Professional Documents
Culture Documents
REFERENCES
Linked references are available on JSTOR for this article:
https://www.jstor.org/stable/27643903?seq=1&cid=pdf-reference#references_tab_contents
You may need to log in to JSTOR to access the linked references.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide
range of content in a trusted digital archive. We use information technology and tools to increase productivity and
facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org.
Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at
https://about.jstor.org/terms
Taylor & Francis, Ltd., American Statistical Association are collaborating with JSTOR to
digitize, preserve and extend access to The American Statistician
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
Quantum Random Bit Generators
Thomas P. Turiel
Generator I?Two observers named A and B are monitor RNG (Rukhin, Soto, and Nechvatal 2000). Physicists found, in
the early 20th century that although Newton's Laws dominate
ing a process called ? that generates the digits in the set
the behavior of the world that we perceive, new laws dominate
the world of the very small. The name of the laws that domi
Thomas P. Turiel is an Adjunct Instructor at a number of colleges in the
Albany, NY, area, 2045 Caldicott Road, Schenectady, NY 12303 (E-mail: nate the world of the very small are called the laws of quantum
eturiel@nycap.rr.com). mechanics. Usually, a generator's behavior is either dominated
?2007 American Statistical Association DOT 10.1198/000313007X223225 The American Statistician, August 2007, Vol. 61, No. 3 255
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
exclusively by Newton's Laws or dominated exclusively by the 2.2.7 TestUOl When Many Bits are Available
laws of quantum mechanics. If more than 10 million bits are available for analysis, then the
If the physical device is dominated by Newton's Laws, then battery of tests within TestUOl called Alphabit can be applied
knowledge of all initial conditions acting upon the device is to the sample. Alphabit is the name of the battery of tests that
sufficient to predict the final conditions of the device. As an the TestUOl user manual recommends to measure the adequacy
example, if an experiment is defined as the tossing of a single of a hardware random bit generator. This battery of tests is con
coin, then when Newton's law is applied to the initial conditions structed from four single-parameter subroutines, and the param
of the coin, the final condition of the coin can be predicted. eter must be assigned a value for the test to become completely
Thus, for a device that obeys Newton's laws, an algorithm can specified. Each subroutine uses the letter L as the designation of
be written that takes as input the initial conditions of the device their parameter. The four subroutines are:
and predicts the final conditions of the device with certainty.
The device could be called algorithmically deterministic. Still, 1. MultinomialBitsOver(L) can be viewed as an entropy test
the device is classified as a random number generator when a where L is the length of the bit strings (L'Ecuyer and Simard
sample of the device's output passes any standard battery of in press). The values of L considered were L = 2, 4, 8, and
statistical tests of randomness. 16.
If a physical device is dominated by the laws of quantum me
chanics, then the situation is different. One of the axioms of 2. Hamminglndep(L) applies two tests of independence
quantum mechanics states that no algorithm exists that will pre on the Hamming weights of successive blocks of L bits
dict the final conditions of the device from its initial conditions (L'Ecuyer and Simard 1999) and (L'Ecuyer and Simard in
(Berkeland, Raymondson, and Tassin 2004). This failure in pre press). The values of L considered here are L = 16 and 32.
dictability of the physical world of the very small is called algo
3. HammingCorr(L) a correlation test on the Hamming
rithmic randomness (Jennewein et al. 1999) or simply quantum
weights of successive blocks of L bits (L' Ecuyer and Simard
randomness . The axiom of algorithmic randomness has sur
in press). Only the value of L = 32 is investigated.
vived more than 80 years of testing and has never been rejected.
In 1985 Alain Aspect combined the result of an experiment he 4. RandomWalkl(L) applies a variety of random walk sta
performed with a theorem proved by J. S. Bell that laid to rest the tistical tests of length L over the integers. The different tests
possibility that this axiom could be incorrect (Styer 2003). More are called H, M, J, R, and C (L'Ecuyer and Simard in press).
recent experimental results have reinforced Aspect's findings: The values of L considered here are L = 64 and L = 320.
Berkeland, Raymondson, and Tassin (2004) and Svozil (1990).
2.2.2 TestUOl When there is a Restriction on the Number of
2.2 Tests of Randomness Bits in the Sample
If there is not a sufficient number of bits to run Alphabit, but
There are a number of popular test suites that can be used to at least 20,000 bits are available, then TestUOl offers a smaller
assess the randomness of numbers from a number generator. alternative called FIPS-140-2. This alternative battery of tests
One popular suite is called the DIEHARD Suite (Marsaglia was packaged by the National Institute of Standards and Tech
1996) and consists of 18 statistical tests. This suite is insufficient nology and is used by the U.S. Federal Government to certify
to test if an ordered set of bits are random because the hypothesis the security requirements of devices that are used for protecting
of most of the tests in the suite is that the numbers in the sampled sensitive information within computer and telecommunications
data are generated by a uniform discrete distribution over the FIPS (2007). FIPS-140-2 consists of four subroutines:
integers 0 to 231 ? 1. The tests do not address the assumption of
the independence of the individual bits (Gentle 2003). L'Ecuyer 1. Monobit test: an entropy test investigating n = 20,000
specifically states that this test suite is not very stringent and blocks of L = 1 bit by taking s = 32 strings (L'Ecuyer,
therefore should not be used (L'Ecuyer and Simard in press). Compagner, and Cordeau 1996; L'Ecuyer and Simard in
An alternative collection of statistical tests used in the evalua press).
tion of random number generators is called the NIST Suite (NIST
2007), created by the National Institute of Standards and Tech 2. Poker test: an entropy test investigating n = 5,000 blocks
nology. This suite consists of 16 tests and most of the statistics of L = 4 bits by taking s = 32 strings (L'Ecuyer, Com
are used to test the hypothesis that a sequence of bits are gener pagner, and Cordeau 1996; L'Ecuyer and Simard in press).
ated by independent realizations of a Bernoulli process (Gentle
3. Runs test: a check of runs of zeros and ones for lengths of
2003).
1 through 6 (L'Ecuyer and Simard in press).
TestUOl is a collection of two sets of C programs. The first
set of programs are used to generate pseudo-random numbers 4. Longest Run of Ones in a Block test: looks at the length
and the second set of programs are randomness tests. TestUOl of the longest substring of successive l's in strings of a
includes all of the DIEHARD and NIST suite tests in addition
specific length (L'Ecuyer and Simard in press).
to other statistical tests. The collection was created by Pierre
L'Ecuyer, a leading expert in the testing of random number gen It is important to keep in mind when analyzing the test results
erators (McCullough 2006) and is recommended by other experts that no random number generator will pass all tests. A random
in the field (Gentle 2003). number generator is labeled bad if a sampled sequence does not
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
pass simple tests and good if the sampled sequence passes all
but the most complicated tests (L'Ecuyer 2001).
Any of the standard statistical tests of randomness (Knuth
1981) can be viewed as testing for algorithmic randomness
(Maurer 1992). Consequently, when a string of bits are algorith
mically random they will pass all statistical test of randomness
(Yurtsever 2000).
i="
There is a problem in determining if a physical device is gen Photon So:tirce! Beamsplitter
erating an algorithmically random sequence of bits. Formally, if
X (N) is the length of the smallest computer program that can
have as its output the first N bits of a device, and
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
3.1 Theoretical Comparison of Quantum Random Number 3.2.1 Prototype Device from the University of Vienna
Generators to PRNGs
The research team at the University of Vienna were the first
L'Ecuyer (2004) stated that a key in constructing a physical group of people to construct the quantum random bit genera
random number generator is the assurance that the output is tor based on the design that is presented here (Jennewein et al.
independent and identically distributed. The result of the last 1999). They have created a Web site at www.quantum.univie.ac.
subsection addresses the statistical nature of the photons and at/research/photo entangle/rng/index.html to allow anyone ac
can be examined more thoroughly in the works of Malley and cess to 80 million bits generated by one of their experiments.
Hornstein (1993), Berkeland, Raymondson, and Tassin (2004), The data from this experiment passed the Alphabit tests: Ran
and Svozil (1990). The use of the von Neumann algorithm or its domWalkl under the statistic C for lengths L = 64 and L ? 320,
more sophisticated cousin, the Peres algorithm, guarantees that and the Hamming Correlation; it also passed all FIPS-140-2 tests.
the output is identically distributed with probabilities of 0 and 1 As far as can be determined, the only published analysis of the
both being one half. randomness of this data was done by the research team and that
L'Ecuyer (2004) stated the reason that a PRNG is used over analysis consisted of a cursory comparison of the their genera
an RNG in computational statistics is because: tor's performance to the pseudo-random number generator that
is available in Turbo C++ .
a. RNGs are more cumbersome to install and run
3.2.2 Hewlett-Packard Prototype QRBG
b. RNGs are more costly The research team at Hewlett-Packard (Fiorentio et al. 2006)
c. RNGs are slow have also constructed a Web site with data generated from their
prototype and its URL is www.hpl.hp.com/research/qsr/people/
d. RNGs do not generate reproducible random numbers MarcoFiorention/qrbg.html. The 17 megabytes of data at the
Web site was analyzed for this article. The data passed all of
The new quantum random bit generators are user-friendly,
the Alphabit tests and all of the FIPS-140-2 tests. The paper
relatively inexpensive, and almost as fast as a CPU generation.
presenting the device (Fiorentio et al. 2006) states that it passed
The quantum random bit generator does not create reproducible all 15 tests of the NIST suite.
results, so the issues of model comparison, debugging, and model
verification do not fare well (L'Ecuyer 2004). 3.2.3 QRBG 121 from Rudjer Innovations Limited
As L'Ecuyer (2004) stated, a RNG is useful when
This quantum random bit generator is commercially available,
1. An auxiliary source of a seed is needed for a PRNG connects to a PC and costs about $1,800. The manufacturer has
a Web site at qrbg.hr that presents 1 million bytes of data from
2. Generating random numbers for cryptographic applications one of its generators for analysis. There were not enough bits in
the data source for analysis by Alphabit; however, it was found
3. Generating random numbers for gambling applications.
that the data passed all the FIPS-140-2 tests. The technical staff
The new quantum random bit generators do not have any prop have published a paper where they show the result of both the
erties that would detract from these applications for RNG. In fact, DIEHARD and the NIST test on a dataset (Stipcevic and Rogina
the portability of the quantum random bit generators might make 2006).
them more attractive to the applications listed.
3.2.4 QRandomfrom the University of Geneva
Finally, a point on comparing both generators based on statis
tical test results. Theoretically, quantum random bit generators This quantum random bit generator is plug-and-play, self
should pass all statistical tests of randomness because they are powered, and produces bits at a rate of 100kHz. The research
algorithmically random (Yurtsever 2000). Practically, they might team that created this device is part of the Physics Depart
not pass all tests because of process degradation. Quality control ment of the university. The team has created a Web site at
in the form of periodic tests of randomness must be performed www.gapotic.unige.ch/Prototype/QRNG that makes 10 million
on such devices. As stated earlier, a PRNG is chosen using the bits of data from one of their generators available for analy
criterion that it is labeled bad if a sampled sequence does not sis in unaltered, von Neumann unbiasing, and Peres unbiasing
pass simple tests and good if the sampled sequence passes all forms. There were not enough bits in the data source for anal
but the most complicated tests (L'Ecuyer 2001). Therefore, a ysis by Alphabit; however, it was found that the data passed all
PRNG will not pass all statistical tests but needs only one qual the FIPS-140-2 tests. The team at the university has subjected
ity control test. their device to a set of rudimentary statistical tests, the results of
which can be found in GAP-Optique (2006).
3.2 Results of Quantum Random Bit Generators Being 3.2.5 Quantis QRNG
Subjected to Statistical Tests of Randomness
This quantum random bit generator is available as an expan
Several research labs and commercial sites have posted the sion card for Windows XP, Linux, and Solaris; running at 16
output from their quantum random bit generators on the World Mbits/second and a USB version runs at 4 Mbits/second. The
Wide Web. A summary of the analysis of the output of their company that manufactures the device is called id Quantique.
devices using Alphabit when possible, and with FIPS-140-02 is id Quantique has a Web site at www.idquantique.com and offers
presented. a Web site at www. randomnumbers. info where output from one
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms
of their devices can be accessed in batches of up to 1,000 dig L'Ecuyer, P. (2001), "Random Numbers," International Encyclopedia of Social
its. The device passed both DIEHARD and NIST tests (Quantis and Behavioral Sciences, Oxford: Pergamon, pp. 12735-12738.
2006) and received the following endorsement from Sun Mi -(2004), "Chapter 4: Random Number Generation," Handbook of Simu
lation, ed. Jerry Banks, New York: Wiley.
crosystems (Sun 2007): "Quantis, id Quantique quantum ran
L'Ecuyer, P., Compagner, A., and Cordeau, J.-E (1996), "Entropy Tests for Ran
dom number generator, is the most powerful and cost effective dom Number Generators," ACM Transactions on Mathematical Software ,
way to generate true random numbers at high bit rates. " 1997.
L'Ecuyer, P., and Simard, R. (1999), "Beware of Linear Congruential Generators
Berkeland, D. J., Raymondson, D. A., and Tassin, V. M. (2004), "Tests for Non
-(2007), "Annex C : Approved Random Number Generators for FIPS PUB
140-2, Security Requirements for Cryptographic Modules," National Institute
randomness in Quantum Jumps," e-print .-physics/0304013 v2.
of Standards and Technology, Boulder, CO.
Chaitin, G. J. (1982), "Godel's Theorem and Information," International Journal
of Theoretical Physics, 22, 941-954. Peres, Y (1992), "Iterating von Neumann's Procedure for Extracting Random
Bits," The Annals of Statistics, 20, 590
Champernowne, D. G. (1933), "The Construction of Decimals Normal in the
Scale of Ten," Journal of the London Mathematical Society, 8, 254-260. id Quantique (2006), "Quantis/ Quantum Random Number Generator (PCI Ver
Calude, C. S. (2005), "Algorithmic Randomness, Quantum Physics, and Im sion)," www.idquantique.com.
completeness," e-print: www.cs.auckland.ac.nz/CDMTCS/researchreports/ Rudjer Innovations Ltd (2006), "Quantum Random Number Generator," http:
248cris.pdf. //qrbg.irb.hr.
Coddington, P. D. (1994), "Analysis of Random Number Generators Using Rotz, W., Falk, E., Wood, D., and Mulrow, J. (1999), "A Comparison of Random
Monte Carlo Simulation," International Journal of Modern Physics, C, 3, Number Generators Used in Business," in Proceedings of the Annual Meeting
547-560. of the American Statistical Association, August 5-9, 2001.
Deng, L.-Y., and Lin, D. K. J. (2000), "Random Number Generation for the New Rukhin, A., Soto, J., and Nechvatal, J. (2000), "NIST Special Publication 800
Century," The American Statistician, 54, 145-150. 22," NIST.
Fiorentio, M., Santori, C, Spillane, S. M., Beausoleil, R. G., and Munro, W. J. Stefanov, A., Gisin, N., and Guinnard, O., Guinnard, L., and Zbinden, H. (2006),
(2006), "A Secure Self-calibrating Quantum Random Bit Generator," e-print Optical Quantum Random Number Generator, e-print :quant-phy/9907006
:quant-phy/00612112vl. v. 1
GAP (2006), "Quantum Random Number Generator (PCI Version)," Depart
Stipcevic, M., and Rogina, B. M. (2006), Quantum Random Number Generator,
ment of Physics, University of Geneva, www.gapoptic.unige.ch/Prototypes/
e-print :quant-phy/0609043.
QRNG.
Styer, D. F. (2003), The Strange World of Quantum Mechanics, Cambridge:
Gentle, J. E. (2003), Random Number Generation and Monte Carlo Methods
Cambridge University Press.
(2nd ed.), New York: Springer-Verlag.
Jaditz, T (2000), "Are the Digits of n and IID Sequence?" The American Statis
Sun Microsystems (2007), "Quantis QRNG PCI," available online at http://
tician, 54, 12-16. solutions, sun. com/catalog, static/en US/6/4012917. html.
Jennewein, T., Achleitner, U., Weihs, G., Weinfurter, H., and Zeilinger, A. (1999), Svozil, K. (1990), "The Quantum Coin Toss," Physical Letters A, 143, 433-437.
"A Fast and Compact Quantum Random Number Generator," Review of Sci von Neumann, J. (1951), "Various Techniques used in Connection with Random
entific Instruments, 71, 1675-1680. Digits," Applied Mathematics Series, 12, 36-38.
Knuth, D. (1981), The Art of Computer Programming (vol. 2), Reading, MA: Yurtsever, U. (2000), "Quantum Mechanics and Algorithmic Randomness,"
Addison-Wesley. Complexity, November-December 2000.
This content downloaded from 66.96.194.164 on Fri, 27 Dec 2019 05:31:31 UTC
All use subject to https://about.jstor.org/terms