Cambridge Quantum
Published in

Cambridge Quantum

The NCSC Is Right to Criticise Existing Quantum Security Technology

Cambridge Quantum took a fundamentally different approach, which addresses their concerns and works today

The Flawed Approach to QRNGs

Before we get into the specifics of the NCSC statement, it’s helpful to understand how a typical QRNG device works. Later in the article, we’ll discuss the fundamentally different approach CQC has taken.

Are These Devices Suitable for High-Security Use?

The NCSC squarely addresses these flawed QRNGs when it presents the advice in its statement. The NCSC acknowledges that, in theory, quantum technology can provide “truly unpredictable numbers”, but in practice, these QRNGs have fallen short.

“… QRNGs will necessarily sit inside classical circuitry for collection and processing, and this classical circuitry adds noise to the measurement of the quantum state.”

The NCSC also highlights the vulnerabilities that emerge when you place complete trust in the physical correctness of the device. These flawed QRNGs rely on a trusted device model, where every component in the device (or almost every component) is assumed to be functioning correctly at all times. This means that these devices cannot determine when they have been tampered with, or when their components have aged and degraded in performance. This means that end applications will use flawed randomness to create weak security keys, leading to a potential compromise of security.

The Right Way to Build a QRNG

To solve the issues raised by the NCSC, the single most important task is to eliminate trust in the QRNG device. This is easier said than done and virtually all the serious players in this sector have been exploring ways to solve this problem. None has yet succeeded until recently when we at CQC unveiled the first glimpse at our unique patent-protected, device-independent randomness generation protocol, which underpins our IronBridge product.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store