A quantum key distribution system generally includes a transmitter, a receiver, and an optical fiber link connecting them together. The transmitter continuously transmits single photons to the receiver through the optical fiber link (quantum communication channel) serving as a communication channel of an optical fiber. The transmitter and the receiver then exchange control information with each other so as to securely share an encryption key between the transmitter and the receiver. This technique is achieved using a technology generally called quantum key distribution (QKD).
In the quantum key distribution, the photons used for sharing the encryption key follow the uncertainty principle that is one of basic principles of quantum mechanics and states that a physical state is changed by being observed. Based on this principle, if an eavesdropper observes the photons including the information on the encryption key transmitted by the transmitter in the quantum communication channel, the physical state of the photons changes, so that the receiver that has received the photons can detect that the photons have been observed by the eavesdropper. As a result, a secure encryption key can be obtained by exchanging the control information between the transmitter and the receiver based on the sequence of photons obtained by the transmitter and the sequence of photons detected by the receiver.
Key distillation processing needs to be executed at each of the transmitter and the receiver to share an encryption key between the transmitter and the receiver by the quantum key distribution. The key distillation processing includes sifting processing, error correction processing, and privacy amplification processing. The sifting processing extracts a bit string for which bases used at the transmitter and the receiver match with each other. The error correction processing corrects error in the bit string generated for the transmitter and the receiver. The privacy amplification processing compresses the bit string to discard information probably eavesdropped by an eavesdropper. In this manner, the transmitter and the receiver share a secure encryption key guaranteed not to have been eavesdropped. The shared encryption key is used to perform encrypted data communication between the transmitter and the receiver or between applications connected with the transmitter and the receiver.
In the quantum key distribution, as described above, according to the fundamental principle of quantum mechanics, when an eavesdropper on the quantum communication channel observes a photon transmitted by the transmitter, the physical state of the photon is changed, and this change appears in a quantum bit error rate (QBER) of the link between the transmitter and the receiver. Any attempt to eavesdrop the photon by the eavesdropper changes the physical state of the photon and results in an increase in the QBER, which tells the presence of the eavesdropper to the receiver and the transmitter.
A disclosed quantum key distribution system uses a decoy state QKD protocol, and a protocol that the probability of selection of a basis on which the polarization of the photon is observed is biased, so as to efficiently generate a highly secure encryption key obtained by removing the amount of information leaked to the eavesdropper. This system estimates a parameter necessary for calculation from a value measured when the quantum key distribution is performed, and derives a formula for calculation of the key length of an encryption key that achieves implementation on a real system and sufficient security.
The generation amount of encryption key shared in a unit time is called a secure key rate. A higher secure key rate indicates higher performance of the quantum key distribution system because the encrypted data communication can be achieved faster and more securely by using a larger number of encryption keys.
In the above-described privacy amplification processing by such a quantum key distribution system, the key length calculation of the length of a final encryption key is performed, followed by hash calculation, which is a matrix calculation using a hash corresponding to the calculated length of an encryption key. These calculations, however, generate a heavy load and hence an increase in processing time of the privacy amplification processing. This causes an increase in processing time of the whole quantum key distribution, leading to a decrease in the secure key rate.