This startup just made a critical breakthrough in post-quantum encryption over public internet
Quantum computing and cryptography are two terms we’ve all probably heard of. But what about quantum cryptography or quantum encryption? Quantum cryptography is a new method of data encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data in a way that cannot be hacked. The key word here is “hack”
Unlike the traditional cryptographic systems that encrypt and protect data so that only the person who has the right secret key can decrypt it, quantum cryptography relies on physics, rather than mathematics, as the key aspect of its security model. Now that we understand what quantum cryptography/encryption is, let’s look at post-quantum cryptography.
Post-quantum cryptography (also known as quantum-resistant cryptography, quantum-proof, or quantum-safe) is focused on getting cryptography from being hacked by the new quantum computers. It refers to a set of cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack by a quantum computer. The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks. Now, one tech startup announced it has just achieved a critical breakthrough in quantum-safe cryptography orchestration.
Today, QuSecure, a post-quantum cybersecurity tech startup announced it has achieved the most recent breakthrough in quantum-safe cryptography orchestration with the launch of its QuEverywhere. It’s the industry’s first quantum-safe orchestration solution protecting encrypted private data on any website or mobile application with quantum-resilient connections and sessions, all with no end-user installation required.
QuEverywhere closes the loop for federal and commercial organizations’ end-to-end quantum-safe data protections and complements QuSecure’s previous product release, QuProtect™, which protects data in transit in data centers and in the cloud.
Prior to today’s launch, current PQC solutions either could not reach edge devices like laptops and mobile phones or required software installation on these devices which does not scale, is cumbersome and hard to manage. Now for the first time, organizations can benefit from post-quantum cybersecurity protection which brings quantum-safe encryption and the ability to dynamically upgrade cryptographic protections to connections between hundreds or thousands of devices and endpoints to protect sensitive data wherever it travels without installing software at the endpoint. As a result, organizations, their customers, and partners can be confident that encrypted data will remain secure.
One of QuSecure’s most recent customers is Swiss-based VeroWay, the leading alternative core banking and digital fulfillment software solution provider. VeroWay serves over 15 million global users and chose to deploy QuSecure since QuEverywhere has the capability to help scale VeroWay’s decentralized core banking engine to VeroWay’s goal of providing over 100 million digital vaults within the next 18 months. “As a leader for secure digital vault technology and fulfillment, we recognize the urgent need to maximize security of digital asset storage and transactions,” said Sean Prescott, CTO of VeroWay.
“The threat to networks, systems and data from quantum attacks is real, especially in the realm of digital assets,” added David Kalberer, Executive Director of VeroWay. “That is why we chose to work with QuSecure as they are the leader in intelligent switched network security. Their team and expertise are exceptional, having made our transition to a quantum-safe environment simple and seamless. We could not be more pleased with the outstanding team and technology from QuSecure.”
While getting to a cryptographically relevant quantum computer (CRQC, a quantum computer that can break our existing public key cryptography) will be challenging, today even the most conservative experts no longer debate if it will happen, but rather when these large-scale quantum computers will be realized. It is a mathematical certainty that CRQCs will break public key cryptography once quantum computers reach a certain scale. Sundar Pichai, the CEO of Google, estimates that we will have a CRQC in three to seven years. Since nation-states and other hackers are stealing encrypted data today, they may use a CRQC when it comes online to decrypt vast amounts of stolen data which could include very sensitive government, commercial and personal information.
Also, on Dec. 21, 2022, President Biden signed into law the Quantum Computing Cybersecurity Preparedness Act which states that, “Not later than 180 days after the date of enactment of this Act, the Director of OMB, in coordination with the National Cyber Director…shall issue guidance on the migration of information technology to post-quantum cryptography,” recognizing that the time to start the analysis and upgrade to post-quantum security is now.
With nearly 7 billion smartphones and 14 billion connected devices in use today, there are a significant number of security breach points. Reaching and protecting these devices has become a commercial, customer and personal cybersecurity issue in the “bring your own device to work” era. There is a growing need to bring IoT, edge, and personal devices under proper cryptographic controls, especially as hybrid workforces become more prevalent and employees access and share data via personal devices.
QuEverywhere, the latest functionality offered in QuSecure’s flagship QuProtect PQC solution delivers a post-quantum channel over the public internet as a quantum-safe conduit for data to reach devices outside an organization’s datacenter or cloud environment. For highly transactional industries such as banking and finance, QuEverywhere provides protection for data and transactions on-premises or in the cloud, on a mobile device or desktop browser, or in a networked system, without requiring users to install software. For example, financial institutions can use QuSecure’s quantum-safe encryption channels to protect bank deposits and transactions made by customers on mobile applications or browsers, while also securing payments from mobile apps or electronic funds transfer software.
“In QuEverywhere we have created a solution that no-one else has – frictionless install, avoiding dependence on operating system releases, while, for the first-time, enabling organizations to control their public internet cryptography by providing visibility into, and defense against, cryptographic attacks,” said Greg Bullard, QuSecure CTO and Head of Engineering. “I am incredibly proud of the disruptive and innovative solution built by this team.”
“The upgrade to quantum-safe cryptography is a necessary one that every organization will have to undertake sooner or later,” said QuSecure Chief Product Officer Rebecca Krauthamer. “Our mission is to use the impending advent of quantum computing as a catalyst to fundamentally fix how cryptography is used and managed. To do this we designed the QuProtect platform to make the upgrade painless and scalable so organizations can adopt the necessary defenses immediately. QuEverywhere is a huge leap forward in getting these protections to extend to every end user.”
QuEverywhere is an end-to-end feature of the QuProtect software solution that delivers PQC secure communications from the datacenter or cloud directly to end users and their devices, and back. Additionally, the software is fully compliant with NIST’s recommendations for standardized PQC algorithms and can immediately upgrade algorithms when current ones prove weak, safeguarding the data and communications of today and tomorrow.