A quantum key distribution system is configured by including a transmitter, a receiver, and an optical fiber link connecting them together. The transmitter continuously transmits single photons to the receiver through the optical fiber link (quantum communication channel) serving as a communication channel of an optical fiber. The transmitter and the receiver then exchange control information with each other so as to securely share an encryption key between the transmitter and the receiver. This technique is achieved using a technology generally called quantum key distribution (QKD).
In the quantum key distribution, the photons used for sharing the encryption key follow the uncertainty principle that is one of basic principles of quantum mechanics and states that a physical state is changed by being observed. Based on this principle, if an eavesdropper observes the photons including the information on the encryption key transmitted by the transmitter in the quantum communication channel, the physical state of the photons changes, so that the receiver that has received the photons can detect that the photons have been observed by the eavesdropper. As a result, a secure encryption key assured to have not been tapped can be obtained by exchanging the control information between the transmitter and the receiver based on the sequence of photons obtained by the transmitter and the sequence of photons detected by the receiver.
Each application connected to corresponding one of two nodes (such as the transmitter and the receiver described above) or included in corresponding one of the nodes uses the above-described encryption key shared between the two nodes to perform encrypted data communication, for example, using an encrypted communication method called one-time pad. The one-time pad refers to an encrypted communication method to encode or decode data to be transmitted or received using an encryption key having the same size as that of the data, and to discard the encryption key after being used once. The encrypted data communication using the one-time pad is guaranteed by information theory to be indecipherable by any eavesdropper having any knowledge. The technology for performing the encrypted data communication using the secure encryption key shared through the quantum key distribution as described above is called quantum cryptographic technology.
A secure key rate (encryption key distribution rate or encryption key generation rate) serving as a basic performance indicator of the quantum key distribution is defined as a length (bit-length) of an encryption key that can be generated and shared per unit time. A quantum key distribution system that can share more encryption keys per unit time can be said to have a capability of high-speed quantum key distribution. Achieving a high-speed quantum key distribution can improve the speed and security of the encrypted data communication using the encryption key that has been generated and shared. Therefore, it is important to improve the secure key rate in the quantum key distribution. The quantum key distribution is basically constituted by four processing steps. A first processing step is a photon transmission/reception processing step. A second processing step is a sifting processing step. A third processing step is an error correction processing step. A fourth processing step is a privacy amplification processing step. These four processing steps need to be quickened to improve the secure key rate.
A factor that hampers speeding up of the sifting processing among the four processing steps described above is time stamp communication in which the receiver transmits information (hereinafter, called “time stamp information” in some cases) on time when a single photon is detected to the transmitter. One piece of the time stamp information needs to be transmitted (through the time stamp communication) for one detected photon, so that, in order to achieve higher-speed quantum key distribution, an increase in the number of detected photons per unit time increases the amount of the time stamp communication required per unit time. When a physical limit of a communication channel for performing the time stamp communication is reached, the sifting processing cannot be operated. Although a countermeasure can be considered in which the band of the communication channel for the time stamp communication is widened, such a countermeasure is difficult to be taken in some cases due to problems in structure and cost of hardware for carrying out the countermeasure.
A technique has been developed in which, in the sifting processing, information on a difference between time of previous detection of a photon and time of current detection of a photon is transmitted as the time stamp information, instead of transmitting the time information itself as the time stamp information to be transmitted in the time stamp communication.
The technique described above can compress the time stamp information, and thus can reduce the amount of the time stamp communication, that is, can increase the processing rate of the sifting processing. The sifting processing rate is, however, not sufficiently increased by application of the technique described above. To further increase the secure key rate, the sifting processing rate needs to be increased by further reducing the amount of the time stamp communication.