Andrew, I think we should begin now. Good morning, everyone. I'd like to welcome you to the 2023 Third Quarter Results and Business Update of ZeroOne Communique. My name is William Train, I'm the chairman. I'm filling in for Brian Stringer today. Brian, our CFO, who normally hosts this call with Andrew. He's having a minor medical procedure done today, and there's nothing to worry about. He wants to assure everyone he's fine, and he'll be back for the fourth quarter results in about three months. Andrew will be making a presentation later. We'll also be having a Q&A session, and you are all familiar with how Zoom works now, I'm sure. There's a Q&A button at the bottom of the screen.
If you click on that, you'll be able to submit your written questions, and then I will moderate the questions at the end, and Andrew will answer them. First of all, I'd like to draw your attention to the disclaimer. It should be up on the screen. I'll give you a moment to look over that. It's the standard disclaimer that we often have. So please take a moment to have a look at the disclaimer. Okay, without further ado, I'd like to turn it over to Andrew Cheung, our President and CFO, who will be making a presentation, and again, question and answers afterward. Thank you.
Thank you, Bill. Welcome, everyone. Again, my name is Andrew Cheung, President and CEO of ZeroOne Communique. Welcome to our 2023 Third Quarter Financial Result and Corporate Update. Activities in the post-quantum cryptographic market continue to move in light speed, as we expect. First, we have signed up a new partner called Keyfactor, who is a major player in the certificate authority industry, which is a backbone industry in internet cybersecurity. And secondly, we have reduced our operating loss, as how I indicated during the last quarter result. So before I talk about them in details, for the benefit of those new shareholders, please allow me to reiterate some background of cybersecurity threat posed by quantum computers.
In short, the cryptographic technology that protects our cybersecurity world in the last 40+ years is coming to an end of life, all because of the arrival of this new breed of quantum computers with excessive computing power. It is already a known fact. However, the trillion-dollar question is not only about when a powerful quantum computer will fall into the hands of general hackers. It is also about how long your sensitive data needs to be kept safe, and how long does it take for you to implement quantum safety. This is because hackers can harvest your data and decrypt them later. This is called a famous, like, HNDL attack.
The simple equation is as follows: X being the number of years your encrypted data needs to be safe and secure, and Y being the number of years it would take for you to implement quantum safety, and Z being the time it takes for hackers to get hold of a powerful quantum computer. So if X plus Y is greater than Z, then you toast it. Very, very simple. Now, X and Y are different for each industry. For example, Y is the number of years to implement the quantum safety.
Usually, it's between, we say, six months to three years. And X, the lifespan of your data, is a big number for some industries, such as health industry or national defense, for obvious reasons. It doesn't need a rocket scientist to figure that X plus Y indeed is a pretty large number.
So now, let's take a look at Z, the time it takes for a hacker to get hold of a powerful computer, like a quantum computer. Experts in the cryptographic world believe it takes a little more than a day for a quantum computer with 4,000 qubits to crack current RSA encryption. So then, now, let's take a second to let me show you the power of a quantum computer as of today. There are many quantum computer vendors in the world, like IBM, Google, D-Wave, Honeywell, Amazon, et cetera, et cetera. So let's just take a look at IBM's roadmap, which is publicly available. IBM commercially released the world's first quantum computer in 2019, with 27 qubits. This was just a quantum toy, like the PC we had in the 1970s.
And then in November of last year, they fulfilled their promise, delivering a 433-qubit quantum computer called Osprey. IBM plans to deliver 1,100 qubits this year, and followed by 1,400 qubit next year, then 4,000 qubits in 2025, and then 100,000 qubits in 2026. Now, you may say, "Hey, you know, it's still two years away from 2025," but don't forget, damage is here already. If it takes more than a day, say a month or even a few months to crack current RSA using the 1,100-qubit quantum computer, which expected to be available later this year. After all, all these are just the commercial level, and the national level, we all know, is usually about five to 10 years ahead.
Logically, they already have something we will have in 2026, at least two years ago. This means it is logical, assumption that Z is actually zero already at the national level, like the U.S., Russia, and China. In addition to that, earlier this year, a group of Chinese cryptographic scientists have published a paper claiming the possibility of cracking the current RSA using just 372 qubits. While it's still waiting to be proven, this is alarming, and the point I really want to get across is that Z is a very small number, if not zero, and it is for sure way bigger than X plus Y, regardless of the industry you are in. This means no industry really have any time to wait.
So no matter why, the government agencies around the world have been doing a lot of things to prepare for Q-day arrival. Among them, the leader definitely is the National Institute of Standards and Technology, the NIST, in the U.S. They have started the process in 2016, almost the same time when we started IronCAP. After six years, they have approved four algorithms in July of last year and proposed to recommend one more algorithm by 2024 for the code-based category. As expected, NIST went ahead to write the standard paper for these four approved algorithms. So on August 24, which is a little less than a month ago, they have published three out of four of these approved algorithm and officially calling them FIPS 203, 204, and 205.
A paper for the SPHINCS+ algorithm is on its way soon. These algorithm are already part of IronCAP Toolkits. I got to emphasize, even before they were approved. So furthermore, the classic mechanisms already within IronCAP Toolkits, as we anticipate them being the winner in 2024. This means our partners are ahead of the peer by working with IronCAP. Now, obviously, the White House is also not sitting idle, as they know full well about what is going on. In November last year, the Executive Office of the President has issued a memorandum to adhere to the National Security Memorandum, NSM-10, that sets a deadline of October 18 this year, which is a few weeks from now, for the federal agencies to assess funding requirements to achieve quantum safety.
The memorandum reiterated the famous HNDL attack and urged the agencies to at least assess the inventory of areas that will be affected by quantum threat and provide guidance to agencies to cope with the interim time period before NIST has rubber-stamped the official standards. Many other industry players, like major one, like EMV of the payment industry, has already started to evaluate post-quantum risk and acknowledge that it is a time, it is a time bomb that is ticking. Also, the HHS of the health sector is also doing their own assessment for obvious reason, because as I mentioned earlier, patient data in the health industry needs to be secured for a very long time, and therefore extremely vulnerable to the HNDL attacks.
Similarly, the BIS, Bank for International Settlements, has also urged the payment industry to assess their risk. So with all of this happening, the PQC, Post-Quantum Cryptography market, is indeed at a tipping point of an explosive growth. Our strategy worked out very well at the beginning. First, we anticipated the NIST standards, so we have the IronCAP Toolkits ready with the algorithm before they are being standardized. In other words, our PQC project completed for our partners were already using the to-be standardized NIST algorithms. This allow us to sign up world-class partners such as Thales, PricewaterhouseCoopers, CGI, Hitachi, Keyfactor, etc. And secondly, while the NIST algorithms are important, they are open source, okay? So we believe the real value is in the practical application with our patented technology, plus applying, complying to latest industry standard.
So our advantage as not a startup company, our advantage is that we are fundamentally a product company building applications. So naturally, we evolved to become the first in the world building real PQC applications. And these real applications are use cases that are the main reasons why our partners prefer to work with us, rather than our competitors, who only provide the cryptographic library and nothing else. The most notable project is our IronCAP X, which is a PQC end-to-end email security application that an end user, like you or who, or anyone on the street, can practically install, use, and get a taste of PQC email encryption and PQC digital signature.
In our project, also to convert the Solana blockchain to become quantum safe, also sets a milestone for the world of digital currency, which is a very important milestone for even the government, the digital currency. The digital asset exchange machine and remote access are just other examples. So as mentioned earlier, we have signed up Keyfactor earlier, well, actually this quarter, as our partner. And Keyfactor is actually a major player in the certificate authority industry. And the certificate authority industry, again, is the backbone of internet cybersecurity that protects the whole world. They, Keyfactor, uses EJBCA as the tool to issue, manage, and store certificates.
So our job is to make sure that IronCAP is compatible with them, and therefore can work with their customers in building real PQC use cases, as well as PQC conversion for the existing applications. This is very important, a very important milestone for us because, again, as I said, the certificate authority industry is a cornerstone of internet security, governing all the connected applications such as payment, website security, everything, including the Zoom communication that we are currently using. In addition to all these, we have many ongoing activities, just to name a few. We will continue to discuss and hopefully sign up more partners in the HSM, hardware security module industry, as well as the certificate authority industry.
These are the early adopter of PQC, as I mentioned earlier, and those payment, for example, payment card, vendors or internet browser or healthcare-related vendors, all need to purchase PQC certificates. And these HSM and certificate authorities are the players from whom they are purchasing the certificate from. In addition, we have been also strategizing with our long-term partner, Hitachi, about how they can play the PQC market in Japan. As a result, many potential opportunities in various industry have been identified. Now, last but not least, the international PKI, the public key infrastructure consortium, recognizing that we being a leader in PQC and PQC practical use cases, has invited us as a speaker at the upcoming PKI conference, held in Amsterdam in November. They want us to talk about, obviously, the practical PQC application that we have built.
I'm very excited about that, because PKI is the fundamental of cybersecurity, so that all participants are extremely influential organizations, such as the banks, the central banks, government, et cetera. Our existing partners and potential new partners would also attend the presentation. All these activities that I mentioned so far are reflected in our quarterly results. As mentioned earlier, during our last quarter result, we have pivoted from the heavy R&D mode to the harvesting mode. This is clearly reflected in the reduction in operating loss to $74,000 from $135,000 a year ago, despite without the revenue from a one-time proof of concept project during the same quarter last year. We expect the reduction will continue to Q4 and beyond.
So, while we continue to operate at zero debt, my goal is to maintain our cash position and hover around the break-even position, so that we can swing into profitability should any one of the following event happens, such as PQC market takes off, additional revenue stream from existing business or a more favorable exchange rate development, et cetera. So, as a summary, in looking forward to the rest of 2023 and beyond, we expect to continue, again, reducing our operating loss, aiming at break-even operation, while nurturing more partnerships to embrace the PQC market growth. And, we will continue to support our partners in their co-marketing activities in 2023 and beyond, and to maintain our leadership in the PQC market.
We also expect more enterprises to commence their post-quantum journey, and IronCAP is in an excellent position to capitalize on this upcoming explosive trend. So I will take a pause from here to allow more time for question and answers. As mentioned earlier, at the beginning by Bill, please use the Q&A feature of Zoom and type in your question, and Bill will monitor and moderate the question, and let me know your question, and I will provide answer. So, off to you, Bill.
Yeah, Andrew, a couple of questions have already come in, so let's address those first. Andrew, who are the competitors of IronCAP? Could you elaborate on that?
Yeah, interesting. I have been going on for many, many quarters. This is the first time I heard about questions like that, which is a very fundamental questions. In fact, you know, we have quite many competitors around the world. I will name a few. First of all, there is a competitor in Canada, Waterloo, called ISARA, and we have one in the U.K. called PQShield, and there are some in Europe and some in Australia. There are about six to seven competitors around the world, and they are good companies with good technology.
But as I said, you know, we are, if not the only one, we are one of the very few who can really provide, using our experience as a product company, to develop the real PQC applications and helping our customers and the customer of our customers to convert their application and build new application that is PQC compatible. So, that is mainly the differentiation that we have, you know, against our competitors.
Okay. Thank you. Here's another one. Could you run through the major partnerships that we have made with counterparties and the purpose of those partnerships?
Yes. We, as mentioned earlier, we have many world-class partners, like small and large. The more notable partners are, like, our backyard, CGI, and in Japan, Hitachi, in France, Thales, and in U.S., Keyfactor, in Asia, PricewaterhouseCoopers, et cetera. Those are the larger notable ones. And our strategy is we recognize that we are a small company, so we don't have the resources to reach out to all the potential PQC customers.
So our strategy since day one was to sign up with these, world-class partners, who are the forerunner and the early adopters to PQC industry, and working with them so that we can access to their customers, and they are going to present to their customers' need. You know, when their customers need PQC, they would, you know, fulfill them, and we are their supplier of PQC technology and, and, and conversion. They call it the SME, the subject matter expert, is the role that we play with within these partners. So among them, you know, we actually have the capacity to reach out to a worldwide scale of PQC customers and end users.
Okay, thank you. I'm gonna paraphrase this question a bit. So we know that breakthroughs could happen at any time, either technological breakthroughs or algorithm breakthroughs that could break open and really bring home this quantum threat. But here's the question: Since that could happen almost any time, does ZeroOne have the capacity to fulfill the need?
Yeah. Oh, thank you. I think this, this is, this is a, a pretty good question that is, kind of tough telling. This is, it's not exactly the last question, but it's kind of tough telling to my answer to the, to the last questions. If it is the ZeroOne alone, we do not have, to be frank, we do not have the capacity to reach out to that global demand. And, since we are working with, partners, those names that I mentioned in previously spread around the world, we do have the capacity to reach out to them indirectly.
Then on the technological side, we have a, like, an army of developers and contractor under our belt that we can deploy at any time on demand to fulfill the need and to fulfill the demand for PQC applications. I am very confident that if this is taking off and regardless of the scale, we are very scalable to fulfill all those demands from our partners.
Okay, thank you. Another question: Do you think ZeroOne will be an acquisition target?
Sensitive question, I think. To be frank, we do not—we never, for all these years, we have never been operating the company with the expectation of being acquired or something. But, it's not uncommon that when an explosive trend comes up, and being a dominant player in the industry, I think I won't be surprised that we would be the target of some larger players or someone who want to get into the industry. But, it's hard to speculate. So to be frank, I never—we never, we never operate, again, the company to expect, you know, being acquired or something like that.
But, you know, it's a public company, so if anyone wants our technology and wants us, you know, like, yeah, they propose, I have to report to the board. Yeah, so, I think that's a short answer. We don't... Yeah, we don't expect something like that, but if it happened, we deal with it.
Okay. Thank you. Not sure if I understand this question or if you can answer it, Andrew, but here's the next question: How do insurance policies fit into the threat of a company's cybersecurity protection of a company?
We actually heard about that. We have been approached by some insurance company talking about cybersecurity or quantum insurance. We haven't seen a lot of development in that area, although, as I said, we heard from some initial discussion from the insurance company. I would say about a year ago, and there was no partnership developed in that area. But personally, I believe this is an area that will definitely fall into the place when the PQC market comes up and, when, you know, if and when the first open quantum attack happen, I am pretty sure the insurance industry will be expanded into the quantum protection. That is almost no doubt about that.
Okay. I think this... We'll, we'll just take one more question, I think, and then wrap it up. But this one relates, I guess, to the technology that we have and the, you know, the patents that we have. But could you elaborate on what other use cases are in the pipeline for our technology?
Yes, there are a lot of use cases, as I mentioned, PQC, email security, remote access, digital asset, machine, blockchain. You know, we have, we have done quite a bit of very heavy scale use cases already, and other use cases in the pipeline, I would say is, for example, VPN. A lot of people using VPN today, but they are all quantum-vulnerable. And we, we actually heard from, indirectly from a customer of our partners, that they are looking for either creating or converting some existing VPN application to become quantum-safe, and we are definitely going to help when this is happening. So I, I believe that is probably a close the next things to happen.
Other things like in the digital currency, like the wallet, you know, definitely has to be quantum safe. Other areas such as the web browsing are also, you know, in the pipeline and the chip that when you take out your bank card or credit card, you see that little chip there, and they are quantum vulnerable. So that industry definitely will have to to upgrade in that little chip to become quantum safe. Yeah, we have some discussion, indirect discussion with through our partners with that industry also. So, yeah. So those are the things that I would say are kind of next coming as use cases.
But at the end of the day, almost everything that you can imagine under the sun related to the connected world will, will be use cases. You know, those are just the, the, I would say the... I shouldn't use the word lower hanging fruit, but those are the, the, the front line, you know, of industry who will be confronting the, the Q-day tsunami. Yeah, and that has to be dealt with.
Well, it's an exciting field, and it's gonna keep us on our toes. Anyway, thank you, Andrew. I think we can wrap it up. Do you have a few final words?
Again, thank you for joining our 2023 Q3 Business Update. I am very happy about this new phase of operation, so please stay tuned and see you again the next quarter.
Okay. Thank you, Andrew. Thank you, everyone, for attending.