Entropy is not usually considered desirable, except in cryptography
Entropy is not usually considered desirable, except in cryptography

Usually when the subject of quantum computing comes up, it's all rather future-gazing stuff. However, during the Infosecurity Europe 2017 show, one company launched a quantum technology derived product that's very much here and now: Entropy-as-a-Service.

Whitewood, which is developing crypto-security solutions based on advanced quantum technology, says that the cloud-based service "delivers pure quantum entropy, the foundation of randomness, to generate truly random numbers for creating cryptographic keys that are impossible to guess".

So how does this work, and do we actually need a quantum random number generator anyway?

The press release talks of the Whitewood Entropy Engine being at the heart of the service, something born out a decade long research program at Los Alamos National Laboratory. "Random number generation is critical for security but is often poorly understood," says Richard Moulds, general manager of Whitewood, "and it's a point of attack and vulnerability."

SC Media UK asked Moulds if he was saying existing random number generators (RNG) are actually that bad, to the point of being dangerous to use in real world scenarios?

"It's not so much that all random number generators are bad, it's that some are bad but you can't tell which ones they are!" Moulds insists. "As security applications use more and more crypto – encryption is becoming ubiquitous and GDPR will only accelerate this – they consume more and more keys, which requires more and more randomness."

The trouble being, according to Moulds, that we are increasingly hosting our applications in places where there is little or no randomness – the cloud or IoT devices for example.

"We've seen recent patches by Siemens of its IoT building controllers because they had no randomness and hence were generating the same keys," Moulds warns. "Edward Snowden's leaks indicated that a newly standardised RNG had been weakened specifically to enable government eavesdropping. It's effectively impossible to spot the difference between a truly random and non-random RNG."

SC Media put the same question to Dr Zulfikar Ramzan, CTO at RSA. "While research into novel sources of entropy for cryptographic applications is interesting," he admitted, "many of the existing approaches for generating random numbers are quite sound."

In fact, Dr Ramzan went on to insist that when issues do typically occur, "they have less to do with the source of randomness, but rather with the implementation of the approach or when the results are used in downstream applications".

Which leads us to wonder what the real world argument for diverting budgets, that are already squeezed, to a quantum powered random number generator might look like?  

Richard Moulds responded: "If we could test the keys that are generated and keep the good ones and throw away the non-random ones there would be no problem." But he added, "There is no official test or standard for doing so, although NIST is actually working on one." This means efforts to ensure keys are truly random have to be proactive not reactive.

"Randomness has to be architected into the system up front," Moulds insists. "Once a key is exposed the game is over."

Dr Ramzan still has concerns though. "In cryptography, novelty is a negative," he explains. "When a new idea is introduced, it needs to withstand the test of time and be adequately analysed before it is safe to use within commercial applications."

He compares cryptography to baking: you not only need to ensure that you use the right ingredients in the right ways at the right times to prepare the batter, but you must make sure that it is cooked for the appropriate amount of time.

"Otherwise, the results can vary from being unpredictable to being lethal,” Dr Ramzan concludes.