Randomness is a fundamental resource in modern cryptography. The generation of uniformly random bits using quantum mechanics, while still experimentally challenging, is straightforward from a purely theoretical point of view. Nevertheless, for cryptographic applications it is often crucial to ensure that the random bits generated are completely secure and uncorrelated with any potential “adversary”. For instance, one may imagine that the manufacturer of the randomness-generation device introduced “backdoor entanglement” between the device and her own lab, thereby potentially gaining access to the “random” bits generated. In this talk I will address the question of generating certifiable, fully secure random bits. I will describe a simple protocol that stretches an initial (log n)-bit random string into n random bits. The bits generated are secure, i.e. appear uniformly random from the point of view of any (quantum) adversary, based only on the verification of a simple statistical test based on the CHSH inequality. No assumptions on the randomness-generating device are made other than that is is formed of two components that do not signal to each other. These results strengthen and extend previous work by Colbeck (2009), who first introduced the task of device-independent randomness expansion, and Pironio et al. (Nature 2010), who gave the first rigorous analysis in the non-adversarial setting. The proof of security of our protocol relies on a technique, the “quantum reconstruction paradigm”, previously introduced in the analysis of the task of randomness extraction in connection with privacy amplification. I will introduce that technique and show how it is applied to the setting of randomness expansion. Based on joint work with Umesh Vazirani, arXiv:1111.6054.