The importance of randomness in a quantum world

Quantum computing has the power to revolutionise the world we live in, but like all technology it can be used for harm as well as good. Quantum cybersecurity is becoming a necessity for all those who value the integrity and security of their data.

In its latest report looking at quantum computing, the IBM Institute for Business Value highlights the potential quantum technologies have to become ‘a double-edged sword’; one that will expand computing power and offer opportunities for improving cybersecurity, whilst exposing vulnerabilities in current encryption methods.

IBM reference the risks posed to both symmetric-key cryptography (where the same key is used to encrypt and decrypt data) and asymmetric aka Public Key cryptography (where two different, but related, keys are used).

With the long-term security of current cryptographic methods in doubt, enterprises and governments alike are investing in the development of new, quantum-safe cryptographic solutions. Two of these technologies Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD) leverage the principles of quantum physics to counter the emerging threat of the quantum computer.

The importance of randomness

Randomness (entropy) is the cornerstone of cryptography as it is used to generate session keys. The more random the numbers, the more secure the cryptographic system. The challenge then, becomes one of generating true randomness.

Many of today’s systems use pseudo-random number generation. However, these systems are vulnerable as they rely upon external sources of entropy and do not generate truly random numbers. Software-based random number generators (RNGs) are deterministic and do not provide true randomness.

Hardware-based RNGs that exploit the principles of classical physics provide a greater degree of entropy, but even these are susceptible to influence and lack true randomness. Whilst these patterns are almost impossible for classical computers to recognise, the same cannot be said for a quantum computer.

For genuine entropy, cryptographers are turning to quantum random number generation (QRNG). These hardware-based systems exploit the principles of quantum physics to generate truly random numbers and offer greater resistance to external or environmental perturbation.

“Quantum Random Number Generators (QRNGs) can be thought of as a special case of TRNGs in which the data is the result of quantum events. But unlike traditional TRNGs, QRNGs promise truly random numbers by exploiting the inherent randomness in quantum physics. A true random number generator provides the highest level of security because the number generated is impossible to guess.” – IBM Institute for Business Value

Provable forward secrecy

Quantum has a role to play beyond key generation. The principle of “observation causes perturbation” is an essential component in forward secrecy. Although the IBM report doesn’t address quantum key distribution (QKD), it is an important part of the quantum-safe cryptography story.

To “eavesdrop” on a communication, any unauthorised third party will need to observe the key in a quantum state. This act of observation introduces detectable anomalies, alerting the system to the breach. QKD is already being used in real-world applications, working in conjunction with symmetric key cryptography to provide provable forward secrecy.

Data security for the present and future

With the impending arrival of mainstream quantum computers, QRNG and QKD are two technologies that security-aware organisations should be considering if they are to ensure the long-term protection of their data.

Although it may be tempting to delay change until a viable quantum computer becomes available, the quantum threat is just as relevant today. The long-term value of much of the data transmitted across high-speed networks means a patient cyber-criminal can capture the data today and decrypt it later.

“Even though large-scale quantum computers are not yet commercially available, initiating quantum cybersecurity solutions now has significant advantages. For example, a malicious entity can capture secure communications of interest today. Then, when large-scale quantum computers are available, that vast computing power could be used to break the encryption and learn about those communications.” – IBM Institute for Business Value

Four steps to take now

Identify, retain and recruit for the necessary quantum cybersecurity skills. These people will become the organisation’s cybersecurity champions; collaborating with standards bodies and creating its quantum security transition plan
Begin to identify where quantum-safe security methods should be adopted by assessing potential areas of security exposure
Keep up-to-date with news and advances in quantum-safe cybersecurity standards and emergence of security solutions
Work with encryption solution providers to deploy quantum-safe solutions

Like to find out more about Quantum Random Number Generation? Download our White Paper: What is the Q in QRNG?

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
CONSENT	2 years	YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
datatranscw-woocommerce-context-id	session	Description is currently not available.
datatranscw-woocommerce-context-key	session	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.
wp11868	1 year	Marketing automation. Automatically sets cookie tracking when visitors engage through form submissions, clickthrough’s in email messages, and web pages containing the Act-On Beacon Tracker.

The importance of randomness in a quantum world

Stay one step ahead