Random numbers are a fundamental resource for all the branches of Science. In fact, solutions to complex problems, models and predictions can be found by means of simulations. However, simulations wouldn't be possible without random numbers. Random numbers have also a central role in Information Science and Information Technology. All the cryptographic protocols that secure our digital life, e.g. mobile communications, Internet, online transactions, need random numbers to function. Currently, the systems to generate random numbers for the above applications, the so-called random number generators (RNG), are still based on a technology developed almost eighty years ago. Unfortunately, this technology is becoming increasingly less suitable to meet the needs of reliability and security related to the ongoing exponential growth in power and diffusion of computers and digital devices. This project is about the development of an Ultra-Fast, Integrated and Certified Secure (UFICS) RNG based on Quantum Physics to exactly meet these new technological challenges.
Although technology has experienced an incredible advancement, random numbers both for simulations and cryptographic protocols are still generated with PRNGs. The reason is simple. Although outdated these methods are costless in terms of implementation: a PRNG is nothing more than few lines of codes that occupy a tiny amount of digital memory space.
However, in terms of negative consequences the use pseudo-randomness can be very expensive. In fact, by knowing the seed or by taking note of the numbers emitted during the first cycle of computation, one can be able to decrypt communications, get access to sensitive data and even trick lotteries. In addition, scientific theories developed by using bad PRNGs can lead to wrong predictions.
Quantum Physics has proven to be completely successful in describing how Physics works at its smallest scale. At atomic scale, the famous uncertainty principle of W. Heisenberg holds. In the detail, if a quantum system, such as an electron, is measured in a suitable way, all the possible outcomes of this measurement are completely unpredictable. It is worth emphasizing that this level of randomness is much deeper than the one that can be obtained, for example, by tossing a coin or a dice. In fact, both the coin and the dice obey the rules of Classical Mechanics, since they are macroscopic physical systems. Hence, in principle, their outcomes can be predicted. Instead, for a quantum system the outcome is impossible to be predicted even in principle.
The same technological advancements that made obsolete PRNGs, make it possible now to have an easy access to this perfect source of randomness. In fact, the progress of the so-called photonics (that branch of electronics dealing with the generation and the analysis of light), enables the manipulation of photons, which are quantum systems related to the particle nature of light. Hence, it is possible to design and realize devices able to enforce the Heisenberg’s Uncertainty Principle on the photons and hence obtain genuine random numbers. These devices are called quantum random number generators, QRNG.
The role of encryption protocols is of critical relevance to guarantee the privacy and security in exchanging and storing digital information. Recent studies1 have demonstrated that the common weak point of such protocols is the part of key generation, implemented by using pseudo random number generators. This weakness has been exploited indeed in recent hacker attacks2.
Unpredictability is then an essential requirement for cryptographic RNGs. As stated in the report “Recommended Cryptographic Measures — Securing Personal Data” 3 by the European Union Agency for Network and Information Security (ENISA) when it comes to generate cryptographic keys states that:
Secret keys and private keys need to be unpredictable
However the report also acknowledges that:
Generating secret keys or private keys with a sufficient amount of entropy turns out to be a very challenging task in practice.
This project addresses this challenge. We aim to realize a QRNG that might represent a suitable solution to the ever increasing demand for secure random numbers. The targets are: ultra-fast generation rate, compact design, tested resiliency and unpredictability as guaranteed by the quantum randomness. With these features our QRNG could be a real competitor to PRNGs not only in terms of security but also in terms of generation speed and the ease of use.