[Cryptography] Any thoughts on Arqit ?
Michael Nelson
nelson_mikel at yahoo.com
Wed Jan 19 19:11:07 EST 2022
> > Any thoughts on what they are doing?
>
> ...
> ▪ They mutually authenticate with QuantumCloud
> ▪ QuantumCloud sends a new shared secret down to the endpoints.
> ...
> I would recommend against this unless there are some thorough publications behind it.
My thoughts exactly. Thanks for the input, and thanks for the link. One could conjecture that it's a symmetric key KDC as you said, with a little quantum spice thrown in at the server, as an alternative to an HSM. If a nice quantum-proof public key system comes along it could look rather clunky. The company seems to have a valuation of a couple of billion $ !
Mike
On Thursday, January 13, 2022, 05:19:13 PM PST, Richard T. Carback III <rick at carback.us> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Someone sent me this company a little while ago as well, they are definitely advertising — It looks like a KDC approach for key agreement of encrypted connections. From their investor deck:
Devices like phones, servers, cars or fighter jets want to communicate securely together:
▪ They both acquire a “bootstrap key” on day one using an Arqit patented method.
▪ They mutually authenticate with QuantumCloudTM.
▪ QuantumCloudTM sends a new shared secret down to the endpoints.
▪ The devices now create a new shared symmetric key.
▪ They use that key inside an AES256 algorithm to securely share information over classical channels.
▪ These keys are computationally secure, zero trust, unlimited group size and optionally one-time use.
Source: https://d1io3yog0oux5.cloudfront.net/_1e4e61ce0e434d68031867e29c03d4e7/arqit/db/2137/19926/pdf/FYE+Earnings+Presentation+vFinal.pdf <https://d1io3yog0oux5.cloudfront.net/_1e4e61ce0e434d68031867e29c03d4e7/arqit/db/2137/19926/pdf/FYE+Earnings+Presentation+vFinal.pdf>
I would recommend against this unless there are some thorough publications behind it...
-R
> On Jan 13, 2022, at 7:38 PM, Michael Nelson via cryptography <cryptography at metzdowd.com> wrote:
>
> Website: https://arqit.uk <https://arqit.uk/>
>
> Someone asked me about this company. They seem to have made a pretty fancy Web site, claim to have some customers, and "a patent moat of 1,435 patent claims" (!).
>
> He's interested in the "QuantumCloud" product. I could not find any concrete whitepaper or anything. There may be publications on the site or elsewhere, but I gave up after watching a video and poking a bit, and thought I'd ask you guys.
>
> It seems to be about quantum key setup. Only symmetric keys are used as they are more resilient to quantum computing. Seems to include corporate/govt use, and consumer use. My guess is that the former has some quantum stuff at each endpoint, whereas the consumer application has an app on a conventional mobile phone, and the quantum stuff is done on a satellite.
>
> I've no idea how they deal with authenticating the users, so that they know who they are talking to, the usual challenge of quantum key setup.
>
> A few quotes:
>
> "It creates unbreakable, trustless, one time symmetric encryption keys in infinite group keys and with infinite frequency of refresh."
>
> "QuantumCloud puts a lightweight agent at any endpoint device. This software creates an unlimited number of symmetric keys with partner."
>
> "impossible for this ... to be stolen and used ..."
>
> Any thoughts on what they are doing?
>
> Mike
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail
wsFzBAEBCAAnBQJh4M+LCZA/GuWbfQE6TRahBAGFytdGt1Ef10NhlD8a5Zt9
ATpNAADKZg//aaV9GkpdZjWNtAv8JCI5BNMlx62KVvmAhbQLFIxWMnWPcWMJ
JN+zGgdATlC1lNa96HvUusLdDO3rp4tOVVJZ9EQUQR05EKYuEPSP+kdJMgtF
H3wU9xuRiUGh3Fdg/yxTdMgxbioYcaxZvp4hYmPtBXCPxBbWBGOfV5IvQmMy
CkUbavOR1H/GYjQPdJ1298vjF8mHgSXJH7xPjEFn637ikL4YaQN4JgLuc4Lv
Vt8hXew/qzYCj+0JEfyXYmRLoCejz+2iHzILv3IgrP3DSbbvnaoFVAvzODYr
e6FxKODhbXC122pfOx9om8yHAgi/J2ffm90VR2cjbl74gezfx2vOr7qBeBVR
poQ4O/sygDimIip5y+48tHzn8roqhcCcXhy4P3fJpI7v4+vptrEDamaUzric
1Q1OLCI6aS6PCgpSVZ3q+EJuT/EUNH/iozWX5EZuxFVRaPpPqjZszgRb033r
4PifLvTm22RrPfV6KNXHbib1W3HbjBMKYEXRQfTl0JtcKf/Ep8gf1XaycblP
XK5wLX2SQID6La6TJ5bhBJy9OweQ6k6NCoD/hOKay/FNWIDj1ijKuSZdIVT1
oFBH5AD/wBEsEbw3GuTnkS7PpMAzCQqVigPdDMZ5F1ZQtRjL58riHPwF0U6O
+cVfrs9uJtyJCn2z9HEFX6Shp9mV7o6Kz5Q=
=nWQg
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list