# What is entropy in cryptography and encryption

In cryptography, there is a core ingredient required to build any security system: random numbers. More precisely, unpredictable random numbers. But generating unpredictable random digits isn’t easy. As a great example, computers, which are great for many things, are completely useless for generating unpredictable random digits. Computers are deterministic machines and therefore need additional help to generate unpredictability.

The way to generate unpredictable random digits is by means of measuring physical, random signals. In physics, unpredictability exists, and we have to leverage it in computing and security systems. Physicists refer to this property of unpredictability as entropy. But what is it and why is it useful to cryptography? Entropy, in the context of cryptography, is related to random number generation, and more precisely, it refers to the “amount of unpredictable randomness” in a physical system. We call an entropy source the physical system that produces random signals.

So, cryptography and physics have a joint endeavor: keeping all our devices, systems, and communications systems safe. To guarantee this, there are various standards that define how you must build entropy sources and random number generators for cryptographic use, such as the AIS 31 standard from the German BSI or the NIST SP800-90 suite from the National Institute of Standards and Technologies (NIST) in the US.

Quite interestingly, a very important aspect of these standards, and of randomness generation in general, is to assess the quality of such entropy sources. For many years, people relied on statistical tests to do so. The rationale was “if I pass the statistical tests, then it means my device is random”. However, this is fundamentally flawed. It was really interesting to see that, quite recently, NIST updated their own standard (one of the most relevant in the whole industry) to clarify that “they are rejecting its use [of the statistical tests] for assessing cryptographic random number generators”.

The field of randomness generation is foundational to security, and quantum-based random number generators are now being developed and industrialized to elevate the quality of entropy generation for cryptographic use.

At Quside, we deliver quantum random numbers at incredible speed and with measurable quality. We use peer-reviewed methods to assess the entropy content of our quantum entropy source products and chips. If you want to learn more, here’s a link to the white paper on our randomness metrology methodology and Quside’s QRNG technology. Get in touch for more, and join us at the quantum side!

Carlos Abellan

Co-founder & CEO

PhD in quantum technologies at ICFO, where he developed the quantum randomness technologies that were transferred to Quside. 10 years of experience in quantum and photonics technologies, co-inventor of multiple patent families and co-author of 15+ papers in top scientific journals. Received the award MIT Innovators Under 35 Europe.

# Want to hear more about the quantum side?

RELATED POSTS
What is the quantum threat, and what can you do about it?

You may have already heard about the upcoming transition to quantum-safe cybersecurity as an urgent response to the cybersecurity threats posed by quantum computers. Now, with the threat identified, what solutions do we have available out there? Keep reading!

Monte Carlo and Randomness in Random Number Generator

From science and technology to finance and logistics, virtually every field that in one way or another must deal with highly complex problems eventually turns to a Monte Carlo method as a means of solving them.

CESGA deploys Quside QRNG into their datacenter to offer increased capabilities stochastic workloads

CESGA, the centre of computing, high performance communications systems, and advanced services of the Galician Scientific Community, the University academic system, and the National Scientific Research Council (CSIC).