Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Physicists Turn 8MP Smartphone Camera Into a Quantum Random Number Generator

Soulskill posted about 3 months ago | from the more-than-one-way-to-skin-schrodinger's-cat dept.

Encryption 104

KentuckyFC writes: "Random numbers are the lifeblood of many cryptographic systems and demand for them will only increase in the coming years as techniques such as quantum cryptography become mainstream. But generating genuinely random numbers is a tricky business, not least because it cannot be done with a deterministic process such as a computer program. Now physicists have worked out how to use a smartphone camera to generate random numbers using quantum uncertainties. The approach is based on the fact that the emission of a photon is a quantum process that is always random. So in a given unit of time, a light emitter will produce a number of photons that varies by a random amount. Counting the number of photons gives a straightforward way of generating random numbers. The team points out that the pixels in smartphone cameras are now so sensitive that they can pick up this kind of quantum variation. And since a camera has many pixels working in parallel, a single image can generate large quantities of random digits. The team demonstrates the technique in a proof-of principle experiment using the 8-megapixel camera on a Nokia N9 smartphone while taking images of a green LED. The result is a quantum random number generator capable of producing digits at the rate of 1 megabit per second. That's more than enough for most applications and raises the prospect of credit card transactions and encrypted voice calls from an ordinary smartphone that are secured by the laws of quantum physics."

cancel ×

104 comments

Sorry! There are no comments related to the filter you selected.

Oldest news ever (3, Insightful)

Anonymous Coward | about 3 months ago | (#46961787)

This was done many years ago with a webcam as the LavaRand/LavaRnd project (which copied the Lavalamp PRNG).

This story is a dup (5, Interesting)

TFlan91 (2615727) | about 3 months ago | (#46961845)

Because he failed to give any links...

http://www.lavarnd.org/ [lavarnd.org] - Was the site linked in story below, but is now dead

Sourceforge: http://sourceforge.net/project... [sourceforge.net]

http://slashdot.org/story/03/0... [slashdot.org]

Re:This story is a dup (4, Informative)

timeOday (582209) | about 3 months ago | (#46962219)

I am not so sure the randomness from that project actually came from the quantum properties of the photons themselves. A saturated CCD may be a chaotic physical process, but (I think) the dynamics of that chaotic process are properties of that CCD, not directly from the actions of individual photons which are known to be "quantum" and truly random.

Re:This story is a dup (2)

timeOday (582209) | about 3 months ago | (#46962263)

By way of analogy, rolling dice is a chaotic physical process that does not rely on quantum randomness. Given the starting conditions of a dice roll, the outcome is predictable, at least in theory.

Re: This story is a dup (0)

Anonymous Coward | about 3 months ago | (#46962871)

So you're sure there are processes which are completely deterministic? If it relied on the interaction of light and matter, then the same random component being used in the current article is still applicable (well, their description of it, anyway).

Re: This story is a dup (2)

timeOday (582209) | about 3 months ago | (#46962969)

So you're sure there are processes which are completely deterministic? If it relied on the interaction of light and matter, then the same random component being used in the current article is still applicable

I would guess there are incredibly small regions of instability in many chaotic processes that can be tipped either way by quantum randomness, but that does not make them useful as sources of randomness. What you want is to prove the outcome of your system is nothing BUT quantum randomness, and thus unbiased. I don't think the 'prior art' cited above proved that it met that standard. This paper claims to have done so within quantifiable bounds:

But Sanguinetti and co calculate that their numbers are pretty close to random. They say that the process would have to be repeated 10^118 times before any deviation from randomness might be observed. "If everybody on earth used such a device constantly at 1Gbps, it would take 10^80 times the age of the universe for one to notice a deviation from a perfectly random bit string," they say.

Re: This story is a dup (1)

KramberryKoncerto (2552046) | about 3 months ago | (#46966355)

I don't think counting photons is going to be unbiased either. Randomness is different from unbiasedness. There must be a distribution, with some more values more likely than others. Unbiased-ness is however not necessary. You can use an unbiased coin to simulate a biased coin, and vice versa, and any continuous distribution can be turned into a coin flip. If you want a more efficient `unbiased randomness translator', there's research on stuff called randomness extractors, which aim to generate as many approximately-unbiased random bits as possible from a random source.

Re:This story is a dup (0)

Anonymous Coward | about 3 months ago | (#46963217)

The randomness is from shot noise. Which, eventually, results from quantum processes. I suppose you might not characterize the noise as inherently quantum except for the fact that light is quantized into photons. Separating "quantum" from "non-quantum" is kind of a useless exercise in this case.

But one thing is certainly true: the randomness does NOT arise from "chaotic processes."

Re:This story is a dup (1)

Anonymous Coward | about 3 months ago | (#46963717)

From TFA:

In practice, the first step is to characterise the light sensitivity of the camera by shining a green LED at it. That allows the team to work out the number of photons that saturate a pixel and ensure this does not happen while the random numbers are being generated (otherwise the results are no longer random).

Re:This story is a dup (1)

Anonymous Coward | about 3 months ago | (#46964723)

When we were developing lavarand, we found that closing the shutter on the Indycam gave us a similar statistical amount of randomness as taking a picture of a chaotic system (the lamps). So yes, I can say been there, done that, got the patent.

Re:This story is a dup (1)

Anonymous Coward | about 3 months ago | (#46965267)

Isn't that thermal noise instead of quantum noise from a photon?

Re:This story is a dup (0)

Anonymous Coward | about 3 months ago | (#46966243)

Closed shutter = no photons = no quantum randomness. You were basically measuring electrical noise. If it gave you a similar level of randomness as with the open shutter, that means that even with the shutter open you had no quantum randomness. Still, it was an excellent project at the time :-)

Re:Oldest news ever (1)

Anonymous Coward | about 3 months ago | (#46962021)

That's a completely different method. There the source of randomness is thermodynamic entropy. Even though a lava lamp seems so small, the degree of complexity is still more than can be perfectly simulated (bit for bit) by even the fastest computer imaginable. (Remember, the lava lamp isn't a closed system.) What's interesting about thermodynamic entropy is that even _if_ you could measure all the input variables, you still couldn't _predict_ all the output variables any faster than the system itself evolves. Which makes it unpredictable by definition.

With the smartphone camera the source of alleged randomness is quantum entropy. This is an entirely different beast. Some neophytes don't want to believe that quantum randomness exists. But even if you don't believe in quantum randomness--and instead believe there are hidden variables--as I mentioned before it doesn't then follow that randomness (aka unpredictability) doesn't exist at all.

Re:Oldest news ever (0)

Anonymous Coward | about 3 months ago | (#46966311)

This was done many years ago with a webcam as the LavaRand/LavaRnd project (which copied the Lavalamp PRNG).

Does not work the same way. When using the lava lamp we look at the process of lumps going around and generate random data in a very slow pace. Like tossing a coin.

Seed (1)

ldbapp (1316555) | about 3 months ago | (#46961795)

What's the universe's seed?

Re:Seed (4, Insightful)

Anonymous Coward | about 3 months ago | (#46961833)

42

Re:Seed (0)

Anonymous Coward | about 3 months ago | (#46961921)

May as well be, since AFAIK, it only gets run once.

Re:Seed (0)

K. S. Kyosuke (729550) | about 3 months ago | (#46962177)

In the 24th century, it will be adjusted to 47 to account for inflation.

Re:Seed (-1)

Anonymous Coward | about 3 months ago | (#46962213)

K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Correct. Saw post parent to your link (-1)

Anonymous Coward | about 3 months ago | (#46962221)

K.S. Kyosucky = illogical ad hominem attack offtopic troll that ran when challenged like a blowhard chickenshit!

K,S, Kyosuke = "Run, Forrest: RUN!" (-1)

Anonymous Coward | about 3 months ago | (#46962347)

K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Indeed. I saw post parent to your link (-1)

Anonymous Coward | about 3 months ago | (#46962383)

He's using sockpuppet minusmods to hide this. We know K.S. Kyosucky = blowhard chickenshit troll.

K,S, Kyosuke = "Run, Forrest: RUN!" (-1)

Anonymous Coward | about 3 months ago | (#46962477)

K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Indeed: Saw post parent to your link (-1)

Anonymous Coward | about 3 months ago | (#46962493)

K.S. Kyosucky tossed names + ran. He's trying to minusmod hide this using sockpuppets too obviously.

All those minusmods under your post? (-1)

Anonymous Coward | about 3 months ago | (#46962525)

How many sockpuppets do you have for that K.S. Kyosucky? Nobody'd defend an illogical troll like you so answer.

Re:Seed (-1)

Anonymous Coward | about 3 months ago | (#46962553)

Google + Bing are gonna love K.S. Kyosuke shown for what he is: An illogical off topic sockpuppet using troll tossing names and running like the blowhard coward he is. He'll run out of sock puppet fake accounts to downmod you with and the search engines will finish the job.

Re:Seed (-1)

Anonymous Coward | about 3 months ago | (#46962657)

Hahaha. K.S.' 2 week post history show that. He's cooked for being a chickenshit blowhard. Nobody has enough modpoints to downmod those 100's of posts pointing out what you have.

Re:Seed (-1)

Anonymous Coward | about 3 months ago | (#46963419)

Google + Bing are gonna love K.S. Kyosuke shown for what he is: An illogical off topic sockpuppet using troll tossing names and running like the blowhard coward he is. He'll run out of sock puppet fake accounts to downmod you with and the search engines will finish the job! Perfect. He's downmodding like hell but he'll run dry of those, sockpuppets or not, soon enough.

K. S. Kyosuke gets called out (-1)

Anonymous Coward | about 3 months ago | (#46964333)

He tossed names & then ran from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

K. S. Kyosuke = "Run, Forrest: RUN!" (0)

Anonymous Coward | about 3 months ago | (#46967401)

From a fair challenge like a chickenshit blowhard http://slashdot.org/comments.p... [slashdot.org]

K. S. Kyosuke gets called out & ran (0)

Anonymous Coward | about 3 months ago | (#46967411)

From a fair challenge like a chickenshit blowhard http://slashdot.org/comments.p... [slashdot.org]

Always? (1, Interesting)

peon_a-z,A-Z,0-9$_+! (2743031) | about 3 months ago | (#46961835)

The approach is based on the fact that the emission of a photon is a quantum process that is always random.

Macroscopically it sure seems random, but the underlying quantum physics show that it is still a deterministic process. Just because we don't have the right instruments to easily observe it doesn't make it have magic properties.

Re:Always? (2, Informative)

Anonymous Coward | about 3 months ago | (#46961915)

You've got that a bit backwards. The underlying quantum physics concludes that everything is a random possibility in a range of probabilities, but that in a macroscopic scale the random fluctuations usually cancel out and the net result generally behaves as a deterministic process.

As related to this, if you power up a LED just enough for it to emit a single photon, you are pretty sure roughly what direction it went, but the exact path is unknown until it interacts with something. However if you juice up that LED to full power, you know that (aside from a few oddities every couple of years) every photon is travelling in the same illumination cone and the entire cone can be reliably modeled.

Re:Always? (2)

peon_a-z,A-Z,0-9$_+! (2743031) | about 3 months ago | (#46962251)

Assuming your post is derived from the following Wikipedia excerpt:

...a system moves to higher energies or—equivalently—larger quantum numbers, i.e. whereas a single particle exhibits a degree of randomness, in systems incorporating millions of particles averaging takes over and, at the high energy limit, the statistical probability of random behaviour approaches zero. In other words, classical mechanics is simply a quantum mechanics of large systems.

http://en.wikipedia.org/wiki/Q... [wikipedia.org]

Then you have interpreted it a bit incorrectly. Everything is not random, everything exhibits a degree of randomness. Just because we can't properly measure the deterministic nature of it, doesn't make it inherently random.

It looks random to us, but if there were no limit to our measuring capability we would know that it is indeed not random.

Kind of like the Earth Is Flat type argument of modern times.

Re:Always? (2)

invid (163714) | about 3 months ago | (#46962387)

I guess you're not a fan of the Copenhagen interpretation. From Wikipedia:

The Copenhagen interpretation - due largely to the Danish theoretical physicist Niels Bohr - remains the quantum mechanical formalism that is currently most widely accepted amongst physicists, some 75 years after its enunciation. According to this interpretation, the probabilistic nature of quantum mechanics is not a temporary feature which will eventually be replaced by a deterministic theory, but instead must be considered a final renunciation of the classical idea of "causality".

Re:Always? (1)

peon_a-z,A-Z,0-9$_+! (2743031) | about 3 months ago | (#46962429)

No I'm not, along with Einstein, Feynman, and many others.

A lot has happened since 1927 in quantum mechanics.

Re:Always? (1)

invid (163714) | about 3 months ago | (#46962581)

Personally I like the idea that the underlying reality of the universe is random. I find the idea that the universe is a deterministic clockwork to be depressing. Of course, the universe is going to be whatever it is no matter what I think. Unless, of course, I'm the one who collapses the wave function.

Re:Always? (1)

peon_a-z,A-Z,0-9$_+! (2743031) | about 3 months ago | (#46962629)

Haha you have a good point there. Hopefully we as a species can find some non-depressing realities through the results over our lifetimes. Hopefully...

You collapsing the wave function doesn't look like the likely way we'll all end, given the current state of affairs :/

Re:Always? (0)

Anonymous Coward | about 3 months ago | (#46963073)

And then there is the problem of whether there really is a wave function, or just that the math models agree with the perception of a wave function, in which, as was said above, the parameters are actually deterministic at some level that we aren't yet able to determine....

Wave functions are a great way to model the probabilities, but ultimately they might just be modeling the output, not the mechanism.

another option - not everything is classic physics (1)

raymorris (2726007) | about 3 months ago | (#46964737)

> Personally I like the idea that the underlying reality of the universe is random. I find the idea that the universe is a deterministic clockwork to be depressing.

There is a third option. A butcher from 2,000 years ago could explain that bodies are mechanical systems, with ball joints, plumbing, etc. Later, psychology developed and we began to study what makes humans tick at a different level. The mechanical level if bones and blood vessels is important, of course. To understand people, you have to also look at another level, the psychological level. Mind and body, two different parts of who we are. 2,000 years ago, a guy who built things talked about a third level of humaness, what some people call the spirit. Mind, body, spirit. We don't know much about this "spirit" level yet, but there is a wealth of evidence that SOMETHING is going on, something we can't yet explain well. It's possible that the body is deterministic clockwork, while the spirit may be governed by entirely different rules. In some ways, it seems that spiritual laws like "honesty is the best policy" (the best general rule) are just as true as physical laws like "what goes up must come down". There might be a reason for that, and it might not be because of particle physics.

Re:Always? (0)

Anonymous Coward | about 3 months ago | (#46962977)

It looks random to us, but if there were no limit to our measuring capability we would know that it is indeed not random.

If the impossible existed, then anything is real. Saying "if there were no limit to our measuring capability" assumes we're in a world that doesn't work like the one we inhabit.

Re:Always? (1)

Entropius (188861) | about 3 months ago | (#46961919)

Let's say you are detecting light from a fluorescent lamp. It has some mercury atoms in it which are excited by an electric current, and their de-excitation causes the emission of a visible light photon.

You can compute the transition amplitude and figure out how long, on average, it will take to spit out a photon. (You do this by applying time-dependent perturbation theory coupling the two quantum states with a dipole-transition electric field, to first order.) But you can't predict exactly when the photon will come out, only the probability that it will in a certain time interval.

Re:Always? (1, Insightful)

Bob_Who (926234) | about 3 months ago | (#46962043)

The approach is based on the fact that the emission of a photon is a quantum process that is always random.

Macroscopically it sure seems random, but the underlying quantum physics show that it is still a deterministic process. Just because we don't have the right instruments to easily observe it doesn't make it have magic properties.

I agree, the song remains the same. Its not random. Its just very, very uncertain. Same as it ever was....

Re:Always? (1)

dgatwood (11270) | about 3 months ago | (#46962081)

Not necessarily even all that uncertain. I could see somebody with sufficient resources attacking this by fluctuating the building power or using focused EMP tricks to reduce entropy, thus weakening the resulting crypto.

Re:Always? (0)

Anonymous Coward | about 3 months ago | (#46962857)

Holy shit are you serious?

I feel *very* obligated to post this...
http://xkcd.com/538/ [xkcd.com]

Re:Always? (1)

jfengel (409917) | about 3 months ago | (#46962497)

Well, yes and no. Quantum-mechanically it IS deterministic in the sense that any given quantum state will evolve in a perfectly defined way. There isn't any "random number" in the Schroedinger equation (or its relativistic descendants).

It's really the macro-scale stuff that introduces the randomness. At the quantum scale, things exist perfectly happily in a superposition of two states that we never observe at large scales. The more objects you put together, the harder it is to maintain the superposition, and by the time you get to even microscopic objects it will take one state or the other, but not both. Once it tips slightly in one direction, it cascades, and you end up with something that is entirely X or Y, not (X+Y).

The other half of the wave function is largely a matter of philosophy, not physics. In one sense it's "still there", off in some other utterly inaccessible universe. Or you can say that at some point where you weren't looking the other part just vanished. That's two ways of saying the same thing; the math is the same and the results are the same, regardless.

It's not a question of our inability to measure it. It's simply not there. No advances in physics will make it measurable, not without utterly throwing out everything we know and replacing it with something completely different. Which isn't impossible, but it's purely speculative: physics by "I wanna believe".

Why we end up in "this part" rather than "that part" is, similarly, just idle speculation. I've got my suspicions that if you could, in fact, discuss the wave function of the entire universe you'd say that it could only go one way when you put all of it together, but that's just navel-gazing. It doesn't really matter, since you'll never actually know the wave-function of the universe as a whole. You can only observe a few macro parts of it since you (by definition) are a macro organism, and the total underlying wave function will always be forever shaded from your eyes.

Re:Always? (0)

Anonymous Coward | about 3 months ago | (#46963085)

>The other half of the wave function is largely a matter of philosophy, not physics. In one sense it's "still there", off in some other utterly inaccessible universe. Or you can say that at some point where you weren't looking the other part just vanished.

Or if the wave function is just our limited perception of the real mechanism at work. I doubt it is as magical as it appears once you know what it going on under the covers.

You can never be sure... (4, Insightful)

tippe (1136385) | about 3 months ago | (#46961859)

Re:You can never be sure... (-1)

Anonymous Coward | about 3 months ago | (#46961971)

That troll bears an uncanny resemblance to Herman Cain!

Re:You can never be sure... (1)

TeknoHog (164938) | about 3 months ago | (#46962887)

corepirate nazis negotiate with ordinary citizens (-1)

Anonymous Coward | about 3 months ago | (#46961905)

the answer is no http://www.youtube.com/results?search_query=tear+gas+citizens+attacked where do they get all that ordinance to use on us?

Worth exactly what? (0)

gurps_npc (621217) | about 3 months ago | (#46961957)

To my knowledge, the limitations of pseudo random number generators are not the weak point in encryption.

To my mind, the most pressing problem are caused by Moore's law (and similar effects). Whatever encryption is worthwhile now, is worthless in 5 years.

Not to mention the human sized holes in encryption caused by human limitations.

Re:Worth exactly what? (1)

Anonymous Coward | about 3 months ago | (#46962017)

The human-sized holes get larger as the obesity rate increases. Poor encryption. =(

Re:Worth exactly what? (2)

jeffmeden (135043) | about 3 months ago | (#46962073)

To my knowledge, the limitations of pseudo random number generators are not the weak point in encryption.

To my mind, the most pressing problem are caused by Moore's law (and similar effects). Whatever encryption is worthwhile now, is worthless in 5 years.

Not to mention the human sized holes in encryption caused by human limitations.

Having a true random number stream is very valuable since one of the key weaknesses in PRNGs come when you gather enough output and can guess what random numbers the algo will use next. This compromises forward secrecy. If you can use a stream of constantly random numbers, one weakness is gone entirely leaving you more time to worry about other issues (like human weakness, processing bottlenecks, etc). Also, see the issue of a PRNG with a backdoor allowing perfect guessing of the pattern hence making the encryption useless (thanks to the NSA, no less).

  I can see how it will be awkward to carry a green LED around to wave in front of your smartphone to maintain the stream but more advancement may miniaturize that part to the point where it's barely noticable [/snark]

Re:Worth exactly what? (2, Insightful)

Anonymous Coward | about 3 months ago | (#46962089)

That is almost exactly wrong. Random number generators are a great place to subvert encryption systems, because if you can get a bad one implemented as a standard, there's not always a great way to prove that there's a backdoor in them. You can throw as much Moore's Law as you want at 2048 bit encryption, but it's still gonna take you more time than you have left until the heat death of the universe to crack my encrypted drive.

The math behind strong encryption is good, unless the NSA has something we don't know about, and it's unlikely they do because the Snowden docs reveal that they have spent quite a lot of money on doing things like poisoning random number generators. According to people like Bruce Schneier, the math works; it's things like key exchange, implementation, and getting people to use it that's the problem.

NSA Mods (1)

jtara (133429) | about 3 months ago | (#46962481)

Looks like we have some NSA mods here.

Every post suggesting that this won't work because the electronics will just be covertly re-designed are being modded down.

Re:Worth exactly what? (1)

DMUTPeregrine (612791) | about 3 months ago | (#46967139)

Moore's law doesn't help.

Take Bremermann's Limit. With all the computing power available on Earth right now, assuming it actually doubles every year (instead of simply new computers coming out every 18 months which have double the power) then it will still take more than a few thousand years to do the computation. If someone converts the entire earth into a computer operating at the limit, then simply using a 512-bit key with symmetric algorithms will effectively fix the issue, since the time to brute-force the keyspace (10^72 yrs) is longer than the expected lifetime of the universe.

The Landauer limit is somewhat stronger, but may not be correct. Let's assume we have a good cryptosystem that uses a 256-bit key, with no attack better than brute force. Let us also assume that the Landauer limit is correct (it very probably is) and there is a minimum energy to perform a computation. To break such a cipher with a 256-bit key takes a worst-case time of 2^256 with an average case of 2^255.

Let's assume we're running our cracking computer at the coldest temperature ever produced, 100pK. Then it would take 9.67x10-34 J per operation. Let's pretend we can try a key with only one operation, since in reality it will take a few more but we should be correct to an order of magnitude. It therefore takes 2256*9.57x10-34 J = 1.1081x1044 J to brute force the key space, or about 5.5x1043 J in the average case. The average type 1a supernova puts out about 1.5x1044 J. It's about as much energy as we could get by covering the entire earth (including the oceans) with solar panels and using it all... for 20,000,000,000,000,000,000 years. Even with exponential growth we won't hit the Landauer limit for thousands of years.

So having a better random stream and being more resistant to cryptanalysis is more important than being resistant to increased computing power. It's far easier to use a side-channel attack than to directly attack the crypto, and far easier to attack the crypto than to brute-force the key.

Flash-Memory based RNG (0)

Anonymous Coward | about 3 months ago | (#46962013)

Personally I found this an interesting read:
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6234403

Quantum RNG based on off-the-shelf flash memory. It's not very fast (up to 10kbit/s), but it's quite simple and since you have flash memory in close to every device, it's probably a lot cheaper to do than using optical sensors.

Re:Flash-Memory based RNG (1)

K. S. Kyosuke (729550) | about 3 months ago | (#46962093)

After doing some mild research, I concluded that the most practical solution for a home EE hobbyist is building a circuit to utilize the shot noise of a PN junction (e.g., in an avalanche diode or a Zener diode). But this Flash thingy looks interesting, too.

K.S. Kyosuke = "Run, Forrest: RUN!!!" (-1)

Anonymous Coward | about 3 months ago | (#46962169)

K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Re:K.S. Kyosuke = "Run, Forrest: RUN!!!" (-1)

Anonymous Coward | about 3 months ago | (#46962179)

Saw post parent to your link. You're right. K.S. Kyosucky = ad hominem illogical attack using troll that runs when challenged. He's just another trolling slashdot scumbag.

Re:K.S. Kyosuke = "Run, Forrest: RUN!!!" (0)

Anonymous Coward | about 3 months ago | (#46962891)

Called out for tossing names? What the fuck does that even mean you MORAN!

Re:K.S. Kyosuke = "Run, Forrest: RUN!!!" (-1)

Anonymous Coward | about 3 months ago | (#46963797)

What I read there is K.S. Kyosucky was challenged to disprove points on hosts and ran instead after tossing names. What a putz KS Kyosucky is.

Re:K.S. Kyosuke = "Run, Forrest: RUN!!!" (0)

Anonymous Coward | about 3 months ago | (#46964497)

What I read there is K.S. Kyosucky was challenged to disprove points on hosts and ran instead after tossing names. What a putz KS Kyosucky is!

K. S. Kyosuke = "Run, Forrest: RUN!" (0)

Anonymous Coward | about 3 months ago | (#46962617)

K. S. Kyosuke gets called out (for tossing names) & ran from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Saw post parent to your link (0)

Anonymous Coward | about 3 months ago | (#46962637)

K.S. Kyosucky = illogical ad hominem attack offtopic troll that ran when challenged like a blowhard chickenshit~

Google + Bing are gonna love K.S. Kyosuke (0)

Anonymous Coward | about 3 months ago | (#46962697)

Shown for what he is: An illogical offtopic sockpuppet using troll tossing names running like a blowhard chickenshit. He obviously has sockpuppets to minusmod your posts. He'll run out of them and his whole post history is loaded with these truths you showed No way to hide it from the search engines now. Good job.

Re:Flash-Memory based RNG (1)

niftymitch (1625721) | about 3 months ago | (#46962967)

Personally I found this an interesting read:
http://ieeexplore.ieee.org/xpl... [ieee.org]

Quantum RNG based on off-the-shelf flash memory. It's not very fast (up to 10kbit/s), but it's quite simple and since you have flash memory in close to every device, it's probably a lot cheaper to do than using optical sensors.

This is interesting but to get the bits from flash
you do not have them for other things.

A camera because of the size of the array and speed is interesting as a source
of entropy in a system. Also they are not alike so it is very hard to model
a camera and generate the same result.

Part of the news here is that the crypto folk are worried that a TLA got in
bed with a five letter company and biased the built in sparkling new RNG
instruction hardware and silicon magic in ways that they like.

Add some additional entropy and mix it in then the TLAs of the world
have a more difficult path.

This is not exactly LavaRand or aquarium bubbles but the very fast
part has value.

Why not just use noise from the various antennas? (2)

Garble Snarky (715674) | about 3 months ago | (#46962049)

Bluetooth, GPS, NFC. At the very least, the cell/wifi are listening anytime you're online anyway, and with the relatively large bandwidth there should be plenty of entropy in that noise. Right?

Re:Why not just use noise from the various antenna (1)

mlts (1038732) | about 3 months ago | (#46962083)

If it doesn't take too much expense, why not toss all those RNGs into the /dev/random (or more accurately /dev/urandom as that is the only device used in more recent Android versions) pool? Even if one of the sources ends up becoming periodic, there are enough "blended bits" that it won't make as much a difference.

Re:Why not just use noise from the various antenna (1)

ericloewe (2129490) | about 3 months ago | (#46962137)

That's what's typically done, from what I know.

All of the above (0)

Anonymous Coward | about 3 months ago | (#46962107)

radio noise + camera noise = randomer randomness!

Re:Why not just use noise from the various antenna (1)

Rashdot (845549) | about 3 months ago | (#46963701)

All of those can be manipulated, including the camera.

So it's a nice idea, but not guaranteed to be random.

Re:Why not just use noise from the various antenna (1)

fsterman (519061) | about 3 months ago | (#46965439)

I had the same thought, smartphones have plenty of physical hardware interfaces and can certainly make due. AFAIK, servers are the only place where we need a lot more entropy than a standard device and where (especially on virtual machines) there is a poverty of physical signals to mix in. Even here, however, you only need to ensure that the initial seed is random, hashing will take care of the rest. FWIW, Ubuntu 14 comes with a nifty random entropy seed protocol called pollinate.

I think the authors are just going out on an a limb to try and find some practical edge to the paper. Everyone's being pushed to do that now, it's a publicity stunt that (apparently) works.

Haven't addressed the main issue. (2)

jcochran (309950) | about 3 months ago | (#46962061)

If the article is correct and it's possible to generate a megabit/second random number stream, then that's very nice. But that stream is effectively worthless for all the applications they mentioned since the real problem is arranging for both parties to have access to the exact same random bit stream. That problem is the real one.

Re:Haven't addressed the main issue. (2)

K. S. Kyosuke (729550) | about 3 months ago | (#46962135)

You'd use this for session keys. Or, if you're into OTP, you'd transfer the bit stream in person (using something like NFC). (But I suspect that a much weaker point would be the penetrability and backdoorability of current horribly complex smartphone operating systems.)

K.S. Kyosuke = "Run, Forrest: RUN!!!" (-1)

Anonymous Coward | about 3 months ago | (#46962187)

K. S. Kyosuke: You've been called out (for tossing names) & you ran "forrest" from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Indeed. Saw post parent to your link. (-1)

Anonymous Coward | about 3 months ago | (#46962199)

K.S. Kyosucky = illogical ad hominem attack offtopic troll that ran when challenged like a blowhard chickenshit.

Re:Haven't addressed the main issue. (1)

jcochran (309950) | about 3 months ago | (#46962397)

Indeed, you could use it for the session key. But then again, the rate in which the random bits needs to be generated isn't anywhere near the 1 Mbit/sec rate. After all, how long does it take to generate 256 bits? As for OTP, getting the bits to the receiver is as mentioned earlier "The Real Problem". But contract that issue with the quote "And applications? Secure credit card transactions are only the beginning. A quantum random number generator that works at 1 Mbps can also secure emails and even phone calls." from the fine article. That quote certainly implies that we're talking about a megabit per second of information being encoded and securely transmitted. Which once again leaves the question "How are the random bits sent to the other party?" Heck, even if you use that method solely for the generation of session keys, that session key needs to be securely transmitted. Usually via public key encryption. Which in turn becomes the limiting factor in the overall security.

So what's the use of a 1mbit/sec random number generator again?

Re:Haven't addressed the main issue. (1)

InvalidError (771317) | about 3 months ago | (#46962991)

In cryptography, RNGs are typically used to seed PRNGs.

You do not send the random bits: you encrypt and transmit the PRNG seed along with whatever other parameters might be necessary to synchronize both ends then use the PRNG to generate your nonces and the nonces are used to generate your OTP blocks.

K.S. Kyosuke = "Run, Forrest: RUN!" (-1)

Anonymous Coward | about 3 months ago | (#46962579)

K. S. Kyosuke gets called out (for tossing names) & ran from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Saw parent post to your link: Agreed. (0)

Anonymous Coward | about 3 months ago | (#46962603)

K.S. Kyosucky = illogical ad hominem attack offtopic troll that ran when challenged like a blowhard chickenshit...

Google + Bing are gonna love K.S. Kyosuke (-1)

Anonymous Coward | about 3 months ago | (#46962687)

Shown for what he is: An illogical off topic sockpuppet using troll tossing names running like a blowhard chickenshit. He obviously has sockpuppets to minusmod your posts. His whole post history is loaded with them. No way to hide it from the search engines now. Good job.

Re:Haven't addressed the main issue. (0)

Anonymous Coward | about 3 months ago | (#46962893)

I think you could use these random numbers to make public/private key pairs.

Google + Bing are gonna love K.S. Kyosuke (0)

Anonymous Coward | about 3 months ago | (#46964301)

Shown for what he is: An illogical off topic sockpuppet using troll tossing names running like a blowhard chickenshit. He obviously has sockpuppets to minusmod your posts. His whole post history is loaded with them. No way to hide it from the search engines now. Good job!

K. S. Kyosuke gets called out & ran (0)

Anonymous Coward | about 3 months ago | (#46964337)

He tossed names & then ran from a fair challenge http://slashdot.org/comments.p... [slashdot.org]

Saw post parent to your link: Agreed (0)

Anonymous Coward | about 3 months ago | (#46964491)

K.S. Kyosucky = illogical ad hominem attack offtopic troll that ran when challenged like a blowhard chickenshit!!!

Google + Bing are gonna love K.S. Kyosuke (0)

Anonymous Coward | about 3 months ago | (#46964469)

Shown for what he is: An illogical off topic sockpuppet using troll tossing names running like a blowhard chickenshit. He obviously has sockpuppets to minusmod your posts. His whole post history is loaded with them. No way to hide it from the search engines now. Good job!!!

The problem isn't the RNG (1)

bytesex (112972) | about 3 months ago | (#46962097)

Well, the problem is *also* the RNG. The bigger problem is finding a RNG like this, that can be easily embedded in electronics that you lock away. A camera won't do that.

Re:The problem isn't the RNG (1)

InvalidError (771317) | about 3 months ago | (#46962915)

I do not see where the problem with a camera is: even if you lock the camera in a perfectly dark EMI-shielded box, the CCD or CMOS sensor will still have a fair amount of thermal noise and the same goes for the ADCs so even if all the camera does is take images of the darkness, it will still get a fair amount of entropy from thermal and electrical noise. Put a few thousand pixels worth of this through SHA256 and now you have a pretty decent RNG even if you only get one LSB worth of entropy per pixel..

Why this won't work... (0)

jtara (133429) | about 3 months ago | (#46962259)

No.

The intelligence agencies will just plant engineers in the companies that make the sensors, and will stealthily add circuitry that will alter the data to make it non-random in a known way.

Re:Why this won't work... (1)

Sentrion (964745) | about 3 months ago | (#46962747)

The only question is: will they be US intelligence agencies or Chinese intelligence agencies? Or have the two world powers finally merged to form the top secret Sole Power of Ex-Communists and Republicans Empire, aka S.P.E.C.T.R.E?

camera, light, securing... (1)

MoFoQ (584566) | about 3 months ago | (#46962261)

Hmmmm...camera, capturing light (or image), then using that to secure something......reminds me of Johnny Mnemonic.
Just need Ice-T and it'll be complete.

Be careful (3, Informative)

mbone (558574) | about 3 months ago | (#46962813)

The question is not really whether some physical process is random, the question is whether someone could predict some of the bits, say if you immersed the camera in a light field pulsed at the ccd refresh rate. Or an electromagnetic field that saturates the A/D converters wiring. Or...

The thing is that such a design has to be fixed, and then released in the field, and then be subjected to attacks tailored to its individual design and implementation, and there really is no magic bullet. So, "Counting the number of photons gives a straightforward way of generating random numbers" : maybe, but we won't know for sure if they are really and always random until it's been attacked for a few years.

It might just be possible... (1)

OakDragon (885217) | about 3 months ago | (#46962895)

...if we reverse the polarity... yeah, this can work!

Been there done that! (1)

Atl Rob (3597807) | about 3 months ago | (#46962965)

I've had a CMOS imager noise gen for 5+ years! This is not new, I'll bet I wasn't the first to relize random image noise either? I made this discovery in an attempt to remove the noise with an algorithm. Also photon emission is not the best source! Random, sure, but will pile up in patterns so... Cosmic rays and background radiation are far better, impossible -or- at best highly impractical to remove from images, hence impossible to predict. Random number gens have been perfected for some time now? No? Crypto doesn't work if someone sees the data before or after its encoded! Obviously.

Non'deterministic randomness is possible now (0)

Anonymous Coward | about 3 months ago | (#46964111)

Download MKRAND
http://www.tag.md/public/

Complete BS (1)

gweihir (88907) | about 3 months ago | (#46966377)

A 5.6V Zener-diode is half thermal noise, half quantum noise. It costs something like 5 cent. Amplification and digitization may be another $30 or so, but only for the prototype (e.g. Arduino clone).

This is a complete non-news item.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>