Transcript | Post-Quantum Cryptography Today— with Skip Norton from Quintessence Labs

The path to crypto-agility and being ready for post-quantum cryptography will require some hardware and software upgrades. NIST’s finalist for PQC ciphers are expected in 2024, and time is running out to prepare for their implementation.

We take a look at some real products available today that will be post-quantum-ready in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead Quantum Computing Services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era. Our guest today is the VP of business development at QuintessenceLabs, Skip Norton. Welcome to the show.

I appreciate being here. Thanks for the invitation, and I look forward to our conversation today.

I’ve been hearing a lot about QuintessenceLabs for quite a while. You’ve probably been there for as long as it’s been a company? 

Actually, the company was founded in 2008, and we’re based out of Canberra, Australia. Our CEO, Vikram Sharma, he had this very keen interest in quantum cybersecurity. He started working with the unis in Australia and then started QuintessenceLabs — started working with the Australian Defense Department around some quantum-based technologies, primarily quantum key distribution. That’s been going on for some time. I, this last January, celebrated my fifth year with QuintessenceLabs. That being said, I’ve got over 30 years in the cybersecurity industry, specifically in the areas of encryption and cryptography. That’s pretty much been my expertise.

Yes, and it’s obviously important for a company like QuintessenceLabs — that is an area of focus there. People do like to hear in general how we all end up in the industry. So for you, like you said, it was years of infosec, and then you migrated to the quantum bug. 

The answer is yes to that, but not so much by intent. You end up with a company because they reached out or you reached out, but we connected five-plus years ago. When I started, Quintessence had the quantum thing going, but our flagship product is called the Trusted Security Foundation. This is a key management platform — it’s an enterprise key manager. In the development of the key management platform, plus the stuff that Vikram was doing in the early days around QKD, we developed another product, called qSTREAM, which is a quantum random number generator.

When you have these key management platforms, you need to seed your encryption keys with random numbers. For the most part, that’s done with pseudo-random numbers, and they have some deterministic characteristics that make them vulnerable. Not totally vulnerable — they could be very strong. When we developed this product, what we actually provided is true random numbers.

Now, there are no deterministic algorithms or methodology there. It’s truly a random thing. What’s interesting about QuintessenceLabs and how I got there is, the start was around classical encryption or classical cybersecurity with the key management platform. That’s the solution that addresses things right here, right now — not necessarily quantum in nature. That would also be true for the qSTREAM, the quantum random number generator — it solves problems here that aren’t necessarily quantum safe–oriented.

The fact is, the stronger and the higher-quality your entropy for your encryption keys, the stronger your cryptographic system. When I started, it was primarily key management, but there has been this change in the last couple of years. Nobody was talking quantum entropy. Hardly anybody was talking QKD or even quantum-resistant algorithms, which are the heart of the quantum-safe crypto environment, or post-quantum crypto — it’s around the algorithm. It was even for the company, and for me, a transition from the classical encryption, which is right here, right now, to what we see happening — developing a quantum-safe cryptographic security posture. We’re in the midst of that — right smack dab in the middle.
 

What I tell customers now is, you can consider this stuff due diligence you have to do anyway. You can be in a company where no one even believes quantum computers will be powerful enough to crack encryption. Who cares? Because once these ciphers start being deprecated, you have to do something about it. You have to have stronger keys. You have to have different ciphers in place. You have to have different solutions. This is a security problem anyway. This is something that you want to have strengthened. We’ll dig into the different products. Let’s start with entropy. Can you give a little high-level of what that means in your solution?

Our product is called qSTREAM, and it’s a PCI adapter, and that’s a card that would go in a server. We provide the software-development kit that enables you to integrate this solution into your application. Primarily, these applications will be encryption applications, because when it comes to encryption keys, you need to seed those with random numbers. As I stated earlier, primarily that’s done with pseudo-random numbers.

But we’re providing what’s called true random numbers. That means there are no deterministic factors, and that makes it a higher-quality entropy. Therefore, your encryption keys are stronger, and that’s the gist there. You want strong encryption keys for encryption applications. You can take this qSTREAM card and integrate it into your cryptographic environment, and we also do that service for customers. We take that card and put it in our own appliance, a network-attached appliance, but the integration is done so it’s like quantum entropy out of the box, so you can suck your entropy right out of it and send it to your entropy pool, your target application.

The qSTREAM quantum number generator generates 1 gigabit per second, which is fastest in the industry — one gigabit per second of true random numbers providing 100% quantum entropy. Again, the two form factors are the PCI card for integration purposes and a network-attached appliance. The value in that is providing yourself, internally or even externally, entropy as a service. We have software as a service, management as a service, everything as a service. You can also have entropy as a service. We’ve stood up our own entropy-as-a-service capability, but that any customer could acquire technologies and do that for themselves. 
 

We try to push people to a modular approach to development, because when you have to replace ciphers or whatever in the future, you can now swap things in and out. In this case, you can have an application call out to this appliance and get the entropy it needs to do some seeding process with the STK.

Yes. If you go on to the crypto world, there are industry standards and APIs. In the key management world, there’s the KMIP interoperability standard, and then there is one that’s the heart of cryptographic integration, called PKCS11, but Java has an API, Microsoft has an API, that enables you to integrate into cryptographic systems. But for all these APIs, they’ll have a distinct call that says, “Grab random” or “Get random” before their cryptographic applications. When you do disintegration, that’s what you’re doing. You’re waiting for that call that says, “Give me some random numbers so I can put it in and see my keys.”

For listeners who don’t know, the pseudo-random problem is that a lot of random numbers are generated based on the clock that a classical CPU is running on, and over time, you can see that they’re not random. If you get billions and billions of numbers, you could see patterns. You could see you that you could start to predict things. It almost starts to feel like a side-channel attack if you have enough of these so-called random numbers.

What process does your device use that makes it quantum? I know Maxwell would be excited if he could live to hear a conversation about generating entropy without using a little mythical demon. What do you do with QuintessenceLabs’ demon to make this entropy here? 
 

On the qSTREAM, the QRNG card, it’s called quantum mechanics, or QRNG techniques. It may not be super technical, but at a high level, we use a tunneling diode. With that diode, fundamentally, it’s not on, but what’s interesting is, particles still get through it. As those particles get through the diode, it generates some noise. Then we digitise that noise for the random numbers. In other words, there’s nothing deterministic about it. It’s truly random as those particles end up making it through that tunneling diode. That’s technically called quantum mechanics. 

When we do this hard divide — classical computing, quantum computing — people don’t realise that most of the components that make classical computing possible are quantum. Semiconductors, they operate on quantum principles. That makes sense, using the diode to random particles that ignite and form a noise pattern that becomes a quantum number. Yes, it would be difficult to reverse. 

Spot on. You accurately described it. 

We have this ability to generate these, and like you said, it’s not even about quantum or not in terms of the thread. You’re just generating strong numbers. You’re increasing entropy. This is a good thing, and will continue to be a good thing in the future. Now, for other factors that will be involved in becoming post-quantum-ready, talk to me about your key management solution.

We call it the Trusted Security Foundation. It’s a key management application, and it’s software. The acronym you hear in the industry is KMS, or “key management system” or server. It’s a full enterprise key manager. It does everything you would anticipate or expect a key manager to do — full lifecycle key management of encryption keys, supporting all the classical encryption algorithms out there. Primarily, symmetrical algorithms would be your AES, and then, on the asymmetrical side, RSA, ECC.

We do everything you would expect, including scalability, replication, granular policy management, administration. There are a number of vendors that do exactly what we do. But what’s happening in the encryption world is — and this is where we’re sliding and moving over to the quantum-safe approach — NIST has come out with what we call a quantum-resistant algorithms. Four candidates, they finalised on these four just last year. But the industry is still waiting for NIST to make the standards with specifications so that they can be implemented into these cryptographic applications and systems. While we have something official, it’s still not official yet until NIST says it’s official.

That being said, for a vendor such as ourselves — and every key management vendor out there, every hardware security vendor out there, your certificate authorities, anybody doing anything on the asymmetrical side of encryption — this is where the greatest threat is when it comes to quantum computing. It’s not to the symmetrical stuff like AES. That is considered quantum-safe. The asymmetrical algorithms like RSA and ECC, that’s what’s being replaced with these QRA or post-quantum crypto algorithms. That’s what NIST is determined to decide if that’s what they’re going to do.

What the industry has to do is, over time, implement these algorithms. When you look at the asymmetrical, you can see it’s a very broad market that’s addressed by asymmetrical. All your digital identities, your digital credentials, machine identities, things of that nature are primarily done with PKI, the public key infrastructure. Public and private keys — RSA, ECC and such. Those are going to be replaced by vendors such as ourselves doing key manager.

If you have an algorithm, you need to manage that. With what? A key management application, and that’s what we do. We’re working with partners. We’re implementing the chosen QRA algorithms in our key management platforms so we can manage those too. It’s safe to say that pretty much every vendor doing key management, hardware security modules, asymmetrical encryption applications, they’re doing things likewise. We’re all preparing for this shift to these algorithms, yet to be official, but nonetheless, move toward that — which poses a question: What happens to the old algorithms, the RSAs and the ECCs?

But we talk about an area of key management and encryption in general called crypto-agility. You’re going to hear the industry, especially on the key management side, talk about being crypto-agile. That’s where we’re quantum-safe from a key management perspective. But what does that mean? Crypto-agility fundamentally means transitioning from one cryptographic platform or algorithm to another in as seamless and painless a way as possible with minimal impact to the users of these algorithms, whether it’s digital identities, protecting their information — whatever they might be doing.

The interesting thing about this is, we’ve done this before. This isn’t a new event, or even so much a recent event. We did this with symmetrical algorithms, because 20, 30 years ago, we were using DES, and then we moved to Triple DES, and then we moved to AES. This is, again, not a unique experience, but on this side, it’s on the asymmetrical side. We will be replacing RSA and ECC with these new post-quantum crypto algorithms.

How does that happen? Over time, eventually, you’ll move from RSA and ECC — what we call the classical algorithms — to these new QRA algorithms. This will take time. It doesn’t happen overnight — and nobody expects it to. You can see RSA and ECC having some shelf life of another five-plus years over time because ultimately, the concern is the quantum computing attack on these algorithms, and, again, that’s not here right now. That’s something that’s expected to happen in, depending on who you talk to, 10 years — something along that line. Maybe as soon as five, or probably more about 10 out.

There will be a life span for the classical asynchronous algorithms, but we’ll transition to the PQC algorithms. But somewhere in between, you’re going to have a bit of a hybrid too where you’ll be using some of the classical stuff, and you’re going to be using some of the PQC stuff, and some of them at the same time. Again, that’s where key management systems like ours have to make this type of transition. It’s fundamentally easy for the end users as they do their implementation.

That’s what crypto-agility is all about — moving from this classical stuff to the PQC algorithms in a smooth process, but also not all at once, over time, and even having this hybrid experience too. Our key manager will play in that space. Again, there are a number of notable vendors that do exactly what we’re doing and will do exactly what we’re doing. 

In some ways, this is a product that you can buy now, because it’s a key manager. If you buy it now, you’re future-proofing, because you will be having a path forward to post-quantum cryptography. What does that path look like, though? Do you already include, let’s say, CRYSTALS’ Kyber in there as something people can play around with, or are you just taking a wait-and-see approach for the actual final standards before you stick those in?

We’ve already done some integration and testing, a demonstration, and our industry is doing that. Anybody, if they have any forethought at all, they’re already doing the testing and implementation, knowing that they’ll have to do some tweaks down the road. But nonetheless, we’re already positioned where we can demonstrate our PQC capability with our key manager. But it’s demonstrative.

It should be production. 

That’s right. We’re in a position to demonstrate this capability.

Were there any thoughts to introducing a hybrid solution for people who do want to get started? For example, in AWS, you can today use one version of TLS that has a quantum-safe wrapper around standard ECDSA. Are you going to be implementing anything like that in the interim, or waiting for the standard? 

We’ll be in a position where number one, we will do that, are doing that and we’ll be in a position to do that, because you need to demonstrate that you are moving toward that direction. Again, all of the industry pretty much will be doing that. If you look at the major players, we’ll all be in a position where we can demonstrate this hybrid capability. 

This would be a good time to move into what you’re doing in the key distribution space.

When we look at key distribution from at least the quantum perspective  — and, again, quantum key distribution, QKD — we are developing a product that’s called qOptica. We’re in the POC mode. When you look at the market, there are two primary vendors in this space — Toshiba and ID Quantique. They have what’s called a discrete variable capability, which requires dedicated fiber for what they do. We’re taking a different approach. We’re utilising what’s called continuous variable QKD — CV-QKD. What that enables us to do is use COTS, or commercial off-the-shelf, product fiber, as opposed to having dedicated links. That’s probably the primary advantage of CV-QKD over DV-QKD.

Basically, what this QKD does, in its simplistic form, it is distributing key from point A to point B, the classical Alice to Bob. You have Alice — you have basically an appliance at one end — and an appliance at another end — that’s Bob — and you’re able to distribute keys from Alice to Bob. It’s a key distribution. It’s not a key manager, it’s not an encryption device, it’s not PQC encryption. It isn’t any of those things. It is the distribution of keys from A to B. And again, we use CV-QKD versus DV-QKD.

That being said, where you’re using quantum physics for the transport of these keys — and we’re looking to detect, as they are being transported, is any deviation in the communication link that’s primarily noise-based. You can sense that. Once you sense that, basically, you’ve disrupted the transmission and the key basically becomes vaporised. It doesn’t exist anymore.

That’s what we’re looking for — changes in the link itself. Anytime there is any type of change, whether it is true or not, it’s immediately assumed that it’s a compromise, so you immediately go into this destruction of the key and termination of the communication. At a very high level, that’s how it works. Our product, qOptica, we are now delivering what we are calling POC units. We’re in the beta mode. Toshiba, ID Quantique, they have a commercialised product for a couple of years now, and we’re new to the market, although our experience around QKD is not new, because we’ve been doing projects for the last five, eight years in Australia with the government there. Now we’re commercialising it, and qOptica will be that solution.

Do you have any idea on the bit rate of what you can get as pure key data? 

I don’t have that information in front of me, but from a distance perspective, we’re in the 30- to 50-kilometer range, knowing that once you go further out, your performance degrades. That’s where we sit from a distance perspective. 

Yes. Back in the early days, we used to get something like 1.4 megabits per second of key data, which isn’t enough to use as a true onetime pad, because that’s pretty sad if you told someone your network will be 1.4 megabits per second. We used to use it in AS counter mode and send actual updated keys like that. It will be fascinating to see if one day we can get that speed output to be something like a true onetime pad, because talk about unbreakable — it’s completely random as far as the transmission is. How long before you think people will be playing with these on their company’s device?

Imminent.  We expect deliveries this quarter. We have candidates already in place, and what’s interesting is, when I talked about joining the company five years ago, nobody was having these discussions. Now, there is a demand — and demand for our product in particular — because of the CV approach versus the DV approach. We’re unique in that way, so people are wanting to get their hands on it. When you look at the market, the usual suspects, it’s always government, financial institutions. Now, service providers, large enterprises are looking to test these things and see where they fit in their cryptographic ecosystem, because in regard to QKD, it is a high-ticket item, and its use case is very unique in a point-to-point nature for limited distances.

One building to another. 

That’s right. The use cases are relatively limited, but that’s for now. Ten years from now, we’re going to be having a completely different conversation around QKD. 

With quantum networking and things like that, we might be relying on QKD to be the thing that keeps that required network safe. 

That’s right. Right now, we’re talking just encryption keys. At some point, that will be data, not just keys. 

Exactly. Back to that whole onetime-pad idea — what will that look like in the future? It will be fascinating to see.

QuintessenceLabs is in Australia. We all know that the White House in the U.S. put out the big NSM-10 memo, and it set a timeline for what they want to start doing in federal agencies, and we expect private industry to follow. Eventually, they’re going to start with their timeline of deprecation. How do things like that impact your company? You’re in Australia, but obviously, you want to be selling to the U.S. and the world. Will you be taking that path to cipher deprecation as your roadmap for what customers will be expecting around the world? Is there a global anticipation for what is said by the NSA and NIST when they agree on this?

Looking at what our government is doing, the heart of this is around the algorithms themselves — not so much around the other technologies. QKD, QRNG — they’re a small portion of this what would you call quantum-safe ecosystem. It’s primarily around the algorithms and the implementation of that. Our strength in doing that is around our key management platform, and then the bottom entropy for the seeding of these keys.

We’re along for the ride. Where the industry goes, that’s where we go, because that’s more of, they’re providing the direction, the standard, the time frames, the timing and all of those things. What’s incumbent on us is to maintain our connection to that and make sure our products meet those requirements. Yes, we’re going to be along for the ride. But again, the emphasis is primarily around the algorithm. When you look at what the U.S. government has done with these initiatives, it’s around the QRA algorithms, primarily. At least up to this point, NSA has not put any affirmative energy behind QKD — in fact, probably the opposite of that. They’re not opposed to it. They just haven’t made it part of their ecosystem, per se, and then they put all their weight behind the algorithms to date. 

That makes sense, because we need to fix the problem. We need to replace everywhere that math-based solutions exist with something math-based.

This was helpful. I appreciate you coming on. We just did an episode about that White House document and what it means for the future, so I thought it was important for our listeners to hear what a boots-on-the-ground approach already looks like, what’s happening in the space of hardware and getting companies ready. Did you have anything else you want to plug? Anything else coming out? 

This is an industry movement, not a singular vendor movement. Everything that we’re doing, we can expect the industry to do. This isn’t the first time the industry has done this. This just happens to be asymmetrical versus symmetrical this time. In regards to what we do at QuintessenceLabs, number one, we’re still addressing classical cybersecurity encryption problems and issues in the use cases. We do that right here, right now. But we are positioning ourselves through QRNG, QKD and crypto-agility to meet this quantum-safe issue that we know that’s at the forefront. We think we’re in a unique position in that way and that we have classical solutions, but we also have quantum-safe solutions. In that regard, we’re very well-positioned in the marketplace.

Sounds good. Thanks for sharing all that information. I appreciate it. 

Thanks for your time, Konstantinos.

Now, it’s time for Coherence, the quantum executive summary, where I take a moment to highlight some of the business impacts we discussed today in case things got too nerdy at times. Let’s recap.

QuintessenceLabs has been working on post-quantum cryptography since 2008. It has encryption products that both help customers stay secure today and will enable the migration to PQC in the near future. qSTREAM is a quantum-random number generator that creates 1 gigabit per second of true random numbers from a quantum source. It’s quantum entropy out of the box that can strengthen keys compared to systems using pseudo-random numbers. The Trusted Secure Foundation is software that manages enterprise keys and policies. This QMS promises crypto agility for easily integrating NIST’s finalists starting next year, when standards publish.

QuintessenceLabs is already testing the expected finalists in the lab. In the quantum key distribution space, QuintessenceLabs is working on a device called qOptica that uses continuous variable QKD, or CV-QKD, to send keys over existing fiber and free open-air. Unlike DV-QKD, which uses single-photon, CV-QKD uses a modulated laser, which should be more cost-effective and provide better performance. It’s still point-to-point, of course.

That does it for this episode. Thanks to Skip Norton for joining to discuss QuintessenceLabs and the practical path to PQC. Thank you for listening. If you enjoyed the show, please subscribe to Protiviti’s The Post-Quantum World, and leave a review to help others find us. Be sure to follow me on all socials at @KonstantHacker. You’ll find links there to what we’re doing in Quantum Computing Services at Protiviti. You can also DM me questions or suggestions for what you’d like to hear on the show. For more information on our quantum services, check out Protiviti.com, or follow ProtivitiTech on Twitter and LinkedIn. Until next time, be kind, and stay quantum-curious.