[Cryptography] Any thoughts on Arqit ?

Richard T. Carback III rick at carback.us
Thu Jan 13 20:27:41 EST 2022 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


> On Jan 13, 2022, at 7:38 PM, Michael Nelson via cryptography <cryptography at metzdowd.com> wrote:
>
> Website:  https://arqit.uk <https://arqit.uk/>
>
> Someone asked me about this company. They seem to have made a pretty fancy Web site, claim to have some customers, and "a patent moat of 1,435 patent claims" (!).
>
> He's interested in the "QuantumCloud" product. I could not find any concrete whitepaper or anything. There may be publications on the site or elsewhere, but I gave up after watching a video and poking a bit, and thought I'd ask you guys.
>
> It seems to be about quantum key setup. Only symmetric keys are used as they are more resilient to quantum computing. Seems to include corporate/govt use, and consumer use. My guess is that the former has some quantum stuff at each endpoint, whereas the consumer application has an app on a conventional mobile phone, and the quantum stuff is done on a satellite.
>
> I've no idea how they deal with authenticating the users, so that they know who they are talking to, the usual challenge of quantum key setup.
>
> A few quotes:
>
> "It creates unbreakable, trustless, one time symmetric encryption keys in infinite group keys and with infinite frequency of refresh."
>
> "QuantumCloud puts a lightweight agent at any endpoint device. This software creates an unlimited number of symmetric keys with partner."
>
> "impossible for this ... to be stolen and used ..."
>
> Any thoughts on what they are doing?
>
> Mike

Someone sent me this company a little while ago as well, they are definitely advertising — It looks like a KDC approach for key agreement of encrypted connections. From their investor deck:

Devices like phones, servers, cars or fighter jets want to communicate securely together:

▪  They both acquire a “bootstrap key” on day one using an Arqit patented method.

▪  They mutually authenticate with QuantumCloudTM.

▪  QuantumCloudTM sends a new shared secret down to the endpoints.

▪  The devices now create a new shared symmetric key.

▪  They use that key inside an AES256 algorithm to securely share information over classical channels.

▪  These keys are computationally secure, zero trust, unlimited group size and optionally one-time use.


Source: https://d1io3yog0oux5.cloudfront.net/_1e4e61ce0e434d68031867e29c03d4e7/arqit/db/2137/19926/pdf/FYE+Earnings+Presentation+vFinal.pdf <https://d1io3yog0oux5.cloudfront.net/_1e4e61ce0e434d68031867e29c03d4e7/arqit/db/2137/19926/pdf/FYE+Earnings+Presentation+vFinal.pdf>

I would recommend against this unless there are some thorough publications behind it...

-R
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsFzBAEBCAAnBQJh4NGMCZA/GuWbfQE6TRahBAGFytdGt1Ef10NhlD8a5Zt9
ATpNAADKjQ/+L7/nBXfKoxDFKgvGt4XA7tMmEi8/utdfpTgPy2M/mbn11kiK
kGgwRGP+x0sdXD0znUXLcqWRL5CqQi0tZmx0YWCmkCZJHofjUADeI1mJrt5O
47wPy2Sxr8qZm0hdrTTifJTPJ1UuSZful2qgazwXaNNkphVK3VKgEFlIBwYL
ZI5FCJdyiNyotSK/H7f558QN6YmeWbYy02BW345iC6MDrHUIcd/RjhOWJltQ
0oIBqvc78T4fI1132UL0xeNsBy6zOx0B1TtBXOV0qpxDXTEIpz/qZeNkIopg
XINMePSqZr9I1vfMtG6dKDXVbo+wWH4fSTHMHE36JieDCZlm7oZTUSqXmWzn
CDJG0luF8gc0vdhqLWoKdmu3BfUpS6ups4OHSP9eI47ZWjhJ6i+Ad8xjuuAb
8epkOUpBp7C4wImZtqsCu7GzckfMdvAGqzUc9eJwaWTcbiH48zx1atsqKu70
+nh0sq/SBdUfe3B0O8XqMpDSM1G3xoxqDCuIinQAw7aKdJDyVftAbLOQXZID
e3R3ai9tzjAXnXoQB0HOV7FgGkRBnUDVOYsHrgbtC9zlO8HOH+i7VxLqpgEX
SruVj8Civic3/1w8Lecb87elKgKXlS2TD14D3g5ZsIif6nGkPmWOcARsI9Xr
bGMF2tUKN/0FZzErEbdqWchYyTX+mR3besg=
=zckI
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0185cad7.asc
Type: application/pgp-keys
Size: 3147 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220114/22b20465/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - rick at carback.us - 0185cad7.asc.sig
Type: application/pgp-signature
Size: 566 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220114/22b20465/attachment.sig>

More information about the cryptography mailing list