Table of Contents
Fetching ...

Fully passive quantum random number generation with untrusted light

KaiWei Qiu, Yu Cai, Nelly H. Y. Ng, Jing Yan Haw

TL;DR

This work addresses a practical vulnerability in source-device-independent QRNGs by removing the requirement of a perfectly balanced beam splitter in the measurement stage. The authors extend the SDI framework to arbitrary beam-splitter reflectivity $r_0$, derive a lower bound on the conditional min-entropy $H_{\min,r_0}^{\text{SDI}}(X|E)$ under worst-case Eve inputs, and implement a real-time, off-the-shelf prototype. The experimental results show certified randomness across a range of $r_0$, achieving $R_S \approx 0.350$ Gb/s with a composable security $\epsilon=8.12\times10^{-13}$, validated by NIST tests and robustness against intensity-based attacks. This indicates a practical, fully passive SDI-QRNG suitable for real-world quantum-safe applications, including QKD and post-quantum cryptography, with potential integration into ASE-based and PIC-based platforms.

Abstract

Quantum random number generators (QRNGs) harness the inherent unpredictability of quantum mechanics to produce true randomness. Yet, in many optical implementations, the light source remains a potential vulnerability - susceptible to deviations from ideal behavior and even adversarial eavesdropping. Source-device-independent (SDI) protocols address this with a pragmatic strategy, by removing trust assumptions on the source, and instead rely on realistic modelling and characterization of the measurement device. In this work, we enhance an existing SDI-QRNG protocol by eliminating the need for a perfectly balanced beam splitter within the trusted measurement device, which is an idealized assumption made for the simplification of security analysis. We demonstrate that certified randomness can still be reliably extracted across a wide range of beam-splitting ratios, significantly improving the protocol's practicality and robustness. Using only off-the-shelf components, our implementation achieves real-time randomness generation rates of 0.347 Gbps. We also experimentally validate the protocol's resilience against adversarial attacks and highlight its self-testing capabilities. These advances mark a significant step toward practical, lightweight, high-performance, fully-passive, and composably secure QRNGs suitable for real-world deployment.

Fully passive quantum random number generation with untrusted light

TL;DR

This work addresses a practical vulnerability in source-device-independent QRNGs by removing the requirement of a perfectly balanced beam splitter in the measurement stage. The authors extend the SDI framework to arbitrary beam-splitter reflectivity , derive a lower bound on the conditional min-entropy under worst-case Eve inputs, and implement a real-time, off-the-shelf prototype. The experimental results show certified randomness across a range of , achieving Gb/s with a composable security , validated by NIST tests and robustness against intensity-based attacks. This indicates a practical, fully passive SDI-QRNG suitable for real-world quantum-safe applications, including QKD and post-quantum cryptography, with potential integration into ASE-based and PIC-based platforms.

Abstract

Quantum random number generators (QRNGs) harness the inherent unpredictability of quantum mechanics to produce true randomness. Yet, in many optical implementations, the light source remains a potential vulnerability - susceptible to deviations from ideal behavior and even adversarial eavesdropping. Source-device-independent (SDI) protocols address this with a pragmatic strategy, by removing trust assumptions on the source, and instead rely on realistic modelling and characterization of the measurement device. In this work, we enhance an existing SDI-QRNG protocol by eliminating the need for a perfectly balanced beam splitter within the trusted measurement device, which is an idealized assumption made for the simplification of security analysis. We demonstrate that certified randomness can still be reliably extracted across a wide range of beam-splitting ratios, significantly improving the protocol's practicality and robustness. Using only off-the-shelf components, our implementation achieves real-time randomness generation rates of 0.347 Gbps. We also experimentally validate the protocol's resilience against adversarial attacks and highlight its self-testing capabilities. These advances mark a significant step toward practical, lightweight, high-performance, fully-passive, and composably secure QRNGs suitable for real-world deployment.
Paper Structure (24 sections, 3 theorems, 46 equations, 9 figures, 5 tables)

This paper contains 24 sections, 3 theorems, 46 equations, 9 figures, 5 tables.

Key Result

Theorem 1

A certified SDI ($m$, $\kappa$, $\epsilon_{\text{fail},m},\epsilon_C$)-randomness generation protocol can be processed with a random seed of length $h+l-1$, where $h=mb$ and $b$ is the ADC's bit resolution, via Toeplitz randomness extractor to produce a certified SDI random string of length $l$ give that is $\epsilon_C$ complete and $\epsilon_l$ secure, where $\epsilon_l = \epsilon_{\textnormal{ha

Figures (9)

  • Figure 1: The schematic of the SDI-QRNG setup. An untrusted light $\hat{\rho}_E$ (assumed to be fully controlled by an eavesdropper, Eve) enters the QRG, where a fiber beam splitter of reflectivity $r_1$ reflects some of the light for the certification measurement at PD-C. The remaining light enters the randomness generation measurement stage with a fiber beam splitter of reflectivity $r_0$. Upon passing the test, randomness is generated via a difference measurement between PD-A and PD-B. Finally, the randomness output is sent for randomness extraction to produce hashed random bits which are close to being uniformly random with respect to Eve. PD: photodetector.
  • Figure 2: $H_{\min,r_0}^{\text{SDI}}(X|E)$ for $m=1$ measurement is computed with $r_0\in[0.5,1]$ at a fixed $\epsilon_{\text{fail}} = 10^{-20}$. The inset figure presents the changes in $H_{\min,r_0}^{\text{SDI}}(X|E)$ with respect to $r_0\in[0,1]$ at a particular optical power input of $1.31$mW.
  • Figure 3: Probability distributions (with binwidth of ENOB) for acquired difference measurement (blue bin), computed unbalanced DD (green dotted-line) and extended SDI protocol (orange dotted-line) at $r_0=0.7$ with $2.57$mW of optical power.
  • Figure 4: Schematic of Eve's light intensity operation. A fiber beam splitter of reflectivity $r_E$ is inserted between the honest source $\hat{\rho}_H$ and the measurement devices so that Eve can input her light source $\hat{\rho}_E$ into the QRNG. PD: photodetector
  • Figure 5: Experimental results for the light intensity verification. The blue experimental data points are the passing probability of the certification test, along with its error bar. The theoretical estimate is plotted in blue line.
  • ...and 4 more figures

Theorems & Definitions (5)

  • Definition 1
  • Theorem 1
  • Lemma 1: Lemma 1 in drahi2020certified
  • Lemma 2
  • proof