Page 62 - Cyber Defense eMagazine September 2023
P. 62
The Importance of Random Number Generators
There is an unfortunate and surprising problem regarding quantum random number generators (QRNG)
– our entire universe is quantum, and there is some quantum effect in everything, including coin-flipping
(which incidentally is not random at all).
Random numbers are fundamental to all digital security and identity and indeed the entire internet. If
encryption software requires keys 256-bits long, but the randomness generator we are using is based on
classical algorithms, then predictability becomes an issue. Although seemingly producing random
numbers, these generators can be reverse-engineered and their output calculated, especially with the
increasing sophistication of machine learning and AI. This can compromise our security.
In science, randomness indicates an event that cannot be predicted or known in advance, even with
perfect knowledge of the physical system. The outcome is fundamentally unknowable; not simply difficult
to guess. Many methods exist for generating random numbers, such as tossing dice or the motion in a
lava lamp. However, these seemingly unpredictable methods are not as unbiased as we might think.
Modern computers, adept at finding patterns within a sequence to predict outcomes, can compromise
these classical and traditional sources of apparent randomness. This is where the power of quantum
physics shines – it offers truly random phenomena unlike anything in classical physics. In the quantum
world, certain events, like the decay of a radioactive atom, are fundamentally unpredictable. This
unpredictability is not due to a lack of knowledge or measurement precision but a unique feature of the
quantum realm itself. Scientists can tap into this unpredictability by performing experiments to measure
quantum phenomena. These experiments produce a fundamentally unpredictable and truly random
result. This inherent quantum randomness is crucial for QRNGs, powerful tools for digital security. As
more QRNGs come to market, they promise to offer the only provably unpredictable events known to
science, which are essential to fortifying cybersecurity.
Quantum Randomness and its Role in Security
Why are random numbers essential to cybersecurity? They are used to generate encryption keys, secure
passwords, and enable secure communications and data privacy. The foundation of all secure
technology, invisible as it might be to many users, assumes secure cryptography, and that, in turn, relies
on random numbers. Quantum random numbers, due to their inherent unpredictability, play a crucial role
in mitigating the risk of attacks that could compromise our digital security infrastructure.
Unfortunately, many products today labeled “quantum” may often be more marketing gimmicks than
scientific facts. Caveat emptor—buyers must demand to know what’s inside their hardware and software
purchases. Much like the software bill of materials (SBOM), which provides a detailed inventory of
software components to promote transparency and security, the industry is correctly trending towards
greater visibility in hardware. With QRNGs, you might hear that it is impossible to “prove” randomness.
However, here are a few considerations to help navigate this evolving landscape:
1. Vendor Transparency: Demand full disclosure about their technology, particularly about the quantum
mechanisms they claim to use. Additionally, you should request min-entropy values to help in evaluating
claims.
Cyber Defense eMagazine – September 2023 Edition 62
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
