The invention relates to a random-number generator.
The generation of random numbers is more important today than ever before. The quality of random numbers plays a considerable, and possibly even a key role, not only in electronic check cards, in smart master-key systems, but also in the on-line accessing of databases. Apart from the constantly increasing quantity of random numbers required, it is also necessary to ensure that externally accessible correlations or possibilities of decryption are reduced to a minimum.
To date, essentially two different classes of method have been used for generating random numbers:
1. Algorithmic Methods
With these methods, a short initial sequence (xe2x80x9cseedxe2x80x9d) is used to generate a considerably longer pseudo-random sequence with the aid of mathematical operations which can be executed in software or hardware. The random-number generators based on this method differ very greatly in quality and frequently do not satisfy cryptographic requirements. However, they are capable of supplying reproducible random numbers, which may be extremely useful for simulation purposes.
2. Physical Methods
With these methods, use is made of the statistical nature of certain physical processes. Generally, these processes can be further subdivided into:
Statistical processes which, although they obey deterministic equations of motion, are not predictable owing to their high degree of complexity and lack of knowledge of the initial state.
Fundamentally random processes (elementary processes) of the kind predicted by quantum mechanics. As science stands at present, these processes cannot be reduced to hypothetical deterministic mechanisms at subquantum level and are therefore basically random in nature.
Bit strings that are generated by physical processes, particularly by fundamentally random physical processes, more closely approach the concept of a random sequence than do algorithmically generated sequences. Consequently, it was recognized at an early date that, for example, radioactive decay measurements are very well suited for generating random sequences; see MARTIN GUDE: xe2x80x9cA quasi-ideal uniform-distribution generator based on random physical phenomenaxe2x80x9d, dissertation at RWTH Aachen (1987). A disadvantage in this regard, however, is the potentially detrimental effect of radioactive radiation on humans and on sensitive electronic equipment.
Other random-number generators use physical noise sources, such as semiconductor diodes, to generate random bit sequences; see, for example, MANFRED RICHTER: xe2x80x9cA noise generator for obtaining quasi-ideal random numbers for stochastic simulationxe2x80x9d, dissertation at RWTH Aachen (1992). With these methods, however, it is often difficult to set the decision-making threshold (between bit value 0 and bit value 1) precisely and invariably with respect to time. Furthermore, for cryptographic applications it is very important to exclude external influences on the random mechanism; this is not easy to achieve especially when electronic phenomena are used.
The random process of the path selection of individual photons at the beam splitter has already been proposed for generating random sequences: see J. G. RARITY et al.: xe2x80x9cQuantum random-number generation and key sharingxe2x80x9d, J. Mod. Opt. 41, p. 2435 (1994), which is hereby incorporated by reference herein. However, the random nature of the output sequence can be interfered with by spurious external pulses, as well as by incorrect counting of the photon detectors.
Individual photons do not divide at the optical beam splitter, but randomly and unpredictably take one of the two possible paths. Photon detectors in the outputs of the beam splitter therefore generate a random sequence, whose quality is based on the fundamental natural laws of quantum mechanics. However, a disadvantage of the method lies in the fact that spurious pulses of the detectors caused by external influences, for example by cosmic radiation, and not attributable to the random-number-generating mechanism at the beam splitter are also included in the random sequence. In principle, it would be possible for someone to selectively falsify the random sequence by subjecting the set-up to electromagnetic rays or particles.
Therefore, an object of the present invention is to provide a random-number generator which is capable of obviating or reducing the above-described disadvantages, which is not susceptible to external interference, and which supplies random numbers of high quality.
The present invention provides a random-number generator for generating a random number, the random-number generator comprising a particle source capable of emitting at least a first and a second particle more or less simultaneously; a random-number-generating element acting on particles emitted by the particle source; and a detection apparatus for associating a numerical value with a detection of a particle leaving the random-number-generating element, the first particle being capable of activating the detection apparatus so as to detect the second particle and associate a numerical value with the second particle, the second particle being influenced by the random-number-generating element.
Since the particle source according to the present invention is capable of emitting at least two particles more or less simultaneously, with one particle activating the detection apparatus, it is thereby possible for undesired background influences to be virtually entirely prevented. Since the time after activation/triggering of the detection apparatus by the first particle may be so short that essentially only the second particle to have passed through the random-number-generating element is used for generating the binary number (or if the detection apparatus is switched to the deactivated state after detection of the second particle), incorrect measurements are possible only during the very short activated/triggered state or as a result of incorrect triggering. Even in these cases, however, there is an extremely high probability that no errors will occur with the preferred embodiment according to the present invention using an optical beam splitter, because single incorrect triggering would not result in the detection of a second particle or, otherwise with correct triggering in both branches of the beam splitter, a signal would be obtained which can easily be corrected by electronic means.
It is especially advantageous if the particle source includes a photon-pair source for simultaneously generating two photons with correlated polarization, energy and spatial emission distribution, because this makes it possible, due to the already known propagation path, to substantially block out any still existing background radiation using shutters, by the known polarization technique using a polarizer and by a spectral filter.
The operation of the random-number-generating element is further improved if its outputs are associated with two receivers detecting single photons, because the clear proof of a single photon is then able to rule out any remaining uncertainty about the detected photon.
Electronically, the concept of the present invention can be captured in the detection apparatus using combined coincidence/anticoincidence electronics.
Any remaining errors of a beam splitter or of its adjustment, as often occur, can be further suppressed if the random-number-generating element contains a polarizing beam splitter and preferably an upstream xcex/2 retardation plate for adjusting the overall splitting ratio.
With an optimally adjusted arrangement of beam splitter and xcex/2 retardation plate, future detrimental influences in a mechanical respect can be alleviated in that at least those two assemblies and preferably the associated detectors are jointly held in positions aligned with respect to each other.
In a cost-effective embodiment, the random-number-generating element may comprise a non-polarizing beam splitter, preferably a vacuum-evaporation-coated (metallized) plate and/or a dielectric layer. Also, with this embodiment, it is possible to achieve optimal results if adjustable masks and/or tunable spectral filters are placed in the outputs of the beam splitter in order to balance the optical path and the detection electronics.