BRPI0405814B1 - quantum noise cryptographic key distribution system - Google Patents

Abstract

"system for the distribution of cryptographic keys by quantum noise". It is an optical cryptographic system composed of generation, emission and reception systems and an operating protocol that, through the use of quantum light noise, allows two users a and b to securely share unlimited random bit sequences. through an optical channel, transmitting signals of mesoscopic intensity and using physical random signal generators. The process begins with a secret key shared between each pair of users, and where each received sequence establishes the encryption of the next bit to be sent. System security is established within the range where the legitimate receiver, having the shared key, has an acceptable signal-to-noise ratio, and this ratio has advantages over the intruder's signal-to-noise ratio near the transmitter, who is unaware of the key used. These signals can be optically amplified while maintaining the security of the information transmitted within the range defined for system operation. A brute force attack to determine the key using the search grover quantum algorithm leads to an increasing effort in exponential and x / 2 form where the exponent x is proportional to the length of the initially shared secret key. This search can become computationally unfeasible with an adequate initial key length, or even through many emission cycles before these keys are used for data encryption. A protocol controls the steps required for this key distribution and includes, in addition to standard procedures, specific commands to ensure that quantum noise does not allow the intruder to correlate the signals generated for encryption with eventually encrypted data. The security provided by the system and associated protocol comes from the quantum noise of light in the quantum optical channel and the initially shared secret key. The invention, which contains a random bit source, has no exclusive dependence on that particular source, which consists of a coherent light source limited by shot noise followed by a rapid detection system, also limited by shot noise. This detection system provides voltage (or current) signals with two possible values corresponding to the algebraic (+ or -) signals of the voltages relative to the average number of photons emitted by the light source over time intervals of the order of bits. These random voltage signals constitute the random binary output of the random physical generator (phrg). The present key distribution system enables coupling to general public communication systems such as telephone, radio and computer systems through one-time-pad encryption.

Description

The present invention relates to a system capable of providing secure communications from the distribution of random key sequences for cryptographic use via optical channels where the level of security is provided by quantum noise. inherent in light and the level of protection does not depend on intrusion detection mechanisms.

By sharing a random bit sequence, two users gain, with proven security, the ability to transmit messages that cannot be deciphered by an intruder (one-time-pad protocol) and the power to distinguish legitimate messages from forged or altered ones. (authentication procedures). The creation of new keys and the methods of transmitting them is the central objective in encryption. In addition to security aspects, speed is another requirement in modern communication systems, which exclude messengers for carrying new keys. Communication systems whose security is obtained exclusively through mathematical complexities are based on unproven considerations, such as the technical difficulty of factoring large numbers, and are vulnerable to advances in computational power or new mathematical developments. On the other hand, Physical Encryption can create processes that allow two users, in different locations, to share random bit sequences of arbitrary length (identifying length with number of bits), when desired, at a high speed without the exclusive dependence on mathematical complexities. These processes can be of great value in systems operating over long distances. Totally secure communication through an insecure channel can be achieved using keys transmitted by a physically secure Vernam-sense process with the one-time-pad protocol. Thus, through the protection afforded by the laws of nature, technological advances, such as improved computing power, do not affect the safety of these processes. The quantum key distribution protocol known as BB84 (C. H Bennett and G. Brassard, “Quantum cryptography: public-key distribution and coin tossing,” IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India, pp. 175-179,1984), a paradigm between protocols using single photons, has been used in short distance applications (eg, N. Gisin, G Ribordy, W. Tittel and H. Zbinden, Rev. Mod. Phys 75, pp. 145-195,2002; OSA Technical Digest, vol, 74, pp. 266, 2002), but not in long distance networks. A key reason is that the same non-cloning theorem that guarantees its level of security also prohibits the necessary signal amplification between nodes or communication stations separated by large distances. No alternative practical quantum systems using quantum repeaters have yet been proposed, although there are theoretical studies in this regard. Other practical impediments are the low speed of the one-photon sources and the long recovery time of the one-photon detectors. Difficulties associated with increased speed and impossibility of cloning exclude one-photon protocols from commercial applications on lines of communication with distant nodes. However, it should be considered that BB84-type key distribution systems will be implemented within a few years through the use of satellites (See, for example, M. Aspelmeyer, T. Hennewein and A. Zeilinger, M, Pfennigbauer and W. Leeb, quant-ph / 0305105 vl, 19 May 2003 and their references), although the rates of this key distribution process should be slow. Despite being slow, this key distribution process, or any other slow and secure method, could be used to obtain an initial key to be shared by users. This initial key could feed another secure and fast process to produce the desired key sharing between users, which could be very useful in applications that require speed and security. The cryptographic system, object of this patent, was developed for this sharing. The state of the art in this invention may be represented by the following references: US Patent 5,515,438 - "Quantum Key Distribution (QKD) Using Nonorthogonal Macroscopic Signals", May 1996; and “Secure communication using mesoscopic coherent States”; G. A. Barbosa, E. Corndorf, P. Kumar, and Η. P, Yuen, Physical Review Letters 22,227901-1 (2003). US 5,515,438 uses non-orthogonal quantum states for random information distribution suitable for use as a key for encryption and authentication between two users who initially share some secret information. This process differs from previous QKD processes in that it uses bright light states instead of one-photon states. This system is conditional on the use of two non-orthogonal bases to encrypt and decipher information. The two-base limitation allows brute force or exhaustive attacks to try every possible combination of signals to get the right key to have a high probability of success even for coherent states with mesoscopic photons. The quantum noise of light in this case covers up to both bases, and its protection results primarily from the secret key used and the associated mathematical complexity. A system that has its basic protection associated with quantum noise of light and is not restricted to the use of two bases would be preferable. "Secure communication using mesoscopic coherent states" describes a multi-base (or M-base) encryption system proposed by Yuen (H, P. Yuen, "Ultra-secure and Ultra-efficient Quantum Cryptographic Schemes for Optical System, Networks"). , and the Internet, ”unpublished, DARPA / Northwestem University Project, 2000), which was implemented for information encryption by Barbosa, Corndorf, Kumar, and Yuen (A. Barbosa, E. Corndorf, and P. Kumar,“ Quantum Cryptography with Coherent-state Light; Demonstration of a Secure Data Encryption Scheme Operating at 100kb / s ”; Quantum Electronics and Laser Science Conference, OSA Technical Digest 74, pp. 189-190, 2002; GA Barbosa, E. Corndorf, P. Kumar and Η P. Yuen, Phys. Rev. Lett, 90, 227901; 2003; and in quant-ph / 0212018 v2, 21 April 2003; GA Barbosa, E. Corndorf, P. Kumar, Η, P. Yuen, GM D'Ariano, MGA Paris and P. Perlnotti, “Secure Communication using Coherent States,” The Sixth Int. Confe rence on Quantum Communication, Measurement and Computing, July 2002, Rinton Press, Princeton, April 2003, p. 357-360; High-speed data encryption over 25km of fiber by two-mode coherent-state quantum cryptography, E. Corndorf, G.A. Barbosa, C. Liang, H.P. Yuen, and P. Kumar, Optics Letters 28, 2040-2042, 2003). Basically, in these cryptographic prototypes the quantum noise inherent in coherent states produces different results between measurements made by legitimate users using an initially shared key and an intruder without this key. This noise increases the uncertainty of observation predominantly for the intruder, hereinafter called Eva (or E), than for legitimate users, who will be designated as Alice (or A) and Bob (or B). Although noise is irreducible by nature to all observers, knowledge of a key allows A and B to extract more information than Eva obtained. The simple idea behind this is that for each bit, noise is distributed without control between receive ports in the Eva measurement system, while A and B use the switch to select a single receive port where noise will not affect the measurement to obtain the bits. A rough parallel to this idea is the difficulty a person has in opening a safe because of its secrecy mechanism. For the legitimate user, however, this difficulty does not exist, as he knows how to use that secret. In the case of light, however, the secret is random in nature at any given moment and is therefore non-deterministic, as in the case of the vault. a Linear Feedback Shift Register (LFSR) that produces a pseudo-random bit sequence consisting of the key shared at each moment by A and B.

DESCRIPTION OF THE INVENTION The key distribution system object of the present invention also utilizes multiple bases (M-bases), however, in a manner distinct from the last reference above for data encryption. In the present case the system is used to distribute random bits from one or more physical sources, and a specific protocol must be applied to achieve the desired security. The use of physical sources for truly random signal generation is a unique feature of the present key distribution system, as is its block-encryption protocol which, when used with the correct balance of light intensity and adequate number of bases, produces the desired security. The term “key distribution” is used to describe the process where a user sends another random bit created by a truly random physical process. This key distribution system is described by Barbosa ("Fast and secure key distribution using mesoscopic coherent states of light", G, A. Barbosa, Phys. Rev, A 68, 052307, 2003; arXiv; quant-ph / 0212033, 2002, vl and v4,2004). The sending of random bits between A and B is such that the quantum noise of light, together with the use of a secret key, will not allow E to obtain the final sequence shared by A and B. In contrast, a method Classic key expansion can designate a method for mathematically generating (for example, through one-way functions) two identical sets of random bits, one for each user, from a shared sequence of initial bits. Software or hardware generators, such as stream-ciphers, generate pseudorandom bit sequences from an initial key. However, this deterministic process produces correlations that can be detected by the intruder or enemy. Attacks that use familiar text, such as descriptive headers in electronic communications, are particularly useful for exploiting these correlations in classical cryptography. All applications originally proposed by Yuen (2000) use encryption generators (pseudorandom bit generators in software or hardware), while the system object of this patent only uses physical random generators (or PhRG). ), such as optical signal sources to create the random bits, and thus eliminate the correlation attacks used when pseudorandom encryption generators are used. These distinctive features produce original and valuable aspects offered by the key distribution system object of this patent.

Thus, in the present invention an optical encryption system utilizing quantum light noise enables two users A and B to securely share unlimited random bit sequences across an optical channel, transmitting mesoscopic intensity signals and using physical frequency generators. Random signs. The process begins with a secret key shared between each pair of users, and where each sequence received establishes the cryptography of the next bit to be sent. System security is established within the range where the legitimate receiver, having the shared key, has an acceptable signal-to-noise ratio, and this ratio has advantages over the intruder's signal-to-noise ratio near the transmitter who is unaware of the key used. These signals can be optically amplified while maintaining the security of the transmitted information within the range defined for system operation. The security provided by the system and its associated protocol comes from the quantum noise of light and the initially shared secret key. A brute-force attack to determine the key using Grover's quantum search algorithm leads to an increasing effort in exponential form where the exponent x is proportional to the length of the initially shared secret key. This search can become computationally unfeasible with an adequate initial key length, or even through many emission cycles before these keys are used for data encryption. A protocol controls the steps required for this key distribution and includes, in addition to standard procedures, specific commands to ensure that quantum noise does not allow the intruder to correlate the signals generated for encryption with eventually encrypted data. The security provided by the system and the associated protocol comes from the quantum noise of the light in the quantum optical channel and the initially shared secret key. The invention, which contains a random bit source, has no exclusive dependence on that particular source, which consists of one source. of coherent light limited by shot noise followed by a fast detection system, also limited by shot noise. This detection system provides voltage (or current) signals with two possible values corresponding to the algebraic signals (+ or -) of the voltages relative to the generated voltage corresponding to the average number of photons emitted by the light source during the time intervals of the current. order of bit length. These random voltage signals constitute the random binary output of the physical random generator (PhRG). The key distribution system object of this invention provides security against an intruder even if the intruder has full access to the generated random signal sequence and obtains them near the source, where losses through the optical communication channel have not yet occurred. The protection provided by the system does not depend on intrusion detection mechanisms, but is linked to the higher resolution of bits in measurements made by A or B, who know the key, compared to the intruder who does not know it. Fig. 1 illustrates the basic scheme for key distribution for polarized light modulation, the sender-to-receiver portion being shown. OM (4) is an optical modulation system; PhRG (6) is a random bit physical generator; PCI (8) is an interface card controlled by a PC computer (9); 24 (24) is the initially shared secret key; Y (R, K0) (19) is the encrypted R signal encrypted by the Ka key and is generally an elliptically polarized light signal; a PBS polarizing prism (10) followed by two detectors (11) is the detection system for polarized light signals; φηί (25) is a reference phase of a laser (not shown) to distinguish antipodal signals, for example, signals with circularly polarized light on the left or right. Alternative references may be used from the signals emitted by the sender itself in information headers. Fig. 2 illustrates the basic scheme for phase modulated switch distribution, the sender-to-receiver portion being shown. OM (4) is an optical modulation system; PhRG (6) is a physical random bit generator; PCI (8) is an interface card controlled by a PC computer (9); Kfi (26) is the initially shared secret key; F (R, Kf (19) is the encrypted R signal encoded by the K key (J and generally consists of a phase modulated signal. Relative phase references can be used by comparing adjacent signals in time, as in the DPSK communication protocol Detection system 12 is comprised of traditional optical interference circuits such as Michelson and Maeh-Zehnder interferometers and possibly also traditional self-stabilizing devices. a possible preferred implementation of the physical random signal generator PhRG (6) .A pulsed laser (15) with noise limited to shot noise illuminates (14) a detector (13) also limited by shot noise producing electronic pulses at the output These pulses are recorded and a circuit produces signals that record the signals (17) (+ or -) of each pulse relative to the average of the previous pulses. follower circuit (18) at different voltages VR according to the received signal. These VH voltage pulses correspond to the random bits produced by PhRG. Fig. 4 shows the coding base diagram for angles (polarization angle in a larger circle of the Poincaré sphere or angles for phase modulation) ^. Diagrams from Μ = 1 to M = 5. Each value of k specifies a base with two possible states separated by = π. Fig. 5 shows the Möebius Tape representation (22) of the encryption base diagram running from 0 to π. Solid lines indicate bases on the visible side of the Ribbon and dashed lines, bases on the opposite side of the Ribbon. The rings (23) figuratively symbolize some adjacent bases, in number 2Νσ, covered by quantum noise. Fig. 6 shows the minimum probability of error for Eva in the individual determination of each bit, Pf, as a function dc M for α = (n) = 1,10,100, and 1000.

The basic physical resources required for this key distribution system are outlined in Fig. 1 for the case of polarized modulated signals and in Fig. 2 for the phase modulation case. Two communication stations, A (1) and B (2) are shown in Figs. 1 and 2, where the optical channel (3) can be free space or optical fiber. Both stations have capabilities to operate as a sender or receiver. Fig. 1 represents A as sender and B as receiver. This system can also be implemented either by two-way channel or one-way communication channel. OM's (4) are optical modulation systems performing polarization or phase modulations in the memcopic state of the emitted coherent light (5).

Each station also has a fast physical random generator (PhRG) (6) that produces binary R (7) outputs. PCI (8) is an interface card controlled by a computer or PC hardware (9) and can generate M voltage levels, with fixed or variable M. PBS (10) is a polarized beam splitter which is followed by two detectors (11) designated 0 and 1. The case of phase modulation is depicted in Fig. 2 and contains the same elements as in Fig. 1 except the system (12) consisting of interferometers or optical circuits suitable for phase demodulation. The basic protocol and security level achievable are the same for both modulations. Protocol The protocol steps (in italics) are followed by descriptions of preferred implementations for each step. 1. A and B secretly share an initial random sequence of bits Κα (of length L0). The manner in which A and B share this initial sequence is important. Although current encryption may provide sufficient security for A and B to share a short K0 sequence at this time, it is vulnerable to the evolution of computing power. K (1 may be safely obtained over long distances within a few years (See, for example, M. Aspelmeyer, T. Jennewein, A. Zeilinger, M. Pfennigbauer and W. Leeb, quant-ph / 0305105 vl, 19 May 2003 and its citations) through the use of satellites, through the slow but secure process of the BB84 key distribution system. The key distribution process, object of this patent, distinctly allows a fast rate of distribution to from the initial obtaining of a secret sequence K0 - even obtained through a slow process like using satellites, so the initial sequence can be a priori considered safe despite the possible difficulties for this implementation. K0 can be destroyed 2. A generates a random sequence (of length Lü) of truly random bits R, The sequence of bits R can be obtained from the binary output of the physical random generator (6) (PhRG) as voltages VR = V + o u V „= F which will be associated with bits 0 and 1. As an implementation of such a generator (see Fig. 3) a fast, light-limited, beam-illuminated light detector (13) can be used. of coherent light (14) from a laser (15) to obtain voltage pulses (16) Vfi-1,2, ...) within a short time window Δί ;, around time t ,. The random signal (17) (+ or -) from these pulses, given by signl - (Vi -V,) / () 1 ^ -F, |), where Vi is the average voltage after several emissions, will feed a follower source ( 18) for binary voltages generating the random sequence R directly associated with the VR voltages that feed the OM modulator (4). This possible implementation does not exclude the possibility of any other type of generator being used as long as it has the quality of being a fast generator of really random bits. 3. A sends to B the random sequence R (= Λ,) of length L0 in blocks of length Ku. The encryption of each of these blocks uses KM bits of K0. The number of encrypted blocks in L (l is ίϋΙΚΜ. The coherent carrier state is used with intensity (n) l bit.

For the generation of each encryption base £ (- 0,1, ..., 1 / -1), K, rl (- iog, Af) bits are used from the bit sequence Ka (because on a binary basis k = b (KM) lKu '· \ · 0 {Κμ..λ) 2Κμ' ■ ^ ... biKjf). In other words, each base k of the set M = 2K> 'will be randomly defined by KM bits (b (KM), b (KMni), ... b (KJ) extracted from Klr Each k will be used to encrypt a sequence of bits or bit block of length KM of the sequence R1. The encryption of f 'in blocks of length KM keeps the bit length constant and equal to Z0.

The signals generated by the PhRG (6) and the start switch (K0) define the voltage levels to be applied by the PGI (8) through an amplification system suitable for the OM (4) optical modulation system. Each voltage level generated Vk is associated with an M-level system base. The mesoscopic coherent states (5) at the input can be viewed as linearly polarized light states common to a laser. In fig. 1 orthogonal biases define bits 0 or 1.0 pulse or characteristic input signal of a bit is modified by the action of OM (4) to a generic state of polarization (elliptically polarized light) Y (R, K0) (19) , which is sent to B. Without the modulation specified by Vk, the output signal (19) would have the sequence R of linearly polarized orthogonal states (bits 0 and 1) on the same basis. Vk modulation converts these signals to a non-orthogonal set with possible M-bases. In fig. 2, for phase modulation, phases 0 and π define both bits. The precise state to be used is arbitrary and may generally involve more than the two states used herein, for simplicity, to exemplify a possible implementation. 4. Knowing the K0 bit sequence, Bob demodulates the received sequence and gets it.

At the receiving station, Bob applies the shared key K0 and demodulates the changes introduced by A and correctly reads the truly random sequence R of optical signals (with orthogonal polarization for polarization modulation or with 0 or π phases for phase modulation). A and B now share a fresh sequence of random bits f?,. 5. Bob takes a fresh random bit sequence R2 from his PhRG and sends it to A, encrypting the sequence in blocks of length KM using encryption bits obtained from the previously received sequence R].

Each sequence of bits R1 of length ^ defines the encryption base (s) for Ku new bits in i? 2. Knowing i?,. A reads R2 to perfection. The first cycle is completed. A single base can be used to encrypt each new sequence according to an appropriate number of levels to be used as discussed below or, alternatively, the encryption sequence bits can be used as an LFSR initialization key to define a pseudo-random bit sequence, producing the individual encryption of each new bit. In either case, the base number M must be appropriately chosen to protect against quantum noise from light. Any other processes for randomizing or disseminating the information contained in the encryption key can be used at this stage of the protocol. 6. AeB continue to exchange random sequences as described in the first cycle.

Subsequent cycles can be performed and, in each cycle, blocks of length KM are encrypted to keep the bit length in each cycle constant and equal to L0. A and B can then share an unlimited sequence of random bits generated by PhRGs. A shared random sequence can be used to reset a cycle by A or B whenever an interrupt occurs. 7. A and B apply information reconciliation and privacy amplification protocols to distill a final sequence of bits. The information reconciliation process produces classic corrections to the received bit sequences (eg using Hamming or other codes). The privacy amplification process uses a statistical measure of the information eventually obtained by the intruder and performs operations on the data. obtained sequences that include discarding a certain number of bits and force the information eventually obtained by E to be reduced to arbitrarily defined negligible levels. Through bit discarding and information compression operations, the privacy amplification process eliminates correlations due to block encryption, where one bit sequence provides the key to the next sequence encryption. Since the signals generated by PhRGs are uncorrelated due to the really random physical process, the shared final sequence presents statistical properties similar to those of the generating sources. This protocol step uses the public communication channel 20 (Figs. 1 and 2). The use of the public channel is necessarily done after its authentication through the use of part of the secret key shared between legitimate users, through classic authentication algorithms. The protocol for this key distribution process can be developed similarly through a one-way channel and is considered to be trivial alternative to that of the two-way channel. In this case, only one PhRG generator is used and A sends to B encrypting only half of the secret bits K0 initially shared between them. B uses these bits to read the next sequence sent by A. The logical process and the protection level obtained are the same in both uni and bi-directional cases.

Inherent in being a physical process, the level of safety obtained depends on (') and M, which must be specified (Ga and Barbosa, Phys. Ver. A 68, 052307, 2003 ; arXiv: quant-ph / 0212033, 2002 vl and v4, 2004). In particular, block encryption imposes links between (n) and M that are characteristic and original for this key distribution system.

Information reconciliation and privacy enhancement are discussed in C. Cachin, U. M. Maurer, Journal of Cryptology 10, 97-110 SPR (1997) and their references.

Bit coding and the physical protection mechanism As a preferred implementation, we consider signal phase modulation, where two distinct modulations (two, for simplicity, or more modulations, in principle) are created. The phase difference <j> b between them represents bits 0 and 1 (for example, <j> b = 0 and π). The signal encryption takes place through an extra phase difference φν which is added to φ0 and produced by the KM bits secretly shared by A and B. This modulation φν defines the base used.

Alternative variations are possible and trivial within the same system, for example, the classic Differential Phase-Shift-Keying (DPSK) communication scheme, where two consecutive modulations define each bit. Thus, encryption in the simple case of a two-way quantum state results in where φ0 (= 0, π) specifies the bit sent, ν is the encryption or base definition phase, and a is the coherent state amplitude. In the traditional DPSK scheme the composite state that defines the bit would be where the bit is set by the difference = 0, π generating bit 0 or 1, respectively, and indices 1 and 2 refer to both states or modes, or, to two consecutive modulations. The analyzes are parallel in all these cases. In DPSK modulation, the states corresponding to modulations with indices 1 and 2 are states that produce interference with each other, ie, they are within the coherence time of the laser that originates them and is necessarily equal to or greater than the time. duration of two consecutive modulations.

By information theory, the information contained in the light state that defines the bits and their encryption is fully described by the density matrix p for all possible states that could result in the encryption of a bit b, and which can be written where L is the v-scanned space P% describes a generic phase distribution. L may represent a discrete or continuous space. As a preferred implementation for this distribution, the space L will be considered a discrete space of points where v = k, where k is an integer representing a base in an encryption diagram (21) as shown in Fig. 4 and given by equation This particular implementation does not exhaust the plurality of expressed cases where states can be separated by equal or unequal, discrete or continuous spacing, and yet have discrete or dynamic separations.

In the random choice of bases in this discrete and evenly spaced implementation from a given A, the a priori distributions for the occurrence of even or odd k are defined. Each base represents two orthogonal states or, in general, a combination of States. States on different bases are physically unorthogonal to each other. Observe in fig. 4 that for Even there is the occurrence of adjacent full (or empty) points, which does not occur for odd M, where similar points (full or empty) are always non-adjacent. This difference produces the different a priori statistics represented by pm „_k (M) and the pathological difference between these cases can be seen by first representing the terms with odd and even values of k on different sides of a Möebius tape (22). ) as shown in fig. 5 to A 1 = 20, where the solid and dashed lines indicate values of k on the face or cover, respectively. From this example it can be deduced that in the case M = 19, lines with adjacent numbering would never be on the same side of the tape as in the previous case of M = 20 (for example, lines 19 and 20). In general, in cases of odd M, solid (or dashed) lines are never adjacent.

In the case of DPSK modulation, one bit would be given by two consecutive bit modulations <j> bx and φη, the first being represented on one of the lines in fig. 5, and the second modulation would also use any line of the same figure. Each of these lines represents an encryption modulation <j> k, and the definition of a given bit would be given by two consecutive bit modulations and encrypted (or modulated) by two encryption angles, and ^. , represented by distinct or even equal lines of FIG. 5. The encryption base in DPSK modulation could be understood as a base consisting of two of these lines. The example presented does not exhaust the numerous possibilities given by that integrate this key distribution system. The notation used here, “M-bases”, means the number of bases used, while the possible number of states associated with each base in this implementation is 2 χ the number of bases. In general, the number of states associated with each base can be arbitrarily modified and designate more than the two states associated in the preferred implementation described as an example.

For a two-state encryption diagram per base, the two-state overlay | Ψ ^) and | )6) reveals the number of bases Na covered by the quantum noise of light within the standard deviation σ of that number of bases (Fast and secure key distribution using mesoscopic coherent States of light, GA Barbosa, Phys. Rev. A 68, 052307,2003; arXiv: quant-ph / 0212033,2002, vl, and v4,2004). This number is Noise makes a certain number of bases indistinguishable, as exemplified by the bases encased by the two rings 23 in FIG. 5

Interference between states 1 and 2 is produced at the receiver, and by subtracting the encryption phase <j> k, B gets each bit sent by A. The overall security of the system comes from the combination of the quantum noise level and the secret key. shared initially. Both types of protection contribute to system security, leading to exponentially increasing difficulty in a brute force attack, or even referred to as exhaustion seeking, to obtain the initial secret key K0. With this switch, an intruder would have the correct bit readability equal to or greater than that of legitimate users, as it could operate close to the signal source and would not suffer the effect of losses in the optical channel. bit (n) to be used will be defined numerically by the bit error rate, or ber, which is equal to the minimum probability of E errors in an individual attack to determine each bit, (see details in the last cited reference and example in fig 6), where are the positive eigenvalues damatrix Ap whose elements (q, q ') are given by where Ij is the Modified Bessel Function. For example, for M even Ap can be written where x = and M.

Several other exact expansions are possible for Ap, and suitable numerical approximations can be made from the exact results. The chosen expansion uses angular momentum bases as natural mathematical elements to generate rotations in SU (2) space. Any other choice for the state distribution given by admits a particular calculation for Ap, such variations being trivial in substance, regardless of any difficulties in analytical or numerical expansion. The dependence of ber can be calculated as a function of (ri) and M or any other system parameters. Consequently, the system can be adjusted to a given security level given by ber (= Pf). As a numerical example consider M = 32 (or KM = 5 bits) with (ri) = 100 to achieve Pf = 0.476 in individual or bitwise attacks (Fig. 6). For encryption of random bits in a block of bits of length r, the same encryption bit will be used sometimes. Alternatively, the bits that would define this encryption bit may be used as an initializer key for an LFSR, which will produce r encryption bits; thus, encryption will take place bit by bit in block length r.

Even without using LFSR or pseudorandom bits in block encryption steps, you can set a maximum protection limit that considers repetitions of the encryption bit. You can increase the number of M levels used as shown in the last cited reference. It is shown that r repetitions are equivalent to a measurement made by E at a more intense r signal. The protocol then increases the number of levels M to avoid any improvement in the resolution power of the measurements made by E. To define this value of M to be used, the maximum value of repetitions r = 2xKM is taken. (see last reference).

In other words, a signal emitted with times the power of another signal will give the same resolution as a coherent signal sometimes weaker repeated times. Then, for a given M, r-repetitions of the encryption bit reduces Pf from Pk {(n)) to PcE {r (n)). In a numerical example, to ensure the same level of safety (PeE = 0.476) achieved in a single emission with (n) = 100 through r-2xKM = 10 repetitions, M = 90 (Ku »7) corresponding to a (n) -10x100 = 1000, The conclusion is general despite the numerical example. A scale factor can be applied to other desired intensity levels. In this repetition procedure, in practical terms, an increase in the number of levels leads to the penalty of increasing the number of bits to achieve a greater number of bases. Consequently, a greater dynamic range of modulation waveform generators is required. Repetition (in this overestimated process) 2KM sometimes reduces the bit rate from 10GHz, for example to lOGHz / 2 ^. Thus, in the case of an unrepeated encryption with M = 1000 (£ m «10), and (rí) = 104 the number of levels covered is Νσ = Μ / (π ^)» 3Μ; To maintain the same number of Νσ levels covered using 2 xKu repetitions, the number of levels required would be 4472. The bit rate is reduced to 10GHz / 2 xKM = 0.4GHz.

Signal Amplification Amplification processes always degrade signals, whether for A and B or E. The protection provided by the cryptographic system is set with parameters existing at the broadcasting station to force it to the desired error level when its signal is maximum. . Consequently, the amplification process will not be able to improve your signal level. On the other hand, Bob can distinguish signals as long as he has a good signal-to-noise ratio, so amplification can be used by legitimate users because they need a lower level of resolution than Eva, because of the knowledge of the key. being used at each emission: A and B use orthogonal bases, easily identified. Signal losses with increasing distance will be compensated with the use of amplifiers. Two facts will define the safe maximum range for A and B: that the A / B signal to noise ratio is acceptable and that the minimum error probability ratio for A and B at the maximum distance is greater than the minimum error probability for A and B. And next to the station. These links define the maximum safe range for the amplification system and will depend on the specific optical channels and amplifiers to be used. Roughly speaking, A and B can use amplifiers up to distances of> 500km before signal regeneration is required, for example, by optimum optical-electrical conversion.

Other sources of errors and other modulations Among other sources that produce read errors are acoustic and thermal fluctuations; however, they occur on a much slower time scale and have no fundamental relevance to the problem. The influence of these sources can be corrected by traditional slow fluctuation correction methods. Creating robust signals to interference attacks by an enemy can be accomplished, for example, by overlapping other phase, amplitude, or frequency modulations that, known to legitimate users, can be used to extract information.

Modifications and variations In light of what has been disclosed in the present patent, various modifications and variations are possible. However, it should be understood that while the present invention may be practiced under various variations, they are contained within the same general framework discussed and therefore within the limits of the invention.

Claims (3)

1. “QUANTUM NOTICE CRYPTOGRAPHIC KEY DISTRIBUTION SYSTEM”, comprising: (a) one or more emission units, each including a coherent light source and the physical means for modulating mesoscopic intensity light emitted by this source for one or more of the M light states, such as polarization or phase states, which are established by the random bit sequence generated by a physical random signal generator and the initial secret random bit sequence shared between the issuing and receiving unit; (b) M values are specified to cover a large number of possible bases for coding the state of light, such as its polarization or phase, representing a bit, and thus technically preventing the determination of this bit when not in possession. of the precise base used. (c) Encoded light signals of mesoscopic intensity are transmitted by the emitting unit to a unit receiving the emitted signals. (d) The receiving unit uses the initial shared random bit sequence to obtain the random bit sequence generated in the sending unit, where the receiving unit uses the obtained random bit sequence as the next shared secret bit sequence. random to be used. (e) One or more units for receiving the emitted signals, each including the physical means for demodulating the optical signals received from a given emitter to one or more optical or electronic outputs representing the random binary signals output; (f) One-way or two-way optical channels for transmitting said signals between any transmitter and any receiver; (g) A bi-directional public channel for exchanging messages between any sender and any receiving unit; (h) coherent light sources, such as lasers, in which the emitted signals may be continuous, pulsed, quasi-monochromatic or consisting of combinations of distinct wavelengths or time pulses; (i) Time or frequency domain means of communication through private channels, and simultaneous communication through classical optical channels with frequency multiplexing or at different time intervals. 2. "QUANTUM NOTICE CRYPTOGRAPHIC KEY DISTRIBUTION SYSTEM" according to claim 1, characterized by a protocol that specifies the operating procedure to be followed by said optical cryptographic system through the control of each sending and receiving unit, the control of communication. quantum channel and public channel, control of physical random generators and any number of computers or integrated circuits required for operation of said system, as follows: (a) The protocol defines the operational steps related to the random bit sequence generated, including the sequence length, the size of the block to be encrypted, which is dependent on the value of M and the amplitude of the light used; (b) The protocol defines the operational steps related to the received random bit sequence, including the random sequence length and the cipher block size, and defines key parameters to be used such as the light intensity at each bit and the M number of. bases to be used; (c) The protocol controls the public exchange of information between each pair of units, sender and receiver, for steps of reconciling information such as error correction and privacy enhancement in the sending and receiving units, so that a secure final sequence of random bits to be shared between each pair of communication units. A "CRYPTOGRAPHIC KEY DISTRIBUTION SYSTEM FOR QUANTUM NOISE" according to claim 1 or 2, characterized in that one or more physical random signal generators (PhRG) containing a laser limited by shot noise, one or more optical detectors limited by shot noise and proper amplification and filtering circuits, signal sampling and signal processing circuits, producing algebraic signal sequences (plus or minus + or -) of the voltages (or current levels) that are converted to two levels. voltage signals according to the received (+ or -) signal, said voltage signals corresponding to the random bits generated by the PhRG.