Random numbers are a fundamental resource for all the branches of Science. In fact, solutions to complex problems, models and predictions can be found by means of simulations. However, simulations wouldn't be possible without random numbers. Random numbers have also a central role in Information Science and Information Technology. All the cryptographic protocols that secure our digital life, e.g. mobile communications, Internet, online transactions, need random numbers to function. Currently, the systems to generate random numbers for the above applications, the so-called random number generators (RNG), are still based on a technology developed almost eighty years ago. Unfortunately, this technology is becoming increasingly less suitable to meet the needs of reliability and security related to the ongoing exponential growth in power and diffusion of computers and digital devices. This project is about the development of an Ultra-Fast, Integrated and Certified Secure (UFICS) RNG based on Quantum Physics to exactly meet these new technological challenges.

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 750602, project: “Development of an Ultra-Fast, Integrated, Certified Secure Quantum Random Number Generator for applications in Science and Information Technology” ( UFICS-QRNG ).

This project is funded by the European Union

Eighty years ago the first computers started to appear and the first simulations were run to solve complex physical problems (typically related to nuclear physics). However, technology was still too underdeveloped to include complex physical RNG inside these machines. Hence the idea was to make computers generate numbers by themselves. This was achieved by developing specific algorithms: starting from an initial input number, the so-called seed, all the others numbers can be obtained by making the computer to execute the algorithm sequentially. These methods are named pseudo-random number generators (PRNGs). The word “pseudo” from Greek, “false”, indicates that these RNGs do not generate numbers that are genuinely random, but that “seem” random to a first look only. In fact, a PRNG initialized with a given seed will always generate the same numeric sequence. In addition, after that a given amount of iterations has been reached, the so-called period, the algorithm will restart to output the same numbers. These two features, show that PRNGs lack of unpredictability: the numbers output by a PRNG can be perfectly guessed in advance. Moreover, PRNGs generate numbers with patterns and ordered structures that one wouldn’t be able to find in a natural random process.

Points generated with the famous PRNG “IBM RAND-U” are mapped into a 3D cube. The points seem to fill the space uniformly. However, by changing view angle, a clear not random pattern appears.

Although technology has experienced an incredible advancement, random numbers both for simulations and cryptographic protocols are still generated with PRNGs. The reason is simple. Although outdated these methods are costless in terms of implementation: a PRNG is nothing more than few lines of codes that occupy a tiny amount of digital memory space.

However, in terms of negative consequences the use pseudo-randomness can be very expensive. In fact, by knowing the seed or by taking note of the numbers emitted during the first cycle of computation, one can be able to decrypt communications, get access to sensitive data and even trick lotteries. In addition, scientific theories developed by using bad PRNGs can lead to wrong predictions.

Quantum Physics has proven to be completely successful in describing how Physics works at its smallest scale. At atomic scale, the famous uncertainty principle of W. Heisenberg holds. In the detail, if a quantum system, such as an electron, is measured in a suitable way, all the possible outcomes of this measurement are completely unpredictable. It is worth emphasizing that this level of randomness is much deeper than the one that can be obtained, for example, by tossing a coin or a dice. In fact, both the coin and the dice obey the rules of Classical Mechanics, since they are macroscopic physical systems. Hence, in principle, their outcomes can be predicted. Instead, for a quantum system the outcome is impossible to be predicted even in principle.

The same technological advancements that made obsolete PRNGs, make it possible now to have an easy access to this perfect source of randomness. In fact, the progress of the so-called photonics (that branch of electronics dealing with the generation and the analysis of light), enables the manipulation of photons, which are quantum systems related to the particle nature of light. Hence, it is possible to design and realize devices able to enforce the Heisenberg’s Uncertainty Principle on the photons and hence obtain genuine random numbers. These devices are called quantum random number generators, QRNG.

The role of encryption protocols is of critical relevance to guarantee the privacy and security in exchanging and storing digital information. Recent studies [1] have demonstrated that the common weak point of such protocols is the part of key generation, implemented by using pseudo random number generators. This weakness has been exploited indeed in recent hacker attacks [2].

Unpredictability is then an essential requirement for cryptographic RNGs. As stated in the report “Recommended Cryptographic Measures — Securing Personal Data” [3] by the European Union Agency for Network and Information Security (ENISA) when it comes to generate cryptographic keys states that:

Secret keys and private keys need to be unpredictable

However the report also acknowledges that:

Generating secret keys or private keys with a sufficient amount of entropy turns out to be a very challenging task in practice.

This project addresses this challenge. We aim to realize a QRNG that might represent a suitable solution to the ever increasing demand for secure random numbers. The targets are: ultra-fast generation rate, compact design, tested resiliency and unpredictability as guaranteed by the quantum randomness. With these features our QRNG could be a real competitor to PRNGs not only in terms of security but also in terms of generation speed and the ease of use.

[1] A. Lenstra, J. P. Hughes, M. Augier, J. W. Bos, T. Kleinjung, C. Wachter, “Ron was wrong, Whit is right”, (2012). Santa Barbara: IACR: 17.

[2] R. Chirgwin, “Android bug batters Bitcoin wallets”, (12 August 2013). The Register.