QNu Labs, pronounced as Q-New, is India’s only Quantum-tech Cybersecurity company. In an interview with EFY, Sunil Gupta, Co-founder & CEO of QNu Labs, talks about the company’s unique products, vision and the road ahead.
Q. QNu Labs is famous for being the first company in India to implement cybersecurity using quantum physics. How did you come up with the idea of merging these 2 fields?
A. Let me take you back to 2016. About five-and-a-half years ago, there were several things happening in India and also globally. In 2016, demonetization happened and India decided to go digital – from a cash-based economy to a cashless economy. PhonePe, UPI, etc came up. Everybody in the country has started doing things using digital platforms. India has become a truly digital economy, except for a few cash-based activities. Healthcare, social security, commerce and banking, all happen digitally today.
“You’ll be surprised to know that when we do internet banking, the security algorithms that protect internet banking are actually 30 to 40 years old! Those algorithms are highly vulnerable and exposed to different cyber attacks”
We felt that if a billion people have to use different digital platforms on a daily basis, then the security on these platforms needs to be very different. It can’t be based on old cryptography algorithms and primitives. We asked ourselves, what would be the cybersecurity needs five years from now. We felt the need to reimagine cybersecurity, in three ways.
First, we assumed that quantum computers are going to revolutionize society and civilization in a big way, but will also break the current encryption schemes. Today’s encryption is based upon a complex mathematical problem that can’t be broken by current classical computers and supercomputers but hackers will be able to break the encryption using scalable quantum computers. Instead of building encryption fundamentals based on mathematics, we decided to build it based on quantum physics because the laws of physics cannot be broken by any compute power. So we decided to make cybersecurity compute-independent.
The second thing is that encryption keys should not be generated once in a while. They should be generated more frequently and should be random. You will be surprised to find out that large enterprises typically have about 85,000 keys. Some of these keys remain unchanged sometimes for even 2 to 3 years. In such cases, hackers can use the stolen keys to decrypt large amounts of data. When hackers hack into servers or eavesdrop on the data in transit, they not only take away the encrypted data but also the encryption keys – so that they can use those keys to decrypt the harvested data in the future as well. The idea is – keys should be changed frequently. There should be no correlation between your past keys and your future keys and they should be generated in real-time.
The third aspect is if enterprises are going to store 85,000 keys, how are they going to be managed? There should be a proper key management system that is highly secure even in the post-quantum era. So, based on these three aspects, we reimagined security, and we call it quantum cybersecurity as its foundation is based on the principles of quantum physics.
Q. There are 4 main products on your website. What is your USP?
A. We have built a platform we call the quantum cybersecurity platform – SeQure. This platform has 4 engines.
- Tropos – Quantum Random Number Generator – New Root of Trust
- Armos – Quantum Key Distribution Product
- Hodos – Post Quantum Cryptography Stack
- Qosmos – Entropy as a Service
Tropos and Armos are hardware products with embedded software. While hardware-based products are good for defense and governments who prefer to own and deploy the products in their data centre, for internet banking and enterprise applications, we need software-based solutions like Hodos and Qosmos which can be accessed and consumed on the cloud.
On top of our engines, we have built solutions or services which can be easily used by clients. For example, our quantum random number generator (QRNG) can be bought by somebody as an appliance, but it can also be used in the cloud as a service where we host the QRNG in our data center and offer it as a service on AWS. So we are offering such services so that enterprise users can use the quantum security services in a very simple manner without having to spend a lot of money on hardware, maintenance and management of appliances.
Q. Could you elaborate on some of the services you have built using the engines mentioned before?
A. Based on common requirements, we have built four packaged applications and solutions. We build a true peer-to-peer chat application called QVerse, which offers end-to-end quantum encrypted security. It is also serverless. It works on Android and iOS and one can do voice calls and video calls too using this application.
Another solution that we have built over the quantum engines is our Quantum VPN solution. When people work remotely, they use VPNs. But a lot of these VPNs are highly secure and have backdoors that are designed to steal confidential data. If you are using a Chinese VPN to connect from your home to your office, the traffic will be routed to Chinese servers – that’s a huge security risk. So we have used our Qosmos service and the post-quantum cryptography algorithms to create quantum encrypted VPN tunnels.
If you connect from your home to your office through a Quantum VPN tunnel, then even if your data reaches the wrong hands, they cannot break that encryption to get your data. This is called Quantum Secure VPN. This is a great solution for the security of data in transit. Healthcare and pharma companies can benefit from this solution because they have a lot of intellectual properties to protect from constant threats.
The third solution is our Quantum Secure Email solution where emails can be quantum encrypted using appropriate plugins. A user can choose to quantum encrypt his emails which can only be decrypted by the receiver using the same plugin.
The fourth solution is Quantum Entropy-as-a-Service. This solution offers cloud applications for generating tokens and key pairs or generating other crypto assets. The entropy can be used by different types of applications using a simple RESTFul API. This solution addresses the problem of ‘Entropy Starvation’ that is seen with cloud applications running on virtualized hardware.
Q. What kind of hardware is used in your hardware-based engines?
A. The goal is to generate, prepare, transmit and receive a single photon. To achieve the same, we are using the ‘ideal’ Embedded Hardware platform along with Optoelectronics. While we use all standard electronics components, processors and FPGAs, etc, we use a few specialized components for photonics such as single-photon generators, interferometers and single-photon detectors.
Q. What implications do your products have in the field of IoT, AI and ML?
A. On one hand, IoT devices have many useful applications, but on the other hand, they carry many security threats. These threats include scalable remote attacks, side-channel attacks on cryptography, DDoS attacks, data breaches, malware, and others. Technical quantum solutions are challenging to implement in IoT devices due to technical and commercial constraints.
Therefore, a hybrid approach combining both quantum and classical security is a better option. One way is to keep the current semiconductor chips but use quantum techniques to create a unique long cryptographic key for every device. This can be done with QNu’s quantum random number generation (QRNG). It creates a very high quality of randomness needed to generate unhackable encryption keys, which means that every device will have a unique key and each key will be tough to crack.
Randomness is a big part of machine learning. Randomness is used as a tool or a feature in preparing data and in learning algorithms that map input data to output data in order to make predictions. Thus QRNGs can be used to develop randomness in the data sets used to train the AI algorithms.
Q. What is unique about your Quantum Random Number Generator?
A. We use quantum sources (light) for deriving random numbers. The random numbers are generated without any bias, making it the best way for generating random numbers. The randomness is of the highest quality due to the principles of quantum physics. Quantum physics inherently is random which translates to the generation of high quality random numbers. Throughput is high (in the higher range of Mbps) because of the continuous stream of photons being used for random number generation. The throughput can be further increased as per the need of the applications.
Our QRNG (Tropos) passes standard tests recommended by NIST for random numbers and other tests to confirm the inherent quantumness of the product. Tropos also supports all standard integrations, thereby acting as an additional layer of security. It is available in a cloud version, as Qosmos which brings in QRNG as a service. This essentially eliminates maintenance and enables one to pay as per usage.
Q. What are your general hiring trends?
A. Since we have been building core tech and now enterprise solutions in a deep tech area, setting up a team of passionate and high-performance people is vital for success. Our core team is a set of people who have worked together in the past and the next set of people came from their respective networks.
We have been taking in a lot of interns who are passionate about working in quantum tech and have relevant backgrounds, and have later hired them as full-time team members. We have also been hiring from the market for some specific skills in FPGA, software, and hardware development. We plan to hire another 20 engineers and scientists in the next 6-9 months. Since deep tech requires a commitment of at least 3 years from the team members, we are very particular in recruiting people.
Q. What kind of partnership opportunities are there for like-minded firms to partner with QNU labs?
A. We have a bunch of very good partners today but there are still several partnership opportunities possible in the areas of technology development and integration, professional services, and go-to market. We have signed up several partners in different geographies to help us expand our footprint in those markets. Today we have partnerships with Fortune 100 companies as well as with SMBs and startups.
Q. What are the future plans for expansion for QNu labs, in India and abroad?
A. We have very aggressive plans for expansion. Though India is a prime and big market for us we are ready to take our technology and solutions to Europe and U.S markets. We are in the process of finalizing crucial partnerships in these advanced markets and will become operational in Europe and the U.S in the next 3-6 months. We will be showcasing our products and solutions at some of the large well-recognized tech conferences in the next 3 months.
“We want to build a deep tech company in India that will be globally recognized”
Talking about investments, when we started this, we knew that investment is going to be difficult because Quantum Tech was at a nascent stage globally in 2016-17, and nobody thought that an Indian company sitting in Banglore could build world-class products in quantum cryptography and communications. But we were fortunate to have received initial funding from a group of Angel investors who believed in the founding team and had a deep desire to build a company in deep tech which can be globally recognized for its work. They gave us patience capital which is vital for a deep tech company to sustain long R&D cycles. Six months ago, we did a VC round of 2 million dollars which was led by Speciale Invest. We will be raising $10-15 million in the next 3-6 months to scale our business.
Q. What is your India strategy?
A. We are very proud that we have put India on the quantum map of the world. We’re probably among the top 3-4 companies in the world with commercially ready and deployed solutions in the quantum cryptography space.
“QNu Labs and India will be the go-to place for Quantum Cybersecurity”
First, we want to deploy our tech in some of the critical areas which are important for the security and economy of the country. We are in the advanced stages of deploying our solutions in such areas and in 12-24 months we will quantum secure the critical information infrastructure of the country.
Today, a large population of India uses and depends upon the different digital platforms for banking, communication, commerce and healthcare. Our strategy is to integrate our tech into some of the large digital platforms so that the benefit of our quantum technology is extended to a large set of the Indian population.
We are also working with different government agencies to provide our recommendations in policy frameworks to include the provision of quantum tech for long-term data security. We are playing an important role to provide impetus to the national quantum mission to build indigenous technology and skills in this area.
In all Sci-Fi movies, everyone is worried about machines defeating humans. The protagonist has to go back in time and alter something to save the world. That’s our premise – we’re helping enterprises adopt quantum tech today so that in the future, quantum computers and robots equipped with quantum computing cannot defeat humans.