The universe itself did not know the answer until measurement happened
For forty years, a mathematical proof stood as an immovable boundary: classical systems cannot purify randomness, only inherit its flaws. Researchers at ETH Zürich have now crossed that boundary using quantum entanglement, demonstrating that the act of measuring a particle — creating information that did not exist before — can transform weakly biased data into randomness that is mathematically guaranteed to be unpredictable. Published in Nature, the work does not merely improve a tool; it resolves a foundational vulnerability that has quietly undermined digital security since the earliest days of modern cryptography.
- A one-percent bias in a random number generator is invisible to human intuition but sufficient for an attacker to dramatically narrow the search space for any encryption key it produces.
- The Santha-Vazirani theorem, unbroken since 1986, declared this unfixable by classical means — making the ETH Zürich team's quantum demonstration a genuine rupture in a four-decade consensus.
- By separating entangled particles 30 meters apart and using Bell test scores to certify the quantum nature of their measurements, the researchers closed every classical loophole and achieved a failure probability of one in a trillion.
- The protocol currently produces only 1,400 certified random bits per second — roughly 85,000 times slower than commercial generators — making it a proof of principle rather than a ready replacement.
- The most immediate path forward is a public randomness beacon for financial systems and blockchain, though the team is clear that this advance does nothing to shield data from future quantum computing attacks, a separate and still-urgent problem.
Modern encryption quietly depends on randomness that is rarely as random as it appears. A coin biased by even one percent looks fair to the eye, but that invisible skew gives a determined attacker enough leverage to collapse the security of an encryption key. This vulnerability was formalized in 1986 by Santha and Vazirani, who proved mathematically that no classical algorithm can correct a biased random source — the flaw passes through, no matter how elaborate the processing.
Researchers at ETH Zürich have now broken that forty-year barrier. Publishing in Nature, they showed that quantum entanglement can amplify weakly random data into certified perfect randomness. The key insight is that measuring an entangled particle generates information that did not exist before the measurement — meaning no adversary, and not even the universe itself, could have predicted the outcome in advance.
The experiment entangled two particles placed 30 meters apart, far enough to rule out any light-speed communication between them. Biased random bits were used to choose how each particle was measured. The resulting Bell violation score of 2.271 — above the classical ceiling of 2 — confirmed that quantum mechanics, not classical physics, was responsible for the outcomes. A mathematical tool called a two-source extractor then combined the quantum measurements with the original biased bits, canceling both sets of bias against each other. After processing billions of bits across nine hours of trials, the team extracted 45 million bits of certified perfect randomness.
The protocol is device-independent, meaning its security certificate is the Bell test score itself — no trust in the hardware manufacturer is required. The failure probability is one in a trillion. But the system's current output of 1,400 bits per second, against commercial generators' one billion, marks it as a demonstration rather than a deployment-ready tool.
The researchers envision a public randomness beacon as the nearest practical application — broadcasting certified random bits for use in financial transactions, blockchain systems, and military encryption. What the breakthrough cannot do is protect data against future quantum computers; that challenge demands migration to post-quantum algorithms entirely. What it has done is prove that a wall mathematicians considered permanent was, in fact, a door.
For decades, digital security has rested on a fragile assumption: that the random numbers used to generate encryption keys are actually random. They almost never are. A coin that lands heads 51 percent of the time instead of 50 looks random to the naked eye, but that one-percent bias is enough for an attacker with the right tools to skip billions of guesses and crack a password. This is the Achilles heel of modern cryptography, and it has haunted computer scientists since 1986, when Miklós Santha and Umesh Vazirani proved mathematically that classical computers cannot fix the problem. Feed a biased coin into any algorithm, and the output will remain just as biased, no matter how sophisticated the processing.
Now researchers at ETH Zürich have broken that 40-year-old barrier using quantum physics. In a study published in Nature, they demonstrated for the first time that quantum entanglement can amplify weakly random data into certifiably perfect randomness—the kind that can be mathematically guaranteed to remain unpredictable forever. The breakthrough hinges on a counterintuitive property of quantum mechanics: the act of measuring an entangled particle creates information that did not exist before the measurement happened. Because no one could have known the outcome in advance, the measurement outcome itself becomes a source of genuine randomness.
The team's experiment was elegantly simple in concept but demanding in execution. They entangled two particles and placed them 30 meters apart—far enough that they could not communicate with each other at the speed of light, eliminating any possibility of cheating. They then used biased random bits to decide how to measure each particle. When they calculated the Bell violation score, a measure of how strongly the particles were entangled, they got 2.271. This was above the classical limit of 2, proving that quantum physics, not classical physics, was at work. The highest score quantum mechanics allows is 2.82; the closer to that ceiling, the stronger the evidence that the universe itself did not know the answer until the moment of measurement.
But measuring entangled particles is not enough. The researchers needed to combine their quantum-generated randomness with the original biased bits using a mathematical tool called a two-source extractor. The extractor's trick is elegant: if an attacker has a slight advantage in predicting one string of data and a slight advantage in predicting another, the extractor cancels both biases out, provided the two strings are independent. In their tests, the team processed 5.3 billion biased bits and 2.6 billion bits from their quantum measurements, running 1.3 billion trials at 50,000 iterations per second over nine hours. At the end, they had 45 million bits of certified perfect randomness. The rest was discarded as noise.
The protocol is device-independent, a gold standard in security that means you do not need to trust the person who built the hardware or fully understand how the machine works. The Bell test score itself serves as the certificate of randomness. According to the team's security analysis, the protocol has a failure probability of one in a trillion—roughly equivalent to flipping a coin and getting heads 40 times in a row. This is acceptable for practical applications, though mathematically impossible to reduce to zero.
Yet the breakthrough comes with real limitations. The apparatus produces only 1,400 bits of certified randomness per second, compared to one billion bits per second from commercial generators. For every 119 weakly random bits consumed, it outputs just one certified random bit. The system is complex, resource-intensive, and far too slow to replace existing random-number generators in the near term. But that is not the point. What matters is that the Santha-Vazirani limit—the mathematical wall that stood for four decades—has been broken. The work proves that quantum physics can do what classical physics provably cannot: amplify imperfect randomness into perfect randomness, and certify that amplification in a way that requires no trust in the hardware.
The researchers have proposed one immediate application: a public randomness beacon, a service that broadcasts certified random bits for financial transactions, blockchain protocols, military encryption, and research. The U.S. National Institute of Standards and Technology already runs such a service, releasing 512 random bits every 60 seconds. But there is a caveat worth noting: better randomness will not protect encrypted data against attacks from future quantum computers. That problem requires a different solution entirely—migration to post-quantum algorithms. Still, for the cryptographic challenges of today, this breakthrough opens a door that was thought to be permanently sealed.
Notable Quotes
The resulting sequence of zeros and ones is now really perfectly random, and we can even certify that. The certificate is the Bell test score.— Renato Renner, Institute for Theoretical Physics, ETH Zürich
The new element is the experimental demonstration of device-independent randomness amplification: starting with a weak, imperfect source of randomness and using quantum correlations to certify output bits that are unbiased.— Urbasi Sinha, Quantum Information and Computing lab, Raman Research Institute
The Hearth Conversation Another angle on the story
Why does it matter that we can amplify randomness? Don't we already have random-number generators?
We do, but they're all slightly biased. That bias is small—maybe one percent—but an attacker with enough computing power can exploit it. The Santha-Vazirani limit says a classical computer can never remove that bias, no matter what you do to the data.
And quantum physics breaks that rule?
Yes. When you measure an entangled particle, you create information that didn't exist before. No one could have predicted it in advance. So the measurement outcome itself is genuinely random, and you can prove it using a Bell test.
How do you prove it?
You measure two entangled particles separated by 30 meters and calculate how strongly they're correlated. If the score is above 2, you've proven quantum physics is involved. Classical physics has a hard ceiling at 2. The team scored 2.271.
So you've got quantum randomness now. Why combine it with the biased bits?
Because you need a lot of randomness, and quantum measurements are slow. The extractor blends the two sources in a way that cancels out both biases. If an attacker can predict one string slightly, and the other string slightly, they can't predict the combination at all.
What's the catch?
Speed and efficiency. The system produces 1,400 bits per second versus one billion from commercial generators. And it's wasteful—you need 119 weakly random bits to get one certified random bit. But the quality is unmatched. You can mathematically guarantee the output will remain random forever.
Will this replace current systems?
Not soon. It's too slow and complex. But it proves something was thought impossible: that quantum physics can fix what classical physics cannot. That's the real breakthrough.