RE: True random numbers wanted

From: Eugen Leitl (eugen@leitl.org)
Date: Tue Sep 03 2002 - 02:53:15 MDT


On Tue, 3 Sep 2002, gts wrote:

> Ultimately there are no random numbers except those that can be
> generated at the subatomic level by quantum processes. (Contrary to a
> post here in this thread, even random numbers generated by chaotic
> processes are predictable if one could know all the initial
> conditions, which means they are not genuinely chaotic. Genuinely

I'm sorry, but you're wrong again. (Nothing personal, but I can't let
falsehoods and half-truths stand unopposed). Nonlinear processes amplify
sources of noise (all sources, quantum noise included) exponentially (or
hyperexponentially, especially if you design them that way) over the
course of the iteration. In nonlinear physical systems a disturbance at
quantum scale will very quickly become amplified to macroscale, where it
will impact the detector. In case of macroscopic nonlinear systems the
happenings will be influenced by everything in the past light cone of the
system. Including that proverbial bicycle in Peking, or photons from
Sirius.

This means, even if you knew the initial conditions (I guess that means
your cypher won't be secure against capital-G God, as anybody else won't
be able to measure the state of a macroscopic system without disturbing
it), you would not be able to predict the outcome, after a few iterations.
It is in fact unknown, if quantum noise is "true" noise, or deterministic
downunder, as proponents of digital physics suggest. All we know is that
we can't predict it. Which is the only difference between entropy (in the
cryptographic sense) and deterministic noise.

> random numbers are not predictable even in theory.) John recognized
> that quantum numbers are the only truly random numbers and was the
> first to create a device capable of generating such numbers. These
> quantum numbers are truly random. Numbers cannot get more random than
> John Walker's hotbits.

If I have a choice where randomness is generated at small scale (atomic
nucleus, single photon in a beam splitter), or by a large scale nonlinear
process, I prefer a large scale nonlinear process. Because the amount of
the information in the system is larger. I still profit from true quantum
randomness (if it exists), but if everything is deterministic I can at
least make guessing harder by including many order of magnitudes more
state.

It's a case of having both belt and suspenders, basically.
 
> I see there is some concern that hotbits are "shared." However this is
> not true according to the method by which hotbits are said to be
> distributed as described on the website: "Once the random bytes are
> delivered to you, they are immediately discarded--the same data will
> never be sent to any other user and no records are kept of the data at
> this or any other site."
>
> Then of course John could be lying... but I doubt it. :)

You're obviously not consulting in security/cryptography business. Your
level of professional paranoia is way insufficient for that.



This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:39 MST