Why did the Sandbox leaving Google choose quantum encryption instead of quantum computing?

In March 2022, the Sandbox team, the secret quantum technology team of Google's parent company Alphabet, officially broke away from Alphabet and established an enterprise SaaS company called Sandbox AQ. AQ stands for Artificial Intelligence (AI) and Quantum (Quantum), which will provide customers with access to Solutions for quantum technology and artificial intelligence. The company has raised at least $100 million in financing.

In fact, Sandbox AQ, unlike Google, is not involved in the development of quantum computers, but instead focuses on how quantum technology intersects with artificial intelligence, developing applications to strengthen cybersecurity platforms, and more. The company's first products will be post-quantum cryptosystems and related privacy-enhancing technologies that attempt to keep data safe as quantum computing advances to the point that today's encryption techniques are obsolete.

As an entrepreneur, Sandbox AQ CEO Jack Hidary has a long-term focus on quantum computing and is the author of the book "Quantum Computing: An Approach to Application". However, why is the business direction of Sandbox AQ in quantum encryption, not quantum computing?

Hidary responded to this question in a recent interview with Inside Quantum Technology.

The specific interview content is as follows：

IQT: Sandbox AQ was part of Alphabet for years before being spun off last month, initially focusing on quantum-safe encryption. Is it a good time to make such a decision at this moment in the development of quantum computing?

Jack Hidary: The truth is, the world of quantum technologies is much more than quantum computing, and many technologies will have a greater near-term impact in the quantum realm than commercial quantum computers. I was so excited about quantum computing that I wrote a book about it, Quantum Computing: An Applied Approach. But the truth is, we need to look at quantum secure communications more broadly, an area that we will see rapid growth in the short term, will impact telcos and their B2B users, and ultimately will impact mobile applications and other consumer use thing.

Cyber ​​hackers are tracking encrypted data and storing it on adversary servers, waiting for them to have enough computing power to decrypt it. When one considers intellectual property, the trillions of dollars of intellectual property that resides in the servers of the world's top 1000, this is obviously a huge hidden danger: in the case of pharmaceutical companies, there is a lot of intellectual property in compounds and formulations; in the case of pharmaceutical companies For chemical companies, a lot of proprietary data is used to drive the business; for banks, they have proprietary transaction models, risk models, not to mention the multi-gigabytes of data that need to be protected under the compliance regime that the bank operates. bytes of customer data.

We need to protect all of them for years to come. So what we need to do now is move from RSA (the standard today) to a post-RSA environment. RSA has served us well: it started in 1978 and has served us for over 40 years; but it's time for a global migration to publish the RSA protocol. The good news is that many governments around the world recognized this years ago, especially after launching a coordinated global multi-national, multi-stakeholder opening process six years ago (referring to NIST post-quantum cryptography). Standardized Work), a genuine, in-depth review of more than 60 initially accepted materials. Three rounds of screening have now produced a final set of agreements, the first of which we will see in the coming weeks.

IQT: Are these standards that the National Institute of Standards and Technology (NIST) will publish?

JH: In the next two or three weeks, NIST is expected to publish the final list of post-quantum algorithms, which is exciting because that gives us the tools the private sector needs to protect the world's data to re-encrypt at RSA or elliptic curve or other now vulnerable protocols encrypted datasets and start implementing these new protocols. These apply not only to static data, but also to dynamic data. Therefore, the services provided by payment centers, transaction centers, telecommunications providers in terms of transaction connections are data in motion that must now be protected. This includes telecom products such as VPLS and VPNs, where the "P" refers to the privacy provided by RSA. Now, we have to upgrade it to a post-RSA protocol, otherwise any traffic going through the VPN is vulnerable to eavesdropping.

IQT: There are reports of a research paper showing how one of the algorithms NIST was considering was broken in just over 50 hours. Is this one of the concerns?

JH: I think NIST's final list will focus on a few other protocols. To be clear, the final standard proposed by NIST has not been broken. The protocols were developed through a process (starting with 69 candidate algorithms) during which concerns were raised about one of the protocols. The digital signature Rainbow is the one you're referring to. Not just recent papers, in fact previous papers have shown it to be problematic.

But Rainbow can be fixed by tweaking some parameters, so in future spec output we can see that Rainbow is still useful. But for now, we believe NIST will put the Rainbow issue on hold for now. Another thing to keep in mind is that we will now have multiple protocols. We are moving data protection from the single-protocol world of RSA to a multi-protocol world.

IQT: So what happens next?

JH: Migrating from RSA to post-RSA is a software migration that doesn't involve a hardware upgrade, but 20 billion devices worldwide will require a software upgrade. About 7 billion phones need to be upgraded because they currently run on top of RSA encryption. Think about all the apps on those phones. When you're using a mobile banking app, or when you're on any security app, all of this is RSA encrypted and has to be upgraded. That means 7 billion phones, billions of laptops, servers and other PCs, and of course billions of IoT devices to upgrade. This is a software upgrade of hardware devices as well as network, infrastructure, payment centers and other software layers. This process has begun and will continue.

IQT: How does Sandbox AQ help companies start this process?

JH: One of our products is a set of machine learning-driven discovery tools that companies can use to scour the web to find all the places in the web where cryptographic protocols are used. It will visually show where RSA or elliptic curve cryptography is being used in the network. With these discovery tools, the discovery process for a typical telco or other type of company will take about six to nine months. These discovery tools will help you generate reports that you can submit when upgrading to ensure you are compliant with the various agencies that need to upgrade your encryption. We also offer a suite of products for telcos to bundle into their VPNs or SDNs, enabling them to enhance the level of security across their various telco products. Finally, we provide actual cryptographic modules based on NIST standards.

Link:

https://www.insidequantumtechnology.com/news-archive/sandbox-aq-ceo-jack-hidary-on-the-migration-to-quantum-secure-encryption/