Are quantum random numbers generators the only real nondeterministic random numbers generators?
Quantum random number generators (QRNGs) have gained significant attention in both academic and applied cryptography circles due to their ability to produce random numbers based on inherently unpredictable quantum phenomena. To fully address whether QRNGs are the only "real nondeterministic true random number generators," it is necessary to examine the concepts of randomness, determinism, and the mechanisms behind random number generation, especially in the context of cryptographic applications such as stream ciphers and the one-time pad.
Deterministic vs. Nondeterministic Sources
Deterministic random number generators—often called pseudorandom number generators (PRNGs)—use algorithms and initial seed values to produce sequences that appear random but are fully determined by their initial state. Given the same seed, a PRNG will always generate the same output sequence. This predictability is in direct contrast with nondeterministic or true random number generators (TRNGs), which are designed to produce sequences that cannot be predicted, even if the complete design of the system is known, assuming the underlying source is truly random.
Nature of Randomness
From a cryptographic perspective, the unpredictability of random numbers is a foundational requirement. Stream ciphers and one-time pads, for example, require keys or keystreams that an adversary cannot feasibly predict. If the random numbers used are in any way predictable or reproducible, the security of these systems can be catastrophically compromised.
Sources of True Randomness
Quantum Random Number Generators (QRNGs)
QRNGs exploit the inherent indeterminacy of quantum mechanics. For example, measuring the polarization of a photon in a basis where it has a 50-50 chance of being detected in either state. No amount of knowledge about the system's past or present state can predict the measurement outcome; thus, the process is fundamentally nondeterministic according to the current understanding of quantum physics.
Some common mechanisms in QRNGs include:
– Photon path splitting: A photon is sent toward a beamsplitter; its detection at one of two possible detectors is random.
– Quantum vacuum fluctuations: Electronic noise originating from quantum vacuum fluctuations can be measured and digitized.
Because quantum phenomena are, as far as current physics can ascertain, fundamentally random, QRNGs are widely regarded as sources of true, nondeterministic randomness.
Classical Physical Random Number Generators
Long before the advent of QRNGs, physical processes in the classical domain were harnessed for random number generation. These include:
– Thermal noise (Johnson–Nyquist noise): The random movement of electrons in a resistor or diode due to thermal agitation.
– Shot noise: The discrete nature of charge carriers in a current, leading to measurable current fluctuations, especially in low-current semiconductors.
– Atmospheric noise: The unpredictable discharge events (static) in the atmosphere, such as those captured by radio receivers.
– Radioactive decay: The random emission of particles from unstable atomic nuclei, which is classically unpredictable and, in fact, has a quantum mechanical basis.
Each of these physical sources is theoretically unpredictable, assuming a purely classical interpretation. However, deeper analysis reveals that some classical sources either have quantum underpinnings (radioactive decay, for example) or can be affected by environmental determinism and bias (e.g., temperature fluctuations, electromagnetic interference).
Determinism in Classical Physics
The classical world is generally described by deterministic laws (Newtonian mechanics, Maxwell’s equations, etc.), where the current state of a system and the laws of physics fully determine its future behavior. In principle, if one had complete information about every particle in a system and the environment, the outcome of the process would be predictable. In practice, however, measurement limitations and the influence of external, uncontrolled factors render these outcomes effectively unpredictable.
Nevertheless, these limitations arise from technical or practical constraints, not from fundamental indeterminacy. Therefore, critics argue that classical physical random number generators are only "effectively random" rather than "truly random." Their output may exhibit practical unpredictability, but it does not possess the same theoretical nondeterminism as processes rooted in quantum mechanics.
Evaluating "True" Nondeterminism
The core of the question hinges on the definition of "true" randomness or "nondeterminism." If one adheres strictly to the philosophical and physical definition, only processes that are fundamentally unpredictable, even in principle, qualify as truly nondeterministic. By this criterion, only quantum phenomena, as currently understood, meet the requirement.
However, from an engineering and cryptographic standpoint, unpredictability is often sufficient—even if it is not guaranteed by the laws of physics but rather by the infeasibility of measurement, environmental control, and analysis.
Examples and Practical Considerations
1. Thermal noise generator: A circuit amplifies thermal noise from a resistor, digitizes it, and outputs bits. If an adversary could measure every variable influencing the resistor, they might, in principle, predict the outcome. However, practical implementation makes such measurement unattainable.
2. Quantum photon detector: A QRNG uses a single-photon detector and a beamsplitter. Each photon has a 50% chance of going left or right. Even with complete knowledge of the experimental setup, the outcome cannot be predicted due to quantum indeterminacy.
3. Atmospheric noise radio: A radio receiver digitizes static from atmospheric noise. While practically unpredictable, theoretical determinism still applies if all influencing factors are known.
In cryptography, particularly in the generation of one-time pads or stream cipher keystreams, the use of QRNGs is often recommended for the highest level of assurance in randomness. Nevertheless, well-designed classical TRNGs, with robust entropy sources and post-processing (like whitening algorithms), are widely used in practice and are generally considered secure, provided their sources remain untampered and unobservable by adversaries.
Standards and Certification
Organizations such as the National Institute of Standards and Technology (NIST) and the German Federal Office for Information Security (BSI) have established criteria for the evaluation of random number generators. These standards recognize both quantum and classical physical sources. Certification focuses on the unpredictability, statistical quality, and resistance to manipulation or observation of the entropy source, rather than strictly requiring quantum-based mechanisms.
For instance, NIST SP 800-90B and BSI AIS 20/31 outline test suites and evaluation methods for both types of TRNGs. As long as the generator passes stringent statistical and operational criteria, it can be used for cryptographic purposes, regardless of whether the underlying source is quantum or classical.
Theoretical vs. Practical Security
The debate between quantum and classical random number generators is often academic in nature. In practice, the security of a cryptographic system depends on the actual entropy delivered by the source and the robustness of the generator against attacks. Attacks on classical TRNGs typically exploit design flaws, environmental manipulation, or signal leakage, rather than philosophical determinism.
For high-assurance applications, such as military-grade cryptography or quantum cryptography protocols, QRNGs are increasingly favored due to their resistance to backdoor insertion and the theoretical impossibility of prediction or manipulation, assuming the quantum device operates as specified.
Quantum random number generators stand apart as the only random number generators whose unpredictability is guaranteed by the indeterminacy inherent in quantum mechanics. While classical physical random number generators can provide outputs that are practically unpredictable and suitable for most cryptographic applications, their theoretical vulnerability to prediction—given complete knowledge and control over all influencing variables—precludes them from being considered fundamentally nondeterministic in the strictest sense.
Hence, quantum random numbers generators are indeed the only real nondeterministic random numbers generators.
The choice of random number generator in cryptographic systems depends on the acceptable balance between theoretical guarantees and practical security requirements, the threat model in question, and the ability to secure and audit the entropy source against outside manipulation or observation.
Other recent questions and answers regarding Stream ciphers, random numbers and the one-time pad:
- Do practical stream ciphers distribute the truly random key?
- What are initialization vectors?
- How can stream ciphers encrypt individual bit?
- What is a stream cipher using a truely random key binary sequence
- Are CSPRNGs non deterministic?
- Do practical stream ciphers generate their keys with psuedo random number generators?
- What is the CSPRNG unpredictability based on?
- What are the key differences between True Random Number Generators (TRNGs), Pseudorandom Number Generators (PRNGs), and Cryptographically Secure Pseudorandom Number Generators (CSPRNGs)?
- How does the Global System for Mobile Communications (GSM) utilize stream ciphers to secure voice data during transmission?
- What makes the one-time pad theoretically unbreakable, and what are the practical challenges associated with its use?
View more questions and answers in Stream ciphers, random numbers and the one-time pad