This is the fifth installment of my series of interviews with companies exploring innovative and emerging technologies impacting global markets and the digital landscape. With the proliferation of sophisticated cyber-attacks by threat actors, securing corporate data is more important than ever, especially with the advent of emerging technologies like artificial intelligence and quantum. In this installment, I am pleased to interview Robert Liscouski on the topic of Quantum Cryptography and Zero Trust.
First, a little overview of quantum computing: The research firm Gartner succinctly describes quantum computing as: “[T]the use of atomic quantum states to effect computation. Data is held in qubits (quantum bits), which could hold all possible states simultaneously. Data held in qubits is affected by data held in other qubits, even when physically separated. This effect is known as entanglement.” In a simplified description, quantum computers use quantum bits or qubits instead of using binary traditional bits of ones and zeros for digital communications.
Quantum computing provides unprecedented computational speed with predictive analytics to solve problems. Quantum technologies use the unique characterizations of sub-atomic particles to process data inputs and will likely revolutionize everything from cybersecurity to real-time analytics.
CB: How do quantum technologies impact Zero Trust Cybersecurity?
RL: With the growing number of cyber-attacks targeting the public and private sectors and critical infrastructures, the United States government has taken steps to secure cyberspace and digital ecosystems with key policies, including “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems,” and moving toward “Zero Trust Principles.”
Zero Trust is a cybersecurity approach that assumes that there is no inherent trust in any user, device, or system, regardless of whether they are inside or outside an organization’s network (Figure 1). Traditional security models typically operate under the assumption that anything inside the network is trustworthy.
The core tenet of Zero Trust lies in not trusting anything and continually verifying, inside out. This places a strong emphasis on authentication both inside and outside of your network.
However, reliance on cryptographic methods like the public-private key is problematic, even in the current state, as their security relies on the inability of modern computers to quickly solve certain types of math problems.
As quantum computers become more widely available, these math problems will be solved — making our conventional security algorithms susceptible to attack.
Quantum networks are a way to proactively secure your communications. It’s important to align with frameworks that support both centralized and distributed authentication for users and devices, and that closely adhere to zero-trust principles. Doing so eliminates the need for unwarranted trust and minimizes the exposure of critical data.
CB: What is a quantum network and why is it necessary for Zero Trust?
RL: Quantum networks (Figure 2) are a central component of a Zero Trust architecture because they introduce the required critical layers of trust: authentication and the cryptographic method itself.
The data transmitted over quantum networks is in the form of qubits, or quantum bits. Quantum bits obey the laws of quantum mechanics, which means they can be entangled and exist in several states at once, unlike a computer bit that can only be a 0 or a 1. Physicists use these quantum properties to design networks which, at their core, are resistant to quantum attacks, data manipulation, and eavesdropping.
Quantum cyber security technologies provide access to zero trust security, which is nearly impossible to breach, even with advanced quantum computational power (Figure 3). Quantum cyber solutions include:
- Quantum Random Number Generation (QRNG) uses quantum phenomena to generate truly non-repeatable random numbers, providing higher entropy and unpredictability for encryption keys, tokens, and other security-sensitive data in a zero-trust environment.
- Quantum Key Distribution (QKD) allows two parties to establish secure encryption keys with unconditional security, making them resistant to eavesdropping and key interception, thus enabling strong encryption and authentication in zero-trust networks.
- Quantum Authentication can enhance traditional authentication methods and ensure secure authentication in a zero-trust setting using quantum-resistant cryptographic algorithms and quantum properties like entanglement.
- Zero Knowledge Proofs (ZKPs) allow verification of claims without disclosing sensitive information, providing privacy, and security in interactions and enabling trustless decentralized systems.
Quantum Computing Inc.’s nanophotonic quantum entropy technology can be leveraged to provide quantum authentication on the same platform and is a full solution to replace public-private key cryptography, which is inherently vulnerable to evolving quantum threats.
QCi’s patent on Quantum Private Communication methodology addresses the concerns of key distribution approaches with trusted third-party authentication/validation and provides a pure hardware alternative that requires no mathematics, algorithms, or pseudo random numbers. Patented approaches using entangled photons and correlated true quantum random numbers generated from the quantum entropy source are combined in a methodology that ensures that only the intended recipients of information are properly authenticated in a trustless system approach.
Introducing quantum cybersecurity tools into a Zero Trust architecture provides an all-encompassing security approach to protect against modern and future cyber threats. Embracing quantum-enabled Zero Trust is a complex undertaking, requiring a multi-year journey. So, it’s crucial to start laying a strong foundation early, with a well-defined strategy and phased plan.
CB: What is Quantum Key Distribution, or QKD, and why does your approach extend beyond it?
RL: Quantum Key Distribution protocols facilitate secure key exchange methods for replacing conventional cryptographic algorithms. The property of quantum entanglement is essential here for providing an additional layer of security. By transmitting information using entangled photons, it can be guaranteed that the line has not been uninterrupted or compromised. It is secure from an authentication perspective and no private key information was distributed.
This fortifies the Zero Trust concept by providing an added dimension of trustworthiness.
Although QKD sounds good in theory, in practice, as always, there are complications. The Achilles heel of QKD is that this method cannot provide a means for authenticating the sender and the receiver of the information, in the first place. Typical approaches to overcome this limitation rely on the sharing of secret keys from a presumably trusted third party, and the subsequent use of traditional authentication protocols.
QCi’s solution fixes the inherent vulnerabilities of QKD and is compatible with business’ existing cyber network architecture and infrastructure, to reduce its time and cost to implement.
This is a simple and elegant method for offering quantum authentication and secure QKD on the same platform by using the inherent probabilistic nature of “quantum measurement” and then using the measurement sequence as the encryption bases.
We go beyond traditional quantum cryptography, by offering QRNG, QKD, and Q-Authentication, all on the same platform. This approach addresses the vulnerabilities of the existing PPK network architecture, utilizes existing infrastructure, and aligns with the Zero Trust model of authentication emphasis.
Quantum authentication ensures data confidentiality by providing quantum-secure protection and verification across unsecured networks to non-trusted devices. When integrating quantum authentication with QKD, users can verify their authenticity without having to share secret keys over a network or rely on a third-party. This approach guarantees data transmission to authorized users, even assuming that our adversaries possess infinite computing power.
Governments, academia, and tech leaders in industry are investing with heightened intensity in the research and development of functional quantum computing applications.
The era of quantum computing is here and QCi is excited to be one of the companies leading the way. There is so much good to be harnessed from the power of quantum.
CB: Thank you Bob for an enlightening discussion
Figure 1: A quantum-powered Zero Trust Environment
Figure 2: Critical Elements of Quantum Secure Network
Figure 3: Quantum key distribution allows unconditionally secure quantum key exchange: one-time-pass, truly random with the requirement of a pre-authenticated channel using classical cryptography.
ABOUT QUANTUM COMPUTING INC.
Quantum Computing Inc. (QCi) (NASDAQ: QUBT)is an innovative, quantum optics and nanophotonics technology company on a mission to accelerate the value of quantum computing for real-world business solutions, delivering the future of quantum computing, today. The company provides accessible and affordable solutions with real-world industrial applications, using nanophotonic-based quantum entropy that can be used anywhere and with little to no training, operates at normal room temperatures, low power, and is not burdened with unique environmental requirements. QCi is competitively advantaged delivering its quantum solutions at greater speed, accuracy, and security at less cost. QCi’s core nanophotonic-based technology is applicable to both quantum computing as well as quantum intelligence, cybersecurity, sensing and imaging solutions, providing QCi with a unique position in the marketplace. QCi’s core entropy computing capability, the Dirac series, delivers solutions for both binary and integer-based optimization problems using over 11,000 qubits for binary problems and over 1000 (n=64) qubits for integer-based problems, each of which is the highest number of variables and problem size available in quantum computing today. Using the Company’s core quantum methodologies, QCi has developed specific quantum applications for AI, cybersecurity, and remote sensing, including its Reservoir Photonic Computer series (intelligence), reprogrammable and non-repeatable Quantum Random Number Generator (cybersecurity), and LiDAR and Vibrometer (sensing) products. For more information about QCi, visit www.quantumcomputinginc.com.
ABOUT ROBERT LISCOUSKI:
Robert has served as president, CEO, and chairman of QCi since February 2018, bringing to the company more than 35 years of executive experience at public and private companies, and federal agencies. Robert’s public sector experience includes time in the U.S. Department of Homeland Security, the U.S. Department of State, the Bergen County Prosecutor’s Office, and served on the Intelligence Science Board supporting the CIA and NIA. On the private sector side, Robert held roles at Implant Sciences, Coca-Cola Company, and Orion Scientific Systems. Robert currently serves on the board of technical advisors for the National Center for Missing and Exploited Children and the National Child Protection Task Force board. He received his Bachelor of Science from John Jay College of Criminal Justice and Master of Public Administration from the John F. Kennedy School of Government, Harvard University.
