ATIS today announced the release of Entropy Quality and the Security of AES-128 in Classical and Quantum Contexts, a new resource that explains why high-quality randomness, known as entropy, is a foundational element of security across modern information and communications technology (ICT) systems.
Entropy underpins encryption by ensuring cryptographic keys and protections cannot be predicted or reused. While weaknesses in entropy affect classical cryptography today, emerging quantum computing capabilities will significantly amplify their impact. This new ATIS paper is a groundbreaking analysis examining how entropy failures arise, how they weaken cryptographic protections, and what steps organizations can take to reduce risk and strengthen resilience.
It specifically takes a closer look at how weak or unreliable entropy can undermine the security of AES-128 with particular emphasis on real world environments where entropy quality is difficult to guarantee, such as constrained IoT devices and virtualized, cloud-native 5G infrastructure.
“This paper helps ICT organizations recognize entropy as a critical security foundation,” said Ian Deakin, ATIS Principal Technologist and author of the white paper. “By aligning entropy management with risk assessment and mitigation strategies, organizations can better preserve the intended security properties of AES-128 in both classical and quantum-aware threat models.”
The white paper was developed as part of ATIS’ Quantum-Safe Communications and Information Initiative and adds to a growing portfolio of resources designed to provide a roadmap for assessing quantum threats, securing 5G networks, and enabling cryptographic agility. As quantum computing advances, the digital security of today’s telecommunications infrastructure faces unprecedented risk.
As the paper is highly technical in nature, ATIS has also developed a concise executive briefing to help technical teams engage senior management on the topic without requiring deep cryptographic expertise. The briefing:
- Distills key risks, business implications, and required executive actions related to entropy and cryptographic resilience, positioning entropy as a leadership-level risk-management issue
- Outlines why entropy must be treated as a foundational security dependency alongside post-quantum cryptography migration
- Identifies the actions executive leadership should take to manage risk, allocate resources, and guide long-term cryptographic strategy
Access Entropy Quality and the Security of AES-128 in Classical and Quantum Contexts and the high-level executive briefing.
