Physicists Turn 8MP Smartphone Camera Into a Quantum Random Number Generator

KentuckyFC writes: "Random numbers are the lifeblood of many cryptographic systems and demand for them will only increase in the coming years as techniques such as quantum cryptography become mainstream. But generating genuinely random numbers is a tricky business, not least because it cannot be done with a deterministic process such as a computer program. Now physicists have worked out how to use a smartphone camera to generate random numbers using quantum uncertainties. The approach is based on the fact that the emission of a photon is a quantum process that is always random. So in a given unit of time, a light emitter will produce a number of photons that varies by a random amount. Counting the number of photons gives a straightforward way of generating random numbers. The team points out that the pixels in smartphone cameras are now so sensitive that they can pick up this kind of quantum variation. And since a camera has many pixels working in parallel, a single image can generate large quantities of random digits. The team demonstrates the technique in a proof-of principle experiment using the 8-megapixel camera on a Nokia N9 smartphone while taking images of a green LED. The result is a quantum random number generator capable of producing digits at the rate of 1 megabit per second. That's more than enough for most applications and raises the prospect of credit card transactions and encrypted voice calls from an ordinary smartphone that are secured by the laws of quantum physics."

Oldest news ever

This was done many years ago with a webcam as the LavaRand/LavaRnd project (which copied the Lavalamp PRNG).

Re:Seed

42

This story is a dup

[TFlan91]

Because he failed to give any links...

http://www.lavarnd.org/ - Was the site linked in story below, but is now dead

Sourceforge: http://sourceforge.net/project...

http://slashdot.org/story/03/0...

Re:This story is a dup

[timeOday]

I am not so sure the randomness from that project actually came from the quantum properties of the photons themselves. A saturated CCD may be a chaotic physical process, but (I think) the dynamics of that chaotic process are properties of that CCD, not directly from the actions of individual photons which are known to be "quantum" and truly random.

Re:This story is a dup

[timeOday]

By way of analogy, rolling dice is a chaotic physical process that does not rely on quantum randomness. Given the starting conditions of a dice roll, the outcome is predictable, at least in theory.

Re: This story is a dup

[timeOday]

So you're sure there are processes which are completely deterministic? If it relied on the interaction of light and matter, then the same random component being used in the current article is still applicable

I would guess there are incredibly small regions of instability in many chaotic processes that can be tipped either way by quantum randomness, but that does not make them useful as sources of randomness. What you want is to prove the outcome of your system is nothing BUT quantum randomness, and thus unbiased. I don't think the 'prior art' cited above proved that it met that standard. This paper claims to have done so within quantifiable bounds:

But Sanguinetti and co calculate that their numbers are pretty close to random. They say that the process would have to be repeated 10^118 times before any deviation from randomness might be observed. "If everybody on earth used such a device constantly at 1Gbps, it would take 10^80 times the age of the universe for one to notice a deviation from a perfectly random bit string," they say.

You can never be sure...

[tippe]

Oblig. Dilbert Reference

Re:Always?

You've got that a bit backwards. The underlying quantum physics concludes that everything is a random possibility in a range of probabilities, but that in a macroscopic scale the random fluctuations usually cancel out and the net result generally behaves as a deterministic process.

As related to this, if you power up a LED just enough for it to emit a single photon, you are pretty sure roughly what direction it went, but the exact path is unknown until it interacts with something. However if you juice up that LED to full power, you know that (aside from a few oddities every couple of years) every photon is travelling in the same illumination cone and the entire cone can be reliably modeled.

Why not just use noise from the various antennas?

[Garble+Snarky]

Bluetooth, GPS, NFC. At the very least, the cell/wifi are listening anytime you're online anyway, and with the relatively large bandwidth there should be plenty of entropy in that noise. Right?

Haven't addressed the main issue.

[jcochran]

If the article is correct and it's possible to generate a megabit/second random number stream, then that's very nice. But that stream is effectively worthless for all the applications they mentioned since the real problem is arranging for both parties to have access to the exact same random bit stream. That problem is the real one.

Re:Haven't addressed the main issue.

[K.+S.+Kyosuke]

You'd use this for session keys. Or, if you're into OTP, you'd transfer the bit stream in person (using something like NFC). (But I suspect that a much weaker point would be the penetrability and backdoorability of current horribly complex smartphone operating systems.)

Re:Worth exactly what?

[jeffmeden]

To my knowledge, the limitations of pseudo random number generators are not the weak point in encryption.

To my mind, the most pressing problem are caused by Moore's law (and similar effects). Whatever encryption is worthwhile now, is worthless in 5 years.

Not to mention the human sized holes in encryption caused by human limitations.

Having a true random number stream is very valuable since one of the key weaknesses in PRNGs come when you gather enough output and can guess what random numbers the algo will use next. This compromises forward secrecy. If you can use a stream of constantly random numbers, one weakness is gone entirely leaving you more time to worry about other issues (like human weakness, processing bottlenecks, etc). Also, see the issue of a PRNG with a backdoor allowing perfect guessing of the pattern hence making the encryption useless (thanks to the NSA, no less).

  I can see how it will be awkward to carry a green LED around to wave in front of your smartphone to maintain the stream but more advancement may miniaturize that part to the point where it's barely noticable [/snark]

Re:Worth exactly what?

That is almost exactly wrong. Random number generators are a great place to subvert encryption systems, because if you can get a bad one implemented as a standard, there's not always a great way to prove that there's a backdoor in them. You can throw as much Moore's Law as you want at 2048 bit encryption, but it's still gonna take you more time than you have left until the heat death of the universe to crack my encrypted drive.

The math behind strong encryption is good, unless the NSA has something we don't know about, and it's unlikely they do because the Snowden docs reveal that they have spent quite a lot of money on doing things like poisoning random number generators. According to people like Bruce Schneier, the math works; it's things like key exchange, implementation, and getting people to use it that's the problem.

Re:Always?

[peon_a-z,A-Z,0-9$_+!]

Assuming your post is derived from the following Wikipedia excerpt:

...a system moves to higher energies or—equivalently—larger quantum numbers, i.e. whereas a single particle exhibits a degree of randomness, in systems incorporating millions of particles averaging takes over and, at the high energy limit, the statistical probability of random behaviour approaches zero. In other words, classical mechanics is simply a quantum mechanics of large systems.

http://en.wikipedia.org/wiki/Q...

Then you have interpreted it a bit incorrectly. Everything is not random, everything exhibits a degree of randomness. Just because we can't properly measure the deterministic nature of it, doesn't make it inherently random.

It looks random to us, but if there were no limit to our measuring capability we would know that it is indeed not random.

Kind of like the Earth Is Flat type argument of modern times.

Re:Always?

[invid]

I guess you're not a fan of the Copenhagen interpretation. From Wikipedia:

The Copenhagen interpretation - due largely to the Danish theoretical physicist Niels Bohr - remains the quantum mechanical formalism that is currently most widely accepted amongst physicists, some 75 years after its enunciation. According to this interpretation, the probabilistic nature of quantum mechanics is not a temporary feature which will eventually be replaced by a deterministic theory, but instead must be considered a final renunciation of the classical idea of "causality".

Be careful

[mbone]

The question is not really whether some physical process is random, the question is whether someone could predict some of the bits, say if you immersed the camera in a light field pulsed at the ccd refresh rate. Or an electromagnetic field that saturates the A/D converters wiring. Or...

The thing is that such a design has to be fixed, and then released in the field, and then be subjected to attacks tailored to its individual design and implementation, and there really is no magic bullet. So, "Counting the number of photons gives a straightforward way of generating random numbers" : maybe, but we won't know for sure if they are really and always random until it's been attacked for a few years.