The never-ending quest to improve the security of digital information
combined with recent improvements in hardware technology has caused the field
of random number generation to undergo a fundamental shift from relying solely
on pseudo-random algorithms to employing optical entropy sources. Despite these
significant advances on the hardware side, commonly used statistical measures
and evaluation practices remain ill-suited to understand or quantify the
optical entropy that underlies physical random number generation. We review the
state of the art in the evaluation of optical random number generation and
recommend a new paradigm: quantifying entropy generation and understanding the
physical limits of the optical sources of randomness. In order to do this, we
advocate for the separation of the physical entropy source from deterministic
post-processing in the evaluation of random number generators and for the
explicit consideration of the impact of the measurement and digitization
process on the rate of entropy production. We present the Cohen-Procaccia
estimate of the entropy rate h(ϵ,τ) as one way to do this. In order
to provide an illustration of our recommendations, we apply the Cohen-Procaccia
estimate as well as the entropy estimates from the new NIST draft standards for
physical random number generators to evaluate and compare three common optical
entropy sources: single photon time-of-arrival detection, chaotic lasers, and
amplified spontaneous emission