Such advancements are in line with The White House’s May 2022 national security memorandum that put an emphasis on the U.S.’s quantum computing roadmap. If the researchers’ proposed protocol is run via a 50+ qubit quantum computer — like Google’s Sycamore processor — it could produce truly random (and not pseudorandom) unpredictable numbers sequences impervious to cyber-compromise. Other quantum computers like Xanadu’s Borealis, USTC’s Jiuzhang, and “Zu Chongzhi,” are also viable, researchers said. The substantial research proposal, released on March 2, explained that the protocol could only be run on cutting-edge quantum computers. It would revolutionize password creation, secure messaging, and secure cryptocurrency transactions because it can “certify” truly random numbers essential to secure communication. Researchers noted that there are drawbacks, however, as this protocol “appears to be the only practical application of quantum computing that both requires a QC [quantum computer] and is physically realizable today,” they added.
The Importance of ‘Certified Randomness’ in Cybersecurity
In the paper, researchers noted the vulnerabilities of certifying randomness by mentioning famous whistleblower Edward Snowden’s 2013 revelations when “the world learned that a NIST pseudo-randomness standard known as Dual_EC_DRBG was indeed backdoor [vulnerable to spying] by the US National Security Agency.” Some examples of issues with certifying randomness are with “proof-of-stake cryptocurrencies,” like Ethereum (ETH), researchers said. “In proof-of-stake systems, lotteries are continually run to decide which currency holder gets to add the next block to the blockchain. There is no trusted authority to manage these lotteries, yet the entire system rests on the assumption that they are conducted honestly and without bias. Other applications of certified randomness include non-interactive zero-knowledge proofs and financial and electoral audits.” For this protocol to work, researchers said a classical computer is required to simulate outputs on a quantum computer’s bits (qubits). If the classical computer cannot complete this process, it is then assumed that the quantum process is truly random. This way, the requirement to witness the randomization process — which poses a cybersecurity risk in itself — is also, in theory, not required. This is not the first instance of such an experiment, researchers added. “We are not the first to propose using a quantum computer to generate certified random bits,” they noted. However, their advantage over others is that it is easier to implement on an existing quantum device.
The Drawbacks of the Researchers’ Protocol
For the time being, such a protocol running on a quantum computer that expends massive amounts of electricity would be extremely expensive and may not be bulletproof just yet, researchers said. What is more, current cryptographic number generators are already difficult to hack by all but the most sophisticated adversary. “All random number generators in use today are pseudorandom — they are so hard to predict that their output seems random. But attacks are possible. A number generator that gives a truly random result, however, would be invulnerable,” NewScientist said on Saturday.For a sophisticated hacker to be able to spoof the researchers’ protocol would require a processor capable of about sixty operations per second — “the expenditure … would run into billions of dollars, outside the means of all but corporations and nation-states,” researchers added. Advances in quantum security could thwart future quantum cyberattacks targeted at breaking international encryption standards like RSA or the CRYSTALS-Kyber public key recommended by the U.S. National Institute of Standards and Technology (NIST). For the moment, what you can do as a user is to ensure your accounts are protected with as many layers of authentication as possible. Top that off with the ultimate secure password, and you will have massively improved your personal cybersecurity.