The World of Quantum Computing

Entropy – From Pseudo Randomness to Quantum RNGs

What is entropy and why do we need it in security and cryptographic systems?

Let us start at the beginning: In information theory terms, entropy, called also Shannon’s entropy, measures the unpredictability of a message generated by a specific source. We can also say it measures the randomness of a message. In a scenario where we want to hide information from an attacker, we want the randomness to be as high as possible. Ideally, the encrypted message should contain no patterns, each bit should be completely independent of all others so that it becomes impossible to predict or modify its contents.

In order to achieve that, the encryption key which is the source of the message’s randomness should have high entropy as well, meaning that a high-quality source of randomness needs to be used for its generation procedure. There are two main ways how a cryptographic system can generate randomness.

Pseudo randomness

The first one is the implementation of pseudo randomness. As the name already suggests, this method can achieve a high level of randomness, but not true randomness. It uses a deterministic algorithm called PRNG (pseudorandom number generator) or DRNG (deterministic random number generator).

The difference between the quality of pseudo and true randomness can be quickly seen by comparing the two pictures below [1]. The left one demonstrates the output of a true random number generator (TRNG), the right one the output of a PHP PRNG function rand() on Microsoft Windows. On the right picture even a human eye can detect unwanted patters.

randomness pic01randomness pic02These pictures also explain the famous quote by mathematician John von Neumann in 1951: “Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.”

True randomness

In order to achieve true randomness a hardware component is needed. TRNGs derive random numbers or bits from various physical processes. A few examples of them are atmospheric noise, which a radio can detect, thermal noise an electrical conductor generates, and, surprisingly, even movement of hot wax in lava lamps.

Compared to PRNGs, TRNGs are usually noticeably slower and take more time to produce random values, since they rely on reading and evaluating external processes. As already mentioned, they are also non-deterministic and have no period, although the same sequence of numbers can be produced several times by chance.

As our understanding of quantum mechanics slowly increases, a new group of TRNGs has started appearing some years ago - Quantum random number generators (QRNG). Instead of taking advantage of classical random properties, these generators rely on quantum properties instead. Utimaco’s partner, QuintessenceLabs, for example first used lasers but later switched to a much more effective method of Quantum tunneling. Their QRNG presently has a rate of 1 Gbit/s. Some other quantum phenomena that can be exploited to generate perfect randomness are photons travelling through a semi-transparent mirror, and nuclear decay.

If you are interested in reading more about the impact of quantum mechanics and quantum computers on the world of security and cryptography, there is a previous blog post, What Are the Threats of Quantum Computing?, dedicated to this topic.

[1] https://www.random.org/analysis/



---

Prepared by Nastja Cepak, PhD Cryptography, CREAplus

News

Technical Training for Hardware Security Module (HSM)

utimaco trainingCREAplus, authorized Utimaco training partner, is going to deliver an online hands-on technical training for hardware security module (HSM), on 28-29 October 2021.

Read more ...

From Fundamentals to Quantum-safe algorithms

 Cryptographic JourneyIn the modern, digital world cryptography is an indispensable tool for protecting our systems and data. Without knowing we rely on cryptography daily, be it to check our email, safely login to a computer, or drive a smart car, since the magic happens in the background, unseen. 

Read more ...

CREAplus awarded with AAA Creditworthiness Certificate of Excellence

AAACompany CREAplus has been classified into legal entities that have received highest AAA Creditworthiness Certificate of Excellence, awarded by Analytical House Bisnode.

Read more ...

Utimaco acquires Realsec to strengthen its solution portfolio and expand its regional presence

Utimaco acquires Realsec to strengthen its solution portfolio and expand its regional presenceUtimaco, a leading global provider of IT security solutions, announced that it has signed a Share Purchase Agreement with Realsec, the Spanish IT security company and Hardware Security Module (HSM) provider. The closing of the acquisition is expected in July.

Read more ...

CREAplus Successfully Delivered Training for Utimaco HSM

utimaco LAN V5 4CREAplus, authorized Utimaco training partner, successfully delivered another 2-day online hands-on technical training on hardware security module (HSM), in April 2021.

Read more ...