British Encryption Startup Arqit Overstates Its Prospects, Former Staff and Others Say (wsj.com) 19
Arqit says its encryption system can't be broken by quantum computers, but former employees and people outside the company question the relevance of its technology. The Wall Street Journal: A U.K. cybersecurity startup rocketed to a multibillion-dollar valuation when it listed publicly last fall on the promise of making encryption technology that would protect the defense industry, corporations and consumers alike from the prying eyes of next-generation computer systems. Founder and Chief Executive David Williams told investors at the time that his company, Arqit Quantum had an "impressive backlog" of revenue and was ready "for hyperscale growth." But Arqit has given investors an overly optimistic view of its future revenue and the readiness and workability of its signature encryption system, according to former employees and other people familiar with the company, and documents viewed by The Wall Street Journal.
While the company says it has a solution to a quantum-computing security challenge that U.S. intelligence last year said "could be devastating to national security systems and the nation," government cybersecurity experts in the U.S. and the U.K. have cast doubt on the utility of Arqit's system. Arqit's stock price reached its highest level to date of $38.06 on Nov. 30 and has since fallen, to $15.06 on April 14, amid a broad pullback of young tech stocks. When the company secured its Nasdaq listing last autumn, its revenue consisted of a handful of government grants and small research contracts, and its signature product was an early-stage prototype unable to encrypt anything in practical use, according to the people. The encryption technology the company hinges on -- a system to protect against next-generation quantum computers -- might never apply beyond niche uses, numerous people inside and outside the company warned, unless there were a major overhaul of internet protocols. Arqit disputed that its encryption system was only a prototype at the company's market debut. "This was a live production software release and not a demonstration or trial," said a company representative. "It was being used by enterprise customers on that day and subsequently for testing and integration purposes, because they need to build Arqit's software into their products."
While the company says it has a solution to a quantum-computing security challenge that U.S. intelligence last year said "could be devastating to national security systems and the nation," government cybersecurity experts in the U.S. and the U.K. have cast doubt on the utility of Arqit's system. Arqit's stock price reached its highest level to date of $38.06 on Nov. 30 and has since fallen, to $15.06 on April 14, amid a broad pullback of young tech stocks. When the company secured its Nasdaq listing last autumn, its revenue consisted of a handful of government grants and small research contracts, and its signature product was an early-stage prototype unable to encrypt anything in practical use, according to the people. The encryption technology the company hinges on -- a system to protect against next-generation quantum computers -- might never apply beyond niche uses, numerous people inside and outside the company warned, unless there were a major overhaul of internet protocols. Arqit disputed that its encryption system was only a prototype at the company's market debut. "This was a live production software release and not a demonstration or trial," said a company representative. "It was being used by enterprise customers on that day and subsequently for testing and integration purposes, because they need to build Arqit's software into their products."
AES (Score:4, Informative)
AES is already resistant to quantum computers. Why would we need a new system when AES has already been widely implemented and studied to death?
Re:AES (Score:4, Interesting)
I see a lot of confusion between symmetric algorithms, which, in general, most are resistant to quantum attacks, versus asymmetric algorithms, where this is a major attack vector.
What might be the way to mitigate this is to fall back to some sort of symmetric encryption, perhaps some way of doing shared secrets. Downside of this is the fact that it means having n^2 keys stored, and if an attacker gets at those keys, then all is lost and everything has to be re-negotiated again. However, if Alice has a solid symmetric key connection with Bob, Bob has a good one with Charlie, then there may be a way that Alice and Dan can use a Diffie-Hellman style of key exchange going through Bob and Charlie. However, if Bob and Charlie's link is compromised, then there isn't any way for Dan to establish a reliable, secure key exchange to Alice. This may be useful if Alice and Bob might have access to several channels, for example, Alice and Bob exchanging keys physically.
Another way (and likely a practical alternative) is to do like VeraCrypt offers, and have a cascade of 2-3 algorithms. This adds significantly to the compute time, but it ensures that if RSA is broken, then a lattice based algorithm keeps things in place, and if both are broken, something like the CRYSTALS set of stuff might just keep signatures valid. As time goes on, every 10-20 years, change out any algorithms that are in danger of being compromised, or up the key size.
Re: (Score:3)
What might be the way to mitigate this is to fall back to some sort of symmetric encryption, perhaps some way of doing shared secrets.
Nah. Quantum-resistant asymmetric cryptography, for both signing and key agreement, is an area of very active research, and there are a number of algorithms that are widely believed to be quite secure already, and there's a NIST process underway to pick standards (the same way AES was standardized, and SHA-X, and DES before them).
That said, we probably will have to change our protocols and designs somewhat. The post-quantum computing (PQC) algorithms have much larger keys, and are much slower. Some of the
Re: (Score:2)
I feel dumb by asking, but what is the Big-O of PQC algorithms? I know RSA is O (n^3), where a 4096 bit key takes eight times as long to generate and use than a 2048 bit key. I wonder if it is similar, or different.
Keeping keys persistent will be an interesting challenge, especially with the compute cost of PQC algorithms being so prohibitive, especially if a server is compromised, and cached persistent keys are exfiltrated. Maybe the ultimate solution will be an algorithm that can be done in hardware ve
Re: (Score:2)
I feel dumb by asking, but what is the Big-O of PQC algorithms? I know RSA is O (n^3), where a 4096 bit key takes eight times as long to generate and use than a 2048 bit key. I wonder if it is similar, or different.
No idea. This isn't a metric that cryptographers use, or think about. RSA is in kind of a funny situation, bridging from pre-modern to modern cryptography (though modern cryptography very, very rarely uses RSA; use of RSA is even a sort of a "code smell" in modern designs). Modern algorithm key sizes are chosen so that it doesn't matter how much faster computers get. The algorithms are secure, because the amount of computation required (assuming no weaknesses are found) to brute force break is so vast. T
Re: (Score:2)
AES is resistant, but requires a key exchange so each party knows the key. The key exchange is performed with public-key encryption, which is susceptible to quantum attacks.
Re: (Score:2)
Sure, but they can be made strong again by simply doubling the key sizes.
Re: (Score:2)
No. It actually is "may be susceptible to QC attacks if QCs ever manage to work reliably enough and to scale enough and the method cannot simply use longer keys". Even RSA is quite "QC safe" these days and from the abysmally bad scaling and progress on working GCs, something like RSA-4096 will probably be safe from QCs for the next 100 years or longer.
Re: (Score:2)
AES is already resistant to quantum computers.
Any block-cipher with sufficiently long keys (>= 200 bit or so) is. Quantum computers a) are not magic and b) do not even exist in any meaningful way and may never get there.
Makes sense (Score:3)
This may seem like an obviously silly idea for a startup on at least 2 levels to most of us, but getting your encryption algorithms as a black-box system from a for-profit company was a thing when most of the people who have money to gamble in the stock market were growing up, and they're also less likely to know that there are already open-source post-quantum cryptography algorithms available.
NIST has almost settled on a Post-Quantum Standard (Score:3)
For both signatures and private/public encryption, NIST has gone through three rounds of public submissions and scrutiny for new post-quantum algorithms. They're actually a bit delayed in announcing a winner, but it should come any day now. Why the need for a startup to create some off-shoot non-standard solution?
...because ripping off defence companies is easy (Score:2)
The Titantic (Score:2)
Always be wary of anyone stating their gizmo canâ(TM)t be hacked or broken. The Titanic sunk and numerous security systems have been broken.
Everything has a vulnerability, if not today, then certainly at some point in the future. Just because one hasnâ(TM)t been found usually means no one has bothered to try hard enough or has access to the right tools.
Also to state something is unbreakable probably also means said creator is planning to sit on their ass and deny any possibility of weakness, which
Tamil Nadu 11th Important Question Paper 2023 (Score:1)