The NCSC Is Right to Criticise Existing Quantum Security Technology

The NCSC is Right to Criticise Existing Quantum Security Technology

Cambridge Quantum Takes Fundamentally Different Approach

It’s been a year since the United Kingdom’s National Cyber Security Centre (NCSC) posted a damning statement about quantum random number generators (QRNGs), which discouraged their use for government and military applications. Other agencies, including the NSA, made similar comments about related technology.

At Cambridge Quantum, we develop quantum entropy products, so at first it may come as a surprise that we thoroughly agree with the NCSC’s position and amplify it loudly to our customers. The NCSC got it spot on – there’s no place in a high-security environment for noisy QRNGs.

To mark the (almost) anniversary of the NCSC statement, this article carefully examines the criticisms levelled at existing QRNGs and explains the flawed approach taken so far. We then explain the approach taken by Cambridge Quantum, which tackles the issues head-on; not by slippery debate, but with deliverable and measurable actions. Cambridge Quantum’s approach provides truly perfect quantum random numbers that we then use in our cybersecurity products.

We explain how, if required, we can supply perfect and verifiably-quantum randomness, but that our mission is to solve our customers’ problems with actual products and services that draw on this randomness and work in a zero-trust environment.

The Flawed Approach to QRNGs

Before we get into the specifics of the NCSC statement, it’s helpful to understand how a typical QRNG device works. Later in the article, we’ll discuss the fundamentally different approach Cambridge Quantum has taken.

The goal of any QRNG is to generate a stream of random numbers. To do this, most QRNGs fire photons from lasers down a series of paths within their device. Along the way, photons are directed towards angled mirrors, which deflect about half of the photons down one route, while allowing the remainder to pass through. These photons eventually hit detectors, which can register their presence. Ideally, half the photons hit one detector and half hit the other. By labelling one detector as “1” and the other “0”, these QRNG devices can generate strings of random-looking data.

These QRNG devices rely on their physical construction as proof of randomness. To have any confidence in the randomness of their output, one has to inspect and consider the physical structure of the device. Since the devices cannot be built perfectly (since engineering perfection is impossible when you look close enough), these devices usually produce raw output that demonstrates a small bias in one direction or another. Perhaps there is slightly more 1s than 0s, for example. To try and mitigate this, the raw output is usually post-processed with software functions to try and reduce the bias. In short, the output from the devices isn’t truly random, so software is used to try and mask this and improve the situation.

Are These Devices Suitable for High-Security Use?

The NCSC squarely addresses these flawed QRNGs when it presents the advice in its statement. The NCSC acknowledges that, in theory, quantum technology can provide “truly unpredictable numbers”, but in practice, these QRNGs have fallen short.

One concern the NCSC raises is that classical noise is introduced by all the measurements we discussed earlier. Because these flawed QRNGs rely on fine-grained measurements of photons, they are heavily dependent on the quality of the detectors and influenced by electrical noise from surrounding components. It’s like trying to accurately dictate what someone is saying, in a room where a rock band is playing at full volume. You’re not going to get it right every time and that’s a real issue for security. As the NCSC says:

QRNGs will necessarily sit inside classical circuitry for collection and processing, and this classical circuitry adds noise to the measurement of the quantum state.”

National Cyber Security Centre

The NCSC also highlights the vulnerabilities that emerge when you place complete trust in the physical correctness of the device. These flawed QRNGs rely on a trusted device model, where every component in the device (or almost every component) is assumed to be functioning correctly at all times. This means that these devices cannot determine when they have been tampered with, or when their components have aged and degraded in performance. This means that end applications will use flawed randomness to create weak security keys, leading to a potential compromise of security.

The NCSC suggests further research in this area is needed, specifically noting a lack of understanding of “modelling and evidencing the real-world properties of physical QRNGs” as well as “understanding changes in behaviour of QRNGs under various physical stresses and through aging”.

The good news is that there is a completely different approach to quantum random number generation that overcomes all of these problems and achieves perfectly unbiased results. This is the approach that Cambridge Quantum has taken with our IronBridge platform.

The Right Way to Build a QRNG

To solve the issues raised by the NCSC, the single most important task is to eliminate trust in the QRNG device. This is easier said than done and virtually all the serious players in this sector have been exploring ways to solve this problem. None has yet succeeded until recently when we at Cambridge Quantum unveiled the first glimpse at our unique patent-protected, device-independent randomness generation protocol, which underpins our IronBridge product.

We have built a new process that literally extracts entropy from nature, with established protocols that follow the fundamental laws of quantum physics. Our protocol has been implemented on a variety of quantum devices, including general-purpose quantum computers, such as those offered by IBM, Honeywell, AQT and IonQ.

Unlike the flawed QRNG approach that has proven itself not to work for security purposes, IronBridge places no trust in the quantum device. Instead, we run a series of experiments on the quantum device, which simultaneously proves to the user (the client) that it’s operating correctly, whilst also providing perfectly random data.

We don’t use the words “perfectly random” lightly, by the way. Unlike every other approach to randomness generation (including the flawed QRNGs), IronBridge generates truly unbiased data. There is precisely a 50/50 chance that each bit is a one or a zero. This is because we rely on quantum mechanics to generate states that collapse into one of two values with precisely 50% likelihood.

Cambridge Quantum’s IronBridge addresses the criticisms that the NCSC has quite rightly levelled at the flawed QRNGs. Our approach doesn’t place trust in the device, which means we’re not impacted by noise or other physical issues. We treat the device as a black box and run our protocol on the results we receive.
For similar reasons, we’re not impacted by the ageing of the device or failing components. Our protocol is automatically self-testing, so we never extract more randomness than is present in the output from the device. This means even a faulty device cannot impact the quality of the randomness.

If you like to get into the details, Cambridge Quantum released a paper last year that describes our protocol in more detail. Since then, Cambridge Quantum has worked with numerous large companies to deliver cryptographic keys into their infrastructure, based on our perfectly random data. These cryptographic keys, which can be classical or “post-quantum” algorithms, are the strongest ever generated. And unless we discover a new model of physics beyond quantum mechanics, they are the strongest keys that can ever be generated.

If you’d like to learn more about Cambridge Quantum’s technology and see how easily it integrates into your cybersecurity systems, please get in touch and we’d be delighted to discuss this in more depth.

 

 

CAMBRIDGE QUANTUM ON MEDIUM

Cambridge Quantum’s scientists regularly post on Medium, a hub for social journalism and a hybrid of publications, blogs and publishers.
Follow us there for more of our news and updates.

 

Read on Medium
Download Publication
Quantum Cybersecurity
Duncan Jones
The National Cyber Security Centre
Quantum Security Technologies
Quantum Key Distribution and Quantum Cryptography

Quantum-Proof Cryptography with IronBridge, TKET and Amazon Braket

The NCSC is Right to Criticise Existing Quantum Security Technology

Cambridge Quantum Takes Fundamentally Different Approach

It’s been a year since the United Kingdom’s National Cyber Security Centre (NCSC) posted a damning statement about quantum random number generators (QRNGs), which discouraged their use for government and military applications. Other agencies, including the NSA, made similar comments about related technology.

At Cambridge Quantum, we develop quantum entropy products, so at first it may come as a surprise that we thoroughly agree with the NCSC’s position and amplify it loudly to our customers. The NCSC got it spot on – there’s no place in a high-security environment for noisy QRNGs.

To mark the (almost) anniversary of the NCSC statement, this article carefully examines the criticisms levelled at existing QRNGs and explains the flawed approach taken so far. We then explain the approach taken by Cambridge Quantum, which tackles the issues head-on; not by slippery debate, but with deliverable and measurable actions. Cambridge Quantum’s approach provides truly perfect quantum random numbers that we then use in our cybersecurity products.

We explain how, if required, we can supply perfect and verifiably-quantum randomness, but that our mission is to solve our customers’ problems with actual products and services that draw on this randomness and work in a zero-trust environment.

The Flawed Approach to QRNGs

Before we get into the specifics of the NCSC statement, it’s helpful to understand how a typical QRNG device works. Later in the article, we’ll discuss the fundamentally different approach Cambridge Quantum has taken.

The goal of any QRNG is to generate a stream of random numbers. To do this, most QRNGs fire photons from lasers down a series of paths within their device. Along the way, photons are directed towards angled mirrors, which deflect about half of the photons down one route, while allowing the remainder to pass through. These photons eventually hit detectors, which can register their presence. Ideally, half the photons hit one detector and half hit the other. By labelling one detector as “1” and the other “0”, these QRNG devices can generate strings of random-looking data.

These QRNG devices rely on their physical construction as proof of randomness. To have any confidence in the randomness of their output, one has to inspect and consider the physical structure of the device. Since the devices cannot be built perfectly (since engineering perfection is impossible when you look close enough), these devices usually produce raw output that demonstrates a small bias in one direction or another. Perhaps there is slightly more 1s than 0s, for example. To try and mitigate this, the raw output is usually post-processed with software functions to try and reduce the bias. In short, the output from the devices isn’t truly random, so software is used to try and mask this and improve the situation.

Are These Devices Suitable for High-Security Use?

The NCSC squarely addresses these flawed QRNGs when it presents the advice in its statement. The NCSC acknowledges that, in theory, quantum technology can provide “truly unpredictable numbers”, but in practice, these QRNGs have fallen short.

One concern the NCSC raises is that classical noise is introduced by all the measurements we discussed earlier. Because these flawed QRNGs rely on fine-grained measurements of photons, they are heavily dependent on the quality of the detectors and influenced by electrical noise from surrounding components. It’s like trying to accurately dictate what someone is saying, in a room where a rock band is playing at full volume. You’re not going to get it right every time and that’s a real issue for security. As the NCSC says: