(1) Field of the Invention
The present invention relates to an encryption/cryptogram decoding technique used in a system in which information is encrypted for transmission and reception, and particularly to a technique that realizes classic Yuen encryption having a far greater encryption strength than conventional mathematical encryption by using the classic physical random number instead of quantum fluctuation in the Yuen quantum cryptography system and capable of being applied to a variety of media.
(2) Description of the Related Art
In a modern network, as an encryption method, mathematical encryption such as common-key cryptography is used. Typical examples include stream cipher (classic cipher). FIG. 17 is a block diagram showing the configuration of a general transmission/reception system to which the stream cipher is applied, and a transmission/reception system 100 shown in FIG. 17 is configured by including an encryptor 110 encrypting plain text on a legitimate transmitter side and a cryptogram decoder 120 decoding the cipher text transmitted via a network etc. on a legitimate receiver side.
Here, the encryptor 110 is configured by including a pseudo random number generator 111 and a modulation section (an exclusive OR arithmetic unit) 112. The pseudo random number generator 111 generates and outputs a pseudo random number ri based on an encryption key K set in advance and, for example, if the encryption key K is a binary number of 100 bits, as the pseudo random number ri, a binary number of (2100−1) bits, that is, a pseudo random number with a period of (2100−1) bits is generated. The modulation section 112 calculates an exclusive OR (XOR) of plain text xi to be encrypted and the pseudo random number ri generated by the pseudo random number generator 111 and outputs it as cipher text ci. In other words, the plain text xi is encrypted by the modulation section 112 based on the pseudo random number ri and output as the cipher text ci.
In addition, the cryptogram decoder 120 is configured by including a pseudo random number generator 121 and a demodulation section (an exclusive OR arithmetic unit) 122. The pseudo random number generator 121 generates and outputs the pseudo random number ri in synchronization with the pseudo random number generator 111 based on the same encryption key K as that of the pseudo random number generator 111 of the encryptor 110. The demodulation section 122 calculates an exclusive OR (XOR) of the cipher text ci transmitted from the encryptor 110 and the pseudo random number ri generated by the pseudo random number generator 111 and outputs it as the plain text xi. In other words, the cipher text ci is decoded by the demodulation section 122 based on the pseudo random number ri (the pseudo random number generated based on the same encryption key as the encryption key K used to generate the pseudo random number ri on the encryptor 110 side) in synchronization with the pseudo random number ri on the encryptor 110 side and output as the plain text xi.
In the transmission/reception system 100 to which such stream cipher is applied, there is the possibility that the cipher text ci may be decoded by an attack method called a known plain text attack. The known plain text attack is an attack method by which an interceptor not only intercepts the cipher text ci but also acquires the plain text xi before encrypted into the cipher text ci and obtains a pseudo random number by collating the cipher text ci and the plain text xi and using the pseudo random number, decodes the cipher text other than the part the plain text of which has been acquired.
Since the pseudo random number generator 111 calculates and outputs a numerical sequence that appears to be a random number in a pseudo manner based on the encryption key K, if the pseudo random number sequence output from the pseudo random number generator 111 is acquired with a length equal to or greater than the number of digits of the encryption key K, the encryption key K is calculated inversely from the pseudo random number sequence and all of the pseudo random numbers are reproduced as a result. For example, if 100 bits of cipher text and 100 bits of plain text corresponding to the cipher text are acquired, the 100 bits of the encryption key are calculated inversely and other cipher text is also decoded.
In such a situation, recently, a quantum cipher technique considered as impossible to decode (unconditionally safe) against any attack method including the above-described known plain text attack is proposed. For example, in the following non-patent documents 1 and 2, a technique called Yuen cipher (Y-00 scheme quantum cryptography) or a technique called quantum stream cipher is proposed. The Y-00 scheme quantum cryptography is quantum cipher communication using a number of quantum states in a quantum-mechanically non-orthogonal state as a multilevel signal.
The case where the Y-00 scheme quantum cryptography is realized with a multilevel phase modulation scheme by using the phase of light beams in a coherent state as a quantum state is explained below with reference to FIG. 18.
Coherent light beams arranged with adjoining phase angles are assigned with plain text of one bit “0” and plain text of one bit “1” alternately. In an example shown in FIG. 18, the coherent light beams arranged at phase angles of φi−1, φi, φ1+1, φ1+2, . . . , are assigned with plain text “0”, “1”, “0”, “1”, . . . , respectively.
When the light intensity expressed by the number of photons is about 10,000, the interval of arrangement of phase multilevel signals is designed so that coherent light beams the phase angles of which are close cannot be discriminated from each other due to quantum fluctuation (coherent noise) by performing multilevel phase modulation of about 200 levels. In the example shown in FIG. 18, the interval of arrangement of phase multilevel signals is designed so that the two coherent light beams arranged at adjoining phase angles of φi−i and φi+1, respectively, fall within quantum fluctuation by performing multilevel phase modulation of the coherent light beam with a phase angle of φi.
On the other hand, coherent light beams having phase angles 180 degrees different from each other are assigned with plain texts with inverted bits. For example, when the coherent light beam at a phase angle of 0 degree is assigned with plain text of one bit “0”, the coherent light beam at a phase angle of 180 degrees is assigned with plain text of one bit “1”. With these coherent light beams having phase angles 180 degrees different from each other as a set, which one of sets is used to express plain text of one bit is determined using a pseudo random number with which a transmission side and a reception side are synchronized, and is switched to another for each communication of plain text of one bit.
In the example shown in FIG. 18, the respective coherent light beams at phase angles of φ1−1, φi, φi+1, φi+2, . . . , are assigned with plain text “0”, “1”, “0”, “1”, . . . , and the coherent light beams having phase angles 180 degrees different from each other, that is, the respective coherent light beams at phase angles of φi−1+180°, φi+180°, φi+1+180°, φi+2+180°, . . . , are assigned with plain text “1”, “0”, “1”, “0”, . . . , as described above. At this time, when N (N is even) of the coherent light beams having different phase angles are set, N/2 of sets of coherent light beams having phase angles 180 degrees different from each other are set, as a result, and a value out of N/2 of integer values, for example, out of 0 to (N/2−1), is generated as a pseudo random number. Then, when plain text of one bit “1” is transmitted, if, for example, “i” is generated as a pseudo random number, the set of coherent light beams at phase angles of φi and φi+180° is selected and multilevel phase modulation of the coherent light beam at a phase angle of φi is performed so that the coherent light beams at a phase angle of φi and the adjoining coherent light beams at phase angles of φi−1, and φi+1 fall within quantum fluctuation, and thus a light signal after multilevel phase modulation is transmitted.
Since the reception side knows which set of coherent light beams is used using the pseudo random number synchronized with the transmission side, it is possible to judge whether the plain text is “1” or “0” by discriminating the two states 180 degrees different in phase angle.
At this time, since the quantum fluctuation is small, discrimination of coherent light beams at phase angles close to each other (discrimination distance is small) is impeded, however, when discrimination of which one of the two coherent light beams 180 degrees apart in phase angle is received is not impeded. However, an interceptor does not know the pseudo random number that the legitimate transmitter and receiver use, therefore, it is not possible for her/him to know which one of sets of coherent light beams is used in communication.
Because of this, in order to decode the intercepted cryptogram, it is necessary for the interceptor to correctly know the phase of the coherent light beam the transmitter has sent to demodulate the light signal having been subjected to multilevel phase modulation, however, it is not possible for the interceptor to discriminate the coherent light beam indicative of the state of plain text (“1” or “0”) from the coherent light beam the phase angle of which is close to that of the coherent light beam in question for demodulation even if the interceptor has intercepted the coherent light beam flowing through the transmission channel because it is buried in the quantum fluctuation.
For example, if the reception side receives a light signal having been subjected to multilevel phase modulation so that the coherent light beam at a phase angle of φi and the coherent light beams at phase angles of φi−1 and φi+1 adjacent thereto fall within the quantum fluctuation, as described above, it is necessary for the interceptor to discriminate among the coherent light beams at phase angles of φi−1, φi, and φi+1 (coherent light beams with small discrimination distance), therefore, decoding is impossible. In contrast to this, it is possible for the legitimate receiver to discriminate that the set of coherent light beams at phase angles of φi and φi+180° is used based on the pseudo random number synchronized with that of the transmission side, therefore, it is possible to discriminate between the two states of the phase angles 180 degrees different, to demodulate to know that the plain text is “1”, and to decode the cryptogram.
As described above, according to the Y-00 scheme quantum cryptography, extremely high safety can be secured compared to the classic cryptography without quantum fluctuation because information is devised so that discrimination is impossible by means of quantum fluctuation. As a technique for further improving safety, the Deliberate Signal Randomization (DSR) theory that irregularly varies a multilevel signal to be transmitted has been developed. Refer to the non-patent documents 1 and 3.
On the other hand, the above-mentioned scheme cannot be used with electric signals or electromagnetic waves because it uses a quantum-mechanical communication medium. Although inferior to a quantum system with respect to safety, a scheme called classic Y-00 scheme that performs such cryptography in a classic physical system has been researched in Tamagawa University etc.
[Non-patent document 1] H. P. Yuen, “A New Approach to Quantum Cryptography”, quant-ph/0311061 v6 (2004)
[Non-patent document 2] O. Hirota, K. Kato, M. Sohma, T. Usuda, K. Harasawa, “Quantum stream cipher based on optical communications”, Proc. on Quantum communication and quantum imaging, SPIE, vol-5551, 2004
[Non-patent document 3] T. Tsuchimoto, T. Tomari, S. Usami, T. Usuda, I. Takumi, “Quantum optimum detection properties for mixed state by DSR”, The 27th Information Theory and Applications Symposium, vol-1, pp. 359-362, December, 2004.
It is necessary to use a communication medium having quantum-mechanical properties in order to perform the above-described Y-00 scheme in the quantum system, therefore, its application range is limited. In such a situation, the applicants of the present invention have proposed a classic Y-00 scheme for performing the Y-00 scheme using pseudo random numbers in a classic physical system and noises in a physical system (for example, Japanese Patent Application No. 2004-260512 etc.). However, the embodiments of the classic Y-00 scheme so far apply analog DSR, therefore, its output is necessarily a multilevel signal and application of the encryption technique is not possible to a recording media such as an electric memory, a flexible disc, a CD (Compact Disc), and a DVD (Digital Versatile Disc), etc.