CURBy: A quantum random number generator you can verify
NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness Beacon (CURBy), the system offers a daily stream of certifiable random numbers generated through a process that no one can predict or manipulate.
Instrumentation for the quantum random number generator (Source: NIST)
For security professionals, randomness is essential. But most systems use pseudo-random numbers, which are generated by algorithms and can be predicted or influenced. Even physical randomness, like coin flips, can show bias. “True randomness is something that nothing in the universe can predict in advance,” said Krister Shalm, a physicist at NIST.
This isn’t just a lab experiment. “We really wanted to take that experiment out of the lab and turn it into a useful public service,” he added. CURBy now runs continuously, producing thousands of sets of random bits each month. In its first 40 days, the system successfully generated random numbers in 7,434 out of 7,454 attempts, a 99.7 percent success rate.
Here’s how it works. A pair of entangled photons is created in a special nonlinear crystal. Each photon travels through optical fiber to separate labs. When they arrive, their polarizations are measured. This process is repeated 250,000 times per second. The raw data goes to a computer at the University of Colorado Boulder, where it is processed into 512-bit strings of binary numbers. These results are published online for anyone to use.
The team also built in transparency. Every step of the randomness generation process can be verified using a tool called the Twine protocol. It’s a kind of quantum-compatible blockchain. Each set of random bits is marked with a hash, a digital fingerprint that links it to earlier data and allows anyone to trace its origin.
The system is designed to grow. Other beacons could eventually join the network, contributing randomness that’s certified and publicly auditable. “The quality and origin of these random bits can be directly certified in a way that conventional random number generators are unable to,” Shalm explained.
For the cybersecurity world, CURBy could offer a new level of trust. Instead of relying on black-box hardware or proprietary software, organizations can use a transparent, government-backed source of randomness based on the laws of quantum physics.
Graduate student Gautam Kavuri, who worked on the project, sees value in the open-source nature of the work. “I wanted to build something that is useful. It’s this cool thing that is the cutting edge of fundamental science,” he said. “NIST is a place where you have that freedom to pursue projects that are ambitious but also will give you something useful.”
CURBy’s output can be used in cryptographic applications, public lotteries, audits, or anywhere that fairness and unpredictability matter. It’s free, it’s public, and thanks to quantum physics, it’s as close to truly random as anything science can offer.