JACHURA MICHAL (PL)
JARZYNA MARCIN (PL)
LUKANOWSKI KAROL (PL)
BANASZEK KONRAD (PL)
UNIV GDANSKI (PL)
| WO2018065593A1 | 2018-04-12 | |||
| WO2021215941A1 | 2021-10-28 |
| EP3040853A1 | 2016-07-06 | |||
| US20190393675A1 | 2019-12-26 |
MA XIONGFENG ET AL: "Quantum random number generation", 10 May 2016 (2016-05-10), XP055508375, Retrieved from the Internet
K. PARKS. PARKB. G. CHOIT. KANGJ. KIMY.-H. KIMH.-Z. JIN: "A lightweight true random number generator using beta radiation for IoT applications", ETRI JOURNAL, vol. 42, no. 6, 2020, pages 951 - 964
X. MAX. YUANZ. CAOB. QIZ. ZHANG: "Quantum random number generation", QUANTUM INFORMATION, vol. 2, 2016, pages 16021
A. KULIKOVM. JERGERA. POTOCKIA. WALLRAFFA. FEDOROV: "Realization of Quantum Random Generator Certified with the Kochen-Specker Theorem", PHYS. REV. LETT., vol. 119, 2017, pages 240501
D. DRAHI ET AL.: "Certified Quantum Random Numbers from Untrusted Light", PHYS. REV. X, vol. 10, 2020, pages 041048
A. DAULER ET AL.: "Review of superconducting nanowire single-photon detector system design options and demonstrated performance", OPTICAL ENGINEERING, vol. 53, no. 8, 2014, pages 081907, XP060048706, DOI: 10.1117/1.OE.53.8.081907
| Claims 1. A device for quantum generation of random numbers comprising a light source (100) with fixed polarization and a polarization splitting element (110) optically connected thereto, having a first output (111) corresponding to vertical polarization and a second output (112) corresponding to horizontal polarization, and a first detector (131) optically connected to the first output (111) of the polarization splitting element (110) and a second detector (132) optically connected to the second output (112) of the polarization splitting element (110), a generating module (140) having a first input (141) connected to the output of the first detector (131) and a second input (142) connected to the output of the second detector (132), and a two-state output (143), the generating module (140) configured to generate on the two-state output (143) bits having a value of 1 upon receiving a signal on the first input (141) and bits having a value of 0 upon receiving a signal on the second input (142), characterized in that the light source (100) is connected to the polarization splitting element (110) via a multi-state polarization modulator (150) controlled by a digital or analog signal generated by a control electronics (160) connected to the multi-state polarization modulator (150). 2. The device according to claim 1, characterized in that the multi-state polarization modulator (150) comprises two two-state polarization modulators (251) and (252) optically connected to each other, wherein both modulators are configured to rotate the polarization by 45° when a control digital signal with the bit value 1 is applied to their electrical input and to rotate the polarization by 0° when a control digital signal with the bit value 0 is applied to their electrical input, or alternatively to rotate the polarization by 45° when a control digital signal with the bit value 0 is applied to their electrical input and to rotate the polarization by 0° when a control digital signal with the bit value 1 is applied to their electrical input. 3. The device according to claim 1, characterized in that the multi-state polarization modulator (150) comprises two two-state polarization modulators (351) and (352) optically connected to each other, wherein one of the modulators (351, 352) is configured to rotate the polarization by 45° when a digital signal with the bit value 1 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with the bit value 0 is applied to its electrical input, and the second of the modulators (351, 352), respectively, is configured to rotate the polarization by 90° when a digital signal with the bit value 1 is applied to its electrical input, and to rotate the polarization by 0° when a digital signal with a bit value 0 is applied to its electrical input. 4. The device according to claim 1, characterized in that the multi-state polarization modulator (150) comprises two two-state polarization modulators (351) and (352) optically connected to each other, wherein one of the modulators (351, 352) is configured to rotate the polarization by 45° when a digital signal with the bit value 0 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with a the bit value 1 is applied to its electrical input, and the second of the modulators, (351, 352), respectively, is configured to rotate the polarization by 90° when a digital signal with the bit value 0 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with the bit value 1 is applied to its electrical input. 5. The device according to any one of claims from 1 to 4, characterized in that the polarization separating element (110) is a polarization beam splitting cube with dielectric coating, or a birefringence-based polarizer, or a prism. 6. The device according to any one of claims from 1 to 5, characterized in that the light source (100) is a coherent light source, preferably comprising a laser diode or a pulsed laser, or an incoherent light source, preferably comprising an LED diode, or a single photon source, preferably based on single atoms or quantum dots. 7. The device according to any one of claims from 1 to 6, characterized in that the light source (100) is configured to emit vertically or horizontally polarized light pulses or the light source (100) is configured to generate an optical beam with a central wavelength in the range of 400-1600 nm, the average energy of which is less than 1 μW. 8. The device according to any one of claims from 1 to 7, characterized in that the single photon detectors (131) and (132) both comprise an avalanche photodiode or a superconductivity-based single photon detector, or alternatively one of the detectors (131, 132) comprises an avalanche photodiode and the other detector comprises a superconductivity-based single photon detector. 9. The device according to any one of claims 1-8, characterized in that the optical path is an optical fiber, a waveguide or an optical beam in free space. 10.A method for verification of privacy of random bit sequences generated by means of the device according to any claim 1 to 9, in which, while generating random numbers, the polarization of the beam incident on the polarization separating element is diagonal, i.e. rotated by 45° with respect to the direction of polarization transmitted by the polarization separating element, characterized in that during the verification of privacy, using the control electronics (160) one controls the multi-state polarization modulator (150) and rotates the polarization of the light incident on the polarization separating element (110), setting it sequentially at 0°, 45°, and 90° to the direction of polarization transmitted by the polarization separating element, and for each of the three polarization directions (0°, 45°, 90°), the sequences of bits generated by the generating module (140) are recorded, and then, based on each of the three sequences, the probability PI of recording a count by the first detector (131 ) and the probability PII of recording a count by the second detector (132) are determined, and based on the six probabilities, i.e. or or where • the Roman numeral I or II in the superscript means the first detector (131 ) or the second detector (132), respectively, • xy in the subscript, where x=0 or x=1 and y=0 or y=1, mean the values of the control bits applied to the first polarization modulator (251 , 351 ) of the multi-state polarization modulator (150), and to the second polarization modulator (252, 352) of the multi-state polarization modulator (150), respectively, • V0, and V2 in the subscript mean the voltages V0' V1 , and V2, respectively, as applied to the electrical input of the multi-state polarization modulator (150), the parameters of the physical model of the system are calculated, which are used to determine the maximum probability of guessing a random bit by an unauthorized party Pg, and the privacy verification is considered positive when the maximum probability of guessing a random bit by an unauthorized party Pg is lower than the maximum acceptable probability value of guessing a random bit by an unauthorized party unauthorized X. 11. The method according to claim 10, characterized in that a physical model is used to determine the maximum probability of guessing a random bit by an unauthorized party Pg, the parameters of which are: (a) the average number of photons in the measured pulses - μ, (b) the transmission coefficient - (c) the probability f. 12. The method according to claim 10 or 11 , characterized in that the verification of privacy of the generated sequence of random bits is considered positive depending on whether the determined parameter values of the physical model (μ0 , λ0, f0) belong to a predefined set of numerical values in the three-dimensional space (μ , λ, f) calculated on the basis of a physical model and on the basis of the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X. 13. The method according to claim 12, characterized in that the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X is in the range from 50% to 100%. 14. The method according to claim 13, characterized in that the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X is 75%, for X = 75% the verification of privacy of the generated sequence of random bits is positive (i.e. Pg < 75%), when the determined parameter values of the physical model (μ0, λ0, f0) are inside tetrahedron whose vertices are in the following points in the three-dimensional space (μ , λ, f): • (μ =0, λ=0, f=0); • (μ=0, λ=0,75, f=0) • (μ=10, λ=0, f=0) • (μ =0, λ=0, f=1) 15. A computer program, characterized in that it contains instructions which, when loaded into the control electronics (160) and the generating module (140), implement the above method. |
[Technical field]
The invention relates to a light polarization-based device for quantum random number generation and a method for verification of privacy of random number sequences generated by means of the device for quantum random number generation. The generation of random number sequences is done by measuring coherent quantum states or Fock quantum states by means of a pair of single photon detectors. Recording the measurement results allows to obtain a true random bit sequence, which, if needed, can be converted to a set of true random numbers in decimal notation. The verification of privacy is carried out by means of a multi-state polarization modulator or a pair of two-state polarization modulators being a part of the generator that modify the measured quantum state.
[Background art]
The generation of random numbers is widely used in such fields of technology as classical and quantum cryptography, computer numerical simulations (Monte Carlo method), as well as is the basis for the operation of online casinos and lotteries. Depending on the principle of operation, the random number generators are divided into the pseudorandom number generators, in which a computer algorithm, based on a short set of random numbers, the so-called seed, in a deterministic way generates a sequence of numbers with properties close to random, and the true random number generators, in which random numbers are generated based on an inherently random physical phenomenon (e.g. radioactive decay [K. Park, S. Park, B. G. Choi, T. Kang, J. Kim, Y.-H. Kim, H.-Z. Jin, “A lightweight true random number generator using beta radiation for loT applications”, ETRI Journal. 42(6), 951-964 (2020)] or electromagnetic atmospheric noise [https://www. random .orq/]). The pseudorandom generators have a number of disadvantages related to the cyclical nature of the generated numbers and inhomogeneity of their distribution. In addition, if the seed is intercepted by an unauthorized person, he or she can generate the same sequence of numbers without the generator user's knowledge, posing a serious threat to the privacy of the sequence.
Due to the probabilistic nature of measurement in quantum mechanics, the use of quantum phenomena to generate true random numbers has become a natural direction for the development of fast, cheap and miniaturized generators. The work [X. Ma, X. Yuan, Z. Cao, B. Qi, Z. Zhang “Quantum random number generation” npj Quantum Information 2, 16021 (2016)] presents a review of the most important experiments carried out over the last 20 years, in which quantum optics phenomena such as the measurement of amplified spontaneous emission, the measurement of quantum vacuum fluctuations and the measurement of the quantum state of a single photon, are used to generate true random numbers. The perfect randomness of quantum random number generators and the privacy of the sequence generated by them stem from simplified theoretical models which assume an idealized scenario where the user has full knowledge about the structure of the device, the optical components have parameters that do not change over time, and there are no measurement errors during the measurement, etc. However, the operation of realistic generators always shows some deviations from the theoretical model, resulting, i.a., from temperature fluctuations, wear of optical and electronic components, as well as, in the worst scenario, an intentional interference by the manufacturer or other unauthorized party in the device. In order to distinguish whether the device generates a predefined sequence of random numbers known to the manufacturer or another unauthorized party, or whether it is a private sequence generated in real time (i.e. one that cannot be guessed or reconstructed by an unauthorized party), it is necessary to develop a procedure for testing (certification) of such a device. The testing procedure is indispensable especially when the device is purchased from an external company, so that the user does not have full knowledge about its structure and must treat it as untrusted.
Quantum random number generators that test the privacy and randomness of the generated sequence during their operation (self-testing generators) are the safest class of devices with the widest application possibilities. This most secure class of devices is referred to as device independent class of quantum random number generators. One of the first implementations of such a device was described in the paper [A. Kulikov, M. Jerger, A. Potocki, A. Wallraff, A. Fedorov “Realization of Quantum Random Generator Certified with the Kochen-Specker Theorem” Phys. Rev. Lett. 119, 240501 (2017)], where testing is carried out using the Kochen-Specker theorem, and the achieved rate of random bit generation reaches 25 kbit/s.
The paper [D. Drahi et al. “Certified Quantum Random Numbers from Untrusted Light” Phys. Rev. X 10, 041048 (2020)] describes a record-breaking fast (8.05 Gbit/s), partially self-testing random number generator based on optical homodyne measurement of vacuum fluctuations. This generator consists of a continuous-wave laser, an optical attenuator with adjustable attenuation, beam splitters, fast photodiodes and control electronics. Part of the optical beam in the generator is used to test the incoming coherent state produced by the laser so that the generator can use an untrusted light source. The measurement system in the generator is not tested, therefore its implementation requires the use of trusted photodetectors. Thus, it is a partially self-testing generator belonging to the security class called the source device independent class.
US20190393675A1 describes a random number generator, in which an optical homodyne measurement is performed on an external light beam supplied independently to the device by the user. The phase of the local oscillator in the homodyne measurement can be fixed or random. This enables the measurement of different quadratures of an external light beam being, for example, in a squeezed state, a coherent state, or in a vacuum state. By measuring the external state of light, this solution allows for testing the measuring system in the generator. The trusted light source, indispensable for the generator operation, must be, however, independently purchased and tested, or independently built by the user. Therefore, it is a partially self-testing generator belonging to a security class called the measurement device independent class.
WO2018065593A1 presents a quantum random number generator based on a direct measurement of two non-orthogonal states of light in the pair of temporal modes, The measurement is performed using a single photon detector with time resolution capability. The inner product of two non-orthogonal states given by the function can be modified in the generator by changing the amplitude of coherent states. This allows for testing the states of light from which random numbers are generated. The detector capable of measuring single photons with time resolution must be trusted. Thus, it is a partially self-testing generator belonging to the security class called the source independent class.
WO2021215941A1 presents a self-testing random number generator based on multi-port beam splitters, phase modulators and a set of single photon detectors. One set of phase modulators is used to modify the state leaving the light source, whereas the other set of phase modulators is used to modify the state entering a multi-port beam splitter-based detection system. Thanks to such generator architecture, it is possible to independently test both the states of light, which are used for the generation of randomness, and the detector system. This arrangement is very difficult to implement in practice due to the need to maintain the phase stability between multiple beams of light interfering with each other inside a multi-port beam splitter. Additional problems arise from the use of optical phase modulators, which require precise calibration of the operating point and controlled environmental conditions such as temperature for stable operation.
Single photon detectors based on superconductivity are known in the art [Eric A. Dauler et al., Review of superconducting nanowire single-photon detector system design options and demonstrated performance, Optical Engineering 53(8), 081907 (2014)]. Such detectors are characterized by an extremely low number of dark counts and a very high quantum efficiency allowing for effective detection of photons.
[Problem from the background art]
A problem of the prior art is the design and construction of a quantum generator of true random numbers, in which the randomness is generated on the basis of an inherently probabilistic physical phenomenon, and the generated sequence of random numbers will not be known with absolute certainty to an unauthorized party, including the generator manufacturer, i.e. the generator guarantees the privacy of the sequence. A separate problem of the prior art is the implementation of such a generator using the simplest possible optical system consisting of commonly available and cheap optical and optoelectronic components. [Glossary and definitions of terms known in the art and used in this specification]
As used herein, the following terms have the following meanings, as described in the definitions below:
The term "random bits" means bits generated by the device forming a true random sequence of output bits.
The term "private bit" means a bit generated by the device that cannot be guessed or reconstructed by an unauthorized party, including the manufacturer of the generator.
The term “control bits” means bits of the digital signal applied to the electrical input of the polarization modulator(s).
The term "single photon detector" refers to a device that allows for detection of light with energy corresponding to the energy of a single optical photon. Examples of such detectors include, i.a., avalanche photodiodes, SPD (single photon detectors) and superconducting nanowire detectors of single photons.
The term “polarization separating element” indicated in the Figures of the drawing by 110, means an optical element, wherein the vertical polarization of the optical beam is transmitted, and the horizontal polarization of the optical beam is reflected. Examples of such an element are polarizing beam splitting (PBS) cubes with dielectric coating and birefringence-based polarizers (e.g. Wollaston prism, Nicol prism, Gian-Taylor prism, Gian-Thompson prism).
The term “self-testing generator” means a quantum random number generator that tests the privacy of the generated sequence during its operation. The term “clicking” means, in the context of a single photon detector, the generation of an electrical/electronic pulse in response to a recorded photon or the spontaneous generation of an electrical/electronic pulse associated with a dark count.
The term "generating module" means an electronic circuit that generates a bit 0 when the detector 131 records a count and a bit 1 when the detector 132 generates a count. The module 140 is capable of generating a random sequence of bits in the digital output 143. Such a module may be based on commonly available microcontrollers or field-programmable gate arrays (FPGA).
The term “vertical polarization” means the direction of linear polarization such that an optical beam with this polarization is transmitted through the polarization separating element.
The term “horizontal polarization” means the direction of linear polarization such that an optical beam with this polarization is reflected by the polarization separating element.
The term "diagonal polarization" means the direction of linear polarization such that an optical beam of this polarization is equally divided by the polarization separating element into two optical beams of equal energies, the reflected beam being horizontally polarized and the transmitted beam being vertically polarized.
The term " privacy of the sequence" means that the bit sequence generated by the device cannot be guessed or reconstructed by an unauthorized party, including the manufacturer of the generator.
The term "unauthorized party" means any person or institution that in an unauthorized manner and without the user's knowledge attempts to obtain information about the generated sequence of random numbers, and thus to undermine the privacy of the sequence. Unauthorized parties may be a potential eavesdropper, device manufacturer, software supplier or other party that is not the user of the device.
The term “control electronics” means an electrical system that generates a digital or analog control signal to control a multi-state polarization modulator or a pair of two- state polarization modulators. Such a system may be based on commonly available microcontrollers or field-programmable gate arrays.
The term “verification of privacy” means checking if the maximum probability of guessing the random bit by an unauthorized party P g is lower than the maximum acceptable probability value X, where X ranges from 50% to 100%. The verification is positive when the inequality P g < X is satisfied. The verification is negative when the inequality P g < X is not satisfied. For the unauthorized party's strategy of guessing random bits without any additional information, the maximum probability P g equals 50%. When the verification is positive, the device is capable of generating random private bits.
The term “extinction coefficient” for the polarization separating element determines the ratio of the energy of the optical beam transmitted by the element to the energy of optical beam reflected by the element, when the beam incident on the element has vertical polarization. For example, for the polarization beam splitting (PBS) cubes the extinction coefficient is 1000:1.
The term "light source" means a coherent light source (e.g. a laser diode) or an incoherent light source (e.g. an LED diode), or a single photon source (for example, based on single atoms or quantum dots). The central wavelength of the light beam used in the device is in the range of 400-1600 nm. The average optical power of the light beam used in the device is less than 1 μW. Other terms not defined above, have herein meanings that are given and understood by one skilled in the art in light of the best of his or her knowledge, this disclosure, and the context of the patent.
[Solution of the problem from the background art]
The invention described in this patent document includes a novel design of the device and an innovative method of self-testing generation of true random numbers based on the laws of quantum mechanics, generated by means of this device. The device according to the invention includes in its structure one multi-state polarization modulator or a pair of two-state polarization modulators providing the user of the device with the ability to verify the privacy of the generated random numbers. Due to the unique design of the device, it allows for detecting possible interference by the device manufacturer and/or an unauthorized party in the process of generating true random numbers.
[Summary of the invention]
The invention relates to a device for quantum generation of random numbers comprising a light source 100 with fixed polarization and a polarization splitting element 110 optically connected thereto, having a first output 111 corresponding to vertical polarization and a second output 112 corresponding to horizontal polarization, and a first detector 131 optically connected to the first output 111 of the polarization splitting element 110 and a second detector 132 optically connected to the second output 112 of the polarization splitting element 110, a generating module 140 having a first input 141 connected to the output of the first detector 131 and a second input 142 connected to the output of the second detector 132, and a two-state output 143, wherein the generating module 140 is configured to generate on the two-state output 143 bits having a value of 1 upon receiving a signal on the first input 141 and bits having a value of 0 upon receiving a signal on the second input 142, characterized in that the light source 100 is connected to the polarization splitting element 110 via a multi-state polarization modulator 150 controlled by a digital or analog signal generated by a control electronics 160 connected to the multi-state polarization modulator 150.
Preferably, the multi-state polarization modulator 150 comprises two two-state polarization modulators 251 and 252 optically connected to each other, wherein both modulators are configured to rotate the polarization by 45° when a control digital signal with the bit value 1 is applied to their electrical input and to rotate the polarization by 0° when a control digital signal with the bit value 0 is applied to their electrical input, or alternatively to rotate the polarization by 45° when a control digital signal with the bit value 0 is applied to their electrical input and to rotate the polarization by 0° when a control digital signal with the bit value 1 is applied to their electrical input.
Preferably, the multi-state polarization modulator 150 comprises two two-state polarization modulators 351 and 352 optically connected to each other, wherein one of the modulators 351 , 352 is configured to rotate the polarization by 45° when a digital signal with the bit value 1 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with the bit value 0 is applied to its electrical input, and the second of the modulators 351 , 352, respectively, is configured to rotate the polarization by 90° when a digital signal with the bit value 1 is applied to its electrical input, and to rotate the polarization by 0° when a digital signal with a bit value 0 is applied to its electrical input.
Alternatively preferably, the multi-state polarization modulator 150 comprises two two- state polarization modulators 351 and 352 optically connected to each other, one of the modulators 351 , 352 being configured to rotate the polarization by 45° when a digital signal with the bit value 0 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with a the bit value 1 is applied to its electrical input, and the second of the modulators, 351 , 352, respectively, is configured to rotate the polarization by 90° when a digital signal with the bit value 0 is applied to its electrical input and to rotate the polarization by 0° when a digital signal with the bit value 1 is applied to its electrical input.
Preferably, the polarization separating element 110 is a polarization beam splitting cube with dielectric coating, or a birefringence-based polarizer, or a prism.
Preferably, the light source 100 is a coherent light source, preferably comprising a laser diode or a pulsed laser, or an incoherent light source, preferably comprising an LED diode, or a single photon source, preferably based on single atoms or quantum dots.
Preferably, the light source 100 is configured to emit vertically or horizontally polarized light pulses.
Preferably, the light source 100 is configured to generate an optical beam with a central wavelength in the range of 400-1600 nm, the average energy of which is less than 1 pW.
Preferably, the single photon detectors 131 and 132 both comprise an avalanche photodiode or a superconductivity-based single photon detector, or alternatively one of the detectors 131 , 132 comprises an avalanche photodiode and the other detector comprises a superconductivity-based single photon detector.
Preferably, the optical path is an optical fiber, a waveguide or an optical beam in free space.
The invention relates also a method for verification of privacy of random bit sequences generated by means of the device according to the invention, in which, while generating random numbers, the polarization of the beam incident on the polarization separating element is diagonal, i.e. rotated by 45° with respect to the direction of polarization transmitted by the polarization separating element, characterized in that during the verification of privacy, using the control electronics 160 one controls the multi-state polarization modulator 150 and rotates the polarization of the light incident on the polarization separating element 110, setting it sequentially at 0°, 45°, and 90° to the direction of polarization transmitted by the polarization separating element, and for each of the three polarization directions (0°, 45°, 90°), the sequences of bits generated by the generating module 140 are recorded, and then, based on each of the three sequences, the probability P 1 of recording a count by the first detector 131 and the probability P" of recording a count by the second detector 132 are determined, and based on the six probabilities, i.e. or where
• the Roman numeral I or II in the superscript means the first detector 131 or the second detector 132, respectively,
• xy in the subscript, where x=0 or x=1 and y=0 or y=1, mean the values of the control bits applied to the first polarization modulator 251 , 351 of the multi-state polarization modulator 150, and to the second polarization modulator 252, 352 of the multi-state polarization modulator 150, respectively,
• v0, v1, and V2 in the subscript mean the voltages v 0 , V 1 , and V 2 , respectively, as applied to the electrical input of the multi-state polarization modulator 150, the parameters of the physical model of the system are calculated, which are used to determine the maximum probability of guessing a random bit by an unauthorized party P g , and the privacy verification is considered positive when the maximum probability of guessing a random bit by an unauthorized party P g is lower than the maximum acceptable probability value of guessing a random bit by an unauthorized party unauthorized X. When the verification is positive, the device is capable of generating random private bits.
Preferably, a physical model is used to determine the maximum probability of guessing a random bit by an unauthorized party P g , the parameters of which are:
(a) the average number of photons in the measured pulses - μ,
(b) the transmission coefficient - λ;
(c) the probability f.
Preferably, the verification of privacy of the generated sequence of random bits is considered positive depending on whether the determined parameter values of the physical model (μ0,λ 0, f0) belong to a predefined set of numerical values in the three- dimensional space (μ,λ , f) calculated on the basis of a physical model and on the basis of the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X.
Preferably, the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X is in the range from 50% to 100%.
Preferably, the maximum acceptable value of the probability of guessing a random bit by an unauthorized party X is 75%, for X = 75% the verification of privacy of the generated sequence of random bits is positive (i.e. P g < 75%), when the determined parameter values of the physical model (JJO, Ao, fo) are inside tetrahedron whose vertices are in the following points in the three-dimensional space (μ , λ, f):
• (μ=0, λ=0, f=0),
• (μ=0, λ=0,75, f=0)
• (μ =10, λ=0, f=0)
• (μ =0, λ=0, f=1)
The invention relates also to a computer program characterized in that it contains instructions which, when loaded into the control electronics 160 and the generating module 140, implement the above method. [Advantages of the invention]
The invention according to the present patent specification has numerous advantages. It allows for the generation of true random numbers, while ensuring complete confidence that the generated sequence of random numbers is not known to any unauthorized party, including the generator manufacturer. Thanks to the use of the polarization degree of freedom, its technical implementation is much simpler than the previously proposed solutions based on interfering and measuring multiple light beams using an array of single photon detectors.
[Advantageous embodiments of the invention]
The invention will now be explained in detail in embodiments, with reference to the accompanying drawing, where in the Figures of the drawing the dotted lines connecting the individual elements of the system indicate optical connections (e.g. optical fiber, waveguide or optical beam in free space), and the solid lines connecting the individual elements of the system indicate electrical connections, in which it is disclosed:
Fig. 1 shows an embodiment of a device for quantum random number generation in which the multi-state modulator 150 is implemented as a pair of two- state polarization modulators 251 , 252 controlled by means of the control electronics 160, where the light source 100 generates a coherent optical beam with fixed polarization consistent with or perpendicular to the direction of polarization transmitted by the polarization separating element 110, which is then rotated by the pair of two-state polarization modulators 251 , 252. The optical beam is incident on the polarization separating element 110 whose outputs 111 , 112 are monitored by two single photon detectors 131 , 132, electrically connected 141 , 142 to the generating module 140.
Fig. 2 shows an embodiment of a device for quantum random number generation in which the multi-state modulator 150 is implemented as a pair of two- state polarization modulators 351 , 352 controlled by means of the control electronics 160, where the light source 100 generates a coherent optical beam with fixed polarization consistent with or perpendicular to the direction of polarization transmitted by the polarization separating element 110, which is then rotated by the pair of two-state polarization modulators 351 , 352. The optical beam is incident on the polarization separating element 110 whose outputs 111 , 112 are monitored by two single photon detectors 131 , 132, electrically connected 141 , 142 to the generating module 140.
Fig. 3 shows an embodiment of a device for quantum random number generation using the multi-state modulator 150 controlled by means of the control electronics 160, where the light source 100 generates a coherent optical beam with fixed polarization consistent with or perpendicular to the direction of polarization transmitted by the polarization separating element 110, which is then rotated by the multi-state polarization modulator 150. The optical beam is incident on the polarization separating element 110 whose outputs 111 , 112 are monitored by two single photon detectors 131 , 132, electrically connected 141 , 142 to the generating module 140.
Fig. 4 shows tetrahedron (in two different projections) in a three-dimensional Cartesian coordinate system whose axes (μ , λ, f) represent the parameter values of the physical model, inside the tetrahedron the maximum probability of guessing a random bit by an unauthorized party P g is lower than 75%, and thus the device allows the generation of private random bits.
The labels used in the Figures of the drawing are consistent with the glossary definitions. Various types of optical and photonic connections are known in the prior art, e.g. optical fiber, waveguide or optical beam in free space, which are indicated by dotted lines in the figures. The solid line in the drawing indicates electrical connections including wire connections and digital signal ports.
[Embodiments of the invention]
The following embodiments of the invention are included only for the purpose of illustrating the invention and explaining its particular aspects, not for the purpose of limiting it, and should not be construed as the entire scope thereof, which is defined in the appended claims. In the following examples, unless otherwise indicated, standard materials and methods used in the art are used or manufacturers' recommendations for specific devices, materials and methods are followed.
EXAMPLE 1
Device for quantum random number generation using a pair of two-state polarization modulators and a method for verification of privacy of random number sequences generated by means of the device
In the embodiment shown in Fig. 1 below, the light source 100 with fixed polarization is a laser diode emitting a coherent optical beam of vertical (alternatively horizontal) polarization. The polarization of the beam is then rotated by a multi-state polarization modulator 150 implemented as a pair of two-state polarization modulators, marked in Fig. 1 as 251 , 252. Each of the polarization modulators 251 , 252 is independently supplied with a digital control signal from the control electronics 160. For each modulator, when the control bit value 1 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 45°. On the other hand, when the control bit value 0 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 0°. The operation of the first modulator 251 is independent of the operation of the second modulator 252. Subsequently, the optical beam is directed to the polarization separating element 110, preferably a polarization beam splitting (PBS) cube, due to its low price and widespread availability, wherein the vertically polarized light is transmitted and the horizontally polarized light is reflected. For the diagonal polarization (rotated by 45°), the polarization beam splitting cube acts as a balanced beam splitting plate, i.e. it splits the incoming beam into two beams of equal energy. Each of the output beams of the polarization beam splitting cube 111 , 112 is measured by a single photon detector 131 , 132, preferably an avalanche photodiode, or preferably a superconductivity-based single photon detector, which is characterized by an extremely low number of dark counts and a very high quantum efficiency allowing for effective photon detection.
The probability of clicking in each of the detectors can be denoted by and where x is the value of the control bit applied to the first polarization modulator 251 and y is the value of the control bit applied to the second polarization modulator 252. The Roman numeral in the superscript denotes the optical path behind the PBS cube, in which the detector is placed in accordance with the labelling in Fig. 1 , where the optical path I is marked as 111 and the optical path II as 112. For the combination of control bits {x,y} = {0, 1} and {x,y} = {1,0}, the beam incident on the polarization separating element 110 is diagonally polarized, and therefore, according to the rules of quantum optics, the probability of clicking the detector placed in the first optical path 111 is the same as the probability of clicking the detector placed in the second optical path optical 112, The setting of the polarization modulators {x,y}= {0, 1} and {x,y} = {1,0} allows to generate a true random sequence of bits, wherein the bit value 0 corresponds to clicking the detector placed in the optical path I 111 , and the bit value 1 corresponds to clicking the detector placed in the optical path II 112. The detector counts are analyzed and converted into a random sequence of bits by the generating module 140.
In order to verify the privacy of the generated random sequence, the probabilities of clicking, and are determined on the basis of optical pulse measurements, for three polarization directions of the beam incident on the polarization splitting element (vertical polarization, diagonal polarization and horizontal polarization), i.e. the probabilities (measured with the modulator settings {x,y} = {0,0}), the probabilities P or alternatively (measured with the modulator settings {x,y} = {0, 1} or alternatively {x,y} = {1,0}, respectively) and the probabilities (measured with the modulator settings {x,y} = {1, 1}). During this testing procedure, the device does not allow for random number generation. In an idealized scenario, the probability values for settings {x,y} {0,0} are respectively, for settings respectively, and for settings respectively. Due to the dark counts of the detectors, the finite extinction coefficient of the polarization separating element, or a potential interference of an unauthorized party, the measured probabilities will deviate from those of the idealized scenario. Based on the measured values or alternatively and using the probability theory and the physical model of the optical system, a set of the following parameters of the physical model of the generator system can be calculated:
• μ - average number of photons in a pulse of laser light measured using the detectors, the measurement of which allows the generation of a random bit;
• A - transmission coefficient, where λ = cos 2 (γ), where γ is the angle of polarization rotation of the optical beam incident on the polarization separating element. During the testing procedure, it is assumed that this angle may deviate from the value resulting from the values of the bits controlling the polarization modulators due to an interference of an unauthorized party. In particular, it is assumed that when the settings of the modulators are {x,y} = {1,0} and {x,y} = {0, 1}, γ may be different than 45°;
• probability f with the setting of the polarization modulators {x,y} = {0,0} means the probability that, due to an interference of an unauthorized party, the detector 131 placed in the optical path I, in spite of having observed a photon, did not send an electric pulse to the generating module, whereas with the setting of the polarization modulators {x,y} = {1, 1}, the probability f means the probability that, due to the interference of an unauthorized party, the detector 132 placed in the optical path II, in spite of having observed a photon, did not send an electric pulse to the generating module 140.
Based on the determined values of the above parameters of the physical model (μ0 , λ0, f0), the maximum probability of guessing a random bit by an unauthorized party P g is determined. If the maximum probability P g satisfies the inequality P g < X, where X is the maximum acceptable probability value of guessing a random bit by an unauthorized party, ranging from 50% to 100%, the device is capable of generating random private bits. Preferably, the maximum probability of guessing a random bit by an unauthorized party P g should be less than 75%. The condition P g < 75% is met when the point (μ0 , λ0, f0) in three-dimensional space (μ , λ, f) defined by the determined values of the parameters of the physical model is inside the tetrahedron shown in Fig.
4, whose vertices are in the points:
• (μ =0, λ=0, f=0);
• (μ =0, λ=0, 75, f=0)
• (μ =10, λ=0, f=0);
• (μ =0, λ=0, f=1)
For the unauthorized party's strategy relying on guessing random bits without any additional information, the maximum probability P g is 50%.
EXAMPLE 2
Alternative device for quantum random number generation using a pair of two-state polarization modulators and a method for verification of privacy of random number sequences generated by means of the device
In the embodiment shown in Fig. 2 below, the light source 100 with fixed polarization is a laser diode emitting a coherent optical beam of vertical (alternatively horizontal) polarization. The polarization of the beam is then rotated by a multi-state polarization modulator 150 implemented as a pair of two-state polarization modulators, marked in Fig. 1 as 351 , 352. Each of the polarization modulators 351 , 352 is independently supplied with a digital control signal from the control electronics 160. For the first modulator 351 , when the control bit value 0 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 0°, while when the control bit value 1 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 45°. For the second modulator 352, when the control bit value 0 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 0°, while when the control bit value 1 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 90°. The operation of the first modulator 351 is independent of the operation of the second modulator 352. The order of modulators 351 and 352 in the optical path has no effect on the operation of the device. In this example, the modulator 351 that rotates the beam by 45° is placed in the optical path closer to the light source 100 than the other modulator 352 that rotates the beam by 90°. Subsequently, the optical beam is directed to the polarization separating element 110, preferably a polarization beam splitting (PBS) cube, due to its low price and widespread availability, wherein the vertically polarized light is transmitted and the horizontally polarized light is reflected. For the diagonal polarization (rotated by 45° or 135°), the polarization beam splitting cube acts as a balanced beam splitting plate, i.e. it splits the incoming beam into two beams of equal energy. Each of the output beams of the polarization beam splitting cube 111 , 112 is measured by a single photon detector 131 , 132, preferably an avalanche photodiode, or preferably a superconductivity-based single photon detector, which is characterized by an extremely low number of dark counts and a very high quantum efficiency allowing for effective photon detection.
The probability of clicking in each of the detectors can be denoted by and where x is the value of the control bit applied to the first polarization modulator 351 and y is the value of the control bit applied to the second polarization modulator 352. The Roman numeral in the superscript denotes the optical path behind the PBS cube, in which the detector is placed in accordance with the labelling in Fig. 1 , where the optical path I is marked as 111 and the optical path II as 112. For the combination of control bits {x,y} = {1,0} or {x,y} = {1, 1}, the beam incident on the polarization separating element 110 is diagonally polarized, and therefore, according to the rules of quantum optics, the probability of clicking the detector placed in the first optical path 111 is the same as the probability of clicking the detector placed in the second optical path optical 112, The setting of the polarization modulators {x,y} ={1,0} or {x,y} = {1, 1} allows thus to generate a true random sequence of bits, wherein the bit value 0 corresponds to clicking the detector placed in the optical path I 111 , and the bit value 1 corresponds to clicking the detector placed in the optical path II 112. The detector counts are analyzed and converted into a random sequence of bits by the generating module 140.
In order to verify the privacy of the generated random sequence, the probabilities of clicking, and are determined on the basis of optical pulse measurements, for three polarization directions of the beam incident on the polarization splitting element (vertical polarization, diagonal polarization and horizontal polarization), i.e. the probabilities (measured with the modulator settings {x,y} = {0,0}), the probabilities or alternatively (measured with the modulator settings {x,y} = {1,0} or alternatively {x,y} = {1, 1}, respectively) and the probabilities (measured with the modulator settings {x,y} = {0, 1}}. During this testing procedure, the device does not allow for random number generation. In an idealized scenario, the probability values for settings {x,y}= {0,0} are respectively, for settings and respectively, and for settings respectively. Due to the dark counts of the detectors, the finite extinction coefficient of the polarization separating element, or a potential interference of an unauthorized party, the measured probabilities will deviate from those of the idealized scenario. Based on the measured values or alternatively and using the probability theory and the physical model of the optical system, a set of the following parameters of the physical model of the generator system can be calculated:
• μ - average number of photons in a pulse of laser light measured using the detectors, the measurement of which allows the generation of a random bit; • A - transmission coefficient, where λ = cos 2 (γ), where γ is the angle of polarization rotation of the optical beam incident on the polarization separating element. During the testing procedure, it is assumed that this angle may deviate from the value resulting from the values of the bits controlling the polarization modulators due to an interference of an unauthorized party. In particular, it is assumed that when the settings of the modulators are {x,y} = {1,0} and {x,y} = {1, 1}, γ may be different than 45° or 135°;
• probability f - with the setting of polarization modulators {x,y} = {0,0} means the probability that, due to an interference of an unauthorized party, the detector 131 placed in the optical path I, in spite of having observed a photon, did not send an electric pulse to the generating module, whereas with the setting of polarization modulators {x,y} = {0, 1}, the probability f means the probability that, due to the interference of an unauthorized party, the detector 132 placed in the optical path II, in spite of having observed a photon, did not send an electric pulse to the generating module 140.
Based on the determined values of the above parameters of the physical model (μ0 , λ0, f0), the maximum probability of guessing a random bit by an unauthorized party P g is determined. If the maximum probability P g satisfies the inequality P g < X, where X is the maximum acceptable probability value of guessing a random bit by an unauthorized party, ranging from 50% to 100%, the device is capable of generating random private bits. Preferably, the maximum probability of guessing a random bit by an unauthorized party P g should be less than 75%. The condition P g < 75% is met when the point (μ0 , λ0, f0) in three-dimensional space (μ , λ, f) defined by the determined values of the parameters of the physical model is inside the tetrahedron shown in Fig. 4, whose vertices are in the points:
• (μ =0, λ=0, f=0),
• (μ =0, λ=0, 75, f=0)
• (μ =10, λ=0) ,=0)
• (μ =0, λ=0, f=1);
For the unauthorized party's strategy relying on guessing random bits without any additional information, the maximum probability P g is 50%.
EXAMPLE 3
Device for quantum random number generation using a multi-state polarization modulator and a method for verification of privacy of random number sequences generated by means of the device
In the embodiment shown in Fig. 3 below, the light source 100 with fixed polarization is a laser diode emitting a coherent optical beam of vertical (alternatively horizontal) polarization. The polarization of the beam is then rotated by a single multi- state polarization modulator marked in Fig. 3 as 150. The modulator is supplied with an analog control signal from the control electronics 160. When the voltage V o is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 0°, when the voltage V 1 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by γ = 45°, when the voltage V 2 is applied to the modulator's electrical input, it rotates the polarization of the optical beam by 2γ = 90°. Subsequently, the optical beam is directed to the polarization separating element 110, preferably a polarization beam splitting (PBS) cube, due to its low price and widespread availability, wherein the vertically polarized light is transmitted and the horizontally polarized light is reflected. For the diagonal polarization (rotated by 45°), the polarization beam splitting cube acts as a balanced beam splitting plate, i.e. it splits the incoming beam into two beams of equal energy. Each of the output beams of the polarization beam splitting cube 111 , 112 is measured by a single photon detector 131 , 132, preferably an avalanche photodiode, or preferably a superconductivity-based single photon detector, which is characterized by an extremely low number of dark counts and a very high quantum efficiency allowing for effective photon detection.
The probability of clicking in each of the detectors can be denoted by oraz where v is the value of the voltage applied to the electrical input of the polarization modulator 150. The Roman numeral in the superscript denotes the optical path behind the PBS cube, in which the detector is placed in accordance with the labelling in Fig. 1 , where the optical path I is marked as 111 and the optical path II as 112. For the control voltage V 1 the beam incident on the polarization separating element 110 is diagonally polarized, and therefore, according to the rules of quantum optics, the probability of clicking the detector placed in the first optical path 111 is the same as the probability of clicking the detector placed in the second optical path optical 112, i.e. The voltage applied to the electrical input of the polarization modulator v = V ± allows thus to generate a true random sequence of bits, wherein the bit value 0 corresponds to clicking the detector placed in the optical path 1 111 , and the bit value 1 corresponds to clicking the detector placed in the optical path I1 112. The detector counts are analyzed and converted into a random sequence of bits by the generating module 140.
In order to verify the privacy of the generated random sequence, the probabilities of clicking, and are determined on the basis of optical pulse measurements, for three polarization directions of the beam incident on the polarization splitting element (vertical polarization, diagonal polarization and horizontal polarization), i.e. the probabilities (measured with the voltage V 0 applied to the electrical input of the modulator), the probabilities (measured with the voltage V 1 applied to the electrical input of the modulator), and the probabilities (measured with the voltage V 2 applied to the electrical input of the modulator). During this testing procedure, the device does not allow for random number generation. In an idealized scenario, the probability values for the voltage applied to the input of the modulator respectively, for the voltage applied to the input of the modulator respectively, and for the voltage applied to the input of the modulator v 50%, respectively. Due to the dark counts of the detectors, the finite extinction coefficient of the polarization separating element, or a potential interference of an unauthorized party, the measured probabilities will deviate from those of the idealized scenario. Based on the measured values using the probability theory and the physical model of the optical system, a set of the following parameters of the physical model of the generator system can be calculated:
• μ - average number of photons in a pulse of laser light measured using the detectors, the measurement of which allows the generation of a random bit;
• A - transmission coefficient, where λ = cos 2 (γ), where y is the angle of polarization rotation of the optical beam incident on the polarization separating element. During the testing procedure, it is assumed that this angle may deviate from the value resulting from the value of the voltage applied to the electrical input of the modulator due to an interference of an unauthorized party. In particular, it is assumed that for the voltage applied to the electrical input of the modulator v = V 1 , γ may be different than 45°, and for the voltage applied to the electrical input of the modulator v = V 2 , 2γ may be different than 90°;
• probability f with the voltage applied to the electrical input of the polarization modulator v = V o means the probability that, due to an interference of an unauthorized party, the detector 131 placed in the optical path I, in spite of having observed a photon, did not send an electric pulse to the generating module, whereas with the voltage applied to the electrical input of the polarization modulator v = V 2 , the probability f means the probability that, due to the interference of an unauthorized party, the detector 132 placed in the optical path II, in spite of having observed a photon, did not send an electric pulse to the generating module 140.
Based on the determined values of the above parameters of the physical model (μ0 , λ0, f0), the maximum probability of guessing a random bit by an unauthorized party P g is determined. If the maximum probability P g satisfies the inequality P g < X, where X is the maximum acceptable probability value of guessing a random bit by an unauthorized party, ranging from 50% to 100%, the device is capable of generating random private bits. Preferably, the maximum probability of guessing a random bit by an unauthorized party P g should be less than 75%. The condition P g < 75% is met when the point (μ0 , λ0, f0) in three-dimensional space (μ, λ, f) defined by the determined values of the parameters of the physical model is inside the tetrahedron shown in Fig. 4, whose vertices are in the points:
• (μ =0, λ=0, f=0),
• (μ =0, λ=0, 75, f=0)
• (μ =10, λ=0, f=0)
• (μ =0, λ=0, f=1)
For the unauthorized party's strategy consisting in guessing random bits without any additional information, the maximum probability P g is 50%. [Possible areas of application of the invention]
The present invention can be used i.a. in the following areas of technology: IT and ICT cybersecurity, data encryption and cryptography. Random number generators are widely used among users of computer and telephone networks. In addition, their use is particularly important in encryption of sensitive data in the banking and financial sector, power industry, industrial control and automation, in securing sensitive medical data, in the military sector, in communication in government administration and in secret services and diplomatic corps (where sending and receiving messages from remote facilities is exposed to eavesdropping by unauthorized persons).
In addition, the invention can be used in games of chance, especially in number games, the rules of which are based on the true randomness of events, preventing third parties from predicting the draw result. Random number generators are also used in numerical simulations that require a true random sampling, e.g. the Monte Carlo method.