190 likes | 322 Views
True Random Number Generation Using Quantum Mechanical Effects. Luděk Smolík April 200 3. Where do we need random numbers ?. Science, technology, business (MC-simulation), period 2 800 Secure communication protocols ( SSL, IPSec, ISDN, GSM, .... )
E N D
True Random Number Generation Using Quantum Mechanical Effects Luděk Smolík April 2003
Where do we need random numbers ? • Science, technology, business (MC-simulation), period 2800 • Secure communication protocols ( SSL, IPSec, ISDN, GSM, .... ) • Cryptography (Inet-Api e.q. PGP, home banking, ..... ) • „Strong“ cryptography ( ES-Act,.....) DRNG „TRNG“- seed + DRNG „commercial TRNG“ TRNG, QNG unpredictable !!
Communication Protocols + Cryptography • „Seeds“ for DRNG (e.q. Challenge Response). • „Padding Bits“, fill the empty bits in data blocks. • „Blinding Bits“ , overwrite the bits during erasing. • Generation of Symmetric and Asymmetric Keys. • Random Prime Numbers as a source for keys for electronic signature (prototype for the highest security application at all).
Source of noise Source of noise Source of noise Source of noise Source of noise Sampling Digiti- sing Sampling Digiti- sing Sampling Digiti- sing Sampling Digiti- sing Sampling Digiti- sing Commercial Definition of a realistic TRNG(CC, ITSEC) DRNG TRNG Source of noise Seed Sampling Digiti- sing Crypto- graphic post-processing Inernal state State function Internal random sequence Output Output Random numbers sequence
Types of Noise Sources • Many kinds of macroscopic collective phenomena: stochastic movement of particles in a volume, trajectories of small planetoids or asteroids, ...... electronic noise (Thermal-Noise, Shot-Noise, pn-Noise, Zener-Diodes, Josephson-junction...). • Single quantum mechanical effects in the microscopic dimension : Radioactive decay (number of decay in a particular time interval, decay time spectrum...). Quantum effects of single elementary particles (photon, electron, K ....), EPR-phenomenon. Chaos huge number of DOF ? QM is a non-local and non-causal theory No need for predictability Unquessable unknownable
Electronic Noise V Z-Diode Amplifier Filter Discrimi- nator Huge number of charge carrier I p - - - Avalanche noise im pn-junction + + n + U -6V I BUT !!!Autocorrelation in the output sequence T< T
Noise with Splitting Single Photon Beam • Smart source for QM noise are single photons or other elementary particles ! Wave-particle duality at single photons 50:50 mirror or PBS Source of light ...0010011... PM Flip Flop „1“ and „0“ LED driven by max. a few hundred μA ... low coherence length tc < 1ps Rate of mostly single photons with few MHz is achievable PM BUT!!! the guarantee for single photons rate is not absolute sure, 50:50 mirror or PBS not perfect .
C R L &C A D An ode ( wires ) HV HV PWC Cathode ( radioactive source ) Noise with Radioactive Decay C R L &C A D An ode ( wires ) HV HV PWC Cathode ( radioactive source ) Th-232 Radioactive source incandescent mantle with Thorium-232 : α-decays with 4.083 MeV, few β-decays and γ-transitions Ra-228 (the exemption limit for Th-232 is 10 kBq and the dose limit is 6 mSv/yr)
Sampling and Digitizing Detector signal after Detector signal after amplification amplification Electronic Electronic threshold threshold Time Time Discriminator signal Discriminator signal Toggle f Toggle f lip lip - - f f lop running with 15 MHz “0” “0” “1” “1” O O utput utput r r egister egister 0 0 1 1 0110 0110 11001010010011010010111001 11001010010011010010111001 Output rate: 200Bq .... 2kBq (varied with HV, threshold and source activity)
Where is the randomness hidden? The time between two decays is exponentially distributed, p(t) is the probability of time interval t between two successive events. Measurement of really single quantum mechanical effects which behave as perfect random source. There is no deterministic prediction for the time t . More !!! There is no theoretical need for such a prediction. Unfortunately, the toggle flip-flop and the consecutive . electronics can not be perfect. This part of the apparatus is responsible for the occurrence. of systematic effects for all TRNG !
Check of the Randomness • 100% sure demonstration is de facto impossible, because the examined sequence stays always finite ! • Try to compress the sequence by algorithmic procedure ! • Shannon (1948) : Entropy as a measure for information content. • There is a number of statistical tests on the market. (Test-Batteries) 0001010110110011101010010101111010010010010110110010111010100010010100100 p1 -> „00“ p2 -> „01“ p3 -> „10“ p4 -> „11“ n = 4, theoretical pi= 1/4 ! 01 10 00 11 01 10 00 11 01 10 00 11 01 10 00 11 01 10 00 11 01 10 00 11
Experimental Data and Results Input are many gigabits data from recorded radioactive decays, data were divided into sequences of 4kB (32768 bits) length. 010101110100010100100010010010101..............................................1010010011110010100100110101 111001001010001001111001011110101..............................................1000101111010101101010110101 . . . 0101011101000101111110010010010101..............................................1010011110010101001010110101 Each 4kB sequence contributes with a χ2 number to the histogram ofthe particular test. Each χ2 histogram is then fitted by a one-parameter χ2 function and the statistical significance can be checked.
Applied tests I. Golomb criterion tests the ration between states „0“ and „1“ . II. Golomb tests the occurrence of identical consecutive bits (runs). …..0001010000010010101010101010000011111…… III. Golomb tests the autocorrelation function by shift from 1 to max. 16 bits. 010010001001100101100010…………. 0010010001001 010010001101001100100010…………. 0010010001001 check the occurrence of pairs 00, 01, 10, 11 shift by 4 2 Poker tests the occurrence of pairs „00“, „01“, „10“, and „11“. 3 Poker the same for series „000“, „001“, „010 .... „111“. 4 Poker the same for series „0000“, „0001“, ...... „1111“ . 3 111 5 1 2 11................................. 5 5
Example for 2 Poker Test theory: 32768 / 4 • ½ = 4096 measured numbers: n1 „00“, n2 „01“, n3„10“, n4„11“, Theory for „0“ =„1“ = 0,5 p0 p0 =p0 p1 = p1 p0 =p1 p1 = 0,25 Probability 00 01 10 11 2 poker pattern
Exampleχ2 Distribution for2 Poker Test fit by 1 parameter χ2 function Probability experiment χ22 poker test
Non-equilibrium in the Occurrence between States “1” and “0” Defined area ~ 1ns + 1ns per cycle
Discussion The result shows an about 0,28% (± 0,000001) higher chance for one of the logical levels. I. Golomb: p0= 0,4972 p1 = 0,5028 theory predicts : p0 = p1 = 0,5 This corresponds to an overall difference of 0,4 ns between the duration of both clock half-waves Theory for p0= 0,4972 p1 = 0,5028 Probability 00 01 10 11 2 poker pattern The same is true for 3 and 4 poker test
Conclusions Memoryless QM-phenomenon are well suited as a random source in experiments. Always present systematic effects in the apparatus (DAQ) disturb such perfect randomness or make it in the practice a hardly achievable task. The results agree well with the simulation. The basic systematic effect derives from the asymmetric duty cycle which of course can be improved but scarcely eliminated completely. Improvement expected for „1 ps accuracy“ (0.001% shift in duty cycle) “Anyone who considers arithmetical methods of producing random digits is, of course, in state of sin.” John von Neuman (1903-1957) Is a perfect TRNG just a dream ?!