arxiv: 2603.26907 · v2 · submitted 2026-03-27 · 🪐 quant-ph · cs.CR

Recognition: no theorem link

Information-Theoretic Solutions for Seedless QRNG Bootstrapping and Hybrid PQC-QKD Key Combination

Juan Antonio Vieira Giestinhas , Timothy Spiller

Authors on Pith no claims yet

Pith reviewed 2026-05-14 22:34 UTC · model grok-4.3

classification 🪐 quant-ph cs.CR

keywords quantum random number generatorspost-quantum cryptographyquantum key distributionuniversal hash functionsleftover hash lemmainformation-theoretic securityseedless bootstrappinghybrid key combination

0 comments

The pith

Universal hash functions as extractors bootstrap seedless QRNGs and securely combine PQC and QKD keys.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper shows how universal hash functions, acting as strong seeded extractors under the Quantum Leftover Hash Lemma, solve the circular seed problem in quantum random number generators by processing raw outputs from two independent entropy sources. The same extractors provide an alternative to XOR for fusing post-quantum cryptography keys with quantum key distribution keys, ensuring that compromise of the combined output or one input still leaves measurable min-entropy in the other. This approach also binds protocol transcripts to the output keys in a way that extends information-theoretic security guarantees. Modeling PQC keys as sources of HILL entropy allows the framework to cover hybrid systems that remain secure against quantum adversaries.

Core claim

Universal hash functions serve as strong seeded extractors justified by the Quantum Leftover Hash Lemma, enabling bootstrapping of seedless QRNGs from two independent raw entropy sources and supplying an information-theoretically secure combiner for PQC and QKD keys that retains min-entropy under partial compromise, with the framework extended to hybrids by treating PQC keys as HILL-entropy sources.

What carries the argument

Universal hash functions acting as strong seeded extractors, with security provided by the Quantum Leftover Hash Lemma.

Load-bearing premise

The two QRNG entropy sources are independent and PQC keys possess sufficient HILL entropy for the Quantum Leftover Hash Lemma to apply in hybrid settings.

What would settle it

Demonstration that the two seedless QRNG sources produce correlated outputs, or that a PQC key lacks the modeled HILL entropy, would falsify the security claims for bootstrapping and hybrid combination.

Figures

Figures reproduced from arXiv: 2603.26907 by Juan Antonio Vieira Giestinhas, Timothy Spiller.

**Figure 2.** Figure 2: (Top) Overview of the two-secure source randomnes [PITH_FULL_IMAGE:figures/full_fig_p018_2.png] view at source ↗

**Figure 3.** Figure 3: Outline of modified Muckle#-like protocol. [PITH_FULL_IMAGE:figures/full_fig_p029_3.png] view at source ↗

read the original abstract

This paper considers two challenges faced by practical quantum networks: the bootstrapping of seedless Quantum Random Number Generators (QRNGs) and the resilient combination of Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD) keys. These issues are addressed using universal hash functions as strong seeded extractors, with security foundations provided by the Quantum Leftover Hash Lemma (QLHL). First, the 'randomness loop' in QRNGs -- the requirement of an initial random seed to generate further randomness -- is resolved by proposing a bootstrapping method using raw data from two independent sources of entropy, given by seedless QRNG sources. Second, it is argued that strong seeded extractors are an alternative to XOR-based key combining that presents different characteristics. Unlike XORing, our method ensures that if the combined output and one initial key are compromised, the remaining key material retains quantifiable min-entropy and remains secure in exchange of longer keys. Furthermore, the proposed method allows to bind transcript information with key material in a natural way, providing a tool to replace computationally based combiners to extend ITS security of the initial key material to the final combined output. By modeling PQC keys as having HILL (Hastad, Impagliazzo, Levin and Luby) entropy, the framework is extended to hybrid PQC-QKD systems. This unified approach provides a mathematically rigorous and future-proof mechanism for both randomness generation and secure key management against quantum adversaries.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper applies the Quantum Leftover Hash Lemma to seedless QRNG bootstrapping with two sources and to hybrid PQC-QKD key combination via extractors, but the novelty is mostly in the framing rather than new theory.

read the letter

The main takeaway is that this work takes the Quantum Leftover Hash Lemma and universal hash extractors and puts them to work on two concrete deployment issues: breaking the seed requirement for QRNGs and combining PQC and QKD keys without losing quantifiable entropy. The bootstrapping proposal uses raw outputs from two independent seedless sources fed into an extractor, which directly addresses the randomness loop without extra hardware. For the hybrid case, the extractor approach is positioned as better than XOR because it preserves min-entropy in the remaining material if one key is compromised and allows natural binding of transcript data. Modeling PQC keys through HILL entropy to bring them under the same lemma is a straightforward extension that keeps the security argument information-theoretic against quantum adversaries. The paper does a solid job laying out why these problems matter for practical quantum networks and showing how existing tools can handle them in a unified way. The assumptions are stated plainly: the two QRNG sources must be independent, and the PQC keys need enough HILL entropy for the bounds to carry over. If those hold, the claims follow from the lemma without circularity. The soft spots are the usual ones for this style of work. Independence of real entropy sources is never automatic and would need careful justification or testing in any implementation. The HILL modeling for PQC outputs also requires parameter choices that could be sensitive. The abstract gives no explicit derivations or numerical bounds, so the full manuscript needs to deliver those to make the security levels usable. This is aimed at engineers and researchers building hybrid quantum-safe systems who want an information-theoretic alternative to ad-hoc combiners. It is not a breakthrough in extractor theory, but the application is timely. I would send it for peer review so the details on the hybrid extension and concrete bounds get checked.

Referee Report

0 major / 4 minor

Summary. The paper proposes using universal hash functions as strong seeded extractors grounded in the Quantum Leftover Hash Lemma (QLHL) to bootstrap seedless QRNGs from two independent raw entropy sources, thereby closing the randomness loop, and to combine PQC and QKD keys such that compromise of the output and one input still leaves quantifiable min-entropy in the other; the framework is extended to hybrid PQC-QKD systems by modeling PQC keys as possessing HILL entropy.

Significance. If the derivations and assumptions hold, the work supplies a mathematically rigorous, information-theoretically secure alternative to heuristic or XOR-based methods for both QRNG bootstrapping and hybrid key combination, with explicit min-entropy retention and transcript-binding properties that remain valid against quantum adversaries. The reliance on the established QLHL and standard universal-hash construction is a clear strength, as is the explicit modeling choice that allows the same extractor to cover both pure-QKD and hybrid cases.

minor comments (4)

Abstract: the phrase 'quantifiable min-entropy' is used without stating the concrete bound or the precise QLHL parameters; the main text should display the explicit expression (e.g., the leftover-entropy formula) at the first occurrence of the claim.
The independence assumption between the two seedless QRNG sources is stated but not accompanied by a short quantitative justification or reference to a standard model; a one-paragraph discussion of how the joint min-entropy is bounded would strengthen the bootstrapping section.
Notation for HILL entropy is introduced without a brief reminder of its definition relative to min-entropy; adding a one-sentence parenthetical or a short appendix entry would aid readers unfamiliar with the computational-entropy hierarchy.
The comparison with XOR combiners would benefit from a small table listing key-length overhead, retained min-entropy under single-key compromise, and transcript-binding capability for both approaches.

Simulated Author's Rebuttal

0 responses · 0 unresolved

We thank the referee for the positive and accurate summary of our manuscript, which correctly identifies the use of the Quantum Leftover Hash Lemma and universal hash functions to address seedless QRNG bootstrapping and hybrid PQC-QKD key combination. We appreciate the recommendation for minor revision and the recognition of the framework's information-theoretic security properties against quantum adversaries.

Circularity Check

0 steps flagged

No significant circularity identified

full rationale

The paper's central claims apply the pre-existing Quantum Leftover Hash Lemma to two independent seedless QRNG sources for bootstrapping and extend the same lemma to hybrid PQC-QKD extractors by modeling PQC keys as possessing HILL entropy. These steps rest on explicitly stated assumptions (source independence and entropy type) and standard universal-hash constructions rather than self-definitional reductions, fitted parameters renamed as predictions, or load-bearing self-citations. The derivation chain remains self-contained against external benchmarks once the assumptions hold.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 0 invented entities

The claims rest on the Quantum Leftover Hash Lemma and the independence of two QRNG sources; no free parameters or invented entities are introduced in the abstract.

axioms (2)

domain assumption Quantum Leftover Hash Lemma provides the stated security bounds for universal hash extractors
Invoked as the foundation for both bootstrapping and key combination security.
domain assumption The two seedless QRNG sources supply independent raw entropy
Required for the bootstrapping construction to extract usable randomness without an initial seed.

pith-pipeline@v0.9.0 · 5569 in / 1314 out tokens · 43731 ms · 2026-05-14T22:34:02.794518+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

34 extracted references · 34 canonical work pages · 1 internal anchor

[1]

RECENT DEVELOPMENTS IN EXPLICIT CONST RUC- TIONS OF EXTRACTORS

RONEN SHALTIEL. “RECENT DEVELOPMENTS IN EXPLICIT CONST RUC- TIONS OF EXTRACTORS”. In: Current Trends in Theoretical Computer Science , pp. 189–228. doi: 10.1142/9789812562494_0013. eprint: https://www.worldscientific. com/doi/pdf/10.1142/9789812562494_0013. url: https://www.worldscientific. com/doi/abs/10.1142/9789812562494_0013

work page doi:10.1142/9789812562494_0013
[2]

A modular framework for randomness extraction based on Trevisan's construction

Wolfgang Mauerer, Christopher Portmann, and Volkher B. Scholz. “A modular frame- work for randomness extraction based on Trevisan’s construction”. In: ArXiv abs/1212.0520 (2012). url: https://api.semanticscholar.org/CorpusID:14335618

work page internal anchor Pith review Pith/arXiv arXiv 2012
[3]

Trevisan’s Extractor in the Presence o f Quantum Side Informa- tion

Anindya De et al. “Trevisan’s Extractor in the Presence o f Quantum Side Informa- tion”. In: SIAM Journal on Computing 41.4 (2012), pp. 915–940. doi: 10 . 1137 / 100813683. eprint: https://doi.org/10.1137/100813683. url: https://doi.org/ 10.1137/100813683

work page doi:10.1137/100813683 2012
[4]

Leftover Hashing Against Quant um Side Information

Marco Tomamichel et al. “Leftover Hashing Against Quant um Side Information”. In: IEEE Transactions on Information Theory 57.8 (2011), pp. 5524–5535. doi: 10.1109/ TIT.2011.2158473

work page arXiv 2011
[5]

Postprocessing for quantum random- number generators: Entropy evaluation and randomness extraction

Xiongfeng Ma et al. “Postprocessing for quantum random- number generators: Entropy evaluation and randomness extraction”. In: Phys. Rev. A 87 (6 June 2013), p. 062327. doi: 10.1103/PhysRevA.87.062327 . url: https://link.aps.org/doi/10.1103/ PhysRevA.87.062327

work page doi:10.1103/physreva.87.062327 2013
[6]

More Eﬃcient Privacy Ampliﬁcation With Less Random Seeds via Dual Universal Hash Function

Masahito Hayashi and Toyohiro Tsurumaru. “More Eﬃcient Privacy Ampliﬁcation With Less Random Seeds via Dual Universal Hash Function”. In : IEEE Transactions on Information Theory 62.4 (2016), pp. 2213–2232. doi: 10.1109/TIT.2016.2526018

work page doi:10.1109/tit.2016.2526018 2016
[7]

Lyon and W

J.Lawrence Carter and Mark N. Wegman. “Universal classe s of hash functions”. In: Journal of Computer and System Sciences 18.2 (1979), pp. 143–154. issn: 0022-0000. doi: https://doi.org/10.1016/0022- 0000(79)90044- 8 . url: https://www. sciencedirect.com/science/article/pii/0022000079900448

work page doi:10.1016/0022- 1979
[8]

High-eﬃcienc y implementation of Toeplitz Strong Extractor for PRNG and QRNG output on CPU/ GPU hardware 26 systems

Anurag K S V, G Raghavan, and Kanaka Raju P. “High-eﬃcienc y implementation of Toeplitz Strong Extractor for PRNG and QRNG output on CPU/ GPU hardware 26 systems”. In: Physica Scripta 99.7 (June 2024), p. 075115. doi: 10 . 1088 / 1402 - 4896/ad587f. url: https://doi.org/10.1088/1402-4896/ad587f

work page doi:10.1088/1402-4896/ad587f 2024
[9]

Post-pro cessing-free 400 Gb/s true random number generation using optical heterodyne cha os

Anbang Wang, Longsheng Wang, and Yuncai Wang. “Post-pro cessing-free 400 Gb/s true random number generation using optical heterodyne cha os”. In: 2016 25th Wire- less and Optical Communication Conference (WOCC) . 2016, pp. 1–4. doi: 10.1109/ WOCC.2016.7506616

work page arXiv 2016
[10]

Cyber Security in Power Grid Networks , At the Crossover Domain Intersection,

Shubham Chouhan et al. “FPGA-based Toeplitz Strong Ext ractor for Quantum Ran- dom Number Generators”. In: 2024 IEEE 5th India Council International Subsec- tions Conference (INDISCON) . 2024, pp. 1–5. doi: 10.1109/INDISCON62179.2024. 10744392

work page doi:10.1109/indiscon62179.2024 2024
[11]

Hybrid integrated Gbps quantum rand om number generator based on laser phase ﬂuctuation

Zitao Huang et al. “Hybrid integrated Gbps quantum rand om number generator based on laser phase ﬂuctuation”. In: Opt. Express 33.5 (Mar. 2025), pp. 11985–11995. doi: 10.1364/OE.553477 . url: https://opg.optica.org/oe/abstract.cfm?URI=oe- 33-5-11985

work page doi:10.1364/oe.553477 2025
[12]

Two-Source Extractors Sec ure against Quantum Ad- versaries

Roy Kasher and Julia Kempe. “Two-Source Extractors Sec ure against Quantum Ad- versaries”. In: Approximation, Randomization, and Combinatorial Optimiza tion. Al- gorithms and Techniques. Ed. by Maria Serna et al. Berlin, Heidelberg: Springer Berl in Heidelberg, 2010, pp. 656–669. isbn: 978-3-642-15369-3

work page 2010
[13]

Recom- mendation for Cryptographic Key Generation

Barker Elaine (NIST), Roginsky Allen (NIST), and Davis Richard (NSA). Recom- mendation for Cryptographic Key Generation . 2020. url: https://csrc.nist.gov/ pubs/sp/800/133/r2/final (visited on 10/17/2025)

work page 2020
[14]

Generating quasi -random sequences from semi-random sources

Miklos Santha and Umesh V. Vazirani. “Generating quasi -random sequences from semi-random sources”. In: Journal of Computer and System Sciences 33.1 (1986), pp. 75–87. issn: 0022-0000. doi: https://doi.org/10.1016/0022-0000(86)90044-

work page doi:10.1016/0022-0000(86)90044- 1986
[15]

url: https://www.sciencedirect.com/science/article/pii/0022000086900449

work page arXiv
[16]

Pseudorandomness

Salil P. Vadhan. “Pseudorandomness”. In: Foundations and Trends in Theoretical Computer Science 7.1-3 (Dec. 2012), pp. 1–336. issn: 1551-305X. doi: 10 . 1561 / 0400000010. eprint: https://www.emerald.com/fttcs/article- pdf/7/1- 3/1/ 11159605/0400000010en.pdf. url: https://doi.org/10.1561/0400000010

work page doi:10.1561/0400000010 2012
[17]

Quantum Information Processing with Finite Resources

Marco Tomamichel. Quantum Information Processing with Finite Resources . Springer International Publishing, 2016. isbn: 9783319218915. doi: 10 . 1007 / 978 - 3 - 319 - 21891-5. url: http://dx.doi.org/10.1007/978-3-319-21891-5

work page doi:10.1007/978-3-319-21891-5 2016
[18]

Nearly-Linear Time Seed ed Extractors With Short Seeds

Dean Doron and Jo˜ ao Ribeiro. “Nearly-Linear Time Seed ed Extractors With Short Seeds”. In: IEEE Transactions on Information Theory 71.11 (2025), pp. 9028–9054. doi: 10.1109/TIT.2025.3605160

work page doi:10.1109/tit.2025.3605160 2025
[19]

Secure bound analysis of quantum key distribution with non- uniform random seed of privacy ampliﬁcation

Bingze Yan et al. Secure bound analysis of quantum key distribution with non- uniform random seed of privacy ampliﬁcation . 2022. arXiv: 2207 . 08345 [quant-ph] . url: https://arxiv.org/abs/2207.08345

work page arXiv 2022
[20]

2-Source Extra ctors under Computa- tional Assumptions and Cryptography with Defective Random ness

Yael Tauman Kalai, Xin Li, and Anup Rao. “2-Source Extra ctors under Computa- tional Assumptions and Cryptography with Defective Random ness”. In: 2009 50th Annual IEEE Symposium on Foundations of Computer Science . 2009, pp. 617–626. doi: 10.1109/FOCS.2009.61

work page doi:10.1109/focs.2009.61 2009
[21]

Cryptography in the bounded quant um-storage model

Ivan Damg ˚ ard et al. “Cryptography in the bounded quant um-storage model”. In: IEEE Information Theory Workshop on Theory and Practice in Inform ation-Theoretic Security, 2005. (2005), pp. 24–27. url: https : / / api . semanticscholar . org / CorpusID:174322

work page 2005
[22]

A Pseudorandom Generator from any One-way Func tion

Johan H ˚ Astad et al. “A Pseudorandom Generator from any One-way Func tion”. In: SIAM Journal on Computing 28.4 (1999), pp. 1364–1396. doi: 10.1137/S0097539793244708. eprint: https://doi.org/10.1137/S0097539793244708 . url: https://doi.org/ 10.1137/S0097539793244708. 27

work page doi:10.1137/s0097539793244708 1999
[23]

Comput ational Analogues of En- tropy

Boaz Barak, Ronen Shaltiel, and Avi Wigderson. “Comput ational Analogues of En- tropy”. In: Approximation, Randomization, and Combinatorial Optimiza tion.. Algo- rithms and Techniques. Ed. by Sanjeev Arora et al. Berlin, Heidelberg: Springer Be rlin Heidelberg, 2003, pp. 200–215. isbn: 978-3-540-45198-3

work page 2003
[24]

Theory and application of trapdoor func tions

Andrew C. Yao. “Theory and application of trapdoor func tions”. In: 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982) . 1982, pp. 80–91. doi: 10.1109/SFCS.1982.45

work page doi:10.1109/sfcs.1982.45 1982
[25]

Free randomness can b e ampliﬁed

Roger Colbeck and Renato Renner. “Free randomness can b e ampliﬁed”. In: Nature Physics 8.6 (June 2012), pp. 450–453. issn: 1745-2481. doi: 10 . 1038 / nphys2300. url: https://doi.org/10.1038/nphys2300

work page doi:10.1038/nphys2300 2012
[26]

Many a mickle makes a muckle: A framework for provably quantum-secure hyb rid key exchange

Benjamin Dowling, Torben Brandt Hansen, and Kenneth G P aterson. “Many a mickle makes a muckle: A framework for provably quantum-secure hyb rid key exchange”. In: International Conference on Post-Quantum Cryptography . Springer. 2020, pp. 483– 502

work page 2020
[27]

Muckle+: End-to- End Hybrid Authenticated Key Exchanges

Sonja Bruckner, Sebastian Ramacher, and Christoph Str iecks. “Muckle+: End-to- End Hybrid Authenticated Key Exchanges”. In: Post-Quantum Cryptography . Ed. by Thomas Johansson and Daniel Smith-Tone. Cham: Springer N ature Switzerland, 2023, pp. 601–633. isbn: 978-3-031-40003-2

work page 2023
[28]

Quantum-safe hybrid key exchanges with KEM-based authentication

Christopher Battarbee et al. “Quantum-safe hybrid key exchanges with KEM-based authentication”. In: EPJ Quantum Technology 12.1 (2025), p. 128

work page 2025
[29]

Versatile quantum-safe hybrid k ey exchange and its applica- tion to MACsec

Jaime S Buruaga et al. “Versatile quantum-safe hybrid k ey exchange and its applica- tion to MACsec”. In: EPJ Quantum Technology 12.1 (2025), p. 84

work page 2025
[30]

QKD Oracles for Authenticated Key Exchange

Kathrin H¨ ovelmanns et al. QKD Oracles for Authenticated Key Exchange . Sept. 2025. doi: 10.48550/arXiv.2509.12478

work page doi:10.48550/arxiv.2509.12478 2025
[31]

Lightweight Authenticatio n for Quantum Key Distribu- tion

Evgeniy O. Kiktenko et al. “Lightweight Authenticatio n for Quantum Key Distribu- tion”. In: IEEE Transactions on Information Theory 66.10 (2020), pp. 6354–6368. doi: 10.1109/TIT.2020.2989459

work page doi:10.1109/tit.2020.2989459 2020
[32]

The transport layer security (TLS) protocol version 1.3

Eric Rescorla. The Transport Layer Security (TLS) Protocol Version 1.3 . RFC 8446. Aug. 2018. doi: 10.17487/RFC8446 . url: https://www.rfc- editor.org/info/ rfc8446

work page doi:10.17487/rfc8446 2018
[33]

traﬃc i

Claudia De Lazzari et al. Send the Key in Cleartext: Halving Key Consumption while Preserving Unconditional Security in QKD Authentication . 2026. arXiv: 2603.25496 [quant-ph]. url: https://arxiv.org/abs/2603.25496. Appendix A Outline of modiﬁed Muckle#-like protocol This appendix A provides an outline of a modiﬁed version of th e Muckle# protocol [27] in...

work page arXiv 2026
[34]

Send the Key in Cleartext

This implies that the individual keys |IHT S| and|RHT S| are also (˜ε + εs1 + ε′ 1)-secure (theorem 1). Since the seed is assumed to be uniform random over the whole s pace (with the εs1 security guarantee) and the only key material that is secure is the QKD key kqkd1 (with the ˜ε security guarantee), then H εs min(seed|E)ρ = |seed| and H ˜ε min(input|E)ρ...

work page