(1) Field of the Invention
The present invention relates to an encryption/cryptogram decoding technique used in a system in which information is encrypted before being transmitted and received and, more particularly, to an encryption/cryptogram decoding technique having a far greater encryption strength than conventional mathematical encryption by using the classic physical random number etc. instead of quantum fluctuation in the Yuen quantum cryptography scheme and capable of being applied to a variety of media.
(2) Description of the Related Art
In a network at present, as an encryption method, mathematical encryption such as shared key encryption is used. Typical examples include stream cipher (classic encryption). FIG. 18 is a block diagram showing a configuration of a general transmission/reception system to which the stream cipher has been applied, and a transmission/reception system 100 shown in FIG. 18 is configured so as to provide an encryptor 110 on the side of a legitimate transmitter that encrypts a plain text and a cryptogram decoder 120 on the side of a legitimate receiver that decodes the cipher text transmitted via a network etc.
Here, the encryptor 110 is configured so as to provide a pseudo random number generator 111 and an encryptor (an exclusive OR arithmetic unit). The pseudo random number generator 111 generates and outputs a pseudo random number ri based on a encryption key K set in advance and, for example, if the encryption key K is a binary number of 100 bits, as a pseudo random number ri, a binary number of (2100−1) bits, that is, a pseudo random number with a period of (2100−1) bits is generated. The modulation section 112 calculates an exclusive OR (XOR) of plain text xi to be encrypted and the pseudo random number generated by the pseudo random number generator 111 and outputs it as cipher text ci. In other words, the plain text xi is encrypted by the modulation section 112 based on the pseudo random number ri and output as cipher text ci.
The cryptogram decoder 120 is configured so as to provide a pseudo random number generator 121 and a demodulation section (an exclusive OR arithmetic unit) 122. The pseudo random number generator 121 generates and outputs a pseudo random number ri in synchronization with the pseudo random number generator 111 based on the same encryption key K as that of the pseudo random number generator 111 of the encryptor 110. The demodulation section 122 calculates an exclusive OR (XOR) of cipher text ci transmitted from the encryptor 110 and a pseudo random number ri generated by the pseudo random number generator 121 and outputs it as plain text xi. In other words, the cipher text ci is decoded by the demodulation section 122 based on the pseudo random number ri (the pseudo random number generated based on the same encryption key as the encryption key K used to generate the pseudo random number ri on the encryptor 110 side) in synchronization with the pseudo random number ri on the encryptor 110 side and output as plain text xi.
In the transmission/reception system 100 to which such stream cipher has been applied, there is the possibility that cipher text ci may be decoded by an attack method called a known plain text attack. The known plain text attack is an attack method by which an interceptor not only intercepts cipher text ci but also acquires plain text xi before encrypted into the cipher text ci and obtains a pseudo random number by collating the cipher text ci and the plain text xi and using the pseudo random number, decodes the cipher text other than the part the plain text of which has been acquired.
Since the pseudo random number generator 111 calculates and outputs a numerical sequence that seems to be a random number in a pseudo manner based on the encryption key K, if the pseudo random number sequence output from the pseudo random number generator 111 is acquired with a length more than the number of digits of the encryption key K, the encryption key K is calculated inversely from the pseudo random number sequence and all of the pseudo random numbers are reproduced as a result. For example, if 100 bits of cipher text and 100 bits of plain text corresponding to the cipher text are acquired, the 100 bits of the encryption key is calculated inversely and other cipher text is decoded.
In such a situation, recently, a quantum cipher technique is considered as impossible to decode (unconditionally safe) against any attack method including the above-mentioned known plain text attack. For example, in the following patent documents 1 and 2, a technique called Yuen cipher (Y-00 scheme quantum cryptography) or a technique called quantum stream cipher is proposed. The Y-00 scheme quantum cryptography is quantum cipher communication using a number of quantum states in a quantum-mechanically non-orthogonal state as a multi-valued signal.
A case where Y-00 scheme quantum cryptography is realized with a multilevel phase modulation scheme by using light beams in a coherent state as a quantum state is explained below with reference to FIG. 19.
Coherent light beams arranged with adjoining phase angles are assigned with plain text of one bit “0” and plain text of one bit “1” by turns. In an example shown in FIG. 19, the coherent light beams arranged at phase angles φi−1, φi, φi+1, and φi+2 are assigned with plain text “0”, “1”, “0”, “1”, . . . , respectively.
When the light intensity expressed by the number of photons is about 10,000, the interval of arrangement of phase multilevel signals is designed so that coherent light beams the phase angles of which are close cannot be distinguished from each other due to quantum fluctuation (coherent noise) by performing multilevel phase modulation of about 200 levels. In the example shown in FIG. 19, the interval of arrangement of phase multilevel signals is designed so that the two coherent light beams arranged at adjoining phase angles φi−1, φi+1, respectively, are within quantum fluctuation by performing multilevel phase modulation of the coherent light with phase angle φi.
On the other hand, coherent light beams 180 degrees different in phase angle from each other are assigned with plain text with inverted bits. For example, when the coherent light beam at a phase angle of 0 degree is assigned with plain text of one bit “0”, the coherent light beams at a phase angle of 180 degrees is assigned with plain text of one bit “1”. With these coherent light beams 180 degrees different in phase angle from each other as a set, which one of sets is used to express plain text of one bit is determined using a pseudo random number with which a transmitter side and a receiver side are synchronized and the pseudo random number is switched to another one for each communication of plain text of one bit.
In the example shown in FIG. 19, the respective coherent light beams at the phase angles φi−1, φi, φi+1, φi+2, . . . , are assigned with plain text “0”, “1”, “0”, “1”, . . . , and the coherent light beams 180 degrees different in phase angle from each other, that is, the respective coherent light angles at the phase angles φi−1+180°, φi+180°, φi+1+180°, φi+2+180°, . . . , are assigned with plain text “1”, “0”, “1”, “0”, . . . . At this time, when N (N is even) of the coherent light beams different in phase angle to one another are set, N/2 of sets of coherent light beams 180 degrees different in phase angle are set, as a result, and a value among N/2 of integer values, for example, among 0 to (N/2−1), is generated as a pseudo random number. Then, when plain text of one bit “1” is transmitted, if, for example, “i” is generated as a pseudo random number, the set of coherent light beams as the phase angles φi and φi+180° is selected and multilevel phase modulation of the coherent light beam at a phase angle of φi is performed so that the coherent light beams at a phase angle of φi and the adjoining coherent light beams as phase angles of φi−1 and φi+1 are within quantum fluctuation, and thus an optical signal after multilevel phase modulation is transmitted.
Since the reception side knows which set of coherent light beams is used using the pseudo random number synchronized with the transmission side, therefore, it is possible to judge whether the plain text is “1” or “0” by discriminating the two states 180 degrees different in phase angle.
At this time, since the quantum fluctuation is small, discrimination of coherent light beams at phase angles close to each other (discrimination distance is small) is impeded, however, when discrimination of which one of the two coherent light beams 180 degrees apart in phase angle is received is not impeded. However, an interceptor does not know the pseudo random number that the legitimate transmitter and receiver use, therefore, it is not possible for him/her to know which one of sets of coherent light beams is used in communication.
Because of this, in order to decode the intercepted cryptogram, it is necessary for the interceptor to correctly know the phase of the coherent light beam the transmitter has sent to demodulate the light signal having been subjected to multilevel phase modulation, however, it is not possible for the interceptor to discriminate the coherent light beam indicative of the state of plain text (“1” or “0”) from the coherent light beam the phase angle of which is close to that of the coherent light beam in question for demodulation even if the interceptor has intercepted the coherent light beam flowing through the transmission channel because it is buried in the quantum fluctuation.
For example, if the reception side receives a light signal having been subjected to multilevel phase modulation so that the coherent light beam at the phase angle φi and the coherent light beams at the phase angles φi−1 and φi+1 are within the quantum fluctuation, it is necessary for the interceptor to discriminate between the coherent light beams at the phase angles φi−1, φi, and φi+1 (coherent light beams with small discrimination distance), therefore, decoding is impossible. In contrast to this, it is possible for the legitimate receiver to know that the set of coherent light beams at the phase angles φi and φi+180° is used based on the pseudo random number synchronized with that of the transmitter side, therefore, it is possible to discriminated between the two states of the phase angles 180 degrees different, to demodulate to know that the plain text is “1”, and to decode the cryptogram.
As described above, according to Y-00 scheme quantum cryptography, an extremely high safety can be secured compared to the classic cryptography without quantum fluctuation because information is devised so that discrimination is impossible by means of quantum fluctuation. As a technique for further improving safety, the Deliberate Signal Randomization (DSR) theory that irregularly varies a multilevel signal to be transmitted has been developed (refer to the non-patent documents 1 and 3).
On the other hand, the above-mentioned scheme cannot be used with electric signals or electromagnetic waves because it uses a quantum-mechanical communication medium. Although inferior to a quantum system as to safety, a scheme called classic Y-00 scheme that performs such cryptography in a classic physical system has been researched in Tamagawa University etc.
[Non-patent document 1] H. P. Yuen, “A New Approach to Quantum Cryptography”, quant-ph/0311061 v6 (30 Jul. 2004)
[Non-patent document 2] O. Hirota, K. Kato, M. Sohma, T. Usuda, K. Harasawa, “Quantum stream cipher based on optical communications”, Proc. On Quantum communication and quantum imaging, Proc. of SPIE, vol-5551, pp206-219, 2004
[Non-patent document 3] T. Tsuchimoto, T. Tomari, S. Usami, T. Usuda, I. Takumi, “Quantum optimum detection properties for mixed state by DSR”, The 27th Information Theory and Applications Symposium, vol-1, pp. 359-362, December, 2004.
It is necessary to use a communication medium having quantum-mechanical properties in order to perform the above-mentioned Y-00 scheme in a quantum system, therefore, its application range is limited. In such a situation, the applicants of the present invention have proposed a classic Y-00 scheme for performing the Y-00 scheme using pseudo random numbers and physical noises in the classic physical system (for example, Japanese Patent Application No. 2004-260512 etc.) However, the embodiments of the classic Y-00 scheme so far apply analog DSR, therefore, its output is necessarily a multilevel signal and application of the encryption technique is not possible to a recording media such as an electric memory, a flexible disc, a CD (Compact Disc), and a DVD (Digital Versatile Disc), etc.
Then, the applicants of the present invention have proposed a technique having a far greater encryption strength than conventional mathematical encryption by using the classic pseudo random number instead of quantum fluctuation in the Yuen quantum cryptography scheme and capable of realizing the classic Yuen cryptography applicable to a variety of media (refer to Japanese Patent Application No. 2005-276117). In this technique, the output of multilevel modification by a pseudo random number is further subjected to modulation in which a discrete DSR technique by a physical random number is performed, therefore, a discrete signal output is obtained and thus it is made possible to perform desired channel coding. Due to this, the classic Y-00 scheme encryption has been proposed, which has a far greater encryption strength than the conventional mathematical encryption and capable of being stored as data in electric memories and a variety of recording media that can be used in electromagnetic wave communication and electrical communication and further capable of minimizing the influence on the communication rate without being influenced by noises.
This time, the applicants of the present invention have newly developed an encryption/cryptogram decoding technique applicable to a variety of media and having a far greater encryption strength than the conventional mathematical encryption (the same encryption strength as that of the above-mentioned classic Y-00 scheme cryptography) by using a method different from the above-mentioned classic Y-00 scheme cryptography. Thus, it is an object of the present invention to disclose and provide the encryption/cryptogram decoding technique.