We have plenty of entropy sources. The only situation where we have a problem with that is the so-called early-boot-time-entropy. However hardware RNGs don't solve that either, because, well, they need some kind of initialized OS to access the hardware in order to work.
a monolithically integrated QRNG, composed of a light emitting diode (LED) and a single-photon avalanche photodetector (SPAD), has been recently demonstrated at 1 Mb/s using silicon (Si) photonics technology
For 32-bit integers, 1 million bits per second is equivalent to 31,250 random integer samples per second.
For comparison, a Mersenne Twister on GPU can generate 2.9 billion samples per second and on FPGA it can generate 26 billion samples per second [1]. One can only imagine what a custom ASIC would be able to do.
So the current quantum chip RNG is roughly 100,000 times slower than GPU and a million times slower than an FPGA.
I realize that the purpose of this QRNG is cryptographically secure RNG and Mersenne Twister is not for that purpose, but I was just curious about the performance.
An mt requires reading only 400ish numbers to work out its internal state and exactly predict its output thereafter. its also biased, which puts bias into any simulation using it.
one of the best performance hwrngs atm comes in the raspberry pi.
one of the worse is that used by (old versions of)ms excel. which im still not sure if they fixed the high probability of creating extreme values.
if you need performance one of the best algorithmic pseudo rngs is in the rabbit stream cipher.
____
quantum random number generator would scare me. whats to stop the nsa from entangling it with their own hardware and controling its output (only half joking)
ever since the Chinese published that they can now use entanglent to transmit information faster than light. following it up with that quantum comms satelite recently im not sure what to think anymore.
surely a better answer is "we dont actually know anymore"
Your summation is not true; all they've claimed to have done is create a quantum encryption link, which means that if someone tries to eavesdrop on it, it will garble the message for both recipients.
The satellite’s first mission would involve establishing a cryptographic communication line between Beijing and Vienna by creating “[the encoding and sharing of a secret cryptographic key using the quantum properties of photons] between a ground station in Beijing and the satellite, and between the satellite and Vienna.”
Scientists then plan to conduct satellite entangled photon quantum teleportation between stations located in the Chinese cities of Delingha and Lijiang or Nanshan, which are separated by more than 1,200 kilometers.
It always makes me a little bit sad when people get excited about about fancy "quantum" things that don't use the full potential of quantum computation.
With classical computing, if you plug in a widget and that widget spits out a bunch of supposedly random numbers, then you have to take it on faith that the widget isn't cheating and generating highly biased output. (For example, a deterministic cryptographic RNG is almost maximally biased, but it's computationally infeasible to tell just by examining the output.)
With quantum techniques, if you are willing to plug in two devices and process their outputs a bit, and if you're willing to trust that the devices aren't secretly communicating, then you can get provable randomness. You don't even need a real quantum computer to do this. [1] You still need to trust that the devices aren't actively malicious, but you do rule out accidental implementation issues that introduce subtle correlations between output bits.
If you are using an actual quantum computer, then you can go much farther and generate uniform random bits directly and even, under certain straightforward conditions, prove that those bits didn't leak out via a side channel. This is more or less the same principle as quantum key distribution: if Alice and Bob run a QKD algorithm to generate a key (n uniform, independent random bits), they are effectively running a protocol that verifies that no side channel leaked the bits. A malicious eavesdropper is a form of side channel, so those get ruled out as well.
[1] turns out to be more subtle than people originally thought. Even assuming you can make loophole free bell tests (hey, it's been done!), the best anyone has been able to show this does -- even theoretically -- is randomness /amplification/ not true verifiable randomness. This boils down to the need for an initial random basis preparation of the qubits for which you have no true random seed.
I know some people have been working on solving that chicken and egg problem, but -- unless there's very new work I'm unaware of -- it's still unsolved.
14 comments
[ 3.7 ms ] story [ 40.8 ms ] threadWe know how to build secure RNGs in software. The one and only problem we have is that not everyone is using them.
What secure RNGs do we have that don't require an entropy source?
For 32-bit integers, 1 million bits per second is equivalent to 31,250 random integer samples per second.
For comparison, a Mersenne Twister on GPU can generate 2.9 billion samples per second and on FPGA it can generate 26 billion samples per second [1]. One can only imagine what a custom ASIC would be able to do.
So the current quantum chip RNG is roughly 100,000 times slower than GPU and a million times slower than an FPGA.
I realize that the purpose of this QRNG is cryptographically secure RNG and Mersenne Twister is not for that purpose, but I was just curious about the performance.
[1] http://www.homepages.ed.ac.uk/slig/papers/tian_AHS09.pdf
one of the best performance hwrngs atm comes in the raspberry pi.
one of the worse is that used by (old versions of)ms excel. which im still not sure if they fixed the high probability of creating extreme values.
if you need performance one of the best algorithmic pseudo rngs is in the rabbit stream cipher.
____ quantum random number generator would scare me. whats to stop the nsa from entangling it with their own hardware and controling its output (only half joking)
surely a better answer is "we dont actually know anymore"
https://www.technologyreview.com/s/601658/first-demonstratio...
There is no FTL communication.
the first part of the project is quantum encryption. the second is ftl communication https://www.rt.com/news/328988-china-quantum-info-teleport/
The satellite’s first mission would involve establishing a cryptographic communication line between Beijing and Vienna by creating “[the encoding and sharing of a secret cryptographic key using the quantum properties of photons] between a ground station in Beijing and the satellite, and between the satellite and Vienna.”
Scientists then plan to conduct satellite entangled photon quantum teleportation between stations located in the Chinese cities of Delingha and Lijiang or Nanshan, which are separated by more than 1,200 kilometers.
____
following the ftl publications in 2013 Spooky! Quantum Action Is 10,000 Times Faster Than Light http://www.livescience.com/27920-quantum-action-faster-than-...
With classical computing, if you plug in a widget and that widget spits out a bunch of supposedly random numbers, then you have to take it on faith that the widget isn't cheating and generating highly biased output. (For example, a deterministic cryptographic RNG is almost maximally biased, but it's computationally infeasible to tell just by examining the output.)
With quantum techniques, if you are willing to plug in two devices and process their outputs a bit, and if you're willing to trust that the devices aren't secretly communicating, then you can get provable randomness. You don't even need a real quantum computer to do this. [1] You still need to trust that the devices aren't actively malicious, but you do rule out accidental implementation issues that introduce subtle correlations between output bits.
If you are using an actual quantum computer, then you can go much farther and generate uniform random bits directly and even, under certain straightforward conditions, prove that those bits didn't leak out via a side channel. This is more or less the same principle as quantum key distribution: if Alice and Bob run a QKD algorithm to generate a key (n uniform, independent random bits), they are effectively running a protocol that verifies that no side channel leaked the bits. A malicious eavesdropper is a form of side channel, so those get ruled out as well.
[1] https://arxiv.org/abs/0911.3427
I know some people have been working on solving that chicken and egg problem, but -- unless there's very new work I'm unaware of -- it's still unsolved.