Quantum Physics and the Hunt for Entropy

There is an old joke among physics nerds in which renowned quantum physicist Werner Heisenberg is stopped by the police for speeding. “Do you know how fast you were going?” asks the cop. “No,” replies the physicist, “but I know exactly where I am.” “You were going one hundred and eighty kilometers per hour!” exclaims the cop. “Great,” retorts Heisenberg. “Now I’m lost.”

Some might argue that this whimsical Witz about Heisenberg’s uncertainty principle is neither here nor there. But it’s worth remembering that all things in cryptography strongly depends on the unpredictable: key generation and many cryptographic operations rely on the ready availability of good quality random data.

Data encryption keys are nothing but 32 bits of Random data each. Signing keys are derived from random numbers, and each digital signature operation they perform requires a good quality random number to remain secure. The computers that execute these cryptographic algorithms, however, are designed to be very predictable: no matter how unpredictably the electrons within bounce, when the machine adds one plus one the result needs to equal two with extremely high confidence.

These worlds collide when the ruthlessly predictable computer needs reliably unpredictable random data. As a computer dedicated to cryptographic operations, Fortanix Data Security Manager uses a hardware Random Number Generator (RNG) on the CPU. Following guidance from Special Publication 800-90 by the US National Institute of Standards and Technology (NIST), its output is used to seed a Deterministic Random Bit Generator. This function, based on counter-mode AES encryption, provides a steady stream of reliably unpredictable Random data for every function in the Fortanix appliance that needs it.

Why are all these extra steps? Two main reasons. First, the output of a hardware RNG is often not very good. There may be bias (more zeroes than ones, or the other way around), and the output may depend on environmental factors like ambient temperature. And a hardware RNG can be exhausted if there is simply not enough entropy in the system to satisfy its consumers’ needs.

A DRBG fixes that as it takes a small seed from the RNG and encrypts that produce a predictable stream of random output. Secondly, since it is deterministic, a DRBG function can be tested. Seeded with a known value, the DRBG produces the same output pattern which allows organizations like NIST to test and certify implementations. Fortanix has a certificate from NIST for the DRBG in Data Security Manager. Periodically re-seeded with an unknown value (the hardware RNG output), the output of the DRBG is a virtually inexhaustible stream of high-quality Random.

Under normal circumstances, nothing should come between the hardware RNG and is seeding the DRBG. But there are those who require oversight or control over what goes into the DRBG, and for their benefit Fortanix is adding support for an external entropy source. We partner with vendors of Quantum Random Number Generators: Qrypt and Quantum Dice, to take the output of their random sources and add it to the seed of the DRBG along with the existing entropy.

Together, internal and external entropy further ensure the quality of the Random numbers that are so crucial to modern cryptography and data protection, and that both cryptographic keys and operations are grounded in bouncing electrons that neither know exactly where they are, nor how fast they are going.