Quantum Entropy in HSMs (A02b)
This is a Joint paper based on collaborative work with Entrust and Quantum Dice, an Oxford University startup. Dr. Ramy Shelbaya, CEO from QD, will be co-presenting). The quality and reliability of entropy sources have become a paramount concern in the realm of cryptographic systems, especially after the revelations of weak entropy leading to the compromise of hundreds of thousands of certificates, as demonstrated by KeyFactor’s discovery, in addition to the recent vulnerability noted in the ASA Firewall systems. Traditional standards such as NIST SP800-90B and AIS-31 aim to provide assurances on the entropy sources and are requisite for Hardware Security Modules (HSMs) in regulated environments. However, these standards generally involve statistical assessments conducted at a fixed point in time, potentially leaving entropy sources vulnerable to deterioration or external manipulations post-certification. This paper delves into the recent advancements of source-device independent quantum entropy sources, elucidating their inherent features that inherently produce high-quality randomness. A key differentiation emphasized is the ability of source-device independent quantum entropy sources to offer real-time health checks or certifications based on physical measurements rather than statistical inference, thereby continuously monitoring and affirming the quality of the randomness generated. The presenters demonstrate that continuous assessment and quantum foundations make these sources superior in ensuring robust security compared to traditional entropy sources that rely on periodic and statistical evaluations. By integrating these novel quantum entropy sources into HSMs, they posit that cryptographic systems can achieve unparalleled levels of assurance in their randomness, bolstering the overall security posture in our increasingly digital world.