Quantum Leap and Crash: Searching and Finding Bias in Quantum Random Number Generators

Random numbers are essential for cryptography and scientific simulation. Generating truly random numbers for cryptography can be a slow and expensive process. Quantum physics offers a variety of promising solutions to this challenge, proposing sources of entropy that may be genuinely unpredictable, based on the inherent randomness of certain physical phenomena. These properties have been employed to design Quantum Random Number Generators (QRNGs), some of which are commercially available. In this work, we present the first published analysis of the Quantis family of QRNGs (excluding AIS-31 models), designed and manufactured by ID Quantique (IDQ). Our study also includes Comscire's PQ32MU QRNG, and two online services: the Australian National University's (ANU) QRNG, and the Humboldt Physik generator.

Each QRNG is analysed using 5 batteries of statistical tests: Dieharder, National Institute of Standards and Technology (NIST) SP800-22, Ent, Tuftests and TestU01, as part of our thorough examination of their output. Our analysis highlights issues with current certification schemes, which largely rely on NIST SP800-22 and Diehard tests of randomness. We find that more recent tests of randomness identify issues in the output of QRNG, highlighting the need for mandatory post-processing even for low-security usage of random numbers sourced from QRNGs.