[Paper Review] Certifiable Quantum Dice - Or, testable exponential randomness expansion
This paper presents a certifiable quantum randomness expansion protocol that generates $ n $ bits of true randomness from $ O(\log n) $ uniformly random seed bits using only the no-signaling principle as a security assumption. The protocol enables testable, exponential randomness expansion with security against quantum adversaries, achieving $ \Omega(n) $ bits of certified randomness from a small seed, even when the devices are entangled with an eavesdropper.
We introduce a protocol through which a pair of quantum mechanical devices may be used to generate n bits of true randomness from a seed of O(log n) uniform bits. The bits generated are certifiably random based only on a simple statistical test that can be performed by the user, and on the assumption that the devices obey the no-signaling principle. No other assumptions are placed on the devices' inner workings. A modified protocol uses a seed of O(log^3 n) uniformly random bits to generate $n$ bits of true randomness even conditioned on the state of a quantum adversary who may have had prior access to the devices, and may be entangled with them.
Motivation & Objective
- To develop a protocol that generates certified random bits from minimal randomness, ensuring the output is truly random even if the devices are adversarially controlled.
- To achieve exponential randomness expansion—producing $ n $ bits of randomness from a seed of only $ O(\log n) $ bits—while maintaining testability.
- To provide security against a quantum adversary who may have prior entanglement with the devices, ensuring the output remains random even when conditioned on the adversary's quantum state.
- To design a protocol that relies solely on a simple statistical test (CHSH game violation) and the no-signaling principle, avoiding assumptions about device internals.
Proposed method
- The protocol uses a sequence of CHSH game rounds where most rounds use fixed inputs (0,0), while a small fraction are 'Bell blocks' with random inputs to test non-classical correlations.
- It applies a statistical test on the output: the CHSH condition must be satisfied in at least 84% of rounds in each block to accept the output.
- The protocol uses a small random seed to select Bell blocks and ensures that any deviation from quantum behavior is detectable via statistical deviation from the expected success rate.
- A reduction to a guessing game is used to prove security: if an adversary could predict outputs with high accuracy, it would imply signaling, violating the no-signaling principle.
- The protocol groups Bell blocks into chunks and uses a chain rule argument to show that with high probability, there exists at least one block where the adversary’s prediction is correct and the CHSH condition is satisfied.
- The final output is extracted from the CHSH game outcomes in the Bell blocks, with a final decision rule based on agreement with predicted outputs to certify randomness.
Experimental results
Research questions
- RQ1Can a small random seed be used to generate a large number of certifiably random bits using only the no-signaling principle?
- RQ2Can the protocol remain secure against a quantum adversary who may be entangled with the devices?
- RQ3Is it possible to achieve exponential randomness expansion (i.e., $ n $ bits from $ O(\log n) $ seed) with only a statistical test and no device trust?
- RQ4Can the protocol be made testable in practice, relying only on observable statistics and not on device details?
Key findings
- The protocol generates $ \Omega(n) $ bits of certifiably random output from a seed of $ O(\log n) $ uniformly random bits, achieving exponential randomness expansion.
- The security of the output is guaranteed with probability $ 1 - \exp(-\Omega(\Delta)) $, where $ \Delta $ controls the error rate and security level.
- A modified protocol using $ O(\log^3 n) $ seed bits generates $ n $ bits of randomness that are secure even when conditioned on a quantum adversary’s prior entanglement with the devices.
- The protocol ensures that any attempt by an adversary to predict outputs with high accuracy would imply signaling, which violates the no-signaling principle and thus cannot occur.
- The existence of at least one Bell block where both the CHSH condition is satisfied and the adversary’s prediction is correct with high probability is proven via a chain rule argument.
- The final output is extracted using a decision rule based on agreement with predicted outputs, ensuring that the final bits are indistinguishable from uniform to any adversary with bounded prediction success.
Better researchstarts right now
From paper design to paper writing, dramatically reduce your research time.
No credit card · Free plan available
This review was created by AI and reviewed by human editors.