Quantum Random Bit Generators

Author(s): Thomas P. Turiel

Source: The American Statistician, Vol. 61, No. 3 (Aug., 2007), pp. 255-259
Published by: Taylor & Francis, Ltd. on behalf of the American Statistical Association
Stable URL: https://www.jstor.org/stable/27643903
Accessed: 27-12-2019 05:31 UTC

REFERENCES
Linked references are available on JSTOR for this article:
https://www.jstor.org/stable/27643903?seq=1&cid=pdf-reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.

JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.

Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms

Taylor & Francis, Ltd., American Statistical Association are collaborating with JSTOR to
digitize, preserve and extend access to The American Statistician

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
 Quantum Random Bit Generators

Thomas P. Turiel

{O, 1, 2, 3, 4, 5, 6, 7, 8, 9}. Observer B knows that X? is gener

ating the digits in the number n and therefore he or she would
The importance of random number generators has increased say that the process is not generating random numbers. Observer
over the years. This follows from the fact that contemporary A does not know the secret of the numbers of the process called
research methods rely more and more on simulation and the in E, applies a battery of standard statistical tests to check if the
creased importance of encryption technology. The output of a numbers are random, and they pass all the tests (Jaditz 2000).
random number generator is created by either an algorithm or Since the sequence passed the battery of tests, Observer A labels
a physical device. The most popular method for random num the process a random number generator, and implies that he can
ber generation is through the use of an algorithm. This article not predict future digits based on the knowledge of past digits.
presents a new category of physical random bit generator that is As an outside observer, we would say then that randomness and
packaged by several manufacturers. A statistical analysis of the predictability are relative.
output from the generators is given.
Generator II?Consider a generator that con
catenates the natural numbers in their binary form
KEY WORDS: Algorithmic randomness; Beam splitter; Pho
ton; Quantum; Random number generator.
B = {1,10,11,100,101,...}; that is, its output is
F = 11011100101.... We would not deem the digits to
be random, yet they pass statistical tests for the hypothesis of
being a sequence of random bits (Champernowne 1933).
Anyone who considers arithmetical methods of producing
random digits is, of course, in a state of sin These two examples reveal that the decision to select a random
?John von Neumann (1951) bit generator is based on two factors: (1) the source of the bits and
(2) whether a sample of bits from that source can successfully
1. INTRODUCTION pass some statistical tests. For the first factor, source of random
numbers, the choices are either a mathematical formula or a
Random numbers are used in statistical experiments, simula physical device. For the second factor, choice of statistical tests,
tion of stochastic systems, Monte Carlo methods, probabilistic the process is not so simple. The problem with the second factor
algorithms, computer games, cryptography, and gambling ma is that there is no single test or battery of tests that proves a
chines (L'Ecuyer 2001). A poorly chosen number generator can generator is definitely random (L'Ecuyer and Simard in press)
cause valid physical models to predict incorrect results (Cod
dington 1994) and, in fact, a poorly selected number generator 2.1 Sources of Random Numbers
caused a security breach in Netscape's browser (Markoff 1995).
A new category of random bit generator is presented here. When a generator is a mathematical formula that is run as a
The generator creates bits by passing light through two coupled program on a computer, the generator is called a pseudo-random
prisms in a configuration called a beam splitter. This category of number generator?PRNG (Rukhin, Soto, and Nechvatal 2000).
random bit generator is being investigated by several research This category of generator takes one or more input values called
organizations and is sold commercially. Some of these organiza seeds and delivers a deterministic output. For a given seed, the
tions and businesses have posted bit strings from their generators random number generator will always produce the same output.
on the World Wide Web. The generator is formulated to create output that appears random
This article presents an overview of random bit generators, (L'Ecuyer 2001). The appearance means that a sample from the
an overview of methods used to test random bit generators, a generation process passes the standard battery of statistical tests;
description of a new category of random bit generator, and then see Deng and Lin (2000), McCullough (1998, 1999), and Rotz,
an analysis of the data posted on the World Wide Web. Falk, Wood, and Mulrow (1999). An important measure placed
on this category of generator is its period, the existence of which
2. CHOOSING A RANDOM BIT GENERATOR comes from the fact that the generator occupies a finite amount
of computer memory and therefore must recycle its output.
The issues involved in the selection of a random bit generator When the generator is a physical device that generates ran
can be seen through the following examples (Svozil 1990): dom bits, the generator is called a random number generator?

Generator I?Two observers named A and B are monitor RNG (Rukhin, Soto, and Nechvatal 2000). Physicists found, in
the early 20th century that although Newton's Laws dominate
ing a process called ? that generates the digits in the set
the behavior of the world that we perceive, new laws dominate
the world of the very small. The name of the laws that domi
Thomas P. Turiel is an Adjunct Instructor at a number of colleges in the
Albany, NY, area, 2045 Caldicott Road, Schenectady, NY 12303 (E-mail: nate the world of the very small are called the laws of quantum
eturiel@nycap.rr.com). mechanics. Usually, a generator's behavior is either dominated

?2007 American Statistical Association DOT 10.1198/000313007X223225 The American Statistician, August 2007, Vol. 61, No. 3 255

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
exclusively by Newton's Laws or dominated exclusively by the
laws of quantum mechanics.
If the physical device is dominated by Newton's Laws, then
knowledge of all initial conditions acting upon the device is
sufficient to predict the final conditions of the device. As an
example, if an experiment is defined as the tossing of a single
coin, then when Newton's law is applied to the initial conditions
of the coin, the final condition of the coin can be predicted.
Thus, for a device that obeys Newton's laws, an algorithm can
be written that takes as input the initial conditions of the device
and predicts the final conditions of the device with certainty.
The device could be called algorithmically deterministic. Still,
the device is classified as a random number generator when a
sample of the device's output passes any standard battery of
statistical tests of randomness.
If a physical device is dominated by the laws of quantum me
chanics, then the situation is different. One of the axioms of
quantum mechanics states that no algorithm exists that will pre
dict the final conditions of the device from its initial conditions
(Berkeland, Raymondson, and Tassin 2004). This failure in pre
dictability of the physical world of the very small is called algo
rithmic randomness (Jennewein et al. 1999) or simply quantum
randomness . The axiom of algorithmic randomness has sur
vived more than 80 years of testing and has never been rejected.
In 1985 Alain Aspect combined the result of an experiment he
performed with a theorem proved by J. S. Bell that laid to rest the
possibility that this axiom could be incorrect (Styer 2003). More
recent experimental results have reinforced Aspect's findings:
Berkeland, Raymondson, and Tassin (2004) and Svozil (1990).
2.2 Tests of Randomness
There are a number of popular test suites that can be used to
assess the randomness of numbers from a number generator.
One popular suite is called the DIEHARD Suite (Marsaglia was packaged by the National Institute of Standards and Tech
1996) and consists of 18 statistical tests. This suite is insufficient nology and is used by the U.S. Federal Government to certify
to test if an ordered set of bits are random because the hypothesis the security requirements of devices that are used for protecting
of most of the tests in the suite is that the numbers in the sampled sensitive information within computer and telecommunications
data are generated by a uniform discrete distribution over the FIPS (2007). FIPS-140-2 consists of four subroutines:
integers 0 to 231 ? 1. The tests do not address the assumption of
the independence of the individual bits (Gentle 2003). L'Ecuyer
specifically states that this test suite is not very stringent and
therefore should not be used (L'Ecuyer and Simard in press).
An alternative collection of statistical tests used in the evalua
tion of random number generators is called the NIST Suite (NIST
2007), created by the National Institute of Standards and Tech
nology. This suite consists of 16 tests and most of the statistics
are used to test the hypothesis that a sequence of bits are gener
ated by independent realizations of a Bernoulli process (Gentle
2003).
TestUOl is a collection of two sets of C programs. The first
set of programs are used to generate pseudo-random numbers
and the second set of programs are randomness tests. TestUOl
includes all of the DIEHARD and NIST suite tests in addition
to other statistical tests. The collection was created by Pierre
L'Ecuyer, a leading expert in the testing of random number gen
erators (McCullough 2006) and is recommended by other experts
in the field (Gentle 2003).
2.2.7 TestUOl When Many Bits are Available
If more than 10 million bits are available for analysis, then the
battery of tests within TestUOl called Alphabit can be applied
to the sample. Alphabit is the name of the battery of tests that
the TestUOl user manual recommends to measure the adequacy
of a hardware random bit generator. This battery of tests is con
structed from four single-parameter subroutines, and the param
eter must be assigned a value for the test to become completely
specified. Each subroutine uses the letter L as the designation of
their parameter. The four subroutines are:
1. MultinomialBitsOver(L) can be viewed as an entropy test
where L is the length of the bit strings (L'Ecuyer and Simard
in press). The values of L considered were L = 2, 4, 8, and
16.
2. Hamminglndep(L) applies two tests of independence
on the Hamming weights of successive blocks of L bits
(L'Ecuyer and Simard 1999) and (L'Ecuyer and Simard in
press). The values of L considered here are L = 16 and 32.
3. HammingCorr(L) a correlation test on the Hamming
weights of successive blocks of L bits (L' Ecuyer and Simard
in press). Only the value of L = 32 is investigated.
4. RandomWalkl(L) applies a variety of random walk sta
tistical tests of length L over the integers. The different tests
are called H, M, J, R, and C (L'Ecuyer and Simard in press).
The values of L considered here are L = 64 and L = 320.
2.2.2 TestUOl When there is a Restriction on the Number of
Bits in the Sample
If there is not a sufficient number of bits to run Alphabit, but
at least 20,000 bits are available, then TestUOl offers a smaller
alternative called FIPS-140-2. This alternative battery of tests
1. Monobit test: an entropy test investigating n = 20,000
blocks of L = 1 bit by taking s = 32 strings (L'Ecuyer,
Compagner, and Cordeau 1996; L'Ecuyer and Simard in
press).
2. Poker test: an entropy test investigating n = 5,000 blocks
of L = 4 bits by taking s = 32 strings (L'Ecuyer, Com
pagner, and Cordeau 1996; L'Ecuyer and Simard in press).
3. Runs test: a check of runs of zeros and ones for lengths of
1 through 6 (L'Ecuyer and Simard in press).
4. Longest Run of Ones in a Block test: looks at the length
of the longest substring of successive l's in strings of a
specific length (L'Ecuyer and Simard in press).
It is important to keep in mind when analyzing the test results
that no random number generator will pass all tests. A random
number generator is labeled bad if a sampled sequence does not

256 Statistical Computing and Graphics

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
pass simple tests and good if the sampled sequence passes all
but the most complicated tests (L'Ecuyer 2001).
Any of the standard statistical tests of randomness (Knuth
1981) can be viewed as testing for algorithmic randomness
(Maurer 1992). Consequently, when a string of bits are algorith
mically random they will pass all statistical test of randomness
(Yurtsever 2000).

i="
There is a problem in determining if a physical device is gen Photon So:tirce! Beamsplitter
erating an algorithmically random sequence of bits. Formally, if
X (N) is the length of the smallest computer program that can
have as its output the first N bits of a device, and

lim x(N) -> oo, (1)

N->oo

then the device is called algorithmically random (Yurtsever ^7

2000). Informally, this means that an infinite string of binary
Figure 1. Illustration of a quantum random number generator. A laser emits
digits is algorithmically random when no finite program can of light called a photon along a path to a device called a beam split
a particle
generate the string (Calude 2005). The problem then is ter.that
Theno
beam splitter contains a half-silvered mirror coated in such a manner
that approximately
finite string of bits can be shown to be algorithmically random, a 50% of the time the photon is detected at Detector A and
approximately 50% of the time the photon is detected at Detector B.
fact related to Godel's Incompleteness (Chaitin 1982). However,
the concept does eliminate the dilemma in determining whether
Generator I and Generator II are random bit generators.Physics of the University of Geneva (GAP 2006); and a pro
totype is being worked on at Hewlett-Packard that is currently
2.3 Whence Statistically Independent Observations
being in
called QRBG (Fiorentio et al. 2006).
Physical Systems Figure 1 shows how this quantum mechanical process gener
ates bits. A laser emits a particle of light called a photon along a
The statement that n flips of a coin gives statistically inde
path to a device called a beam splitter. The beam splitter contains
pendent observations is accepted by all but a few students in a
a half-silvered mirror coated in such a manner that approximately
basic statistics course. The questions of the few nay sayers are
50% of the time the photon is detected at Detector A and approx
put to rest when a battery of statistical tests of randomness are
imately 50% of the time the photon is detected at Detector B. The
passed by the data from such an experiment. However, as stated
process of sending a photon from a laser and then detecting it at
in the previous section, theoretically Newton's Laws allow pre
one of two detectors is quantum mechanical and will therefore
diction of future flips from past flips. Regardless, the variables
theoretically pass all tests of randomness.
of the coin-flip experiment are deemed statistically independent
An algorithm developed by Peres (1992) accommodates the
solely because they will pass a battery of statistical tests of ran
beam splitter when there is not an exact division of photons
domness. In general, statistically independent observations on
between Detectors A and B. A simpler form of the algorithm
any physical device that obeys Newton's Laws are called statis
was introduced by von Neumann (1951) and only assumes that
tically independent observations because they pass a battery of
the process is Bernoulli.
statistical tests.
The von Neumann algorithm can be explained as follows. Let
Observations from physical devices that obey the laws of
quantum mechanics are algorithmically random. This means pAfirst
? p{photon leaving the laser is detected at A }, (2)
that each observation is intrinsically random and second that an
ensemble of observations will pass any battery of statistical tests
and
of randomness with probability one (Svozil 1990).
pB = p{photon leaving the laser is detected at B.} (3)

3. A NEW QUANTUM RANDOM NUMBER

Let the laser emit two consecutive photons. The generator will
GENERATOR give a signal of zero when the first photon is received by Detector
A and the second photon is received by Detector B, and the gen
Recently, a new quantum mechanical process for generating erator will give a signal of one when the first photon is received
by Detector B and the second photon is received by Detector
random bits has been harnessed and designed into a practical de
vice (Jennewein et al. 1999). Several manufacturers have eachA. The random number generator does not create a signal if the
consecutive photons are both received by the same detector. The
taken the design and incorporated it into their own device for gen
probability that the generator will generate a signal of zero is
erating random bits. Devices that use this design are called Quan
tum Random Number Generators. These quantum random num
ber generators are marketed under the names: Quantis QRNG
PAPB =
PAPB + PBPA
from id Quantique (Quantis 2006; Stefanov, Gisin, and Guinnard
2006); QRBG121 from Rudjer Innovations Limited, Hungary
and the same result will occur when calculating the probability
(Stipcevic and Rogina 2006); QRandom at GAP-Department ofa signal of one is generated.

The American Statistician, August 2007, Vol. 61, No. 3 257

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
3.1 Theoretical Comparison of Quantum Random Number 3.2.1 Prototype Device from the University of Vienna
Generators to PRNGs
The research team at the University of Vienna were the first
L'Ecuyer (2004) stated that a key in constructing a physical group of people to construct the quantum random bit genera
random number generator is the assurance that the output is tor based on the design that is presented here (Jennewein et al.
independent and identically distributed. The result of the last 1999). They have created a Web site at www.quantum.univie.ac.
subsection addresses the statistical nature of the photons and at/research/photo entangle/rng/index.html to allow anyone ac
can be examined more thoroughly in the works of Malley and cess to 80 million bits generated by one of their experiments.
Hornstein (1993), Berkeland, Raymondson, and Tassin (2004), The data from this experiment passed the Alphabit tests: Ran
and Svozil (1990). The use of the von Neumann algorithm or its domWalkl under the statistic C for lengths L = 64 and L ? 320,
more sophisticated cousin, the Peres algorithm, guarantees that and the Hamming Correlation; it also passed all FIPS-140-2 tests.
the output is identically distributed with probabilities of 0 and 1 As far as can be determined, the only published analysis of the
both being one half. randomness of this data was done by the research team and that
L'Ecuyer (2004) stated the reason that a PRNG is used over analysis consisted of a cursory comparison of the their genera
an RNG in computational statistics is because: tor's performance to the pseudo-random number generator that
is available in Turbo C++ .
a. RNGs are more cumbersome to install and run
3.2.2 Hewlett-Packard Prototype QRBG
b. RNGs are more costly The research team at Hewlett-Packard (Fiorentio et al. 2006)
c. RNGs are slow have also constructed a Web site with data generated from their
prototype and its URL is www.hpl.hp.com/research/qsr/people/
d. RNGs do not generate reproducible random numbers MarcoFiorention/qrbg.html. The 17 megabytes of data at the
Web site was analyzed for this article. The data passed all of
The new quantum random bit generators are user-friendly,
the Alphabit tests and all of the FIPS-140-2 tests. The paper
relatively inexpensive, and almost as fast as a CPU generation.
presenting the device (Fiorentio et al. 2006) states that it passed
The quantum random bit generator does not create reproducible all 15 tests of the NIST suite.
results, so the issues of model comparison, debugging, and model
verification do not fare well (L'Ecuyer 2004). 3.2.3 QRBG 121 from Rudjer Innovations Limited
As L'Ecuyer (2004) stated, a RNG is useful when
This quantum random bit generator is commercially available,
1. An auxiliary source of a seed is needed for a PRNG connects to a PC and costs about $1,800. The manufacturer has
a Web site at qrbg.hr that presents 1 million bytes of data from
2. Generating random numbers for cryptographic applications one of its generators for analysis. There were not enough bits in
the data source for analysis by Alphabit; however, it was found
3. Generating random numbers for gambling applications.
that the data passed all the FIPS-140-2 tests. The technical staff
The new quantum random bit generators do not have any prop have published a paper where they show the result of both the
erties that would detract from these applications for RNG. In fact, DIEHARD and the NIST test on a dataset (Stipcevic and Rogina
the portability of the quantum random bit generators might make 2006).
them more attractive to the applications listed.
3.2.4 QRandomfrom the University of Geneva
Finally, a point on comparing both generators based on statis
tical test results. Theoretically, quantum random bit generators This quantum random bit generator is plug-and-play, self
should pass all statistical tests of randomness because they are powered, and produces bits at a rate of 100kHz. The research
algorithmically random (Yurtsever 2000). Practically, they might team that created this device is part of the Physics Depart
not pass all tests because of process degradation. Quality control ment of the university. The team has created a Web site at
in the form of periodic tests of randomness must be performed www.gapotic.unige.ch/Prototype/QRNG that makes 10 million
on such devices. As stated earlier, a PRNG is chosen using the bits of data from one of their generators available for analy
criterion that it is labeled bad if a sampled sequence does not sis in unaltered, von Neumann unbiasing, and Peres unbiasing
pass simple tests and good if the sampled sequence passes all forms. There were not enough bits in the data source for anal
but the most complicated tests (L'Ecuyer 2001). Therefore, a ysis by Alphabit; however, it was found that the data passed all
PRNG will not pass all statistical tests but needs only one qual the FIPS-140-2 tests. The team at the university has subjected
ity control test. their device to a set of rudimentary statistical tests, the results of
which can be found in GAP-Optique (2006).
3.2 Results of Quantum Random Bit Generators Being 3.2.5 Quantis QRNG
Subjected to Statistical Tests of Randomness
This quantum random bit generator is available as an expan
Several research labs and commercial sites have posted the sion card for Windows XP, Linux, and Solaris; running at 16
output from their quantum random bit generators on the World Mbits/second and a USB version runs at 4 Mbits/second. The
Wide Web. A summary of the analysis of the output of their company that manufactures the device is called id Quantique.
devices using Alphabit when possible, and with FIPS-140-02 is id Quantique has a Web site at www.idquantique.com and offers
presented. a Web site at www. randomnumbers. info where output from one

258 Statistical Computing and Graphics

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
of their devices can be accessed in batches of up to 1,000 dig L'Ecuyer, P. (2001), "Random Numbers," International Encyclopedia of Social
its. The device passed both DIEHARD and NIST tests (Quantis and Behavioral Sciences, Oxford: Pergamon, pp. 12735-12738.

2006) and received the following endorsement from Sun Mi
crosystems (Sun 2007): "Quantis, id Quantique quantum ran
dom number generator, is the most powerful and cost effective
way to generate true random numbers at high bit rates. "
-(2004), "Chapter 4: Random Number Generation," Handbook of Simu
lation, ed. Jerry Banks, New York: Wiley.
L'Ecuyer, P., Compagner, A., and Cordeau, J.-E (1996), "Entropy Tests for Ran
dom Number Generators," ACM Transactions on Mathematical Software ,
1997.
L'Ecuyer, P., and Simard, R. (1999), "Beware of Linear Congruential Generators

4. CONCLUSION with Multipliers of the Forma = 2q 2r," ACMTransactions on Mathematical

Software , 25 pp. 367-374
-(in press), "TestUOl: A C Library for Empirical Testing of Random
Random bits generated with algorithms or with physical de Number Generators," ACM Transactions on Mathematical Software, 33.
vices that obey Newton's Laws are predictable. A new category Malley, J. D., and Hornstein, J. (1993), "Quantum Statistical Inference," Statis
of commercially available physical random bit generators, called tical Science, 8, 43-457.
quantum random number generators, are not predictable. Both Markoff, J. (1995), "Security Flaw is Discovered in Software Used in Shopping,"
The New York Times, September 19, 1995.
sets of generators are designed to pass the most conservative of
statistical suites of randomness. Because the quantum bit num Marsaglia, G. (1996), "DIEHARD: A Battery of Tests of Randomness," http:
//stat.fsu. edu/^geo.
ber generators satisfy a more rigorous criterion than is usually
Maurer, U. (1992), "A Universal Statistical Test for Random Bits Generators,"
considered in the selection of a random number generator, they Journal ofCryptology, 5, 89-106.
should be considered as an acceptable alternative in some situa McCullough, B. D. (1998), "Assessing the Reliability of Statistical Software:
tions. Part I," The American Statistician, 52, 358-366.
-(1999), "Assessing the Reliability of Statistical Software: Part II," The
[Received February 2007. Revised May 2007.] American Statistician, 53, 149-159.
-(2006), "A Review of TestUOl," Journal of Applied Econometrics, 21,
677-682.
REFERENCES
NIST (2007) "NIST Statistical Test Suite," http://csrc.nist.gov/mg/.

Berkeland, D. J., Raymondson, D. A., and Tassin, V. M. (2004), "Tests for Non
-(2007), "Annex C : Approved Random Number Generators for FIPS PUB
randomness in Quantum Jumps," e-print .-physics/0304013 v2.
Chaitin, G. J. (1982), "Godel's Theorem and Information," International Journal
of Theoretical Physics, 22, 941-954.
Champernowne, D. G. (1933), "The Construction of Decimals Normal in the
Scale of Ten," Journal of the London Mathematical Society, 8, 254-260.
Calude, C. S. (2005), "Algorithmic Randomness, Quantum Physics, and Im
completeness," e-print: www.cs.auckland.ac.nz/CDMTCS/researchreports/
248cris.pdf.
Coddington, P. D. (1994), "Analysis of Random Number Generators Using
Monte Carlo Simulation," International Journal of Modern Physics, C, 3,
547-560.
Deng, L.-Y., and Lin, D. K. J. (2000), "Random Number Generation for the New
Century," The American Statistician, 54, 145-150.
Fiorentio, M., Santori, C, Spillane, S. M., Beausoleil, R. G., and Munro, W. J.
(2006), "A Secure Self-calibrating Quantum Random Bit Generator," e-print
:quant-phy/00612112vl.
GAP (2006), "Quantum Random Number Generator (PCI Version)," Depart
ment of Physics, University of Geneva, www.gapoptic.unige.ch/Prototypes/
QRNG.
Gentle, J. E. (2003), Random Number Generation and Monte Carlo Methods
(2nd ed.), New York: Springer-Verlag.
Jaditz, T (2000), "Are the Digits of n and IID Sequence?" The American Statis
tician, 54, 12-16.
140-2, Security Requirements for Cryptographic Modules," National Institute
of Standards and Technology, Boulder, CO.
Peres, Y (1992), "Iterating von Neumann's Procedure for Extracting Random
Bits," The Annals of Statistics, 20, 590
id Quantique (2006), "Quantis/ Quantum Random Number Generator (PCI Ver
sion)," www.idquantique.com.
Rudjer Innovations Ltd (2006), "Quantum Random Number Generator," http:
//qrbg.irb.hr.
Rotz, W., Falk, E., Wood, D., and Mulrow, J. (1999), "A Comparison of Random
Number Generators Used in Business," in Proceedings of the Annual Meeting
of the American Statistical Association, August 5-9, 2001.
Rukhin, A., Soto, J., and Nechvatal, J. (2000), "NIST Special Publication 800
22," NIST.
Stefanov, A., Gisin, N., and Guinnard, O., Guinnard, L., and Zbinden, H. (2006),
Optical Quantum Random Number Generator, e-print :quant-phy/9907006
v. 1
Stipcevic, M., and Rogina, B. M. (2006), Quantum Random Number Generator,
e-print :quant-phy/0609043.
Styer, D. F. (2003), The Strange World of Quantum Mechanics, Cambridge:
Cambridge University Press.
Sun Microsystems (2007), "Quantis QRNG PCI," available online at http://
solutions, sun. com/catalog, static/en US/6/4012917. html.

Jennewein, T., Achleitner, U., Weihs, G., Weinfurter, H., and Zeilinger, A. (1999),
"A Fast and Compact Quantum Random Number Generator," Review of Sci
entific Instruments, 71, 1675-1680.
Knuth, D. (1981), The Art of Computer Programming (vol. 2), Reading, MA:
Addison-Wesley.
Svozil, K. (1990), "The Quantum Coin Toss," Physical Letters A, 143, 433-437.
von Neumann, J. (1951), "Various Techniques used in Connection with Random
Digits," Applied Mathematics Series, 12, 36-38.
Yurtsever, U. (2000), "Quantum Mechanics and Algorithmic Randomness,"
Complexity, November-December 2000.

The American Statistician, August 2007, Vol. 61, No. 3 259

This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms