ETH Zurich scientists create perfect randomness for the first time

Perfect randomness sounds simple, until you try to make it.

A die can be polished, balanced and rolled thousands of times. Yet, one face may still land up a little more often than the others. In daily life, that slight tilt hardly matters. However, in cryptography, it can become a serious weakness. A barely detectable pattern in a stream of random numbers can make private keys easier to predict. That can open the door to broken encryption.

That problem is what drove a team at ETH Zurich to a result that sounds almost paradoxical: using flawed randomness to create perfect randomness. In a study published in Nature, researchers led by Renato Renner and Andreas Wallraff showed that quantum physics can amplify weak random input into a string of bits that is fully unbiased. Moreover, they argue, the output is certifiably unpredictable.

The advance centers on a simple but stubborn truth. Random-looking numbers are not always truly random. Some generators produce outputs that pass statistical tests but still carry hidden structure. That matters because, as the researchers note, unpredictability is not a property of a bit string alone. It belongs to the process that produced it, and to what an attacker may already know about that process.

“It may seem strange, but it is almost impossible to create a perfect coin or a perfect die”, says Renner.

The weakness is not just theoretical. Earlier investigations into public RSA keys found that some private keys could be reconstructed because the randomness used to create them was too predictable. If the numbers that seed a cryptographic system are flawed, the security built on top of them can collapse.

Quantum mechanics appears to offer a way out. Certain measurements in quantum systems are fundamentally unpredictable. A photon hitting a 50:50 beam splitter, for example, should choose a path at random. Yet real devices never behave in a perfectly ideal way. Small imperfections can introduce bias, and worse, the bias can shift over time.

“Even modern random number generators, which are based on quantum mechanical effects like the reflection of photons from beam splitters, are not entirely immune to such a systematic error or ‘bias’”, adds Wallraff.

That is the obstacle randomness amplification is meant to overcome. The idea is to start with a source that is only somewhat random. Then, a quantum protocol is used to upgrade it into something better. Classical processing alone cannot do that. In the Santha-Vazirani framework, once a source is weakly biased and correlated, no purely classical method can turn it into perfect randomness.

Quantum physics changes the rules.

The ETH Zurich experiment relied on a Bell test. This is a kind of measurement on entangled systems designed to show that the outcomes cannot be explained by hidden pre-existing variables, at least under locality assumptions. To make that work in practice, the team needed both strong quantum correlations and high data rates. This is a difficult combination.

“This was made possible by an improved so-called Bell-Test with simultaneously high quality and high data rate”, says Wallraff.

The setup linked two superconducting chips, each holding a transmon qubit, inside separate dilution refrigerators cooled to about 15 millikelvin. The two nodes were connected by a 30-meter-long cryogenic link that allowed microwave photons to pass between them and generate entanglement. That distance was crucial. It ensured that during the measurement window, even a signal traveling at the speed of light could not move between the qubits in time to coordinate the outcomes.

Each qubit could be measured in one of two ways. The choice of measurement basis at each node was made using an imperfect random number generator. The researchers drew those initial random bits from quantum random number generators based on laser phase diffusion. Extensive testing, they report, found the source compatible with an unpredictability bias below 0.75%.

The Bell test then asked whether the measured correlations were strong enough to certify unpredictability, even though the inputs used to choose the measurements were themselves not perfectly random. To do that, the team used a measurement-dependent locality inequality. This was used rather than relying only on the standard Bell framework.

The experiment ran for about nine hours and covered 1,342,177,280 trials. These were collected in 20 blocks of 2^26 trials each, with measurements performed at a rate of 50 kilohertz. Across the run, the system reached an average CHSH value of 2.271 and an average measurement-dependent locality value of 0.00296. Both values remained above the classical threshold throughout the experiment.

Those numbers mattered because a positive measurement-dependent locality value certified that the device was producing unpredictable bits. This was despite being driven by imperfect input randomness. Once that unpredictability was established, the team moved to the second stage: extracting perfectly random output.

Renner’s group applied a two-source extractor. This is an algorithm from computer science that can generate strong randomness from two independent weak inputs. One input came from the Bell-test outcomes. Another came from the original weak random source. Together, they produced the final output bit string.

“The resulting sequence of zeros and ones is now really perfectly random, and we can even certify that”, says Renner.

The final result was a string of 45,025,658 random bits, produced from 5,368,709,120 low-quality random bits. The protocol’s failure probability was set at 10^-12. The researchers say the output is guaranteed to be perfectly random. This is provided the input source has a bias of no more than 0.75%.

Renner describes the achievement as a threshold moment. “The technical improvements allowed us, for the first time, to create random numbers that will remain perfectly random for all eternity – no matter what analytical methods are used to assess their randomness.”

That claim rests on more than appearance. The team did run the NIST statistical test suite and the Diehard battery as consistency checks. The output passed all tests for which the string was long enough. However, the authors stress that statistics alone do not prove unpredictability. The certificate comes from the loophole-free Bell violation and the underlying physics.

The broader importance lies in trust. The protocol does not require the internal workings of the Bell-test device to be trusted, and it does not rely on assumptions about the difficulty of computational problems. Instead, it offers information-theoretic security. This is the kind sought in the strongest forms of cryptography, including quantum key distribution.

The researchers suggest that certified randomness could eventually play a role similar to that of atomic clocks. This would be a physically grounded standard that other systems can rely on.

In practical terms, the work points toward a future in which critical digital systems can draw on a certified source of randomness. This is rather than merely assuming their random numbers are good enough. That could strengthen encryption of sensitive communications, support digital identity systems, and provide public randomness services for uses such as lotteries and blockchain applications. The team notes that the output rate of their system is comparable to that of the current NIST randomness beacon. This gives the result immediate relevance beyond theory.

The work also matters for quantum-secure communications. Cryptographic tools such as quantum key distribution, bit commitment, secret sharing, zero-knowledge proofs and secure multi-party computation all depend on unpredictable random bits. If those bits are even slightly predictable, the entire structure weakens.

This experiment does not solve every practical challenge. However, it shows that imperfect randomness does not have to be a fatal flaw. Under the right quantum conditions, it can be amplified into something stronger, and certified.

Research findings are available online in the journal Nature.

The original story "ETH Zurich scientists create perfect randomness for the first time" is published in The Brighter Side of News.

Like these kind of feel good stories? Get The Brighter Side of News' newsletter.