1. Field of the Invention
The present invention relates to an apparatus and a method for performing cipher communication in order to avoid interception (such as eavesdropping) by a third party. More specifically, the present invention relates to a data communication apparatus and a data communication method for performing data communication through setting a specific encoding/decoding (modulation/demodulation) method between a legitimate transmitter and a legitimate receiver.
2. Description of the Background Art
Conventionally, in order to perform communication between specific parties, there has been generally adopted a structure for realizing cipher communication by sharing original information (hereinafter referred to as key information) between transmitting and receiving ends so as to mathematically perform an operation (encoding) and inverse operation (decoding) of plain text which is information data to be transmitted between the transmitting and receiving ends.
On the other hand, there have been suggested, in recent years, several encryption methods, which positively utilize physical phenomenon occurring on a transmission line. As one of the encryption method, there is a method called Y-00 protocol for performing the cipher communication by utilizing a quantum noise generated in the transmission line.
FIG. 15 is a block diagram showing an exemplary configuration of a conventional data communication apparatus 9 using the Y-00 protocol disclosed in Japanese Laid-Open Patent Publication No. 2005-57313 (hereinafter referred to as Patent Document 1). Hereinafter, the configuration and an operation of the conventional data communication apparatus 9 disclosed in Patent Document 1 will be described. As shown in FIG. 15, the conventional data communication apparatus 9 includes a transmitting section 901, a receiving section 902, and a transmission line 910. The transmitting section 901 includes a multi-level code generation section 911, a multi-level processing section 912, and a modulator section 913. The receiving section 902 includes a multi-level code generation section 914, a demodulator section 915, and a decision section 916. Note that an eavesdropping receiving section 903 is an apparatus used by an intercepting party, and is not included in the conventional data communication apparatus 9.
First, the transmitting section 901 and the receiving section 902 previously retain key information 91 and key information 96, respectively, which are identical in content to each other. Hereinafter, an operation of the transmitting section 901 will be described first. The multi-level code generation section 911 generates, based on the key information 91, a multi-level code sequence 92, which is a multi-level pseudo random number series having M values from “0” to “M−1” (M is an integer of 2 or more), by using a pseudo random number generator. The multi-level processing section 912 generates, based on the information data 90 to be transmitted to the receiving section and the multi-level code sequence 92, a multi-level signal 93, which is an intensity modified signal, by using a signal format described hereinbelow.
FIG. 16 is a diagram showing a signal format of a multi-level signal used by the multi-level processing section 912. As shown in FIG. 16, in the case where the number of values included in the multi-level code sequences 92 is M, signal intensity thereof is divided into 2M signal intensity levels (hereinafter simply referred to as a level). These 2M levels are made into M pairs (hereinafter referred to as a modulation pair), and to one level of each of the M modulation pairs, a value “0” of the information data 90 is allocated, and to the other level, a value “1” of the information data 90 is allocated. Generally, the allocation is made such that levels corresponding to the value “0” of the information data 90 and levels corresponding to the value “1” of the information data 90 are evenly distributed over the whole of the 2M levels. In FIG. 16, “0” is allocated to a lower level of an even-numbered modulation pair, and “1” is allocated to a higher level of the same. On the other hand, with respect to an odd-numbered modulation pair, “1” is allocated to a lower level thereof, and “0” is allocated to a higher level thereof. Accordingly, the values “0” and “1” are alternately allocated to each of the 2M levels.
The multi-level processing section 912 selects a modulation pair corresponding to each of the values of the multi-level code sequence 92 having been inputted, then selects one level of the modulation pair corresponding to the values of the information data 90, and outputs a multi-level signal 93 having the selected level. The modulator section 913 modulates the multi-level signal 93 outputted by the multi-level processing section 912 into a modulated signal 94 which is an intensity modulated signal, and transmits the modulated signal 94 to the receiving section 902 via the transmission line 910. (Note that, in Patent Document 1, the first multi-level code generation section 911 is described as a “transmitting pseudo random number generation section”, the multi-level processing section 912 as a “modulation method specification section” and a “laser modulation driving section”, the modulator section 913 as a “laser diode”, the demodulator section 915 as a “photo-detector”, the second multi-level code generation section 914 as a “receiving pseudo random number generation section”, and the decision section 916 as a “determination circuit”.)
Next, an operation of the receiving section 902 will be described. The demodulator section 915 demodulates the modulated signal 94 transmitted via the transmission line 910, and outputs a multi-level signal 95. The multi-level code generation section 914 generates, based on the key information 96, a multi-level code sequence 97, which is a multi-level pseudo random number series equal to the multi-level code sequence 92. The decision section 916 decides each of the modulation pair used for the multi-level signal 95 in accordance with respective values of the multi-level code sequence 97 inputted by the multi-level code generation section 914. The decision section 916 performs binary decision, using the decided modulation pair and the multi-level signal 95 which is inputted by the demodulator section 915, so as to obtain information data 98 which is equal to the information data 90.
FIG. 17 is a diagram specifically illustrating the operation of the conventional data communication apparatus 9. Hereinafter, with reference to FIG. 17, the operation of the conventional data communication apparatus 9 in the case where the number of the values included in the multi-level code sequences 92 is 4 (M=4) will be specifically described. As shown in (a) and (b) of FIG. 17, an exemplary case will be described where the value of the information data 90 changes {0, 1, 1, 1}, and a value of the multi-level code sequence 92 changes {0, 3, 2, 1}. In this case, a level of the multi-level signal 93 of the transmitting section 901 changes {0, 3, 6, 1}, as shown in FIG. 17(c).
Specifically, at a time period t1 shown in FIG. 17(c), a 0th modulation pair (a pair of level 0 and level 4) corresponding to a value “0” of the multi-level code sequence 92 is selected. Next, level 0 of the 0th modulation pair which corresponds to the value “0” of information data 90 is selected, and the selected level 0 comes to a level of the multi-level signal 93 at the time period t1. In a similar manner, at a time period t2, a third modulation pair (a pair of level 3 and level 7) corresponding to a value “3” of the multi-level code sequence 92 is selected. Next, level 3 of the third modulation pair which corresponds to the value “1” of the information data 90 is selected, and the selected level 3 comes to a level of the multi-level signal 93 at t2. For a time period t3 and a time period t4 as well, a level of the multi-level signal 93 is selected in a similar manner. In this manner, at each of the time periods t1 and t3, in which the value of the multi-level code sequence 92 is even-numbered, the lower level of the modulation pair corresponds to the value “0” of the information data, and the higher level thereof corresponds to the value “1” of the information data. On the other hand, at each of the time periods t2 and t4, in which the value of the multi-level code sequence 92 is odd-numbered, the lower level of the modulation pair corresponds to the value “1” of the information data, and the higher level thereof corresponds to the value “0” of the information data.
Next, the multi-level signal 95 inputted to the decision section 916 of the receiving section 902 is a signal which changes as shown in FIG. 17(e), and which includes a noise (a disturbing element) such as a shot noise generated when the modulated signal 94 is demodulated by the demodulator section 915. The decision section 916 selects the respective modulation pairs corresponding to the respective values of the multi-level code sequence 97 (see FIG. 17(d)) which is equal to the multi-level code sequence 92. As shown in FIG. 17(e), an intermediate level of each of the modulation pairs is set as a decision level thereof. The decision section 916 decides whether the multi-level signal 95 is higher or lower than the decision level.
Specifically, at a time period t1 shown in FIG. 17(e), the decision section 916 selects a 0th modulation pair (a pair of level 0 and level 4) corresponding to a value “0” of the multi-level code sequence 97, and sets level 2, which is an intermediate level of the 0th modulation pair, as a decision level. Since the multi-level signal 95 is generally distributed in lower levels than the decision level at t1, the decision section 916 then decides that the multi-level signal 95 is lower than the decision level at t1. In a similar manner, at a time period t2, the decision section 916 selects a third modulation pair (a pair of level 3 and level 7) corresponding to a value “3” of the multi-level code sequence 97, and sets level 5, which is an intermediated level of the third modulation pair, as a decision level. Since the multi-level signal 95 is generally distributed in lower levels than the decision level at t2, the decision section 916 decides that the multi-level signal 95 is lower than the decision level at t2. At time periods t3 and t4 as well, decision is made in a similar manner. Accordingly, a result of the binary decision performed by the decision section 916 comes to “lower, lower, higher, lower”.
Next, in the case where the value of the multi-level code sequence 97 is an even-number (in the case of the time periods t1 and t3), the decision section 916 decides that a lower level of the selected pair is “0” and that an upper level thereof is “1”, and then outputs the decided values as the information data 98. On the other hand, in the case where the value of the multi-level code sequence 97 is an odd-number (in the case of the time periods t2 and t4), the decision section 916 decides a lower level of the selected modulation pair is “1” and that an upper level thereof is “0”, and then outputs the decided values as the information data 98. The values of the multi-level code sequence 97 are {0, 3, 2, 1}, that is, “even, odd, even, odd” (even represents an even number, and odd represents an odd number). Accordingly, the decision section 916 outputs {0, 1, 1, 1} as the information data 98 which is equal to the information data 90 (see FIG. 17(f)). In this manner, the decision section 916 can obtain the information data 98 from the multi-level signal 95 depending on whether the value of the multi-level code sequence 97 is even-numbered or odd-numbered.
The above described specifically is a case using a signal format (see FIG. 16) in which the values of the information data to be allocated to the lower level and the upper level of the modulation pair vary depending on whether the value of the multi-level code sequence 97 is even-numbered or odd-numbered. However, the signal format is not limited to this. For example, it may be possible to use a signal format in which the information data “1” is consistently allocated to a higher level of the modulation pair, and the information data “0” is consistently allocated to a lower level thereof.
Further, as above described, the multi-level signal 95 includes the noise such as the shot noise which is generated when the modulated signal 94 is demodulated by the demodulator section 915. However, an interval between the levels (hereinafter referred to as a step width) is set appropriately, whereby occurrence of erroneous binary decision may be suppressed to a negligible level.
Next, possible eavesdropping (including interception) will be described. As shown in FIG. 15, an eavesdropper attempts decryption of the information data 90 or the key information 91 from the modulated signal 94 by using an eavesdropper receiving section 903, without having key information shared between a transmitting party and a receiving party. The eavesdropper receiving section 903 includes a demodulator section 921, a multi-level decision section 922, and a decryption processing section 923, and is connected to the transmission line 910.
In the case where the eavesdropper performs the same binary decision as a legitimate receiving party (the receiving section 902), the eavesdropper needs to attempt decision with respect to all possible values the key information may take since the eavesdropper does not have the key information. However, when this method is used, the number of attempts of the decision increases exponentially with respect to a length of the key information. Accordingly, if the length of the key information is significantly long, the method is not practical.
As a further effective method, it is assumed that the eavesdropper performs multi-level decision of the multi-level signal 81 using the multi-level decision section 922, the multi-level signal 81 having been obtained by demodulating the modulated signal 94 using the demodulator section 921, and decrypts a resultant received sequence 82 using the decryption processing section 923, thereby attempting decryption of the information data 90 or the key information 91. In the case of using such a decryption method, if the eavesdropper receiving section 902 can receive (decide) the multi-level signal 93 as the received sequence 82 without mistake, it is possible to decrypt the key information 91 using the received sequence 82 at a first attempt.
Since the shot noise (the disturbing element), which is generated when the modulated signal 94 is demodulated by the demodulator section 921, is overlapped on the modulated signal 94, the shot noise is included in the multi-level signal 81. It is known that the shot noise is inevitably generated in accordance with the principle of quantum mechanics. If the step width of the multi-level signal 93 is set significantly smaller than a distribution width of the shot noise, the multi-level signal 81 including the noise may be distributed over other various levels than a correct level (the level of the multi-level signal 93). For example, as shown in FIG. 17(g), at t2, the multi-level signal 81 is distributed over levels 2 to 4. Accordingly, the eavesdropper needs to perform decryption in consideration of a possibility (a possibility of erroneous decision) that the level of the received sequence 82 obtained through the decision is different from the correct level. Therefore, compared to a case without the erroneous decision, the number of the attempts (hereinafter referred to as the number of possible receiving patterns), that is, computational complexity required for the decryption is increased. As a result, security against the eavesdropping improves.
However, the above-described conventional data communication apparatus 9 has a problem described below. Since the distribution width of the shot noise (the disturbing element), which is generated when the modulated signal 94 is demodulated by the demodulator section 921, is small, levels of erroneous multi-level decision, which is decided by the eavesdropper, appear only in a range close to the level of the multi-level signal 93 (a legitimate signal). For example, at a time period t2 shown in FIG. 17(g), a level of the multi-level signal 93 is 3, whereas a level which the eavesdropper may erroneously take is limited to 2 or 4. Accordingly, the eavesdropper can perform decryption based on the assumption that a level of the legitimate signal exists in the vicinity of the level which is received by the eavesdropper. As a result, in the conventional data communication apparatus 9, the number of possible receiving patterns required for the decryption by the eavesdropper decreases. Accordingly, sufficient security of the cipher communication cannot be ensured.
FIG. 18 is a diagram illustrating the number of the possible receiving patterns of the conventional data communication apparatus 9 shown in FIG. 15. FIG. 19 is a diagram illustrating the multi-level signal 93 shown in FIG. 18(c). Hereinafter, with reference to FIGS. 18 and 19, the number of possible receiving patterns of the conventional data communication apparatus 9 will be described. As shown in (a) and (b) of FIG. 18, an exemplary case will be described where the information data 90 to be inputted to the multi-level processing section 912 of the transmitting section 901 is {1, 0, 1, 1}, and the multi-level code sequence 92, whose multi-level number M is 8, is {4, 1, 4, 2}. In this case, the multi-level processing section 912 shown in FIG. 15 generates {12, 9, 12, 10} as the multi-level signal 93 in accordance with the signal format shown in FIG. 16 (see FIG. 18(c) and FIG. 19). The multi-level signal 93 {12, 9, 12, 10} is modulated by the modulator section 913, and transmitted as the modulated signal 94 via the transmission line 910.
The eavesdropper demodulates, by using the demodulator section 921 (see the eavesdropper receiving section 903 shown in FIG. 15), the modulated signal 94 on the transmission line 910, and then obtains the multi-level signal 81. As already described, the multi-level signal 81 includes the shot noise, which is the disturbing element, and thus an erroneous multi-level decision may occur in the multi-level decision section 922. Hereinafter, the number of possible levels which the multi-level decision section 922 may decide as a result of the erroneous multi-level decision is referred to as a “possible decision number J”. As an example, a case will be described where there is a possibility, as a result of the multi-level decision, that the multi-level decision section 922 decides a total of three different levels of a legitimate level (the level of the multi-level signal 93), a level upwardly adjoining to the legitimate level, and a level downwardly adjoining to the legitimate level. That is, a case of the possible decision number J=3 will be described. In this case, the received sequence 82 which is obtained as a result of the multi-level decision by the eavesdropper is, for example, {11, 10, 13, 10} (see FIG. 18(d)). In the case where the eavesdropper attempts the decryption of the legitimate signal (multi-level signal 93), it is assumed that the eavesdropper estimates the legitimate signal in accordance with the possible decision number J, derives the multi-level code sequence 92 using the signal format shown in FIG. 16, and then attempts identification of the key information 91 using the derived multi-level code sequence 92.
Specifically, the eavesdropper can estimate, in consideration of the possible decision number J=3, that the values of the multi-level signal 93, which is a legitimate signal having been transmitted, are any values within respective ranges of {10 to 12, 9 to 11, 12 to 14, 9 to 11}. The eavesdropper can also estimate, by using the signal format shown in FIG. 16, that the values of the multi-level code sequence 92 used by the transmitting section 901 are any values within respective ranges of {2 to 4, 1 to 3, 4 to 6, 1 to 3}. The eavesdropper can narrow possible values taken by the multi-level code sequence 92 down to “3 patterns×3 patterns×3 patterns×3 patterns=81 patterns”. Accordingly, the number of the attempts for decryption of the multi-level code sequence 92 performed by the eavesdropper is a total of 3×3×3×3=81 patterns. That is, the number of possible receiving patterns in the conventional data communication apparatus 9 is 81.
As above described, in the eavesdropper receiving section 903, since the distribution width of the shot noise generated in the demodulator section 921 is small, a range of levels in which the multi-level decision section 922 may cause the erroneous multi-level decision is limited at some level. Accordingly, in the conventional data communication apparatus 9, the number of possible receiving patterns for the eavesdropper to decrypt the multi-level code sequence 92 is small, and thus it is impossible to ensure sufficient security in the cipher communication.