A Low Energy Test of Quantum Gravity
Many (probably most) theoretical physicists suspect that the correct
theory unifying quantum field theory and general relativity
is some theory involving a quantum description of the
gravitational field. However, we have no compelling
experimental evidence for this, and it remains logically
possible that gravity and quantum theory are unified
some other way. (How? There are some speculative ideas,
but I think it's fair to say we have
no detailed theoretical proposals that look very
compelling. For example, some physicists have
suggested that a classical theory of the metric
might be coupled to quantum matter, presumably
by some sort of stochastic evolution law.
However, no mathematically well-defined theory
along these lines, consistent with experiment and
with Lorentz invariance, has yet been produced.)
If standard ideas about quantum gravity are right, one would
expect the gravitational field to display the same sort of
non-local correlations that quantum matter does.
Bell experiments have tested and (modulo one or two
loopholes -- see for example below) confirmed that quantum nonlocality
of matter is indeed observed in Nature.
Though it might seem obvious to conclude that the
gravitational field must also display nonlocality,
this does not in fact logically follow.
No Bell experiment (nor any other experiment)
to date has shown it to be the case.
However, it can be tested by
a relatively simple experiment.
The experiment should either provide the first
significant evidence for quantum gravity, or
else (if standard intuitions are somehow wrong) establish
a definite limitation on the domain of validity
of quantum theory.
"Post-Quantum" Cryptography
In quantum key distribution schemes, Alice and Bob
exchange quantum and classical information in order
to generate a shared secret key. There are several
well-known schemes, which are provably secure against
eavesdropping, so long as quantum theory is correct.
But what if quantum theory isn't correct?
This might seem a rather academic question, since quantum
theory has been confirmed in an impressive range of
experiments since 1926. But cryptologists
are supposed to examine their assumptions
carefully. Physical theories have been superseded
in the past, and there's no strong reason to think
it won't happen again. (And in fact, although it's
a minority view, there is a very
respectable case for believing that the lingering
conceptual problems in interpreting quantum theory
point to some subtle defect in the theory itself.)
You can't prove anything secure without making
some assumptions, and in particular you can't
prove any physics-based cryptography scheme
secure without making some assumptions about
physics. But Jonathan Barrett, Lucien Hardy
and I were recently able to
show
that a quantum key distribution scheme can be
proved secure even if quantum theory
is incorrect, so long as we assume that
(as special relativity suggests) it is impossible
to send signals faster than light.
The scheme is, admittedly, very inefficient, but
it's at least a proof of principle that security
guarantees can be based on either of two independent
theories (quantum mechanics and special relativity),
rather than on one alone. It would be very interesting
to know if significantly more efficient schemes exist,
or indeed if the security of
standard quantum key distribution schemes
can also be based on relativity.
There's a popular account of this work in Physical Review Focus,
linked here.
Bit Commitment and Cryptography Based on Relativity
Bit commitment is one of the main primitives of mistrustful
cryptography, the branch of cryptography dealing with parties
who need to exchange or process information but cannot rely on each
other's honesty.
In a bit commitment, Alice and Bob exchange data in a way that
leaves Bob with an encrypted bit, chosen by Alice.
She can later decrypt for him, if (and when) she chooses.
It is quite easy to find bit commitment protocols that are
secure against Alice (in the sense that she has no chance
of lying to Bob when she decrypts the bit) or against Bob
(in the sense that he has no chance of reading the bit unless
Alice chooses to decrypt it). Finding a protocol
that is secure against both parties, however, is
much harder: indeed it was long believed impossible.
It turns out, though, that secure (and practically
feasible) bit commitment protocols
can
be implemented if Alice
and Bob use separated sites and take account of the
impossibility of signalling faster than light.
(Caveat: the protocols have been proven secure against all classical attacks
-- the first known protocols with this property -- and against the
type of quantum attack to which non-relativistic protocols are
vulnerable. Their security against general quantum attacks
is conjectured but not, so far, proved.)
What's an Acceptable Risk for Destroying the Earth?
From time to time, people have raised the worry that a particular
physics experiment just might destroy the Earth. The first time
this was seriously considered seems to have been before the first
A-bomb and H-bomb tests. More recently, the possibility was
raised that, if unknown physics included some particularly
unfortunate features, the RHIC experiments at Brookhaven, or the
forthcoming ALICE collider experiments at CERN, could have
disastrous consequences.
When physicists address these worries at all, they've tended
to argue that (a) something would have to be very wrong with
our understanding of physics for the risk to be present at
all, (b) even if it is, we can show on empirical grounds
that any risk must be so small that the possibility just
isn't worth worrying about. Which rather begs the
question, of course: how small *is* an acceptable risk?
On this point, the various analyses seem to have been
extraordinarily cavalier. At various times
physicists have argued for going ahead with experiments without
further ado on the basis of risk bounds ranging from
1 in 5000 (!) (the first Brookhaven analysis of the RHIC experiments)
through 1 in 300,000 (Compton's estimate of the probability of igniting
the Earth's atmosphere in the first A-bomb test) to 1 in 50,000,000
(the CERN analysis of the RHIC experiments). It seems to me
that a
little thought
suggests all these risk bounds are far, far too
large for comfort.
New Loopholes in Bell Experiments
Bell's theorem tells us that quantum theory disagrees with
the predictions of local hidden variable theories.
Since the 1970s, a long sequence of experiments have
produced results supporting the predictions of quantum theory
and refuting those of local hidden variables.
Very probably, this is because local hidden variable theories
are simply wrong and quantum theory is right (at least
in its predictions concerning measurements on entangled
states). Still, it's a crucial enough point that one
wants to eliminate every possible scintilla of doubt.
Two possible loopholes in the interpretation of Bell
experiments, the detector efficiency loophole and the
locality loophole, have long been known: several groups
are attempting to design experiments that can simultaneously
close both.
Another interesting loophole, the
memory loophole,
was recently identified, but shown to be relatively innocuous,
in the sense that even models exploiting the memory loophole
can be refuted by existing experimental data.
But there is yet another loophole, the
collapse locality
loophole, which moreover is associated with a relatively
natural class of alternatives to quantum theory.
(Relatively natural in the sense that the alternatives
are defined by some independently motivated assumptions,
not contrived especially for the purpose of exploiting
logically exploitable but physically implausible flaws
in Bell experiments.)
This loophole has
yet to be closed, and may not be in the near future.
To close it completely would require carrying out a
Bell experiment with the two wings separated by
at least 0.1 light seconds (30,000 km) or so --- this
would probably require a space-based experiment. It's
perhaps the last hope for diehard sceptics about quantum
non-locality. (I'm not one --- my guess is that standard
quantum theory will turn out to be right on this point ---
but of course it would be good to resolve the question
definitively by experiment.)