1. Field of the Invention
The present invention relates to an apparatus for performing cipher communication which avoids unauthorized eavesdropping and interception by a third party. More specifically, the present invention relates to a data receiving apparatus performing data communication between legitimate transmitting and receiving parties by selecting/setting a specific encoding/decoding (modulating/demodulating) method.
2. Description of the Background Art
Conventionally, in order to perform communication between specific parties, there has been adopted a configuration in which original information (hereinafter referred to as key information) is shared between transmitting and receiving ends so as to perform an arithmetic operation (encoding) and an inverse operation (decoding) on plain text, which is information data to be transferred, and then secret communication is realized.
On the other hand, there have been suggested, in recent years, several encryption methods, which positively utilize physical phenomenon occurring in a transmission line. As one of the encryption methods, there is a method called a Y-00 protocol for performing the secret communication by utilizing a quantum noise generated in the transmission line.
FIG. 11 is a diagram showing an example of conventional transmitting and receiving apparatuses using the Y-00 protocol disclosed in Japanese Laid-Open Patent Publication No. 2005-57313 (hereinafter referred to as Patent Document 1). Hereinafter, configurations and operations of the conventional transmitting and receiving apparatuses disclosed in Patent Document 1 will be described. As shown in FIG. 11, the conventional transmitting and receiving apparatuses include a transmitting section 901, a receiving section 902 and a transmission line 910. The transmitting section 901 includes a first multi-level code generation section 911, a multi-level processing section 912 and a modulation section 913. The receiving section 902 includes a demodulation section 915, a second multi-level code generation section 914 and a decision section 916. The eavesdropper receiving section 903 is used by an intercepting party, and is not included in the conventional transmitting and receiving apparatus.
First, the transmitting section 901 and the receiving section 902 previously retain first key information 91 and second key information 96, respectively, which are key information identical in content to each other. An operation of the transmitting section 901 will be described. In the transmitting section 901, the first multi-level code generation section 911 generates, by using the first key information 91, a multi-level code sequence 92, which is a multi-level pseudo random number series having M bits of values from “0” to “M−1” (M is an integer of 2 or more), by means of a pseudo random number generator. The multi-level processing section 912 generates, based the information data 90 and the multi-level code sequence 92, which are to be transmitted to the receiving section 902, a multi-level signal 93 which is an intensity modulated signal, by using a signal format described hereinbelow.
FIG. 12 is a diagram showing the signal format used by the multi-level processing section 912. As shown in FIG. 12, in the case where the number of bits of the values included in the multi-level code sequence 92 is M, a signal intensity thereof is divided into 2M signal intensity levels (hereinafter simply referred to as levels). That is, these levels are paired up into M pairs (hereinafter the pairs being referred to as bases), and to one level of each of the bases, a value “0” of the information data 90 is allocated, and to the other level, a value “1” of the information data 90 is allocated. Generally, the allocation is made such that the levels corresponding to the value “0” of the information data 90 and the levels corresponding to the value “1” of the information data 90 are distributed evenly over the whole of the 2M levels. In FIG. 12, the value “0” is allocated to lower levels of even-numbered bases, and the value “1” is allocated to higher levels of the same. On the other hand, the value “1” is allocated to the lower levels of odd-numbered bases, and the value “0” is allocated to the higher levels of the same. Accordingly, the values “0” and “1” of the information data 90 are allocated alternately to each of the 2M levels.
The multi-level processing section 912 selects bases corresponding to the bits of the values of the multi-level code sequence 92 having been inputted, then selects one level of each of the bases, the one level corresponding to the value of the information data 90, and then outputs a multi-level signal 93 having the selected levels. As the multi-level processing section 912, a configuration as shown in FIG. 13 may be used, for example. As shown in FIG. 13, the data conversion section 931 performs an XOR operation between information data 90 and a lowest-order bit of the multi-level code sequence 92, and then outputs a resultant of the operation as converted information data 61. The processing is equivalent to the above-described processing in which the values “0” and “1” of the information data 90 are alternately allocated to the above-described levels. The converted information data 61 and respective bits of the multi-level code sequence 92 are inputted to the D/A conversion section 932 (the converted information data 61 is inputted as a high-order bit), and are subject to a D/A conversion. A resultant of the D/A conversion is outputted as a multi-level signal 93.
The modulation section 913 converts the multi-level signal 93 outputted by the multi-level processing section 912 into a modulated signal 94, which is an optical intensity modulated signal, and transmits the modulated signal 94 to the receiving section 902 via the transmission line 910. In Patent Document 1, the first multi-level code generation section 911 is described as a “transmitting pseudo random number generation section”, the multi-level processing section 912 as a “modulation method specification section” and a “laser modulation driving section”, the modulator section 913 as a “laser diode”, the demodulator section 915 as a “photo-detector”, the second multi-level code generation section 914 as a “receiving pseudo random number generation section”, and the decision section 916 as a “decision circuit”.
Next, an operation of the receiving section 902 will be described. In the receiving section 902, the demodulation section 915 converts the modulated signal 94, which is transmitted via the transmission line 910, from an optical signal to an electrical signal (hereinafter the conversion being referred to as photoelectric conversion), and outputs a resultant signal as a multi-level signal 95. The second multi-level code generation section 914 generates, by using the second key information 96, a multi-level code sequence 97, which is a multi-level pseudo random number series and which is equal to the multi-level code sequence 92. In accordance with respective bits of values of the multi-level code sequence 97 inputted by the second multi-level code generation section 914, the decision section 916 determines each of the bases used for generating the multi-level signal 95. The decision section 916 performs binary decision by using the determined bases and the multi-level signal 95 which is inputted by the demodulation section 915, and obtains information data 98 which is equal to the information data 90.
As the decision section 916, a configuration shown in FIG. 14 may be used. As shown in FIG. 14, the respective bits of the multi-level code sequence 97 are inputted to a D/A conversion section 941, and are subject to the D/A conversion. A resultant of the D/A conversion is outputted as a decision level 71. A binary decision circuit 942 performs a binary decision on the multi-level signal 95 by using the decision level 71, and outputs a resultant thereof as converted information data 72. A data reproduction section 943 performs the XOR operation between the converted information data 72 and a lowest-order bit of the multi-level code sequence 97, and outputs a resultant thereof as information data.
FIG. 15 is a diagram illustrating, in detail, an operation of a conventional transmitting apparatus. FIG. 16 is a diagram illustrating, in detail, an operation of a conventional receiving apparatus. Hereinafter, with reference to FIGS. 15 and 16, the operations of the conventional transmitting and receiving apparatuses in the case where the number of the bits of the values included in the multi-level code sequence 92 is 64 (M=64) will be described in detail. As indicated by (a) and (b) shown in FIG. 15, an exemplary case will be described where a value of the information data 90 changes “0, 1, 1, 1”, and a value of the multi-level code sequence 92 changes “0, 63, 0, 1”. In this case, a level of the multi-level signal 93 in the transmitting section 901 changes “0, 63, 64, 1”, as shown in FIG. 15(c).
Specifically, at a time period t1 shown in FIG. 15 (c), a 0th base (a pair of level 0 and level 64) corresponding to a value “0” of the multi-level code sequence 92 is selected. Next, level 0 of the 0th base corresponding to a value “0” of the information data 90 is selected, and the selected level 0 comes to a level of the multi-level signal 93 at the time period t1. In a similar manner, at a time period t2, a 63rd base (a pair of level 63 and level 127) corresponding to a value “63” of the multi-level code sequence 92 is selected. Next, level 63 of the 63rd base corresponding to the value “1” of the information data 90 is selected, and the selected level 63 comes to the level of the multi-level signal 93 at the time period t2. In a similar manner, the level of the multi-level signal 93 is selected in time periods t3 and t4. In this manner, at each of the time periods t1 and t3, in which the value of the multi-level code sequence 92 is even numbered, the lower level of the base corresponds to “0” of the information data, and the higher level of the base corresponds to the value “1” of the information data. On the other hand, at each of the time periods t2 and t4, in which the value of the multi-level code sequence 92 is odd numbered, the lower level of the base corresponds to “1” of the information data, and the higher level of the base corresponds to “0” of the information data.
The multi-level signal 95 inputted to the decision section 916 in the receiving section 902 is a signal which changes as shown in FIG. 16(e), and which includes a noise such as a shot noise generated at the time of the photoelectric conversion performed by the demodulation section 915. The decision section 916 selects the respective bases corresponding to the respective bits of values of the multi-level code sequence 97 (see FIG. 15(d)), which is equal to the multi-level code sequence 92, and sets an intermediate level of each of the bases as a decision level, as shown in FIG. 16(e). The decision section 916 then determines whether the multi-level signal 95 is higher or lower than the decision level.
Specifically, at a time period t1 shown in FIG. 16(e), the decision section 916 selects a 0th base (a pair of level 0 and level 64) corresponding to a value “0” of the multi-level code sequence 97, and sets an intermediate level 32 of the 0th base as the decision level. Since levels of multi-level signal 95 are generally distributed over lower levels than the decision level at the time period t1, the decision section 916 determines that the multi-level signal 95 is lower than the decision level. In a similar manner, at a time period t2, the decision section 916 selects a 63rd base (a pair of level 63 and level 127) corresponding to a value “63” of the multi-level code sequence 97, and sets an intermediate level 95 of the 63rd base as the decision level. Since the multi-level signal 95 is generally distributed over lower levels than the decision level at the time period t2, the decision section 916 decides that the multi-level signal 95 is lower than the decision level. At time periods t3 and t4 as well, decision is made in a similar manner. Accordingly, a result of the binary decision performed by the decision section 916 comes to “lower, lower, higher, lower”.
In the case where the value of the multi-level code sequence 97 is even numbered (at the time periods t1 and t3), the decision section 916 decides that a lower level of the selected base is “0”, and that a higher level thereof is “1”, and then outputs the decided values as the information data 98. On the other hand, in the case where the value of the multi-level code sequence 97 is odd numbered (at the time periods t2 and t4), the decision section 916 decides that the lower level of the selected base is “1”, and that the higher level thereof is “0”, and then outputs the decided values as the information data 98. The values of the bits of the multi-level code sequence 97 are “0, 63, 0, 1”, i.e., “even, odd, even, odd” (even representing an even number, and odd representing an odd number). Accordingly, the decision section 916 outputs “0, 1, 1, 1” as the information data 98, which is equal to the information data 90 (see FIG. 16(f)). In this manner, the decision section 916 can obtain the information data 98 from the multi-level signal 95 in which the values of the information data to be allocated to the lower level and higher level of the base are changed depending on whether the respective bits of the values of the multi-level code sequence 97 are even-numbered or odd-numbered.
As above described, the multi-level signal 95 includes the noise such as the shot noise which is generated through the photoelectric conversion performed by the demodulation section 915. However, intervals between the levels (hereinafter referred to as a step width) or the like are set appropriately, whereby a binary decision error may be suppressed to a negligible level.
Next, possible eavesdropping (including interception) will be described. As shown in FIG. 11, an eavesdropper attempts decryption of the information data 90 or the first key information 91 from the modulated signal 94 by using an eavesdropper receiving section 903, without having key information which is shared between the transmitting and receiving parties. The eavesdropper receiving section 903 includes a demodulation section 921, a multi-level decision section 922 and a decryption processing section 923, and is connected to the transmission line 910.
In the case where the eavesdropper performs the same binary decision as that performed by the legitimate receiving party (receiving section 902), the eavesdropper needs to attempt to perform decisions on all possible values which are taken by the key information, since the eavesdropper does not have the key information. However, when this method is used, the number of attempts of the decision increases exponentially along with an increase in a length of the key information. Therefore, if the length of the key information is significantly long, the method is not practical.
A further effective method is assumed in which the eavesdropper performs multi-level decision on a multi-level signal 81 by using a multi-level decision section 922, the multi-level signal 81 having been obtained through the photoelectric conversion performed by the demodulation section 921, decrypts a resultant received sequence 82 by using decryption processing section 923, and then attempts the decryption of the information data 90 or the first key information 91. In the case where the decryption method is used, if the eavesdropper receiving section 301 can receive (decide) the multi-level signal 93 as the received sequence 82 without mistake, it is possible to decrypt the first key information 91 from the received sequence 82 at a first attempt.
Since the shot noise, which is generated through the photoelectric conversion performed by the demodulation section 921, is overlapped on the modulated signal 94, the shot noise is included in the multi-level signal 81. It is known that the shot noise is inevitably generated in accordance with the principle of quantum mechanics. Accordingly, if the step width of the multi-level signal 93 is set significantly smaller than a distribution width of the shot noise, the multi-level signal 81 including the noise may be distributed over various levels other than a correct level (the level of the multi-level signal 93). For example, as shown in FIG. 16(g), at the time period t3, the multi-level signal 81 is distributed over levels 63 to 65. Accordingly, the eavesdropper needs to perform the decryption while considering a possibility (a possibility of a decision error) that the level of the received sequence 82 obtained through the decision is different from the correct level. Therefore, compared to a case without the decision error (a stream cipher which applies the same random number generator as that used in the first multi-level code generation section 911), the number of the attempts, that is, the computational complexity required for the decryption is increased. As a result, security against the eavesdropping improves.
As above described, in the Y-00 protocol, a distance between signal points to be decided by the legitimate receiving party and the distance between the signal points to be decided by the eavesdropper are different from each other, whereby receiving performance of the legitimate receiving party and the security against the eavesdropping can be both ensured. The difference between the distances between the signal points are determined by the number of multi-levels of the multi-level code sequence 92. That is, when the number of the multi-levels of the multi-level code sequence 92 increases, the difference between the distance between the signal points for the legitimate receiving party and that for the eavesdropper increases, whereby security is further ensured.
In the conventional receiving apparatus 902, as shown in FIG. 14, all the bits of the multi-level code sequence 97 are used so as to generate the decision level 71 which changes dynamically. That is, the multi-level signal 95 and the decision level 71 are each an analog signal. Therefore, in order to ensure receiving performance, the decision level 71 needs to be generated highly precisely by the D/A conversion section 941 at the receiving end. Further, if the number of the multi-levels is increased in order to improve security, the number of bits of the multi-level code sequence 97 are also increased, and the decision level 71 needs to be generated highly precisely. To select the D/A conversion section 941 which is capable of generating the decision level 71 highly precisely leads to a problem in terms of a reduction in yields and consequent high apparatus costs.