Aviva Zacks of Safety Detective got the chance to interview Andersen Cheng, CEO of Post-Quantum, and found out all about quantum computers and why they are so important.
Safety Detective: What got you interested in cybersecurity?
Andersen Cheng: I trained as a computer auditor 31 years ago. When I was qualifying to be a chartered accountant and computer auditor with Deloitte, I was data cutting, slicing, merging, and filtering. To me, that was just a day job and no big deal, but little did I know that 10 years later, people would call it data mining in Silicon Valley.
When I decided to leave the Carlyle Group to enter the venture world on my own, the first company I came across was called TRL, a well-known company in the defense and intelligence world. TRL was the only top-secret grade hardware crypto supplier to the British government, and the only interoperable one with the NATO allies. The existence of that project was in itself top secret at the time, and it was through that exposure that I was thrown into the deep end of cybersecurity and counterterrorism in the 2000s.
SD: What is a quantum computer?
AC: When we founded the company, people were laughing at us. They said post-quantum would never happen— that it’s science fiction. They said we were scaremongering. I’m sure you can tell the landscape has changed completely now because billions of dollars have gone into building a quantum computer, and now they are looking into the post-quantum landscape and see how those computers can crack encryption.
To be clear, it is only the public key cryptography that is at risk, not the symmetric key cryptography. It’s not AES, because we can just double the key size and it will still be quantum-safe. The secret of public-key cryptography lies in what we call prime number factorization. If I told you by multiplying A times B, you’ll get 15, and then I asked you what A and B are, you can easily say, “3 and 5.” But if the sum is a few hundred digits long, and I ask you what A and B are, then you will probably struggle a bit. And that’s the secret of public-key cryptography.
Contrary to what a lot of people hype up in the quantum computing world, saying that such computers will be the panacea to everything, when in fact, a quantum computer is very slow in doing most things compared to a classical computer. At the same time, it is extremely fast in doing one, very simple thing in parallel, so you can try a million times in one go, rather than serially. Normally for a classical computer, you have to do process one and then process two, three, four, and so on. But with a quantum computer, you can do a million tries of that in one shot. That’s the secret behind a quantum computer and the one thing it can do extremely well is prime number factorization.
SD: Tell me about Post-Quantum.
AC: Post-Quantum is split into two divisions. We have Nomidio and Post-Quantum. In the last few years, while we were waiting for quantum to take off, we created Nomidio as its own business unit. Having been a computer auditor for a long time, I have seen a lot of problems in the cyber world: you can have very efficient components—firewalls, routers, edge security, detection, DLP—but who is going to look after the end-to-end ecosystem? You can have the most solid pipe in the world and people will start attacking the joints. Then you start protecting the joints and people will start contaminating the water going through. So, unless you have it all protected, the hackers will try to find the easiest crack to come in. This is why we created Nomidio.
SD: Who are your customers?
AC: We have created a self-sovereign Bring You Own ID solution for Avaya and Amazon Connect (AWS’ virtual contact center platform). We have also gone live with an ID Verification (IDV) platform for Hitachi Capital for them to onboard their loan applicants, which has seen a seven-fold increase in usage during the COVID-19 crisis.
On the deep tech side, we have done work for the British government, NCSC, which is the civilian facing arm of GCHQ on a number of quantum-safe projects.
SD: What do you feel is the worst cyberthreat out there today?
AC: There’s no doubt that everyone wants to migrate to the cloud, but the cloud only has a limited time span in terms of quantum threats looming on the horizon. So, people are not sure whether quantum computers will arrive in 5- or 15-years’ time. It does not matter when as it is now an engineering problem rather than a science problem; unless you start futureproofing what you have now, you’re going to have problems. Moreover, you need to protect your identity information regardless of whether it’s pre- or post-quantum. If your identity is gone, it’s gone forever, and you can never replace your date of birth or mother’s maiden name.
SD: What are the cybersecurity trends coming up?
AC: Protecting reference data is a huge topic of interest now. Even in the coronavirus lockdown, a lot of the governments in the world have been talking about immunity passports and, in fact, we have submitted our proposal to the UK government as well for a cryptographically provable and quantum-safe self-sovereign Bring Your Own ID solution.