Quantum Randomness in Cryptography—A Survey of Cryptosystems, RNG-Based Ciphers, and QRNGs

Abstract

Cryptography is the study and practice of secure communication with digital data and focuses on confidentiality, integrity, and authentication. Random number generators (RNGs) generate random numbers to enhance security. Even though the cryptographic algorithms are public and their strength depends on the keys, cryptoanalysis of encrypted ciphers can significantly contribute to the unveiling of the cipher’s key. Therefore, to ensure high data security over a network, researchers need to improve the randomness of keys as they develop cryptosystems. Quantum particles have a leading edge in advancing RNG technology as they can provide true randomness, unlike pseudo-random numbers generators (PRNGs). In order to increase the level of the security of cryptographic systems based on random numbers, this survey focuses on three objectives: Cryptosystems with related cryptographic attacks, RNG-based cryptosystems, and the design of quantum random number generators (QRNGs). This survey aims to provide researchers with information about the importance of RNG-based ciphers and various research techniques for QRNGs that can incorporate quantum-based true randomness in cryptosystems.

1. Introduction

Information security is the principal concern whenever data is transmitted over a network, a confined physical space of connected digital equipment, or a public network, such as the Internet. The information is considered secure if it cannot be understood by someone other than the intended recipient. The unintended person trying to steal the information is referred to as a hacker. In cryptography [1], one part of cryptology, such information is termed encrypted data, and the cryptosystem is designed with the primary concern of confidentiality and a security measure to safeguard the information from unauthorized access. The cryptosystem includes three significant processes: the Key Schedule Algorithm (KSA), the Encryption Algorithm, and the Decryption Algorithm.

The KSA is a process of generating keys for encryption and decryption. It takes the user-defined or original key as a set of bits, such as 40, 128, 192, 256, or more significant bits, to expand them based on its processing steps or the number of rounds designed for the encryption algorithm. The purpose of the KSA is to make the key so strong that it is not vulnerable to attack, and hackers cannot find the original key.

The Encryption Algorithm (EA) encrypts data by using a key and converts it to an unreadable format, and this process is called encryption. On the other hand, a Decryption Algorithm (DA) involves using the same or different key for decoding the cipher and converting the cipher back into the original data, which is called decryption. Figure 1a,b shows the three processes.

Encryption transforms plaintext into the ciphertext and secure ciphers by associating various cryptographic properties such as nonlinearity, propagation criteria, correlation, and algebraic immunity. However, the security of a cipher depends on how vulnerable the used key is to a cryptanalysis attack [2]. In addition to KSA, which divides the key into subkeys, random numbers can be used to make the key more robust and complex.

Figure 2 shows the KSA and encryption of a cryptosystem with a random number generator (RNG). RNGs provide the random numbers or bits used in achieving randomness in a cryptosystem. Encryption encrypts the plain text into ciphertext with advancement in an RNG-based cryptosystem; the KSA key also incorporates the random number bits generated by an RNG.

RNGs’ randomness critically depends on the type of RNG.

Pseudorandom number generators (PRNGs) [3,4] are based on algorithms for generating seemingly random numbers, which are determined by their seed, or initial value to enhance security. Shobhit Sinha et al. [5] compared various PRNGs based on their statistical randomness and cryptographic security, concluding that some PRNGs performed significantly worse than others.

Hardware and portable USB-based true random number generators (TRNGs) generate a truly random number based on digital noise intervention. The entropy or randomness source for TRNGs is usually electrical noise and an unpredictable component of electronic systems. Lishuang et al. [6] compared the advantages and challenges of entropy sources that use electrical noise.

True (non-pseudo) random data [7,8] can also be achieved by using a quantum random number generator (QRNG) based on quantum particles. Random number generators with quantum [9] randomness are superior to pseudo or true RNGs, as their source of randomness is invulnerable to environmental disturbance, such as temperature, voltage, or current and provides the highest level of entropy [10].

In this survey, we discuss and categorise various studies on cryptography and RNGs. In the first category, we study cryptosystems and cryptographic cryptoanalysis of the ciphers. Our second category focuses on different RNG-based cryptosystems in light of the RNGs’ robustness. This category results help analyze the enhancement in the security of a cryptosystem. We will discuss in the last category the multiple features of QRNGs, analyzing how the QRNGs differ from each other and which of the QRNG features are best suited for any given application.

Lastly, this paper discusses and proposes open research problems for a cipher function, which relates to the randomness of quantum random numbers (QRN).

This research aims to contribute to the future of cryptography and to become a part of the open quantum-safe project [11]. The survey is organised as follows: Section II provides a survey methodology, categorised into three subsections. Section III focuses on open research problems of ciphers based on QRNGs. The paper is concluded in Section IV.

2. Survey Methodology

The survey methodology is subdivided into three categories:

• Category I: Cryptosystems and cryptographic attacks
• Category II: RNG-based cryptosystems
• Category III: Research objectives of quantum-RNGs for cryptosystems

2.1. Category I: Cryptosystems and Cryptographic Attacks

In cryptology, a cryptography algorithm is an art of creating codes or algorithms that turn plain text into ciphertext and ciphertext into the original text. It establishes secure communication between two entities in the public domain, such as the Internet, where unauthorized users and information hackers are present.

The main difference between the cryptography algorithm is the relationship between the encryption and the decryption key. Logically, in any cryptographic system known as a cryptosystem, keys generated and expanded by KSA play an essential role in the cryptographic process.

A private key is used for both encryption and decryption, and algorithms are classified as symmetric key cryptography, whereas asymmetric key cryptography uses a pair of public and private keys for encryption and decryption or signing and verification.

Figure 3a,b visualizes symmetric key cryptography and asymmetric key cryptography, respectively.

There are two types of symmetric key cryptography, block cipher and stream cipher.

Block cipher: A block cipher encrypts or decrypts a block of data. Encryption transforms plaintext into an equal length of ciphertext block, whereas the decryption performs the reverse process on the same block of ciphertext block. It primarily uses either of the following two network structures.

Feistel (F)-Network: In F-Network, the input data splits into two parts—the left and the right. The right part remains unchanged, and the left part goes through the operation with the key. After processing several rounds of operations designed by the algorithm, the combination of the left and right parts constitutes the ciphertext.

Substitution-permutation (SP) network: In the SP network, the substitution layer consists of a substitution (S)-box and operates on short data segments. Due to the layer’s highly nonlinear property, it creates confusion in the internal ciphertext. The permutation layer diffuses the effect of substitution across the entire block.

Stream cipher: A stream cipher performs encryption or decryption on a digital data stream of 1 byte or 1 bit. When data is to be transmitted over a communication channel or through a web browser, this can be helpful. It depends on different structures broadly categorized as follows: arithmetic and XOR(AX), linear feedback shift register (LFSR), a combination of LFSR and nonlinear-feedback shift register (LFSR+NFSR), and pseudo-random function (PF)

Arithmetic and XOR(AX): Arithmetic operations include all bitwise operations (XOR, NAND, OR, Modulo operator) for cryptographic functions.

LFSR: LFSR is a shift register where the input bit is a previous state’s linear function (exclusive-or (XOR)). The input is affected by previous stage values, so it operates as a feedback mechanism.

NFSR: NFSR is a shift register where the input bit is a previous state’s non-linear function. The stream cipher also uses the LFSR+NFSR structure, which combines the LFSR and the NFSR.

PF: These functions are based on pseudo-random numbers generated by PRNGs.

Table 1. List of symmetric key cryptography systems.

Symmetric-Key Cryptography (A Secret Key Generated by KSA for Encryption Decryption)
Block Ciphers		Stream Ciphers
F Network	SP Network	AX	LFSR
1900’s	1900’s	1900’s	1900’s
― DES [12]	― Safer-K [13] ― 3-Way [14] ― SHARK [15] ― AES [16]	― RC4 [17]	― A5/1 [18] ― A5/2 [19]
― 3 DES [12]
― IDEA [20]		2000’s
― Blowfish [21]		― Rabbit [22] ― SOBER-128 [23] ― QUAD [24] ― Trivium [25] ― Salsa20 [26]
― Tea [27]			2000’s
― CAST-128 [28]
― XTEA [27]			― SNOW 2 [29]
― RC2 [30]			― Crypto-1 [31]
― RC6 [32]
― CAST-256 [28]		LFSR+NFSR	PF
― MARS [33]
― Twofish [34]		2000’s	1900’s
2000’s		― HC-256 [35] ― Grain [36] ― MICKEY [37]	― ISAAC [17]
― Camellia, 2000 [38]			― SEAL [39]
― Threefish [40]			2000’s
― GOST [41]			― Phelix [42]

summarises the symmetric key cryptography categorized into block cipher and stream ciphers.

Equally important, asymmetric key cryptography, based on a pair of keys, is categorized into two approaches: public key cryptography and digital signature.

Public key cryptography: A public key cryptography system uses a pair of public and private keys. The KSA generates both the keys—a public key for the encryption and a private key for the decryption. Encryption is performed by the receiver’s public key, generating the ciphertext, and the ciphertext can only be decrypted with the sender’s private key. Factorization and Diffie–Hellman’s (DH) key exchange are the two main techniques of public key cryptography.

Factorization: In factorization, a composite number, part of mathematical computation, is transformed into a product of smaller integers, whereas when the integers are primes, the process is known as prime factorization.

Diffie–Hellman (DH) key exchange: DH is a cryptographic set of rules for exchanging the private key over an unsecured channel. The KSA of both the sender and receiver generates the public and private key pair. Both the parties share their public key. Once they get the public key, they calculate their secret or private key and use it for sending data securely.

Post-quantum public key cryptography: The cryptoanalysis of classical ciphers led researchers to develop quantum and classical computer-resistant cryptosystems. Moreover, these systems can communicate with an existing communication protocol, allowing their practical implementation for applications. The National Institute of Standards and Technology (NIST) [43] announced the four post-quantum public key encryption and key-establishment algorithms in round 3 compared to seventeen algorithms in round 2. NIST has started the process of standardizing these algorithms.

Digital signature: The digital signature is an electronic signature in which the sender signs or encrypts the document with a private key. The receiver will decrypt or verify that document with the sender’s public key. It can be incorporated into cryptography by using the digital signature standard or elliptic curve cryptography.

Digital signature standard (DSS): DSS is a standard established by NIST to generate digital signatures.

Elliptic curve cryptography (ECC): A cryptographic algorithm based on elliptic curves generates smaller key sizes while providing the same level of security as those without them.

Post-quantum digital signature: NIST announced the three post-quantum digital signature algorithms in round 3 compared to nine algorithms in round 2. These are another part of post-quantum cryptography. Furthermore, NIST has started the process of standardizing these algorithms.

Table 2. List of asymmetric key cryptography systems.

Asymmetric-Key Cryptography (A Public and a Private Key Generated by KSA for Encryption/Signing Decryption/Verification)
Public-Key cryptography		Digital Signature
Factorization	DH-Key Exchange	DSS	ECC
			2000’s
― RSA, [44] 1978	― ElGamal, [45] 1985	― DSA, [46] 1994	― ECIES, [47]
			― ECDSA, [47]
			― EdDSA, [48]
Post-Quantum Public-Key cryptography [43]		Post-Quantum Digital Signature [43]
― BIKE	― Classic McEliece ― FrodoKEM ― LAC ― NewHope ― NTRU Prime ― ROLLO ― Three Bears ― SABER	― CRYSTALS-DILITHIUM
― CRYSTALS-KYBER		― GeMSS
― HQC		― MQDSS
― LEDAcrypt		― qTESLA
― NTRU		― SPHINCS+
― NTS-KEM		― FALCON
― SIKE		― LUOV
― RQC		― Picnic
― Round5		― Rainbow

shows the asymmetric key approaches used by public key cryptography and digital signatures.

The security of symmetric key or asymmetric key depends on the vulnerability of their key to the cryptographic attacks. Cryptoanalysis analyzes cryptosystems to look for weak points or opportunities for information leaks to access or find the key. Cryptoanalysis is another part of cryptology that differentiates different cryptographic attacks. We have categorised the cryptographic attacks into six categories: differential cryptoanalysis, linear cryptoanalysis, meet-in-the-middle, side-channel attacks, related key attacks and other attacks.

Differential cryptoanalysis (DC): DC refers to a chosen-plaintext attack, where the attacker can choose a plaintext and find the corresponding ciphertext in order for them to obtain the key. By computing the differences between the ciphertexts, the attacker can detect statistical patterns in their distribution. These differences constitute a differential attack.

Linear cryptoanalysis (LC): LC finds affine approximations to the cipher’s action based on linear equations. Depending on linear equations, it comes close to a plaintext–ciphertext pair and attempts to find the key.

Meet-in-the-middle (Mt-in-M): An Mt-in-M attack is a known-plaintext attack that breaks the long chain of encryption blocks into half to analyze the blocks independently and find the key more accurately. This accuracy cost depends on breaking the encryption chain into smaller parts requiring more storage. However, it is still more efficient than a brute force attack regarding time and computational complexity.

Side-channel attacks (SCA): In side-channel attacks, information leaks from a physical cryptosystem. In addition to timing, power consumption and electromagnetic emissions can also be exploited.

Related key Attacks (RKA): An attack model called related key is a subset of cryptoanalytic attacks in which the attacker is able to select or identify the relationship between multiple keys. These keys are then used for both encryption and decryption operations.

Other attacks: Other attacks, apart from DC, LC, M-in-M, SCA, and RKA, are included in this category.

Table 3. Cryptanalysis of cryptography ciphers.

		Cryptoanalysis
Ciphers	KSA Key Size (Bits)	DC	LC	Mt-in-M	SCA	RKA	Others
DES	56	√	√	√			Brute-Force
3 DES	112 or 168						Sweet32
IDEA	128			Bicliques Attack
Blowfish	32–448						Birthday Attack
Tea	128	√				√
GOST	256	√		Reflection		√
CAST 128	40 to 128	√
XTEA	128	√		√		√
RC2	1–128 Bytes					√
RC6	128, 192, 256						Statistics Attack
CAST 256	128, 160, 192, 224, 256	√
Mars	128, 192, 256			√
Twofish	128, 192, 256	Truncated, Impossible			Power Analysis	√
Camellia	128, 192, 256				Cache Timing		Square Attack
Threefish	256, 512, 1024	Boomerang Attack
Safer-K	64,128	Boomerang Attack, Impossible				√
3-Way	96					√
Serpent	128, 192, 256	Differential-Linear			Power Analysis
AES	128, 192, 256			Bicliques Attack		√	Brute-Force
RSA	2048 to 4096						Shor’s Algorithm

shows the survey of cryptographic attacks on different ciphers with the key size of KSA.

The survey shows that different attacks on a cryptosystem are possible, even on an advanced encryption system (AES), a highly secure block cipher. These attacks illustrate a requirement to modify various cryptosystems to make them more secure against cryptographic attacks. Figure 4 represents the graphic view of the cipher’s cryptoanalysis by the specific cryptographic attacks.

In the next category, we have discussed different RNGs and have focused on cryptosystems based on RNGs.

2.2. Category II: RNG-Based Cryptosystems

The cryptosystems are affected by the objectives and operations to perform their functions. The RNGs can play a significant role in providing cryptography’s fundamental function, randomness, and enhancement of the security of the cryptosystem. The randomness can be achieved by different random method generators.

• Pseudo-random number generator (PRNG)
• True random number generator (TRNG)
• Circuit design-based random number generator (CDRNG)
• Quantum random number generator (QRNG)

Pseudo-random number generator (PRNG): PRNGs are computer-based algorithms that use mathematical computation to generate random numbers. A PRNG sequence of the random number is periodic, which means the sequence repeats itself periodically, and deterministic, in that the sequence reproduction is possible if the initial value is known. Mathematical computations like linear congruential generators, LFSRs, and chaos provide pseudo-randomness.

A PRNG is a cryptographic secure PRNG, or CSPRNG if it passes the next-bit test (if the attacker knows the first k bits, the attacker cannot predict the k + 1 bits) and withstands the state compromise extensions (if any stream of bits is guessed correctly, the last bits cannot be predicted).

Programming languages have techniques for generating CSPRNG. The secrets [49] module from Python and SecureRandom [4] class from Java support CSPRNG.

True random number generator (TRNG): Random numbers generated by TRNGs are unbiased, independent, and unpredictable as produced by different physical phenomena such as infinite noise, voltage fluctuation, clock jitter, atmospheric radio noise, continuous and discrete time chaotic system.

There are various USB interface-based TRNGs that help to quickly connect with a laptop to work with any application. Alea II [50] by Araneus Information Systems, TrueRNG v3 [51] by ubldit, and infinite noise TRNG [52] by Crowd Supply are some of the USB-based TRNGs. On the other hand, RANDOM.ORG is a service-oriented online platform that provides TRNGs for various applications such as games, lotteries, and web pages.

Circuit design-based random number generator (CDRNG): Circuit design, including various electronic components, such as gates, integrated circuits, etc., is also helpful in generating RNGs. Pietro Nannipieri et al. [53] proposed TRNGs using the Fibonacci–Galois ring oscillator for cryptographically secure applications on a field programmable gate array (FPGA), resulting in the best entropy. Luca Crocetti et al. [54] proposed an all-digital RNG with high portability and entropy. As a result, it is ready to integrate with the European Processor Initiative (EPI) [55] chip.

Quantum random number generator (QRNG): The third classification of RNG is quantum-based and derived from quantum mechanics. Different QRNGs generate established and robust outcomes by applying different entropy sources, the source of randomness, based on quantum physics.

USB-based QRNGs are well tested and certified for generating high-quality and unique random numbers such as Quantis [56] by IDQ. They also invented a chip-based QRNG that can fit into small devices like smartphones. Another project named QRANGE [57] under the quantum flagship focused on CMOS technology generating quantum random numbers. ANU QRNG [58] is an online platform where anybody can generate quantum random numbers with just one click and use them.

Figure 5 illustrates the categories of RNGs and their implementation methodology or practical approach for integrating them into a cryptosystem.

These RNGs can be used in the RNG-based cryptosystem to enhance the security in the KSA or encryption.

Table 4. Survey of RNG-based cryptosystems.

Cipher Design	RNG	Type of Cryptosystem	Result	Parameters Improved	Ref.
Blostream	PRNG	Symmetric	Immune to Brute-Force, Statistical, Deferential, Distinguishing and Correlations Attacks	➢ Speed, ➢ Memory Requirements	[59]
Hybrid Cryptosystem	PRNG + TRNG	Symmetric	Strong Key	➢ Non-deterministic ➢ Unpredictable ➢ Reproducible ➢ Periodic	[60]
Text Encryption Stream	PRNG	Symmetric	Immune To All Known-Plaintext Cryptanalysis Attacks	➢ Large Plaintext ➢ Key Sensitivity	[61]
Present	PRNG + TRNG	Symmetric	Better Performance with High Security	➢ Slices ➢ LookUp Table ➢ Frequency ➢ Power	A [62]
Text Encryption Algorithms	PRNG	Symmetric	Strength against Linear, Differential and Statistical Attacks	➢ Plaintext sensitivity ➢ Key sensitivity ➢ Robustness against known plaintext attack	[63]
Diffie-Hellman Key Exchange—Using QRNG	QRNG	Asymmetric	Non-Vulnerable Cryptographic System	➢ Key Entropy ➢ Plaintext Entropy ➢ Ciphertext Entropy	B [64]
CCAES—Chaos-based	PRNG	Symmetric	More Secure and Effective Resistant to Differential Attacks	➢ Histogram ➢ Correlation ➢ NPCR and UACI ➢ Information Entropy	[65]
Image Encryption Algorithm—Chaos-based	PRNG	Symmetric	Security Enhancement	➢ Entropy ➢ Cross Correlation ➢ Mean Square Error ➢ PSNR	[66]
Authenticated Encryption with Associated Data (AEAD)—Chaos-based	PRNG	Symmetric	Highly Secure for Ciphertext and Authentication Tag Resistant to Differential, Linear, Algebraic, and Timing Attacks.	➢ Privacy and Integrity ➢ Measured by Statistical Test suite NIST, DIEHARD and ENT.	C [67]
Hybrid RSA	PRNG	Asymmetric	Strong Encryption	➢ Histogram ➢ Correlation ➢ NPCR and UACI ➢ Key Sensitivity ➢ Key Space ➢ Information Entropy	[68]

NPCR—Number of Changing Pixel Rate, UACI—Unified Averaged Changed Intensity, PSNR—Peak Signal to Noise Ratio. Note: Publication project supported by: A—The Xiamen University Malaysia Research Fund (XMUMRF); B—Prometeo Project of the Ministry of Education Superior, Science, Technology and Innovation of the Republic of Ecuador; C—Fundamental Research Grant Scheme funded by the Ministry of Higher Education of Malaysia (MOHE).

shows the survey of RNG-based cryptosystems, improving different parameters due to the random numbers generated by incorporating RNGs. Moreover, the survey indicates that RNGs can be used with any cryptosystem and make it more secure than the system without RNGs.

In the next category, we have focused on QRNG and its research design, which is the basis of incorporating quantum randomness into a cryptosystem.

2.3. Category III: Research Objectives of Quantum RNGs for Cryptosystems

QRNGs as an external device are best suited when the sender and receiver, e.g., Alice and Bob, are the same. Alice wants to store data like personal files (driving license, passport, other identity proofs) and highly secure work files like military data on the cloud. Consequently, the data should be encrypted before sending it to the network and stored in the cloud. Here, KSA comprises the QRNG bits to make the encrypted key stronger and more complex.

We have discussed classifications of RNGs in category II, and the survey shows the improvement in various cryptosystem ciphers even using pseudo-randomness, which is not truly random.

It is impossible to consider true randomness in PRNG-generated [5] sequences as they are implemented by software, based on mathematical algorithms and determined by an initial (seed) value. In contrast, the TRNG and QRNG, based on unpredictable physical means, generate the true randomness in the sequence of random numbers. Furthermore, there are two significant differences between TRNGs and PRNGs. TRNGs [69] are non-deterministic and use a physical mechanism, whereas PRNGs are deterministic and utilize mathematical algorithms. Although TRNGs are unpredictable, they are still vulnerable to attack because if a failure occurs in the TRNG hardware system, it is hard to detect it.

Dr. Mads Haahr [70] introduced the service of providing different TRNGs online. Some are freely available like number-based TRNGs, lists, strings, and map-based TRNGs; some are paid and used for random drawings. Web tools and widget- based TRNGs are also freely available for the website to be integrated into the webpage and provide the TRNG-based random number. As atmospheric noise creates these random numbers, they are better than pseudo-random numbers.

In some cases of TRNGs, the entropy generated by an entropy source may be confused with thermal noise or shot noise [71]. However, a highly secure and unique random number is based on the quantum principle and generated by a QRNG [4]. A QRNG-based cryptosystem incorporates quantum randomness to generate a more robust key of the KSA or enhance encryption security.

Furthermore, Shor’s algorithm [72] concluded that quantum computers could easily break public key cryptography. It proposed to solve the prime factorization of RSA and results with high probability. The quantum random numbers generated by QRNGs are also quantum-based and might secure the new cryptosystem without a prime number. Also, incorporating quantum randomness challenges this type of quantum algorithm for cryptoanalysis of the cipher.

In this category, we discuss the QRNG, which generates unbiased, high-speed, and unpredictable random numbers by various methods such as laser pulses, phase diffusion, photon-based methods, and other quantum mechanics techniques. Figure 6 shows the difference between RNGs in terms of their generation methods, properties, disadvantages, and advantages.

We have reviewed 20 QRNGs and divided them into three important research objectives: High speed (HS), bias improvement (BI) and high efficiency (HE).

High speed (HS): The speed of the RNG device is indicated by the rate at which random bits are generated per second by the device. Speed is critical in determining the optimal trade-off for the RNG device. Different research methodologies attempt to identify the shortest time it takes for the device to generate the most random bits.

Bias improvement (BI): Random bits should be bias-free. Bias occurs when a significantly more zeros than ones, or vice versa, are generated. If the difference between zeros and ones is small enough, it should not introduce bias into the quantum random bits. Numerous research proposals have been designed to improve the bias in order to achieve balanced quantum random bits.

High efficiency (HE): The performance of a QRNG can be improved by researching different technologies on which the generator can be built. The efficiency of a device is defined in terms of extracting random bits or maximising the percentage of bits with specific physical photon-based conditions.

Table 5. Literature review of QRNGs.

QRNG Proposal Techniques	Ref.	HS	BI	HE	Other Properties
Weak laser pulses	[73]	√	√
Random quantum states in mathematica	[74]	√
Tapered amplifiers	[75]		√		Self-Detecting
One single-photon detector	[76]		√
Photon arival time selectively	[77]		√
Three-types QRNG	[78]	√			Self-testing
Ultra-fast QRNG—pulsed laser diode	[79]	√
Heterodyne-based	[80]	√			Security
16 × 16 pixel QRNG based on SPADs	[81]	√		√
Laser phase fluctuations	[82]	√
One and two entropy sources	[83]			√
Phase diffusion process-based	[84]	√
SPAD-based QRNG using FPGA	[85]			√
SPAD-based QRNG pixel-based	[86]			√
Multi-bit	[87]			√
Uncharacterized laser andsunlight	[88]	√
Coupled quantum dots	[89]		√
Phase diffusion in lasers	[90]		√		Interference Quality, Input/Output Monitoring
Quantis—USB	[8]	√	√		Autocalibration Status Monitoring
Qrange	[57]	√			Security

Note: HS, high speed; BI, bias improvement; HE, high efficiency.

shows the survey of different quantum random number generation techniques and their research objectives.

The next section addresses some open research challenges specific to QRNG-based cryptosystems.

3. Open Research Problems

In Section II, we reviewed the literature, and our analysis identified some open research problems to address and enhance the security of cryptosystems. RNGs play a significant role in securing systems that use random numbers. QRNs [9,32] are based on true randomness and can be used to strengthen the security of existing cryptography systems.

Future research will be needed to address the following challenges:

(a)

The analysis of incorporating the quantum randomness in stream cipher operations compared to pseudo-based ciphers.

Boolean arithmetic-based cryptography mainly uses cryptographic-secure pseudo-random number generators (CSPRNG). A pseudo-Hadamard transform based on the modular operation of boolean arithmetic provides diffusion in cryptographic cipher. The diffusion depends on the change of an input bit. RNGs can generate the input bit to affect the cryptanalysis of the cipher.

Guillermo Sosa-Gómez et al. [91] showed the cryptanalysis of PRNGs for cryptographic ciphers. Also, a correlation analysis of the entropy of PRNGs and Hadamard values indicate a strong correlation. On the other hand, QRNG based on the photon can mitigate this cryptoanalysis.

For most CSPRNGs, the entropy is derived from the operating system, along with a PRNG generator [92]. The underlying PRNG often “reseeds”, which means that when an entropy is supplied by the operating system (e.g., from user input, system interruptions, disk I/O, or hardware random generators), it changes its internal state. However, quantum randomness is derived from quantum particles without the intervention of reseeding.

(b)

Design a KSA by using different entropy sources for quantum random bits in order to randomize the keyspace for differential attacks.

The differential attacks try to find the key with the chosen plaintext and corresponding ciphertext. The subkeys of KSA are vulnerable if the keyspace between them is not random or large. Incorporating QRNGs can generate random subkeys, increasing or enhancing the randomness of their keyspace. The stronger the keyspace, the more challenging it is to detect even a single subkey. As a result, a QRNG-based KSA may produce a strong cipher that is not vulnerable to differential attack.

(c)

An in-depth study is needed to analyse the effects of key-related attacks on QRN-based ciphers.

In key-related attacks, the attacker knows (or chooses) a relation between several keys (up to 256 in some recent attacks) and is given access to encryption functions with such related keys. Keys and plaintexts can be selected with specific differences when using differential related-key attacks.

The QRNG will support the true randomness in the cryptography key against key-related attacks. The effect of the true randomness on the cryptanalysis of the cipher is to be analysed to secure the key and to make it truly random.

(d)

Designing a new high-speed encryption cipher based on different research designs (high-speed and bias-free) by using QRNs to enhance the security of the cryptosystem.

The encryption speed of the block cipher is one of the major primary concerns when designing a new cipher. However, the security of the cipher must not be compromised on the basis of time, but the time complexity of an algorithm can make it more competitive against alternatives. The QRNG will add true randomness into the key by generating the quantum random bits from an external photon device. These random bits are highly important to secure the cipher, but might come with a time cost. New cryptographic primitives are sought after that reduce this time and introduce quantum randomness, leading to a highly secure cryptosystem.

(e)

Research analysis on storing and exchanging the QRNG-based keys generated for asymmetric cryptosystem over the cloud.

The QRNGs are based on devices that can generate photons. These devices can be with sender or receiver, and are hence important when both have the same key, i.e., symmetric cryptosystem. They help generate two keys, a pair of public and private keys, but transfer them with the knowledge of quantum random bits and store them on the cloud as staging post needs further research.

4. Conclusions

We have surveyed cryptosystems, different cryptanalysis techniques, and RNGs. The analysis shows that cryptoanalysis is possible for various ciphers and, therefore, requires modification in the cryptosystem to secure them. RNGs provide random numbers in the cryptosystem and enhance the cipher’s security by making the encryption robust or resistant to various cryptographic attacks. In addition, QRNGs provide true randomness, compared to PRNGs and atmospheric noise-based TRNGs, because they are based on quantum principles by different theories of quantum physics. Finally, the identification of open research problems guides researchers in the cryptography security field to improve the security based on the quantum randomness in a cryptosystem.