In September 2013, whistleblower Edward Snowden revealed that American and British intelligence agencies had successfully cracked much of the online encryption internet users used to keep their personal data private. Snowden’s solution appeared ironic to many: to adopt end-to-end encryption en masse, rendering mass surveillance prohibitively expensive and cumbersome.
In end-to-end encryption, an algorithm converts readable data (plaintext) to an unreadable form (ciphertext) using a string of numbers and letters called a key. A user with the key can feed it into a decryption algorithm, which will use it to turn ciphertext to plaintext. The success of any encryption method thus hinges on the secrecy of the key.
To prevent an unauthorised person from guessing the key, it has to be sufficiently random, i.e. lacking predictable patterns.
How does one get a sufficiently random key? For cybersecurity company Cloudflare, the answer lay in a funky 1963 invention: the lava lamp.
A lava lamp comprises a glass container with blobs of wax suspended in water and placed over an incandescent bulb. The heat from the bulb melts the wax and causes droplets to rise up. As the droplets reach the top of the container, they cool down and fall back to the bottom, starting the cycle once again. The rising droplets in a lava lamp don’t take the same shape twice. That is, the shapes are “consistently random”.
At Cloudflare’s headquarters in San Francisco in the US, the company has arranged a hundred lava lamps on one of its walls. A camera takes pictures of the wall periodically, and computers convert each pixel in the image into a numerical value. Thus, each picture generates a string of numbers (called the seed) that is then input to an algorithm to generate an encryption key.
A shelf of lava lamps.
| Photo Credit:
Dean Hochman (CC BY)
There are two problems, however. One, even the “consistently random” movements of the lava lamp are determined in theory by the laws of thermodynamics, the branch of physics that deals with how heat moves in a system (e.g. the glass container with water and wax) and how that affects the properties of matter it contains. At least on paper, this makes the seed predictable.
Second, even if the seed is practically random, the algorithm used to generate the key is deterministic, i.e. not random. In other words, if a person gets hold of the seed, they can generate the exact same key using the algorithm. This is why such algorithms, which are commonplace in most encryption systems today, are called pseudorandom number generators.
True randomness has been elusive — but scientists have known for some time where they could best hope to find it: quantum mechanics, where randomness abounds.
Quantum randomness
Quantum mechanics is the study of how matter and light behave in the atomic and subatomic realms. At those scales, the theories of physics are no longer able to make predictions with certainty. As Gautam A. Kavuri, a quantum communication researcher at the University of Colorado, Boulder (CUB) in the US, put it, the “outcome of a measurement [in the quantum realm] cannot be known before a measurement is made”.
Consider the case of a photon, the particle of light. Each photon has an oscillating electromagnetic field. The direction in which the field oscillates is called the photon’s polarisation. According to the laws of quantum mechanics, the polarisation of a photon can be both horizontal and vertical (or left and right) until it is measured — just like a coin tossed in the air is both ‘heads’ and ‘tails’ until it lands. It is only at the time of measurement that the polarisation becomes one of the two, and this choice is random.
In a paper published in Nature in June, Kavuri along with a team of researchers from the CUB and the National Institute of Standards and Technologies (NIST) in the same city have reported using this as a source to generate truly random numbers.
Once generated, the team broadcasts the numbers publicly via the CU Randomness Beacon (CURBy): this is a public service where receivers can pick up the numbers and use them in their applications.
While Kavuri et al. isn’t the first team to press quantum phenomena in the service of generating random numbers, the technique incorporates a cryptographic tool called blockchains in their protocol. This makes the technique fully traceable and certifiable by independent parties — making it the first of its kind.
Calling the work “innovative”, quantum information theory researcher and University of New Orleans associate professor Peter Bierhorst said “every step in the process, from harvesting the raw data (which is only somewhat random) to processing it down to a near-perfect (uniform) string of random bits, can be audited and verified.”
Bierhorst has worked in the past with some of the authors of the 2025 Nature paper but wasn’t associated with the new study.
Numbers from photons
The protocol in the test by Kavuri et al. begins at the NIST, where a process called spontaneous parametric down-conversion is used to generate a pair of quantum entangled photons. The process uses a special material called a non-linear crystal to convert a photon with higher energy to a pair of photons of lower energy. These photons are entangled, meaning that even at great distances, their properties are correlated.
Once the entangled photons are generated, they are sent in two different directions to two laboratories at opposite ends of a hall at NIST. There, the polarisation of these photons is measured. This process is repeated 15 million times in about one minute, and the polarisation state in each case is truly random. This data is passed to the CUB, where the next step unfolds.
Almost 2 km away, at the CUB, a computer programme converts the data to a bit string, a series of zeroes and ones. At this stage, the string, while truly random, is also biased: the frequency with which zeroes and ones occur is not equal. This random-but-biased bit string is then processed through a mathematical function called a randomness extractor. This function uses an independent random seed, obtained from a different random number generator called DRAND and extracts from the biased bit string a uniformly unbiased random string of 512 bits.
DRAND is run by a confederation of many independent parties around the world, including Cloudflare, Ethereum Foundation, and the Swiss Federal Technology Institute of Lausanne in Switzerland.
Building trust
Impressive as the protocol is, its novelty lies elsewhere.
For random number generators that are used to encrypt and decrypt data, trust has always been an issue. Sanjit Chatterjee, an information security researcher and associate professor at the Indian Institute of Science, Bengaluru, explained: “Suppose I claim I have a random number generator. How do you verify or get a certificate stating that its output is truly random? Or that the protocol has not been tampered with?”
To surmount this issue, the team led by Kavuri integrated a blockchain in their protocol. In blockchain technologies, data from different steps of a process is stored in blocks that are linked to each other using the output of a mathematical algorithm called a hash.
The hash algorithm converts a long string of data to a string of fixed length called the fingerprint. The fingerprint is uniquely linked to the input data; any tampering with the input data leads to a substantially different fingerprint, which a verifying party can easily check and call out.
According to Chatterjee, “It is not possible to change the fingerprint at one step without changing the fingerprints of all the subsequent steps.”
Thus, by linking different blocks of data using different fingerprints, researchers are able to ensure that any tampering in one step of the process will be reflected in the fingerprints of all the subsequent processes.
Kavuri and colleagues developed a blockchain protocol they called ‘twine’ to “create a traceable … cryptographic contract between three parties” responsible for a part of the random number generation process, they wrote in their paper.
The first party, NIST, provided the raw bit string. The second party, CUB, ran the randomness extractor. The third party, DRAND, provided the independent seed to the extractor. Each step of the process was marked with a hash fingerprint, and the fingerprints could be used by one of the three parties or any user to verify the integrity of the process.
“As long as all the parties are not compromised, we can be sure that the analysis and extraction is carried out correctly,” Kavuri said.
‘Challenging proposition’
According to Chatterjee, the researchers have provided a “prototype” that shows generating traceable random numbers “is possible in practice”.
“But if you think about the amount of random numbers generated in everyday operations, then this is nowhere near that stage,” he added.
Kavuri et al. stated in their paper that they could generate 7,434 random numbers over a 40-day period.
Bierhorst, the University of New Orleans quantum information theorist, added that the protocol requires “an intricate apparatus employing state-of-the-art optical components to create and manipulate the entangled photons” — which would be the starting step for the protocol.
“Deploying this commercially is a challenging proposition,” he said. He added that he expects it will take another few years before the protocol can be deployed widely.
Kavuri, meanwhile, said he was looking forward to bringing more parties under the ambit of their twine protocol. “This will further decentralise trust in the random number generation process,” he said.
Sayantan Datta is a faculty member at Krea University and an independent science journalist. The author thanks Apoorva Patel and Shayan Srinivasa Garani for inputs.