Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2508.21498 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866915472214065152 |
|---|---|
| author | Chen, Yi-Fan Wang, Dong Zhao, Yi-Bo Cheng, Liang Zhang, Yi Zhang, Yang |
| author_facet | Chen, Yi-Fan Wang, Dong Zhao, Yi-Bo Cheng, Liang Zhang, Yi Zhang, Yang |
| contents | Current prevailing designs of quantum random number generators (QRNGs) designs typically employ post-processing techniques to distill raw random data, followed by statistical verification with suites like NIST SP 800-22. This paper demonstrates that this widely adopted practice harbors a critical flaw. We show that the powerful extraction process can create a false sense of security by perfectly concealing physical-layer attacks, rendering the subsequent statistical tests blind to a compromised entropy source. We substantiate this claim across two major QRNG architectures. Experimentally, we severely compromise an QRNG based on amplified spontaneous emission (ASE) with a power supply ripple attack. While the resulting raw data catastrophically fails NIST tests, a standard Toeplitz extraction transforms it into a final sequence that passes flawlessly. This outcome highlights a profound danger: since the validation process is insensitive to the quality of the raw data, it implies that even a fully predictable input could be processed to produce a certified, yet completely insecure, random sequence. Our theoretical analysis confirms this vulnerability extends to phase-noise-based QRNGs, suggesting a need for security validation to evolve beyond statistical analysis of the final output and consider the entire generation process. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2508_21498 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Statistical Invisibility of a Physical Attack on QRNGs After Randomness Extraction Chen, Yi-Fan Wang, Dong Zhao, Yi-Bo Cheng, Liang Zhang, Yi Zhang, Yang Quantum Physics Current prevailing designs of quantum random number generators (QRNGs) designs typically employ post-processing techniques to distill raw random data, followed by statistical verification with suites like NIST SP 800-22. This paper demonstrates that this widely adopted practice harbors a critical flaw. We show that the powerful extraction process can create a false sense of security by perfectly concealing physical-layer attacks, rendering the subsequent statistical tests blind to a compromised entropy source. We substantiate this claim across two major QRNG architectures. Experimentally, we severely compromise an QRNG based on amplified spontaneous emission (ASE) with a power supply ripple attack. While the resulting raw data catastrophically fails NIST tests, a standard Toeplitz extraction transforms it into a final sequence that passes flawlessly. This outcome highlights a profound danger: since the validation process is insensitive to the quality of the raw data, it implies that even a fully predictable input could be processed to produce a certified, yet completely insecure, random sequence. Our theoretical analysis confirms this vulnerability extends to phase-noise-based QRNGs, suggesting a need for security validation to evolve beyond statistical analysis of the final output and consider the entire generation process. |
| title | Statistical Invisibility of a Physical Attack on QRNGs After Randomness Extraction |
| topic | Quantum Physics |
| url | https://arxiv.org/abs/2508.21498 |