Combining the capabilities of two quantum computers, a researcher from Amazon’s quantum unit Braket has come up with a new way to create truly random numbers that are necessary to protect sensitive data online, ranging from blockchain ledgers to government secrets.
Amazon’s research scientist Mario Berta put together Rigetti’s and IonQ’s quantum processors, which are both available through the company’s cloud-based quantum computing services, to generate random numbers that are the basis of cryptography keys.
These keys can in turn be used to encrypt critical data, by encoding information into an unreadable mush for anyone but those who are equipped with the appropriate key to decode the message.
Randomness has a fundamental role to play in cryptography: the more random the key is, the harder it is to crack by a malicious actor trying to get their hands on the data.
There are many ways to generate random numbers, with the most straightforward method simply consisting of flipping a coin and assigning values of zero or one to the two possible outcomes. Repeat the procedure many times, and you’ll find yourself with a totally random string of bits, which you can turn into a secure cryptography key.
Manually flipping coins, however, isn’t enough to keep up with the scale of demand for data security. This is why modern cryptography relies on new technologies known as random number generators, which create streams of bits that are used to produce strong cryptography keys.
This is what Berta has now achieved thanks to quantum processors. “Quantum random number generators (QRNGs) hold promise to enhance security for certain use cases,” said Berta in a blog post.
Of course, security experts have not waited for quantum computers to come along to start working on random number generation for cryptography keys.
For years, classical systems have been used, in which coin flipping is replaced with ring oscillators that create a seed of randomness in the form of a few bits. This seed value is then processed by pseudo-random number generators (PRNGs), which use software algorithms to generate longer sequences of numbers with similar statistical properties than those of the original random numbers.
But the method has its shortcomings. Ring oscillators, for example, behave in a way that an attacker equipped with lots of compute power could predict; and PRNGs, which are based on computational assumptions, are also at risk of being second-guessed by hackers. In other words, the randomness generated by classical means is only partial, meaning that it is in principle possible to mathematically solve the cryptography key that is created on top of the numbers.
Not so much with quantum-generated numbers. “These potential vulnerabilities of classical technologies for generating randomness can be addressed with quantum technologies that make use of the inherent unpredictability of the physics of microscopically small systems,” said Berta.
Berta leveraged a property that is intrinsic to quantum physics by which quantum particles exist in a special quantum state called superposition. In a quantum computer, this means that quantum bits (or qubits) can be a value of zero and one at the same time – but that they collapse to either value as soon as they are measured.
Whether qubits collapse to zero or one, however, is random. This means that, even equipped with complete information about the quantum state, it is impossible to know in advance to which value the qubit will collapse when measured.
A given number of qubits, therefore, can provide a string of bits with an equal number of completely random values. “Unique quantum features thereby allow the creation of freshly generated randomness that provably cannot be known by anyone else in advance,” said Berta.
The catch is that today’s quantum computers are unreliable and noisy, which can alter the randomness of the quantum effect and defeat the whole point of the experiment. What’s more: information about the noise can leak into the environment, meaning that a potential hacker could find the data they need to figure out the measurement outcomes obtained in the quantum processor.
To tackle this issue, Berta used two quantum processors to produce two independent strings of bits which he described as “weakly”. The strings are then processed by a classical algorithm called a randomness extractor (RE), which can combine multiple sources of weakly random bits into one output string that is nearly perfectly random.
Unlike with classical means, the post-processing doesn’t involve any computational assumptions, which could be cracked by hackers. Rather, REs condense physical randomness from the different sources.
“So, two independent sources that are only weakly random get condensed by these algorithms to one output that is (nearly) perfectly random,” said Berta. “Importantly, the output becomes truly physically random with no computational assumptions introduced.”
Berta predicted that as QRNGs become cheaper and more accessible, they could play an important role in high-security applications, especially as the flaws of classical methods become more apparent.
Earlier this year, for example, researchers from security firm Bishop Fox discovered that up to 35 billion Internet-of-Things devices were at risk due to a classical generator failing to create numbers that were random enough to protect sensitive data.
And as compute power increases, random number generator attacks are certain to multiply, rendering existing cryptographic schemes insecure.
The prospect of current encryption protocols becoming obsolete, however, is still far off. It would require hackers to gain access to huge amounts of compute power to crack today’s cryptography keys – the kind of power that is expected to be unleashed by quantum computers one day, but not before at least a decade.
“State-of-the-art implementations of this classical technology for generating randomness sufficiently address nearly all of today’s needs,” said Berta.
It remains that a growing number of companies are thinking further ahead and already starting to strengthen their security protocols by increasing the randomness of their cryptography keys. Verizon, for example, recently trialed a “quantum-safe” VPN between London and Ashburn in Virginia; and quantum software company Cambridge Quantum is working on a method to future-proof critical information stored in blockchains.
Berta, for his part, encouraged Braket users to get started themselves, by trying their hand at random number generation directly within AWS’s quantum cloud service. More information can be found in the Braket Github repository.