1. Field of the Invention
The present invention relates to a random number generating and sharing system, an encrypted communication apparatus, and a random number generating and sharing method for use therein, and more particularly to a method of mutually authenticating parties concerned in a quantum encryption key distribution system for distributing a key in a common encryption key communication system.
2. Description of the Related Art
In a quantum encryption key distribution system, a sender terminal and a recipient terminal can safely generate and share a random number (encryption key) therebetween. Specifically, the quantum encryption key distribution system distributes an encryption key according to a process described below (see, for example, Japanese laid-open patent publication No. 2003-249928).
(1) When random number information is sent in the form of a light signal from a sender terminal to a recipient terminal, it is sent such that the number of photons per bit is 1. (2) If an eavesdropper inserts a branch connection between the sender terminal and the recipient terminal and peeps at the random number information, then photons sent from the sender terminal are branched and seized by the eavesdropper, and do not reach the recipient terminal.
(3) The recipient terminal can then detect the interception because it does not receive the light signal represented by the branched photons. (4) Bits that can be shared by the sender terminal and the recipient terminal are bits that have not been wiretapped. The sender terminal and the recipient terminal can safely generate and share a random number (encryption key) therebetween.
Heretofore, it has been the general practice for an encrypted communication apparatus to update a key (working key) for encrypting data for increased safety. When a working key is updated, it is important that its information should not be known to the other people.
Consequently, a working key is either encrypted by another encryption key (master key) and then sent, or manually updated. A master key is set up either manually or by a public encryption key, and distributed. If such a public encryption key is used, then it is necessary to authenticate the public encryption key.
Unlike the above encrypted communication apparatus, the quantum encryption key distribution system automatically generates and shares an encryption key autonomously between each pair of sender and recipient terminals. Therefore, the quantum encryption key distribution system does not need a process carried out by a third party, such as the manual setup of an encryption key or the authentication of a public encryption key which is performed by the conventional encrypted communication apparatus.
While the conventional quantum encryption key distribution system makes it possible to safely generate and share an encryption key between sender and recipient terminals, it is necessary to start generating and sharing an encryption key after it is confirmed that each of the sender and recipient terminals is connected to a proper party.
For example, as shown in FIG. 1 of the accompanying drawings, if a malicious party connects a false terminal to a sender terminal, e.g., false recipient terminal 9b to normal sender terminal 8a in FIG. 1, then an encryption key is generated and shared by the false terminal and the sender terminal, and known to the malicious party, unless a legitimate connection is confirmed.
Since the conventional quantum encryption key distribution system is at risk of having encrypted data wiretapped and decrypted using a seized encryption key, an encryption key needs to start being generated and shared after each of the sender and recipient terminals confirms that it is connected to a proper party. However, the conventional quantum encryption key distribution system is problematic in that it has no mechanism for confirming that each of the sender and recipient terminals is connected to a proper party.
FIG. 2A of the accompanying drawings shows a system made up of a normal sender terminal 8a and a normal recipient terminal 9b that are connected to each other. When a malicious party cuts off the normal transmission path of the system at two locations (A1, A2), the system can recognize that the transmission path is cut off, but is unable to recognize that it is cut off at the two locations.
Therefore, while the maintenance person is repairing one (A1 in FIG. 2A) of the two cut-off sites, as shown in FIG. 2B of the accompanying drawings, the malicious party can insert false recipient terminal 9b and false sender terminal 8b into the other cut-off site (A2 in FIG. 2A).
It is possible to detect the insertion of such false terminals by adding a check bit to a generated key. However, the probability that the insertion of false terminals is overlooked is not nil.
Moreover, inasmuch as some time is required until a false terminal is detected, a generated key may possibly be stolen before the false terminal is detected. The system is free of the above problems if it has a mechanism for confirming that each of the sender and recipient terminals is connected to a proper party and the companion party can be confirmed before an encryption key is generated. However, as described above, the conventional quantum encryption key distribution system does not have such a mechanism for confirming that each of the sender and recipient terminals is connected to a proper party.