Experimental quantum key distribution certified by Bell's theorem.

Cryptographic key exchange protocols traditionally rely on computational conjectures such as the hardness of prime factorization<sup>1</sup> to provide security against eavesdropping attacks. Remarkably, quantum key distribution protocols such as the Bennett-Brassard scheme<sup>2</sup> provide information-theoretic security against such attacks, a much stronger form of security unreachable by classical means. However, quantum protocols realized so far are subject to a new class of attacks exploiting a mismatch between the quantum states or measurements implemented and their theoretical modelling, as demonstrated in numerous experiments<sup>3-6</sup>. Here we present the experimental realization of a complete quantum key distribution protocol immune to these vulnerabilities, following Ekert's pioneering proposal<sup>7</sup> to use entanglement to bound an adversary's information from Bell's theorem<sup>8</sup>. By combining theoretical developments with an improved optical fibre link generating entanglement between two trapped-ion qubits, we obtain 95,628 key bits with device-independent security<sup>9-12</sup> from 1.5 million Bell pairs created during eight hours of run time. We take steps to ensure that information on the measurement results is inaccessible to an eavesdropper. These measurements are performed without space-like separation. Our result shows that provably secure cryptography under general assumptions is possible with real-world devices, and paves the way for further quantum information applications based on the device-independence principle