Assessing the quality of random number generators through neural networks

In this paper we address the use of Neural Networks (NNs) for the assessment of the quality and hence safety of several Random Number Generators (RNGs), focusing both on the vulnerability of classical Pseudo Random Number Generators (PRNGs), such as Linear Congruential Generators (LCGs) and the RC4 algorithm, and extending our analysis to non-conventional data sources, such as Quantum Random Number Generators (QRNGs) based on Vertical-Cavity Surface-Emitting Laser (VCSEL). Among the results found, we have classified the generators based on the capability of the NN to distinguish between the RNG and a Golden Standard RNG (GSRNG). We show that sequences from simple PRNGs like LCGs and RC4 can be distinguished from the GSRNG. We also show that sequences from LCG on elliptic curves and VCSEL-based QRNG can not be distinguished from the GSRNG even with the biggest long-short term memory or convolutional neural networks (CNNs) that we have considered. We underline the fundamental role of design decisions in enhancing the safety of RNGs. The influence of network architecture design and associated hyper-parameters variations was also explored. We show that longer sequence lengths and CNNs are more effective for discriminating RNGs against the GSRNG. Moreover, in the prediction domain, the proposed model is able to deftly distinguish between the raw data of our QRNG and data from the GSRNG exhibiting a cross-entropy error of 0.52 on the test data-set used. All these findings reveal the potential of NNs to enhance the security of RNGs, while highlighting the robustness of certain QRNGs, in particular the VCSEL-based variants, for high-quality random number generation applications.


Introduction
Random number generators (RNGs) are widely used in many applications including cryptographycally secured communications, industrial testing, Monte Carlo simulations, massive data processing, lotteries, quantitative finance, fundamental physics tests, etc [1][2][3][4].The security analysis of RNGs is a vital issue in classical and quantum cryptographic systems in which secure unpredictable keys are necessary.For instance, an attack against radio-frequency identification of ID cards in Taiwan highlighted the importance of good quality random number generation because a poorly implemented RNG allowed the factoring of 184 RSA keys out of 2 million Taiwanese ID cards [5].
There are two types of RNGs.The first one, called Pseudorandom Number Generators (PRNGs), are based on algorithms that deterministically expand a small number of bits truly randomly generated (called the random seed) to a larger sequence.The second type, called True Random Number Generators (TRNGs), produce the random sequences by measuring some physical phenomenon that is expected to be random.The generated numbers are further processed for compensating for possible biases in the measurement process.
Quantum physics can be exploited to generate true random numbers that are completely unpredictable due to the inherent randomness to quantum mechanics.The TRNGs that use quantum sources to produce random numbers are known as Quantum Random Number Generators (QRNGs).Most existing QRNGs are based on quantum optics because of the availability of high-quality optical components and the possibility of chip-size integration [2].These generators can be divided in (i) generators that use single-photon sources, and (ii) generators that use multi-photon sources, typically semiconductor lasers or LEDs [3].One of the most successful strategies for quantum random number generation using multi-photon sources is that based on gain-switching of semiconductor lasers [6][7][8][9].In this technique the current applied to a semiconductor laser is modulated in a periodic way from below to above its threshold for obtaining gain-switching operation.The pulses emitted by the laser have random phases due to the effect of spontaneous emission noise.Laser phase noise is a source of quantum randomness resulting from spontaneous emission [10,11].These pulses are mixed with their delayed versions using an interferometer and the obtained pulses have random amplitudes.The detection and postprocessing of these amplitudes provide the random numbers [7,8].Advantages of these QRNGs include fast operation (with a flexible speed up to tens of Gbps), robustness and the integration in photonic integrated circuits [12].These QRNGs are widely used in current real-world Quantum Key Distribution (QKD) systems [9].Continuous-variable QKD that encodes the information on the quadratures of the lasing field is a strong alternative to discrete-variable QKD because it can be implemented using the current coherent optical fiber technology and because it does not require single-photon detectors [13][14][15][16][17]. QRNGs based on gain-switching of an special type of semiconductor laser, the vertical-cavity surface-emitting laser (VCSEL), have also been recently demonstrated [18][19][20].QRNGs based on VCSELs have the extra advantages of low fabrication cost and simplicity.The main differences between this QRNG and existing QRNGs are the following.This QRNG is based on a multi-photon source in contrast to the most common single-photon QRNGs, having the advantage of a faster operation.The difference between the VCSEL-based QRNG and multi-photon QRNGs based on gain-switching edge-emitting semiconductor lasers is that it is based on the random excitation of linearly polarised modes of the VCSEL instead of the random nature of the optical phase of the lasing field [7,8].The VCSEL-based QRNG has the advantage of simplicity because it does not require interferometric elements [18][19][20], in contrast to [7,8].In this paper we consider the VCSEL-based QRNG because we have access to the experimental setup described in [18][19][20] and because of the previously mentioned advantages of this QRNG.
The standard approach to experimentally evaluate the fitness of RNGs consists of running statistical tests of the generated numbers to detect bias, correlations or other signs of nonrandomness.Examples of the most popular tests are NIST-STS [21] and DIEHARD [22].Passing these tests is a necessary but not sufficient condition for assuring the correct operation of a RNG.For instance simple PRNGs like the linear congruential generator (LCG) pass NIST tests [23] but are not suitable for cryptographic purposes [24,25].There are also several theoretical measures of pseudorandomness [26].However they are quite difficult to test in practice because of their high computational complexity.
A complementary tool to evaluate the randomness of a given RNG is the use of neural networks (NNs).NN are well known machine learning (ML) tools that have led to important advances in recent years in many fields, such as image and video object segmentation, medical imaging, face recognition, time series prediction, signal identification, image classification, object detection or human action recognition (see for instance [27,28]).Recently, several research studies [23,[29][30][31][32][33][34][35] have suggested the use of NNs for evaluating the quality of RNGs.ML can automate the testing of RNGs to detect biases, anomalies and patterns that might compromise the integrity of the generated random sequences in applications like security, gaming and cryptography where randomness is essential.In this way ML-based models can provide an efficient supplement for evaluating the quality and security of RNGs.
Two main directions have been followed to address this problem.First, NN have been used for predicting the output of a RNG.Simple dense feedforward NN were used to predict the next bits in LCG [29] while they were not able to predict the next bits in the standard Python PRNG [31].More complicated architectures have also been used.For instance, several types of temporal pattern attention-based deep-learning models were used to predict the output data of both, a LCG and a chaotic semiconductor laser [23].The same model was not able to predict the output of a TRNG based on the optical heterodyning of two chaotic semiconductor lasers [23], showing in this way that this TRNG has strong resistance against the predictive model [23].
In the second direction, the NN is not trying to predict the following bit, but to tell the RNG apart from a given golden standard RNG (GSRNG) [30].A GSRNG is a RNG that generates ideal random numbers.Authenticating a RNG as a GSRNG poses another problem that is not analyzed in this paper.However we note that some PRNGs like the Blum-Blum-Shub generator [36] can be considered as GSRNG because it has been demonstrated that its security is reduced to the computational difficulty of factoring [36].Following these ideas a NN was trained to tell a PRNG apart from a GSRNG [30].The method was successfully applied for searching statistical biases in two PRNGs using multilayer Long Short-Term Memory (LSTM) NNs [30].
The method automatically discovered unknown types of statistical biases using LSTMs to detect slight differences between the target PRNG's output and ideal random numbers.
In this paper we follow this approach in order to extend the previous evaluation to TRNGs.The particular case of TRNGs that we consider is the VCSEL-based QRNG [18,19].Similarly to [30], we consider a well-trusted PRNG, HMAC-DRBG on NIST SP 800-90A [37], as our GSRNG.We train LSTM to try to tell our QRNG apart from the GSRNG.A similar analysis is also performed for a variety of RNGs, including LCGs, the binary codification of a large video, and linear Congruential Generator on Elliptic Curves (EC-LCG).We also extend our analysis for considering convolutional neural network (CNN) models.We show that the ability to distinguish between sequences coming from the target RNG and from the GSRNG is significantly better for CNN than for LSTM.Sequences of numbers obtained from our QRNG and the GSRNG are indistinguishable even with the biggest LSTM or CNN that we have considered.
The paper is organized as follows.We start with a very short outline of the RNGs in section 2, and NNs in section 3.In section 4 we briefly review the topics related and present our method upon the work of [30].In section 5 we show the results of our tests.Finally, in section 6 we discuss our results and present our conclusions.

RNGs
In this section we describe the different types of analysed RNGs.First and second subsections are devoted to the TRNG and PRNGs considered in this work, respectively.

VCSEL-based QRNGs
A complete description of the QRNG based on gain-switching VCSELs is presented in [18,19].VCSELs are characterised by the possibility of emission in two orthogonal linearly polarised modes [38].This means that the lasing electrical field can oscillate along two orthogonal directions in the plane perpendicular to the laser beam.In [18,19] the VCSEL is gain-switched, that is the current is periodically modulated in such a way that the linearly polarised mode that is preferably excited in each period is random.Random excitation of the VCSEL polarisations can be considered as a quantum entropy source because it is triggered by the spontaneous emission events that are quantum mechanical in nature [10].
We show in figure 1, with blue and red lines, the temporal waveform of the signals corresponding to both linearly polarised modes (x and y) obtained in the experiment, V x (t) and V y (t).The experimental setup is shown in figure 1 of [19].These signals are proportional to the power of the x− and y−linearly polarised modes, respectively.The VCSEL switch-off in all pulses (22 consecutive pulses are shown) in such a way that there is a random excitation of both linearly polarised modes in each modulation period.
Random bits are obtained by comparing the x and y signals when the sum of both signals is maximum, V x (t max ) and V y (t max ), respectively.If V x (t max ) is larger than V y (t max ) we assign a '0' bit, otherwise we assign a '1' bit, as illustrated in figure 1.These bits constitute the raw output of our QRNG, that as in all TRNGs, shows deviations from the mathematical ideal of statistically independent and uniformly distributed bits [3,39,40].In fact, the raw bit sequence has not passed the NIST test suite [19].This problem is addressed by applying an additional post-processing step to decrease bias in the bit stream (defined as e = p(0) − 1/2, where p(0) is the probability of obtaining a '0' bit) and to increase the bit entropy.We consider the post-processed bit string based on the following result: [41] Let G be a linear corrector mapping n bits to k bits.Then the bias of any non zero linear combination of the output bits is less or equal than 2 d−1 e d , where d is the minimal distance of the linear code constructed by the generator matrix G.
We have used the efficient [n, k, d]-BCH codes defined over the finite field GF( 2) and where n + 1 is a power of 2.
For the raw input bits (x n−1 , . . ., x 0 ), the output (y k−1 , . . ., y 0 ) is obtained as: where Here we have considered BCH code with parameters [1023, 1003, 5] the generator cyclic polynomial is Using this post-processing we have obtained a sequence of 3.9595 ×10 9 post-processed bits that constitute the output of our QRNG [19].

PRNGs
The experiment is also carried out by using two PRNG's: the Linear Gongruential Generator, and the EC-LCG.

LCG
Given positive integers a, b and m such that gcd(a, m) = 1 the LCG is a sequence x n of pseudorandom numbers defined by the relation where x 0 is the seed.Unfortunately the LCG is not suitable for cryptographic purposes, see [24,25].Although the author [42] claims that NIST test suites cannot detect the linearity.
In this computational experiment we took the sequences from the rand function in the glibc library version 2-17 without any tunning such that m = O(2 32 ) bits, and the output of simple Python LCG code with m = O(2 100 ).

EC-LCG
For a prime p, we denote by F p ∼ = Zp the field of p elements and, we assume that it is represented by the set {0, 1, . . ., p − 1}.
Let E be an elliptic curve defined over F p given by an affine Weierstrass equation, which for gcd(p, 6) = 1 takes form Y 2 = X 3 + aX + b, for some a, b ∈ F p with 4a 3 + 27b 2 ̸ = 0.
We recall that the set E(F p ) of F p -rational points forms an abelian group, with the point at infinity O as the neutral element of this group (which does not have affine coordinates).
For a given point G ∈ E(F p ) the EC-LCG is a sequence U n of pseudorandom numbers defined by the relation where ⊕ denote the group operation in E(F p ) and U 0 ∈ E(F p ) is the initial value or seed.We refer to G as the composer of the EC-LCG.
The EC-LCG provides a very attractive alternative to linear and non-linear congruential generators with many applications to cryptography and it has been extensively studied in the literature, see [43][44][45][46].
We have generated a .txtfile of 2 20 bits running the following SAGEMATH code:

NNs
In the current landscape of random sequence analysis, NNs have introduced a paradigm shift, offering new insights and approaches to improve understanding and processing.Random sequence analysis poses a unique set of challenges, where discerning patterns and dependencies can be much more difficult compared to classical structured data.In this section, we briefly summarise most promising architectures for extracting information from random sequences, CNN and LSTM, which have brought new possibilities for predicting and categorising the seemingly random nature of sequences generated via TRNGs and PRNGs.

LSTM networks
A LSTM [47] is a specialised recurrent NN designed to model sequential data [48].Unlike standard recurrent networks, LSTMs have a single memory cell equipped with gating mechanisms.Within this cell, the input sequence, whether derived from external sources or the preceding layer's output, undergoes intricate filtering via distinct gates, which encompass the integration of the previous cell state.This integration with the previous state imparts dynamic and memory-retentive capabilities to this model, see figure 2. This allows them to capture and retain long-range dependencies and temporal context within sequences, making them well suited for a variety of applications involving sequential data including random sequence prediction and classification.Their ability to capture long-range dependencies and context allows them to identify hidden patterns and temporal relationships in seemingly chaotic data.LSTMs are also adept at dealing with sequences of varying length, which matches the unpredictability and variability of random sequences.Their adaptive capabilities allow them to process and predict sequences without prior knowledge of their specific characteristics, making them ideal for the downstream application framework presented in a posterior section.In scenarios where traditional models may struggle to provide accurate predictions or classifications due to the inherent irregularities and complexities of RNGs, LSTMs have proven to be indispensable tools showing their ability to encode temporal dependencies and detect subtle patterns.

Convolutional networks
Convolutional networks, following diverse convolutional schemes (see figure 3), are a sophisticated evolution of traditional multilayer perceptrons, which are able to refine and filter the process of information transformation within NNs.In a standard multilayer perceptron, neurons-essentially processing units-receive the outputs from the preceding layer.These outputs undergo filtration through a nonlinear function, with the adjustable parameters manifesting as the input weights assigned to individual neurons in the layer.
When confronted with input signals representing temporal measurements of a variable, such as a sequence of consecutive random numbers, a convolutional approach proves advantageous.This involves a convoluted processing strategy, wherein a nonlinear convolution of the input array with a smaller weight array is computed.In this scenario, each neuron becomes a filter, engaging in a finite convolution of the input signal through a nonlinear gate, ultimately producing another output sample.While various step sizes for the convolution are theoretically plausible, the width of the convolution kernel typically emerges as the key design parameter.
Expanding our perspective to scenarios where the input comprises multiple sequences, the convolutional layer can be flexibly configured to amalgamate information across these sequences.This can be achieved either through summation or by independently processing each sequence.Such adaptability results in a spectrum of configurations for convolutional NNs, empowering the creation of customised architectures that effectively address specific contextual and structural intricacies inherent in the input data.

Proposed framework implementation
In our efforts to discern patterns and vulnerabilities in random sequences, we have embarked on two methodological avenues: classification and prediction.These approaches are designed to elucidate the effectiveness of NNs in distinguishing between different types of RNGs and predicting their outcomes.
Initially, we apply a classification methodology inspired by previous research described in [30].This method consists of training a NN to differentiate between a PRNG and a truly random sequence, exemplified by the sequences generated by HMAC-DBRG.An HMAC is a specific type of Message Authentication Code (MAC) involving a cryptographic Hash function and a secret cryptographic key.HMAC-DBRG is a very efficient Deterministic Random Bit Generator (DRBG) using HMAC specified in NIST SP 800-90.It has security proofs for a single call to generate pseudorandom numbers and it is backtracking-resistant.On the other hand, it has a machine-verified security proof, that is, the output produced by HMAC-DBRG is indistinguishable from random by a computationally bounded adversary.These are the main reasons why we have chosen it as our GSRNG, similarly to [30].
The evaluation criteria include assessing the network's ability to distinguish between these categories of sequences.Our implementation, based on the architecture described in [30], features a single hidden layer of LSTM composed of 80 cells.We maintain a consistent configuration with 2 15 sequences consisting of 256 elements, each of which represents one byte of the random sequence.The training spans 100 iterations, with a learning rate of 0.01 and a minibatch size of 250.An essential evaluation criterion, proposed by the authors of [22], consists in scrutinising the deviation of 0.5 in the average output (AO) for each type of sequence (GSRNG and the tested PRNG).Furthermore, in line with our main goal of discerning between RNGs, especially in cases of varying quality, we have focused our attention on convolutional networks.Taking advantage of their inherent interpretability and ability to detect sequential patterns and features, we use bits extracted from 256-byte sequences as inputs to our NN.Rigorous training is performed to effectively distinguish between HMAC-DBRG sequences and other sequences, putting an special effort in trying to distinguish between true random and raw laser sequences (Raw QRNG).Our methodology is developed sequentially.Initially, we perform pruning and reduction processes on the network, in order to preserve a significant part of its discriminative capacity.Subsequently, we analyse the weights to identify the inputs that influence the response of the network.
Although derivatives have been examined, their inherent value in identifying relevant connections is limited.Despite the fact that the mean values are often tiny (averaging less than 0.005 over the initial thousand sampling points), their standard deviation exceeds the mean, with a maximum of 0.04, suggesting possible significance.Our overall goal remains to discover the weight connections that run through the network from the inputs to the outputs.To validate the importance of these connections, we further debug the network and evaluate its efficiency in distinguishing between RNGs.
Furthermore, we have ventured into predictive modeling to anticipate the RNG's future outcomes based on its past performance.Inspired by the effective recognition of raw laser sequences using classification networks, we have dedicated our attention to predictive modelling within this specific domain.Recognising the raw QRNG's identification by classification networks, we narrowed our focus to it.Faced with unsuccessful attempts at analysing individual bits, we shifted our approach to average byte values.Our central prediction task involved determining whether the average bit value in the next 127 bytes, given the preceding 256 bytes, would surpass or fall below 0.5.This revised goal was more feasible in our specific context, employing a type 4 convolutional network (as illustrated in figure 4).
Table 1.Comparison between some of our results and those reported in [30].Top table: three results trying to mimic some of those reported in [30].We show variability by providing the output of two different runs with the same training size for LCG.Bottom table: results taken from [30]

Classification
Our first step was to reproduce the results in [30].Next we have proceeded to apply the same framework to more PRNG's, including those coming from laser output.Finally, we have tested the influence of some hyper-parameter variations.Different runs may yield different results.The ones shown are representative samples.In some cases where we found strong deviations, we show more than one result.

Reproducing [30]
In [30], the proposed framework was applied successfully to detect weaknesses in LCG and the second byte of RC4, with different training sizes.
Concerning the second byte in RC4, the pseudo-random sequence comes from applying a key sequence to the RC4 algorithm.In [30] the key source is not specified.We have used a random sequence of 64 bytes values coming from HMAC-DBRG.
Concerning LCG, we took sequences from the rand function in the glibc library version 2.17, without any tuning.
We have not tested all training sizes appearing in [30], but only some.As can be seen in table 1 our implementation yields comparable results.In perfect classification, the AO should be 1 for the tested PRNG and 0 for the GSRNG.

Testing other PRNG's
We then have proceeded to apply the proposed framework to several other PRNG's, including a elliptic curve generator, and the proposed QRNG, raw and postprocessed.We even considered a large enough video file as a source of random (meaning unpredictable) sequences; for this purpose we arbitrarily chose episode 7 of the continuing education course [49] We show the results in table 2, including confusion matrices.We can see that the VCSEL QRNG passes the test.Not so for the raw QRNG.The elliptic curve generator is also successful.We can also see that adding a periodic parameter reset to the LCG is enough to make it pass the test.The video file did not pass the test, but its performance was not that bad; it may rank as good as a naive LCG.

Network design and parameters influence
Table 3 shows the effects of several design decision changes, namely: number of processors, network type, layers, sequence length, bytes per element.
LCG refers to the naive rand LCG implementation.CNNs are designed as depicted in figure 4.
The design decisions that turned effective were: increasing sequence length and using convolutional networks.This is shown for instance in the comparison of the baseline results for the LCG with the results obtained with CNN-1 for the same generator.Results in table 3 shows that increasing the training set size from 2 15 to 2 18 and changing LSTM by CNN improves the capability of the NN to discriminate between those generators and the GSRNG since perfect discrimination is achieved when AO.PRNG and AO.GSRNG are 1 and 0, respectively.VCSEL QRNG was indistinguishable even with the biggest networks that we have tried, as shown in the last three rows of table 3, since a value of 0.5 for AO.PRNG and AO.GSRNG means that the NN is unable to discriminate between VCSEL QRNG and GSRNG.It remains an open question whether a massively larger network would be able to perform that discrimination.We also tested how far we could go in simplifying the convolutional networks capable of detecting the raw laser sequence.
In this process, we directed our attention towards discerning chains of substantial weights spanning from input to output nodes within the network.Our aim was to evaluate the significance of these chains in determining network functionality.To validate our hypothesis, we pruned redundant components of the network, subsequently evaluating its efficacy in distinguishing between different RNGs.The comparison between the original network (see figure 4(a)) and the pruned version is depicted in figure 4(c).The confusion matrices for the original and pruned networks, generated from a test set comprising 2 15 instances, are presented table 4. In the final pruned network, an analysis was conducted to identify the primary patterns (see table 5) influencing network response.Notably, with the initial kernel's width set at 5 for input connections, specific patterns emerged as key triggers for network discharge, indicating the raw laser's role.  1 _ 0 _ _ 1 _ 0 _ _ Among these patterns (see table 5), those with lesser influence due to lower weights were identified and denoted as '_' .Pattern 5 was recognised as encompassing pattern 3, leading to a focus on the more specific elements, see table 5. Further examination aimed to distinguish unique features within these patterns across the sample data.Figure 5 illustrates distinct relative frequencies for the pattern 01011 among various In the histogram, the abscissa is the number of the 01011 pattern occurrences and the ordinate is the number of sequences of length 2 11 bits in which there have been that number of occurrences.The distribution in HMAC-DRBG conforms to a normal distribution, while the raw laser sequence exhibits a biased distribution.While other patterns with diverse distributions were present but not selected by the network, this analysis underscores the identification of influential patterns that contributed to network performance enhancements.
A comparison between results obtained with the deep learning method and those obtained with the usual strategy based on statistical test can now be done.A first comparison between some of the NIST's test, for instance the Overlapping Template Matching test (that analyzes the distribution of m-bits blocks), with the results obtained with our NNs can be performed by using the results shown in table 5, figures 5 and 6.These results show that the NN is able to detect that the distribution of 5-bits blocks obtained from the raw VCSEL sequences is significantly different from that obtained with the GSRNG.This result is in agreement with that obtained in [19] in which it was shown that the raw VCSEL sequences do not pass the corresponding statistical test since only 88.2 % of the sequences passed the Overlapping Template Matching test.We are planning to extend these comparisons to more NIST test.This will be the subject of future work.We now explore the effect of considering larger network sizes and of the simplification of the network structure on the results.For this analysis we focus on two of the previously considered RNGs: the Raw QRNG and the VCSEL QRNG.These results are included in table 6.The error function for the first row is the binary cross entropy while for the remaining rows a mean squared error function has been chosen.Comparison between the first three rows of table 6 show that the NN similarly discriminates between the Raw QRNG and GSRNG (similar values of AO.PRNG and AO.GSRNG are for the considered simplifications of the network structures.Also the results contained in the last two rows of table 6 together with the last three rows of table 3 show that considering larger network sizes is not enough for the NN to discriminate between VCSEL QRNG and GSRNG.

Prediction
Since the raw QRNG was recognized by the classification networks, we focused on it.Since working with individual bits did not succeed, we to byte average values.Our final prediction problem was, given the average value of bits in previous 256 bytes, predict whether the average bit value in the following 127 bytes would be larger or smaller than 0,5 This weaker result, was easier to achieve with the prediction network.We used a convolutional network type 4 (see figure 4(d)) that was able to give a cross-entropy error of 0.52 on a 2 15 test set.Other error measurements are listed here (referred to the 1 label): specificity = 0.56, precision = 0.7, sensitivity = 0.89 and predictive value = 0.61.

Discussion and conclusions
The study delves into the quality assessment of RNGs using NNs, focusing on TRNGs and PRNGs.It explores the application of CNNs and LSTM networks to analyse random sequences, demonstrating their effectiveness in capturing patterns and dependencies in RNG outputs.We evaluate various PRNGs, including the EC-LCG, highlighting its potential for cryptographic applications, and a QRNGs based on gain-switching VCSELs.NNs, particularly LSTM and CNN architectures, play a pivotal role in discerning patterns within random sequences and predicting RNG outcomes effectively.In the realm of random sequence analysis, NNs offer new insights and approaches to understanding and processing complex data.LSTMs excel in modelling sequential data by capturing long-range dependencies and temporal context, making them ideal for predicting and categorising random sequences.On the other hand, convolutional networks refine information transformation within NNs, enabling effective pattern detection in random sequences.The study's proposed framework implements classification and prediction methodologies to distinguish between different RNG types and predict their outcomes.By training NNs to differentiate between PRNGs and truly random sequences, the research showcases the effectiveness of LSTM and CNN in processing random data.
In this work we have classified the RNGs based on the capabilities of NNs to distinguish between a given RNG and a GSRNG.We have chosen the HMAC-DBRG as GSRNG because its output is indistinguishable from a random sequence by a computationally bounded adversary.We propose an experimental framework in which the steps are: (i) assemble enough bits generated with the tested RNG (around 2 18 or 2 19 ), (ii) prepare a data sampler that would include bits sequences from the tested RNG and from the GSRNG, which would be already available, (iii) train a NN to discriminate between these two sources, and iv) check the precision achieved by the network.Using this framework we have shown that LSTMs or CNNs clearly distinguish between sequences coming from simple PRNGs, like LCG or RC4, and from the GSRNG.These NNs can also distinguish between raw sequences coming from experiments in gain-switched VCSELs and from the GSRNG.However, we have also shown that some other RNGs like LCG on elliptic curves and the post-processed sequences coming from experiments in gain-switched VCSELs can not be distinguished from the GSRNG even with the biggest LSTMs or CNNs that we have considered.These results highlight the robustness of these RNGs for high-quality random number generation applications.They also remark the importance of adequate post-processing of the raw sequences obtained from experiments in order to obtain high-quality RNGs.We have also shown that design decisions like taking longer training set sizes and considering CNNs are more effective for discriminating RNGs against the GSRNG.These findings reveal the potential of NNs to enhance the security of RNGs when used as a complementary tool to the usual statistical test batteries for evaluating the randomness of a generator.Finally, we believe that the neural-network approach for QRNG can also be used in continuous-variable QKD.This will be the subject of future work.

Figure 1 .
Figure 1.Experimental time traces of the signals corresponding to the x-polarisation (blue line), y-polarization (red line), and total power (black line).The signals at the sampling time are also plotted with symbols.

Figure 2 .
Figure 2. LSTM cell: the lower row shows standard processors, whereas the upper rows are parameter-free calculations.Note the feedback connection from third to second layer.

Figure 3 .
Figure 3. Convolutional processor configurations depicted in various schemes.The upper row illustrates successive values of the processor, highlighted in green.The lower row displays successive input values (single variable for simplicity), highlighted in yellow.

Figure 4 .
Figure 4. Convolutional models description: Conv stands for convolutional layer and the four parameters are: number of processors/channels, kernel width, stride and dilation.Max stands for reduction layers using maximum, with the given kernel width.Norm stands for normalization layer.FF stands for group of standard feedforward layers, with given number of processors per layer.Leaky rectified linear units are used everywhere but in the output layer, where we have sigmoid activation.

Figure 5 .
Figure 5. Comparative Analysis of the Frequency Distribution of the 01011 pattern in HMAC-DRBG and Raw Laser Sequences.In the histogram, the abscissa is the number of the 01011 pattern occurrences and the ordinate is the number of sequences of length 2 11 bits in which there have been that number of occurrences.The distribution in HMAC-DRBG conforms to a normal distribution, while the raw laser sequence exhibits a biased distribution.

Figure 6 .
Figure 6.Comparative Analysis of the Frequency Distribution of the 10000 pattern for HMAC-DRBG and Raw QRNG.In both histograms, the abscissa is the number of 10000 pattern occurrences and the ordinate is number of sequences of length 2 12 bits in which there have been that number of occurrences.The evident bias in the raw laser distribution is prominently displayed.
, compatible with ours in top table.

Table 2 .
Results applying the proposed framework to other PRNGs.

Table 3 .
Performance evaluation of the NN model with sequential application of hyperparameter or architecture settings.

Table 4 .
Comparison between original confusion matrix (top) and pruned network confusion matrix (bottom).

Table 5 .
Primary patterns influencing network response in the final pruned network.

Table 6 .
Performance evaluation of the neural network model with different network sizes and simplifications of the network structure.