Canadian startup focuses on security for the quantum age
Canadian startup focuses on security for the quantum age
A small startup in Waterloo is working on a problem that touches everyone using the Internet for buying, selling and banking — securing sensitive data against attacks from quantum computers.
Isara Corp. , based in the Quantum Valley Investments building, went public about a month ago with the first in a suite of planned software products that it says will protect data in existing computers from hackers using quantum computers. The startup's sole focus is quantum-safe cryptography.
It is not only e-commerce that is threatened by the next generation of computers, but also sensitive government communications, says Scott Totzke, Isara's chief executive officer.
There is now a consensus among some of the biggest players in technology, including Google, Amazon and Microsoft, that quantum computers will be a commercial reality by 2026. Using the properties of subatomic particles to process and store information, they will be able to quickly break current methods of encryption.
Everything from credit card numbers, bank accounts, personal records, health files, tax records, corporate data and top-secret messages exchanged by spy agencies are all vulnerable to hackers using quantum computers, Totzke says.
That means any data that is currently stored — and must remain secret beyond 2026 — is already vulnerable, and steps should be taken now to protect it from quantum hackers.
"We have an existing threat even though this technology looks like it is a decade out," he says.
In a process called "harvest and decrypt," foreign governments collect encrypted information now and stash it in data centres, waiting for the day when quantum computers can break it all open, Totzke says.
Multinational banks and insurance companies with global infrastructure will need four to five years to plan for and deploy quantum-resistant software that protects their data, he says.
"Which means as an industry we've only got five years to get a solution in place, get technology that is tested and accepted and start upgrading all of our critical infrastructure so it will be quantum safe," Totzke says.
Cars and other products that are connected to the Internet and receive software updates over wireless connections and other devices that are part of the Internet of Things must also be safe from quantum hackers, he says.
"If we aren't considering how to mitigate the threat of a quantum computer-enabled adversary, we may not be able to trust software updates that we get to the cars," he says. "We could get rogue software updates that interfere with critical navigation systems or critical operational systems like steering and brakes and acceleration."
The issue goes beyond financial services and government secrets, Totzke says.
"It really becomes everything that is connected where you have to authenticate a user or a system or we have to protect a secret."
Something known as public key cryptography protects private information on the Internet. Most of the Internet connections people trust today are secured by something called RSA — an algorithm whose name is an acronym for the three founders of the widely used encryption method.
Isara says the remaining 20 per cent of Internet connections are protected by something called elliptic curve cryptography, which was developed by Certicom, a University of Waterloo spinoff that was acquired by BlackBerry in 2009. The technology is the basis for BlackBerry's vaunted security software that has never been hacked.
Totzke was formerly a senior vice-president at BlackBerry, responsible for the security of the company's products. His group helped to make security the biggest competitive advantage for BlackBerry. After 13 years at BlackBerry, he left in June 2014, looking for a change. He linked up with Mike Brown, another veteran of the BlackBerry security team, and founded Isara.
Brown has a master's degree in math from the University of Waterloo and spent a lot of time at the university's Centre for Applied Cryptographic Research. Most of the research going on at Isara is pure, advanced mathematics.
"When you connect with your phone to Amazon or TD or something like that, fundamentally there is mathematics," Brown says.
"Up to today we have trusted and relied upon that math because nothing can break it. Well, a quantum computer does," he says. "So the problem now is: 'What's the new math that we replace it with?' That's what Isara is focused on, studying that, implementing that and providing those products to customers."
In 18 months, the startup went from Totzke and Brown working together to 21 employees. It has produced the first in a small library of quantum-safe algorithms that will enable cryptography upgrades for traditional computers, sensors, Internet servers, routers and networks.
Isara is earning revenue, fully funded and hiring. Its lead investor is Quantum Valley Investments.
Even with 21 employees, Isara is the largest group of people focused on the problem of quantum safe cryptography, says Mark Pecen, the company's chief technology officer.
Implementing quantum-safe cryptography is presenting interesting challenges to the Isara team that includes four PhDs.
The challenges include: How do you make quantum-safe cryptography scale? How do you get a quantum safe algorithm to work on a sensor for the Internet of Things that has limited memory, limited computing power and limited battery power?
"Or how do you make it work, say in Amazon's web service cloud? These are very different problems that take different approaches," Totzke says. "And fortunately we have this great team here that is able to address those concerns in our design and implementation."
Pecen, formerly a senior-vice president and head of the advanced technology division at BlackBerry, sits on the board of the Institute for Quantum Computing at UW and he reports to the board of the European Telecommunications Standards Institute — the most influential organization in the world for setting technical benchmarks for smartphones and other wireless telecommunications devices.
Last year, he founded the institute's working group for quantum safe cryptography. He serves as the group's chair. Companies and governments that want to take part pay an annual fee. That money pays for the engineers and research that informs the standards.
"It is in the formative stages," Pecen says of the group's work. "That being said, the European Commission is in my group, the French government is in my group, the government of the United Kingdom is in my group."
Quantum computers use the properties of subatomic particles — atoms, ions, photons and electrons — for processing information. Instead of the bits and bytes of traditional computers, they use qubits.
Pecen says quantum computers already exist, mostly in university-based research labs, but the machines are small, ranging in size from one qubit to 12 qubits. The Institute for Quantum Computing at UW has what is believed to be the largest quantum computer, with 12 qubits, he says.