Special relativity helps keep a secret for 24 hours

Cryptography’s most familiar application is perhaps the sending of coded messages: Alice wants to communicate some information to her distant confidante Bob. She worries that her message might be intercepted by an eavesdropper, so she encrypts it in a way that only Bob can decipher. But there exists a whole range of complementary cryptographic tasks—such as online auctions and secure voting—in which Alice and Bob want to guard against attacks not from eavesdroppers but from each other.

To develop algorithms to perform those other tasks, cryptographers use a building block called bit commitment: Alice chooses a bit (a 1 or 0) to be revealed later; Bob wants to ensure that Alice can’t change her mind in the meantime, while Alice wants to ensure that Bob has no way to learn which bit she chose until the appointed time.

Although quantum theory is the basis for perfectly secure encryption, it offers no path to secure bit commitment. But a different law of physics, the impossibility of faster-than-light signaling, has now come to the rescue, and Anthony Martin, Hugo Zbinden, and their colleagues at the University of Geneva have implemented a protocol for achieving bit commitment for a full 24 hours.

For the protocol to work, Alice and Bob work with trusted partners Amy and Brian, respectively. Bob and Brian take turns exchanging data with Alice and Amy, in such a way that each exchange falls outside the forward light cone of the previous one. Each of Alice’s and Amy’s answers depends on both the data they receive from Bob or Brian and on information Alice and Amy agree on in advance, including the bit they want to commit. For Alice to cheat and change the bit at any time in the middle of the protocol, she’d need to know what happened in Amy’s most recent exchange with Brian; relativity prevents her from having that information.

In their 24-hour implementation, Martin and colleagues repeated the exchanges for 5 billion rounds, one every 17 µs, with a total of 162 GB of data. According to two theory papers from the past year, the probability that the protocol is vulnerable to cheating is less than one in a billion. (E. Verbanis et al., Phys. Rev. Lett. 117, 140506, 2016 .)