OTTAWA — Early next year, Canadian startup QEYnet hopes to be showing off its solution to one of the biggest cybersecurity worries the world faces, using satellites and a freaky feature of photons to update Cold War encryption methods for the quantum age.

Most modern encryption depends on very large prime numbers and how hard it is to work out whether any given very large number is prime. These methods are widely expected to collapse sooner or later.

“Quantum computers are coming. When they come, they’re going to overturn the apple cart, and all of the encryption that we do today is going to be thrown out the window and will need to be replaced,” said Cordell Grant, QEYnet’s chief executive.

That’s bad news for all kinds of data security, from classified government networks to the credit card information you send for an online pizza order.

The Canadian Space Agency is backing QEYnet with more than $1.4 million and a promise to take the company’s technology into orbit, because the agency needs new ways to protect its own space equipment from eavesdropping and sabotage.

“Making sure the communications between the ground and a spacecraft [are secure], just in order to safeguard that asset and operate it, is critical,” said Philip Melanson, a senior CSA engineer who works on technology development.

Besides that use, though, the agency believes that QEYnet’s work has major commercial applications, and funded it through a program for industrial space technologies.

“It’s not a program that’s geared towards the government needs,” Melanson said, “It’s, ‘Is there a market for this?’”

The European Space Agency is working on a similar mission, but its launch has been delayed from 2024 to 2026. That means the Canadian effort could get up ahead of it, according to its current timeline.

Prime-number–based codes have always been breakable, if you threw a wildly unreasonable amount of computing power at them. Quantum computing, a still largely experimental technology that harnesses the principles of quantum physics to solve highly complex math problems, promises to make that kind of power much more readily available, sooner or later. The Canadian Centre for Cyber Security has spent years trying to prepare Canadian companies for that threat. 

“The big risk here is that the algorithms that were secure, basically based on hard math problems that would take decades to solve, can now be solved for more quickly with a quantum computer,” Rajiv Gupta, the head of the cyber centre, explained in a recent interview.

Governments and industry are racing to devise and implement “quantum-safe” encryption systems. Routine software and firmware upgrades over the next few years should keep most of us ahead of the quantum computing problem without needing to think much about it, Gupta said.

QEYnet of Maple, Ont., north of Toronto, is one of the racers.

Security methods used today replaced an older, simpler, unbreakable but cumbersome way of encrypting messages called one-time pads. Spies used them during the Cold War; submariners in Tom Clancy’s The Hunt for Red October pull pads out of onboard safes to communicate with superiors ashore. 

One-time pads hold sheets of paper with long strings of numbers, as close to random as possible, which are the “keys” to encoding and decoding a message.

A sender converts all the characters in a message to numbers, adds numbers from the one-time pad, one at a time in sequence, to each number in the converted message, creating a series of small totals representing characters. It then sends the encoded message to the recipient.

The recipient uses a copy of the same one-time pad to subtract the numbers from each total, decoding the message.

Sender and recipient need identical copies of the pad, and if they use the same string of numbers for multiple messages, an eavesdropper can start gathering enough data points to break the code. If the parties run out of sheets, they’re silenced.

Cold War operatives needed to be resupplied with new pads that matched the ones their handlers had. It was risky, and not practical to do at scale.

QEYnet’s plan is to make a 2020s version of one-time pads scalable and easy to transmit, using quantum key distribution. This is different from quantum computing, though it uses some of the same weird physics properties of subatomic particles to send encryption instructions with strings of photons, the massless particles that make up light.

Observing photons changes them. They’re not like tennis balls, which fly the same whether anybody is watching them or not. A sophisticated sensor can tell if a photon has been observed during its journey.

That quality is what QEYnet depends on. Its keys, sent as long strings of photons, can be intercepted—but users will be able to tell if that has happened, and will know not to use those keys to encrypt anything.

“You can guarantee that nobody eavesdropped on your communication,” Grant said.

The photon strings don’t contain the actual credit-card information or sensitive message. The photons carry the rules for encrypting the secrets—for setting up a digital one-time pad. Once enciphered, the parties’ actual content can be transmitted over a regular internet connection.

The 11 people at QEYnet—including Grant, an engineer who maintains another full-time job at aerospace company Rocket Lab; and chief scientist Thomas Jennewein, a quantum pioneer who spent more than 15 years at the University of Waterloo—have been bootstrapping the company since 2016, inching toward demonstrating their technology in the real world. Or, rather, off it.

As cool as the quantum physics are, they come with problems. Photons can travel over fibre-optic cables, but not over great distances if the characteristics of individual photons matter.

“As good as optical fibres are, the losses add up when you’re at the single-photon level, and beyond a couple of hundred kilometres at most, it just becomes impractical,” Grant said. “That’s where satellites come in.”

A satellite can receive a key as it passes a sender and beam it back down as it passes over a receiver, slashing the distance the photons need to cover. The beams will “lose” some photons in the atmosphere, passing to and from a satellite 500 or 600 kilometres up, but not enough to be a problem, Grant said.

For QEYnet—and the Canadian Space Agency—satellites and unmanned spacecraft aren’t only transmitters of keys, but users of them.

Satellites can be launched with electronic versions of one-time pads, but only so many. Once a satellite is up, it’s like a spy behind enemy lines who can never get new sheets.

“If ever you had reason to believe your communications might be compromised, you’d swap the key. Well, in that concept, the number of keys is limited, and so it’s a constraint,” said Melanson.

If a satellite uses conventional algorithms for encryption and they’re cracked, its operators are in trouble then, too.

“The answer in the industry has just been, ‘We’re going to program those keys before launch, and we’re going to hope for the best,’” Grant said. “I don’t think that that position is tenable for very much longer, and maybe is already not tenable.”

If the demonstration goes well, QEYnet aims to make the commercial version of its technology compact and affordable, as space-based technology goes—Grant is cagey about exact numbers, but said a unit should be in the hundreds of thousands of dollars, in keeping with the price of a precision satellite component.

“Our goal is really like the Starlink approach to satellites, to try to build manufacturable satellites that are going to be far more cost-effective than some satellites of our competitors,” he said.