Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #27071 > unrolled thread

Truly Random Numbers On A Quantum Computer??

Back to article view | Back to comp.misc

Contents

  Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-28 21:16 +0000
    Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-28 23:10 +0000
      Re: Truly Random Numbers On A Quantum Computer?? Richmond <dnomhcir@gmx.com> - 2025-03-29 11:50 +0000
        Re: Truly Random Numbers On A Quantum Computer?? Richard Kettlewell <invalid@invalid.invalid> - 2025-03-29 15:05 +0000
          Re: Truly Random Numbers On A Quantum Computer?? kludge@panix.com (Scott Dorsey) - 2025-03-29 12:58 -0400
          Re: Truly Random Numbers On A Quantum Computer?? Mike Spencer <mds@bogus.nodomain.nowhere> - 2025-03-29 18:38 -0300
            Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-29 22:08 +0000
              Re: Truly Random Numbers On A Quantum Computer?? Mike Spencer <mds@bogus.nodomain.nowhere> - 2025-03-30 04:37 -0300
          Re: Truly Random Numbers On A Quantum Computer?? not@telling.you.invalid (Computer Nerd Kev) - 2025-03-30 09:31 +1000
            Re: Truly Random Numbers On A Quantum Computer?? Richard Kettlewell <invalid@invalid.invalid> - 2025-03-30 11:14 +0100
              Re: Truly Random Numbers On A Quantum Computer?? Richard Kettlewell <invalid@invalid.invalid> - 2025-03-30 11:28 +0100
                Re: Truly Random Numbers On A Quantum Computer?? kludge@panix.com (Scott Dorsey) - 2025-03-30 09:11 -0400
                  Re: Truly Random Numbers On A Quantum Computer?? Toaster <toaster@dne3.net> - 2025-04-04 20:16 -0400
                    Re: Truly Random Numbers On A Quantum Computer?? kludge@panix.com (Scott Dorsey) - 2025-04-04 20:56 -0400
                    Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-04-05 02:13 +0000
                    Re: Truly Random Numbers On A Quantum Computer?? Richard Kettlewell <invalid@invalid.invalid> - 2025-04-05 09:08 +0100
            Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-30 21:18 +0000
              Re: Truly Random Numbers On A Quantum Computer?? not@telling.you.invalid (Computer Nerd Kev) - 2025-03-31 08:15 +1000
                Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-31 01:30 +0000
        Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-29 22:09 +0000
          Re: Truly Random Numbers On A Quantum Computer?? Richmond <dnomhcir@gmx.com> - 2025-03-29 22:39 +0000
            Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-31 01:29 +0000
      Re: Truly Random Numbers On A Quantum Computer?? Ethan Carter <ec1828@gmail.com> - 2025-03-29 20:25 -0300
        Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-30 04:58 +0000
          Re: Truly Random Numbers On A Quantum Computer?? Ethan Carter <ec1828@gmail.com> - 2025-03-30 11:19 -0300
            Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-31 01:32 +0000
              Re: Truly Random Numbers On A Quantum Computer?? Ethan Carter <ec1828@somewhere.edu> - 2025-04-01 10:25 -0300
                Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-04-04 19:05 +0000
            Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-03-31 01:34 +0000
              Re: Truly Random Numbers On A Quantum Computer?? Ethan Carter <ec1828@somewhere.edu> - 2025-04-01 10:31 -0300
                Re: Truly Random Numbers On A Quantum Computer?? Lawrence D'Oliveiro <ldo@nz.invalid> - 2025-04-04 19:05 +0000

Page 1 of 2  [1] 2  Next page →

#27071 — Truly Random Numbers On A Quantum Computer??

These researchers claim to have a technique, based on quantum
computing, that can generate provably random numbers
<https://www.csoonline.com/article/3855710/researchers-claim-their-protocol-can-create-truly-random-numbers-on-a-current-quantum-computer.html>.

Trouble is, there ain’t no such thing. This part doesn’t make any
sense:

    Then, to verify that true random numbers had been generated, the
    randomness of the results was mathematically certified to be
    genuine using classical supercomputers at the US Department of
    Energy.

The definition of “randomness” is “you don’t know what’s coming next”.
How do you prove you don’t know something? You can’t. There are
various statistical tests for randomness, but remember that a suitably
encrypted message can pass every one of them, and a person who knows
the message knows that the bitstream is not truly random.

[toc] | [next] | [standalone]

#27075

On Fri, 28 Mar 2025 21:16:29 -0000 (UTC), I wrote:

> The definition of “randomness” is “you don’t know what’s coming next”.
> How do you prove you don’t know something? You can’t. There are various
> statistical tests for randomness, but remember that a suitably encrypted
> message can pass every one of them, and a person who knows the message
> knows that the bitstream is not truly random.

Here’s an even simpler proof, by reductio ad absurdum.

Suppose you have a sequence of numbers which is provably random. Simply 
pregenerate a large bunch of numbers according to that sequence, and store 
them. Then supply them one by one to another party. The other party 
doesn’t know what’s coming next, but you do. Therefore they are not random 
to you.

Which contradicts the original assumption of provable randomness. QED.

[toc] | [prev] | [next] | [standalone]

#27087

Lawrence D'Oliveiro <ldo@nz.invalid> writes:

> On Fri, 28 Mar 2025 21:16:29 -0000 (UTC), I wrote:
>
>> The definition of “randomness” is “you don’t know what’s coming next”.
>> How do you prove you don’t know something? You can’t. There are various
>> statistical tests for randomness, but remember that a suitably encrypted
>> message can pass every one of them, and a person who knows the message
>> knows that the bitstream is not truly random.
>
> Here’s an even simpler proof, by reductio ad absurdum.
>
> Suppose you have a sequence of numbers which is provably random. Simply 
> pregenerate a large bunch of numbers according to that sequence, and store 
> them. Then supply them one by one to another party. The other party 
> doesn’t know what’s coming next, but you do. Therefore they are not random 
> to you.
>
> Which contradicts the original assumption of provable randomness. QED.

I think your definition of randomness is wrong. If the sequence can be
repeated by anyone, then it is pseudo random, not random.

Random is without a predictable pattern or plan.

[toc] | [prev] | [next] | [standalone]

#27092

Richmond <dnomhcir@gmx.com> writes:
[...]
> Random is without a predictable pattern or plan.

I can think of worse definitions.

From the original article:

    As deterministic systems, classical computers cannot create true
    randomness on demand. As a result, to offer true randomness in
    classical computing, we often resort to specialized hardware that
    harvests entropy from unpredictable physical sources, for instance,
    by looking at mouse movements, observing fluctuations in
    temperature, monitoring the movement of lava lamps or, in extreme
    cases, detecting cosmic radiation. These measures are unwieldy,
    difficult to scale and lack rigorous guarantees, limiting our
    ability to verify whether their outputs are truly random.

Physical sources can be found in pretty much every commodity CPU for the
last decade . So not that “difficult to scale” apparently.

A lot of people are pushing QRNGs of various kinds right now. I’ve yet
to be convinced, personally.

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#27096

Richard Kettlewell  <invalid@invalid.invalid> wrote:
>A lot of people are pushing QRNGs of various kinds right now. I’ve yet
>to be convinced, personally.

The QRNG may not in fact be random, but if they turn out not to be random
this indicates some sort of currently-unknown determinism in the 
universe and that in itself is really interesting... far more interesting
than the mere quality of a random number generator.

One of the traditional high-entropy RNGs has been related to the decay
of a radioactive source since you can never tell when an atom in a sample
is going to decay.  If you COULD tell, it would be extremely useful and
worth a Nobel at the absolutely minimum.
--scott

-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."

[toc] | [prev] | [next] | [standalone]

#27100

Richard Kettlewell <invalid@invalid.invalid> writes:

> A lot of people are pushing QRNGs of various kinds right now. I've yet
> to be convinced, personally.

As a tech and math amateur, I made a setup to try to extract random
numbers from serial images of a plasma ball taken by a consumer-grade
web cam.  Really random stuff happening in there, right?  I never got
any results, despite experiments with various datum selection
strategies, image formats etc. that were any where near acceptable.

The concept still seems to me to be potentially usable, but
whaddoiknow? 

Talked to a guy at MIT in the 90s who was trying to extract random
numbers from the turbulence of gas surrounding a hard drive.  Never
learned the tech or theoretical details -- above my amateur pay
grade. 

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#27102

On 29 Mar 2025 18:38:08 -0300, Mike Spencer wrote:

> Talked to a guy at MIT in the 90s who was trying to extract random
> numbers from the turbulence of gas surrounding a hard drive.  Never
> learned the tech or theoretical details -- above my amateur pay grade.

That is in production use today. I believe it’s a standard part of the 
entropy-gathering process in the Linux kernel.

[toc] | [prev] | [next] | [standalone]

#27115

Lawrence D'Oliveiro <ldo@nz.invalid> writes:

> On 29 Mar 2025 18:38:08 -0300, Mike Spencer wrote:
> 
>> Talked to a guy at MIT in the 90s who was trying to extract random
>> numbers from the turbulence of gas surrounding a hard drive.  Never
>> learned the tech or theoretical details -- above my amateur pay grade.
> 
> That is in production use today. I believe it's a standard part of the 
> entropy-gathering process in the Linux kernel.

Cool.  I hope my friend, with whom I've lost contact, has been able to
cash in on the  development, either academicaally or financially.

-- 
Mike Spencer                  Nova Scotia, Canada

[toc] | [prev] | [next] | [standalone]

#27107

Richard Kettlewell <invalid@invalid.invalid> wrote:
> From the original article:
> 
>    As deterministic systems, classical computers cannot create true
>    randomness on demand. As a result, to offer true randomness in
>    classical computing, we often resort to specialized hardware that
>    harvests entropy from unpredictable physical sources, for instance,
>    by looking at mouse movements, observing fluctuations in
>    temperature, monitoring the movement of lava lamps or, in extreme
>    cases, detecting cosmic radiation. These measures are unwieldy,
>    difficult to scale and lack rigorous guarantees, limiting our
>    ability to verify whether their outputs are truly random.
> 
> Physical sources can be found in pretty much every commodity CPU for the
> last decade . So not that "difficult to scale" apparently.

Simple circuits using the (ancient) 2N3904 transistor abound on the
internet, and pre-date it as well.

Here's a newer circuit design specifically for battery-powered
cryptographic use and with lots of analysis and comparison with
another circuit:
https://betrusted.io/avalanche-noise

None of it requires cutting-edge technology. The main issue in the
past has simply been that it wasn't part of the original PC
architecture, so things like "looking at mouse movements" needed to
be done at first until it was added to modern hardware.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]

#27118

not@telling.you.invalid (Computer Nerd Kev) writes:
> Simple circuits using the (ancient) 2N3904 transistor abound on the
> internet, and pre-date it as well.
>
> Here's a newer circuit design specifically for battery-powered
> cryptographic use and with lots of analysis and comparison with
> another circuit:
> https://betrusted.io/avalanche-noise
>
> None of it requires cutting-edge technology. The main issue in the
> past has simply been that it wasn't part of the original PC
> architecture, so things like "looking at mouse movements" needed to
> be done at first until it was added to modern hardware.

Exactly! All the stuff about lava lamps, helium motion inside hard
disks, etc is just gimmicks. Real random numbers are tiny electronic
components built into CPUs, HSMs, etc.

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#27119

Richard Kettlewell <invalid@invalid.invalid> writes:
> Exactly! All the stuff about lava lamps, helium motion inside hard
> disks, etc is just gimmicks. Real random numbers are tiny electronic
                                                 ^generators
> components built into CPUs, HSMs, etc.

Strictly I should probably say “entropy sources”, since there’s
generally a DRBG between the electronics and the application, as well.

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#27122

Richard Kettlewell  <invalid@invalid.invalid> wrote:
>Richard Kettlewell <invalid@invalid.invalid> writes:
>> Exactly! All the stuff about lava lamps, helium motion inside hard
>> disks, etc is just gimmicks. Real random numbers are tiny electronic
>                                                 ^generators
>> components built into CPUs, HSMs, etc.
>
>Strictly I should probably say “entropy sources”, since there’s
>generally a DRBG between the electronics and the application, as well.

The problem with those genuine random number generators is that they are
usually comparatively slow.  They take milliseconds to spit out a number,
sometimes tens or even hundreds of them.  So we use the genuine RNG to
seed a PNG in situations where we don't need complete randomness but need
pretty good randomness and need a lot of it fast.  Knuth has a discussion 
of this.
--scott
-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."

[toc] | [prev] | [next] | [standalone]

#27187

On Sun, 30 Mar 2025 09:11:47 -0400 (EDT)
kludge@panix.com (Scott Dorsey) wrote:

> Richard Kettlewell  <invalid@invalid.invalid> wrote:
> >Richard Kettlewell <invalid@invalid.invalid> writes:
> >> Exactly! All the stuff about lava lamps, helium motion inside hard
> >> disks, etc is just gimmicks. Real random numbers are tiny
> >> electronic
> >                                                 ^generators
> >> components built into CPUs, HSMs, etc.
> >
> >Strictly I should probably say “entropy sourcesâ€_, since there’s
> >generally a DRBG between the electronics and the application, as
> >well.
> 
> The problem with those genuine random number generators is that they
> are usually comparatively slow.  They take milliseconds to spit out a
> number, sometimes tens or even hundreds of them.  So we use the
> genuine RNG to seed a PNG in situations where we don't need complete
> randomness but need pretty good randomness and need a lot of it fast.
>  Knuth has a discussion of this.
> --scott

im no expert but can't you just amplify thermal (white) noise and just
sample it? it's completely random.

[toc] | [prev] | [next] | [standalone]

#27188

Toaster  <toaster@dne3.net> wrote:
>
>im no expert but can't you just amplify thermal (white) noise and just
>sample it? it's completely random.

Yes, but first of all you need to make sure you are only getting thermal
noise and not anything else leaking in that might be repetitive.  Secondly
the rate at which you can generate random numbers is directly tied to the
bandwidth of the noise source.  But this is in fact how hardware RNGs often
work.
--scott

-- 
"C'est un Nagra. C'est suisse, et tres, tres precis."

[toc] | [prev] | [next] | [standalone]

#27189

On Fri, 4 Apr 2025 20:16:55 -0400, Toaster wrote:

> im no expert but can't you just amplify thermal (white) noise and just
> sample it? it's completely random.

In theory, there are lots of sources in nature of “completely random” 
numbers.

The problem is, how do you construct a mechanism to sample those numbers, 
and prove that there are no bugs introduced (whether accidentally or 
deliberately) somewhere along the way that subvert the randomness of the 
output?

[toc] | [prev] | [next] | [standalone]

#27191

Toaster <toaster@dne3.net> writes:
> kludge@panix.com (Scott Dorsey) wrote:
>> Richard Kettlewell  <invalid@invalid.invalid> wrote:
>>>Richard Kettlewell <invalid@invalid.invalid> writes:
>>>> Exactly! All the stuff about lava lamps, helium motion inside hard
>>>> disks, etc is just gimmicks. Real random number [generators] are tiny
>>>> electronic components built into CPUs, HSMs, etc.
>>>
>>> Strictly I should probably say “entropy source”, since there’s
>>> generally a DRBG between the electronics and the application, as
>>> well.
>> 
>> The problem with those genuine random number generators is that they
>> are usually comparatively slow.  They take milliseconds to spit out a
>> number, sometimes tens or even hundreds of them.  So we use the
>> genuine RNG to seed a PNG in situations where we don't need complete
>> randomness but need pretty good randomness and need a lot of it fast.
>>  Knuth has a discussion of this.
>
> im no expert but can't you just amplify thermal (white) noise and just
> sample it? it's completely random.

The physics isn’t my department but I think you’re on the right track.
The point is that what you get out of the hardware component needs some
additional processing before it’s usable in practice e.g. to generate
cryptographic keys of a chosen strength. (Scott is for some reason
repeating my remark about using a DRBG.)

-- 
https://www.greenend.org.uk/rjk/

[toc] | [prev] | [next] | [standalone]

#27133

On 30 Mar 2025 09:31:01 +1000, Computer Nerd Kev wrote:

> The main issue in the past has simply been that it wasn't part of
> the original PC architecture, so things like "looking at mouse
> movements" needed to be done at first until it was added to modern
> hardware.

The trouble with building in a purported random-number source is: how can 
you be sure you can trust it?

Intel added random-number generation instructions to the x86 architecture; 
but how can be we sure they work as they’re advertised?

[toc] | [prev] | [next] | [standalone]

#27134

Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
> On 30 Mar 2025 09:31:01 +1000, Computer Nerd Kev wrote:
> 
>> The main issue in the past has simply been that it wasn't part of
>> the original PC architecture, so things like "looking at mouse
>> movements" needed to be done at first until it was added to modern
>> hardware.
> 
> The trouble with building in a purported random-number source is: how can 
> you be sure you can trust it?

That's the justification the designer of the circuit I linked to
stated for why they decided to use a separate circuit made from
discrete components. USB devices using similar circuits can also be
purchased for the same reason. Anyway, you don't need a quantum
computer to do it.

> Intel added random-number generation instructions to the x86 architecture; 
> but how can be we sure they work as they're advertised?

How can you be sure anything works as advertised? There's always
the risk of backdoors in the Intel Management Engine enabling all
sorts of possible attacks. That designer likes FPGA-based CPUs for
this reason, although there's still a small risk that the FPGAs
could be maliciously designed to specifically sabotage that
approach too.

-- 
__          __
#_ < |\| |< _#

[toc] | [prev] | [next] | [standalone]

#27136

On 31 Mar 2025 08:15:54 +1000, Computer Nerd Kev wrote:

> Lawrence D'Oliveiro <ldo@nz.invalid> wrote:
>
>> Intel added random-number generation instructions to the x86
>> architecture; but how can be we sure they work as they're advertised?
> 
> How can you be sure anything works as advertised?

There are ways to test things. But not (easily) with randomness.

[toc] | [prev] | [next] | [standalone]

#27103

On Sat, 29 Mar 2025 11:50:06 +0000, Richmond wrote:

> Random is without a predictable pattern or plan.

Let’s say I collect and store a sequence that meets your definition. Then 
I play it back when you ask me for a random number sequence. Does it still 
meet your definition? If not, what has changed?

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.misc

csiph-web