Tighter bound of quantum randomness certification for independent-devices scenario

Quantum random number generation attracts considerable attention, since its randomness inherently originates in quantum mechanics, but not mathematical assumptions. Randomness certification, e.g. entropy estimation, becomes a key issue in the context of quantum random number generation protocol. We study a self-testing protocol based on dimension witness, with the assumption of independent devices. It addresses the random number extraction problem in a practical prepare-and-measure scenario with uncharacterized devices. However, the lower bound of min-entropy as a function of dimension witness is not tight in existing works. We present a tighter bound of analytic form, by introducing the Lagrangian multiplier method to closely analyze the optimization problem on average guessing probability. Through simulation, it turns out that a significantly higher random number generation rate can be achieved in practice.

This paper addresses a semi-device-independent randomness certification problem in the prepare-and-measure scenario. Bowles et al. 34 proposed the so-called dimension witness to bound the quantumness of a prepare-and-measure scenario could behave, with the assumption that the state preparation and measurement devices share no correlations. Based on the aforementioned witness, Lunghi et al. 35 proposed a self-testing QRNG protocol (BQB14 for short) 36 with a bounded dimension constraint, in which devices had no need to be characterized. The BQB14 derived a lower bound of the min-entropy as a function of dimension witness, and was capable of monitoring the randomness in real time. However, this min-entropy bound was not tight due to the relaxation in derivation procedures, with the domain of dimension witness. As a result, the extracted rate of random bits had a certain gap with the optimal one. We introduce the Lagrangian multiplier method to closely analyze the optimization problem on average guessing probability, and thus a tighter bound of analytic form is presented. As a result, lower guessing probability bound and higher min-entropy can be achieved. We compare the certified randomness between this paper and BQB14 by simulation analysis, it turns out that set-up with the proposed tighter bound achieves a significantly higher certified randomness rate in a practical self-testing QRNG.

Results
The prepare-and-measure scenario of QRNG is illustrated in Fig. 1, where a self-testing protocol is performed with uncharacterized devices on both sides. This paper follows the assumptions in BQB14 35 , where imperfection of preparation and measurement devices are modeled by internal random variable λ and μ. Specifically, it is assumed that devices share no correlations, where p(λ, μ) = q λ ⋅ r μ and ∑ λ q λ = ∑ μ r μ = 1. The random inputs of preparations and measurements are denoted by x ∈ {0, 1, 2, 3} and y ∈ {0, 1}, and a binary outcome is b =±1. In each round of the experiment, a qubit state ρ λ x is prepared according to random input x and internal random variable λ, and a similar measurement μ M y is performed then. In the stage of data collection, events {x, y, b} are collected to evaluate the observed probabilities p(b|x, y).
Since the observer has no information on the variables λ and μ, he will observe x y x y The observed states and measurements are denoted by → S x and T y → on the Bloch sphere with Pauli vector σ → = (σ 1 , σ 2 , σ 3 ). According to the purification principle of quantum state, → S x and → T y can be decomposed on the Bloch sphere by Figure 1. Self-testing QRNG protocol consists of three stages. Data collection: prepare-and-measure experiments are performed with uncharacterized devices, and events {x, y, b} are collected to evaluate the observed probabilities p(b|x, y). Entropy monitoring: dimension witness W is evaluated by the table of p(b|x, y), then the min-entropy can be bounded by an analytic function of variable W. Randomness extraction: random numbers are extracted according to the min-entropy in postprocessing.
are on the surface of the sphere. In the stage of entropy monitoring, dimension witness W is evaluated by the table of p(b|x, y) 34 , The witness W indicates that how quantum is the combination of preparations and measurements, while classical events yield W = 0 and quantum events give 0 ≤ |W| ≤ 1 34 . To certify the randomness, we derive an upper bound f ′ (W) of the guessing probability p g as an analytic function of W, where 0 ≤ W ≤ 1. Assuming the choices of preparations and measurements are uniformly distributed, we have the average guessing probability where f ′ (W) is tighter than the previous result f (W) 35 , and the derivation process will be given in next section. Thus, the min-entropy has a tighter lower bound as an analytic function of W In the stage of randomness extraction, random numbers are extracted from the raw data. The lower bound ′ of H min is the parameter to determine how many random bits can be extracted in postprocessing.

Derivation of tighter bound
For given inputs x, y and local randomness λ, μ, the guessing probability is given by To certify the randomness, we need to derive an upper bound of the average guessing probability p g in (7). Instead of relaxation by inequalities in precious work 35 , we closely maximize the guessing probability with the witness constraint, which is considered to be the reason for the advantage of this paper. Assuming uniformly distributed x and y, we have  (1), (4) and (5). It is hard to directly derive an analytic solution of the initial problem in (10). Thus, we first focus on a sub-problem of (10) and derive an upper bound on the average guessing probability over the inputs only, where λμ p g is maximized with the witness constraint W λμ : , As presented in previous work 34 . Note that S x → λ must be on the plane spanned by the measurement vectors T y → μ , so as to maximize the objective function. The angles of → λ S x and → μ T y are denoted by {θ 0 , θ 1 , θ 2 , θ 3 , φ 0 , φ 1 } on this plane. Using the symmetrical nature of the problem, without loss of generality, we Thus, problem in (11) can be reduced as: where υ denotes the Lagrange multiplier. The optimal solution θ θ φ υ ( , , , ) ⁎ should satisfy the gradient equations 39 : , , , 0 2 1 Combining (12) and (14), we get Thus, the average guessing probability p g can be bounded by The inequalities in (17) hold because f ′ is concave and decreasing. Finally, we get To summarize, we first present an analytic solution of the sub-problem in (11), then derive an upper bound of the average guessing probability problem in (10) using the convexity and decrement of the function f ′ (W). As an analytic function of W, the bound f ′ (W) is tighter than f (W) in previous work 35 .

Simulations
In this section, we perform numerical simulations to compare the proposed method and the original one.  in (15) as a solution of the sub-problem in (11). Curve II is derived from Curve III & IV according to the relationship between the initial guessing probability problem in (10) and the sub-problem in (11). As Fig. 2(a) shows, Curve II proposed by this paper is tighter than Curve I in BQB14.  Fig. 2(b), Orange & Blue lines denote the min-entropy using the bound f (W) in BQB14 and f′ (W) in this paper, respectively. Note that the dimension witness W = 0.996 when loss is zero due to detector misalignment, and the certified randomness has a gap between BQB14 and this paper, even when W is close to 1.

Conclusion
We have presented an analytic bound as a function of dimension witness to estimate the certified randomness, in the prepare-and-measure QRNG with independent devices. Compared with previous works, our work enjoys the advantage of a tighter bound of min-entropy. Simulations have demonstrated that self-testing QRNG with the proposed tighter bound achieves a significantly higher random number generation rate. Benefiting from the better performance of this bound, the self-testing QRNG with similar assumption will accomplish a better balance between security and practicality. There are several issues to be addressed in future. First, the effects of finite-size random number and sampling should be considered. Second, how to guarantee the two-dimensional Hilbert space and independent devices assumptions are essential in practice.