The present invention relates to quantum-key-distribution receiving devices used in quantum key distribution systems that utilize pairs of quantum-entangled photons, and to methods for using single-photon detectors included in such quantum-key-distribution receiving devices.
In order to realize secure encrypted communication without information leakage, it is essential that keys used for encrypting and decrypting the information are shared only by a transmitter and a receiver and are not known to a third person, such as an eavesdropper.
A quantum key distribution system is attracting attention as an encryption key distribution system that guarantees ultimate unconditional security according to a physical law, and has been actively researched and developed in recent years for application to a high-security information communication system in the future.
One type of quantum key distribution system is a single-photon type that utilizes a single photon or a pseudo single photon, such as a weak laser beam. In the following description, a single photon or a pseudo single photon may also be simply referred to as “photon”.
A single-photon-type quantum key distribution system will be described with reference to FIG. 9. FIG. 9 schematically illustrates a single-photon-type quantum key distribution system.
A single-photon-type quantum key distribution system 200 includes a quantum-key-distribution transmitting device (which may also be simply referred to as “transmitting device” hereinafter) 210 and a quantum-key-distribution receiving device (which may also be simply referred to as “receiving device” hereinafter) 220.
The transmitting device 210 has a single-photon light source unit 211 that generates a photon. The receiving device 220 has a base selecting unit 221 and a photon detecting unit 223 that includes multiple single-photon detectors.
In view of achieving loss reduction in long-distance transmission as well as achieving cost reduction by utilizing an existing optical-fiber communication network, the transmitting device 210 and the receiving device 220 are preferably connected to each other by, for example, an optical fiber. A photon waveband to be used in quantum key distribution is preferably a 1.3-μm waveband or a 1.5-μm waveband, as in normal optical-fiber communication.
In the quantum key distribution system 200 that utilizes the polarization state of a photon, the single-photon light source unit 211 in the transmitting device 210 generates a photon by randomly selecting the polarization state thereof from, for example, a vertically (V) polarized state, a horizontally (H) polarized state, a diagonally polarized state at 45 degrees to the right, and a diagonally polarized state at 45 degrees to the left. The generated photon is transmitted to the receiving device 220. A case where a vertically-polarized photon or a horizontally-polarized photon is selected and transmitted will be referred to as “H/V transmission base”, whereas a case where a 45-degree-diagonally-right-polarized photon or a 45-degree-diagonally-left-polarized photon is selected and transmitted will be referred to as “diagonal transmission base”.
The base selecting unit 221 in the receiving device 220 randomly selects a reception base, to be used for measuring the incoming photon, from an H/V reception base and a diagonal reception base. Then, the photon detecting unit 223 receives the photon by using the single-photon detectors in accordance with the selection made by the base selecting unit 221 and measures the polarization state of the photon. If the H/V reception base is selected, a measurement process for determining whether the photon is vertically polarized or horizontally polarized is performed. If the diagonal reception base is selected, a measurement process for determining whether the photon is diagonally polarized at 45 degrees to the right or diagonally polarized at 45 degrees to the left is performed. This measurement system including the base selecting unit 221 and the photon detecting unit 223 may be realized with, for example, an optical system that uses a polarization beam splitter and a wave plate.
The H/V transmission base and the diagonal transmission base are non-orthogonal to each other. Therefore, by measuring a vertically-polarized or horizontally-polarized photon based on the H/V reception base, a definitive measurement result is obtained with respect to whether the photon is vertically polarized or horizontally polarized. However, if a vertically-polarized or horizontally-polarized photon is measured based on the diagonal reception base, a definitive result cannot be obtained since the determination of whether the photon is vertically polarized or horizontally polarized can only be made with a probability of 50%.
For example, if the transmitter transmits a photon based on the H/V transmission base and the receiver selects the H/V reception base and performs a measurement process, the receiver is able to definitively know the polarization state of the photon transmitted by the transmitter. In this case, for example, by setting the vertically-polarized state to “1” and the horizontally-polarized state to “0”, a random bit string can be shared between the transmitter and the receiver.
If the transmitter transmits a photon based on the H/V transmission base and the receiver selects the diagonal reception base and performs a measurement process, the receiver is only able to stochastically know the polarization state of the photon transmitted by the transmitter. In this case, a random bit string cannot be shared between the transmitter and the receiver.
By using this mechanism, the transmitter and the receiver may inform each other of the selected bases after obtaining a measurement result for the required bit number, and may use only a bit value corresponding to when the bases match, whereby the transmitter and the receiver can share the same random bit string. By utilizing this shared bit string in quantum key distribution as an encryption key, secure encrypted communication can be performed.
In order to prevent eavesdropping on encryption keys, it is necessary to use one photon or less for each bit. Therefore, in order to realize a quantum key distribution system using a photon, each of the single-photon detectors included in the photon detecting unit 223 needs to be able to detect a photon at a single-photon level. For example, a semiconductor avalanche photodiode or a superconductor detector has been reported as a single-photon detector of this type. In particular, an InGaAs/InP avalanche photodiode is widely used as a low-cost single-photon detector that operates in the aforementioned optical-fiber communication waveband. However, due to having a high dark-current detection rate and a high after-pulse generation rate (which will also be referred to as “after-pulse probability” hereinafter), an InGaAs/InP avalanche photodiode is generally used by making it perform so-called gate operation in which a photon is received by applying a voltage that exceeds an avalanche critical voltage only when necessary.
System performance of the quantum key distribution system is evaluated mainly based on two points, which are a transmittable distance and a secure encryption key (also referred to as “secure key”) generation rate.
A transmittable distance is dependent on, for example, a propagation loss in a transmission path as well as the detection efficiency and the dark-current detection rate of a single-photon detector. A single-photon-detector performance index related to a transmittable distance can be expressed by η/d, where η denotes a detection efficiency and d denotes a dark-current detection rate.
An encryption-key generation rate is dependent on a photon detection rate and an error rate of a single-photon detector.
A photon detection rate per unit time can be expressed by αημf, where α denotes a total loss, such as a propagation loss in a transmission path and an excessive loss occurring at the single-photon light source unit 211, etc., and μf denotes the number of photons transmitted per unit time from the single-photon light source unit 211. In the case of a gate-operating single-photon detector, it can be considered that f denotes a gate frequency and μ denotes an average number of photons per gate.
An error rate may increase due to multiple factors, such as a problem in the adjustment of the optical system. Factors deriving from the photon detecting unit 223 include a dark current or an after-pulse in a single-photon detector. An error rate e deriving from the photon detecting unit 223 in the single-photon-type quantum key distribution system is expressed by expression (1) below (e.g., see “D. Stucki et al “Quantum key distribution over 67 km with a plug&play system”, New Journal of Physics 4(2002) 41” (Non-Patent Literature 1)). Pa denotes an after-pulse probability.
                    e        =                              d            μηα                    +                      P            a                                              (        1        )            
An increase in the error rate e leads to a decrease in the amount of information about the ultimate secure key, which is not known to an eavesdropper and is obtained after a key distillation process, such as an error correction process and a concealment amplification process. When performing a general key distillation process, the amount of information H(e) after the key distillation process can be expressed by, for example, expression (2) below (e.g., see “Benjamin Miguel and Hiroki Takesue “Observation of 1.5 μm band entanglement using single photon detectors based on sinusoidally gates InGaAs/InP avalanche photodiodes” New Journal of Physics 11 (2009) 045006 (15pp)” (Non-Patent Literature 2)). In the following expression, f(e) denotes an error correcting capability.H(e)=1−log2(1+4e−4e2)+f(e){e log2 e+(1−e)log2(1−e)}  (2)
In order for the transmitter and the receiver to securely share an encryption key, H(e)>0 needs to be satisfied. The error correcting capability f(e) is 1 at the Shannon limit. Therefore, in order to achieve H(e)>0 when f(e)=1, the error rate needs to satisfy e<11.4%.
As shown in expression (3) below, a generation rate fsecure of an ultimately-obtained secure key is a value obtained by multiplying the amount of information H(e) after the key distillation process by a sift-key generation rate Rsift per gate and the gate frequency f.fsecure=RsiftfH(e)  (3)
Based on expression (3), the secure-key generation rate fsecure can be increased by increasing the sift-key generation rate Rsift, the amount of information H(e) after the key distillation process, or the gate frequency f.