Dr Ali El Kaafarani is the founder and CEO of PQShield, a British cybersecurity startup specialising in quantum-secure solutions. A University of Oxford spin-out, PQShield is pioneering the commercial roll-out of a new generation of cryptography that’s fit for the quantum challenge, yet integrates with companies’ legacy technology systems to protect them from the biggest threats of today and tomorrow. Dr El Kaafarani is a research fellow at Oxford’s Mathematical Institute and a former engineer at Hewlett-Packard Labs, with over a decade of academic and industrial experience. He is also a leading authority in the cryptography community.
Tell us about PQShield?
PQShield is a cybersecurity company specialising in post-quantum cryptography (PQC). We are the only company that can demonstrate quantum-safe cryptography on chips, in applications, and in the cloud.
Headquartered in the UK and with teams in the US, France, Belgium,the Netherlands, and Japan, our quantum-secure cryptographic solutions work with companies’ legacy systems to protect devices and sensitive data now and for years to come.
Our team has one of the world’s highest concentrations of software and hardware cryptography experts outside academia and the classified sector. PQShield was a leading contributor to the National Institute of Standards and Technology (NIST) post-quantum cryptography standardisation project, and members of the PQShield team have also contributed multiple cryptographic extensions to RISC-V, the open standard instruction set architecture (ISA) that is rapidly gaining traction from proprietary competitors such as ARM and Intel.
What problems/challenges are you solving?
Today, virtually every organisation, government and device in the world relies on public-key cryptography that will be rendered useless by large-scale quantum computers. The vast processing power of these machines will easily solve the mathematical problems underpinning public-key algorithms, making them useless.
Simply put, quantum computers will be able to smash through current protections, leaving data vulnerable. Whether medical records, national intelligence, intellectual property, financial transactions or end-to-end encrypted messaging, the result could be devastating.
Complicating this unprecedented threat is the challenge posed by ‘harvest now, decrypt later’ attacks. Bad actors could steal encrypted data from a business or organisation through a more conventional attack today, and then store this information for when a quantum computer capable of breaking the encryption is built. This threat means that any organisation that wants to secure its data over a longer lifespan must take steps to adopt quantum safe encryption as soon as possible, or risk exposing any current data to a quantum attack. They must also operate under the assumption that any attack in which encrypted data is harvested could present further reputational and regulatory issues in a decade’s time.
What markets does PQShield address today?
We are working with businesses up and down the supply chain to incorporate post-quantum cryptography, across sectors and across geographies.
Specifically, we support businesses who either need to secure data over a long time span or who operate in strategic sectors such as semiconductor, defence, automotive OEM, industrial IoT, and finance.
What are the products PQShield have to offer?
We have a range of post-quantum cryptographic solutions including ready-made and tailored hardware cryptography IPs for low and high-end devices (secure elements, hardware security modules (HSMs), etc.); IoT firmware; public key infrastructure (PKI); server technologies; and advanced end-to-end encrypted messaging platforms.
We have already experienced a surge in demand from different sectors, particularly, semiconductor and defence, over the last 18 months.
What keeps your customers up at night?
For many, they are still coming to grips with the scale of the quantum threat. They are unaware of where they are exposed and to what extent.
As a result, our first recommendation is to start a comprehensive cryptography audit. In other words, where, why and how are you using cryptography in your organisation? From this point, you can grade your quantum agility – the ability to roll out post-quantum cryptography across your digital infrastructure. With this understanding you can build a comprehensive roadmap to quantum security, factoring in wider business needs and working on realistic timelines.
What makes PQShield unique?
As well as our contributions to the NIST post-quantum cryptography project and having a world-class team of cryptographers and mathematicians, we also have some of the industry’s most advanced engineering expertise. Cybersecurity problems can only be addressed end-to-end, and that’s why at PQShield, we focus on addressing the quantum threat from low level hardware all the way up to advanced protocols.. Our combination of technical expertise with practical engineering experience enables us to help companies protect information from today’s attacks while preparing organisations for the threat landscape of the future.
What added value do you bring to your customers?
We have ensured that we remain an algorithm-agnostic vendor, offering size and performance-optimised implementations of all of NIST’s PQC finalist algorithms, which means that we could support companies in their transition to quantum-readiness even before the NIST standards were announced.
In addition, we have already made a number of strategic partnerships with technology and security consultants to support their customers in their transition to quantum security. We have an expert team who are able to offer unique and bespoke advisory for companies with specific needs.
What’s driving the company’s global expansion/growth?
We have recently had a stimulus from our $20 million Series A funding round which we are already using to fuel development, hiring and expansion, particularly in the US and Japan.
We’re also seeing huge inbound demand, in part because this is such a critical time for PQC. On the one hand, there’s the pending announcement of new international standards for post-quantum cryptography,and on the other, there’s an increase in the government agencies expressing the urgency of quantum-readiness – whether that’s the NSA in the US, the UK’s GCHQ, or France’s ANSSI.
In January, the White House issued a memorandum on improving national security, outlining the need for quantum resistant protocols on a wide scale. They have advised that within 180 days from publication, all government agencies should implement ‘a timeline to transition these systems to use compliant encryption, to include quantum resistant encryption’. The clock is ticking.
We can see every week that the advances in quantum technology are progressing rapidly, and yet businesses and governments have still not yet fully woken up to the fundamental threat to how we operate digitally. The quantum threat exists today and we must be taking steps to identifying and replacing vulnerable encryption and transitioning towards a quantum secure future.