skip to main content
research-article

Quantum Leap and Crash: Searching and Finding Bias in Quantum Random Number Generators

Published:12 June 2020Publication History
Skip Abstract Section

Abstract

Random numbers are essential for cryptography and scientific simulation. Generating truly random numbers for cryptography can be a slow and expensive process. Quantum physics offers a variety of promising solutions to this challenge, proposing sources of entropy that may be genuinely unpredictable, based on the inherent randomness of certain physical phenomena. These properties have been employed to design Quantum Random Number Generators (QRNGs), some of which are commercially available. In this work, we present the first published analysis of the Quantis family of QRNGs (excluding AIS-31 models), designed and manufactured by ID Quantique (IDQ). Our study also includes Comscire’s PQ32MU QRNG, and two online services: the Australian National University’s (ANU) QRNG, and the Humboldt Physik generator.

Each QRNG is analysed using five batteries of statistical tests: Dieharder, National Institute of Standards and Technology (NIST) SP800-22, Ent, Tuftests and TestU01, as part of our thorough examination of their output. Our analysis highlights issues with current certification schemes, which largely rely on NIST SP800-22 and Diehard tests of randomness. We find that more recent tests of randomness identify issues in the output of QRNG, highlighting the need for mandatory post-processing even for low-security usage of random numbers sourced from QRNGs.

References

  1. J. G. Rarity, P. C. M. Owens, and P. R. Tapster. 1994. Quantum random-number generation and key sharing. Journal of Modern Optics 41, 12 (1994), 2435--2444.Google ScholarGoogle ScholarCross RefCross Ref
  2. André Stefanov, Nicolas Gisin, Olivier Guinnard, Laurent Guinnard, and Hugo Zbinden. 2000. Optical quantum random number generator. Journal of Modern Optics 47, 4 (2000), 595--598.Google ScholarGoogle Scholar
  3. ID Quantique. 2010. ID Quantique White Paper - Random Number Generation using Quantum Physics. (April 2010). http://www.idquantique.com/wordpress/wp-content/uploads/quantis-whitepaper.pdf.Google ScholarGoogle Scholar
  4. Darren Hurley-Smith and Julio Hernandez-Castro. Quam Bene Non Quantum: Identifying Bias in a Commercial Quantum Random Number Generator. Unpublished full-text manuscript from ResearchGate. Presented at Real World Crypto 2018, Zurich, Switzerland. http://bit.ly/2AOoiGF. ([n.d.]). Accessed: 2018-11-08.Google ScholarGoogle Scholar
  5. Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, and Nicko Van Someren. 2013. Factoring RSA keys from certified smart cards: Coppersmith in the wild. In International Conference on the Theory and Application of Cryptology and Information Security. Springer, 341--360.Google ScholarGoogle ScholarCross RefCross Ref
  6. Xinzhe Wang, Futian Liang, Peng Miao, Yi Qian, and Ge Jin. 2016. 10-Gbps true random number generator accomplished in ASIC. In 2016 IEEE-NPSS Real Time Conference (RT). IEEE, 1--4.Google ScholarGoogle ScholarCross RefCross Ref
  7. Oto Petura, Ugo Mureddu, Nathalie Bochard, Viktor Fischer, and Lilian Bossuet. 2016. A survey of AIS-20/31 compliant TRNG cores suitable for FPGA devices. In 2016 26th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 1--10.Google ScholarGoogle ScholarCross RefCross Ref
  8. Michal Varchola and Milos Drutarovsky. 2010. New high entropy element for FPGA based true random number generators. In International Workshop on Cryptographic Hardware and Embedded Systems. Springer, 351--365.Google ScholarGoogle ScholarCross RefCross Ref
  9. Abdelkarim Cherkaoui, Viktor Fischer, Alain Aubert, and Laurent Fesquet. 2013. A self-timed ring based true random number generator. In 2013 IEEE 19th International Symposium on Asynchronous Circuits and Systems. IEEE, 99--106.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. R. Sivaraman, Sundararaman Rajagopalan, and Rengarajan Amirtharajan. 2020. FPGA based generic RO TRNG architecture for image confusion. Multimedia Tools and Applications (2020), 1--28.Google ScholarGoogle Scholar
  11. IQ Quantique. 2017. IDQ Random Number Generation. IQ Quantique, http://www.idquantique.com/random-number-generation/.Google ScholarGoogle Scholar
  12. Bundesamt fur Sichterheit in der Informationstechnik. 2013. Evaluation of Random Number Generators Version 0.10. Technical Report. Bundesamt fur Sichterheit in der Informationstechnik.Google ScholarGoogle Scholar
  13. Krister Sune Jakobsson. 2014. Theory, Methods and Tools for Statistical Testing of Pseudo and Quantum Random Number Generators. Dissertation.Google ScholarGoogle Scholar
  14. Pierre L’Ecuyer and Richard Simard. 2007. TestU01: A C library for empirical testing of random number generators. ACM Transactions on Mathematical Software (TOMS) 33, 4 (2007), 22.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Scott A. Wilber. 2020. Entropy Analysis and System Design for Quantum Random Number Generators in CMOS Integrated Circuits. [White Paper] Retrieved on 3 June, 2020 from https://coreinvention.com/files/papers/Pure_Quantum_White_Paper.pdf.Google ScholarGoogle Scholar
  16. M. Reznikov, R. De Picciotto, M. Heiblum, D. C. Glattli, A. Kumar, and L. Saminadayar. 1998. Quantum shot noise. Superlattices and Microstructures 23, 3–4 (1998), 901--915.Google ScholarGoogle ScholarCross RefCross Ref
  17. Michael Wahl, Matthias Leifgen, Michael Berlin, Tino Röhlicke, Hans-Jürgen Rahn, and Oliver Benson. 2011. An ultrafast quantum random number generator with provably bounded output bias based on photon arrival time measurements. Applied Physics Letters 98, 17 (2011), 171105.Google ScholarGoogle ScholarCross RefCross Ref
  18. Thomas Symul, S. M. Assad, and Ping K. Lam. 2011. Real time demonstration of high bitrate quantum random number generation with coherent laser light. Applied Physics Letters 98, 23 (2011), 231103.Google ScholarGoogle ScholarCross RefCross Ref
  19. Robert G. Brown, Dirk Eddelbuettel, and David Bauer. 2018. Dieharder: A random number test suite version 3.31. 1.Google ScholarGoogle Scholar
  20. National Institute of Standards and Technology. NIST SP800-22 Revision 1a A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-22r1a.pdf 16:53 21/05/2018.Google ScholarGoogle Scholar
  21. George Marsaglia and Wai Wan Tsang. 2002. Some difficult-to-pass tests of randomness. Journal of Statistical Software 7, 3 (2002), 1--9.Google ScholarGoogle ScholarCross RefCross Ref
  22. J. Y. Haw, S. M. Assad, A. M. Lance, N. H. Y. Ng, V. Sharma, P. K. Lam, and T. Symul. 2015. Maximization of extractable randomness in a quantum random-number generator. Physical Review Applied 3, 5 (2015), 054004.Google ScholarGoogle ScholarCross RefCross Ref
  23. John Walker. 2018. Ent. A Pseudo-random Number Sequence Testing Program. Retrieved from https://www.fourmilab.ch/random/ 16:52 07/08/2018.Google ScholarGoogle Scholar
  24. Ziyong Zheng, Yichen Zhang, Weinan Huang, Song Yu, and Hong Guo. 2019. 6 Gbps real-time optical quantum random number generator based on vacuum fluctuation. Review of Scientific Instruments 90, 4 (2019), 043105.Google ScholarGoogle ScholarCross RefCross Ref
  25. Saptadeep Pal, K. K. Soundra Pandian, and Kailash Chandra Ray. 2014. FPGA implementation of stream cipher using Toeplitz Hash function. In 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI). IEEE, 1834--1838.Google ScholarGoogle ScholarCross RefCross Ref
  26. Bingjie Xu, Ziyang Chen, Zhengyu Li, Jie Yang, Qi Su, Wei Huang, Yichen Zhang, and Hong Guo. 2019. High speed continuous variable source-independent quantum random number generation. Quantum Science and Technology 4, 2 (2019), 025013.Google ScholarGoogle ScholarCross RefCross Ref
  27. Kinga Marton and Alin Suciu. 2015. On the interpretation of results from the NIST statistical test suite. Science and Technology 18, 1 (2015), 18--32.Google ScholarGoogle Scholar
  28. Walter Anderson. 2018. A Study of Entropy. Retrieved from https://sites.google.com/site/astudyofentropy/background-information/the-tests 13:30 09/07/2018.Google ScholarGoogle Scholar
  29. Darren Hurley-Smith and Julio Hernandez-Castro. 2018. Certifiably biased: An in-depth analysis of a common criteria EAL4+ certified TRNG. IEEE Transactions on Information Forensics and Security 13, 4 (2018), 1031--1041.Google ScholarGoogle ScholarCross RefCross Ref
  30. Darren Hurley-Smith and Julio Hernandez-Castro. 2016. Bias in the mifare DESFire EV1 TRNG. In Radio Frequency Identification: 12th International Workshop, RFIDsec 2016, Hong Kong, China, November 30-December 2, 2016. Springer International Publishing.Google ScholarGoogle Scholar
  31. Mario Rütti. 2004. A random number generator test suite for the C++ standard. Institute for Theoretical Physics ETH Zurich, Diploma Thesis March 10 (2004).Google ScholarGoogle Scholar
  32. Pierre L’Ecuyer and Richard Simard. 2001. On the performance of birthday spacings tests with certain families of random number generators. Mathematics and Computers in Simulation 55, 1–3 (2001), 131--137.Google ScholarGoogle Scholar
  33. George Marsaglia and Arif Zaman. 1993. Monkey tests for random number generators. Computers 8 Mathematics with Applications 26, 9 (1993), 1--10.Google ScholarGoogle Scholar
  34. Wolfgang Killmann and Werner Schindler. 2011. A proposal for: Functionality classes for random number generators. ser. BDI, Bonn (2011).Google ScholarGoogle Scholar
  35. Meltem Sönmez Turan, Elaine Barker, John Kelsey, Kerry McKay, Mary Baish, and Michael Boyle. 2016. Recommendation for the Entropy Sources Used for Random Bit Generation. Technical Report. National Institute of Standards and Technology.Google ScholarGoogle Scholar
  36. Shuangyi Zhu, Yuan Ma, Tianyu Chen, Jingqiang Lin, and Jiwu Jing. 2017. Analysis and improvement of entropy estimators in NIST SP 800-90B for Non-IID entropy sources. IACR Transactions on Symmetric Cryptology (2017), 151--168.Google ScholarGoogle Scholar
  37. Pierre L’Ecuyer, Richard Simard, and Stefan Wegenkittl. 2002. Sparse serial tests of uniformity for random number generators. SIAM Journal on Scientific Computing 24, 2 (2002), 652--668.Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Damian Twerendol and Philippe Richard. 2010. Certificate of Conformity No 151-04687. (May 2010). http://marketing.idquantique.com/acton/attachment/11868/f-0043/1/-/-/-/-/Metas%20Certificate.pdf.Google ScholarGoogle Scholar
  39. Compliance Testing Laboratory. 2011. Certificate of Compliance. (March 2011). http://www.idquantique.com/wordpress/wp-content/uploads/CTL-Compliance-Certificate.pdf.Google ScholarGoogle Scholar

Index Terms

  1. Quantum Leap and Crash: Searching and Finding Bias in Quantum Random Number Generators

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Privacy and Security
        ACM Transactions on Privacy and Security  Volume 23, Issue 3
        August 2020
        158 pages
        ISSN:2471-2566
        EISSN:2471-2574
        DOI:10.1145/3403643
        Issue’s Table of Contents

        Copyright © 2020 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 12 June 2020
        • Online AM: 16 May 2020
        • Revised: 1 May 2020
        • Accepted: 1 May 2020
        • Received: 1 February 2019
        Published in tops Volume 23, Issue 3

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!