The art of cryptography is to skilfully transform messages so that they become meaningless to everyone but the intended recipients. Modern cryptographic schemes, such as those underpinning digital commerce, prevent adversaries from illegitimately deciphering messages — say, credit-card information — by requiring them to perform mathematical operations that consume a prohibitively large amount of computational power.
However, for several decades now, ingenious theoretical concepts have been introduced in which security doesn’t depend on an eavesdropper’s finite number-crunching capabilities. Instead, the basic laws of quantum physics limit how much information, if any, an adversary can ultimately intercept.
In one such concept, called quantum key distribution, security can be guaranteed with only a few general assumptions about the physical apparatus used yet practically, it has remained out of reach. Now, writing in Nature, an international team of researchers from EPFL’s School of Computer and Communication Sciences, ETH Zurich, the University of Geneva, the University of Oxford and the Université Paris-Saclay report the first demonstration of this sort of protocol — taking a decisive step towards practical devices offering such exquisite security.
The key is a secret
Secure communication is all about keeping information private. It might be surprising, therefore, that in real-world applications large parts of the transactions between legitimate users are played out in public. The key is that sender and receiver do not have to keep their entire communication hidden.
In essence, they only have to share one ‘secret’; in practice, this secret is a string of bits, known as a cryptographic key, that enables everyone in its possession to turn coded messages into meaningful information. Once the legitimate parties have ensured that they, and only they, share such a key, pretty much all the other communication can happen in plain view. The question, then, is how to ensure that only the legitimate parties share a secret key. The process of accomplishing this is known as ‘key distribution’.
The cryptographic algorithms underlying, for instance, RSA — one of the most widely used cryptographic systems —relies on the fact that for today’s computers it is hard to find the prime factors of a large number, whereas it is easy for them to multiply known prime factors to obtain that number. Secrecy is therefore ensured by mathematical difficulty. But what is impossibly difficult today might be easy tomorrow. Famously, quantum computers can find prime factors significantly more efficiently than classical computers. Once quantum computers with a sufficiently large number of qubits become available, RSA encoding is destined to become penetrable.
But quantum theory provides the basis not only for cracking the cryptosystems at the heart of digital commerce, but also for a potential solution to the problem: a way entirely different from RSA for distributing cryptographic keys — one that has nothing to do with the hardness of performing mathematical operations, but with fundamental physical laws. Enter quantum key distribution, or QKD for short.
“Over the years, it has been realized that QKD schemes can have a remarkable benefit: users have to make only very general assumptions regarding the devices employed in the process. The newest form of QKD is now generally known as ‘device-independent QKD’, and an experimental implementation of this became a major goal in the field. That’s why it is exciting that such a breakthrough experiment has now finally been achieved,” said Professor Rüdiger Ubanke, Dean of the IC School who, together with PhD student Kirill Ivanov, is one of the paper’s authors.
Culmination of years of work
The experiment involved two single ions — one for the sender and one of the receiver — confined in separate traps that were connected with an optical-fibre link. In this basic quantum network, entanglement between the ions was generated with record-high fidelity over millions of runs. Without such a sustained source of high-quality entanglement, the protocol could not have been run in a practically meaningful manner. Equally important was to certify that the entanglement was suitably exploited. For the analysis of the data, as well as for an efficient extraction of the cryptographic key and to ensure optimal operation during the experiment, significant advances in theory were needed.
In the experiment, the ‘legitimate parties’ — the ions — were located in one and the same laboratory. But there is a clear route to extending the distance between them to kilometres and beyond. With that perspective, together with further recent progress made in related experiments in Germany and China, there is now a real prospect of turning theoretical into practical technology.