Quantum Technology and Key Generation

- Solutions
  - Strong Identities
    1. Identity Verification
      Enable high assurance identities that empower citizens.
    2. ID Issuance
      Issue safe, secure digital and physical IDs in high volumes or instantly.
    3. User Identity
      Elevate trust by protecting identities with a broad range of authenticators.
    4. Machine Identity
      Issue and manage strong machine identities to enable secure IoT and digital transformation.
    5. Digital Signature
      Use secure, verifiable signatures and seals for digital documents.
  - Secure Payments
    1. Financial Issuance
      Issue digital and physical financial identities and credentials instantly or at scale.
    2. Digital Card Solution
      Issue digital payment credentials directly to cardholders from your bank's mobile app.
  - Trusted Infrastructure
    1. Post-Quantum Cryptography
      Find, assess, and prepare your cryptographic assets for a post-quantum world.
    2. Database Security
      Secure databases with encryption, key management, and strong policy and access control.
    3. Multi-cloud Security
      Keys, data, and workload protection and compliance across hybrid and multi-cloud environments.
- Industry
- Compliance
  - 1. PSD2
    2. HIPAA
    3. GDPR
    4. Swift
  - 1. CMMC
    2. eIDAS
    3. NITES
- Featured Products
  - As a Service Products
    1. Identity Verification as a Service
      Citizen verification for immigration, border management, or eGov service delivery.
    2. Identity as a Service (IDaaS)
      Cloud-based Identity and Access Management solution.
    3. Digital Signing as a Service
      Cloud-based digital signing solutions.
    4. Instant ID as a Service
      Issue physical and mobile IDs with one secure platform.
  - 1. Digital Card Solution
      Instantly provision digital payment credentials directly to cardholder’s mobile wallet.
    2. PKI as a Service
      A highly secure PKI that’s quick to deploy, scales on-demand, and runs where you do business.
    3. nShield as a Service
      Subscription-based access to dedicated nShield HSMs for cloud-based cryptographic services.
    4. Seamless Travel as a Service
      Remote identity verification, digital travel credentials, and touchless border processes.
  - 1. Instant Financial Issuance
      In-branch and self-service kiosk issuance of debit and credit cards.
    2. Central Financial Issuance
      High volume financial card issuance with delivery and insertion options.
    3. Instant ID Issuance
      Secure issuance of employee badges, student IDs, membership cards and more.
    4. Central ID Issuance
      Passports, national IDs and driver licenses.
    5. nShield HSMs
      Securely generate encryption and signing keys, create digital signatures, encrypting data and more.
  - 1. Cloud Security, Encryption and Key Management
      Powerful encryption, policy, and access control for virtual and public, private, and hybrid cloud environments.
    2. Digital Certificates
      TLS/SSL, digital signing, and qualified certificates plus services and tools for certificate lifecycle management.
    3. Identity and Access Management (IAM)
      One Identity portfolio for all your users — workforce, consumers, and citizens.
    4. Machine Identity Management
      Centralized visibility, control, and management of machine identities.
    5. Post-Quantum
      Learn what steps to take to migrate to quantum-resistant cryptography.
- Enterprise ID & Issuance
  - Instant ID as a Service
    Issue physical and mobile IDs with one secure platform.
    Learn More
  - Instant Issuance
    1. Sigma Direct-to-Card System
    2. Artista Retransfer System
    3. System Software
      Personalization, encoding and activation.
    4. Supplies
    5. Services
- Financial ID & Issuance
  - Digital Card Solution
    Instantly provision digital payment credentials directly to cardholder’s mobile wallet.
    Learn More
  - Digital Banking
    1. Digital Account Opening
    2. Digital Card Solution
  - Instant Issuance
    1. Sigma Direct-to-Card System
    2. Artista Retransfer System
    3. System Software
      Personalization, encoding and activation.
    4. Supplies
    5. Services
  - Central Issuance
    1. Card Issuance Systems
    2. Inline Card Delivery Systems
    3. Inline Envelope Insertion Systems
    4. Standalone Card Affixing/Envelope Insertion Systems
    5. Standalone Envelope Insertion Systems
    6. System Software
      Personalization, encoding, delivery and analytics.
    7. Supplies
    8. Services
- Government ID & Issuance
  - Digital Citizen
    1. eGovernment service delivery
    2. Identity Verification as a Service
    3. Seamless Travel as a Service
    4. ePassport as a Service
  - Central Issuance
    1. Passports, national IDs and driver licenses.
    2. Passport Issuance Systems
    3. National ID and Driver License Systems
    4. Inline Delivery & Insertion
    5. Standalone Delivery & Insertion
    6. System Software
      ID Personalization, encoding and delivery.
    7. Supplies
    8. Services
  - Instant Issuance
    1. Other citizen IDs and licenses.
    2. Sigma Direct-to-Card System
    3. Artista Retransfer System
    4. System Software
      Personalization, encoding, delivery and analytics.
    5. Supplies
    6. Services
  - Identity Verification as a Service
    Our IDVaaS solution allows remote verification of an individual’s claimed identity for immigration, border management, or digital services delivery.
    Learn More
- Cloud Security Posture Management
  - 1. CloudControl Enterprise for AWS
      Secure and ensure compliance for AWS configurations across multiple accounts, regions and availability zones.
    2. CloudControl Enterprise for Containers
      Security compliance and environmental hardening solution for contains and Kubernetes using VMware Tanzu and RedHat OpenShift platforms.
    3. CloudControl Enterprise for Swift
      Meet the compliance requirements for Swift’s Customer Security Program while protecting virtual infrastructure and data.
    4. CloudControl Enterprise for vSphere and NSX
      Comprehensive compliance, multi-factor authentication, secondary approval, RBAC for VMware vSphere NSX-T and VCF.
    5. CloudControl Foundation for vSphere
      Comprehensive compliance for VMware vSphere, NSX-T and SDDC and associated workload and management domains
  - CloudControl 30-Day Free Trial
    Entrust CloudControl offers comprehensive security and automated compliance across virtualization, public cloud, and container platforms while increasing visibility and decreasing risks that can lead to unintended downtime or security exposure.
    Start Free Trial
- Key Management and Encryption
  - 1. KeyControl for KMIP and Secrets
      Manage all your secrets and encryption keys, including how often you rotate and share them, securely at scale.
    2. KeyControl BYOK
      Create and manage encryption keys on premises and in the cloud. Manage your key lifecycle while keeping control of your cryptographic keys.
    3. KeyControl for Database Encryption
      Integrates with your database for secure lifecycle management of your TDE encryption keys.
    4. KeyControl for Backup and Recovery
      Integrates with your backup and recovery solution for secure lifecycle management of your encryption keys.
  - 1. DataControl for Azure
      Data encryption, multi-cloud key management, and workload security for Azure.
    2. DataControl for AWS
      Data encryption, multi-cloud key management, and workload security for AWS.
    3. DataControl for IBM Cloud
      Data encryption, multi-cloud key management, and workload security for IBM Cloud.
  - KeyControl 30-Day Free Trial
    VMware vSphere and vSAN encryption require an external key manager, and KeyControl is VMware Ready certified and recommended. KeyControl enables enterprises to easily manage all their encryption keys at scale, including how often keys are rotated, and how they are shared securely.
    Start Free Trial
- Hardware Security Modules (HSM)
  - nShield as a Service
    1. Subscription-based access to dedicated nShield Cloud HSMs.
  - nShield HSMs
    1. nShield Connect
      Networked appliances that deliver cryptographic key services to distributed applications.
    2. nShield Solo
      PCI-Express card-based HSMs.
    3. nShield Edge
      Personal, USB-connected desktop HSMs.
  - Management and Monitoring
    1. nShield Monitor
    2. nShield Remote Administration
  - CodeSafe
    1. SDK for securing sensitive code within a FIPS 140-2 Level 3 certified nShield HSM.
    2. Post-Quantum SDK
  - Software Option Packs
  - Compliance and Certification
    1. FIPS 140-2/140-3
    2. Common Criteria
    3. eIDAS
    4. NIST 800-53
    5. GDPR
    6. PSD2
    7. HIPAA
    8. PCI-DSS
    9. NITES
  - Why you need an HSM
    1. Learn about all the details related to what hardware security modules offer you in security and cost savings...
    2. Learn More
  - Use Cases
- TLS/SSL Certificates
  - BUY NOW
    1. Buy Certificates
    2. Renew Certificates
  - TLS/SSL Certificates
  - Qualified Certificates
  - Sales and Services
- Identity and Access Management (IAM)
  - Products
    1. Identity as a Service
      Cloud-Based IAM
    2. Identity Enterprise
      On-prem IAM
    3. Identity Essentials
      On-prem MFA solution for Windows users
    4. APIs and SDKs
  - Integrations
  - Testimonials
  - Workforce
  - Consumer and Citizen
  - Get Entrust Identity as a Service Free for 60 Days
    Explore the Identity as a Service platform that gives you access to best-in-class MFA, SSO, adaptive risk-based authentication, and a multitude of advanced features that not only keep users secure, but also contribute to an optimal experience.
    Start Free Trial
- Electronic and Digital Signing
  - EU Qualified Trust Services
    In addition to our long-standing Adobe Approved Trust List (AATL) membership, we are a European Qualified Trust Service Provider for the issuance of eIDAS qualified certificates for qualified signatures and advanced seals, for PSD2 certificates and for QWACs
    Learn More
  - Digital Signing as a Service
  - Digital Signing Certificates
  - Digital Signing Infrastructure
- Public Trust Certificates
  - Verified Mark Certificates (VMCs) for BIMI
    Show your official logo on email communications. Download our white paper to learn all you need to know about VMCs and the BIMI standard.
    Learn More
  - Buy and Renew TLS/SSL Certificates
    1. Buy Certificates
    2. Renew Certificates
  - Signing Certificates
  - Qualified Certificates
    1. PSD2 Qualified Electronic Seal Certificates
  - Sales and Services
- Public Key Infrastructure (PKI)
  - PKI as a Service
    1. Use Cases
    2. Post-Quantum PKIaaS
  - PKI Products
  - Managed Services
  - Certificate Lifecycle Management
  - Cryptographic Center of Excellence
    1. PKI Health Check
    2. Cryptographic Health Check
  - Try Post-Quantum PKI as a Service Now
    Get PQ Ready. PKIaaS PQ provides customers with composite and pure quantum Certificate Authority hierarchies.
    Try Now
- Internet of Things (IoT) Security
  - Credentialing and Provisioning
  - Machine Identity Management
  - Global PKI IoT Trends Study
    Find out how organizations are using PKI and if they’re prepared for the possibilities of a more secure, connected world.
    Learn More
- Machine Identity Management
  - Lifecycle Management
  - Credentialing and Provisioning
  - The State of Machine Identity Management
    A recent survey by IDG uncovered the complexities around machine identities and the capabilities that IT leaders are seeking from a management solution.
    Get the White Paper
- Post-Quantum
  - Issuance and Provisioning
    1. PKI as a Service PQ
    2. PQ Standards and Research
  - Cryptographic Center of Excellence
    1. Crypto Health Check
    2. PKI Health Check
  - Are you ready for the threat of post-quantum computing?
    Know where your path to post-quantum readiness begins by taking our assessment.
    Begin Assessment
- Partners
  - Become an Entrust Partner
    Our partner programs can help you differentiate your business from the competition, increase revenues, and drive customer loyalty. Consider joining one or more of our Entrust partner programs and strategically position your company and brand in front of as many potential customers as possible.
    Learn More
  - Partner Directory
    Search for partners based on location, offerings, channel or technology.
    Search for a Partner
  - Programs
  - Partner Logins
- Support & Services
  - Contact Support
  - TrustedCare
    Product downloads, technical support, marketing development funds.
    Learn More
  - Digital Security Knowledge Base
    Guides, white papers, installation help, FAQs and certificate services tools.
    Learn More
  - Issuance Systems Knowledge Base
    Technotes, product bulletins, user guides, product registration, error codes and more.
    Learn More
  - PKI Professional Services
  - Cryptographic Center of Excellence
    Construct best practices and define strategies that work across your unique IT environment.
    Learn More
  - Custom Cryptographic Solutions
    1. Code Signing
    2. HSM Application Integration
  - Product Deployment Services
  - Packaged Services
  - Training
- Resources
  - Issuance Systems Knowledge Base
    Technotes, product bulletins, user guides, product registration, error codes and more.
    Learn More
  - Digital Security Knowledge Base
    Guides, white papers, installation help, FAQs and certificate services tools.
    Learn More
  - Cybersecurity Institute
    Get critical insights and education on security concepts from our Trust Matters newsletter, explainer videos, and the Cybersecurity Institute Podcast.
    Learn More
- About Entrust
  - Securing a World in Motion Since 1969
    We’ve established secure connections across the planet and even into outer space. We’ve enabled reliable debit and credit card purchases with our card printing and issuance technologies. Protected international travel with our border control solutions. Created secure experiences on the internet with our SSL technologies. And safeguarded networks and devices with our suite of authentication products.
    Explore Our History
  - 1. Leadership
    2. Blog
    3. Careers
    4. Events
    5. Webinars
    6. Podcasts
    7. News Articles
    8. Press Releases
  - Cybersecurity Institute
    Get critical insights and education on security concepts from our Trust Matters newsletter, explainer videos, and the Cybersecurity Institute Podcast.
    Learn More
- Shop
  - Entrust Certificate Services Portal
    Existing Entrust Certificate Services customers can login to issue and manage certificates or buy additional services.
    Learn More
  - Entrust Certificate Services Retail
    Shop for new single certificate purchases.
    Learn More
  - Entrust Certificate Services Partner Portal
    Existing partners can provision new customers and manage inventory.
    Learn More
  - Instant Financial Card Issuance Supplies
    1. Registered Customer Login
    2. Request Access
- Search Entrust
  - Search:

In this episode, Duncan Jones, Head of Cybersecurity at Cambridge Quantum Computing part of Quantinum discusses the potential of quantum computers today, cryptographic keys, and how quantum randomness can be harnessed in the development of random number generators (RNGs).

Transcript

Samantha Mabey: Welcome to Entrust Engage, an open forum for the most innovative leaders in security technology. I'm Samantha Mabey and I'm your host. Today we're continuing our series discussing quantum computing in the post-quantum world. I'm joined by Duncan Jones, head of cybersecurity at Cambridge Quantum Computing. Welcome, and thank you for taking the time to join us today.

Duncan Jones: Thank you, Sam. It's very nice to be here.

Samantha Mabey: So a lot of what we've been talking about in this series so far has of course been quantum computing and as it relates to cybersecurity, which I know is right in your wheelhouse. So before we jump into things, I'd like to get a sense of where you feel like quantum computers are today. I know in 2019, Google AI Quantum, along with NASA, claimed they achieved quantum supremacy. A year later, in 2020, the CEO of Google said in about five to 10 year timeframe, quantum computing will break encryption as we know it today. So being familiar with the timeline being approximately 10 years away, that feels like things are starting to pick up. So I'd just love to get a feel for where you feel like we are today and progress we're making.

Duncan Jones: Sure. So I have a potentially different perspective here because as somebody who works in the quantum ecosystem as part of Continuum, and we are a quantum company that looks at pretty much every area where quantum could bring some advantage. I guess I have a perspective that's slightly outside of the crypto world. In the crypto world, we're extremely focused on when are we going to get to the moment where quantum computers can run shores algorithm and factor the keys that we all rely upon. And on that particular topic, I think certainly the consensus I have is that this is a moment that is not too far away. I think maybe five years is a bit aggressive, but I think it's starting to be something that is comfortably 10 years away, let's say not much further than that. And we can't be sure because there's two things I guess that are happening here.

There's the ability for us to have algorithms that can actually factor these large numbers and shore's algorithm is the best known example of that. But there's always possibilities that people can enhance that and also to generally reduce the necessary power we need from these quantum computers to actually run it, improvements all the time and efficiency and things like that. And then on the other side, there's, when are the quantum computers going to be powerful enough to run it? Which again is I think growing closer all the time because the progress being made by companies like Continuum, but all the others across the ecosystem is really positive. We're seeing aggressive roadmaps being comfortably adhered to. So I think that Q day moment or whatever is approaching first.

But just broadly across the whole quantum ecosystem, I think the wrong way to view that is that nothing much is going to happen until 10 or 15 years time when shores kicks in or when we can do something particularly exotic in the world of drug discovery. But actually, what we'll see I think is that quantum will deliver advantages regularly over the years ahead and we'll see this transition from, we do everything classically to, we do most things classically, but some critical parts in quantum computers. And then that will slowly take over and the quantum piece will really explode over time.

Samantha Mabey: That's an interesting way of looking at it. Yeah, I guess it's not like one day we're going to wake up in a flip the switch and be in a post-quantum world. Makes sense it would be a bit more gradual.

Duncan Jones: Exactly. Yeah. So we're going to see things. Late last year my group released a product which is the first commercial product that uses a content computer to do something a classical computer can't. To some extent, we're already there. Just so happens that our requirements for the quantum computer were modest. But we'll see in a year's time and two years time and three years time, different use cases coming on board in machine learning and in chemistry and all these other areas that quantum is expected to support.

Samantha Mabey: Very cool. So we've got a lot to look forward to on this timeline. I'd like to get into with you today is quantum technology and key generation, but perhaps we should lay the foundation and you can give a quick overview of what cryptographic keys are and the current or classical approaches to key generation.

Duncan Jones: Sure. So cryptographic keys are probably best thought of as random chunks of data. So you use the cryptographic key to encrypt some data that you're going to send to somebody or maybe to prove that you are who you say you are. And we use them all over the place in the internet in all sorts of security systems. But the question of whether or not you have a good cryptographic key boils down to whether somebody can predict what that key is and is that key private and safe and something that you are confident other people don't have access to. And the unpredictable piece is the area that my group thinks about the most. And what you want to do is be in a situation where the keys that you are using are so unpredictable that there is not a feasible way for anybody with any amount of computing power, classical or quantum to be able to guess even a small part of your key.

So if your key is several hundreds of bits, lots of zeros and ones, it shouldn't be possible for anybody to guess any of those. That's really critical for security. Now this is something that the cryptographic community has been trying to solve for some time with increasing levels of success. What we tend to do, or what we have done for quite a long time now is that we look to the world around us and we try to find something chaotic. Something that is to all intents and purposes difficult to predict. And we usually try and measure that and then try and turn that into cryptographic keys. So an example of this that I think is quite amusing and quite cool is CloudFlare has their wall of lava lamps and they have cameras pointed at these hundreds of lava lamps. And the idea is that the movement of these blobs is difficult to predict. And so that's the source of randomness.

Now the challenge that we have with these approaches to generating keys is that we can't prove how good they are and we rely a lot on complexity and ignorance of the situation, which is something that cryptographers, people who deal in encryption every day, really don't like. They like systems that are secure even if you know everything about them. Whereas these measuring complex systems in the real world and trying to turn that into randomness and keys is built on this idea that we don't know something about the environment in question. So an analogy that makes this maybe a bit simpler to understand is a coin toss. It's perfectly reasonable to start a football match by tossing a coin and seeing where it lands on the head or tails. And to everybody involved in that process, that is random. We don't know which side that's going to land on. But if you think about it, there's nothing random happening there at all.

Actually from the moment that coin leaves the thumbs of the referee, everything is predicated by the laws of classical physics. The coin is going to spin a certain way, it's going to fall a certain distance. If you know enough information about that system, the starting state, there's no question as to what's actually going to happen at the end. And this is called a deterministic system, a system where if you know one state, you know exactly how it's going to move to the next state and how it's going to move to the next state. And this isn't really an ideal way of generating cryptographic keys. We want something that is fundamentally unpredictable. No matter what you know about the system, no matter what you throw at it, you are able to generate something unpredictable. And finally, the other thing that the classical approach to key generation has not been able to give us is any proof or any guarantee on the quality of what has just been produced.

And the reason that's so difficult is because in the classical setting, there's no way to measure the process that you've used to generate this randomness. So the only option you have is to look at what you've produced. So to make a bunch of keys and then try to look at those and figure out are they any good or not? And you can do some statistical tests and try and figure out if it kind of looks random. But unfortunately that's not really how randomness works. And so we are missing that key ingredient of being able to verify that this output is in fact what you hope it is, which is something that is unpredictable.

Samantha Mabey: Okay. And what does quantum technology bring to that or how is it useful for key generation?

Duncan Jones: So quantum is interesting because it brings two things that we can't get classically. The first is that quantum behavior is genuinely unpredictable. And so if you're familiar with the Schrodinger's cat thought experiment where you open the box and you don't know whether the cat is alive or dead, and then you open the box and you find out. That concept describes something fundamental to quantum physics, which is the idea that you can create a quantum state. So you can take a qubit, a quantum bit, and unlike a classical bit, which must exist either as a zero or a one, it can be some combination of those two. And in fact you can create a 50/50 combination of zero and one. And when you measure that, it is impossible to know what answer you will get until you measure it. And that's the critical thing we are looking for, that genuine unpredictability.

You can have the biggest supercomputer in the world or the biggest quantum computer we may ever produce one day and you genuinely won't know what will happen when you measure that. And so that's like one of the problem solved. The second piece that's very interesting is that quantum processes are just very, very different. And we're able to use mathematical tools, things like we can take a qubits and we can entangle them in quantum computers and we can use things like a bell test, which is essentially a statistical test over lots and lots of interactions with a quantum computer. And the net result of that is we can actually measure how much unpredictable information we've just generated. So quantum effectively solves the two missing problems that we've had for some time in classical approaches and it means that it's the perfect foundation for generating cryptographic keys.

Samantha Mabey: Okay, excellent. So along the same lines, I'd love to know what is quantum key distribution and how does that also differ from the work that your team does?

Duncan Jones: Quantum key distribution solves a related but separate problem of if you have a key and you want to exchange it with somebody else. Because usually it's not very valuable to just have a key yourself, you want to two people to have the same key so that you can encrypt data to each other. Quantum key distribution is a method of exchanging that key, getting it securely from me to you in a way that you can have high confidence that nobody has been able to intercept that key. And in the simplest form, the way it works is you create a bunch of quantum states on one side and you fling them across a fiber optic cable to your recipient and they measure those quantum states. And we are relying again on that Schrodinger's cat concept, which is that once you've peaked inside the box and figured out if the cat's alive or dead, you can't do it again and get a different result.

And so if somebody has measured these things anywhere between here and there, eventually with the right protocol wrapped around it, you're able to prove that's happened. So QKD is interesting because it allows us to introduce a higher security potentially in the exchange of keys. What my group does is very much a step before that. So how do you have a good key in the first place? And we use quantum technology to make sure that the keys that you have in any of your systems are strong and the two technologies are quite compatible. So if you use our product for example, which is called quantum origin, this was the thing that we launched late last year. If you use that to generate a cryptographic key, then you could pass that then to a quantum key distribution system if you wanted to send that across the world potentially to a recipient.

One big difference between the two though I think is around the commercial readiness. So the technology to generate cryptographic keys exists today. So the requirements that we have for quantum computers to be able to do this are very low. Specifically we need three qubits in order to make this work. And pretty much all the major providers of quantum computers have far exceeded that already. Quantum key distributions very interesting. But it's a technology that I think is probably a good five or even maybe 10 years away from being in widespread use because there's quite a few technical hurdles still to be solved in that area.

Samantha Mabey: Okay, very interesting. There's another term that I wanted to run by you as well that I'm not super familiar with, and that is device independence. So I'd love to know what device independence is and how it relates to quantum based key generation.

Duncan Jones: Sure. And actually this also does apply to QKD as well. It's a general concept that has a lot of meaning in the quantum world. So this might be best described with an example. So if you imagine designing a very, very simple quantum randomness generator and you imagine, I'll give you a box, it's a very simple concept. You lift off the lid, you look inside and there's a laser and the lasers firing photons out and they hit a mirror. And this is a special mirror that you can build which sends half the photons off in one direction and half of them actually pass through. And if you measure which photons arrive at these two different end points, so either they bounced off the mirror and you measured them down here or they passed through the mirror and you measured them over there. You could imagine intuitively that might be random behavior. You don't quite know which path they're going to take.

So if you look at that on paper, you say, "Okay, yeah, that's something that I think could produce very unpredictable cryptographic keys." Now the problem you have there though is that you're looking at a simplistic design on paper that now has to be translated into a physical device that you're going to go build and start to use in practice. And the challenge comes then with all the differences between the simple model that you have of the world, your simplistic view of how this all should work and the reality of building physical devices, which is filled with imperfections and engineering tolerances. And there is nothing perfect in anything that you can ever build. So this nice idea of a laser firing it to mirror hits reality when you discover that you can't build a perfect mirror that sends half of the photons one way and half of them the other.

And there's a thousand other assumptions buried in this design that are actually going to trip you up. So that is an example of an extremely device dependent concept. You're really very heavily wedded to how you build your device in order for all of your security assumptions to still be true. It's a very difficult thing to achieve and it's one of the reasons why many approaches to generating randomness actually don't really generate what they think they do because there's all these differences between assumptions and reality. There is a completely different way of doing this that quantum really lends itself to. And sadly not all quantum solutions do this. There's very few that take this approach, but this is the direction we've approached it out at Cambridge Quantum. Which is to say, let's not assume very much about what's happening inside this process. Actually let's treat it almost like a black box, not quite, but let's make very few assumptions and treat this thing like a black box and then just, we'll challenge it from the outside, we'll send it in instructions and it'll give us back responses.

And Quantum is this amazing tool set to play with that you can actually build security systems on top of that so you don't have to know what's happening inside really. Instead, you just look at the inputs you give it and the outputs it gives you back and you can actually prove to yourself mathematically that it's generated in this case really, really unpredictable data. Really, really good cryptographic keys. And that is what a device independent protocol looks like. And I apologize if that was a bit deep into the weeds, but this is a concept that is really at the heart of why quantum is exciting for security practitioners because you can benefit from this sort of approach and have far more confidence in the security of your cryptographic foundations in this case. And I should add, by the way, we're getting into fairly technical details here, but these concepts are what power products like ours, but you don't actually need to be a quantum physicist to deploy them. You can benefit from that. I'm just trying to explain how they work a little bit.

Samantha Mabey: Exactly. It gets packaged up and then other people can implement them. So when we were talking about devices though, just to get a little clarity on that, are we talking about devices as we know them today? Like mobile devices, desktop computers, all that kind of things, IOT sensors? Or is that going to be the commercial application later on?

Duncan Jones: So I can speak mostly to what we are doing at my company, which is that we are developing predominantly cloud services that use quantum computers to generate cryptographic keys. So in this case, it's more of a service than it is a physical device, although we're not ruling out the possibility of packaging this up to devices at some point in the future. But what we are discovering is the world is moving evermore towards consumption of cloud services and people are expecting to consume increasingly the security services in that fashion. And so we've decided to align with that. And so in our case, we have a cloud service that uses the quantum computer from Continuum. And what it does is it runs millions and millions of interactions with this quantum computer. So this is a real world quantum computer, this trap iron quantum computer. And we generate then this output which then is fed into the cloud platform for generating keys, which are then sent out to where they need to go to.

Samantha Mabey: Okay. All right, cool. And so what does the integration of quantum key technology look like?

Duncan Jones: So the typical place you want a key to end up is in a hardware security module of course. And it's obviously a good podcast for that because I'm sure your audience cares about hardware security modules a lot. So certainly, we've not attempted to reinvent the wheel there. There are people who do hardware security modules very well, such as yourselves. So our goal really is to make sure that we can deliver keys into those environments.

So for us, a typical engagement will be that somebody has an existing cybersecurity deployment and they don't want to tear everything out. They don't want to rip out all the investment that they've made in equipment and services, but what they want to do is to make sure their foundations are as strong as they can possibly be. So we would integrate our quantum origin service with typically their hardware security modules so we can generate keys in our service and push them out securely encrypted and deliver them into a hardware security module where they can be protected and used exactly as they are today. So one of the things that we thought a lot about, and I think anybody building security systems needs to think about is how do you make it an easy lift so that people aren't starting from scratch? Because it's an uphill battle to try and convince people to tear out everything that they've invested in and become familiar with. And so that's very much how we've approached it, is to think that way.

Samantha Mabey: And who is adopting this technology or who should think about adopting it?

Duncan Jones: So I'd imagine actually if you looked at your customer segments and the people that typically reach out with an interest in hardware security modules and other services, it's a very similar crowd. Whether it's financial services, telecommunications or governments, big pharma. A lot of industry sectors now rely on, they've been through their digital transformation and cybersecurity is no longer optional for them. And so we are finding that they're embracing hardware security as an example. And so really anybody who is taking security seriously and wants to embrace the best that there is in terms of cybersecurity technology and/or who wants to demonstrate to their customers. Because cybersecurity is becoming increasingly important as a buying factor for consumers, whether they are end consumers like me and you, or whether they are B2B consumers. Cybersecurity is a huge factor now. It used to be a kind of nice to have. Now it's a motivating thing.

And so for some of our customers as well, it's about showing their customers that they're taking every precaution that they can with what is usually sensitive personal data that they're responsible for protecting. And so we see interest from a variety of sectors, but it is also the people you would expect. Financial services, governments, telcos, that sort of sector that really it resonates with.

Samantha Mabey: Yeah, definitely. We've seen a lot of that where, just talking about post-quantum preparedness, critical infrastructure, healthcare, financial, they're already looking at all of this. And organizations, we're encouraging everybody else to try to catch up or at least start looking at it, talk to your vendors, make sure they're looking at it, there's a roadmap. So yeah, absolutely agree with you on that. So before we do wrap up today, I was just wondering if you had any final words of wisdom or takeaways that you'd like to share with our listeners on what to think about within their own organizations?

Duncan Jones: I think it's important to not confuse some very similar sounding terms that you'll hear in podcasts like this, because when you hear about quantum, it can mean very many different things in cybersecurity and beyond. But in cybersecurity, it could mean this threat that's coming up. And obviously what you have to do about that threat is reasonably well understood now and it needs to unfold over the next 2, 3, 4, 5 years to make sure people are ready in time. But it's important not to confuse that threat with what quantum can offer as a positive, which even then has different time scales. Something like QKD, which is probably people's first... If you asked somebody on the street what good things can quantum do for cybersecurity? They'll probably think, oh, quantum key distribution. And that is definitely quite promising, but that again, is further away. So there's a slight risk that when you talk about quantum, there's this gut reaction that says, oh yeah, that's this thing that's coming up soon.

And I guess as a purveyor of technology that is commercially ready today, I would encourage people to look again at the quantum space and recognize that actually, it's here. There are products and services out there that can take your existing infrastructure and make them stronger. Yeah, quantum is not this thing that's coming later. It's something that's here today and not to be scared of. And I encourage your audience to explore this topic because it's fascinating and it really can enhance security.

Samantha Mabey: Outstanding. I love that. All right, so thank you so much again, Duncan, for joining us today. Really appreciate it.

Duncan Jones: Thank you.

Samantha Mabey: And that's it for today's podcast. So keep up with new episodes by following us on LinkedIn and Twitter using the links in the episode description. Thanks for listening to Entrust Engage.