In a key generating and sharing system, two networks (namely, a key sharing network and an application network) are present. The key sharing network is configured with a plurality of networked nodes which is mutually connected by a plurality of links. Each node has the function of generating and sharing a random number with opposite nodes that are connected by links, as well as has the function of performing cryptographic communication over the link by using the random number as a cryptographic key (hereinafter, referred to as “a link key”). Moreover, some of the nodes also have the function of generating another cryptographic key (hereinafter, referred to as “an application key”), which is a random number, independent of the links; as well as have the function of sending the application key to a different node via links.
An application has the function of obtaining an application key from a node; using that application key as a cryptographic key; and performing cryptographic communication with another application. At that time, the cryptographic data communication can be performed using a network (an application network), such as the Internet, that is different from the key sharing network. Meanwhile, applications and nodes can be configured in an integrated manner. Alternatively, applications and nodes can be configured as terminals independent of each other, and application keys can be sent and received among them.
In a node, the function of generating a random number (a link key) and sharing it with opposite nodes that are connected by links can also be implemented using, for example, a technology that is commonly called quantum cryptography or quantum key distribution (QKD).
In quantum key distribution, routing is performed in order to share an application key among the nodes constituting a key sharing network. That is, the transfer of an application key is done via a plurality of nodes. Accordingly, in a quantum cryptographic communication system, it is desirable to perform efficient routing while avoiding consumption and depletion of the link keys that are used in transferring an application key.