Random number generators and cryptography
Every time you send an email, connect to your bank account or check your medical examination, you rely on random numbers to protect the security of your online activity. Cryptography is the set of tools we use to keep us safe online, and random numbers are the foundation in which cryptography is built upon. In other words, if we could not generate unpredictable random digits, secure online communications would not be possible.
While there are many ways to generate “random numbers”, not all of them are good enough for cryptographic use. For instance, computers are unable to produce random digits on their own, unless we help them with external hardware means. The reason is simple: a computer is a machine designed to reliably execute one instruction after another, in a completely predictable and repeatable way.
That said, computers have functions and instructions to generate so-called pseudo-random numbers (PRNGs), which produce sequences of digits with certain “random” statistical properties. But the random numbers produced from a PRNG are completely predictable and therefore cannot be used “as is” for cryptographic applications.
The way to bring randomness (or unpredictability, to be more precise) to computers for cryptographic use is via so-called true random number generators (TRNGs).
How do true random number generators (TRNGs) work?
TRNGs are based on measuring a specific (random) physical process to produce random digits. Thus, the randomness of such numbers comes from the underlying physical process, which may indeed be completely unpredictable. TRNGs are the baseline for security applications.
TRNGs are hardware components and sophisticated engineering is required to build them properly. Unfortunately, current communication systems rely on weak TRNG designs, compromising security and/or performance of the communications. There are mainly two reasons for this reliance on weak TRNG designs. First, some systems do not even have a dedicated TRNG hardware component, due to cost or design choice, thus relying on generic components in the system to produce random samples (e.g., clock interrupts from the operating system).
Second, many TRNGs are designed based on physical principles that are complex and therefore produce “random-looking” dynamics (e.g., chaos), but which are, by principle, predictable and deterministic, which a sufficiently motivated attacker or a badly operated system may reveal to compromise security.
Building reliable, fast and unpredictable TRNGs is essential for the present and future of cryptography. And Quantum technologies are now being used to produce quantum-enhanced TRNGs, that is How do quantum number generators work.
What is a quantum random number generator?
Quantum random number generators (QRNGs) are a special case of TRNG, that generate randomness by measuring quantum processes, which are, by nature non-deterministic. The advantages are multiple, including a fundamental advantage in using quantum indeterminacy, typically faster performances by leveraging photonics and most importantly, the ability to understand and verify the origin of unpredictability, which is a core assurance for the entire cybersecurity chain.
Until now, engineering high-quality, scalable and fast quantum random number generators has been a challenge to date, and this is the area Quside has been pushing to advance over the last decade. Our proprietary technology allows for fast, high-quality, and scalable production, leading to a solution that is ready for today’s unpredictability concerns and tomorrow’s performance requirements.
TRNGs are based on measuring a specific (random) physical process to produce random digits. Thus, the randomness of such numbers comes from the underlying physical process, which may indeed be completely unpredictable. TRNGs are the baseline for security applications.
TRNGs are hardware components and sophisticated engineering is required to build them properly. Unfortunately, current communication systems rely on weak TRNG designs, compromising security and/or performance of the communications. There are mainly two reasons for this reliance on weak TRNG designs. First, some systems do not even have a dedicated TRNG hardware component, due to cost or design choice, thus relying on generic components in the system to produce random samples (e.g., clock interrupts from the operating system). Second, many TRNGs are designed based on physical principles that are complex and therefore produce “random-looking” dynamics (e.g., chaos), but which are, by principle, predictable and deterministic, which a sufficiently motivated attacker or a badly operated system may reveal to compromise security.
Building reliable, fast and unpredictable TRNGs is essential for the present and future of cryptography. And Quantum technologies are now being used to produce quantum-enhanced TRNGs, that is How do quantum number generators work.
Quantum random number generators (QRNGs) are a special case of TRNG, that generate randomness by measuring quantum processes, which are, by nature non-deterministic. The advantages are multiple, including a fundamental advantage in using quantum indeterminacy, typically faster performances by leveraging photonics and most importantly, the ability to understand and verify the origin of unpredictability, which is a core assurance for the entire cybersecurity chain.
Until now, engineering high-quality, scalable and fast quantum random number generators has been a challenge to date, and this is the area Quside has been pushing to advance over the last decade. Our proprietary technology allows for fast, high-quality, and scalable production, leading to a solution that is ready for today’s unpredictability concerns and tomorrow’s performance requirements.
Quantum random number generators: why now?
There are at least three reasons why quantum entropy sources are not widely adopted in application:
1. AVAILABILITY
No quantum entropy sources were available in the past, with the first practical solutions being available only for the last 2 years.
As a result, alternative methods were used. With the availability of quantum technologies now, in particular, quantum entropy sources, the ability to produce truly unpredictable digits becomes real, and therefore quantum entropy sources can be opted in to derive enhanced security offerings than was possible before.
2. Increased needs (5G, more devices, faster communication)
Current cryptographic protocols are vulnerable to emerging threats, such as attacks performed with quantum computers or AI approaches. Therefore, new security protocols and technologies are being developed currently all over the world. These new solutions are post-quantum and quantum cryptography.
In these new security protocols, the demand for more and better random numbers is increased. Thus, considering that already today some IT systems are suffering from low entropy levels (entropy starvation) and that the situation is worse in distributed IoT scenarios, having higher
performance quantum entropy sources addresses a key pain point. And this not only today but also as we transition into stronger cryptography methods.
3. Harvest now, decrypt later
With the massive growth in cyber attacks now occurring globally on a daily, weekly, and monthly basis, individuals, organizations and government data have never been so vulnerable. This has been bought about by the advent of the ‘harvest now and decrypt later’ mindset.
Nefarious individuals, unethical organizations, and rogue states are exploiting weaknesses and limitations in classical cryptography and encryption to harvest vast amounts of public data. Their hope is that with the advent of powerful quantum computers in the future they will be able to decrypt the vast amounts of harvested data.
Quside, with its unique QRNG technology can help organizations increase the security of today’s cryptographic and encryption solutions, protecting data from the future threat posed by quantum computing. We use quantum to fight quantum.
Fast and measurable random number solutions by Quside
Quside has been researching, engineering and producing high-quality QRNGs for over a decade. The proprietary technology that Quside has put together provides 3 major advantages:
FAST
Quside products can generate hundreds of Mb/s and even Gb/s already today. We leverage photonics to produce very fast random streams.
Measurable
Using our peer-reviewed Randomness Metrology methods, our customers can access transparently quality metrics that directly relate to the quantum physical principle responsible for unpredictability.
Unpredictable
We use a largely peer-reviewed quantum process to generate randomness, thus harnessing nature to enhance entropy production.
Additionally, Quside has also put a major effort on scaling the technology, which can be today produced at scale using photonic integrated chips (PICs).
How are quantum random numbers generated?
About Quside’s phase-diffusion technology, Quside QRNGs are based on the phase-diffusion process in semiconductor lasers. The core element of the technology is converting microscopic quantum observables, which are delicate and hard to measure, into macroscopic dynamics that are robust and easy to capture. To do this, we modulate a semiconductor laser from below to above its threshold level or produce a stream of phase randomized optical pulses. This is called gain-switching.
Then, we use an interferometer to convert the phase fluctuations into the amplitude domain, generating a stream of amplitude-randomized optical pulses at the output (see refs [2, 3] for two examples of interferometers that we use). Finally, a fast photodiode converts the photonic signal into the electronic domain, where standard electronics are used for turning the analog signal into the digital realm.
At the heart, the unpredictability of the phase-diffusion technology traces back to the process of spontaneous emission, which occurs as a result of the interaction between the quantum vacuum field and the laser’s gain medium. Quside’s technology exploits this quantum-mechanical process to produce quantum-based random numbers at multiple Gigabits per second.
Testing randomness is a complex matter and the way it has been traditionally done is completely flawed. The question “how do you know it is random?” is a hard one to answer, and this is an area where we have been working since 2012, introducing our randomness metrology methodology in 2014 and collaborating with world-leading researchers from NIST, IQOQI and TU Delft to apply it in landmark experiments.
Our methodology defines strict quality bounds on all our devices to capture the quality of the unpredictability we produce, and the best part is that we can confidently do it in a transparent manner. This boosts trust and confidence with our customers, who do not have to rely on black boxes anymore for producing their cryptographic material.
In many traditional TRNGs, not based on quantum processes, it is extremely hard or even impossible to place rigorous quality bounds. As randomness is not emerging from a fundamentally random process.
About Quside’s phase-diffusion technology, Quside QRNGs are based on the phase-diffusion process in semiconductor lasers. The core element of the technology is converting microscopic quantum observables, which are delicate and hard to measure, into macroscopic dynamics that are robust and easy to capture. To do this, we modulate a semiconductor laser from below to above its threshold level or produce a stream of phase randomized optical pulses. This is called gain-switching.
Then, we use an interferometer to convert the phase fluctuations into the amplitude domain, generating a stream of amplitude-randomized optical pulses at the output (see refs [2, 3] for two examples of interferometers that we use). Finally, a fast photodiode converts the photonic signal into the electronic domain, where standard electronics are used for turning the analog signal into the digital realm.
At the heart, the unpredictability of the phase-diffusion technology traces back to the process of spontaneous emission, which occurs as a result of the interaction between the quantum vacuum field and the laser’s gain medium. Quside’s technology exploits this quantum-mechanical process to produce quantum-based random numbers at multiple Gigabits per second.
Our methodology defines strict quality bounds on all our devices to capture the quality of the unpredictability we produce, and the best part is that we can confidently do it in a transparent manner. This boosts trust and confidence with our customers, who do not have to rely on black boxes anymore for producing their cryptographic material.
In many traditional TRNGs, not based on quantum processes, it is extremely hard or even impossible to place rigorous quality bounds. As randomness is not emerging from a fundamentally random process.
Quantum Random Number Generator solutions
Start using fast and measurable quantum randomness with Quside.
Securing communications is undeniably one of the most important endeavors of our society today. New cryptographic standards are now emerging, to enhance even further our protection and governments are releasing their mandates to transition the security of their networks and data, as the Quantum Computing Preparedness Cybersecurity Act by the US government on July 14th, 2022.
Migrating to the new post-quantum standards with a hybrid security approach in mind is essential and the time to act is now and building a strong randomness generation foundation on which the new standards can rely upon is equally important.
Remember that no security can be achieved unless we can produce unpredictable random numbers, and the question is: are we producing them? How do we now? Using the highest quality randomness generation technologies and monitoring them properly is where Quside can get you to the next level.
Frequently Asked Questions
QRNGs provide several advantages to generate random numbers in applications as cryptography, including the strongest form of unpredictability, the ability to measure the quality through first principles and typically faster performance.
There are various companies and research labs that have created and built QRNGs. Quside is a leading supplier of high-performance QRNGs.
A quantum random number generator (QRNG) generates streams of random digits by sampling a signal that contains sufficiently large quantum dynamics.
It is a hardware component that is used to generate unpredictable random numbers, typically for cryptography or computation applications.
Carlos Abellan
Co-founder & CEO
PhD in quantum technologies at ICFO, where he developed the quantum randomness technologies that were transferred to Quside. 10 years of experience in quantum and photonics technologies, co-inventor of multiple patent families and co-author of 15+ papers in top scientific journals. Received the award MIT Innovators Under 35 Europe.
