The physical generation of true random numbers

The generation of high-quality random numbers is desirable for a number of real world applications, most notably cryptography. The strength of many cryptographic protocols relies upon the quality of random numbers. Put simply, the higher the quality of random numbers, the stronger the resulting cryptography will be, and true random numbers are required for ultra-secure quantum communication.^1,2

In practice, the generation of true random numbers is notoriously difficult. By true, we mean that the random numbers must be completely unpredictable and unreproducible. They must be bias-free bits (‘0’ and ‘1’) generated with equal probabilities. At the same time, a random number produced earlier cannot reliably be reproduced later, even by the same generator under exactly the same conditions.

These requirements dictate that a computer algorithm cannot generate true random numbers because its output is always deterministic and reproducible. A true random number generator (RNG) therefore has to be hardware based, making use of the intrinsically unpredictable outcomes of a physical process.

Quantum mechanical uncertainty is an ideal source of randomness in that it has the potential to offer the perfect randomness guaranteed by the laws of quantum physics. As shown in Figure 1(a), a quantum RNG can be realized by exploiting the particle-like nature of photons. In this elegant scheme, the source of randomness is the passive path selection of a photon hitting a semitransparent beam splitter. In theory, it should produce perfectly random numbers.

However, random numbers obtained this way will be biased due to the inevitable imbalance in photon detection rates between the two detectors. This bias, then, has to be removed through mathematical post-processing (which is common for a physical RNG) in order to improve random number quality. Post-processing has been required for all quantum RNGs except for the one we have designed, and it was not known, prior to our work, whether a true quantum RNG could be purely physical.

Figure 1. Two quantum RNG schemes based on the (a) particle-like or (b) wave-like nature of photons.

In our design, we avoid the photon detection rate imbalance by exploiting the wave-like nature of photons.³ A long-lasting photon will collapse into a time window defined by measurement, and random wave function collapse is a source for true randomness (provided that each measurement time window is much smaller than the photon coherence time).

As shown in Figure 1(b), a quantum RNG exploiting the wave-like nature of photons can be constructed simply with a source and detector. We use a laser diode as the source with a coherence time of 1ms, while the detector is gated at 1GHz with each detection window 1000 times smaller than the coherence time. Such a large disparity in time ensures an equal detection probability between any two adjacent detection gates. By assigning a bit value ‘0’ or ‘1’ according to a detection event at an even or odd clock cycle, a bias-free random number is readily obtainable.

Figure 2. Photon count rate as a function of incident light intensity recorded for a self-differencing indium gallium arsenide single-photon APD. A maximum photon count rate of 497MHz is measured, which is very close to the value expected from a theoretical calculation (black line) assuming zero detector dead time.

To realize this scheme, it is crucial for the detector to have certain characteristics. Ideally, the detector should be operated in gated mode in order to allow unambiguous bit-value assignments. Moreover, to achieve high bit rates that are free of bias, the detector must be able to handle high photon rates and possess a negligible counting dead time.

Semiconductor avalanche photodiodes (APDs) are well suited to this task. Operated under a self-differencing mode⁴ that was originally devised by us for megabit-per-second (Mb/s) secure key-rate quantum key distribution,^1,2 an analog telecommunication APD can be converted into a high-speed single-photon detector. Using this system, we achieved a record photon count rate of ~500MHz and an ultra-short dead time of less than 2ns (see Figure 2).⁵

Figure 3. Byte correlation pattern of 500m bits generated by our 52Mb/s quantum RNG.

Incorporating a self-differencing APD, we have initially realized a quantum RNG with a random bit stream of 4Mb/s.³ Importantly, the quantum randomness has survived in this physical realization, and the random number outputs are intrinsically free of bias and do not require mathematical post-processing to pass random number statistical tests.

It is the first time that any quantum RNG—and perhaps any physical RNG—has not required post-processing to pass stringent randomness tests. Furthermore, by using finer photon timing, the random bit rate can be increased by over an order of magnitude to 52Mb/s with no degradation in randomness.⁶ Figure 3 shows a visualization of the random output from our 52Mb/s RNG.

Despite the state-of-the-art performance, the bit rate must be improved to serve demanding applications, such as high bit-rate quantum key distribution.^1,2 Presently, the random bit rate is limited by the photon recording electronics, which can manage photons at only 5 million per second.

In future work, we aim to design electronics to cope with a photon rate of 1 billion per second and with such technology available, we expect to see the bit rate surpassing 100Mb/s. Using finer timing, a bit rate of multi-gigabits per second is in sight.

Finally, as this RNG is based on semiconductor components, we envisage high-level integration to obtain a compact and robust high-speed RNG with randomness of the highest quality.