3146: Securing the Quantum Future: How SECQAI is Redefining Cyber Defense

[00:00:03] As we inch closer to the much anticipated Q-Day, the day when quantum computers could crack public encryption systems, the stakes in cyber security have never been higher.

[00:00:16] But what does this mean for governments, enterprises and the security of our critical infrastructure?

[00:00:22] And with quantum breakthroughs accelerating at a pace few expected, how can we build a defence strong enough to withstand the future of cyber threats?

[00:00:31] Today I'm going to be joined by the CEO of SECAI, a NATO-backed leader in quantum resilient and memory safe semiconductor solutions.

[00:00:42] My guest Rahul and his team of physicists, scientists and developers are currently tackling the cyber security challenges of tomorrow.

[00:00:50] And they're doing this by building secure hardware from the ground up.

[00:00:55] Because they believe in creating semiconductors that are inherently protected from 70% of the world's attacks.

[00:01:03] Ensuring that the foundations of our digital infrastructure are strong enough to withstand even in the quantum era.

[00:01:11] So today we're going to discuss why secure hardware is the key to protecting critical infrastructure.

[00:01:17] How collaboration between governments, academia and the private sector are driving quantum secure solutions.

[00:01:25] And ultimately what policy makers should be doing to prepare for Q-Day.

[00:01:30] And if you're curious about how quantum computing is reshaping the security landscape and what needs to happen to ensure we stay ahead of the curve,

[00:01:40] you're not going to want to miss this conversation.

[00:01:42] But enough from me. Let's get today's guest on now.

[00:01:46] So a massive warm welcome to the show.

[00:01:49] Can you tell everyone listening a little about who you are and what you do?

[00:01:53] Yeah, so I'm Rahul Tiagi. I'm CEO and founder of SECAI.

[00:01:57] We manufacture and design secure semiconductors for dual use applications.

[00:02:03] So that means both for defense as well as for the commercial world as well.

[00:02:08] And we develop semiconductors to protect us against existing cyber attacks as well as future potential cyber attacks, including quantum computing threats.

[00:02:17] And there's a lot of talk around quantum computing at the moment.

[00:02:21] The possibility of it breaking current encryption methods and so much more.

[00:02:25] It's finally taking the hype away from AI a little bit.

[00:02:29] It's nice to be talking about something different.

[00:02:31] But just to set the scene for the kind of threats that people are getting themselves concerned about, what are the immediate risks posed by quantum computers to our digital infrastructure?

[00:02:41] And how urgent is that need to address those vulnerabilities sooner rather than later, would you say?

[00:02:47] Yeah, so this is a really interesting topic.

[00:02:50] And the reason is because we really need to understand kind of the development of quantum computers and not only quantum computers, but also the development of the algorithms that run on these systems.

[00:03:01] So what we've had so far is quite a steady development of quantum computing.

[00:03:07] However, in the past about year two years or so, we've started to see an acceleration in some of the capability.

[00:03:12] You know, we've had quite a big achievement made by Google earlier this year, actually about a couple of weeks ago, where they announced it with their achievement with a 100-qubit quantum computer.

[00:03:24] And at the same time, what we've started seeing in the algorithm world is further optimization and development of the algorithms used to crack encryption.

[00:03:32] So before, for the past 30 years or so, we've had Shor's algorithm being kind of the key methodology to try and crack our existing encryption schemes.

[00:03:41] But we started to see improvements on that and reductions in the number of qubits, the number of operations needed to crack encryption.

[00:03:49] So that we're reaching kind of this inflection point where, you know, quantum computers are getting better, but the algorithms are getting more optimized.

[00:03:57] Now, if we look around the world today, what we're starting to see is these still now decrypt later attacks where someone isn't looking to try and crack the encryption today.

[00:04:08] What they're trying to do is grab as much data as possible for them to decrypt in the future.

[00:04:12] And this isn't necessarily going to be targeted towards the end consumer that sat in their homes.

[00:04:18] It's more targeted towards organizations.

[00:04:21] So think of your defense national security customer as well as potentially your financial services customer as well.

[00:04:28] The real thing to really understand when it comes to what's the threat of a quantum computer to you today is to understand how valuable is your data in the next couple of years?

[00:04:36] You know, is your data only fleetingly valuable or is it really valuable for the next five to 10 years?

[00:04:41] If your answer is the latter of that, that's where the focus really should be around protecting yourself against quantum computing threats,

[00:04:48] because we know these machines will be able to crack existing cryptography within that kind of timeframe.

[00:04:54] So I was reading before you came on the podcast that you're focused on building quantum resilient and memory safe semiconductor solutions,

[00:05:01] which piqued my interest and one of the reasons I invite you to join me on the podcast today.

[00:05:06] So for people hearing about this for the first time, can you just explain how secure hardware built from the ground up can automatically protect against actually 70% of global cyber attacks?

[00:05:17] I think was the stat I read. Can you expand on that for me?

[00:05:19] Yeah. So at the moment, and this is kind of the ethos of why we were brought about is because, you know, it's all well and good solving future attacks.

[00:05:31] But if we have the opportunity to solve existing cyber vulnerabilities, it's an opportunity we can't pass up.

[00:05:38] So what we've done is we've taken what's called a memory safe architecture.

[00:05:44] It's one where the memory itself is getting identified and authenticated every single time it gets called.

[00:05:49] So when you run an application today, if you run an application or on a piece of hardware, you're running it with a lot of software abstraction in between your application and the hardware.

[00:06:00] The problem with this is that whatever hardware you're running on, you're assuming that that software is implemented securely.

[00:06:06] And fundamentally, a lot of architectures out there, if you're thinking about the big kind of the big two architecture types out there in the world today, unfortunately, they're not built to be secure from the ground up.

[00:06:17] They allow for errors in software to enable an attacker to spread from one error area into another area.

[00:06:27] So they can go and spread from one application to another application quite easily.

[00:06:31] The difference between building something from the ground up securely means that you can actually segregate these applications in memory, in hardware, in physical hardware, which would stop an attacker from spreading from one place to another.

[00:06:43] It essentially makes sure that your software programmer who's building on these hardware paradigms is building it in the most secure way possible.

[00:06:51] And they can see that they've got memory vulnerabilities and the code wouldn't even work on that hardware.

[00:06:55] They will need to actually fundamentally modify it to make sure it's actually secure from the ground up.

[00:07:00] Now, there's kind of two different approaches to try and solve these problems, right?

[00:07:05] One is to try and do this in a software programming language like Rust.

[00:07:09] Unfortunately, you can still write unsafe code in Rust.

[00:07:12] However, the other methodology is by building these memory safe hardware.

[00:07:17] And our hardware is based on some of the work done at Cambridge, actually, under what's called the Cherry architecture.

[00:07:24] So capability hardware enhanced risk architecture to try and solve these problems.

[00:07:30] It's known to stop the top 12 vulnerabilities out there today.

[00:07:34] And memory safety is one of the biggest exploits used in pretty much every attack vector that we see.

[00:07:38] Everything from kind of including the likes of ransomware as well.

[00:07:43] It's one of the biggest exploited attack vectors out there.

[00:07:46] And of course, governments and global policymakers all play a collective role in safeguarding things like the critical infrastructure that we all take for granted.

[00:07:55] But what policies or initiatives should they be prioritizing on, do you think, to ensure that the digital infrastructure remains resilient against these emerging quantum threats, especially at a time where there's so much global conflict?

[00:08:10] Yeah, so that's a really good question.

[00:08:12] So when we look at what's going on in the world of regulation, if we start off there.

[00:08:19] So what we saw earlier this year is NIST in the US, which is the National Institute for Stands and Technologies, they came out with their roadmap for when post-quantum cryptography should be implemented in devices.

[00:08:33] Now that timeline is around 2033 to 2035, depending on kind of the differing timelines that they've put out at the moment.

[00:08:41] The reason for that is because, you know, that's a timeline that can always be modified.

[00:08:46] It can always be brought forward. They're advising people to start that migration process right now.

[00:08:51] And it's bodies like CISA in the US, bodies like NCSE in the UK that really will be kind of the driving force behind the migration in the commercial sector.

[00:09:01] However, what I would also kind of point out is we've also seen other governments such as the Australian signals directorate ASD in Australia putting out a much more aggressive timeline for that migration where they're putting 2030 being the timeframe for where they think migration needs to have been completed by.

[00:09:21] And this is why it's quite interesting is seeing these different approaches by different governments.

[00:09:25] And the question really is, are people going to realign those timelines and make them a bit more accelerated to try and get this requirement out there in the world?

[00:09:36] In parallel to these initiatives, what we're also starting to see is the same sort of migration requirement from a PQC perspective also coming on memory safety, where we're seeing CISA, we're seeing NCSE as well quite heavily in the UK, pushing out the requirement for people to move across to memory safe hardware as well at the same time.

[00:09:56] So we're seeing this kind of nice alignment that memory safety is going to be something that's being advocated for from 2026 onwards, but at the same time, this kind of PQC migration happening at the same time.

[00:10:07] So it's quite an interesting time for cyber when it comes to the physical hardware, the encryption and the physical architectures that we're deploying now.

[00:10:17] And quantum hardware has traditionally involved close collaboration between industries and academia.

[00:10:23] So how are you working with research institutions and other partners out there to ultimately drive innovation in quantum secure solutions?

[00:10:31] Because I would imagine it is a collaborative approach that's required here.

[00:10:35] Yeah, so we work quite closely with a couple of universities in the UK.

[00:10:39] I already named the work that we did with Cherry, with Cambridge.

[00:10:43] But we also work quite closely with Imperial as well on the lattice cryptography systems, supporting them with some initiatives that they're looking towards going forward with.

[00:10:53] But we also do a lot of internal research in collaboration with them as well, where we're looking at not only current encryption, but what would future encryption look like?

[00:11:02] What would occur if even the encryption paradigms that we're currently built upon are liable to some other form of attack vector that we didn't know existed today?

[00:11:11] So we need to come up with a completely different type of encryption scheme.

[00:11:14] So we support initiatives ranging from understanding the existing cryptography schemes to what could potentially be a replacement if these fail for us.

[00:11:22] We also look at the latest developments in quantum computing quite heavily.

[00:11:27] We're quite closely tied with a couple of universities around their quantum computing roadmaps, how they're developing, and even with the commercial quantum computing companies to really understand what their roadmap looks like.

[00:11:36] And in-house, we actually work quite closely with Oxford Quantum Circuits on developing out quantum machine learning methodologies.

[00:11:42] And earlier this year, one of the biggest attack vectors that was highlighted in an IBM report actually by Diffie, one of the brains behind the Diffie-Helman protocol, one of the biggest protocols used across the world for encryption, kind of one of the fathers of cryptography really.

[00:11:59] Coming up with this view that quantum computers standalone, just brute forcing encryption isn't necessarily going to be the thing that breaks encryption.

[00:12:08] The thing that may break our existing encryption is attack vectors from even quantum machine learning-based methodologies.

[00:12:14] And we believe this is a very interesting area of research that should receive a lot more government attention and funding really going forward in the next couple of years.

[00:12:24] And before you came on the podcast today, I was reading that you've described secure semiconductors as foundational for cybersecurity in a post-quantum world.

[00:12:32] So can you tell me a little bit more about the technical innovations that make your approach stand out in building this quantum resilient hardware that we're talking about today?

[00:12:41] Yeah, so the post-quantum cryptography algorithms themselves, if you kind of dig into the detail of how they actually operate, they operate very, very differently to what our existing encryption kind of relies on.

[00:12:54] You know, there's no kind of shared secret kind of capability that exists within these systems.

[00:12:58] And because of that, and because of the maths that underpins these, which is, you know, it's a field of maths based on what's called lattices.

[00:13:05] We have to figure out ways in hardware to accelerate the calculations that are being done to create these encryption schemes.

[00:13:12] And that's exactly what we've done.

[00:13:14] So we've investigated, you know, how these schemes work.

[00:13:17] We've looked at the kind of varying levels.

[00:13:19] So in the encryption schemes, there's varying levels of how secure you want to make sure that they can be.

[00:13:25] So everything from kind of level one all the way up to level five, level five being the most heavily protected system.

[00:13:31] And based on that, we have to design specific hardware to accelerate those algorithms.

[00:13:37] And that's exactly what we've done.

[00:13:38] We've built hardware to accelerate those algorithms so we can meet the needs so that when someone's, you know,

[00:13:43] even if it's a consumer who's on their favorite video streaming website, for them, you know,

[00:13:50] you'll be able to actually not have the latency issues from the encryption running on the hardware.

[00:13:54] And this is really where we see concurrent sessions and concurrent encryption being a real challenge.

[00:14:00] If it's done in software, it's going to cause a huge bottleneck.

[00:14:04] Whilst if it's done in hardware, you won't see the latency problems that you would have seen.

[00:14:10] And when researching you, another thing that stood out to me was your NATO-backed platform, which is incredibly cool.

[00:14:16] You've got this unique role in shaping global security standards there.

[00:14:20] But what do you see as the broader implications of quantum secure technologies for both national and international cybersecurity strategies?

[00:14:28] Because it must be incredibly intriguing what you do here.

[00:14:32] It certainly is from my side.

[00:14:34] Yeah, so as we look towards the future, I think the key thing really is from a geopolitical point of view is really understanding

[00:14:41] who are those individuals who are investing quite heavily in quantum computing technology.

[00:14:48] And therefore, where does quantum encryption kind of need to go?

[00:14:52] Those are kind of the two pillars that we really push towards when speaking with our government colleagues quite extensively

[00:14:59] is really looking towards what does the future of quantum look like and what are those attack vectors?

[00:15:04] And sometimes, you know, we come up with some of what people probably externally would think are the maddest ideas in the world.

[00:15:10] But really, they're grounded in this element of truth of, you know, the way that the world is developing

[00:15:15] and the way that the capabilities are developing.

[00:15:18] We need to start looking into these innovative alternative capabilities to see if those systems could be used to even attack our existing schemes

[00:15:29] and how governments can inform their policies based on that to try and counter that future threat.

[00:15:35] And this is something that we've, you know, discussed not only kind of in the UK and the US,

[00:15:39] but across all our kind of NATO allies across countries, across all the NATO countries,

[00:15:46] but also externally as well to even partners across in South Asia, for example,

[00:15:52] where we're really trying to identify, you know, what does this threat look like to them?

[00:15:56] And how do we prevent this?

[00:15:57] Because this is not just a problem that's sat in one part of the world.

[00:16:00] It's a problem that exists everywhere.

[00:16:02] And good cyber posture is really needed by every nation.

[00:16:07] And it does feel we've been talking a few years now around Q Day,

[00:16:12] the day that quantum computers are able to crack our public encryption systems.

[00:16:16] But looking ahead, what kind of timeline should industries and governments be working towards

[00:16:21] to prepare for this inevitable quantum resilient future?

[00:16:25] And what steps should be taken right now to ensure that we don't get caught off guard?

[00:16:29] Because we have been talking about it for a long time.

[00:16:31] So there's almost no excuse not to be preparing for it.

[00:16:34] But what kind of timeline do you see?

[00:16:36] Yeah, so I think there's been quite a big step change in the recognition of what that threat really is.

[00:16:43] And I think there's been a huge increase in understanding as to what that timeline looks like.

[00:16:50] So now there's critical systems that are going to be implemented for, let's say, five to 10 years.

[00:16:57] Those are being seen as the highest priority.

[00:16:59] You know, these are everything from systems that are really difficult to get to,

[00:17:03] things that are within your house, you know, household smart metering devices through to smart monitoring devices.

[00:17:10] Things that won't get changed very often are things that really are being focused on for that migration.

[00:17:16] Then as time goes on, it's really a case of, like I was saying, prioritizing based on what data needs to be secure for 10 years.

[00:17:27] What data would potentially, if it were leaked in seven years or so, would it be a problem for your business?

[00:17:33] And if the answer is it would be a problem for our business,

[00:17:37] that's the system that you really need to prioritize when it comes to migrating across.

[00:17:40] Now, to try and really for, especially for enterprise, the challenge is knowing what cryptography is running where.

[00:17:48] Now, there's quite a lot of open source tools, and I believe Microsoft also has a tool as well,

[00:17:52] that can be used to understand your estate, understand the cryptography running on your estate.

[00:17:58] And based on that understanding of what cryptography is running where,

[00:18:01] you can identify what the critical systems are and map them to those cryptography algorithms that are placed in those systems.

[00:18:07] And you can identify a bit then which ones should you migrate across to PQC?

[00:18:12] Which ones should you be focusing on that migration?

[00:18:15] And when should you be doing that?

[00:18:17] I would heavily, though, implore enterprise to really look towards the NIST kind of timescales

[00:18:25] and make sure that you're implemented before then, because, you know, these timelines are indicative.

[00:18:31] They are subject to change in time.

[00:18:33] And as all it takes really is a couple of great breakthroughs in quantum computing to really accelerate the timeline.

[00:18:40] And we're starting to see some of these breakthroughs being made now.

[00:18:44] So that time horizon that's provided by governments, even though it may be 2035,

[00:18:49] because we're starting to see other governments saying 2030,

[00:18:51] that time horizon isn't necessarily a 10-year.

[00:18:54] It could even be as small as a five-year.

[00:18:56] Well, we've covered so much today around how secure semiconductors can automatically protect 70% of the world's attacks

[00:19:04] by building them from the ground up.

[00:19:07] And I've learned, for one, so much about your approach here.

[00:19:10] But before I let you go, I'm going to have a little bit of fun with you now.

[00:19:12] We've left your insights.

[00:19:14] I'd also like you to leave one final gift for everyone listening,

[00:19:17] and that is a book that you'd recommend that we can add to our Amazon wishlist

[00:19:21] or a song for our Spotify playlist.

[00:19:23] I don't mind which, but what would you like to leave everyone listening with and why?

[00:19:28] Yeah, I mean, the one that I think that's shaped me the most would probably be the one

[00:19:32] that probably quite a lot of your listeners may have already read before,

[00:19:35] which is Only the Paranoids Survive, which is an incredible book

[00:19:39] because it really puts you in the mindset of how a lot of CEOs kind of operate.

[00:19:46] And being a semiconductor organization, really understanding the early days of Intel

[00:19:49] and the decisions they made helps to know that when you're making some of these decisions,

[00:19:54] you can look back at them and think,

[00:19:56] God, if we didn't make that decision two years, three years ago,

[00:19:59] imagine where we would be now.

[00:20:01] We're in such a great place now with what we're doing and what we're focusing on

[00:20:04] and the work that we've been doing to date.

[00:20:07] But looking back, you can never tell that.

[00:20:10] And to see even that existing within industry

[00:20:13] gives quite a good level of comfort to us.

[00:20:17] I've not heard that.

[00:20:18] I don't think anyone else has recommended that book.

[00:20:20] So I'll get that added straight to our Amazon wishlist.

[00:20:22] And I'll be checking that out myself.

[00:20:24] And for everybody listening that just wants to find out a little bit more information

[00:20:28] and dig a little bit deeper on some of the things we talked about,

[00:20:31] how you might be able to help, how you can work with people, etc.

[00:20:35] Anywhere in particular you'd like to point everyone listening?

[00:20:37] So definitely check out our website, which is www.sakai.com.

[00:20:42] That's where you'll get quite a lot of literature about what we do,

[00:20:47] some interesting news articles as well of what we've done as well in the past.

[00:20:51] But I would also employ them to check out our LinkedIn as well.

[00:20:55] We typically publish quite a lot on our LinkedIn,

[00:20:58] especially where we're kind of mentioned in a couple of articles,

[00:21:01] but also some of our latest thought as well.

[00:21:04] And you'll be getting a few nice pieces of information coming out in January and February.

[00:21:09] So definitely look out for us on that.

[00:21:12] Ooh, a nice teaser.

[00:21:14] Well, I will get the links added to the show notes and the blog posts

[00:21:18] accompanied to this episode so people can find that nice and easily.

[00:21:21] And as we come full circle now, we began talking about

[00:21:24] as the world becomes more dependent on digital infrastructure,

[00:21:27] the questions we're asking now are how do we protect ourselves

[00:21:30] from this next generation of quantum computers,

[00:21:33] the potentials or the risks around Q Day that we keep talking about,

[00:21:38] and also how governments and global policymakers should be implementing

[00:21:43] how secure hardware is the key to protecting that critical infrastructure

[00:21:47] and so much more.

[00:21:48] So many big takeaways, and you left us a great book too,

[00:21:51] but thank you for joining me today and sharing that story.

[00:21:54] Thank you so much, Neil.

[00:21:55] So as Q Day looms on the horizon,

[00:21:59] it's clear that the path to a secure future lies in innovation, collaboration and foresight.

[00:22:07] But what's your take on our conversation today?

[00:22:10] Are governments and enterprises moving quickly enough

[00:22:13] to protect the infrastructure from quantum risks?

[00:22:17] How do you see quantum resilient solutions shaping the future of cybersecurity?

[00:22:22] As always, love to hear your thoughts.

[00:22:24] Tech blog writer outlook.com

[00:22:26] LinkedIn just at Neil C. Hughes.

[00:22:28] Let me know your thoughts on this one.

[00:22:31] So let's continue this conversation.

[00:22:33] As always though, stay curious, stay secure,

[00:22:35] and I will speak with you all again tomorrow morning.

[00:22:38] Bye for now.