Scientists Discovered How to Generate Truly Random Numbers. It May Make Your Data Unhackable.
"Hearst Magazines and Yahoo may earn commission or revenue on some items through these links."
A new network paradigm can generate meaningfully random numbers—and fast.
In network encryption, randomness has huge value because it’s not “solvable” by hackers.
Classical computers can’t be random—they simply imitate randomness by measuring things.
A large team of scientists says they’ve achieved “certified randomness” using a quantum computer. In a classical computer, you can never make a truly random number, which is one big reason computer scientists have had high hopes for quantum computers. Because these quantum systems involve an amount of unpredictability and entropy, simply identifying certain qualities at certain times is randomized by nature (pun intended). But who certifies the random numbers, and what can we do with them afterward?
When you ask a computer to give you a random number, code behind the scenes is doing an approximation of randomness. There are a bunch of ways they do this, including using concrete data like the time or hardware status and then scrambling it using another specific algorithm. (You can even, like cybersecurity giant Cloudflare does, use lava lamps.) Basically, it’s like shuffling a deck of cards by alternating them, over and over, until the results appear random to a user. The computer has no free will or even concept of freedom, so there’s no way for it to “choose” anything without metrics or assigned values.
To be honest, people aren’t better at randomness. We see actually random things and feel they don’t seem random enough, because we envision a distributed randomness that is, in fact, just another pattern. The million monkeys trying to eventually type Shakespeare for us would get sidetracked by people who insist that the letters aren’t being typed randomly enough. To counteract this, we roll dice or put names in a hat—but what’s a computer to do?
Randomness Could Secure Our Future
In a 2016 literature review of quantum randomness projects, scientists now based in the Barcelona Institute of Science and Technology and University College London explain the metric used for the desired level of randomness:
[H]ere we are interested in the strongest definition: N bits are perfectly random if they are unpredictable, not only by the user of the device, but by any observer. [F]rom a fundamental perspective it is difficult to argue that a process is random if there could exist an observer able to predict its outcomes. The requirement that the results should be unpredictable by any observer guarantees that the generated randomness is private: the user, by running the process in a secure location, can be certain that nobody knows the obtained results.
This unpredictability runs counter to existing computing’s paradigm for randomness, which is simply hiding the moving pieces that could be predicted with enough knowledge. And importantly, it’s also different than today’s working paradigm of cryptography.
Our encryption modes rely on computers multiplying, for example, very large prime numbers together. The product of two primes will only have those two large numbers as its significant factors, so something encrypted that way will only be decrypted by someone who knows at least one of the numbers.
But prime numbers are predictable, and scientists push our growing list of primes into new territory every day. In this paradigm, we’re protected by the limitations of computing power to do division of extremely large numbers. This is why each generation of encryption eventually falls.
This New Study
In new peer-reviewed research in the journal Nature, a team of more than 30 authors have collaborated to generate random numbers that pass the certification test. In their test, they used a computer with 56 qubits, or quantum bits, which are the carefully built working units of quantum computers. Certain pieces of information are sent back and forth to an “untrusted” quantum server to be turned into strings of data influenced by entropy.
Terms like ‘trust’ have specific meanings in cryptography. In the world of data encryption, there’s an ongoing tension between methods that rely on private information—like a security key held by one or both machines that are communicating—versus those that do all their work using technology held in public (but still inscrutable) places. If your system relies on a key of any kind, that means someone could hack you and obtain that key. (It’s like writing a password down on a piece of paper, which opens you to a common type of hacking called social engineering.)
In this new method, the key is made obsolete because of the strength of the random number, freshly generated each time a new number is needed, which can then be certified as random and therefore secure. Within computing systems, the randomness or pseudorandomness of numbers resulting from various generation methods is known as entropy. The numbers resulting from the new quantum method have a higher amount of entropy relative to the length of the numbers. With the right equipment, someone on the receiving end of encrypted information can ensure in realtime that the encryption is dynamic and truly random based on that entropy.
The results are randomized strings of over 70,000 bits of data. If I turn the last sentence of the previous paragraph into binary, the resulting string is only 1,384 bits long. The entire story you’ve read so far has been about 42,000 bits long. We’re talking about very, very long and random strings—far too long and random for anyone to ever try to figure out from the outside.
The scientists say their procedure leads to numbers with levels of entropy that satisfy metrics and can be generated in a reasonable amount of time (as compared to network communications from classical computers). And it keeps trying until it succeeds. “An ideal protocol for certified randomness either aborts, resulting in an ‘abort state’, or succeeds, resulting in a uniformly distributed bitstring that is uncorrelated with any side information,” the team wrote.
Quantum computers are in an awkward growing-pains phase, as teams work at fever pitch to get them ready for applications that... don’t really exist yet. There hasn’t been a killer app for quantum computing the way that Super Mario Bros. first made everyone realize they needed a Nintendo in the 1980s.
This research has a stated agenda, which is to make quantum computers practical. In fact, four authors are listed as patent holders via JPMorgan Chase related to this work. “[W]e demonstrate a useful beyond-classical application of gate-based digital quantum computers,” the team explains. In other words, we can start doing this now, using technology as it is today.
You Might Also Like