Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2508.21498 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- Current prevailing designs of quantum random number generators (QRNGs) designs typically employ post-processing techniques to distill raw random data, followed by statistical verification with suites like NIST SP 800-22. This paper demonstrates that this widely adopted practice harbors a critical flaw. We show that the powerful extraction process can create a false sense of security by perfectly concealing physical-layer attacks, rendering the subsequent statistical tests blind to a compromised entropy source. We substantiate this claim across two major QRNG architectures. Experimentally, we severely compromise an QRNG based on amplified spontaneous emission (ASE) with a power supply ripple attack. While the resulting raw data catastrophically fails NIST tests, a standard Toeplitz extraction transforms it into a final sequence that passes flawlessly. This outcome highlights a profound danger: since the validation process is insensitive to the quality of the raw data, it implies that even a fully predictable input could be processed to produce a certified, yet completely insecure, random sequence. Our theoretical analysis confirms this vulnerability extends to phase-noise-based QRNGs, suggesting a need for security validation to evolve beyond statistical analysis of the final output and consider the entire generation process.