You are on page 1of 6

Designing of Quantum Random Number Generator

(QRNG) for Security Application

Meilana Siswanto, Bayu Rudiyanto


Renewable Energy Engineering Department,
Engineering Faculty, State Polytechnic of Jember
Jember, East Java, Indonesia
meilana_siswanto@polije.ac.id, bayu_rudianto@polije.ac.id

Abstract—Information security, especially cryptography still This paper discusses on designing a quantum random
seems becoming an interested topic of researches in the recent number generator (QRNG) which has a potential for
years since it will be responsible to secure a system and data for encryption application of internet of thing (IoT) ecosystem.
misusing of attackers. With spreading of internet of things (IoT) Furthermore the method can be integrated into the existing
applications in many fields whereas many devices will be
hardware for miniaturization.
connected to internet, security issues become one of three
common issues related to IoT applications such as innovations, In this design of photonic-based RNG comprises optical
security and interoperability. As a new application of IoT is components, analog-digital electronic systems, and
implemented, a new security system will be needed as well. This asynchronous transmitter, and utilizes Verilog firmware to
paper discusses on designing a quantum random number integrate the system. The electronic system will convert analog
generator (QRNG) which has a potential for security solution of signals produced by an optical componet to digital signals and
IoT ecosystem applications. is designed using a FPGA RC10 that consists of three
modules; acquisition, whitening, and LFSR module.
Keywords—true random number generator; qrng; quantum
random number generator; photonic-based random number
generator; quantum cryptography II. QUANTUM RANDOM NUMBER GENERATOR
Randomness is events that have no a pattern and cannot be
modelled or predicted. Randomness has been used in science
I. INTRODUCTION and engineering with many applications in simulation, art,
With the rapid development of information security, statistic, gamings, gambling and especially in cryptography
investigation on ultimate security of information that will be discussed in this paper. Random number generator
(cryptographic system) becomes one of the major research is methods in generating randomness [5]. Many methods have
interests in information security. In a cryptographic application been proposed to generate randomness such pseudo random
where ultimate security is necessary, a random number generator (PRNG), hardware-based RNG and TRNG, and
generator (RNG) with its randomness quality is required [1] quantum random number generator (QRNG) which is
and essential wherein security level of an encryption system considered as hardware-based TRNG. PRNG generates
relies on unpredictable and irreproducible keys generated by sequence of random numbers from a deterministic algorithm
RNG [2]. Therefore many attempts and methods have been using a computer. The sequence has patterns and repetitive
proposed to realize truly random number generators (TRNG) occurances at a long of certain time period and it can be
as replacing pseudo RNG which has a pattern and repetitive predicted if the initial condition and algorithm are known.
occurrence at a certain time period [3].
The use of TRNG seems to be of an ever increasing III. DESIGNING OF QUANTUM RANDOM NUMBER GENERATOR
importance and essential in cryptography. To design an
ultimate secured encryption system of quantum cryptography, QRNG is one of the most mature quantum technologies
it demands a true random number generator to produce random with many alternative generation methods [6], and this paper
key, which increases complexity and resistant to the attackers will be focusing on designing of photonic-based random
to crack it. One-time pad (OTP) encryption is an encryption number generator that employs a single-photon detection to
method, as considered the most secured cryptography generate a random signal as previously implemented by N. M.
application, requires high-speed random bit. However, the Thamrin et. al [7]. Fig. 1 shows behavioral process of data
realization of a hardware-based RNG in these applications is processing module in optical-based QRNG wherein the
not matured yet, due to its bigger size, sensitive to environment module has three stages to produce the string of non-
and low output rate [4]. deterministic random bits. Starting with data acquisition, by
getting the input signals from the optical component, the values, and certain combinations of taps will produce a
signals are then processed in whitening module to eliminate all maximal length LFSR [8]. A LFSR comprises of shift registers
the unwanted non-random aspect in the data. Later, the data with feedback as algorithm wherein each of the squares
will be XOR-ed with the Linear Feedback Shift Register labelled S0, S1,…, Sn+1, is a binary storage element, which
(LFSR) to produce 8 bit random data with good uniformity might be a bistable flip-flop, position on a delay line or some
distribution criteria to liaise with the requirement of National other memory device [3]. These n binary storage elements are
Institute of Standard & Technology (NIST) statistical test. called states of the register and, at any given time, their
Then Universal Asyncronous Receiver/Transmitter (UART) is contents are called its state. A shift register with n stages has 2n
used in the last stage to serialize the 8-bit digital data. possible states.

Raw Data from


Optical Component
Acquisition Whitening
8-bit
XOR Random Data

LFSR

Fig. 1. Data processing (Analog to Digital) in optical-based QRNG

Fig. 3. 8-bit Linear Feedback Shift Register


A. Data Acquisition Module
In a cryptographic application, the generated random numbers
must be cryptographically secure and resistant to attacks. The Even though LFSR system is not a cryptographically secure
acquisition module as shown in Figure 3 is utilized to receive but its architecture has reduced the area consumption in the
the raw data from the optical component, which is pulses embedded circuit. Figure 3 shows a block diagram of 8-bit
detection of a single photon. This module converts the single LFSR used in this QRNG design.
photon signals into digital raw random data. A comparator will
determine the value of bit 1’s and 0’s based on the threshold D. UART as Asynchronous Transmitter
value comparison. Setting of the threshold value will give an
Fig. 4 describes an asynchronous transmitter which is a
effect in the probability of producing bit 1 and bit 0. If the
single UART that has a parallel-to-serial converter. The UART
threshold value is set too high, the probability of producing
has four inputs i.e. TxD_data, TxD_start, Clock (clk), Reset
less bit 1’s is high, and if it is set too low, the chances of
(rst), and two outputs i.e. busy signal and a serial output
producing more bit 1’s is low. The generated raw random bits
TxD_1.
are bias and correlated to each other. This defect can fault and
jeopardize the whole cryptographic system. Therefore, it must
be removed from the raw random bits.
8 TxD_data1 n
TxD_1
serializer

TxD_start1
_
busy
clk
Single photon ...11010111010000110...
detection signals COMPARATOR
rst
Threshold Digital raw
value random data
Async Transmitter

Fig. 4. Asynchronous Transmitter (UART)


Fig. 2. Data acquisition module in optical-based parallel QRNG

B. Whitening Module Starting when the "TxD_start" signal is asserted, UART will
Whitening module is functioned to eliminate the bias and take an 8-bits data (TxD_data), and serialize the data using
correlate between raw random bits. This module only accepts some processes i.e. state machine or finite state machine
sequence of “10” or “01” and will eliminate sequence (FSM) and the m-to-n converter, and finally the serial data will
contained consecutive bit 1’s and 0’s such as “11” and “00”. be sent into the output “TxD”. The "busy" signal is asserted
The biasness and autocorrelation effects can be reduced with while a transmission occurs and the "TxD_start" signal is
this method and thus resulting a better random bit. ignored during that time. So UART actually generates three
data; the start bit, the data bits and the stop bits (“busy” signal)
C. LFSR Module by using a state machine inside.
LFSR is frequently used to produce pseudo random number Assume that there is a "BaudTick" signal available, asserted
with good statistical properties. A LFSR is of maximal length 921600 times a second. The state machine starts right when
when the generated sequence passes through all possible 2n-1 "TxD_start" is asserted, but only advances when "BaudTick" is
asserted and then the "TxD_1” will generate serial output F. The Discrete Fourier Transform (Spectral) Test
through the m-to-n converter inside the UART. The focus in this test is the peak heights in the Discrete Fourier
Transform of the sequence. This test will detect periodic
features (i.e., repetitive patterns that are near each other) in the
IV. RANDOM NUMBER GENERATOR TESTS tested sequence that would indicate a deviation from the
There are several test packages and recommendations assumption of randomness. The intention in this test is to
which are ready to use [1], and randomness test in this detect whether the number of peaks exceeding the 95 %
discussion uses NIST statistical test suite with sixteen threshold which is significantly different than 5 %.
statistical criteria of randomness. The NIST test suite is a
G. The Non-Overlapping Template Matching Test
statistical package consisting of 16 tests that were developed to
test the randomness of (arbitrarily long) binary sequences The number of occurrences of pre-specified target strings is the
produced by either hardware or software based on photonic focus of this test. The purpose of this test is to detect
random or pseudorandom number generators. These tests focus generators that produce too many occurrences of a given non-
on a variety of different types of non-randomness that could periodic (aperiodic) pattern. An m-bit window in this test is
exist in a sequence. Some tests are decomposable into a variety used to search for a specific m-bit pattern. If there is no
of subtests. The 16 test packages are the following; pattern, the window slides one bit position. Otherwise, the
window is reset to the bit after the found pattern, and the
A. The Frequency (Monobit) Test search resumes.
The test is focused on the proportion of zeroes and ones for the
H. The Overlapping Template Matching Test
entire sequence. This test will determine whether the number
of ones and zeros in a sequence are approximately the same as The focus of the Overlapping Template Matching test is the
would be expected for a truly random sequence. The test number of occurrences of prespecified target strings. This test
assesses the closeness of the fraction of ones to ½, that is, the uses an m-bit window to search for a specific m-bit pattern. If
number of ones and zeroes in a sequence should be about the the pattern is not found, the window slides one bit position.
same. Otherwise, the window slides only one bit before resuming the
search.
B. Frequency Test within a Block
The proportion of ones within M-bit blocks is the focus in this I. Maurer’s Universal Statistical Test
test. The test is proposed to determine whether the frequency The focus of this test is the number of bits between matching
of ones in an M-bit block is approximately M/2, as would be patterns (a measure that is related to the length of a
expected under an assumption of randomness. compressed sequence). The test is purposed to detect whether
or not the sequence can be significantly compressed without
C. The Runs Test
loss of information. A significantly compressible sequence is
This test will be focused on the total number of runs in the considered to be non-random.
sequence, where a run is an uninterrupted sequence of identical
bits. A run of length k consists of exactly k identical bits and is J. The Lempel-Ziv Compression Test
bounded before and after with a bit of the opposite value. The The test is focused on the number of cumulatively distinct
test is purposed to determine whether the number of runs of patterns (words) in the sequence. The purpose of the test is to
ones and zeros of various lengths is as expected for a random determine how far the tested sequence can be compressed. The
sequence. In particular, this test determines whether the sequence will be considered to be non-random if it can be
oscillation between such zeros and ones is too fast or too slow. significantly compressed. A random sequence will have a
characteristic number of distinct patterns.
D. Test for the Longest-Run-of-Ones in a Block
This test is focused on the longest run of ones within M-bit K. The Linear Complexity Test
blocks. The purpose of this test is to determine whether the The test will be focused on the length of a linear feedback
length of the longest run of ones within the tested sequence is shiftregister (LFSR). The test will determine whether or not the
consistent with the length of the longest run of ones that would sequence is complex enough to be considered random.
be expected in a random sequence. An irregularity in the Random sequences are characterized by longer LFSRs. An
expected length of the longest run of ones implies an LFSR that is too short implies nonrandomness.
irregularity in the expected length of the longest run of zeroes.
L. The Serial Test
E. The Binary Matrix Rank Test The frequency of all possible overlapping m-bit patterns across
The focus of the test is the rank of disjoint sub-matrices of the the entire sequence is the focus in this test. The test will
entire sequence. This test is purposed to check for linear determine whether the number of occurrences of the 2 m m-bit
dependence among fixed length substrings of the original overlapping patterns is approximately the same as would be
sequence. expected for a random sequence.
M. The Approximate Entropy Test data is then collected by Realterm™ software as shown in Fig.
This test is focused on the frequency of all possible 5, and its randomness will be analyzed using NIST statistical
overlapping m-bit patterns across the entire sequence. The test. Histogram and scatter analysis also will be conducted
using Origin™ software in order to see its pattern.
purpose of the test is to compare the frequency of overlapping
blocks of two consecutive/adjacent lengths (m and m+1) Randomness testing of the QRNG which is designed using a
against the expected result for a random sequence. LFSR with primitive polynomial 1+x4+x5+x6+x7 was
conducted at baud rate 80 Kcps (character per second). Since a
N. The Cumulative Sums (Cusums) Test character consists of 8 bits data, this output is equivalent to 640
The maximal excursion of the random walk defined by the Kbps. In order for miniaturization purpose, the designed
cumulative sum of adjusted (-1, +1) digits in the sequence is photon-based RNG was implemented on a Complex
the focus of this test. The purpose of the test is to determine Programmable Logic Devices (CPLD).
whether the cumulative sum of the partial sequences occurring
in the tested sequence is too large or too small relative to the
expected behavior of that cumulative sum for random
sequences. This cumulative sum may be considered as a
random walk. The excursions of the random walk should be
near zero for a random sequence, and for certain types of non-
random sequences, the excursions of this random walk from
zero will be large.
O. The Random Excursions Test
The focus of this test is the number of cycles having exactly K
visits in a cumulative sum random walk. The cumulative sum
random walk is derived from partial sums after the (0,1)
sequence is transferred to the appropriate (-1, +1) sequence. A
cycle of a random walk consists of a sequence of steps of unit
length taken at random that begin at and return to the origin.
This test will determine the number of visits to a particular
state within a cycle deviates from what one would expect for a
random sequence. Fig. 5. Process of converting analog signals to be digital signals.

P. The Random Excursions Variant Test


This test is focused on the total number of times that a
particular state is visited in a cumulative sum random walk.
This test will detect deviations from the expected number of
visits to various states in the random walk.

V. DISCUSSION
RNGs used for key of encryption processes should be
considered as a critical part of the cryptographic system. A Fig. 6. The digital data sequence collected by realterm.
weakness of key produced by the RNG can lead to a complete
failure of the whole system. Therefore, the security of
generated random bits for the cryptography applications must B. Randomness Testing
be tested and verified using standard of statistical tests. The sixteen statistical criterias of randomness which are
Testing of the randomness quality is very important issue in determined by NIST test standard and were described in this
cryptography since any practical RNG implementation behaves paper are as the following; frequency (monobit), frequency
as a key generator and sometimes generates unrandom bits within a block, cumulative sums, runs, longest run of ones in a
which might be caused by such as supply voltage variations, block, random binary matrix rank, discrete Fourier transform
gain errors, circuit saturation, temperature, cabling and (spectral), non-overlapping (a-periodic) template matching,
grounding problems [3]. overlapping (periodic) template matching, Maurer’s universal
statistical, approximate entropy, random excursions, random
A. Converting Process of Analog to Digital excursions variant, serial, Lempel-Ziv complexity and linear
Light signals outputed from the optical component as shown complexity.
in Fig. 4 is processed to be serial digital signals (digital bit The minimum pass rate for each statistical test with the
sequence). Measurement and analysis of a single bit of digital exception of the random excursion (variant) test is
sequence was done using Tektronic DPO4000 / Agilent approximately = 0.978228 for a sample size = 643 binary
MS07054A Mixed Signal Oscilloscopes. The digital sequence sequences, and the minimum pass rate for the random
excursion (variant) test is approximately 0.975521 for a sample result as shown in TABLE 1, all values of P-value calculated
size = 425 binary sequences. Table I shows randomness test by using different statistical methods of NIST test are more
results of a single output photonic-based random number than 0.01. These results indicate that output sequence of this
generator using NIST. In this NIST testing, value of 100 is QRNG design is considered truly random with confidence of
used for frequency and block frequency setting, and 5 for serial 99 %.
and entropy parameters, 643 for bit stream number, and
C. Comparison Pseudorandom and QRNG
1000000 for the length of bit stream [9].
The statistical test is utilized to calculate a P-value with The random pattern analysis i.e. scatter and histogram
different methods that summarizes the strength of the evidence analysis are utilized to make a comparison of digital sequence
against the null hypothesis. In this test, each P-value is the data generated by pseudorandom and the designed quantum
probability that a perfect random number generator would have random number generator. The scatter and histogram analysis
are conducted using Origin™ software. As shown in Fig. 6,
produced a sequence less random than the sequence that was
scatter analysis of the pseudorandom data has the same pattern
tested, given the kind of non-randomness assessed by the test.
per period. This pattern becomes a limitation of pseudorandom
If a P-value is determined to be equal to 1, then the sequence dan could be a vulnerable for attackers to crack a message if
appears to have perfect randomness, and P-value of zero pseudorandom data are used as key to encrypt the message. Fig.
indicates that the sequence appears to be completely 7 shows scatter analysis of the designed photonic-based random
nonrandom [8]. number generator which has no patterns. This result could be an
A significance level (α) can be chosen for the tests. If P- evidence that the digital sequence data produced by QRNG are
value ≥ α, then the null hypothesis is accepted; i.e., the truly random.
sequence appears to be random. If P-value < α, then the null
hypothesis is rejected; i.e., the sequence appears to be non-
random. The parameter α denotes the probability of the Type I
error and typically, the range of α is 0.001 to 0.01. An a of
0.01 indicates that one would expect 1 sequence in 100
sequences to be rejected.

TABLE I. NIST STATISTICAL TESTS: P-VALUE & PROPORTION

UART Output
Statistical Tests
P-Value Proportion
Fig. 7. Scatter analysis of pseudorandom.
Frequency 0.706682 0.9844
Block-frequency 0.881521 0.9907
Cumulative-sums 0.957089 0.9891
Runs 0.554739 0.9922
Longest-runs of Ones 0.415927 0.9876
Rank 0.784272 0.9907
FFT 0.026695 0.9969
Non-periodic-templates 0.504527 0.9829
Overlapping-templates 0.444517 0.9907
Universal 0.963672 0.9876
Approximate entropy 0.793156 0.9938 Fig. 8. Scatter analysis of the QRNG design.
Random-excursions 0.169882 0.9870
Random-excursions Variant 0.062613 0.9922 Histogram analysis of the digital sequence data generated
Serial 0.159103 0.9891 by pseudorandom is shown in Fig. 8. As can be seen in the
figure, the histogram bars pattern of pseudorandom data are
Lempel-Ziv Complexity 0.033231 0.9891
platted, and have consistent frequencies. It is clearly different
Linear Complexity 0.101292 0.9891 with histogram bars pattern of the designed QRNG that are not
a.
Statistical test results using NIST test, only P-value and Proportion parameters platted with inconsistency of frequencies as shown in Fig. 9.

A P-value ≥ 0.01 would mean that the sequence would be


considered to be random with a confidence of 99 %, otherwise
if P-value < 0.01 would mean that the conclusion was that the
sequence is non-random with a confidence of 99 %. In this test
confidence of 99 %. Scatter and histogram analysis for pattern
comparison of digital sequence data produced by the QRNG
and pseudorandom were also conducted. Scatter analysis of the
pseudorandom shows the existence of a pattern in the certain
time which is disappeared in the QRNG. Histogram analysis of
the pseudorandom shows a platted pattern with consistent
frequencies, it is clearly different with the designed QRNG that
has no a pattern with inconsistency of frequencies. In the
future works, designing a parallel QRNG will be conducted to
enhance random bit speed significantly. Parallel QRNG must
be developed to fullfil OTP (One-Time Pad) encryption
requirement that requires a high-speed random bit.

ACKNOWLEDGMENT
The authors would like to thank to State Polytechnic of
Fig. 9. Histogram analysis of pseudorandom. Jember especially to Renewable Energy Engineering
Department, Engineering Faculty, for providing facilities to join
the conference.

REFERENCES
[1] M. Drutarovsky and P. Galajda, “A robust chaos-based the random
number generator embedded in reconfigurable switched-capacitor
hardware,” RadioEngineering, Vol. 16, No.3, September 2007.
[2] K. Uchida, T. Tanamoto, and S. Fujita, “Single-electron randomnumber
generator (RNG) for highly secure ubiquitous computing applications,”
ScienceDirect Solid-State Electronics, vol. 50, pp.1552–1557, 2007.
[3] M. Siswanto, G. Witjaksono, M. Soeheila and Z. Hamdan, “Study on the
effects of characteristic polynomial in LFSR for randomness quality,”
Proceeding of the International Conference on Advanced Science,
Engineering and Information Technology (ICASEIT 2011), Malaysia 14-
15 Jan 2011.
[4] M. Siswanto, G. Witjaksono, and Wira Firdaus. Hj. Yaakob, “Quantum
random number generator (QRNG) with multi random source (MRS)
processor,” World International Property Organization (WIPO),
International Publication Number WO 2012/064174 A1, 18 May 2012.
[5] A.A. Thomas and V. Paul, “Random Number Generator Methods a
Fig. 10. Histogram analysis of the designed QRNG. Survey,” International Journal of Advanced Research in Computer
Science and Software Engineering (IJARCSSE), vol. 6, pp.556–559, Jan
2016.
VI. CONCLUSIONS [6] M.H. Collantes and J.C.G. Escartin, “Quantum Random Number
Generators, “ Instituto Nacional de Ciberseguridad, Avenida Jose
In this paper, a design of quantum random number generator Aguado, 41, Edificio INCIBE 24005, Leon, Spain, Oct. 2016.
(QRNG) which is photonic-based random number generator [7] N.M. Thamrin, G. Witjaksono, A. Nuruddin, and M. S. Abdullah, “A
has succesfully implemented. Randomness test was conducted Photonic-based random number for cryptographic application,” IEEE
to the QRNG’s output using NIST statistical test. The statistic Computer Society, pp. 356–361, 2008.
test is used to calculate a P-value that summarizes the strength [8] Linear Feedback Shift Registers, 31 January 2017,
http://www.oocities.org/siliconvalley/screen/2257/vhdl/lfsr/lfsr.html
of the evidence against the null hypothesis. The sequence
[9] A. Rukhin, at. all., “A Statistical Test Suite for Random and
appears to have perfect random if P-value is determined to be Pseudorandom Number Generators for Cryptographic Applications,“
equal to 1, and P-value of zero indicates that the sequence NIST Speed Publication 800-22 (with revisions date, May 15, 2001).
appears to be completely nonrandom. Results of the test show
that all values of P-value are more than 0.01 that indicate
output sequences of the QRNG design are random with