Hard problem. Huge market. Big bet.
These, we’re told, are the hallmarks of a high-potential startup.
Now, imagine that startup is led by seasoned experts who, in their previous lives, helped build a $20-billion company that changed the way the world communicates.
If Totzke’s name sounds familiar, it’s because he and ISARA co-founder Mike Brown led development of security systems for BlackBerry for more than a decade.
Long before anyone had heard of an iPhone, their work made BlackBerry the only trusted mobile device for world leaders, corporate tycoons, intelligence agents and anyone else who needed to safely share sensitive information on the go.
With ISARA, Totzke, Brown and their 21-member team have turned their talents to a massive undertaking: securing the world’s data against the looming threat posed by quantum computers.
While the exponentially greater processing power of quantum computers holds the promise of colossal gains in humans achievement, it will also render today’s encryption standards feeble in the face of quantum cyber-attacks.
That’s where the hard problem comes in – and ISARA, in collaboration with world-leading quantum researchers based in Waterloo, has developed a software toolkit to solve it.
The wrinkle is that no one knows with certainty when quantum computers will become a practical reality, and that’s where ISARA’s big bet – funded by QVI’s Mike Lazaridis, BlackBerry’s visionary co-founder – comes in. It’s a situation reminiscent of the Y2K scare of the late 1990s, but without a fixed date, and with a lot more at stake.
Still, experts – including Scott Jones, the Deputy Chief of IT Security for Canada’s Communications Security Establishment – have recently pegged 10 years as a prudent time frame for what Totzke calls “Y2Q,” or “years to quantum,” which underscores the urgency for companies and institutions sitting on ever-growing mountains of data.
“That’s an aggressive timeline when you think about all the changes you have to put in place for all the infrastructure that supports authentication, identity management, secure communications,” Totzke told me at his office last week.
“If you’re a large multinational bank or insurance company, that’s a four- or five-year project for you,” he said, “which means we need to have quantum-safe solutions to market, as an industry, five years from now.”
Indeed, it could arguably be too late to start quantum-proofing efforts, considering that hackers could already be harvesting datasets and saving them for when quantum capabilities come along.
And that’s where, finally, the huge market comes in. ICT (information and communications technology) is a $4-trillion-and-growing industry, placing 18-month-old ISARA at the leading edge of an enormous opportunity.
By 2020, the amount of data that moves over the Internet in a year is expected to reach 2.3 zettabytes. Put another way, that’s 6.3 billion gigabytes of data moving around online every day, to say nothing of the piles of data stored offline.
And there won’t just be state secrets and financial information to worry about. The explosion of devices connected to the so-called Internet of Things (IoT), including autonomous vehicles, will move more and more of our daily lives online, where quantum-enabled bad actors could do catastrophic damage.
“Imagine the type of disruption that could happen if we had hundreds of thousands of autonomous vehicles on the 401 on the daily commute,” Totzke said, “and an adversary started playing with the command and control channel to mess with all the safeguards that are built in, or started forging the software updates that were being sent to the cars.”
Current encryption relies on “factorization.” Two big prime numbers are multiplied to make an even bigger number, which becomes the encryption “key.”
The strongest encryption keys today contain 256 digits, a number so large that conventional computers aren’t powerful enough to factor it down to the original two prime numbers and unlock the information.
Quantum computers, however, are predicted to be able to factor a 300-digit key within minutes, rendering vulnerable nearly all the encrypted data we consider to be safe today.
ISARA’s toolkit, unveiled last month, contains quantum-resistant versions of the key-based encryption algorithms used today, including a 30-per-cent faster version the New Hope algorithm Google has developed to protect its Chrome operating system.
“We have a high degree of confidence that, with all the information we know today, [ISARA’s tools are] resistant to both quantum attacks as well as classical computing attacks,” Totzke said.
That confidence springs from the expertise within and surrounding ISARA, which Totzke described as “a grown-up startup” stacked with BlackBerry veterans including Mark Pecen, the Chief Operating Officer.
Pecen, a former senior vice-president who built much of BlackBerry’s wireless and networking patent portfolio, now sits at the forefront of developing global standards for the post-quantum era. He chairs the Quantum-Safe Cryptography Industry Specification Group for the European Telecommunications Standards Institute (ETSI), whose standard-setting work underpins much of how the world communicates.
A few years ago, ETSI started discussing the need for quantum-safe cryptography, which it followed up with a 2014 whitepaper whose authors included Michele Mosca of Waterloo’s Institute for Quantum Computing, whom I interviewed about quantum cryptography in 2011.
“Mike Brown, myself and Mike Lazaridis reviewed this paper and we looked at what we thought could be done,” Totzke told me. “It would largely be based on the resources available here in Waterloo – the highly qualified people we have, the networks that we have, the access to academic research.”
The three realized that “somebody’s got to take a leadership role and jump into this problem, and start doing the early work that’s going to lead us to developing both a really good standard [for quantum-safe cryptography] that can be used internationally, as well as refining the technology to a point where it’s commercially viable.”
ISARA was born in the spring of 2015, and clients are already willing to pay for its expertise, mainly through consulting at this point.
“In the first year and a half, we crossed over the pre-revenue aspect of a startup,” Totzke said, “and we probably have two dozen opportunities directly related to the toolkit that are in various stages of discussion.”
Those opportunities, he said, “range from small solution providers that might have just a few hundred customers, to large multinational infrastructure providers. They’re in varying degrees of maturity, but all of those discussions are progressing, and there seems to be interest at pretty much every level.”
It certainly doesn’t hurt that, through BlackBerry, Totzke and his team built a formidable network of customers at the highest levels of government and industry around the world.
Unlike a less-mature startup, “It doesn’t take us two or three years to establish credibility,” he said. “We’ve already done that . . . we’re talking to those same people in those organizations, who already know what we bring to the table.”
ISARA is shaping up to provide a compelling example of how the release of top talent from BlackBerry – coupled with the quantum research that Lazaridis has seeded with his sizable founding donations to IQC and the Perimeter Institute – has vastly enriched Waterloo Region’s tech community, and set it up to seize big, bold opportunities going forward.
“We are here in Waterloo; we are full of an innovative spirit of entrepreneurship and solving hard problems.” Totzke said. “We have a great talent pool in the region, whether it’s academic research, low-level developers and implementers to make this stuff work, or experienced leadership to pull together a vision and execute it – I mean, it’s all sitting right here.”
That talent pool, he said, enabled ISARA “to very quickly go from two people in April of last year to 21 people today. And we’re even starting to draw talent into the region from outside of Kitchener-Waterloo; we’ve got three folks so far who have relocated from Toronto to be part of the solution, part of the team.
“It’s just part of the story of what Waterloo has,” Totzke said, “and we get to be part of all of the elements of that, and draw on so much expertise here that it’s fantastic.”