Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Interoperable Randomness Beacons

Overview

The Interoperable Randomness Beacons project at NIST intends to promote the availability of trusted public randomness as a public utility. This can be used for example for auditability and transparency of services that depend on randomized processes.

The project is spearheaded by the Cryptographic Technology Group in the Computer Security Division of the Information Technology Laboratory (ITL), and has counted with the participation of many collaborators over the years.


Collaborators: Ron Rivest played an important early role in motivating the creation of the project, by pointing out to NIST that a public source of randomness could be valuable for auditing voting machines. Michael Fischer was a valuable early collaborator in thinking about a theoretical framework for public randomness. Andrew Regenscheid provided valuable administrative and technical support to the project. Overall, the NIST Beacon project has motivated several outputs, by the Information Technology Laboratory (ITL) and the Physics Measurement Laboratory (PML), involving collaboration from various NIST members/associates, including Michael Bartock, Lawrence Bassham, Joshua Bienfang, Peter Bierhorst, Harold Booth, Luís Brandão, Tyler Diamond, Thomas Gerrits, Scott Glancy, Michaela Iorga, John Kelsey, Emanuel Knill, Paulina Kuo, Alan Migdall, Carl Miller, Sae Woo Nam, René Peralta, Andrew Rukhin, Krister Shalm, Michael Wayne.


Various tracks:

The current reference (2.0) for randomness beacons is the NIST Internal Report (NISTIR 8213) “A Reference for Randomness Beacons: Format and Protocol Version 2” (draft). We expect this reference document to promote the development of technology related to uses of public randomness for privacy-preserving auditability applications of societal benefit.

The publication is available free of charge from https://doi.org/10.6028/NIST.IR.8213-draft. There was a period of public comments open in 2019. You may still send comments about the publication to beacon-nistir@nist.gov. We plan to have the final version published in 2022.

 

Some features of a beacon, as defined by the new reference:

  • Periodically pulsates randomness (e.g., once a minute).
  • Each pulse has a fresh 512-bit random string, cryptographically combining entropy from at least two separate random number generators (RNGs).
  • Each pulse is indexed, time-stamped and signed.
  • Any past pulse is publicly accessible.
  • The sequence of pulses forms a hash chain.
  • Far-apart pulses can be efficiently verified via a short chain (skiplist).
  • A pre-commitment of local randomness enables securely combining randomness from multiple beacons.
Lighthouse clipart

It is challenging to implement a secure and reliable randomness beacon matching the devised reference. Ensuring a reliable production of timely randomness requires understanding the functioning of the Beacon engine and its interface with associated machinery. Enabling the retrieval of any past pulse and associated information requires implementing and maintaining a high-availability public online interface.

The NIST Randomness Beacon is available online at NIST Randomness Beacon

The following image is a high-level depiction of some components of the Beacon service. The NIST Beacon integrates a PML-developed quantum-RNG (identified in the figure as #3) based on photon detection.

Beacon diagram

A Beacon implementation does not require knowing who are the actual users of the published randomness. The Beacon service only interacts with users via the public query-reply web-interface.

The Beacon engine has limited interactions accepting input from the outside:

  • it interacts with a time server for the purpose of clock synchronization;
  • it may use publicly verifiable "external values" for proving that some pulses could have not been pre-computed before certain time-marks.

List of Beacons in the process of implementing the new reference for randomness Beacons.

We would like others to join … and we expect this list to continue growing.

We plan to develop guidance about the usage of Beacon-issued randomness. A few examples are given in the reference for randomness beacons.

Example applications of Beacon randomness:

  • Select test and control groups for clinical trials.

  • Select random government officials for financial audits.

  • Assign court cases to random judges.

  • Sample random lots for quality-measuring procedures.

  • Provide entropy to digital lotteries.

Some generic goals:

  • Enable public verifiability of random sampling.

  • Prevent auditors from biasing selections (or being accused of it) and auditees from knowing the selections in advance.

The project is also interested in assisting complementary initiatives of research and development about trusted randomness, e.g., about quantum random-number generators (QRNG) and certifiable randomness. For example:

  • Bell-test experiments (such as those carried out by NIST-PML) allow for internal assurance (i.e., by the operators of the experimental setting) that random numbers were free from manipulation. See: Bell-test experiments (2015), and Bell-test based quantum-RNG (2018).
  • In principle, it is possible to use a quantum computer to produce externally-certifiable randomness (i.e., verifiable by observers that do not control the experimental setting). We have looked at how to estimate entropy in one such experiment, based on sampling random quantum circuits in an adversarial setting [BP20, arxiv:2304.11119]

External links of interest

Contacts

Reach us at:
beacon@nist.gov

René Peralta
rene.peralta@nist.gov

Harold Booth

Luís T. A. N. Brandão

John Kelsey

Carl Miller

Topics

Security and Privacy: cryptography

Created June 03, 2019, Updated June 18, 2024