The new service protects against current and future cyberattacks, according to Quantinuum CEO, and works with existing cybersecurity systems.
Quantinumm’s software company Cambridge Quantum announced a new way to provide cryptographic keys that uses Honeywell’s H1, entanglement and an API. Quantum Origin can run on any quantum computer and is designed to integrate into existing cybersecurity solutions.
This new cloud-based method uses quantum entanglement to generate cryptographic keys and is based on verifiable quantum randomness, according to the company. The company generates the keys before encrypting them with a transport key and relaying them back to a customer.
Duncan Jones, head of cybersecurity at Cambridge Quantum, said Quantum Origin is kickstarting the quantum cybersecurity industry.
“We can isolate the particular bit of quantum behaviour we are looking for and then make it available to other systems so that everyone can benefit and security can be increased across the board,” he said.
Ilyas Khan, CEO of Quantinuum and founder of Cambridge Quantum, said that the key generator was tested on Oxford Quantum’s and IBM’s quantum computers.
“At the moment, the best results have come from a trapped ion system but that could change tomorrow,” he said. “The product is platform agnostic and could generate the key using any number of quantum computers that come online in the future.”
Jones said that Cambridge Quantum’s device-agnostic approach is what makes this service different from other attempts to use quantum computers for cybersecurity.
In a white paper about Quantum Origin, Cambridge Quantum describes device independence this way:
“In a fully device-independent (DI) protocol, only minimal assumptions are made about the physical device that executes the protocol. Instead, the device is treated as a black box, and the protocol simply provides inputs and interrogates the output from the device.”
The product supports RSA and AES algorithms as well as the post-quantum cryptography algorithms being standardized by the National Institute for Standards and Technology. The service is priced per key generated for customers.
Jones said that the company has export controls in place to screen customers who want to use the service.
“As part of our customer onboard process, we do due diligence to make sure use cases and destination countries are all above board,” he said.
Khan described Quantum Origin as a defensive technology as opposed to an adversarial one.
“We are focused on protecting the technology that creates the key, not selling it,” he said. “We are selling the product created by that technology.”
Cambridge Quantum will offer the new service to financial services companies and cybersecurity vendors initially and later to telecommunications, energy, manufacturing, defense and governments.
Encrypting data in space and over SDWANs
During a press call on Monday, leaders from two companies that have used these quantum keys explained their experiences with the new service.
Axiom Space used the service to send post-quantum encrypted messages between the International Space Station and Earth. The company’s first quantum encrypted message sent from the ISS was “Hello Quantum World.” Axiom chose Quantum Origin to protect data from in-space manufacturing, experiments, services and Department of Defense initiatives.
“If we can’t secure our data, that hurts a really expensive asset that is floating out in space,” David Zuniga said during the press call.
Axiom is building the infrastructure for low-Earth orbit operations and a commercial space station. The company plans to send humans into space in February 2022.
Khan said work done on the space station could be critically important to researchers now and in the future.
“We don’t want people hacking into systems and harvesting data to use later,” he said. “You’re not just protecting against future attacks, you’re protected today against the worst that the adversary can throw out.”
In a proof-of-concept project, Fujitsu used the service in its software-defined wide area network using quantum-enhanced keys with traditional algorithms. Houton Houshmand, CTO and research lead at Fujitsu, said that the new keys will protect applications, edge routing and cloud infrastructure from cyber attacks.
“We are looking above the stack over the SD WAN to protect the security of data inside the application and address data security needs of the application as well,” he said.
Growing concerns about standard encryption
A recent survey commissioned by Cambridge Quantum found that existing encryption methods may last only two more years. Dimensional Research conducted the survey for the quantum company in October and asked 600 cybersecurity professionals about these concerns. Sixty percent of respondents predict current encryption will be broken by 2023 by new and evolving technologies.
Only 21% said they were ready for this sea change in cybersecurity. Another 38% said they will be ready within the next two years. Unfortunately, only 20% of respondents said their organizations are allocating funds to address this challenge. An even smaller group — 13% — have purchased a solution to do so.
The survey also found that:
- 80% of respondents are worried that a quantum-powered attack could occur without warning
- 86% said they comply to regulations requiring critical data protections for an extended period