February 24, 2021
Researchers at the Nippon Telegraph and Telephone Corporation (NTT) have realized the first high-speed quantum random number generator (QRNG※1) that is built on realistic quantum devices.
A QRNG is a quantum device that exploits the probabilistic nature of quantum measurements (※2) to generate genuine random numbers. These random numbers can be quantum-safe in the sense that their unpredictability can be certified even if an adversary correlates with the QRNG in a quantum manner. Previous high-performance QRNGs require fully characterized quantum devices. Therefore, they are subject to security loopholes when only realistic devices exist. Although there are QRNGs that are secure with realistic devices, they need to run for a long time to accumulate sufficient randomness (※3). This results in high latency from the initial request to the delivery of the requested random bits. It is desirable for real-world applications to realize QRNGs of low latency, high rate and high security. In this work, by developing an efficient method for certifying randomness (a collaborative work with the researchers at the National Institute of Standards and Technology) and by measuring the arrival time of an optical pulse with time-bin encoding (※4) we show that every 0.1 seconds a block of 8192 quantum-safe random bits can be generated, enabling low-latency high-rate performance. Further, our scheme guarantees the practical security with realistic quantum devices.
This work was published in the online-only journal Nature Communications on February 24, 2021.
Random numbers are generated by a process or device termed the random number generator (RNG). The device output is a random number, if that output is unpredictable and uniformly distributed. The unpredictability promises that the output cannot be determined before running the device, while the uniformity ensures that the output will take each possible value with the same probability. Sometimes, we also require random numbers be private such that only the user of the RNG can learn their values. Random numbers are extremely useful in many scientific and real-world applications including numerical simulation, statistical sampling, gaming, and cryptography. One can obtain apparently-random numbers that exhibit some but not all the properties of random numbers via classical processes such as coin flips; however, any classical process is fundamentally deterministic (※3) and so cannot generate genuine random numbers. For this reason, we need to develop quantum random number generators (QRNGs).
Quantum mechanics offers many opportunities for generating genuine random numbers. For example, a genuine random bit can be generated by preparing a qubit (※5) in an equal superposition (※6) of its two basis states (※2) and then measuring it along that basis. Moreover, in contrast to classical processes, quantum processes generate certifiable random numbers based only on measurement observations with verifiable physical assumptions. Therefore, research efforts are going worldwide into realizing QRNGs. However, either the current QRNGs perform poorly (in terms of the rate achieved or the latency required for generating random numbers), or the assumptions underlying these QRNGs cannot be verified such that the practical security of the generated random numbers is not guaranteed. See Table 1 for detailed illustrations. For practical applications, it is important to devise a QRNG that performs well and at the same time ensures its practical security. This work reports such a QRNG for the first time.
To illustrate the performance of their QRNG, the researchers consider a specific request for a block of 8192 quantum-safe random bits with a security error bounded by 2-64≈5.4×10-20. In the ideal case a QRNG will produce perfectly random bits that are distributed uniformly and uncorrelated with the adversary, while in practice the produced random bits can deviate from the perfectly random bits. The security error quantifies the maximum deviation of the actually produced bits from those produced in the ideal case, and it should be set at the request of random bits. The results presented in Figure 1 demonstrate that every 0.1 seconds the QRNG developed by the NTT can certify more than the number of requested random bit; the request is thus satisfied successfully. Further, this QRNG can be compared to other state-of-art QRNGs, as summarized in Table 1.
A photonic time-bin qubit is a stable qubit encoding information on the arrival time of a single photon (※7) and widely used for quantum communication. This qubit can be prepared in a basis state where the photon stays in a specific time position (top of figure 2) or a superposition state where the photon stays in both time positions simultaneously (bottom of figure 2). If we measure a photon prepared in a basis state onto the superposition state, the measurement result would be perfectly random in the ideal case. For a secure QRNG, we require not only the measurement on the superposition state but also the measurement on the basis state; the researchers used an unbalanced Mach-Zehnder interferometer (※8) and two single-photon detectors (※9) for these measurements, realizing a simple scheme of QRNG (figure 3).
The randomness in measurement results with respect to a quantum adversary is directly determined by the guessing probability (i.e., the maximum probability that the adversary can correctly guess the measurement results). The higher the guessing probability, the less the randomness in the measurement results is. Quantum probability estimation (QPE) is a theoretical method that estimates an upper bound on the guessing probability. This method requires a physical model of the QRNG considered. To ensure the practical security of the QRNG using realistic devices, the researchers included several imperfections in the light source and the measurement apparatus into the physical model appropriately. Furthermore, QPE can estimate the guessing probability more efficiently than other available methods, enabling low-latency QRNGs.
The low-latency high-rate QRNG developed in this research is well suited for realizing a continuously-operating, high-security and high-speed quantum randomness beacon. A quantum randomness beacon is a server that repeatedly produces fixed blocks of fresh, certifiable, public random bits. These random bits have many applications such as for zero-knowledge proofs (※10) and election audits (※11). Another future development is to reduce the size of the developed QRNG such that it would become feasible to fabricate compact products. These would contribute to the realization of communication networks with high security enhanced by quantum technologies.
|Title||A simple low-latency real-time certifiable quantum random number generator|
|Authors||Yanbao Zhang, Hsin-Pin Lo, Alan Mink, Takuya Ikuta, Toshimori Honjo, Hiroki Takesue, and William J. Munro|
|Journal||Nature Communications (2021), DOI: 10.1038/s41467-021-21069-8|
|Announce date||24th February 2021, 10:00 London time (GMT)|
Information is current as of the date of issue of the individual press release.
Please be advised that information may be outdated after that point.