Quantum cryptography might sound like something from a William Gibson novel, but it is already very much a real technology. In effect, it secures electronic data not with some encryption scheme that is hard to crack, but with a seal created from the fundamental quantum laws that govern matter and energy. It is physically impossible to open the seal and read the data without leaving an imprint from which that tampering can be detected.
In a landmark demonstration of the potential of the technology in 2007, the Swiss company ID Quantique encrypted ballot data for regional elections in Geneva so that it couldn’t be read en route to being counted. The company, founded in 2001, says that this technology will increasingly be used for sensitive financial, political and medical data, and to protect against cyber-attacks.
A fibre-optic “quantum internet” has been constructed in China between Shanghai and Beijing, with a total network length of over 2,000km, and in 2017 a Chinese team sent quantum-encrypted data from Beijing to Vienna via a quantum-enabled satellite. There is already unease in the United States at how China is opening up a lead in this powerful technology for data security.
The principles of quantum cryptography were proposed in the 1980s, when quantum mechanics was being reformulated as a theory about information: the same initiative that has led to quantum computers, which can perform some calculations that are more or less impossible on conventional classical computers. With quantum information technologies like these, data is encoded in the states of quantum particles (such as photons of light) much as it is in ordinary computers and telecommunications: in binary form, so that one state represents a 0 and the other a 1. The difference is that for quantum particles it is also possible to encode such data as so-called superpositions, such that readout of a particular quantum bit could give you either a 1 or a 0, with specified probabilities. That new option allows the data to be encoded and manipulated in ways not possible for classical devices.
Quantum cryptography relies on one of the most counterintuitive phenomena in quantum physics, called entanglement, which appears to link two or more particles so that a measurement of the state of one of them instantly determines the state of the other(s) too. (“Appears to” because this is not technically the right way to view the effect; consider it just a useful approximation.) You don’t know what the measurement will reveal, but you know that the act of making it will leave an imprint on an entangled partner, regardless of how far away it might be.
That interdependence is at the root of the quantum cryptographic technique: it is impossible for an eavesdropper to read a message encoded in entangled quantum bits without betraying the intervention. The encoded message would not, in general, be the secure data itself, but simply the key that is needed to decrypt it using some selected encryption algorithm. Without knowing the key, an eavesdropper can’t make sense of the data.
The basic idea is that the sender (let’s call her Alice) encodes the quantum key in pairs of entangled particles, and sends one of each pair (as photons down a fibre-optic network, say) to the receiver, Bob. This is called quantum key distribution. Bob can deduce the key by measuring the states of his particles, but only if he makes the measurements in the same way that Alice used to create the entanglement. Alice can tell Bob how to do that using some insecure, classical channel: an email would suffice. If an eavesdropper reads these communications, they could get hold of the quantum key and make the measurements that reveal it.
But what the eavesdropper can’t then do is re-encrypt the key in particles that they send on to Bob, without this subterfuge being apparent. Because that reconstructed key isn’t any longer entangled with Alice’s particles, there will be a discrepancy between what Alice’s particles “say” and what Bob measures in the particles he receives. So Alice and Bob can know for sure, before they send the encrypted data itself, if the quantum key was sent securely between them or if it was intercepted. Typically each data transmission would be accompanied by a “one-time pad”—a single-use key sent securely in advance. It’s hard to see how such quantum-cryptography protocols can be foiled, so long as the encoding devices used by the sender and receiver are themselves inaccessible to an eavesdropper (so that the eavesdropper can’t deduce the key directly).
Quantum cryptographic protocols like this have, over the past two decades, been used to send secure messages over steadily increasing distances, with the Beijing-to-Vienna transmission demonstrating global reach. Some experts forecast that there will be a world-spanning quantum internet within the next decade or two. As well as in China, prototype networks are already being constructed in the US, Japan and Europe, while India is also planning quantum satellites equipped to handle such signals.
The private sector is particularly active in Japan, where tech giants such as Mitsubishi, Toshiba and the NEC Corporation have active quantum-crypto programmes. The Dublin-based market-research company Fact.MR estimates that the quantum cryptography market will expand at a compound annual growth rate of 30 per cent over the next decade. The science is now well understood; the limiting factor for growth is likely to be the high cost of installing the infrastructure and hardware it requires, such as quantum-enabled satellites and signal boosters. But it is coming.
