LondonIBM’s 127-qubit Brisbane processor generated certifiable randomness without a photonic rig.
Parameterized quantum circuits passed the National Institute of Standards and Technology SP 800-22 benchmark for cryptographic key material.
IBM is offering the capability as a service through its Quantum cloud.
Sources: Nature
WHY RANDOMNESS IS HARD
Classical computers are deterministic — given the same input, they produce the same output. Every random number generator on a classical machine is actually pseudorandom: a deterministic algorithm seeded by something that looks random (mouse jitter, thermal noise, network timing). If an attacker can guess the seed, they can reproduce every key you ever generated.
THE QUANTUM ADVANTAGE
A qubit in superposition collapses to 0 or 1 on measurement with probabilities set by the laws of physics. The randomness is not algorithmic — it is ontological. There is no seed to guess, no internal state to recover, because the outcome did not exist before measurement.
WHY PHOTONICS USED TO OWN THIS
Until now, the cleanest quantum RNGs used single-photon experiments — a photon hits a beam splitter and goes left or right with 50/50 probability. The optical setup is small and room-temperature, but it is a dedicated rig: one device, one job. Superconducting qubits live in dilution refrigerators colder than deep space and were built for computation, not coin flips.
WHAT SP 800-22 ACTUALLY CHECKS
NIST's benchmark runs 15 statistical tests on a bitstream — frequency, runs, longest-run, spectral, linear-complexity, and others. Each produces a p-value; pass the suite and your output is statistically indistinguishable from true randomness. It is a necessary condition for cryptographic use, not a sufficient one — a well-tuned pseudorandom generator can also pass.
THE CALIBRATION PROBLEM
A qubit that is supposed to collapse 50/50 but actually collapses 50.3/49.7 because of a control-pulse miscalibration produces biased bits. Decoherence — the qubit leaking information to its environment before measurement — adds correlations across supposedly independent samples. The hard engineering is not generating randomness but proving the device is calibrated well enough that the randomness is what physics promised, not what noise produced.
WHY THIS MATTERS FOR POST-QUANTUM CRYPTO
The same quantum machines that will eventually break RSA can already produce the keys that replace it. Lattice-based and hash-based post-quantum schemes consume more entropy per key than RSA does — a megabyte of certified randomness per session is not unusual. Cloud-delivered quantum RNG turns a physics experiment into an API call, which is the precondition for any of this becoming infrastructure.