Smart Utility Meter Security Takes a Quantum Leap

Quantum computing has found perhaps a surprising new use: utility meters. Quantinuum, a merger between Honeywell Quantum Solutions and Cambridge Quantum that specializes in quantum computing, is helping build quantum-hardened cryptographic keys to secure Honeywell’s smart utility meters. The service, called Quantum Origin, uses quantum computers to generate large random numbers that can protect private information or sensitive grid infrastructure.

Generating random numbers is the first step in creating cryptographically secure keys used for encryption and authentication. A well-functioning random-number generator ensures that there is no predictable pattern for attackers to guess future cryptographic keys. Traditionally, random numbers are generated either algorithmically—for example, by taking a snippet from the value of pi—or by using hardware devices that take samples of physical phenomena like electrical noise.

The level of randomness provided by hardware random-number generators is good enough for most purposes, said Peter Bierhorst, an assistant professor of mathematics at the University of New Orleans. But there is still the possibility that someone might be able to predict the patterns generated by those devices. If the random numbers are being generated from electrical noise samples, for example, attackers might obtain an audio recording of that noise and be able to derive the key.

“You and I would have a better chance of picking the exact same atom on planet Earth.”
—Tony Uttley, president and COO, Quantinuum

“It’s an absolutely deterministic process on some level,” said Bierhorst. “Any classical mechanical model of anything is always 100 percent determined by its initial conditions.”

Quantum mechanics, on the other hand, is fundamentally unpredictable. Quantum states collapse probabilistically when isolated quantum systems are measured, so quantum random-number generators can be truly random.

Tony Uttley, the president and chief operating officer at Quantinuum, said that on a randomness scale of zero to one, Quantinuum produces random numbers at 1 plus or minus 2^-128—in other words, almost perfectly random. “It’s a zero with 33 other zeros behind it,” said Uttley. “You and I would have a better chance of picking the exact same atom on planet Earth.”

Quantum random-number generators also have built-in proof that they are functioning properly. To generate random numbers, researchers ask the quantum computer to solve a problem that is easy to calculate on a quantum computer but would take much longer on a classical computer. Once the response is verified, the output is used to create the random number. The output given is by definition nonprobabilistic, because it is calculated using a quantum computer. On Quantinuum’s quantum computer, this process takes roughly 30 hours.

On the other hand, Bierhorst says, classical random-number generators have no real way to prove they are behaving as expected. That creates the potential for security vulnerabilities, such as the generator breaking down and introducing a predictable pattern, or even allowing attackers to insert their own number generation algorithm.

The “seed” output from Quantinuum’s quantum computer is a random sequence of ones and zeros, which gets combined with classically generated random numbers from Honeywell. Uttley said Honeywell has their own seed, but each seed could actually be used by multiple customers as long as the customer’s own classical random-number generator is kept private. The process of combining the quantum seed with the classically generated number provides an extra source of randomness.

The resulting random numbers create cryptographic keys that help secure communication between utility companies and smart utility meters. Those meters transmit private and sensitive information about energy use that is vulnerable to hackers who may exploit it to plan ransomware attacks or to damage critical infrastructure.

Uttley said smart grids, electrical grids, and water grids are part of the critical infrastructure that can become the target of attacks, especially because those systems stay in the field for many years or even decades. Other industries that can take advantage of the increased robustness provided by quantum random-number generators include the financial industry and health care.

Ultimately, Uttley saw this development as an exciting step that finally puts to use an advantage that quantum computers have over classical computers and brings that advantage to the commercial realm. “What is intrinsically quantum in a quantum computer is to be able to take advantage of the entanglement and the superposition of qubits to create what is ultimately perfect randomness,” he said.