In the waning years of the 20th century, the world’s business and government leaders were in a near meltdown as the realization that the computational cost-saving move to use two digits to represent a year would spell disaster when the world entered the new millennium. There would be no way computers could differentiate between, for example, the year 2012, and the year 1912.
Fortunately, the alarm sounded throughout the business and technology community, fixes were installed and the Y2K crisis — as it became known — was averted for the most part.
The threat that businesses face from the ability of quantum computers to crack current encryption techniques is potentially orders of magnitude more damaging than the Y2K bug, yet, because nobody exactly knows when quantum computers will be powerful enough to render current techniques obsolete, businesses do not have the luxury of a looming January 1, 2000 deadline to prepare.
For Cambridge Quantum Computing’s cybersecurity chief, the message is simple: prepare right now and get started by using keys for cybersecurity that are generated from today’s quantum computers.
Duncan Jones, head of Cambridge Quantum Computing’s (CQC) Quantum Cybersecurity, is taking on the tall order of simultaneously educating clients and potential clients about this wave of quantum disruption, while overseeing the development and commercialization of CQC’s formidable tools that can both mitigate quantum’s threats to cybersecurity, as well as use the technology’s robust ability to improve privacy and security.
As a pioneering quantum firm, CQC has a unique position in bringing quantum products to market. Following their successful work in generating verifiably quantum entropy from IBM’s quantum computers, the company is now able to provide clients with keys that are generated from this – literally – unhackable seed. The first such keys will be available to clients as early as Q2 2021.
Jones added that the company’s already established external reach has given CQC’s cybersecurity team a read on how the market is — or is not — preparing for quantum.
“We are fortunate because of our position in the ecosystem as one of the largest, if not the largest, quantum software houses, that allows us to have a lot of conversations with people,” said Jones. “And we’re starting to get a real feel for what companies are thinking about when it comes to cybersecurity and how they view quantum in that regard.”
Quantum Can Be an Adversary — and an Ally
Obviously, some of those conversations reveal that companies see quantum as a looming adversary, capable of cracking sophisticated encryption methods. However, other companies — even in a cybersecurity context — are beginning to see the technology’s positive potential. These leaders also realize that they will need to migrate their current systems as soon as possible to models that are under development that will be secure even in the quantum era.
“There’s a growing realization that quantum can be an ally in the world of cybersecurity, as well, and that’s something I want to foster,” said Jones. “We definitely need to be thinking of quantum computers as a threat and we definitely need to be thinking about that migration, but we also need to realize that quantum computers already provide the tools that will improve cryptography and security.”
Some organizations see quantum as a far-off threat, a few decades away. However, Jones says that misses an important point. If quantum computers are completely realized in the future, it is not just current information that is vulnerable, but possibly past data, too.
“As soon as we cross this point in time when quantum computers are able to unpick this data, then you would technically be able to read the past like an open book,” said Jones. “The question that companies and organizations — particularly governments and the military — need to be asking is: ‘Are we sharing something today that will still have value to somebody in ten years time?’”
“One of the things we tell customers is they need to start thinking about this now.”
He added that, to be on the safe side, he recommends planning for that inevitable quantum threat now.
“One of the things we tell customers is they need to start thinking about this now,” said Jones. “Working with our partners at IBM and Honeywell we will be generating and providing this critical protection very soon. Our keys, both classical, as well as PQE provide the very best security today and for the future.”
Jones said that, in addition to CQC’s external reach — allowing them access to global leaders who are contemplating quantum cryptographic issues — the company also has scientific depth.
“There’s no escaping the fact that the beating heart of the company is eager, earnest scientists working hard at the leading edge of this technology,” said Jones.
“In fact the keys that we generate using verifiable quantum entropy were made possible thanks to the work that has been done in our Cambridge campus on TKET – the class leading quantum software platform. We use its advanced optimization and routing capabilities to ensure our algorithms are efficient and effective on today’s devices.”
CQC has several units that focus on different aspects of the quantum industry, such as quantum AI and chemistry, for example. Jones said that this depth offers unique synergies and connections for his own team.
“We can build on the knowledge elsewhere in the organization — for example, when it comes to actually deploying our technology on these computers, we have support of the t|ket⟩™ team and we can confidently run our algorithms effectively on a wide variety of machines,” said Jones. “In fact, the keys that we generate using verifiable quantum entropy were made possible thanks to the work that has been done in our Cambridge campus on TKET – the class leading quantum software platform. We use its advanced optimization and routing capabilities to ensure our algorithms are efficient and effective on today’s devices.”
Work With National Physics Laboratory and IBM
CQC is using some of that scientific depth in preparing for quantum’s cybersecurity threat by developing products to counter that threat and enhance security. They have already established key collaborations with major quantum companies and national labs.
Duncan points to CQC’s work with the National Physics Laboratory on quantum random number generators as evidence of the company’s leadership in providing solutions right now. Random Number Generators, or RNG, serve as the backbone of most of the world’s cybersecurity schemes. Quantum random number generators (QRNGs) use the inherent randomness of quantum processes to produce truly random numbers, with no risk of the same random sequence being produced by identically manufactured and prepared QRNGs.
The QRNG are vastly superior to classical RNG and CQC is pushing the envelope further with the world’s first certifiably-quantum QRNG, according to Jones.
“We’ve established a very close collaboration with NPL,” said Jones. “In fact, our scientists are working on the project in the NPL laboratories.”
This crucial breakthrough has now become a product that is currently available to all IBM Q network members and keys generated using this maximally random source will be available from CQC during late Q1 or Q2 this year.
In September 2020 CQC also announced with IBM that they had successfully generated verifiable quantum entropy which provides device independent maximal security and makes full use of quantum computers today. This crucial breakthrough has now become a product that is currently available to all IBM Q network members and keys generated using this maximally random source will be available from CQC during late Q1 or Q2 this year.
The Quantum Pull
Jones, a Cambridge University graduate, formerly held cybersecurity roles in companies such as Thales and Arm.
The pull of quantum, however, was just too great.
“I was attracted to quantum because its latent potential for cybersecurity is huge,” said Jones. “I joined CQC in the last month or so and we have a really exciting year ahead with some of the opportunities that come from our relationships with companies around the world.”