SoS Musings #53 - True Randomness Boosts Security
SoS Musings #53 -
True Randomness Boosts Security
For most, if not all, cryptographic systems, random numbers play an essential role in determining the strength of the system's security and influence how difficult it is to attack the system. Randomness in cryptography prevents eavesdroppers from guessing the cryptographic keys used to protect data. Besides cryptography, random numbers are important for various other applications, such as lotteries, games, random sampling, simulation, and modeling. The two main types of random number generators are Pseudo-Random Number Generators (PRNGs) and True Random Number Generators (TRNGs). PRNGs are deterministic algorithms in which mathematical formulas are used to produce sequences of numbers that appear random. A PRNG uses a “seed,” which is an initial value for generation, and therefore, can produce the same sequence of random numbers. A TRNG differs from a PRNG in that it generates truly random numbers by using unpredictable physical processes such as quantum phenomena, thermal noise, and more. The deterministic nature of PRNGs makes TRNGs the most suitable for the application of security (e.g., generating data encryption keys). The generation of random numbers must be invulnerable to prediction or bias and provide true randomness. Therefore, researchers are encouraged to delve deeper into the improvement or development of TRNGs to bolster encryption and security.
Due to its completely random and unpredictable processes, researchers have turned to quantum physics for developing new cryptographic techniques, specifically the generation of random numbers. Much effort has been made in the realm of quantum random number generation to produce true randomness. Researchers at the National Institute of Standards and Technology (NIST) developed a method for generating random numbers based on quantum mechanics. The experimental technique ensures the unpredictability of its random numbers with the aim of improving security and trust in cryptographic systems. NIST's method generates digital bits (ones and zeros) with particles of light known as photons, using data produced in an improved version of the 2015 NIST physics experiment in which researchers proved that “spooky actions at a distance” are real. Einstein used that term in reference to quantum mechanics -- the behavior of the smallest particles of matter and light. In particular, he was referring to entanglement, which is a quantum phenomenon where two physically separated particles have correlated properties with values that are unknown until they are measured. NIST's quantum method involved an intense laser that hits a special crystal, converting laser light into entangled pairs of photons, which are then measured to produce a string of truly random numbers. NIST explains that quantum mechanics provide a high-level source of randomness as the measurements of some quantum particles have results that are fundamentally unable to be predicted. Researchers from the University of Geneva (UNIGE), Switzerland, developed a self-testing quantum random number generator that allows the user to verify the reliability of the generated random numbers in real-time. The generator should solve tasks for which it has been calibrated. If the tasks are solved correctly, the output numbers are guaranteed to be random. However, if the tasks are not solved correctly, then the generated numbers are not guaranteed to be random and the user should recalibrate the device, thus avoiding the risk of using numbers with little or no randomness for cryptographic protocols and other security applications. An international team of researchers from Nanyang Technological University, Singapore (NTU Singapore), Yale University, and Trinity College Dublin developed a laser system capable of generating random numbers over a hundred times faster than current technologies, thus paving the way for faster, inexpensive, and more secure data encryption. This system uses a laser with a special hourglass-shaped cavity to generate random patterns formed by light rays reflecting and interacting with each other in the cavity. The system generates many sets of random numbers by reading the patterns. As the laser shines, light waves bounce between either end of the hourglass. A fast camera is used to record the fluctuations in the intensity of the quantum particles of light, which are then translated by a computer into a random series of numbers. According to the team, no two sequences of numbers generated by the system were the same because of the unpredictable way in which the light rays reflect and interact with each other within the cavity. More recently, a team of scientists from China presented what is said to be the fastest real-time quantum random number generator as it delivers random number output more than twice as fast as conventional quantum random number generators. Their photonic integrated chip sets a world record as it can generate random numbers at approximately 19 gigabits per second. It is also measured at only 15.6 by 18.0 millimeters, which is significantly smaller than most current instruments used for quantum random number generation. Such a chip could be useful in mobile phones and other compact devices to improve security. It is essential to continue exploring and improving the effectiveness and efficiency of quantum random number generation to produce true randomness that could strengthen security systems.
There have also been efforts to develop true randomness for security that does not rely on quantum phenomena. Researchers at Pennsylvania State University delved into biology to help achieve true randomness since many biological processes cannot be unraveled by a computer due to their lack of mathematical basis. They took a photograph of a random, 2D array of T cells in solution. Then they digitized the photograph by creating pixels on the image and turning the T cell pixels into “ones” and the empty spaces into “zeros.” Living cells of any type can be kept around for a long period of time and can be photographed repeatedly to create new encryption keys because of their constant movement. In another study, researchers at ETH Zurich applied a non-physical method of generating true random numbers, which involves using biochemical signals. In this approach, the ETH researchers apply the synthesis of DNA molecules, an established chemical research method traditionally used to produce a precisely defined DNA sequence. The researchers built DNA molecules with 64 building block positions in which one of the four DNA bases A, C, G, and T was located at each position randomly. A combination of nearly three quadrillion individual molecules was produced through simple synthesis. The scientists then determined the DNA sequence of five million of the molecules, resulting in 12 megabytes of data, which was then stored as zeros and ones on a computer. This study showed that random occurrences in chemical reactions could be leveraged to generate perfect random numbers for data encryption and other applications. Such efforts emphasize the importance of exploring more alternative ways of achieving randomness that could support security systems.
Randomness is fundamental to all aspects of data security, as the strength of a security mechanism is proportional to the randomness of the numbers it uses. Random number generation is a critical component of the encryption processes that protect data. Research and development must continue in the realm of generating truly random numbers in effective and efficient ways.