In response to the recent explosive growth of the Internet and the practical application of electronic commerce, the social need for cryptographic techniques is rising in order to achieve communication confidentiality, prevent unauthorized alteration, and authenticate individuals. Currently, common key systems such as DES (Data Encryption Standard) encryption and public key systems such as RSA (Rivest Shamir Adleman) encryption are widely used. These systems are based on “computationally secure” schemes. Thus, existing encryption methods are always threatened by advances in computer hardware and decryption algorithms. A practical application of information theoretically secure encryption methods will have a significant impact especially on fields requiring extremely high security such as transactions between banks and exchange of information regarding military and foreign affairs.
The one-time pad method is an encryption method proved to be unconditionally secure in information theory. The one-time pad method is characterized in that cryptographic keys, having the same length as corresponding communication messages, are discarded after being used once. In Non-patent Document 1 cited below, a specific protocol for securely distributing cryptographic keys used in the one-time pad method is suggested. Thereafter, more and more research on quantum cryptography has been carried out. Since physical laws guarantee the security of quantum cryptography, ultimate security independent of the limits of computer performance can be guaranteed. In the quantum cryptography currently studied, 1-bit information is transmitted as a state of a single photon. Hence, a change in the state of the photon caused by an optical fiber, namely a transmission path, markedly reduces the security of quantum cryptography.
In a known quantum cryptographic device (see, for example, Patent Document 2 cited below), an optical pulse is temporally split into two time-divided optical pulses using an interferometer, having different optical paths, at a second station (i.e., a transmitting side). By modulating a phase difference of these time-divided optical pulses, a random number bit, composing a cryptographic key, is represented. The transmitted random number bit is regenerated at a first station (i.e., a receiving side) by causing the two time-divided optical pulses to interfere. Accordingly, optical-path differences of interferometers used at the second station (i.e., the transmitting side) and the first station (i.e., the receiving side) have to be completely the same. In addition, a change in a polarization state at the transmission path lowers interference visibility, which increases reception error rate. The quantum cryptography utilizes the increase in the reception error rate to detect eavesdroppers. Thus, the increase in reception error rate due to the change in the polarization state at the transmission path lowers eavesdropper detection probability, which results in a decrease in the security of the quantum cryptography. Furthermore, in the quantum cryptographic device, with an assumption that there have been eavesdropping acts, the amount of information corresponding to potentially eavesdropped bits in the random number bits groups shared between the first station and the second station is discarded to ascertain the confidentiality of the shared random number bits data. At this time, the reception error rate determines the amount of information to be discarded. If the reception error rate is high, more information has to be discarded, which decreases the amount of shared random number data, thus reducing the generation rate of cryptographic keys in the quantum cryptography.
To address the above problems, as described in Patent Document 1, Patent Document 3 which is a simplified configuration of that described in Patent Document 1, or Non-patent Document 2 cited below, a quantum cryptographic device for compensating the change in the polarization direction using a Faraday mirror has been invented. In this device, a receiver first transmits temporally split optical pulses, whose polarization directions are orthogonal, to a sender. The sender reverses the traveling direction of the transmitted light using the Faraday mirror. At the same time, the sender produces a phase difference between the time-divided optical pulses with a phase modulator after rotating their polarization directions by 90 degrees, and then transmits them back to the receiver. With such a reversing configuration, an interferometer for temporally splitting an optical pulse and an interferometer for recombining the time-divided optical pulses are identical. Thus, interference with high visibility is obtained as long as the optical-path difference of the interferometer is maintained to be constant for a period longer than round trip time of the optical pulses. As is well known, regardless of disturbance of the polarization state at the transmission path, the polarization direction of the retuning light reflected by the Faraday mirror becomes orthogonal to its initial state. Hence, the visibility of the interferometer is not degraded by the disturbance of the polarization state at the transmission path, whereby the security of the quantum cryptography is guaranteed.    Patent Document 1: PCT Japanese Translation Patent Publication NO. 2000-517499    Patent Document 2: Japanese Patent No. 2951408    Patent Document 3: U.S. Pat. No. 6,188,768B1    Non-patent Document 1: Bennet and Brassard, IEEE Int. Conf. on Computers, Systems, and Signal Processing, Bangalore, India, pp. 175 (1984)    Non-patent Document 2: Ribordy, Gautier, Gisin, Guinnard, and Zbinden, Electronics Letters vol. 34, pp. 2116-2117 (1998)