In cryptography, there is a core ingredient required to build any security system: random numbers. More precisely, unpredictable random numbers. But generating unpredictable random digits isn’t easy. As a great example, computers, which are great for many things, are completely useless for generating unpredictable random digits. Computers are deterministic machines and therefore need additional help to generate unpredictability.
The way to generate unpredictable random digits is by means of measuring physical, random signals. In physics, unpredictability exists, and we have to leverage it in computing and security systems. Physicists refer to this property of unpredictability as entropy. But what is it and why is it useful to cryptography? Entropy, in the context of cryptography, is related to random number generation, and more precisely, it refers to the “amount of unpredictable randomness” in a physical system. We call an entropy source the physical system that produces random signals.
So, cryptography and physics have a joint endeavor: keeping all our devices, systems, and communications systems safe. To guarantee this, there are various standards that define how you must build entropy sources and random number generators for cryptographic use, such as the AIS 31 standard from the German BSI or the NIST SP800-90 suite from the National Institute of Standards and Technologies (NIST) in the US.
Quite interestingly, a very important aspect of these standards, and of randomness generation in general, is to assess the quality of such entropy sources. For many years, people relied on statistical tests to do so. The rationale was “if I pass the statistical tests, then it means my device is random”. However, this is fundamentally flawed. It was really interesting to see that, quite recently, NIST updated their own standard (one of the most relevant in the whole industry) to clarify that “they are rejecting its use [of the statistical tests] for assessing cryptographic random number generators”.
The field of randomness generation is foundational to security, and quantum-based random number generators are now being developed and industrialized to elevate the quality of entropy generation for cryptographic use.
At Quside, we deliver quantum random numbers at incredible speed and with measurable quality. We use peer-reviewed methods to assess the entropy content of our quantum entropy source products and chips. If you want to learn more, here’s a link to the white paper on our randomness metrology methodology and Quside’s QRNG technology. Get in touch for more, and join us at the quantum side!