Forgot your password?
typodupeerror
Encryption Security Technology

Using Lasers To Generate Random Numbers Faster 149

Posted by timothy
from the just-think-what-a-faster-laser-could-do dept.
Pranav writes "Using semiconductor lasers, scientists from Takushoku University, Saitama University, and NTT Corporation achieved random number rates of up to 1.7 gigabits per second, which is about 10 times higher than the second-best rate, produced using a physical phenomenon. Future work may center on devising laser schemes that can achieving rates as high as 10 Gbps."
This discussion has been archived. No new comments can be posted.

Using Lasers To Generate Random Numbers Faster

Comments Filter:
  • by Anonymous Coward on Sunday December 28, 2008 @04:27PM (#26251647)
    The "Real Genius" and "sharks" jokes you're about to post are less than 1% as funny and clever as you think they are. And no, you're not making them ironically, you're making them because you really do think they're good jokes. This is because you are retarded.
  • by Wrath0fb0b (302444) on Sunday December 28, 2008 @04:32PM (#26251689)

    Has anyone out there actually had their system bottlenecked by lack of random numbers? I had thought that the bottleneck in serving large amounts of SSL content was processing the asymmetric part of the cyrpto -- hence the need for SSL accelerator cards. It's a nice invention and a creative application of physical process, but I really want to see just one case where this would be lead to a substantial benefit.

    As an aside, computer simulations always use pseudoRNGs like the Mersenne Twister[1]. For a reasonable exponent (I use 19937 in my simulations), this results in a period > 10^6000 and virtually no correlations between adjacent calls. The notion of a computational physicist using a real physical RNG is laughable.

    [1] http://en.wikipedia.org/wiki/Mersenne_twister [wikipedia.org]

    • by Yetihehe (971185) on Sunday December 28, 2008 @04:50PM (#26251797)
      From your link to wikipedia:

      Unlike Blum Blum Shub [wikipedia.org], the algorithm in its native form is not suitable for cryptography. Observing a sufficient number of iterates (624 in the case of MT19937) allows one to predict all future iterates.

      So MT may be good enough for computational physicists, but not for strong cryptography.

      • So MT may be good enough for computational physicists, but not for strong cryptography.

        I never claimed otherwise. Cryptography has the need for a real RNG but computational physics only needs psuedoRNGs. That fact greatly undercuts the supposed need for this technology.

        • Re: (Score:3, Insightful)

          by Glock27 (446276)

          That's all great until that paper comes out explaining the failings of the *P*RNG you've been using, invalidating years of research.

          It might be a good idea to validate the results of the PRNG runs with some verifiably random data. Alternatively, you could inject entropy periodically in a computationally efficient fashion using the truly random data and improve things some.

      • The first question that came to my mind after reading the article was are these laser generated random numbers suitable for cryptography? The article just states that random numbers are "vital" to cryptography, not that this method generates cryptographic grade random numbers. Certainly the brief explanation on how it works leaves a lot of room for question.

        BTW, CryptMT [wikipedia.org] is a simple stream cipher based on the Mersenne Twister. Sadly, the last time I looked at it it lacked any solid proofs. Nonetheless, M

    • by hweimer (709734) on Sunday December 28, 2008 @04:52PM (#26251803) Homepage

      Has anyone out there actually had their system bottlenecked by lack of random numbers?

      I know some guys doing quantum Monte Carlo simulations. And yes, fast RNGs are crucial for their algorithms.

      • by Fluffeh (1273756)
        Hmmm, I could do with a lot of random numbers while munching down on Monte Carlo's [ozemartonline.com]. Here, let me give you few for free.

        12, 64, 93, 27, 2, 65, 8.

        Now you give me more Monte Carlos. Pronto.
      • I know some guys doing quantum Monte Carlo simulations. And yes, fast RNGs are crucial for their algorithms.

        I will bet you at 100-1 odds that they are using some sort of pseudoRNG like Mersenne Twister. Nobody in computational physics uses real number generators because there's absolutely no reason to.

      • I only have a vague idea of how to do MC, and I thought that the real bottleneck with any computational algorithm is the function evaluation. The purpose of the RNG is to just set some initial parameters, but actually doing something with them is what's the real expense.
    • 640K...
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Has anyone out there actually had their system bottlenecked by lack of random numbers? I had thought that the bottleneck in serving large amounts of SSL content was processing the asymmetric part of the cyrpto -- hence the need for SSL accelerator cards. It's a nice invention and a creative application of physical process, but I really want to see just one case where this would be lead to a substantial benefit.

      As an aside, computer simulations always use pseudoRNGs like the Mersenne Twister[1]. For a reasonable exponent (I use 19937 in my simulations), this results in a period > 10^6000 and virtually no correlations between adjacent calls. The notion of a computational physicist using a real physical RNG is laughable.

      [1] http://en.wikipedia.org/wiki/Mersenne_twister [wikipedia.org]

      Proof that you can completely fail to understand the subject, (for some reason) post about it anyway, refer to something completely unrelated, and still get a +5 Insightful.

      • by ORBAT (1050226)

        Proof that you can completely fail to understand the subject, (for some reason) post about it anyway, refer to something completely unrelated, and still get a +5 Insightful.

        Could you (or anyone else, for that matter) elaborate on what's wrong with the GP's claim? I don't know much about cryptography and even less computational physics, so I have no idea what's wrong with this guy's statement.

    • If you know anything about the application of random numbers to Monte Carlo simulations, you would know that physically random numbers are unacceptable, unless you wish to never have a chance at reproducing your simulations.

      This is why only pseudorandom number generators are used. LCGs and MT are reproducible.

      • by Wrath0fb0b (302444) on Sunday December 28, 2008 @05:58PM (#26252317)

        Actually, I know quite a bit about (stochastic*) computational physics and the notion that "repeatable" means "can run the exact same simulation with the exact same seed and get the exact same result" is absolutely incorrect. What is meant by "repeatable" is that one can extract from the simulations some sort of macroscopic quantity (usually a thermodynamic quantity or a correlation function) whose average is consistent across many separate runs (known in the biz as the ensemble average). So, for instance, if I'm observing the coalescence of polymers into a hex-phase (as in [1]), I could measure the average number of aggregated copolymer blocks and compare those (as was done in that paper).

        Let's make an extended gambling analogy. Suppose I have a new roulette table that I want to certify that it works like it should. One suggestion (akin to what you said), would be to put the entire table under the same initial conditions as a known-good table and see if it gives the same results. A more sophisticated approach would be to make a histogram of results for a large number of independent roles and see if it converges to the proper distribution (or, in case the distribution isn't known theoretically, compare it to the distribution from a different device, also tested a large number of times). I would argue that the second method is much more powerful than the first, because it probes a more relevant value. Nobody cares whether the roulette table gave 00 the first time and 23 the second time -- we are only concerned that, on average, it gives 00 with the same probability as 23.

        In stochastic computational simulations, the same story applies. Nobody cares whether a particular simulation did X or Y or Z because that's not relevant. What is relevant is the (converged) probability that, given some starting condition, the systems ends up in X or Y or Z.

        * None of these comments apply in any way to solving deterministic systems. You don't need random numbers for those anyway.

        ** Another commenter pointed out that exact repeatability is incredibly useful for debugging purposes. That is true but that has nothing to do with reproducibility in the scientific sense of the word.

        [1] http://link.aip.org/link/?JCPSA6/128/184906/1 [aip.org]

        • If a roulette table gives the same result with the same initial conditions you have a problem.

          • Wrong.

            If exact position was known, if exact velocity of thrown balls was known, and exact velocity of wheel is known, and exact accelerations of balls and wheel was known, we could calculate final position.

            That's the key with this: Any source of true randoomness is covered in heavy physics in which if we Knew the states, we could calculate them to their final resting position.

            • Re: (Score:3, Insightful)

              by amirulbahr (1216502)
              I need to brush up on my quantum mechanics, but I'm pretty sure you're dead wrong about that final statement.
              • Re: (Score:3, Informative)

                by Wrath0fb0b (302444)

                A roulette ball is quite large enough (by many orders of magnitude) to treat as a purely classical particle.

                You are right about one thing -- time to brush up on your Quantum. Start by calculating the de Broglie wavelength (the relevant QM length) of a roulette ball traveling at the maximum speed you might see at a casino and compare it to the radius of the ball itself.

                • This is the bit I was referring to:

                  That's the key with this: Any source of true randoomness is covered in heavy physics in which if we Knew the states, we could calculate them to their final resting position.

                  Out of genuine curiosity, what is the validity of that statement?

                  • That statement is qualified in the dependancy of the large roulette ball.

                    Particles are a whole another story.

                  • by Jane Q. Public (1010737) on Monday December 29, 2008 @01:03AM (#26254901)
                    this can be treated as a "classical physics" problem (and I have every reason to believe his statement about QM length re: a roulette ball), then at least theoretically the statement is correct.

                    But theory and practice are often vastly different. In a case like this, the information necessary to account for all the relevant initial conditions, and the calculations necessary to go from there to final result, are so vast as to make it ludicrous to even consider trying such a feat. Further, we don't even have the expertise to make such calculations even if we had such "perfect" information.

                    Think about it: even with classic physics, this is an awesome candidate for the "butterfly effect", in which miniscule differences in initial conditions could cause highly significant differences in the outcome.

                    See, you don't just need to know the mass of the ball, and its velocity, and such. You would have to know the exact size and mass of the bearings, and exactly how much lubricant had been applied. You would have to know the exact size and shape of the little fences between the numbers on the wheel (air resistance), and calculate Reynolds numbers for them. You would have to know how many people are around the wheel (if any) and how they are breathing. Is someone wearing perfume? Will that affect someone else's breathing? Even without people, did someone add a little bit extra glue at this particular spot, during the manufacturing process?

                    And so on.

                    It simply would not be a practical excercise. Even in controlled conditions, and without confounding factors, two well-lubed roulette wheels are almost certain to give you significantly different results, no matter how you try.

                    Theory is great, but reality trumps.
                    • Well, you can't do exactly. That's why physicists do things to various approximations. For instance, you can approximate the roulette wheel and the balls as independently rotating objects, each subject to constant friction. That simple system of equations doesn't suffice to predict things exactly (and is also only good if the ball doesn't hop), but it's actually enough to predict the quadrant that the ball will land in. Of course, no one has studied it in detail because nobody gives a shit about the microsc

                    • by Bazer (760541)

                      But theory and practice are often vastly different.

                      Theory is always in accord with practice. Hypothesis aren't. Stop misusing those terms, please?

                      Theory is great, but reality trumps.

                      That hasn't been the case since Newton's works you're so keen on dismissing as "theory".

                    • See, (honest) roulette wheels were deliberately designed to take advantage of the "butterfly effect", giving different results (red, black, odd, even, first third, etc.) even with the slightest variation of initial conditions. And in fact, if you were to take two different roulette wheels, same make and model, and get predictable results from one based on the known results of the other, I would frankly be amazed. And willing to spend some money on a business proposition...

                      But the fact is, in practice you
                    • by Raenex (947668)

                      And in all that time, the only method that has been shown to reliably make money in the long run was to analyze tens of thousands of results from a single wheel, and use that for future predictions on the same wheel.

                      Did these guys record input for tens of thousands of spins? http://en.wikipedia.org/wiki/Eudaemons [wikipedia.org]

                    • Apparently not. But I was unaware of that particular exploit. Thanks for educating me.
      • That's not true, if this is the case then you're doing the integration improperly. Random numbers must be generated over a rectangular space, anything else will give erroneous results.
      • by Dwedit (232252)

        What about Physical Randomness + Logging the numbers?

    • by Alarash (746254)
      The hardest part in handling SSL (or IPSec for that matter) sessions is making sure each packet sent is actually permitted. Not so much the initial key exchange phase or subsequent re-negotiations.
    • And all the gassbags that run it. Their RNG's have been getting really stressed out lately.
    • by sowth (748135)

      The main problem isn't a bottleneck, but it does use up cpu cycles and pseudorandom isn't truely random. There will always be some sort of pattern because you are getting the values from an algorithm. The pattern may give equal true and false values. It may be hard to detect the pattern from the perspective of an outside observer, but the pattern will always be there. This doesn't mean pseudorandom numbers are worthless, it just means you need to know when to use them and when to use something else.

      In cry

  • by jspenguin1 (883588) <jspenguin@gmail.com> on Sunday December 28, 2008 @04:33PM (#26251691) Homepage
    "The generation of random numbers is too important to be left to chance." -- Robert R. Coveyou
  • by Fryth (468689) on Sunday December 28, 2008 @04:36PM (#26251709)

    They should somehow tap into phpBB. I'm already on some forums that generate more than twice this much bullshit every second :)

  • FTFA: (Score:5, Funny)

    by lobiusmoop (305328) on Sunday December 28, 2008 @04:38PM (#26251721) Homepage

    "Fields and applications that could benefit from their work are numerous, including computational models to solve problems in nuclear medicine, computer graphic design, and finance."

    This explains a great deal.

    • Re:FTFA: (Score:4, Funny)

      by ScrewMaster (602015) * on Sunday December 28, 2008 @05:35PM (#26252139)

      "Fields and applications that could benefit from their work are numerous, including computational models to solve problems in nuclear medicine, computer graphic design, and finance."

      This explains a great deal.

      No kidding. Makes you wonder if they're used in Diebold voting machines.

      • by u38cg (607297)
        Haha. I can't think why anyone would ever want to build a stochastic financial model...
      • Re:FTFA: (Score:4, Funny)

        by MarkusQ (450076) on Sunday December 28, 2008 @06:45PM (#26252659) Journal

        "Fields and applications that could benefit from their work are numerous, including computational models to solve problems in nuclear medicine, computer graphic design, and finance."

        This explains a great deal.

        No kidding. Makes you wonder if they're used in Diebold voting machines.

        No, not at all. Diebold voting machines are specifically designed to eliminate sources of randomness in order to deliver predictable results.

        --MarkusQ

  • What, no frikkin' sharks?
  • Quantum Choas (Score:3, Interesting)

    by physburn (1095481) on Sunday December 28, 2008 @04:49PM (#26251789) Homepage Journal
    I'm busy trying to get my head around, why partially reflecting laser light back into the laser, induces a chaotic signal. It doesn't seem right, there's a laser frequency and two reflection distances, (remember lasers have a mirror at each end). It doesn't seem complex enough to be chaotic.

    If it is chaotic and you believe in the Everett Interpretation, they've just produced the worlds fastest world splitter.

    • Going out of a limb here, but maybe it's like this.
      You shine your laser, it reflects, it interferes with itself. And now the interfered laser reflects back and so on and so forth. Maybe its possible to track it through the first few given the exact starting conditions, but it would be impossible to look at a few samples in the middle and work back to the initial start condition (thus chaotic).
    • Intuitively it would seem that the "random" number would have to be related to some combination of constants... in which case, it is breakable regardless of its "seeming" randomness.

      I would be more willing to accept their claims of "chaotic", once the results of their RNG have been put through some rigorous tests by independent parties.
  • by Frequency Domain (601421) on Sunday December 28, 2008 @04:57PM (#26251847)
    First off, this is old news -- the article is copyright 2007.

    Next, the article claims...

    Generating random numbers using physical sources -- which can be as simple as coin-flipping and tossing dice -- are preferred over other methods, such as computer generation, because they yield nearly ideal random numbers: those that are unpredictable, unreproducible, and statistically unbiased.

    This is garbage -- there are applications where people prefer physical sources, but those of us doing simulation work realized long ago that good algorithmic sources are far better for our needs: 1) It's mighty hard to debug a complex simulation model without reproducibility; 2) You can use the reproducibility to induce covariance between runs, greatly reducing the standard error of your estimates for a given sampling effort; 3) The distributions of algorithmically generated pseudo-random numbers are provably uniform, whereas for physical sources the best you know is that they haven't (yet) failed a hypothesis test for uniformity. Finally, the last statement about being "statistically unbiased" is utter nonsense -- unbiasedness is a property of an estimator, not a distribution.

    • Re: (Score:3, Funny)

      Agreed. Someone once told me about one of John Ellis [wikipedia.org]'s students asking them to do a Monte Carlo simulation, and sending the results back saying "it's not random enough". Ignorance about random number generators is everywhere.
    • Re: (Score:3, Informative)

      by ZombieWomble (893157)
      While slashdot is often not on the bleeding edge, this news isn't exactly ancient: the article itself is dated just last week, and correctly cites a paper which was only published a month ago. Don't believe everything you read in a copyright tag.

      As for the rest of it, yes, much of the article is rather terrible.

    • by retchdog (1319261)

      Sometimes an estimator is a distribution [wikipedia.org]...

      That is to say, the distribution of variates generated by a pseudoRNG should resemble in all ways the distribution it claims to simulate. There is no reason not to call, then, the pseudoRNG as an estimator of an ideal distribution.

      (Although I should remark, that statistical unbiasedness of the first order is not that difficult to achieve, by say von Neumann's method for biased coins. Thus it's a little misleading to claim that you need fullblown hardware RNGs for i

  • scary (Score:4, Funny)

    by ascari (1400977) on Sunday December 28, 2008 @05:00PM (#26251875)
    I suspect encountering the words "random" and "laser" in the same sentence would be rather disconcerting to an eye surgeon. Maybe I'm off topic...
  • random number rates of up to 1.7 gigabits per second, ... Future work may center on devising laser schemes that can achieving rates as high as 10 Gbps."

    Oh, I can get 3.4 gigabits right here. I'll take a second such laser.

    Or, ten of them. A 17 Gbps device instead of your hoped for 10 Gbps one.

  • by owlstead (636356) on Sunday December 28, 2008 @05:14PM (#26251985)

    We really, really need more hardware random number generators (RNG's) within CPU's. I think this is one of the more important things for Intel and AMD to work on (VIA and Intel have already working hardware RNG's for x86 as far as I know, with Intel though it is only for an embedded processor).

    Otherwise we will have to rely on "commodity" hardware to generate enough randomness to seed our pseudo-RNG's. And since a keyboard, harddisk and video cannot be trusted to be in a machine, and since using the NIC has too big a tie with the outside world, we are quickly running out of entropy sources. So a hardware RNG is definitely a very good idea.

    That does not mean that these guys have struck gold. There are already fine RNG's available for use within CPU's. I don't know how secure their device is (what happens when it is underpowered/cooled etc) but speed is not really a problem right now. Of course, if it is easy to implement in current designs: why not?

    • we are quickly running out of entropy

      Sorry, I thought I had a joke there, but my mind seems to be failing with age. Anyhow, that sentence fragment amused me, so I am quoting it out of context for my own enjoyment. Consider this reply my contribution to randomness.
      • by TeknoHog (164938)

        Consider this reply my contribution to randomness.

        p982y3nc98qwyfegsdjkbvlkiu2uy87t29c8nwgmoieygfcn9q3ncqwgefygsohgouyf iu o3rg2o87t q8263r cuy uwglg oyg oiYF IUF IG OUF OIGBGKS GOIG97r8&FTYGOIUg976r645w657rcog9^R*&%$%$£"%$£ puh oi oyg iug iuYF OIUG it fh Ouyf l DD gSDF S ufd lkg oybeorwqteififgqerGEGWEaaeGewagerwrgrqrgQhrQergoeagui (&TN(&fuytfb86rd&^Rdiytf8yrs75Sd8ytcOUYouy 9uy fd67 dfoIB kJb UYs^$

    • Can't TPM chips do that?

    • Re: (Score:3, Interesting)

      by ishmalius (153450)

      Reverse-biased zener diodes make an excellent noise source for true physical randomness. You want quantum quality? Use a tunnel diode. And some military radios use FM discriminator or PLL noise as a generator for crypto.

  • by Snorfalorpagus (1321189) on Sunday December 28, 2008 @05:22PM (#26252053)
    247
  • There is no mention of entropy or testing for randomness. 1.7 Gbits could be complete garbage because the entropy necessary for encryption isn't there.

  • Some people is commenting on the article that even if it is quantum generated randomness, it may turn out not be truly random(because "nobody knows, right?").

    I guess that the scientists who developed this fantasize with finding correlations in their random number sequence. That would actually be something more interesting than the actual intentions.

  • by Veggiesama (1203068) on Sunday December 28, 2008 @08:51PM (#26253497)

    This is going to make my D&D games kick ass.

  • I wonder if this has applications to any of the experiments done at the Princeton Engineering Anomalies Research [princeton.edu] department. I seem to remember some of their experiments being dependent upon generating large amounts of *truly* random numbers, usually generated from thermal fluctuations. If you believe them, they were able to generate statistically significant variations in these thermally generated random numbers simply from a person thinking that way...

    I know, I know...sounds weird, but read some of the
  • When we all know the answer is 47. Geeze.
  • by Randym (25779)

    ...its experimental agenda of studying the interaction of human consciousness with sensitive physical devices, systems, and processes, and developing complementary theoretical models to enable better understanding of the role of consciousness in the establishment of physical reality.

    I *knew* there was a reason I looked at this comment. I got 'nudged'.

    Rather, nothing less than a generously expanded scientific model of reality, one that allows consciousness a proactive role in the establishment of its expe

"The Street finds its own uses for technology." -- William Gibson

Working...