中文 English

Quantum Random Numbers Future-Proof Encryption

Three universities chose to build and license quantum random number generators.

popularity

It may be a decade or more before quantum computers become common enough that we’ll find out whether “post-quantum cryptography” will stand up to genuine quantum computers.

In the meantime, some quantum researchers are peeling off specific functions and turning them into products or companies so that it’s possible to take advantage of the potential of quantum computers without actually having access to one.

It’s not a coincidence that three universities chose to build and license quantum random number generators. Good, truly random numbers make possible encryption strong enough that it might even stand up to other quantum computers. Random number generation is the foundation of a solid technology and a good early starting point for researchers building task-specific quantum computing devices from Los Alamos National Laboratory, Oak Ridge National Laboratory and Lancaster University in the U.K.

All three are looking for partners or are in the process of distributing versions of a quantum random number generator (QRNG) able to generate what they call truly random strings of digits, very quickly, with virtually no chance the process could be compromised secretly from outside.

Random number generators may seem an odd place to start adding quantum components to classic computers, but they are an important step, according to Haydn Povey, founder and CTO at SecureThingz and board member of the IoT Security Foundation.

“There are three or four things you really need to build good security for any system; a really good random number generator is one,” Povey said during a presentation at Arm’s TechCon 2018 in San Jose, Calif., on Oct 17. “It should be NIST approved, but it you want to do a quick test on a system, text the random number generator. If you don’t like the answer, move on; don’t even both with the rest of it.”

The National Institute of Standards and Technology (NIST) is such a big fan of randomness it launched a competition to find new approaches that can resist cracking by both quantum and classical computers while still interoperating along standard communications links. It published a set of standards in January describing how to select and harvest entropy from outside sources in classic-computing environments.

It also got into the act itself, with an article in the April edition of the journal Nature, which described a phone source of entropy that used laws of classical physics rather than quantum mechanics to generate a random number.

A fully capable quantum computer would have enough power to reverse and decode the calculations that create any current form of encryption, according to a 2016 report from the NIST and an unrelated 2018 report from Washington, D.C. think-tank, the Hudson Institute.

“For example, a quantum computer with 300 quantum bits (“qubits”) could conduct more calculations than there are atoms in the universe,” according to the 2018 Hudson report from Arthur Herman and Idalia Friedson of the Hudson Institute.

Quantum systems could help cure cancer, vastly improve machine learning and manage pharmaceutical-research simulations of protein folding that are beyond even most supercomputers.

“Unfortunately, such a computer could also render today’s public encryption systems obsolete in less than the blink of any eye,” the report read.

“The trouble is that computer systems compute as we build them—using prescribed mathematical algorithms. So all computers, if they’re working correctly, are completely deterministic,” according to Raymond Newell, research scientist at the Applied Physics Group at Los Alamos National Laboratory (LANL). “Unpredictably random numbers are the core resource of all computer security and cryptography.”

“The key to good cryptography is doing it fast. Random number generators that touch the physical world to harvest entropy do a good job of appearing random by spreading out their results evenly. They are still deterministic, so, given enough effort, you could still make a pretty good estimate of their result,” Newell said.

Los Alamos’ single-photon approach
Los Alamos National Laboratory (LANL) is looking for a replacement for Whitewood Encryption Systems, Inc., which agreed in 2014 to license Entropy Engine—the Lab’s quantum random number generator (QRNG) designed to deliver truly random numbers at 200 million bits per second to encrypt high-speed network connections. After incorporating the QRNG in its own product suite and acquiring a number of patents related to the system, Whitewood eventually backed out of the deal.

“We are in a position of having made some improvements on the technology and are looking for another partner. The backers of the previous company decided not to pursue it,” Newell said. LANL’s QRNG finds randomness in the 50/50 probability a single photon from a low-intensity, carefully focused light source will be transmitted or absorbed. The result can’t be captured from outside without changing the result or collapsing the waveform. “Most physical systems don’t change quickly enough to encrypt data at high rates in a communications link, as was our goal,” Newell said. “We were looking at rates of close to 100Mbits/sec, not 100 hertz, which is about 10 nanoseconds. Most systems are very predictable on a 10-nanosecond time scale.”

Oak Ridge’s quadrillions of photons
In August, Oak Ridge National Laboratory (ORNL) licensed the QRNG it developed to New York-based Qrypt—an encryption provider that sees quantum-computing technologies like the quantum key distribution system it is developing, and the QRNG from ORNL as steps toward high-speed encryption systems secure enough to survive the eventual coming of quantum computing.

Rather than focusing on just one or two photons at a time, the ORNL method relies on statistics gathered from “a field of quadrillions of photons” produced by a beam splitter, according to according to Raphael Pooser senior scientist and research team leader for the Quantum Information Science Group at ORNL.

“Different from other QRNG technologies, our method does not require that we wait for a single photon to appear, but allows us to use the collective statistics of large numbers of them,” Pooser said.

U.K.-based startup Quantum Base, Ltd., came out of near stealth during the summer to offer 13 different configurations featuring its USB or dongle-based QRNG and a quantum physical unclonable function (PUF) designed to do for on-chip identification and encryption what quantum encryption does for data.

The products designed purposely to be physically small, narrow in scope, easy and inexpensive to incorporate into other products, according to Robert Young, The Royal Society research fellow and professor of physics at Lancaster University who co-founded Quantum Base largely as a way to put things he’d learned in his own research to practical use.

“We developed the first purely electronic truly random number generator that’s a single diode and works at quantum levels,” Young said. “90% of the random number generators out there are big and expensive; ours is small and not too expensive, and it uses quantum mechanics in real ways, at a time when everything in quantum computing is pretty far from commercialization.”

Using quantum mechanics, not quantum computing
Though the techniques differ, all three products are designed to raise encryption to a higher-performing, more cost-effective level to bring out some of the benefits of quantum computing while the market is still figuring out how to build and sell quantum computers.

“Random number generators are one of the simplest things you can distill from the field, but they obey the laws of quantum mechanics, they get higher signal to noise ratios and it is an unhackable way to plug one of the weak points in most cryptography schemes,” Pooser said. “It’s not deterministic. You can’t crack it by reverse engineering. The process of measurement follows a quantum wave function. Nature is going to select one of the eigenstates to collapse to. The process is random. Pseudo random number generators can sample a chaotic distribution and look random, but are entirely deterministic, which makes them vulnerable.”

They’re also well known, well understood and have been used effectively by chipmakers and security developers for 20 years, according to Ben Levine, senior director of product management for the Rambus Security Division.

Calculated random number generators are also pretty well proven, widely known and have been used successfully by chipmakers and developers for 20 years, Levine said.

True random number generators with physical components built into the chip—for example, ring oscillators comprised of NOT gates that change value based on voltage and use jitter as a source of entropy—have provide tested using RNG verifications from NIST and other testing agencies have demonstrated they produce genuinely random numbers and work well in a range of applications, Levine said.

“There may be some other properties a quantum version might be able to show, but, with multiple sets of physically separated rings statistical tests show that is a true entropy source,” Levine said.

Pairs of ring oscillators do tend to couple using global deterministic jitters, which causes the appearance of of entropy, but is more likely to cause observers to overestimate the loss of independence rather than actually demonstrate a loss of entropy.

However, it is possible to recover the statistical parameter with a high-enough layer of output bits, which could give an attacker access to an encryption key, though it is possible to reduce or eliminate that risk with the right number and separation of rings and careful configuration, according to a 2013 mathematical analysis from the University of Lyon, and a 2009 statistical analysis from the University of Rennes.

Development of ORNL’s quantum random number generator began with basic components including an LED light, the source from which a field of quadrillions of photons are produced. The device can detect and measure the quantum statistics of photons present in the field and use each one as the basis for creating truly unique encryption keys that are impossible to decipher or predict. Credit: Brian Williams/Oak Ridge National Laboratory, U.S. Dept. of Energy (hi-res image)

“A chaotic random number generator—true random, not pseudo—designed into the same chip isn’t something new; people have been adding cryptographically strong entropy sources for a while,” Levine said. “But you don’t get security from just one thing. You need to confirm none of the boot code has been changed, have a place to keep the key and resources to remediate the root of trust if the rest of the firmware is compromised. You need foundational layers of security in hardware and layer additional hardware and software on top of that foundation to put together an adaptable security solution.”

It is considered impossible to deliver real, fully trustable random numbers using only classical computing, however, according to a 2016 paper in Nature by researchers from the Institute for Interdisciplinary Information Sciences, Tsinghua University, Beijing, China.