In an era marked by rapid technological advancements, the need for robust data privacy and security solutions has never been more critical. Qrypt, a trailblazing company in the realm of quantum-secure encryption, has been at the forefront of addressing these challenges. The company was recently recognized as a 2023 Enterprise Security Tech Top 20 award winner.
We sat down with Denis Mandich, CTO and Co-Founder, Qrypt, to discuss how the company is innovating in quantum security and why industries and governments should pay attention to quantum risk. Can you tell us how Qrypt was founded and how Qrypt’s security solution differs from others in the market?
Qrypt was founded on the united belief in our collective right to data privacy and digital autonomy. Kevin Chalker (current CEO) and I worked in the intelligence community on high-security government programs that required us to use the most secure communications protected by military-grade encryption. However, this encryption was not available to the masses. With the looming threat of quantum computers rendering today’s encryption methods obsolete, exposing all our data, we knew we had to act to make true quantum-secure encryption available to enterprises and the public.
We spent six years developing, refining and thoroughly testing a security suite featuring one-of-its-kind technology. By bringing together the best minds, including highly-regarded cryptographer, Yevgeniy Dodis, and research labs like Los Alamos National Labs (LANL) and Oak Ridge National Laboratory (ORNL), our team at Qrypt pioneered everlasting encryption.
Qrypt’s solution is a revolutionary method in the market that eliminates current risks associated with traditional encryption key transmission techniques by independently generating one-time pads and symmetric keys at multiple endpoints. The transmission of encryption keys makes valuable information vulnerable to "harvest now, decrypt later" (HNDL) attacks. Essentially, Qrypt’s quantum-secure encryption method can secure an enterprise today and eliminate future risk – and offers one-time pads too, an algorithm mathematically proven to be unbreakable.
How does Qrypt partner with national labs to advance research and quantum-secure encryption technology development?
Qrypt also completed a successful Cooperative Research and Development Agreement (CRADA) with Los Alamos National Labs (LANL) and co-development with Oak Ridge National Laboratory (ORNL). Our collaborative public-private innovations resulted in the commercialization of Quantum Random Number Generation (QRNG) technology, a significant achievement in cybersecurity that we leverage in our solutions. Using inherent quantum randomness is paramount to creating unique and unpredictable encryption keys to enable virtually impenetrable communications. It also aligns with the National Cybersecurity Strategy Implementation Plan’s emphasis on fostering public-private partnerships to enhance national cybersecurity.
New technologies continue to emerge, like quantum computers. Overall, should we be concerned about our data privacy right now?
The greatest risk lies within our expanding digital footprints. While our personal data becomes more widely available and companies store higher volumes of sensitive information, emerging technologies like 5G and quantum computers are simultaneously becoming more sophisticated. As a result, we have little control over when and how our data is used, and who might steal it or use without permission.
Further, data storage has become extraordinarily cheap. High-volume storage for rarely accessed data costs as little as $0.004 per gigabyte. It is easy for governments and criminals to capture large volumes of encrypted data and store it until they have access to quantum computers that can decrypt it.
What is quantum risk, and why should the industry and governments pay attention now?
Quantum risk refers to the vulnerabilities and threats posed by the arrival of a quantum computer of reasonable power. For example, when data is transmitted with traditional encryption methods used by most enterprises, there is always a risk that it could be intercepted and harvested, known as the "harvest now, decrypt later" (HNDL) strategy. In HNDL attacks, malicious actors collect and store encrypted data today, with the intention of decrypting it in the future using advanced computational methods or quantum computers that can break our current encryption standards. This means that while the actual decryption might be a future event, data harvesting is an immediate and ongoing threat.
Every piece of data, from personal information to state secrets, is at risk. There are datasets with obvious long-term value, such as DNA, weapons data, and intellectual property. The entity that first harnesses quantum computers to break traditional cryptography will gain access to a massive transfer of intellectual capital and the associated wealth. Furthermore, with the rise of AI and machine learning, even seemingly insignificant data can be combined to provide deep insights, potentially revealing intimate details about individuals, businesses, and governments.
Cybercriminals and nation-states like China are quickly advancing technology like AI and quantum computers to bolster their techniques to steal sensitive government and corporate data to decrypt it in the near future. Names, social security numbers, bank account numbers and birthdates will be just as useful to a criminal five years from now as they are today. Trade secrets, defense systems manufacturing components and confidential communications will also be exposed.
The urgency of addressing quantum risk is also reflected in the actions of the U.S. government. Their increasing concern about quantum threats to national security is evident in the rising number of publications and directives addressing quantum risks. The National Institute of Standards and Technology (NIST) is at the forefront, leading efforts to establish PQC standards, but there are those in government, healthcare and financial services that are taking actions to mitigate risk today because data harvesting is a present and current threat.
How can organizations protect against “harvest now, decrypt later” attacks and get ahead of the quantum risk?
As quantum computing technology advances, we need to consider the risks to our collective privacy and data security and rethink the encryption key transmission process. Transmitting encryption keys is the quantum security risk. Instead, at Qrypt, we enable secure data transfer by generating identical keys at multiple endpoints with no key transmission, and therefore no risk of interception, to prevent bad actors from harvesting encrypted data.
Organizations need to prioritize implementing PQC standards developed by NIST to ensure robust quantum-resistant security. At an absolute minimum, the key that currently encrypts data must be secured by a quantum-safe NIST algorithm. Any data secured by an encryption key that is transmitted in a quantum risky algorithm today is at risk and could be decrypted once quantum computers are accessible.
Qrypt addresses the immediate threat posed by HNDL attacks. While the NIST PQC standards offer a robust framework, Qrypt provides immediate solutions to counteract the HNDL risk. Our Quantum Key Generation (QKG) is a formidable solution, especially for industries where data protection is paramount. This approach enables the independent generation of encryption keys at various endpoints without transmission, mitigating the HNDL threat. Moreover, it integrates seamlessly with minimal changes to existing infrastructure.
To effectively mitigate quantum risk, organizations can take the following steps with Qrypt's guidance:
Conduct a Comprehensive Cryptographic Inventory: Understand the current state of encryption methods in use within their organization, pinpointing key repositories, key management servers (KMS), and hardware security modules (HSMs).
Eliminate Key Transmission: Implement Qrypt's Quantum Key Generation to end the transmission of encryption keys, thereby reducing the risk of interception and potential HNDL attacks.
Adhere to NIST PQC Standards: Transition to post-quantum cryptographic standards developed by NIST to ensure robust quantum-resistant security.
By integrating these steps, organizations can bolster their defenses against the imminent threats posed by quantum computing, ensuring that their data remains secure both now and in the future. ###