QuSecure’s Sanzeri: PQC the ‘largest upgrade cycle in computer history’
A new post-quantum cryptography (PQC) company, QuSecure, launched last week, and Founder and COO Skip Sanzeri spoke with IQT News Contributing Editor Dan O’Shea about the timing of the company’s launch, the post-quantum encryption opportunity and what why we may have Sandbox AQ CEO Jack Hidary to thank for QuSecure’s emergence.
Below is an edited version of that conversation.
IQT: Your company launched just days after the White House issued a memorandum urging federal government agencies to adopt post-quantum security protection. Could you have planned your timing any better?
Sanzeri: Well, we’ve been at this for three years now, and people thought we were crazy when we started. Now, it is looking more like something that has to happen. It will be the largest upgrade cycle in computer history because all cryptography will have to be upgraded. It’s not a question of if but when will quantum be strong enough to break encryption? I guess it’s sort of serendipitous that the timing is now working out for us, but yeah, the White House is getting very into things, you’ve got the Schumer bill, the Endless Frontier act,which has money for quantum security and now the bill from Reps. Ro Khanna, Gerry Connollly and Nancy Mace. So there’s a lot of movement now on this front.
IQT: Something else that should be coming soon are the NIST standard algorithms. Will you be supporting those?
Sanzeri: Yes, we have to support those because no government agency or large enterprise is going to adopt post quantum cybersecurity without using these standards. So if anybody’s operating outside of that, developing algorithms that aren’t approved by NIST, I think it’s largely a waste of time. When we started down this path, the timing for NIST was more like 2026, then ‘25, then ‘24, ‘23. It actually has been coming down, and at the IQT conference in San Diego, one of the NIST people said it will be ‘any day now.’ When we started building, we built in what we call crypto agility. So we already built all these finalists into our system so it won’t matter which ones are approved. We can install all of them and use all of them. Rainbow got hacked, so the algorithms can come and go but we decided to implement all of them so if the enterprise says they want Khyber or Sabre or McEliece, fine. Doesn’t matter to us. We’ll do them all.
IQT: So we talked about some sense of urgency from the government, but are enterprises ready to tackle this transition? Or is it a mixed bag?
Sanzeri: Yes to both. It’s a spectrum. You have folks that don’t know, and maybe don’t care that much. You have some that know and kind of care, and you have ones that know and care a lot. And you even have ones that are just like we want this right now. One of the groups we can talk about is Franklin Templeton, who we actually have a very close relationship with. They’re one of our early investors as well. They’ve got a full installation of our stuff and they’ve had it for six months, and we’re now expanding that Franklin. One of our customers said that if you know about this threat and you don’t do anything, you are liable. We have about seven or eight pilots going right now in the commercial sector. They’re going to have to speed up because there is the steal now, decrypt later attacks happening. So we advise everybody to start at least strategizing, and we see them in different stages. We just signed a billion dollar company in three days last week, and we are starting the project today because the CEO said, ‘I want this now. Start figuring it out.’
IQT: Your main mission is to replace RSA encryption, right?
Sanzeri: We are able to secure any endpoint and create a quantum channel with encryption that is post-quantum. We can’t do a rip-and-replace. It’s not like an enterprise can just tear out a bunch of stuff like it’s Legos. So we built a protocol switch which allows us to be backwards compatible, and that means that we can translate between a quantum layer and a TLS layer really, really easily. And that means that enterprises can do this at their pace. They don’t have to risk downtime..
IQT: There ill be a lot of other companies out there bidding for the kind of projects, though, right? For example, would you run into a company like Sandbox AQ as a competitor?
Sanzeri: We know Jack [Hidary, CEO of Sandbox AQ] really well. Ironically, Jack helped us to get into this business three years ago. We were testing the market to find our area of interest, and he told us we needed to get into space because this will be the biggest upgrade in computing. Now, Jack is taking on a lot of stuff. He’s taken on sensing. He’s taking on education and programming. He’s taken on some post-quantum cyber like we are. So he is going broad, while we are going narrow. The biggest thing that we do different from everybody else than us, we orchestrate a lot of things to make post-quantum cybersecurity happen. A lot of companies have point solutions that solve a piece of the problem, but we feel enterprise and government need a full orchestration layer which allows them to do full management and policy management. That’s our easy button.
Dan O’Shea has covered telecommunications and related topics including semiconductors, sensors, retail systems, digital payments and quantum computing/technology for over 25 years.