Randomness, Quantum Mechanics - and Cryptography

Jerry Leichter leichter at lrw.com
Sun Sep 5 23:27:32 EDT 2010 

The recent discussion of random number generators reminded me of  
something that I've been meaning to write a note about.  A couple of  
years back, John Conway and Simon Kochen proved what they nicknamed  
the Free Will Theorem.  Its informal statement is:  Given three very  
simple axioms (which seem to be fundamentally part of any physical  
theory even remotely consistent with relativity and quantum  
mechanics), "if you have free will, then electrons do, too."  This  
statement of the theorem is deliberately set up to highlight one set  
of philosophical consequences.  A different, more straightforward  
statement is:  The result of a QM measurement cannot be computed by  
any function of the entire pre-measurement state of the universe.   
Informally, the full pre-existing state of the universe does not  
determine the result of a quantum measurement.

Conway gave a series of lectures on these results that are available  
free from iTunes - look at iTunes U listings for Princeton.  *Well*  
worth listening to.  Towards the end, he makes a very interesting and  
subtle point:  We've viewed the unpredictability of QM measurements as  
matters of randomness.  People always quote Einstein's complaint that  
"God doesn't play dice with the universe".  Conway and Kocher's  
theorem, however, show that this view is very fundamentally wrong.  If  
QM results were randomly determined, then we could play the same game  
in our description of the universe that we play with randomizing  
Turing machines:  Rather than add randomness to the machine/universe,  
simply provide a deterministic machine/universe with access to a pre- 
computed "set of random coin tosses" that they call on whenever they  
need to make a "random" choice.  But if you try this approach with QM,  
then Conway and Kocher will argue that the pre-determined tape can now  
be considered part of "the complete pre-existing state of the  
universe" - and their theorem shows that that cannot be sufficient to  
predict the result of a QM measurement!

So QM's indeterminism is subtly different from randomness:  It's an  
unpredictable choice that "isn't made until the exact moment of  
measurement".  It irreducibly cannot be determined in advance.  Conway  
goes on to say that he doesn't *understand* what the distinction  
really means - but then he says he doesn't really understand what  
randomness means anyway.  If John Conway feels this way, what are we  
poor mortals to think?

If you think about the use of randomness in cryptography, what matters  
isn't really randomness - it's exactly unpredictability.  This is a  
very tough to pin down:  What's unpredictable to me may be predictable  
to you, and unpredictability "collapses" as soon as the random value  
is "known" ("measured?").  QM unpredictability as described by Conway  
seems much closer to the kind of thing you really need to get crypto  
results.

                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list