SecureTalk Podcast Introduction Script - James Stephens

Justin Beals: Hello everyone and welcome to SecureTalk. I'm your host, Justin Beals.

In 2018, I sat in a meeting trying to explain why we needed to invest in data science that produced verifiable, accurate results. We were building an AI-driven product, and I knew that without proper validation frameworks, without durable accuracy metrics, we'd struggle to earn customer trust.

The team saw it differently. They wanted speed to market. They wanted to show progress to investors. Building proper validation systems felt like unnecessary overhead when we could just ship the product and iterate later.

We shipped. Customers tried it. And then customers started asking the questions I knew were coming: How accurate is this? How do you validate these predictions? Can we trust this for decisions that matter?

We didn't have good answers. And without trust, adoption stalled. The company eventually shut down, not because the technology was bad, but because we'd skipped the foundational work that would have made it trustworthy.

I think about that experience often now. We're facing a similar moment with quantum computing and encryption. Organizations know the threat is coming. They see the headlines about quantum breakthroughs. But the investment required to address it properly feels expensive and abstract, especially when the crisis hasn't hit yet.

Three years ago, experts said quantum computers capable of breaking current encryption were 20 to 30 years away. Two years ago, that estimate dropped to 10 years. Last year, it was five years. Now, NIST has mandated that federal agencies migrate to post-quantum cryptography by 2030, with strong recommendations to complete the work by 2027 or 2028.

Google's Willow chip just demonstrated error correction rates that researchers thought were years away from being possible. Each breakthrough compresses the timeline further. And unlike threats where you can respond after the first attacks, this one is already active.

Security researchers call it "Harvest Now, Decrypt Later." Adversaries are capturing encrypted data today, storing it, and waiting. When quantum computers become powerful enough, they'll decrypt everything they've collected. Your encrypted communications from 2025 could be readable in 2030. Your blockchain wallets. Your authentication systems. Your trade secrets.

The mathematics are straightforward. If a quantum computer can solve problems in hours that would take conventional supercomputers septillions of years, then RSA encryption and elliptic curve cryptography, the foundations of almost everything we've built, simply stop working.

For organizations managing cryptocurrency or blockchain assets, the risk is amplified. There's over a trillion dollars in cryptocurrency protected by encryption that won't survive the quantum era. The blockchain's transparency, which makes it valuable for forensic investigation, becomes a vulnerability when the encryption fails. Every transaction is visible. Every wallet address is public. All that's protecting it is cryptographic security that's about to become obsolete.

I've spent 25 years in computer science, and I've seen this pattern repeat. We build systems assuming certain constraints will hold forever. Then something changes, and we scramble to retrofit security into architectures that weren't designed for the new threat model. We did it when we moved to the cloud. We did it when mobile devices became ubiquitous. We're doing it again with quantum.

But here's what's different this time. You can't patch your way out of this. You can't just upgrade your encryption library and call it done. You need to rethink how you generate randomness, how you store keys, how you authenticate users, how your entire security infrastructure operates.

Our guest today has been working on this problem from multiple angles. As a forensic investigator, he's spent a decade analyzing cryptocurrency breaches and tracing stolen funds across blockchain networks. He knows exactly how systems fail in practice, not just in theory. And what he's learned from investigating those failures has shaped how he's building quantum-resistant infrastructure today.

Most cryptocurrency losses don't come from sophisticated mathematical attacks. They come from key mishandling, weak randomness, and social engineering. People trust the wrong things. They use predictable passwords. They don't understand that traditional random number generators are actually deterministic and crackable with enough computing power.

True randomness, the kind that even a quantum computer can't predict, requires physics, not just algorithms. It requires hardware that generates entropy from quantum mechanical processes like electron tunneling. It's the difference between a pseudo-random number generator that follows a pattern, even if that pattern takes years to discover, and genuine quantum randomness that is physically unpredictable.

This conversation goes beyond cryptocurrency. We'll discuss what CISOs need to do now to prepare their organizations, how to assess vendor roadmaps for quantum readiness, and why the cost of migration, however expensive it seems, is negligible compared to the risk of waiting too long.

We'll also explore why so many legacy security companies are behind on this challenge, what NIST's updated standards actually mean for your compliance roadmap, and how to be honest with yourself about where your security architecture actually stands.

James Stephens is the Founder and CEO of Krown Technologies, Inc., the parent company of the Krown Network, the world's largest and most rewarding Layer-1 blockchain ecosystem. A recognized authority in blockchain security and cryptocurrency forensics, James has spent over a decade at the intersection of digital assets, cybersecurity, and quantum innovation.

An early adopter of Bitcoin, James holds multiple professional distinctions, including Certified Blockchain Expert (CBE), Certified Cryptocurrency Forensic Investigator (CCFI), and Board Certified Retail Organized Crime Investigator (CORCI). His background blends deep technical expertise with investigative precision, giving him rare insight into both the transformative potential and the vulnerabilities of emerging technologies.

Under his leadership, Krown Technologies has developed quantum-secure blockchain infrastructure, integrating post-quantum cryptography (PQC), proprietary Four-Factor Synchronous Authentication (4FSA), and exclusive partnerships with leading quantum security firms to safeguard digital assets against next-generation threats.

James's thought leadership has been featured in major outlets including CIO Views, World Biz Magazine, Digital Times, Entrepreneur Insights, The Silicon Review, and many more. He is also the author of Quantum Reckoning: Securing Blockchain and DeFi in the Post-Quantum Era, a work that translates highly technical cryptographic and quantum concepts into actionable strategies for policymakers, technologists, and business leaders.

Committed to building a more secure and resilient digital economy, James continues to champion innovation paired with robust security—ensuring that blockchain technology remains both accessible and future-proof.

—-- 

Justin Beals: James, thanks for joining us on SecureTalk today.

James Stephens: Thank you for having me, Justin. I appreciate it.

Justin Beals: Excellent. Well, certainly I am keyed into like a search engine on a term, quantum. I've certainly been, I enjoy science a lot, so I've been fascinated about it from a physics perspective. But as we talk about it from a computing perspective and then from a security perspective, it's such an interesting space. And we've had some really, some other quantum experts like yourself, Michele Mosca recently was chatting with us.

James Stephens: Yeah.

Justin Beals: And they kind of thought that we had about five to 10 years before quantum computing poses kind of real threats, especially I think to the thing we see immediately, which is encryption. And so I'm wondering how you see that timeline and kind of what drove you to try and develop quantum secured solutions today. Yeah.

James Stephens: Yeah, thanks for the question. think, you know, I treat timelines as like probabilities distributions, you know, it's not dates on a calendar so much. And I remember back just kind of looking back to last year, even six months ago, they were saying 20 to 30 years or 10, and then it moved down to 10 years and it moved to five years. And now we're looking at NIST adjusting their standards now for PQC migration by 2030 and no later and they really suggest by 27 and 28. And I think, I don't think that we really know how, what type of power, compute power that we're dealing with and what we're going to see with regard to the first breaks for RSA or ECDSA until it happens. And that, in that moment, in that Q day moment, we're gonna say to ourselves, man, we wish we had done this faster, right? Because it's moved, look at it.

A year ago it was 30 years, 20 years, 25 years. Now we're up to five years and NIST has set it at 2030. So for me, think it's, yes, I do believe we're just a short ways out. But right now, when you're looking at governments, even governments have set migration targets. And when you're starting to see entities like that, you're starting to understand that they really see the risk. And so I'm there too, I think, especially when you talk about the Harvest Now decrypt later.

Issue that we're seeing you're gonna start seeing breakage. Maybe even sooner than we think so I'm there. I'm there. think we're almost there

Justin Beals: Yeah, certainly I've noticed in some of the academic papers recently an acceleration in the error correction on some of the quantum computing systems. And I think that was one of the major pieces of the puzzle we were trying to solve.

James Stephens: No, was. Even when you look at Google's Willow, until Willow was out, we had error correction that were way up there, to the point where people wouldn't even think that we would ever get there. And now it was designed just for that. And so you're starting to see the error correction. The rates get lower and lower. The error rates get lower and lower and lower, and the corrections get higher.

And we're seeing that again, we're going back to that's happening faster than we ever thought it would. I think that's just simply because we're so much in the infancy of quantum computing that we really don't know exactly what power it harnesses until we're there. So we're playing from behind the eight ball at the moment.

Justin Beals: Yeah. And I'm going to leap into part of this topic here because you specifically from the work you're doing, it's not just about quantum encryption and the security around it, but you're thinking a lot about the Web3, this blockchain stuff. Now, I see some of these are cycles in marketing, you know, where there was this hype around Web3.0. I personally saw it as an interesting tech and a kind of a cool database.

But I wasn't sure what the applicability was beyond that. Now quantum is rising. These two things are mixing and matching for you a little bit.

James Stephens: No, they are. The thing is, when I developed, when I thought about Crown, it was really out of my own experience and out of the dark shadows of this sector, out of fraud and out of hack and loss of funds and encryption itself. I looked back at it, being in the sector for 10 years now, I looked back and I was like, it's time we've got to do something. I started looking ahead at that and I knew quantum computing was going to pose a massive threat.

Actually, one of the main things I talk about in my book, quantum reckoning, is that exact thing. We didn't realize what issues and problems it would present in this space, in the Web 3. And so that's why Crown was born. It was really about trust and about transparency, but more so about security and scalability in that.

So yeah, that was basically the perfect storm for us.

Justin Beals: Yeah, and I'm following the path here a little bit, James. I feel like the internet went through this issue itself where we wanted business to come on it, you know, as we started to have connected computing in the home, especially, let alone at business. But we realized that security wasn't quite up to date and we couldn't build a good business platform that people would trust to utilize until we actually had a good security imbued inside of the platform.

James Stephens: Yeah, yeah, and that's what Crown's about. Actually, know, Crown will have the largest ecosystem ever developed when it's done. It'll have over 30 utility platforms, products and services, and it's designed for that. It's designed for the future with regard to security. It's designed for the future with regard to scalability, use, price, you know, or fees. So all of that, Crown's kind of taken all of that into account and it said, okay, well, in the future,

What are people going to need? What are they going to need? Well, we know they're going to need security because of the quantum security or quantum encryption risk or the encryption risk ECDSAs. And then on top of that, they're going to need something that's still affordable, even though they're offering a next generation security package. And then they're going to need something they can scale with and build with. And then utility, they need to be able to use this in everyday life, whether it's payments, peer to peer, whatever it may be, any crypto, gaming, NFTs, whatever it may be, banking even.

And so we looked at that and we really kind of addressed everything we could address in one one blockchain and that would be crowned

Justin Beals: Talk to me a little bit about the Excalibur wallet. You're reporting a 98 % reduction in monetary loss risk compared to traditional cold wallets. Maybe chat a little bit about what's delivering on that today and certainly vulnerabilities around quantum security with that wallet.

James Stephens: Yeah, so Excalibur's risk reduction, it's based on, well, we're working in tandem with our partners at Quantum Emotion for Excalibur. Now that's our cold wallet. We also have the hot wallet, which is Castle. That'll be out in a few weeks. But with regard to Excalibur, know, Quantum Emotion went through IBM's Kitskit and really tested and simulated those attacks. And what the outcome of that was that there was exactly what you said, a 98 % reduction in risk of hacking or loss of funds.

When we talk about like the say like the entropy because the thing about about quantum emotions chip and that's what we'll be using in our Excalibur is that it's true entropy. It's it's it's real random entropy. It's not something that's cyclic. It's not something that can be figured out and it's you know that patented design and that patented chip that they have that's certainly something that we wanted to harness in a cold wallet because we knew that the time was coming that that these would be hacked eventually.

And so we wanted to kind of be ahead of that. And that's why Excalibur was created. It really aligns with the entire crown vision of security.

Justin Beals: Yeah, okay, so I got a couple of questions for you on things I'm a little blank on. Tell me, James, as someone just getting into some of this blockchain stuff myself, what's the difference between a cold wallet and a hot wallet?

James Stephens: Absolutely. So that is one of the best questions I've ever been asked. So a hot wallet. All right. So if you're getting into crypto and some of you guys that may know this, so a hot wallet is a wallet that we call it hot because it's attached, it's on chain, it's going to be on your computer on a desktop. You're to be able to use it software wise. So that's a hot wallet and it's always connected. And then you have a cold wallet, which is going to be an actual physical piece of hardware.

Justin Beals: Ha! Wonderful. Yeah. Good.

James Stephens: That you can keep at home, can keep it in a safety, I know people that keep it in their safe deposit boxes, their ledger, their cold wallets. And you'll be able to do the same thing with Excalibur. So the cold wallet is something that you'll actually connect and you can transfer your funds out of that cold wallet, but it's a storage device. It holds all of your digital assets on that storage device. 

And that's what Excalibur will do. Now, Castle, I was talking about Castle. Castle is our new proprietary quantum hot wallet. It will be the absolutely by far the safest crypto wallet in the world. If you exceeding any Metamask Trust wallet and any of the other ones that you know now, it changes the game completely. And we're in the testing phase for that and hopefully in the next few weeks we're going to be ready to make an announcement on Castle. But that is the difference between hot and cold wallets.

Justin Beals:  Okay, that's excellent. think, you know, I might use the metaphor of my checking account and my deposit account, right, between the ability to really store some funds or assets aside in something that I regularly transfer over to a checking account when I want to use it or make transactions with it, correct?

James Stephens: Yeah, so so your hot wallet, if we want to use a metaphor, so the hot wallet would be your debit card and the cold wallet would be your safety deposit box

Yes, okay good. And so now I want to talk about the random thing because I mean this is a major physics problem. We all know the story of the rack of lava lamps, you know, at a security company to generate random numbers.

James Stephens: Yeah. Yeah, until the C's leak or the implementation's faulter. Yeah.

Justin Beals: So you and of course like truly random numbers are are very Difficult just in physics theory to come by and so there's a set of hardware that y'all are working with to compute randomness essentially

James Stephens: Yeah, so let's, I've had this question a lot. So a lot of people ask, why does QRNG matter versus a random number generator that we know these days, right? So good PRNGs are strong and they're strong until, like I said, the seeds leak or the implementations falter, right? But QRNGs, the quantum random number generators, they add a physically...

unpredictable entropy source. So you'll never know, you know, there's, it'll be non-deterministic. So you'll never know actually what those seeds or what those keys will be as opposed to today's. People need to understand that when you're talking about a quantum computer and what its capabilities are, it can solve problems. Even our, even on 80 qubit or 105, the 105s we see now, those can solve problems that take the world's fastest supercomputers

I think it was a hundred or 70-tillion years to solve, and it could solve it in a matter of hours or a week. So the difference is massive when we talk about QRNGs, because a lot of people know nowadays, say, well, I can just use a random number generator and create a passcode or create, yeah, you can do that. It's not going to last very long in the quantum age, but QRNGs, it's completely random in a way that's physically impossible to know even with a quantum computer.

Justin Beals: I'm going to base myself here a little bit in my understanding, which is a little bit of a rub. So quantum understanding that we have a field of probability, it is non-deterministic in that the waveform collapses into a function at the moment of measurement. Similarly, we're dealing here with what I think what you're helping me learn is that in the chip there is some physical material that produces that

James Stephens: That's right.

Justin Beals: Essentially a randomness either in a series of signals like a waveform fluctuating in random ways or non-deterministic ways or whatever the measurement tool is but maybe not too far off from the lava lamp we have to have some you know physical characteristic that gives us this output is that correct?

James Stephens: That's absolutely correct. And with QEM's quantum emotion, partner, their electron, their tunneling technology, it's a game changer. It's something that is even more secure than we know today, what we know today. And I know that they're probably going to be, you know, they announced that they finalized their chip design with Taiwan Semiconductor. so you're going to see something coming out with Excalibur that's never been seen before. And I can't wait to tell you about it. I wish I could tell you more about it, but right now I can't talk too much about it.

Justin Beals: No, no, I understand. As you mentioned before, we hopped into the podcast. You guys are in kind of some R &D process, and it's important to maintain some control over the intellectual property. We certainly understand that in our work. But I do think I love that we can base ourselves in kind of good theory and science around how to bring these, I think, innovations to bear, right? You and I have probably lived enough

James Stephens: Yes.

Justin Beals: In the computer science marketplace to see people making claims that don't quite come true. Yeah.

James Stephens: It's a daily thing, you And the biggest, you know, the saddest thing about it all is that people use marketing and hype to build something or to build an idea or to give an idea that's never built. And I think the difference between Crown and the rest of the players in the field right now, especially with the blockchain quantum field, is that Crown is launching in a month and that we've built out four products and massive chain, know, massive quantum chain.

That's actually real. It's not talk, it's not hype. We've sat back quietly and we've built something amazing. And like you said, people, they talk a good game all the time and it ends up not being for anything.

Justin Beals: Yeah, you know, one of the big challenges in security, you and I would likely agree, is that oftentimes we're implementing security at the impact of end users, right? You know, I mean, we can certainly think about security tools we've had to implement that made logon harder or authentication more laborious, but they gave us the security we felt like was really required. You're building a new product and platform. You're implementing some new technologies for this stuff.

How do you think about your users and the impact that security tools will have on them?

James Stephens:  Well, those are the first things we thought about, besides security. We thought about what is the user experience going to be like. And we didn't really want to sacrifice speed for anything. And we didn't want to sacrifice security. But sometimes there is a trade-off. So we were able to develop proprietary products, if you will, security measures, that they don't sacrifice the speed. So like tiered crypto. we used a symmetric crypto. It stays fast for us.

We can find heavy PQC ops, Or would be heavier, larger keys if you will, for heavier encryption. We've found a way and developed a way in which we don't have to create a latency issue. And not only that, we've done it in six different layers where we don't have to sacrifice the speed. And that's one of the beauties of Crown's blockchain is that

You know, people aren't going to take, it's not going to take forever to log, to be on chain. It's not going to take forever to see a transaction finality. So that's one of the nice things about us.

Justin Beals: In some of these markets, especially where there's a lot of active trading, speed is of the essence to not miss a fluctuation in the price value.

James Stephens: Right. That's right. And that's another thing too. Real quick, I'm sorry. That's another thing is that, you know, with the Crown trade, with one of our trading platforms and one of our algorithmic prediction models with regard to trading crypto, Forex, whatever it may be, we're not sacrificing speed of finality or execution of order execution. You still get the same security, but you're not sitting waiting forever, right? Because those fluctuations can happen like that.

Justin Beals: Please.

James Stephens: And for us, don't, you're not sacrificing that speed.

Justin Beals: Yeah, it's certainly, you know, it's an age old arms race, right? I think about the old school days when they were just trying to get their offices closer and closer to Wall Street. Yeah. That's right. Yeah. So we've we've we've chat with some other folks that kind of see blockchain and cryptocurrency as separate technologies.

James Stephens: Yeah, yeah, the block, if you were a block away, were too far.

Justin Beals: But you really built it into your ecosystem's core, know, the blockchain, cryptocurrency, and quantum security. What led you to decide that you needed to kind of ground up design to get the outcome you wanted?

James Stephens:  Well, the first thing was I've seen all the dark space. seen all the reason why there's a bad stigma in the sector. And I wanted to create a foundation, first of all, a secure foundation. You know, can't have a secure house if you don't have a great foundation, right? So we started with the blockchain. We built the blockchain. And then I saw what was happening in crypto and I knew, OK, well, we need to attach this to a highly secure foundation. So that's why we created the native coin. But blockchain is, for me, it's a general purpose integrity fabric. doesn't really like crypto assets are on on it's just one application of it. You know, so when we look at it like DeFi in itself is an economic layer. And it's on top of that fabric. So whenever we look at that, I was like, well, it's all connected. It's all if it's going to be connected like this, it needs to all be together. There's not you shouldn't just one off it and say, OK, we're offering this and this is what we're doing for that. And when when you could have the entire cake and eat it too kind of thing.

We started with the blockchain as foundation, we moved to the crypto, the DeFi side, we felt like it was all interconnected because we knew it was in the ecosystem that we were building, so that's why we decided to build everything within it.

Justin Beals: Yeah, I certainly have, as I have learned more about not only the technology but the applications, my view on blockchain crypto is a little more nuanced. And we've had some great prior podcasts, especially talking to law enforcement, where they're actually big fans. They're like, the ledger is public. I can see what the transactions were, especially on the blockchain. That actually gives me some opportunity to root out corruption or fraud or theft and track it down in a way. At the same time, they understand that people are utilizing these technologies to wipe out the savings of just normal human beings that get caught up in the excitement of a new coin or something like that. Yeah.

James Stephens: Yeah, you know, I've spent a long time doing forensic analysis and investigation on chain and on transactions. And it is sad because you do see, you you can see the those threat actors and you can trace them back. You know what you're doing? You can trace them back. And unfortunately, sometimes you'll see people's, you know, what was stolen. You'll finally find it and you'll be able to conduct certain assessments and

I'll try to keep it out, but you can do certain operations that allow you to recover those. And it's just sad to see, but it's a double-edged sword. Law enforcement, yeah, they can see it all, depending upon what they use, some of them are good at hiding their tracks. But from forensic specialists like us, we kind of know how to track that down.

Justin Beals: You must personally see a lot of value in the tech or the opportunity to do this, know, beyond what you're doing. That's why you're in passion to secure it. Otherwise, I think you'd step away from it in a way, you know, I certainly have been like, hey, I played in that, it's not the path I want to travel. Yeah.

James Stephens: Yeah, you know, and that was another look always at the back of my mind when I was creating it was was that exactly that it was like, okay, how can we keep this completely secure right in the quantum age and quantum era coming? But how can we also create trust and how can we create transparency and how can we you know, and so you've got all of these, these these vectors here that are coming together. It's like, okay, it was a it was a fine line. It was it was a really tight rope that we had to, you know, had to balance there, but we were able to do it and I'm really excited and I'm very proud of that because it was definitely a lot of R &D spent on that alone, just trying to figure that part out.

Justin Beals: Yeah, absolutely. Talking about trust a little bit, one of the things I strive for in a lot of the security or the software architectures that I develop is I do like the zero trust style of principles as we do work. But there's an amount of trust that is required in some of these systems, especially large ecosystems, where you have a lot of different constituents. It's not just your company's employees or anything.

James Stephens: Yeah.

Justin Beals: How do you see the things you can trust or rely on inside of that quantum secured blockchain and where you also as just an individual participant should continue to be, keep yourself safe or be wary?

James Stephens: Yeah, so I think there's two parts there, right? think there's a privacy versus AML KYC part, and then there's also a kind of a question of where trust still exists, kind of, right? So for me, if we wanted to use privacy preserving compliance, which would be, you would have verifiable credentials in some part, but then also zero knowledge proofs for selective disclosure. they'd be like on-chain, attestations of that, you they can reveal only what regulators need. So that's a fine line again, you know, because you're looking at regimes like FATFA or, you know, FATF, which is a travel rule in the EU. And then you've got to be able to balance that privacy with lawful traceability. You know, there's a very fine line again right there, right? But we have to, as a company, we have to make sure we're within regulation, we're within compliance.

And then we also have to preserve the privacy as well of the users. And then that's where the trust comes in, Where does trust still exist in this quantum age? so just by default crypto minimizes, unfortunately, it minimizes trust in some areas. But to your point, yeah, it is a fine line. And it's something that we had to walk in building that, that privacy versus the KYC.

Justin Beals: Yeah, and I think the human machine line continues to blur for us, right, James? Especially some of these machines operate more autonomously than they used to over simple APIs or systems like that where they have the credentials. So that's metastasizing as well from maybe how we think about identity. I programmed that thing to go do that thing for me. Yeah.

James Stephens: Yeah, it's a trust. Again, it's a double-edged sword, right? You're trusting something that it's going to do what it's meant to do and that it's not going to fail at any point. And that trust goes both ways. Look, it goes from a dev point of view. There's a trust there that we've developed this, we know it's going to work, we've tested it, blah, blah, blah. But in the moment, if there's a failure, if there's a break, whatever it may be,

Justin Beals: Yeah.

James Stephens: Our trust is tested, And then on the other side, on the retail side or on the investor side, they need to be able to trust and feel good about what they're investing in and where they're doing their business at. yeah.

Justin Beals: Now, you have a lot of experience in blockchain architecture and forensic investigations. It must have been a unique experience. And so I'm curious what lessons you learned as an investigator, perhaps crimes that you saw happen or things that were kind of that detailed moment where I was like, man, I could solve this particular problem with the right setup. Yeah.

James Stephens: So I get that a lot too and what I like to go back to is how our investigation, I can't get into some of our investigation, but what I can say is I can tell you how the investigation shaped our design, if that's okay. So like casework, the casework over the years has really shown that the losses weren't math hacks, if you will, they were key mishandling, they were bad randomness, they were opaque custody.

Justin Beals: Yeah. please, yeah.

James Stephens: You know, it was it social engineering. So a lot of that comes from it's not just a it's not just a hack It was someone who believed someone someone who trusted something You know, they were fooled by you know a screen or you know, they're a phishing whatever it may be So that's why we emphasize verifiable entropy through the QRNG we also implement tamper evident key ceremonies, which would be like a like for for PQC sign firmware we can we can I mean, there's so many layers that we use right but for me, going back to that, it's just really about, it's about mishandling people, not securing themselves. And then also it's about, you know, the, the bad randomness that's happened. People can figure out people's keys because people by design, we're not, we're not truly random, right? Or things that we choose, whether it's passwords, whatever it may be, people are going to figure that out. can, you know, within 30 minutes, a good hack can figure out, you know, somebody's.

So for us, that's how we shaped our design was through the investigation side of that. I think without getting too far in the weeds, we've looked back at the lessons learned through investigations. And that's how we've shaped the design of Crown, the blockchain plus all of the different ecosystem products. And how people use it, not just user friendly, but also user safe too. And along the way, there's certain benchmarks or certain you warnings that people have to have before they make a certain decision you know it could be kind of make some stop and go wait a minute this is real or is yes should i look at this or should i change this or

Justin Beals: Feel like you've got a couple different vectors converging. One is like both the accessibility of computing power and the power of that computing system as well. then as quantum computers are gonna be cloud computing, I think I see that. I bet you see it similar. I'm not gonna get to put one in my living room here and operate it very well. Yeah. Yeah. Yeah. And so.

James Stephens:No.

Justin Beals : So just being able to log on to a website, be like, want to provision this server, I want to use this computing power, or for some type of work, you combine that with essentially a lack of password management or key strength, which we have not improved upon, I think, since 15, 20 years ago.

James Stephens: 2005, 2010, yeah, I was gonna say about 20 years ago.

Justin Beals: Yeah, and so you got these two things coming together and then the value of a Bitcoin wallet has gotten quite sizable from the early days. It does feel a little like a perfect storm for that kind of crime, right? Like it's valuable enough, I've got the computing resources and the targets are soft enough that it's a little easier to go after the money. Yeah.

James Stephens: No, it really is. That's where we get into Harvest Now Decrypt Later. People ask, how do we respond to that? These soft targets that you talk about, a lot of them are people that never thought about the security side of this 15 years ago. They never thought about Quantum 15 years ago. People were laughing at me in 2022 and 2023 when I was talking about Quantum. That's where the Harvest Now Decrypt Later problem comes in.

You know, for us, and I don't know if it's kind what you're getting to, but for us, it's really about, you you can classify, it classifies the data by shelf life, what we call shelf life. And you can migrate anything with multi-year sensitivity to the PQC now, right? Meaning how exposed is that? How weak is this security here to the threat now or the threat later? So people, these bad actors are holding on to all of the data and all of what they feel like they could crack and they're hold onto that and then when quantum as it evolves, the computing evolves, they're gonna decrypt that later and hack later and that's a major, major problem that we're dealing with right now.

Justin Beals: Yeah. OK. Let's talk a little bit about your partner that you're working with from Crown, Quantum Emotion. Tell us a little bit about, I think every piece of software I've ever built was built on the backs of people that came before me, that package, that computing platform that I could use. And certainly, I think you probably see it similarly. They're powering some innovation that you're bringing to market.

What is exciting about what they're doing that you guys are enjoying implementing?

James Stephens: You know, it's really about, well, number one at end of the day, and I always tell my people this, this is a relationship and a people business. those relationships that you make in the sector are really going to define you in the future. And Quantum Emotion is one of those companies that, know, Dr. Francis Bolido is the head of that company and the guy is just one of the sharpest minds that I've ever been around, and especially in Quantum. And, you know, when he created his chip, and created the QRNG, what's called the QRNG2 chip for hard wallets. Once we went and we looked at the SDK, we looked at everything, we were like, okay, I see what they're doing now. This is why it matters. This is why this is gonna make a difference. it is, collaborations are key and for Crown we saw that and what they're doing different is unlike anything else I've seen. I've had a lot of people contact me and say, hey, they wanna partner with us and they wanna they have this PQC set up, or they have this package, whatever it may be. But there's been nothing yet that's come to us that has been quite to the level of quantum emotions, QRNG technology. And we see the value in that, in the bidirectional communication between our ecosystem products and our authentication protocols. It's just one of the layers that we use for security. So they're a step above right now in one of their one of their products that they offer.

Justin Beals: Yeah. What, you know, it doesn't feel like a lot of the traditional cybersecurity guys have heavily leaned into this quantum issue. Do you think they were just hoping it would take longer or perhaps it's a, need kind of an innovative brain set, a brand new team to think about it. And that's hard in a legacy business.

James Stephens: It is. I got a phone call not too long ago and when I picked up the first thing that said was crap, man. I said, I said what? He goes, goes, he's like James, goes, we are closer than I thought. I said, I already told you that. told you that a year ago, you know, and no, you're right. You're right. And they're going to struggle to migrate. And we're starting to see people really kind of rush us in because there's also a side to crown that offers this migration assistance.

And people are really starting to pour into that, right? Because they're starting to see this is what's happening. You hear every time you look on the news, you look in articles like I do every single day, and you see nothing but quantum this, quantum that. I think people are behind the time. If you're not in it right now, you're behind the time. If you're not listening, I mean, look, we just said this earlier, NIST updated their standards, okay? They don't do that for no reason. And, yeah.

So the answer to question, yes, I believe that people are behind the times. Yes, I believe these legacy companies, these companies that are still stuck in the Stone Age, what I call the Stone Age, with regard to security, they're going to really pay a dear price. But I hope that we can get the migration done in time. I know that there will be news articles and news stories about this in the next few years for those that didn't.

Justin Beals:  Yeah, it is a really tough thing to balance. I kind of can see the pain on both sides. On one side, why do we have this experience where it takes a major breach or a major malfunction or a major break in our computing infrastructure to realize we need better security? We could be predictable about that. On the other side of the coin, we've looked at some of our cyber tools or cybersecurity budgets inside of business and been like, man, that is really pricey, you know? Yeah.

James Stephens: Yeah. Yeah.

But here's the thing though, so people are going to say, and we get this a lot, well that's a little expensive, or I didn't realize it would be that much to secure this and that. And then you have to look at them and have to say, well, you're trying to secure $180 billion, or you're trying to secure $1.2 trillion worth of custody. so it's hard for them to quantify.

a quantum security, you know, against this quantum threat. It's hard for them to quantify that because we're still stuck in, we're still stuck five years ago, 10 years ago. So.

Justin Beals: Yeah, but the risk math is pretty good, right? Like you could say the risk math is $1.2 trillion.

James Stephens: Yeah, somebody complains to me because, you know, they're going to pay, you know, half a million dollars or $400,000, whatever it may be to migrate their entire structure, their architect, you know, we're going to re-architect it and, or we're going to look, you know, because this isn't just going be a patch. You're not just going to patch this, you know, and then I don't need to, I don't need to deal with them because they're not going to, they're not seeing it for what it is. And even though you can warn them all you want, you can send them every, you know, everything under the sun, but as to why.

Justin Beals:  Yeah. I wanted to ask you about this concept of the Camelot ecosystem. Yeah, first off, what's the name meaning to y'all and how do you think about that?

James Stephens: So Camelot really came from crown and royalty. And my faith plays a big part in what I do too. But the Camelot came from an Excalibur, if you notice, right? Excalibur and Camelot. So it really hearkens back to the days of medieval times and King Arthur and all of that. So Camelot was kind of like the natural ecosystem. If it was a city on a hill, a shining city on the hill kind of thing. And then we wanted something for the cold storage, quantum cold wallet, we wanted something that was like, the tip of a sword. So like Excalibur, the cold wallet, it's going to be shaped like the tip of a sword. And then we have the Camelot Gala every year. We have the King's Roundtable, which is a really interesting thing. So the King's Roundtable is 50 members of the community. Some of them, there is what we call the people's envoy. That's three people. And then there's the top status tiers and the top reward tier holders. Then there's the team.

They all gather every year in a secret place in a castle every year. it's basically a policy movement moving forward, a policy direction. So it's something, you know, I like the medieval times, and so that's kind how that played into it. Yeah.

Justin Beals: That's a lot of fun. Yeah, I think naming and having taken a lot of creativity. That is one of the few joys in computer science. I used to name all my servers after tool albums back in the day. I once threatened an investor that because I once asked like, do you have to name all your rounds like series ABC? Is that a requirement? They're like, no, you can name whatever you want. Just and I was like, you guys have just unlocked a lot of fun for me.

James Stephens:  Yeah, that's like, no, like, so you'd have like, you'd have like a server sober, server schism, server... Wow. yeah. That's awesome. I love that. I love that.

Justin Beals: Lateralists? yeah, yeah. A anema? yes, yeah. Well, you know, let's say certainly CISOs are kind of leaning into this a little bit. How do you recommend someone approaching this quantum security challenge initially, James, especially a CISO that's just trying to manage what's happening, their security posture internally? but they realize that this is no longer a potential threat, but a true existential issue for us.

James Stephens: I would say, so in our sector, would say, well, I've had a lot of people say, you know, well, we're still a ways away. We're still a ways away. And that scares that I'll be honest with you. That scares the hell out of me. But I would say treated like Y2K with a longer fuse. Like do it if you're in crypto, like do a crypto inventory, classify your data by longevity. You you need to, you need to make sure that, that, you know, you need to align with, with, with government standards too. Again, I go back to this, but this is just  a ground floor, you need to look at that, you need see why, why are they, what are they put into the new standard. I say also if you're dealing with vendors, this is another thing too, because this can be where your weakness lies, is if you're dealing with vendors, you need to look at their roadmaps now, like now, and you need to understand, do they have a roadmap? that is for the quantum era. Do they have a PQC migration roadmap? What are they doing with regard to their security and their threat assessments? Because that can be the weakest link. You may not be the weakest link, but you could be the weakest link because of your weakest link. I think everyone needs to really sit back and look at their posture and understand where they're... And the biggest thing in all of this, and I've had to do this with myself, and it's very humbling,

Be honest with yourself. Just be honest with yourself of where you lie right now with regard to your security architecture, how you've built it. And then when you get your test back, or when you do your testing, or you get your pen test, whatever it may be, don't have an ego in this. Don't have an ego in this. Think about your company. Think about the future for your security.

Justin Beals:  Yeah, sage advice, James. We really appreciate you joining us and sharing your expertise and the work you're doing at Crown Technologies. We appreciate it, James. Yeah.

James Stephens:  Yeah, Justin, thank you so much. I appreciate your time. Love the show and hope to see you guys again. All right. Thank you,