[Cryptography] Photon beam splitters for "true" random number generation ?

Mon Dec 14 01:04:05 EST 2015

On Dec 13, 2015, at 1:19 PM, Henry Baker <hbaker1 at pipeline.com> wrote:

> At 11:48 AM 12/13/2015, Bill Cox wrote:
>> On Sat, Dec 12, 2015 at 11:19 PM, Ron Garret <ron at flownet.com> wrote:
>> 
>>> Perhaps such a device has already been built & tested?
>> 
>> Probably not.  The reason is that there are much easier ways to avail yourself of (essentially) the same physics.  Thermal noise, for example, gives you just as much âtrue randomnessâ as quantum measurements (because thermal noise is, at root, a quantum effect) but it's much (much!) easier to obtain.
>> 
>> If I understand their technology correctly, this company has been selling them for years.
>> 
>> http://www.idquantique.com/random-number-generation/quantis-random-number-generator/
> 
> Very interesting; ~ $1100 - $3300 for 4Mbits/sec to 16Mbits/sec.
> 
> 9 hours to fill up a 64GByte USB flash drive @ 16Mbits/sec.
> 
> Next question: how in the world could such a device ever be certified not to have a 'quantum insert' from our TAO friends?  The sales of these devices probably number in the tens per month, so purchasing even *one* would raise a flag at GCHQ.
> 
> After all, at $1/GB, you could put 3.3TBytes into a $3300 device; how could one ever certify that a device that incorporate 3TBytes was "truly random" ?
> 
> Even w/o memory, a microscopic radio receiver could modify the device output to be no longer random, or an undocumented USB command could do the same thing.
> 
> And you thought that testing a VW emissions control system was hard!
> 

This is exactly right.  The quantis device is pure marketing hype, designed for the PHB who needs to be able to say that s/he’s using something “certified.”  It might work as advertised, or it might not.  The only way to tell is 1) trust the certification or 2) audit the device yourself.  And option 1 requires an awful lot of trust: you have to trust not only that the people doing the certification knew what they were doing, but also that the particular device you’re using was constructed according to the certified design.

It’s really all marketing hype.  A properly configured op-amp will give you every bit as much true randomness as the quantis device for a tiny, tiny fraction of the cost, and will be much more difficult to attack.  I can think of a dozen way the quantis device could be compromised, but to attack a thermal noise source you would have to do something like dunk it in liquid nitrogen.

rg