Modern society is driven by the large-scale exchange of information. As a result, secure communication of sensitive data around the world is an increasingly valuable asset. The mathematical toolbox that is widely used for this task can be complemented by applying the principles of quantum physics to enhance the security of the communication link. This approach has highly desirable features, such as protection of the encrypted information from threats that might arise as a consequence of future advances in computational power. However, it also comes with substantial technological challenges in terms of the range of communication possible and the degree of trust in the devices used. Writing in Nature, Yin et al.1 demonstrate that such cryptographic solutions can be deployed over distances exceeding 1,000 kilometres, without compromising the security promised by the underlying quantum technology.
The flagship application of quantum communication is known as quantum key distribution (QKD). This process enables two parties located at a distance from each other to share a secret string of bits (units of information) called a key, which they can use to encrypt and decrypt secret messages, without making assumptions about the computational power of a potential eavesdropper. Although the principle of such absolute security is based solidly on fundamental laws of nature, practical implementations come in different configurations2.
For example, it is possible for one of the two parties to prepare quantum states of light — the natural physical carrier of information in quantum communication — and to send them to the second party, who measures them. By processing these data using standard classical communication, the two parties can then extract the secret key. QKD in this setting has been demonstrated over 400 km in a low-loss optical fibre3 and over 1,200 km using a satellite-to-ground communication link4.
Although impressive, these demonstrations require the two parties’ devices to be fully characterized and trusted. Furthermore, losses in the optical-transmission medium eventually become prohibitive. As a result, the networks that need to be established to distribute keys securely between parties contain nodes, which also need to be trusted5,6. This constraint might be undesirable for some applications.
If, instead, one could use the distribution of ‘entangled’ states of light produced by a source, the need for trust would be greatly alleviated. Entangled states embody the peculiar nature of quantum physics and exhibit correlations not found in classical physics. Such correlations can be routed through devices called quantum repeaters, so that remote physical systems can become entangled. The past few years have seen major progress in this direction7. But, so far, the longest distances for entanglement distribution have been achieved by transmitting the states directly. These distances are approximately 100 km in an optical fibre8,9 and 1,200 km using satellite links10.
Ideally for QKD, the security of the key generated would be confirmed just by detecting these non-classical correlations experimentally, through statistical properties known as Bell inequalities, without having to trust the devices used by the two parties11. However, in practice, achieving this level of security places stringent requirements on the experimental devices that cannot be satisfied by currently available technologies. A way forward is to implement entanglement-based QKD that has weaker requirements, whereby, although the parties’ devices must be trusted, the source of the entangled states can remain untrusted12.
Yin et al. have performed a complete, long-distance implementation of QKD with these restrictions (Fig. 1). A key way to understand their result is to observe how it was achieved, starting from previous work10 by some of the current authors and their colleagues in 2017. In that paper, the researchers demonstrated the distribution of entangled states generated on board the satellite Micius and sent through two communication links to optical ground stations in China separated by 1,200 km.
Although that work was a milestone for the field, the transmission efficiency achieved was too low for QKD to be carried out in practical conditions. In particular, because only a finite number of states can be transmitted during a short data-collection window, the many errors involved prevented a secret key from being extracted. Taking into account the use of a finite number of transmitted states is crucial for achieving security, especially in the case of a satellite-based experiment, in which data are collected only during the brief time the satellite is visible from the ground stations.
Yin et al. remedied this problem by implementing major technological enhancements. These included installing highly efficient telescopes at the ground stations and optimizing equipment components at all stages of the optical path. The authors’ meticulous optimization also involved cutting-edge signal acquisition, pointing and tracking systems and synchronization techniques for both the satellite and the ground stations. Their efforts led to a fourfold increase in transmission efficiency compared with the previous experiment and, consequently, produced low enough error rates for a secret key to be extracted. The authors also verified the stability and reliability of their findings over multiple satellite orbits.
From a security perspective, this demonstration does not remove the need for trust in the receiving stations. Therefore, assumptions must be made about the internal workings of the devices in these stations. Yin et al. did two things to minimize the risk that these assumptions would not hold in practice. First, they used a systematic approach to tackling imperfections that might inadvertently leak information to a potential eavesdropper. Second, they used a range of solutions to actively control the properties of the photonic information carriers. Combined with security from this quantum approach that should be guaranteed against all possible attacks, this makes the authors’ result the most advanced QKD demonstration so far.
However, several shortcomings will need to be overcome for these findings to become relevant for truly practical high-security applications. For instance, the experiment produced keys at extremely low rates. Also, the experiment was carried out only at night, and using a wavelength that is incompatible with the optical-fibre networks used for telecommunication that would interface with space-based networks in infrastructures for global quantum communication. Moreover, QKD can be achieved only between ground stations that are visible simultaneously from the satellite.
Progress in all these areas requires the development of high-performance devices operating at a longer wavelength than that used in this work, the use of satellites in higher orbits than that of Micius and — in the long term —integration of the demonstrated technology with quantum repeaters and other promising architectures allowing for untrusted nodes13. Such advances would then unlock the full potential of quantum technologies for executing cryptographic tasks at a global scale.
Nature 582, 494-495 (2020)