The first quantum computer began its path at the turn of the 21st century. For some time they had revolutionary potential, yet weren't sophisticated enough to outrun any classic computer.
But what began as an unbelievable idea is now breaking our minds with occurring endless possibilities. Eventually, QCs have the potential to supply computational power that can drastically outperform traditional computers. This includes breaking some of our current convenient cryptographic tools. Luckily, one can fight fire with fire and use quantum ideas to secure our future communications.
To achieve a deeper understanding of quantum security technologies we contacted Chris Erven, CEO of KETS – a company that harnesses these quantum technologies to bring next-generation cybersecurity solutions to the market.
How did KETS evolve since its launch in 2016?
We actually started as an idea in 2015, making use of some of the excellent SETSquared programs (R2I and ICURe), and using what we learned to win the University of Bristol’s New Enterprise Competition. In 2016 we were consulting which helped us rapidly set up KETS. Since then, we helped found a first-of-its-kind quantum start-up incubator, the Quantum Technology Enterprise Centre (QTEC) at the University of Bristol, and were part of the first cohort in 2016-17. Over the course of the year, our 4 founders put together KETS’ business plan and pitch deck, got Seed funded by some excellent investors and worked with Airbus to fly our quantum key distribution (QKD) transmitter on one of their drones in the QDOS-Lite project.
You can read more about our projects on our website, which include working with BT on network use-cases and developing our prototypes in the AQuaSeC project, working with Airbus on a satellite QKD feasibility study in the ViSatQT project, working with NPL on the security assurance of our quantum random number generator (QRNG) in the AQuRand project, and our latest big project building the Quantum Data Centre of the Future in the QDCF project.
We have gone from 4 founders and no money, through 2 funding rounds, now 18 employees, and 2 office moves. We’ve completed our first QRNG product prototype and are about to release and test our first QKD product prototypes with early customers. So, in a nutshell, we have taken our academic work, the idea of a start-up, and built a real company leading the quantum security technologies revolution with our chip-based approach.
You describe your communication solutions as future-proof. What technology do you use to ensure the highest levels of security?
We are developing several quantum security technologies, but our first two products are quantum random number generator (QRNG) and quantum key distribution (QKD) development kits. It is QKD that allows you to ensure the highest levels of future-proof security.
The security of QKD comes from the laws of physics. Our solutions turn Heisenberg’s uncertainty principle – a consequence of which is the well-known “if-you-measure-an-unknown-quantum-system-you-disturb-it” result – into the world’s most secure eavesdropping detection mechanism. By encoding digital keys bit by bit into photons (single particles of light) we can ensure that when one user sends a key to another, no one else can read or copy it without the two legitimate users knowing. Thus, the two users can always make sure they have securely distributed a key before they use it to encrypt data sent back and forth between them. Of course, you still must build your systems well so that there are no other loopholes, but that’s something we pride ourselves on at KETS – applying a Security by Design philosophy.
For applications that require the highest levels of security, if you use one bit of ultra-secure QKD key to encrypt one bit of data – you can achieve future-proof security. Because of the keys’ random nature, and the fact that you can verify no one listened in, there is no technology, classical or quantum, that can break your encryption and reveal the data.
There is a huge number of high-value data customers that want to encrypt like this (think governments and banks). For everyone else, you can instead use our QKD devices to rekey an encryption algorithm like AES (which is believed to be quantum-safe and can handle higher data rates) much, much faster – making it more secure.
What threats surrounding quantum technology do you find the most concerning?
Nationalism. At the moment, each country is closing its borders to academics and companies alike. They all want to produce all of the world’s quantum technology and sell it to everyone else while buying none. This won’t work. Each country has various specialties, we should leverage this. If history has shown us anything, we need to work together.
In fact, the beauty of quantum security technologies like QKD is that, as the technology continues to evolve, we decrease to fewer and fewer assumptions and eventually end up with something called Device-Independent QKD. That’s where you don’t even have to trust your device, you can verify from the data it produces that your keys were sent securely. This is something just not possible classically.
How did the recent global events affect your field of work? Were there any new challenges you had to adapt to?
See above. Nationalism sucks.
Close on the heels of nationalism is a disrupted supply chain caused by the pandemic. We, and everyone else at the moment, can’t source simple components, like FPGA chips, that used to cost next to nothing and arrive within 24 hours. Now their prices have shot up and lead times are commonly 52 weeks or longer.
We’ve stopped counting the number of times our engineers have sent off a design, only to have to redo them a few weeks later because a few components are no longer available. But everyone is in this boat and sometimes from within adversity and not being able to do things the usual way, the best ideas come out.
What are the most serious issues that can arise if a company doesn't have secure communication systems in place?
Your company’s information becomes an open book the minute a quantum computer comes online. Many people ask when do I need to worry? Well, the truth is, it is likely already too late for your current data. The Mosca equation summarises when we need to worry about upgrading our cyber security. It is given by x+y> z, where:
- x = the security lifetime of our data,
- y = the time required to upgrade to quantum-safe systems,
- and z = the time to build a quantum computer.
If it is going to take 10 years to upgrade and you want, for example, your online medical records to be secure minimally for 15 years – meanwhile a quantum computer is built in the next 5-10 years – then it is already too late! And this ‘store now, crack later’ attack has been going on for years.
Everything you send before switching to quantum-safe communications can and is being saved in vast quantities by nation-states. Alright, maybe they don’t care about my email and bank details, but there’s plenty of other information flowing through our networks that will bevaluable for 10, 25, or even 50+ years. Think jet engine designs, high-value banking data, and government secrets. Really anything an enterprise or government does is now in the cloud, and it’s at risk.
Worse, because a quantum computer represents such a huge advantage, we likely won’t even know when the first nation-state turns one on (Q-Day as we refer to it). They’ll keep it a secret and use that advantage. It’ll be 50 years in the future when we are taking tours of the quantum equivalent of Bletchley Park (where they cracked the Enigma machine) when we find out when the first large-scale one was switched on.
Which industries do you think should be especially concerned about making their systems quantum-safe?
Critical infrastructure – CISA in the US defines 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.
As you might imagine we’re focused on many of these, starting with telecommunications. We’ve come to rely on the internet and being able to securely connect all over the globe. All of these systems need to be brought into the 21st century and made quantum-safe. No easy task when you realize you’re talking about replacing large parts of the internet.
Next is an enterprise that works in the cloud – which in today’s world is pretty much everyone. That’s what we’re focusing on in our Quantum Data Centre of the Future project, securing data centers with quantum security technologies. This is where all of the world’s high-value data has migrated to and it’s key that we start making it quantum-safe.
What security tools and solutions do you think are essential for every organization and individual to keep up in this age of ever-evolving technology?
Start with some very, very simple ones. A team with logistics and operations expertise and a plan. We need good leaders, that can make informed decisions, and that have the skills to form and execute intricate plans at speed.
So, the very first thing you should do is put a team together to start grappling with the problem for your organization. Of course, we’d be happy to help you at KETS. Indeed, we have our own project within KETS to put our money where our mouth is and devise our own roadmap to making KETS quantum-safe. It’s a complex problem. I mean, just think for a second about all the ways people in your organization share data – email, Slack, GDrive, OneDrive, WhatsApp, pictures of whiteboards, videos, websites, USB sticks, … And where is it all stored? But it’s a problem we need to tackle.
Next, start valuing your data. Do all the simple fixes you can – password managers, secure VPNs, and 2-factor authentication. Get educated on the not-so-simple fixes and then get back to that plan.
Finally, invest in testing out these new quantum-safe technologies now not later because as we have seen it might already be too late for your current data. I guarantee you it is a perfect time and won’t cost as much as you think because a number of testbeds are currently being built in the UK, Europe, South Korea, Japan, China, the US, and Canada, to name just a few. And each of these testbeds wants to attract as many end-users as possible to help shape our future mission-critical quantum-safe services. Similarly, start-ups like us are keen to work with companies, like yourselves, to evolve our systems into exactly what you need to keep your data quantum-safe.
What other new technologies do you hope to see arise in the near future?
Quantum memories and repeaters leading to the quantum Internet. The naysayers of QKD say it is too costly and will never work. They forget that quantum computing is coming because it has such huge applications. And as soon as we have 2 quantum computers in the world, the next thing we will try and do is connect them together since we have seen the power of the internet.
Before we know it, we will have the quantum internet – capable of distributing entanglement to any 2 points on the globe. And once we have that, you get QKD for free. So, it’s coming, whether the naysayers like it or not. And the world with a quantum internet is going to be very, very cool.
Would you like to share what’s next for KETS?
We are focused on getting our first early products out and doing a lot of work with customers to figure out exactly what they need. We’re still in a bit of Henry Ford land “if I asked my customer what they wanted they would have said a faster horse”. Customers have a general idea of what they want, but most are not quantum experts so do not necessarily know all it can do. While start-ups like us want to push the limits and have all sorts of ideas of how to make the world quantum-safe we need to start mixing with the real world.
It is this interplay where we try something, test it with real customers, learn a bunch of things, augment and evolve it, and go around that loop a few times, fast, that is going to be key for us. It will also be key for customers to ensure people are building the solutions they need. And not just ones that protect their data in today’s applications, though that is a key first step. We are keen on building solutions that enable customers to do some of the new things they always wanted to but were not possible until now because of data security concerns.
To do all that, we are still adding to our team (get in touch if you’re interested), adding to our technology, adding to our locations, and adding to our ambition. Our goal is to build a world in which we trust our digital connections just as much as our personal ones.