Pan Jianwei's team verifies device-independent quantum key distribution for the first time in the world

 

On July 28, three articles were published simultaneously in the international topical journal Physical Review Letters (PRL) and Nature (Natrue): "Photonic demonstration of device-independent quantum key distribution" [1], "Experimental quantum key distribution with Bell's theorem proof" [2], and "Device-independent quantum key distribution system for remote users" [3].

 

The security of quantum key distribution (QKD) usually relies on the user device being well characterized according to the security model established in the security proof. In contrast, an entanglement-based protocol, device-independent quantum key distribution (DI-QKD), can guarantee security even without knowledge of the underlying quantum device. However, the implementation of DI-QKD is extremely challenging and difficult to achieve with current technology.

 

Now, three teams have independently experimentally verified DI-QKD from different aspects. among them, Pan Jianwei and his colleagues Qiang Zhang and Feihu Xu at the University of Science and Technology of China have experimentally realized the first international demonstration of DI-QKD in principle by developing device-independent theoretical protocols and constructing high-efficiency optical quantum entanglement systems, and the related research results were published online as an editor's recommendation on July 28 in Physical Review Letters.

 

 

Device-independent quantum key distribution bypasses the vulnerabilities of other quantum cryptography techniques. They work even if the device used to create, and detect, the desired quantum particles behaves differently than predicted. Image credit: University of Science and Technology of China

 

01Device-independent quantum key distribution (DI-QKD)

 

In the 1980s, physicists began to propose quantum-based encryption methods that could tamper with data to secure it. These methods exploit a special property of quantum systems: measurements on the system essentially change the properties of the system. Specifically, these protocols expose any eavesdroppers. However, researchers have been working to build devices that work exactly as the protocols specify.

 

Now, three research teams from China, Germany, and the UK have independently conducted proof-of-principle experiments with DI-QKD, and they have each demonstrated aspects of DI-QKD. In DI-QKD, information can be secured even if the device used does not behave exactly as predicted. Charles Lim, an academic at the National University of Singapore who participated in the German experiments, said [4] that these demonstrations are "a major breakthrough in cybersecurity".

 

In DI-QKD, a device repeatedly generates pairs of entangled quantum particles; Alice and Bob each take one particle from the pair; then Alice and Bob create a "key" - a string of ones and zeros - that encodes and decodes the information. They can encode and decode the information, in part by performing a series of measurements on the two resulting properties of their particles. For example, if the particle is a photon, the measured property might be its horizontal/vertical polarization; if the particle is an atom, the measured property might be the state of the atom (ground state/excited state). Since the measurement of a particle is correlated with the measurement of its entangled counterpart, Alice and Bob can generate a single shared key after some post-processing.

 

As Alice and Bob make these measurements, they intermittently verify the security of their channels using a quantum rule test based on what is known as "Bell's theorem. According to Bell's theorem, if two particles are entangled, measurements of these particles must exhibit a specific statistical correlation. In the test, Alice and Bob use a subset of measurements to generate the key; they then check whether these measurements follow the prescribed statistics. If there is a mismatch, Alice and Bob know that their particles are no longer entangled, indicating that they can no longer guarantee the security of the channel. They then discard the measurements and start the process over.

 

For the DI-QKD method, Alice and Bob do not need information about the devices that produce the particles, which means that the researchers do not need to model their devices; you can treat them as black boxes.

 

As a result, these methods sidestep the vulnerabilities of other quantum encryption protocols, some of which have even been implemented in commercial technologies, such as those offered by the Swiss company ID Quantique. in 2007, the Swiss government used ID Quantique's encryption devices to secure votes in its national elections. By 2010, however, two research teams had successfully exploited discrepancies between ID Quantique's device's operation and its theoretical description to breach the device. For example, one team used the time gap in the machine's generation of successive photons to intercept an encryption key without either Alice or Bob noticing, whereas theory requires that successive photons be generated without delay.

 

Although the researchers have mathematically proven the security of DIQKD, Qiang Zhang, a professor at the University of Science and Technology of China, said.

 

The real device is different from the mathematical model, and not fully understanding this difference could leave a back door to the attack.

 

Qiang Zhang, Professor, University of Science and Technology of China

 

Although the three experiments used similar DI-QKD methods, they have distinct differences: the Chinese experiment used entangled photons, the British experiment used entangled strontium ions; and the German experiment used entangled rubidium atoms.

 

"Each experiment has its own advantages," says Zhang Qiang, "For example, when using atoms and ions, researchers can track two particles in an entangled pair; they have no way to track two entangled photons. When one photon in a pair is lost, this raises security requirements for other experiments, which our team was able to meet. However, photons are used in many existing communication technologies. For example, it may be easier and faster to use photons to implement quantum technologies."

 

The UK experiment completed the entire DI-QKD protocol, generating a 95,000-bit encryption key in about eight hours. The German experiment generated a few thousand bits in two days, enough for a small number of keys; however, it did not complete the key due to time constraints. The Chinese experiment also did not produce a full key because the detector could not track enough entangled photon pairs to accomplish this task. Once they improved their detection efficiency, the team said their system could generate a key in just a few minutes.

 

02Chinese team: Photon-based DI-QKD achieves ≈87.5% detection efficiency

 

Schematic diagram of the experiment. (a) Entanglement source that produces entangled photon pairs. The fidelity in this experiment is 99.52 ± 0.15%; (b) single photon polarization measurement of Alice and Bob.

 

Despite the theoretically desirable results, DI-QKD is difficult to implement in current technology. In particular, the requirement for detection efficiency in photonic realizations far exceeds any reported experimental performance associated with it. In this latest study, the CSU team reports a proof-of-principle experiment for DIQKD based on a photonic setup in the asymptotic limit. For the experiment, the team developed a high-quality polarization-entangled photon source that achieves an up-to-date (predicted) detection efficiency of about 87.5%.

 

The results show that the measured quantum correlations are strong enough and ensure positive key rates even at fiber lengths up to 220m. The latest photonic platform in the experiment can generate entangled photons at high rates within telecommunication wavelengths, which is ideal for high-speed generation over long distances.

 

These results also represent an important step toward a full-scale demonstration of photonic-based DI-QKD.

 

03UK team: theoretical proof of cryptographic security of DIQKD

 

DI-QKD based on trapped ions

 

Encryption key exchange protocols have traditionally relied on computational conjectures such as prime factorization to provide security against eavesdropping attacks. Notably, quantum key distribution protocols (such as the Bennett-Brassard scheme) provide information-theoretic security against such attacks, a more robust form of security that cannot be achieved by classical means.

 

However, the quantum protocols implemented so far are subject to a new class of attacks: these attacks exploit a mismatch between the implemented quantum state or measurement and its theoretical modeling.

 

The team therefore implemented a complete DI-QKD protocol: the new protocol is immune to these vulnerabilities and follows Ekert's seminal "Bell's Theorem" proposal to use entanglement to constrain an adversary's information. By combining theoretical developments with an improved fiber optic link, the team generated entanglement between two trapped ion quantum bits, resulting in 95,628 keys with device-independent security out of 1.5 million Bell pairs created in an eight-hour runtime. In addition, the team took steps to ensure that eavesdroppers could not access information about the measurements.

 

The results show that the cryptographic security of DI-QKD can be demonstrated under general assumptions, which paves the way for further quantum information applications based on the principle of device independence.

 

04German team: Realization of DI-QKD with 700 m fiber length

 

The German team presents an experimental system that enables DIQKD between two remote users. the experiment is based on the generation and analysis of entanglement between two independently captured single rubidium atoms located in buildings 400 meters apart.

 

Schematic diagram of the DI-QKD scheme. each side of Alice and Bob holds QKD devices, which are connected through a quantum channel. The devices receive inputs X and Y, and output A and B, respectively, in response. In order to run the protocol, each party needs a trusted input and a trusted local storage unit to store the outputs and inputs. In addition, during post-processing, both parties need a trusted authenticated common channel to exchange information.

 

Schematic diagram of the DI-QKD in this experiment. (a) The Alice device consists of a single-atom trap and a Bell state measurement facility (BSM). bob uses a second single-atom trap as well as a beam splitter (BS) and a single photon detector (SPD). (b) Map showing the locations of the two laboratories in Munich.

 

The results of this secure key exchange pave the way for the final form of quantum-secure communication in future quantum networks.

 

05Demonstrations are extremely valuable, practical applications still need time

 

In all experiments, Alice or Bob were far less than one kilometer apart. The Chinese team was 20-220 meters apart, the German team was 400 meters apart, and in the UK team was only 2 meters apart.

 

 

Antonio Acín of the Spanish Institute of Photonic Sciences, who was not involved in the three experiments, said, "Due to distance limitations, these demonstrations have not yet shown that DI-QKD can be a practical technology."

 

Charles Lim, who participated in the German experiments, said, "To do this, researchers need to demonstrate the feasibility of these methods on the kilometer and distance scales. They also need methods that can generate keys faster."

 

Given these engineering challenges, Zhang Qiang believes that commercial DI-QKD encryption is unlikely to emerge anytime soon. But he still sees value in the new demonstrations. "These experiments show that you can use some devices you don't trust and still generate a secure key."

 

Reference link：

[1]https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.129.050502

[2]https://www.nature.com/articles/s41586-022-04941-5

[3]https://www.nature.com/articles/s41586-022-04891-y

[4]https://physics.aps.org/articles/v15/116