RESUMEN
Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorization1 to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols such as the Bennett-Brassard scheme2 provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. However, quantum protocols realized so far are subject to a new class of attacks exploiting a mismatch between the quantum states or measurements implemented and their theoretical modelling, as demonstrated in numerous experiments3-6. Here we present the experimental realization of a complete quantum key distribution protocol immune to these vulnerabilities, following Ekert's pioneering proposal7 to use entanglement to bound an adversary's information from Bell's theorem8. By combining theoretical developments with an improved optical fibre link generating entanglement between two trapped-ion qubits, we obtain 95,628 key bits with device-independent security9-12 from 1.5 million Bell pairs created during eight hours of run time. We take steps to ensure that information on the measurement results is inaccessible to an eavesdropper. These measurements are performed without space-like separation. Our result shows that provably secure cryptography under general assumptions is possible with real-world devices, and paves the way for further quantum information applications based on the device-independence principle.
RESUMEN
Device-independent quantum key distribution provides security even when the equipment used to communicate over the quantum channel is largely uncharacterized. An experimental demonstration of device-independent quantum key distribution is however challenging. A central obstacle in photonic implementations is that the global detection efficiency, i.e., the probability that the signals sent over the quantum channel are successfully received, must be above a certain threshold. We here propose a method to significantly relax this threshold, while maintaining provable device-independent security. This is achieved with a protocol that adds artificial noise, which cannot be known or controlled by an adversary, to the initial measurement data (the raw key). Focusing on a realistic photonic setup using a source based on spontaneous parametric down conversion, we give explicit bounds on the minimal required global detection efficiency.