Quantum Numbers-as-a-Service and the evolution of generated randomness

Randomness is the underlying force that enables encryption algorithms, identity authentication, artificial intelligence (AI) and neural network training, self-controlled devices such as drones and even gaming. And while the proliferation of random number applications is increasing, we’re reaching the limits of the capabilities of current technology, posing risks for a range of industries, especially amid steady increases in cyber-attacks (+28% Q3 2021 to Q3 2022).

So how can we tackle this problem and make random numbers effective, and above all, ‘truly’ random again? It all starts with quantum random number generators (QRNGs). From cryptography to finance to medicine and game theory, QRNGs address challenges from a broad range of use cases—providing enhanced capabilities, reliability and helping prevent cyber-attacks, which cost an average of $4.35 million in 2022 (up 12.7% in 2020), according to IBM’s Cost of a Data Breach Report.

Better security starts by embracing true randomness

Random numbers or random bits are the foundation of information security. A true random number exists independent of any logic, calculation, time or space. Randomness is generated by a process whose outcome is unpredictable and measured by entropy score. The higher the entropy, ‘higher’ meaning the level of unpredictability and randomness of generated numbers, the more valuable it becomes.

These random numbers stand at the core of what makes data highly secure, hence the performance and characteristics of random number generators have a huge role to play in preventing cyber-attacks. Attackers usually don’t attempt to crack encryption; they tend more to steal keys through complex methods, through phishing emails and often using brute force attacks that guess identity and password combinations at massive scale until they find a key that fits the lock. As such, poor quality or quantity of random numbers makes it that much easier for attackers to break into systems for nefarious purposes, at huge costs to governments, organizations and sometimes even individual people that are victimized by cyber-attacks.

Companies and governments across the world are pouring money into increasing their cybersecurity postures, and the US alone proposed a budget of $10.9 billion for civilian cybersecurity funding that includes Federal IT systems, as well as personal data of individual Americans. But we’re simply playing a seemingly never-ending game of cat and mouse with malicious cyber attackers, and to win the cyber war, we need to significantly advance our technologies, specifically quantum random number generation.

Achieving a true random number with QRNG’s

In traditional random number generators (RNGs), predictability will inevitably find its way back into the equation as the randomness here is based on complex mathematical models, whereas in QRNGs, randomness is fundamental as it uses a quantum (physical) entropy source.

*Figure 1: Quantum Random Numbers vs Pseudo Random Numbers: Pattern of pseudo random numbers is duplicated after 10 trillion bits.*

Compared to traditional RNGs, QRNGs use the principles of quantum physics, such as superposition and entanglement, to generate randomness. Quantum superposition refers to the ability of a quantum system to have multiple observable outcomes, such as an electron being in two places at once, and entanglement refers to two particles remaining connected even when separated by vast distances. As in a macro world, no one can predict the state of a superposed qubit at a time instance, so a fully superposed qubit state gives output which is intrinsically random in nature while measured. This is a far leap from traditional RNGs, which are based on an obscured, but ultimately identifiable patterns, and thus they are less secure and effective.

When stacking up traditional versus quantum RNG’s, QRNGs also hold the edge in both quality and size. QRNGs are embeddable in settings ranging from smartphones to room-size dimensions for implementing device-independent randomness generation based on non-locality (i.e., correlated instantaneous action at a distance).

QRNGs differentiate themselves with the ability to validate underlying physical processes—enabling certification of its own output based on a set of standard tests. And from a security perspective, QRNG includes built-in checks that are far more sensitive to potential tampering than traditional models.

Towards a quantum future

Quantum computing is a relatively new technology, and although there are many use cases now, it’s still very much an in-development technology. Only a select few large organizations and governments have the resources to devote to meaningful quantum computing research and implementation, and it’s up to those organizations to lead the way forward to a more cyber secure world.

As the technology develops and becomes more widely available, so too will the benefits of integrating quantum capabilities into organizations’ foundational operations. We’ll still be playing the same game of cat and mouse, but we’ll be far better equipped and in time, we’re likely to see the trends of increasing frequency and severity of cyber-attacks reverse. It’s vital that organizations plan for the future of quantum computing and QRNGs.

The mathematician R.R. Coveyou said, “Random number generation is too important to be left to chance”, a statement that rings incredibly true for nearly every organization today. In an increasingly security-conscious environment, with evolving means of attack, traditional RNGs are not equipped to provide the level of security needed. QRNGs will become the essential tool for every industry to stay secure and ensure that the randomness provided is truly random.