How quantum technologies can solve the randomness bottleneck (Guest blog by Quantum Dice)
The rising importance of encryption
In an ever more connected world, the importance of cybersecurity and data encryption is continuously increasing and concerns about their efficacy can now be found everywhere from the cabinet office to the board room to the dinner table. To see just how important cybersecurity has become, in 2021 a controversy regarding the encryption protocol implemented in WhatsApp severely damaged Meta’s reputation and led to an exodus of millions of users to alternative platforms.
Despite this, only a small part of cybersecurity gets discussed in commercial and mainstream contexts. Encryption alone covers a host of protocols, algorithms and implementations that can vary dramatically in their security, complexity and applicability. That being said, all encryption algorithms rely on the ability to generate secure random encryption keys. Nevertheless, most people’s brush with randomness in security is limited to attempting to meet the ever increasing requirements imposed by services on user passwords. In reality, this is only the tip of iceberg, millions of random encryption keys are being generated to be used to secure the multitude of communication channels.
The challenges of producing randomness
Unfortunately, generating these keys reliably is far easier said than done. The state of the art relies on noisy hardware components, called true random number generators (TRNG), which generate a slow unpredictable signal, this is then fed into an algorithm called a pseudo-random number generator (PRNG) which can then generate random numbers at a much faster rate and with the desirable statistical properties. However, both TRNGs and PRNGs have a number of vulnerabilities which may compromise the security of their output. An infamous example of this can be found in the case of the Dual_EC_DRBG algorithm which was originally classified by the NIST as being cryptographically secure before being de-listed when users figured out that it contained a backdoor. Securely generating randomness is a task that the cybersecurity industry has been working to optimize for a very long time, but it is one that is getting more complex as the demand for high-speed and high-quality randomness increases.
Quantum randomness and its advantages
As is the case with cybersecurity, quantum technology is a field where there is a tremendous amount of mainstream attention being focused on just one aspect: quantum computing. It is undeniable that quantum computers have the potential to revolutionize our world. However, the full breadth of the impact quantum technologies can have is much wider. In fact, quantum random number generators (QRNG) are an example where the “quantum advantage” can be impactful right at the moment. Not only can quantum systems be sources of rapid and secure randomness, they also have the potential of offering more advanced methods of resilience against faults and cyberattacks thanks to features like device-independence and self-certification. This is because, unlike classical systems, quantum systems are inherently unpredictable and specific implementations of QRNGs allow the user to be assured of a minimum level of unpredictability no matter the disturbances the system is subject to and no matter the information an adversary has about the system. This can mitigate against the vulnerabilities that can be found in currently deployed systems.
Nevertheless there are barriers to a wider adoption of QRNGs. One of the main ones is that there are currently no clear standards codifying QRNGs and delineating the differences between them and between classical solutions. This makes it difficult for end-users to understand the advantages they can bring. This situation is changing as regulatory agencies look to understand this new technology and vendors work to educate the market about the benefits of their technology. As such, QRNGs are on their way to become the first quantum technology one can find right in their pocket.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Cyber Innovation Den
On Thursday 3 November, techUK will host our fourth annual Cyber Innovation Den online. This year we’ll explore efforts being made to realised the ambition set out in the National Cyber Strategy, with speakers taking a look at the progress we’ve seen to date, including the foundation of the UK Cyber Security Council, the reinvigoration of the Cyber Growth Partnership and the continued growth in the value of the sector to the UK economy.
Cyber Security Dinner
In November techUK will host the first ever Cyber Security Dinner. The dinner will be a fantastic networking opportunity, bringing together senior stakeholders from across industry and government for informal discussions around some of the key cyber security issues for 2022 and beyond.
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.