The demand for confidentiality in communications has been a permanent theme for the future since ancient times. Advancements in cryptography have been satisfying the demand in the network society in recent years. Encryption can be broadly classified into a secret-key cryptosystem and a public-key cryptosystem. The basis for security in the secret-key cryptosystem is that decryption is not an easy task even if communications are intercepted. Meanwhile, the basis for security in the public-key cryptosystem is that decryption requires unrealistic time although the decryption algorithm is known. However, the secret-key cryptosystem has a risk that a decryption technique may be found. Meanwhile, the public-key cryptosystem has risks that a decryption technique faster than the currently known decryption algorithm may be found, and that description can be made relatively easily even with the current algorithm if a quantum computer is realized. For this reason, quantum cryptography has begun to attract attention.
The quantum cryptography aims to ensure security in accordance with the laws of physics by use of quantum-mechanical properties. Accordingly, even if advancements are made in decryption techniques or computers, the quantum cryptography is free from a concern to threaten the security because the quantum cryptography establishes the security in accordance with the laws of physics, while the normal cryptography establishes the security based on the difficulty in decryption even if it can be intercepted (Non-Patent Document 1). However, use of a quantum-mechanical state is requisite for the quantum cryptography, as a matter of course. The quantum-mechanical state easily changes from the original state due to an interaction with the environment (decoherence). Thus, there are many restrictions to apply the quantum cryptography to an actual communication system. There is always loss in a transmission channel such as an optical fiber, and such loss causes a change in the quantum state. Accordingly, the quantum cryptography is first restricted in transmission distance. The maximum transmission distance is, for example, about 100 km. If there is loss, amplification is used to compensate the amount of loss in normal communications, but amplification is not allowed in the quantum cryptography because the amplification causes decoherence in the original state. Furthermore, use of ultra-weak light is a characteristic of the quantum cryptography. There arises a problem that the current optical system needs to be rebuilt for operation of the quantum cryptography having such characteristics. As described above, it can be seen that there are many restrictions in the operation of the quantum cryptography.
A method that has been proposed with an aim to solve the aforementioned problems is called αη scheme. In the αη scheme, a signal basis is multi-valued in phase space, and bases adjacent to each other are set in a range of a quantum fluctuation for not giving an eavesdropper the correct information (Non-Patent Document 2). The basis for security in this scheme is the quantum fluctuation. Thus, if the signal light intensity is too large, the effect of the quantum fluctuation becomes ignorable, so that sufficient security cannot be obtained in this case. An optical intensity larger than the quantum cryptography can be used but the intensity needs to be sufficiently weak as compared with the intensity in normal optical communications. In this respect, a method using antisqueezing is proposed as a method with which an optical intensity at a level of the normal optical communications can be applied (Patent Document 1). This method aims to make eavesdropping difficult by use of the multi-valued basis and the antisqueezed (expanded) fluctuation. The antisqueezed fluctuation is a fluctuation sufficiently made larger than the quantum fluctuation, so that the antisqueezed fluctuation can be said to be a classical fluctuation rather than the quantum fluctuation.
When the security of communications is considered based on the information theory, no distinction is made whether the signal light is quantum or classical (Non-Patent Documents 3 and 4). Secret capacity C=I (X; Y)−I (X; Z) can be obtained as a difference between mutual information I (X; Y) between a sender and a legitimate receiver and mutual information I (X; Z) between the sender and an eavesdropper. The mutual information I is a function of a bit error rate (BER), and it is equal to source entropy H (A) of the sender when there is no bit error and decreases with an increase in the BER. When the BER (EE) of the eavesdropper is larger than the BER (EB) of the legitimate receiver, the secret capacity (C>0) is ensured, and thus, secure communications in view of the information theory can be performed. The important point for achieving security in view of the information theory is how to establish EE>EB by forming a difference between the legitimate receiver and the eavesdropper. In the quantum cryptography, there is a function allowing the legitimate sender and receiver to detect eavesdropping by use of the quantum-mechanical properties at the time of the eavesdropping, and EE>EB is established by use of this function. Any part of the quantum cryptography other than the above does not use the quantum-mechanical properties. Thus, secure communications can be performed if there is a method that can establish EE>EB without using the quantum-mechanical properties.    Patent Document 1: JP 2007-129386 A    Non-Patent Document 1: N. Gisin, G. Ribordy, W. Tittel and H. Zbinden, Rev. Mod. Phys. 74, 145-195 (2002).    Non-Patent Document 2: G. A. Barbosa, E. Corndorf, P. Kumar and H. P. Yuen, Phys. Rev. Lett. 90(2003) 227901.    Non-Patent Document 3: U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Inf. Theory, 39, 733 (1993).