52.6 F
Washington D.C.
Thursday, October 6, 2022

PERSPECTIVE: Harnessing Nature’s Randomness to Guide Cybersecurity

In perhaps his most famous quote, Professor Einstein said that “God does not play dice with the universe.” Of course, he was referring to the bizarre, random effects of our quantum world – and researchers at the National Institute of Standards and Technology (NIST) recently published a creative means for harnessing this randomness as the basis for making cryptography more effective. This is a welcome contribution, as cryptanalytic hackers begin to utilize quantum.

Specifically, the NIST team published a method in the journal Nature for generating random numbers via quantum mechanics (“Experimentally Generated Randomness Certified by the Impossibility of Superluminal Signals,” Peter Bierhorst, et al, Nature 556, 223-226: 2018). The findings had quite an impact, including among the researchers at Cambridge Quantum Computing (CQC), a UK company housed in the prestigious Cambridge Union Society Building.

What the CQC folks have done is create a commercial security solution called IronBridge that implements the techniques advocated in the NIST work. Such demonstration of the practicality of the NIST method has considerable consequences, almost all of which are positive. “We believe that true randomness provides a base on which cryptography can truly withstand the effects of more powerful cryptanalysis,” explained Dave Worral, head of engineering at CQC.

To understand randomness in the context of number generation, one can merely conceptualize a special device that spits out numbers – one after another, after another, after another, and so on. When the resulting sequence provides a stream of output that cannot be predicted in advance, or that does not expose reliable, dependable patterns, then we say that the sequence of numbers is random. Cryptographic methods depend on this being so.

CQC uses the natural physics of our world – as advocated by the NIST team – to translate the randomness of how light scatters into a method for creating and testing randomness in the generation of numbers for cryptography. This will allow cryptographic algorithm and protocol designers in the coming years to avoid existing and weaker, pseudo-random generators in operating system kernels and open-source tools such as OpenSSL.

My comment earlier that the consequences of this work are almost all positive stems from my observation that application of this NIST advance in commercial solutions such as IronBridge will require considerable governance and surgical care to install into a typical enterprise. Expect to see consulting firms begin to help security teams deal with the advancing risk of quantum cryptanalysis. Readers are advised to keep an eye on this, especially in government.

Perhaps the best news here is the wonderful synergy on display across the global cybersecurity community. At a time when diplomats, national leaders, and business managers search for ways to improve global coordination and cooperation, our own technology-based community continues to provide and demonstrate leadership in how the benefits of great cybersecurity research and development can be shared on both sides of the Big Pond.


The views expressed here are the writer’s and are not necessarily endorsed by Homeland Security Today, which welcomes a broad range of viewpoints in support of securing our homeland. To submit a piece for consideration, email HSTodayMag@gtscoalition.com. Our editorial guidelines can be found here.

Dr. Ed Amoroso
Dr. Ed Amoroso is currently Chief Executive Officer of TAG Cyber LLC, a global cyber security advisory, training, consulting, and media services company supporting hundreds of companies across the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016. He is author of six books on cyber security and dozens of major research and technical papers and articles in peer-reviewed and major publications. Ed holds the BS degree in physics from Dickinson College, the MS/PhD degrees in Computer Science from the Stevens Institute of Technology, and is a graduate of the Columbia Business School.

Related Articles

- Advertisement -

Latest Articles