A quantum protocol designed to prevent hackers from stealing secret keys has been implemented across a 200 km fibre-optic link – which is four times further than previous incarnations of the scheme. This latest implementation of the “measurement-device-independent quantum-key distribution” (MDIQKD) protocol can also transmit keys more than 500 times faster than previous set-ups.

Quantum cryptography involves two people – Alice and Bob – sharing a secret key that they can use to encode and decode messages. The key is encoded into a string of quantum particles, such as polarized photons, so that any eavesdropper – Eve – attempting to copy the key as it passes from Alice to Bob reveals her presence by virtue of the laws of quantum mechanics – which dictate that the act of measuring affects the system being measured.

While this quantum-key distribution (QKD) is completely secure in principle, imperfections in the equipment used to implement it make QKD vulnerable to hackers. In 2011, for example, physicists in Norway and Singapore showed that the single-photon detector used by Bob can be “blinded” with bright light so that it works as a classical rather than a quantum device. This allows Eve to intercept keys without Bob or Alice noticing.

Bad patches

While commercial QKD systems are now resilient to blinding – and all other weaknesses identified to date – this has involved a number of “patches”, which leave the systems vulnerable to future, unknown attacks. In the latest work, a group from the University of Science and Technology of China in Hefei led by Jian-Wei Pan and Qiang Zhang has demonstrated a QKD protocol that aims for immunity against both known and unknown threats, by taking the detector out of Bob’s hands.

Rather than Alice sending photons to Bob, both send streams of photons to an untrusted third party – who could even be Eve – to carry out a public measurement. Alice and Bob prepare their photons so that they are randomly polarized in one of four possible states – horizontally, vertically, or along one of two opposing diagonals – and Eve then measures the interference from each pair of incoming particles. If she hears a click she knows that Alice’s photon is anti-correlated with Bob’s, but she cannot know what specific states those photons are in, whereas the two senders can work out the state of their partner’s photon simply by knowing the state of their own. Alice and Bob then publically compare a fraction of their bit strings to see how many errors Eve has made – if she has made too many they know that she has been lying.

Splices and interconnectors

The MDIQKD protocol was proposed by Hoi-Kwong Lo of the University of Toronto and colleagues in 2012, and has since been demonstrated by several groups including Lo’s and Pan’s. However, these previous tests involved low transmission rates – up to 0.1 bit/s – and were carried out across just a few tens of kilometres.

Now, Pan and colleagues have upped the bit rate by more than a factor of 500 along a lab-based spooled fibre-optic cable some 200 km long. They also field-tested using a 30 km underground cable-television fibre in Hefei. This only managed 17 bit/s because of losses at cable splices and interconnectors.

To get to higher bit rates, Pan’s group increased the pulse rate of the two transmitting lasers. This was a major challenge because pulses from the two devices must remain indistinguishable, having the same pulse shape and frequency spectrum as well as arriving simultaneously. The group also increased the efficiency of its single-photon detector.

Not all is lost for hackers

Vadim Makarov, University of Waterloo

One of the members of the Singapore/Norway hacking group, Vadim Makarov, now at the University of Waterloo in Canada, believes that the latest demonstration represents an “important technological step” in the development of quantum cryptography. But he says that “not all is lost for hackers”, arguing that while eavesdroppers have been “defeated at the photon detector”, they might still be able to exploit loopholes “lurking in the photon source”.

Zhang agrees, explaining that complete security could be achieved by having Eve send pairs of entangled photons along a lossless channel to perfectly functioning detectors operated by Alice and Bob. However, he says, such high-performance devices would be very difficult to make, and argues that, in any case, photon detectors are far more vulnerable to attack than the sources are, because they must receive whatever a potential eavesdropper can throw at them. “Our scheme is less beautiful than the theoretically perfect one,” he says, “but it is more practical.”

Lower-cost option

Commercializing the scheme will involve further increasing the laser repetition rate and the detector efficiency. But Zhang argues that once a high-enough bit rate has been achieved, MDIQKD should prove ideal for building quantum networks. One important cost benefit of the scheme is that a network would only need one single-photon detector. This is the most expensive component in a QKD system, and existing commercial systems require one detector per receiving Bob.

For Makarov, however, it remains to be seen whether industry adopts the scheme. “It requires more sophisticated parts and finer engineering than today’s commercial products,” he says.

The research is published in Physical Review Letters.