London, UK, April 28, 2025 -- Arqit Quantum Inc. (Arqit), a leader in quantum-safe encryption has announced the delivery of quantum-safe protection enhanced by confidential computing; data protection that helps ensure no third party, not even the cloud provider, can access a customer’s encryption keys or workloads, even when distributed across multiple hosts. Powered by Intel Trust Domain Extensions (Intel TDX) and Arqit NetworkSecure, this solution strengthens the security of Arqit’s quantum-resistant crypto key delivery system.

With the right approach, organisations can now overcome long-standing cloud security challenges: gaining full control over encryption keys, securing data in transit, enabling trusted collaboration, and reducing the cost and complexity of additional hardware.

Protecting sensitive data in the cloud has always depended on placing trust in infrastructure providers despite the theoretical risk that they could access encryption keys or data as it moved between environments. This risk is now addressed.

With Arqit NetworkSecure running inside a Trusted Domain (TD) created by Intel TDX, encryption keys are:

• Generated inside the Intel TDX enclave
• Visible only to the TD owner
• Rotated frequently
• Protected with quantum-safe symmetric encryption between enclaves

Even Arqit and Intel are outside the trust boundary. This architecture provides advanced data sovereignty by design.

How It Works

In the Intel TDX environment, each TD is encrypted and isolated from other software, the hypervisor, and the infrastructure host. Arqit’s software operates inside this confidential VM, generating and managing encryption keys that never leave the TD. Keys are used to secure communications between TDs across hosts, enabling safe, quantum-secure data flows without exposing any secrets to the infrastructure.

Use Cases

1. Network Security for Telcos

Telcos deploying Network-as-a-Service (NaaS) or virtual RAN (vRAN) on white-box hardware face new security demands. Arqit NetworkSecure can now run inside an Intel TDX trust domain on these platforms, designed to keep traffic encryption and key management isolated and quantum-safe. Remote attestation helps verify the environment hasn’t been tampered with.

2. Enterprise Edge & AI Workloads

Large enterprises moving sensitive workloads between on-prem environments and the cloud need strong isolation and secure communication. Arqit and Intel TDX isolate the workload and secure the channel using symmetric keys, all without exposing processes inside TD to the cloud or the infrastructure provider.

3. Virtual Hardware Security Modules (HSMs) for Critical Infrastructure
Instead of costly physical Hardware Security Modules (HSMs), organisations can now deploy Arqit’s symmetric key platform inside TDs as a “virtual HSM” – cutting costs while meeting the highest security standards for cryptographic operations.

4. Secure Collaboration Across Domains

In sectors like defence, finance, and public services, data collaboration often involves multiple parties. Using secure enclaves and Arqit’s ephemeral key model, organisations can now enable secure, privacy-preserving analytics across trusted domains.

Looking Ahead

Confidential computing can elevate security to the next level. Security enhancements include:

• Infrastructure that meets the highest bar
• Zero key access for operators
• Quantum-safe encryption as standard
• Hardware-based trust anchors
• Attestation independent of the provider’s infrastructure
• Verified isolation through TD attestation

This level of assurance is especially vital in regulated industries like finance, defence, and national infrastructure.

Andy Leaver, CEO of Arqit, commented:

“This collaboration with Intel delivers a powerful enhanced model for securing data in the cloud. By combining Intel’s trusted hardware with Arqit’s quantum-safe encryption, we’re giving customers full control of their security, removing infrastructure providers from the trust equation entirely. It’s a significant step forward for digital sovereignty, and demonstrates the future of confidential computing can be both stronger and simpler.”

Bob Ghaffari, Vice President, Network and Edge Group, Intel Corporation:

“Arqit’s quantum-safe encryption technology running in Intel TDX creates a powerful addition to confidential computing where data sovereignty and protection of the information you process are ever more important to organizations of any size and form.”