April 29, 2015 feature
Quantum random number generator combines best of two approaches
(Phys.org)—Science is a discipline that often seeks order and patterns in the world around us, but randomness also has its uses. Random numbers are a vital tool for areas such as cryptography, computer simulations, and statistical analysis. Generating long strings of truly random numbers is surprisingly difficult, yet necessary for achieving good performance and high security in these applications.
One way to generate random numbers involves taking advantage of the randomness inherent in quantum systems known as "quantum noise." Quantum random number generation (QRNG) procedures often involve single-photon sources. Since single photons are usually emitted at random times, it is impossible to perfectly define the number of photons emitted in a given time, which results in measurement uncertainty and randomness.
Current QRNG approaches fall into two categories: device-dependent and device-independent. Device-dependent approaches, which are used by all commercial QRNGs, require a detailed knowledge of the functioning of the devices used in the protocol. They generate random numbers at a very high rate (4 million random bits per second) at a level of security that is much higher than that of classical pseudo-random number generators, but based on assumptions that are difficult to verify.
On the other hand, device-independent approaches do not require the same knowledge of the devices and offer even stronger security, but their practical implementation requires complex, state-of-the-art setups that can only achieve very low rates of random number generation.
In a new paper published in Physical Review Letters, physicists from the University of Geneva have developed a protocol that offers an intermediate approach to QRNG: it requires only a few general assumptions about the devices, but not a detailed model of their functioning. Its performance rate (23 random bits per second) and security are also in between the device-dependent and device-independent approaches, but like the former, the protocol can be implemented with standard technology.
"The main significance of the work is probably to investigate the certification of random number generation in a scenario where the devices suffer from technical imperfections, but are not maliciously conspiring against the user," coauthor Nicolas Brunner at the University of Geneva told Phys.org. "That is, a scenario somehow intermediate between the standard device-dependent one, where devices are assumed to be well-characterized, and the 'more paranoiac' device-independent case, where an adversary could in principle have prepared the devices."
The key improvement of the new protocol is that it is self-testing, meaning it can provide a real-time estimate of the randomness of the experimental photon data, as measured by the entropy. It can also distinguish this genuine randomness from other sources of randomness such as technical imperfections. When the amount of genuine randomness is known, then the raw data can be post-processed appropriately to generate strings of random numbers.
To demonstrate the self-testing ability, the researchers simply switched off the air conditioning in the room. Because quantum systems such as single-photon sources are so sensitive to their environments, the change in temperature impacts the alignment of the optical setup and the randomness of the emitted photons. The system could immediately recognize the change in randomness so that more post-processing could be applied, guaranteeing the continued generation of high-quality random numbers.
Overall, the new protocol offers a simplified QRNG method that, while not achieving rates as high as that of commercial QRNGs, delivers higher security without the need for a detailed characterization of the devices. This combination of features could prove useful for future applications.
"Randomness is a very important resource for many applications," Brunner said. "However, the certification of randomness is still an important challenge, that is, to be able to estimate how random the output of some device is based on simple and verifiable assumptions about the device.
"Our goal is to develop better schemes, which are easier to implement and that achieve much higher rates. The main objective, however, is still to find the scenario offering the optimal trade-off between security and ease of implementation."
© 2015 Phys.org