NIST logo
Bookmark and Share

NIST Randomness Beacon


NIST is implementing a prototype source of public randomness. The prototype (at uses two independent commercially available sources of randomness, each with an independent hardware entropy source and SP 800-90-approved components.

The Beacon is designed to provide unpredictability, autonomy, and consistency. Unpredictability means that users cannot algorithmically predict bits before they are made available by the source. Autonomy means that the source is resistant to attempts by outside parties to alter the distribution of the random bits. Consistency means that a set of users can access the source in such a way that they are confident that they all receive the same random string.


The Beacon will broadcast full-entropy bit-strings in blocks of 512 bits every 60 seconds. Each such value is time-stamped and signed, and includes the hash of the previous value to chain the sequence of values together. This prevents all, even the source, from retroactively changing an output packet without being detected. The beacon keeps all output packets and makes them available online. 

DRBG Beacon System Diagram

Tables of random numbers have probably been used for multiple purposes at least since the Industrial Revolution. The first published table appears to be by the English statistician L.H.C. Tippett. In the digital age, algorithmic random number generators have largely replaced these tables. The NIST Randomness Beacon expands the use of randomness to multiple scenarios in which the latter methods cannot be used. The extra functionalities stem mainly from three features. First, the Beacon-generated numbers cannot be predicted before they are published. Second, the public, time-bound, and authenticated nature of the Beacon allows a user application to prove to anybody that it used truly random numbers not known before a certain point in time. Third, this proof can be presented offline and at any point in the future. For example, the proof could be mailed to a trusted third party, encrypted and signed by an application, only to be opened if needed and authorized.

NIST encourages the community at large to research and publish novel ways in which this tool can be used. A few examples of applications are described below:

A Quantum Source:

Commercially available physical sources of randomness are adequate as entropy sources for currently envisioned applications of the Beacon. However, demonstrably unpredictable values are not possible to obtain in any classical physical context. Given this fact, our team established a collaboration with NIST physicists from the Physical Measurement Laboratory (PML). The aim is to use quantum effects to generate a sequence of truly random values, guaranteed to be unpredictable, even if an attacker has access to the random source. In August 2012, this project was awarded a multi-year grant from NIST's Innovations in Measurement Science (IMS) Program. IMS awards highly competitive projects designed to explore high-risk, leading-edge research concepts that anticipate future measurement and standards needs of industry and science. For more information on this collaboration see

Loophole Free Bell Test
A space-time diagram of the quantum randomness setup is shown. A source emitting a pair of entangled photons is shown at the bottom with distance indicated on the horizontal axis and the evolution of time on the vertical axis. A pair of photons are emitted from the source at time=0 (bottom) and they travel at the speed of light (the blue lines at +45 deg and – 45 deg). The region between the + & - 45 deg lines indicates the region of space-time that can be influenced by an event that happens where the lines start. In this case the event is the creation of the photon pair. This limit of influence, often referred to as a light cone, results from the fact that information about an event cannot possibly travel faster than the speed of light. This light cone can be thought of as a natural security perimeter whose security is enforced by the laws of physics and thus no hacking amount of hacking skill could ever breach it. At "i?" and "j?" selections are made as to which of two questions to ask each of the particles. The measurements "A" If those selections are unknown when the pair of photons are created and also also unknown to the decision selection on the other side of the experiment then it is possible to verify that the photon pair source has not been spoofed or tampered with. The light cone emanating from the photon pair creation (indicated by the green region) not containing the events "i?" or "j?" and the light cones emanating from "i?" or "j?" each not containing the measurement choice or measurement result on the other side means that they could not have been influenced by the others and thus the security of protocol is guaranteed by the laws of physics and if one believes that those laws are absolute so is the security.
Each circle represents an event that happens at a particular time and location. The different types of events depicted are:
(Source) Pair of entangled photons are created
("i?" or "j?") Choice is made for which measurement question to ask on particle A (i=1 or 2) and particle B(j=1 or 2)
("i?_set" or "j?_set") Measurement apparatus is set to ask the chosen question(A(i) or B(j)) Particles A and B are asked the questions A(i), B(j) chosen for them
(a or b) Determination of the measurement results by the apparatus

End Date:


Lead Organizational Unit:



Rene Peralta

Mike Bartock
Larry Bassham
Joshua Bienfang
Harold Booth
Prof. Michael Fischer 
(Yale University Computer Science Dept)
Scott Glancy
Dr. Michaela Iorga
Stephen Jordan
John Kelsey
Emanuel Knill
Paulina Kuo
Yi-Kai Liu
Alan Migdall
Sae Woo Nam
Andrew Rukhin
Murugiah Souppaya
Xiao Tang