Truly random numbers have been generated at last. Credit: A. Dudoladov/ iStockphoto

When it comes to unpredictable strings of numbers, some are more random than others. Until now there has been no way to confirm 'true' randomness, leaving encryption techniques that rely on random strings vulnerable. But physicists have now generated the first string of verifiably random numbers — a feat that could help to shore up security.

Strings of 'pseudo-random' numbers are commonly used as keys to encode messages for transmission across the Internet. The trouble is that although these strings appear random for most practical purposes, if the computer algorithm that generates them can be cracked, they are open to attack, says Antonio Acín, a physicist at the Institute of Photonic Sciences in Barcelona, Spain.

For these reasons, many groups are trying to produce truly random strings based on the indeterminism inherent to quantum systems. According to quantum mechanics, it is impossible to predict with certainty how a quantum particle will behave; so, in theory, choosing binary digits based on the path chosen by, say, photons that meet a two-way crossroads should ensure randomness. In practice, however, there's no way to confirm that even these digits are truly random, says Acín. For instance, there may be faults in the apparatus that subtly bias the way that the photons move.

What the team has done is amazing. ,

To get round this problem, Acín and his colleagues have devised a test of true randomness that harks back to historic experiments on the nature of quantum mechanics first proposed by physicist John Bell in the 1960s. Bell wanted to confirm that classical physics cannot explain the strange properties exhibited by 'entangled particles', which are linked such that measuring one immediately affects the state of its partner. Bell calculated the maximum possible level of correlation between two particles in any classical system. Later experiments have repeatedly confirmed that entangled particles exceed this maximum limit, defying classical physics.

Slow but sure

Acín and his colleagues have now shown that there is a direct relationship between the degree of true randomness in a system and the extent to which Bell's limit is broken by entangled particles. They prepared a true random-number generator that spits out binary digits on the basis of repeated quantum measurements of an ytterbium ion, which could either be in a high or low energy level. To verify true randomness, two such ions were entangled, and the energy levels of both were measured to confirm that they were correlated beyond Bell's bound. "Violating Bell's bound confirms that the technique successfully exploits a genuine random quantum process," says Acín. "You can then read off a string of digits based on the energy levels of ion number 1 and know that it will give you truly random numbers." In this week's Nature1 the team reports generating 42 truly random numbers.

Artur Ekert, a quantum physicist at Oxford University, UK, originally proposed in 1991 that Bell's theorem could be used to create truly random numbers for use in quantum cryptography2. "What the team has done is amazing," he says. However, he adds that in their set-up, the ions are only separated by 1 metre and for quantum communication applications the team must demonstrate that the technique works over larger distances.

Hong Guo, at Peking University in China, agrees that proving true randomness is essential. However he notes that Acín's technique only produced 42 random digits in a month. By contrast, recent experiments by his group and others, exploiting the quantum properties of photons in lasers, have generated digits at rates of up to 500 megabits per second — although in these experiments, true randomness was not a priority3,4. "The next step for Acín's team is to simplify the experiment to a more practical set-up," says Guo.