01 Quantum Inc. (ONE) Earnings Call Transcript & Summary

Good morning, everyone. I'd like to welcome you to the 2023 3rd quarter results and business update of 01 Communique. My name is William Train, I'm the Chairman. I'm filling in for Brian Stringer today. Brian, our CFO, who normally host this call with Andrew, he's having a minor medical procedure done today and he -- there's nothing to worry about. He wants to assure everyone he's fine, and he'll be back for the fourth quarter results in about 3 months. Andrew will be making a presentation later. We'll also be having a Q&A session. And you are all familiar with how Zoom works now, I'm sure. There's a Q&A button at the bottom of the screen. If you click on that, you'll be able to submit your written questions and then I will moderate the questions at the end, and Andrew will answer them. First of all, I'd like to draw your attention to the disclaimer, it should be up on the screen. I'll give you a moment to look over that. It's the standard disclaimer that we often have. So please take a moment to have a look at the disclaimer. Okay. Without further ado, I'd like to turn it over to Andrew Cheung, our President and CFO, who will be making a presentation and, again, question and answers afterwards. Thank you.

Thank you, Bill. Welcome, everyone. Again, my name is Andrew Cheung, President and CEO of 01 Communique. Welcome to our 2023 third quarter financial result and corporate update. Activities in the post-quantum cryptographic market continue to move in light speed as we expect. First, we have signed up a new partner called Keyfactor, who's a major player in the certificate authority industry, which is a backbone industry in Internet cybersecurity. And secondly, we have reduced our operating loss, as how I indicated during the last quarter result. So before I talk about them in details, for the benefit of those new shareholders, please allow me to reiterate some background of cybersecurity threat posed by quantum computers. In short, the cryptographic technology that protects our cybersecurity world in the last 40-plus years is coming to an end of life all because of the arrival of this new breed of quantum computers with excessive computing power. It is already a known fact. However, the trillion-dollar question is not only about when a powerful quantum computer would fall into the hands of general hackers, it is also about how long your sensitive data needs to be kept safe and how long does it take for you to implement quantum safety. This is because hackers can harvest your data and decrypt them later. This is called the famous like HDNL (sic) [ HNDL ] attack. The simple equation is as follows: X being the number of years your encrypted data needs to be safe and secure; and Y being the number of years it would take for you to implement quantum safety; and Z being the time it takes for hackers to get hold of a powerful quantum computer. So if X plus Y is greater than Z, then you're [ toasted ]; very, very simple. Now X and Y are different for each industry. For example, Y is the number of years to implement the quantum safety. The -- usually, it's between, I would say, 6 months to 3 years. And X, the lifespan of your data, is a big number for some industries such as health industry or national defense for obvious reasons. It doesn't need a rocket scientist to figure that X plus Y indeed is a pretty large number. So now let's take a look at Z, the time it takes for a hacker to get hold of a powerful computer, like a quantum computer. Experts in the cryptographic world believe it takes a little more than a day for a quantum computer with 4,000 qubits to crack current RSA encryption. So then now let's take a second to let me show you the power of quantum computer as of today. There are many quantum computer vendors in the world like IBM, Google, D-Wave, Honeywell, Amazon, et cetera, et cetera. So let's just take a look at IBM's road map, which is publicly available. IBM commercially released the world's first quantum computer in 2019 with 27 qubits. This was just a quantum toy like the PC we had in the '70s. And then in November of last year, they fulfilled their promise, delivering a 433-qubit quantum computer called Osprey. IBM plans to deliver 1,100 qubits this year and followed by 1,400 qubits next year, then 4,000 qubits in 2025 and then 100,000 qubits in 2026. Now you may say, hey, it's still 2 years away from 2025. But don't forget, the damage is here already if it takes more than a day, let's say, a month or even a few months to crack current RSA using the 1,100-qubit quantum computer, which is expected to be available later this year. And after all, all these are just the commercial level. At the national level, we all know it's usually about 5 to 10 years ahead. So logically, they already have something we will have in 2026 at least 2 years ago. This means in this logical assumption that Z is actually 0 already at the national level like the U.S., Russia and China. In addition to that, earlier this year, a group of Chinese cryptographic scientists have published a paper claiming the possibility of cracking the current RSA using just 372 qubits. While it's still waiting to be proven, this is alarming. And the point I really want to get across is that Z is a very small number, if not 0, and it is for sure way bigger than X plus Y regardless of the industry you're in. This means no industry really have any time to wait. So no matter what, the government agencies around the world have been doing a lot of things to prepare for Q-Day arrival. Among them, the leader definitely is the National Institute of Standards and Technologies or NIST in the U.S. They have started the process in 2016, almost the same time when we started IronCAP. After 6 years, they have approved 4 algorithms in July of last year and proposed to recommend one more algorithm by 2024 for the code-based category. As expected, NIST went ahead to write the standard paper for these 4 approved algorithms. So on August 24, which is a little less than a month ago, they have published 3 out of 4 of these approved algorithms and officially calling them FIPS 203, 204 and 205. And paper for the SPHINCS+ algorithm is on its way soon. These algorithms are already part of IronCAP toolkits, IronCAP to emphasize, even before they were approved. So furthermore, the classic [ mechanism ] is already within IronCAP toolkits as we anticipate them being the winner in 2024. This means our partners are ahead of the peer by working with IronCAP. Now obviously, the White House is also not sitting idle as they know full well about what's going on. In November last year, the Executive Office of the President has issued a memorandum direct here to the National Security Memorandum, NSM-10, that sets a deadline of October 18 this year, which is a few weeks from now, for the federal agencies to assess funding requirements to achieve quantum safety. The memorandum reiterated the famous HNDL attack and urged the agencies to at least assess the inventory of areas that will be affected by quantum threat and provided guidance to agencies to cope with the interim time period before NIST has rubber-stamped the official standards. And many other industry players, like major ones like EMV of the payment industry, has already started to evaluate post-quantum risk and acknowledged that it is a time bomb that is ticking. And also the HSS or the health sector is also doing their own assessment for obvious reasons because, as I mentioned earlier, patient data in the health industry needs to be secured for a very long time and, therefore, extremely vulnerable to the HNDL attacks. Similarly, the BIS, Bank of International Settlements, has also urged the payment industry to assess their risk. So with all these happening, the PQC, post-quantum cryptography market is indeed at a tipping point of an explosive growth. Our strategy worked out very well at the beginning. First, we anticipated the NIST standard, so we have the IronCAP toolkits ready with the algorithm before they are being standardized. In other words, our PQC projects completed for our partners were already using the 2.B standardized NIST algorithms. This allowed us to sign up world-class partners such as Thales, PricewaterhouseCoopers, CGI, Hitachi, Keyfactor, et cetera. And secondly, while the NIST algorithms are important, they are open source, okay? So we believe the real way is in the practical application with our patented technology plus applying -- complying to latest industry standard. So our advantage is not a start-up company. Our advantage is that we are fundamentally a product company building applications. So naturally, we evolved to become the first in the world building real PQC applications. And these real applications or use cases, they are the main reasons why our partners prefer to work with us rather than our competitors who only provide a cryptographic library and nothing else. The most notable project is our IronCAP X, which is a PQC end-to-end e-mail security application that an end user like you or anyone on the street can practically install, use and get a taste of PQC e-mail encryption and PQC digital signature. And our project also to convert the Solana blockchain to become quantum-safe also sets a milestone for the world of digital currency, which is a very important milestone for the -- even the government, the digital currency. The digital asset exchange machine and remote access are just other examples. So as mentioned earlier, we have signed up Keyfactor earlier -- or actually, this quarter, as our partner. And Keyfactor is actually a major player in the certificate authority industry. And the certificate authority industry, again, is the backbone of Internet cybersecurity that protects the whole world. They -- Keyfactor uses EJBCA as the tool to issue, manage and store certificates. So our job is to make sure that IronCAP is compatible with them and, therefore, can work with their customers in building real PQC use cases as well as PQC conversion for the existing applications. This is very important -- a very important milestone for us because, again, as I said, the certificate authority industry is a cornerstone of Internet security governing all the connected applications such as payment, website security, everything, including the Zoom communication that we are currently using. In addition to all these, we have many ongoing activities. Just to name a few, we will continue to discuss and hopefully sign up more partners in the HSM, hardware security module, industry as well as the certificate authority industry. These are the early adopters of PQC, as I mentioned earlier. And those payment, for example, payment card vendors or Internet browser or health care-related vendors all need to purchase PQC certificates. And these HSM certificate authorities are the players from whom they are purchasing the certificate from. In addition, we have been also strategizing with our long-term partner, Hitachi, about how they can play the PQC market in Japan. As a result, many potential opportunities in various industries have been identified. Now last but not least, the international PKI, the Private (sic) [ Pubic ] Key Infrastructure Consortium, recognizing that we being a leader in PQC and PQC practical use cases, has invited us as a speaker at the upcoming PKI conference held in Amsterdam in November. They want us to talk about, obviously, the practical PQC application that we have built. I'm very excited about that because PKI is the fundamental of cybersecurity so that all participants are extremely influential organizations such as the banks, the central banks, government, et cetera. Our existing partners and potential new partners would also attend the presentation. So all these activities that I mentioned so far are reflected in our quarterly result. As mentioned earlier, our last -- during our last quarter result, we have pivoted from the heavy R&D mode to the harvesting mode. This is clearly reflected in the reduction in operating loss to $74,000 from $135,000 a year ago, despite without the revenue from a onetime proof-of-concept project during the same quarter last year. And we expect the reduction will continue to Q4 and beyond. So while continuing to operate at 0 debt, my goal is to maintain our cash position and hover around the breakeven position so that we can swing into profitability should anyone of the following event happens, such as PQC market takes off, additional revenue stream from existing business or a more favorable exchange rate development, et cetera. So that's a summary. Looking forward to the rest of 2023 and beyond, we expect to continue, again, reducing our operating loss, aiming at breakeven operation while nurturing more partnerships to embrace the PQC market growth. And we will continue to support our partners in their core marketing activities in 2023 and beyond and to maintain our leadership in the PQC market. We also expect more enterprises to commence their post-quantum journey, and IronCAP is in an excellent position to capitalize on this upcoming explosive trend. So I will take a pause from here to allow more time for questions and answers. As mentioned earlier at the beginning by Bill, please use the Q&A feature of Zoom and type in your question, and Bill will monitor and moderate the question. And let me know your question, and I will provide answer. So off to you, Bill.

Yes, Andrew, a couple of questions have already come in. So let's address those first. Andrew, who are the competitors of IronCAP? Could you elaborate on that?

Yes, interesting, I have been going on for many, many quarters. This is the first time I heard about a question like that, which is a very fundamental question. In fact, we have quite many competitors around the world. I will name a few. First of all, there is a competitor in Canada, Waterloo called ISARA; and we have one in the U.K. called PQShield; and there are some in Europe and some in Australia. So they are about 6 to 7 competitors around the world. And they are good companies with good technology. And -- but as I said, we are -- if not the only one, we are -- we're one of the very few who can really provide using our experience as a product company to develop the real PQC applications and helping our customers and the customer of our customers to convert their application and build new application that is PQC compatible. So that is mainly our different -- the differentiation that we have against our competitors.

Okay. Thank you. Here's another one: could you run through the major partnerships that we have made with counterparties and the purpose of those partnerships?

Yes, we -- as mentioned earlier, we have many world-class partners like [ small and large city ]. The more notable partners are like our backyard, CGI; and in Japan, Hitachi; in France, Thales; and in U.S., Keyfactor; in Asia, PricewaterhouseCoopers, et cetera. Those are the larger, notable ones. And our strategy is we recognize that we are a small company. So we don't have the resources to reach out to all the potential PQC customers. So our strategy since day 1 was to sign up with these world-class partners who are the forerunner and the early adopters to PQC industry and working with them so that we can access to their customers. And they are going to present to their customer's need -- when their customers need PQC, they would find, they would fulfill them and we are the supplier of PQC technology and conversion. We -- they call it the SME, subject matter expert is the role that we play within these partners. So among them, we actually have the capacity to reach out to a worldwide scale of PQC customers and end users.

Okay. Thank you. I'm going to paraphrase this question a bit. So we know that the breakthroughs could happen at any time, either technological breakthroughs or algorithm breakthroughs that could break open and really bring home this quantum threat. But here's the question: since that could happen almost any time, does 01 have the capacity to fulfill the need?

Yes, thank you. I think this is a pretty good question that is kind of dovetailing -- it's not exactly the last question, but it's kind of dovetailing to my answer to the last question. If it is 01 alone, we do not have, to be frank, we do not have the capacity to reach out to that global demand. And since we are working with partners, those names that I mentioned and pretty spread around the world, we do have the capacity to reach out to them indirectly. And then on the technological side, we have like an army of developers and contractors under our belt that we can deploy at any time on demand to fulfill the need and to fulfill the demand for PQC applications. So I am very confident that if this is taking off and regardless of the scale, we are very scalable to fulfill all those demands from our partners.

Okay. Thank you. Another question: do you think 01 will be an acquisition target?

A sensitive question, I think. To be frank, we do not -- we never -- for all these years, we have never been operating the company with the expectation of being acquired or something. But it's not uncommon that when an explosive trend comes up and being a dominant player in the industry, I think I won't be surprised that we would be the target of some larger players or someone who want to get into the industry. But it's hard to speculate. So to be frank, I never -- we never operate, again, the company to expect being acquired or something like that. But this is a public company. So if anyone wants our technology and wants us, yes, they propose, I have to report to the Board. And yes, so I think that's a short answer. We don't -- yes, we don't expect something like that, but if it happens, we'll deal with it.

Okay. Thank you. Not sure if I understand this question or if you can answer it, Andrew, but here's the next question: how do insurance policies fit into the threat of a company's cybersecurity protection of that company?

We actually heard about that. We have been approached by some insurance company talking about cybersecurity or quantum insurance. We haven't seen a lot of development in that area. Although, as I said, we heard from some initial discussion from the insurance company, I would say, about a year ago, and there was no partnership developed in that area. But personally, I believe this is an area that will definitely fall into the place when the PQC market comes up. And when -- if and when the first open quantum attack happens, I am pretty sure the insurance industry will be expanded into the quantum protection. There is almost no doubt about that.

Okay. I think this -- we'll just take one more question, I think, and then wrap it up. But this one relates, I guess, to the technology that we have and the patents that we have. But could you elaborate on what other use cases are in the pipeline for our technology?

Yes, there are a lot of use cases, as I mentioned, PQC e-mail, security, remote access, digital asset machine, blockchain. We have done quite a bit of very heavy-scaled use cases already. And other use cases in the pipeline, I would say, is, for example, VPN. A lot of people using VPN today, but they are all quantum vulnerable. And we actually heard from, indirectly, from a customer of our partners that they are looking for either creating or converting some existing VPN application to become quantum-safe, and we are definitely going to help when this is happening. So I believe that is probably a close next thing to happen. And other things like in the digital currency like the wallet, it definitely has to be quantum-safe. And the other areas such as the web browsing are also in the pipeline. And the chip that when you take out your bank card or credit card, you see that little chip there and they are quantum vulnerable, so that industry definitely will have to upgrade in that little chip to become quantum-safe. And yes, we have some discussion -- indirect discussion with -- through our partners with that industry also. So yes, so those are the things that I would say are kind of next coming as use cases. But at the end of the day, almost everything that you can imagine under the sun related to the connected world will be use cases. Those are just the, I would say, the -- I shouldn't use the word lower-hanging fruit, but those are the front line of industry who will be confronting the Q-Day tsunami, yes, and that has to be dealt with.

Well, it's an exciting field, and it's going to keep us on our toes. Anyway, thank you, Andrew. I think we can wrap it up. Do you have a few final words?

Yes, I was -- again, thank you for joining our 2023 Q3 business update. I am very happy about this new phase of operation. So please stay tuned, and see you again the next quarter.

Okay. Thank you, Andrew. Thank you, everyone, for attending.