CEO of Montreal-based firm Quantum eMotion
In the arms race between cybersecurity and cybercriminals, we’ve always relied on complexity trumping computational power. In the era of quantum computing, complexity isn’t enough. We need true randomness.
A good random number is hard to find. Humans are famously bad at generating and identifying randomness and, surprising as it may be, traditional computers are even worse at it than we are. And yet, just as with a combination lock, randomness is a fundamental building block of modern digital encryption. Without a good source of pure randomness, even our strongest cybersecurity measures have a critical flaw that leaves them vulnerable to the rapidly accelerating march of computational power.
“When an algorithm generates a random number, almost by definition, you know that it’s not really random – it is deterministic by nature because it has been created by a complex formula behind it,” explains Francis Bellido, CEO of Montreal-based firm Quantum eMotion, the only public quantum random number generation (QRNG) company in the world. “So there’s a pattern. It’s extremely complex and the sophisticated encryption keys could take hundreds of years to crack with the best computers today. But now we have the threat of quantum computers, which have already in the prototype stage increased calculation capacity millions of times over. With this kind of capacity becoming mainstream in four or five years, it will be possible to crack any existing encryption system one way or another. It’s another level of threat.”
With cyber criminality increasing fourfold over the course of the pandemic, it’s become clear that we can not rely on winning the arms race of computing power. The only way to future-proof our cybersecurity is to remove the computational element altogether with encryption seeds that are incalculable because they are truly random. But where do we find these pure random numbers?
The quest for true randomness
In the world of computing, there is actually a long history of bizarre-sounding schemes to generate randomness. Your computer today will sometimes use inputs like mouse movement and fan speed to salt randomness into its algorithms. At tech companies, it is surprisingly common to find something like a camera pointing at the foliage or even a lava lamp to track chaotic movements, so desperate are we for random numbers. And even still, these awkward systems are trading primarily in complexity, not true randomness.
“In Newtonian physics, there is nothing random, every single physical phenomenon is deterministic,” says Bellido. “The only way to get pure true random numbers is to rely on quantum mechanics. What we have developed is a tunnel junction which we bombard with electrons and measure the quantum tunnelling effect. It is purely random, what we call in physics a source of pure entropy.”
The idea of quantum random number generators (QRNG) is not new, in and of itself. Indeed, systems using Geiger counters to measure the quantum decay of radioactive materials have been popular among the esoteric kludges used over the decades. But those present obvious problems of safety and portability. This is different.
A system is only as secure as its weakest link
“The junction itself is extremely small, 10 microns across,” says Bellido. “You can put that on a microprocessor. It will fit in a USB key or on a chip in your phone, making it completely uncrackable. The simplicity of our technology means it is very versatile and can be miniaturized. That’s going to be very important because it’s our vision that in the future, every device that connects to the Internet should have a QRNG. Because, after all, every time you connect a device to the Internet, you are creating a new door for cybercriminals to enter your home or business.”
As the world of computing continues to be transformed in the quantum era, future-proofing those doors is going to require the kind of locks that only true randomness can provide.