The Arqit shareholder fraud lawsuit is pulling back the curtain on the Quantum computing industry. Before it’s over we may see how much is FUD, snake oil and legitimate.
Since the story broke in the Wall Street Journal, dozens of law firms are piling on claiming their product, QuantumCloud. The suit claims the product is still a prototype and the projected revenue is overstated.
Arqit denied the allegations, dismissing them as most companies do (i.e. disgruntled former employees). They claim the product is being integrated into several governmental and telecom organizations. The question, however, is whether the market is ready for their technology.
Lots of players
Arqit is one of dozens of companies involved in quantum-safe or quantum-resistant encryption. This is different from quantum encryption. The latter involves using quantum computers to create encryptions exceeding the advanced encryption standard (AES) or 256-bit encryption. But there exist no quantum computers in the world that can actually do that. The former, however, currently involves using quantum computing that creates standard encryption that is at least difficult for a quantum computer to break (resistant) if not impossible to break (safe). Quantum-safe encryption is not new, though.
Almost a decade ago, Poland-based Cyberus Labs introduced Cyberus Key, a security product for IoT devices. The key eliminates the need for passcodes, multi-factor authentication and biometrics using one-time codes passed between a human and a machine. That description matches what Arqit says is what their technology does.
Jack Wolosewicz, CEO of Cyberus Labs, agreed that Arqit’s product description is very similar to his company’s approach, but he had not heard of the company until approached by Cyber Protection Magazine. “Our code self destructs in 200 milliseconds. That should be quantum-resistant,“ Wolosewicz said. They have never considered using the phrase to describe their product. What he did say was that his technology has preceded market demand by about five years as they are only now getting traction in the EU.
And that, in a nutshell, is what makes the Arqit case hard to quantify.
Not ready for prime time
Five years ago, the prediction for quantum computers to go online and be powerful enough to break encryption was 2023. As of last year, those same predictions had pushed it out to 2030 for infrastructure, military and government applications. The first prediction caused the launch of the quantum-safe industry but as the development time has stretched early investors have been getting antsy about a potential return. Moreover, the lawsuit against Arqit claims that the application of their technology is too niche to justify the billion-dollar valuation of the company. Arqit also denies that, but the slowness of the development of quantum computers could indicate that the plaintiffs have a case in the short term. The long term is problematic and that is roiling this market niche.
Cyber Protection Magazine reached out to several players in the quantum-safe industry and the wagons, for the most part, are circling. One source said Arqit’s issues do not representative of the state of the industry. “There are providers with commercially available and commercially viable products.”
One company, however, did state that the market exists for these products. “That doesn’t mean Arqit has a solution,” said Stiepan Aurelien Kovacs, CEO of QRCrypto, a competing company based in Switzerland. “In the case of encrypting data safely either in transit or at rest, we have the only solution.”
There is no doubt that quantum computers will be a thing of the future. Exactly when is very hazy. Gerry Kennedy of Observation Holdings said the insurance industry is very concerned about having security in place before quantum computing becomes widespread. A big part of that readiness is industry standards and there is some good news on that front.
The National Institute of Standards of Technology (NIST) in the US have been working on post-quantum cryptography standardization since 2017. According to Phillip Lawrence, head of the European Telecommunications Standards Institute (ETSI) quantum-safe working group, “There’s a set of algorithms that are reviewed, vetted, commented on by people all around the world. NIST is into the third round of review and they promise, very soon, to have those selected. Then they do a fourth round to further investigate promising candidates and welcome new proposals that weren’t thought of in 2017.”
Lawrence called the end of the fourth round to be “the starting pistol” for ETSI to issue their standards. “NIST is going to put out the draft standards for the world to review and comment on and then maybe a year or so after that, two years after that, they’ll have the final approved standards out.”
The good news is that the standards will be available well before quantum decryption techniques are possible. The bad news a lot of companies building quantum-safe tools that may not meet the standards. A lot of people are investing a lot of money into those companies. Arqit, like many tech companies, went public using a special purpose acquisition company (SPAC) . SPACs hide who primary investors are while allowing the general public to invest. Common investors are less immune to market volatility and get nervous when their investment looks dicey. That’s why Kennedy is looking forward to the discovery process in the Arqit lawsuit.
“We’re going to learn a lot about what this technology is capable of during discovery,” he said.
Until that happens, it does everyone well to not ignore the man behind the curtain.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.