Randomness is a useful resource. Random numbers are a key ingredient in cryptography, statistical analysis, computer simulation, and (more obviously) lotteries and gambling. They could also help make fairer decisions about things like who gets selected for tax audits or jury duty, or how to redraw voting districts—but only if people are confident they are truly random. A new “randomness beacon” developed by the National Institute of Standards and Technology (NIST) and the University of Colorado Boulder could help.
The Colorado University Randomness Beacon (CURBy) exploits the inherent unpredictability of quantum mechanics to produce truly random numbers. It relies on an experiment known as a Bell test designed to probe the fundamental principles of quantum mechanics. In 2015, researchers at NIST used it to provide the most definitive proof yet of entanglement—a quantum phenomenon in which the quantum states of two particles are intrinsically linked, no matter how far apart.
In 2018, the NIST team showed they could use the results of these tests to generate truly random numbers, but it took 10 minutes to generate a single string of random numbers. Now, they have teamed up with UC Boulder researchers to create a reliable service that produces a string in just 1 minute, or hundreds of random numbers a day. These are publicly broadcast on the project’s website. The service also uses blockchain technology to allow anyone to trace and verify each step of the process to confirm the numbers are truly random.
“If you’re playing a board game and you throw some dice, the reason you do that is you’re trying to distribute resources fairly, you’re trying to make it so that everyone has an even shot,” says Gautam Kavuri, a graduate student at CU Boulder and NIST. Kavuri and his colleagues published their work on CURBy on 11 June in Nature.
“The reason for this random number service is similar. It’s to serve as an arbiter for fair distribution of resources in society,” Kavuri says. “And as the stakes of your application get higher and higher, it’s more and more important that this is really impossible to control or tamper with.”
The equipment developed at NIST creates verifiable random numbers that the researchers are making publicly available.R. Jacobson/NIST
Quantum Entanglement in Randomness
At CURBy’s core is an experimental setup designed to carry out a Bell test. A laser is fired at a crystal to create a pair of photons whose polarizations are entangled. The photons travel to two separate measurement stations roughly 100 meters apart that feature a polarization filter whose settings are randomly adjusted. Depending on how the filters are set up, the photon either passes through or is blocked. A detector on the other side then records the result. This process is repeated 250,000 times per second.
The Bell test is designed to determine whether the photons are behaving unpredictably, which would provide evidence that they are truly entangled. If they are not entangled, and they are obeying the rules of classical physics, then their polarization is determined in advance, which puts an upper bound on how much statistical correlation there can be between the stream of detections at each measurement station.
However, a pair of entangled photons exist in a joint state that only collapses into a specific polarization when they are measured. Because of the quantum link between the particles, measuring either of them instantaneously affects their shared joint state. This means that the outcome depends on the measurement settings at each station, and this leads to correlations in the results that are significantly stronger than possible if the photons are behaving classically.
If correlations in the detection events exceed a specific threshold, it confirms that the photons were indeed behaving quantum mechanically, says Kavuri. And because quantum mechanics is inherently probabilistic it is impossible to determine the results of these measurements in advance. This unpredictability provides a source of randomness that can be extracted by running the stream of detection events through a statistical analysis, says Kavuri. Once NIST has collected roughly 15 million detection events, these are transmitted to the University of Colorado where a computer program goes through a multistep process to convert them into a string of 512 random bits, which are then posted to the CURBy website.
Blockchain Ensures Randomness Integrity
There are other devices that exploit quantum mechanical phenomena, such as radioactive decay, to generate random numbers. However, these approaches still depend on classical hardware like detectors, which can be biased by things like temperature or radiation fluctuations, says Kavuri. In contrast, the Bell test is device independent—it can provide mathematical guarantees of randomness even if the underlying hardware is in some way compromised.
“The Bell test is this really careful approach that makes very few assumptions about the devices we’re using,” says Kavuri. Nonetheless, for others to trust the output of CURBy, they need to be sure that NIST is conducting the Bell test correctly, he adds. That is why the researchers also incorporated blockchain technology into the service, which allows anyone to trace and verify the steps used to create random numbers.
At each stage of the process, a cryptographic algorithm creates a unique digital fingerprint of the data—a string of numbers known as a hash. These are then chained together in chronological order by including the hash of the previous block of data in the next block. This makes it possible to go back and check the provenance of the data behind a particular random number. It also makes it difficult to tamper with older data blocks because it would require an attacker to edit every subsequent block as well to evade detection.
In the protocol developed by the researchers, which they call Twine, each entity involved in the random-number generation process creates its own chain and then these are cross-linked with each other. In the current setup this includes NIST, which carries out the Bell test; CU Boulder, which analyzes the detection data; and a third-party service known as the Distributed Randomness Beacon Daemon, which provides an independent random number that is used in the process that extracts randomness from the Bell test data. But in the future, other randomness beacons could also join the same protocol.
Intertwining multiple chains to create what the researchers call a “tapestry” provides even greater security guarantees, says Jasper Palfree, a research assistant on the project at the University of Colorado Boulder. “If one authority tries to rewrite their data, this can be detected from the inconsistent linking with other chains,” he says. “The more chains participating, the larger the tapestry, and the more difficult it is to spoof.”
