Random numbers are used on a daily basis in a variety of applications, including encrypting communication and authentication between entities. For example, in authentication, an entity may confirm its identity with another entity to access information. Put differently, an entity, such as a user or software running on a computer, may authenticate with another entity in order to achieve a degree of certainty about whether communications are from whom the communication claims to be.
One type of authentication system prevalent in and outside the Internet utilizes two-factor authentication. As an example, a user may authenticate with another entity by entering their password and a one-time pad (OTP) generated by a security token. In this system, the OTP generated from the security token (something you have) is combined with the password (something you know) to form a two factor authentication system. Many of these hardware authentication tokens or security tokens are now about the size of a keychain, and offer a degree of assurance that the entity providing the password and OTP is whom they claim to be. However, these conventional two-factor authentication systems are also not without weaknesses. The security of the two-factor system is based in part on the premise that the OTP generated from the security token is truly random and cannot be reproduced computationally. This premise has been reported as being subject to compromise.
For instance, the OTP in conventional two-factor systems is often times based on a pseudorandom stream of randomness, or a computationally random seed. That is, a conventional computational random number generator (CRNG) is used as a source of assumed randomness to provide a seed value (e.g., a pseudorandom number), which is used as an input to a hashing algorithm, such as SHA-256. The hashing algorithm may be assumed to construct a resulting random number using a non-reversible and apparently non-Markovian process.
However, reliance on the seed of a conventional CRNG to be a source of true randomness may be misplaced. Conventional CRNGs may utilize deterministic processes on a computer to generate a seed. Deterministic algorithms may not be fully irreversible—though irreversibility may be mimicked to some extent by using bitshifting and “chunk” divisions in the hashing algorithm. It has been shown that, using supercomputing clusters and large hash computation tables, hashing algorithms (e.g., SHA-256) may be reverse engineered via collision detection to determine the initial seed. These reverse engineering techniques may exploit the psuedorandomness of the initial seed output from a conventional CRNG as a weakness to deduce the initial seed based on the output of the hashing algorithm. Once the initial seed value has been deduced, techniques may be used to deterministically generate subsequent random numbers or OTPs, thereby enabling an attacker to mimic the OTP generated from the authentication system without actually possessing the security token.
Attempts have been made to utilize quantum random number generators (QRNG) to forgo reliance on the deterministic computational process of the CRNG. Quantum mechanics provides an inherent randomness from nature that is not computationally deterministic; rather, the randomness afforded by nature is considered truly random or unbreakable with computational power. The source of randomness from nature may be used to develop a seed and hashing algorithms that are fully irreversible. QRNGs may attempt to benefit from nature's randomness to generate a random number. In a conventional QRNG, probabilistic, natural processes may be partially controlled by an observer, and monitored to record random events. These recorded random events may be incorporated into random numbers.
Although nature is considered to be a source of true randomness, many conventional QRNGs have not been able to fully benefit from this true source of randomness to generate a truly random number. In controlling nature or recording it, conventional QRNGs may introduce significant bias in the generated random number, potentially skewing it away from true randomness. Bias in the context of QRNGs may be conceptualized as a predominance toward one recorded event over another. For example, in a conventional QRNG that records one event as a binary 0 and another event as a binary 1, a predominance in the recorded events toward either 1s or 0s may indicate bias.
As an example, photon emission from a laser, operated above the lasing threshold, has been utilized as a quantum mechanical process for generating random numbers. Photons from the laser may be directed toward a 50/50 beam splitter, 50% reflecting and 50% transmitting. Two detectors are positioned to detect which path a photon takes, which may be truly random according to quantum mechanics. In this way, a transmitted photon may be detected as a binary 1 and a reflected photon may be detected as a binary 0, thereby being used to generate a random number. However, because the 50/50 beam splitter is often times misaligned to some degree in this conventional QRNG, the generated random number may include bias toward 0s or 1s. Bias may also be introduced in operation of the laser itself, and through the use of two separate detectors. Overall system cost may also be increased by using two separate detectors.
In another example, a time-resolved measurement of photons from a laser, operated above the lasing threshold, may be used as a basis for using quantum mechanics to generate a random number. In this conventional QRNG, the arrival time of photons is detected relative to one another, and after a sufficient number of data points are detected, the distribution may provide enough entropy for a random number. However, the arrival distribution of photons emitted from the laser operated above the lasing threshold may have some shape (such as a sharp peak at a particular arrival time) that results in bias.