We live in a digital world that’s heavily dependent on the internet, and yet, many of our cybersecurity methods are pretty juvenile. QNu Labs, pronounced as Q-New, is India’s only quantum-tech cybersecurity company, and it is trying to lead the quantum mission for India. Sunil Gupta, Co-founder & CEO of QNu Labs, explains the need to reimagine cybersecurity in an interview with EFY.
Q. Why do you feel there is a need to reimagine cybersecurity?
A. Let me take you back to 2016. About five-and-a-half years ago, there were several things happening in India and also globally. In 2016, demonetisation happened and India decided to go digital—from a cash based economy to a cashless economy. PhonePe, UPI, etc came up. Everybody in the country has started doing things using digital platforms. India is becoming a truly digital economy, except for a few cash based activities. Healthcare, social security, and banking, all happen digitally.
First of all, today’s encryption is based upon a complex mathematical problem that can’t be broken by current classical computers and supercomputers but hackers will be able to break the encryption using scalable quantum computers. The second thing is that encryption keys today are generated once in a while. They should be generated more frequently and should be random. You will be surprised to find out that large enterprises typically have about 85,000 keys. Most of these keys do not change for two to three years! Now imagine if a key is stolen by somebody and the person decrypts the data and steals it.
Whenever a breach happens, people are worried about data loss, but they do not know that they also lose the encryption keys. When people hack into a server, they not only take away the data but also the encryption keys—so that they can steal data in the future as well.
We lock the doors of our houses using keys. We feel that the key is with us and with our family and nobody else has it. Just imagine if anyone has duplicated your key physically. It’s the same premise here. The idea is, keys should be changed frequently. There should be no correlation between your past keys and your future keys, and these should be generated in real time. Finally, if enterprises are going to store around 85,000 keys, how are they going to be managed? There should be a proper key management system.
Q. Could you elaborate on some of the common applications or services that we use that are actually a security threat?
A. In many chat applications, your messages are stored in the company’s server. That’s how you’re able to download your messages again when you buy a new phone. But as long as messages are on the server, it becomes a security issue.
Another one is VPN (virtual private network). When people work remotely, they use VPNs. But a lot of these VPNs are highly secure and have backdoors that are designed to steal confidential data. If you are using a Chinese VPN to connect from your home to your office, the traffic will be routed to Chinese servers—that’s a huge security risk.
The data on our phones and laptops is also a good example. A lot of people keep their personal data on their laptops unencrypted. If someone hacks it, it’s gone! QNu Labs provides services to combat all three of these issues using quantum technology.
Q. What is hardware-based random number generation and how is it different from the software counterpart?
A. Random number generators need to be truly random, right? Software based random number generators depend on inputs. If you change the input, the output will also change. These pseudo-random numbers are very predictable because software tends to repeat numbers and there are observable patterns. Using these patterns, hackers can figure out what the next random number will be. They are good in terms of their throughput, but they’re not good in terms of their randomness.
On the other hand, hardware random number generators are good in terms of their randomness, but not good in terms of their entropy; you need a very high entropy. In our solution Tropos (quantum random number generator), what we have done is, we used the quantum phenomenon.
All the natural phenomena like wind, light, and sound are vector quantities; they have both particle and wave properties. We use a light source, a laser, that generates a light beam. That light beam creates photons. Because photons have a wave nature as well as particulate nature, we put them into a quantum state (superposition state). When this happens, they become inherently random. Even if we generate billions of random numbers, each will be different thanks to the nature of light. Because there is no human intervention, and everything is natural, we’re able to do that at high entropy and very high throughput.
Q. Why has QNu Labs chosen India for their Quantum Mission?
A. India is a digital economy with so many people using digital solutions. Indian philosophy and scriptures have been talking about quantum, and it is the basis of the Indian Vedanta system. This is the reason why—although we have partners all across the world—we believe that India is the right place to build quantum cryptography technology and deploy it.
We are very proud that we have put India on the quantum map of the world. We’re probably the second or third largest in the world doing this. We’re trying to put India in a core position for this technology. Our whole idea is that everybody in the world would come to us for this type of solution.
We’re trying to lead the quantum mission for India. People generally talk about this only in academia and research. But for people to benefit from this, you need to build products and services. We’re making quantum cybersecurity a reality and bringing it into the mainstream.
In all Sci-Fi movies, everyone is worried about machines defeating humans. The protagonist has to go back in time and alter something to save the world. That’s our premise—we’re helping enterprises adopt quantum tech today so that in the future, quantum computers and robots equipped with quantum computing cannot defeat humans.