Leading cryptography of today, which bases its security on complexity theory or an amount of computation, develops significantly with mathematical science. On the other hand, there is a form which uses, during a communication process, principles of physics relating to physical phenomena of a signal system in order to guarantee its security, and therefore realizes an unbreakable cipher. The form is referred to as physical cryptography, which includes quantum cryptography of which developments have been advanced in recent years.
A quantum cryptography technique such as quantum cryptography using a secret key distribution protocol (BB-84) is disclosed in Non-patent Document 1. The quantum cryptography disclosed in Non-patent Document 1 is a technique which follows a principle that completely secure cryptographic communication is only possible by means of one time pad using a key of length greater than plaintext and which technique applies quantum communication so as to distribute a large number of keys required for the one time pad.
Additionally, another quantum cryptography technique such as common key quantum cryptography has been developed, which is so secure as to be expected to be utilized on the current optical networks and as to be declared to be unbreakable even by an infinite computational capability. The common key quantum cryptography is a technique which applies a new framework referred to as an M-ary quantum state modulation method and which allows an optical modulator/demodulator provided between legitimate sender and receiver to communicate M (M is a positive integer) quantum state signal bases by switching the M quantum state signal bases in accordance with a common pseudo-random number so as to directly communicate plaintext in cipher.
A quantum state signal basis as used herein refers to a pair of two quantum state signals which transmit information representing logical values “1” and “0”. Hereinafter, the quantum state signal basis will be simply referred to as a “basis”. For example, when coherent state signals in a 0 degree phase and in a 180 degree phase transmit information, a pair of two quantum state signals transmitting the information is a basis.
A cryptographic protocol based on the above-described idea is referred to as Yuen-2000 cryptographic communication protocol (abbreviated as Y-00 protocol). Presently, a communication method for realizing Y-00 protocol includes an optical phase modulation method disclosed in Non-patent Document 2 and an optical intensity modulation method disclosed in Non-patent Document 3. In each of the above methods, a basis group is arranged in accordance with a relational equation. In the optical phase modulation method, bases are positioned at positions which are provided on a phase plane by dividing circumference of amplitude A at regular intervals by the number of signals. In the optical intensity modulation method, bases are positioned at positions which are provided by dividing a difference between a maximum intensity and a minimum intensity equally by the number of signals and are also provided based on a middle point intensity of the maximum intensity and the minimum intensity.
With reference to FIG. 3, basic principles of a conventional cryptographic communication device using the optical intensity modulation method disclosed in Non-patent Document 3 will be described.
In FIG. 3, the conventional cryptographic communication device includes an optical transmitter 10 and an optical receiver 20 which are connected to each other by an optical communication path 30 such as an optical fiber. The optical transmitter 10 includes a carrier generation section 11, an M-ary intensity modulation section 12, a pseudo-random number generation section 13, a basis selection control section 14, and a transmission data generation section 15. The optical receiver 20 includes a photo diode 21, a threshold control section 22, a pseudo-random number generation section 23, and a basis selection control section 24. The pseudo-random number generation section 13 included in the optical transmitter 10 has a structure and a function substantially similar to those of the pseudo-random number generation section 23 included in the optical receiver 20. Further, the basis selection control section 14 included in the optical transmitter 10 has a structure and a function substantially similar to those of the basis selection control section 24 included in the optical receiver 20.
The carrier generation section 11 may include, for example, a laser diode, so as to output a predetermined optical carrier. The transmission data generation section 15 generates transmission data including logical values “1” and “0”. The pseudo-random number generation section 13 generates a binary pseudo-random number sequence, i.e., a binary running key sequence, based on an initial key K to be received. The basis selection control section 14 divides the binary running key sequence into blocks by a unit of log2M bits, so as to convert the binary running key sequence into decimal running keys each of which corresponds to each of the blocks. Then, the basis selection control section 14 selects a basis from a basis group in accordance with each of the running keys, so as to indicate, to the M-ary intensity modulation section 12, the basis as basis information. The M-ary intensity modulation section 12 intensity-modulates the optical carrier by the transmission data, and simultaneously causes, by using intensities of the basis indicated as the basis information, the optical carrier to include information representing a logical value “1” or “0”, so as to output the intensity-modulated optical carrier to the optical receiver 20 via the optical communication path 30.
The photo diode 21 receives the intensity-modulated optical signal outputted from the optical transmitter 10 via the optical communication path 30. The pseudo-random number generation section 23 generates a binary running key sequence, based on an initial key K to be received. The basis selection control section 24 divides the binary running key sequence into blocks by a unit of log2M bits, so as to convert the binary running key sequence into decimal running keys each of which corresponds to each of the blocks. Then, the basis selection control section 24 selects a basis from a basis group in accordance with each of the running keys, so as to indicate, to the threshold control section 22, the basis as basis information. Based on the basis information indicated by the basis selection control section 24, the threshold control section 22 controls which threshold is to be used so as to determine the received signal, and extracts the logical value “1” or “0” included in the signal so as to output the extracted logical value as reception data.
In the above-described conventional cryptographic communication device, the basis groups, i.e., basis positions, which are used in the basis selection control section 14 and the basis selection control section 24, respectively, are an important element for determining the strength of a cipher. With reference to FIG. 4, a conventional method for positioning bases will be described below.
First, a dynamic range of intensity modulation is set to range from a maximum intensity Smax to a minimum intensity Smin. A middle point intensity of the maximum intensity Smax and the minimum intensity Smin is set as [(Smax−Smin)/2]. Each of the bases includes a high intensity and a low intensity which are positioned in accordance with a rule that the high intensity is higher than the middle point intensity and the low intensity is lower than the middle point intensity. Further, the number M of the bases is determined such that a distance (an intensity difference) between adjacent signals (between an intensity Si and an intensity Si+1) is buried within quantum fluctuations. For example, as shown in FIG. 4, signal intensities are arranged from the maximum intensity Smax to the minimum intensity Smin, in order of S1, S2, . . . , SM−1, SM, SM+1, . . . , S2M, so as to provide bases {S1, SM+1}, {S2, SM+2}, . . . . Note that adjacent bases are set to have an intensity signal transmitting a logical value “1” of transmission data and an intensity signal transmitting a logical value “0” of transmission data in an inverted manner.
In the above-described conventional cryptographic communication device, the legitimate receiver is to identify signals having two values between which a distance is large, and therefore hardly causes any error. However, an eavesdropper, who does not know an initial key K, is restricted to a receiving method for identifying signals having 2M values between adjacent two of which the distance is small, and therefore, an error is caused in obtained reception data due to quantum fluctuations or quantum shot noise. Thus, the eavesdropper cannot obtain information about cryptogram per se.
In the above-described mechanism, which is a kind of random stream cipher, data is randomized by quantum fluctuations, and therefore, randomness of the data cannot be changed back to a certain value by calculations. Thus, for the above reasons, Y-00 protocol can realize a cipher having high security.
The cryptography using Yuen protocol includes conventional optical communication of which communication system has little quantum nature. However, as described above, the cryptography using Yuen protocol provides ultra security based on an invention in which an eavesdropper who does not know a key cannot obtain information due to quantum fluctuations.
Non-patent Document 1: C. H. Bennett and G. Brassard, “Quantum cryptography”, in Proc. IEEE, Int. Conf. on Computers system, and signal processing, p. 175, 1984
Non-patent Document 2: G. A. Barbosa, E. Corndorf, P. Kumar, H. P. Yuen, “Secure communication using mesoscopic coherent state”, Phys. Rev. Lett., vol-90, 227901, 2003
Non-patent Document 3: O. Hirota, K. Kato, M. Sohma, T. Usuda, K. Harasawa, “Quantum stream cipher based on optical communication”, SPIE Proc. on Quantum Communications, vol-5551, 2004