[Cryptography] Photon beam splitters for "true" random number generation ?

Henry Baker hbaker1 at pipeline.com
Sat Dec 12 22:06:02 EST 2015

I'm not a physicist, but I recall from my undergraduate days that one can produce a beam of essentially "pure" linearly polarized light.  Furthermore, if one then splits this linearly polarized beam into two and passes one through another linear polarizer at 45 degrees and the other beam goes through a different linear polarizer also at 45 degrees to the first beam, but 90 degrees to the other polarizer, then each photon that gets through at all, must *randomly choose* whether it will align with the first polarizer or the second polarizer.

We then *detect* these photons by positioning a detector behind the first polarizer and another detector behind the second polarizer.  We call the first detector the "0" detector and the second detector the "1" detector.

It is routine in physics experiments to have photon detectors which can test *coincidence*, whereby one can either *select* or *ignore* detections that happen simultaneously at both detectors.

Let us assume that the original beam of light is fairly *faint*, so that each photon can be individually detected, and we arrange the detectors to *ignore* any simultaneously detected "hits".

Can't such a beam-splitting polarization experiment be utilized to generate "true" random numbers?

Yes, the photons arrive randomly, but if the intensity of the beam is low enough, then the chances of more than one photon arriving at the same time is greatly reduced, and we can throw away any events in which photons simultaneously arrive at both detectors.

Yes, the angle of 45 degrees must be *exact*, else there will be a very slight bias in 0's over 1's or vice versa.

1.  Does such an experiment "work", in the sense that the numbers are truly random?

2.  Can any slight biases from imprecise setup be corrected after the fact -- e.g., by some sort of whitening operation?

The usual physics lab table setup may not be particularly useful for a real product, but I think that such a device could be fabricated out of optical fibers, using a fiber-optic laser source, a more-or-less-standard optical fiber splitter, and off-the-shelf polarizing filters and off-the-shelf detectors.

I don't know how long polarization lasts within a single-mode optical fiber (i.e., how long in meters can a fiber be without upsetting the polarization state), but the whole device could be pretty small, since we're not talking about high power lasers or extremely fast detectors.

Perhaps such a device has already been built & tested?

More information about the cryptography mailing list