
Quantum entropy source on an integrated circuit for random number generation - jesrui
https://www.osapublishing.org/optica/abstract.cfm?uri=optica-3-9-989
======
hannob
I said it before in similar threads, I'll say it again: I believe hardware
random generators don't solve any problem that we have.

We know how to build secure RNGs in software. The one and only problem we have
is that not everyone is using them.

~~~
bkjsbkjdnf
> We know how to build secure RNGs in software.

What secure RNGs do we have that don't require an entropy source?

~~~
hannob
We have plenty of entropy sources. The only situation where we have a problem
with that is the so-called early-boot-time-entropy. However hardware RNGs
don't solve that either, because, well, they need some kind of initialized OS
to access the hardware in order to work.

~~~
bkjsbkjdnf
Are you trying to make a point?

------
n00b101
_a monolithically integrated QRNG, composed of a light emitting diode (LED)
and a single-photon avalanche photodetector (SPAD), has been recently
demonstrated at 1 Mb /s using silicon (Si) photonics technology_

For 32-bit integers, 1 million bits per second is equivalent to 31,250 random
integer samples per second.

For comparison, a Mersenne Twister on GPU can generate 2.9 billion samples per
second and on FPGA it can generate 26 billion samples per second [1]. One can
only imagine what a custom ASIC would be able to do.

So the current quantum chip RNG is roughly 100,000 times slower than GPU and a
million times slower than an FPGA.

I realize that the purpose of this QRNG is cryptographically secure RNG and
Mersenne Twister is not for that purpose, but I was just curious about the
performance.

[1]
[http://www.homepages.ed.ac.uk/slig/papers/tian_AHS09.pdf](http://www.homepages.ed.ac.uk/slig/papers/tian_AHS09.pdf)

~~~
mSparks
An mt requires reading only 400ish numbers to work out its internal state and
exactly predict its output thereafter. its also biased, which puts bias into
any simulation using it.

one of the best performance hwrngs atm comes in the raspberry pi.

one of the worse is that used by (old versions of)ms excel. which im still not
sure if they fixed the high probability of creating extreme values.

if you need performance one of the best algorithmic pseudo rngs is in the
rabbit stream cipher.

____ quantum random number generator would scare me. whats to stop the nsa
from entangling it with their own hardware and controling its output (only
half joking)

~~~
lawpoop
About the half serious part, I don't think that an entangled RNG could
transmit any information.

~~~
mSparks
ever since the Chinese published that they can now use entanglent to transmit
information faster than light. following it up with that quantum comms
satelite recently im not sure what to think anymore.

surely a better answer is "we dont actually know anymore"

[https://www.technologyreview.com/s/601658/first-
demonstratio...](https://www.technologyreview.com/s/601658/first-
demonstration-of-10-photon-quantum-entanglement-sets-new-record/)

~~~
lawpoop
Your summation is not true; all they've claimed to have done is create a
quantum encryption link, which means that if someone tries to eavesdrop on it,
it will garble the message for both recipients.

There is no FTL communication.

~~~
mSparks
thats isnt how the project was billed.

the first part of the project is quantum encryption. the second is ftl
communication [https://www.rt.com/news/328988-china-quantum-info-
teleport/](https://www.rt.com/news/328988-china-quantum-info-teleport/)

The satellite’s first mission would involve establishing a cryptographic
communication line between Beijing and Vienna by creating “[the encoding and
sharing of a secret cryptographic key using the quantum properties of photons]
between a ground station in Beijing and the satellite, and between the
satellite and Vienna.”

Scientists then plan to conduct satellite entangled photon quantum
teleportation between stations located in the Chinese cities of Delingha and
Lijiang or Nanshan, which are separated by more than 1,200 kilometers.

____

following the ftl publications in 2013 Spooky! Quantum Action Is 10,000 Times
Faster Than Light [http://www.livescience.com/27920-quantum-action-faster-
than-...](http://www.livescience.com/27920-quantum-action-faster-than-
light.html)

------
amluto
It always makes me a little bit sad when people get excited about about fancy
"quantum" things that don't use the full potential of quantum computation.

With classical computing, if you plug in a widget and that widget spits out a
bunch of supposedly random numbers, then you have to take it on faith that the
widget isn't cheating and generating highly biased output. (For example, a
deterministic cryptographic RNG is almost maximally biased, but it's
computationally infeasible to tell just by examining the output.)

With quantum techniques, if you are willing to plug in _two_ devices and
process their outputs a bit, and if you're willing to trust that the devices
aren't secretly communicating, then you can get provable randomness. You don't
even need a real quantum computer to do this. [1] You still need to trust that
the devices aren't actively malicious, but you do rule out accidental
implementation issues that introduce subtle correlations between output bits.

If you are using an actual quantum computer, then you can go much farther and
generate uniform random bits directly and even, under certain straightforward
conditions, prove that those bits didn't leak out via a side channel. This is
more or less the same principle as quantum key distribution: if Alice and Bob
run a QKD algorithm to generate a key (n uniform, independent random bits),
they are effectively running a protocol that verifies that no side channel
leaked the bits. A malicious eavesdropper is a form of side channel, so those
get ruled out as well.

[1] [https://arxiv.org/abs/0911.3427](https://arxiv.org/abs/0911.3427)

~~~
gsteinb88
[1] turns out to be more subtle than people originally thought. Even assuming
you can make loophole free bell tests (hey, it's been done!), the best anyone
has been able to show this does -- even theoretically -- is randomness
/amplification/ not true verifiable randomness. This boils down to the need
for an initial random basis preparation of the qubits for which you have no
true random seed.

I know some people have been working on solving that chicken and egg problem,
but -- unless there's very new work I'm unaware of -- it's still unsolved.

~~~
amluto
Do you have a reference for that? I'm curious what the problem is.

