On Wed, Oct 23, 2013 at 03:01:31AM -0700, Andrea Shepard wrote:
On Thu, Oct 17, 2013 at 02:39:01PM -0700, Jon Callas wrote:
It is certainly true that radioactivity is a random effect, and is quantum in nature. That does not mean that in order for a random sampling to be quantum, it must be based on radioactivity; there are other quantum sources of randomness. Noisy diodes, resister noise, CCD noise, etc. are all quantum. If you want to get picky, *all* physical effects are quantum, even ones that aren't usefully random. There is nothing magic about one physical source or other that makes it more suited for crypto. Thinking that a hardware source should be radioactive is affirming the consequence, as well.
Radioactivity is almost uniquely insensitive to tampering through environmental influences, though, owing to the large energy scale of nuclear processes [1].
I'm not at all sure "uniquely insensitive to tampering" is true against an attacker who can influence the RNGs physical environment. Suppose you're timing alpha particles, using a clock accurate to microseconds, and the attacker puts a microgram of 210-Polonium a few centimeters from your detector; you'll have an event to measure every microsecond and your detector saturates, resulting in an unending stream of 1s. A similar attack (saturating a detector which is supposed to be secure based on a "physical principle") defeats some "quantum key distribution" systems (which seem to be snake oil for the most part); for example, https://events.ccc.de/congress/2009/Fahrplan/events/3576.en.html Certainly it's possible to add complexity to the system to ensure that "everything is as it should be" and "nothing odd is going on"; this complexity negates the putatively "simple" nature of systems that are "uniquely immune" or whatever. -andy