内容来源：https://www.quantamagazine.org/quantum-cryptography-pioneers-win-turing-award-20260318/

内容总结：

量子密码学先驱荣获图灵奖：一场泳池邂逅开启的科学革命

1979年10月的一个午后，在波多黎各圣胡安的海滩酒店外，计算机科学家吉尔斯·布拉萨德正在游泳时，一位陌生人游近他，并由此改变了他的人生轨迹。这位名叫查尔斯·贝内特的物理学家，未经寒暄便开始阐述一种基于量子物理定律、无法伪造的“量子货币”构想。尽管当时布拉萨德对量子物理一无所知，但这次看似偶然的相遇，却开启了两人长达数十年的开创性合作，共同奠定了量子信息科学的基础。

如今，贝内特与布拉萨德因其“在建立量子信息科学基础、变革安全通信与计算方面的核心贡献”，被授予计算机科学最高荣誉之一的图灵奖，并获得100万美元奖金。该领域已汇聚成千上万的研究者，但在上世纪90年代中期之前，这仍是一个被主流学界边缘化的小众领域，而他们正是其最早、最坚定的倡导者。

从“量子货币”到“量子密钥分发”

这一切的种子，源于贝内特已故友人斯蒂芬·威斯纳在70年代初提出的“量子货币”设想：利用量子测量会扰动粒子状态的特性，使钞票无法被复制。然而，布拉萨德当即指出了该方案的关键缺陷：虽然防伪，但验证真伪同样困难。

在泳池中短短十分钟的讨论里，两人碰撞出了关键灵感：将威斯纳的量子构想与密码学技术结合，或许能解决这一难题。这次交流催生了他们的首篇合作论文，并最终引领他们于1983年提出了划时代的量子密钥分发协议——BB84方案。该方案允许通信双方在不直接见面的情况下，通过发送和测量光子来生成共享密钥，任何窃听企图都会因量子扰动而被立即察觉，且无需依赖任何数学难题的假设，实现了信息论意义上无条件的安全。

从理论到实践：30厘米的突破

尽管论文起初未受重视，二人仍决心用实验验证理论。在没有经费和实验经验的条件下，他们巧妙利用日常材料（贝内特甚至曾用购买的黑丝绒布遮挡杂散光，后将其改制成一顶帽子），于1989年10月——恰逢他们首次相遇十周年之际，成功完成了世界上首次量子密钥分发实验，传输距离达30厘米。如今，基于卫星的同类实验已将这一距离扩展至千公里以上。

1993年，他们与团队进一步利用量子纠缠现象，实现了量子态的“隐形传态”，展示了纠缠作为信息处理资源的巨大潜力。次年，彼得·肖尔提出快速分解大质因数的量子算法，震惊学界，也凸显了量子加密技术在不依赖数学假设方面的独特价值。“肖尔算法让我们的想法变得不可或缺。”布拉萨德评论道。

引领一场持续的科学浪潮

三十年来，量子信息科学已从边缘领域发展为全球科研与投资的热点，推动了量子计算、量子通信等技术的飞速进展。贝内特与布拉萨德的工作不仅为现代密码学开辟了新路径，更深刻揭示了物理与信息之间的本质联系。正如加州理工学院量子物理学家约翰·普雷斯基尔所言：“他们帮助塑造了这个领域的文化。”

如今，已届高龄的两位先驱依然关注着该领域的新动态。面对量子计算可能对传统密码带来的挑战，贝内特乐观地展望：“量子密码学或许范围远比我们想象中广阔，这可能是量子技术以其之道还治其身的一种拯救方式。”

这场始于泳池的对话，最终掀起了一场重塑信息安全的科学浪潮。

中文翻译：

量子密码学先驱荣获图灵奖

引言

1979年10月的一个午后，在波多黎各圣胡安一家海滨酒店的近海处，吉尔斯·布拉萨尔正在游泳时，一位陌生人游到他身边，就此改变了他的职业生涯轨迹。这位不速之客未作自我介绍，便直接阐述起一种无法伪造的货币制造方案。这套方案基于量子物理定律——而身为计算机科学家的布拉萨尔对此一无所知。

"我当时无处可避，只能礼貌倾听。"布拉萨尔回忆道。当他意识到这个奇特的"量子货币"构想竟是严肃的科学理论时，最初的怀疑迅速转化为浓厚的兴趣。这场看似偶然的相遇，开启了布拉萨尔与新结识的物理学家查尔斯·贝内特之间漫长而硕果累累的合作。他们的研究为量子信息科学的蓬勃发展奠定基础，推动了新技术研发，并揭示了物理学与信息学之间的本质联系。

如今，贝内特与布拉萨尔因"在奠定量子信息科学基础、革新安全通信与计算领域的决定性贡献"，荣获计算机学界最高荣誉之一的A.M.图灵奖，并获得100万美元奖金。

量子信息科学如今拥有数千名活跃研究者，但在上世纪90年代中期之前，这仍是个小众领域，其洞见常遭外界质疑。贝内特与布拉萨尔正是该领域最早期的积极倡导者。

"他们帮助塑造了这个群体的文化特质，当时这个领域恰好处于物理学与计算机科学的交叉边缘。"加州理工学院量子物理学家约翰·普雷斯基尔评价道。

得克萨斯大学奥斯汀分校计算机科学家斯科特·阿伦森指出，他们对量子信息科学的影响"极其深远"，"在量子计算尚未成为独立领域时，他们已投身其中"。

新型货币构想

近五十年前贝内特与布拉萨尔在波多黎各海滩的相遇并非偶然。两人当时都参加了理论计算机科学会议，但他们的学术轨迹却截然不同。1955年出生于蒙特利尔的布拉萨尔小学时便跟随兄长学习高等数学，13岁进入大学，24岁获得博士学位并成为蒙特利大学教员。他参加波多黎各会议是为了展示自己在密码学数学基础方面的研究成果。

贝内特的学术之路更为曲折。1943年出生于纽约的他本计划攻读生物化学，最终却在哈佛大学进行了化学与物理交叉领域的研究。当学术界普遍认为物理学与计算科学互不相关时，他已对探索两者间的联系产生浓厚兴趣。

上世纪60年代末贝内特攻读博士期间，他的朋友斯蒂芬·威斯纳常到访他在波士顿的"嬉皮士合租屋"。某次会面时，威斯纳带来了一篇论文草稿，其中提出了量子物理的全新应用——正是十年后贝内特向布拉萨尔阐述的量子货币方案。

威斯纳的灵感源于货币防伪这一核心需求。仅靠唯一序列号不足以防止伪造，因为理论上任何人都能复制该号码，因此政府需借助尖端技术防伪。威斯纳意识到量子物理定律能为防伪提供新方案：量子测量具有奇特性质——试图测量粒子会以不可预测的方式干扰其状态，抹除测量前的所有信息。唯有预先掌握粒子初始状态的部分信息，才能通过精确测量避免干扰。在他的设想中，每张量子钞票包含一组处于不同量子态的粒子，这些粒子编码着唯一序列号。伪造者需在不干扰粒子的情况下测量所有粒子才能复制序列号，而仅需数十个粒子就足以让伪造行为必然失败。原本令人困扰的量子测量干扰，反而成了防伪屏障。

70年代初，威斯纳突然放弃物理研究投身加州反主流文化运动，这篇开创性论文因此尘封近十五年（威斯纳后来皈依宗教移居以色列，成为建筑工人，于2021年去世）。与此同时，贝内特入职IBM并发展了可逆计算新理论，但始终无法忘却威斯纳的构想。历经十年尝试推广未果后，他在波多黎各遇到了布拉萨尔。

量子密钥的诞生

在那次决定命运的会面中，布拉萨尔指出了量子货币方案的明显缺陷：虽然钞票无法伪造，但流通验证也极为困难，只有发行者才能验证真伪。他建议结合密码学技术改进该方案。十分钟后两人游回岸边时，已确定了首篇合作论文的核心思想。

此后两人定期互访交流想法，但当时量子信息仍是冷门领域。"那时没人把这当作正式工作。"贝内特坦言。他们开始探索利用量子测量干扰实现保密通信。密码学界已知一种理论上绝对安全的加密方案，但要求收发双方（通常称为爱丽丝与鲍勃）当面约定长串随机比特作为密钥，且每条信息都需更换新密钥，这种限制难以实际应用。更实用的加密方案虽无需当面交接，却依赖于某些数学难题难解性的未经验证的假设。

1983年，贝内特与布拉萨尔提出全新的量子保密通信方案BB84。该方案中，爱丽丝与鲍勃通过发送测量构成光的光子来建立共享密钥，无需当面交接，再利用该密钥加密信息。量子测量干扰再次发挥关键作用：任何窃听者都会干扰量子传输，不仅无法获取信息，还会暴露自身存在。该方案不依赖任何数学假设，即使能破解世界最难数学题的窃听者也无法获取密钥。

量子隐形传态

这篇量子密钥分发论文后来成为量子信息科学领域最著名的成果之一，但当时鲜少有人关注。为此两人决定搭建实验装置。"我想证明这是可行的，不只是理论家的空想。"布拉萨尔说。在没有经费和实验物理经验的情况下，团队只能因陋就简：贝内特与同事约翰·斯莫林曾从布料店购买黑绒布遮挡杂散光，向困惑的店员解释这是用于量子密码学研究（这块绒布后来被贝内特改造成了帽子）。1989年10月——恰逢两人波多黎各初遇十周年之际，实验终于成功，在30厘米距离上实现了量子密钥分发。如今基于卫星链路的同类实验传输距离已超过1000公里。

1993年，贝内特、布拉萨尔与四位合作者发表了另一篇标志性论文，展示了如何利用量子纠缠现象将粒子状态"隐形传态"到另一粒子（虽令人联想到《星际迷航》中柯克船长的传送场景，但量子隐形传态仅传输信息而非物质）。这是展示纠缠态可作为信息处理资源的早期范例。

此时量子信息科学开始引发关注，次年更迎来转折点：传统数字加密常依赖于大数分解难题，但应用数学家彼得·肖尔在1994年提出的量子算法能快速破解该难题。这一里程碑成果凸显了不依赖数学难题假设的量子加密方法的重要性。"肖尔算法让我们的理念变得不可或缺。"布拉萨尔说。

过去三十年间，量子信息科学的研究热度与资金投入呈指数增长。研究者竞相开发量子计算机，并在基础物理领域发现了看似不相关的联系。量子密码学也迎来新热潮：数年前学界还认为量子技术仅适用于密钥分发等特定任务，但最新研究暗示其应用范围可能远超预期。贝内特与布拉萨尔始终密切关注着这些进展。

"这是个迷人的构想，"贝内特说，"或许量子技术既能通过肖尔算法带来挑战，也能提供解决方案。"

编者注：斯科特·阿伦森系《量子杂志》顾问委员会成员。

英文来源：

Quantum Cryptography Pioneers Win Turing Award
Introduction
One afternoon in October 1979, Gilles Brassard was swimming outside a beachfront hotel in San Juan, Puerto Rico, when a stranger swam up to him and changed the course of his career. Without so much as an introduction, the man began describing a way to create currency that couldn’t be forged. The scheme was based on the laws of quantum physics — a subject Brassard, a computer scientist, knew nothing about.
“I was trapped, so I listened politely,” Brassard said. Doubt soon turned to fascination as he realized that this exotic “quantum money” scheme was actually serious science. That improbable meeting was the beginning of a long and fruitful collaboration between Brassard and his new acquaintance, a physicist named Charles Bennett. Their work would help launch the booming field of quantum information science, spurring the development of new technology and the discovery of fundamental connections between physics and information.
Bennett and Brassard have now been named the winners of the A.M. Turing Award, one of the highest honors in computing, for “their essential role in establishing the foundations of quantum information science and transforming secure communication and computing.” The award comes with a $1 million prize.
Quantum information science is now home to thousands of active researchers, but until the mid-1990s it was a small community whose insights were often dismissed by outsiders. Bennett and Brassard were among its most vocal early advocates.
“They helped to set the culture for this group, which was kind of on the fringes of both physics and computer science at the time,” said John Preskill, a quantum physicist at the California Institute of Technology.
Their influence on quantum information science was “massive,” said Scott Aaronson, a computer scientist at the University of Texas, Austin. “They were there since before quantum computing was even a field.”
A New Kind of Money
It was no coincidence that Bennett and Brassard found themselves on the same Puerto Rican beach on that day nearly 50 years ago. Both were attending a conference on theoretical computer science, but the academic trajectories that had brought them there were strikingly different. Brassard had been born in Montreal in 1955. He learned advanced math from his older brother while still in elementary school and started college at age 13. In 1979, when he was just 24, he received his doctorate and joined the faculty of the University of Montreal. He went to the Puerto Rico conference to present results from his graduate research on the mathematical foundations of cryptography.
Bennett’s journey was more circuitous. He was born in New York City in 1943, went to college intending to study biochemistry, and wound up doing graduate research at Harvard University at the intersection of chemistry and physics. All the while, he was growing increasingly interested in finding connections between physics and computation, at a time when the two subjects were considered largely unrelated.
While Bennett was working toward his doctorate in the late 1960s, his friend Stephen Wiesner would often visit what Bennett called his “communal hippie house” in Boston. On one such visit, Wiesner brought a draft of a paper he’d written about a radically new application of quantum physics: the quantum money scheme with which Bennett would ambush Brassard a decade later.
Wiesner’s idea was motivated by one of the most important requirements for any form of currency: It should be very difficult to create a convincing counterfeit banknote. It’s not enough to give each bill a unique serial number if anyone can in principle read that number and copy it, so governments resort to sophisticated technology to thwart forgery.
Wiesner realized that the laws of quantum physics could offer a new solution to the problem of counterfeiters. His scheme exploited a strange feature of quantum measurement: Attempting to measure a particle can disturb it in an inherently unpredictable way, erasing all information about the state it was in before the measurement. You can avoid this disturbance with a judicious choice of measurement, but only if you already have some partial information about the particle’s initial state. Each of Wiesner’s hypothetical quantum banknotes would contain a group of particles in different quantum states. These particles would encode the bits of a unique serial number. A would-be counterfeiter would need to measure every particle in the group without disturbing it to learn that serial number and create a duplicate. With just a few dozen particles, failure would be all but guaranteed. Quantum measurement disturbance, ordinarily a nuisance, would serve as a shield against prying eyes.
In the early 1970s, Wiesner abruptly abandoned physics research and joined the California counterculture, and his revolutionary paper remained unpublished for nearly 15 years. (Wiesner later embraced religion, moved to Israel, and became a construction worker. He died in 2021.) Bennett, meanwhile, eventually landed a job at IBM, where he developed a new theory of reversible computation. But he couldn’t get Wiesner’s idea out of his mind. He tried to interest other researchers for a decade, to no avail, until he met Brassard in Puerto Rico.
Quantum Secrets
As they bobbed in the waves on that fateful day, Brassard pointed out a glaring problem with the quantum money scheme. It would be impossible to counterfeit banknotes, but it would also be difficult to use them, since only the person who created a bill would be able to check that it was valid. Brassard suggested that it might be possible to patch this problem by combining Wiesner’s scheme with techniques from cryptography. By the time the duo returned to shore 10 minutes later, they had settled on the key ideas in what would later become their first joint paper.
After that initial encounter, Bennett and Brassard would visit each other occasionally to swap ideas. They could only afford to devote so much time to their shared interest in the obscure subject of quantum information.
“In those days, it was nobody’s day job,” Bennett said.
The duo began to wonder whether they could harness quantum measurement disturbance to keep secret messages safe from eavesdroppers. Cryptographers already knew one encryption scheme that was perfectly secure in principle. But it required the sender and receiver, typically called Alice and Bob, to meet in person and choose a long string of random bits to use as a secret encryption key. What’s more, they’d need to use a separate key for each new message. These restrictions were too cumbersome for most applications. More practical encryption schemes avoided the need for in-person meetings but relied on unproven assumptions about the difficulty of certain math problems.
In 1983, Bennett and Brassard devised a new quantum approach to private communication. In their scheme, now known as BB84, Alice and Bob would establish a shared secret key by sending and measuring photons, the quantum particles that constitute light, without ever needing to meet in person. They could then use that key to encrypt a message. The method again made use of quantum measurement disturbance: Any eavesdropper who tried to snoop on the quantum transmissions would disrupt them, learning nothing and alerting Alice and Bob to their presence. It also didn’t rely on any mathematical assumptions. Not even an eavesdropper who could magically solve the world’s hardest math problems would learn the secret key.
Teleporting Forward
Bennett and Brassard’s quantum key distribution paper would become one of the most famous works in quantum information science. But at the time, few took notice. So the duo eventually decided to build an experimental demonstration. “I wanted to show that it’s possible, that it’s not just nonsense from a theoretician,” Brassard said.
With no budget and little experience in experimental physics, Bennett and Brassard’s team had to improvise. At one point Bennett and his colleague John Smolin bought a sheet of black velvet from a fabric store to block out stray light, telling the confused shop clerk that they needed it for quantum cryptography. (Bennett later repurposed the velvet for a hat.) They finally got the experiment working in October 1989 — 10 years to the day after Bennett and Brassard’s first meeting in Puerto Rico. Their apparatus demonstrated quantum key distribution across a distance of 30 centimeters. More recent demonstrations using satellite links have implemented their method over more than 1,000 kilometers.
In 1993, Bennett, Brassard, and four other researchers published another iconic paper that showed how to use a bizarre quantum phenomenon called entanglement to “teleport” the state of one quantum particle onto another. (Though the name calls to mind Captain Kirk getting beamed up to the Enterprise, quantum teleportation transmits only information, not matter.) It was one of the first examples of how entanglement could serve as a resource for information processing.
By that point, quantum information science was attracting a bit of buzz. It really took off a year later. Digital encryption often relies on the assumption that it’s hard for a computer to break a large number into its prime factors. But in 1994, the applied mathematician Peter Shor devised a quantum algorithm that could quickly do just that. Shor’s milestone result underscored the importance of quantum encryption methods that didn’t require assumptions about mathematical difficulty.
“Shor’s algorithm made our idea unavoidable,” Brassard said.
In the 30 years since Shor’s discovery, interest and investment in quantum information science have skyrocketed. Researchers have raced to build powerful quantum computers and identified connections to seemingly unrelated topics in fundamental physics. There’s also been a surge of new interest in quantum cryptography. Until a few years ago, researchers believed that quantum tricks were only useful for a few special cryptographic tasks like key distribution. But a recent line of work has offered tantalizing hints that the scope of quantum cryptography might be much broader. Bennett and Brassard have followed these new developments with interest.
“That is a very fascinating idea,” Bennett said. “It might be a way where there’s a quantum rescue from the quantum disaster of Shor’s algorithm.”
Editor’s note: Scott Aaronson is a member of Quanta Magazine’s advisory board.