1. Field of the Invention
The present invention relates to a communication system using a communication channel that is relatively less reliable in communication and a communication channel that is relatively highly reliable in communication. Particularly, the present invention relates to a method and system for generating secret information shared between a sender and a receiver.
2. Description of the Related Art
In the field of quantum cryptography, based on Heisenberg's uncertainty principle, it is known that eavesdropping between a sender and a receiver can be detected with high probability. Conversely, this fact indicates that a sender and a receiver can share a secret bit string (cryptographic key) without being eavesdropped. For a procedure to share secret information, for example, the BB84 (Bennett Brassard 84) protocol using four quantum states is known as well as other protocols. A high level of security can be achieved by generating through this procedure a key for Vernam cipher, which has been proved to be absolutely secure. There have been proposed several techniques for sharing such a quantum cryptographic key.
For example, Japanese Patent Application Unexamined Publication No. 2000-174747 discloses a quantum cryptographic system in which a sender and a receiver share a secret key by using quantum and classical channels. Specifically, the sender extracts bit values from a random number list, finely modulates optical pulses according to the bit values, and sends out the modulated optical pulses through the quantum channel. The receiver extracts bit values from another random number list, re-modulates the received optical pulses according to the bit values, and notifies the sender through the classical channel whether or not photon detection occurs for each bit value. The sender constructs a random number list using only the bit values for which photon detection occurred on the receiver side. Thus, the sender and the receiver each store the random number list in common. Further, to check the presence of an eavesdropper, an appropriate number of check bits are extracted from each of the sender's and receiver's versions of the common random number list, and it is checked if they match up using the classical channel. When a sufficient number of the bits match up, the sender and the receiver use the bit string excluding the check bits as a shared secret key.
Japanese Patent Application Unexamined Publication No. 2004-112278 discloses a quantum key distribution method that enhances the efficiency in common-key generation by eliminating data errors occurring due to the passing of photons along a quantum communication line (quantum channel). More specifically, a sender sends through the quantum communication line photons in respective quantum states that are defined by a string of random numbers (transmission data) and randomly determined bases (transmission code). A receiver measures the received photons and obtains reception data that is defined by the results of this measurement and randomly determined bases (reception code). Thereafter, only the bits corresponding to matched bases are left to be kept by a procedure performed through the public communication line, whereby the sender and the receiver each store shared information. Subsequently, the sender sends through the public communication line a given number of bits of error correction information generated from a parity check matrix and the transmission data. The receiver corrects errors in the reception data by using the error correction information received, the reception data, and the same parity check matrix. Part of the shared information after correction is discarded according to the information revealed for the error correction, and a shared cryptographic key is made of the remaining information.
As described above, for a sender and a receiver to share information, both the sender and the receiver must specify which bits have been able to be detected correctly and which bits have not. In other words, in a quantum key distribution system, it is necessary to establish bit position synchronization between the sender and the receiver. The establishment of bit position synchronization is a major promise for a key generation flow. A final key cannot be generated unless synchronization is established.
However, according to the above-mentioned conventional methods, there remains a possibility that the bit positions lose synchronization due to the expansion and contraction of a transmission line and processing deviations occurring in devices involved. According to the key generation flow described in Japanese Patent Application Unexamined Publication No. 2000-174747, if the bit positions lose synchronization in practical operation, the check bits do not sufficiently match up, which is considered as the detection of an eavesdropper. Consequently, the key generation operation is performed again after bit position synchronization is reestablished. In this circumstance, all the key that has been generated by single-photon transmission comes to nothing, resulting in a significantly degraded efficiency in common-key generation.
Similarly, according to the method described in Japanese Patent Application Unexamined Publication No. 2004-112278, when the bit positions lose synchronization, the error rate of the reception data becomes very large, resulting in it being impossible to generate a common key. Additionally, no consideration is given to the processing to be performed when the error rate is large.