Denis Mandich, CTO of Qrypt, a post-quantum encryption systems company, is interviewed by Yuval Boger. Denis and Yuval talk about Qrypt’s unique approach to security that replaces key distribution with key generation at the endpoints, implemented via software, how their solution works for air-gapped devices, their price structure, the human right to privacy, and much more.
Full Transcript
Yuval Boger: Hello, Denis. Thank you for joining me today.
Denis Mandich: Nice to meet you, Yuval.
Yuval: So who are you and what do you do?
Denis: I’m the CTO and co-founder of Qrypt. We’re a post-quantum encryption systems company building solutions that will be secure against quantum computers.
Yuval: To an outsider, all quantum security companies might look the same, right? Everyone’s talking about heat distribution or post-quantum cryptography. So help me make some sense. How would you distinguish yourself from others and to the extent you can, could you sort of map out the market for us?
Denis: Sure. I think where we are today is the natural progression from using the same sort of solutions that we did in the 1970s, which was a single piece of copper wire and a handful of switches connecting two people. This is where Public Key Infrastructure (PKI) came from and the basis for that is key distribution.
And for the quantum era, the world we live in today, which is the cloud, virtualized environments, containerized systems, we really need to move on from that model where it’s a single-point-of-failure, based on a single algorithm (RSA or ECC). Many of these algorithms were developed in the last few decades and are the ones that are subject to attack by quantum computers.
So what Qrypt does is really do away with the key distribution piece and replace that with key generation at the endpoints, very similar to what you find in Quantum Key Distribution (QKD), but we do it explicitly through software on existing commercial infrastructure.
Yuval: So I’m an enterprise customer. I go to your website and I read the heading, safeguard your enterprise data with quantum secure encryption. I say, this sounds great. How does it work in practice? How does implementation happen?
Denis: In practice, if you do away with the original sin of using PKI to establish key agreement, and isolate that to a separate channel, that’s decoupled from the actual data channel in which you’re encrypting the data, you’re already halfway there. And if you can do away with the mechanism of distributing the keys altogether, you’ve gone all the way.
So the way to do that is instead of using the current algorithms, RSA, elliptical curves (ECC), or the post-quantum ones like Kyber to distribute keys, you can use them to exchange a small amount of metadata, which allows them to access Qrypt’s quantum appliances in the cloud. These are hardware quantum entropy sources, co-developed with Los Alamos and Oak Ridge National Labs, and big universities around the world.
The Qrypt API allows you to download several strings of random from multiple different geographically isolated data centers. The software using our SDKs at the endpoint assembles those into a single pool of random and the cryptographic extractors turn those into symmetric encryption keys. And those could now be used in the same channel that was used for that first piece of public key exchange to distribute the encrypted data, but that data was encrypted with keys that were from a completely different mechanism unrelated to that channel.
So that does away with a single-point-of-failure that is really behind the biggest headlines today, which is Harvest Now and Decrypt Later. Today, we put all our eggs into that one channel and rely on the security and the perfect implementation of those algorithms and the software behind them – in that same channel – that’s a single-point-of-failure. And we just saw a huge example of that just in the last two weeks. We’ve seen two major ones, with global implications. See here and here.
Yuval: So if you’ve got two endpoints and they’re exchanging some metadata and then they’re downloading essentially keys or key fragments from a server, doesn’t that become the point of failure?
Denis: So you’re downloading quantum random that’s generated from quantum entropy sources at multiple different locations in the cloud, and there’s no single source of hardware that you’re getting it from. Everyone in the world can use any one of these sources, but they’’ll get different combinations of them.
So downloading those to the endpoints isn’t enough information for you even to restore the key material that’s ultimately used. It’s only enough information to assemble the raw materials and then apply the cryptographic extractors, destroying a lot of that information from a separate channel. So we’ve effectively eliminated the single point of attack.
Yes, if someone is actually monitoring everything that goes in and out of your cell phone or endpoint device, you can only achieve computational security, but it’s of course far more complex to do it the way we’re doing it and it’s a much harder problem. But using our technology, if you’ve missed any one of those API calls to the cloud or any piece of those random strings from the cloud, then you get nothing. (The keys cannot be reproduced.)
Yuval: So your solution, so there’s the cloud piece of course, and then there is software that sits on the endpoint. So it is a software-only solution for the endpoints?
Denis: That’s right. You only need the software to effectively achieve the same levels of security that you get with quantum key distribution (QKD). We’ve inverted the model on its head and put those quantum entropy sources in the cloud instead of two physics appliances at the endpoints, which will never fit inside of a mobile device or a laptop or anything like that.
Yuval: What is the stage of the company or the technology? Is this already deployed? Can you tell me where, for instance?
Denis: Yeah, it’s already deployed and you can download it for free. There’s a trial version on our website, and it can be used to make your own applications. So if you’re trying to build something like a messaging application and you want security guarantees that go beyond the ones that you get from WhatsApp or Signal or anyone else, they’re no longer involved in the key generation mechanism at the endpoint now. They only become the transport mechanism for the actual encrypted content, the payload.
So we did a demonstration of this application with an open-source messaging and file transfer service called Mattermost. A lot of the financial industry uses this, the government, the military, and the Air Force. And it’s a simple test case that you can deploy today on your own, even without our help. Of course, we’re here to help and provide services to make that easier for you, but it’s an easy way to get started.
Yuval: Is there anything for an air gap version? I mean, it sounds like I have to download something from the cloud. So what if I can’t download at the moment? I’m running this on a cell phone, I’m out of coverage, or I just don’t want to connect to the cloud. How would that work?
Denis: You can do exactly everything that I just described and download that to a single endpoint, where multiple different endpoint users can take all that key material and put it onto your air-gapped network.
This is in fact what Qrypt does for engineering networks. We practice what we preach. During COVID, we were forced to remove everyone from our laboratories and our dev teams, which are on a separate system inside the company, and deploy them all around the world. Some people wanted to move out to California and other places. We had to get that key material to them in exactly the same way we’re doing here with companies like Mattermost. Now you take that key material, you use it completely on your AirGap network, where you consume the key material and destroy it as it’s consumed. Now you can upload all those files to the regular internet without any fear of them being harvested and decrypted later because the keys are uncorrelated with the data.
We operate it in two modes. One is for AES-256, which is considered “quantum-safe”. Then we go up to the full government Top Secret classified codeword level, one time pad-based encryption where you can now post it on Facebook and it can never be decrypted. That’s the difference between encryption that’s computationally secure and information-theoretic secure.
Yuval: Would your big goal be that every computer, every operating system would essentially have this security component or is it targeted at specific applications or specific geographies maybe you only wanted in the US or something else? Maybe you could tell me about that a little bit.
Denis: Yeah, we’re initially targeting, of course, the financial industry, the healthcare industry, the government, and telecoms because they have compliance requirements. They must transition to post-corner cryptography, but they must also have higher security guarantees than the people exchanging cat videos.
But our vision is to deploy this everywhere in the world and transform the cryptographic architecture of the internet itself, which was really designed and built around monetizing and data mining. We think that should go away and we should restore privacy the same way we had it before the internet existed. This is a way to do it.
We do not have or store all the information that you downloaded from us to be able to replicate the keys because that little bit of PKI metadata exchanged contains the recipe or the cryptographic extractor parameters that will ultimately be used to make the key. Qrypt never had access to that. We just made all the raw materials available. There can never be a man-in-the-middle because everything that happens outside of the endpoints. The keys are never in-flight.
You saw this was a spectacular fail for Zoom during COVID when it was discovered that their end-to-end (E2E) encryption was actually end-to-end, but not from the client endpoints, end-to-end to their server in China, and then from that Chinese server back to another endpoint in the US.
Yuval: Is there any standardization standards effort that would govern sort of, or that you could well we’re compliant to x or is it just something that you say well this really makes sense we’re just going to deploy it out there?
Denis: We’re using the same compliance-based algorithms and we absolutely believe no one should “roll their own crypto” – there’s no “security through obscurity”. We have published everything so we use those same post-quantum algorithms like Kyber to do that metadata exchange that establishes the key at the endpoint. We just use it in a different way instead of distributing keys – that’s the mechanism that needs to go away forever and be replaced with a mechanism like what Qrypt is doing.
It doesn’t have to be what Qrypt is doing, but this is a perfect solution that’s market-ready right now, to overcome the burden of the “Harvest Now, Decrypt Later” threat.
Yuval: And if I’m a customer, do I get charged by the number of keys I download or is it per endpoint? How does it work financially?
Denis: It doesn’t really matter how many endpoints you have, what really matters is how much entropy you need from the cloud. If you’re only generating AES keys, you need a small amount. We do this right now for some customers that use HashiCorp Vault. They go through all the trouble of deploying a HashiCorp Vault, but they still need to get the keys in and out of that repository securely, in a way that’s durable over time.
That’s an example of where you can immediately deploy Qrypt as a solution to get as many keys as you want. However, that is only considered quantum-safe, not quantum-secure. If you would like to go up to a fully quantum-secure, one-time pad-based system, then you need as much random entropy from the cloud as the data you have.
So if you’re transmitting gigabytes of data, it’s no longer the 256 bits of an AES key. It’s more than the gigabits of data that you need to encrypt.
Yuval: Given that you’re taking care of the keys, sounds like you don’t have a horse in the race of what standard NIST comes up with recommends or you’re essentially agnostic to whatever standard the customer wants to use?
Denis: We will comply with it because we’re working in compliance industries. The financial industry doesn’t have an option. The government by directives, by legislation, by national security memoranda must adopt these new algorithms within the next decade, and have them fully deployed for every government agency. There’s no waiver. There are no exceptions to that.
It’s going to take a long time. We’re suggesting a change today, since we’re going through this massive transition, which we’ve never done anything like this before in cryptography. The last time was two decades ago when the internet was a fraction of its size today.
We’re in uncharted territory. This is probably going to take a lot longer than a decade. If we’re going to do that anyway, we must graduate away from these archaic technologies, these centralized single-points-of-failure and move on to something more modern like what Qrypt is doing.
Yuval: Tell me a little bit of the backstory. How did the company start? What’s your background?
Denis: The co-founder and I, we’re both from the intelligence community. We saw the scale of theft by the Chinese and the monetization of IP that was stolen. This has been going on for over 10 or 15 years and really a decade ago, at the time the head of the NSA, General Alexander, came out and publicly said, “Look, this is the single greatest transfer of wealth from one country to another in human history.” We don’t know if we survive this or where this goes.
We saw so much of it being done very poorly, the Chinese adopting a cold war era mindset of like, “Look, let’s get all the data that we can get. We don’t know if it can decrypt it. We don’t know if there will be a flaw found in it, but we see this time and time again being very successful.”
And they started collecting data on a scale we had never seen before, playing the hundred-year game instead of us, the two to four-year election cycle game. They were very successful in doing that. And that was more than a decade ago.
So Kevin Chalker and I, the co-founder, really wanted to do something about it, make something more durable, something akin to the security we enjoyed inside the intelligence community, which was already considered quantum-secure and quantum-safe.
We never worried about our communications. We were very confident it was strong and we wanted to see that in every enterprise and Even at the user level, people needed their privacy back, they needed to have those communications without the big social media companies data mining it, and selling us ads, without Big Brother or whatever it may be.
Yuval: Professionally speaking, what keeps you up at night?
Denis: The possibility that my kids will work for Huawei one day because we have given away so much IP and allowed so much penetration of our networks that our economy is unrecoverable.
Yuval: And hypothetical, if you could have dinner with one of the quantum or one of the security greats dead or alive, who would that person be?
Denis: Oh my, one of the security greats would be Claude Shannon and John von Neumann.
Yuval: So, Claude Shannon, I guess, is the Richard Feynman version of the security folks, in terms of the most common answer, but who else?
Denis: Yeah, it’s really some of the ideas, and the proofs really came out of physics. So he was inspired to call a lot of the foundation of information theory by one of the most famous but little-known physicists, John von Neumann, who came up with the quantum theory of entropy and how that could be used for secure communications.
So the other big ones would probably be, I’m trying to think from about the 1980s and 90s when people really started putting together great solutions that were durable. It’s so many people that were involved. It was a collective effort. I can’t say it was just one person who inspired me. It was really just our desire to do something better and stronger and faster and easier to deploy that really drove us, and truly realize the vision of Claude Shannon. It’s like, look, we can get to something that’s the end goal of all cryptography, something that’s information-theoretic secure today. We can do this now. Why aren’t we doing this? Why are we tolerating all this data mining and monetization of IP?
Yuval: Denis, thank you so much for joining me today.
Denis: You’re welcome. It’s great talking to you.