Dr Barry Childe, CIO and co-founder at Arqit, a global leader in quantum encryption technology, speaks about new regulations, the immediate quantum threat to global trade, and a revolutionary technology that Arqit has designed to secure data networks and transactions today.

 

Global trade is undergoing radical transformation, both in terms of the digitisation of transactions and their storage on distributed ledgers. Numerous technology solutions are coming to market, enabling faster, cheaper and simpler movement of goods across borders. Development and adoption of these technologies is being accelerated by new legislation that provides frameworks to support their application.

The Model Law on Electronic Transferable Records is being adopted by leading trading nations, enabling the legal use of electronic transferable records both domestically and across borders. This particularly applies to electronic transferable records that are functionally equivalent to physically transferable documents or instruments, typically paper-based and which entitle the holder to claim the performance of the obligation indicated therein and allow the transfer of the claim to that performance by transferring possession of the document or instrument. Transferable documents or instruments include bills of lading, bills of exchange, promissory notes and warehouse receipts.

Transferable documents and instruments are essential commercial tools, and their digitisation will transform global commerce by, for example, improving the transaction speeds, reducing fraud and enabling the automation of certain transactions through smart contracts. Electronic transferable records are particularly relevant for certain business areas such as logistics and finance. They also have the potential to help close the global trade finance gap, for example, by establishing secure electronic warehouse receipts that farmers in developing markets can use to access credit.

As a global leader in post quantum cryptography, Arqit believes the move to new digital platforms presents an opportunity for increases in business efficiency, but also poses new risks, particularly for cybersecurity. These risks are further compounded with the emergence of Quantum Computers (QC). These threats include:

  • Internet vulnerability. The internet uses public key infrastructure (PKI) as its security backbone, comprised of a public key and a private key. The basis of the security is that the private key cannot be derived from the public key. With Shor’s algorithm a quantum computer will be able to derive the private key from the public key deeming the security not fit for purpose.
  • ‘Harvest now, decrypt later’ attacks mean malicious actors are harvesting large quantities of encrypted data today. Harvested data can then be decrypted once quantum computers are developed. This means the longevity of the security is time limited and cannot be relied on to protect data in the long term.

The ability for a threat actor to seize, change and disrupt is a clear and present danger to the platforms that provide global trade services. For this reason, security against quantum computing-based attack needs to be deployed now.

Another new technology used widely in global trade solutions is blockchain. While the blockchain aspect of most crypto assets is what makes them so watertight against incursions, we are already seeing a massive increase in crypto theft, targeting known vulnerability points, even without QCs’ advanced decryption techniques.

Broken down very simply, the asymmetric cryptography (one public and one private key) most crypto systems use is currently deemed impenetrable because it’s mathematically nearly impossible to derive the private key in the exchange from the public key. However, running Shor’s algorithm on a quantum computer changes this. In the time it takes for an unprocessed transaction to be placed in a block in the chain (ie milliseconds) a QC could break into the transaction, meaning that all blockchains using PKC are quantum compromised.

It is highly likely that malicious actors, sponsored by rogue organisations or criminal groups, could gain access to quantum computers to target blockchains within the next few years. Successful attacks will inevitably destroy confidence in all digital platforms and thus their value to the global trade industry. This was the conclusion I drew on completion of our work on Corda, Hyperledger Fabric, Marco Polo Network, we.trade, Voltron, VoltronX back in 2018.

A new solution was needed to protect these digital platforms and, more broadly, systems that use PKI methods for value transfer as it was evident that legacy encryption:

  • Is obsolete: PKI was designed decades ago
  • Was never intended to protect our hyperconnected world
  • Has many vulnerabilities in its implementation for attackers to exploit
  • Will soon be challenged by QCs that compromise the mathematics at the heart of PKI.

As such, efforts to make PKI more resistant to quantum attack are temporary and pose grave problems in longer-term system security and usability.

Any fresh solution needs to be secure against quantum threat, but also deployable with the current global trade platforms in use. Our answer to this challenge is QuantumCloudTM, which is designed to be complimentary to all legacy, current and future platforms. It has been independently reviewed by University of Surrey and PA Consulting and won ‘The Innovation in Cyber Award 2022’ at The National Cyber Awards.

QuantumCloudTM enables companies engaged in global trade to transact and conduct business safely and securely, countering both current and future cyber threats, including those from classical and QCs.

Global events over the last two years, and in particular the various supply chain disruptions that have arisen, demonstrate that the challenge for sovereign states and companies will be to secure their future supply chains, particularly as they become increasingly digitised.

Quantum technology contains the promise of a cyber-security technique of its own, allowing secrets to be transmitted as quantum information that cannot be copied or interfered with by an adversary without alerting the sender. This allows the transmission of data securely through fibre optic cables or via satellites.

If the delivery of essential goods is to be assured, then digital business ecosystems will need to be protected in this manner. For example:

  • Increasing volumes of trade documents are delivered over trade finance utility networks. These utility networks form the backbone of digital transformation for the global trade industry.
  • A hacker can compromise data from the client computer being sent to a digital trade utility network operator. The hack can change the message payload, for example the bank account number receiving the funds, or amend information on any document.
  • QuantumCloudTM, Arqit’s platform-as-a-service (PaaS) enables secure user authentication and encryption layers. Deployed through novel quantum secure cloud infrastructure globally in a scalable, low-cost manner, it enables financial services institutions to adapt their infrastructure to be simpler and safer for a post-quantum world.
  • It is safe against attacks on PKI today and against quantum attack tomorrow, and is globally scalable, with a lightweight, low-cost agent. There is no fundamental software re-architecture needed and it enables innovation in areas like blockchain to be viable for the long term.
  • QuantumCloudTM provides a comprehensive security infrastructure for endpoint devices and devices at the edge, creating a seamless security fabric. It promises a simple upgrade path, automating all key handling and potentially replacing several other products too, making it easier to obtain IT budget.
  • Companies now have an alternative to increasingly problematic legacy PKI; one that is also secure against quantum attack in future, but without the uncertainty and complexity of the unsatisfactory and unpredictable developments of PQA. Symmetric key encryption is already well understood, simple, ‘secure by design’ and incorporated into most networking software systems, which greatly minimises the disruption of moving to QuantumCloudTM.
  • QuantumCloudTM also enables the simultaneous sharing of transaction information based on discreet user access rights, thereby facilitating: new methods of authenticating the originality and ownership of key trade documents (eg letter of credit, bill of lading, certificate of origin), faster end-to-end transaction processing, more efficient planning of logistical resources.

By combining the power of symmetric encryption with a cloud-based service, QuantumCloudTM delivers the security solution that the global trade industry has been waiting for. It allows business network operators to secure their network resources and secure the transactions flowing across their networks. Its unique, secure by design capability enables delivery of shared keys to two or more recipients securely anywhere on the planet. Keys can be used to secure communications links, network resources, user access, system access and information delivery. This has particular application in today’s networks, which are more distributed and varied than ever before. We are already working on our first significant trade finance implementation, and it appears likely that Arqit might be the first to market with a truly quantum safe digital asset.

The time for adoption is now.

 

 

 

 

About the author

Dr Barry Childe, a protégé of Professor Anthony Holder, has over 44 years’ experience in investment banking technology, since winning an IBM IT prize in 1977. Barry is a distinguished engineer & innovator and joined Arqit as a co-founder & CIO in 2018. Before joining Arqit, he served as head of blockchain at HSBC and was a leader of industry initiatives including the R3 Consortium and Corda Blockchain. Prior to that he held senior roles at leading global financial institutions. Barry is a recognised industry speaker and author and holds a Computer Science PhD from Christiania University. He was named in the Lattice80 Blockchain Top 100 in 2018.