When quantum computers are mentioned in the same sentence as cybersecurity or data security, it usually refers to the massive threat that quantum technology poses to current methods we use to keep our data secure.
Now, a team of Cambridge Quantum Computing scientists are showing how quantum technology can make our data and communications safe and secure not just from classical cryptographic attacks, but also from quantum-based hacking attempts. It’s a step forward toward developing methods to ensure both private and national security in the quantum era.
The team — which discussed their findings in a post on Medium written by Duncan Jones, head of CQC’s Quantum Cybersecurity; Alec Edgington, senior software architect and Cameron Foreman, quantum cryptography researcher — used a novel approach to generate provably-perfect entropy, which is literally unhackable, which can create quantum-proof cryptographic keys, both classical and post-quantum. They ran this entropy generation on an IonQ quantum computer, with help from the company’s TKET and the Amazon Braket platform.
A truly random number generator would produce an unbiased and private stream of random bits that would be impossible to predict for a would-be hacker, according to the team. However, the standard random number generation methods are not robust enough to completely eliminate potential cyber-attacks. For example, pseudo-random number generators (PRNGs) use algorithms to expand an initial “seed” value into a random-looking sequence of bits. However, because this is deterministic, a person who figures out the seed can predict the output.
Another approach — so-called true random number generators (TRNGs) and many existing quantum random number generators (QRNG) — relies on the measurement of erratic physical systems to produce random outputs.
The researchers explain: “In a TRNG, the physical system being measured is a predominantly classical process, such as thermal noise in a diode. QRNGs observe the results of quantum processes, such as the route a photon takes when it hits an angled silvered mirror.”
However, according to the team, all of these approaches cannot be fully trusted to deliver truly randomness.
The CQC team takes a third approach: using quantum computers to generate unbiased private entropy. The company calls this provable QRNG method, “IronBridge.”
“Unlike the other two approaches, this is invulnerable to a quantum adversary, and it produces self-tested randomness,” the researchers report.
The team’s solution, which rests on the intrinsic randomness of quantum-mechanical systems, treats the quantum computer as a black box and passes it circuits to execute.
“The output of the circuits is used to generate our entropy, as well as acting as a self-test to ensure the quantum computer is functioning correctly,” the researchers explain. “This means we no longer have to place complete trust in the device.”
IronBridge can take imperfect — biased or not fully private — randomness and amplify it with a quantum computer, resulting in perfectly unbiased and private data with unconditional security, according to the team.
“This verified randomness and privacy amplification is only possible with quantum devices, thanks to the physical phenomenon of entanglement, which allow us to exhibit quantum effects from a device without having to characterize it,” they write. “By comparing the inputs and outputs we can quantify the entanglement in the device and obtain an explicit value for the error in the device.”
The entropy generation protocol is covered here.
To see examples of entropy for statistical testing, discuss proof-of-concept and production deployments, trial the QRNG technology, or just to learn more contact the CQC team