In general, the present invention is situated in the context of the generation of random numbers. In fact, the generation of high quality random numbers is essential to security of many applications such as cryptographic protocols, both classical and quantum. For example, conventional asymmetric key protocols, like the well known DSA-, RSA- and Diffie-Hellman-algorithms, use random numbers, tested for primality, to generate their keys. Another example is the unconditionally secure one-time pad protocol which needs a string of perfectly random numbers of a length equal to that of the data to be encrypted. The main limitation of this protocol is the requirement for key exchange. Quantum key distribution offers a way to generate two secure keys at distant locations, but its implementation also requires a vast quantity of random numbers. All these examples reflect Kerckhoffs' principle which dates back to the 19th century and states that the security of a cypher must reside entirely in the key.
It is therefore of particular importance that the key used in a cryptographic algorithm is secure, which in practice requires it to be chosen at random. In the past, weaknesses in random number generation have resulted in the breaking of a number of systems and protocols, such as reported by Arjen K. Lenstra, James P. Hughes, Maxime Augier, Joppe W. Bos, Thorsten Kleinjung, and Christophe Wachter in their article “Ron was Wrong, Whit is Right” published in 2012 in the Cryptology ePrint Archive. Such breakings concern many kind of fields like operating system security, see the article “Cryptanalysis of the Random Number Generator of the Windows Operating System” by Leo Dorrendorf, Zvi Gutterman, and Benny Pinkas published in ACM Trans. Inf. Syst. Secur., 13(1):1-32, 2009, communication protocols, see the article “Openssl—Predictable Random Number Generator” by Luciano Bello published in Debian security advisory 1571-1, 2008, digital rights management, see the publication “Ps3 Epic Fail” by Bushing, Marcan, Segher, and Sven at the 27th Chaos Communication Congress, 2010, and Financial Systems, see the article “Android Bug Batters Bitcoin Wallets” by Richard Chirgwin published in The Register, 2013. Random number generation nowadays thus not only concerns defense issues such as initially targeted by Kerckhoffs' studies but has influence on many other fields like computer technology and science in general, economy, lotteries and games, as well as privacy issues of institutional—or individual's personal data stored or encrypted based on protocols using random numbers.
However, high quality random numbers are hard to produce, in particular they cannot be generated by a deterministic algorithm such as a computer program. In fact, existing algorithm-based quasi-random number generators may advantageously be used for simulation purposes, but are not adapted for cryptography, since the resulting quasi-random numbers are, in principle, reproducible. To ensure the uniqueness and, importantly, the randomness of the generated bit string, a physical random number generator is required, such as explained by C. H. Vincent in the article “The Generation of Truly Random Binary Numbers” in Journal of Physics E: Scientific Instruments, 3(8):594, 1970, or Y. Saitoh, J. Hori, and T. Kiryu in the article “Generation of Physical Random Number Using Frequency Modulated LC Oscillation Circuit with Shot Noise” in Electron Comm. Jpn. 3, 88(5):12-19, 2005.
In the past, two types of physical random number generators have been proposed which exploit the statistical nature of physical processes. Generators of the first type use processes which in principle obey deterministic laws but have chaotic nature due to complexity and incomplete knowledge of the initial system state. As an example, image sensors have been used to generate random numbers of classical origin by extracting information from a moving scene, e.g., a lava lamp, or using sensor readout noise, like disclosed by R. G. Mende, L. C. Noll, and S. Sisodiya in U.S. Pat. No. 5,732,138 entitled “Method for Seeding a Pseudo-Random Number Generator with a Cryptographic Hash of a Digitization of a Chaotic System”, 1998. Other examples for such kind of physical random number generators are disclosed in U.S. Pat. Nos. 6,831,980, 6,215,874, WO2013/003943, EP 1 821 196, WO01/95091. However, the performance both in terms of randomness and throughput of such devices, respectively of corresponding methods, has been low.
Generators of the second type use physical processes which feature some intrinsic fundamental randomness, such as quantum mechanical processes. For this reason, quantum random number generators (QRNGs), which by their nature produce a string which cannot be predicted, even if an attacker has complete information on the device, are of particular interest, like explained in more detail in the article “Quantum Random-Number Generation and Key Sharing” by J. G. Rarity, P. C. M. Owens, and P. R. Tapster, published in Journal of Modern Optic, 41(12):2435-2444, 1994. Known QRNGs are based on specialized hardware, such as single photon sources and detectors like disclosed, for example, by A. Stefanov, N. Gisin, O. Guinnard, L. Guinnard, and H. Zbinden in their article “Optical Quantum Random Number Generator” published in Journal of Modern Optic, 47(4):595-598, 2000, photon pair sources in combination with beam splitters such as disclosed by Wolfgang Dultz and Eric Hildebrandt in their U.S. Pat. No. 6,393,448 entitled “Optical Random-Number Generator Based on Single-Photon Statistics at the Optical Beam Splitter”, 2002, or the device proposed by W. Wei and H. Guo in the article “Bias-Free True Random-Number Generator” published in Opt. Letters, 34(12):1876-1878, 2009, or homodyne detection like disclosed for example by Christian Gabriel, Christoffer Wittmann, Denis Sych, Ruifang Dong, Wolfgang Mauerer, Ulrik L. Andersen, Christoph Marquardt, and Gerd Leuchs in their article “A Generator for Unique Quantum Random Numbers Based on Vacuum States” published in Nat. Photon, 4(10):711-715, 2010. Other examples for such kind of physical random number generators are disclosed in U.S. Pat. No. 7,284,024, US 2012/045053, JP 2009/070009, EP 2 592 547, GB 2 473 078, and WO02/091147. These QRNGs, however, have significant drawbacks, in particular in terms of size and complexity due to the required specialized hardware as well as in terms of speed and scalability, which entails high production cost, respectively limited applicability.
The solutions according to prior art therefore inherently comprise several problems. If known QRNGs indeed produce random numbers of quantum, i.e., random origin, the corresponding devices are complex and cost intensive. Devices which generate random numbers of classical origin have a low performance in terms of randomness and throughput.