Quam Bene Non Quantum: Bias in a Family of Quantum Random Number Generators

Random number generation is critical to many security protocols, a basic building block on which it rests the robustness of many security solutions. Quantum physics, on the other hand, offers a very attractive approach to True Random Number Generation, based on the inherent randomness of some physical phenomena. Naturally, there are a number of quantum random number generators in the market. In this work, we present the first analysis of a popular commercial family called Quantis, designed and manufactured by ID Quantique. We subject their output to three batteries of statistical tests, for evaluating its performance. Dieharder and NIST STS 2.1.2 are included in many certification schemes, whilst ENT provides a free, simple and powerful means of expanding on the previous tests. The Quantis devices under examination have achieved METAS and other independent certifications and indeed the results over the Dieharder and NIST batteries confirm that the certifications awarded are based on an acceptable performance on both sets of tests. However, ENT finds strong evidence of significant biases in the Quantis devices. These biases are analyzed to identify their traits and attempt to isolate their root cause. We end with a discussion on the need to expand testing strategies to incorporate lesser-known tests that regularly detect problems that the commonly accepted batteries do not.