Quantum random number generation on a mobile phone Bruno Sanguinetti,∗ Anthony Martin, Hugo Zbinden, and Nicolas Gisin Group of Applied Physics, University of Geneva, Switzerland Quantum random number generators (QRNGs) can significantly improve the security of cryptographic protocols, by ensuring that generated keys cannot be predicted. However, the cost, size, and power requirements of current QRNGs has prevented them from becoming widespread. In the meantime, the quality of the cameras integrated in mobile telephones has improved significantly, so that now they are sensitive to light at the few-photon level. We demonstrate how these can be used to generate random numbers of a quantum origin. INTRODUCTION The security of cryptographic protocols, both classical and quantum, relies on the generation of high quality random numbers. For example, classical asymmetric key protocols such as DSA , RSA [2, 3] and DiffieHellman , use random numbers, tested for primality, to generate their keys. Another example is the unconditionally secure one-time pad protocol, which needs a string of perfectly random numbers of a length equal to that of the data to be encrypted. The main limitation of this protocol is the requirement for key exchange. Quantum key distribution offer a way to generate two secure keys at distant locations, but its implementation also requires a vast quantity of random numbers . Famously, Kerckhoffs’s principle  states that the security of a cypher must reside entirely in the key. It is therefore of particular importance that the key is secure, which in practice requires it to be chosen at random. In the past, weaknesses in random number generation  have resulted in the breaking of a number of systems and protocols, such as operating system security , communication protocols , digital rights management  and financial systems . High quality random numbers are hard to produce, in particular they cannot be generated by a deterministic algorithm such as a computer program. To ensure the randomness, and importantly, the uniqueness of the generated bit string, a physical random number generator is required [12, 13]. Of particular interest are quantum random number generators (QRNGs), which by their nature produce a string which cannot be predicted, even if an attacker has complete information on the device. QRNGs have typically been based on specialised hardware, such as single photon sources and detectors [15–17] or homodyne detection [18, 19]. Image sensors have been used to generate random numbers of classical origin by extracting information from a moving scene, e.g. a lava lamp, or using sensor readout noise  but their performance both in terms of randomness and throughput has been low. Here we show how random numbers of a quantum origin can be extracted from an illuminated image sensor. Nowadays, cameras are integrated in many common devices such as cell phones, tablets and laptops.
In the first part of this paper we describe the concept of our system, including its various entropy sources and how the entropy of quantum origin can be extracted. In the second part, we characterise two different cameras for random number generation. Finally we present our results and test the generated random numbers.
Physicists create cryptographically-secure random numbers using only a discontinued Nokia phone and the physical properties of light.
“It’s actually impossible for a computer, following a predefined algorithm, to generate a truly random number,” says Bruno Sanguinetti, as physicist at the University of Geneva in Switzerland. And any technique to try to get a machine to spit out a random number is duplicable, leaving room for someone to crack the code to the random number generator and get to your data.
“Rather, if you want to generate proper random numbers, you must rely on some randomness that originates from the outside world,” Sanguinetti says.
The gold standard for this are methods that rely on the bizarre, probabilistic world of quantum mechanics, the counterintuitive physics of tiny things. Unfortunately, all of today’s methods that perform quantum random number generation (QRNG) are expensive and require bulky lab equipment.
However, Sanguinetti and his colleagues have just developed a simple, inexpensive QRNG method which relies on little more than an obsolete Nokia cellphone and a light. Yes. You read that correctly.
Paperweight, or Cryptographic Tool?
In an upcoming article in the journal Physical Review X, Sanguinetti and his colleges outlined their method to produce 1 megabit of random numbers per second, and they do it by exploiting the randomness inherent in light itself. According to quantum mechanics, it’s impossible to predict exactly when an atom will emit a particle of light. And over a given amount of time, the exact number of light particles any light source will produce is also inherently random.
With that in mind, the physicists took a Nokia N9 and shined a laser on its 8-megapixel camera lens. Like any modern camera phones, the discontinued N9 is sensitive enough to detect excruciatingly small changes in light. And because of the natural quantum variation we just mentioned, each pixel of the camera’s lens gets smacked a different number of photons at any given time. Using the N9’s open source software, the physicists converted the varying pixel data into a digital output. Ta-da: a steady stream of random numbers.
To check their work, the physicists tested this setup on a much better camera: an ATIK 383L, which also has 8 megapixels but is designed for astronomical use. They also pushed their data set past several of the best mathematical assays to see how random their numbers really were.
One line from the upcoming paper says it all: “If everybody on earth used such a device constantly at 1 Gbps, it would take 1060 times the age of the universe for one to notice a deviation from a perfectly random bit string.”
How Random Is Random?
“This really shows the potential feasibility for QRNG on a chip,” says Feihu Xu, a physicist who specializes in QRNG at the University of Toronto and was not involved in this work. Xu says that all the requisite parts of this technology should be able shrink down to the micro scale (without the need of a bulky Nokia phone). This could lead to a method of easily creating cryptographically-secure random numbers on phones or other mobile devices.
Yet a couple of big questions about this technique linger. For one thing, Xu says, while he does not doubt the robustness of the random number dataset produced by the Swiss team’s technique, it may be premature to claim that the technology’s randomness is due to quantum behavior. “This is just because no test or method currently exists that can verify how much of randomness can actually be attributed to quantum effects, and not other physical interactions,” he says. There’s just no way to know for sure.
Secondly, he says, scientists must refine the data extraction method (the step the Swiss team took when they converted the pixel data from the phone into a digital output) before anyone can claim this technology to be purely, truly random—and not just, you know, really, really, 1060 times the age of the universe random.
There is a difference.