By Jeremy Kahn for Bloomberg – first published on August 25, 2016
When it comes to cybersecurity, no one can accuse IPC Systems Inc., the New Jersey-based company that builds communications networks for trading firms and financial markets, of preparing to fight the last war.
IPC, which is owned by private-equity firm Centerbridge Partners LP, said Thursday that it is partnering with U.K. startup Post-Quantum to offer its clients encryption, biometric authentication and a distributed-ledger record-keeping system that the software company says is designed to resist hacking — even by a quantum computer. Never mind that quantum computers are still largely the stuff of science fiction.
“We want to provide our customers with whatever level of security and encryption they want,” Tim Carmody, IPC’s vice president of network services engineering, said. “We hear from our customers that some are concerned about the post-quantum world when quantum computers can decode existing encryption.”
IPC said it will be offering Post-Quantum’s security products to users of its Connexus Cloud, a financial markets network with 200,000 users across 6,000 network locations in 700 cities. Carmody said it would be up to each customer to decide which of Post-Quantum’s security offerings, if any, they wished to implement.
Quantum computing is still in its infancy — with some saying a true example of the technology is yet to be built.
A Canadian company called D-wave sells a device that it says uses quantum computing to solve a certain kind of computation — what’s known as optimization problems — but its claims are controversial. Plus, in order to work, D-wave’s machine needs to be cooled to temperatures near absolute zero and kept free of electromagnetic interference. It takes up nearly half a room and has a price tag of $10 million to $15 million.
IBM researchers also have created a rudimentary quantum computer that scientists can access remotely via the internet. But it also has to be extensively cooled, and is less powerful than traditionally built supercomputers. A few financial firms, including Goldman Sachs, Royal Bank of Scotland, CME Group and Guggenheim Partners are evaluating quantum computers and their potential impacts on algorithmic trading and portfolio management.
With a number of researchers, including those from Microsoft, predicting quantum computing may become a reality within a decade, IPC wants to be ready. “We have a lot of sophisticated customers who know the state of cybersecurity today and are looking to leap-frog and future-proof as much as possible and bring in defense-grade systems,” Carmody said.
Traditional computers process information encoded in a binary format — represented by either 0 or 1. Quantum computers, by contrast, work on quantum mechanical principles, including the concept of “superposition” — the idea that a particle can be in two different states, representing both a 0 and 1, simultaneously. This is what potentially gives quantum computers their incredible processing power, theoretically carrying out trillions of calculations per second.
And that is what has cybersecurity experts worried. Most digital encryption systems rely on numerical keys that are tens or hundreds of digits long. To break one by trying every possible combination, or by searching for numerical patterns that would allow the encryption algorithm to be reverse-engineered, is beyond the capability of conventional computers — at least in reasonable timescales. But a quantum computer could theoretically break these codes, including the popular RSA public key encryption standard, in seconds. In August 2015, the U.S. National Security Agency (NSA) warned U.S. government agencies and private government contractors that they should be prepared to transition to “quantum-resistant algorithms” in the future.
Post-Quantum, which was founded in London in 2009, uses an encryption system based on a type of cryptography first developed by researcher Robert McEliece in 1978. The McEliece encryption is believed to be far more resistant to the techniques a quantum computer could use to quickly break codes. Post-Quantum has also patented three modifications to McEliece’s original system that improve its functionality, Andersen Cheng, Post-Quantum’s chief executive officer, said.
The startup, which has conducted work for NATO and the U.K. government, sells a suite of security products. These include an authentication system that requires users to take a selfie video, in which they would read out a unique code. The recipient receives the video with a code generated by the encryption system overlaid on the image: if the code being read matches the code overlaid on the image, the message is authentic. (Plus, if the sender is known to the receiver, the receiver can recognize the sender’s image). This is designed to defeat so-called “man-in-the-middle” attacks where an intruder intercepts communications and impersonates a trusted party to gain access to a network, Cheng said.
The company also sells file encryption software that works by breaking a master decryption key into parts and distributing these — for instance, one might go to a financial firm’s customer, while another might go to a regulator. A certain minimum number of these key fragments must then be brought back together to unlock the file. This prevents insiders from abusing access privileges to steal or tamper with information, Cheng said. Post-Quantum has also developed a distributed-ledger record-keeping system, or blockchain, similar to the system that underpins the digital currency bitcoin. Financial firms are increasingly interested in using blockchains for clearing transactions and providing audit trails.
Carmody said that it was Post-Quantum’s biometric and geo-location based authentication system and its blockchain technology, as much as its quantum-resistant encryption, that convinced IPC to partner with the U.K. software company.
Cheng said that when Post-Quantum first began pitching its encryption technology to potential clients, he was routinely laughed out of the room by those who thought quantum computing was a joke. “No one is laughing anymore,” he said.
Post-Quantum received 8 million pounds in funding in July from VMS Investment Group, a private equity firm based in Hong Kong, and AM Partners. It is not the only startup trying to create encryption techniques for a post-quantum world. Quibtekk, a startup in California, is also working on similar products.