A team of researchers from JP Morgan Chase, Quantinuum, and others has shown that quantum computers can produce “certifiably random” numbers, potentially improving how we secure everything from banking to voting systems.
It turns out that the random numbers some computer programs use aren’t so random.
In cryptography—the tech underlying two-factor authentication and passkeys for instance—random numbers are generated to secure systems from hackers. But traditional computers typically use algorithms that only mimic randomness, and are actually based on an algorithmic formula, making them potentially hackable if someone figures out the pattern.
"Imagine we have a list that starts with 'Ace of Diamonds' and ends 53 items later with a Joker. To shuffle this on a computer, I might use the Knuth Shuffle, which is a well-known algorithm. The problem is that if we run the algorithm on our ordered 'deck' with the same 'seed' again, we get the same 'shuffled' output," Clyde Williamson, senior product security architect at data security firm Protegrity, told Decrypt.
The breakthrough, published in Nature, demonstrated that the team was able to achieve certified randomness, meaning that the numbers were demonstrably random and unhackable.
Using Quantinuum's 56-qubit trapped-ion computer, the research team generated over 70,000 certified random bits in a process that took mere seconds per bit to create, but would require four of the world's top supercomputers working nonstop to fake—as in, generating a similar sequence with a mathematical formula that would make the process seem deterministic.
The numbers were later verified by a group of supercomputers capable of proving there was not a mathematical algorithm involved in their generation.
The achievement marks a meaningful step beyond previous quantum computing claims that often involved contrived tasks with little real-world value. This time, the application tackled a fundamental challenge in cybersecurity: creating random numbers that are provably unbiased and unpredictable.
"Traditional random number generation faces two major challenges: the potential for manipulation or predictability in entropy sources, and weaknesses in the algorithms used by pseudo-random number generators to expand that entropy," Kee Jefferys, co-founder of encrypted messaging app Session—and co-author of the proof-of-stake privacy coin Oxen’s Whitepaper—told Decrypt. "Quantum randomness introduces a fundamentally different entropy source, rooted in the intrinsic unpredictability of quantum mechanical processes."
The ability to generate true randomness depends on the peculiar world of quantum mechanics. Quantum computers use qubits rather than binary bits, allowing them to exist in multiple states simultaneously thanks to a phenomenon called superposition—a state that was viralized by Schrodinger's famous explanation positing a cat that is alive and dead at the same time inside a box.
When measured, these qubits produce genuinely random results—not because we lack information, but because nature itself hasn't determined the outcome until observation occurs. In other words, the cat lives or dies only when somebody opens the box.
(Tl;dr: Quantum computers are better at generating truly random numbers because quantum mechanics is fundamentally indeterministic—whereas classical computers are deterministic machines pretending to be random.)
The protocol works through a clever back-and-forth between quantum and classical computing. First, the quantum computer performs so-called random circuit sampling, a method used in quantum computing to benchmark and demonstrate quantum advantage—that is, performing a task faster on a quantum computer than any known classical computer can.
It generated outputs in about two seconds each. Then, classical supercomputers at Argonne and Oak Ridge National Laboratories spent 18 hours verifying these outputs using a technique called cross-entropy benchmarking, which confirmed they couldn't have been produced by classical means.
This verification process ensures that the random numbers weren't manipulated by anyone—not even by the quantum computer's manufacturers. This has not been achieved before, and marks the first time a general-purpose quantum computer has been used to generate publicly verifiable, certified quantum randomness at scale.
The stakes for getting randomness right are high. Duncan Jones, head of cybersecurity at Quantinuum—one of the research labs involved in the study alongside JP Morgan—pointed to several dramatic examples of what happens when randomness fails.
"In 2010, Sony's PlayStation breach occurred because the developers failed to use strong random number generation, allowing attackers to expose the private cryptographic key," Jones told Decrypt. "More recently, the Polynonce attack (2014-2023) exploited weak Bitcoin wallet randomness, leading to the theft of 140 Bitcoin (~$10M)."
Felix Xu, CEO of ARPA Network, highlighted another costly incident: "A notorious example is the 2013 Android SecureRandom vulnerability, where weak entropy in Bitcoin wallet applications allowed attackers to steal private keys, draining millions of dollars in Bitcoin."
“Similarly, in 2019, a flawed implementation of deterministic random bit generation in YubiKey’s FIPS-certified hardware tokens exposed cryptographic keys to potential compromise,” Xu pointed out.
The implications stretch across digital security and could open the doors for practical users of quantum computers. Better random numbers mean stronger encryption keys for everything from online banking to government applications, messaging apps, and social media. They could also make digital signature systems more secure, safer crypto wallets, and prevent data tampering for example.
One particular use case for certified randomness is a trustless random beacon: a public service that regularly emits truly random numbers that no one can predict, manipulate, or fake—like an universal 2FA code generator—and does so in a way that anyone can verify.
"For blockchains, quantum-certified randomness can power truly fair and tamper-proof consensus algorithms, significantly strengthening platforms like Ethereum and Solana against manipulation," Xu told Decrypt.
“Anywhere that smart contracts or consensus mechanisms rely on random numbers could be improved if they 'call' a quantum random number," Konstantinos Karagiannis, director of quantum computing services at Protiviti, told Decrypt.
Public lotteries, gambling sites, banking operations, marketing firms that do A/B testing, and bioresearch companies are among the businesses that could greatly benefit from using truly random number generation.
Despite its promise, the technique is still not suitable for everyday use. The verification stage currently requires supercomputing power that most organizations lack, which means it is not worth the hassle to implement right now.
However, Quantinuum’s Jones suggests the technology is already moving toward accessibility, with other players working on more sustainable paths.
"While the JPMC research required supercomputers for certification, Quantum Origin takes a different approach," he said. "It leverages Bell tests on a quantum computer to generate a quantum seed (strong-seed). Once the quantum seed is generated (a one-time process), it's embedded into software and can upgrade any local random source to 'quantum' randomness."
The path to mainstream adoption appears promising, marking the first time experts believe quantum computing may have an actual mass application in the short term.
“Chip-scale will likely continue to get cheaper (and hopefully more resistant to noise). Adding them to just about any device within this decade may be possible” Karagiannis told Decrypt. It's a vision also shared by Xu.
“As for applications on the cloud, numbers generated by real quantum computers may be readily available as part of workloads," Karagiannis added. "You may one day add quantum processing units (QPUs) for several functions, including random numbers.”
If he's right, and this technique proves successful, we may eventually move toward an internet where spoofing attacks become mathematically impossible rather than just difficult, creating a fundamentally more secure digital world built on the weird quirks of quantum physics.
Edited by Andrew Hayward
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
