 Kaj je ten program, da je bila predjetil po režbom, da je veliko počil nekaj začne Ranhv рассказje in je nekaj idel. Vse je tegega kštela, da je posepeist, nekaj premač Antonio Arson, iz iz ICF4, če ko je tudi konečne zbija? To je bilo mat, da se juliko. Ko je kvantum, kvantum fisika, ali je su vse ampak vrata. And you'll be talking about kvantum random number generators? Yes. Okay. Thank you for the introduction. Of course, very sorry for my later arrival. I'm a bit, yeah, sometimes I'm a bit unpredictable when it comes to being on time. And the fact is that originally this lecture z Gregor Bordy, vse je sejo cihljenj iz Ajde-Kantik, iz Ajde-Kantik, je kompenija na Zvrčenju, ki sem vse sej vse z vseščenj kontofizijskel. Vseščenj informacij na vseščenj kontofizijskel. In je ne da je. Zato sem tudi in Gregor je cihljenj vseščen in je vseščenj teoretik, ki se bi ino in glasbeno, nereč sem odličeno. Zamo na naših paljih. Vse je zelo, da je je to zelo, na tukaj, takoč, ne da vse sputaj, bo je in bočet. Zelo sami odrožen. Tukaj je pa SP, zelo bi si dolge erforske vse. Vse je bilo vedno vse, mislite, da je vse obježen o težke, zato izgledajte, kaj počati svobodno vse odreči vse, neč nekaj, o kaj nosi, Inoccern je bahel da Safety Moon je poly namenil generustin svoj glasbenih papurیکih in hackersutable epolo Because That Facebook l�a dolje in But probably, I would focus more on say fundamental aspects and He may have Focused more on technological aspects, but I think. OK. I mean you can Ask questions. I think there is someone from EKON T看 sa ne archaeon . That maybe he is able to answer some of the, they can taken if there is any, but in my case, I am going to focus more on hey theoretical questions. OK good. Welcome. Who knows about quantum physics here. Tako ne za mene. Dobro. Zato ne bo nezakonim, da se včešljaj o kvantumfiziku. In da se na svoj sniči ne bo odličil kvantumfiziku, kako se v kvantumfiziku včešljaj, je to je tudi vizivne teore, nekaj v svoj svoj, na odličenih, včešljaj na njavnjih, da se vse nespečno tukaj ne završuje. when you have to deal with atoms and also when-you have to deal with lives at a vary-attinerated level at the level of single photons. Then there are some effects, I mean, already at the end of the 19th century there was some experiments for which, say Naut Frederic physics which was the theory that was able to describe what happens at this scale was unable to designing explanation. This why then people had invented in theory and this win quantum physics came. s kvetom fizičničkem, kaj ne psimo in k dasseljamo, da klasikalvisičnjal je nekaj ne ruk, ciljšno ta bore, ki da se predstavila, in da se večče, da je nekaj nekaj nekaj nekaj ne pomežen. V rečesi je z sedm njeg normovol za to, da pogodemo prejstvenje. Oče, so če sem jaz zelo v zelo v 19. sem tko se počkega tudi fizika vzela. Zelo je zelo zelo, ko je zelo v zelo v zelo v zelo. Tudi vljesej vzela vzela vzela vzela vzela je vzela. Zelo tako, da je kot kvantum fizika, ne bom ne račite vzela vzela, da se vzela, da je nekaj vzela, bo nekaj vzela vzela, da je vzela, da je zelo vzela, da je vzela kvantum fizika, Fyjtisča vseh zelo se zelo na raznev 90. s. za vrstevene, na vse zelje 20. s. Fyjtisča vseh zelo na kreskopiškega vs. kreskopiška, in drugi očin je učinil kvantum. Zelo to samo se vsega izvahne za informacije. Če so pričali, kako se zdajte, ko vsej zelo zelo na toh, tko atomi, in fotonsi, ko bodam v zelo, in da ne vič, In izvanja, da je inštačnja informacije, if these are miniaturized, we never reach the level where quantum effects become important at the moment. But we are now reaching the point where we have to deal with quantum effects, so people started wondering, what will happen when we reach this point. And perhaps the first message I want to give you is that, as you may know quantum information theory then cares about what is happening tudi se našli skupaj, da se da vse vseče obladične komputerje, tudi konquant, da se več ni odložili. Tudi nekaj ne malo kretografi, neko vseče. Vsečem sem nekaj nekaj nekaj prijel, nekaj vseče. In je tu izprončno, da se daje vseče pravne teoretice, in prihlej mi to in što je zrečil, nekaj nekaj nekaj nekaj nekaj nekaj vseče, na konquantih technologi, da se naprejše neko vseče.Cause I will see what remains after quantum information theory. But as a theory something that I learned with quantum information theory. Is that it's a change of paradigm in the way we understand information. So before quantum information theory. I'm a physicist but I also have a degree in telecomcastion engineering. If you had asked me whether a change in the physical laws that we used to describe information implies a change in the way, in the applications we can do with this information. ta pripočila, tako je različ, sem sem imela prej, ne varma izvolj, ko so bilo našelas, ispatne informacije in teori, da je bez vse z vse, sk Pripe informacije in teori, sem da potreber, z naprej tudi, kako robir, na nekaj vse ne z stveer? Svetu je in več vse začne. Samo bilo vse za predbija vse. Da pa so, ko je bolja, ker se pripr�도, vse da bilo z naprej vse, ki se začimo po videou. Ha, to je prejvšen informacijan vse porand. Jedno z srečih bilo tako dativimi, tako drženom štešnjem izm이에요. Ok, izgleda je štje na posljaritost. Tarko, da dovolj pošli, a ja pošli se, nekaj informacija ne bi dopoljila v vzniku, in potem in čekaj ne pripoživamo v zelo klasike vziv, ne bi njimšil. Tarko, zelo informacija njimšilo vzina, in to gentlemeni. Ok, taj zelo, ne kar tam vziv, Since you encode information on some particules and you use some devices and these devices are described by different physical laws, you can do things that are possible with these devices that are not possible in our current devices described by classical physics. So, I think there is a change of paradigm in which now physics matters. And we have new rules because we have new devices and we have new physical laws. Če so tudi poživati, da imamo što tudi komputer, in zelo tudi bo drugi začelično svar, in poživati, da je bilo tudi začeljno tudi začeljno svar. In dolgo je to, če je tudi začeljno svar, svo je bilo tudi, da se počešno začelično svar izgleda in bilo vse vse, kako tudi začelično, in na mojjej koji je, da bi imaš tudi začeljno, češno svar, kako je tudi začelično svar izgleda vse. Zato sem izgleda, da je tudi začeljno svar, In kot vse je zelo, da je izgleda odloženja, da je informacija in teori, da se tukaj počutimo, lahko vse vse zelo, da vse zelo, in vse zelo, do zelo prijeljno z informacijne teori. Tukaj, ven sem izgleda, da zelo v skradi, da se prišli, da se tako dvije vredaj vzelo. Tukaj, ne se vredaj vzelo, da se veče in pa vzelo, da sem vse prišli, da se vzelo, prišli. Zato sem razlizna vzelo, da se izgleda, more physical approach, OK? There is a user that hasDJ device. Usually, any random generator is a device that produces beats, symbols. There is a user, which has this device. This device may have some quantum particles inside. I don't really care. You can see, just as just a black box, and this box gives beats, OK? So, we want to certify somehow the user wants to certify these beats are random. To je jako svoje. Nekaj ne bo, da si neko konplenuje, sprav me, kaj si da so. Wi sem bil bil inštela v都i. To je moja definicija. In kaj si poznani, bi se kompleme. Sreč sem, da vse vse masne, z tem, in vse, ne so prav, si nezavljanje. Nezavljanje so, kaj si nezavljanje, nezavljanje. Nezavljanje so, do vsej, to je vsej, a vsej, za kaj poslije vsej, da je se zdaj, da je naša vsej, da je vsej se tako vsej. S tudi imam vsej, da je ne v svoj poživno, da je oto vsej, ko pa je vsej, in nekaj jo tato da je naša vsej, da je svej, ko je naša vsej, da je vsej, da je zelo vsej. To je moja definitivna. I sem tudi, da je zelo, da je definitivna. Mi se nači, da je tukaj tez, In tudi je to tez Ranin. U njenih materijalij vsefvistice. In z nekome čezanje z viti na sebe, igratem od nekome trponu za квартиr. Zato, da mi je zelo zelo zelo zelo za hatrej. TAKON, da voljim, da to je Ranin, nekome česk je tez sa postupi. Proto, da je sebe po neto komend, sve, da je rover. In ka da so pošli in sebe. Zato je, da mi pa potrebo naredaj, vsepočno. Čistak je, ki je, da zdo srešt in zelo, da sebe sebe na vsebe, cryptography, which I think is one of the main themes in this conference. Well, if I somehow I can certify that these numbers are unpredictable, if I use them in my location and I assume that my location is secure, then these randomness will be private and useful for cryptographic applications. Because my possible enemy, who is outside me, who can be a possible observer, cannot predict these outputs and then I can use them because they are effectively random. Ok, so this is why, with this definition I have the definition of randomness, guarantees that these symbols are private to anyone else but me. Ok, so, well, you see, I'm a theorist, so I will start by this. So if you take this definition of randomness, what you can prove is that to certify that something is random is impossible, only with this definition, ok, from scratch. Well, because, I mean, if you think more, even from a philosophical point of view, you can never falsify, I mean, an hypothesis in which you say that everything has been written in advance and someone has a description of all what is going to happen, ok, and being super fundamental in this sense, ok, but in principle there can be a theory, even the big bang, where someone has written all what is going to happen, including what I'm saying now. Ok, so if I want to prove randomness, I have to make some assumptions. It's a triviality, maybe what I'm saying, ok, but I need assumptions. Ok, so any protocol for randomness generation must be based on assumptions. Again, I think it's trivial, but let's start with something that I guess we all agree on. Ok, so, I didn't attend the school, I'm sorry for that, but I guess many of the people talked about assumptions for randomness that are based on what I call computational security. And I think many applications in classical cryptography are based on computational security. And basically what you do, that the possible observer that is outside your lab has a bounded computational power. For me, this is a perfectly valid assumption, ok, and this is what defines. Again, then in this approach of computational security, I can prove randomness because I assume that my enemy who wants to predict the staff has a limited computational power. And because of this limited computational power, this person cannot predict the output that is going to be generated by my device. Again, please correct me, because I'm trying to say things to people who know more than me about this, ok. But this is my understanding of computational security, ok. So, you make an assumption, whoever is there has a bounded computational power. Ok, sometimes you have to be careful with this, because if you think about it, this is not the assumption that you use to prove that something is random, ok. Because basically, for instance, if you think about cryptography, there is a very famous protocol that is called RSA, because this is not randomness, but it's based on factoring. But there is no proof that factoring is hard, ok. This is, again, a belief. So, actually, the assumption is not that the observer's computational power is limited, but the assumption is I believe that the problem is hard. And this is based on the fact that many deep thinkers try to solve this problem for decades and they fail. Again, for me, this is a valid assumption. Based on this assumption, you prove that something is secure or random. Ok, me, as a quantum information theories, I will tell you that some of these protocols, some of these problems that were believed to be hard are easy for a quantum computer, but then you can say, ok, my assumption is that there are no quantum computers today. Fine, then your stuff is secure, it's random. So, there is always a level of assumptions, ok. And a good thing about computational security is that it's cheap, because mostly you use software. I'm not going to tell you about computational security, I'm going to tell you about physical security, ok. This is where a guy like me, ok, comes here to tell you things, ok. Otherwise, this would have never happened before. So, in quantum cryptography, most of the protocols, and basically all quantum random generation protocols that I'm aware of, are based on physical security, ok. So, the assumption, you don't make any assumption about whether your enemy has computational, bounded computational power. What you assume is that the devices, including the devices by your enemy, have to satisfy some physical laws. In this case, quantum physics. So, whatever your enemy does, this enemy cannot break the laws of quantum physics. Again, this is an assumption. I can believe that some computer scientists are more happy with computational assumptions than physical assumptions. Me as a physicist, I'm happier with assuming that quantum physics is correct. But again, it's a matter of taste. So, already many years ago, I chose physical security because I'm a physicist. But if you don't like it and you like computational security, this is your decision. So, the reason why I like it is because you don't have to make any assumption on this superpower, but you only assume that her actions, ok, don't contradict quantum physics. And then, based on this assumption, you can prove that the scheme is secure under these assumptions. But of course, one thing that happens is that the implementation of this scheme is often more demanding, because you have to deal with quantum particles. These are atoms. Atoms are very fragile, so it's, well, I mean, it's more expensive. Ok, so my talk is going to be about physical security, random number generations based on the assumption that quantum mechanics is correct. Ok, so when I say before that I want that some numbers are random because in any observer, now I can make this a bit more precise, so what I demand is that these are not the random numbers should be unpredictable to any physical observer. Ok, so any physical observer whose actions are constrained by the laws of quantum physics. And this is how I want to prove or certify or, yes, that something is random. And, ok, I like very much this joke because I think it represents some of what you are, maybe you have seen this joke before, ok. But we all want to do, maybe here we are fighting for the same, no. So there is this Dilbert, there is a famous cartoon and she is the random number generator and of course he wonders whether this is random, ok. This is what we like to do, ok. You can think of my previous plot as this is the user and this is the device that produces random numbers and this guy wants to make sure that this is random. Ok, so we want to certify whether anything like this is possible. Either by computational assumptions or by physical assumptions. Ok, good. My talk is going to be about physics, ok. I will use no equations. I think I will use concepts that you are familiar with because you have a scientific education, I guess. And very little of quantum physics. So if we think even fundamentally about whether randomness exists in classical physics, ok. So let's try to use physics. Is there any place where we can get randomness in classical physics? Well, the answer is no, ok. Fundamentally it's not. I'm gonna say about practical randomness. I understand that if you monitor, I don't know, the movements of a mouse of a user or temperature fluctuations in a given day, this might be quite unpredictable. But from a fundamental perspective these things are not random. Ok, why? Well, because all the randomness there comes from a lack of knowledge, ok. You don't have a good description of what I'm going to do or what the temperature is going to be tomorrow, ok. So this is, no, there's a typical example of the roulette. You cannot predict, but if you improve your knowledge about the speed and position of your ball and you have a good model about the roulette where the randomness is decreased. Ideally you can decrease it up to level zero. You have an ideal description of your initial position and speed of the ball, ok. So in this sense, from a fundamental perspective there is nothing like pure or intensive randomness in classical physics. Because if you give me the initial description of my particles, initial positions and velocities you take the Newton laws you run, you solve the Newton laws and you can compute everything. It may be demanding, but remember I don't want to make any assumption about computational power. Ok, so in this sense I mean, from a fundamental point of view randomness, if you want to use classical devices it's just a consequence of ignorance, ok. Because your knowledge about your initial conditions are not perfect and this is why you cannot predict what is going to happen. So these are some problems sometimes because you may believe that something is random but your knowledge about some conditions but your enemy may have maybe not perfect knowledge, may have better knowledge about these initial conditions and you think that something is completely random but this enemy has a better knowledge about these initial conditions and something that looks random to you is not fully random to your enemy simply because maybe the enemy has a better model to predict meteorology tomorrow, weather forecast. Let's say you use weather forecast maybe your enemy has a better model and he can make a better model and a better prediction for the things that you consider that are random. Again, if you want to use them it's fine, I'm just saying things that happen, ok, from this point of view and there is a famous quote by Laplace who was one of the fathers of super determinism that tells you that if you know everything at the initial moment you can predict the future with certainty. This seems philosophy, I mean then later I will tell you more scientific things, ok. Ok, so if you stick to this paradigm of physical security and you want to prove things based on physical laws we know that classical physics is not the place to go. Again, you can do practical things but if you want some sorts of randomness in nature classical physics is not the way to go so let's go to the quantum regime. Ok, so these are the slides by Grégoire but before going to the quantum regime then I will tell you a bit of things about quantum physics I've seen that some of you know about quantum physics now I will use a whiteboard so if I can get some light here can I ok Ok, so why is quantum physics random as opposed to classical physics so what I was telling you is that in classical physics when you look at the theory there is nothing like randomness in the theory, ok. So the theory tells you fix the initial conditions solve these equations of motion and you will find the solution in a deterministic way Probability comes from ignorance but in the theory as such I mean if you open a textbook on classical physics there is nothing like randomness In quantum physics you open a textbook in quantum physics and already in the first equation or second already the randomness appears Ok, so why is it so? You go to say any textbook in quantum physics and many textbooks in quantum physics start with a list of postulates Ok, so they tell you how the theory is constructed Again these are postulates you assume the validity of these postulates because these postulates are satisfied in every experimental lab Ok, it could be that one day they would be proven to be wrong but today they describe how nature behaves Ok, so what this quantum physics describes is a system, ok and what quantum physics tells you is that you have a physical system as it says to this physical system there is a Hilbert space Why? We don't know but quantum physics tells you that you associate to every physical system you associate a Hilbert space and it's a Hilbert space for simplicity I will take in a finite dimensional space and it's a complex Hilbert space Ok, so this is physics and what the theory tells you is that to any physical system you associate a Hilbert space Ok, so this is postulate one to every physical system quantum physics associates a Hilbert space Good I guess you all know about the Hilbert spaces So then the theory tells you that the state of this physical system is a vector in this Hilbert space I don't know how you write vectors Ok, it's just a vector in the quantum physics you write it like this Ok, but this is nothing by a vector in the Hilbert space Ok, so in this case a state of my system will be a vector So d components complex components that define a vector This is a state of my system Yes, sorry Well, it's nothing that d numbers complex numbers Ok, this is just a vector So you have a system and you want to describe with quantum physics what you have to specify are you know that your system has a given dimension say numbers, for some other system you need more numbers ok, you need a description of numbers and these numbers are the component of this vector that lives in this Hilbert space This is postulate number one of quantum physics Now the postulates also tell you the things you can do with these systems, so you can measure a quantum system So there is this system here that can be a part quantum particle and atom and you are going to measure a property of this system And a measurement is just I will write it like this in the box So this particle you send it into a measurement and this measurement gives you several outputs For simplicity I will take the same number of outputs Ok, so this is what happens in reality You measure a property and it tells you that the property is equal to one, two, three, whatever So postulate of quantum physics tells you a measurement is described by a basis in this Hilbert space So you will have up to vd linearly independent actually and orthonormal vectors Ok, so these vectors again Ok, the green one seems to work better Ok, so I hope you understand what I am saying here is that the measurement is given by a basis in this Hilbert space super trivial algebra Ok, so these are vectors that are orthogonal and normalized to one Again, this is postulate number I don't know, it depends on the number in quantum physics But this is the first pages of any textbook Ok, now you say Ok, what happens when you have a system whose state is described by this vector in the Hilbert space and you make a measurement something that happens in many laboratories in the world Ok, so what are you going to observe here So again, quantum physics tells you Ok, you are going to see that these outputs satisfy a probability alone and the probability of getting ok, I will call the result R the probability of getting result equal to I when you send the state V is equal to the V I tensor V square Ok, this is what the theory tells you So the probability of serving a given result here, say result I ok, so here I had several results the probability of serving one result here I when I send a system in state V is equal to the overlap ok, the scalar product between these two vectors squares Again, you say why Well, this is what quantum physics tells you and this is what describes seems to describe physics in the atomic scale It's not that you like it or not but this is what describes physics Ok, so you see already from the very beginning the theory tells you that this is probabilistic there is nothing like this in classical physics I mean, if you go to a textbook nothing tells you the probability of serving this will be something So quantum physics already from, say at it's post too late level at postless already starts with some probabilities So for instance let me take the simple example you have which is a system of dimension 2 this is sometimes called a qubit because it's like a bit, but a quantum bit so what can be a state in this system the vectors are normalized this is a possible state of my system state is normalized I forgot to say so this is a possible state of my system and now let's see what happens when I make a measurement so a measurement I need to define a basis you see, this is a basis for this hyperspace of dimension 2 so what the theory tells you is that if you prepare a state of dimension 2 in this state and you make this measurement on your particle this sounds like algebra, but this is physics I can give to do a lab and prepare this state and make this measurement then you will get result can you see this or I'm sorry is it because too small is only the color color I can see there ok ok, I'm just here writing an example ok, you have the vector which is 1 over square root of 2, 1 over square root of 2 this is normalized, ok, this is a possible state of your system and you make a measurement as I say a measurement is defined by a basis so the basis vectors are 1, 0 and 0, 1 they are orthogonal so what's the probability of getting result 1 is equal to 1 square root of 2 1 over square root of 2 1, 0 square 1 half ok so this is a perfect coin let's say now for instance this, ok, can be a situation where you have, what is I'm using, I'm not using physics but for instance if you want to have a physical realization of that you know that the atoms have a spin it's called so this is a degree of freedom atoms have and actually spins in most of the cases is described by a hyperspace of dimension 2 so this state that I'm writing here, if you want a physical realization is a spin pointing in the x-direction so a spin is, you can see it as an arrow that can be pointing in any direction so this corresponds to a spin pointing in the say x-direction so a spin can be any direction in r3 so this is spin pointing in the x-direction so you can now take a particle and you align it's spin along the x-direction and this measurement that I'm showing here is measuring the spin along the z-direction so you put a magnetic field and you align along the z-direction so you send the x-particle the spin x-particle to this apparatus and you can see maybe you have seen this I saw this so you send this particle with the spin in the x-direction and you apply this magnetic field in the b-direction and then you can see that the particle can go either here or here and this happened with probability 1.5 so this is just the physical description of what I'm saying here but again as it happens with say information theory, I can give you many other realizations of these physical realizations that happen to satisfy this property for instance another one is like you take light and you take a single photon of light quantum of light you can prepare in a given polarization and you can make a polarization measurement and you will see that the light goes either in one detector or another detector So in this setup where you prepared the nitron and measured it if your machine is a degree off are you going to see it so it's half to as accurate as you can prepare your equipment exactly, this is a very good question and I will use this of course to do that I have to make sure that my machine is doing this because it could be that I think my field is aligned in the z-direction but actually it's a bit misaligned so what is happening is that this is not 1.0 but it's another basis element which is cos theta sin theta where theta is very close to 0 and this will be minus now let me see should I do this cos right now I think no, yes, of course yes, now the orthogonal where this theta is very close to 0 so I believe that it's pointing in the z-direction but actually this angle can be related to the direction of the B field which means that this won't be 1.5 I will mention this but what the theory tells you that you are sure about your preparation and about the measurement you implement it's not ignorance you have the best possible preparation in your theory and the best possible measurement it's not because it's noisy it's just because the theory tells you the predictions with probabilities I understand that you may not like this I didn't like it when I was a student I never liked quantum physics no one likes quantum physics there is a famous quote by Richard Feynman he can safely say that nobody understands quantum physics so Richard Feynman won the Nobel prize he was one of the best physicists we had last century so even Richard Feynman didn't like quantum or didn't understand so no one understands quantum physics so it's counterintuitive precisely this sort of reasoning for instance Einstein also disliked a lot quantum physics and there is this famous quote he does not play dice god does not play dice so this is another valid option you may say I don't like quantum physics so I don't want to buy any device based on quantum physics again this is a matter of taste but if you accept quantum physics and I can tell you that quantum physics passes any experimental test in any lab everyday then this is the truth about how atoms behave at the moment and this is correct for these physical devices so the question we want to use this sort of randomness and again if you go to a book on classical physics you will never find anything like this everything is deterministic of course if things are noisy we don't have preparation you don't know but here in quantum physics I'm not saying that something is noisy I'm just saying that you are really preparing the state of the spin point in the x direction and you are really measuring the z direction and this is what the theory can tell you about no more than this you can think like the theory contains some sort of intrinsic which is not associated to ignorance of your theory so within the theory the best you can say is to make a prediction in probabilistic terms so for instance what Einstein thought at that time was that that was showing that quantum theory is some sort of effective theory effective theory so there might be another theory that goes beyond quantum physics where this randomness disappears so how randomness disappears in our classical work we always say this is random if I had knowledge about these variables then I could make a deterministic prediction ok maybe this is from an inferential point of view I need a super computer for that but in principle if I have this knowledge I can make a deterministic prediction so Einstein thought that in quantum physics the problem is that there is another theory with another variables that we don't know today and once we know this theory and we know what he called hidden variables then all the randomness of quantum physics disappears because we will be able to ok ok so this is what the theory tells you so for instance what you can do and this is some of the what quantum, what idekantik does ok so what you can do for instance based on these analogies you can try to implement this sort of quantum coin in the lab ok so a possible way of doing it is like you take off ok this is ok but a possible way of doing it is like you take light and you prepare single photons of light ok this single quantum of light we can do this ok and you send this light into a mirror that has transmissivity equal to one half and you put here a detector ok so you send the photon and the mirror has transmissivity one half you can now I'm assuming that I can do all these things perfectly yeah right so you have this mirror that is perfectly transmissivity one half and then quantum physics tells you well the photon can be either transmitted or reflected with probability one half so you have this quantum coin and this is because it's based on quantum physics ok and then the company idekantik they make products based on this principle ok so now if I go to the slides hello ok it's coming ok so these are the slides that Gregoire sent me I've never given this talk don't tell him please but he's a good friend so he will forgive me ok so you see here in the picture they are doing what I was telling you ok so there is another way of seeing ok so there is this sort of light light bulb is not a sort of single photons ok but it's just a way of representing this so there are ways of preparing single photons and then they send it into this mirror and you see they detect either here or here and then it goes and this is the way they generate random bits ok he rise through the random we will come back to that later ok so the thing is that well speed is good but of course I mean say the random number generators based on software are much faster than this technology ok they achieve good speeds because this is from a technological point of view this is not so difficult ok and actually I think what they do basically I don't know the details but what they record is how a LED that emits light where it goes to this detector or this detector this is what the way they generate the random numbers ok and well they can miniaturize and they can make products out of this ok so it's reliable I'm sorry but ok they can make products based on this idea ok so here you have the quantities and this is the speed that you can get and of course the applications ok and of course what they had also was something nice is that they have interaction with Mattias who is a a physicist working in Zurich who is a guy who is very powerful has very powerful computational skills so they made some test to test the autocorrelation and make statistical test over the generator random numbers and actually they implement some extraction processes to distill the randomness to the output ok so they have some reduction because this extraction but I think you also know about randomness extraction ok you just implement ok you know more than me I'm sure about it ok they got patents for that and lately what they are also considering and I think this was based on a paper that was published by the group of Nikola Gizan in Geneva so they are using exploring other schemes where what you do you shine light on a camera ok and you record where the light goes ok and the nice thing about this because even mentioned in the paper is that you may think of using a mobile phone ok for that ok but for that he is the right guy to ask questions about these technological solutions ok but all these technological solutions are based on light at the quantum level and because we think the light at the quantum level is described by Hilbert spaces and by quantum physics and quantum physics the equations you have probability in the equations ok and this is why you believe it is random and a way of then going to this regime to guide the light from the led to the screen that is detecting where the photons are collected and then you apply an extractor and some classical post-processing on the data to distill the quantum randomness that is there ok so this is all what I am going to say about Ideconti ok about technology I am going to focus more on randomness and so since I am a theorist and I work on randomness I will tell you that this is the right way to go and to use quantum randomness and this is something that may happen in the future and which is a novel approach to quantum random generators which is related to some of the points that were mentioned in here so remember one of the remarks you had was what happens if this direction of the magnetic field for instance I was telling you is not the one I thought it was not 1001 but it has an angle which you can never exclude my random properties are based on my perfect knowledge about the conditions of my experiment and the second one was related to this comment by Einstein whether there exists a theory that goes beyond quantum physics and if I had knowledge in this theory I could make probabilistic predictions deterministic ok so now I will tell you in my view as a sort of outsider what are the problems with solutions for random number generation so the first thing, the first remark is that in a way of course as a quantum physicist I like the solutions of quantum randomness based on photons going into a mirror and things like this but if you think about it it's just one more physical random number generator ok in one case you base this random number generator in meteorology in another case you base in quantum physics I prefer the ones that are based on quantum physics but it's similar to the physical random number generator and I see several problems with all these solutions including also the sub-work ones so the first problem is certification so what do idekantik and other companies that sell quantum random generators do they give you a device and they tell you this is a quantum random generator and you say ah very good thank you and they say how do you know that it's random they say we pass all statistical tests that exist today well I think for a quantum physics this is very unsatisfactory ok well why because we have classical system that pass all statistical tests so you are not telling me that it's hard so if I want to believe that this solution is quantum I have to trust the provider so I have to go to idekantik and then they give me a box and they say this is quantum and you say I really why and they tell you because I tell you ok so these are what you can do then you go back to your lab and you run the statistical test and they pass them but we know that classical solutions also pass the statistical test so I don't have any way of certifying that something is say quantum random as a user of course the provider if I trust them they tried their best and they were using single photons they were using quantum effects but me as a user I only get a box ok but I don't have means of certifying that something is quantum first thing then even frankly speaking to me when I see this test they are nice but do we really understand what they mean perhaps you can tell me having a device that passes this statistical test I'm not sure how much it tells about the random properties of course it means that some patterns are not there and of course now the example I like for that is random do you know about this random number generator this you can find in Wikipedia ok this was a random number generator that was used in the 60s and it was random ok but then I don't know there was a day where someone had the idea of taking three numbers produced by this random number generator and plot them in an XYZ plane and then he found this pattern of course this is not random because there cannot be such a pattern these numbers were not random and the day after this guy had this idea they were not random anymore but this is insane come on it doesn't make any sense ok so this was a statistical test frankly speaking I don't buy them for randomness ok if you don't pass them then this is a problem but if you pass them I'm not very happy with this so I think we need ways of certifying randomness and in the case of quantum solutions certify randomness with tools that are satisfied by classical solutions ok the second thing is privacy ok for that I will illustrate this with some sort of academic situation but it's important which is what I call the memory stick attack so imagine you are convinced after my lecture that quantumness is something super good for random number generation and you want to make business out of this ok so you say ok I know this is my business plan I will make a virtual casino this is cheap, I only need to make a web page I only need a good random number generator but I want to make it really random and I know this guy told me about quantum so I will do it with a quantum random number generator ok so you come to me then I know that you want these random numbers for your virtual casino so what I do before you come and I have quantum stuff so I take these single photons I send them into the mirror I detect the clicks, I generate these random numbers but then what I do I copy these random numbers into a memory huge memory, I know what's your computer power ok so I take a huge memory and then I put this memory into a box I paint it in fancy colors I write quantum random generator I charge it twice because it's quantum so you take this box and you say well I'm not sure if he was fully reliable so you know I'm Catalan we have the reputation we like money a lot so you know that I'm Catalan so you say ok I better check if the guy is trying to cheat me or not so you generate the random numbers and you check with this test and of course these numbers that are produced by the device will pass any test because let's say I use quantum physics to generate them so you say ok good so you use the random numbers and I wait for this moment to be large enough so that it pass your test I am assuming that I have some knowledge about your computational power why because the numbers are random to you but they are not random to me because I generated them in advance this is why if you remember my definition of randomness I demand unpredictability to anyone this is an academic situation but if you go to a company what they sell you is a box and unless you open the box you will see a laser detector it may be that the laser sends light the detector forgets about this light and produces an output that was recorded so you can open the detector and maybe you see there ok there is a lot of things that may go I understand this is a bit paranoid because here you are thinking that you are buying your random number generator from the enemy but again what this is telling you is that you need to put trust on your provider and dedicate the issue and the last thing is related to the comment that was mentioned before the properties of these random numbers depend a lot on the physics of my devices I like a lot of physical security but this is also a weakness because at the very end whether my device is good or not will depend on whether I can prepare a mirror with transmissivity 50% if I don't prepare a mirror with transmissivity 50% as random as I thought so again you have to put a lot of trust on your provider as really prepare this mirror with this 50% transmissivity and again it can be that the provider is a nice person is not the enemy as in the memory stick attack but maybe his knowledge about what's going on in the device is not perfect there may be many ways in which the devices behave in a different way as you model them and if your enemy buys these devices and it has a better knowledge about how these devices behave maybe he can predict better this so imagine you think that it's 50% the enemy buys and sees that in the mirrors that were used by the company actually there is a small deviation then this enemy will have a better modeling of the devices and will have a better knowledge of the randoms that were apparently random so this is the property that I call device dependent so things depend a lot on the physics of your devices this is a weakness physical security is very nice but when you depend a lot on physics this is a problem as you see, say here I was saying many things about trust so you go to the provider you trust that he has prepared a quantum solution that he has put a mirror of 50% transmissivity and so on and this may seem paranoid that the provider has made some mistakes or even is your enemy but perhaps you are aware and some of the documents reveal that some devices that were used and even approved by NIST were not secure so NSA was pushing NIST to use some devices knowing that they could hack them so there is an issue there with certification that is not only quantum physics cryptography cares about certification ok, so just to summarize what I have said until now so what I told you is that I gave you a definition of randomness to anyone, not only the user that has access to the device but to everyone who can be there then I told you that within this definition there is a paradigm of physical commutational security but I didn't discuss anything about this because I am not an expert and then I told you about physical security so in physical security the user that has the device and every possible person that is outside that may be connected with this device the actions of all the people in the game are limited and are described by a physical theory in this case quantum physics then I told you that classical physics is not good for randomness that in quantum physics we have a source of randomness which is given by the postulates of the theory so I told you that based on these postulates you can make devices there are companies that sell these devices and then I told you that I see some problems with these devices which are you depend a lot on the property of your devices you cannot guarantee that the numbers are private that could not have been generated before you and also the certification is based on these statistical states that I don't really like so now let's try to see what we can do with quantum physics and if we can solve any of these problems so what I will tell you about is that if you have the previous situation where you have this observer user then you cannot solve any of these situations again the only thing you can hope for is what we already have so we can only make randomness if we specify what is happening inside the box like the box there is a single photon and a mirror with transmitted one half and this like this so you cannot solve these problems with a single box and this is because from an outside perspective a box that produces output you can describe with classical physics in quantum physics only if I say no no I know that this box is quantum and actually I know that this box is producing photons that are going to a mirror and so on only if I make modeling and hypotheses about my box I can certify that something is random but from the outside I can never do anything like this yes, okay, but there might be things like I don't know, maybe the detectors have some memory effects say, okay and there are some patterns that I only see when I I mean of course bias this is something very easy to notice but let's assume that the detectors when they click maybe it takes some time for click again the other click, but there might be memory effects that introduce some patterns in your signal and these patterns are not checked by the statistical test okay, so this is I mean there are many things that can happen and you never see from just the outside okay, so I will move to two systems, okay so actually my lecture is going now to be about physics but you will see why I made this theory about physics because we will solve some of the issues that you mentioned so what I will use is something that we have in quantum physics that is the fact that correlations between devices quantum devices I can get correlations that I cannot describe with classical physics so I'm not going to tell you how but I can tell you actually I will tell you a bit about this that there are some I don't only have one device but I have two devices, me as a user you see the red box is the user so then you can get some effects that are possible within quantum physics that are possible in classical physics okay, so this is my new scenario me, I'm the user before I had one box, now I will have two boxes in my secure location and there will be an enemy there and I will check here what are the correlations between these boxes what's the probability that I see I can tell you more about this but I don't have time to enter about these details so it will be more qualitative explanation and why I know that things are not possible in quantum physics in classical physics so this is what I'm going to tell you about I'm going to give you a crash course on bad inequalities that I will use for randomness this is the most amazing thing in quantum physics so you won't understand what I'm saying because nobody understands I mean you will understand the math because it's super simple I mean intuitively I don't understand what's going on here and this is what Einstein didn't like this is precisely the point that Einstein disliked about quantum physics so it's a very simple situation so let's imagine now let's forget about quantum physics let's just think about what can happen in nature let's imagine the following experiment so I don't know I have a source or someone has a source and this source prepares particles pairs of particles one here and one there and these particles are sent to another person who makes a measurement another person who makes a measurement we can even think of the following I take two people in the audience and I send one person to a room and the other person to a different room where they cannot communicate we can make this experiment we don't need quantum particles for that so this source is me who sends these two people to different rooms I take Jean Paul I send it upstairs and I take you for interest you are here now when they are upstairs you ask two questions they are going to say one and two so these two questions you can think of whatever do you want color red or green they are just I can ask two questions so for instance I can leave in the room I can put a shirt and some trousers that can be red or green so my question is shirt or trouser and the choice by the person who is in the room is red or green so when Jean Paul goes there I tell him take the shirt that you want and he can take the red or the green something I can say maybe no trousers I don't know, hat it can be red and green he chooses what he wants to do once in the room I will label this choice of my question by one and two so one can be for a trouser or hat and two for a shirt plus one and minus one this is a convention but I can always do that so what I do I keep these people in these rooms and I keep forcing them to make choices sometimes they say plus one sometimes minus one as they want and I even allow them to before they are sent to the rooms to agree on a strategy so they can say if they ask me about question one I will say plus one if they ask me about question minus one I will say about question two and I will say minus one they can even write a piece of paper if they don't have good memory just saying what they are going to behave is the game clear? it's super simple so I send them to these rooms and I keep asking questions and they keep telling me plus one, minus one as they wish, as they agreed in advance so what I will do at the end I play this many times I compute this expression here so A1 is question one and A2 is what he told me when I ask question two can be plus one or minus one and B1 and B2 is the same for the other person who stayed here super simple just plus and minus one so in classical physics these are just measurements I have this particle and I interrogate this particle now it's a person but it can be a particle ok, I measure this quantity tell me what's the result so these values A1 and A2 can be plus and minus one this is the only possibility well if you put plus and minus ones here I can tell you the only values you can get are plus and minus two there are many ways of proving this the simplest one is to put all possible assignments so for instance let's assume that all of them are one this is plus one plus one plus one and this is minus one it is plus two ok good so if I repeat the experiment it may be that this varies from plus two to minus two but on average it will never go beyond two because at most can be two so if I repeat the experiment on average it will be at most two ok, I guess everyone follows what I'm saying super trivial mathematics this again I can do with two people from the audience I can give with two particles ok, now you go to quantum physics and while you do you prepare one of these spin one-half particles you send them here you make some measurements, I can forget about this what I'm telling you is that there is a state of quantum particles where you can make some measurements you make this experiment, you ask these questions sometimes one, sometimes two you get plus one and minus one and you get a value which is two squared of two that is larger than two so how come quantum physics manages to do that I don't know ok, so there are experiments where you can make this what this means is that before these guys are sent to the rooms what they can do they can prepare this state of the particles John Paul can take one of the particles you can take the other particle you can go to this room with the particle they get my question depending on my question they make a measurement and depending on the result of the measurement they choose one of the colors they can do this so if you see that the value of this expression then will be two squared of two it won't be two if you are not surprised by this so you must be surprised because I don't understand and this is what Einstein did in line this is where it was proven that Einstein was wrong so there is something wrong but of course it's not the mathematics the mathematics is super simple it's plus and minus one so what is failing here why things are not correct the only assumption I made is that these values for question one and question two were predetermined in a deterministic way and since I violated this it means that this assumption cannot be correct so these values are not predetermined so they are random and just follows from the fact that you violated this expression and this expression you see I can compute from the outside I don't need to make any modeling of my devices I don't have any buttons and recording outputs and I see if this condition is violated and if it is then I know that what is inside is quantum because with classical physics I can never have a value larger than two and on top of that I know that these values were not predetermined so they are random so our proposal and not only ours but some other people what we think is that the right way to do randomness is to do it in this way because you certify your randomness with a test that is not satisfied by classical devices with classical devices I can never go beyond two and you can certify that things are random just to summarize this is sometimes called the violation of these quantities here is sometimes called non-locality they are called bell inequalities so what happens is that we don't know that things are random and moreover this is something that is impossible with classical physics because in classical physics quantities are assigned from the very beginning so the only value you can get is two so you know also that devices are quantum so here is the solution we propose for that so you go to the provider remember the memory stick you have this view to casino you don't ask me one box to generate randomness you ask me two boxes and you check whether you violated one of these conditions because there is no way of doing this with classical physics and you can also certify and I will very briefly tell you how that things are random and as I said the good thing about this I don't have to make any modeling the provider will have to do things so that they violate this condition but me if quantum device so if you want another way of seeing this is that if someone gives me a box what the randomness I see is because the guy did the right things in the device or maybe it was something noisy here this randomness can only come from a quantum origin and the reason why we can do that is because we have techniques within quantum physics but for that you need a bit of machinery where from this bell violation remember I was telling you that what you expect is to get a value equal to two but you can go up to two squared of two from this we can get the amount of randomness in the output so you see the curve is it has this form but it's quite natural because at the point where you get two this is classical physics I can always do with you staying here and you going upstairs I can always get two of course I cannot certify any randomness I get zero bits but as soon as I enter the region where I violate I start having some randomness this two squared of two I was telling you about I get one random bit and the only reason why I can know that this is random is because again I assume quantum physics I assume the validity of quantum physics I know that this region here is just impossible with quantum physics so if my provider is a quantum person that cannot violate quantum physics it's impossible that the provider even if he was my enemy the provider has prepared some boxes that give this amount of violation and where the random is zero where he has fixed everything because if he has fixed everything in the box the most I can see is two as I just proved you so if I see the larger than two he hasn't fixed everything so there is some randomness and we can even bound the amount of randomness so in this proposal you forget about statistical test so you get these two boxes you compute this which is just a number and then you take this curve and from this curve you have this amount of randomness measured by entropy and then you apply some randomness structure to the solution ok, this is in my opinion the right way to go but it's more demanding ok, with the boxes it's easy to see but you have to make this experiment ok, you have to make this with a commercial product this is not so easy it's possible, but it's not so easy so for instance we collaborated with an experimental group what they did in this experimental group they prepared two atoms so they had two atoms in these two boxes and they had these two atoms into what is called separate traps so they trapped the atoms in two places and they were making these measurements here and asking the results they were giving us, they were in the states they were making the experiment at the end of the day they were giving us a number here and they were able to tell them ok, you generated some output that had this amount of entropy they didn't make the extraction they could tell them that because they observed a point here we could certify that they had this amount of randomness assuming that everything was going on was quantum physics so they didn't have to send us the details of the devices what was the frequency of the atom trap they only had to send us the amount of the expression for this observable they didn't have to specify anything about what they were doing of course they had to care about the details so you can think of them as the provider but us as a user we only needed to get this value of this number I hope it's more or less clear what I'm saying it's a bit tough for you because ok, and again I think this is the right way to go and some people are adopting this and I think it might be adopted in technology advances so for instance, if you go to NIST so this is the National Institute of Standard Technologies they care about randomness generation they want to produce good randomness and certify that it is good randomness and they have something that is called a randomness beacon where they generate randomness, public randomness that you can use so if you, I don't know hopefully it's not going to happen to you but if you get married and you get divorced and you want to see who keeps the dog then it will be generated by NIST tomorrow you trust them, ok, this would be random so they are having this source of public randomness and what they use at the moment is just solutions that you are more familiar with so they don't use any quantum solution but they are really, what they say I mean you go to the web page in this randomness beacon what they tell you is that unpredictable values are not possible in any classical physical context this is what I was telling you and what they want to do is to use quantum effects to generate a sequence of truly random values ok, and when they tell ok, this is what they are exploring at the moment they are not doing this way but they have a project to incorporate truly quantum effects to generate truly random numbers and when you see what they do they have these two particles and this bell test that I was telling you about ok, so this is the thing I mean it's within reach for some people it cannot happen that now you would get the chip based on these ideas but people are seriously considering this option because again in the context of physical security it has some nice advantages the certification is purely quantum it's device independent you don't have to care about how you align things as a user you simply see if this number is above 2 it's random and with this I'm about to conclude so I said many things I used to say many things in my talks so here are the take home messages sometimes but I don't like and I think we also learn quantum information theory sometimes people see it as a fight between quantum information theory and classical information theory I think this is not the right way to go so I think quantum information theory for cryptography offers you a different range of solutions you don't have computational security you have physical security if you like it you go for it if not you stay with computational security me as a physicist I prefer physical security because it's just different it's just physical security so the assumptions are different so I don't think there is anything better or worse I mean there are solutions based on assumption in this case the assumption is whatever the devices are on earth they are described by quantum physics and the protocol is secure because if it's not secure it means that someone is doing stuff against quantum physics so then I told you about devices that can be based on quantum effects and what I tell you is about this idea here of the photos going into the mirror so there what you use is this description of quantum physics in terms of probabilities that you can find in a textbook so you don't need any good knowledge of quantum physics after university you take the first pages of any textbook in quantum physics you understand what's going on and what you need for quantum random energy generators and this is what commercial solutions for quantum random energy generators use and then I spend more time on my stuff which is this new approach to I'm sorry for that which is based on this correlation between these two devices why? because it's only when you study correlation between the two devices where quantum physics really differs from classical physics it's only there where you show that Einstein was wrong so this bell in equality now I come back to what you were asking prove that the dream of Einstein of finding a theory that is complete is restored it's not possible if you follow this bell in equality reasoning this is what it proves I conclude and I come back to the question because I was this is a new solution that it's been explored maybe it will be adopted by NIST and this is important is much more demanding than what is now in the market this is why NIST and some labs are doing these things now I will go back to your so there is nothing wrong what is wrong is my quantum physics doesn't violate any information theory we use information theory for that so what is wrong is precisely this assumption so if you see here so you can think of the following usually the way we used to think about correlations is like they know they are going to be asked in question 1 and 2 so the way we think is that they wrote in a piece of paper what the answers are going to be so these things were written in advance predetermined and they go so this is what is not true in the experiment you can think that it is not true because in the experiment you cannot ask the two questions at the same time in quantum physics you cannot measure spinning the z and acceleration at the same time so I will ask Jean Paul if I take a hat or a shirt but I will never ask the two but they might be asked about the two they might be asked about the two because they don't know about this so the only way we know is that in this case since you are going to be asked about the two you have to write the two in the piece of paper when you go but someone in quantum physics this is what we don't understand the particle give this it's like the answer I don't know how to convey this idea because it's not intuitive but produces the output when you ask it it's not written in the particle but somewhere it's produced at the moment but you cannot ask the two questions in the quantum particle but the possibility that I can do one thing or the other so this is yes yes so it's not the language that we use is standard information theory but dealing with conditional probabilities but we never have so it doesn't exist a joint probability distribution for A1 and A2 it does not exist but you never have access to this object in the experiment because you never ask A1 or A2 you ask either about A1 which is the probability of the output given that the input was 1 or A2 which is the probability of the output given the input was 2 and 2 at the same time and this is why there is nothing like this so it's just standard information theory now perhaps if I can say something this is a solution now if you like these sort of metaphysical philosophical discussions let's say let me just spend a bit of time of course the reason why this works is because when they go to the rooms they know that they might be asked about any of the two answers but they don't know which one so this means that they cannot predict which question they are going to get so the question they are going to get is random to them so there is some circularity in the argument because I need to assume some more that my choice of the question is random so from a fundamental perspective this is as close as we can to prove that things are random but of course we need to assume that questions are going to be asked because they know the question they are going to be asked they can say oh I know I'm going to be asked about one so I write the solution maybe I'm going a bit too far just say that it's important the fact that they don't know which question they are going to be asked in the room of course the machine will always work because the provider will give me these two boxes with two buttons and he doesn't know in advance which button I'm going to press because if he knew but nothing and this is I think this has to be clear I mean quantity of this is weird but it doesn't change mathematics or information theory I only deal with conditional probability distribution or plus and minus one let's say with my convention no, I need to have this choice between one and two because if I don't have any choice what the provider can do it can generate experiment in advance copy everything into the boxes and this is what is produced so it's precisely by the fact that the provider doesn't know what I'm going to do that he cannot write this because if he had written these things then this value will be bounded by two and as I see that this value is larger than two he cannot have written these things in the boxes also because he doesn't know about what I'm going to do so don't expect to understand I hope that you understand the logic of the argument but don't think ah it's very intuitive but it is not so what is necessary for you is that if you want that your choice is not known by the person who prepared the source you call it this random I mean you can make it if you give me the boxes but if I always took the left option no, sure, sure, sure of course so it's necessary first in the experiment you need to compute these four numbers so if you want to compute these four numbers it means that sometimes you have to press button one and sometimes you have to press button two otherwise you cannot compute this first thing now as I said if you know in advance how you are going to choose between these two numbers then I can, since you know that it's not, I don't have to write instructions before the two possibilities I only have to write for the one so what I have to assume is that somehow the provider has no access to what my choice is going to be in advance again it's an assumption again if you don't like this assumption don't buy this solution that's what I wanted to say I think it's not worse and bad I think it's good to stay the assumptions and with this you prove the security or randomness of solution yes