The statements in this section merely provide background information related to the present disclosure and do not necessarily constitute prior art.
In general, a quantum key distribution (QKD) system uses two single photon detectors (SPDs) and each SPD outputs bit 1 (one) in a binary numeral system when a signal is detected (so-called “click”), and outputs bit 0 (zero) in a binary numeral system when no signal is detected. When the two SPDs are denoted by D_0 and D_1, there are four events of bit information output from D_0 and D_1 as follows:
(D_0, D_1)=(0,0)→corresponding to No click event
(D_0, D_1)=(1,0)→corresponding to Normal signal bit 0 event
(D_0, D_1)=(0,1)→corresponding to Normal signal bit 1 event
(D_0, D_1)=(1,1)→corresponding to Double click event
The double click event at the end refers to the case where both SPDs detect signals. In this double click event, bit 0 and bit 1 are simultaneously generated despite the same basis being used by both the sender and the receiver so that an error of 50% occurs when either one of the two bits is selected. As such, it is generally preferred to prevent such double click events from being reflected in a protocol.
The inventor(s) has noted that Norbert Lutkenhaus has proposed in non-patent document 1 and non-patent document 2 that double click events generated in a QKD system are not to be removed and are to be separately and safely treated.
An attack is assumed in which an attacker assails a polarizing beam splitter of a receiver with multiple photons under the same basis. As shown in Table 1, when the receiver makes a measurement using a conjugate basis different from that of the attacker's, a double click event occurs in which both of a pair of the receiver SPDs detect signals. When the receiver makes a measurement using the same basis as the attacker's, a normal event is detected.
TABLE 1SenderAttackerReceiverEventAxisAxisAxisMeasurement1XXXNormal (no error),Attacker = Receiver2XXZDouble Click3XZXDouble Click4XZZNormal (50% error),Attacker = Receiver5ZXXNormal (50% error),Attacker = Receiver6ZXZDouble Click7ZZXDouble Click8ZZZNormal (no error),Attacker = Receiver
When a receiver side determines double click events (events 2, 3, 6 and 7 in Table 1) as abnormal events and discards these events, and uses bits corresponding to the other events (events 1, 4, 5 and 8 in Table 1) as a raw key to implement a QKD protocol, then the receiver finally shares the same information with the attacker. As a result, the attacker can steal the final key without being discovered by a sender or the receiver.
To solve this problem, according to a prior art, double click events are not discarded and bit 0 or bit 1 is arbitrarily allocated whenever a double click event occurs. The sender and the receiver detect an attack of the attacker since the bit value arbitrarily allocated to the double click event generates a bit error with a probability of 50% and consequently increases a quantum bit error rate (QBER).
Here, the inventor(s) has noted that it is required to preclude any regularity in allocating bits 0s or bits 1s to the double click events so that the attacker can be interpreted as capturing from normal events as much information on the key as the ratio of the double click occurrence. However, even further information on the double click events in themselves has to be interpreted as the attacker's capture of information on the key in case the bits 0s or bits 1s are allocated with regularity. In other words, the attacker takes information corresponding to the number of double click events when bit 0 or bit 1 is arbitrarily allocated, and takes information corresponding to twice the number of double click events if bit 0 or bit 1 is allocated with regularity.
As such, according to the prior art, a QKD system is supposed to arbitrarily allocate bit 0 and bit 1 to a double click event, and requires an additional device such as a true random number generator (TRNG) or a true random bit generator (TRBG), and this causes much burden to the QKD system in terms of cost and volume.
Non-patent document 1: “Estimates for practical quantum cryptography”, Physical Review A 59, 3301-3319 (1999)
Non-patent document 2: “Security against individual attacks for realistic quantum key distribution”, Physical Review A 61: 052304 (2000)