The importance of randomness in a quantum world
Quantum computing has the power to revolutionise the world we live in, but like all technology it can be used for harm as well as good. Quantum cybersecurity is becoming a necessity for all those who value the integrity and security of their data.
In its latest report looking at quantum computing, the IBM Institute for Business Value highlights the potential quantum technologies have to become ‘a double-edged sword’; one that will expand computing power and offer opportunities for improving cybersecurity, whilst exposing vulnerabilities in current encryption methods.
IBM reference the risks posed to both symmetric-key cryptography (where the same key is used to encrypt and decrypt data) and asymmetric aka Public Key cryptography (where two different, but related, keys are used).
With the long-term security of current cryptographic methods in doubt, enterprises and governments alike are investing in the development of new, quantum-safe cryptographic solutions. Two of these technologies Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD) leverage the principles of quantum physics to counter the emerging threat of the quantum computer.
The importance of randomness
Randomness (entropy) is the cornerstone of cryptography as it is used to generate session keys. The more random the numbers, the more secure the cryptographic system. The challenge then, becomes one of generating true randomness.
Many of today’s systems use pseudo-random number generation. However, these systems are vulnerable as they rely upon external sources of entropy and do not generate truly random numbers. Software-based random number generators (RNGs) are deterministic and do not provide true randomness.
Hardware-based RNGs that exploit the principles of classical physics provide a greater degree of entropy, but even these are susceptible to influence and lack true randomness. Whilst these patterns are almost impossible for classical computers to recognise, the same cannot be said for a quantum computer.
For genuine entropy, cryptographers are turning to quantum random number generation (QRNG). These hardware-based systems exploit the principles of quantum physics to generate truly random numbers and offer greater resistance to external or environmental perturbation.
“Quantum Random Number Generators (QRNGs) can be thought of as a special case of TRNGs in which the data is the result of quantum events. But unlike traditional TRNGs, QRNGs promise truly random numbers by exploiting the inherent randomness in quantum physics. A true random number generator provides the highest level of security because the number generated is impossible to guess.” – IBM Institute for Business Value
Provable forward secrecy
Quantum has a role to play beyond key generation. The principle of “observation causes perturbation” is an essential component in forward secrecy. Although the IBM report doesn’t address quantum key distribution (QKD), it is an important part of the quantum-safe cryptography story.
To “eavesdrop” on a communication, any unauthorised third party will need to observe the key in a quantum state. This act of observation introduces detectable anomalies, alerting the system to the breach. QKD is already being used in real-world applications, working in conjunction with symmetric key cryptography to provide provable forward secrecy.
Data security for the present and future
With the impending arrival of mainstream quantum computers, QRNG and QKD are two technologies that security-aware organisations should be considering if they are to ensure the long-term protection of their data.
Although it may be tempting to delay change until a viable quantum computer becomes available, the quantum threat is just as relevant today. The long-term value of much of the data transmitted across high-speed networks means a patient cyber-criminal can capture the data today and decrypt it later.
“Even though large-scale quantum computers are not yet commercially available, initiating quantum cybersecurity solutions now has significant advantages. For example, a malicious entity can capture secure communications of interest today. Then, when large-scale quantum computers are available, that vast computing power could be used to break the encryption and learn about those communications.” – IBM Institute for Business Value
Four steps to take now
- Identify, retain and recruit for the necessary quantum cybersecurity skills. These people will become the organisation’s cybersecurity champions; collaborating with standards bodies and creating its quantum security transition plan
- Begin to identify where quantum-safe security methods should be adopted by assessing potential areas of security exposure
- Keep up-to-date with news and advances in quantum-safe cybersecurity standards and emergence of security solutions
- Work with encryption solution providers to deploy quantum-safe solutions
Like to find out more about Quantum Random Number Generation? Download our White Paper: What is the Q in QRNG?