Quantum RNG

John Denker jsd at av8n.com
Thu Jul 6 16:19:37 EDT 2006 

James A. Donald wrote:
>   
> And if you want to obtain noise from quantum
> indeterminacy, shot noise is much more convenient.
> Instead of photons going through a half silvered mirror,
> and randomly being reflected or not, you rely on
> electrons randomly winding up at the base or the
> collector of a transistor.

That's true as stated, and correctly reinforces the point that
lots of things are more convenient than the quantum mechanics
of photons.

However, it should not be taken so far as to become an endorsement
(in absolute terms) of shot noise as a convenient basis for a
practical HRNG.  A key element in the construction of a decent
HRNG (by my standards, at least) is to have a provable lower bound
on the amount of randomness in the raw data.  We agree that there
are many situations that have plenty of shot noise, but it is
relatively hard to get a provable lower bound on how much shot
noise there MUST be in any given situation.
 *) This applies to individual transistors and other devices;
  minimum shot noise is not one of the guaranteed specifications
  you see on the spec sheet.
 *) This applies even more strongly to larger systems with lots
  of components, such as a sound card treated as a black box.

In contrast, I can obtain a reliable lower bound for the thermal
noise in a sound card, based on black-box properties such as
impedance, bandwidth, and ambient temperature.

For details, see
  http://www.av8n.com/turbid/paper/turbid.htm

In summary, as things stand today, over a wide range of conditions
and requirements, the recently-mentioned sources can be ranked in
terms of practicality, as follows:
  photons << electronic shot noise << thermal noise

If somebody has a way of overcoming the limitations so as to change
the ranking, please tell us about it.

As I said in my previous note:  It's true that quantum processes are
in some very narrow theoretical sense "more fundamental" than other
processes, but this is nowhere near sufficient and nowhere near
necessary for building a decent HRNG.

As I should have said:  When vendors like idquantique emphasize the
quantum nature of their raw data source, it rubs me the wrong way.
  http://www.idquantique.com/products/quantis.htm
It indicates that either:
 -- they are clueless as to what's important and what's not, or
 -- they are operating on the assumption that their customers are
  clueless.

Either way, it doesn't make me want to be one of their customers.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list