Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Devise a Way To Generate Provably Random Numbers Using Quantum Mechanics (newatlas.com)

Posted by msmash on from the moving-forward dept.

No random number generator you've ever used is truly, provably random. Until now, that is. Researchers have used an experiment developed to test quantum mechanics to generate demonstrably random numbers, which could come in handy for encryption. From a report: The method uses photons to generate a string of random ones and zeros, and leans on the laws of physics to prove that these strings are truly random, rather than merely posing as random. The researchers say their work could improve digital security and cryptography. The challenge for existing random number generators is not only creating truly random numbers, but proving that those numbers are random. "It's hard to guarantee that a given classical source is really unpredictable," says Peter Bierhorst, a mathematician at the National Institute of Standards and Technology (NIST), where this research took place. "Our quantum source and protocol is like a fail-safe. We're sure that no one can predict our numbers." For example, random number algorithms often rely on a source of data which may ultimately prove predictable, such as atmospheric noise. And however complex the algorithm, it's still applying consistent rules. Despite these potential imperfections, these methods are relied on in the day-to-day encryption of data. This team's method, however, makes use of the properties of quantum mechanics, or what Einstein described as "spooky action at a distance." Further reading: Wired, LiveScience, and CNET.

91 of 139 comments (clear)

  1. Random.Org to the Rescue! by Anonymous Coward · · Score: 2, Informative

    Mostly just for the random entertainment value: https://www.random.org/

  2. First post by Anonymous Coward · · Score: 2, Funny

    int getRandomNumber()
    {
        return 1; // chosen from random post number
    }

    1. Re:First post by Anonymous Coward · · Score: 1

      What is "provably random"?

      Can you really "prove" that a number is random?

    2. Re:First post by darkain · · Score: 4, Informative

      Obligatory XKCD reference for those that didn't get it: https://xkcd.com/221/

    3. Re:First post by alvinrod · · Score: 3, Interesting

      In this case TFS seems to define provably random as that which cannot be predicted in advance given sufficient knowledge of how the number is generated and some initial conditions. Supposedly they have proven that this is the case, though I have not verified the correctness of their proof. However, this is really no different than other mathematical proofs. Either the proof is correct or it is not, but a lack of understanding of the proof does not change its correctness.

    4. Re:First post by ctilsie242 · · Score: 1

      Chi-squared test comes close.

    5. Re:First post by Anonymous Coward · · Score: 5, Funny

      Obligatory Dilbert: http://dilbert.com/strip/2001-...

    6. Re:First post by TechyImmigrant · · Score: 2

      What is "provably random"?

      It is bullshit.

      Bullshit. If quantum physics is random, then macroscopic noise is random and there are entropy extraction algorithms are mathematically provable to have a random output in terms of min-entropy or computational predictions bounds, assuming they have a random input with a certain min-entropy.

      Can you really "prove" that a number is random?

      No. See above.

      Yes. See above.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re:First post by TechyImmigrant · · Score: 1

      Chi-squared test comes close.

      Not nearly as close as the Markov-Renye min entropy test or the least common value test.

      In fact tests of randomness fill the largest two chapters in my book on random number generators.
      https://www.degruyter.com/view...

      Available at all good internet portals sometime later this year.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    8. Re:First post by ShanghaiBill · · Score: 2

      If quantum physics is random ...

      That is an assumption, not an axiom. As our understanding of physics improves, we may find deeper patterns.

      ... then macroscopic noise is random

      So what makes this new RNG different from other RNGs based on quantum phenomena, such as Brownian motion, or zener diode avalanches?

    9. Re:First post by TechyImmigrant · · Score: 1

      An axiom is an assumption

      But yes, there may or may not be deeper patterns.

      >So what makes this new RNG different from other RNGs based on quantum phenomena, such as Brownian motion, or zener diode avalanches?

      That it proves in a live fashion that the data is from a random process, provided the rules of quantum physics are true. This is a higher form of proof from existing RNGs based on sampling noise and running it through entropy extraction algorithms. It's not the only higher form of proof. There are quantum safe extractors which improve on the claims that can be made, but that's different.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    10. Re:First post by novakyu · · Score: 1

      So, if it's provably random but you do not understand the proof, does it matter to you that it was provably random, rather than pseudorandom?

    11. Re:First post by Anonymous Coward · · Score: 1

      The Dilbert brings a bit more insight.

      Most pseudo-random number generators aren't capable of generating a long sequence of the same number, and for most applications that would be undesirable and probably reported as a bug.

      A true random number is capable of generating an infinite sequence of the same number. That particular outcome is just a likely as any other specific sequence.

      When we use randomness in programming we often want a controlled "randomness" that gives us a fairly even distribution.
      The one in the ISO-C library is even guaranteed to give the same sequence given the same seed and it is recommended (but not required) to use the reference implementation to even get the same sequence over multiple platforms.
      If you use for procedural generation it makes things a lot easier to improve your algorithm or debug it since you can repeat the number sequence.
      For games you can get interesting but predictable antagonist behavior.

    12. Re:First post by KingBenny · · Score: 1

      at least there's finally an application for quantum mechanics lol, roll the dice ! no more cheating by turning your computer clock to the same minute as yesterday

      --
      Free speech was meant to be free for all... how can anyone grow up in a nanny state ?
  3. Nice try "researchers" by CajunArson · · Score: 4, Funny

    You're not fooling me. It's well known that the NSA incorporated backdoors into the fabric of the universe when they subverted the big bang.

    --
    AntiFA: An abbreviation for Anti First Amendment.
  4. xkcd... by Kenja · · Score: 2

    int getRandom() {
    return 4; // generated by dice roll
    }

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:xkcd... by Jeremi · · Score: 1

      We have new technology to optimize that code now. Here's the modern implementation:

      int getRandom() {
            return 4; // generated by "spooky action at a distance"
      }

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  5. Not the first by shayd2 · · Score: 1

    See Lava Rand

    1. Re:Not the first by thoughtlover · · Score: 1

      See Lava Rand

      Thank you. An RNG that uses external sources (values inherent to QM) to generate said value isn't using a strict mathematical proof. This is just reality sampling.

      --
      No sig for you! Come back one year!
  6. Woo Quantum, must be better... by lurcher · · Score: 3, Interesting

    I would have thought thermal noise in a resistor or semiconductor (which is in itself generated by subatomic so quantum, events) would be just as random.

    1. Re:Woo Quantum, must be better... by ctilsie242 · · Score: 1

      What about small tritium gas vial, size used in wristwatch numbers (like a Trigalight) coupled with a detector? Couple that with some high speed flip-flops or as stated above, noise in a NP junction, and that should produce cryptographically secure random numbers, especially if the CPU had a built in pool with a "stirring" mechanism so anything periodic would be dispersed among the bits fairly quickly.

    2. Re:Woo Quantum, must be better... by Baloroth · · Score: 4, Interesting

      It is, and that's exactly how Intel's hardware-based random number generator in their CPUs works (so, yes, we have used a truly provably random source of RNGs... that is, if Intel is telling the truth about how it works). Another source of RNG is radioactive decay, though that's not terribly commonly used thanks to the hardware requirements. In this case, the article doesn't describe the source of randomess (aside from "correlations in superpositions", which could be anything from completely random to completely unrandom). It might not even be as random as they think it is (just being quantum is very much not enough), especially because they "improved their data" by only looking at sequences where the bits were almost perfectly uniformly 50/50 1 and 0, which is precisely not the right way to ensure good randomness: true random sequences usually don't obey uniformity, except in the limit as the length of the sequence goes to infinity, and requiring uniformity (or near-uniformity) in a "random" sequence reduces the entropy. That tells me they don't really understand randomness, which does not bode well for their claims.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    3. Re:Woo Quantum, must be better... by TechyImmigrant · · Score: 2

      I would have thought thermal noise in a resistor or semiconductor (which is in itself generated by subatomic so quantum, events) would be just as random.

      Via the central limit theorem, the addition of multiple binary random events will combine into a gaussian distribution. It will be random, with the min-entropy determined by the distribution - H_inf(X) = -log_2(max(Pr(X_i)).

      So there will be some entropy loss. But that's fine. There's plenty of entropy about us to sample and turn into random bits.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:Woo Quantum, must be better... by TechyImmigrant · · Score: 3, Interesting

      >It is, and that's exactly how Intel's hardware-based random number generator in their CPUs works

      Indeed, it is. I happen to know this well because I'm one of the designers of it.

      Quantum proven randomness is proven by showing a violation of Bell's theorem, showing a correlation that exceeds whats could be achieved by unentangled particles and therefore showing that they were a part of a random quantum process.

      The form of every mathematical proof is of the form "If this is true, then [blah blah blah], so that it true".
      The form of this particular proof is "If the rules of quantum physics are true, then [blah blah blah] so 'the output is random' is true".

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    5. Re:Woo Quantum, must be better... by TeknoHog · · Score: 1

      Another source of RNG is radioactive decay, though that's not terribly commonly used thanks to the hardware requirements.

      Radioactive decay is fundamentally a quantum effect, which is why we cannot predict individual decays, only the macroscale statistics. So the article might have a new method per se, but simply using quantum effects wouldn't be new.

      they "improved their data" by only looking at sequences where the bits were almost perfectly uniformly 50/50 1 and 0, which is precisely not the right way to ensure good randomness: true random sequences usually don't obey uniformity, except in the limit as the length of the sequence goes to infinity, and requiring uniformity (or near-uniformity) in a "random" sequence reduces the entropy. That tells me they don't really understand randomness, which does not bode well for their claims.

      I've written a HWRNG for FPGAs, and it was frustrating to test and tweak it to pass the tests in rng-tools based on FIPS 140-2. One of the tests fails upon too long stretches of 0s or 1s, for example. I guess for practical purposes you want something like short-term randomness; if your 10-second sample of white noise is all DC, it doesn't Bode well for your frequency response curve.

      --
      Escher was the first MC and Giger invented the HR department.
    6. Re:Woo Quantum, must be better... by jezwel · · Score: 1

      I would have thought thermal noise in a resistor or semiconductor (which is in itself generated by subatomic so quantum, events) would be just as random.

      It is, and that's exactly how Intel's hardware-based random number generator in their CPUs works (so, yes, we have used a truly provably random source of RNGs... that is, if Intel is telling the truth about how it works)

      If you run the same code on the same CPU under the same conditions, how similar is the thermal noise generated? Is it completely different or will there be any similarities at all?
      TIA, just curious.

    7. Re:Woo Quantum, must be better... by TechyImmigrant · · Score: 1

      >If the rules of quantum physics are true

      Exactly, and we can't answer this part of it. It appears to be true, but nobody knows the mechanism or whether there are non-Bell variables.

      The multidimensional quasi crystal stuff pushed by Klee Irwin is interesting, because it points to a possibly deterministic result.

      If that panned out I would be happy, because the opinion I've expressed here before would then be proven true: Ignorance is as good as non determinism when it comes to the use of random numbers in cryptography.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    8. Re:Woo Quantum, must be better... by TechyImmigrant · · Score: 1

      However others consider him a quack: https://rationalwiki.org/wiki/... .

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  7. I knew it by NichardRixon · · Score: 1

    So we do have free will after all.

    1. Re:I knew it by Anonymous Coward · · Score: 1

      No, photons have free will. We can prove it.

      You are entirely predictable. Advertisers can prove it.

    2. Re:I knew it by mark-t · · Score: 1, Offtopic

      Consider that we appear, by most standards of observation, to have at least some measure of what we imagine free will to be, and we generally live our lives as if we were free willed. In fact, if we were not, the expression "free will" would not even mean anything, since it is the very term that we regularly use to describe the appearance of freely made choices. By extension, therefore, if free will did not exist, then it seems apparent that we should not be capable of imagining what we think that actual free will even is.

      Therefore, free will exists.

      Whether or not the universe is actually deterministic is immaterial to this, because you cannot use any the nature of a deterministic system to predict its own state in a way that the information cab be communicated to an agent within that system that has a potential to affect that state,

      --
      File under 'M' for 'Manic ranting'
    3. Re:I knew it by NicknameUnavailable · · Score: 3, Funny

      So we do have free will after all.

      Nope, the multiverse is most likely correct. The big bang never stopped, it just went interdimensional and time itself is an illusion caused by the patterns which emerge when tracing a path along one of all potential possibilities. The interference pattern and statistical interpretation of it is just the probability that a particle you observe on your worldline goes in a particular direction at a particular velocity, but all of those possibilities are traced out on different worldlines. There's a reality where you're a supervillan and a reality where you're the richest person in the world, and then there's most realities where you're neither - each of those realities are practically infinite and expanding forward and backward in time in their derivations, but the likelihood you perceive one of the abnormal ones is significantly reduced. You probably can't picture yourself as a serial killer or helping people to the point you are literally made into a saint, but both exist somewhere in the multiverse. All your choices are irrelevant because they all happen.

    4. Re:I knew it by TeknoHog · · Score: 1

      So we do have free will after all.

      With determinism, everything is on its set path, so we don't have free will.

      But if everything is truly random at a fundamental level, it doesn't get any better. If the outcome of every decision is truly random, you're not actually making the choice.

      So IMHO, free will isn't a question of determinism vs. randomness. At least not a binary question.

      --
      Escher was the first MC and Giger invented the HR department.
    5. Re:I knew it by NicknameUnavailable · · Score: 1

      Dark matter is the shadow of mass from a colliding parallel universe.

    6. Re:I knew it by Anonymous Coward · · Score: 1

      I have a Quantum Multiverse-Locked Hammer (QMLH). When my QMLH is used on an object, 50% of the time it drives the object like a regular hammer, and 50% of the time it bounces back and does not impact the object. But fortunately, my hammer has a multiverse lock, which means it selects the quantum universe in which the probability was the 50% success of driving an object, so my hammer ALWAYS behaves like a non-quantum hammer to observers.

      Multiverse theory and applications to topics like quantum computing are very much like this explanation. It is the dark matter of the quantum world - nobody knows or has any good explanation as to HOW quantum functions are resolved, if they even really exist at all, or if they are just our misunderstanding of the world.

      Just because I can make up a story about my QLMH that fits the observed data, it doesn't mean my QLMH is real. Likewise, multiverse theory is just a big lousy guess.

    7. Re:I knew it by NicknameUnavailable · · Score: 2

      Difference between your description and reality is that the multiverse explanation removes all paradoxes from the quantum and relativistic worlds at all scales, while every other potential resolution fails to do so and usually create additional ones. That fact alone makes the multiverse interpretation the only plausible solution at this point in time.

  8. Lots of handwaving by 0dugo0 · · Score: 1

    I'm missing the proof that there are no non-local hidden-variables or super-deterministic local hidden variables at play.

  9. TRNGs are common... by MrKevvy · · Score: 5, Insightful

    It has already been established that thermal/shot component noise (most commonly from reversed diodes) is demonstrably statistically random and is based on quantum electrodynamic events.

    TRNGs (True Random Number Generators) using this principle have been around for a while embedded in some hardware such as the Intel 82802 firmware hub found on some Intel mainboards

    --
    -- Insert witty one-liner here. --
    1. Re:TRNGs are common... by Anonymous Coward · · Score: 3, Insightful

      Pseudo-profound bullshit. Nothing in that post is true. Classifying something does not change the thing being classified.

    2. Re:TRNGs are common... by Megol · · Score: 1

      Bullshit.

    3. Re:TRNGs are common... by Anonymous Coward · · Score: 1

      It's true. If your RNG could produce 128 bits of contiguous 1s or 0s (as a true RNG will), then sometimes the output will fail statistical tests for random on short sequences. The problem is in trying to quantify what "random" is. This device is guaranteed to have no bias, okay, a function that returns 0 1 0 1 0 1 ... is also guaranteed to have no bias, but the output fails other tests.

      The only thing that actually matters with RNG for cryptography is that an adversary doesn't know what numbers you've generated. They're just a kind of secret. To that effect, it's reasonable to throw your RNG output at known statistical tests for "random" and not use output that fails your tests, as long as those statistical tests indicate a random sequence that's very significantly easier to attack than other sequences. If your password generator generated, purely by chance "password" as the random password, you would not want to use it. These fixes that achieve practical "randomness" actually make the RNG LESS RANDOM, but more secure for some models!

      Random is difficult and confusing.

    4. Re:TRNGs are common... by gweihir · · Score: 1

      They are also really cheap to do. And, from physical principles, part of the noise generated is tunneling ("true random" if Quantum Theory is exact, which it most likely is not) and part is thermal (good enough for even hardcore cryptography). Hence this "story" is a mixture of lies and things that are irrelevant.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:TRNGs are common... by gweihir · · Score: 1

      A bias is not an indicator for things not being truly random. A bias is just a bias and, unless you use a cryptographic whitener for post-processing, you always have some detectable bias in output from physical processes.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re:TRNGs are common... by david_thornley · · Score: 1

      "Statistically random" means that numbers are not evenly distributed. A series that has too few long sequences of one bit will be rejected by good randomness tests. This doesn't mean we can't have a run that has unusually few long sequences of one bit, given that the statistical analysis needs to have very large amounts of data.

      Let's analyze your last sentence. If we take a number of methods with the goal of being X, if we reject the ones that aren't X, we get methods that aren't X. I don't get it.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    7. Re: TRNGs are common... by swillden · · Score: 1

      This is true. True random numbers will include short patterns, unpredictably.

      Uniformly-distributed numbers will include short patterns, unpredictably. Random numbers can be characterized as conforming to a well-defined distribution (in fact, we almost always demand that the distribution be uniform) which in no way makes them less random.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    8. Re:TRNGs are common... by sexconker · · Score: 1

      A bias is not an indicator for things not being truly random.

      Yes, it is. Absolutely. If you reject something as non-random because it doesn't pass your statistical test despite there being a non-zero chance of a true random generator giving you that result, you're an idiot.

      If you want pseudo random numbers, talk about that. When talking about randomness, you don't get to pick and choose your results, or reject sources based on the results. You only get to reject sources based on CAUSE. Random means without CAUSE.

    9. Re:TRNGs are common... by sexconker · · Score: 1

      "Statistically random" means that numbers are not evenly distributed.

      Wrong. Absolutely 100% incorrect.

      Every statistical test for randomness looks for uniform distribution across the range of possible values. If RAND(0,1) favors numbers A series that has too few long sequences of one bit will be rejected by good randomness tests.

      "Long" is relative to the sample size. If you encounter a "long" sequence, most tests reject the generator. What your threshold is depends on what you're doing.

    10. Re: TRNGs are common... by swillden · · Score: 1

      Random means without cause. That's it. It doesn't mean anything with regards to distribution, homogeneity, uniformity, etc.

      Per your definition, does randomness actually exist? Can you point to some process you consider to be random?

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    11. Re:TRNGs are common... by david_thornley · · Score: 1

      Every statistical test for randomness ensures that numbers are uniform to within maybe two standard deviations. If the numbers are too evenly distributed, that suggests they aren't really random. If you generate 1000 random numbers from 1 to 10, and each number occurs 99, 100, or 101 times, that very strongly suggests the generator isn't random. If two numbers occur under 60 times and two others over 140 times, that would also be strong evidence it wasn't random (if I remember the formulas correctly, standard deviation should be under 10).

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    12. Re: TRNGs are common... by swillden · · Score: 1

      Since days have passed and you've posted many other comments without answering my questions. So I'll go ahead and comment on why I asked them. Here were my questions:

      Per your definition, does randomness actually exist? Can you point to some process you consider to be random?

      If you believe randomness exists in some useful sense, you should be able to point to an example of something that is random. But, any example you choose will conform to some statistical distribution, which I could point out, which would mean that it is not an example that fits your definition. This will inevitably lead to the conclusion that according to your definition nothing is random. Which doesn't make your definition wrong, per se, but it does make it useless.

      A useful definition of randomness is that random events are unpredictable. This allows the possibility that random events can be unpredictable while still conforming to some statistical distribution. (Actually, it's really not clear to me that "causeless" events can't have statistical distributions, but I don't really know what "causeless" events are.)

      It's worth pointing out as well, that conforming to a particular distribution -- the uniform distribution -- is actually necessary (though certainly not sufficient) to maximize unpredictability. If you have a random event that conforms to a non-uniform distribution, then although the event is technically unpredictable in the sense that you can't guarantee that your prediction will be right, you can make predictions that are more likely to be right than other predictions. Uniformity prevents that. It ensures that every prediction is equally likely to be right or wrong.

      I find your insistence on this odd point rather surprising. I wonder if maybe you've confused things, and believe that I'm arguing that randomness can be tested through statistical analysis. To be clear, it cannot. Randomness and statistical distribution are separate properties of an event. Statistical tests of random number generators are important and useful, but only because they allow us to test the possibility that the output is non-uniform; they say nothing about its randomness. Note also that statistical tests can never prove uniformity of distribution, only disprove it. However, if we apply many different statistical tests and none of them manage to disprove uniformity then we have pretty good reason to assume that it's unlikely to be non-uniform enough to have exploitable biases. This is the purpose of test suites like diehard.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  10. Quantum Random Numbers by Anonymous Coward · · Score: 1

    Observe time between a decay and the next one. Do this twice. Next bit is comparison between the two times. This method is as old as quantum mechanics itself.

    1. Re:Quantum Random Numbers by david_thornley · · Score: 1

      If we're talking about radioactive decay, we'll find that, statistically, intervals between decay get larger over time. This isn't completely unbiased. There is a way to make biased random bits unbiased, if you don't mind slower generation (a minimum of eight times slower, assuming an unbiased source). Divide the stream into pairs. Throw away all "11" and "00". Take "01" to be 0 and "10" to be 1.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  11. What's a provably random number? by Threni · · Score: 1

    Is 1 less random than 29840972.58792384 ?

    Perhaps they mean "randomly generate numbers"?

    1. Re:What's a provably random number? by mrclevesque · · Score: 1

      "What's a provably random number? "

      Perhaps they mean they can generate a number they can prove is more random than the best attempts of others.

      From the article:

      "The researchers call this proximity to fifty-fifty perfection "uniformity." From the more than 100 million bits generated, the researchers found 1,024 certified to be uniform to a trillionth of a percent. "A perfect coin toss would be uniform, and we made 1,024 bits almost perfectly uniform, each extremely close to equally likely to be 0 or 1," Bierhorst explains."

      I think you can increase the randomness of a 'random number' generator, but it's not possible to produce a purely random number.

    2. Re:What's a provably random number? by TechyImmigrant · · Score: 1

      Is 1 less random than 29840972.58792384 ?

      Perhaps they mean "randomly generate numbers"?

      Not any more.

      I can predict them both because you told me their values. Entropy is in the eye of the beholder.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    3. Re:What's a provably random number? by gweihir · · Score: 1

      No. They are the same. "Randomness" is not a property of data. It is a property of a data-source, just as you say. But since they do not even know that quantum process based RNGs have been around for very long and are cheap to do in addition, anything said by them is likely nonsense.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:What's a provably random number? by gweihir · · Score: 1

      It is in fact trivial that any given set of numbers is not random. You can only say that a source of data produces data that is not predictable before it has produced the data. That property does not transfer to the data produced once it has been produced. All you have there is that it is not possible to infer the data from an accurate description of the source that produced it. But that is quite enough. In fact, for all relevant applications you do not even need "random". "Not predictable" is quite enough and "random" is actually a non-concept in Mathematics and Cryptography and just used as a convenient shorthand.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:What's a provably random number? by gweihir · · Score: 1

      Maybe. In that case they have no clue what they are talking about, though. Bias is not a factor (unless total) in whether something is random or not. In actual reality, just use an entropy pool, a cryptographic whitener and put in 1000 bits or so of entropy you are good. This "discovery" is irrelevant nonsense.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  12. Re:Raally? by jaymemaurice · · Score: 2

    Ted Stevens, is that you??

    --
    120 characters ought to be enough for anyone
  13. Lava lamps as entropy source by sinij · · Score: 2

    Nice, I can finally upgrade my lava lamp entropy source to a quantum source that uses laser light on a crystal. Why? Because /dev/urandom is for peasants.

    1. Re:Lava lamps as entropy source by TechyImmigrant · · Score: 1

      Nice, I can finally upgrade my lava lamp entropy source to a quantum source that uses laser light on a crystal. Why? Because /dev/urandom is for peasants.

      And quickrdrand is for kings and queens.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  14. Wouldn't it be ironic if... by ytene · · Score: 1

    all the Three Letter Agencies around the world decided to scramble resources to determine if they could identify any form of structure underlying the quantum nature of the universe being leveraged to support this [P]RNG technique - and in so doing discovered a layer of structure or order that underpins the quantum realm.

    Let's face it, when you consider the budgets these TLAs get to play with, they must be orders of magnitude more than theoretical physicists and mathematicians - and we already know that the NSA has more PhD mathematicians than anywhere else... They might actually manage a much better crack at it than the physics labs...

    1. Re:Wouldn't it be ironic if... by UnknownSoldier · · Score: 1

      The bogeyman / bullshit justification of fighting inanimate object such as the War on Terrorism (TM) is more profitable though. /cynical

    2. Re:Wouldn't it be ironic if... by Jeremi · · Score: 1

      Let's face it, when you consider the budgets these TLAs get to play with, they must be orders of magnitude more than theoretical physicists and mathematicians - and we already know that the NSA has more PhD mathematicians than anywhere else...

      On the other hand, one thing a lot of brilliant people really want to do is become famous for answering a question or solving a problem that nobody else could -- a situation that is unlikely to happen for anyone who is working under triple-dog-secret-no-disclosure-ever-and-we-mean-it-or-else conditions at the NSA.

      Any reasonably brilliant person can find a way make plenty of money, if making money is what motivates them. But the desire for money is not usually what drives brilliant people; OTOH figuring out e.g. quantum mechanics and then being permanently forbidden from ever telling anyone about their discovery would be a special kind of hell for them.

      Given that, I wonder what percentage of the "best and brightest" actually end up working at secret TLAs; I suspect it might be less than you think.

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
  15. There's already an app for that by JoeyRox · · Score: 1

    physicsworld: How to make a quantum random-number generator from a mobile phone

  16. Very Different from Maths Proof by Roger+W+Moore · · Score: 4, Insightful

    However, this is really no different than other mathematical proofs.

    No, it is very different from a mathematical proof. This proof relies on our understanding of quantum mechanics and photons. Mathematical proofs are far more fundamental in that they are true regardless of the properties of the universe you happen to be in at the time. That being said QM is one of the most accurately tested scientific laws there has ever been but, nevertheless, if an experiment tomorrow shows that it is wrong this "proof" might come crashing down.

    1. Re: Very Different from Maths Proof by javaman235 · · Score: 2

      Is this actually new? My understanding was that 'hidden variables' were ruled out, so randomness is required, as any theory that predicted outcomes would be tantamount to hidden variables. So we already have quantum randomness generators:
      https://qrng.anu.edu.au/

      --
      -The art of programming is the pursuit of absolute simplicity.
    2. Re: Very Different from Maths Proof by HiThere · · Score: 1

      No, only local hidden variables were ruled out. But non-local hidden variables are so weird that almost nobody believes in them. (They've got to be non-local in time as well as in space.)

      I've got to admit I don't understand what that means. Ask David Bohm, though you'll need a medium. Or you could try to read his book "Wholeness and the Implicate Order". Good luck.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    3. Re:Very Different from Maths Proof by swillden · · Score: 3, Interesting

      Mathematical proofs are far more fundamental in that they are true regardless of the properties of the universe you happen to be in at the time.

      This is deeply wrong.

      Mathematical proofs are true if and only if the assumptions (axioms) on which they're based are true. When you apply mathematics to real things, you're making a critical unproven and unprovable assumption: That the mathematical structure maps perfectly onto the real-world structure. That this works quite well isn't surprising, because we work hard to craft mathematical structures that map as closely as we can, and because the universe appears to have consistent structure. That said, the fact that it has always worked well in no way proves that the mapping will always hold, and it says nothing about the "truth" of reality other than we observe that it consistently appears to behave according to a certain pattern.

      The map is not the terrain. And when you posit a universe with a different properties (different terrain!) then there is no reason to expect the map even to be useful.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    4. Re:Very Different from Maths Proof by Roger+W+Moore · · Score: 1

      This is deeply wrong.

      No, it's correct and indeed you say as much in your reply! As you say maths is based on certain axioms which are held to be true and as long as you hold those axioms to be true mathematical proofs based on them are absolute. Whether those proofs are useful for describing the real world is a different question.

      In this way maths is not a map to the real world it is a language we can use to describe it. A map is always required to describe accurately the world it is associated with but with a language we can describe completely abstract things or things which do not, and never have, existed. This is what makes maths so powerful - we can use it to postulate new physical laws and predict what we would observe if that law existed. The mathematical proof of what we would observe is correct (barring any errors in calculation!) regardless of whether the universe exhibits that law. Hence, mathematical proofs are more fundamental. The mathematical proof of what we would observe if a particular model of Supersymmetry exists is true even if, when we went and looked for the predicted particles, we saw nothing. If that were not the case and maths was less fundamental than physics then a non-observation would have us rewriting maths to make physics agree with observation instead of just throwing out that model of Supersymmetry.

    5. Re:Very Different from Maths Proof by Roger+W+Moore · · Score: 1

      Doesn't everything use Quantum Mechanics?

      Actually no, gravity does not or at least nobody has yet been able to come up with a consistent picture of quantum gravity so far. Then there are the things that we know exist, like Dark Matter and Dark Energy, but have no clue about their nature. They are probably explainable within our existing framework of QM but until we know what they are we cannot be certain.

  17. Re:You've got it backwards. by Anonymous Coward · · Score: 1

    A truely random set of N numbers will accommodate every single possible combination of numbers in sequence. If a dice is being thrown, then at some point there should be a run of the same number regardless of how small the probability. Many RNG's won't be able to generate that because they permute bits so that different numbers are guaranteed to be generated each time.

  18. Re:Raally? by ewibble · · Score: 1

    governments suppressing their people, electric grid is very exposed to both humans hacking

    You know that requires random numbers right, large quantities that even if humans where good at generating random numbers they wouldn't be able to do fast enough.

    But humans are terrible at generating random numbers, say to someone pick a number and my guess is it will generally be between 1 and 10, and whole. Even then there I the distribution will not be even. https://www.education.com/scie...

  19. Simulation? by itamblyn · · Score: 1

    Can we use this result to prove that our reality is not a computer simulation (e.g. that we live in reality prime)?

    1. Re:Simulation? by gweihir · · Score: 1

      No. And if you have to ask, you have not understood the question you asked.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: Simulation? by itamblyn · · Score: 1

      Thanks for being so polite on the internet.

    3. Re: Simulation? by itamblyn · · Score: 1

      I guess what I meant is that when I write a simulation now, I know technically can't trust rand() to sample correctly. An accurate simulation of a random process, e.g. observation of superposition of eigenstates, requires that I have access to a stream of true random numbers from the outside world. If someone managed to do a true random experiment in this world, either we are in universe prime, or they tapped into /dev/random a level up (which is connected to a real random source).

    4. Re: Simulation? by gweihir · · Score: 1

      I am just stating a fact. Please read up on theories before you ask for obvious characteristics.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re: Simulation? by gweihir · · Score: 1

      Amplifying from that (and I realize I was rude, my apologies), the thing is it is not actually possible to determine you are or you are not in a simulation, unless some very specific conditions are met. First, and most important, a proof is only possible if the human mind is at least somewhat independent of the simulation. Otherwise, the simulation would (if at least somewhat intelligently designed) determine what is going on and simply modify the minds attempting to prove anything to make them fail. So, unless you have that independent (and that would in some sense mean "extra physical", as the simulation controls physics) mind, no such proof either way is possible, as the "is a simulation" cannot be ruled out. However, proving existence of that "extra physical" mind is basically impossible if we are in a simulation. Hence that angle does not work. That means that if we are in a simulation we have no chance of proofing anything reliably. However, if we are not in a simulation, we cannot trust any proof for exactly the same reason as we cannot distinguish the situation from being in a simulation.

      This "true randomness" makes no difference at all, as "true random" is actually a philosophical thing, not a mathematical or physical one. For Mathematics, we only have "not predictable before generation" and for Physics, we only have that with the additional qualifier of "...as far as we know", both with added statistical properties. Hence if we are in a simulation, all these numbers could come from a pre-existing list and we would never know. There simply is no test for that. There is no way to determine of a list of "random" values exists in two places at the same time when you only have one of the lists.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    6. Re: Simulation? by itamblyn · · Score: 1

      Fair enough, and thank you for the apology.

  20. Cloudflair by wgoodman · · Score: 1

    What about the giant wall of lava lamps that is used to generate random numbers..?

  21. Nonsense by gweihir · · Score: 1

    "We do not understand how it works" is not the same as "provable random numbers". Any proof here comes with "if quantum theory is exact". Now, it is known that Quantum Theory and Relativity are inconsistent, yet both are exceptionally well verified. It is therefore exceptionally likely that Quantum Theory is not an exact model of reality. Incidentally, it is not possible to prove that any specific bit of data is "random" either, Mathematics does not allow that and Physics even less so.

    Also, just use a standard, decades old Zener or reversed-PN noise generator and get a significant amount of quantum noise in there for $10 or so in total.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re: Nonsense by gweihir · · Score: 1

      There is no need for that.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: Nonsense by iggymanz · · Score: 1

      you won't

      (probably)

  22. The Problem with this is.. by neoRUR · · Score: 2

    That you won't know its random till you look at it.

  23. Re:You've got it backwards. by david_thornley · · Score: 1

    Bit permutation is from software pseudo-random-number generators. It's not possible to generate real random numbers with software. We're talking about hardware random number generators, and there are physical processes that are either random or chaotic to the point that it makes no difference.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  24. What's the difference? by david_thornley · · Score: 2

    Wikipedia has a list of available hardware random number generators from $7 on up. The ones that use direct quantum randomness seem to start at about a thousand euros, the cheaper ones using forms of noise. There isn't any way to predict atmospheric noise, since we're talking about a chaotic system that deals with interactions small enough that the uncertainty principle isn't completely swamped.

    --
    "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  25. Expensive and possibly biased by kiminator · · Score: 1

    True randomness is there for sure, but making it unbiased is another matter. Real systems interact with their environments, and those environments can change the results in subtle ways. Small imperfections in the apparatus can create correlations between the photons, for example (simple example: magnetic fields cause photon polarizations to rotate). And correlations between random values are really nasty for random number generation. I'd be really reluctant to trust the output of such a random number generator directly.

    Still, if this is used as a seed to a cryptographically-secure pseudo-random number generator, then it's probably fine. Expensive, though.

  26. Re:You've got it backwards. by sexconker · · Score: 1

    You can't know that.
    Random means without cause, not with a uniform result.

    7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7 could be random for all you know.
    Rejecting it as non random based on it being non-uniformly distributed is inherently wrong and counter to the concept of selecting random numbers.

    If you want PSEUDO random numbers (homogenous, uniform numbers), then ask for that.
    If you want RANDOM numbers you take what you get.

  27. NIST scientist explains by Scott+Glancy · · Score: 1

    I am a physicist who worked on this project at NIST, so I am sorry to be late to this conversation. A lot of the comments here express doubt or uncertainty about what is new or different in our quantum random number generator compared to others like thermal-electronic noise, lava lamps, random.org, and others. This a great question, because the news article linked at the top of the thread does not explain this well. Maybe I can help.

    The key idea is that our randomness is "device independent", meaning that the justification for the unpredictability of its output does not rely on characterization of the devices. Instead it is based on the observable data and a few other surprisingly weak assumptions.

    One mode of operation for our random number source is to transform a public randomness into private randomness. At the center of our experiment is a "Bell Test", also known as a "test of local realism". During the Bell Test each member of a pair of entangled photons is sent to a measurement station. At the two stations, a choice is made for a measurement to perform on its photon. We assume that those choices are independent of all other aspects of the experiment, and they are unpredictable by any adversary. They could be provided by a public random source, such as the NIST Randomness Beacon. The two measurement events are space-like separated, so the measurement choice at one station cannot be communicated to the other station (unless it can travel faster than light, which we assume is impossible). We then do a statistical analysis of the choices and the photon detection events. The statistical analysis proves that the photon detections could not have been generated by "hidden variables". Instead the detections are genuinely unpredictable and random. It is important to understand that the statistical analysis is done using only the record of choices and detections. To justify the fact that the measurement stations cannot communicate we also need to know the distance separating them and the times of the measurements. The record of photon detections is now our private random string.

    No detailed knowledge of the photon source, detectors, or other devices is needed. In fact these devices might have been built by an adversary who wants to predict or learn our private randomness. We assume that the adversary has no advance knowledge of the public random source used for the measurement choices. We also assume that once the devices are in our laboratory, the adversary cannot communicate with them and maintains no quantum entanglement with them. Lastly, we assume that the classical computers used to process data are reliable and secure. Although we use quantum physics to create the entangled photons, the proof of randomness does not assume that quantum physics is true. The data analysis itself proves that no classical source (such as an adversary's look-up table secretly implanted in our devices) could have produced the observed data.

    The next generation of this experiment will be able to perform private randomness expansion, in which a short private string is used to make measurement choices, and a longer private random string is generated by the Bell Test. We are also working to provide security even if the experimental devices maintain quantum entanglement with an adversary once they are secured in our laboratory.

    I am happy to answer other questions about this work, if anyone is interested.

  28. No such thing... by martinfb · · Score: 1

    There is no such thing as a truly random number.

    ALL outcomes of any algorithm will be reliant of the state of the constituent components;
    actual states and those relative to their environment and (neighbors).

    If you can duplicate those exact states and circumstances, you will get the same number.

    --


    Self-importance and self-indulgence is the root of ALL evil.