1. Field of the Invention
The present invention relates to an apparatus for performing cipher communication which avoids unauthorized eavesdropping and interception by a third party. More specifically, the present invention relates to a data transmitting apparatus and a data receiving apparatus which perform data communication between legitimate transmitting and receiving parties by selecting/setting a specific encoding/decoding (modulating/demodulating) method.
2. Description of the Background Art
Conventionally, in order to perform communication between specific parties, there has been adopted a configuration in which original information (hereinafter referred to as key information) is shared between transmitting and receiving ends so as to perform an arithmetic operation (encoding) and an inverse operation (decoding) on plain text, which is information data to be transferred, and then secret communication is realized.
On the other hand, there have been suggested, in recent years, several encryption methods, which positively utilize physical phenomenon occurring in a transmission line. As one of the encryption methods, there is a method called a Y-00 protocol for performing the secret communication by utilizing a quantum noise generated in the transmission line.
FIG. 17 is a diagram showing an example of a conventional transmitting and receiving apparatus using the Y-00 protocol disclosed in Japanese Laid-Open Patent Publication No. 2005-57313 (hereinafter referred to as Patent Document 1). Hereinafter, the configuration and an operation of the conventional transmitting and receiving apparatus disclosed in Patent Document 1 will be described. As shown in FIG. 17, the conventional transmitting and receiving apparatus includes a transmitting section 901, a receiving section 902 and a transmission line 910. The transmitting section 901 includes a first multi-level code generation section 911, a multi-level processing section 912 and a modulation section 913. The receiving section 902 includes a demodulation section 915, a second multi-level code generation section 914 and a decision section 916. The eavesdropper receiving section 903 is used by an intercepting party, and is not included in the conventional transmitting and receiving apparatus.
First, the transmitting section 901 and the receiving section 902 previously retain first key information 91 and second key information 96, respectively, which are key information identical in content to each other. Hereinafter, an operation of the transmitting section 901 will be described. In the transmitting section 901, the first multi-level code generation section 911 generates, by using the first key information 91, a multi-level code sequence 92, which is a multi-level pseudo random number series having M digits of values from “0” to “M−1” (M is an integer of 2 or more), by using a pseudo random number generator. The multi-level processing section 912 generates, based the information data 90 and the multi-level code sequence 92, which are to be transmitted to the receiving section 902, a multi-level signal 93 which is an intensity modulated signal, by using a signal format described hereinbelow.
FIG. 18 is a diagram showing the signal format used by the multi-level processing section 912. As shown in FIG. 18, in the case where the number of digits of values included in the multi-level code sequence 92 is M, a signal intensity thereof is divided into 2M signal intensity levels (hereinafter simply referred to as a level). That is, these levels are made into M pairs (hereinafter the pairs are referred to as bases), and to one level of each of the bases, a value “0” of the information data 90 is allocated, and to the other level, a value “1” of the information data 90 is allocated. Generally, the allocation is made such that the levels corresponding to the value “0” of the information data 90 and the levels corresponding to the value “1” of the information data 90 are distributed evenly over the whole of the 2M levels. In FIG. 18, “0” is allocated to lower levels of even-numbered bases, and “1” is allocated to higher levels of the same. On the other hand, “1” is allocated to the lower levels of odd-numbered bases, and “0” is allocated to the higher levels of the same. Accordingly, the values “0” and “1” of the information data 90 are allocated alternately to each of the 2M levels.
The multi-level processing section 912 selects bases corresponding to the values of the multi-level code sequence 92 having been inputted, then selects one level of each of the bases, the one level corresponding to the value of the information data 90, and then outputs a multi-level signal 93 having the selected level. The modulation section 913 converts the multi-level signal 93 outputted by the multi-level processing section 912 into a modulated signal 94, which is an optical intensity modulated signal, and transmits the modulated signal 94 to the receiving section 902 via the transmission line 910. In Patent Document 1, the first multi-level code generation section 911 is described as a “transmitting pseudo random number generation section”, the multi-level processing section 912 as a “modulation method specification section” and a “laser modulation driving section”, the modulator section 913 as a “laser diode”, the demodulator section 915 as a “photo-detector”, the second multi-level code generation section 914 as a “receiving pseudo random number generation section”, and the decision section 916 as a “determination circuit”.
Next, an operation of the receiving section 902 will be described. In the receiving section 902, the demodulation section 915 converts the modulated signal 94 transmitted via the transmission line 910 from an optical signal to an electrical signal (hereinafter referred to as photoelectric conversion), and outputs a resultant signal as a multi-level signal 95. The second multi-level code generation section 914 generates, by using the second key information 96, a multi-level code sequence 97, which is a multi-level pseudo random number series equal to the multi-level code sequence 92. In accordance with respective digits of values of the multi-level code sequence 97 inputted by the second multi-level code generation section 914, the decision section 916 determines each of the bases used for generating the multi-level signal 95. The decision section 916 performs binary decision by using the decided bases and the multi-level signal 95 which is inputted by the demodulation section 915, and obtains information data 98 which is equal to the information data 90.
FIG. 19 is a diagram illustrating, in detail, an operation of a conventional transmitting apparatus. FIG. 20 is a diagram illustrating, in detail, an operation of a conventional receiving apparatus. Hereinafter, with reference to FIGS. 19 and 20, the operation of the conventional transmitting and receiving apparatuses in the case where the number of the digits of the values included in the multi-level code sequence 92 is 64 (M=64) will be described in detail. As indicated by (a) and (b) shown in FIG. 19, an exemplary case will be described where a value of the information data 90 changes “0, 1, 1, 1”, and a value of the multi-level code sequence 92 changes “0, 63, 0, 1”. In this case, a level of the multi-level signal 93 in the transmitting section 901 changes “0, 63, 64, 1”, as shown in FIG. 19(c).
Specifically, at a time period t1 shown in FIG. 19(c), a 0th base (a pair of level 0 and level 64) corresponding to a value “0” of the multi-level code sequence 92 is selected. Next, level 0 of the 0th base corresponding to a value “0” of the information data 90 is selected, and the selected level 0 comes to a level of the multi-level signal 93 at the time period t1. In a similar manner, at a time period t2, a 63rd base (a pair of level 63 and level 127) corresponding to a value “63” of the multi-level code sequence 92 is selected. Next, level 63 of the 63rd base corresponding to the value “1” of the information data 90 is selected, and the selected level 63 comes to the level of the multi-level signal 93 at the time period t2. In a similar manner, the level of the multi-level signal 93 is selected in time periods t3 and t4. In this manner, at each of the time periods t1 and t3, in which the value of the multi-level code sequence 92 is even numbered, the lower level of the base corresponds to “0” of the information data, and the higher level of the base corresponds to the value “1” of the information data. On the other hand, at each of the time periods t2 and t4, in which the value of the multi-level code sequence 92 is odd numbered, the lower level of the base corresponds to “1” of the information data, and the higher level of the base corresponds to “0” of the information data.
The multi-level signal 95 inputted to the decision section 916 in the receiving section 902 is a signal which changes as shown in FIG. 20(e), and which includes a noise such as a shot noise generated at the time of the photoelectric conversion performed by the demodulation section 915. The decision section 916 selects the respective bases corresponding to the respective digits of values of the multi-level code sequence 97 (see FIG. 19(d)), which is equal to the multi-level code sequence 92, and sets an intermediate level of each of the bases as a decision level, as shown in FIG. 20(e). The decision section 916 then determines whether the multi-level signal 95 is higher or lower than the decision level.
Specifically, at a time period t1 shown in FIG. 20(e), the decision section 916 selects a 0th base (a pair of level 0 and level 64) corresponding to a value “0” of the multi-level code sequence 97, and sets an intermediate level 32 of the 0th base as the decision level. Since levels of multi-level signal 95 are generally distributed over lower levels than the decision level at the time period t1, the decision section 916 determines that the multi-level signal 95 is lower than the decision level. In a similar manner, at a time period t2, the decision section 916 selects a 63rd base (a pair of level 63 and level 127) corresponding to a value “63” of the multi-level code sequence 97, and sets an intermediate level 95 of the 63rd base as the decision level. Since the multi-level signal 95 is generally distributed over lower levels than the decision level at the time period t2, the decision section 916 decides that the multi-level signal 95 is lower than the decision level. At time periods t3 and t4 as well, decision is made in a similar manner. Accordingly, a result of the binary decision performed by the decision section 916 becomes “lower, lower, higher, lower”.
In the case where the value of the multi-level code sequence 97 is even numbered (at the time periods t1 and t3), the decision section 916 decides that a lower level of the selected base is “0”, and that a higher level thereof is “1”, and then outputs the decided values as the information data 98. On the other hand, in the case where the value of the multi-level code sequence 97 is odd numbered (at the time periods t2 and t4), the decision section 916 decides that the lower level of the selected base is “1”, and that the higher level thereof is “0”, and then outputs the decided values as the information data 98. The values of the multi-level code sequence 97 are “0, 63, 0, 1”, i.e., “even, odd, even, odd” (even representing an even number, and odd representing an odd number). Accordingly, the decision section 916 outputs “0, 1, 1, 1” as the information data 98, which is equal to the information data 90 (see FIG. 20(f)). In this manner, the decision section 916 can obtain the information data 98 from the multi-level signal 95 in which values of the information data to be allocated to the lower level and higher level of the base are changed depending on whether the respective values of the multi-level code sequence 97 are even-numbered or odd-numbered.
The above description of the conventional transmitting and receiving apparatuses does not illustrate, in detail, a processing method for obtaining the respective values of the information data 98 in accordance with whether the respective values of the multi-level code sequence 97 are even numbered or odd-numbered. A processing method described below is generally used. That is, first, the second multi-level code generation section 914 generates an inverted signal “0, 1, 0, 1”. Note that the inverted signal is a binary signal, and is equivalent to lowest order bits of the respective values “0, 63, 0, 1” comprising the multi-level code sequence 97. The decision section 916 performs an exclusive OR operation (XOR operation) between a signal “0, 0, 1, 0”, which represents “lower, lower, higher, lower” as a result of the above-described binary decision, and the inverted signal “0, 1, 0, 1”, and then obtains, as a result of the operation, the information data 98 “0, 1, 1, 1”.
As above described, in the case of using a signal format (see FIG. 18) in which the values of the information data to be allocated to the higher or the lower levels of the base are changed depending on whether the respective values of the multi-level code sequence 97 are even-numbered or odd-numbered, the decision section 916 uses the inverted signal so as to generate the information data 98. However, for example, in the case where the value “1” of the information data is always allocated to the higher level of the base and where the value “0” of the information data is always allocated to the lower level of the base, the decision section 916 does not need to use the inverted signal so as to generate the information data 98.
Further, as above described, the multi-level signal 95 includes the noise such as the shot noise which is generated through the photoelectric conversion performed by the demodulation section 915. However, intervals between the levels (hereinafter referred to as a step width) or the like are set appropriately, whereby a binary decision error may be suppressed to a negligible level.
Next, possible eavesdropping (including interception) will be described. As shown in FIG. 17, an eavesdropper attempts decryption of the information data 90 or the first key information 91 from the modulated signal 94 by using an eavesdropper receiving section 903, without having key information which is shared between the transmitting and receiving parties. The eavesdropper receiving section 903 includes a demodulation section 921, a multi-level decision section 922 and a decryption processing section 923, and is connected to the transmission line 910.
In the case where the eavesdropper performs the same binary decision as that performed by the legitimate receiving party (receiving section 902), the eavesdropper needs to attempt a decision of all possible values which are taken by the key information, since the eavesdropper does not have the key information. However, when this method is used, the number of attempts of the decision increases exponentially along with an increase in a length of the key information. Therefore, if the length of the key information is significantly long, the method is not practical.
A further effective method is assumed in which the eavesdropper performs multi-level decision of a multi-level signal 81 by using a multi-level decision section 922, the multi-level signal 81 having been obtained through the photoelectric conversion performed by the demodulation section 921, decrypts a resultant received sequence 82 by using decryption processing section 923, and then attempts the decryption of the information data 90 or the first key information 91. In the case of using the decryption method, if the eavesdropper receiving section 901 can receive (decide) the multi-level signal 93 as the received sequence 82 without mistake, it is possible to decrypt the first key information 91 from the received sequence 82 at a first attempt.
Since the shot noise, which is generated through the photoelectric conversion performed by the demodulation section 921, is overlapped on the modulated signal 94, the shot noise is included in the multi-level signal 81. It is known that the shot noise is inevitably generated in accordance with the principle of quantum mechanics. Accordingly, if the step width of the multi-level signal 93 is set significantly smaller than a distribution width of the shot noise, the multi-level signal 81 including the noise may be distributed over various levels other than a correct level (the level of the multi-level signal 93). For example, as shown in FIG. 20(g), at the time period t3, the multi-level signal 81 is distributed over levels 63 to 65. Accordingly, the eavesdropper needs to perform decryption while considering a possibility (a possibility of a decision error) that the level of the received sequence 82 obtained through the decision is different from the correct level. Therefore, compared to a case without the decision error (a stream cipher which applies the same random number generator as that used in the first multi-level code generation section 911), the number of the attempts, that is, the computational complexity required for the decryption is increased. As a result, security against the eavesdropping improves.
As above described, in the Y-00 protocol, a distance between signal points to be decided by the legitimate receiving party and the distance between the signal points to be decided by the eavesdropper are set different from each other, whereby receiving performance of the legitimate receiving party and the security against the eavesdropping can be both ensured. The difference between the distances between the signal points are determined by the number of multi-levels of the multi-level code sequence 92. That is, when the number of the multi-levels of the multi-level code sequence 92 increases, the difference between the distance between the signal points for the legitimate receiving party and that for the eavesdropper becomes larger, whereby security is further ensured.
As shown in FIG. 21, it is possible to provide a random number generator 9111 and a S/P conversion section 9112 to both of the first multi-level code generation section 911 and the second multi-level code generation section 914. That is, the S/P conversion section 9112 performs a serial/parallel (S/P) conversion of a binary signal outputted from the random number generator 9111. However, in such configuration, when the number of the multi-levels of the multi-level code sequence 92 increases, an operation speed of the random number generator 9111 needs to be improved. For example, in the case of an example shown in FIG. 19, the number of the multi-levels of the multi-level code sequence 92 is 64, which is equivalent to 6 bits if the number 64 is converted into a parallel signal form. In this case, the operation speed of the random number generator 9111 needs to be six times as fast as a transmission rate of the information data 90. When the number of the multi-levels of the multi-level code sequence 92 increases, a difference between the operation speed of the random number generator 9111 and the transmission rate increases further.
On the other hand, as shown in FIG. 22, there may be considered a configuration in which, as a multi-level code generation section 911x, a plurality of random number generators 9113a to 9113f are arranged in parallel, and respective random numbers 97a to 97f, which are outputted there from, are caused to correspond to respective orders of the bits of the multi-level code sequence 92. In the configuration, the operation speed of each of the random number generators can be the same as the data rate.
Correspondences between the levels of the multi-level signal and the random numbers 97a to 97f, in this case, are as shown in FIG. 23. Suppose that a noise level is twice as wide as the step width and that the eavesdropper has received a level “1” of the multi-level signal. In this case, a correct value of the level of the multi-level signal having been transmitted is likely to take three patterns from “0” to “2” (hereinafter a range of levels which possibly includes the correct value of the level of the transmitted multi-level signal is referred to as a “a multi-level decision error range”). Here, values of the random numbers 97a and 97b which correspond to low-order bits of the multi-level code sequence 92 and which are to be obtained in the multi-level decision error range are likely to be both of “0” and “1”. That is, the eavesdropper is likely to obtain the values of the random numbers 97a and 97b wrongly. On the other hand, values of the random numbers 97c to 97f which correspond to high-order bits of the multi-level code sequence 92 and which are to be obtained in the multi-level decision error range are always “0”, respectively, and thus, the eavesdropper can understand the respective values uniquely. That is, the eavesdropper can specify the values of the random numbers 97c to 97f. 
If the values of the high-order bits of the multi-level code sequence can be identified, the decision level used in the decision section 916 can be identified almost accurately. That is, the eavesdropper can use the same receiving method as that used by the legitimate receiving party, and thus the security cannot be ensured. Therefore, the multi-level code generation section 911x having the configuration shown in FIG. 22 cannot be used.
In this manner, the conventional communication apparatus using the Y-00 protocol has a problem in that a reduction in the operation speed of the random number generator and the security cannot be ensured concurrently.