QWERX Says Their Device Is Already Quantum-Proof: Is Chaotic Encryption the Answer We've Been Waitin

[SharpLantern]

While most of the quantum security industry is focused on transitioning to NIST's post-quantum cryptography standards over the next several years, a cybersecurity company called QWERX is claiming they've already solved the problem with a fundamentally different approach.

QWERX specialises in secure device authentication and machine identity management. Their core claim is that they use chaotically generated quantum-proof encryption combined with ephemeral symmetric keys to prevent unauthorised access to protected networks. The CEO was interviewed by Quartz this week discussing their new quantum-proof device and the thinking behind it.

The approach is worth understanding because it's architecturally different from the NIST post-quantum cryptography path that IBM, Cloudflare and Signal are all following. NIST's approach replaces vulnerable public key algorithms like RSA and elliptic curve cryptography with new mathematical problems that quantum computers would struggle to solve. QWERX's approach sidesteps public key cryptography almost entirely by using symmetric keys that are generated chaotically and are ephemeral, meaning they exist only for the duration of a single session and are never stored or reused.

The logic is elegant. Harvest now decrypt later attacks work because the encrypted data persists. If an adversary intercepts your RSA-encrypted communication and stores it, they can decrypt it later when quantum computers arrive. If your encryption uses ephemeral symmetric keys that are generated fresh each session and immediately discarded after use, there is nothing persistent to harvest. You cannot decrypt later what was never stored.

Symmetric encryption using algorithms like AES-256 is already considered relatively quantum-resistant by NIST. The vulnerability in current systems is the key exchange process, which uses public key cryptography. QWERX appears to be attacking that specific vulnerability by removing the public key exchange entirely and replacing it with chaotically generated symmetric keys.

The questions worth asking: How do two devices agree on the same chaotically generated key without that agreement process being interceptable? What does chaotically generated mean precisely in a cryptographic context and is it peer-reviewed randomness or marketing language? Has the approach been independently audited and does it hold up against non-quantum attacks as well as quantum ones? Is it practical at enterprise scale or does it work only for specific device-to-device authentication scenarios?

The quantum security market is growing at nearly 40 percent annually and is projected to reach $4.6 billion by 2030. Every company in this space has an incentive to claim their approach is the right one. That doesn't make QWERX wrong but it does mean the claims deserve scrutiny alongside the genuine interest.

https://qz.com/qwerx-ceo-on-cyber-firms-new-quantum-proof-device

https://m.youtube.com/watch?v=kxFEZNMBqMU