We know how to build secure RNGs in software. The one and only problem we have is that not everyone is using them.
What secure RNGs do we have that don't require an entropy source?
For 32-bit integers, 1 million bits per second is equivalent to 31,250 random integer samples per second.
For comparison, a Mersenne Twister on GPU can generate 2.9 billion samples per second and on FPGA it can generate 26 billion samples per second [1]. One can only imagine what a custom ASIC would be able to do.
So the current quantum chip RNG is roughly 100,000 times slower than GPU and a million times slower than an FPGA.
I realize that the purpose of this QRNG is cryptographically secure RNG and Mersenne Twister is not for that purpose, but I was just curious about the performance.
[1] http://www.homepages.ed.ac.uk/slig/papers/tian_AHS09.pdf
one of the best performance hwrngs atm comes in the raspberry pi.
one of the worse is that used by (old versions of)ms excel. which im still not sure if they fixed the high probability of creating extreme values.
if you need performance one of the best algorithmic pseudo rngs is in the rabbit stream cipher.
____ quantum random number generator would scare me. whats to stop the nsa from entangling it with their own hardware and controling its output (only half joking)
With classical computing, if you plug in a widget and that widget spits out a bunch of supposedly random numbers, then you have to take it on faith that the widget isn't cheating and generating highly biased output. (For example, a deterministic cryptographic RNG is almost maximally biased, but it's computationally infeasible to tell just by examining the output.)
With quantum techniques, if you are willing to plug in two devices and process their outputs a bit, and if you're willing to trust that the devices aren't secretly communicating, then you can get provable randomness. You don't even need a real quantum computer to do this. [1] You still need to trust that the devices aren't actively malicious, but you do rule out accidental implementation issues that introduce subtle correlations between output bits.
If you are using an actual quantum computer, then you can go much farther and generate uniform random bits directly and even, under certain straightforward conditions, prove that those bits didn't leak out via a side channel. This is more or less the same principle as quantum key distribution: if Alice and Bob run a QKD algorithm to generate a key (n uniform, independent random bits), they are effectively running a protocol that verifies that no side channel leaked the bits. A malicious eavesdropper is a form of side channel, so those get ruled out as well.
I know some people have been working on solving that chicken and egg problem, but -- unless there's very new work I'm unaware of -- it's still unsolved.
