Quantum Randomness Now Boosts Everyday Security

12 Aug 2021

Encryption needs random numbers, and the subatomic realm has plenty to spare

Randomness is typically seen as a problem, interfering with our ability to make sense of the world and complicating our attempts to predict the future. But that very unpredictability also makes it a crucial ingredient in the encryption that protects billions of dollars worth of private data. Random numbers are used to make cryptographic keys, and any latent pattern in the key can be used to crack encryption. True randomness is harder to come by than you might think though, which is why people are increasingly turning to the strange world of quantum mechanics to find it.

Chinese tech giant Alibaba recently published research on a quantum random number generator (QRNG) platform that it has been using to enhance the security of its cloud as well as financial services like Alipay and Ant Financial. And in April, Samsung released the Galaxy Quantum 2 – the second generation of its new line of smartphones secured using a specialized QRNG chip.

Others may soon follow in their footsteps, says Axel Foery, an executive at Swiss company ID Quantique, which supplies QRNG chips used by both Alibaba and Samsung. He says they are in discussions with a number of major cloud-providers and leading smartphone makers and he thinks the use of quantum randomness could soon be standard practice. That’s because ever more powerful computers and new techniques like machine learning and quantum computing are making traditional sources of randomness increasingly easy to hack, he says.

“It’s still some effort, but it’s less effort than it was in the past,” he adds. “And if you understand the randomness and you can predict it then you have no randomness. And then you can manipulate all the functions that rely on this randomness.”

It’s possible for computer to generate random numbers by harnessing environmental processes such as thermal noise in a computer chip or a user’s mouse movements. But this can be too slow for many applications, and there are typically biases in the way these phenomena are measured that reduce their randomness.

As a result, most encryption today relies on pseudo-random number generators, which use algorithms to produce numbers with statistical properties close to random. But any “random” number generated by a mathematical process is inherently deterministic, says Foery, and if you can crack how it works you can predict any security key it produces.

Quantum processes on the other hand are inherently probabilistic. Even with perfect information its impossible to predict their outcome exactly. One of the most popular way of harnessing this quantum randomness is to fire light at a beam splitter. The chances of an individual photon going one way or the other are 50-50, so by counting the number of photons that land either side you can generate a string of random binary bits.

This approach has the benefit of being able to generate random numbers much faster than alternatives, says Foery and is the technique used by ID Quantique. And while such devices used to be bulky and expensive, rapid improvements in the ability to integrate optical components with silicon means their latest chips are just 2.5 millimeters across. Prices have also dropped significantly and Foery estimates their chip only represents a few percent of the overall production cost of the Galaxy Quantum 2.

Whether your average smartphone user needs the extra security provided by a QRNG is debatable. But Juan Carlos García Escartín, an associate professor at the Universidad de Valladolid in Spain who studies quantum information, says the fact they are now making it into consumer products is a promising sign the technology is breaking out of niche applications. “I wouldn’t have expected a few years ago that something you can buy in a store will have a QRNG inside,” he said.

The platform outlined by Alibaba in their recent Nature paper is even more intriguing though, he says. The system combines three commercial QRNGs, including one from ID Quantique, with a QRNG made by the company’s own researchers. The system has been used to deliver random numbers to a variety of applications running on the company’s cloud for more than a year. Alibaba declined an interview request.

The paper’s authors describe how combining output from the QRNGs in different ways lets them tune the level of security provided and the speed with which numbers can be generated, which is important for a cloud server that has to generate large numbers of security keys. [READ MORE]