Bond & Quantum Start-up Series Episode 4: Who's recording your data right now and why? | Marc Kaplan

Show Notes

"Harvest now, decrypt later" isn't a theory. It's happening right now.
Marc Kaplan, CEO of VeriQloud, joins Eva Galant on Blond & Quantum to talk about the quiet cybersecurity threat hiding in plain sight — and why waiting is the riskiest move you can make.

Listen to find out:
📍 Why your encrypted data might already be at risk today
📍 What "harvest now, decrypt later" actually means (and who's doing it)
📍 The hardware that protects quantum cloud computations (QEnclave)
📍 Why trusting the cloud provider isn't enough
📍 What every executive should do in the next 12 months
No PhD required. Just a wake-up call.

🎙️ Guest: Marc Kaplan | CEO, VeriQloud
 🎧 Host: Eva | Blond & Quantum

If you enjoyed this conversation, don't forget to like, subscribe, and share — more episodes with global leaders in quantum are coming soon.

#quantumsecurity #veriqloud #cybersecurity #qenclave #quantumcomputing #blondandquantum #harvestnowdecryptlater #deeptech #quantumsafe #encryption

Transcript

0:00

Hey, my name is Eva, and this is Blondon Quantum, the podcast that breaks down quantum technology into real-world business impact. Here we make the complex simple. No equation, no overthinking, just insight, innovation, and a bit of cure. So don't worry, you don't need a PhD in physics to follow. In each episode, I talk to funders, scientists, and investors about how quantum is reshaping the industry's today, not in the long distant future. Oh and if you heard a black cat pouring in the background, that's my coffee, a very alive shorting cat joining the conversation. Her name is Moon. Let's get started. Hello everyone, welcome in the next episode of Blown and Quantum. We are in the startup series, and today with me is Mark Kaplan, a founder and CEO of VeryCloud. Mark, thank you so much for being here with us today. Hi Eva, nice to be here. Nice to meet you as well. Mark, let's start talking a little bit about yourself. You started from a very deeply technical background. What made you decide to set up the company? So yeah, before setting up Very Cloud, I spent approximately 10 years in academia. And the main frustration that we that I had there was that through my work, I knew that quantum technologies were had the potential to change the world, but we saw very little development, industrial development. So I wanted to to have more impact, try to build something that some people might be using, something that would be useful based on the research that I have been performing before. Okay. And you building abuse in quantum security, does it mean that you know the attack has already started? Well, so yes, we operate at the intersection of quantum technologies and cybersecurity. So we're trying to understand how quantum technologies will impact the world of cybersecurity. No, the the point is that it hasn't started yet. The attack on the attack side, there are the attacks, but there are also the benefits from quantum technologies. The attacks haven't started yet, but it's a good time to start getting interested in the in the topic. Okay. For reasons that I can explain. Yeah. So so let's let's think if I'm a CEO of a middle-sized enterprise company with completely a zero technical background, what should I actually be worrying about now? Right. So the first thing you need to know is that quantum computers, when available, they have the potential to break most of current encryption. Right? Most almost everything that is deployed today relies on public key cryptography and standard uh quantum uh sorry, standard uh public key encryption can be broken by quantum computers. So what you need to do is start by uh you need to start today to upgrade your system and make them quantum resistant. So there are standards now that are quantum resistant, that they resist to the future attacks by quantum computers. And the the two reasons why you need to do it now is first because upgrading the systems takes a lot of time. So it's not so much time in approximately. Well, it depends on on the companies, right? But are we talking here about weeks, months, years? If we talk about large companies, it's more years. More years, okay. Yeah, expectable. Yes. Okay, so but can you tell us a little bit more, just for the benefit of our audience, which is usually very non-technical? You know, quantum computers are not existing yet in the sense of you know, being well, they exist, but they're not commercialized yet, right? Uh-huh. And only a few few few entities having them right now. So if we consider that quantum computers are not popularized yet so much, what exactly kind of data are at risk here? So quantum computers uh that exist today, they're not able uh breaking uh the encryption yet. You're right. Uh but there is a um what is happening today already, and we know that it is happening, um, organizations uh recording the traffic over the internet, storing the information in order to break it later. So this famous harvest now encrypt later. Yes, absolutely. Absolutely. So the situation is the following is that quantum computers they attack the very root of the encryption, right? So you don't need to do anything, uh anything special, you just record all the data in order to break them in the future. So you mentioned may I so sorry, I want to follow up on this because you mentioned their organizations following the traffic and collecting the data and so who are those organizations? You mean hackers, potential hackers or yeah, hackers, many governmental, governmental bodies as well? Yeah, we know we know that such things related agencies. Yes. Okay. So so coming in line with with that thought, who should be the most scary about that and panicking first? Are the governments, are the banks, or big tech? Or all of them? Well, I think all of them, because um encryption today is really at the root of information society. So, you know, encryption is based on cryptography, and I see cryptography as a way to enforce trust with mathematics. So if you remove the trust, everything collapses, and all the information society that we built over the last 40 years or so, 50 years maybe, completely collapses. So the financial system in particular would collapse in this uh in this event. So that's that's why we need to act now. Yeah. I'm glad you mentioned this because um a lot of people one of the most common questions even I'm getting is would quantum computers break cryptocurrency or blockchain, or you know, everyone is scary face about the cryptocurrencies, one they're forgetting that the whole banking system is very vulnerable for those as well. And that could be much bigger impact than just losing the cryptocurrency stock, right? That's also what I say to the blockchain community, but it's also nice to see people that actually worry about cybersecurity, and I think they can play a large role in leading the way to uh toward a like a quantum-safe uh economy. Yeah. So do you think we are underestimating right now how fast this transition could happen? I mean, a transition that you know quantum computers are not able now to break, but in the future. Yes, I think we might. So we might underestimate the um the impact in the long term. I think that this event of the the Q apocalypse where the the whole um society collapses is still avoidable. As I often say, I'm not gonna bet on you know when computers, quantum computers will be able to break encryption. However, I know that when this day arrives, some of the data that we encrypt today will still be valuable. Think about medical data, these kind of secrets, you know, these are lifelong secrets. So you need to protect them in the long term, and the only way to do that is to start the transition. Yeah, and we should be ready for that data conf. Okay. Um, so let's talk a little bit about the quantum um cloud. So, why is using a quantum computer in the cloud fundamentally such a security problem? So, yeah, indeed, one of one of the main consequences that we're looking at at Very Cloud is to understand the security of quantum cloud computing. And so I've been using quantum computers in the cloud since uh 10 years ago when IBM put this, uh they released this quantum experience, and uh it was fantastic, right? I I was already working in the field of quantum and you could suddenly start using quantum computers. So when you do that, you have to send a clear copy of your program to IBM to execute on their quantum computer. And this hasn't changed since then, right? If today you're using Quantinum, whichever quantum computer or through AWS, you you can use whichever quantum computer, you send a clear copy of your program, this is executed remotely, and and you get the result back. Of course, this question, I mean, if you think about the most recent development in AI, this is a question that already exists in the classical world. How can I use a resource, a computing resource in the cloud without disclosing my secrets to the exactly and protecting my own. So, in terms of obviously in terms of the AI, a lot of companies are now like installing the engine, the lamps on their own premises, right? And trying to protect it in that way. But wait a second, are we effectively saying here that the quantum cloud providers may be malicious or could be? Or is just prevention? I don't think this is the right way of uh saying that. Again, the same questions are already very much tackled in the classical world. So the the question is not the um the third party or the the operator being malicious, but they could be subject to third-party attack. Yep. Maybe you don't want to rely on their own security, which we you you don't know about. More than that, more than attacks from inside uh the the operator. Uh this is this is the kind of things that you want to protect against. Okay, I understand. Okay, so Mark, I think it's the time right now because you're working on something very special, you're working in in Very Cloud on the product called Q Enclave. So please explain, explain to us what's uh what is Enclave, Enclave, sorry, and why is this important for the future of quantum cloud? And if you cannot use any buzzword here, 10 points extra for you. So I will again I will again refer to the classical situation. So the problem of called confidential computing in the classical world, there are let's say two large families of solutions. One is pure mathematics. You take your problem, AI problem, for example, you embed it into something more complicated to obfuscate the computation before running it on the cloud computer. This is fine, but it's very demanding in terms of resource. Of course, it doesn't require anything more than standard cloud access, but again, most of the time it makes the problems impractical. And in the classical world, there is another solution, which is called a classical enclave or trusted execution environments. And this is a piece of hardware that can run a specific computation in isolation. Maybe you've been using them even without knowing it. If you have an iPhone, when you when you unlock your iPhone with your with your face, right, all the personal data, all the computation is performed within such enclaves to make sure that no other uh process, in particular malicious processes, potential malicious processes, can access the data. So you see here it's not so much to protect against Apple, but against other programs running on your phone. So Q Enclave is exactly the equivalent for quantum computers. It's a piece of hardware that it runs very, very simple quantum computation. And this is uh so much, much simpler than a quantum computer. And when you add it to the quantum computer, it fully protects your computation against both, I mean, any any other processes running on the so this is very interesting what you said. So you said it's hardware-based, because I was living in an assumption um that this is more like protocol-based rather than hardware. So this is very interesting. So we basically will will be adding in the future the piece of hardware that's gonna protect us from protect us, protect us from potential loss of the data once using quantum computers. So it is protocol-based. The reason is that um so the the um the underlying technique was invented by my co-founder, Danke Shifi, together with co-authors uh Joe Fitzsimmons, running today, uh Horizon, and Anne Birdbend, professor at the University of Ottawa. And um it's called blind quantum computing. It's a way to delegate a computation to a remote server without the server, I mean hiding everything, input, output, and computation itself. Um, in the original work by Cashifi, Fitzsimmons, and Birdbend Cashefi Fitzsimmons, um, the the client was supposed to send those quantum states to the to the remote server. What quantum states? Very much equivalent to a quantum key distribution. So single qubit states running over a quantum network up to the to the all the way to the server. Um we the main reason for us to create very cloud was to industrialize blind quantum computing. But very soon we realized that building quantum networks, even though it seems easier in terms of you know, technology is already already exists, but it will take at least as much time as building quantum computers in order to have them deployed worldwide. So we we found a way by adding this extra assumption, this hardware assumption, to put all the technology inside a box, and we put the box on the server, and it completely removes the need for quantum communication between the client and the server. This is very interesting. So basically, what you're saying is we have here a special secure box, right? Which we put all the data and the algorithm that we want to process on the remote cloud-based quantum computer without them knowing what is it in this box. Yes. So you're basically saying, hey, quantum computer, please calculate this, but don't worry about what it is. You don't need to know, just give us the outcome. Yeah. And the outcome is visible or it's also in the secure box. It's not it's also it's also encrypted in a way that only the original client can decrypt. So cool. This is really nice. Okay. I'm excited right now to learn more. So so if you can describe how Qenclave is meaningfully different from the blind computer, uh blind quantum computer, and why, well, you would explain why it's different, but why this is actually this difference matter commercially for average size enterprise. So, again, in terms of the technology, what's the difference between blind quantum computing from the book or from the scientific literature and Q Enclave is that Q Enclave removes the need for quantum communication between the client and the server. And this matters because even though we know today how to build quantum communication systems, we won't be able to deploy quantum communication to all the possible users of quantum computers before maybe centuries. So the the most advanced projects that we have, like quantum internet projects, whether in North America or in the EU, we're talking about we're still talking about very specialized networks for a small number of end users, right? So it doesn't really scale as what we want for quantum computing, where we expect many hundreds, if not thousands, of users in in the short term, right? In the 2030s. Yeah. And do you think it was gonna really happen in 2030s? We are so close. Using quantum computers? Yeah, in terms of like a high traffic. Well, I think today we already have hundreds of users, right, in all over the world. And if you look at the predictions, for example, by McKinsey on the number of quantum computers that will be available, that would be a few, a few thousands. Yeah, we estimate that it's much lower. I mean, it's the number of quantum computers that will be available around 2035 uh 2035 will be too small to serve all the the computing demands. Okay, that's that's making sense. Okay, so let's talk a little bit about the cost of um Q and Clave. So if you think about latency and performance and complexity, what it is and it is worth it. Is it what? Is it worth it? Yeah, so but the the challenge is indeed the integration in the quantum computer. So in our approach, we we design several different different um integration. The the most the most um how can I say the the best one in terms of security requires to extract qubit from the quantum computer, give it to the enclave, the enclave randomizes the state and then sends it back to the quantum computer. Of course, here the complexity and the cost and everything depends a lot on the qubit modality that you're talking about. If if we work with photonic quantum computers, this is almost free. I mean, they operate on photons, so photons move a lot. It's very easy to extract one and send it back. If we're talking about superconducting, for example, this is the most challenging. However, in the recent years, what we saw is that there is a tendency to, or most companies that we talk to, the quantum computing manufacturer, rely on or they expect that they will need to build interconnections between QPUs. So they expect that the QPUs will have a limited number of qubits, and then they will use photonic links to interconnect the different QPUs, and this would scale the quantum computers. So this is exactly, I mean, this is the best for us, right? Because if there is a photonic link, then we can add our small device. It's very small uh compared to um compared to to the quantum computer. We can take advantage of this photonic link and install our device and completely turn the quantum computer into a blind quantum computer. Okay. And right now, is Q and Claive already deployable or will be in the next two or three years, or we are still like on the mostly theoretical layer? How far are you with the problem? So we are further than theoretical. The beauty of it is that as I was saying um earlier, so in theory, the operations that you need for blind quantum computing are the same as for QKD. And before working on QEnclave at Very Cloud, we've been developing quantum communication systems. The main difference with QKD systems is that our systems are multi-purpose. You can run user-defined applications, so you can run things like quantum tokens and other tasks for quantum networks. But so at the moment, we already have a QEnclave in the sense that we have a box that can run the blind quantum computing protocols. So yet embed all the security features that we want for maximum protection, but this is a it's a technology that can already be deployed on quantum on certain quantum computers. That sounds great. So, congratulations. And how how long do you think it will take you to to have all the security features that you in the L scenario would love to have? So um the security features that we need, we again rely on standard uh standard security certifications. This is very similar to the the FIPS certifications for um hardware security modules, so something that is very well known for classical computing. Uh we'll take like a year or two to to get all the um the certification. Okay. And what's the hardest? Is it building the tech or convincing the customers right now that they need it? Well, I think if you if you talk to deep tech startups, whichever whatever technology you're talking about, the hardest is always to convince the customer. The customers. Okay. Yeah. And can you tell us like who will be your first ideal customers for Q Enclave? So remember that the the Q Enclave needs to be integrated into a quantum computer. Yeah, for sure. So the customer is the quantum computer manufacturer. However, the manufacturer will integrate the Q Enclave only if there is a market pool. Right. So we need at the same time to convince the manufacturers and demonstrate the traction from the market. Yeah. Okay. So that's interesting what you said because I was thinking if I was just considering if the cloud providers can also implement that, or is only the manufacturer. In order to solve, let's say, all the problems of latency and integration, complexity, etc., it can only be done with the manufacturer. It's very similar to uh uh to error correcting codes. Quantum computers require error correcting code to run uh to run computation. And right now we see that the error correction cannot come on top of the application layer. It has to be embedded into lower layers of quantum computers, like at the control level. But as as you said, quantum computer manufacturer to implement your solution, they need to have a right volume as well, right? And right now they usually don't ship that many quantum computers, and we only consider those who are shipping because not even all. them shipping across different modality. So would that make your business model right now pretty tough because you need another couple of years before you can generate um revenue? How do you um how do you handle this problem? Because I know that as being a startup, revenue is super important and plenty of deep tech companies are actually facing that problem and they're solving it in a different way because of the expectation of venture capital in order to obviously raise more capital. So can you give us a little bit more what's your approach to that? Yeah well strategically we try to cover all the all the field of quantum network applications from you know anything beyond QKD all the way to connecting to quantum computers. So remember that Qenclave of course it's our dream product it's where it's the the the reason that the very cloud exists but it's based on a technology that's that is already commercialized which is for quantum networking. So we are we are moving at in the two fields at the same time we do at the same time quantum networking and connecting to quantum computers. Okay and that's obviously um is easing I I may say the fear of venture capital to to be scary of the fact that you may not generate the revenue in the future because actually as you said this solution was is already proven in the standard market. So you just building the equivalent of that for a quantum ward which is I think amazing. Okay but if you can consider that in worst case scenario um Q and Claive will not win what do you think would be the most likely reason for for for not winning? Would that be a technical limit or a lack of demand or something like a bigger players doing it faster or better? Well I mean uh I think the main risk for us is quantum computers not working. You know if if there is a demand for if there is a demand for quantum network uh for for quantum computing then without any doubt there will be a demand for for confidential quantum computing. Nowadays for classical uh uh cloud computing the the market share for confidential is around 10% which is already huge right so I I don't think that the lack of demand will be uh will be an issue if there is a demand for for quantum computing. Okay I see. Now regarding your other um other concern a very legitimate concern knowing if other people can do it better or faster there is also something that really matters in um what we're doing is that we with this regard right it's important that the the validation for the confidentiality comes from a third party. IBM today starts running confidential computing on their own quantum computer validated by IBM itself then you know the trust might not be very you know rely on very solid grounds so one way of doing it is to go through a third party and we by the components that we use we can reuse some of the techniques used to to offer the good guarantees for classical confidential computing as well. So this is this is the main reason we believe that we have our our spot here. That's a beautiful counter argument and thank you for bringing it up I think this is great. You're completely right nobody will ever trust the big providers trying to claim that they all think is safe. You need the third party and you need the verification I think this is where we're basically winning so that that's beautiful. Okay Mark I would like to zoom in out a little bit here for a second and talk a little bit about the future and the prediction we are heading towards a future where we simply cannot trust computation anymore maybe and everything become zero trust zero trust by a default does you think where we we are going or not? I mean not everything but you can expect that the people that are especially in the midterm let's say willing to pay for quantum computation would do things that matter in general so think about doing drug discovery for example the um the the financial stakes are extremely high. The process is very long extremely long and yeah huge amount of money spent for every single drug actually I have a background in half tech so okay yeah it's a very good visual example for me. But then you know that the reward is also very high right if it succeeds then the reward is very is very I mean this is this is what we see uh I mean how the world has evolved right since the 70s uh you add more and more trust in the systems but not not trust by default trust by mathematics by technical um solutions and you know I have this passion for cryptography and security and this is uh this is what I've seen over the last 20 years. Amazing okay but if you could predict what will break first what do you think would that be encryption or would that be trust in cloud or maybe something completely different we are not thinking right now about yet tough question. Yeah tough question I think uh I think it's it's it's almost a miracle that it works right so the classical internet and uh I mean all this digital society or information society works by all these small pieces of technologies that we that we all put together. So it's uh it it we we should already be amazed that it works. So what what will break first? Yeah may I I hope what I'm saying is wrong but my main worry would not be encryption today it would be the the trust of end users inside the the systems which is why we also need to enforce things mathematically not only rely on the the trust into organizations and people and sticking with prediction of all um I would like to prediction in general industry I'd like you to ask what in your opinion is the biggest myth about quantum security right now that people talk about well we talked about blockchain security. Yeah yeah oh let's talk about that that's such a hot topic every single conference there's always this question no but uh yeah I mean it's a fair question it's a fair question if I had a way to uh well I don't know if I had a way of breaking encryption would I attack Bitcoin or something bigger? It's not it's not clear. Maybe maybe it's safer to attack bitcoins. Yeah well safer that's a good question you know I'm I'm a little bit smiling about this topic as well because as as you know I'm Polish and the problem um crypto industry right now is challenging by yet another exchange disappearing on the market with you know equivalent to I don't know billion dollars or something and Bitcoin industry is for more than 15 years already in the market people still keeping their money in hot wallets instead of cold wallets and they're keeping them in the exchanges and the exchanges are repeatedly disappearing. So I think if you are a crypto trader or crypto user there is many others dangers and risk that you may can you know sure fade every single day then waiting for you know the threat. But I understand the concern the concerns are obviously valid because the concerns are related to quantum computing and the power on it. But yeah. But you know go coming back to your question what is the biggest myth? Yeah yeah I think you should not be considering that it's far like in an unforeseenable future technology so we've seen that the the you know I I'm usually very conservative when it comes to predictions but what we've seen over the last uh five or ten even ten years is that the the development of quantum computers have been faster has been faster than any prediction made by experts of the field. I'm not talking about startups right startups they have to announce they always announce something big and it's slower than what the startups claim but it's faster what than what the the experts expect. I think at this two three years I think we saw a huge acceleration right in quantum and um more and more people are saying that quantum is only a few years behind AI actually and considering how many quantum startups are going IPO this year only I think it's five or six or something that is saying something that not only the development is faster but also the trust of capital and investors is also there in the coming so we are definitely on something on the beginning of something great and and and big so that's okay but coming back to that prediction so Mark if I am an executive right now in enterprise again I may or may not be non-technica what should I do in the next 12 months what should be my priority in terms of you know preparing my organization for what's coming and how to implement the the quantum where where the focus should be in your opinion? Yeah I would say first you need to know your data you know if you're a large company what type of protection require your data require do they require long-term protection uh or you know if you if it's just accounting data that let's say that need to be secure for seven to ten years versus what we talked about pharmaceuticals uh it's very it's very different so so you need to have a sort of long-term strategy and be able to put yourself in um in this scenario where your your current data can be broken somewhere in the future and understand what it means in terms of the what's the what's the impact on the company itself. 100% and all over the world there are companies helping with the transition to quantum resistance. It's there there are experts working on that. So yeah you can contact these experts and we don't do that so uh so it's not uh you know I'm I'm not trying to sell very cloud here but I know very good experts both in Europe North America all over the world yeah there are special kind of companies just focusing on that and consultancy and so on I just had recently a very interesting talk with um Bill Vas who is the CTO of uh Busan Hamilton they are doing it part of the product so 100% okay Mark um we're wrapping up here looking at the and the time that's left um for the recording but two more questions one question is very light what would you build except you know very cloud if you if you wouldn't build very cloud what would you build in quantum right now today in quantum right now today probably something related to error correction because okay I'm cheating a little bit here because it's it's quite it's it's different but it's also close to to cybersecurity well in cryptography it's a very mathematical field uh the very beautiful mathematics very challenging as well is telling me that you like the challenges you're picking the toughest problems to solve I don't know if this is the toughest problem I mean building uh building uh superconducting quantum computers the physics I don't I have a computer science background but I think that the the work done by the physicists is amazing it's incredible I agree okay and uh last question here also very light one interesting company except very cloud obviously in the quantum ecosystem oh there are so so many interesting companies that uh I'm gonna I'm gonna make enemies uh here you can only pick one I can only pick one so I have to pick one in the in the field of um uh oh no you know what I'm gonna pick okay also because of friendship here friendship is at stake here I'm gonna pick horizon so they had an IPO recently as well but uh Joe Fitzsimmons is an uh is one of the co-inventors of blind quantum computing very close to especially my co-founder Elam Kashifi but also a friend of mine um I think the main success of uh of horizon is that the vision of Joe I mean Joe has this vision super strong vision of uh you know I would I would definitely listen to anything he says about the future of thank you that's good thank you so much for mentioning horizon I will add them to my list as well maybe we can one day invite um joey to come here and and talk about those those predictions I definitely recommend inviting Joe he's a fascinating I will try my best mark thank you so much for today it was a pleasure to have you here and good luck with very cloud good luck with uh Hugh and Clave and I hope that we're gonna stay in touch in the next uh couple of months maybe a couple of years um you're gonna keep us updated on your progress and who knows uh I hope maybe in two three years we can announce your IP thank you Eva thank you bye bye that was Blonde and Quantum thank you for joining me on this journey through the quantum business frontier if you like the episode please review it on Spotify or Apple Podcast and help more people discover the quantum world without needing to untangle the theoretical physics. See you next time unless the cut change