A brief commentary written by Crypta Labs’ CSO Dr Jose Coello in conjunction with Bloc Venture’s David Pollington.
Cryptographic algorithms are pivotal in safeguarding the confidentiality, integrity and authenticity of all our digital information and online services.
Their security relies on a set of intractable mathematical problems which are safe against attack using the computing capabilities of today, but will succumb to Shor’s algorithm on a sufficiently large quantum computer sometime in the next decade.
To mitigate this “quantum threat”, a new set of post-quantum cryptographic (PQC) algorithms have been devised, and now published by NIST.
But mitigating Shor’s algorithm alone will not guarantee quantum resilience.
Post-quantum cryptographic algorithms, just like those in use today, are reliant on a robust source of entropy that delivers true randomness for generating the keys used within the protocols.
A common way of achieving this is through a True Random Number Generator (TRNG) that extracts randomness (entropy) by sampling a physical source such as thermal or electrical noise, or jitter in an oscillator.
TRNGs though can be slow (limited to hundreds of Kbit/s), and therefore risk the entropy pool becoming exhausted – a serious issue, that could result in the same or similar random numbers being output until the entropy pool is replenished, and result in the generation of vulnerable keys that expose the cryptographic algorithms to attack.
One way of addressing this bottleneck is to expand the entropy pool artificially using a hash function, but doing so introduces weaknesses that a quantum computer can exploit using Grover’s algorithm.
Quantum Random Number Generators (QRNG) circumvent this issue by providing a provably random entropy source based on the laws of physics that produces randomness in abundance and several orders of magnitude faster than current classical RNGs – Crypta Labs’ QRNGs, for instance, can reach speeds of many Mbit/s and even Gbit/s, which will be crucial for serving PQC’s larger key sizes in the context of high bandwidth applications.
The transition to quantum-resilient cryptography is imperative, and the new PQC standards are fundamental to achieving it. But full resilience requires more than just PQC to mitigate Shor’s algorithm; equally important is the use of QRNGs in providing a robust entropy source that is not vulnerable to Grover’s algorithm, a lesser-known but equally critical threat.
References linked above:
https://www.rand.org/pubs/commentary/2023/09/when-a-quantum-computer-is-able-to-break-our-encryption.html
https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved
https://www.keyfactor.com/blog/the-irony-and-dangers-of-predictable-randomness/
https://arxiv.org/pdf/2202.10982
https://scienceexchange.caltech.edu/topics/quantum-science-explained/uncertainty-principle
https://cryptalabs.com/quantum-random-number-generator/