Podcast | Securing Systems with Blockchain and Post-Quantum Cryptography — with Naoris Protocol Imagine a mesh network of AI-powered nodes that could validate the security of your organisation’s systems and applications. It’s a clever use of blockchain to add security to real-world devices, and, best of all, it will feature post-quantum cryptography. How soon will this technology simplify security for businesses and governments worldwide? And might this kind of approach even prevent killer robots? Join host Konstantinos Karagiannis for a chat with David Carvalho and David Holtzman about Naoris Protocol.Guests: David Carvalho and David Holtzman from Naoris Protocol Topics Digital Transformation Artificial Intelligence The Post-Quantum World on Apple Podcasts Quantum computing capabilities are exploding, causing disruption and opportunities, but many technology and business leaders don’t understand the impact quantum will have on their business. Protiviti is helping organisations get post-quantum ready. In our bi-weekly podcast series, The Post-Quantum World, Protiviti Associate Director and host Konstantinos Karagiannis is joined by quantum computing experts to discuss hot topics in quantum computing, including the business impact, benefits and threats of this exciting new capability. Subscribe Read transcript + David Carvalho: We have a decentralised physical infrastructure AI that’s on the whole environment or in a collection of environments, learning and improving. All that data is written to the chain and protected at post-quantum level. Even if your systems are not at post-quantum level, the truth about them is.Konstantinos Karagiannis: Imagine a mesh network of AI-powered nodes that could validate the security of your organisation’s systems and applications. It’s a clever use of blockchain to add security to real-world devices. Best of all, it will feature post-quantum cryptography.Learn how this technology could simplify security and if it may even prevent killer robots in this episode of The Post-Quantum World. I’m your host, Konstantinos Karagiannis. I lead Quantum Computing Services at Protiviti, where we are helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era.Our guests today are bringing the Naoris Protocol to the world. We have David Carvalho, the founder, who was an ethical hacker for 20 years. I put in some decades doing that as well. We have David Holtzman, chief strategy officer, who created a little something called DNS you might have heard of and worked at the NSA and IBM. Welcome, guys.David Carvalho: Thank you. Glad to be here.Konstantinos Karagiannis: Great. You guys both know a lot about information security, and you’re working at the intersection of AI, blockchain and post-quantum security. We’ll touch on all that. This is The Post-Quantum World, so we will have to say a few things about the PQC aspects. We’ll get to all that. But first, David C., let’s start with what the Naoris Protocol is at a high level.David Carvalho: The Naoris Protocol has the objective of taking away the single-point-of-failure principle — that every device, every application, every system, every server is a single point of failure from a risk perspective, from a hacking perspective, from a tampering perspective to everything it is connected to everywhere in the world for everything. Decentralisation comes in, and that was an obvious marriage for us. Bringing in technologies like DLT, blockchain, cybersecurity together, some of the most mature ideas in cybersecurity AI — and, in this case, post-quantum technologies — made a lot of sense to mitigate future threats and current threats.Our objective is to use blockchain technology to fix that problem, which is really nobody’s fault. That’s just how the internet’s made. But to create a baseline that ensures, in a highly cryptographical-resilient environment, trust and assurance across devices, across networks, backed by a decentralised group of validators, they’re what we call a decentralised proof-of-security consensus mechanism.In other words, it’s like creating a hive mind of systems checking each other, acting like watchdogs, making sure they’re all in a trusted state using very advanced mathematical algorithms that are very hard to break and therefore bring a lot of resilience to the space. The more it grows, the harder it is to break, while right now, the more it grows, the more points of failure you have. That’s our main initiative. Since then, we have branched into post-quantum capabilities, or quantum-safe, quantum-resistance capabilities, decentralised physical infrastructure in other areas.Konstantinos Karagiannis: For people listening who get the basic idea of blockchain down, in reality, you have a distributed ledger and this ability to check what transactions have occurred, and that’s how blockchain transactions occur. In this case, you have all these devices that now are a distributed mesh of devices that are aware of each other. If something bad is going on, the other ones could be, like, “We don’t trust you anymore.” Is that it in a high-level nutshell?David Carvalho: That’s right — even between networks that you don’t control. Let’s say you want to access an API you don’t control. How do you know that the system that contains the API, or the API itself, is not tampered with? If it is, you probably don’t want its data. What you said is right, except the blockchains pretty much operate under a principle that very much focuses on smart contracts and crypto. The environment that it operates on is about 0.5% of the world economy: The cryptographic space, or the crypto space — DeFi and so on in blockchains, in this case — it’s about bringing blockchain to the real world. It’s about bringing blockchain to enhance the baseline, let’s say, create security and assurance and resilience by default in existing centralised spaces, thereby decentralising their capability to trust each other.Konstantinos Karagiannis: Before we dig into that, David H., you have been involved in traditional security — Web 2, you could call it — over the years.David Carvalho: Web 1.Konstantinos Karagiannis: Web 1. What made you feel compelled to move into this new approach?David Holtzman: As soon as I heard about it, I was excited because philosophically, I’m kind of an anarchist at heart, and I’ve always been very concerned about any centralised authentication mechanisms. I’ve been doing this for 35 years, and it seems that the internet started off more or less decentralised. As commercial entities got in, they kept trying to centralise it, usually under the guise of authentication, and then cryptographic authentication.The problem with that is, it leads to monopolistic behavior. I was in a company that was a monopoly: Network Solutions. We had the contract for the entire Domain Name System. Up until ’97, ’98, you couldn’t even sell a domain name unless you went through us. Now, it’s ICANN, so it’s the same idea. I’m also worried about governments, and I like the idea of having a system where the way David’s designed it with the resolvers, they could be in a different network. You don’t really know what network they are. It’s very hard to corrupt any potential resolver.I’m really excited — David said this, and I want to stress this: With the conventional Web 2 kind of authentication, the more nodes you add, the weaker the network gets, the more vulnerable it gets. In this kind of setup, it’s the exact reverse, because now you have more resolvers and the network becomes more robust. If you look at data breaches today — I went back and looked the other day — almost every major data breach we name at a company like Equifax or AT&T, it really wasn’t them. It was a third party they hired for point of sale or credit cards or something, and it weakens the entire system. That’s why I’m excited by it.Konstantinos Karagiannis: Before we dig into some of the ways this works, because it’s a little hard to visualise — for me, it’s easy to visualise, but some people don’t really think about this stuff. I was involved in smart contracts early. I gave the first talk at DEF CON on how to hack that, back at DC 25. I’m interested in all that. But to take it to a quantum place, there were claims of quantum resistance that first caught my eye, and that’s why I wanted to have you guys on the show. Could you both take a stab at explaining how this is quantum-resistant and what ways that PQC aspect comes into this?David Carvalho: We started operating with a number of former NATO leaders that are operating, obviously, in the hardest-to-defend environments there are, and probably the most important targets under their supervision, let’s say. One of the interesting mandates they suggested for us was to bring a consensus mechanism up, which you call dPoSec — distributed proof of security — that uses post-quantum capabilities, post-quantum cryptography principles. That means the hashing, the keys, everything is following the best practice defined by NIST under one of the winners of the competition for the post-quantum algorithms that just finished recently —that was a multiyear competition.In this case, we worked together with various universities, both in the U.S. and in Europe, to do research around those and make it work. We wrote a paper, and we went to Cape Town in South Africa to present it. That was in October last year, but we were already working on that for about three years. As the time passed and we talked to the generals that are our advisers and so on across various countries in Europe, they kept saying every year, “This is a bigger and bigger problem, and we don’t know how to deal with it.”Obviously, if you look at the investment amounts that come into this — and I’m sure we’ll speak about this later — everybody that has critical data to protect in our mission-critical environments is very focused on that as one of the shiny objects incoming — we can see it coming. Post-quantum cryptography, for us, was obvious as a next step. Right now, we are in full production with a post-quantum chain that is the first one operating at that level, with about 7,000 transactions per second. It includes all the capabilities we said before: distributed computing, distributed processing under our protocol. It levels up blockchain to the next cryptographic level, but it also levels up centralised machines to the next trust level.The protocol supports distributed computing and distributed storage. It doesn’t matter if you have one of these or a server or a Raspberry PI or a $1 IoT device — it will probably be able to run a node, which is quite interesting because you can enforce things you can never enforce in IoT — and as you know, and they don’t have any enforcement over anything. That is exciting for us and our partners.Konstantinos Karagiannis: It’s lightweight, and this leveled-up quantum-resistant version, which is smaller, would that also be able to run on cell phones and things like that?David Carvalho: Absolutely — both at hardware level for key distribution and PKI, all the way to in-hardware security modules and so on, all the way to software level, very likely. If it is on a network that is discoverable, it will use computing power from other devices to, for example, derive keys and things like this, which is exciting because if it was only in one device, it probably wouldn’t be able to do anything with it.David Holtzman: It is very lightweight, and it’s highly portable, which is critical now because of all the IoT devices, none of which get any upgrades or maintenance, as far as I can tell.Konstantinos Karagiannis: With the quantum-resistant version, is the goal to make all the protocol devices be running that version going forward as a parallel of what we’re facing right now in InfoSec in general? Everyone wants to do this migration now to be compatible with the new NIST ciphers.David Carvalho: To tell the truth, we have been helped by NIST. About two weeks ago, they came out and said, “We have chosen the winner.” As they believe, like we believe, the intelligence spaces we’re connected to and militaries are connected to believe — as soon as you have a quantum computer with enough qubits or quantum singularity or call it whatever you want, in the short term, everything that’s secret is going to be broken by that actor. That includes blockchains, that includes RSA, AES — insert acronym here — any elliptic-curve-based cryptography, which is really everything.Then they said that it is going to be mandatory for any federal agency or entity, for example, in the U.S. to follow post-quantum principles across their infrastructure and their stack. There’s a big effort on that side. We know from other contacts we have that that’s going to be mandated under regulation as well for privacy reasons. For example, with quantum capabilities, a foreign actor or a state actor, as David was talking about, would be able to do aggressive attacks on anything and destroy privacy across the board for whole countries or the whole world at the same time.David Holtzman: We’ve talked to a lot of governments and government agencies, and one of the things they’re afraid of — it’s probably not all that obvious, but it’s store-and-break stuff. When they’re dealing with government or military, it’s just as bad if they get broken two years from now or three years from now. The sooner they switch to this quantum-proof cryptography, the better they are because there’s a lot of hell to pay in the future at some point.Konstantinos Karagiannis: Yeah, the harvest-now, decrypt-later threat.David Carvalho: Yeah, which is funny because it almost makes the quantum stuff not matter and at the same time matter: It doesn’t matter if the quantum computer is here now or in two years or three. What matters is, the harvest now and decrypt later is going to happen, and in two years, your stuff’s going to be decrypted, and nobody changes keys. Whatever you have there in two years, you’re just going to have more.Konstantinos Karagiannis: Yeah — what’s the shelf life of your secret, and how important is it?Which of the finalists from NIST is in the quantum-resistant protocol you’re using?David Carvalho: It’s the Dilithium-based one.Konstantinos Karagiannis: You built the new version of the solution around that. You’re saying that that’s post-quantum, like other experimental post-quantum blockchains exist. Do you think this approach could be easily migrated out to the world? Right now, obviously, one of the biggest problems with blockchain is, so many of them are not post-quantum-safe. How are we going to make that switch? Do you have any thoughts about any way the rest of the industry can learn from this and start a migration in that sense?David Carvalho: That’s interesting. We’re talking to big players in the blockchain industry — I’m talking top 10 — about that problem because they see that. We have a number of potential solutions to that — for example, post-quantum roll-ups to quantum backups of chains and other things I cannot speak about right now, but they are quite exciting, and they’re logical. Nobody that has assets wants them at risk. That goes for the whole crypto world — the ETFs, the whole $116 trillion banking system we have, and so on and so forth. It doesn’t really matter if you’re in Web 2 or Web 3.The point is that it just makes sense to move into validation structures that, first of all, exist. In most cases, they don’t exist. If they exist, they exist centrally, which means they’re easily manipulatable. You cannot trust them for everything. I’m talking about, for example, SMTP, the Simple Mail Transfer Protocol: I send you an email, it’s plain text. Me and David were joking about that the other day. That’s been around for eons — technology eons. It needs a bridge with Web 3, in my opinion.There are lots of things that need a bridge for post-quantum, a bridge for decentralisation. Call it whatever you like — a transparent connection. They don’t need to be destroyed, because they’re important, but there needs to be a plug-in to something better that allows them to continue to live. Otherwise, it just gets worse.Like I said, people are aware that critical entities, highly regulated spaces, are where the quantum difficulty — and I’m sure they won’t talk about this — is no longer an innovation problem or is a theoretical problem. It’s an engineering problem. You just need to throw at it enough engineers and enough money, just like with the putting-a-man-on-the-Moon sort of thing, and it will be solved, and there’s constant innovations about that. Let me tell you, adversaries, be they who they are, they will want you to think nothing’s happening while they’re running.Konstantinos Karagiannis: What we’re protecting here right now, before the post-quantum is fully rolled out, is this validation or this proof of security, proof of integrity. These are the things you guys have called it. In the future, with quantum, we’ll also be protecting that because with a quantum computer, you’ll be able to attack in a system like this if it doesn’t have post-quantum, and then be able to tell the network, “Everything’s fine” because you’ll be able to manipulate the encryption.Let’s key in the audience on these proof of concepts. In Ethereum, there’s proof of stake, proof of work, those kinds of principles. Now, we have these proof-of-security things. Did you want to talk about how they’re similar, how they’re very different, to give everyone an idea of how it works?David Carvalho: In many ways, they’re similar. In other ways, they extend what exists to fundamentally new areas. The biggest difference, for example, compared to proof of stake, is that, of course, this is like a byzantine fault-tolerance system that is custom and it does all these things, but it does all these things not over a smart contract that has been called by a system with a key. It does all these things using smart contracts, maybe. But it does that over the systems themselves. The systems themselves, the data, the applications, the processes, the services, the operations, any digital proof you want to create of any digital process that’s running digitally on a server somewhere is actually provable and transparent if you want anywhere in the world for anybody.If you think about it, you’re really creating the capability for machines to trust each other and for you to trust the process you have no access to. It’s in a server. You might be consuming an API that belongs to someone else. But how do you know that the system that created the data, that sent the data to another system that consumed it and transformed it, and then send it to the system that has the API, how do you know they’re all trusted? You have no idea. Nobody has any idea. Nothing is measured. In the end, the objective was to create a hypermeasured environment that is incentivised. The participants, the nodes, the validators are incentivised to provide this service, this value to the world, that, if you think about it, is quite powerful. It changes how you deal with risk in, probably, other things as well.David Holtzman: That’s a good point. I used to run big data centers, and the metric I managed to was network uptime, 999.999, because it’s all we had. We could measure that, we could hire people, we could find people if they didn’t produce. But we’re now in a world where the measurement is based on security, and we have no idea how to measure that. When you talk to people who aren’t technical, they say, “Yes, I want security. Yes, I want privacy.” It’s binary — either you have it or you don’t. But as we all here know, it’s a continuum. This allows us to smoothly manage that continuum of what trust and security means.There’s an ancillary benefit from this — and this is getting a little futuristic — but we’re about to move into the era of semisentient software, or at least highly autonomous software. The way the Naoris Protocol is working fits that model a lot better. It’s not a human being–centric thing. A semiautonomous software entity could easily start talking that way and use relative trust.Konstantinos Karagiannis: It sounds like there’s some AI involved here. With traditional smart contracts, code is the law. Whatever conditionals they’re going to follow, they’re going to act on them in a Turing Complete fashion, even if it means you clean out billions of dollars in funds during an attack on the Dow or something like that. That’s brainless following of quote–unquote “logic.” But when you add AI into the mix, you can do a whole lot more, I’d imagine. What are these contracts doing? Let’s walk through a very simple example. It’s like a mesh of these nodes. Let’s say someone attacks one of them. What happens at that point?David Carvalho: It’s so interesting you asked this question because David was just talking about that, and you were also. It is a mesh, and there are smart contracts. However, our consensus mechanism allows us to do more than what David was saying. Uptime — let’s talk about blockchain validators. Every blockchain validator that exists is managed by one thing: Are you up? If the answer is yes, then validators are validating. That’s what they do. But you have no idea if it’s trusted, like an SMS relay. Of course, it’s a lot more complicated than that. But the point is, I have no idea if you can trust them. Sure, it’s decentralised. It’s much better.But, for example, one of the mandates we had from former NATO leaders to use these, for example, in defense environments, and to bring blockchain environments or decentralised systems to the real world was to make sure all the participants are in a trusted state. It sounds obvious, but that is not something that exists. We have to create the decentralised proof of security to ensure that so every participant that is in a green state or trusted state and maintaining their integrity and doing best practice and so on can validate and can participate.If somehow, as you say, one participant is hacked — something has been tampered with or its uptime is not good, or a number of other parameters that, by the way, are completely custom, and can be as complex or as simple as you want, which gives you a lot of use cases, are broken — it doesn’t participate. It cannot participate. You don’t want a malicious actor. It’s a lot harder for you to have a 51% attack and any other traditional issues you would have in blockchains. However, even if nothing of this was present — and I’m going to defend blockchains in general — this is already without anything, but you’re adding a lot more, it’s already exponentially better than what we have right now, which is, you hack one and, congratulations, after a while, you can exfiltrate data or ransomware, the whole thing, whatever you want, generally, if you’re a capable attacker.Konstantinos Karagiannis: Can you give us a real-world example of a customer, of how this was implemented and what particular way they chose? This could be flexible. You could be protecting IoT devices, like we talked about earlier. You could be defending just about anything. Can you give one example of how it was implemented and what happens at the end, to let everyone understand how AI comes in? Does it reach out to some centralised AI for a decision or something like that? David Carvalho: I’ll talk to you about that as well. There’s an AI system we have that’s called Swarm AI, and it’s a consensus-based AI ecosystem that basically gathers data and learns from edge computing. We wrote a paper as well with a couple of universities that got published and peer-reviewed in a nice journal in Germany about IoT some months back about exactly this and how it uses the consensus mechanism for that, and so on and so forth.I won’t go into details of clients, but I will tell you a real-world situation with the proper obfuscation points. You have an environment that has a collection of devices: You have routers, you have antennas, you have drones, you have 5G IoTs, you have servers in the cloud, you have virtual systems, you have dockers — you have all these things locally in the cloud as well. Your infrastructure is distributed around the world. Sounds like a normal company. A normal company is already decentralised — they just don’t know it. We’re allowing for them to actually leverage that capability to defend themselves.I cannot talk about real-world attacks and mitigation, for obvious reasons, but I can talk about examples of attacks we have done on infrastructures. I’m talking about an attack, for example, on a robotic arm that was in one of the company’s networks that is part of the whole mesh that is the company. This robotic arm was running an embedded Linux version. The piece of malware that was put there, we made it FUD, or fully undetectable, by using a decrypter for $0 — that’s how hard it is — that we got from the Dark Web randomly. We got various ones, but this one worked better. We tested it on VirusTotal, and, “There’s nothing here. Let’s try it.”There were a number of vulnerabilities on the box. We did some remote code execution, dropped the malware. We executed it with a remote timer in cron: “We’d better just change that.” It got executed, and the machine got tampered with. Obviously, the robotic arms started going crazy in the real world and trying to destroy the things around it. Systems that were, for example, on other continents that were part of the same peer-to-peer mesh, that knew how that system should look and should behave and so on and so forth, didn’t accept that change, so they acted on it. We had a smart contract that isolated that environment and didn’t want the potential threat, didn’t allow the potential threat to propagate, and allowed, for example, for forensics to happen.But we went a little bit further on the second level because we did this various times, and we created what we call backup nodes that are basically what they sound like: They are validated, trusted nodes that back up critical areas of data that you can define, like specific folders or whatever. If any of these things get tampered with, the system gets automatically reset and isolated under consensus and then turned on again.The robot was going crazy, and then, after a while, it’s checked again, rebooted and checked again to be in a good state. Everything that was malicious was substituted or deleted. The malicious files that were modified — that were malicious movements for the robot — were substituted with the original ones, and everything was back to normal. This happened in about two minutes. But the initial detection and reaction was like 10 milliseconds locally on the network. They detected it first, and then the global detection happened about one second later across all clouds.The Swarm AI has learned about this potential threat and what it does, and it shared that across the rest of the ecosystem. Say, if there was another similar system in a different country that potentially was using the protocol — potentially on a different network and potentially on a different company — they could be protected against that, even though they have no idea that that has happened somewhere else.One of the biggest issues we have, for example — and I’m going to focus on cyber, even though we’re getting into the world of decentralised infrastructure and decentralised physical infrastructure, DPN and things like this, I have no doubt this is going to be the biggest idea in blockchain in the next years — this is a DPN situation. We have a decentralised physical infrastructure AI that’s on the whole environment, or in a collection of environments, learning and improving. All that data is written to the chain and protected at the post-quantum level.Even if your systems are not at the post-quantum level — which they should be eventually into the future, with post-quantum keys securing like SSH and SSL and all these things — the truth about them is, you know what is instead of not knowing or guessing. Right now, the time for detection of any threat is about 279 days in the U.S. — the rest of the world is way more. In our case, that was reduced to 10 milliseconds under this principle. This is one of the use cases of the, let’s say the primitive Naoris Protocol. There are many more.Konstantinos Karagiannis: Is it safe to say this might be able to catch zero days just because there’s an anomalous behavior on one node that was attacked and then the other nodes could say, “We don’t know what this is. There’s no number associated with the vulnerability, but we know we don’t like this behavior, and we’re not going to let that change happen to us.” Is that the idea?David Carvalho: That’s a very good point, because as you say, changes assume integrity. Integrity can even be pushed at the post-quantum level. Integrity is pretty close to mathematically perfect as we know it. It either is or it isn’t — there’s nothing in the middle. Under a decentralised validation structure, that gets very powerful. Obviously, blockchains are perfect at this. That’s what they do already. We have extended that from bitcoins and smart contracts into data and systems and applications and services, which is the rest of the digital infrastructure globally. Yes, your assertion is correct.Having said that, to be fair, there are probably thousands of ways to skin a rabbit in terms of zero days. There are exploits that have nothing to detect, so on and so forth. But eventually, something has to happen somewhere. Otherwise, the attacker is doing nothing but wasting their time.Konstantinos Karagiannis: Absolutely. You’re able to take this technology and make it post-quantum. What kind of advice would you give to anyone else operating in this space for what you’ve learned and what you’ve accomplished? What should they be doing to try and make that migration? If they’re working on some kind of blockchain or some kind of technology in that space, what should they be doing in the short term now that we know the threat has expanded?David Carvalho: I can speak about all the environments we have had contact with recently. I’m talking about Web 3 spaces. The problem is all the same: Banking, ports and rail, other critical infrastructure, nation-state agencies, central banks, and so on and so forth — they just need a plan. They need, for example, to follow the strategic European data-protection initiative on post-quantum, for example — there’s one in the U.S. as well — that helps them create a framework that allows them to manage their own structures, prepare their libraries, prepare their systems, prepare their policies for transformation.In the end, it’s not painful. Yes, it’s like taking some hundreds of COVID shots for systems, but it’s something that is much better than the alternative, which is harvest now, decrypt later, and all your secrets being revealed: your five-year plans, your IP and so on and so forth. I’m sure David has something to say on that too.David Holtzman: I worked in big companies, and large enterprises move very slowly at adopting even incremental changes in their base software. I can only imagine how they’re going to deal with this stuff, because this is not incremental. This is going to be significantly different than how they do things. I advise anybody that they should be starting pilot programmes now in evaluating things like us and maybe our competitors and start coming up with solutions and how they’re going to integrate it into their enterprise. It’s going to take years.Konstantinos Karagiannis: Is there’s a way for people to see a demo of the regular post-quantum, version, whatever, so they can understand how easy it is to implement something like this?David Carvalho: We don’t show that yet publicly, because we are not public yet, but we should be in the end of quarter four if everything goes well. Also, assuming the market gets better — both markets, the real world and the crypto — basic companies, institutions, companies that would like to partner, etc., they can contact us and we will open our doors and integrate with them and work to fix their problems, either in a very custom way or help them build on our chain, or integrate their existing software or systems in our chain, which is quite easy. In most cases, it’s just wrapping code around something.Konstantinos Karagiannis: I thank you guys for your time. I’ll definitely be linking everything about the Naoris Protocol in the show notes.David Carvalho: Thanks so much, Konstantinos. It was a pleasure to be here.David Holtzman: Thank you.Konstantinos Karagiannis: Now, it’s time for Coherence, the quantum executive summary, where I take a moment to highlight some of the business impacts we discussed today in case things got too nerdy at times. Let’s recap.The Naoris Protocol is a blockchain designed to protect network devices. Typically, the larger a network becomes, the larger the threat surface grows, providing more potential points of failure. With Naoris, the more nodes that come online, the greater the protection, including handling some devices that have proved challenging to organisations in the past. Each node validates that a device or application is safe and maintains integrity. Suppose bad behavior is detected, such as a hack. In that case, the network will no longer trust the device through consensus among the many other nodes. This is similar to how a cryptocurrency blockchain would not accept forged transactions.One of the NIST PQC finalists, Dilithium, is now being used in a version of the Naoris Protocol. The hope is to add this post-quantum cryptography to the main chain’s proof of integrity or validation of all devices. Devices that run Naoris nodes can be servers or lighter ones, such as phones or IoT appliances. However, nodes can also run on industrial systems, which can potentially cause physical harm if hacked — for example, the protocol can protect industrial robots. This could prevent at least one kind of robot uprising in the future.While Neoris is still new, the team has worked with high-profile environments. Blockchain is a natural fit for validating devices, and launching with post-quantum cryptography as an option is a terrific example of how PQC is starting to appear across the industry. Because so many blockchains are vulnerable to quantum computers, I’d like to see more PQC development in the distributed-ledger-technology space.That does it for this episode. Thanks to David Carvalho and David Holtzman for joining to discuss the Naoris Protocol, and thank you for listening. If you enjoyed the show, please subscribe to Protiviti’s The Post-Quantum World and leave a review to help others find us. Be sure to follow me on all socials @KonstantHacker. You’ll find links there to what we’re doing in Quantum Computing Services at Protiviti. You can also DM me questions or suggestions for what you’d like to hear on the show. For more information on our quantum services, check out Protiviti.com, or follow Protiviti Tech on Twitter and LinkedIn. Until next time, be kind, and stay quantum-curious.