We've a last paper out today, before the times of comfort, joy, and gluttony set in... https://arxiv.org/abs/1612.06566 . In it, we describe a new way to extract randomness from quantum physics, and demonstrate it experimentally too.

As I've written about before (e.g. https://plus.google.com/+JonatanBohrBrask/posts/6eVRfrT4aqs), random numbers are important for cryptography (e.g. keeping your credit card details safe), computer simulations (of anything from your local weather report to astrophysics), and gambling. But good random numbers are not that easy to create. Good means that no one else should be able to predict them in advance.

Something may seem random to you but perfectly non-random to someone else. Say I'm a magician and I practised coin flipping a lot. When I flip a coin, by giving it just the right spin I can make it land on heads or tails as I wish. To you the flip looks random, but to me the outcome is completely predictable. What we want is a guarantee that the numbers we generate are random to anyone - we want to sure that no magician could be playing tricks on us.

Ideally, we would like to have to assume as little as possible about what these 'anyone' can know about the devices used to make the numbers. The less we need to assume, the less risk that any of our assumptions turn out to be wrong, and so the stronger our guarantee on the randomness.

In a classical world, knowing everything there is to know about a system at some point in time in principle allows predicting everything that will happen at all later times. The classical world is deterministic, and there is no randomness, unless we make assumptions about how much an observer knows. It is one of big surprises in quantum physics that there is fundamental randomness in nature. In quantum mechanics it is impossible to predict the outcome of certain measurements even when you know all that can possibly be know about the devices used.

In fact, quantum physics allows us to guarantee randomness under a range of different strength of assumptions about the devices used. On one end of the scale, the measurements made by the devices are assumed to be known, and they are chosen such that their outcomes are unpredictable. In this case, the devices need to be well characterised, but they are relatively easy to implement and random numbers can be generated at very high rates (millions of bits per second). Commercial quantum randomness generators operate in this regime. On the other end of the scale, essentially nothing is assumed to be known about what the devices are doing. Randomness can be guaranteed just be looking at the statistics of the data the devices generate. This regime is known as 'device-independent', and offers an extremely secure form of randomness. However, it requires that the data violates a so-called Bell inequality. This is technologically very challenging to do without filtering the data in some way that might compromise the randomness. For this region, the rates that have been achieved so far for device-independent generation of random numbers are relatively low (some bits per minute).

In between the two extremes, there is room to explore - to look for a good set of assumptions which gives a strong guarantee on the randomness but still allows for reasonable rates to be realised in practice. With my colleagues in Geneva, we are doing this exploration, and implementing our ideas in the lab to check how practical they are.

In the new paper we look at a prepare-and-measure setup with two devices. One prepares quantum states, the other measures them. We make almost no assumptions about the measurement device, while something is known about the preparation device. It doesn't need to be fully characterised, but it is known that the quantum states it prepares are not too different from each other (which, in quantum physics, means that they cannot be perfectly distinguished by any measurement). With these assumptions, the guys in the lab was able to generate random numbers with very high rates - millions of bits per second, comparable to commercial devices :).

So, we've found a nice trade-off between trust in the devices, and random bit rate. There is still plenty of room to explore though. I've made a little plot in the 'space' of trust vs. bitrate. On the lower left, with low trust but also low rates, the yellow stars show the results from device-independent experiments. The yellow star in the top right shows a commercial quantum random number generator. It achieves a high rate, but requires more trust in the device. Our new paper is the top green star - it requires an intermediate level of trust and achieves a high rate. The other green star is an experiment we did a little while back, using another set of assumptions and achieving a somewhat lower rate. Different assumptions may be appropriate in different situations, and so there is still lots of unknown territory in this plot.

The big question is, how close can we get to the sweet spot of low trust and high rate on the top left?

As I've written about before (e.g. https://plus.google.com/+JonatanBohrBrask/posts/6eVRfrT4aqs), random numbers are important for cryptography (e.g. keeping your credit card details safe), computer simulations (of anything from your local weather report to astrophysics), and gambling. But good random numbers are not that easy to create. Good means that no one else should be able to predict them in advance.

Something may seem random to you but perfectly non-random to someone else. Say I'm a magician and I practised coin flipping a lot. When I flip a coin, by giving it just the right spin I can make it land on heads or tails as I wish. To you the flip looks random, but to me the outcome is completely predictable. What we want is a guarantee that the numbers we generate are random to anyone - we want to sure that no magician could be playing tricks on us.

Ideally, we would like to have to assume as little as possible about what these 'anyone' can know about the devices used to make the numbers. The less we need to assume, the less risk that any of our assumptions turn out to be wrong, and so the stronger our guarantee on the randomness.

In a classical world, knowing everything there is to know about a system at some point in time in principle allows predicting everything that will happen at all later times. The classical world is deterministic, and there is no randomness, unless we make assumptions about how much an observer knows. It is one of big surprises in quantum physics that there is fundamental randomness in nature. In quantum mechanics it is impossible to predict the outcome of certain measurements even when you know all that can possibly be know about the devices used.

In fact, quantum physics allows us to guarantee randomness under a range of different strength of assumptions about the devices used. On one end of the scale, the measurements made by the devices are assumed to be known, and they are chosen such that their outcomes are unpredictable. In this case, the devices need to be well characterised, but they are relatively easy to implement and random numbers can be generated at very high rates (millions of bits per second). Commercial quantum randomness generators operate in this regime. On the other end of the scale, essentially nothing is assumed to be known about what the devices are doing. Randomness can be guaranteed just be looking at the statistics of the data the devices generate. This regime is known as 'device-independent', and offers an extremely secure form of randomness. However, it requires that the data violates a so-called Bell inequality. This is technologically very challenging to do without filtering the data in some way that might compromise the randomness. For this region, the rates that have been achieved so far for device-independent generation of random numbers are relatively low (some bits per minute).

In between the two extremes, there is room to explore - to look for a good set of assumptions which gives a strong guarantee on the randomness but still allows for reasonable rates to be realised in practice. With my colleagues in Geneva, we are doing this exploration, and implementing our ideas in the lab to check how practical they are.

In the new paper we look at a prepare-and-measure setup with two devices. One prepares quantum states, the other measures them. We make almost no assumptions about the measurement device, while something is known about the preparation device. It doesn't need to be fully characterised, but it is known that the quantum states it prepares are not too different from each other (which, in quantum physics, means that they cannot be perfectly distinguished by any measurement). With these assumptions, the guys in the lab was able to generate random numbers with very high rates - millions of bits per second, comparable to commercial devices :).

So, we've found a nice trade-off between trust in the devices, and random bit rate. There is still plenty of room to explore though. I've made a little plot in the 'space' of trust vs. bitrate. On the lower left, with low trust but also low rates, the yellow stars show the results from device-independent experiments. The yellow star in the top right shows a commercial quantum random number generator. It achieves a high rate, but requires more trust in the device. Our new paper is the top green star - it requires an intermediate level of trust and achieves a high rate. The other green star is an experiment we did a little while back, using another set of assumptions and achieving a somewhat lower rate. Different assumptions may be appropriate in different situations, and so there is still lots of unknown territory in this plot.

The big question is, how close can we get to the sweet spot of low trust and high rate on the top left?