The team put together an experiment in which photons moved down a 30-centimeter channel in a light-tight box called "Aunt Martha's coffin." The direction in which the photons oscillated, their polarization, represented the 0s or 1s of a series of quantum bits, or qubits. The qubits constituted a cryptographic "key" that could be used to encrypt or decipher a message. What kept the key from prying eavesdroppers was Heisenberg's uncertainty principle--a foundation of quantum physics that dictates that the measurement of one property in a quantum state will perturb another. In a quantum cryptographic system, any interloper tapping into the stream of photons will alter them in a way that is detectable to the sender and the receiver. In principle, the technique provides the makings of an unbreakable cryptographic key.
Today quantum cryptography has come a long way from the jury-rigged project assembled on a table in Bennett's office. The National Security Agency or one of the Federal Reserve banks can now buy a quantum-cryptographic system from two small companies--and more products are on the way. This new method of encryption represents the first major commercial implementation for what has become known as quantum information science, which blends quantum mechanics and information theory. The ultimate technology to emerge from the field may be a quantum computer so powerful that the only way to protect against its prodigious code-breaking capability may be to deploy quantum-cryptographic techniques.
The challenge modern cryptographers face is for sender and receiver to share a key while ensuring that no one has filched a copy. A method called public-key cryptography is often used to distribute the secret keys for encryption and decoding of a full-length message. The security of public-key cryptography depends on factorization or other difficult mathematical problems. It is easy to compute the product of two large numbers but extremely hard to factor it back into the primes. The popular RSA cipher algorithm, widely deployed in public-key cryptography, relies on factorization. The secret key being transferred between sender and receiver is encrypted with a publicly available key, say, a large number such as 408,508,091 (in practice, the number would be much larger). It can be decrypted only with a private key owned by the recipient of the data, made up of two factors, in this case 18,313 and 22,307.
The difficulty of overcoming a public-key cipher may hold secret keys secure for a decade or more. But the advent of the quantum information era--and, in particular, the capability of quantum computers to rapidly perform monstrously challenging factorizations--may portend the eventual demise of RSA and other cryptographic schemes. "If quantum computers become a reality, the whole game changes," says John Rarity, a professor in the department of electrical and electronics engineering at the University of Bristol in England.
Unlike public-key cryptography, quantum cryptography should remain secure when quantum computers arrive on the scene. One way of sending a quantum-cryptographic key between sender and receiver requires that a laser transmit single photons that are polarized in one of two modes. In the first, photons are positioned vertically or horizontally (rectilinear mode); in the second, they are oriented 45 degrees to the left or right of vertical (diagonal mode). In either mode, the opposing positions of the photons represent either a digital 0 or a 1. The sender, whom cryptographers by convention call Alice, sends a string of bits, choosing randomly to send photons in either the rectilinear or the diagonal modes. The receiver, known as Bob in crypto-speak, makes a similarly random decision about which mode to measure the incoming bits. The Heisenberg uncertainty principle dictates that he can measure the bits in only one mode, not both. Only the bits that Bob measured in the same mode as sent by Alice are guaranteed to be in the correct orientation, thus retaining the proper value.