WO2008077833A1 - Générateur de nombres aléatoires et procédé de génération de ceux-ci - Google Patents

Générateur de nombres aléatoires et procédé de génération de ceux-ci Download PDF

Info

Publication number
WO2008077833A1
WO2008077833A1 PCT/EP2007/064032 EP2007064032W WO2008077833A1 WO 2008077833 A1 WO2008077833 A1 WO 2008077833A1 EP 2007064032 W EP2007064032 W EP 2007064032W WO 2008077833 A1 WO2008077833 A1 WO 2008077833A1
Authority
WO
WIPO (PCT)
Prior art keywords
digital signal
generator according
ndigt
quantum
detector
Prior art date
Application number
PCT/EP2007/064032
Other languages
English (en)
Inventor
Franco Zappa
Simone Tisa
Original Assignee
Politecnico Di Milano
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Politecnico Di Milano filed Critical Politecnico Di Milano
Publication of WO2008077833A1 publication Critical patent/WO2008077833A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation

Definitions

  • the present invention relates to a quantum random number generator and to the method for the generation thereof.
  • random number generators are therefore required providing random ciphers at a very high rate although not loosing in quality.
  • the price to pay for the One-Time Pads is that the key may only be used once (therefore, one key for each message). Furthermore, the numbers used for the key must really be random.
  • the mechanism used is very simple: an arithmetic combination with a key bit is made for every information bit. Therefore, a random bit is required for every datum bit.
  • a cryptographic mechanism may also be exploited to protect the authenticity of a message. For example, this is the case where a client accesses a restricted server.
  • the object is to make sure that, for safety reasons, the access key (the password) is never transmitted on the communication channel.
  • a typical example consists in financial transactions carried out on the Internet.
  • the server has a copy of the access keys of all potential clients. When a client intends to connect in a restricted manner to the server, the latter sends him/her a stream or sequence of random numbers. The client then sends back a function of its access key and of this stream. The server interprets it and grants access authorisation or not. Therefore, a different stream is used at each client's request and the access key is never transmitted on the channel. Good quality random numbers allow this to occur.
  • Random numbers also gain a great significance in quantum cryptography.
  • Quantum cryptography was developed to address the weaknesses of classical cryptography and substantially represents a future evolution thereof . Indeed, at the current stage of classical cryptography, supposing that good quality random numbers are used in the encryption, the computational power required by anyone attempting to attack the communication is still too high, virtually hardly available. Furthermore, the heavier encryptions are inaccessible to computers with the highest computational powers, even though it may be assumed that in future such a computational ability will be available.
  • the main weakness in classical cryptography is the issuing of the decryption key to all potential recipients of the message. Such an issuing is not an easy task in all networks where a great number of users needs to open restricted communication channels with more than one different user, that is in most cases, because the key needs to be transmitted through a safer, thus more expensive (or slower) channel.
  • Quantum cryptography allows to solve said problem.
  • the explanation of how this is possible is a direct consequence of the way photons, which are the quantum particles employed, behave. Polarisation, a quantum property thereof, may be exploited to describe different symbols.
  • a quantum phenomenon such as this one has an inherent advantage: anyone receiving a stream of "qubits” obviously needs to have a device recognising the polarisation thereof, precisely to recognise whether the received "qubits" are "0" or "1".
  • this reading is, in a manner of speaking, "invasive”: it is indeed a law of quantum mechanics that the polarisation of a photon may not be observed without altering the polarisation of the same.
  • Pseudorandom generators do not employ a physical process to generate random numbers. On the contrary, they rely on a mathematical and deterministic method. Substantially, a pseudorandom generator is an algorithm producing a random number from another random number, and a system at the input of which an arbitrary sample is provided and which provides the following sample at its output. Its implementation will be a software implementation due to its mathematical-algorithmic nature. It is only a matter of encoding a procedure in which the starting datum (designated as seed) is processed by a certain number of mathematical steps. Therefore, an arithmetical- logical function of the input will be obtained at the output.
  • each pseudorandom generator is thus the cyclic and continuous repetition of the same algorithm.
  • the parameter characterising the quality thereof is the time after which the sequence resumes repeating identically. This is why these generators are defined as pseudorandom.
  • the great advantage which is the reason why such generators are more and more widespread, is undoubtedly their low cost (due to the absence of specific hardware), their convenience and the high rate at which random bits may be generated.
  • a great disadvantage, besides the already mentioned "low randomness degree” is that a seed, that is the first input, is required to generate a sequence of pseudorandom numbers. It often occurs that precisely the choice of the seed has a considerable effect on the quality of the generated sequence; thus pseudorandom generators require a seed that must be as random as possible.
  • Chaotic generators exploit the behaviour of a classical physical system to generate randomness, such as for instance, the recording of the results obtained by the toss of a coin or by the throw of dice. However, it must be noted that this is not true randomness, but instead something very similar thereto. Indeed, to be precise, even chaotic systems are deterministic and therefore non-random systems. What leads such generators to appear random, is that a chaotic system is a system in which very small alterations of the initial conditions may induce the values of the state variables to be modified completely and, therefore induce the outcome of the generator and the predictability of the outcome itself to vary totally.
  • the first category displays a direct amplification of the thermal or shot noise, as described in the generator of US patent No. 6571263. Problems connected to this technique are the susceptibility to disturbances on inputs and other possible sources (substrate couplings or electromagnetic interferences) which make the integration of such circuits very laborious.
  • optic quantum generators have been developed.
  • An example thereof may be a photon striking a partially reflecting surface.
  • this apparatus is interpreted by stating that a particle encounters a potential barrier during its motion.
  • R representing the probability of the photon being reflected or transmitted.
  • R will be equal to 1/2, that is 50% of the probability of the photon being detected by the other part of the reflecting surface.
  • a random number generator exploiting a quantum effect may indeed be obtained by associating a "1" to the photon detection or a "0" to the non- detection, such as that described in US patent No. 6539410.
  • the principle exploited is similar to that previously described: a photon (one at a time, one for each random bit to be generated) is induced to strike a semitransparent mirror which may transmit it on a first detector or reflect it on a second detector. Quantistically, the probability of the first hypothesis taking place is 50%, exactly like the second. If a "1" is associated to the first detector and a "0" is associated to the second one, the generator will issue a "1" or "0” depending on where the photon has actually come to.
  • a single detector is exploited, and the photon may cover two different optical paths with different propagation times.
  • the time elapsed between the synchronism signal and the detection of the photon indicates which path has been covered and therefore identifies the bit, such as described in US patent application 2006/0010182.
  • the time interval between two subsequent synchronism pulses is subdivided in a certain number of subintervals, such as described in US patent application 2004/0139132.
  • the photon flow is calibrated and modulated in order to have on average only one photon for each interval.
  • the subinterval in which the photon falls identifies a multiple bit value, which is used to generate the random stream.
  • the time elapsed between the two photon hits may be measured, thus obtaining a multiple-bit exponential random distribution, such as described in US patent 6542014.
  • the object of the present invention is to provide a quantum random number generator overcoming the above-said drawback.
  • a quantum random number generator comprising a quantum event detector, first means adapted to acquire the signal outputted from such a detector and to generate a corresponding pulse signal, a binary counter adapted to count the pulses of said pulse signal in subsequent preset periods of time and to issue an n-bit digital signal, n being an integer, in response to the pulses counted in each time period, characterised in that it comprises second means adapted to extract a least significant part of each digital signal issued by the binary counter, said least significant part being defined as the integer remainder of the division of said digital signal by 2m, where m is a number varying from 1 to n and is determined by an external command, said least significant part of the digital signal representing a random number.
  • a method for the quantum generation of random numbers according to claim 16 may be provided.
  • figure 1 shows a quantum random number generator according to the invention
  • figure 2 shows the quantum events associated to the various time periods
  • figure 3 is a chart of the probability of counting a number of pulses N in a time window
  • figure 4 is a diagram of a part of the generator in figure 1 according to a first embodiment of the invention
  • figure 5 is a diagram of a part of the generator in figure 1 according to a second embodiment of the invention
  • figure 6 shows two of the digital counts outputted from the counter in figure 1 and the possible truncations
  • figure 7 is a chart of the probability of the digital count truncated at a cipher being equivalent to "0" and "1”
  • figure 8 is a chart of the probability of the digital count truncated at two ciphers being equivalent to "00", "01", “10” and "11”
  • figure 9 is a diagram of a
  • the generator comprises a quantum source 1 comprising a detector 3 for at least one quantum event 2 (for instance, single photons, ionising radiations, particles), an electronic front-end circuitry 5, and a counter 7.
  • Said generator comprises a device 10 having the digital count inputted from the output of the counter, which is adapted to generate random numbers corresponding to said digital count outputted from the counter.
  • the electronic circuitry 5 is a circuit for the acquisition of the signal 4 generated by the detector and for the generation of a pulse signal 6 to be sent to the counter.
  • the counter 7 is a binary counter adapted to count the pulses of the signal 6 in preset time periods T and adapted to generate a signal or digital count Ndig in response to the pulses counted in each time period T.
  • the duration of the time periods T is determined by an external signal 32; the time intervals T may be identical to one another or different from one another, contiguous or non-contiguous, as shown in figure 2 with the time intervals TA, TB, TX.
  • the counter 7 sends the completed count, that is the digital signal Ndig associated to the pulses counted for each time period T, to the device 10.
  • the digital signals outputted from the counter are for instance the numbers
  • NA an-l..a ⁇
  • NB bn-l..b ⁇
  • NC cn-l..c ⁇
  • the device 10 comprises a dedicated device 11 that receives the digital signals NA (an-l..a ⁇ ), NB (bn-l..b ⁇ ), NC (cn-l..c ⁇ ) etc. outputted from counter 7 and extracts a least significant part Ndigt from said digital signals.
  • the least significant part Ndigt is sent by means of an interface 12 to a processor and represents a random number.
  • An external signal S determines the number of bits required to form said least significant part.
  • the device 11 acts as a selector because it selects which bits of the inputted digital counts NA (an-l..a ⁇ ), NB (bn-l..b ⁇ ), NC (cn-l..c ⁇ ) etc., it must output.
  • the interface 12 has a reading synchronism signal 17.
  • the device 10 comprises the interface 12 that receives the digital counts NA (an-l..a ⁇ ), NB (bn-l..b ⁇ ), NC (cn-l..c ⁇ ) etc. outputted from the counter 7 and sends them to a processor 20 which is capable of extracting a least significant part Ndigt representing a random number from said digital counts by means of an appropriate software.
  • the interface 12 and the processor 20 have a reading synchronism signal 18 and the processor has an external command S that defines the amount of bits of Ndigt, equivalent to the least significant part of Ndig.
  • the method may also be extended to increasingly more significant bits up to the most significant one. If the binary encryption of such measurements is considered, an acquired even number means that the least significant cipher of its binary encryption is a "0", an odd number means that such a cipher is "1". Therefore, stating that the information upon the parity is random or not, corresponds to stating that the least significant bit is a random bit ("0" or "1") or not.
  • the least significant part Ndigt extracted from each digital count outputted from the binary counter 7 through means 10 is defined as the integer remainder of the division of the digital signal Ndig by 2m, where m is a number varying from 1 to n and is determined by an external command
  • said least significant part of the digital count represents a random number.
  • the extraction of 2 or more bits for each count interval is nothing more than an extension of the single-bit case.
  • the object is indeed to produce a 2m- symbol alphabet having uniform probabilities starting from a Poisson series. For instance, in the 2-bit case (for instance starting from the
  • NA an-l..a ⁇
  • NB bn-l..b ⁇
  • Figure 8 shows a probability diagram P(Ndigt) of the digital signal
  • Ndigt equivalent to the digital count Ndig truncated at the last two ciphers, being "00", "01", “10” o "11".
  • the bit rate may be increased by using both devices.
  • the periods of time for the count of the pulses 6 as a function of the least significant part of bits to be extracted may be reduced or increased.
  • the detector 3 is preferably a single-photon detector and is specifically comprised of a single photon avalanche photodiode (SPAD) and the electronic circuitry 5 is comprised of an Active Quenching Circuit (AQC).
  • AQC Active Quenching Circuit
  • any other detector adapted to detect single quantum events photons, particles, ionising radiations, Poisson events, etc. is intended to be used for this purpose.
  • the SPAD is substantially a strongly polarised reverse p-n junction.
  • the electric field is so high that a single electron- hole pair, which is designated as primary pair, generated within the unoccupied space may lead to the production by impact ionisation of an avalanche of carriers.
  • the space charge area may be exposed to external light, thus the primary pair may be photo-generated.
  • the leading edge of the avalanche signal signals the approach of a photon on the detector.
  • Thermally generated carriers may activate the avalanche as well: the parameter quantifying these triggers is indeed the rate of "dark" events.
  • the two thermal and photonic generation effects represent two indipendent Poisson sources having a quantum nature.
  • the generator of figure 9 comprises means 200 capable of varying the rate of photons detected by the detector 3.
  • a resistance RB (not shown in the figures) which passively starts to depolarise it with the voltage drop due to the avalanche current.
  • an actual sensing circuit which, once the pulse has been detected, through a positive reaction, switches the photodiode off (that is it restores it to the avalanche voltage).
  • the hold-off time the monostable within the circuit waits for before sending the reset signal may be externally set.
  • the set of switching off, hold-off and reset times represents the dead time tdead of the detector, and therefore sets the maximum count rate thereof. In the current implementation such a saturation rate of the detector is on the order of 30 MHz.
  • the following parameters may be considered, when the method is applied to the preferred implementation of the invention, based on a single photon avalanche photodiode (SPAD).

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

L'invention concerne un générateur de nombres aléatoires quantiques comprenant un détecteur (3) d'événement quantique (2), des premiers moyens (5) capables d'acquérir le signal (4) émis par le détecteur et de générer un signal à impulsions correspondant (6), un compteur binaire (7) pouvant compter les impulsions du signal à impulsions (6) dans des périodes prédéfinies ultérieures (T) et émettre un signal numérique à n bits (Ndig), n étant un entier, en réponse aux impulsions comptées à chaque période. Le générateur comprend des seconds moyens (10) capables d'extraire une partie (Ndigt) de chaque signal numérique (Ndig) émis par le compteur binaire (7), ladite partie étant définie comme étant le reste entier de la division dudit signal numérique par 2m, m étant un nombre variant de 1 à n et étant déterminé par une commande externe (S) ; ladite partie du signal numérique représentant un nombre aléatoire.
PCT/EP2007/064032 2006-12-22 2007-12-17 Générateur de nombres aléatoires et procédé de génération de ceux-ci WO2008077833A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITMI2006A002483 2006-12-22
ITMI20062483 ITMI20062483A1 (it) 2006-12-22 2006-12-22 Generatore quantistico di numeri casuali e relativo metodo di generazione

Publications (1)

Publication Number Publication Date
WO2008077833A1 true WO2008077833A1 (fr) 2008-07-03

Family

ID=39339226

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2007/064032 WO2008077833A1 (fr) 2006-12-22 2007-12-17 Générateur de nombres aléatoires et procédé de génération de ceux-ci

Country Status (2)

Country Link
IT (1) ITMI20062483A1 (fr)
WO (1) WO2008077833A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2940923A1 (fr) * 2014-04-28 2015-11-04 Université de Genève Méthode et dispositif pour un générateur optique de nombres aléatoires quantiques
WO2016086228A1 (fr) * 2014-11-28 2016-06-02 Fiske Software Llc Masquage d'informations dans du bruit
RU2613027C1 (ru) * 2015-10-02 2017-03-14 Российская Федерация, от имени которой выступает ФОНД ПЕРСПЕКТИВНЫХ ИССЛЕДОВАНИЙ Квантовый генератор случайных чисел
US9658831B2 (en) 2014-03-11 2017-05-23 Sony Corporation Optical random number generator and method for generating a random number

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002039639A2 (fr) * 2000-11-10 2002-05-16 Thales Procede et systeme de transmission par cryptographie quantique
US20060010182A1 (en) * 2004-07-06 2006-01-12 Altepeter Joseph B Quantum random number generator

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002039639A2 (fr) * 2000-11-10 2002-05-16 Thales Procede et systeme de transmission par cryptographie quantique
US20060010182A1 (en) * 2004-07-06 2006-01-12 Altepeter Joseph B Quantum random number generator

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
M. STIPCEVIC, B. MEDVED ROGINA: "Quantum random number generator based on photonic emission in semiconductors.", REVIEW OF SCIENTIFIC INSTRUMENTS, no. 78, 9 April 2007 (2007-04-09), online, pages 045104-1 - 045104-7, XP002479718, Retrieved from the Internet <URL:http://scitation.aip.org/getpdf/servlet/GetPDFServlet?filetype=pdf&id=RSINAK000078000004045104000001&idtype=cvips&prog=normal> [retrieved on 20080506] *
SOUBUSTA J , ONDREJ HADERKA, PAVLICEK,HENDRYCH: "Experimental realization of quantum random number generator", PROCEEDINGS OF THE SPIE - THE INTERNATIONAL SOCIETY FOR OPTICAL ENGINEERING SPIE-INT. SOC. OPT. ENG USA, vol. 5259, no. 1, 2003, pages 7 - 13, XP002479717, ISSN: 0277-786X *
SOUBUSTA J ET AL: "Quantum random number generator", PROCEEDINGS OF THE SPIE, SPIE, BELLINGHAM, VA, vol. 4356, 1 January 2001 (2001-01-01), pages 54 - 60, XP007903144, ISSN: 0277-786X *
WANG P ET AL: "Scheme for a quantum random number generator", JOURNAL OF APPLIED PHYSICS, AMERICAN INSTITUTE OF PHYSICS. NEW YORK, US, vol. 100, no. 5, 14 September 2006 (2006-09-14), pages 56107 - 056107, XP012089988, ISSN: 0021-8979 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9658831B2 (en) 2014-03-11 2017-05-23 Sony Corporation Optical random number generator and method for generating a random number
EP2940923A1 (fr) * 2014-04-28 2015-11-04 Université de Genève Méthode et dispositif pour un générateur optique de nombres aléatoires quantiques
JP2015215888A (ja) * 2014-04-28 2015-12-03 ユニヴェルシテ ドゥ ジュネーヴ 光学系に基づく量子乱数発生の方法及びデバイス
US9747077B2 (en) 2014-04-28 2017-08-29 Université De Genève Method and device for optics based quantum random number generation
US9772820B2 (en) 2014-04-28 2017-09-26 ID Quantique Method and device for optics based quantum random number generation
US10331412B2 (en) 2014-04-28 2019-06-25 Université De Genève Method and device for optics based quantum random number generation
WO2016086228A1 (fr) * 2014-11-28 2016-06-02 Fiske Software Llc Masquage d'informations dans du bruit
RU2613027C1 (ru) * 2015-10-02 2017-03-14 Российская Федерация, от имени которой выступает ФОНД ПЕРСПЕКТИВНЫХ ИССЛЕДОВАНИЙ Квантовый генератор случайных чисел

Also Published As

Publication number Publication date
ITMI20062483A1 (it) 2008-06-23

Similar Documents

Publication Publication Date Title
CN110088726B (zh) 量子随机数生成的方法和装置
Stipčević et al. True random number generators
Mannalatha et al. A comprehensive review of quantum random number generators: Concepts, classification and the origin of randomness
Wayne et al. Photon arrival time quantum random number generation
Liu et al. Chaos‐based fast colour image encryption scheme with true random number keys from environmental noise
Herrero-Collantes et al. Quantum random number generators
Cao et al. Source-independent quantum random number generation
US11757658B2 (en) Methods and systems for implementing mixed protocol certificates
Stipcevic Quantum random number generators and their applications in cryptography
US6249009B1 (en) Random number generator
Acosta et al. Embedded electronic circuits for cryptography, hardware security and true random number generation: an overview
Park et al. QEC: A quantum entropy chip and its applications
US20030158876A1 (en) On-line randomness test through overlapping word counts
WO2008077833A1 (fr) Générateur de nombres aléatoires et procédé de génération de ceux-ci
Arbekov et al. Extraction of quantum randomness
Chamon et al. Deterministic random number generator attack against the Kirchhoff-law-Johnson-noise secure key exchange protocol
Gavrylko et al. A physical quantum random number generator based on splitting a beam of photons
Zhao et al. A novel NTT-based authentication scheme for 10-GHz quantum key distribution systems
Caccia et al. In-silico generation of random bit streams
Hughes et al. Strengthening the security foundation of cryptography with Whitewood’s quantum-powered entropy engine
Soorat et al. Hardware Random number Generator for cryptography
Chamon et al. Random number generator attack against the Kirchhoff-law-Johnson-noise secure key exchange protocol
Farajallah PSEUDO RANDOM NUMBER GENERATOR BASED ON LOOK-UP TABLE AND CHAOTIC MAPS
Park et al. SCR-QRNG: Side-channel resistant design using quantum random number generator
Bisadi All-silicon-based photonic quantum random number Generators

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07866287

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07866287

Country of ref document: EP

Kind code of ref document: A1