JP2007116216A - Quantum authentication method and system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a quantum authentication apparatus required for preventing impersonation and leakage of information in a network adopting quantum communication. <P>SOLUTION: A quantum sequence which cannot correctly be generated by an apparatus without any authentication key and correctly be measured by an apparatus without any authentication key is generated, transmitted, and received by using an authentication shared key and a random number generated by each session, and secure inter-authentication can be attained by collating results of the generation, transmission, and reception between a transmission apparatus and a reception apparatus through classical communication lines. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a method and system for mutual authentication using a quantum communication device.

  Quantum cryptography is based on Heisenberg's uncertainty principle and has gained attention in recent years as a cipher that is safe against eavesdropping no matter how powerful a computer is assumed. Among quantum cryptography, a technique used to share a key between two parties is called quantum key distribution.

  BB84 protocol proposed by Bennett and Brassard in 1984 (see Non-Patent Document 1), E91 protocol proposed by Ekert in 1991 (see Non-Patent Document 2), and Bennett in 1992. The B92 protocol proposed by (see Non-Patent Document 3) is representative.

  According to the BB84 protocol described in Non-Patent Document 1, it is possible to detect an eavesdropping action for communication performed between a pair of devices, and the eavesdropping success probability of an eavesdropper can only be ignored even by making use of infinite computational power. Absent. In this sense, quantum key distribution has a security level that exceeds that of a conventional key sharing method that uses a public key encryption technique whose security is based on a calculation amount.

C. H. Bennett, G. Brassard, "Quantum Cryptography: Public Key Distribution and Coin Tossing", Proc. Of IEEE Int. Conf. On Comp. Sys. And Signal Proc., Bangalore, India, 175-179, 1984. C. H. Bennett, "Quantum Cryptography Using Any Two Nonorthogonal States", Physical Review Letters, vol.68, no.21, 3121-3124, 1992. A. K. Ekert, "Quantum Cryptography Based on Bell's Theorem", Physical Review Letter, vol.67, no.6, 661-663, 1991. C. Crepeau and L. Salvail, "Quantum Oblivious Mutual Identification", EuroCrypto '95, Springer-Verlag, 133-146, 1996.

  The quantum key distribution methods proposed by Non-Patent Documents 1, 2, and 3 are based on the premise that two quantum communication devices (called quantum communication devices) connected to both ends of the quantum communication channel are premised on the use of the quantum communication channel. It is asserted that secure key distribution is possible with the assumption of security. However, in a network environment in which multiple quantum communication devices are expected in the future, mutual authentication that mutually verifies the validity of the other party is safe before sharing a key between any two quantum communication devices. It is indispensable to secure sex.

  Although it is possible to perform mutual authentication by using conventional encryption technology, its security depends on the computational complexity, so when combined with quantum key distribution, the overall security is computationally intensive. It depends on security and the existence value of quantum key distribution is lowered. Non-Patent Document 4 describes mutual authentication of quantum communication devices, but is limited to theoretical considerations and does not disclose a specific configuration method. Therefore, even in combination with quantum key distribution, it is necessary to construct a mutual authentication method in which the overall security truly exceeds the computational security.

  Also, in an actual quantum communication channel, it is ideal that the transmitted quantum does not reach the receiving side or the state changes due to inevitable noise caused by the performance of the device or naturally occurring. It is difficult to build a dynamic environment. Therefore, there is a need for a mutual authentication method that is not affected by noise, rather than an improvement in quantum communication devices and quantum communication paths.

  The present invention adopts a method based on the quantum principle used in quantum cryptography and quantum key distribution in order to construct a mutual authentication method that truly exceeds computational security. In particular, the present invention is characterized in that quantum communication using two kinds of binary physical quantities, which is used in the BB84 protocol, which is considered to become a mainstream quantum key distribution method in the future, is also used for mutual authentication. This eliminates the need to change the quantum device used for mutual authentication and key distribution using the BB84 protocol.

  As a premise, devices that mutually authenticate each other in a secure manner in advance from the authentication key R with the communication partner and the bit string of the authentication key R, the series of binary physical quantity types (hereinafter referred to as a system string) A conversion rule F (also referred to as a function F) for generation and a correspondence table indicating correspondence between four states and bit values in two types of binary physical quantities are shared. The conversion rule F indicates the correspondence between the predetermined bit value of the authentication key R and the type of binary physical quantity used in the present invention. These shares only need to be shared once, and this authentication key R, conversion rule F, and correspondence table can be used repeatedly in the subsequent mutual authentication execution.

  Based on the above assumptions, the outline of the mutual authentication method is described below.

  As a premise, the mutually authenticating device is a secure method in advance, the authentication key R with the communication partner, the quantum type indicating the quantum type, the binary physical quantity in each quantum type, the bit value, And a conversion rule F (also referred to as a function F) for generating a corresponding quantum type sequence (also referred to as a systematic sequence) from the input bit string. These shares only need to be shared once, and this authentication key R, conversion rule F, and correspondence table can be used repeatedly in the subsequent mutual authentication execution.

  Furthermore, devices that authenticate each other are connected by a quantum communication channel and a classical communication channel. In this specification, quantum communication refers to communication in which information is transmitted or received by placing information on each quantum, and classical communication refers to conventional communication in general with respect to quantum communication.

  Based on the above assumptions, the outline of the mutual authentication method is described below.

In accordance with the conversion rule F, the transmitting device generates a physical quantity sequence using the authentication key R as an input,
Generates a transmission device authentication bit string from a random number r generated at each authentication according to a transmission device authentication information generation rule, generates a quantum string from a transmission device authentication bit string and a physical quantity sequence according to a correspondence table, and generates The quantum string thus transmitted is transmitted to the receiving device using the quantum communication path.

In accordance with the conversion rule F, the receiving device generates a sequence of physical quantities that should be received with the authentication key R as an input, and measures the quantum string by a measuring device corresponding to the generated sequence. If the transmitting device and the receiving device are valid (both have the correct authentication key R) and there is no eavesdropper, the measurement result by the receiving device is the same as the transmitted quantum string.
Furthermore, the receiving apparatus verifies the validity of the transmitting apparatus by converting the measurement result into a transmitting apparatus authentication bit string according to the correspondence table, and inspecting the transmitting apparatus authentication bit string according to the transmitting apparatus authentication rule.

A more specific aspect of the present invention is a mutual authentication method in quantum communication performed by a transmission device and a reception device using four types of quantum states corresponding to two types of binary physical quantities. And
The transmission device and the reception device have the corresponding physical quantity based on the input key string and the correspondence table that defines the correspondence between the two states and the bit values of the authentication key R, the binary physical quantity, and the two types of binary physical quantities. Sharing a conversion rule F that generates a sequence of types, the transmission device generates a sequence of physical quantity types by inputting the authentication key R according to the conversion rule F, generates a random number r, and generates a quantum string for authentication of the transmission device Generate a transmission device authentication bit string from the random number r according to the generation rule, generate a quantum sequence that is a quantum state sequence from the transmission device authentication bit string and the physical quantity type sequence according to the correspondence table, and generate the quantum sequence Is transmitted to the receiving device using the quantum communication channel, and the receiving device generates a sequence of physical quantity types by inputting the authentication key R according to the conversion rule F, and corresponds to the physical quantity type indicated by the generated sequence. To the measuring instrument The validity of the transmitter is verified by measuring the quantum string, converting the measurement result into a bit string for transmitting device authentication according to the correspondence table, and examining the bit string for transmitting device authentication according to the rules for authenticating the transmitting device. When the transmitting device is authenticated, the receiving device authentication bit string is generated from the transmitting device authentication bit string according to the receiving device authentication bit string generation rule, and the receiving device authentication bit string is generated using the classical communication path. The transmitting device authenticates the transmitting device by examining the receiving device authentication bit string in accordance with the receiving device authentication rule.

  Further, the conversion rule F is a function that associates the physical quantity type A with the bit 0 and the physical quantity type B with the bit 1, and the transmission device authentication quantum string generation rule is a combination of the input bit string x x | | x is a bit string for transmitting device authentication, and a quantum sequence that is a quantum state sequence is generated according to the correspondence table from the bit sequence for transmitting device authentication and the type of physical quantity, and the rule for transmitting device authentication is: If the first half bit string and the second half bit string of the transmission apparatus authentication bit string match, the transmission apparatus is authenticated, and the reception apparatus authentication bit string generation rule sets the first half bit string or the second half bit string of the transmission apparatus authentication bit string as the reception apparatus. The receiving device authentication rule may be to authenticate the receiving device if the receiving device authentication bit string matches the random number r.

  The conversion rule F is a function that associates the physical quantity type A with the bit 0 and the physical quantity type B with the bit 1, and the transmission apparatus authentication quantum string generation rule includes two bit strings x and y, When a physical quantity series P is input, for the i-th bit of the combination of y (y || y), a quantum string of fixed length n depending on it, x, P, and i is generated, and (y || y) outputs a quantum string obtained by combining the quantum strings generated for all the bits, and the transmitter authentication rule is based on the bit string s generated by the receiver according to claim 1. Then, s is divided into n-bit blocks, and for each i-th block, a bit string Y is generated by specifying bits 0 and 1 using x, P, and i, and the first half bit string of Y If the latter half bit string matches, the transmitting device is authenticated, and the receiving device authentication bit string generation rule is bit string Y The first half bit string or the second half bit string may be one of a receiving device authentication bits.

  Further, when the transmission device uses the input bit string x instead of the random number r, and the reception device authenticates the transmission device using the transmission device authentication quantum string generation rule and the transmission device authentication rule. The input bit string x may be shared with the transmission device by outputting the first half bit string of the bit string Y as the transmitted input bit string x.

  If the above authentication method is used, if the transmitting device and the receiving device are valid (both have the correct authentication key R) and there is an eavesdropper, the measurement result by the receiving device is different from the transmitted quantum string. Therefore, the receiving apparatus can determine that the transmitting apparatus is illegal or that there is an eavesdropper. The function of failing in authentication due to the presence of an eavesdropper has a feature that the conventional authentication method can prevent from preventing eavesdropping of subsequent communication, thereby improving the safety of communication.

  According to the present invention, any two devices on a network in which a plurality of devices for quantum cryptography or quantum cryptography communication coexist can be compared with each other by a single quantum communication with a safety that truly exceeds the computational security. It becomes possible to authenticate.

  Furthermore, even when the present invention is combined with quantum key distribution, the overall security can truly exceed the computational security.

  In the quantum authentication method of the present invention, as in the BB84 protocol, two types of binary physical quantities are used. In one aspect, quantum is handled as photons consisting of four types of quantum states of polarization of 0 degree, 45 degrees, 90 degrees, and 135 degrees. It is treated as one type of binary physical quantity, and the 45-degree or 135-degree polarization of a photon is called x-type polarization, and is treated as another kind of binary physical quantity.

  Also, according to Heisenberg's uncertainty principle, there is no measuring device that can discriminate all four types of polarized light in one measurement. The measuring device that discriminates the 0 degree or 90 degree polarization (+ polarization) of the photon is a + type measuring device, and the measuring device that discriminates the 45 degree or 135 degree polarization (× polarization) of the photon Called a measuring instrument. The + -type measuring instrument can correctly measure the + system polarization, but measuring the x system polarization not only discriminates {45 degrees, 135 degrees} but also the photon state is {0 degrees, 90 degrees} It will change to become either of the polarized light. Which polarization is obtained is completely random and unpredictable.

  Similarly, the x-type measuring instrument can correctly measure the x system polarization, but if the + system polarization is measured, the polarization state cannot be discriminated and the polarization state is randomly changed to 45 degrees or 135 degrees polarization. To change.

  In an example in which photons are handled as quanta, a bit value is associated with each of the four types of polarized light, and the contents are shared in advance. For example, as shown in the correspondence table of FIG. 1, 0 is assigned to 0-degree polarized light in the + system, 1 is assigned to 90-degree polarized light, 0 is assigned to 45-degree polarized light in the x system, and 1 is assigned to 135-degree polarized light. assign.

  In addition, a bit value is also associated with the type of binary physical quantity (polarization system in the case of photons) itself, and the association is shared as a conversion rule F prior to quantum communication. For example, bit 0 is assigned to the + system and bit 1 is assigned to the x system.

  These associations are not limited to this and need not be kept secret. Furthermore, sharing can be performed using a classical communication channel.

  In each example described below, description is made using quantum communication in which information is associated with the polarization of a photon. However, as in the BB84 protocol, any quantum can be used as long as two types of binary physical quantities are used. The mutual authentication of the present invention can be implemented using communication.

  An embodiment of the quantum authentication method of the present invention will be described with reference to FIGS.

  FIG. 2 shows a procedure in which the transmission apparatus 201 and the reception apparatus 202 connected by the quantum communication path 219 and the classical communication path 220 perform mutual authentication. It is assumed that the transmission device 201 has a random number generator. In addition, it is assumed that the transmitting device 201 and the receiving device 202 secretly share an authentication key R (203), which is a bit string, in advance.

  As a method for secretly sharing, for example, the authentication key R (203) is stored in a storage medium, one is taken to the other, the validity of the device is confirmed by a known method, and then the other device And a method of transferring the authentication key R (203).

  When performing mutual authentication, the transmission apparatus 201 uses a series of photon polarization (+ system or x system), which is the type of physical quantity, from the authentication key R (203) according to a conversion rule F (204) described later (hereinafter, photon (Referred to as a sequence) (step 205, hereinafter, step is abbreviated as S).

  Next, a random number r is generated (S206), from an authentication key R (203) and a random number r, and a photon sequence determined in S205, according to a conversion rule G (207), which will be described later as a transmission device authentication information generation rule, A photon string is determined as a sequence of binary physical quantities (S208).

  In preparation for receiving a photon, the receiving device 202 prepares a photon sequence as a quantum type sequence from the authentication key R (203) according to the conversion rule F (204) (for the receiving device 202, either + type or x type). (Also a measuring instrument series indicating whether to use a photon measuring instrument) is determined (S210).

  The transmitting device 201 transmits the determined photon sequence to the receiving device 202 using the quantum communication path 219 (S209).

  The receiving device 202 measures the photon sequence transmitted from the transmitting device 201 in S209 (S211), and checks the measurement result and the measuring instrument sequence determined based on the authentication key R in S210 as a transmitting device authentication rule. The validity of the transmitter 201 is checked according to the rule H (S212). If the check result is NG, the communication is terminated (S214), and if OK, the receiving apparatus 202 determines that the transmitting apparatus 201 is valid.

  The steps so far enable one-way authentication in which the receiving apparatus 202 checks the validity of the transmitting apparatus 201. When performing mutual authentication, the receiving device 202 transmits data x related to the measurement result to the transmitting device 201 using the classical communication path 220 (S213).

  The transmitting device 201 receives the data x transmitted using the classical communication path 220 (S215), uses the authentication key R (203), the random number r generated in S206, and the data x, and the receiving device authentication rule. Accordingly, the validity of the receiving apparatus 202 is checked (S216). If the check result is NG, the communication is terminated (S218), and if OK, the receiving apparatus 202 is determined to be valid, the mutual authentication procedure is terminated (S217), and the subsequent communication is started.

  After successful authentication, the above configuration can be used as it is to perform quantum key distribution (for example, BB84 protocol) from the transmission apparatus 201 to the reception apparatus 202. When quantum key distribution is performed in the reverse direction, in addition to the above, the transmission device 201 may prepare a quantum detector, and the reception device 202 may prepare a quantum generator and a random number generator.

  As the conversion rule F (204), the bit 0 is assigned to the + system and the bit 1 is assigned to the x system, so that the authentication key R (203), which is a bit string, or a part thereof is used as a photon system string, that is, measurement. You may select what produces a device series.

  As the conversion rule G (207), for example, the random number r is regarded as a bit string, and the combination (r || r) is created as a bit string for transmitting device authentication, and the photon system string determined in S205 is associated with the correspondence shown in FIG. Based on the above, a photon string is generated from the above (r || r). As described above, the correspondence shown in FIG. 1 is an example and is not limited to this.

  When the conversion rule G is determined in this way, the check rule H is first obtained from the measurement result obtained in S211, the measuring instrument sequence determined in S210 (or the corresponding photon system string), and the correspondence table shown in FIG. Based on the above, the bit string s that should be the bit string for transmitting device authentication is restored. Further, in response to the above-described combination used for generating the bit string for transmitting apparatus authentication, OK is output when the first half bit string and the second half bit string of s match, and NG is output when it does not.

  If OK, the data x transmitted in S213 is the first half bit string of s.

  In the validity checking step of the receiving apparatus 202 in S216, it is assumed that OK is output if s = r holds, and NG is output if it does not hold.

  The above procedure will be described using a specific example.

  When the authentication key R (203) is a bit string “100110” having a length of 6, the photon system string generated in S205 is “× ++ xxx” according to the above-described conversion rule F (204).

  Assuming that the random number r generated in S206 is “101”, the above-described conversion rule G (207) first creates a combination “101101” in S208, according to the correspondence table of FIG. Photon sequences of “0 degree, 90 degree, 135 degree, 45 degree, 90 degree” are determined.

  In step S209, the transmission apparatus 201 transmits the photon sequence to the reception apparatus 202 using the quantum communication path 219.

  The receiving apparatus 202 determines the measuring instrument series “× ++ xxx” in S210 from the authentication key R (203) “100110” according to the conversion rule F (204).

  The measurement result by the reception device 202 in S211 shows that the transmission device 201 and the reception device 202 are valid (both have the correct authentication key R (203)), and if there is no eavesdropper, the transmitted photon sequence Is the same as “135 degrees, 0 degrees, 90 degrees, 135 degrees, 45 degrees, 90 degrees”.

  The receiving device 202 converts this to the bit string s “101101” according to the check rule H, first according to the correspondence table of FIG. 1, and then confirms that the first half bit string “101” and the second half bit string “101” of the bit string s match. Confirmation is performed, and the validity of the transmission apparatus 201 is confirmed through the steps so far (S212).

  Further, in S213, the receiving apparatus 202 transmits “101” of the first half bit string (= second half bit string) of the bit string s as data x to the transmitting apparatus 201 using the classical communication path 220 (S213).

  The transmitting apparatus 201 confirms that the transmitted data x = “101” matches the random number r = “101” generated in S206, and accepts the validity of the receiving apparatus 202 (S216).

  In the above specific example, the short key length has been described for the sake of explanation. However, in practice, the key length is preferably several hundred bits.

  In the quantum channel 219, if some of the transmitted photons do not reach or the polarization state changes, the conversion rule G is set to the i-th bit of (r || r). On the other hand, a photon sequence having a fixed length may be generated from the authentication key R (203) and combined to generate a photon sequence (referred to as G ′).

  This conversion rule G ′ is a conversion rule that converts each bit of (r || r) into a more redundant photon sequence. Some photons are affected by noise and cannot be received or the state is changed. Even if it is changed, each bit of (r || r) can be restored from other redundant parts.

  When the conversion rule G ′ is determined in this way, the check rule H includes the measurement result obtained in S211, the type of measuring instrument determined in S210 (or the corresponding photon system), and the correspondence table shown in FIG. Based on, a bit string s is generated and divided into fixed-length blocks, and for the i-th block, bits 0 or 1 are obtained from the authentication key R (203) and i, and the G photon string The bit string t is generated by combining them and generated, and OK is output when the first half bit string and the second half bit string of t match, and NG is output when not.

In the conversion rule G ′ for noise suppression above, specifically,
For the i-th bit bi of (r || r) and the authentication key R (203),
Assume that R is divided as R = R11 || R21 || ... Ri1 || Ri2 || ..., the photon system sequence Pi is determined from Ri1 by the conversion rule F (204),
Ri2 is input to the hash function h, and for the output bit string hi, if bi is 0, h'i = hi, if bi is 1, the inverted bit string is h'i, and from h'i and Pi, FIG. It is possible to select a photon sequence (this is called G ″) by the correspondence shown in FIG.

  When this conversion rule G '' is determined, the check rule H divides the measurement result obtained in S211 into blocks, and generates a hash value hi generated for the i-th block in the same manner as the internal procedure of the conversion rule G ''. If the number of matching points is greater than the number of unmatching points, bit 0 is generated. Otherwise, bit 1 is generated, and a bit string Y is generated by combining these. If the first half bit string and the second half bit string match, Output OK, otherwise output NG.

  If the bit string x arbitrarily selected by the transmission device 201 is used instead of the random number r generated in S206, and the reception device 202 is OK in the check of S212, the data is not transmitted in S213, and the transmission device transmits data from that data. The encrypted data x can be safely transmitted between the transmitting device and the receiving device by extracting the data x and terminating the communication.

  Specifically, when the conversion rule G '' for noise suppression is used, the data transmitted by the transmission apparatus 201 in the first half bit string of the generated bit string Y in the case of OK after checking with the corresponding conversion rule H Cryptographic communication is possible by regarding x.

  FIG. 3 is an apparatus configuration diagram when the procedure of FIG. 2 is performed.

  The transmission device 201 shown in FIG. 2 includes a photon generation transmission device (301) and a calculation device (308) connected thereto, and the reception device 202 shown in FIG. 2 is connected to the photon reception measurement device (302). The computer (309).

  The photon generation / transmission device (301) includes a photon generator (304) and a controller (305), and the photon reception measurement device (302) includes a photon measurement device (306) and a controller (307).

  The calculation device (308) connected to the photon generation / transmission device (301) includes a CPU (310), a storage unit (313), an interface (311) with the photon generation / transmission device (301), a classical communication path ( 220), and a storage unit (313) stores a quantum authentication program (314) and an authentication key R (203). Further, the computing device (308) is connected to a random number generator (319).

  Inside the calculation device (309) connected to the photon reception measurement device (302), the CPU (310), the storage unit (313), the interface (311) with the photon reception measurement device (302), the classical communication path (220 ) And an authentication key R (203) are stored in the storage unit (313).

  When the mutual authentication according to the present embodiment is performed according to the procedure shown in FIG. 2, the program (314) stored in the storage unit (313) of the computing device (308) connected to the photon generating / transmitting device (201) A program for performing the conversion rule G and the validity check (216) of the receiving device (202) is included, and is called according to the procedure and executed by the CPU (310).

  The program (316) stored in the storage unit (313) of the calculation device (309) connected to the photon reception measurement device (202) includes a program for performing the above check rule H, and is called according to the procedure. And executed by the CPU (310).

  The storage unit (313) of the computing devices (308, 309) is preferably subjected to tamper-proof processing so that the stored authentication key R (203) does not leak to a third party.

  As described above, according to the present embodiment, in a situation where a plurality of quantum key distribution devices coexist, by performing mutual authentication according to the present embodiment before performing key distribution, impersonation by an unauthorized transmission / reception device, It is possible to prevent leakage of communication contents in subsequent encrypted communication with high security.

  Therefore, even when combined with quantum key distribution, the overall security can truly exceed the computational security.

It is a correspondence table of bit values, photon systems, and photon polarization. It is an example of a procedure in which a transmission device and a reception device perform mutual authentication. FIG. 3 is an example of a device configuration when the procedure of FIG. 2 is performed. FIG.

Explanation of symbols

201: Transmitter, 202: Receiver, 301: Photon generator / transmitter, 302: Photon reception and measurement device, 303: Quantum channel, 308: Calculator, 309: Calculator, 317: Classical channel, 319: Random number generator vessel.

Claims (8)

A mutual authentication method in quantum communication performed by a transmitter and a receiver using four types of quantum states corresponding to two types of binary physical quantities of quantum,
The transmitting device and the receiving device are:
An authentication key R,
A correspondence table that defines the correspondence between the two states in the binary physical quantity and the bit value for each of the two types of binary physical quantities;
Sharing a conversion rule F that generates a sequence of the corresponding physical quantity type from the input bit string,
The transmitter is
According to the conversion rule F, the authentication key R is input to generate the physical quantity type sequence,
Generate a random number r
In accordance with a transmission device authentication quantum string generation rule, a transmission device authentication bit string is generated from the random number r, and from the transmission device authentication bit string and the physical quantity type sequence, in the quantum state sequence according to the correspondence table Generate a quantum sequence,
The generated quantum string is transmitted to the receiving device using a quantum communication path,
The receiving device is:
According to the conversion rule F, the authentication key R is input to generate the physical quantity type sequence,
The quantum string is measured by a measuring device corresponding to the type of physical quantity indicated by the generated sequence,
According to the correspondence table, the measurement result is converted into the transmission device authentication bit string,
By verifying the transmitting device authentication bit string according to the transmitting device authentication rules, the validity of the transmitting device is verified,
When authenticating the transmitting device, from the transmitting device authentication bit string, according to a receiving device authentication bit string generation rule, generate a receiving device authentication bit string,
The receiving device authentication bit string is transmitted to the transmitting device using a classical communication path,
The mutual authentication method using quantum communication, wherein the transmitting device authenticates the transmitting device by inspecting the receiving device authentication bit string according to a receiving device authentication rule. The mutual authentication method using quantum communication according to claim 1,
The conversion rule F is a function that associates the physical quantity type A with bit 0 and the physical quantity type B with bit 1.
The transmission device authentication quantum string generation rule uses x || x combined with the input bit string x as the transmission device authentication bit string, and from the transmission device authentication bit string and the physical quantity type sequence according to the correspondence table. , Generating a quantum string that is a sequence of the quantum states,
The transmission device authentication rule is to authenticate the transmission device if the first half bit string and the second half bit string of the transmission device authentication bit string match,
The receiving device authentication bit string generation rule is such that the first half bit string or the second half bit string of the transmitting apparatus authentication bit string is the receiving apparatus authentication bit string,
The mutual authentication method using quantum communication, wherein the receiving device authentication rule authenticates the receiving device if the receiving device authentication bit string matches the random number r. In the mutual authentication method using quantum communication according to claim 1,
The conversion rule F is a function that associates the physical quantity type A with bit 0 and the physical quantity type B with bit 1.
When the transmission apparatus authentication quantum string generation rule is input with two bit strings x and y and a physical quantity sequence P, x and P are added to the i-th bit of the combination (y || y) of y. , And i, a fixed-length n quantum string is generated, and a quantum string obtained by combining the generated quantum strings for all bits of (y || y) is output.
The transmitting device authentication rule divides s into n-bit blocks for the bit string s generated by the receiving device according to claim 1, and sets x, P, and i for each i-th block. And generating a bit string Y by specifying bits 0 and 1, and authenticating the transmitting device if the first half bit string and the second half bit string of Y match,
The mutual authentication method using quantum communication, wherein the reception device authentication bit string generation rule is such that the first half bit string or the second half bit string of the bit string Y is the reception device authentication bit string. In the mutual authentication method using quantum communication according to claim 3,
The transmitting device uses the input bit string x instead of the random number r,
The input device receives the first half bit string of the bit string Y when the receiving apparatus authenticates the transmitting apparatus using the transmitting apparatus authentication quantum string generation rule and the transmitting apparatus authentication rule. A mutual authentication method using quantum communication, characterized in that the input bit string x is shared with the transmitting device by outputting as x. It consists of a transmitter and a receiver connected by a classical channel and a quantum channel, and the transmitter and the receiver use four types of quantum states corresponding to two types of binary physical quantities. A mutual authentication system using quantum communication that performs mutual authentication,
The transmitting device and the receiving device are:
An authentication key R,
A correspondence table that defines the correspondence between the two states in the binary physical quantity and the bit value for each of the two types of binary physical quantities;
Sharing a conversion rule F that generates a sequence of the corresponding physical quantity type from the input bit string,
The transmitter is
In accordance with the conversion rule F, means for generating the physical quantity type sequence with the authentication key R as an input;
Means for generating a random number r;
In accordance with a transmission device authentication quantum string generation rule, a transmission device authentication bit string is generated from the random number r, and from the transmission device authentication bit string and the physical quantity type sequence, in the quantum state sequence according to the correspondence table Means for generating a quantum sequence;
Means for transmitting the generated quantum sequence to the receiving device using the quantum communication path;
The receiving device is:
In accordance with the conversion rule F, means for generating the physical quantity type sequence with the authentication key R as an input;
Means for measuring the quantum string by a measuring device corresponding to the type of physical quantity indicated by the generated sequence;
Means for converting the measurement result into the transmission device authentication bit string according to the correspondence table;
Means for verifying the authenticity of the transmitting device by inspecting the transmitting device authentication bit string in accordance with the rules for transmitting device authentication;
Means for generating a receiving device authentication bit string from the transmitting device authentication bit string according to a receiving device authentication bit string generation rule when the transmitting device is authenticated;
Means for transmitting the receiving device authentication bit string to the transmitting device using the classical communication path;
A mutual authentication system using quantum communication, comprising: means for authenticating the transmitting device by inspecting the receiving device authentication bit string in accordance with a receiving device authentication rule. The mutual authentication system using quantum communication according to claim 5,
The conversion rule F is a function that associates the physical quantity type A with bit 0 and the physical quantity type B with bit 1.
The transmission device authentication quantum string generation rule uses x || x combined with the input bit string x as the transmission device authentication bit string, and from the transmission device authentication bit string and the physical quantity type sequence according to the correspondence table. , Generating a quantum string that is a sequence of the quantum states,
The transmission device authentication rule is to authenticate the transmission device if the first half bit string and the second half bit string of the transmission device authentication bit string match,
The receiving device authentication bit string generation rule is such that the first half bit string or the second half bit string of the transmitting apparatus authentication bit string is the receiving apparatus authentication bit string,
The mutual authentication system using quantum communication, wherein the receiving device authentication rule authenticates the receiving device if the receiving device authentication bit string matches the random number r. In the mutual authentication system using quantum communication according to claim 5,
The conversion rule F is a function that associates the physical quantity type A with bit 0 and the physical quantity type B with bit 1.
When the transmission apparatus authentication quantum string generation rule is input with two bit strings x and y and a physical quantity sequence P, x and P are added to the i-th bit of the combination (y || y) of y. , And i, a fixed-length n quantum string is generated, and a quantum string obtained by combining the generated quantum strings for all bits of (y || y) is output.
The transmitting device authentication rule divides s into n-bit blocks for the bit string s generated by the receiving device according to claim 1, and sets x, P, and i for each i-th block. And generating a bit string Y by specifying bits 0 and 1, and authenticating the transmitting device if the first half bit string and the second half bit string of Y match,
The mutual authentication system using quantum communication, wherein the reception device authentication bit string generation rule is that the first half bit string or the second half bit string of the bit string Y is the reception device authentication bit string. The mutual authentication system using quantum communication according to claim 7,
The transmitting device uses the input bit string x instead of the random number r,
The input device receives the first half bit string of the bit string Y when the receiving apparatus authenticates the transmitting apparatus using the transmitting apparatus authentication quantum string generation rule and the transmitting apparatus authentication rule. A mutual authentication system using quantum communication, comprising means for sharing the input bit string x with the transmission device by outputting as x.

Images