Qrypt’s cloud service will distribute entropy for better cryptography

The service is a digital alternative to quantum key distribution.
Written by Tiernan Ray, Senior Contributing Writer

Entropy is a term used for the statistical uncertainty of a piece of data, one example of which are the randomly generated numbers that are used in cryptographic keys, and that are hard to crack to the extent that such strings are truly hard for a computer to predicts. 

Arguing that today's encryption isn't unpredictable enough, New York-based startup Qrypt on Wednesday formally publicly announced its intent to offer "entropy-as-a-service," or EaaS, to provide businesses as well as individuals with truly random number generation capabilities. 

"Everyone has an inherent right to privacy; we believe that right is under attack by Russia, China, any bad actor you want to pick," said founder and CEO Kevin Chalker in an interview with ZDNet via Zoom. 

Qrypt's main claim is that the current regime of cryptographic tools, based on things such as the RSA algorithm and the public-private key exchange, is already vulnerable because the pseudo-random number generation capabilities of such a network can be cracked with sufficient compute power. 

Down the road, quantum computing should have sufficient power to routinely crack the pseudorandom code, a looming risk that has already been widely discussed as the extinction of conventional cryptographic tools.

Also: Quantum computers could crack today's encrypted messages. That's a problem

In cases where codes can't be broken at the moment, malicious types who steal data will park that data in its encrypted form on disk, as a harvest awaiting the day when the quantum tools are available to decrypt the data.

The inspiration comes from the one-time pad cryptographic cipher generators used for covert operations. While full details of Qrypt's approach are still somewhat limited, basically, Qrypt partners with a Barcelona-based, privately held company called Quside Technologies, for quantum-based random number generation. 

Quside, which spun out of Barcelona's Institute of Photonic Sciences, uses semiconductors lasers to generate interference patterns that can be sampled to produce a random number. 

Sampling a real-world physical process in this way, such as the interference pattern of photons, is generally regarded as the most secure way to arrive at a truly random "seed" for a random-number generator. The quantum nature of such measurement is deemed more random than a roll of the die, which is a classical mechanical operation. 

The Qrypt EaaS, using appliances connected together in a distributed fashion, take the Quside seed and use it to generate what's called a source of entropy, raw randomness, that can then be used to generate a one-time pad at each communicating party's computer on either end of an otherwise non-secure communications line.

The service is an alternative to quantum key distribution, or QKD. 

Where a QKD network has two key generator devices connected over a trusted communications line, Qrypt's EaaS network distributes the raw random sources digitally to the users in a distributed fashion, and then runs a so-called BLAST algorithm that generates the one-time pads simultaneously on either end of the communication. 

The BLAST algorithm was developed by Yevgeniy Dodis, the firm's chief cryptographer, who is a fellow with the International Association for Cryptologic Research and who has numerous publications on techniques of things such as key exchange.  

CEO Chalker previously was a CIA "operations officer," a covert operative in the field within what's called clandestine services, focused on Iran. Qrypt's chief technical officer is Denis Mandich, also formerly with the CIA, also a covert operative, focused on Russia.

Both individuals make the point that the Qrypt EaaS is designed to bring to the retail/consumer market the same level of cryptographic strength for secure messaging and other applications. 

"We're trying to democratize that same level of security that we relied on for all these years," said Chalker. 

"We can do it right now with commercial, off-the-shelf infrastructure, you don't have to build anything new, completely digitally, from here to the other side of the world," said Mandich.

Existing encryption, notes Mandich, can be broken even without quantum, especially in cases of poor practices in the use of one-time pads. "If you re-use one-time pads, or your don't have really random one-time pads, they become breakable." 

The Qrypt appliances are placed in data centers around the world, "geographically, politically distributed," said Mandich. 

Qrypt has been funded by Chalker out-of-pocket thus far. He declined to disclose that total funding amount. 

Qrypt's service is available for trial via a free account on the Web site that invites one to set up a free account. 

In addition to Qrypt's data sheet on its Web site, additional interesting material can be found in two U.S. patents issued to the firm in 2019. One, "End-to-end double-ratchet encryption with epoch key exchange," credited to Mandich and Dodis, describes an algorithm for distributing to two communicating devices an asymmetric key-generation function. 

A second patent, "Multi-source entropy and randomness aggregation and distribution network," describes an as-a-service network for distributing entropy. 

Editorial standards