1. Field of the Invention
The present invention relates to an apparatus for performing secret communication in order to avoid illegal eavesdropping and interception by a third party. More specifically, the present invention relates to a data transmitting apparatus for performing data communication through selecting and setting a specific encoding/decoding (modulation/demodulation) method between a legitimate transmitter and a legitimate receiver.
2. Description of the Background Art
Conventionally, in order to perform communication between specific parties, there has been adopted a structure for realizing secret communication by sharing original information (key information) for encoding/decoding between transmitting and receiving ends and by performing, based on the original information, an operation/inverse operation on information data (plain text) to be transmitted, in a mathematical manner.
On the other hand, there have been suggested, in recent years, several encryption methods, which positively utilize physical phenomena occurring in a transmission line. As one of the encryption methods, there is a method called Y-00 protocol performing the secret communication by utilizing a quantum noise generated in an optical transmission line. An exemplary transmitting apparatus utilizing the Y-00 protocol method is disclosed in Japanese Laid-Open Patent Publication No. 2005-57313 (hereinafter referred to as Patent Document 1).
FIG. 18 is a block diagram showing an exemplary configuration of a conventional transmitting and receiving apparatus using the Y-00 protocol. As shown in FIG. 18, a transmitting section 901 includes a first multi-level code generation section 911, a multi-level processing section 912, and a modulator section 913. A receiving section 902 includes a demodulator section 915, a second multi-level code generation section 914, and a decision section 916. The transmitting section 901 and the receiving section 902 previously retain first key information 91 and second key information 96, respectively, which are identical in content to each other. The first multi-level code generation section 911 generates, based on the first key information 91, a multi-level code sequence 92, which is a multi-level pseudo random number series having M values from “0” to “M−1”.
The multi-level processing section 912 combines information data 90 and the multi-level code sequence 92, and generates a signal, which has a level corresponding to a combination between a level of the information data 90 and a level of the multi-level code sequence 92, as a multi-level signal 93. Specifically, the multi-level processing section 912 generates the multi-level signal 93, which is an intensity-modulated signal, by using a signal format as shown in FIG. 19. That is, the multi-level processing section 912 divides signal intensity of the multi-level code sequence 92 into 2M levels, makes, from these levels, M combinations each having 2 levels, and allocates “0” of the information data 90 to one level of each of the M combinations, and “1” of the information data 90 to the other level of each of the M combinations. The multi-level processing section 912 allocates “0” and “1” of the information data 90 such that the levels corresponding to “0” and “1” are evenly distributed over the whole of the 2M levels. In an example shown in FIG. 19, “0” and “1” are allocated alternately.
In accordance with a value of the multi-level code sequence 92 to be inputted, the multi-level processing section 912 selects one combination of the levels of the multi-level code sequence 92 from among the M combinations of levels of the multi-level code sequence 92. Next, in accordance with a value of the information data 90, the multi-level processing section 912 selects one level of the selected one combination of the multi-level code sequence 92, and generates the multi-level signal 93 including the one level having been selected. In Patent Document 1, the first multi-level code generation section 911 is described as a transmitting pseudo random number generation section, the multi-level processing section 912 as a modulation method specification section and a laser modulation driving section, the modulator section 913 as a laser diode, the demodulator section 915 as a photo detector, the second multi-level code generation section 914 as a receiving pseudorandom number generation section, and the decision section 916 as a determination circuit.
FIG. 20 is a schematic diagram illustrating a signal form used in a conventional transmitting and receiving apparatus. (a), (b), (c), (d), (e), (f), (g) of FIG. 20 shows an exemplary signal change in the case of M=4. For example, in the case where the value of the information data 90 changes “0, 1, 1, 1” (see FIG. 20(a)), and in the case where the value of the multi-level code sequence 92 changes “0, 3, 2, 1” (see FIG. 20(b)), the multi-level signal 93 changes as shown in FIG. 20(c). The modulator section 913 converts the multi-level signal 93 into a modulated signal 94, which is an optical intensity modulated signal, and transmits the modulated signal 94 via an optical transmission line 910.
The demodulator section 915 performs photoelectric conversion of the modulated signal 94 having been transmitted via the optical transmission line 910, and outputs a multi-level signal 95. The second multi-level code generation section 914 generates, based on the second key information 96, a multi-level code sequence 97, which is a multi-level pseudo random number series, and which is identical to the multi-level code sequence 92. The decision section 916 determines, based on a value of the multi-level code sequence 97, which one of a combination of signal levels shown in FIG. 19 is used as the multi-level signal 95, and decides, in binary, two signal levels included in the combination.
Specifically, the decision section 916 sets a decision level in accordance with the value of the multi-level code sequence 97, as shown in FIG. 20(e), and decides whether the multi-level signal 95 is larger (upper) or smaller (lower) than the decision level. In this example, decisions made by the decision section 916 are “lower, lower, upper, and lower”. Next, the decision section 916 decides that a lower side is “0” and an upper side is “1” in the case where the multi-level code sequence 97 is even-numbered, and also decides that the lower side is “1” and the upper side is “0” in the case where the multi-level code sequence 97 is odd-numbered. The decision section 916 then outputs information data 98. In this example, the multi-level code sequence 97 is composed of “even number, odd number, even number, and odd number”, and thus the information data 98 comes to be “0, 1, 1, 1”, in turn. Although the multi-level signal 95 includes a noise, as long as a signal intensity is selected appropriately, it is possible to suppress the noise to the extent that occurrence of an error at the time of a binary decision can be ignored.
Next, possible eavesdropping will be described. An eavesdropper attempts decryption of information data 90 or the first key information 91 from the modulated signal 94 without having key information which is shared between the transmitting and receiving parties. In the case where the eavesdropper performs the binary decision in the same manner as the legitimate receiving party, since the eavesdropper does not have the key information, the eavesdropper needs to attempt decision of all possible values that the key information may take. In this method, the number of such attempts increases exponentially with respect to a length of the key information. Accordingly, if the length of the key information is significantly long, the method is not practical.
As an effective method, it is assumed that the eavesdropper performs a multi-level decision with respect to a multi-level signal 81, which is obtained through the photoelectric conversion by using a demodulator section 921, using a multi-level decision section 922, and decrypts a received sequence 82 using a decrypting section 923, thereby attempting decryption of the information data 90 or the first key information 91. In the case of using such decryption method, if the eavesdropper can perform multi-level decision with respect to the received sequence 82 without mistake, the eavesdropper can decrypts the first key information 91 from the received sequence 82 at a first attempt.
However, when the demodulator section 921 performs the photoelectric conversion, a shot noise is generated, and the generated shot noise will be overlapped on the multi-level signal 81. It is known that the shot noise definitely occurs in accordance with the principle of quantum mechanics. If an interval between signal levels of the multi-level signal (hereinafter referred to as a “step width”) is set significantly smaller than a level of the shot noise, the possibility cannot be ignored that the multi-level signal 81 received based on erroneous decision may take various multi-levels other than a correct signal level. Therefore, the eavesdropper needs to perform decryption in consideration of the possibility that the correct signal level may have a value different from that of a signal level obtained through the decision. In such a case, compared to a case without the erroneous decision (a stream cipher using a random number generator identical to that used for the first multi-level code generation section 911), the number of attempts, that is, computational complexity required for decryption is increased. As a result it is possible to improve security against the eavesdropping.
In order to perform high quality communication between the transmitting party and the legitimate receiving party, a difference between the levels which correspond to information data “1” and “0” included in the combination of the levels of the multi-level signal (hereinafter referred to as an “information amplitude”) needs to be significantly larger than a noise level generated at the side of the legitimate receiving party. On the other hand, in order to improve the security, the step width needs to be significantly smaller than the shot noise level. In order to achieve a balance between these two conditions, the multi-level number M of the multi-level code sequence 92 needs to be extremely large (for example, the multi-level number M is several thousand, or several ten thousand or more). However, an increase in a value of the multi-level number M leads to complexity of a hardware configuration, and results in a problem of an increase in apparatus costs.