The unpredictability of random numbers is fundamental to both digital security and applications that fairly distribute resources. However, existing random number generators have limitations-the generation processes cannot be fully traced, audited, and certified to be unpredictable. The algorithmic steps used in pseudorandom number generators are auditable, but they cannot guarantee that their outputs were a priori unpredictable given knowledge of the initial seed. Device-independent quantum random number generators can ensure that the source of randomness was unknown beforehand, but the steps used to extract the randomness are vulnerable to tampering. Here, for the first time, we demonstrate a fully traceable random number generation protocol based on device-independent techniques. Our protocol extracts randomness from unpredictable non-local quantum correlations, and uses distributed intertwined hash chains to cryptographically trace and verify the extraction process. This protocol is at the heart of a public traceable and certifiable quantum randomness beacon that we have launched. Over the first 40 days of operation, we completed the protocol 7434 out of 7454 attempts -- a success rate of 99.7%. Each time the protocol succeeded, the beacon emitted a pulse of 512 bits of traceable randomness. The bits are certified to be uniform with error times actual success probability bounded by $2^{-64}$. The generation of certifiable and traceable randomness represents one of the first public services that operates with an entanglement-derived advantage over comparable classical approaches.
翻译:随机数的不可预测性是数字安全与公平资源分配应用的基础。然而,现有随机数生成器存在局限——其生成过程无法被完全追溯、审计并认证为不可预测。伪随机数生成器所使用的算法步骤是可审计的,但无法保证在已知初始种子的前提下,其输出在事前是不可预测的。设备无关量子随机数生成器能够确保随机性来源事先未知,但用于提取随机性的步骤易受篡改。本文首次展示了一种基于设备无关技术的完全可追溯随机数生成协议。该协议从不可预测的非局域量子关联中提取随机性,并利用分布式交织哈希链对提取过程进行密码学追溯与验证。该协议构成了我们已发布的公共可追溯可认证量子随机信标的核心。在运行的前40天内,我们在7454次尝试中成功完成了7434次协议——成功率达99.7%。每次协议成功时,信标会发射一个包含512位可追溯随机数的脉冲。这些比特被认证为均匀分布,其误差乘以实际成功概率的界限为$2^{-64}$。可认证且可追溯的随机数生成,代表了首批利用纠缠衍生优势、相较于同类经典方法更具优势的公共服务之一。