This website stores data such as cookies to enable essential site functionality, as well as marketing, personalization, and analytics. You may change your settings at any time or accept the default settings. View our Privacy Policy to read more.


Introducing QuantumCloud™

QuantumCloud™ enables organisations to simplify and strengthen their encryption on a global basis, appliance-free. You can move from a complex PKI infrastructure, and the need to trust third parties, to an encryption platform designed for the cloud and a world of connected devices.

  • Step 01

    Registering and provisioning a new device

    All endpoints that use QuantumCloud™ must be registered and provisioned, meaning they are known to QuantumCloud™ and have been given the correct permissions to use its services. Registration relies on the secure delivery of a root key, which we call the bootstrap key, to every device. This can be done manually or over-the-air. Once the bootstrap key is installed a device registers with QuantumCloud™ via a simple API call.

  • Step 02


    Once an endpoint has its bootstrap key it can authenticate with QuantumCloud™. We use a zero-trust approach that requires an endpoint to re-authenticate every time and whose permissions are validated in real-time. We use a strong, symmetric form of authentication that’s quantum safe and preserves forward secrecy due to our novel ratcheting process that transforms the key every time an endpoint authenticates.

  • Step 03

    Symmetric key agreement

    When two or more devices want to create a symmetric key they first authenticate and establish a quantum-safe tunnel with the QuantumCloud™ cloud service. Each endpoint then takes part in a novel protocol to receive high-quality key material from QuantumCloud™ over the quantum-safe link. This key material is shared with other endpoints and is used to synthesize the final key in a way that isn't known to QuantumCloud™, meaning the cloud service never knows or stores the final key. This shared symmetric key can now be used in many ways to secure the data passing between endpoints, e.g. in an IPsec tunnel, or at the application level to encrypt data with AES.

  • Step 04

    Manage your network

    QuantumCloud™ lets you control which devices have access to your network and manage permissions across endpoints and users. This ensures full control over your private network, stopping malicious or compromised devices from gaining access to privileged information. Devices can be logically separated into groups to ease management and treat similar devices in the same way.

  • Step 05

    Symmetric encryption

    The symmetric keys are used inside that algorithm to now encrypt and decrypt data which is shared across the internet. We prefer AES256 but any other symmetric cipher will work. There are many sovereign ciphers in use with governments around the world and new algorithms to come, but Arqit is not opinionated about which algorithm we use as long as it's secure.

  • Step 06

    The result

    What we have now is a situation where any group of devices, from the tiniest of IoT sensors to the largest of systems, can create and use symmetric encryption across the public internet to generate security which is zero trust and computationally secure.

Product Features

Why QuantumCloud™?

  1. 01Easy to implement

    QuantumCloud™ is easy to implement with globally standardised and validated algorithms (e.g. AES256) and can be used together with existing Public Key Cryptography.

  2. 02Lightweight cryptography

    QuantumCloud™ uses only symmetric cryptography for authentication and key agreement making it extremely fast and efficient, meaning it works well on devices of any size.

  3. 03Policy enforcement

    With QuantumCloud™ it is easy to add and delete devices from a network and control which devices can speak to each other through security policy.

  4. 04Symmetric keys

    QuantumCloud™ uses cloud-based symmetric key agreement to keep your information absolutely safer.