The December 2022 issue of IEEE Spectrum is here!

Close bar

True Random Numbers From Your Smartphone Camera?

CMOS smartphone cameras are sensitive enough to catch some of the quantum nature of light and turn it into data-securing random numbers

2 min read
True Random Numbers From Your Smartphone Camera?
Illustration: Randi Klett; Selfie: iStockphoto

Apple hopes its new iPhone can replace credit cards, but many fear mobile transactions are vulnerable to digital pickpockets. New research now suggests that smartphone cameras could help keep credit card data, phone calls, and email secure with just an app.

The cryptographic systems that help protect digital transactions rely on random numbers, which are used to create "keys" to encrypt and decrypt confidential data. However, "if you want to break these cryptographic systems, the random number generator is one of the weakest links," says lead study author Bruno Sanguinetti, a quantum physicist at the University of Geneva in Switzerland. That’s because computer programs are completely deterministic, designed to do things predictably, and so cannot easily generate truly random numbers by themselves.

One could produce truly random numbers by monitoring intrinsically random quantum phenomena, such as when radioactive atoms decay. Now Sanguinetti and his colleagues reveal that smartphone cameras can serve as the basis of such a quantum random number generator.

If you want to break these cryptographic systems, the random number generator is one of the weakest links

The scientists experimented with an eight-megapixel camera from a Nokia N9, which like many smartphone cameras is sensitive enough to count the exact number of photons that strike each of its pixels. They illuminated the camera with a conventional LED. Due to quantum mechanics, the number of photons most light sources generate over any given time is random. Since the number of photons the camera’s pixels detects is random, it serves as the basis of the quantum random number generator.

Photo: Animist/Wikipedia
The Nokia N9 can see true random numbers.

The Geneva-based scientists built a system consisting of the CMOS camera chip from a Nokia smartphone and a processor that used knowledge of the camera’s properties to turn the amount of charge at each pixel into a series of random numbers. (They looked into trying out an iPhone and some other models, but those did not have camera application programming interfaces that allowed access to the raw data from the pixels.)

The system could produce random numbers at up to 1.25 billion bits per second

In experiments, the system could produce random numbers at up to 1.25 billion bits per second. In a real phone, the researchers expect the system could only deliver rates of a few million bits per second, but Sanguinetti said that should be enough for mobile applications, which should only need rates of several thousand bits per second. The scientists also calculated their random number generator would have to operate more than 1096 times before any deviation from a perfectly random string of bits was seen.

This quantum random number generator could be implemented several different ways on mobile devices. One version could rely on the smartphone's camera and ambient light. Another could involve a light sensor and an LED together on a standalone chip. The University of Geneva is now looking for companies to help commercialize the technology. The scientists will detail their findings in an upcoming issue of the journal Physical Review X.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less