JP3542699B2 - How to configure quantum cryptography - Google Patents

Description

【００６５】
【発明の効果】
以上説明したように、本発明によれば、秘密鍵の送信者はビット値に応じて２状態のうちから選択して送信すればよく、受信者もその２状態を識別すればよいので、測定系の切り替えが不要である。また、原理的に受信者は送信されたビットをすべて決定できる。更に、盗聴者の有無の確認はビット値の照合のみによって行われ、ランダムな送受信時刻の照合などの補足的な手続きをせずに安全性を確保できる。従来の方式はどれも、以上の利点の一部を有することはあっても、すべてを有することはない。
【図面の簡単な説明】
【図１】本発明の一実施形態に係る量子暗号の構成方法を説明するための図である。
【図２】従来の量子暗号である４状態暗号を説明するための図である。
【図３】従来の量子暗号である遅延４状態暗号を説明するための図である。
【図４】従来の量子暗号である非直交２状態暗号を説明するための図である。
【図５】従来の量子暗号である時間差干渉暗号を説明するための図である。
【符号の説明】
１ 送信者
２ 受信者
３ １光子光パルス
６ 乱数表
７ 秘密鍵
１６，１７ 光ファイバ
１９，２０ 受光器
２３，２４ 遅延
２５，２９ ビームスプリッタ
２６，２７ 光パルス
２８ π位相シフト[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a quantum cryptography configuration method for exchanging a random number sequence as a key while monitoring the presence or absence of an eavesdropper using the uncertainty principle of quantum mechanics.
[0002]
[Prior art]
Cryptography uses modern cryptography, which bases its security on the assumption that eavesdropping is difficult to compute in terms of computational complexity, and the uncertainty principle of quantum mechanics. There is a quantum cipher characterized by exchanging a random number sequence which is a key while monitoring data. First, modern cryptography will be described.
[0003]
In modern cryptography, a message to be sent is digitized (this is called declarative text), and a random number is calculated on it to make it a ciphertext that looks random to a third party, and the recipient decrypts it using a decryption method unknown to the third party. There are two main types: secret key cryptography and public key cryptography. The random number table used by the sender for encryption is called an encryption key, and the random number table used by the receiver for decryption is called a decryption key. In secret key cryptography, the encryption key and the decryption key are the same (called a secret key). The recipient and the recipient have determined the secret key in advance in some secure way, for example, by meeting in person.
[0004]
When the length of the declarative sentence and the secret key are equal, that is, when the secret key used once is always discarded (this is called the one time pad method), it has been confirmed by Shannon that this method has absolute security. Proven. However, the one time pad method is not actually used because of the unrealistic nature of exchanging a secret key of a length comparable to the message in advance each time (if it is possible to exchange the message itself). Not. In practical secret key cryptography, the same secret key is used repeatedly.
[0005]
In public key cryptography, a receiver possesses a public key and a secret key, and makes the public key public. The sender encrypts and transmits using the receiver's public key, and the receiver decrypts using the private key. Needless to say, the public key and the private key are used repeatedly here. These modern cryptography are described in the literature: [1] Kazuo Ota, Kaoru Kurosawa, Osamu Watanabe, "Science of Information Security" (Kodansha Bluebacks), [2] Hideki Imai, "Cryptography Story" (Japan Standards Association), [ 3] Eiji Okamoto, "Introduction to Cryptography" (Kyoritsu Shuppan), [4] Shinichi Ikeno, Kenji Koyama, "Modern Cryptography" (IEICE).
[0006]
Modern cryptography presupposes that the ciphertext is eavesdropped, and based on security, it takes astronomical time to decipher the eavesdropping. Using a computational representation, we base our hypothesis on that the prime factorization of integers does not belong to the P-type problem.
[0007]
However, this hypothesis is only an unproven expectation. On the contrary, it was mathematically proved in 1994 that the extension of the calculation method to the quantum computing method converts the factorization into a P-type problem. This is described in the literature: [5] Peter W. Shor: "Algorithms for quantum composition: Discrete logarithms and facting,""Proceedings of the 35th Annual Symposium on Fundamentals of Recommendations. Goldwasser (IEEE Computer Society, Los Alamitos, CA, 1994) p. 124, [6] Tetsuro Nishino, "Quantum Computer", Information Processing Society of Japan, Vol. 36, No. 4, April 1995, p. 337.
[0008]
Although this quantum computer has not yet been put to practical use, it is thought that the ultimate basis of modern cryptography has collapsed, though theoretically, and that its security will no longer be guaranteed in the future.
[0009]
Next, conventional quantum cryptography will be described.
[0010]
Quantum cryptography is a cryptography that cannot be broken even by using the quantum computing method. This is a procedure for determining the secret key while making sure that no eavesdropping by an eavesdropper leaves any trace on the quantum level signal based on the principle of uncertainty of quantum mechanics. . That is, in the above-described secret key cryptosystem, the sender and the receiver need to determine the secret key in advance by some secure method. There is nothing other than quantum cryptography. If quantum cryptography is used, the secret key can be exchanged constantly, and the one time pad method, whose absolute security is guaranteed, can be used.
[0011]
Four-state encryption, delayed four-state encryption, non-orthogonal two-state encryption, and time-difference interference encryption have been proposed as specific methods of quantum encryption. Next, each of these quantum cryptosystems will be described.
[0012]
First, the four-state encryption will be described. The four-state encryption is a quantum encryption originally devised, and is described in detail in [7] C.I. H. Bennett and G. Brassard, in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India (IEEE, New York, 1984), p. 175, [8] A. Translated by Eckart / Nobuyuki Imoto, "Invitation to Quantum Cryptography," Parity, vol. 7, No. 2, p. 26 (1992), [9] Collins / Nomotoyuki Imoto "Quantum cryptography is the strongest cryptography ever" Parity, vol. 8, no. 5, p. 31 (1993), but will be briefly described below.
[0013]
In four-state cryptography, as shown in FIG. 2, a sender 1 and a receiver 2 transmit a light pulse 3 containing only one photon per bit, and a classical channel 4 for confirming the transmission and reception states. Use 5. Quantum channel 4 is typically an optical fiber, and classical channel 5 is a radio or telephone. The classical channel is assumed to be eavesdropped but not tampered with. To clarify this, the classical channel is hereinafter referred to as a public channel. Further, as a premise of cryptography as well as quantum cryptography, an eavesdropper can access the transmission path unit in the figure, but cannot access the transmission side and the reception side.
[0014]
In coding the transmission side bits “0” and “1” into the optical pulse 3, two kinds of variables of linearly polarized light and circularly polarized light, that is, two kinds of coding methods are used. For example, in the case of linear polarization coding, "horizontal" is set to "0", "vertical" is set to "1", and in the case of circular polarization coding, "clockwise" is set to "0" and "counterclockwise" is set to "1". To correspond to. The sender 1 and the receiver 2 make such an arrangement in advance (on the public channel 5). The sender 1 prepares a random number table 6 written in a binary system. This is a random number table from which the secret key 7 shared with the receiver 2 is generated. The secret key 7 is a partial random number table obtained by extracting slightly less than half bits from the random number table 6 as described below. The protocol of the sender 1 and the receiver 2 in the four-state encryption is as follows.
[0015]
Step 1: The sender 1 randomly selects a coding method, and modulates the polarization of the light pulse 3 using the modulator 8 according to the random number table 6. For example, coding is performed using circularly polarized light. If the first value in the random number table 6 is “1”, the polarization state of the light pulse 3 is changed so as to be “counterclockwise” polarization. The sender 1 is not informed of the selected coding method and sends only the light pulse 3. In the same manner, photons are successively transmitted for successive bits.
[0016]
Step 2: The receiver 2 cannot measure both linearly and circularly polarized light because the received light pulse 3 contains only one photon (uncertainty principle). Therefore, it is determined which one to measure, and the measurement is performed using the light receiver 9 including the polarimeter. The probability that sender 1 chooses the same coding method and the wrong coding method as the selected coding method is 50%. If they are the same, the value of the random number table 6 is correctly reproduced in the receiver 2, but if incorrect, the mutual information amount between the sender 1 and the receiver 2 regarding the bit becomes zero.
[0017]
Step 3: Each time one optical pulse is measured (or may be communicated collectively later), the receiver 2 identifies on the public channel 5 which coding method has been selected. Sender 1 hears it and informs public channel 5 whether or not recipient 2's coding choice was correct.
[0018]
Step 4: Sender 1 and receiver 2 adopt only about half the bits, both of which have selected the same coding method, and discard the other half. If there is no eavesdropping, the same random number table should be formed on both sides.
[0019]
Step 5: The sender 1 and the receiver 2 extract matching bits at an appropriate ratio from the remaining bits, and perform matching (on the public channel 5) with each other. If a sufficient number of matching bits match, it is concluded that the probability of eavesdropping is close to 1 for reasons explained in the above-mentioned literature.
[0020]
Step 6: Since the bits excluding the verification bit are guaranteed to have the same value known only to the sender 1 and the receiver 2, it is determined as the secret key 7.
[0021]
According to the above procedure, it is possible to generate a secret key while monitoring in real time that eavesdropping is not performed. If an eavesdropping is detected from the collation bit, all communications during the eavesdropping detection period are invalidated, and the quantum channel is checked or reconstructed. In fact, the eavesdroppers are most afraid of eavesdropping, and even if they violate the danger of eavesdropping, they cannot perform eavesdropping (the eavesdropping secret key will be destroyed). Virtually no.
[0022]
One of the drawbacks of 4-state encryption is that the receiver 2 has a 50% chance of choosing a coding method when making measurements, so half of the optical pulses sent by the sender are in vain in principle. It is a point that becomes.
[0023]
Next, the delayed four-state encryption will be described. The disadvantages of the four-state encryption described above are overcome by providing a signal delay 10 in front of the receiver of receiver 2 as shown in FIG. The length of the delay 10 is such that the recipient 2 can perform step 3 of the protocol described below. The protocol of the sender 1 and the receiver 2 in the delayed four-state encryption is as follows.
[0024]
Step 1: The sender 1 randomly selects a coding method, and modulates the polarization of the light pulse 3 using the modulator 8 according to the random number table 6. For example, coding is performed using circularly polarized light. If the first value in the random number table 6 is “1”, the polarization state of the light pulse 3 is changed so as to be “counterclockwise” polarized light. The sender 1 is not informed of the selected coding method and sends only the light pulse 3. In the same manner, photons are successively transmitted for successive bits.
[0025]
Step 2: When the optical pulse 3 reaches the receiving side via the transmission path, the sender 1 clarifies on the public channel 5 which coding method has been selected.
[0026]
Step 3: The receiver 2 decides whether to measure linear or circular polarization according to the coding method revealed on the public channel 5 and emerges from the delay 10 using the receiver 9 including a polarimeter. The measured light pulse 3 is measured.
[0027]
Step 4: The sender 1 and the receiver 2 extract collation bits at an appropriate ratio from the transmitted bits, and perform matching (on the public channel 5) with each other. If a sufficient number of matching bits match, it is concluded that the probability of eavesdropping is close to 1 for reasons explained in the above-mentioned literature.
[0028]
Step 6: Since the bits excluding the verification bit are guaranteed to have the same value known only to the sender 1 and the receiver 2, it is determined as the secret key 7.
[0029]
By the above procedure, a one-bit secret key can be generated for each optical pulse in principle, excluding the verification bit.
[0030]
The disadvantage of the delayed four-state encryption is that the receiver 2 must switch between two types of measurement methods, linearly polarized light and circularly polarized light, for each light pulse when performing the measurement. This is due to the fact that since communication is performed using four states, this system effectively transmits 2-bit information, and one bit of which is discarded because it leaks through the public channel. are doing.
[0031]
Next, two non-orthogonal states will be described. Non-orthogonal two-state encryption is a method of transmitting two non-orthogonal quantum states in correspondence with bits “0” and “1”. The following is an embodiment of the non-orthogonal two-state quantum cryptography. For details, see Reference: [10] C.I. H. Benett, Phys. Rev .. Lett. 68, 3121 (1992), [11] B. Huttner, N .; Imoto, N .; Gisin, and T.W. Mor, Phys. Rev .. A51, 1863 (1995). Here, the configuration proposed in the document [10] will be described with reference to FIG. The sender 1 divides the coherent optical pulse 11 into optical pulses 13 and 14 by using a 50% beam splitter 12, and uses a phase modulator 15 to change the optical phase of the optical pulse 13 according to the random number table 6 if the bit value is “0”. If the bit value is 0 degree and the bit value is "1", it is modulated to 180 degrees and sent to the quantum channel 4 composed of optical fibers 16 and 17. Hereinafter, since the public channel 5 is common to all quantum cryptography, it is omitted in FIG. The receiver 2 interferes the optical pulses 13 and 14 with the 50% beam splitter 18 (in fact, the reflectivity of the beam splitters 12 and 18 does not need to be 50% as described in the document [10]). ).
[0032]
The beam splitter 12 to the beam splitter 18 constitute one Mach-Zehnder interferometer. The receiver 2 appropriately adjusts the phase difference θ between the optical fibers 16 and 17, and in the beam splitter 18, the pulse having the bit value “0” is dark fringe on the light receiver 19 side and the pulse having the bit value “1” is received in the light receiver 19. The container 20 side is dark fringe. The intensity of the coherent light pulse 11 uses light in a coherent state in which the average number of photons contained in the pulse is much smaller than 1 (for example, 0.1). This is to make the probability that the number of photons included in the light pulse 3 becomes 2 or more as close to 0 as possible. Since the average number of photons is much smaller than one, in most cases, photons are not counted in either of the light receivers 19 and 20 when the pulse arrives, so that the bit value cannot be determined for the receiver 2 in most cases. However, it can be conclusively concluded that the bit value is “1” when counted by the light receiver 19 and “0” when counted by the light receiver 20. From the above, secret key exchange is possible with the following protocol.
[0033]
Step 1: The sender 1 modulates the phase of the optical pulse 13 using the phase modulator 15 according to the random number table 6 and sends it.
[0034]
Step 2: Recipient 2 counts photons with light receivers 19 and 20. When counting, the receiver 2 knows the bit value subtracted from the random number table 6 by the sender 1. The receiver 2 does not say which of the light receivers 19 and 20 has counted, but only informs the sender 1 of the fact that the counting was or was not performed on the public channel.
[0035]
Step 3: Since the bit announced by the receiver 2 not to be counted is not transmitted to the receiver, the sender 1 also discards the bit and leaves only the counted bit.
[0036]
Step 4: Match bits are extracted at an appropriate ratio from the remaining bit strings, and each answer is checked (on the public channel 5). If a sufficient number of matching bits match, it is concluded that eavesdropping has a probability close to 1 for reasons to be described later.
[0037]
Step 5: Since the bits excluding the verification bit are guaranteed to have the same value known only to the sender 1 and the receiver 2, it is determined as the secret key 7.
[0038]
Consider what eavesdroppers can do for this scheme. In order to access the quantum channel 4 and measure the phase difference between the two separated optical pulses, it is necessary to perform photon counting with interference as in the receiver. If the counting is successful, the same two parallel pulses as sent by the sender can be sent using the same device as the sender. However, most of the pulses do not count photons, in which case no false pulse is sent or a false pulse with a random phase difference is sent. In the former case, the transmission rate drops from the original value, and in the latter case, the collation bits are inconsistent and detected by the sender and the receiver in any case.
[0039]
Since non-orthogonal two-state encryption uses only two states, the measurement system of the receiver is simplified. However, since two non-orthogonal quantum states can be distinguished only with a probability smaller than 1, the receiver can determine the bit value of only a part of the transmitted bit sequence, and the remaining optical pulses are useless. become. On the other hand, since the security of this scheme is based on its non-orthogonality, this waste is unavoidable in this scheme.
[0040]
Next, the time difference interference encryption will be described. The time-difference interference encryption is similar to the non-orthogonal two-state encryption of FIG. 4 in that a Mach-Zehnder interferometer is used as shown in FIG. It is characteristic in that only the above is used. For details, refer to the literature: [13] Goldenberg and Vaidmann: Phys. Rev .. Lett. 75, 1239 (1995), which is briefly described below. As shown in FIG. 5, the sender 1 inputs the optical pulse 3 from the port A side when the bit is “0” and from the port B side when the bit is “1”, and sends the random number table 6. It is assumed that light pulse 3 contains only one photon. The optical pulse 3 is split into two by the 50% beam splitter 12, the optical pulse 21 enters the optical fiber 16 as it is, and the optical pulse 22 enters the optical fiber 17 via a long delay 23. By making the delay longer than the transmission distance, the optical pulse 22 enters the transmission path after the optical pulse 21 arrives at the receiver side. On the receiver side, the optical pulse 21 is provided with a delay 24 having the same length as the delay 23. As a result, the optical pulses 21 and 22 interfere with each other in the 50% beam splitter 18, and the optical pulse 3 incident from the port A side exits to the port A 'and the optical pulse 3 incident from the port B side exits to the port B'. The receiver 2 can reproduce the random number table 6 of the sender 1 simply by looking at the port A 'or B'. A protocol that is secure against eavesdropping using this interference system is as follows.
[0041]
Step 1: The sender 1 enters the optical pulse 3 into one of the ports A and B according to the random number table 6. However, instead of successively inputting light pulses at a regular timing, an incident time is determined at random and the time is recorded.
[0042]
Step 2: The receiver 2 counts photons with the light receivers 19 and 20, and determines the contents of the random number table 6 of the sender 1. Record the counted time at the same time.
[0043]
Step 3: The time of incidence and the time of count are disclosed on the public channel 5 to test whether any inconsistency has occurred.
[0044]
Step 4: Check bits are extracted from the bit sequence at an appropriate ratio, and each check is made (on the public channel 5) to test whether a sufficient number of check bits match.
[0045]
Step 5: If there is no problem in the tests of Steps 3 and 4, since the bits except the verification bit are guaranteed to have the same value known only to the sender 1 and the receiver 2, the secret key 7 is used. Is determined.
[0046]
In this scheme, bit values are transmitted using two orthogonal quantum states. Since the two orthogonal states are completely identifiable, the receiver can determine all transmitted bit strings. Therefore, the secret key 7 can be constructed from all the light pulses except the collation bits.
[0047]
However, unlike other methods, the security of the secret key is not guaranteed only by verifying the verification bit. This is because, in this method, even after the optical pulse 21 has been delivered to the receiver, the bit value to be transmitted can be freely selected by adding an appropriate phase shift to the optical pulse 22 if it is at hand. Is due. This means that the light pulse 21 is merely a reference and does not have bit value information by itself. Therefore, even if the eavesdropper does not know the bit value selected by the sender, a fake optical pulse 21 is generated by a device of the same type as the device used by the sender and passed to the receiver, and the real optical pulse 21 is at hand. By storing the optical pulse 22 in the delay path, receiving the optical pulse 22 and knowing the bit value, applying an appropriate phase shift to the counterfeit of the optical pulse 22 and sending it to the receiver, exposure can be avoided.
[0048]
In order to prevent such eavesdropping means, this method requires another type of test (step 3) apart from bit collation. To perform this supplementary test, the sender and receiver must have synchronized clocks, and the amount of traffic that must be exchanged on public channels increases. Furthermore, randomizing the pulse transmission interval inevitably leads to a lower transmission rate than sending pulses one after another at the minimum technically possible time interval.
[0049]
[Problems to be solved by the invention]
As described above, among the conventional quantum cryptography, the four-state encryption and the non-orthogonal two-state encryption can use only a part of the optical pulse for generating the secret key, and the delayed four-state encryption has two linear and circular polarizations. It is necessary to switch the type of measurement method, that is, the measurement system for each light pulse, and the time difference interference encryption requires a test other than bit collation.
[0050]
The present invention has been made in view of the above, and its purpose is to use only two states, do not need to switch the measurement system, secure the security only by bit collation, and use all the transmitted pulse trains. An object of the present invention is to provide a method of configuring a quantum cryptography that can be used.
[0051]
[Means for Solving the Problems]
In order to achieve the above object, the present invention according to claim 1 uses a classical channel that transmits a first signal that modulates a quantum mechanical state and a classical channel that transmits a second signal that modulates a classical state. Based on the determinism principle, the random number table is transmitted from the transmission side to the reception side while monitoring the presence / absence of disturbance generated in the first signal by eavesdropping using the classical channel, and the random number table is used as a secret key. A method of constructing a quantum cryptography, comprising: generating a light pulse consisting of at most one photon at a transmitting side, and using a first beam splitter having an unequal branch ratio from an input port to a first output port and a second output port. One of the first and second input ports is selected based on the value of one bit of the random number table, the light pulse is input from the selected input port, and the first output port is set to the first quantum Connect to the channel and 2 is connected to a first delay path longer than the difference between the linear distance between the transmitting side and the receiving side and the optical path length of the quantum channel, and its output is connected to the second quantum channel. Connects the output of the first quantum channel to a second delay path of equal length to the first delay path, and connects the output to a second delay path having the same splitting ratio as the first beam splitter. A first input port of the beam splitter; an output of the second quantum channel connected to a second input port of the second beam splitter; and a first input port of the first beam splitter. The phase difference between two optical paths reaching the second output port of the second beam splitter is adjusted to be π, and the first output port of the second beam splitter is input to the first light detection means. And input the second output port to the second light detecting means. A 1-bit signal is registered according to which of the light detecting means has detected, and this is repeated to transmit the random number table, and the sender's random number table and a part of the random number table recorded by the receiver are compared. The gist is that the matching is performed by the classical channel, and only when they match, the remaining part of the random number table is registered as a secret key.
[0052]
According to the first aspect of the present invention, on the transmitting side, one of the first and second input ports of the first beam splitter is selected based on the value of one bit of the random number table, and the selected one is selected. An optical pulse is input from the input port, and a first output port of the beam splitter is connected to a first quantum channel, and a second output port is connected to a second quantum channel via a first delay path. On the receiving side, the output of the first quantum channel is connected to a first input port of a second beam splitter via a second delay path, and the output of the second quantum channel is connected to a second beam. Connected to the second input port of the splitter, and adjusted so that the phase difference between two optical paths from the first input port of the first beam splitter to the second output port of the second beam splitter becomes π. , The first output of the second beam splitter to the first The transmission of the random number table is performed by repeating the processing of inputting to the detection means, inputting the second output port to the second light detection means, and registering a 1-bit signal based on which light detection means has detected. Then, the sender's random number table and a part of the random number table recorded by the receiver are collated by the classical channel, and only when they match, the remaining part of the random number table is registered as a secret key.
[0053]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[0054]
FIG. 1 is a diagram for explaining a method of configuring a quantum cryptography according to an embodiment of the present invention. The quantum cryptography configuration method of the embodiment shown in the figure devises a new quantum cryptography configuration and protocol based on an asymmetric Mach-Zehnder interferometer, and uses only two states. Since there is no need for switching, and since the orthogonal state is used, the receiver can determine all transmitted bits in principle, so that there is no waste, and there is no need for a test other than bit value verification.
[0055]
In FIG. 1, the sender 1 inputs the optical pulse 3 from the port A side when the bit is “0” and from the port B side when the bit is “1”, and sends the random number table 6. It is assumed that light pulse 3 contains only one photon. The light pulse 3 is split into two beams by the beam splitter 25. As the beam splitter 25, a beam splitter having a reflectance and a transmittance that are not equal, that is, a beam splitter other than 1: 1 is used (however, excluding perfect reflection and perfect transmission). Either of the branching ratios may be increased. Here, the beam splitter (similarly for 25 and 29) refers to one that couples one optical path to two optical paths, and also includes a directional coupler used when assembling an interferometer with an optical fiber.
[0056]
The optical pulse 26 after branching enters the optical fiber 16 as it is, and the optical pulse 27 enters the optical fiber 17 via the delay 23. The optical path length of the delay 23 is longer than the difference between the linear distance between both ends of the transmission path section and the optical path length of the transmission path section. At this time, a third party who has accessed the optical pulse 27 passing through the transmission path cannot access the optical pulse 26 thereafter. On the receiver side, the optical pulse 26 is provided with a delay 24 having the same length as the delay 23. Further, a phase shift 28 of π is provided on one arm of the interferometer, and the difference between the optical path lengths of both arms is set to a half wavelength. Thus, in the beam splitter 29 having the same reflectance and transmittance as the beam splitter 25, the light pulses 26 and 27 interfere with each other, and the light pulse 3 incident from the port A enters the port A 'and the port B from the port B. The light pulse 3 is emitted to the port B '. The receiver 2 can reproduce the random number table 6 of the sender 1 simply by looking at the port A 'or B'. A protocol that is secure against eavesdropping using this interference system is as follows.
[0057]
Step 1: The sender 1 enters the optical pulse 3 into one of the ports A and B according to the bit value of the random number table 6. Similarly, successive photons are sent for successive bits.
[0058]
Step 2: The receiver 2 counts photons with the light receivers 19 and 20, and determines the contents of the bit sequence of the random number table 6 of the sender 1. If there is no eavesdropping, the receiver should have the same thing as the random number table 6.
[0059]
Step 3: In order to confirm the presence or absence of eavesdropping, collation bits are extracted from the bit string at an appropriate ratio, each answer is checked (on the public channel 5), and it is tested whether a sufficient number of collation bits match. .
[0060]
Step 4: If there is no problem in the test of step 3, since the bits except the verification bit are guaranteed to have the same value known only to the sender 1 and the receiver 2, it is determined as the secret key 7. I do.
[0061]
The security against eavesdropping in the system of the present invention is that the information of the bit value is divided into two pulses 26 and 27 and carried. Here, "listed separately" means that when only the previously transmitted pulse 26 is received, the receiver can obtain information on the bit value in an incomplete manner to a certain extent, and After sending 26, it is possible to access only the pulse 27 and change the bit value with a certain but uncertain success rate. If such two pulses are sent out one by one, the eavesdropper cannot copy the partial bit information on each pulse, in other words, cannot extract the bit information without leaving any trace. It is possible to prove using the basic principles of quantum mechanics. Also, it is impossible to replace a pulse with a fake without knowing the bit information.
[0062]
Conversely, if the bit information is concentrated on only one of the two pulses, the eavesdropper can freely copy the bit information. In the above-described time-difference interference cryptography, which is one of the conventional quantum cryptography, this is exactly the situation, and the bit information is carried only in the subsequent pulse 22. Therefore, the security of the time difference interference encryption is ensured by a procedure having some disadvantages as described above, that is, a random pulse transmission time and its confirmation. Therefore, the scheme of the present invention secures security based on a mechanism substantially different from the time difference interference encryption, and as a result, a procedure of measuring, recording, and collating a random detection time becomes unnecessary. ing.
[0063]
As described above, since the quantum cryptography configuration method of the present embodiment uses only two states, it is not necessary to switch the measurement system of the receiver, and all of the transmission pulse trains can be used. Although the present invention has a feature that security can be ensured, a comparison of the present invention with the above-described conventional four-state encryption, delayed four-state encryption, non-orthogonal two-state encryption, and time-difference interference encryption for each of these features shows that Table 1 shown below. Thus, only the present invention has all these features.
[0064]
[Table 1]

[0065]
【The invention's effect】
As described above, according to the present invention, the sender of the secret key only has to select and transmit from the two states according to the bit value, and the receiver only needs to identify the two states. No system switching is required. Also, in principle, the receiver can determine all transmitted bits. Further, the presence or absence of an eavesdropper is checked only by checking the bit value, and security can be ensured without performing a supplementary procedure such as checking the random transmission / reception time. All conventional schemes may have some, but not all, of the above advantages.
[Brief description of the drawings]
FIG. 1 is a diagram for explaining a method of configuring a quantum cryptography according to an embodiment of the present invention.
FIG. 2 is a diagram for explaining a four-state encryption that is a conventional quantum encryption.
FIG. 3 is a diagram for explaining a delayed four-state encryption that is a conventional quantum encryption.
FIG. 4 is a diagram for explaining non-orthogonal two-state encryption that is a conventional quantum encryption.
FIG. 5 is a diagram for explaining a time difference interference encryption which is a conventional quantum encryption.
[Explanation of symbols]
1 sender
2 recipient
3 One-photon light pulse
6 random number table
7 Secret key
16, 17 Optical fiber
19,20 light receiver
23, 24 delay
25,29 Beam splitter
26,27 light pulse
28 π phase shift

Claims (1)

The first signal is generated by eavesdropping on the basis of the uncertainty principle using a quantum channel transmitting a first signal having a modulated quantum mechanical state and a classical channel transmitting a second signal having a modulated classical state. While monitoring the presence or absence of disturbance using the classical channel, a random number table is transmitted from a transmission side to a reception side, and a method of configuring a quantum cryptography using the random number table as a secret key,
On the transmitting side, generate an optical pulse consisting of at most one photon,
Selecting one of the first and second input ports of the first beam splitter having an unequal branching ratio from the input port to the first and second output ports based on a 1-bit value of a random number table;
Inputting the light pulse from the selected input port,
Connecting the first output to a first quantum channel;
Connecting the second output port to a first delay path that is longer than the difference between the linear distance between the transmitting side and the receiving side and the optical path length of the quantum channel, and connecting the output to a second quantum channel;
On the receiving side, the output of the first quantum channel is connected to a second delay path having the same length as the first delay path, and the output has the same splitting ratio as the first beam splitter. Connected to a first input of a second beam splitter,
Connecting the output of the second quantum channel to a second input of the second beam splitter;
Adjusting a phase difference between two optical paths from a first input port of the first beam splitter to a second output port of the second beam splitter to be π,
A first output port of the second beam splitter is input to first light detection means, a second output port is input to second light detection means,
A 1-bit signal is registered based on which of the light detection means has detected the
By repeating this, the random number table is transmitted,
A part of the random number table of the sender and a part of the random number table recorded by the receiver are compared by a classical channel, and only when they match, the remaining part of the random number table is registered as a secret key. How to configure the cipher.

Images