Unpredictable quantum keys – using physics as cybersecurity
• Unpredictable quantum keys are a mind-boggling way to ensure data safety.
• That which cannot be predicted, can be neither cracked nor hacked.
• Preparing for a quantum future right now makes sound business sense for your data.
As part of our look into the businesses using the UK’s Cyber Runway from Plexal in 2023, we talked to a handful of this year’s cohort. George Dunlop, co-founder and director of partnerships at Quantum Dice, a provider of unpredictable quantum keys, was next to sit down with us.
We felt the need to make an early confession.
Every time we read about quantum technology, it boggles our brain for a good half hour before it even starts to make sense. But quantum technology is often described as the next big revolutionary model in the tech world – and yet it’s here. Now.
What’s the market like for unpredictable quantum keys right now? And how has it been moving in the last year or two?
We’ve seen a great maturation in the space, but it’s not an uncommon experience that you just described with quantum. The focus in the market right now is really driving value in applications.
So making esoteric physics into business value?
In quantum technology, we’ve seen physics move from an academic research area to an ecosystem of technology applications. Emerging solutions are coming to demonstrate specific, clear commercial value. One of the most mature areas in quantum technology right now is in its application to cybersecurity, which is driving value around the unpredictable quantum keys we use to lock and unlock our data.
The value add of quantum keys.
In the past few years, we’ve also seen significant acceleration in the cybersecurity industry, which has uncovered a couple of vulnerabilities in existing solutions, where quantum can offer a value add.
Most notably, we’ve seen the discovery of a vulnerability in firewalls, where it was found that the keys companies were using had insufficient entropy or randomness.
The second law of thermodynamics. Entropy increases…
And if you want to produce better quantum keys, you need a good and trusted locksmith for your cybersecurity applications – which is where quantum technology can come in.
We’ve spoken to other players in the quantum market, and it seems to be a reverse-driven process, right? The weaknesses in our current cybersecurity posture were often discovered by people looking at the things they’d have to do to ensure their cybersafety once the big quantum technology explosion happens, when we get quantum computers that point and laugh at what we currently call data security.
To what extent do people understand the need for things like quantum keys at this stage?
Let him who hath understanding reckon the number of the keys…
That depends who you ask. If you ask the general public, probably not at all. But in cybersecurity and industry, it’s been known and understood since the late 90s.
As you say, the big quantum point is coming – the point where quantum computing becomes stable enough to become a mundane reality. We can debate when it’s coming, but it’s known that it’s on the horizon. So yes, it’s fairly well understood, and there has been that sort of reverse-engineering at work. Sometimes you don’t know a vulnerability is there until you go looking to solve something you’re assuming will be there in the future.
Be fair – that sounds very quantum…
So if we talk about quantum, there’s this application, but then there’s also what the technologies themselves can enable.
The thing in the past few years that has really driven understanding has been adding quantum to standards. The most recent development was NIST in the US issuing the draft standards for the tools that will be used to protect against quantum computers.
Now, if you have a vulnerability, or you have a risk, the key step is being able to measure that risk, so you can quantify both your exposure and your areas of vulnerability. So, one of the most mature areas is quantum key generation, which means there are actually benefits the technology can add now, by being able to measure the quality of your keys in real time.
That’s a measurement that quantum systems offer, where you’re able to measure where your randomness comes from, and actually delve down into the origin of your trust.
Quantum keys: the dummies’ guide.
Boggling jussst slightly, but let’s stick with it. We understand how quantum random number generators would work in terms of locking things up. We’re a little sketchy on how they then can be unlocked by the rightful owner of the data.
Right. If you think of your enterprise as a building, you build your walls, your doors, your locks and your keys, to protect your data or yourself.
There are many tools and bits of software you can use. For example, you can use software encryption as a lock to protect our data. Now, when you ask the question “How do you want to unlock the data?,” we’re talking about using quantum, an area of physics, to create high quality keys.
Quantum technology is also being used to create better locks for your data, for which the key can be produced to unlock it in the same way that a quantum computer for example would do (another area of quantum physics being used to break the whole house down – but it’s still a tool).
So when I talk about Quantum Dice producing high quality keys, we’re using the measurability we can use to provide proof and trust in the keys that you’re making, in the same way that you’d use another area of physics to build trust in a different tool you’re building.
Wait, wait, we think we’re getting it. So just like you use gravity to test the effectiveness of a spirit level, you use the principles of quantum physics – entropy, randomness and the gang – to test the effectiveness of a key, so companies can be reasonably sure that the key locks and unlocks their data – but that nothing else can get in or out?
Something like that.
There are ways and means of using quantum to lock and unlock data. And the key consideration for anyone in security is having trust and verification in the process by which you do that.
That’s the power of unpredictable quantum keys.
Still confused? Watch this.
THQ went for a short lie down in a darkened room at this point. When we came back, Jonathan Wood of security and compliance firm C2 Cyber was waiting for us, with unusual answers to questions of intelligence.
6 December 2023
5 December 2023
4 December 2023