Quantum-enhanced keys on demand add security against cyberattacks

Article By : Nitin Dahad

The new Quantum Origin platform uses the unpredictable nature of quantum mechanics to generate cryptographic keys seeded with verifiable quantum randomness.

A new commercially available quantum-enhanced, cloud-hosted key generation platform is now available to deliver cryptographic keys derived from the output of a quantum computer and ensure data is protected at foundational level against evolving cyberattacks.

The new service, Quantum Origin, uses the unpredictable nature of quantum mechanics to generate cryptographic keys seeded with verifiable quantum randomness from Quantinuum’s H-Series quantum computers, Powered by Honeywell. (Quantinuum is the company formed from the combination of Honeywell Quantum Solutions and Cambridge Quantum).  It supports traditional algorithms, such as RSA or AES, as well as post-quantum cryptography algorithms currently being standardized by the National Institute for Standards and Technology (NIST).

Cambridge Quantum said that Quantum Origin is the first commercial product built using a noisy, intermediate-scale quantum (NISQ) computer and has been built to secure the world’s data from both current and advancing threats to current encryption. The cryptographic keys generated by Quantum Origin can be integrated into existing systems.

Randomness is critical to securing current security solutions as well as protecting systems from the future threat of quantum attacks. These attacks will further weaken deterministic methods of random number generation, as well as methods that are not verifiably random and from a quantum source.

Today’s systems are protected by encryption standards such as RSA and AES. Their resilience is based on the inability to “break” a long string from a random number generator (RNG). Today’s RNGs, however, lack true, verifiable randomness; the numbers being generated aren’t as unpredictable as thought, and, as a result, such RNGs have been the point of failure in a growing number of cyberattacks. To add to this, the potential threat of quantum attacks is now raising the stakes further, incentivizing criminals to steal encrypted data passing over the internet, with a view to decrypting it later using quantum computers. So-called “hack now, decrypt later” attacks.

With Quantum Origin, when an organization requires quantum-enhanced keys to be generated, it can now make a call via an API. Quantum Origin generates the keys before encrypting them with a transport key and securely relaying them back to the organization. To give organizations a high-level of assurance that their encryption keys are as unpredictable as possible, Quantum Origin tests the entire output from the quantum computers, ensuring that each key is seeded from verifiable quantum randomness.

These keys are then simple and easy to integrate within customers’ existing systems because they’re provided in a format that can be consumed by traditional cybersecurity systems and hardware. This end-to-end approach ensures key generation is on-demand and is capable of scaling with use, all while remaining secure.

Quantum Origin keys can be used in any scenario where there is a need for strong cybersecurity. At launch, Cambridge Quantum is offering Quantum Origin to financial services companies and vendors of cybersecurity products before expanding into other high priority sectors, such as telecommunications, energy, manufacturing, defense and government.

The company said the technology has already been used in a series of projects with launch partners. Axiom Space used Quantum Origin to conduct a test of post-quantum encrypted communication between the ISS and Earth – sending the message “Hello Quantum World” back to earth encrypted with post-quantum keys seeded from verifiable quantum randomness. Fujitsu integrated Quantum Origin into its software-defined wide area network (SDWAN) using quantum-enhanced keys alongside traditional algorithms.

Fujitsu_CambridgeQuantum_CaseStudy
In this example, Fujitsu’s SD-WAN configuration has been adapted by replacing the native VPN with OpenVPN software. This implementation uses OpenSSL, which obtains the keys seeded with quantum entropy over a simple web API distribution service from Quantum Origin. The keys are used in the generation of certificates in the OpenVPN and other Fujitsu SD-WAN network components. The diagram shows the OpenVPN tunnel providing SD-WAN secure communications, based on the certificates generated using the Quantum Origin keys. (Image: Cambridge Quantum)

Ilyas Khan, CEO of Quantinuum and founder of Cambridge Quantum, said, “We have been working for a number of years now on a method to efficiently and effectively use the unique features of quantum computers in order to provide our customers with a defense against adversaries and criminals now and in the future once quantum computers are prevalent. Quantum Origin gives us the ability to be safe from the most sophisticated and powerful threats today as well as threats from quantum computers in the future.”

Duncan Jones, head of cybersecurity at Cambridge Quantum, said, “When we talk about protecting systems using quantum-powered technologies, we’re not just talking about protecting them from future threats. From large-scale takedowns of organizations to nation state hackers and the worrying potential of ‘hack now, decrypt later’ attacks, the threats are very real today, and very much here to stay. Responsible enterprises need to deploy every defense possible to ensure maximum protection at the encryption level today and tomorrow.”

In a white paper, Cambridge Quantum highlights the essential role that cryptographic keys play in encrypting sensitive data in any security infrastructure. These keys are all that stand between the hackers and valuable secrets, whether that is customer data, medical data, financial records or intellectual property. A recent study from KeyFactor showed that 1 in 172 certificates are so fundamentally weak, they can easily be broken by today’s computers. These sorts of weaknesses are difficult to identify in real world systems before it’s too late. This is because cryptographic keys are generated from random data, which must be unpredictable in order to be truly secure. Unfortunately, current solutions to randomness generation cannot provide strong guarantees on the quality of their output.

In particular, even the supposed randomness may not be as unpredictable as we think as it is deterministic in nature. Cambridge Quantum said that this is where quantum mechanics provides the answer. Unlike classical physics, quantum mechanics is non-deterministic in nature. This means even with unbounded computational power, it is not possible to predict how some quantum processes will behave. This is the reason why cryptography must move towards quantum sources of randomness to ensure that keys remain unpredictable even as computing power increases exponentially.

This article was originally published on Embedded.

Nitin Dahad is a correspondent for EE Times, EE Times Europe and also Editor-in-Chief of embedded.com. With 35 years in the electronics industry, he’s had many different roles: from engineer to journalist, and from entrepreneur to startup mentor and government advisor. He was part of the startup team that launched 32-bit microprocessor company ARC International in the US in the late 1990s and took it public, and co-founder of The Chilli, which influenced much of the tech startup scene in the early 2000s. He’s also worked with many of the big names—including National Semiconductor, GEC Plessey Semiconductors, Dialog Semiconductor and Marconi Instruments.

 

Virtual Event - PowerUP Asia 2024 is coming (May 21-23, 2024)

Power Semiconductor Innovations Toward Green Goals, Decarbonization and Sustainability

Day 1: GaN and SiC Semiconductors

Day 2: Power Semiconductors in Low- and High-Power Applications

Day 3: Power Semiconductor Packaging Technologies and Renewable Energy

Register to watch 30+ conference speeches and visit booths, download technical whitepapers.

Leave a comment