Zffoto - stock.adobe.com
On the heels of its merger with Honeywell's Quantum Solutions division, Cambridge Quantum has unveiled a cryptographic key generation platform powered solely by a quantum computer that can be deployed immediately to work with classical systems.
The new platform, called Quantum Origin, is the first commercially available product based on verifiable quantum randomness, a capability essential to securing existing security software. It could also protect enterprise systems from threats posed by quantum computing-based attacks.
Such attacks can weaken a variety of random number generation methods along with methods that aren't verifiably random and originating from a quantum source, the company said.
Quantum Origin is a cloud-based service using quantum computers to generate cryptographic keys that taps into features such as entanglement to generate randomness that classical systems can't provide, said Duncan Jones, head of quantum cybersecurity at Cambridge Quantum.
"This is an offering we think brings quantum computing to the masses," he said.
While many cybersecurity professionals have expressed an appreciation of the growing threat to existing encryption standards from individual hackers and rogue nation-states, few have taken meaningful preventive actions, Jones said.
"There appears to be little real movement within organizations toward preventing what potentially could be catastrophic losses of critical data," Jones said.
Existing systems using encryption standards such as RSA, Jones noted, has resilience based on the ability to break a long string from a random number generators (RNGs). But the numbers produced by these generators lack verifiable randomness and aren't as unpredictable. As proof, Jones said, these RNGs have been the point of failure in many recent cyber attacks.
Cambridge Quantum officials said they will offer Origin to financial services companies, as well as cybersecurity vendors before they broaden distribution to organizations in other targeted markets, including telecommunications, energy and government.
"The technology itself is interesting," said Daniel Newman, principal analyst and founding partner at Futurum Research. "But the broader implications of an as-a-service quantum software is the most noteworthy item. It's still early days but an offering that can be run entirely on Quantum is more than notable, it's a breakthrough."
The new Quantum service works with multiple existing algorithms, including RSA and AES, along with cryptography algorithms now being standardized by the National Institute of Standards and Technology (NIST).
How Quantum Origin security works
When a company needs to generate quantum-enhanced keys, it makes a call through a designated API. Quantum Origin then generates the keys before encrypting them using a transport key that securely relays them back to users, according to the company.
To ensure keys are as unpredictable as possible, Origin runs tests on the entire output from a quantum computer to confirm that each key is seeded from verifiable quantum randomness.
Bob SorensenSenior vice president of research, Hyperion Research
Generating cryptographic keys using random numbers schemes, particularly for cybersecurity, could be valuable to IT shops fearful of criminal attacks, according to one analyst. But the offering has to prove itself through use cases before it qualifies as a broad-based success.
"It's pretty cool to come up with a certifiable random number generator for encryption," said Bob Sorensen, senior vice president of research at Hyperion Research. "But more interesting will be what other applications can benefit from access to such a product. There's a lot of interest out there for things like modeling and simulation where you are statistically dealing with very large numbers."
Cambridge Quantum must also provide skeptical users with a way to statistically measure the impact of the offering on a cybersecurity infrastructure via performance metrics.
"Today, how do you quantify the benefits of a random number generator?" Sorensen said. "The jury is still out on what impact this will have on strengthening a cybersecurity system.
"A random generator is only one part of an encryption ecosystem. You can have the most secure system in the world, but if a user writes down his password, you could be dead," he said.
Cambridge Quantum said Origin has been used in a number of projects by two partner companies. Axiom used the offering to conduct a test of post-quantum encrypted communications between ISS and earth. Fujitsu integrated it into its software-defined wide area network using quantum-enhanced keys in tandem with traditional algorithms used in classical systems.