Researchers in Switzerland labored for 10 years, on a project that cost $12 million. The end result, published in Nature last month?
Some really, really random numbers.
Random numbers are the guardians of digital information, which moves through the internet via a system of public and private keys. Private keys consist of hundreds of bits (bits are zeros or ones that encode extremely large numbers) generated by a computer. Computers can come very close to achieving true randomness, but they are driven by process.
A process can be complex and difficult to tease out, but it cannot be truly random. “If you knew what the computer was calculating, you would be able to predict it exactly,” said Morgan W. Mitchell, a quantum physicist at the Institute of Photonic Sciences in Barcelona. “You would be able to say exactly what’s going to come out.” Hackers have become adept at using math to probe encrypted systems for signs of weak randomness, which can give them access to private keys.
The Swiss group tried to solve this problem through a process called randomness amplification, which takes lower-grade random numbers and boosts them via quantum physics. The published result is random numbers that are “effectively perfect,” said Dr. Mitchell, who was not part of the Swiss team.
Other researchers have also recently attained impressive results when it comes to random number generation, but with more reliance on computers, whereas the Swiss experiment comes with an intrinsically elegant validation completely independent of processing power.
“We are, in a sense, trusting physics,” Dr. Mitchell said.
The resulting paper “represents the most convincing demonstration to date that high-quality randomness can be produced from quantum processes,” said Roger Colbeck, a professor of quantum information theory at King’s College London and a pioneer in the field of quantum randomness.
The Swiss project, conducted at the university ETH Zurich, called for two connected refrigerators humming along at just above absolute zero, at 15 millikelvin, which is roughly 180 times colder than deep space. These cryostats, as they are known, cooled superconducting circuits called qubits, which behave according to quantum mechanics.
The challenge before the Swiss team was to find a way to harvest the raw randomness of the supercooled qubits without contaminating the experiment with classical physics. Pure quantum conditions are exceptionally difficult to maintain. Inevitably, boring old non-quantum reality seeps in, degrading the quality of the random numbers.
“It takes randomness to make randomness,” said Krister Shalm, a professor of quantum physics at the University of Colorado and a senior research associate at the National Institute of Standards and Technology, who was not involved in the Swiss experiment.
The pivotal innovation of the new experiment was the placement of the two qubits in a tight bond known as entanglement, which is possible only under quantum conditions. “The advance is that we create entanglement at a high enough quality and at a high enough rate, so it’s practically feasible to actually create random numbers through it,” said Andreas Wallraff, a physicist and co-author of the Swiss paper.
Over nine hours, the researchers used their experimental setup to measure the entangled qubits 1.34 billion times. Taking the results of those quantum measurements, an extractor algorithm then transformed 5.4 billion bits sourced from a somewhat less sophisticated random number generator into 45 million bits of extremely high-quality randomness.
“This work does genuinely advance the field,” Dr. Shalm said.
Given all the encrypted information bouncing around on the internet — potentially close to 20 exabytes per day — the payoff for a savvy hacker could be immense, even if their hit rate were relatively low. In 2012, researchers used a straightforward approach (Euclid’s algorithm, a basic math concept) to find that 0.2 percent of public keys in a database were not random enough. Though seemingly small, this was seen as a huge security lapse, considering that the database contained 7.1 million keys.
“In cryptography, however paranoid you think you are, you’re not paranoid enough,” Dr. Shalm said. Echoing the same theme, Dr. Mitchell said that the Swiss team was “able to generate randomness that even a paranoid user can trust.” (Paranoia seems, justifiably enough, to be a common sentiment in quantum cryptography.)
In 2010, the gaming platform PlayStation 3 had its defenses breached by hackers who discovered that Sony was recycling its random numbers. In a 2023 attack known as Milk Sad, hackers exploited the generation of weak private keys by the cryptocurrency tool Libbitcoin Explorer. They stole $900,000.
“If you take the most pure source of randomness that you can get,” Dr. Wallraff said, “you can fix that problem.”
