernization, intelligence, and global interoperability of financial infrastructure. It marks the largest paradigm shift in cryptography since the 1970s and is a key measure for the United States to maintain technological sovereignty and market confidence in the digital financial era.

As stated in the document: "Quantum secure infrastructure is not the end, but the cornerstone for opening up the next generation of financial services." In a future driven by both quantum computing and artificial intelligence, only those who prepare in advance can sit steadily on the fishing platform.

The United States is declaring to the world through the PQFIF framework: Financial security in the quantum era must be built starting now.