ETH Zurich’s “Perfect Randomness”: What Actually Happened

A genuine milestone in the physics of randomness, and already being miscast by parts of the trade press as a fix for the quantum threat. Here is the precise version.

May 27, 2026 – On 27 May, a team at ETH Zurich published a result in Nature under a headline that would look at home in the vendor brochures the QRNG buyer’s guide warns about: perfect randomness, realised for the first time. Days earlier, that guide went live with an entry on why no honest vendor should call a product’s output “perfect.” The timing is almost too good.

Here is the resolution. The ETH result is real, the word “perfect” is earned in a narrow and specific sense, and the work sharpens the buyer’s guide argument. It is also nothing you can buy, and nothing that changes your migration plan. Both halves of that are worth saying out loud, because the early coverage is already losing one of them.

Stated precisely, the team demonstrated the first experimental device-independent randomness amplification: take a weak, biased, partly predictable stream of bits, and distill from it output bits that are certifiably unbiased, with the certificate resting on a Bell test rather than on any trust in the hardware.

What ETH Zurich Built

The experiment, led by Renato Renner and Andreas Wallraff with Anatoly Kulikov as first author, runs on two superconducting transmon qubits, each held in its own dilution refrigerator at about 15 millikelvin. The two refrigerators sit 30 metres apart, joined by a cryogenically cooled microwave link, and a single microwave photon passing between them creates the entanglement the protocol needs. That 30-metre gap is load-bearing, not decoration: it ensures that during each measurement no signal moving at light speed can travel from one qubit to the other, which closes the locality loophole and lets the Bell violation carry the meaning it is supposed to carry.

The numbers, for those who want them. The setup reached a CHSH value of 2.271, and the measurement-dependent locality value the protocol relies on came in at 0.00296, both holding steady across the run. The weak input came from laser-phase-diffusion quantum random number generators characterised to a bias at or below 0.75 percent. Across roughly nine hours and about 1.34 billion trials at a 50 kHz repetition rate, the protocol consumed around 5.4 gigabits of low-quality input and returned 45,025,658 output bits certified unbiased, at a failure probability of 10⁻¹². That certified output rate is in the same range as NIST’s current public randomness beacon.

Two properties are easy to skate past and worth pinning down. The guarantee is information-theoretic, resting on physics and the measured Bell violation rather than on any assumption that some computation is hard to reverse. That sets it apart from the past year’s computational certified-randomness work, such as the trapped-ion demonstration from Quantinuum and JPMorgan, which leans on the presumed difficulty of a random-circuit-sampling problem. And the protocol is device-independent, meaning it treats the quantum box as untrusted and certifies the output regardless of what sits inside. That is precisely the property most rack-mounted “self-certifying” QRNGs claim and, as the guide explains, do not have.

Amplification, Not Expansion: Why It Counts as a Milestone

The load-bearing word is amplification, and it needs separating from a cousin that several groups have already shown. Randomness expansion begins with a small seed of perfect random bits and stretches it into a longer perfect stream. Useful, but it presumes you already hold some perfect randomness. Randomness amplification presumes you hold none. It starts from a source that is only better than nothing, biased and correlated and partly guessable, and yields perfect output regardless.

That gap is the achievement, because amplification cannot be done classically. This is not a question of engineering or speed. It was proven impossible in 1986 by Santha and Vazirani, who showed that no classical procedure can turn a single weak random source into a uniform one. Quantum mechanics can, a possibility Colbeck and Renner established in theory in 2012. What the ETH team did was drag that theorem off the page and into a working machine, which demanded a loophole-free Bell test running at high violation and high repetition rate at the same time, a regime no one had reached. It is a clean instance of quantum advantage: a task quantum physics performs that classical physics provably cannot.

The Word I Told You to Distrust

So how does “perfect randomness” sit alongside a buyer’s guide that files the same phrase under red flags? Comfortably, once you notice who each statement addresses. The guide’s objection is to vendors stamping “perfect” on a rack-mounted product whose detectors drift, whose beam splitter is never exactly even, and whose conditioning quietly does work the datasheet omits. In that setting the word means nothing. The ETH paper uses “perfect” in a different and defensible way: a particular output string, certified to zero bias within a stated failure probability, backed by a physical certificate. One is an adjective in a sales deck. The other is a bounded, peer-reviewed claim about a string generated once, under control, in a laboratory.

ETH’s own illustration makes the stakes concrete with a photograph of a sheep. Encrypted with ordinary randomness, faint traces of the animal still show through the noise. Encrypted with the certified output, the image collapses into static with nothing left to recover. That is what zero bias buys: no residual structure for an adversary to pull on.

The paper then does something I did not expect from a Nature physics article: it states the buyer’s guide thesis almost verbatim. Unpredictability, the authors note, is a property of the process that produces a bitstring, not of the string itself, and so it “cannot be verified through statistical tests.” They run the NIST and Diehard suites on their output regardless, as a consistency check, while saying outright that passing proves nothing about unpredictability. Anyone who read the guide’s section on why passing the tests does not prove randomness has already met the argument. Seeing it restated by the team behind the most rigorous randomness experiment to date is its own kind of confirmation.

Renner’s way of describing the difficulty maps onto the same physics the guide leans on. He observes that you cannot build a flawless coin or die, since one face always lands a little more often, and that even beam-splitter quantum generators are not immune to that bias. That is the Born rule lesson in one line: the quantum event is unpredictable, but the apparatus measuring it is imperfect hardware, and the gap between the two is where bias lives.

What It Is Not

Now the part the trade press is already fumbling. Inside a day of the embargo lifting, I watched outlets bolt this result onto “unbreakable cryptography” and shelve it under QRNG product news. It is neither.

It is not a product. It is two dilution refrigerators thirty metres apart, chilled to a whisper above absolute zero, producing tens of megabits of certified output over nine hours. The rate sits in beacon territory, far below what a key-management system or a TLS terminator burns through. Nobody is mounting this in a rack next quarter.

Nor is it a fix for the quantum threat. Amplified randomness does nothing about Shor’s algorithm, nothing about harvest now, decrypt later, nothing about the RSA and elliptic-curve keys a future quantum computer will break. Better randomness was never the answer to that problem; migrating to post-quantum algorithms is. If a vendor waves this paper at you as proof that their quantum box secures your network, that is the same category error the guide spends its length taking apart. This work sits upstream of the entropy source. It is not a substitute for the cryptography downstream of it.

What It Could Become

None of which diminishes the result. It places it where foundational physics usually starts: well upstream of the products that will one day rest on it. The most plausible near-term use is the one Renner points to, a public source of certified randomness, an atomic clock for unpredictability that other systems can draw on and trust. That is the role NIST’s emerging CURBy beacon is being built to play, and the guide already flagged it as the device-independent reference to watch. An amplifier that needs only a noisy seed, never a perfect one, is a natural fit underneath a service like that.

So file it where it belongs. It is a milestone in the physics of randomness, a clean demonstration that quantum mechanics can do something classical mechanics cannot, and a direct confirmation that unpredictability lives in the source and not the output. It is not a procurement decision, and it does not move your roadmap. Both are true at once, which is exactly why this result is worth understanding precisely rather than celebrating loosely.