Development of an Ultra-Fast, Integrated, Certified Secure Quantum Random Number Generator for applications in Science and Information Technology

The project focuses on a device that is fundamental in many fields of Science, Technology and Entertain-ment. This device is called random number generator (RNG) and, as the name says, it provides random numbers. Random numbers are essential everywhere in Science: without them wouldn’t possible perform simulations and hence find a solution to the vast majority of problems in Physics, Engineering, Biological, Economy, etc. Random numbers are essential in Information Technology: without them wouldn’t possible to communicate privately, such as mobile phone call, online transactions, Internet browsing, etc. Random numbers are essential in the entrainment industry: without them wouldn’t be possible to play video games, play bet games or create movie digital effects.

The project is about developing and testing a RNG of new generation capable of solving typical issues current RNGs present. A main problem is the fact that RNGs used for the applications listed above are just software sub-routines, programmed to give as output numbers that might look random but they are really not. In fact they have a deterministic output: once the initial state - the seed - is known, the whole sequence of numbers can be fully predicted. Quite interestingly, it is well known that such generators are not producing true randomness and for this reason, they are called pseudo-RNG, from the Greek, “false”-RNG.
Nevertheless these PRNG are extremely widely employed because they are convenient and inexpensive, as they can be implemented with some lines of code. Unfortunately, they are used in applications where unpredictability is mandatory, such as gambling, lotteries and the whole field of encrypted communications of confidential data, with major implications. For example, PRNGs can be manipulated to win lotteries or to breach encryption (http://goo.gl/7jJSKO ). For the latter, in particular, cyber-attacks reported in the last few years have exposed the vulnerability of IT systems that results from the use of PRNGs (http://goo.gl/t1acy9 https://factorable.net/index.html). At the same time, the amount of sensitive information transmitted and stored online, which needs to be encrypted, has grown exponentially, driven by new advances such as cloud storage, medical services and Internet Of Things.

This project addresses this challenge by realizing a physical RNG, i.e. a device that outputs true random numbers as obtained by measuring a physical random process. More in the detail, the project aims to realize a quantum RNG that generates unpredictable random numbers as result of measurement on a quantum optical process. The objectives are: ultra-fast generation rate, compact design, tested resiliency and unpredictability as guaranteed by the quantum randomness. With these features our QRNG could be a real competitor to PRNGs not only in terms of security but also in terms of generation speed and the ease of use.
The outcome of this project is expected to have a positive impact on the society. It is worth stressing that cybercrime and, in particular, data breaches have very negative social and economic backlashes. For example, according to the Ponemon Institute’s “2016 Cost of Data Breach Study” (http://goo.gl/9v2zsp ), an organization spends on average 4.29 million dollars to recover from a security breach. It is therefore clear the positive impact of this research: a certified QRNG strengthens the security of cryptographic protocols, thus reducing the success rate of cyber-crime attacks that, as explained before, heavily exploit the weakness of current PRNGs.

The activity followed a twofold path, divided into two subjects:

1) development of an ultrafast, compact and stand-alone (integrated) QRNG ;
2) experimental realization of new methods of quantum random number generation.

The theoretical activity has entailed developing a model to quantify the entropy of the generator. This step is fundamental to prove the security of the system.
The experimental activity consisted in developing the prototype and characterizing its the operation. This task had the purpose to study how closely the prototype approximates an ideal QRNG, depending on the performances of its optical and electronic components. This was done by analysing the “evolution” of the random signal through the different stages, i.e. from being a stream of optical pulses to being a stream of digitized raw numbers. Measurements were performed on the different components: the results were compared not only with the theory but also with the results obtained on a lab setup reproducing the physical process.
In this way, combinations of parameters were individuated and used as starting point, to find the best operational configurations for the prototype. This activity led to the individuation of critical design aspects that were improved or included into the model.

The characterization of the QRNG prototype continued by performing extensive tests of the random numbers. To do so statistical test were applied on numbers collected while the prototype was operated uninterruptedly for several days: during these testing periods the performances of the hardware components were also measured and analysed, in order to check their reliability under prolonged stress. The results of this activity showed that the prototype is able to work continuously and reliably outputting numbers that pass the tests.
The novel generation protocol and the results obtained with the prototype were published in peer reviewed journals and presented at international conferences.

The progress beyond the state of the art is the demonstration of the correct operation of the QRNG prototype. In fact, such device

• generates numbers at ultrafast rate (8 Gb/s);
• is a self-contained and compact unit 10 x 23 x 5 cm3;
• is provided with embedded monitor functions that allows to run the generator diagnostics in real time.

In the Literature, generation rates of similar magnitude are typically obtained from bulky systems, acquiring data with oscilloscopes and post-processing them off-line. On the contrary, the QRNG prototype performs signal generation, acquisition and post-processing in real time, in the same compact unit.
To support the widespread use of a QRNG, it is of paramount importance to extensively test and assess its capability of outputting “good” random numbers in a stable and continuous way.
In this perspective, an additional progress beyond of the state of the art is the statistical analysis of the randomness test results. This analysis was performed on 3.26 petabits of random numbers collected during 71 of uninterrupted operation. With respect to the existing Literature, this represents an unprecedented amount of data, which were analysed an unprecedented number of times with the most stringent batteries for randomness assessment.
The results obtained suggest that the QRNG might represent a suitable solution to the ever-increasing demand for secure random numbers. Its ultra-fast generation rate, the tested resilience favourably meets the needs of our modern society. In fact, as reported in Section 1. the benefits a QRNG with the presented features might solve the criticalities connected with the use of PRNGs for cryptographic protocols and simulations.