Bounding the seed length of Miller and Shi's unbounded randomness expansion protocol

TL;DR

This paper analyzes the seed length needed for Miller and Shi's unbounded randomness expansion protocol, providing explicit upper bounds and showing the seed size grows logarithmically with the inverse of the desired statistical distance.

Contribution

It offers the first explicit bounds on the initial seed size required for Miller and Shi's protocol, improving understanding of its practical implementation.

Findings

Seed size is less than 225,000 bits for .1 distance from uniformity.

Seed size is less than 715,000 bits for .000001 distance from uniformity.

Seed size grows as O(log(1/ε)) with the desired security level.

Abstract

Recent randomness expansion protocols have been proposed which are able to generate an unbounded amount of randomness from a finite amount of truly random initial seed. One such protocol, given by Miller and Shi, uses a pair of non-signaling untrusted quantum mechanical devices. These play XOR games with inputs given by the user in order to generate an output. Here we present an analysis of the required seed size, giving explicit upper bounds for the number of initial random bits needed to jump-start the protocol. The bits output from such a protocol are $\varepsilon$-close to uniform even against quantum adversaries. Our analysis yields that for a statistical distance of $\varepsilon=10^{-1}$ and $\varepsilon=10^{-6}$ from uniformity, the number of required bits is smaller than 225,000 and 715,000, respectively; in general it grows as $O(\log\frac{1}{\varepsilon})$.