Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Certified randomness amplification by dynamically probing remote random quantum states

Minzhao Liu, Pradeep Niroula, Matthew DeCross, Cameron Foreman, Wen Yu Kon, Ignatius William Primaatmaja, M. S. Allman, J. P. Campora, Akhil Isanaka, Kartik Singhal, Omar Amer, Shouvanik Chakrabarti, Kaushik Chakraborty, Samuel F. Cooper, Robert D. Delaney, Joan M. Dreiling, Brian Estey, Caroline Figgatt, Cameron Foltz, John P. Gaebler, Alex Hall, Zichang He, Craig A. Holliman, Travis S. Humble, Shih-Han Hung, Ali A. Husain, Yuwei Jin, Fatih Kaleoglu, Colin J. Kennedy, Nikhil Kotibhaskar, Nathan K. Lysne, Ivaylo S. Madjarov, Michael Mills, Alistair R. Milne, Kevin Milner, Louis Narmour, Sivaprasad Omanakuttan, Annie J. Park, Michael A. Perlin, Adam P. Reed, Chris N. Self, Matthew Steinberg, David T. Stephen, Joseph Sullivan, Alex Chernoguzov, Florian J. Curchod, Anthony Ransford, Justin G. Bohnet, Brian Neyenhuis, Michael Foss-Feig, Rob Otter, Ruslan Shaydulin

TL;DR

This work demonstrates certified randomness amplification by remotely probing large entangled quantum states on a 98-qubit trapped-ion processor, streaming circuit layers in real time to limit classical spoofing time. By delaying measurement-basis disclosure and using random quantum circuits, the authors certify quantum randomness via XEB with robustness to malicious remote devices and adversaries in both restricted and oracle models. They embed this into a full randomness amplification protocol, combining a two-source extractor with a seeded extractor to convert block-min-entropy weak randomness into nearly uniform private randomness, achieving everlasting security under computational assumptions during execution. The practical system achieves 0.586 fidelity on 64-qubit random circuits, enabling amplification from low-entropy sources and showing how relativistic timing constraints and tensor-network-based validation can secure remote quantum randomness for cloud and multi-party use.

Abstract

Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests, constraining the feasibility of remote operation. Here we realize certified randomness amplification across a network by dynamically probing large, entangled quantum states on Quantinuum's 98-qubit Helios trapped-ion quantum processor. Our protocol is secure even if the remote device acts maliciously or is compromised by an intercepting adversary, provided the samples are generated quickly enough to preclude classical simulation of the quantum circuits. We stream quantum gates in real time to the quantum processor, maintain quantum state coherence for $\approx 0.9$ seconds, and then reveal the measurement bases to the quantum processor only milliseconds before measurement. This limits the time for classical spoofing to 30 ms and constrains the location of hypothetical adversaries to a $4{,}500$ km radius. We achieve a fidelity of 0.586 on random circuits with 64 qubits and 276 two-qubit gates, enabling the amplification of realistic imperfect randomness with a low entropy rate into nearly perfect randomness.

Certified randomness amplification by dynamically probing remote random quantum states

TL;DR

This work demonstrates certified randomness amplification by remotely probing large entangled quantum states on a 98-qubit trapped-ion processor, streaming circuit layers in real time to limit classical spoofing time. By delaying measurement-basis disclosure and using random quantum circuits, the authors certify quantum randomness via XEB with robustness to malicious remote devices and adversaries in both restricted and oracle models. They embed this into a full randomness amplification protocol, combining a two-source extractor with a seeded extractor to convert block-min-entropy weak randomness into nearly uniform private randomness, achieving everlasting security under computational assumptions during execution. The practical system achieves 0.586 fidelity on 64-qubit random circuits, enabling amplification from low-entropy sources and showing how relativistic timing constraints and tensor-network-based validation can secure remote quantum randomness for cloud and multi-party use.

Abstract

Cryptography depends on truly unpredictable numbers, but physical sources emit biased or correlated bits. Quantum mechanics enables the amplification of imperfect randomness into nearly perfect randomness, but prior demonstrations have required physically co-located, loophole-free Bell tests, constraining the feasibility of remote operation. Here we realize certified randomness amplification across a network by dynamically probing large, entangled quantum states on Quantinuum's 98-qubit Helios trapped-ion quantum processor. Our protocol is secure even if the remote device acts maliciously or is compromised by an intercepting adversary, provided the samples are generated quickly enough to preclude classical simulation of the quantum circuits. We stream quantum gates in real time to the quantum processor, maintain quantum state coherence for seconds, and then reveal the measurement bases to the quantum processor only milliseconds before measurement. This limits the time for classical spoofing to 30 ms and constrains the location of hypothetical adversaries to a km radius. We achieve a fidelity of 0.586 on random circuits with 64 qubits and 276 two-qubit gates, enabling the amplification of realistic imperfect randomness with a low entropy rate into nearly perfect randomness.

Paper Structure

This paper contains 43 sections, 63 theorems, 298 equations, 23 figures, 4 tables.

Table of Contents

  1. Experimental protocol
  2. Certified randomness amplification protocol
  3. Entropy bound in the restricted model
  4. Entropy bound in the oracle model
  5. Amplification protocol soundness
  6. Summary of contributions
  7. Delayed measurement basis
  8. Connection with quantum information supremacy
  9. Analysis of tensor networks
  10. Single-round protocol security analysis
  11. Simulation of Haar random unitaries given sample access
  12. A simplified device
  13. The analysis of a general device
  14. Further improvement in the $\log (k+\ell)$ entropy penalty
  15. Summary of improvements
  16. ...and 28 more sections

Key Result

Theorem 1

For an adversary with a quantum device with fidelity $\phi_{\rm adv}$ and a classical supercomputer whose output probability distribution is at most $d_{\rm C}$ from sampling a fidelity $\Phi_{\rm C}$ quantum computer, the $L$-round protocol using $n$-qubit random quantum circuits with a truncated X where $c$ and $c'$ are some constants depending on the protocol, $t(s)$ is an affine function in $

Figures (23)

  • Figure 1: Client-server interaction.$B_i$ is the measurement basis sent by the client in the $i$th round, and $x_i$ is the corresponding bitstring returned by the server. $T_{\rm M}$ includes the time to apply single-qubit rotations (blue gates), as well as measurement readout and communication time. The full protocol repeats the interaction $L$ times and collects $L$ samples.
  • Figure 2: Certified randomness with gate streaming.a, Average latencies (measured by the client) between sending a layer of single qubit gates and receiving the bitstring. $T_j$ is the latency for the $j$th layer; $T_M$ is the latency for the final layer specifying the measurement basis. The inset shows the frequency distribution of measured $T_M$. Error bars are smaller than the marker size. b, As the adversary moves farther from the client, less time is available for spoofing. Adversaries located beyond $c\cdot T_{\rm M}/2$, where $c$ is the speed of light, are forbidden by relativity. c, Illustration of a position verification protocol. The verifiers and the prover exchange classical information. The red circle denotes the uncertainty of the certified position of the prover.
  • Figure 3: Certified randomness amplification.a,b,c The amplification protocol. a, The client takes weak randomness as input and generates challenge quantum circuits to send to the quantum randomness server. The server responds with randomness to the client, and the client verifies the response. b, After obtaining and verifying the quantum randomness, the client combines it with additional weak randomness and, using a two-source extractor, produces nearly perfect randomness termed the ‘seed’. c, After the seed is obtained, the client uses a seeded extractor to amplify weak randomness. With the seed, the seeded extractor converts the weak source into nearly perfect randomness. This procedure can be repeated, amplifying successive outputs of the weak source with the same seed. d, Validation cost in GPU hours at different quantum device fidelities $\phi$ and sample latencies, assuming the restricted adversary with $10^5$ GPUs located at a distance $d\geq 3{,}000$ km. 'Prior work' uses the fidelity and latency achieved in Ref. jpmc_cr. 'No streaming' uses the fidelity achieved in this work and latency of $T_1$, corresponding to the measurement bases not being streamed. 'Streaming' uses the latency of $T_{\rm M}$. e, Entropy rates of the quantum randomness in the oracle adversary model for different numbers of qubits at $\mathrm{XEB}=0.586$, with and without the improvements described in the main text. f, Entropy rates of the quantum randomness in the improved oracle adversary model at $n=64$ at different achievable $\mathrm{XEB}$ scores.
  • Figure 4: Comparison between the information theoretic setting and the computational setting. a, The setting of quantum information supremacy. The classical description $x$ is exponentially long since it describes a Haar random state. The message from Alice to Bob can be quantum or classical. b, The computational setting that models our delayed measurement basis classical adversary. Unlike a, the classical description $x$ and Bob are polynomially bounded.
  • Figure 5: Numerical evidence that no meaningful precomputation is possible. a, XEB fidelity when sampling by contracting tensor networks corresponding to wrong measurement bases. b, Memory unconstrained post cost and total cost for tensor-network contraction of random-geometry circuits as a function of depth. Blue and pink plot markers indicate the mean over 10 random circuit geometries, with the associated shaded regions indicating the min and max cost obtained over those 10 circuits at each depth. Black diamond and circle indicate the optimized total cost and post cost of the challenge circuits used in this paper, respectively.
  • ...and 18 more figures

Theorems & Definitions (137)

  • Theorem 1: Informal
  • Theorem 2: Theorem 3 of Ref. kretschmer2025demonstrating
  • Lemma 3: Lemma 6 from Ref. kretschmer2025demonstrating
  • Lemma 4: Adapted from Lemma 8 of Ref. kretschmer2025demonstrating
  • proof
  • Corollary 5
  • proof
  • Definition 6: $b-\mathrm{XHOG}(\mathcal{D})$ kretschmer2021quantum
  • Theorem 7: Theorem 7.15 of Ref. aaronson2023certifiedArxiv
  • Definition 8
  • ...and 127 more