Post-Quantum company awarded SBIR III contract to combat ‘harvest now, decrypt later’ threat from quantum computing
QuSecure, a provider of post-quantum, or quantum-proof, cryptography, has been awarded a small business innovation research (SBIR) Phase III contract by the federal government. If funding is like last year’s phase III awards, QuSecure will gain access to more than $100 million to speed development and help commercialize its product for federal government and private industry use.
QuSecure is the only post-quantum product to achieve this status, so it effectively becomes the government’s preferred supplier to counter the ‘harvest now, decrypt later’ threat of future adversarial quantum computing.
NIST is currently engaged in a competition to choose a preferred or possibly multiple preferred quantum-proof encryption algorithms. All encrypted communications that have been stolen by bad actors – criminal gangs and adversarial nations – will become available to the adversaries as soon as a quantum computer powerful enough to run Shor’s algorithm is developed.
“We need to do something now,” Pete Ford, QuSecure’s SVP of government operations, told SecurityWeek. The encrypted data adversaries already have is lost, but there is a need to prevent the collection and decryption of future communications. “This is a matter of not just national importance, but whole of government importance. And if we don’t do something now, we’re just going to be bouncing around like a pinball going from problem to problem. We need greater threat protection and less vulnerability than we currently have.”
The urgency is supported by both NIST’s haste in its encryption competition and the speed in which QuSecure has been awarded SBIR phase III (the company was only awarded SBIR phase II earlier this year). SBIR III was immediately awarded following a pilot project in which QuSecure successfully deployed its QuProtect product at a federal facility.
The money for SBIR phases I and II comes from a ‘tax’ levied by the Small Business Administration on federal agencies’ budgets – generally ranging from less than 1% to less than 2%. The award winners can apply to the fund for specific amounts within the award for specific R&D purposes.
Phase III changes this. “It can now come from any color of money across 12 different federal agencies,” said Ford. It is effectively an endorsement from the government, which recognizes what a firm is doing in the private sector and has decided it can also be adapted for use by government.
The attraction of the QuSecure solution is threefold. Firstly, it scales easily, from individual mobile telephones to large data centers. Secondly, it can apply quantum-proof encryption to both data in transit (communications) and data at rest (stored). And thirdly, it is crypto agile. It doesn’t matter that NIST has not yet chosen its preferred post-quantum algorithm, because QuSecure can use any algorithm.
“Whoever wins,” said Ford, “we can work with them on our systems. Our quantum resilient tunnel will run on any algorithm that is approved or not approved. So, for example, right now, AES 256, and RSA 256 are the normal encryption algorithms for the asymmetric PKI world we live in. We work with those too. We can also be used on old systems – we still even send encryption to some legacy satellites using 3DES. So, for us, we don’t care who wins the NIST competition. We’re able to work with all of them and set up the tunnel they can run on. Then we just put our quantum keys over the outside of that to add another layer of protection against a quantum computer attack.”
Rear Admiral Mike Brown, a cybersecurity specialist formerly with the Departments of Defense and Homeland Security, said that SBIR Phase III “recognizes QuSecure’s capability and supports scaling post-quantum cryptography commercially, federally, and especially for the warfighter.” Pete Ford is one of those, having previously been a fighter pilot during four combat tours.
“As organizations begin to evaluate the opportunities and threats that quantum computing presents, the federal government is already acting now to hedge against those threats which, if not addressed, could completely knock the US out of the arena,” said Laura Thomas, former CIA Chief of Base, and now VP of corporate strategy at ColdQuanta. “This choice was made as QuSecure has proven that its adaptive orchestrated PQC solution offers continuous availability providing the simplicity, flexibility and scalability for the universal protection needed to secure our networked society and national interests.”
Related: Quantum Computing’s Threat to Public-key Cryptosystems
Related: QuSecure Launches Quantum-Resilient Encryption Platform
Related: Quantum Computing Is for Tomorrow, But Quantum-Related Risk Is Here Today
Related: Mitigating Threats to Encryption from Quantum and Bad Random