DevOps Tools / IoT edge computing / Security

New Company Quantinuum Offers Quantum-Based Encryption

17 Dec 2021 6:00am, by

Quantinuum, a new company spawned by the merger of Honeywell’s quantum computing unit and startup Cambridge Quantum, has launched a service to tackle the thorny cybersecurity issue of encryption keys.

The new company recently unveiled Quantum Origin, a commercial service that leverages software developed through Cambridge Quantum and Honeywell’s year-old H1 quantum computer to generate numbers for encryption keys that have a randomness that surpasses that of traditional methods and can only be created by a quantum system.

“Quantum origin will represent the first commercial product that’s out there in the world that’s genuinely using the output from a quantum computer to do something that a classical computer simply cannot do,” Duncan Jones, head of quantum cybersecurity at Cambridge Quantum, now a wholly-owned subsidiary of Quantinuum, told The New Stack. “What Quantum Origin does is it’s the cloud-based platform for generating the strongest cryptographic keys that we’ve ever seen.”

Not Your Old Way of Generating Keys

Jones said what Quantinuum is offering is unlike random number generators (RNGs) used by classical computers and even quantum RNGs used in the past.

“Because we’re using a quantum computer, we’re benefiting from properties of quantum mechanics like entanglement and we’re able to generate randomness that we can prove is … as close to perfect as one can ever get,” he said. “That differs quite strongly from all previous attempts, mostly in the fact that other methods of generating randomness can’t get anywhere close to the quality that we have.”

Randomness in the generation of encryption keys is crucial to ensure that encrypted data remains secure against cyber threats. Current methods provide certain levels of randomness in long strings of numbers, but shortcomings like imperfect hardware and changing operating conditions impacting quantum circuits have made it possible for bad actors and governments to detect patterns and leverage algorithms to crack the keys and decrypt the data.

Current RNG methods also cannot accurately verify the randomness of the numbers generated, which indicates that those numbers are not as random as predicted, Jones said.

Threat of ‘Hack Now, Decrypt Later’

There also is another threat on the horizon: that of cybercriminals and nation-states eventually being able to use quantum computing technology to more easily break encryption codes in the future. This has led to bad actors stealing data now with plans to decrypt it later when possible, which are termed “hack now, decrypt later” attacks.

There is growing concern among enterprises about the threat emerging technologies pose. A survey of more than 600 cybersecurity professionals earlier this year found that 70% of respondents expect such technologies will compromise existing methods of encryption, with 60% saying this will happen as early as 2023, according to a report by Cambridge Quantum released this week. In addition, 75% said quantum-enabled attacks will defeat current encryption techniques.

Only 21% of those surveyed felt prepared for such new encryption attacks and another 38% said their organizations would be ready within two years. Twenty percent said money was being allocated at their organizations to address the issue.

Data Protection Now and in the Future

Quantinuum’s quantum RNG service will help organizations protect data now and as the newer technologies come on the scene, Jones said.

“Not only will we be bringing a world’s-first in terms of a quantum computing power product, but we’re also finally solving a long-standing problem in cryptography which is, how do you generate the completely unpredictable randomness that we need in order to generate the encryption keys that we can trust?” he said.

The service will be powered by Honeywell’s 10-qubit H1 quantum computer, which uses a trapped-ion modality to create the qubits. Cambridge Quantum will make the encryption keys generated by the Quantum Origin platform available to customers either directly or via cybersecurity vendors the company is partnering with. They will be charged on a per-key basis based on the number of keys generated each month.

Starts with an API Call

Organizations that want to leverage the quantum RNG service can make an API call and Quantum Origin will generate and encrypt the keys using a transport key. The encryption keys will be securely sent to the organizations. Quantum Origin will then test and verify the randomness of each key.

The keys are delivered in a format that can be run on classical computers running traditional cybersecurity solutions. The service supports algorithms used by traditional encryptions standards like RSA and AES as well as post-quantum cryptography algorithms being standardized by the National Institute for Standards and Technology (NIST).

Cambridge Quantum is initially offering Quantum Origin to financial services firms and cybersecurity vendors, with plans to expand into other high-priority sectors like energy, manufacturing, defense, government and telecommunications. Axiom Space, which is designing the first commercial space station, ran a test using Quantum Origin of post-quantum encrypted communication between the International Space Station and Earth, sending a message that read “Hello Quantum World.”

Fujitsu also is integrating Quantum Origin into its software-defined WAN (SD-WAN) technology using quantum-enhanced keys with traditional algorithms.

Cybersecurity a Low-Hanging Fruit

Jones said Cambridge Quantum zeroed in on cybersecurity as the sector for its first product because it’s the first problem that the company could solve with a quantum computer that couldn’t be addressed by classical systems. Another reason is the rising sophistication in current cyberattacks, as illustrated by those involving Colonial Pipeline and SolarWinds.

“We see a market that’s out there that’s frankly a bit terrified, that really wants to make sure that it understands every layer in its cybersecurity stack and to strengthen every layer,” he said. “Until now, the cryptography has been a rather opaque, just-trust-us layer. You buy some equipment with the hope it keeps working probably forever. We can now say we can give you keys that are provably secure against today’s threats as well as tomorrow’s.”

Quantinuum Is Born

Honeywell and Cambridge Quantum in June announced plans to merge Honeywell’s quantum business with the startup in a move designed to bring together leading quantum hardware and software portfolios and create a 400-person company in the rapidly growing quantum computing space.

Quantinuum President and COO Tony Uttley, who came to the company from Honeywell, told The New Stack that the new company has the size and product reach to be a “center of gravity” for the entire quantum ecosystem and plans to be product-agnostic with both its hardware and software offerings, working with other vendors in the space. Cambridge Quantum, which was a user of Honeywell’s H-1 system before the merger, also was a partner of IBM — another major figure in the quantum computing space — and Quantinuum will continue with the working relationship with IBM.

“One of the reasons we talk about ourselves being this integrated company is that we do have products that exist today that are quantum products,” Uttley said. “Those quantum products sit within software platforms that have been specifically designed for those products. [There is a] middleware layer, which is called TKET. There is open-source middleware that is both an optimizer and, very importantly, makes the algorithms that these developers all around the world are using or developing portable so they can use multiple different quantum computers as the back end of that TKET platform. We are also building an operating system, a true quantum operating system, and that’s where our H-Series hardware comes in.”

Honeywell owns about 40% of Quantinuum, though he said that the new company is talking with other potential strategic and financial investors.