JPMorgan Says Quantum Experiment Generated Truly Random Numbers (financialpost.com) 110
JPMorgan Chase used a quantum computer from Honeywell's Quantinuum to generate and mathematically certify truly random numbers -- an advancement that could significantly enhance encryption, security, and financial applications. The breakthrough was validated with help from U.S. national laboratories and has been published in the journal Nature. From a report: Between May 2023 and May 2024, cryptographers at JPMorgan wrote an algorithm for a quantum computer to generate random numbers, which they ran on Quantinuum's machine. The US Department of Energy's supercomputers were then used to test whether the output was truly random. "It's a breakthrough result," project lead and Head of Global Technology Applied Research at JPMorgan, Marco Pistoia told Bloomberg in an interview. "The next step will be to understand where we can apply it."
Applications could ultimately include more energy-efficient cryptocurrency, online gambling, and any other activity hinging on complete randomness, such as deciding which precincts to audit in elections.
Applications could ultimately include more energy-efficient cryptocurrency, online gambling, and any other activity hinging on complete randomness, such as deciding which precincts to audit in elections.
So what? (Score:5, Insightful)
Re:So what? (Score:5, Informative)
TFA is bad article, but it seems they did do something:
As deterministic systems, classical computers cannot create true randomness on demand. As a result, to offer true randomness in classical computing, we often resort to specialized hardware that harvests entropy from unpredictable physical sources, for instance, by looking at mouse movements, observing fluctuations in temperature, monitoring the movement of lava lamps or, in extreme cases, detecting cosmic radiation. These measures are unwieldy, difficult to scale and lack rigorous guarantees, limiting our ability to verify whether their outputs are truly random.
Compounding the challenge is the fact that there exists no way to test if a sequence of bits is truly random. Given the difficulties in sourcing and verifying randomness, we resort to trust: we simply must trust that the hardware generates fresh randomness.
The requirement of trust, however, becomes an issue when randomness is used to make decisions among parties distrustful of each other, such as when competitors resort to a coin toss to settle a dispute. Who gets to toss the coin? If the parties are participating remotely, how can one verify that there was a coin toss at all?
An ideal solution would be a kind of randomness with the following three characteristics:
It comes from a verifiably trusted source.
It comes with rigorous mathematical guarantees.
It could not have been manipulated by a malicious adversary.
This kind of randomness is called Certified Randomness.
One possible way of verifying that a sequence of numbers truly came from a random source is by demanding some kind of signature or proof, perhaps embedded in those numbers itself, that could not have been faked using predictable sources. You could, for example, ask that your randomness provider only draw numbers from a specific probability distribution that is challenging to imitate using non-random sources. You could then verify that the numbers you receive came from your chosen distribution and therefore must have been truly random.
As it turns out, such a protocol is impossible to realize using conventional computers but can be accomplished using a quantum computer. ... ...
From our demonstration, we verify that at least 71,313 bits of entropy are secure against an experimental malicious adversary at least four times more powerful than the world’s largest supercomputer. Crucially, we are guaranteed randomness even if the quantum computer was acting maliciously, compromised by a third party or impersonated. The randomness our protocol generates, therefore, does not require trusting any external entity.
(from https://www.jpmorgan.com/techn... [jpmorgan.com] where the description of what they did is included.)
there's a link to their paper in Nature https://www.nature.com/article... [nature.com]
Re: (Score:3)
err... maybe should've just posted the abstract of said paper "Certified randomness using a trapped-ion quantum processor"
Abstract
Although quantum computers can perform a wide range of practically important tasks beyond the abilities of classical computers1,2, realizing this potential remains a challenge. An example is to use an untrusted remote device to generate random bits that can be certified to contain a certain amount of entropy3. Certified randomness has many applications but is impossible to achieve solely by classical computation. Here we demonstrate the generation of certifiably random bits using the 56-qubit Quantinuum H2-1 trapped-ion quantum computer accessed over the Internet. Our protocol leverages the classical hardness of recent random circuit sampling demonstrations4,5: a client generates quantum ‘challenge’ circuits using a small randomness seed, sends them to an untrusted quantum server to execute and verifies the results of the server. We analyse the security of our protocol against a restricted class of realistic near-term adversaries. Using classical verification with measured combined sustained performance of 1.1×1018 floating-point operations per second across multiple supercomputers, we certify 71,313 bits of entropy under this restricted adversary and additional assumptions. Our results demonstrate a step towards the practical applicability of present-day quantum computers.
Re: (Score:2)
True randomness sounds like chasing perfection to me.
Re:So what? (Score:4, Informative)
It is bullshit anyways. Harvesting quantum-tunneling noise has been done for half a century and it is easy, cheap and reliable. This is just another attempt to pretend somethign useful can be done with quantum computing mechanisms. It is just one more lie to that effect.
Inciodetnally, there is nothing "certified" about it. That is just another lie. That some quantum effects are "true random" is an _assumption_, and that assumption is unproven.
Re: (Score:2)
Re: (Score:3)
Totally agree, don't need a quantum computer to do this. Worked with a company in 2000 which built a random number generator with a laser, a mirror, and a photon detector, we also certified it's results. Not a big deal, been done for decades.
Even more to the point, the main CPU in every laptop, desktop and mobile device being sold today has a noisy diode-based TRNG embedded in it. Not only can true randomness be generated easily and cheaply, it is done, and at massive scale.
Re: (Score:2)
Unfortunately, no. Intel CPUs have a backdoored deterministic generator that just pretends to be secure.
Re: (Score:2)
Unfortunately, no. Intel CPUs have a backdoored deterministic generator that just pretends to be secure.
RDRAND is deterministic but it's seeded from a quantum-based entropy source. Yes, there were reports that the NSA had attempted to backdoor the deterministic part. Intel claims to have fixed it. Take from that what you will.
Re: (Score:2)
And I'll bet that device cost a hell of a lot less and was far more reliable than any quantum computer likely to exist in the next 10 years.
Re: (Score:2)
Indeed. And the PN-junction generator was available for a while with dual source and conditioner in an USB stick for $50 or so. I cannot currently find it, apparently there was not enough demand.
Using QCs to generate random numbers is a pure act of desperation intended to gloss over the fact that they are currently still not useful for anything and that this may never change.
Re: (Score:2)
Probably because so many CPUs and microcontrollers have built-in random number support now.
I would put quantum computers somewhere near Babbage's nightmare on the development timeline.
Re: (Score:2)
Yes, that is my guess as well. There simply is no need for a device like this.
Re: (Score:3)
TFA is bad article, but it seems they did do something:
As deterministic systems, classical computers cannot create true randomness on demand.
Except that most of them already do this. Every major CPU on the market includes a true random number generator, implemented with a noisy diode. The result is true, quantum-mechanics derived, randomness. The output is biased, but that's okay, I imagine this quantum computer's output is also biased. But bias is very easy to correct for with any of many "whitening" techniques, the simplest of which is just to run the data through a good cryptographic hash function, feeding n bits of noise into the hash fun
Re: (Score:2)
They don't. The paper is correct, you can't use a deterministic computer to generate random numbers. You can *measure* something random though, and you can stick that measuring apparatus on a die with a CPU.
If you want to be rigorous, I think that's what the quantum computer is doing too. There's no randomness in the quantum computation, but there is in the measurement at the end.
The key here seems to be that you can use the quantum computation + measurement combo to
Re: (Score:2)
Re: (Score:2)
Nobody is clueless about how random numbers are generated, except probably some commenters here.
The paper is pretty clear about what they're proposing. It is not "generating random numbers." It is generating random numbers with very specific properties. That is scientifically interesting. Whether it's practically interesting depends on the situation. They've proposed some fairly silly ones, like lotteries. There might be some more practical ones.
Re: (Score:2)
They've addressed the "rigorous guarantees" part. It's less trivial than the summary sounds, but it still seems like pounding in a nail with an aircraft carrier.
Re: (Score:2)
Intel and AMD processors as well as many microcontrollers have a built in RNG. I know a number of Intel flash chips used to include a RNG as a sort of bonus feature.
Re: (Score:2)
Complete bullshit (Score:5, Insightful)
Reverse a PN-junction, apply about 20V via a resistor and you get something like 50% quantum noise. Crypto-hash together generously, and what you get is no worse than the "breakthough" lie here claims. Cost? Say $20 + computer.
Incidentally, you do not need random numbers for cryptography. All you need is numbers an attacker cannot predict.
Re: (Score:2)
Re: (Score:3)
Any kind of physical mechanism has bias. This "quantum experiment" needs it too. It is however very easy to do.
As to bandwith, here is an application note from 2004 to get 100MHz high-quality zener noise for cheap:
https://www.analog.com/en/reso... [analog.com]
The only thing you need to know is that the sweet-spot for maximum quantum noise is 5.6V. Not that it really matters, thermal noise is more than good enough for even long-term crypto key generation.
Re: (Score:2)
You have demonstrated clearly that TF is useless as a scientific breakthrough if they can't articulate a real, new use case.
Re: (Score:2)
Really all you need it a resistor, great source of white noise
Re: (Score:2)
Teachnically, that is not quantum noise, so not "true random". In actual reality, the resistor is complex and unstable enough to produce high-quality "secure" noise basically forever. And remember, it does not need to be "true random" anyways. That is just marketing bullshit.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
A Zener diode is just a reversed PN junction with a selected drop voltage and that makes the design a lot simpler. But a Zener diode is not designed for low capacity of that reversed junction. Hence what approach you want to use depends. For high bandwidth (GHz), you may want to put a lot of current though this and a Zener diode is designed for that (and for cooling that junction specifically), while a NPN transistor EB-junction is not and is operated out of spec.
But it really is not hard to do and the nois
Re: (Score:3)
Reverse a PN-junction, apply about 20V via a resistor and you get something like 50% quantum noise. Crypto-hash together generously, and what you get is no worse than the "breakthough" lie here claims. Cost? Say $20 + computer.
That's a lot of text written just to tell us you didn't read or understand what they did or why they did it. Hint: Your solution doesn't meet any of the requirements they were going for.
But hey you were quick to post, and quick to ignorantly shit on other people's work so your job is done right?
Re: (Score:2)
If your local random number consumer is physically compromised, you're screwed regardless. If it isn't, circuitry to provide any amount of random numbers is trivial.
A certified remote RNG is a solution looking for a problem which doesn't exist.
dude? (Score:1)
Re: (Score:2)
Tell us you don't know about cryptography without telling us. Certified randomness has been an area of study for a while now. You not knowing what problems it solves doesn't make the problem disappear.
Re: (Score:2)
As usual, you are without insight and aggressive about it. Does that work out for you in life?
1. Generating noise with a QC mechanism is totally insane. That PN-junction process has been known for half a centory, it is reliable, well researched, well tested and very cheap and easy made redundant.
2. Remote randomness generation ia about the most stupid thing you can do. It adds a ton of attack vectors. And suddenly you have to authenticate and encrypt the transfer of random data which you are going to use fo
Re: (Score:2)
Tell us more about how amazing it is that they have managed to create an exquisitely more expensive solution than the very well working solutions we already have, which are numerous.
Re: (Score:2)
And that nicely sums it it.
Re: (Score:2)
Oh please tell us what numerous solutions we have for certified randomness? Because up until this point it's been a theoretical concept. Let me guess, you also don't understand what the article is talking about and are instead thinking about true randomness, which isn't the same thing. Hint: This isn't a story about generating random numbers, any idiot can do that. Go read the links in the summary.
Re: (Score:2)
It's not the generator that is novel, it's the fact that they can mathematically prove that the output is truly random and resilient against known attacks.
Re: (Score:2)
The "mathematical proof" goes a bit like this: Assume we have a process generating true randomness, we can proof that we can build a process on tiop of that that can generatre true randomness". Or in other words, complete bullshit. Incidentally, the same "mathemtical proof" can be built for that reversed PN junction, which happens to be an approach that is about half a centiory old and very well understood and very cheap to implement.
Re: (Score:2)
So why don't you prove that your PN junction is resistant to known attacks and rake in the cash? You can't because, as you pointed out, it's not pure quantum noise.
Re: (Score:2)
Ah, do you know how randomness and entropy works? Because it seems to me you do not. Quantum noise is not special. If you have 50%, hash two bits together with any modern crypto hash and you have as close to 100% that the difference is meaningles. Yes, you have the thermal noise in there in addition, but 100% unpredictable is 100% unpredictable and this is not a case where adding anything can _degrade_ the quality. It is a bit special and non-intuitive in that.
Anybody with some actual clue is using that PN
Re: (Score:2)
If only it was that simple. Poorly designed PN junction based systems will fail tests like Diehard and the NIST suite.
Re: (Score:2)
Nobody sane uses the raw data. It is not intended to be used that way at all. Using it wrong will obviously result in undesirable effects.
Re: (Score:2)
Even the conditioned output can experience bias with PN junctions. But that's missing the point - can you mathematically prove that *your* PN junction design and whitening is truly random? You can't, it's impossible because it depends on the physical properties of the circuit, and outside influences.
Re: (Score:2)
That is just nonsense. Properly conditioned output does not have bias. Period. This has been a solved problem for a few decades now.
And the point is not that I cannot "mathematically" prove that a PN junction design generates "true" randomness. (Incidentally, I never claimed I could...) The point is that _nobody_ can prove any such thing for any physical design, including the one from the story. People can lie about that though and that has happened here.
Re: (Score:2)
You think it doesn't have bias, but you can't mathematically prove it.
There is a reason why PN junction and most other hardware RNGs have a monitoring system - they are known to fail and introduce non-randomness, so that condition must be checked for.
Re: (Score:2)
Please stop torturing the facts. They will not start to agree with you. You are dead wrong here.
Re: (Score:3)
That's not the proof they appear to be talking about.
If I hand you a bunch of numbers you can't prove they're random. I might have generated them with a diode, or by measuring the spontaneous emission of alpha particles from my smoke detector, or by carefully generating them in a known pattern.
The thing quantum computers are good at is sampling from controllable distributions. Distributions that are extremely difficult to produce any other way. So by giving you numbers that are so distributed you can verify
Re: (Score:3)
So by giving you numbers that are so distributed you can verify that I did in fact use a quantum computer to produce them and they are therefore genuinely random.
No. You cannot. Incidentally, you just said as much yoruself. You cannot from any numbers verify that they match any distribution. You cannot from any numbers verify they were generated in a specific way. What you need to do here is ensure security (or distribution) by construction. And you do that yourself, not from some bizarre over-the-net service.
In actual reality, you just start with an unform distribution and then approximate whatever distribution you want to the precision you want it.
Re: (Score:2)
Well, you're certainly confident in your beliefs.
Re: (Score:1)
Incidentally, you do not need random numbers for cryptography. All you need is numbers an attacker cannot predict.
You just described security by obscurity. One of the consequence of Kerckhoffs's principle [wikipedia.org] is that only random numbers can be unpredictable.
Re: (Score:2)
There's a company in Cambridge, UK that says that normal random numbers top out at 0.5 on some scale or other (I forget the details). They have a 'quantum' solution that can run on an ordinary computer, which produces numbers more 0.99 randomness. These guys getting 0.99999 or even 1.0 seems like it's a theoretical win, rather than an actual one.
Re: (Score:2)
That is complete nonsense. You cannot get more than 1 bit/bit in entropy. If you have less, just hash a few bots together using any modern crypto-hash and you get the max or as good as.
Re: (Score:1)
Re: (Score:2)
No. That marketing-nonsense. You _cannot_ "mathematically" verify any property of physical reality. Not possible. Whenever somebody tells you their product is "mathematically proven to xyz", they are lying to you to make their product sound better than it is.
Incidentally, what you need is "unpredictable" for possible attackers. Also, even simple thermal noise (just read from a soundcard and hash, say, 100:1) is unpredictable in practice for anybody, even the person recording it. And no, we do not have seen
RNG Already exists (Score:2)
Re:RNG Already exists (Score:4, Funny)
Why do you hate cats?
Re: (Score:2)
Exactly.
IDQ for example has been offering photon-based quantum cryptography devices commercially for...a little over 20 years now.
https://en.wikipedia.org/wiki/... [wikipedia.org]
So TFA boils down to nothing but marketing BS. "Look, this is a breakthrough since it is the first time WE did it!"
Re: (Score:2)
Too much effort and too unreliable. The Zener-Effect is about half quantum tunneling noise at 5.6V. Cheap, reliable, easy. Here is a circuit for >100Mhz at https://www.analog.com/en/reso...
Re: (Score:2)
The problem that comes to mind is you will need some way to guarantee that the signal is not being influenced by an external EM field.
Re: (Score:2)
The problem that comes to mind is you will need some way to guarantee that the signal is not being influenced by an external EM field.
Interesting. Noisy diode-based TRNGs are found in approximately all modern CPUs. Has any researcher been able to demonstrate the ability to alter the output by applying EM fields?
Re: (Score:2)
Interesting. Noisy diode-based TRNGs are found in approximately all modern CPUs. Has any researcher been able to demonstrate the ability to alter the output by applying EM fields?
Not true. These generators are typically oscillator-based. These may be susceptible to a very expensive, very tricky and very obvious EMI attack. Or not.
Re: (Score:2)
Interesting. Noisy diode-based TRNGs are found in approximately all modern CPUs. Has any researcher been able to demonstrate the ability to alter the output by applying EM fields?
Not true. These generators are typically oscillator-based. These may be susceptible to a very expensive, very tricky and very obvious EMI attack. Or not.
Cite?
I've had conversations with CPU security engineers at most of the major SoC vendors for ARM (and now RISCV) chips, and they disagree with you.
Re: (Score:2)
Actually, you do not. You just generously overestimate the randomness input when hash-compressing it. An externel EMI cannot "drone out" the tunneling noise. This is a randomness source, not an oscillator.
JPMorgan Chase? (Score:2)
Re: JPMorgan Chase? (Score:3)
They know to hire people who know the buzzwords.
What else is necessary?
Re: (Score:2)
Nothing. They do know about getting good pess though and there are enough other idiots around that will mistakently think this is actually some kind of breakthrough.
Re: (Score:2)
They know about a lot of random stuff, apparently!
Thanks to the editors (Score:2)
Thanks for including the link to the research paper in the summary!
I generated a random number once. It was 7 (Score:1)
Feel free to use as appropriate.
There are no "truly random" numbers, in quantum or anywhere.
The act of observation entagles the observed quantity to the rest of the universe. Whatever number the rng spits out is thus by definition correlated to something else somewhere else.
Re: (Score:2, Funny)
ah yes, the obligatory
https://xkcd.com/221/ [xkcd.com]
Re: (Score:2, Informative)
https://www.americanscientist.... [americanscientist.org]
Re: (Score:2)
Improved version:
int getRandomNumber() {
return 37;
}
Re: (Score:2)
There are no "truly random" numbers, in quantum or anywhere.
The act of observation entagles the observed quantity to the rest of the universe. Whatever number the rng spits out is thus by definition correlated to something else somewhere else.
Possibly. At the very least this effect would have to be disproven to make any claims of "true" randomness. To the best of my knowledge, quantum physics glosses over this little detail at this time. Or rather when you ask an actual expert, the "true" vanishes and they say "unpredictable" and that is a whole different thing. Also, for all known applications, "unpredictable" is just fine.
Random (Score:5, Funny)
Whenever I want a random number I just add up the number of working ice cream machines at McDonalds as shown at McBroken.com. That number is truly random at any given point! No quantum this or that needed.
Re: (Score:2)
Ahhh and you've punked yourself. There's nothing random about the ice cream machines at McDonalds. In fact you'll find they only ever generate quite high numbers. You can't even achieve binary randomness with one. If I compare my local McDonalds to a coin toss one would assume they only compare if I had a double-headed coin. :-)
Re: (Score:2)
Mathematically certify? (Score:2)
Re: (Score:2)
Actyally, it is worse: They claim they can mathematically prove some property of a physical object. That happens to be impossible. With some mental judo, you can turn that "imopossible" into "meaningless" instead.
I can do science stuff (Score:2)
Quantum random numbers [anu.edu.au]
Why bother? (Score:1)
Which numbers? (Score:2)
As usual TFA is not mentioning the important information: which numbers were generated? Was 4 part of them? I have heard it was a true random number, I'd really like a confirmation!
Oblig... (Score:1)
Geiger counters (Score:2)
An algorithm? (Score:2)
Re: (Score:3)
An algorithm for random numbers? Isn't that an oxymoron?
Only on a deterministic computer.
This already exists (Score:1)
This is a joke, not a serious comment (Score:2)
Poe's law notwithstanding:
Don't you believe it! They are not "truly random." The universe was created by "Intelligent Design." God has a plan.
It's a trap! The "devil" is in the details.
Just read the paper (Score:2)
and it's rather worthless. In a nutshell, they can prove that a quantum computer was used to generate a specific set of random numbers. No problem with that. But, there is no guarantee that those random numbers weren't copied and sent to another party. So, for crypto purposes, the resulting random numbers are worthless.
ORLY? (Score:1)
Interesting... (Score:2)
I have kinda thought about a similar idea where to validate randomness, you simply take longer and longer sequences that become harder to correctly fake.
If you have a "real" vs "fake" coin flipper that tells you the results of flips, you can detect which is random somewhat easily over time.
The real random will not have statistically significant groups when you start counting occurrences of groups. Such as how many times you see "heads heads tails" and all the combinatorics of 3-flip occurrences. The real fl
Random source (Score:2)
Not a first? What about idquantique? (Score:2)
Maybe this is a first for a quantum computer, but true random quantum-generated numbers are not new. idquantique makes quantum random number generators that fit in a PCIe slot. I own one.
Re: (Score:1)
Jesus lord.
Thankyou for again explaining why you were promoted to manager.
Re: (Score:2)
Re: (Score:2)
"A long time ago" when I first learned about this stuff, the professors described algorithms used for generating them, and they emphasized that these were pseudo-random numbers. "Long time ago" means I was learning this stuff on an IBM 360 with Fortran compiler.
Things have changed since then, with greater need for "true" random numbers. But, back then, and even now, programs may not need truly random numbers so much as "arbitrary numbers", and many of these methods are more than good for that.
But, your "s
Re: (Score:3)
Long ago on a Vax 750 running probably 4.1 BSD, I took successive pairs of rand() values, scaled, took the first modulo 80 and the second modulo 24 as cursor positions, and plotted a "*". Instead of a dark and starry night, I got a dark and starry night with diagonal stripes.
What you saw is evidence of bias, which is completely unrelated to whether an RNG produces true random output. In fact most hardware quantum-based TRNGs generate biased output and if you took the raw output and plotted it somehow you'd probably see clear evidence of the bias. And if you applied standard statistical tests you'd certainly find evidence of bias. That's not a problem, though, because there are lots of excellent techniques for debiasing an entropy stream.
Note also that good PRNGs -- which a
Re: (Score:2)
Let's use some simple numbers: You have random numbers from 0-100 as your source. Now, if you pick numbers from that in modulo 24, you will get uneven representation as 24 is not a whole multiple of the range. If we claim open ended, 24 means numbers 0-23 (24 numbers) over:
0-23 : 0-23
24-47 : 0-23
48-71 : 0-23
72-95 : 0-23
96-99 :
Re: (Score:3)
There have been quite a few attacks on bad random number generation. Here is just one reference I can quote without searching because I have used it in teaching the importance of secure random number generation for cryptographic use:
https://www.usenix.org/system/... [usenix.org]