A simple low-latency real-time certifiable quantum random number generator

The study addresses whether it is possible to reduce trust assumptions in practical quantum random number generators (QRNGs) while avoiding the experimental challenges of fully device-independent approaches. Traditional device-dependent QRNGs require trusting both state preparation and measurement. Device-independent schemes avoid this trust but demand loophole-free Bell tests, leading to very low rates and high latency. The authors propose a simple, practical scheme inspired by entanglement-based QKD, where one basis (X) is used to generate randomness and another (Z) to verify the prepared state. The goal is to certify randomness in real time with low latency while accounting for realistic adversarial imperfections in both the source and measurement apparatus, and to quantify security against adversaries with classical or quantum side information.

Prior works have shown certified randomness generation relying on trusted devices or fully device-independent protocols. Device-independent QRNGs (based on loophole-free Bell tests) have demonstrated strong security but at extremely low rates and high latency. Intermediate models such as source-independent and measurement-device-independent approaches have considered specific imperfections but not the joint adversarial treatment of both source and measurement imperfections. The authors build on probability estimation factors (PEFs) and quantum estimation factors (QEFs) frameworks developed for device-independent settings and adapt them to semi-device-independent scenarios with partially characterized devices, addressing adversarial misalignment, basis imbalance, and photon-number issues. This fills a gap where previous certificates typically handled imperfections in either the source or the measurement, but not both jointly under adversarial control.

• Security framework: The authors certify randomness against adversaries with classical and quantum side information by constructing and applying Probability Estimation Factors (PEFs) and Quantum Estimation Factors (QEFs), respectively. These are non-negative functions of per-trial inputs and outputs whose products bound the smooth conditional min-entropy of the output sequence. They split the total soundness error between smoothness and extractor contributions (approximately 80% and 20%).
• Adversarial imperfection model: The method requires calibrated bounds: (i) a lower bound δ on the single-photon probability in the source, (ii) an upper bound θ on the misalignment angle between X and Z measurement bases, and (iii) bounds on the basis-selection imbalance r between P_X and P_Z. Eve may manipulate state preparation and measurements as long as these bounds are respected. Eve is assumed not to know the exact per-trial input choice beforehand and cannot hold quantum side information about the measurement choice; classical correlations between Eve’s knowledge of state, input, and measurement are allowed.
• Trial modeling: Each trial has input I (basis) and output O (measurement result). Models are block-diagonal over photon-number subspaces. For single-photon events (j=1), measurements are treated as projective within a qubit subspace of the time-bin degree of freedom, with misalignment and imbalance constraints; auxiliary degrees of freedom under Eve’s control are handled by assuming no coherent superpositions affect measurement, making operators block-diagonal per auxiliary state. For multi-photon events (j>1), the model is device-independent and pessimistically assumes Eve can perfectly predict outcomes; no randomness is extracted from these events, ensuring robustness to photon-number-splitting attacks.
• PEF/QEF construction: Given classical (C) and quantum (Q) trial models, the authors formulate constrained optimization problems to find PEFs and QEFs maximizing expected certified entropy under linear constraints representing outer-approximations (including convex closures) of C and Q. The same PEF or QEF is used for each trial. Certified entropy is computed from the product of per-trial factors, then composed with a strong extractor.
• Randomness extraction: They use a seed-efficient Trevisan-based extractor (TMPS) which is classical- and quantum-proof. The extractor error is set to meet a total soundness error target.
• Experimental setup: Time-bin qubits are generated from amplified spontaneous emission (EDFA), spectrally filtered (BPF1, BPF2 centered at 1551.1 nm), and temporally modulated by an intensity modulator (500 MHz, ~100 ps pulses) driven by a pulse pattern generator synchronized with a time-interval analyzer. The average photon number per pulse is ~0.0035. The state is measured with an unbalanced Mach-Zehnder interferometer (planar lightwave circuit, 500 ps path difference, ~2.0 dB insertion loss) and two SNSPDs (~59% system detection efficiency, <40 s⁻1 dark counts). About 470,000 trials with detector clicks occur per second. Basis choice is passively realized by the interferometer’s first beamsplitter; outcomes come from time-bin arrivals (Z-basis) and output ports in the middle bin (X-basis).
• Calibration and bounds: BS1 and BS2 splitting ratios are 53.8:46.2 and 46.9:53.1, detector efficiency ratio η_a:η_b ≈ 1.024:1, yielding |(P_X−P_Z)/2| ≤ 0.041 and misalignment θ ≤ 3.565°. Single-photon components contribute ≥99.3% of click events. For conservative security, they assume |r| ≤ 0.06, θ ≤ 6°, and η_1/η_2 = 0.98 when constructing PEFs/QEFs.
• Runtime protocol: Fixed PEF/QEF and parameters are chosen from calibration. Data are collected in 0.1 s blocks; certified min-entropy is computed per block. If above threshold, the extractor is run to output 8192 random bits (quantum-secure) or 2×8192 bits (classical-secure). Extraction times are ~0.02 s and ~0.04 s, respectively, enabling low-latency operation.

• Real-time certified randomness: The system certifies sufficient entropy every 0.1 s runtime to extract 8192 bits (quantum side information) or 2×8192 bits (classical side information) with soundness error ≤ 2⁻⁶⁴. Including extraction, latencies are ~0.12 s (8192 bits) and ~0.14 s (2×8192 bits).
• Success probabilities: For meeting the 8192-bit (quantum-secure) or 2×8192-bit (classical-secure) thresholds per 0.1 s block, estimated success probabilities are at least 1−2⁻³⁸⁰ and 1−2⁻⁴⁷⁸, respectively.
• Experimental campaign: 420 s continuous run (4200 instances of 0.1 s each) demonstrated consistent success, with histograms of certified bits exceeding thresholds for both classical and quantum side information cases.
• Finite-data efficiency: PEF/QEF-based certification uses each trial outcome for both verification and entropy accumulation, requiring significantly fewer data to certify a fixed amount of randomness compared to traditional approaches.
• Adversarial imperfections handled: Security holds under calibrated bounds on basis misalignment (θ), basis imbalance (r), and a lower bound on single-photon events, while pessimistically discarding multi-photon contributions.
• Asymptotic behavior: Simulations show optimal asymptotic generation rates R_e (classical SI) and R_q (quantum SI) as functions of depolarization noise, with a clear reduction when Eve holds quantum side information, quantifying a practical advantage of quantum adversaries.

The findings demonstrate that certified quantum randomness can be generated with low latency from compact, practical photonic hardware, even when accounting for realistic adversarial imperfections in both the source and measurement. By leveraging PEF/QEF frameworks, the approach bounds smooth conditional min-entropy efficiently and composes it with a quantum-proof extractor to deliver near-uniform random bits in real time. This addresses the initial challenge of reducing trust assumptions without incurring the severe performance penalties of fully device-independent protocols. The method’s robustness to calibration-limited imperfections and photon-number issues makes it suitable for continuously operating, high-security randomness beacons and suggests broader applicability where rapid, certified randomness is required.

The paper introduces and experimentally validates a simple, low-latency, real-time certifiable QRNG based on time-bin photonics and an unbalanced MZI, with security proven using PEFs and QEFs that accommodate adversarial source and measurement imperfections. It reliably outputs 8 kbit blocks in ~0.12 s at a soundness error of 2⁻⁶⁴ against quantum adversaries, and 16 kbit blocks with similar latency against classical adversaries. The approach exhibits strong finite-data efficiency and operational practicality. Future work aims to extend these certification techniques to enhance finite-data efficiency in quantum key distribution and potentially other quantum cryptographic tasks.

• Adversary model: The method does not cover scenarios where Eve’s side information about the state is quantum-correlated with Eve’s partial knowledge of the input and measurement for each trial; only classical correlations between these are allowed. Eve is also assumed to lack perfect foreknowledge of the per-trial input.
• Device assumptions: Requires calibrated bounds on single-photon probability, basis misalignment, and basis-choice imbalance. In single-photon subspace, measurements are treated as effectively projective qubit measurements with bounded misalignment/imbalance; the assumption of no coherent effects from auxiliary degrees of freedom is needed.
• Sampling assumption: Trials with detector clicks are assumed to be a fair sample of all trials; no-click events impact rate/latency but are excluded from security analysis.
• Photon-number handling: Multiphoton events are treated device-independently with no randomness extracted, which is conservative for security but reduces potential rate.
• Input independence: Inputs are assumed independent of prior outputs conditioned on side information, a standard but necessary condition for security proofs.