A team of researchers from JP Morgan Chase, Quantinuum, and others has shown that quantum computers can produce “certifiably random” numbers, potentially improving how we secure everything from banking to voting systems.
研究團隊來自摩根大通、Quantinuum 及其他機構,已展示量子電腦可以產生“可證明隨機”的數字,這可能改善我們在銀行到投票系統等各方面的安全性。
It turns out that the random numbers some computer programs use aren’t so random.
事實上,一些計算機程序所使用的隨機數字並不那麼隨機。
In cryptography—the tech underlying two-factor authentication and passkeys for instance—random numbers are generated to secure systems from hackers.
在密碼學中——例如用於雙因素認證和密碼鑰匙的技術——隨機數字的生成是為了保護系統免受黑客攻擊。
But traditional computers typically use algorithms that only mimic randomness, and are actually based on an algorithmic formula, making them potentially hackable if someone figures out the pattern.
但傳統計算機通常使用的算法僅僅模擬隨機性,實際上是基於算法公式的,因此如果有人弄明白了模式,這些隨機數就可能被破解。
“Imagine we have a list that starts with ‘Ace of Diamonds’ and ends 53 items later with a Joker.
“想像一下我們有一個列表,它以‘方塊 A’開始,並在 53 項之後以一個小丑結束。為了在計算機上洗牌,我可能會使用 Knuth 洗牌算法,這是一個知名的算法。
The problem is that if we run the algorithm on our ordered ‘deck’ with the same ‘seed’ again, we get the same ‘shuffled’ output,”
問題在於,如果我們用相同的‘種子’再次運行該算法在我們的有序‘牌堆’上,就會得到相同的‘洗牌’輸出,”數據安全公司 Protegrity 的高級產品安全架構師 Clyde Williamson 告訴 Decrypt。
The breakthrough, published in Nature, demonstrated that the team was able to achieve certified randomness, meaning that the numbers were demonstrably random and unhackable.
這項突破發表在《自然》期刊上,證明該團隊能夠實現可證明的隨機性,這意味著這些數字是顯然隨機且無法被破解的。
Using Quantinuum’s 56-qubit trapped-ion computer, the research team generated over 70,000 certified random bits in a process that took mere seconds per bit to create, but would require four of the world’s top supercomputers working nonstop to fake—as in, generating a similar sequence with a mathematical formula that would make the process seem deterministic.
利用 Quantinuum 的 56 個量子位陷阱離子計算機,研究團隊在每個位元僅需幾秒鐘的過程中生成了超過 70,000 個可證明的隨機位元,但要假造這一過程則需要全球四台頂尖超級計算機不斷運行——即生成一個類似序列的數學公式,使過程看似確定性。
The numbers were later verified by a group of supercomputers capable of proving there was not a mathematical algorithm involved in their generation.
這些數字後來由一組能夠證明它們的生成過程中沒有數學算法介入的超級計算機進行驗證。
The achievement marks a meaningful step beyond previous quantum computing claims that often involved contrived tasks with little real-world value.
這一成就標誌著在以前量子計算聲明的基礎上邁出了重要一步,那些聲明往往涉及與現實世界價值不大的牽強任務。
This time, the application tackled a fundamental challenge in cybersecurity: creating random numbers that are provably unbiased and unpredictable.
這一次,該應用解決了網絡安全中的一個基本挑戰:創造可證明無偏見和不可預測的隨機數字。
“Traditional random number generation faces two major challenges: the potential for manipulation or predictability in entropy sources, and weaknesses in the algorithms used by pseudo-random number generators to expand that entropy,”
“傳統隨機數生成面臨兩大挑戰:熵源中存在的操縱或可預測性的潛力,以及偽隨機數生成器用於擴展熵的算法中的弱點,”加密消息應用程式 Session 的共同創始人、證明權益隱私幣 Oxen 白皮書的共同作者 Kee Jefferys 告訴 Decrypt。
“Quantum randomness introduces a fundamentally different entropy source, rooted in the intrinsic unpredictability of quantum mechanical processes.”
“量子隨機性引入了一種根本不同的熵源,根植於量子力學過程的內在不可預測性。”
The ability to generate true randomness depends on the peculiar world of quantum mechanics.
生成真隨機數的能力依賴於量子力學的特殊世界。
Quantum computers use qubits rather than binary bits, allowing them to exist in multiple states simultaneously thanks to a phenomenon called superposition—a state that was viralized by Schrodinger’s famous explanation positing a cat that is alive and dead at the same time inside a box.
量子計算機使用量子位而非二進制位,這使它們能夠同時存在於多種狀態中,這得益於一種稱為超位置的現象——這種狀態由薛丁格著名的解釋所推廣,即一隻貓在箱子裡同時活著和死著。
When measured, these qubits produce genuinely random results—not because we lack information, but because nature itself hasn’t determined the outcome until observation occurs.
當被測量時,這些量子位會產生真正的隨機結果——不是因為我們缺乏信息,而是因為自然本身在觀察發生之前尚未確定結果。
In other words, the cat lives or dies only when somebody opens the box.
換句話說,貓只有在某人打開箱子的時候才會生死分明。
(Tl;dr: Quantum computers are better at generating truly random numbers because quantum mechanics is fundamentally indeterministic—whereas classical computers are deterministic machines pretending to be random.)
(簡而言之:量子電腦在生成真正的隨機數字方面更具優勢,因為量子力學本質上是非確定性的——而傳統計算機則是偽裝成隨機的確定性機器。)
The protocol works through a clever back-and-forth between quantum and classical computing.
該協議通過量子計算和傳統計算之間的巧妙往返運作。
First, the quantum computer performs so-called random circuit sampling, a method used in quantum computing to benchmark and demonstrate quantum advantage—that is, performing a task faster on a quantum computer than any known classical computer can.
首先,量子計算機執行所謂的隨機電路取樣,這是一種在量子計算中用於基準測試和展示量子優勢的方法——即在量子計算機上執行任務的速度快於任何已知的傳統計算機。
It generated outputs in about two seconds each.
它每次生成的輸出大約需要兩秒鐘。
Then, classical supercomputers at Argonne and Oak Ridge National Laboratories spent 18 hours verifying these outputs using a technique called cross-entropy benchmarking, which confirmed they couldn’t have been produced by classical means.
然後,阿貢國家實驗室和橡樹嶺國家實驗室的傳統超級計算機花了 18 小時使用一種稱為交叉熵基準測試的技術來驗證這些輸出,這確認它們無法通過傳統方式產生。
This verification process ensures that the random numbers weren’t manipulated by anyone—not even by the quantum computer’s manufacturers.
這一驗證過程確保隨機數字未被任何人操縱——甚至連量子計算機的製造商也沒有。
This has not been achieved before, and marks the first time a general-purpose quantum computer has been used to generate publicly verifiable, certified quantum randomness at scale.
這在之前是從未實現過的,標誌著第一次有通用量子計算機被用於生成可公開驗證的、經認證的量子隨機數字。
The stakes for getting randomness right are high.
正確獲得隨機數的風險很高。
Duncan Jones, head of cybersecurity at Quantinuum—one of the research labs involved in the study alongside JP Morgan—pointed to several dramatic examples of what happens when randomness fails.
Quantinuum 的網絡安全負責人 Duncan Jones——該研究的一個參與實驗室,還有摩根大通——舉了幾個隨機數失效時發生的戲劇性例子。
“In 2010, Sony’s PlayStation breach occurred because the developers failed to use strong random number generation, allowing attackers to expose the private cryptographic key,”
“在 2010 年,索尼的 PlayStation 遭到入侵,因為開發人員未使用強隨機數生成,讓攻擊者暴露了私有加密鑰匙,”
Jones told Decrypt.
Jones 告訴 Decrypt。
“More recently, the Polynonce attack (2014-2023) exploited weak Bitcoin wallet randomness, leading to the theft of 140 Bitcoin (~$10M).”
“最近,Polynonce 攻擊(2014-2023)利用了比特幣錢包中的弱隨機性,導致 140 比特幣(約 1000 萬美元)的盜竊。”
Felix Xu, CEO of ARPA Network, highlighted another costly incident: “A notorious example is the 2013 Android SecureRandom vulnerability, where weak entropy in Bitcoin wallet applications allowed attackers to steal private keys, draining millions of dollars in Bitcoin.”
ARPA Network 的 CEO Felix Xu 突出提及另一個代價高昂的事件:“一個臭名昭著的例子是 2013 年的 Android SecureRandom 漏洞,其中比特幣錢包應用中的弱熵使攻擊者能夠盜取私有鑰匙,造成數百萬美元的比特幣損失。”
“Similarly, in 2019, a flawed implementation of deterministic random bit generation in YubiKey’s FIPS-certified hardware tokens exposed cryptographic keys to potential compromise,”
“同樣,在 2019 年,YubiKey 的 FIPS 認證硬體令牌中存在的確定性隨機位生成的缺陷實現,使加密鑰匙暴露於潛在的風險之中,”
Xu pointed out.
Xu 指出。
The implications stretch across digital security and could open the doors for practical users of quantum computers.
這一影響延伸至數字安全,並可能為量子計算機的實際用戶打開大門。
Better random numbers mean stronger encryption keys for everything from online banking to government applications, messaging apps, and social media.
更好的隨機數意味著更強大的加密鑰匙,適用於從網上銀行到政府應用、消息應用程序和社交媒體的所有方面。
They could also make digital signature systems more secure, safer crypto wallets, and prevent data tampering for example.
例如,它們還可以使數字簽名系統更加安全,提供更安全的加密錢包,並防止數據篡改。
One particular use case for certified randomness is a trustless random beacon: a public service that regularly emits truly random numbers that no one can predict, manipulate, or fake—like an universal 2FA code generator—and does so in a way that anyone can verify.
一個特定的可證明隨機性的使用案例是無需信任的隨機信標:這是一項公共服務,定期發布真正的隨機數,任何人都無法預測、操縱或偽造——就像一個通用的雙因素身份驗證碼生成器——並且這一過程是任何人都可以驗證的。
“For blockchains, quantum-certified randomness can power truly fair and tamper-proof consensus algorithms, significantly strengthening platforms like Ethereum and Solana against manipulation,”
“對於區塊鏈,量子認證的隨機性可以驅動真正公平且防篡改的共識算法,顯著加強以太坊和索拉納等平台抵抗操縱的能力,”
Xu told Decrypt.
Xu 告訴 Decrypt。
“Anywhere that smart contracts or consensus mechanisms rely on random numbers could be improved if they ‘call’ a quantum random number,”
“任何依賴隨機數的智能合約或共識機制,若能‘調用’量子隨機數,將會得到改善,”
Konstantinos Karagiannis, director of quantum computing services at Protiviti, told Decrypt.
Protiviti 的量子計算服務主管 Konstantinos Karagiannis 告訴 Decrypt。
Public lotteries, gambling sites, banking operations, marketing firms that do A/B testing, and bioresearch companies are among the businesses that could greatly benefit from using truly random number generation.
公共彩票、賭博網站、銀行業務、進行 A/B 測試的市場行銷公司以及生物研究公司都是可以從真正的隨機數生成中受益匪淺的企業。
Despite its promise, the technique is still not suitable for everyday use.
儘管該技術前景可期,但目前仍不適合日常使用。
The verification stage currently requires supercomputing power that most organizations lack, which means it is not worth the hassle to implement right now.
驗證階段目前需要超級計算的能力,而大多數組織並不具備這一能力,這意味著現在實施並不值得麻煩。
However, Quantinuum’s Jones suggests the technology is already moving toward accessibility, with other players working on more sustainable paths.
不過,Quantinuum 的 Jones 建議,這項技術已經朝著可及性邁進,其他參與者也在探索更可持續的路徑。
“While the JPMC research required supercomputers for certification, Quantum Origin takes a different approach,”
“雖然 JPMC 的研究需要超級計算機進行認證,但 Quantum Origin 採取了不同的方法,”
he said.
他說。
“It leverages Bell tests on a quantum computer to generate a quantum seed (strong-seed).
“它利用量子計算機上的 Bell 測試來生成量子種子(強種子)。一旦量子種子生成(這是一個一次性的過程),它就被嵌入到軟件中,並可以升級任何本地隨機源到‘量子’隨機性。”
Once the quantum seed is generated (a one-time process), it’s embedded into software and can upgrade any local random source to ‘quantum’ randomness.”
一旦量子種子生成(這是一個一次性的過程),它就被嵌入到軟件中,並可以升級任何本地隨機源到‘量子’隨機性。”
The path to mainstream adoption appears promising, marking the first time experts believe quantum computing may have an actual mass application in the short term.
通往主流採用的道路似乎充滿希望,這標誌著專家們首次認為量子計算在短期內可能會有實際的大規模應用。
“Chip-scale will likely continue to get cheaper (and hopefully more resistant to noise).
“晶片規模的成本可能會繼續降低(希望對噪音的抵抗力也會增強)。在這十年內將其添加到幾乎所有設備中可能都是可行的,”
Karagiannis told Decrypt.
Karagiannis 告訴 Decrypt。
It’s a vision also shared by Xu.
這也是 Xu 所持有的願景。
“As for applications on the cloud, numbers generated by real quantum computers may be readily available as part of workloads,”
“至於雲端應用,實際量子計算機生成的數字可能會作為工作負載的一部分而輕鬆獲得,”
Karagiannis added.
Karagiannis 補充道。
“You may one day add quantum processing units (QPUs) for several functions, including random numbers.”
“你未來可能會為幾個功能添加量子處理單元(QPU),包括隨機數。”
If he’s right, and this technique proves successful, we may eventually move toward an internet where spoofing attacks become mathematically impossible rather than just difficult, creating a fundamentally more secure digital world built on the weird quirks of quantum physics.
如果他是對的,並且這項技術證明成功,我們最終可能會朝著一個互聯網發展,在那裡,偽造攻擊變得數學上不可能,而不僅僅是困難,從而創造一個基於量子物理奇異特性的根本安全的數字世界。
Edited by Andrew Hayward
編輯:Andrew Hayward