Quantum RNG

Andrea Pasquinucci wrote:
> 
> http:
//www.idquantique.com/products/quantis.htm
> 
> "Quantis is a physical random number generator
exploiting an elementary 
> quantum optics process. Photons - light particles - are
sent one by one 
> onto a semi-transparent mirror and detected. The
exclusive events 
> (reflection - transmission) are associated to
"0" - "1" bit values."
> 
> Just curious of your opinion.


This is discussed at
  http://www.av8n.com/turbid/paper/turbid.htm#sec-hrng-
attack

Quantum processes are in some very narrow theoretical sense
more
"fundamentally" random than other sources of
randomness, such as
thermal noise ... but they are not better in any practical
sense.

The basic quantum process is less sensitive to temperature
than a purely
thermal process ... but temperature dependence is easily
accounted for
in any practical situation, and -- more importantly -- there
are all
sorts of other practical considerations (such as detector
dead-time
issues) that make real quantum detectors far from ideal.

The devil is in the details, and obtaining the raw data from
a quantum
process is nowhere near necessary and nowhere near
sufficient to make
a good randomness generator.

I have no idea whether the quantis generator got the
devilish details right
... but in any case, there are easier ways to make a
generator that is just
as good, or better.

For details, see
  http://ww
w.av8n.com/turbid/paper/turbid.htm


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

     --

  John Denker wrote:
 > Quantum processes are in some very narrow theoretical
 > sense more "fundamentally" random than
other sources
 > of randomness, such as thermal noise ... but they are
 > not better in any practical sense.
 >
 > The basic quantum process is less sensitive to
 > temperature than a purely thermal process ... but
 > temperature dependence is easily accounted for in any
 > practical situation, and -- more importantly -- there
 > are all sorts of other practical considerations (such
 > as detector dead-time issues) that make real quantum
 > detectors far from ideal.
 >
 > The devil is in the details, and obtaining the raw
 > data from a quantum process is nowhere near necessary
 > and nowhere near sufficient to make a good randomness
 > generator.

And if you want to obtain noise from quantum
indeterminacy, shot noise is much more convenient.
Instead of photons going through a half silvered mirror,
and randomly being reflected or not, you rely on
electrons randomly winding up at the base or the
collector of a transistor.

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      /KNHHNPZ6iBsO6gvfPyHJxLKSHaisGIVaOLrrfDv
      4uxfFO8C/uuRkbz3u2rG4U8fpFKfzj+zr6czKsf69

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

James A. Donald wrote:
>   
> And if you want to obtain noise from quantum
> indeterminacy, shot noise is much more convenient.
> Instead of photons going through a half silvered
mirror,
> and randomly being reflected or not, you rely on
> electrons randomly winding up at the base or the
> collector of a transistor.

That's true as stated, and correctly reinforces the point
that
lots of things are more convenient than the quantum
mechanics
of photons.

However, it should not be taken so far as to become an
endorsement
(in absolute terms) of shot noise as a convenient basis for
a
practical HRNG.  A key element in the construction of a
decent
HRNG (by my standards, at least) is to have a provable lower
bound
on the amount of randomness in the raw data.  We agree that
there
are many situations that have plenty of shot noise, but it
is
relatively hard to get a provable lower bound on how much
shot
noise there MUST be in any given situation.
 *) This applies to individual transistors and other
devices;
  minimum shot noise is not one of the guaranteed
specifications
  you see on the spec sheet.
 *) This applies even more strongly to larger systems with
lots
  of components, such as a sound card treated as a black
box.

In contrast, I can obtain a reliable lower bound for the
thermal
noise in a sound card, based on black-box properties such as
impedance, bandwidth, and ambient temperature.

For details, see
  http://ww
w.av8n.com/turbid/paper/turbid.htm

In summary, as things stand today, over a wide range of
conditions
and requirements, the recently-mentioned sources can be
ranked in
terms of practicality, as follows:
  photons << electronic shot noise << thermal
noise

If somebody has a way of overcoming the limitations so as to
change
the ranking, please tell us about it.

As I said in my previous note:  It's true that quantum
processes are
in some very narrow theoretical sense "more
fundamental" than other
processes, but this is nowhere near sufficient and nowhere
near
necessary for building a decent HRNG.

As I should have said:  When vendors like idquantique
emphasize the
quantum nature of their raw data source, it rubs me the
wrong way.
  http:
//www.idquantique.com/products/quantis.htm
It indicates that either:
 -- they are clueless as to what's important and what's
not, or
 -- they are operating on the assumption that their
customers are
  clueless.

Either way, it doesn't make me want to be one of their
customers.


------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com