Quantropi was proud to work with Palo Alto Networks on the QRNG Open API Framework that was announced on January 22, 2025.
Background
Random number generation (also known as entropy generation) plays a critical role in modern cybersecurity systems – the more “random” the number seed that is used for cryptographic key generation, the harder it is to compromise the key. Today’s security systems rely primarily on deterministic pseudorandom number generators (PRNGs) that algorithmically generate streams of seemingly random numbers starting from a small secret. Gaining knowledge of this secret would allow attackers to predict these random numbers and ultimately compromise the cryptographic key. For the most part, PRNGs have been “good enough” for decades. However, accelerating innovations in both artificial intelligence and quantum computing are leading to a new era of robust and sophisticated attacks on number generation and cryptographic keys. This puts standard classic cryptographic algorithms like RSA, ECC, and even AES-256 at risk, but it could impact the new NIST PQC standards even more because they require even larger blocks of entropy to produce longer and more complex cryptographic keys.
Quantum Random Number Generation
In contrast to PRNGs, quantum random number generators (QRNGs) use natural physical phenomena, such as electron tunneling, which are not algorithmic and therefore highly unpredictable. Because of this, random numbers from QRNGs cannot be compromised by the emergence of new technologies such as quantum computing and AI. QRNGs usually exist as a custom hardware component that is added to a server or pc or, in some cases, as a computing chip that can be built into a system.
Multiple hardware vendors now offer commercial QRNG solutions, however the vendors use proprietary APIs specific to their solutions and system targets. This presents customers with a challenge in QRNG selection and integration, which can be both time-consuming and complex. Proprietary APIs also present a barrier for switching from one QRNG solution to another.
QRNG Open API Framework
Palo Alto Networks led an industry consortium including Quantropi to develop a common QRNG API framework to address these challenges. By providing an easy-to-implement common QRNG API, customers can accelerate their adoption of QRNG systems and enjoy seamless interoperability between QRNG vendors.
Choosing a QRNG Solution
Even with an open QRNG API, there are still many different vendor solutions to choose from. Two major types of QRNG solutions exist: streaming services and local hardware installations. Streaming services generate QRNG in the cloud and send it over network infrastructure to the destination endpoint. Local hardware installations involve procuring a vendor’s QRNG hardware device and then installing and configuring it on a server or PC inside your network.
Quantropi developed our QiSpace™ Quantum Entropy as a Service (QEaaS) platform to provide customers with the best of both worlds – the security, performance, and convenience of a local hardware solution delivered in a turnkey, highly scalable and resilient cloud service that is compatible with the QRNG Open API Framework. Unique advantages of QiSpace QEaaS include:
- Deployment Simplicity – Our entropy streaming service can be deployed instantly with no QRNG hardware purchase or installation required. Local hardware installations require the customer to design for redundancy and scale, monitor uptime and performance, and deploy patches and updates, all of which QiSpace provides out of the box.
- Entropy Sovereignty – Having control or “sovereignty” over your entropy source is important. This is typically an advantage for a local hardware solution but also a strength for QiSpace QEaaS. We provide customers with entropy control, security and sovereignty using a three-tier architecture that includes a local distribution node managed by the customer and deployed on the customer network. Effectively, this is a “QRNG hardware-free” local entropy source backed by cloud scale and flexibility.
- Entropy Choice and Diversity – Local hardware implementations lock you into a QRNG supplier, even with the Open API Framework. Switching to another QRNG solution involves absorbing the sunk cost of any hardware investment. Our QEaaS solution uses a heterogeneous supply of high-quality QRNG sources. You have the option to configure your local distribution node to use entropy from a single specific QRNG hardware vendor’s device residing in our cloud service and then switching to a new vendor is just a simple configuration change. Alternatively, you can elect to mix entropy from multiple sources as your security and entropy strategy dictates. We offer the added benefit of continuously evaluating the best-of-breed QRNG suppliers to include in our streaming service.
- Quantum Secure Distribution – Our streaming service uses multiple levels of quantum secure encryption to guarantee security. In addition to a quantum secure network layer, we also use our patented Quantum Permutation Pad (QPP), to symmetrically encrypt the entropy payload itself – keeping your entropy secure even if the network is compromised. All our security features, including the unique payload encryption, are available in the QRNG Open API Framework implementation.
- Enterprise Scale and Redundancy – Our steaming service uses a true microservices cloud architecture providing enterprise-class hyperscale and reliability. We offer customers complete flexibility to operate the distribution tier as a containerized service that can seamlessly operate across geographies, taking advantage of standard and proven cloud scaling and redundancy services.
The imperative to harden cryptographic keys and mitigate new attack vectors has never been more important. Weak entropy produces weak keys whereas QRNG maximizes key strength, especially for the new NIST PQC standards. The QRNG Open API Framework is a great step forward that will give customers more freedom to quickly adopt QRNG solutions and harden their cryptographic infrastructure. We are excited to offer our streaming QiSpace QEaaS solution that provides all the performance, scale, reliability, and ease of deployment of a cloud solution with best-in-class security and sovereignty for customer control.
