Startup Puts Quantum Security on USB, Dongles

Taking quantum-mechanical principles and dragging them kicking and screaming into the real world.


U.K. startup Quantum Base, Ltd. is one of a small number of companies betting on the benefits of quantum computing even without quantum computers.

The six-and-a-half-year-old company came together largely because its technical guru was frustrated at how long it was taking to develop genuine quantum computers and wanted to find a practical, immediate use for the things he’d learned in his own research.

“I found it deeply unsatisfying to be working in quantum information processing when everything was such a long way from commercialization,” according to Robert Young, The Royal Society research fellow and professor of physics at Lancaster University in the north-west of England, who co-founded Quantum Base 6.5 years ago with U.K.-based serial entrepreneur Philip Speed.

The company—a university spinout still ensconced in the physics department where it was born—emerged from stealth status over the summer to look for companies interested in licensing nanoscale, quantum-enabled IP that can deliver genuinely random numbers for encryption and unguessable, unchangeable physically unclonable functions (PUF) for authentication.

“What attracted me to applying quantum physics in security was how near-term those applications really were,” Young said. “If you look at most quantum computers, they require cooling to almost absolute zero, use only a handful of qubits and look like they’re a long way from being used in the real world, and even then it might be useful to only a few organizations because of the cost. We’re not doing that. We’re taking some quantum-mechanical principles and dragging them kicking and screaming into the real world,” Young said.

The company has as many as 13 configurations of the product, including variations of its three basic products.

Quantum Base SSE Solution

An electron microscope image of Q-RANDSource: D. Granados, IMDEA Nanoscience, Madrid

The first is Q-RAND, an all-digital quantum random number generator protected by three patents in the U.K., that can be built into a USB or dongle, or embedded in the chipset of a device with a resource cost of only a few diodes added to a CMOS fabrication process.

It provides user-transparent random number generation to create tightly encrypted one-time or streaming data links.

QuantumBase random numbers USB dongle

Quantum Base USB quantum random number generator. 

The other two products, Q-ID Electronic and Q-ID Optical both enable end-user authentication, anti-counterfeit device tagging, identity card authentication, verification of pharmaceuticals and other applications, or as a firm root-of-trust identification to verify ownership of a device online.

Prices range from 0.04 c/tag down to 0.001 c/tag for the optical version. The all-silicon Q-ID Electron can be accessed through a USB or built into the processor of new devices.

Both will be available for on-chip incorporation by 2019.

The PUF ID capability comes from the inclusion of about 200 resonant tunneling diodes with quantum wells that provide a unique spectrum pattern when particles are passing through that is difficult or impossible to recreate or predict, according to a 2015 paper published by Young and his team in the journal Nature’s “Scientific Reports” in November, 2015.

Random number generators are common and well understood, but are also calculated carefully on deterministic systems that often sample electromagnetic white noise or some other high-entropy data source to make their output more random.

Quantum computers able to take full advantage of superposition and quantum entanglement could, theoretically, be so immensely powerful that they could make every digital encryption scheme and security precaution irrelevant overnight.

National-security-level anxiety over that possibility launched a whole industry dedicated to remediating the potential of that disaster—mainly by bridging current encryption and security measures into versions considered adequate for post-quantum security.

Quantum-specific companies like D-Wave are making inroads with systems that use quantum-annealing; traditional HPC developers like IBM are racing Google and other hyperscale datacenter providers to get the most quantum-computing-like computing online in the shortest time.

Google, which reportedly has a 72-qubit machine running in its labs as well as a lead in machine-learning applications that could make it far easier to create the algorithms and programming structures needed define how to solve a problem using qubits rather than bits, said in a March 3, 2017 paper in the journal Nature that its goal is to commercialize quantum computing technologies within five years.

The same paper, however, said it would take at least a decade before it is possible to build “the ultimate machine, ” which is “a digital quantum computer that tolerates noise and errors and that in principle can be applied to any problem.”

On Sept. 24 the U.S. Dept. of Energy announced $218 million in funding to accelerate progress in “the emerging field of Quantum Information Services (QIS).

“There are big slugs of [venture] capital also being thrown in,” to the market, but aren’t accelerating progress the way VCs might wish, Speed said. “If you look at people who provide random number generators, even pseudo, not quantum generators, 90% of them have large, expensive packaging. We developed the first pure electronic quantum random number generator that’s a single diode and works at a nano-scale.

“What we’re licensing is very low cost and takes up very little space on the die,” Speed said. “It has to work with what’s out there, so we focused on a design we could be sure would work in CMOS, and not take up much space. The PUF is something like 10-by-200 diodes, its less than one square micrometer and costs, we don’t have firm cost ideas yet, but it’s more like a dollar or a couple of dollars, not 100,000.”

“Basically quantum mechanics describes the behavior of the device, but it’s not a quantum computer. It actually works completely digitally,” Young said. “We do need transistors smaller than 22nm because that’s where the quantum mechanical effects we’re embracing start to show up, but it’s done on a standard wafer using CMOS.”

The difference in security level between traditional and quantum versions is dramatic, however, Young said. Traditional SRAM based PUFs are based on macroscopic differences in the way transistors respond when the device is turned on and they get their first charge. The pattern and response time of open and closed gates creates a unique pattern that can identify a particular chip, but is also vulnerable to reverse engineering or cloning, Young said.

“If I have enough resources I can clone that part of the chip and look at its matrix, so it’s not inherently secure,” Young said. “SRAM PUFs also take up more space on the die that the couple of hundred diodes we use, and our identity comes from atomic-scale imperfections, so you use very little power and very little space and it’s effectively impossible to reverse engineer.”

“We’ve started expanding a little just recently, but we’ve actually spent very little money,” Speed said. “We’ve had some great research grants and fellowships, a million from the USAF, and were able to work with the university but it’s very lean. All the IP comes to the company, all the patents we own and the technology can be applied to almost anything—securing supply chains, securing communications.

“We have optical and digital versions of the PUF that we can separate from the QRNB, or you can use them all together for a secure environment where you can authenticate the hardware, encrypt the communications and do it with one architecture,” Speed said.

Related Stories
Quantum Computing Becoming Real
Technology has the potential to reshape processing everywhere, starting with limited scientific and commercial applications.
Who’s Responsible For Security?
Experts at the Table, part 2: Cheap components contaminating the supply chain, the need for platforms and certifications, and the futility of trying to future-proof devices.

Leave a Reply

(Note: This name will be displayed publicly)