Apologies for the Irish goodbye, six months ago. Eventually, a few folks asked where my newsletter had gone, so thank you to those kind souls.

I’m going to just pretend my hiatus didn’t happen, and leap straight into edition #30…

Deep Learning Meets Quantum

This is cool. MIT researchers claim to have used the quantum properties of light to increase the security of deep-learning computation.

The proposed protocol allows a client to securely perform inference on their own data, using a model generated by a central server. The security of the model is preserved because the client is unable to store the model weights sent by the server (thanks to quantum behaviour). And the client data is preserved because the inference is performed locally, avoiding sending sensitive data to the cloud.

This nicely fits real-world ML use cases, such as a doctor wanting to perform analysis on sensitive patient data, using a proprietary model owned by a third party.

The MIT article does a great job of explaining how the protocol works (and links to the underlying paper). Interested readers should learn more here: https://news.mit.edu/2024/new-security-protocol-shields-data-during-cloud-based-computation-0926.

This project reminds us that quantum cybersecurity isn't just about quantum randomness and key distribution.

Deloitte Sets the Tone

Deloitte's recent white paper is a big deal for the QRNG industry. Here’s why:

Firstly, a credible third party is weighing in on the topic. It’s one thing for people like me to gush about QRNGs since my company is knee-deep in the game. But for Deloitte to stick their neck out on the topic is quite another.

Consumers of advanced products struggle to separate hype from reality. When measured opinions emerge from companies like Deloitte, it helps buyers comprehend the menu in front of them.

Secondly, it provides a language framework to use. Language matters around new technology. We’ve seen in the broader quantum world how hard it is to wrestle with “advantage” vs “supremacy” vs “utility” and so forth. In the QRNG world, we’ve also struggled with terminology, around what it means to be “proven” or to be “truly random” (if such a thing exists).

The paper solves this by defining four levels of security for random number generators. Level 3 is the typical quality level found in cryptosystems, and it falls short of Level 4 because it cannot prove the quality of the output. Only QRNGs can inhabit Level 4, although most are still stuck in Level 3.

Finally, papers like this encourage standards bodies to take note. The consultancies are focusing on QRNGs because their customers are asking. The standards bodies need to be ready to adapt to the changes in front of them. The framework proposed in this paper could find its way into the standards one day.

You can read the Deloitte paper here (PDF): https://www.deloitte.com/content/dam/assets-shared/docs/services/risk-advisory/2024/qrng-what-is-the-fuss-all-about.pdf

Congrats to the authors: Itan Barmes, Colin Soutar, and Carlos Abellan.

Maybe They Wrote It Badly First Time?

A post for the crypto geeks. (And I mean cryptography, obviously.)

Though I regularly comment on the quantum side of cyber, it's great to know folks are still paying attention to the algorithms that got us this far.

In particular, a recent blog from Amazon gives a great overview of how elliptic curve cryptography works, and how they've painstakingly optimized it for better performance and security.

In one setting, they saw an 86% increase in performance through these changes. Impressive!

There's also some interesting commentary around proving algorithm correctness at the assembly level, which means their proofs are independent to the compiler.

You can read the gory details here: https://www.amazon.science/blog/better-performing-25519-elliptic-curve-cryptography.