1. Field of the Invention
The present invention relates to a secret communications system and, more particularly, to a secret communications system, secret communication apparatus, and channel control method, enabling point-to-multipoint and/or multipoint-to-multipoint cryptographic key sharing and encrypted communication.
2. Description of the Related Art
In recent years, the internet has been economic and social infrastructure over which various data are exchanged. Therefore, it is an important issue to devise preventive measures to protect the data flowing over networks from risks of eavesdropping. One of the preventive measures is a secret communications system by which data for communication is encrypted. For the encryption method, there are two kinds of schemes: private key cryptography and public key cryptography.
The private key cryptography, as is typified by AES (Advanced Encryption Standard), is a scheme using a common cryptographic key for both encryption and decryption, and is capable of high-speed processing. For this reason, this scheme is used to encrypt data itself.
On the other hand, the public key cryptography, as is typified by RSA (Rivest Shamir Adleman), is a scheme based on a one-way function, using a public key for encryption and a secret key for decryption. Since this scheme is not suitable for high-speed processing, it is used to distribute a cryptographic key for the private key scheme.
In secret communications where secrecy is ensured by encrypting data, an important thing to ensure the secrecy is that encrypted data cannot be broken even if the encrypted data is intercepted by an eavesdropper. To do so, it is necessary not to consecutively use the same key for encryption. This is because the consecutive use of the same key for encryption may increase the possibility that the encryption key is estimated based on the increased amount of intercepted data.
Accordingly, it is required to update a cryptographic key shared between a sender and a receiver. It is indispensable that the key being updated is not intercepted and broken during key update. Therefore, to update the key, there are two broad types of methods: (1) a method in which the key is encrypted for transmission through the public key cryptography, and (2) a method in which the key is encrypted for transmission by using a master key that is a common key preset for key update. (For example, see Japanese Patent Application Unexamined Publication Nos. 2002-344438 and 2002-300158.) The security according to any of these methods depends on the fact that an enormous amount of calculation is required for cryptanalysis.
On the other hand, quantum key distribution (QKD) technology, unlike ordinary (classical) optical communications, is a technology that allows a sender and a receiver to generate and share a cryptographic key by the transmission of a single photon per bit. See the following papers:                Bennett, C. H., and Brassard, G., “Quantum cryptography: Public key distribution and coin tossing” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, India, 10-12 Dec. 1984, pp. 175-179; and        Ribordy, G., Gautier, J.-D., Gisin, N., Guinnard, O., and Zbinden, H., “Automated ‘plug & play’ quantum key distribution,” Electronics Letters, Vol. 34, No. 22 (1998), pp. 2116-2117)        
According to this QKD technology, unlike the conventional technologies, the security does not depend on the amount of calculation, but the impossibility of eavesdropping has been proved on the basis of quantum mechanics. Therefore, since the security of the photon-transmission portion of a system can be ensured by virtue of this technology, not only point-to-point key generation and sharing but also point-to-multipoint, or multipoint-to-multipoint, key generation and sharing can be achieved by using the techniques of optical switching and passive optical splitting (see Townsend, P. D., “Quantum cryptography on multi-user optical fibre networks,” Nature, Vol. 385, 2 Jan. 1997, pp. 47-49).
As mentioned above, when a shared cryptographic key is updated, the security is based on the fact that an enormous amount of calculation is required for cryptanalysis, in each of the method of sending the updated key after encrypting it through the public key cryptography and the method of sending the updated key after encrypting it by using a common key-preset for update. Therefore, there has been a problem that the secrecy is degraded with improvements in cryptanalysis technology, such as an improvement in computer performance and the advent of an evolved cryptanalysis algorithm. For example, in the 56-bit DES challenge contests where contestants compete in time to break DES (Data Encryption Standard), which is a common key cipher, although it took 96 days to break DES in 1997, the time was reduced to 22 hours in 1999. As for a public key cipher, although it took eight months to break a RSA public key cipher with a key length of 429 bits in 1994, it took about three months to break one with a key length of 576 bits in 2004. As described above, the cryptanalysis technology has been improving.
In the quantum key distribution (QKD) technology, to accomplish an extension to the point-to-multipoint or multipoint-to-multipoint key generation and sharing by using the techniques of optical switching and passive optical splitting, it is necessary to realize not only point-to-multipoint or multipoint-to-multipoint connections of photon transmission (quantum channels) but also point-to-multipoint or multipoint-to-multipoint connections of classical channels to carry out key generation and sharing based on the result of photon transmission, as well as encrypted communication.
However, according to the technologies to date, only point-to-multipoint connections of the quantum-channel portion has been realized. In order to realize point-to-multipoint or multipoint-to-multipoint connections of both quantum channels and classical channels, consideration should be given to the fact that there is a great difference between the rate of a quantum channel (photon transmission rate) and the communication rate of a classical channel for key generation and encrypted communication. That is, the quantum channel and the classical channel are different communications, and therefore it is necessary to satisfy the condition that the switching of quantum-channel connections and the switching of classical-channel connections be performed at different timings. The hitherto technologies could not satisfy such a condition.
In addition, if a network is built by using different fibers for quantum channels and classical channels respectively, the problems arise not only that the cost of fiber laying increases but also that an action of eavesdropping on the classical channel fiber cannot be detected.