A Key Role for Quantum Entanglement

In the cryptographic algorithms underlying, for instance, RSA — one of the most widely used cryptographic systems — key distribution is based on the (unproven) conjecture that certain mathematical functions are easy to compute but hard to revert. More specifically, RSA relies on the fact that for today’s computers it is hard to find the prime factors of a large number, whereas it is easy for them to multiply known prime factors to obtain that number. Secrecy is therefore ensured by mathematical difficulty. But what is impossibly difficult today might be easy tomorrow. Famously, quantum computers can find prime factors significantly more efficiently than classical computers. Once quantum computers with a sufficiently large number of qubits become available, RSA encoding is destined to become penetrable.

But quantum theory provides the basis not only for cracking the cryptosystems at the heart of digital commerce, but also for a potential solution to the problem: a way entirely different from RSA for distributing cryptographic keys — one that has nothing to do with the hardness of performing mathematical operations, but with fundamental physical laws. Enter quantum key distribution, or QKD for short.

Quantum-Certified Security
In 1991, the Polish-British physicist Artur Ekert showed in a seminal paper that the security of the key-distribution process can be guaranteed by directly exploiting a property that is unique to quantum systems, with no equivalent in classical physics: quantum entanglement. Quantum entanglement refers to certain types of correlations in the outcomes of measurements performed on separate quantum systems. Importantly, quantum entanglement between two systems is exclusive, in that nothing else can be correlated to these systems. In the context of cryptography this means that sender and receiver can produce between them shared outcomes through entangled quantum systems, without a third party being able to secretly gain knowledge about these outcomes. Any eavesdropping leaves traces that clearly flag the intrusion. In short: the legitimate parties can interact with one another in ways that are — thanks to quantum theory — fundamentally beyond any adversary’s control. In classical cryptography, an equivalent security guarantee is provably impossible.

Over the years, it was realized that QKD schemes based on the ideas introduced by Ekert can have a further remarkable benefit: users have to make only very general assumptions regarding the devices employed in the process. By contrast, earlier forms of QKD based on other basic principles require detailed knowledge about the inner workings of the devices used. The novel form of QKD is now generally known as ‘device-independent QKD’, and an experimental implementation thereof became a major goal in the field. Hence the excitement as such a breakthrough experiment has now finally been achieved.

Culmination of Years of Work
The scale of the challenge is reflected in the breadth of the team, which combines leading experts in theory and experiment. The experiment involved two single ions — one for the sender and one for the receiver — confined in separate traps that were connected with an optical-fibre link. In this basic quantum network, entanglement between the ions was generated with record-high fidelity over millions of runs. Without such a sustained source of high-quality entanglement, the protocol could not have been run in a practically meaningful manner. Equally important was to certify that the entanglement is suitably exploited, which is done by showing that conditions known as Bell inequalities are violated. Moreover, for the analysis of the data and an efficient extraction of the cryptographic key, significant advances in the theory were needed.

Professor Renato Renner from the Institute for Theoretical Physics at ETH Zurich contributed to the theoretical advances that made this work possible For him, the now-achieved experimental demonstration is a culmination of a decade of systematic progress. In that body of work, his group and others developed the fundamental understanding and practical methods for proving the security of quantum-cryptographic schemes under realistic conditions, such as the presence of noise and imperfections. With these tools at hand, the team was able to obtain a precise bound of how much information might leak to any adversary. Intriguingly, once the leakage is below a certain threshold value, the bound can be made arbitrarily low through suitable post-processing. For the experiment now reported, it was therefore central to successfully proving that this threshold was indeed reached.

In the experiment, the ‘legitimate parties’ — the ions — were located in one and the same laboratory. But there is a clear route to extending the distance between them to kilometres and beyond. With that perspective, together with further recent progress made in related experiments in Germany and China, there is now a real prospect of turning the theoretical concept of Ekert into practical technology.