Ramy Shelbaya, CEO of Quantum Dice, explores the importance of quantum randomness in maintaining essential cyber safety.
Earlier this year, the UK Government announced its National Quantum Strategy, naming the development of quantum technologies a national priority. They have said these technologies will ‘revolutionise’ life in the UK and bring enormous benefits in the next ten years.
Certainly, quantum technologies have incredible potential to offer solutions to many challenges faced today, including:
- Faster computing processes that could enhance drug development, super-accurate sensing and measurement abilities;
- Improved timing and navigation systems with applications across transport, defence, and telecommunications; and
- Important implications for cybersecurity.
Due to the particularities of quantum computers, quantum algorithms are expected to be able to break existing encryption methods used today from data centres, banks, and everyday consumers once the hardware reaches a certain level of maturity. However, just as some quantum technologies can weaken current cybersecurity systems, others will strengthen them. This is where Quantum Random Number Generators (QRNGs), or quantum randomness, come in.
Why randomness is so important when it comes to security
The vast majority of our data is digital, and a large amount of that data is personal or confidential. Having reliable encryption is, therefore, part and parcel of living in the digital age.
Behind every encryption system, a fundamental component is the encryption key. Every encryption algorithm requires a key and if that key is hackable, no matter how complex the algorithm is, the system will be vulnerable. To avoid a hackable encryption key, randomness is essential.
This is analogous to passwords. When creating a password, the more complex or ‘random’ that password is, the harder it is for it to be predicted, and the safer the system is.
As opposed to passwords, computers and networks today need to generate encryption keys on a much larger scale – billions per second – and they need to be as random as possible to avoid being cracked.
The consequences of insufficient randomness
The problem many face when it comes to true quantum randomness is that it is exceptionally hard to generate and, especially, to verify.
Therefore, there have been many failures in the generation of randomness that have caused vulnerabilities in cybersecurity systems with significant consequences.
An example of this is the announcement Cisco made recently that one of its firewall systems – which is also one of the most commonly used around the world – had a vulnerability caused by insufficient randomness.
The fact that this is the second time a vulnerability has been discovered in five years shows how difficult it is, even for the big, multinational conglomerates, to build systems that achieve true randomness.
It shows that quantum randomness, even though it’s so fundamental to effective security, is very complex. This combination of complexity and importance means that devices that reliably generate verifiable randomness are rare and invaluable.
What are QRNGs and what makes them different?
Currently, in every cybersecurity system, there will be a source of randomness that helps to secure data by making the encryption algorithms harder to guess.
However, these cannot produce verifiable randomness as they are based on classical computing processors. While they produce number sequences that appear random, they are susceptible to a number of vulnerabilities that can cause them to be hacked.
This is where quantum mechanics comes in. Because quantum systems can ‘exist’ in multiple states at once and because their properties are inherently probabilistic, QRNGs can generate truly random numbers. For instance, a QRNG might measure the spin of electrons or the polarisation of photons, and these measurements are intrinsically unpredictable.
However, simply measuring the behaviour of a system that exhibits quantum behaviour is not sufficient to ensure that you are generating verifiably random numbers. This is because there are no purely quantum or purely classical systems; all real world hardware exhibits a mixture of both to varying degrees.
Additionally, QRNGs are designed to replace the classical quantum randomness component in current encryption systems, which means that interoperability with existing encryption systems is also a crucial factor in the usability of a QRNG.
Quantum Dice’s QRNGs have a unique layer of security – the source device’s independent self-certification, or DISC. This is an in-built continuous verification system that evaluates the amount of quantum randomness that’s being generated and whether it is secure enough. This is important because physical systems are not impervious to natural decay or environmental disturbances, such as changes in heat or vibrations.
This usually impacts how the quantum system behaves and, therefore, how effectively a system can produce quantum randomness.
However, DISC solves this problem, ensuring these solutions can provide a consistent and reliable generation of truly random numbers while maintaining interoperability and ease of use.
What’s next for QRNGs?
The developments currently being made in the quantum field are exciting, the applications of which could change many things for the better. As we move closer to quantum technologies becoming a permanent fixture in our daily lives, it’s important that we understand their implications, not least of all their ability to enable the proper encryption and reliable security of data.
While QRNGs are already being used in industrial security systems, such as in data centres, banks, and telecommunications, the ultimate goal is to make them available for personal use and install them in everyday devices.
For this to happen, the hardware must be miniaturised. This is the next step in the technology’s development, and it is already underway. DISC-enabled QRNGs are being developed for use in satellite communications, and, eventually, for scalable, democratised use so that everyone can enjoy the benefits and peace of mind of verifiably secure technology powered by true quantum randomness.
