1 Introduction
The unpredictable output of random number generators (RNGs) is essential for secure communications and is a key cryptographic assumption when proving the security of encrypted communications from an information-theoretical viewpoint. While several statistical tests like the NIST Test Suites [4] and TestU01 [13] are used in practice, passing these tests is a necessary but not sufficient condition to confirm the unpredictability of an RNG. For a digital programmable computer, the outcome of a computation is deterministically computed from the code and the input. While many randomized algorithms have been used to compensate for the deterministic nature of digital programmable computers, these algorithms can only ever yield pseudo-RNGs, which means that although their outputs are hard to distinguish from true RNGs under some computational-hardness assumption, they are theoretically computable from the inputs. Pseudo-RNGs are functions that produce an output number given an input, the latter of which is called the seed
. Pseudo-RNGs are ultimately predictable because of this seed. Given that pseudo-RNGs are predictable, physical RNGs have been proposed and implemented for commercial use. However, physical RNGs are also theoretically predictable when they are based on classical physics, because all particles dynamics are predictable if all input parameters are known. In macroscopically described theories such as thermodynamics or statistical physics, statistical descriptions are used to simplify the treatment of a huge number of particles. Even with unlimited computational capability, any macroscopic description must be consistent with the microscopic dynamics of all particles involved. Therefore, classical physical phenomena are, in principle, predictable. On the other hand, quantum random number generators (QRNGs) may overcome the problem of predictability because the measurement outcomes in quantum mechanics are associated with the quantum state only in terms of probabilities. This is called the Born rule, and serves as one of the mathematical axioms of quantum mechanics. For the practical application of RNGs, rapid and reliable operation is required. QRNGs are often implemented in quantum optics, as seen in recent review papers
[14, 9]. Currently available quantum computing devices consist of a small number of fully controllable integrated qubits. A quantum computer can therefore serve as an unbiased QRNG. The gate operation and measurements in such a computer may be deterministic, but the outcome will be probabilistic. Unbiased output sequences can be obtained from an equal-weight superposition of all qubits in the computer. This kind of computer does not require any input randomness, and can therefore be regarded as a seedless RNG. A QRNG is an application of a quantum computer that requires only one qubit. This computer cannot be implemented with conventional digital computers because conventional digital computers are fundamentally incapable of performing truly random number generation.To acquire long random output sequences, a quantum circuit needs to be repeated many times. Because the measurement changes the quantum state of a qubit, a reset operation is required after every measurement to recover the initial state. This challenge also arises when running quantum algorithms on a quantum computer, as almost all algorithms require the same quantum circuit to be run multiple times [11]. The initial state should be reset to for any runs of algorithms. It is necessary that none of the output sequences is temporally correlated. According to Landauer’s principle, the memory reset operation, in principle, has an energy cost [12]. This principle only holds, however, in case that computation has no energy cost [10]. The preceding outcome can be predicted when the additional energy cost required for the reset operation is associated with the state. When the initial state has each qubit in its ground state, the simplest reset operation is simply waiting for the qubits to return to their initial states. In solid-state qubits such as a superconducting qubit, the relaxation time () is typically used as the timescale for the reset operation. To let the system relax near to the ground state, the waiting time is set to more than times the value of . Also, the relationship between relaxation and the coherence time has been discussed [16]. Fast and efficient protocols for the reset operation have been demonstrated recently [17, 20, 7, 15, 3].
This paper aims to uncover the relationship between the temporal correlation of output random number sequences and the relaxation time of each qubit. Another possible source of temporal correlation in the output sequences is hardware-correlated noise. Regarding hardware system identification, a comprehensive review [8] lists several methodologies. Methods that use quantum random number generation and statistical random-number analysis cannot be used to identify the source of systematic noise.
2 Quantum Random Number Generation in Quantum Computers
The simplest procedure for quantum random number generation in a quantum computer is explained below. First, we prepare the initial state . Second, we apply a Hadamard gate to the initial state, creating the superposed state . Third, we measure this superposed state in the computational basis and . According to the mathematical axiom of quantum mechanics, the measurement outcome should be uniformly random. Otherwise, the probabilistic structure of quantum mechanics would be unnecessary. Because the randomness-generation process relies on the fundamental axiom of quantum mechanics, quantum random number generation is controlled in the same way every time. Therefore, such random number generator is seedless. This procedure is repeated to yield a random-number sequence. When each step of the procedure is independent, the generated output sequence is independent identically distributed (i.i.d.). For a quantum computing device with several qubits, each qubit can generate output sequences in parallel with the same quantum circuit.
Several implementations of QRNGs on programmable quantum computers have been tested [18, 19]. Since none of the generated output sequences are ideal random numbers without applying information processing, programmable quantum computers available today give noisy results. Therefore, the output sequences of the quantum-circuit based QRNGs include information about the quantum-computing device, such as the stability of the operation [19].
3 Autocorrelation Test
An ideal RNG is equivalent to a random variable
that produces independent and uniform bits. TestU01 is a collection of empirical statistical tests for RNGs that indicate whether an RNG is ideal [13]. The autocorrelation test in TestU01 checks whether pairs of bits that arebits apart within a bit sequence are independent of each other. The test statistic for an obtained binary sequence
is defined as(1) |
By setting , the autocorrelation test becomes a test for independence between neighboring bits. Given that the test statistic
follows the binomial distribution where the number of trials is
and the probability of obtaining the output “1” is , is approximately normal when is large [13]. The test statistic is converted toso that it follows the standard normal distribution as
(2) |
Under the assumption of identical random variables with the probability
obtaining the output “1”, the null hypothesis
is set as: is independent, that is, not correlated.
Since approximately follows the standard normal distribution, the one-sample, two-sided z-test is applied to obtain the p-value for the null hypothesis as
(3) |
where the complementary error function is defined as
(4) |
When the p-value is less than , all -separated bits within the sequence are regarded as correlated. Otherwise, the sequence is regarded as independent. is called the level of significance, and it is the minimum p-value of a sample that we accept as likely to have been produced by an ideal RNG. Here, the level of significance is set at , which is the standard setting among statistical tests for RNGs. The failure of this test indicates that the biased sequence has temporal correlation. As one expects an ideal RNG to produce a sample with a p-value under the level of significance with probability , the proportion of p-values equal to or greater than provides a more comprehensive indicator of the behavior of an RNG than a single p-value does.
4 Temporal Correlation Detection in Quantum Computer
As a state-of-the-art experiment, we applied this QRNG procedure to the 20-qubit superconducting qubit device called the IBM Q Poughkeepsie which is connected via the cloud service [19]. The sequences analyzed in this paper were the same as those in Ref. [19]. The data were taken from the device by generating 8192 bits per job and repeating the process. All jobs were sent during the time span from 2019/05/09 11:24:27 (GMT) to 2019/05/12 23:24:58 (GMT). The calibration time can be seen in Ref. [19, Table 6]. 579 jobs were run over the course of five days. The
time of each qubit was measured and provided as device information using an open-source framework for working with noisy quantum computers at the level of pulses, circuits, and algorithms, known as Qiskit
[2]. This analysis tool is illustrated in Fig. 1^{1}^{1}1We cannot directly evaluate the reset time due to system regulation and cannot guess whether the of a qubit affects temporal correlation. According to private communications with IBM Q Network Support team, each single circuit is operated at the usual kHz repetition rate, which means 1/repetition rate = ms for one circuit execution. On IBM Q Poughkeepsie device, a single circuit execution consists of one initialization step, the quantum gates, the measurement and the relaxation time (dead time before reaching 1/repetition rate). Moreover, four calibration circuits are executed between each circuit execution which takes around ms.. In reality, fluctuates, according to a report about a different device [5].Let us apply the autocorrelation test in TestU01 as explained in Sec. 3 to the output sequence generated by each qubit. The value of at Eq. (2)^{2}^{2}2It is noted that for ideal quantum device, the value of at Eq. (2) is the unbiased as aforementioned before, but we allow the value of to be biased considering the noisy quantum devices.
is estimated to be a frequency probability for each job and each qubit
^{3}^{3}3The ideal distribution per a qubit is assumed for the samples within the job. This means that a quantum device to obtain the generated 8192 samples within the same job per a qubit is stably operated and is not changed on the hardware information within the same job. The min-entropy calculated from the value of is seen in Ref. [19, Fig. 2].. Figure 2 displays the number of failures under the % confidence level of the autocorrelation test in the case of along with the average for each qubit and shows no apparent relationship between the failure ratio of the autocorrelation test and . Therefore, the temporal correlation of the output sequences does not come from an imperfection in the reset operation. This result suggests the existence of hardware imperfections or systematic error in the quantum computing device. Also, % of the jobs pass the autocorrelation test for qubits simultaneously. The summary of all p-values of the autocorrelation test for each qubit are listed in Fig. 3.5 Conclusion
A quantum random number generator is an essential component for ultimate secure encryption. Since a QRNG is a seedless RNG, it is crucial that the costs of repeated operations be independent of the outcome. As a one-qubit application of a quantum computer, we connected to a superconducting quantum computer via the cloud to execute the simplest quantum random number generation scheme. Statistical analysis of the results showed that the random number sequences output by the computer were biased and that some sequences had temporal correlation. This temporal correlation, combined with the instability of the quantum computer [19], shows that the quantum random number generation by the quantum computing device is far from the ideal one. Further research on how much quantum algorithms are affected by temporal correlations is needed. These correlations should be eliminated or negligible small for large-scale quantum computation.
Acknowledgements
The authors thank Hermanni Heimonen, Gregor Weihs, Atsushi Iwasaki, and Hidetoshi Okutomi for valuable discussion. Some of the authors (Y.S., K.T.) are also grateful to Patrick Mensac and Francois Varchon of the IBM Q Network support team for sharing information on the qubit initialization in IBM Q systems. This work is partially supported by JSPS KAKENHI (Grant Nos. 17K05082 and 19H05156) and JST, PRESTO (feasibility study of specific research proposal) Grant Number JPMJPR19MB. The results presented in this paper were obtained in part using an IBM Q quantum computing system as part of the IBM Q Network.
References
- [1]
- [2] H. Abraham, I. Y. Akhalwaya, G. Aleksandrowicz, T. Alexander, G. Alexandrowics, E. Arbel, A. Asfaw, C. Azaustre, AzizNgoueya, P. Barkoutsos, G. Barron, L. Bello, Y. Ben-Haim, D. Bevenius, L. S. Bishop, S. Bosch, D. Bucher, CZ, F. Cabrera, P. Calpin, L. Capelluto, J. Carballo, G. Carrascal, A. Chen, C.-F. Chen, R. Chen, J. M. Chow, C. Claus, C. Clauss, A. J. Cross, A. W. Cross, J. Cruz-Benito, C. Culver, A. D. Córcoles-Gonzales, S. Dague, M. Dartiailh, DavideFrr, A. R. Davila, D. Ding, E. Drechsler, Drew, E. Dumitrescu, K. Dumon, I. Duran, P. Eendebak, D. Egger, M. Everitt, P. M. Fernández, A. Frisch, A. Fuhrer, M. GEORGE, I. GOULD, J. Gacon, Gadi, B. G. Gago, J. M. Gambetta, L. Garcia, S. Garion, Gawel-Kus, J. Gomez-Mosquera, S. de la Puente González, D. Greenberg, W. Guan, J. A. Gunnels, I. Haide, I. Hamamura, V. Havlicek, J. Hellmers, Ł. Herok, S. Hillmich, H. Horii, C. Howington, S. Hu, W. Hu, H. Imai, T. Imamichi, R. Iten, T. Itoko, A. Javadi-Abhari, Jessica, K. Johns, N. Kanazawa, A. Karazeev, P. Kassebaum, Knabberjoe, A. Kovyrshin, V. Krishnan, K. Krsulich, G. Kus, R. LaRose, R. Lambert, J. Latone, S. Lawrence, D. Liu, P. Liu, P. B. Z. Mac, Y. Maeng, A. Malyshev, J. Marecek, M. Marques, D. Mathews, A. Matsuo, D. T. McClure, C. McGarry, D. McKay, S. Meesala, A. Mezzacapo, R. Midha, Z. Minev, M. D. Mooring, R. Morales, N. Moran, P. Murali, J. Müggenburg, D. Nadlinger, G. Nannicini, P. Nation, Y. Naveh, Nick-Singstock, P. Niroula, H. Norlen, L. J. O’Riordan, O. Ogunbayo, P. Ollitrault, S. Oud, D. Padilha, H. Paik, S. Perriello, A. Phan, M. Pistoia, A. Pozas-iKerstjens, V. Prutyanov, D. Puzzuoli, J. Pérez, Quintiii, R. Raymond, R. M.-C. Redondo, M. Reuter, D. M. Rodríguez, M. Ryu, T. SAPV, SamFerracin, M. Sandberg, N. Sathaye, B. Schmitt, C. Schnabel, T. L. Scholten, E. Schoute, I. F. Sertage, N. Shammah, Y. Shi, A. Silva, Y. Siraichi, I. Sitdikov, S. Sivarajah, J. A. Smolin, M. Soeken, SooluThomas, D. Steenken, M. Stypulkoski, H. Takahashi, C. Taylor, P. Taylour, S. Thomas, M. Tillet, M. Tod, E. de la Torre, K. Trabing, M. Treinish, TrishaPe, W. Turner, Y. Vaknin, C. R. Valcarce, F. Varchon, D. Vogt-Lee, C. Vuillot, J. Weaver, R. Wieczorek, J. A. Wildstrom, R. Wille, E. Winston, J. J. Woehr, S. Woerner, R. Woo, C. J. Wood, R. Wood, S. Wood, J. Wootton, D. Yeralin, J. Yu, C. Zachow, L. Zdanski, Zoufalc, anedumla, azulehner, bcamorrison, brandhsn, dennis-liu 1, dime10, drholmie, elfrocampeador, faisaldebouni, fanizzamarco, gruu, kanejess, klinvill, kurarrr, lerongil, ma5x, merav aharoni, mrossinek, ordmoj, strickroman, tigerjack, toural, yang.luh & yotamvakninibm (2019): Qiskit: An Open-source Framework for Quantum Computing, doi:10.5281/zenodo.2562110.
- [3] D. Basilewitsch, J. Fischer, D. M. Reich, D. Sugny & C. P. Koch (2020): Fundamental Bounds on Qubit Reset. Available at https://arxiv.org/abs/2001.09107.
- [4] L. Bassham, A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, N. Heckert & J. Dray (2010): A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST SP 800-22 Rev. 1a, National Institute of Standards and Technology, doi:10.6028/NIST.SP.800-22r1a.
- [5] J. J. Burnett, A. Bengtsson, M. Scigliuzzo, D. Niepce, M. Kudra, P. Delsing & J. Bylander (2019): Decoherence benchmarking of superconducting qubits. npj Quantum Information 5, p. 54, doi:10.1038/s41534-019-0168-5.
- [6] A. Dewes, R. Lauro, F. R. Ong, V. Schmitt, P. Milman, P. Bertet, D. Vion & D. Esteve (2012): Quantum speeding-up of computation demonstrated in a superconducting two-qubit processor. Phys. Rev. B 85, p. 140503, doi:10.1103/PhysRevB.85.140503.
- [7] D. J. Egger, M. Werninghaus, M. Ganzhorn, G. Salis, A. Fuhrer, P. Müller & S. Filipp (2018): Pulsed Reset Protocol for Fixed-Frequency Superconducting Qubits. Physical Review Applied 10, p. 044030, doi:10.1103/PhysRevApplied.10.044030.
- [8] J. Eisert, D. Hangleiter, N. Walk, I. Roth, D. Markham, R. Parekh, U. Chabaud & E. Kashefi (2019): Quantum certification and benchmarking. Available at https://arxiv.org/abs/1910.06343.
- [9] M. Herrero-Collantes & J. C. Garcia-Escartin (2017): Quantum random number generators. Reviews of Modern Physics 89, p. 015004, doi:10.1103/RevModPhys.89.015004.
- [10] A. Hosoya, K. Maruyama & Y. Shikano (2011): Maxwell’s demon and data compression. Physical Review E 84, p. 061117, doi:10.1103/PhysRevE.84.061117.
- [11] S. Kak (1999): The Initialization Problem in Quantum Computing. Foundations of Physics 29, p. 267–279, doi:10.1023/A:1018877706849.
- [12] R. Landauer (1961): Irreversibility and heat generation in the computing process. IBM Journal of Research and Development 5, pp. 183–191, doi:10.1147/rd.53.0183.
- [13] P. L’Ecuyer & R. Simard (2007): TestU01: A C Library for Empirical Testing of Random Number Generators. ACM Transactions on Mathematical Software (TOMS) 33(4), p. 22, doi:10.1145/1268776.1268777.
- [14] X. Ma, X. Yuan, Z. Cao, B. Qi & Z. Zhang (2016): Quantum random number generation. npj Quantum Information 2, p. 16021, doi:10.1038/npjqi.2016.21.
- [15] P. Magnard, P. Kurpiers, B. Royer, T. Walter, J.-C. Besse, S. Gasparinetti, M. Pechal, J. Heinsoo, S. Storz, A. Blais & A. Wallraff (2018): Fast and Unconditional All-Microwave Reset of a Superconducting Qubit. Physical Review Letters 121, p. 060502, doi:10.1103/PhysRevLett.121.060502.
- [16] J. R. Petta, A. C. Johnson, J. M. Taylor, E. A. Laird, A. Yacoby, M. D. Lukin, C. M. Marcus, M. P. Hanson & A. C. Gossard (2005): Coherent Manipulation of Coupled Electron Spins in Semiconductor Quantum Dots. Science 309, pp. 2180–2184, doi:10.1126/science.1116955.
- [17] D. Ristè, J. G. van Leeuwen, H.-S. Ku, K. W. Lehnert & L. DiCarlo (2012): Initialization by Measurement of a Superconducting Quantum Bit Circuit. Physical Review Letters 109, p. 050507, doi:10.1103/PhysRevLett.109.050507.
- [18] K. Tamura & Y. Shikano (2019): Quantum Random Number Generation with the Superconducting Quantum Computer IBM 20Q Tokyo. In M. Hirvensalo & A. Yakaryılmaz, editors: Proceedings of Workshop on Quantum Computing and Quantum Information, TUCS Lecture Notes 30, pp. 13–25. Available at http://urn.fi/URN:ISBN:978-952-12-3840-6. Cryptology ePrint Archive, Report 2020/078 https://eprint.iacr.org/2020/078.
- [19] K. Tamura & Y. Shikano (2020): Quantum Random Numbers generated by the Cloud Superconducting Quantum Computer. In T. Takagi, M. Wakayama, K. Tanaka, N. Kunihiro, K. Kimoto & Y. Ikematsu, editors: International Symposium on Mathematics, Quantum Theory, and Cryptography: Proceedings of MQC 2019, Springer Nature. Available at https://arxiv.org/abs/1906.04410. To be published, arXiv:1906.04410.
- [20] J. Tuorila, M. Partanen, T. Ala-Nissila & M. Möttönen (2017): Efficient protocol for qubit initialization with a tunable environment. npj Quantum Information 3, p. 27, doi:10.1038/s41534-017-0027-1.
Comments
There are no comments yet.