WO2005106645A2 - Quantum random bit generator - Google Patents

Quantum random bit generator Download PDF

Info

Publication number
WO2005106645A2
WO2005106645A2 PCT/HR2005/000028 HR2005000028W WO2005106645A2 WO 2005106645 A2 WO2005106645 A2 WO 2005106645A2 HR 2005000028 W HR2005000028 W HR 2005000028W WO 2005106645 A2 WO2005106645 A2 WO 2005106645A2
Authority
WO
WIPO (PCT)
Prior art keywords
random
value
events
rpg
pair
Prior art date
Application number
PCT/HR2005/000028
Other languages
French (fr)
Other versions
WO2005106645A3 (en
Inventor
Mario Stipcevic
Original Assignee
Mario Stipcevic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mario Stipcevic filed Critical Mario Stipcevic
Priority to EP05734986A priority Critical patent/EP1754140A2/en
Publication of WO2005106645A2 publication Critical patent/WO2005106645A2/en
Publication of WO2005106645A3 publication Critical patent/WO2005106645A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K3/00Circuits for generating electric pulses; Monostable, bistable or multistable circuits
    • H03K3/84Generating pulses having a predetermined statistical distribution of a parameter, e.g. random pulse generators

Definitions

  • Present invention concerns method and apparatus for generating truly random bits, that is, numbers.
  • the invention is classified as: G 06 F 7/58.
  • Non-detena ⁇ iinistic generators of random bits are used a lot in different areas: from engineering and science, hazard games, to cryptography.
  • Non-deterministic generators are characterized by the fact that a) it is impossible to predict (bits) numbers which they produce just as when tossing a coin or throwing a dice, b) two generators cannot be synchronized to produce the same sequence of bits.
  • Main problem is to construct a non-dete ⁇ ninistic generator of random bits which produces sequences of such a good quality that they can be for all practical purposes considered as being truly random.
  • Such a generator, and associated method are the subject of this patent.
  • Main problems which appear in building of a non-deterministic random bit generator are statistical bias and correlations among bits. Truly random sequences of bits are characterized by d e fact that both bias and correlations tend to zero, when the length of the sequence goes to infinity.
  • Electronics circuits for generating random bits (or numbers) are well-known in the art. They typically have one or more outputs which can take on either low (“0”) or high (“1") logic level.
  • Pseudo-random generators are characterized by their ability to accept an initial state (or number) called the “seed" which completely determines the sequence of numbers that are produced by the generator thereafter. This property makes possible that two identical pseudo-random generators produce identical pseudo-random sequence of numbers if they are set with the same seed. This is called “synchronization of generators”. Pseudo-random generators make use of a mathematical formula to "calculate" the numbers.
  • Pseudo-random generators can suffer form various problems (and the most of them suffers from at least few of them) which make them unsafe or unsuitable for some applications: bad statistical properties, problem of finite period, the existence of "weak" seeds which lead to short repetition cycle and or sequences with bad statistical properties, the existence of crypto analytical methods for calculation of the whole sequence when only a small portion of it is known, small entropy etc. Because of the last two mentioned problems, the whole classes of popular pseudo-random generators are not suitable for cryptographic purposes.
  • non-pseudo-random generators As opposed to pseudo-random generators, non-pseudo-random generators (or “hardware random bit generators”). Such generators do not have an initial state and can not accept a seed. They do not operate upon a deterministic principle and consequently even a two identical generators can not be synchronized. This impossibility of syncl ronization is their most important feature. It is particularly important for some applications like some newly developed cryptographic protocols which, by taking advantage of d e "uniqueness" of the produced strings of bits, offer so called unconditional security. Under the assumption that a generator produces truly random bits, no knowledge about its structure or operation principles can help a bit to predict its sequence and thus consequently to brake the encrypted code.
  • Non-deterministic generators are relatively well investigated and known in the literature. By their construction, almost all of them make use of the electronic noise, measurements of random events or a combination of electronic noise and pseudo-random generators.
  • Non-deterministic generator of random numbers presented here ensures statistical independence of produced bits and negligibly small bias. Randomness of bits appearing at its output is a direct consequence of randomness of the underlying physical process (preferably a process whose randomness is based on a fundamental randomness of Quantum Mechanics), while the electronics circuits which serve to process the signal can be made so tiiat its imperfections have only a negligible influence, using die existing contemporary technology.
  • sequences of random bits produced with such a generator pass all known statistical tests of randomness, from "standard” tests such as entropy test, Chi-square test, bias, serial autocorrelation test, spectral test etc., then Maurer's Universal statistical test (Maurer 1992, Coron et al. 1999) and finally the strongest set of tests Diehard (Diehard battery of tests, Marsaglia 1996) and the test sis- 1.5 which the US National Institute of Standards and Technology (NIST) has set the standard for testing cryptographic products.
  • the random pulse generator consists of some discrete stochastic process and a detector or discriminator which measures that process thus producing a well defined (constant width and constant height) digital pulse each time a random event takes place, with the exception in the case that two or more subsequent events appear within the dead time of the said detector or (discriminator, in which case only one pulse is generated. Furthermore, it is possible that the RPG produces a pulse even when ⁇ ere is no physical event as a consequence of electrical noise in the detector or discriminator.
  • FIG. 1 One example of a quantum RPG is shown in FIG. 1.
  • Radioactive source RS is enclosed in a shield S which has a window.
  • Gamma rays emitted from the source RS pass through the window and reach the Geiger-Mueller detector GM.
  • GM detector When a gamma ray hits GM detector it produces a weak current pulse.
  • This pulse is then amplified, discriminated and shaped into a standardized logic pulse appearing at the output "Output" of the RPG.
  • Each pulse at the output corresponds to one gamma ray, with the exception of gamma rays which are not recognized as legitimate by the discriminator and with the exception of those gamma rays which appear during die dead time of d e GM detector.
  • stochastic processes whose randomness is not directly based on laws of quantum physics, can be realized by sampling of a random analog signal such as electronic noise and processing the sampled data in some way in order to arrive to random numbers or bits.
  • One possibility is to generate random bits based upon a voltage amplitude or polarity at instant of sampling. Said metiiod or its variants does not exhaust all possibilities of converting random analog signals into random numbers.
  • the method presented here prefers tiiat the average frequency of the discrete random process (and corresponding pulses from the RPG) varies as little as possible during the extraction of bits, in order to minimize correlations among d e bits.
  • d e average frequency of pulses from the RPG can be stabilized by a negative feedback circuit, as shown in d e FIG. 2.
  • the generator of random pulses shown in the FIG. 2. consists of a negative feedback circuit ⁇ FC which drives a step motor SM, which motor mechanically drives the shutter G.
  • the shutter G stops any gamma ray emitted by the radioactive source from reaching the detector GM.
  • the negative feedback circuit ⁇ FC measures die frequency of pulses present at the output "Output" by averaging die frequency over a period of time whose length is arbitrary but longer than l/ o, comparing this average value to the desired (preset) value and causing the shutter G to move in such a way that d e mean frequency of the output pulses approaches d e preset value.
  • the negative feedback circuit keeps the output frequency approximately stable regardless of possible changes of temperature and operating characteristics of components due to d e temperature fluctuations and/or aging.
  • the ⁇ FC circuit particularly faciUtates mass production of generators by eliminating sensitivity to possible deviations in geometry and tolerances of component characteristics.
  • First special case concerns counting of periodic pulses (for example from a quartz crystal oscillator QO) during periods of time defined by random pulses from an RPG, as shown in the FIG. 4.
  • periodic pulses for example from a quartz crystal oscillator QO
  • t , t 2 , t 3 , t 4 etc. which is equal to the number of periodic pidses from die QO which happened in-between occurrence of d e two random pulses in a pair.
  • Pulses can be subsequent as shown in the FIG. 4. but this is not a necessary condition, h case thai ti ⁇ t 2 one generates a bit witii a value of "1", whereas if ti > one generates a bit witii a value of "0".
  • the next random bit is generated by considering t 3 and t 4 . Analogously, if t 3 ⁇ t one generates bit with d e value of "1", whereas if t 3 > t one generates a bit with a value of "0". Repeating this process, a random sequence of any desired lengtii can be generated.
  • Second special case concerns counting of random pulses from one RPG (RPG1) during intervals of time defined by random pulses from another, independent RPG (RPG2), as shown in the FIG. 6.
  • RPG1 Random pulses from another RPG
  • RPG2 independent RPG
  • wliich is equal to the number of random pulses from RPG2 wliich happened in-between occurrence of die two random pulses in a pair.
  • Observed pulses from the RPG1 can be subsequent as shown in the FIG. 6. but this is not a necessary condition.
  • Third special case concerns counting of random pulses from an RPG during intervals of time of constant length (generated for example by a quartz crystal oscillator QO), which intervals of constant lengtii must not overlap, as shown in d e FIG. 8.
  • a quartz crystal oscillator QO To each interval of length ⁇ t one assigns a numerical value n ⁇ , n , n 3 , n 4 etc. which is equal to the number of random pulses from the RPG wliich occurred during d e observed interval.
  • Observed intervals generated by the oscillator QO can be subsequent as shown in the FIG. 8. but this is not a necessary condition.
  • a common property of all die three special cases is tiiat tiieoretically tiiey produce random bits widiout bias and without correlations, tiiat is truly random bits, and that d e only possible deviations from true randomness can come from imperfections in practical realization of the apparatus.
  • quantum RPG(s) were used it is in principle easy to control said imperfections and therefore better generators can be made by use of quantum RPG(s) than witii use of non-quantum RPG(s). It is dierefore the reason why this mvention prefers use of quantum RPG or RPG's, although it is not a necessary condition.
  • FIG.1 - One practical realization of a random pulse generator (RPG).
  • FIG.2 - One practical possible realization of a random pulse generator (RPG) witii stabilized mean frequency of pulses.
  • FIG.3 - One practical realization of a random bit generator, according to the first special case of the present method.
  • FIG.4 Time diagram of signals for the random bit generator according to the first special case of the present method.
  • FIG.5 - One practical realization of a random bit generator, according to the second special case of the present method.
  • FIG.6 Time diagram of signals for the random bit generator according to the second special case of the present method.
  • FIG.7 - One practical realization of a random bit generator, according to the third special case of the present method.
  • FIG.8 Time diagram of signals for the random bit generator according to d e third special case of the present method. 6 DETAILED DESCRIPTION OF AT LEAST ONE PRACTICAL REALIZATION OF THE INVENTION
  • FIG. 3 shows one practical realization of a random bit generator, according to the first special case described in d e section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION).
  • the generator comprises one random pulse generator RPG (shown in more detail in the FIG. 2), quartz oscillator QO, a counter wliich can count both up (forwards) and down (backwards), and the steering logic.
  • the generator makes use of three subsequent pulses (a triplet) from the RPG in order to produce one random bit at its output.
  • a cycle of generating of one random bit (FIG. 4) works in the following way.
  • the output from die RPG is interpreted as follows. Whenever die output “Ready” is set to “ 1" then the output “Output” contains a new random bit. Levels at the outputs “Ready” and “Output” stay unchanged until such moment when input "Request” exhibits a transition from low to high logic level, wliich resets the output “Ready” to "0” and starts a new cycle of generating of one random bit. Typical timing diagram for this generator is shown on the FIG 4.
  • FIG. 5 shows one practical realization of a random bit generator, according to the second special case described in die section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION).
  • the generator comprises two independent random pulse generators RPG1 and RPG2 (each like the one shown in more detail in the FIG. 2), a comiter wliich can count botii up (forwards) and down (backwards), and the steering logic.
  • the generator makes use of tliree subsequent pidses (a triplet) from die RPG1 in order to produce one random bit at its output.
  • a cycle of generating of one random bit (FIG. 6) works in the following way.
  • d e steering logic sets the output "Ready” to logic level “I” if and only if the state of the comiter is not equal to zero, otiierwise the output “Ready” is set to logic level “0".
  • the output from the RPG is interpreted as follows. Whenever the output "Ready” is set to “1” then the output "Output” contains a new random bit. Levels at d e outputs “Ready” and “Output” stay unchanged until such moment when input "Request” exhibits a transition from low to high logic level, which resets the output "Ready” to "0” and starts a new cycle of generating of one random bit.
  • Typical timing diagram for this generator is shown on the FIG 6.
  • FIG. 7 shows one practical realization of a random bit generator, according to the tiiird special case described in the section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION).
  • the generator comprises one random pulse generator RPG (shown in more detail in the FIG. 2), quartz oscillator QO, a counter wliich can count both up (forwards) and down (backwards), and the steering logic.
  • the generator makes use of tliree subsequent pulses (a triplet) from the quartz oscillator in order to produce one random bit at its output.
  • a cycle of generating of one random bit (FIG. 8) works in the following way.
  • the comiter By every first pulse from the triplet of pulses from tiie quartz oscillator QO the comiter resets to zero and starts comiting pidses from the RPG in the "up” direction, by every second pulse the counter reverses its counting direction now comiting the pulses from the RPG in “down” direction, and by every tiiird pulse the steering logic stops the comiter by means of tiie logic gates AND. The steering logic then sets the output "Output” to tiie logic level “1" if d e comiter shows a value greater than zero, otherwise it sets tiie output "Output" to logic level "0".
  • the steering logic sets the output "Ready” to logic level “1” if and only if the state of the comiter is not equal to zero, otiierwise tiie output “Ready” is set to logic level “0".
  • the output from tiie RPG is interpreted as follows. Whenever tiie output "Ready” is set to “1” then the output "Output” contains a new random bit. Levels at the outputs "Ready” and “Output” stay unchanged until such moment when input "Request” exhibits a transition from low to high logic level, which resets the output "Ready” to "0” and starts a new cycle of generating of one random bit.
  • Typical timing diagram for tiiis generator is shown on d e FIG 8.
  • peripheral generators of random numbers wliich may be connected to a computer via a serial, parallel, IRDA, USB or any other port, PC cards including video controllers, special purpose cards, PCMCIA cards, cliips for generating random nmiibers intended for motiierboards or other computer parts, Smart Cards, products for cryptographically secured communications, products for secure payment and business (B2C, B2B) etc.
  • the described apparatus can also be used as a source of noise for electronics measurement equipment.
  • the described apparatus can also be used as a generator of random numbers in hazard games automata, lottery, gambling, testing procedures in industry, scientific research and research of paranormal activity (psi factor).

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computational Mathematics (AREA)
  • Electromagnetism (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)
  • Compression, Expansion, Code Conversion, And Decoders (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for generating random bits which makes use of a generator of random and mutually independent physical events RPG, the first step of which is either (a) considering pairs of independent events from the RPG; such that time intervals between the events in pairs do not overlap; or : (a) considering pairs of non-overlapping constant length intervals of time Δ t and the following steps are: (b) assigning to each of the said pairs of events or of said intervals a numerical value and (c) forming a random bit by observing an arbitrary pair of said numerical values and assigning to the said bit a value of '0' if the first numerical value in the pair is greater than the second value, whereas assigning to the said bit a value of '1' if the first numerical value in the pair is smaller than the second value.

Description

QUANTUM RANDOM BIT GENERATOR
DESCRIPTION OF INVENTION
1 FIELD OF INVENTION
Present invention concerns method and apparatus for generating truly random bits, that is, numbers.
According to the international IPC classification, the invention is classified as: G 06 F 7/58.
2 TECHNICAL PROBLEM
Non-detenaτiinistic generators of random bits (or numbers) are used a lot in different areas: from engineering and science, hazard games, to cryptography. Non-deterministic generators are characterized by the fact that a) it is impossible to predict (bits) numbers which they produce just as when tossing a coin or throwing a dice, b) two generators cannot be synchronized to produce the same sequence of bits. Main problem, however, is to construct a non-deteπninistic generator of random bits which produces sequences of such a good quality that they can be for all practical purposes considered as being truly random. Such a generator, and associated method, are the subject of this patent. Main problems which appear in building of a non-deterministic random bit generator are statistical bias and correlations among bits. Truly random sequences of bits are characterized by d e fact that both bias and correlations tend to zero, when the length of the sequence goes to infinity.
Quite generally, existing inventions suffer from a lack of a mathematical or scientific proof that, at least one of the following statements holds:
1. A generator produces, at its output (or outputs), low and high logic levels (which are denoted with "0" and "1" respectively) with probabilities p(0) nd i) respectively such that, at least in good approximation, the following is true: p(0) - p(l) = 0.5. This is known as the "zero bias condition", with bias ε being defined as ε=p(\) - 0.5;
2. The low and high states, at the output (or outputs) of the generator make up a random, unpredictable sequence of bits.
The generator described here solves this problem. Namely, under some weak assumptions which can be easily met in practice, it is possible to prove mathematically that the principle of operation of such generator satisfies both above-mentioned requirements and that it produces truly random bits.
3 BACKGROUND OF THE INVENTION
Electronics circuits for generating random bits (or numbers) are well-known in the art. They typically have one or more outputs which can take on either low ("0") or high ("1") logic level.
Electronic random number generators fall into two large categories: pseudo-random generators and non-deteπninistic generators. Pseudo-random (deterministic) generators
Pseudo-random generators are characterized by their ability to accept an initial state (or number) called the "seed" which completely determines the sequence of numbers that are produced by the generator thereafter. This property makes possible that two identical pseudo-random generators produce identical pseudo-random sequence of numbers if they are set with the same seed. This is called "synchronization of generators". Pseudo-random generators make use of a mathematical formula to "calculate" the numbers. Pseudo-random generators can suffer form various problems (and the most of them suffers from at least few of them) which make them unsafe or unsuitable for some applications: bad statistical properties, problem of finite period, the existence of "weak" seeds which lead to short repetition cycle and or sequences with bad statistical properties, the existence of crypto analytical methods for calculation of the whole sequence when only a small portion of it is known, small entropy etc. Because of the last two mentioned problems, the whole classes of popular pseudo-random generators are not suitable for cryptographic purposes.
Non-deterministic generators
As opposed to pseudo-random generators, non-pseudo-random generators (or "hardware random bit generators"). Such generators do not have an initial state and can not accept a seed. They do not operate upon a deterministic principle and consequently even a two identical generators can not be synchronized. This impossibility of syncl ronization is their most important feature. It is particularly important for some applications like some newly developed cryptographic protocols which, by taking advantage of d e "uniqueness" of the produced strings of bits, offer so called unconditional security. Under the assumption that a generator produces truly random bits, no knowledge about its structure or operation principles can help a bit to predict its sequence and thus consequently to brake the encrypted code.
Non-deterministic generators are relatively well investigated and known in the literature. By their construction, almost all of them make use of the electronic noise, measurements of random events or a combination of electronic noise and pseudo-random generators.
Quite generally, existing inventions suffer from a lack of a mathematical or scientific proof of meeting at least one requirement stated in the section 2 (TECHNICAL PROBLEM). Invention presented here falls in the category of non-deterministic generators. Under some assumptions it can be proven tiiat it fiilfils both requirements stated in d e section 2 (TECHNICAL PROBLEM).
4 DETAILED DESCRIPTION OF THE PRESENT INVENTION
Non-deterministic generator of random numbers presented here ensures statistical independence of produced bits and negligibly small bias. Randomness of bits appearing at its output is a direct consequence of randomness of the underlying physical process (preferably a process whose randomness is based on a fundamental randomness of Quantum Mechanics), while the electronics circuits which serve to process the signal can be made so tiiat its imperfections have only a negligible influence, using die existing contemporary technology. The result of that is that sequences of random bits produced with such a generator pass all known statistical tests of randomness, from "standard" tests such as entropy test, Chi-square test, bias, serial autocorrelation test, spectral test etc., then Maurer's Universal statistical test (Maurer 1992, Coron et al. 1999) and finally the strongest set of tests Diehard (Diehard battery of tests, Marsaglia 1996) and the test sis- 1.5 which the US National Institute of Standards and Technology (NIST) has set the standard for testing cryptographic products.
The most important part of die generator is so called "random pulse generator ", or abbreviated RPG. The random pulse generator consists of some discrete stochastic process and a detector or discriminator which measures that process thus producing a well defined (constant width and constant height) digital pulse each time a random event takes place, with the exception in the case that two or more subsequent events appear within the dead time of the said detector or (discriminator, in which case only one pulse is generated. Furthermore, it is possible that the RPG produces a pulse even when ύ ere is no physical event as a consequence of electrical noise in the detector or discriminator. Having in mind that the effects of dead time and noise can be made small, henceforth we will identify a pulse (from a RPG) witii a true physical event. A RPG whose randomness is a direct consequence of laws of quantum physics is called a "quantum RPG".
One example of a quantum RPG is shown in FIG. 1.
Radioactive source RS is enclosed in a shield S which has a window. Gamma rays emitted from the source RS pass through the window and reach the Geiger-Mueller detector GM. When a gamma ray hits GM detector it produces a weak current pulse. This pulse is then amplified, discriminated and shaped into a standardized logic pulse appearing at the output "Output" of the RPG. Each pulse at the output corresponds to one gamma ray, with the exception of gamma rays which are not recognized as legitimate by the discriminator and with the exception of those gamma rays which appear during die dead time of d e GM detector. Furu ermore, appearance of false pulses as a consequence of electronics noise in amplifier and discriminator is possible. The effects of noise and dead time can be made small in practice, so that with a high probability each pulse at the output "Output" of the RPG corresponds to one gamma ray. Said method of converting of weak current pulses signals from the GM detector into standardized logic pulses as well as terms of amplification, discrimination, pulse shaping, dead time and noise, are well known in d e art.
Other examples of stochastic processes whose randomness directly based on laws of quantum physics, otiier tiian said radioactive decay, include: tunneling in the Josephson's junction, pink noise of a Zener diode, tunneling of charge carriers in semiconductors, photoelectric effect in photomultipliers and Avalanche Photo Diodes, reflection or refraction of photons, etc.
Other examples of stochastic processes, whose randomness is not directly based on laws of quantum physics, can be realized by sampling of a random analog signal such as electronic noise and processing the sampled data in some way in order to arrive to random numbers or bits. One possibility is to generate random bits based upon a voltage amplitude or polarity at instant of sampling. Said metiiod or its variants does not exhaust all possibilities of converting random analog signals into random numbers.
Although the pulses produced by an RPG appear at random they nevertheless have a well defined average frequency, f0, which is defined as a ratio of number of pulses N(Δt) generated during a period of time At, and the period length Δt hi die limit of large Δt: N(Δt) /o = Δ !fimco ^t
The method presented here prefers tiiat the average frequency of the discrete random process (and corresponding pulses from the RPG) varies as little as possible during the extraction of bits, in order to minimize correlations among d e bits. To that end d e average frequency of pulses from the RPG can be stabilized by a negative feedback circuit, as shown in d e FIG. 2.
The generator of random pulses shown in the FIG. 2. consists of a negative feedback circuit ΝFC which drives a step motor SM, which motor mechanically drives the shutter G. The shutter G stops any gamma ray emitted by the radioactive source from reaching the detector GM. The negative feedback circuit ΝFC measures die frequency of pulses present at the output "Output" by averaging die frequency over a period of time whose length is arbitrary but longer than l/ o, comparing this average value to the desired (preset) value and causing the shutter G to move in such a way that d e mean frequency of the output pulses approaches d e preset value. In this way the negative feedback circuit keeps the output frequency approximately stable regardless of possible changes of temperature and operating characteristics of components due to d e temperature fluctuations and/or aging. The ΝFC circuit particularly faciUtates mass production of generators by eliminating sensitivity to possible deviations in geometry and tolerances of component characteristics.
The method for generating random bits which is the subject of this invention can be well illustrated by tiiree special cases which, however, do not exhaust all numerous possibilities described by the claims.
First special case concerns counting of periodic pulses (for example from a quartz crystal oscillator QO) during periods of time defined by random pulses from an RPG, as shown in the FIG. 4. To each pair of pulses one assigns a numerical value t , t2, t3, t4 etc. which is equal to the number of periodic pidses from die QO which happened in-between occurrence of d e two random pulses in a pair. Pulses can be subsequent as shown in the FIG. 4. but this is not a necessary condition, h case thai ti < t2 one generates a bit witii a value of "1", whereas if ti > one generates a bit witii a value of "0". The next random bit is generated by considering t3 and t4. Analogously, if t3 < t one generates bit with d e value of "1", whereas if t3 > t one generates a bit with a value of "0". Repeating this process, a random sequence of any desired lengtii can be generated.
Second special case concerns counting of random pulses from one RPG (RPG1) during intervals of time defined by random pulses from another, independent RPG (RPG2), as shown in the FIG. 6. To each pair of random pulses from the RPG1 one assigns a numerical value n n2, n_, n4 etc. wliich is equal to the number of random pulses from RPG2 wliich happened in-between occurrence of die two random pulses in a pair. Observed pulses from the RPG1 can be subsequent as shown in the FIG. 6. but this is not a necessary condition. In case that ιi\ < n_ one generates a bit with a value of "1", whereas if
Figure imgf000008_0001
> n2 one generates a bit with a value of "0". The next random bit is generated by considering n_ and 7-4. Analogously, if «3 < n4 one generates bit with the value of " 1 ", whereas if n3 > «4 one generates a bit with a value of "0". Repeating this process, a random sequence of any desired length can be generated.
Third special case concerns counting of random pulses from an RPG during intervals of time of constant length (generated for example by a quartz crystal oscillator QO), which intervals of constant lengtii must not overlap, as shown in d e FIG. 8. To each interval of length Δt one assigns a numerical value n\, n , n3, n4 etc. which is equal to the number of random pulses from the RPG wliich occurred during d e observed interval. Observed intervals generated by the oscillator QO can be subsequent as shown in the FIG. 8. but this is not a necessary condition. In case that n < n2 one generates a bit with a value of "1", whereas if n > n one generates a bit with a value of "0". The next random bit is generated by considering n_ and ;?4. Analogously, if n3 < «4 one generates bit with d e value of "1", whereas if w3 > «4 one generates a bit witii a value of "0". Repeating this process, a random sequence of any desired length can be generated.
A common property of all die three special cases is tiiat tiieoretically tiiey produce random bits widiout bias and without correlations, tiiat is truly random bits, and that d e only possible deviations from true randomness can come from imperfections in practical realization of the apparatus. In case that quantum RPG(s) were used it is in principle easy to control said imperfections and therefore better generators can be made by use of quantum RPG(s) than witii use of non-quantum RPG(s). It is dierefore the reason why this mvention prefers use of quantum RPG or RPG's, although it is not a necessary condition.
Examples random number generators wliich operate according to the tliree above mentioned special cases are described in the section 6 (DETAILED DESCRIPTION OF AT LEAST ONE PRACTICAL REALIZATION OF THE INVENTION), and are shown in drawings FIG. 3, FIG. 5 and FIG. 7, respectively.
5 DESCRIPTION OF DRAWINGS
FIG.1 - One practical realization of a random pulse generator (RPG).
FIG.2 - One practical possible realization of a random pulse generator (RPG) witii stabilized mean frequency of pulses.
FIG.3 - One practical realization of a random bit generator, according to the first special case of the present method.
FIG.4 - Time diagram of signals for the random bit generator according to the first special case of the present method.
FIG.5 - One practical realization of a random bit generator, according to the second special case of the present method.
FIG.6 - Time diagram of signals for the random bit generator according to the second special case of the present method.
FIG.7 - One practical realization of a random bit generator, according to the third special case of the present method.
FIG.8 - Time diagram of signals for the random bit generator according to d e third special case of the present method. 6 DETAILED DESCRIPTION OF AT LEAST ONE PRACTICAL REALIZATION OF THE INVENTION
In the section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION) we have described three special cases of the method wliich is the subject of the invention. In this section, one practical realization of each of the tliree special cases will be presented.
The drawing FIG. 3 shows one practical realization of a random bit generator, according to the first special case described in d e section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION). The generator comprises one random pulse generator RPG (shown in more detail in the FIG. 2), quartz oscillator QO, a counter wliich can count both up (forwards) and down (backwards), and the steering logic. The generator makes use of three subsequent pulses (a triplet) from the RPG in order to produce one random bit at its output. A cycle of generating of one random bit (FIG. 4) works in the following way. By every first pulse from the triplet of pulses from the RPG Hie counter resets to zero and starts counting pulses from the quartz oscillator QO in die "up" direction, by every second pulse the counter changes the direction of counting to "down", and by every third pulse the steering logic stops die counter by means of the logic gates AND. The steering logic then sets the output "Output" to the logic level "1" if the comiter shows a value greater than zero, otherwise it sets the output "Output" to logic level "0". After tiiat, d e steering logic sets the output "Ready" to logic level "1" if and only if the state of d e counter is not equal to zero, otherwise the output "Ready" is set to logic level "0". The output from die RPG is interpreted as follows. Whenever die output "Ready" is set to " 1" then the output "Output" contains a new random bit. Levels at the outputs "Ready" and "Output" stay unchanged until such moment when input "Request" exhibits a transition from low to high logic level, wliich resets the output "Ready" to "0" and starts a new cycle of generating of one random bit. Typical timing diagram for this generator is shown on the FIG 4.
The drawing FIG. 5 shows one practical realization of a random bit generator, according to the second special case described in die section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION). The generator comprises two independent random pulse generators RPG1 and RPG2 (each like the one shown in more detail in the FIG. 2), a comiter wliich can count botii up (forwards) and down (backwards), and the steering logic. The generator makes use of tliree subsequent pidses (a triplet) from die RPG1 in order to produce one random bit at its output. A cycle of generating of one random bit (FIG. 6) works in the following way. By every first pulse from the triplet of pulses from the RPG1 d e counter resets to zero and starts counting pulses from die RPG2 in d e "up" direction, by every second pulse the counter reverses its counting direction now counting the pulses from the RPG2 in "down" direction, and by every tiiird pulse the steering logic stops the counter by means of the logic gates AND. The steering logic tiien sets the output "Output" to die logic level "1" if d e comiter shows a value greater dian zero, oti erwise it sets d e output "Output" to logic level "0". After that, d e steering logic sets the output "Ready" to logic level "I" if and only if the state of the comiter is not equal to zero, otiierwise the output "Ready" is set to logic level "0". The output from the RPG is interpreted as follows. Whenever the output "Ready" is set to "1" then the output "Output" contains a new random bit. Levels at d e outputs "Ready" and "Output" stay unchanged until such moment when input "Request" exhibits a transition from low to high logic level, which resets the output "Ready" to "0" and starts a new cycle of generating of one random bit. Typical timing diagram for this generator is shown on the FIG 6.
The drawing FIG. 7 shows one practical realization of a random bit generator, according to the tiiird special case described in the section 4 (DETAILED DESCRIPTION OF THE PRESENT INVENTION). The generator comprises one random pulse generator RPG (shown in more detail in the FIG. 2), quartz oscillator QO, a counter wliich can count both up (forwards) and down (backwards), and the steering logic. The generator makes use of tliree subsequent pulses (a triplet) from the quartz oscillator in order to produce one random bit at its output. A cycle of generating of one random bit (FIG. 8) works in the following way. By every first pulse from the triplet of pulses from tiie quartz oscillator QO the comiter resets to zero and starts comiting pidses from the RPG in the "up" direction, by every second pulse the counter reverses its counting direction now comiting the pulses from the RPG in "down" direction, and by every tiiird pulse the steering logic stops the comiter by means of tiie logic gates AND. The steering logic then sets the output "Output" to tiie logic level "1" if d e comiter shows a value greater than zero, otherwise it sets tiie output "Output" to logic level "0". After that, the steering logic sets the output "Ready" to logic level "1" if and only if the state of the comiter is not equal to zero, otiierwise tiie output "Ready" is set to logic level "0". The output from tiie RPG is interpreted as follows. Whenever tiie output "Ready" is set to "1" then the output "Output" contains a new random bit. Levels at the outputs "Ready" and "Output" stay unchanged until such moment when input "Request" exhibits a transition from low to high logic level, which resets the output "Ready" to "0" and starts a new cycle of generating of one random bit. Typical timing diagram for tiiis generator is shown on d e FIG 8.
The three described practical examples of random bit generators do not limit in any way the claims defined in the section CLAIMS.
7 POSSIBLE APPLICATIONS OF THE INVENTION
Primary application of this invention is for the products related to computers, cryptography and the Internet, such as: peripheral generators of random numbers wliich may be connected to a computer via a serial, parallel, IRDA, USB or any other port, PC cards including video controllers, special purpose cards, PCMCIA cards, cliips for generating random nmiibers intended for motiierboards or other computer parts, Smart Cards, products for cryptographically secured communications, products for secure payment and business (B2C, B2B) etc. The described apparatus can also be used as a source of noise for electronics measurement equipment. The described apparatus can also be used as a generator of random numbers in hazard games automata, lottery, gambling, testing procedures in industry, scientific research and research of paranormal activity (psi factor).
BIBLIOGRAPHY
D. E. Knuth, The art of computer programming Vol 2., 3rd ed., Reading MA, Addison- Wesley, 1997.
U. Maurer, A Universal Statistical Test for Random Bit Generators, Journal of Cryptology, 5 (1992) 89-105
G. Marsaglia, Diehard battery of tests, available at tiie URL: http://statTsu.edu/~geo/diehard.html, 1996. National Institute of Standards and Teclniology test suite STS-1.50, available at tiie URL: http://www.nist. gov

Claims

1. A metiiod of generating random bits based on a generator of random and mutually independent physical events RPG, characterized by, the following steps: (a) considering pairs of independent events from the RPG; where time intervals defined by pairs of events do not overlap; (b) assigning to each of the said pairs of events a numerical value; where events in tiie pair can be subsequent but it is not a necessary condition, and (c) forming a random bit by assigning it a value of "0" if in an arbitrary pair of said numerical values the first value is greater than the second value, whereas assigning it a value of "1" if the first numerical value is smaller than the second value.
2. A metiiod as defined in the claim 1, characterized by, tiiat in the step (b) one assigns to each pair of events a numerical value which is approximately proportional to tiie time lapsed between the events in the said pair; by using a counter which comits periodical pulses and that the said numerical value is equal to tiie difference between number of comits at tiie moment of later event and the number of counts at the moment of the earlier event.
3. A method as defined in tiie claim 1, characterized by, tiiat in the step (b) one assigns to each pair of events a numerical value equal to the number of events from some other independent generator of random physical events, wliich events occur between occurrence of the earlier and later event in the said pair.
4. A method as defined in die claim 2, characterized by, tiiat die said counter starts comiting from zero only once and later on counts continuously.
5. A method as defined in die claim 2, characterized by, tiiat ti e said comiter starts comiting from zero at each such moment when the first event in a pair happens, or after a constant delay from such a moment.
6. A method of generating random bits based on a generator of random and mutually independent physical events RPG, characterized by, the following steps: (a) considering pairs of non-overlapping time intervals of constant lengtii Δt; (b) assigning to each of the said intervals a numerical value wliich is equal to the number of random pulses from the RPG wliich have occurred during the time interval in question, and (c) forming a random bit by observing an arbitrary pair of said numerical values and assigning to the said bit a value of "0" if the first numerical value in the pair is greater than the second value, whereas assigning to ti e said bit a value of "1" if the first numerical value in the pah is smaller than the second value.
7. A metiiod as defined in ti e claim 6, characterized by, that the start of each mterval in tiie step (a) is chosen in coincidence witii a random event, or witii some constant time delay from a random event.
8. A metiiod according to any of previous claims, characterized by, that in the step (c) each numerical value assigned to a pair of random events from die RPG can be used to foπn at most one random bit.
9. A apparatus for automatic regulation of pulses from a RPG, characterized by, comprising a negative feedback circuit realized either mechanically, electrically or optically which ensures that the average frequency f0 of the pulses from the RPG stays constant over a time period greater than l/f0.
10. A apparatus for generating random bits, characterized by, the use of any of the metiiods of generating random bits defined by the claims 1-8, witii or without the apparatus for automatic regulation of pulses from tiie RPG defined in the claim 9.
11. A apparatus according to ti e claim 10, characterized by, the use of a generator of random and mutually independent electric pulses whose randomness and mutual independence is based on the quantum photoelectric effect.
12. Sequence of bits obtained from a apparatus described in the claim 10 or 11, using a metiiod described hi claims 1-8, characterized by, the fact that even if all technical and methodological details of forming the sequence of bits are known - it is not possible to synchronize two or more such generators in the sense that they would produce identical sequences of bits.
PCT/HR2005/000028 2004-04-30 2005-04-27 Quantum random bit generator WO2005106645A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP05734986A EP1754140A2 (en) 2004-04-30 2005-04-27 Quantum random bit generator

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
HRP20040382A 2004-04-30
HR20040382A HRP20040382B1 (en) 2004-04-30 2004-04-30 Quantum random bit generator

Publications (2)

Publication Number Publication Date
WO2005106645A2 true WO2005106645A2 (en) 2005-11-10
WO2005106645A3 WO2005106645A3 (en) 2006-11-16

Family

ID=34968122

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/HR2005/000028 WO2005106645A2 (en) 2004-04-30 2005-04-27 Quantum random bit generator

Country Status (3)

Country Link
EP (1) EP1754140A2 (en)
HR (1) HRP20040382B1 (en)
WO (1) WO2005106645A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10042609B2 (en) 2014-05-09 2018-08-07 Quantum Numbers Corp. Method for generating random numbers and associated random number generator
US10168996B1 (en) 2018-01-15 2019-01-01 Quantum Numbers Corp. Method and system for generating a random bit sample
US10536224B1 (en) 2019-02-26 2020-01-14 International Business Machines Corporation Visualizing arbitrary pulse shapes and schedules in quantum computing applications
US10903424B2 (en) 2019-05-07 2021-01-26 International Business Machines Corporation Resistive RAM cell structure for gradual set programming

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3124753A (en) * 1961-08-21 1964-03-10 Methpuira
EP0828349A1 (en) * 1996-08-06 1998-03-11 AMERSHAM INTERNATIONAL plc Method of and apparatus for generating random numbers
WO2000038037A1 (en) * 1998-12-18 2000-06-29 The Regents Of The University Of California A RANDOM NUMBER GENERATOR BASED ON THE SPONTANEOUS α-DECAY
EP1241565A1 (en) * 1999-11-02 2002-09-18 Leisure Electronics Technology Co., Ltd. Thermal noise random pulse generator and random number generator
EP1320026A1 (en) * 2001-12-13 2003-06-18 STMicroelectronics S.r.l. Method for generating a random number sequence and a relative random bit generator

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3758873A (en) * 1972-07-14 1973-09-11 Epsco Inc Random pulse generator
US4853884A (en) * 1987-09-11 1989-08-01 Motorola, Inc. Random number generator with digital feedback
GB9205291D0 (en) * 1992-03-11 1992-04-22 Soundcraft Electronics Ltd Improvements in or relating to the digital control of analogue systems

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3124753A (en) * 1961-08-21 1964-03-10 Methpuira
EP0828349A1 (en) * 1996-08-06 1998-03-11 AMERSHAM INTERNATIONAL plc Method of and apparatus for generating random numbers
WO2000038037A1 (en) * 1998-12-18 2000-06-29 The Regents Of The University Of California A RANDOM NUMBER GENERATOR BASED ON THE SPONTANEOUS α-DECAY
EP1241565A1 (en) * 1999-11-02 2002-09-18 Leisure Electronics Technology Co., Ltd. Thermal noise random pulse generator and random number generator
EP1320026A1 (en) * 2001-12-13 2003-06-18 STMicroelectronics S.r.l. Method for generating a random number sequence and a relative random bit generator

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1754140A2 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10042609B2 (en) 2014-05-09 2018-08-07 Quantum Numbers Corp. Method for generating random numbers and associated random number generator
US10437559B2 (en) 2014-05-09 2019-10-08 Quantum Numbers Corp. Method for generating random numbers and associated random number generator
US10168996B1 (en) 2018-01-15 2019-01-01 Quantum Numbers Corp. Method and system for generating a random bit sample
US10430160B2 (en) 2018-01-15 2019-10-01 Quantum Numbers Corp. Method and system for generating a random bit sample
CN111684721A (en) * 2018-01-15 2020-09-18 量子数公司 Method and system for generating random bit samples
US10536224B1 (en) 2019-02-26 2020-01-14 International Business Machines Corporation Visualizing arbitrary pulse shapes and schedules in quantum computing applications
US10790912B2 (en) 2019-02-26 2020-09-29 International Business Machines Corporation Visualizing arbitrary pulse shapes and schedules in quantum computing applications
US10903424B2 (en) 2019-05-07 2021-01-26 International Business Machines Corporation Resistive RAM cell structure for gradual set programming

Also Published As

Publication number Publication date
HRP20040382A2 (en) 2006-03-31
EP1754140A2 (en) 2007-02-21
HRP20040382B1 (en) 2009-05-31
WO2005106645A3 (en) 2006-11-16

Similar Documents

Publication Publication Date Title
Stefanov et al. Optical quantum random number generator
Wayne et al. Photon arrival time quantum random number generation
Stipčević et al. Quantum random number generator based on photonic emission in semiconductors
US6249009B1 (en) Random number generator
US6697829B1 (en) Method of and apparatus for generating random numbers
Khanmohammadi et al. A monolithic silicon quantum random number generator based on measurement of photon detection time
EP0940011B1 (en) Method of and apparatus for generating random numbers
US7266575B2 (en) Random number generator which can generate a random number based on an uniform distribution
Park et al. QEC: A quantum entropy chip and its applications
Tontini et al. SPAD-Based Quantum Random Number Generator With an $ N^{\rm {th}} $-Order Rank Algorithm on FPGA
EP1754140A2 (en) Quantum random bit generator
EP3861431B1 (en) Device and method for generating random bit sequences
Alkassar et al. Obtaining true-random binary numbers from a weak radioactive source
Bateman The effect of beam time structure on counting detectors in SRS experiments
Park et al. A lightweight true random number generator using beta radiation for IoT applications
Rohe RANDy-A true-random generator based on radioactive decay
Silverman et al. Tests of alpha-, beta-, and electron capture decays for randomness
WO2008077833A1 (en) Quantum random number generator and method for the generation thereof
Geslot et al. Multimode acquisition system dedicated to experimental neutronic physics
US20240012619A1 (en) Systems and methods for direct random number generation from quantum random events
Hnilo Using Randomness to decide among Locality, Realism and Ergodicity
Banerjee et al. Unpredictable and Uniform RNG based on time of arrival using InGaAs Detectors
Banerjee et al. Experimental demonstration of high-entropy time of arrival based optical QRNG qualifying stringent statistical tests
Solymos et al. Efficiency improvement of photon arrival time based quantum random number generator with hashing
JPH11296348A (en) Natural random number and hybrid random number generating device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Country of ref document: DE

WWE Wipo information: entry into national phase

Ref document number: 2005734986

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2005734986

Country of ref document: EP