QUANTUM RANDOM NUMBER GENERATOR FOR APPLICATIONS IN CRYPTOGRAPHY, MONTE CARLO SIMULATIONS AND RESEAR

1
QUANTUM RANDOM NUMBER GENERATOR FOR APPLICATIONS
IN CRYPTOGRAPHY, MONTE CARLO SIMULATIONS AND
RESEARCH

• dr. Mario Stipcevic
• Institut Ruder Bokovic, Zagreb
• Talk given at Universitaet Muenchen, 09. February
  2006.

2
What are Random Numbers ?

• It is not possible to define randomness in purely
  mathematical terms, consequently there is no
  accepted definition of random sequences
  (numbers).
• For example, D. Knuth 1 lists a dozen of
  mathematical definitions.
• Most definitions fall into 3 categories
• Emphasize one or a set of specific statistical
  properties that a sequence should obey in the
  limit of infinite length
• Circulum viciosus (define random through a
  similar term like unpredictable, stochastic,
  pattern-less etc.)
• Define random sequence using a notion of physical
  random process
• It seems that randomness cannot be separated from
  physical reality.

3
Random Bit Generator
Random Bit Generator is a device which, upon
request, produces either one (1) or zero (0),
randomly. The result is similar to flipping a
fair coin, where we assign 1 to the head and
0 to the tail.
-gt 1 0 1 . . .
Random bits are gold-plated form of random
numbers because they can be easily and
efficiently converted into any other form,
whereas vice versa is not always efficient and/or
straightforward.
1 0 1 1 0 1 0 0 0 1 0 1 2885 . 1 0 1
1 0 1 0 0 0 1 0 1 0.7043456 ? -ln(x) ?
4
Why do we need random numbers ?

• It is believed that the ultimate Universal
  computing machine is a Turing machine random
  number generator. Some of the fastest computing
  algorithms (ex. Solovay-Strassen primality test)
  require random numbers
• Monte Carlo simulations calculations
• In classical cryptography one-time keys,
  challenge-response data, public key cryptography
  - for example Diffie-Hellman protocol
• The main setback of practical imlementatios
  of RSA and PGP is that they use PR instead of
  true random numbers 2

5

• 4. Quantum cryptography. All known QKD
  protocols assume a local RNG at each end of the
  communication channel
• Randomness of local generators may be used to
  enhance key rate 11 !?
• PIN numbers for pre-paid services like mobile and
  public phones, sattelite TV etc.
• 6. One-time transaction numbers (TAN) used for
  e-banking
• 7. Randomized algorithms which make use of
  random numbers/decisions and can be very fast
• 8. Statistical research
• 9. Industrial labeling, lottery gambling, psi
  factor research ...

Picture from www.univie.ac.at
6
Pseudo-random generators

• PR generator is a mathematical algorithm which
  produces numbers which seem random but are not.
• Sequence of produced numbers is deterministic ?
  two identical PR generators can be synchronized.
• LCG
  is the seed
• BBS
  primes 2
• Note unpredictability is NOT equivalent to
  randomness !
• Most PR generators have been cryptanalyzed. They
  tend to grow old quickly.

A common feature of all PR generators is that
they must be provided with a seed, a sort of
initial state, which completely determines
(enumerate) the subsequent output.
7
Non-deterministic generators
If the physical process is provably random, and
If the method of extraction of bits can be
proven to yield perfect random numbers when fed
with truly random events, Then we have a
scientifically provable random number
generator. This is probably the only way to
realize provable RNG. However, practical
realizations of ND RNG may exhibit imperfections
introduced by electronics and detectors ?
know-how is important ! ND generators can not
accept a seed and cannot be synchronized.
8
Quantum random number generator

• Quantum random number generator relies on a
  physical process whose randomness is guaranteed
  by laws of Quantum Mechanics.
• Examples of such processes are splitting the
  train of photons by a semi-transparent mirror or
  a polarizing beam splitter, nuclear decay,
  photoelectric effect etc. 7,8,9

9
Our method

• Our approach is to use a single detector for
  detecting both 0s and 1s,
• in order to achieve low bias, easy assembly and
  long term stability.
• General idea has been picked up from
  radioactivity-based RNGs 10
• Basic idea
• When time is discrete, and detector has a
  dead-time gt 0 one needs to
• Omit cases when T1 T2 in order to avoid bias
• Synchronize time cells with beginning of each
  interval in order to avoid correlations
• Time intervals must not overlap ? max. effic.
  0.5 bit/event
• This works fine only when events are independent
  of each other (as in

10
Our generator relies on photon emission and
subsequent single photon detection by
photoelectric effect.


PMT
Fast Poissonian random events
generator The photon emission is a Poissonian
process as long as the time between two emission
is much longer than the coherence time
Tcohr Spectral width Heisenberg uncertainty ?
photon coherence time
11

• Assuming Gaussian spectrum
• Low efficiency red LED diode ?688nm, FWHM
  83nm
• Tcohr3.6fs
• ?cohr 1.8 1015 Hz
• Operation at frequencies of about 107 Hz ? a
  large safety margin
• Low efficiency of the PMT detector for red
  light improves the statistics
• We use multiple LED sources to further improve
  the safety margin

12

• Measured distribution of time
• Intervals between subsequent
• Detected photons (ie. photo-
• electrons).
• 1 LED diode
• Mean frequency 1.05 MHz
• Time resolution 0.4ns
• Dead time 25ns

Exponential fit (solid line) gives an excellent
match to the measured data over more than 3
orders of magnitude. Of all possible
distributions the exponential distribution has
maximal entropy and characterizes memoryless
system Our method uses independent time
intervals for generating different bits ? bits do
not know of each other ? perfect randomness
13
Block scheme of QRBG121
14
Comparison with beam splitter RNGs

• Splitter RNG
• Requires two (expensive !) photon detectors
• Photon traverses different path for 0s and 1s,
  and
• The use of different detectors for 0s and 1s
  leads to bias
• Requires time-consuming nulling of bias
• Bias gets worse with temperature changes and
  aging of the detectors and components

• QRBG121
• Requires only one photon detector
• Photons undergoes the same path for 0a and for
  1s
• The same detector used for both 0s and 1s
• Bias is stable at zero without any adjusting
  whatsoever
• Insensitive to components tolerance and aging

Splitter RNG yields 1 bit per event (detected
photon). QRBG121 yields 0.5 bit per event,
which is the same efficiency per detector.
15
Testing randomness
There is no such thing as universal randomness
test. There are many tests of certain
statistical properti(es). Each such test is just
a small patch in an infinite surface of possible
tests. In constructing and final testing of
the QRBG we have used three batteries of tests
J. Walkers ENT 4, G. Marsaglias DIEHARD 5
and NISTs STS 6, as well as some tests of our
own. Typical test file size 300MB. QRBG121 has
passed all statistical tests known to us. It has
been independently tested by R. Davies 12.
Useful 1-D and 2-D randomness tests
exploit power oh human brain to quickly spot
patterns
16
Technical specifications of QRBG121

b p(1)-0.5
a serial autocorrelation
coefficient 1
17
Further research

• Replace PMT with APD. We are finishing our first
  prototype of a solid state single photon
  detector, based on a silicon SPAD. The active
  quenching circuit can be, along with the APD,
  completely made on a single silicon chip. This
  circuit could be used in future random number
  generators as well as in quantum communication.
• Our next goal is to build a simple 2-photon
  polarization entanglement machine for use in
  quantum experiments.
• We are interested in quantum cryptography,
  especially in research of possibilities to extend
  the range and enlarge the throughput of quantum
  key distribution schemes.

18
Picture galery
The very first prototype (April 2004) on a
breadboard
Final product in a typical
environment Generators interior
19
Current view of the lab
APD based single photon detector prototype
20
Signal over noise for a as a function of the
voltage above breakdown at various temperatures
(15.6 C, 5.6 C, -4.3C, -13.5C)For the EGG Si
SPAD C30902E with our active quenching circuit
21
Breakdown voltage, noise and signal as a function
of temperature for the EGG Si SPAD C30902E.
Noise and signal measured at Vbr3V (15)
22
Dead time of the single photon detector prototype
23
The End
Anyone who considers arithmetical methods of
producing random digits is, of course, in a
state of sin." J. von Neumann
24
Bibliography

• D. E. Knuth, The art of computer programming,
  Vol. 2, Third edition, (Addison-Wesley, Reading,
  1997)
• I. Goldberg, D. Wagner, Dr. Dobbs, January 1996
• Blum, L. Blum, M. Schub, M. A Simple
  Unpredictable Pseudo-Random Number Generator,
  SIAM J. Computing, 15(1986)364-383
• J. Walker, A Pseudorandom Number Sequence Test
  Program, http//www.fourmilab.ch/random/
• G. Marsaglia, Diehard Battery of Tests of
  Randomness, http//stat.fsu.edu/pub/diehard/
• Andrew Rukhin et al., Statistical Test Suite for
  Random and Pseudorandom Number Generators for
  Cryptographic Applications, NIST publication,
  http//csrc.nist.gov/rng/
• IdQuantique, Quantis white paper,
  http//www.idquantique.com/products/files/quantis-
  whitepaper.pdf
• T. Jennewein et al, A Fast and Compact Quantum
  Random Number Generator, arXivquant-ph/9912118
  v1 28 Dec 1999
• Ma Hai-Qiang et al, A Random Number Generator
  Based on Quantum Entangled Photon Pairs, Chinese
  Phys. Lett. 21(2004)1961-1964
• J. Walker, Hotbits, http//www.fourmilab.ch/hotbit
  s/how.html
• H. Böhm, Exploiting the randomness of the
  measurement basis in quantum cryptography Secure
  Quantum Key Growing without Privacy
  Amplification, arXivquant-ph/0408179
• R. Davies, Random number generator links,
  http//www.robertnz.net/rng_links.htm
• Our preprint