Episode 140: Adaptable Cryptography with Yoon Auh

Show Notes

In Episode 140, Patrick and Ciprian are joined by Yoon Auh, founder of NUTS Technologies & BOLTS Technologies. The team discuss the unique approach to cryptography designed to future-proof data against quantum threats. Discover how his protocols enable dynamic encryption, adapting to evolving security needs. This conversation highlights the urgency of innovation and the strategic role of adaptable cryptography in today's rapidly changing landscape.

Transcript

SPEAKER_03 0:40

Hey Tiffreen, how are you doing?

SPEAKER_01 0:42

Hey Patrick, I'm doing well looking forward to another great episode of Entangle Things.

SPEAKER_03 0:47

Yes, this is a timely one. So we're joined by Yoon. Yoon, do you mind introducing yourself to our audience?

SPEAKER_02 0:53

Sure. I'm Yoon Al, and I'm the founder of uh two companies, Nuts Technologies and Boltz Technologies. Um we deal with applied cryptography and delivering cryptography where it's needed, when it's needed.

SPEAKER_03 1:07

So we've talked before. Um this is about handling, and correct me if I'm wrong, this is about handling the transition of encryption types because we haven't had to do that in decades. We haven't had to fundamentally change from RSA, elliptical curve. Those have been around for a long time. But now, because of post-quantum cryptography, because of Q Day, people have to migrate to a new encryption. And I I think your philosophy, if I'm reading it correctly, is why would you do that in a way that makes it inflexible in the future when you can do it in a way that makes it flexible so you could change every month if you had to? Because we don't know what quantum's gonna bring and what threats, which which NIST protocols are gonna get debunked or or or hurt. Does that sum it up a little bit?

SPEAKER_02 1:56

That is correct. That that is the gist of what we do. And um our approach really came from not even, you know, I I don't think we were smart enough to even um anticipate this quantum problem. Um when I started on this project back in 2013, my main problem was the incompatibilities and the lack of interoperable um things that you could have from just even like products that say that um they are AES 256 compatible. Um when you even have uh two products like that, they don't even talk to each other out of the box. You have to actually have a consulting company or integration effort that makes those two things talk. Because unbeknownst to you know people who don't dabble in the actual cryptography of uh you know encrypting data, AES, the family of AES algorithms come in almost innumerable variants based upon what parameters you pick, right? And we we all know about the three key sizes, like 128, you know, 192, and 256. But there's like five or six other critical parameters you have to pick. And when you talk to two different applied cryptographers, they will have varying opinions, very, very passionate, about which ones they feel are better and why they don't want to use the other one and things like that, right? And so so it's like those are the hidden garbage and and and details of of cryptography, and that's not really delved into too much at all, and that causes a lot of problems programmatically. And um and that's the problem that we were solving is how do you how do you create a API and a library set and encapsulate data in such a way that the encrypted or digital signature stuff that you're doing are compatible to one another without all of these manual adjustments and and configurations.

SPEAKER_03 4:04

So we saw very similar effort that was very successful with XML, where data could be moved from one place to another and it was self-describing. And it's that's that's what your technology is accomplished.

SPEAKER_02 4:19

We're doing self-describing at the message level for the cryptography that was used on that message. Now, we have you know um JWE and all of those stuff, but I think they're still very primitive. What we do is we allow for the sequencing and um multiple operations on that same message, which you would typically do um in a program that uses cryptography. So um, and then what the other unique thing that we do is um in this, we we call it a transmutation command set where we normalized um data transformation commands along with applied cryptographic commands. And as far as we know, that's never been done in one command set, right? And that is the essence of most cryptographers' jobs.

SPEAKER_05 5:16

Yeah.

SPEAKER_02 5:17

Is you go into code and then you go, hey, how do I massage the data so that I can prepare it middleware to be encrypted or signed, you know, and stored. Um and then and then they gotta do the flip side, right? They gotta do the write routine, which is how do I turn that into something encryptable? And then on the on the flip side, you gotta do, you gotta do the read side, right? You gotta say, how do I take the encrypted data, what did I use, and um what were the parameters, and you can do it the reverse process. And you know how many errors happen between developing those read and write pairs, right? So what we did was we said, if we had these simple, normalized transmutation command set that describes what you do to data in order to take it from a data structure in memory all the way to encrypted message, um, you know, why don't we just run the whole thing backwards? That way you only have to do the right part of the application, right?

SPEAKER_05 6:18

Right.

SPEAKER_02 6:18

So you say this is the one way of creating the message, and then when you receive the message, you go run it backwards. And that that that is an area that's called reversible computing. And that was developed by I IBM researchers maybe, you know, forty, fifty years ago, and and they did that for the purposes of there was a theory that all of computing, the heat generated from computer chips when they're running comes from changing data. And um they they were trying to figure out if they could do reversible computing, can you actually conserve the heat, you know, and and reduce the heat. And I I thought it was very interesting, but the one practical thing out of I got out of that research paper was that you know, they have this concept of reversible computing languages, and we took that idea and transformed it for a very, very specific and small use case, which is the transformation and encryption of messages. And uh within that small context, it's a very well-defined problem. It's not a uh so when you go into reversible computing, you got major problems if you talk about the types of instructions you could have in a computing language, uh, and it gets very, very messy. Uh but in a in a tight set of data transformation and applied uh applied cryptographic functions, that uh universe shrinks drastically, and it's a very closed system, and we could control it better. Um and so that's the essence of what we do, which is compact language called transputation uh commands, and the ability to encapsulate that alongside the message you just created.

SPEAKER_03 8:14

And that gives you encryption at rest. Because you encapsulate the the object.

SPEAKER_02 8:19

That's a great thing because you're you're bringing up something that's critical to what we did was we saw incompatibilities, interoperability problems. The the you know, one question was where do you put these parameters that you chose? Right? And if you've ever programmed, it starts as a global variable or some configuration setting, it goes into a you know a CFG file or some text file, then it ends up in being some database or the worst case, worst case is hard-coded, right?

unknown 8:49

Yeah.

SPEAKER_02 8:50

He said, shove this all into the actual transmutation command set and put it alongside the message you just created, that becomes the message, right? And what that does is that we unify data at rest and data in transit modes of applying cryptography to data. And and so that sounds kind of a weird thing for people who don't know the uh cybersecurity landscape, but in cybersecurity, when somebody says, Hey, I need this data to be encrypted, applied cryptography teams, the first question they're gonna ask is, is that in transit or is that at rest? That's right, right? Because they have two totally different ways of approaching it, totally different sets of tools to use. And we said that's stupid, right? That's like, why are you doing two twice the amount of work? And then um, when you want to take data at rest and move it, a lot of times they won't just move it because it's not in the right format to be moved. You know, because if you move it, you you're implying that the recipient knows how to process that data, and that may not be necessarily true. So what happens a lot of times is the data gets decrypted by another program, re-encrypted for transit, and then on the other side, another process encrypts it in the system that they know how to uh encrypt and decrypt um data at rest. So that's a major amount of work. There's a lot of uh transformations going on, and then what we consider is that the transformation points, both at the sending part and the recipient part, they are cybersecurity weaknesses that you're introducing. Right? So anytime you have secret data and you have a process that decrypts it or re-encrypts it to something else, um, you know, you're you're just you're you're introducing slowness, uh, inefficiencies, and possible vulnerabilities uh to your sensitive information. So we wanted to just remove that. So with our um we we call this technically we call this structured data folding with transmutations, and for our bolts technologies effort, we've we've ref rebranded it as QFlex. Apparently, my team did not like SDFT as a popular thing. So they they said we need something that rolls a little better, and we called it QFlex. And um, and so that's what we did was we we did we created this protocol. It's good for both messages and transit and data to be saved on your long-term storage and persistent storage. And persistent storage, I believe, is where the real problems, the longer-term problems, are going to be. So if you look at data encryption systems that deal with massive amounts of stored data, um there is no standards, there are no compatibilities, everybody has their own systems.

SPEAKER_03 11:57

Well, and things change over time.

SPEAKER_02 11:59

Key sizes over time, um, that requires massive amounts of downtime to upgrade and and re-encrypt stuff.

SPEAKER_03 12:07

And in our debt.

SPEAKER_02 12:10

Absolutely. And and for us, it's like if you do it on an object basis, which is a file, um, it's self-describing. So you could just, upon somebody touching it, it'll it'll re-encrypt itself, right? And then um, and then others, you could just do it periodically with a like a spider program in the background, right? And then just touch things along the way, and it'll just do it incrementally. So it's built for the dynamic nature of uh data lifecycle, right? That it doesn't end with one uh state being re-reached, that state may continually change upon different requirements.

SPEAKER_03 12:46

Right. So there's a lot of talk about Q day, and we've covered it here before and talked about it before, and post-quantum cryptography, quantum safe. There's lots of different words for it. And I imagine that this it's causing a lot of agita in places because one organizations don't even know where they're using different types of encryption. They don't have they need an audit. They need uh and and we talk to people at IBM and others. Is i is there a consulting phase to figure out where they're using encryption? How how does this get rolled out? Is it is it a big lift?

SPEAKER_02 13:22

It's a huge lift because we've had the luxury of using a handful of algorithms for nearly 50 years.

SPEAKER_05 13:30

Right.

SPEAKER_02 13:31

Um I I think that's a very unusual thing that's happened because uh in the earlier times, like in the 70s, 80s, 90s, I think you will see that cryptography changed quite rapidly. Right as as as microprocessors increased in their uh capabilities and speed and memory, um, we changed cryptography quite often. And um and and but that was lost as soon as we reached AES and a certain you know chip level um and and RSA and and ECC, I think people settled on, hey, you know, this stuff seems pretty good, everybody start using it, and now it's all over the place. And and the world, the digital world, on the value that it holds in terms of information, from the year 2000 to now, I think we could all agree that it is exponentially greater in terms of the amount of data that's that's exposable and that's been collected. So the um, you know, the the debt is huge. The the thing to change is is just monster. And the changes that we may have had to do back in year 2000 no longer even applies now because there's so much work to be done. And I think that's where the problems are, is that we've been so accustomed to this method that everybody and anybody had to use some variant of it when they want to build secure systems. So it's it's ingrained everywhere, right? And and um that is a national standard. The Department of Commerce's NIST, the National Institute of Standards and Technology, has enjoyed um sort of this figurehead and authority position around the world uh because they developed the experts and the methodologies to evaluate and and analyze cryptography. And they were at the top of this food chain of cryptography for the last like 30, 40 years, easily. The entire world follows these standards, and now it's about to change in a dramatic way, yeah, right? Because a lot of things have happened during that time. I mean, if you remember the court cases of the PGP uh, you know, being public and not, you know, and and and and the government kind of losing that case, then you also go to the cases of uh the Clippert chip, right? And um you look at kind of uh interference by government to try and get ahead and get a peek at everybody's stuff. It did not do anything to gain trust in whatever we say as a country and as a as an agency that says that wink wink, whatever we say is a standard is good for everybody, right? So it kind of like everybody starts taking a step back. And you'll see the evidence of this because China and South Korea have each declared that they've set up their own post-quantum cryptography standards agencies, uh, which is parallel to the NISD's PQC standards agency, right? Uh department. And uh and then you have some European countries taking a look at that as well. I mean, you know, what do we do with the remember the uh the revelations of Merkel's conversations being recorded and you know, whatever? It didn't engender a lot of trust. So they're also thinking about putting in different departments or taking on the responsibility of having their own PQC standards. And as I mentioned, with just like with AES, standards on uh from PQC may be that we're using the same algos, but they're picking different parameter sets. Right. That's all that means, right? And sometimes they'll change the algo a little bit, but um you know, these days, uh cryptographic methods are generally free. Um, they're generally not created by one or two individuals, they're a group effort across the world. Um, you'll see evidence of it if you take a look at who's behind these first three NIST PQC standards. There are groups of academics, corporate experts, and scientists behind it. So it's no longer an individual effort, it's generally available to the public. And, you know, the old saying is right now I think cryptography is like a dime a dozen, right? You will find new cryptography when you need it. There's many different approaches. Um but here's the here's the problem. Like I think you going back to what you just said, we've enjoyed this period of a handful of cryptography for decades, serious road testing, right? Enough road testing that people say, hey, you know what? I think it's pretty safe, right?

SPEAKER_03 18:38

Um and it has been.

SPEAKER_02 18:40

Yes. And all of these PQC algos, no road testing. These are brand new tires you're putting on that on that car. And uh how do you figure out whether it's really safe? Right? I think that's a central problem. One thing that's not really mentioned a lot is that I think in in all of cryptography, there's only been one provably secure cipher. And what I mean by provably secure is management.

SPEAKER_03 19:11

The one-time pad, I think, is what you're talking about.

SPEAKER_02 19:13

The one-time pad is the only algorithm that has a mathematical proof that it is secure. But for digital commerce, it's virtually useless. And so they don't really use it. Um you've seen variants of it in these uh apocalyptic war movies, right, where they crack open the code and and you gotta have a physical thing, right?

SPEAKER_05 19:37

And and check the number. Yeah.

SPEAKER_02 19:39

Yeah. Um but um, you know, I I think the if you look at the flip side of that statement, that there's only been one time pad is the only one that's provably secure, what it says is all the rest are guesses.

SPEAKER_03 19:54

Yeah.

SPEAKER_02 19:55

Including stuff that we've been using.

SPEAKER_03 19:57

So Cyprian and I have discussed in the past if Shore hadn't come up with his algorithm when he did, if instead he came came up with it in 2032 and there were already sufficiently powerful quantum computers to leverage it, it would have been a very different story. Absolutely. And we're we're one math breakthrough or one realization or one AI, you know, step function away from, oh, we thought this was secure and it's not. Right. And so I think the flexibility that you're talking about is is pretty critical.

SPEAKER_02 20:32

Yeah, so you know, that's where uh this comes in, is that when we um we developed this technology in the pursuit of creating better encapsulated protection for data, and we call we developed it in Nuts Technologies, that's a company that we formed for it. Uh, we used this SDFT QFlex protocol to create very complex data structures to store and protect um unstructured data. Um and then we saw this um NIST uh grant program, which is a SIBR grant, SBIR.

SPEAKER_03 21:10

I know the SIBR program very well.

SPEAKER_02 21:12

Right, that's a federal thing where they uh it's called Small Business Innovation Research Grants. And the NIST as an organization covers most of the foundational uh scientific fields, right? From from measurements all the way to chemicals to cryptography. And um they they give out about 10 or 12 of these across all of their science science fields. And um we happened to put one in uh and we got selected for in 2024.

SPEAKER_05 21:42

Cool.

SPEAKER_02 21:43

We got you know, here's here's some money, you got a six month project. We'd like to see what you proposed. And what we proposed was that we said we realized that you guys are saying that there's a uh PQC transition problem, right? How do you equip Coordinate all these transitions across all of these systems and all these commercial and government vendors.

SPEAKER_03 22:05

The heavy lift we talked about.

SPEAKER_02 22:06

Right. And uh and we said, you know what, if you're gonna go through the pains of doing this once, why don't we just do it in such a way that it never gives us that problem again for transition? And we have a protocol that allows you to change cryptography per message if you wanted to. And um therefore, theoretically, it's so granular, you can never have this transition problem again. We could transition on uh every message. And they selected us and and we actually were overseen by um one of the leaders of the uh PQC selection committee. Um and um I asked him, I said, Hey, you know, uh you must get a lot of uh proposals. Why did you pick us? And he said, you know, it was very interesting because we were kind of we didn't know if this was even possible to this extent and we wanted to see it. Now the the the difference in our proposal for SIBR phase one projects is that if you're familiar with the SIBR program, simp phase one program projects uh any last anywhere from three to six months and the end product is usually a research paper or PowerPoint. Okay, there is no work being done except thought process and and and maybe some prototypes that you do. Right. But it may or may not be uh real. Um what we told him in our server phase one proposal, we said, we actually have this working, and uh what we'd like to do for you is prove by taking your PQC candidate algos at any standards that you've come out with, incorporate it into our QFlex library, and show you and prove to you that we could change cryptography per message, including all your PQC variants. And so it's a very different type of phase one where we're actually producing phase two like work, right?

SPEAKER_05 24:19

Right.

SPEAKER_02 24:20

Uh so for them I think it was a great bargain, right? They're like, oh, these fools are willing to do the work for phase one money.

SPEAKER_03 24:27

And they and they don't give you a ton of money, but they gave you some so you could actually do something you had to do anyways.

SPEAKER_02 24:33

Yeah, I mean, you know, it was a$100,000 check, so that's great, right? Um uh, you know, it I I don't think it pays for the work, but it's it's a nice recognition.

SPEAKER_03 24:42

Yeah.

SPEAKER_02 24:43

And um it's a nice it's like a nice tax refund, right? But anyway.

SPEAKER_03 24:48

So Cyprian, you know, you you're a great representative of somebody who's not based in the United States. I'm not sure of you, and but I'm sure many of our audience haven't heard of the SIPR program. The SIBR program is the government's attempt to, the U.S. government's attempt to find technical solutions to problems that they've found or anticipate. Kind of like if you know about um DARPA, it's kind of like a low, low version of DARPA. So if I'm in uh you know a colonel in the Army and I can say, you know what, I got this problem, I need a a portable, you know, shed that is like uh like radio frequency blocking. And somebody might say, hey, I got an idea about using a refracting paint, and I can make a shed for you, you know, in the field really quickly. And and they fund this, but the a big part of it is they want it to be both for the military purpose but also commercial. So a company like you know, nuts and bolts, they they that's perfect for them because they want to see that money they spend also benefiting the commercial market and driving the economy. I don't know. Have you ever heard of that, Cyprian?

SPEAKER_01 25:53

Yeah, yeah. Actually, I I I did. But there's there's one thing that that I I like to bring up when we when we do this discussion, so I really want to get your perspective on it. Like we understand very well the challenges and the complexity, right? What do you see as being the level of perception and understanding um out there, like in various organizations, in various kind of uh structures out there? Because what we are seeing is that in some cases they are aware and they're taking steps. In some cases, they currently don't care because they think, oh, the quantum threat is not that close. So, what do you see out there in terms of is there like a sense of urgency for folks, or it's something that they still think they have enough time to address? And I'm talking obviously about the transition because I love what you are talking about. Having a solution that will prevent the problem in the future is probably a solution worth having, yeah, instead of just going because I've seen a lot of talks also, unfortunately, about let's do like a big bang transition from whatever we have today to something else, which will essentially just put us maybe 20 years from now into the exact same position.

SPEAKER_02 27:14

Right.

SPEAKER_01 27:15

Exactly.

SPEAKER_02 27:15

It's it's you know what you're saying is the equivalent of taking NyQuil for a flu, right? You're you're you're treating the symptom rather than the cause, right? And and and and so I think there's a difference in in how we approach the problem. In terms of what we see out there, it's like it's like politics, right? There's like there's like there's conservative and there's like you know, the other side, right? And and the it's very few uh are in the in the area where they're taking it very seriously, right? Um and in that area, I think some are motivated by doing the right thing, which is address the risk when you see it and when you know that it is theoretically possible and it's coming. And then there's others where it's mostly for like, you know, they want to run a business and grow a business in this area. Now we're kind of doing both in that we we happen to stumble on this particular solution not by design. We we were solving a t a very different problem. But towards the end of that NIST project, um the cryptographers overseeing the final report, they asked us, they said, hey, you know, this uh SDFT protocol, which we call QFlex now, might be a pretty good solution for blockchain. Have you taken a look at that? And we're we weren't really blockchain people, right? And and we said, oh, that sounds very interesting. Well, we will take a look at that. We did a little, you know, quick research, and it's like, oh my god, you know, a blockchain transaction is a uh is a QFlex message. And we could equivalent, you know, equate the two, and if we do it the right way, we will allow an architectural change within blockchains that they've never seen before or even thought it was possible, right? So even you know, I don't know what you've uh heard about blockchains, but blockchains is um decentralized and you know distributed, but they it is autocratic in a in a in a weird way when you think about what's the essence of blockchain that they're protecting, and it's the individual users' assets, which is just a number, right? And um, how do they protect it? That method of protection is dictated by whoever or what group governs that blockchain. And right now, 99% of all the value in blockchains is pretty much protected by one algorithm, elliptical curve.

SPEAKER_05 29:59

Elliptical curve, yeah.

SPEAKER_02 30:00

Right? So I'm like, my money, I want to choose my lock, and I can't. Right? I I that's uh so that's kind of absurd, right? It's like going back to high school when you could lock your locker with any lock as long as it's provided by the principal, right? Yeah, because he has the master key, right? So so I'm like, I'm like, we're still in the same like infantile boat, and it's like we gotta grow up, give that control back to the user or the wallet, so they could change dynamically, and blockchains are now forever future-proof if they put QFlex in there. And and so that is the proposal that we're putting out there because we think it is closer to the ethos of what blockchain was meant to do. And you know, if it's your asset, you should have the ability to choose the lock to secure it with. The flip side of that is that the blockchain is no longer liable for that choice. Think about that. So if you're running a blockchain as a private entity for a group of banks or financial institutions, that's uh, you know, that's mana from heaven, right? It's like it's like we don't want that liability, you know.

SPEAKER_04 31:15

Right.

SPEAKER_02 31:16

And and and so I think you know, there's a lot of benefits to this architectural change that we're proposing. And, you know, we've been talking to so many different types of um institutions relating to blockchains. Even we've been talking to firms like JP Morgan, DTCC, um, you know, uh layer one uh public permissionless blockchains like like the crypto guys, and uh and I gotta tell you, like like Bitcoin, Ethereum, Solana, they they're like um kind of disorganized. Um I mean Bitcoin is the most disorganized in terms of their governance structure is is almost like a shouting match. Um and then then you have organized ones where um like we're talking to Canton, and they're they're very precise, and and we actually found Canton is uh very forward-looking, and they realize this person that they've been working on it. And you know, when we met them, they already had a plan. Um and they said, you know, well, what do you what do you have to offer? We already have a team and we have a plan. And we showed them our demonstration and what we actually do. And you know, they said, hey, uh, that's actually very logical, and we like that. Um and and the you know, they somebody mentioned, like, oh, I think we could get our cryptography team to implement that in uh in like three or four months. And I'm like, yeah, but that's why we're talking to you about it, because um you can't just do that. They're like, why not? And I'm like, because we just we happen to have like over 30 patents around the world on it. So we want to help you work with us, and uh, I think we could negotiate something where you know uh we will meet your criteria for for you know doing a pilot. And uh so that that's the other thing, uh, you know, is that because we did this work over 10 years ago, um, we have all we have all the patents. Yeah. You know, it's it's like uh so you know if you look at what just happened with Anthropic and their source code uh you know being released into the wild, yeah. They're going around um with DMCA protections, which is like very, very loose, right? It's uh the copyright protections. Uh what these guys did was they used probably Clawed to recode it into different languages. Yeah they're fighting their own invention, right? And and and now now they have copyright problems, and and and copyright does not protect against different versions of your creation, right? Yeah, um intellectual property under patents does, right? Because you have a much more powerful thing. And so we believe that we we ended up in a very superior position, um way ahead of the uh of anybody else, not by design, but by tackling the problem that we've seen for a long time and uh doing it what we think is the right way and in a in a in a permanent way. And um and then it it really took the NIST people to point it out to us, hey, you should look at blockchain. And we're like, yeah, how stupid are we, right? We should we should have been looking at that for a while, but we didn't. But we're playing catch up, and I think I think like the recent news from this week um from Google and the research and you know um Google changing their you know time horizon to 2029. I think that surprised everybody. Then they kind of um backed it up by saying, This is the recent research that we're seeing. Yeah, we need more people to prove it that it's true, but there's enough there that makes us scared and and we wanna we want to be more diligent. And I think that's freaking a lot of people out, especially in blockchains, right? They're they're like looking at it going, oh my god, you know, Google's not somebody who just you know randomly says things, so uh they gotta pay attention. Um and what what we're going out with is don't worry, the solution is there, it's just the will to do it. It's like, you know, I've had problems losing weight all my life, right? And I know what the solution is.

unknown 35:40

Yeah.

SPEAKER_02 35:41

It's just do I have the will to do anything about it, right? Besides take Ego Zempic, right? Um, but you know, I think that's that's where we are, is that we're gonna see major announcements every few months, uh, at least once or twice a year from different uh areas of research related to quantum computing advances. And um that's just a fact of high technology. It progresses rapidly, especially if the prize for getting there before anybody else is as immense as what quantum computing is promising.

SPEAKER_03 36:17

Agreed. So we've been at this for a while. We're coming down to the uh the end of our time. You've done a great job of elucidating uh your solution, and and and we all understand that's a problem. Is there anything else we should get in before we wrap up?

SPEAKER_02 36:32

Uh, you know, I I think it's a fascinating thing. I always like to um kind of give a little bit of a geopolitical technological spin on what I see is happening and why quantum advances will continue at a breakneck pace. Um we've enjoyed in the in the West, uh we've enjoyed this enormous uh control over semiconductor technology. And um anybody I I you know I I'm kind of surprised as well, is technology investors in in uh themselves sometimes lose this this kind of triad that's formed. At the top of that pyramid is um ASML, a Dutch company, right? They produce all the HEV machines, which these are the chip printers, right?

SPEAKER_03 37:24

The lithography machines, yeah.

SPEAKER_02 37:25

That's right. They're the only ones that produce that level of machinery for the entire world.

SPEAKER_03 37:31

Right.

SPEAKER_02 37:31

Um and they sell mainly those high-end machines to only two companies, Intel and TSMC. So they form the triad of nearly all high-end processors around the world and all our devices, right? Um it's pretty much Western controlled. ASML is not going to be allowed to sell their most uh sophisticated printers to China or Russia, guaranteed, especially not Iran, right? And and so that is what is at risk. Whichever country comes up with the ability to mass produce advanced quantum computers may actually achieve that kind of you know dominance and kind of market control over the entire world, right? And and that is a significant risk, and that's why there's so much money being thrown into by each country that's capable of doing that into quantum computing. Yeah it is and and what's at stake. And and I think that's kind of lost on people that this is what exists, and that's what we're trying to create. Everyone's trying to create in the quantum world is their own dominance. And it could be significant, you know, and and um I I think it's a huge risk, and I I think the money being spent is probably not enough. They should put more into it. Um because you you need you need and and but the progress is significant, right? It's it's uh it's people are making progress uh you know left and right. Very quick. And and now we know the reason why it's moving quick. Uh part of the reason is that there's this huge thing at risk.

SPEAKER_03 39:16

Yeah. So it's been a great conversation. Um, you know, you you you made it easy because you had you know answers for everything. Uh hopefully we'll see you back on the show and thank you for joining us.

SPEAKER_02 39:27

Thank you for having me. Very nice to meet you guys. Yep. Thank you. It's been a pleasure. Okay.

SPEAKER_03 39:32

Thanks everybody. We'll see you next time. Bye.

SPEAKER_02 39:34

Bye.

SPEAKER_00 39:34

Bye. Cybercrime is one of the biggest threats to businesses of all sizes and industries. With almost half a million open cyber positions, the problem is compounded by the lack of available talent in the marketplace. At Pulsar Security, our elite team of highly credentialed experts collaborate with you to assess your current defenses and develop solutions tailored to your specific needs. With services ranging from cybersecurity education to advanced penetration testing and red teaming, you can start reducing your risks today. Visit PulsarSecurity.com and let's secure your digital future together.