On Wed, Oct 23, 2013 at 03:01:31AM -0700, Andrea Shepard wrote: > On Thu, Oct 17, 2013 at 02:39:01PM -0700, Jon Callas wrote: > > It is certainly true that radioactivity is a random effect, and is quantum > > in nature. That does not mean that in order for a random sampling to be > > quantum, it must be based on radioactivity; there are other quantum sources > > of randomness. Noisy diodes, resister noise, CCD noise, etc. are all > > quantum. > > If you want to get picky, *all* physical effects are quantum, even ones that > > aren't usefully random. There is nothing magic about one physical source or > > other that makes it more suited for crypto. Thinking that a hardware source > > should be radioactive is affirming the consequence, as well. > > Radioactivity is almost uniquely insensitive to tampering through > environmental > influences, though, owing to the large energy scale of nuclear processes [1].
I'm not at all sure "uniquely insensitive to tampering" is true against an attacker who can influence the RNGs physical environment. Suppose you're timing alpha particles, using a clock accurate to microseconds, and the attacker puts a microgram of 210-Polonium a few centimeters from your detector; you'll have an event to measure every microsecond and your detector saturates, resulting in an unending stream of 1s. A similar attack (saturating a detector which is supposed to be secure based on a "physical principle") defeats some "quantum key distribution" systems (which seem to be snake oil for the most part); for example, https://events.ccc.de/congress/2009/Fahrplan/events/3576.en.html Certainly it's possible to add complexity to the system to ensure that "everything is as it should be" and "nothing odd is going on"; this complexity negates the putatively "simple" nature of systems that are "uniquely immune" or whatever. -andy
