Known is a key-sharing network including a plurality of networked nodes that are interconnected to each other over a plurality of links. Each of such nodes has a function for generating and sharing a random number with another node connected over a link (quantum communication channel), and a function for establishing encrypted communication over a link (classical communication channel) using the generated random number as an encryption key (hereinafter, referred to as a link key). Some of the nodes have a function for generating an encryption key (hereinafter, referred to as an application key) that is a random number, independently from any link, and for routing and sharing the generated application key to and with another node over a link (classical communication channel). The function of generating and sharing a link key with another node connected over a link (quantum communication channel) is typically implemented in nodes using a technology called quantum key distribution (QKD).
To suppress depletion of link keys to be generated by nodes in a key-sharing network, disclosed is a technology for calculating a metric of each of a plurality of paths (routes to another node, using number of link keys generated for each link as a cost, and selecting the optimal path to that node.
However, if there is any eavesdropper on the quantum communication channel, and the eavesdropper steals the link key shared via the quantum key distribution, the eavesdropper can also steal (decrypt) an application key, because the application key used for encrypted communication is encrypted using the link key. In the encrypted communication in which data encrypted with an application key is exchanged over a classical communication channel, once an eavesdropper steals the application key, the eavesdropper can decrypt and steal the data. When an eavesdropper observes photons exchanged over the quantum communication channel, however, the states of the photons change, and the node receiving the photons can detect that the eavesdropper has observed the photons, based on the uncertainty principle that is the fundamental principle of the quantum mechanics. While such detection can discard the link key possibly having been eavesdropped, it is also preferable to route application keys by avoiding a classical communication channel that follows the same path as the quantum communication channel having possibly been eavesdropped. This is because, if an application key is encrypted using a link key that is not a one-time pad, an eavesdropper can steal the data exchanged over encrypted communication even with the application key encrypted and routed using a link key having not been eavesdropped.
While the disclosed technology mentioned above can select a path over a classical communication channel so that the depletion in the generated link keys is prevented, this technology has lacked a viewpoint of avoiding a link with a classical communication channel having been possibly eavesdropped by an eavesdropper. Furthermore, if a quantum communication channel and a classical communication channel are multiplexed onto one optical fiber with wavelength division multiplex (WDM), an application key may be stolen in the wavelength band of the classical communication via the optical fiber. In such a case, photons exchanged over the quantum communication channel may also be affected, and increase the error rate.