A recent preprint titled "Practical Entropy Accumulation for Random Number Generators with Image Sensor-Based Quantum Noise Sources" by Choi et al. is available here: https://www.preprints.org/manuscript/202306.1169/v1
Abstract: The efficient generation of high-quality random numbers is essential in the operation of cryptographic modules. The quality of a random number generator is evaluated by the min-entropy of its entropy source. Typical method used to achieve high min-entropy of the output sequence is an entropy accumulation based on a hash function. This is grounded in the famous Leftover Hash Lemma which guarantees a lower bound on the min-entropy of the output sequence. However, the hash function based entropy accumulation has slow speed in general. For a practical perspective we need a new efficient entropy accumulation with the theoretical background for the min-entropy of the output sequence. In this work, we obtain the theoretical bound for the min-entropy of the output random sequence through the very efficient entropy accumulation using only bitwise XOR operations, where the input sequences from the entropy source are independent. Moreover we examine our theoretical results by applying to the quantum random number generator that uses dark noise arising from image sensor pixels as its entropy source.
Neat idea. I seem to remember seeing a patent on RNG with QIS, which seems related to this concept. I have to imagine the idea of RNG with image sensors in general has been floating around for years now.
ReplyDeleteIndeed. As far as QIS goes, that was published about 7 years ago in Sensors 2016, 16, 1002; doi:10.3390/s16071002 and used the variation in photon arrival rates for randomness. According to our collaborators at ID Quantique it worked well, and the potential for, say, a billion tiny pixels (lots of random numbers, small chip size) was an advantage. But, light signals and dark signals have been explored in the past for their variations. The potential advantage of using a dark signal is you don't need an optical source or optics. On the other hand, I wonder about true uncorrelated randomness between adjacent pixels and the magnitude of their response, as well as the sensitivity to temperature. I haven't kept up with this so maybe the dark signal RNG authors have studied this and it is not a problem.
ReplyDeleteEspecially with small pixel pitch I could see there being some capacitive coupling between adjacent pixels causing the Poisson noise to be correlated. This could probably be quantified/estimated.
Delete-AH
Thank you for your opinion. If the dark noise electron gathered below random readnoise, it will not work. So practical developers should consider of it. Thank you again.
DeleteIt would be interesting to increase the analog gain when using dark signal, and then use certain number of LSBs only, this may randomize some fixed pattern variations and temperature dependency.
ReplyDeleteCouldn't we have a hybrid solution? The seed comes from a physical random event, and the rest through algorithm?
ReplyDeletehttps://opg.optica.org/ao/viewmedia.cfm?uri=ao-30-8-981&seq=0 1991
ReplyDelete