Source-Independent Quantum Random Number Generation

Quantum random number generators can provide genuine randomness by appealing to the fundamental principles of quantum mechanics. In general, a physical generator contains two parts—a randomness source and its readout. The source is essential to the quality of the resulting random numbers; hence, it needs to be carefully calibrated and modeled to achieve information-theoretical provable randomness. However, in practice, the source is a complicated physical system, such as a light source or an atomic ensemble, and any deviations in the real-life implementation from the theoretical model may affect the randomness of the output. To close this gap, we propose a source-independent scheme for quantum random number generation in which output randomness can be certified, even when the source is uncharacterized and untrusted. In our randomness analysis, we make no assumptions about the dimension of the source. For instance, multiphoton emissions are allowed in optical implementations. Our analysis takes into account the finite-key effect with the composable security definition. In the limit of large data size, the length of the input random seed is exponentially small compared to that of the output random bit. In addition, by modifying a quantum key distribution system, we experimentally demonstrate our scheme and achieve a randomness generation rate of over $5\times {10}^3\mathrm{bit}/\mathrm{s}$.

Popular Summary

Random numbers play an indispensable role in modern society in various arenas of finance, cryptography, and computation. However, the source of randomness in such numbers is typically a problem in a physical random number generator: The “random” seeds are not truly random and can accordingly limit cryptographic security. Here, we propose a loss-tolerant, source-independent quantum random number generator whose output randomness can be certified even when the source is uncharacterized or untrusted. We experimentally demonstrate our setup, and we achieve a randomness generation rate exceeding 5 Kbits/s.

We make use of a photonic setup that consists of a source, controlled by an untrusted party (Eve), and a measurement device, owned by a user (Alice). The setup includes an 850-nm laser source with a repetition rate of 1 MHz (which is allowed to emit multiple photons), a linear polarizer, a beam splitter, time delays, and a photon detector. We use our raw data to obtain final random numbers, and we verify the randomness of the output using two statistical tests. Moreover, we investigate the randomness generation rate for different parameters, such as the efficiency of the detector. It is important to note that while we allow our laser source to emit multiple photons, this situation may, in some cases, increase the error associated with our random numbers.

Our work opens up a new era of high-speed and reliable random number generation and randomness expansion. Consequently, we expect that our findings will have an impact on a wide range of applications of random numbers.

Figure 1

Illustration of a generic QRNG setup in which we take photon polarization as the example. $H$ and $V$ refer to horizontal and vertical polarizations, respectively. PBS refers to a polarizing beam splitter. (a) The source functions normally (trusted) and sends superpositions of $H$ and $V$ polarizations, which offer quantum randomness. (b) The source malfunctions (untrusted) and sends $H$ and $V$ polarizations in a predetermined order, which should output no genuine randomness. From the measurement result viewpoint, one cannot distinguish these two cases.

Figure 2

(a) Measurement model for SIQRNG. The quantum state first passes through a squasher and is projected as either a qubit or a vacuum. Then, the output qubit is measured in the $X$ or $Z$ basis chosen by an active switch. There are two outcomes for each basis measurement, corresponding to the two eigenstates of the basis. (b) An optical implementation of the SIQRNG in (a), as discussed in Sec. 3a. Here, Pol-M refers to a polarization modulator, PBS refers to a polarizing beam splitter, and $D_0$ and $D_1$ are the threshold detectors.

Figure 3

Source-independent QRNG with the finite-data-size effect. The results are proven in Sec. 3.

Figure 4

An equivalent protocol of source-independent QRNG.

Figure 5

Experiment setup of SIQRNG. S: laser source; LP: linear polarizer; FPC: fiber polarization controller; FA: fiber attenuator; BS: beam splitter; PBS: polarizing beam splitter; TD: time delay implemented with a 12-m fiber; PD: photon detector.

Figure 6

Relation between the phase error rate and the loss. The big error bars are caused by a very conservative estimation of statistical fluctuations and also partially by the fluctuation of experimental parameters for different losses.

Figure 7

Dependency of randomness generation rate on the loss. The data points on the figure are taken to be the lower bound of the rate, evaluated by random sampling. The security parameter is ${ϵ}_t=2\times 2^{-50}$.

Figure 8

The autocorrelation function of the raw data and the final data. The $x$ axis is the lag $j$ between the sampled data $X_i$ and $X_{i+j}$, while the $y$ axis is the autocorrelation $R(j)$ defined in Eq. (7). Data sizes of both the raw data and the final data are on the order of ${10}^7$. The autocorrelation of the final data is significantly smaller than the raw data in absolute value. Because of finite-key-size effects, the autocorrelation cannot be zero even for perfectly random strings.

Figure 9

The $P$ value of the statistical tests. The $x$ axis lists the names of statistical tests in the NIST test suite. The final data size is 91 Mbit, which is extracted from 115-Mbit raw data. To pass each test, the $P$ value should be at least 0.01, and the proportion of sequences that satisfy $P>0.01$ should be at least 96%. It can be seen in the figure that the $P$ values of all tests are greater than 0.01.