Verifiable randomness
from a physical source.
Every draw signed. Every result independently verifiable. Entropy extracted from photonic shot noise, validated to NIST SP 800-90B — not generated by an algorithm.
Prove any selection is fair. To anyone.
Someone doubts the result — a participant, a player, an auditor, a regulator. You can't point to your code and call it proof. Quey solves that: every selection is drawn from physical entropy using rejection sampling (never biased modulo), signed with Ed25519, and published to a verification page that anyone can check — without trusting you or us.
Physical source
Winners selected from physical entropy, not an algorithm. Independently validated.
Cryptographically signed
Every draw produces an immutable Ed25519 certificate. Once signed, nothing can be altered — not even by us.
Trustless verification
Share a link. Anyone verifies the result in their browser, with no trust in Quey required.
Also used for: provably-fair gaming · research lotteries · grant selection · audit sampling · governance sortition
Why a physical source matters
A signature proves who signed. It does not prove what was signed couldn't have been chosen.
A signed draw from a software PRNG proves who signed it — not that the result wasn't chosen. The operator controls the seed. They can generate outcomes until they find one they like, then sign and publish it. The signature is real. The fairness is not.
Quey removes the operator from the chain of causation. Our entropy comes from photonic shot noise — a physical process captured by an isolated optical sensor in total darkness. The output exists before it can be observed or influenced. No seed, no state, no replay.
The source is validated to NIST SP 800-90B, a standard designed specifically for physical entropy sources. A PRNG cannot pass this test — its min-entropy is mathematically zero. Our measured min-entropy is 0.6236 bits/bit. After SHA3-256 conditioning at a 32:1 ratio, the output achieves full statistical uniformity — verified by passing all 188 NIST SP 800-22 sub-tests.
Technology
The architecture behind our hardware entropy pipeline.
Optical Shot Noise Extraction
Our hardware node uses a high-resolution CMOS sensor enclosed in a light-tight housing. With ambient illumination eliminated, the sensor's output is dominated by photonic shot noise and dark current — stochastic physical processes that no algorithm can predict or reproduce.
We capture this raw signal at the bit level, extract the high-entropy components, and discard the rest. The result is a continuous stream of entropy whose unpredictability rests on physics, not on the secrecy of an algorithm or seed.
100% Technical Provenance
Every byte we serve is sourced from a physical sensor and conditioned in volatile memory. We do not seed PRNGs to inflate output volume. Quota limits exist precisely because supply is finite and physical.
Full NIST validation results — including SP 800-90B source min-entropy of 0.6236 bits/bit and SP 800-22 188/188 — are on the NIST Validation page, with a downloadable PDF certificate.
From Photon to Cryptographic Byte
Each captured frame goes through three deterministic stages on-device. First, LSB extraction: we keep only the least-significant bit of each pixel value, where shot-noise fluctuations dominate. Second, Von Neumann debiasing: pairs of bits are processed so that any residual bit-level bias is removed by construction (01 → 0, 10 → 1, 00 and 11 are discarded). Third, SHA3-256 conditioning: every 1024-byte block of debiased data is hashed into 32 output bytes — a NIST FIPS 202 standard, producing a security margin of ~10× the NIST minimum.
The conditioned stream is buffered on the device and relayed to our Cloud API over authenticated channels with byte-level metering.
[OK] Sensor isolation verified
[OK] Capture pipeline initialized
[INFO] LSB extraction active
[INFO] Von Neumann debiasing active
[INFO] SHA3-256 conditioning active
[OK] Entropy pool filling
[OK] API endpoints ready
[NET] Cloud sync established
[OK] Health: nominal