JP2007053591A - Quantum encryption key distribution system and method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To facilitate generation and management of encryption keys shared between a transmitter and a plurality of receivers in a quantum encryption key distribution system having 1:N connection structure. <P>SOLUTION: An optical switch 5 for selecting a receiver is provided between a transmitter 1 and a plurality of receivers 7, 8, and 9. A control part 3 of the transmitter 1 sets a time assigned for distributing a quantum encryption key to the selected receiver so that the shorter this time is the higher the generation speed of a quantum encryption key between the receiver and the transmitter is and the longer this time is the lower the generation speed is, and encryption keys generated for each receiver are stored in a key memory 4. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a quantum cryptography communication system, and more particularly to a system and method for sharing an encryption key between a master station that distributes a quantum encryption key and a slave station that receives the quantum encryption key.

  In recent years, with the spread of the Internet and the like, the confidentiality of data transmitted and received has become more and more important, and data communicated over the Internet and the like is generally encrypted to prevent eavesdropping. In particular, the quantum cipher is not a cipher with a number sequence that is currently generally used, but a cipher whose security is physically guaranteed by the principle of quantum mechanics. Therefore, it is expected that a communication system having a very high secrecy can be realized, unlike a conventional encryption technique that can be decrypted over time.

  In conventional encryption communication, transmission data is encrypted using mathematical formulas. Therefore, in an optical communication system, it is necessary to transmit strong light, that is, a large amount of photons so that the data can reliably reach the receiving side. In contrast, quantum cryptography uses only one photon when performing optical communication in order to extract the physical properties of the quantum. That is, in the quantum cryptography, 1-bit data “0” or “1” is transmitted by one photon.

  FIG. 13 is a block diagram illustrating a configuration example of a general quantum cryptography communication system. The quantum encryption key transmitter 101 of the base station A and the quantum encryption key receiver 102 of the base station B are connected by an optical fiber 105, and the data transceiver 106 of the base station A and the data transceiver 107 of the base station B Are connected by a data transmission path 109 such as a public network or an Internet network.

  First, an encryption key is generated according to a predetermined quantum encryption key distribution protocol between the quantum encryption key transmitter 101 of the base station A and the quantum encryption key receiver 102 of the base station B, and is stored in the respective key memories 103 and 104. Store. Subsequently, the data transceiver 106 of the base station A encrypts the plaintext (= the unencrypted text) using the encryption key stored in the key memory 103 (the ciphertext 108), and the ciphertext 108 is stored in the base station A. The data is transmitted to the station B through the data transmission path 109. The data transceiver 107 of the base station B uses the encryption key stored in the key memory 104 to decrypt the received ciphertext 108 to obtain the original plaintext.

  A protocol for generating a quantum encryption key is described in Non-Patent Document 1, for example. Hereinafter, the quantum key distribution algorithm described in Non-Patent Document 1 will be briefly described. Here, in accordance with normal names, the quantum key transmitter 101 of FIG. 13 is referred to as Alice, and the quantum key receiver 102 of the base station B is referred to as Bob.

  FIG. 14 is a flowchart showing a general flow of quantum key generation. Alice is provided with two random number sources. One random number is used as the original data of the encryption key, and the other random number is used as the base. A combination of these random numbers is used for 0, π / 2, π, −π / 2 is randomly modulated and transmitted to Bob.

  On the other hand, Bob is provided with a random number source corresponding to the base, and when the value of the base random number is “0” for the photon sent from Alice, the phase 0 modulation is “1”. Sometimes phase-π / 2 modulation is applied. As a result, when the bases of modulation performed by both Alice and Bob are the same, Bob can correctly detect the value of the raw data, and if different, Bob is a random number 0 / regardless of the value of the raw data. A value of 1 is randomly obtained. In this way, a single photon detection output (raw key) depending on the difference in modulation phase depth between Alice and Bob is obtained, and then a bit string in which the bases match by collating a part of the bases by ordinary multiphoton communication Share (selection key) (basic processing).

  However, the bit string shared as described above includes an error caused by the optical fiber 105 or the receiver 102, and an error correction process (Error Correction) for correcting this error is required. In addition, an error occurs in the shared bit string when an eavesdropper in the middle of the transmission path looks into the photon information. Therefore, in order to share the encryption key to be used in the end, not only error correction processing for correcting errors but also confidentiality that reduces the amount of information that can be assumed to be wiretapped based on the frequency of errors (error rate) Enhancement processing (Privacy Amplification) is required.

  As an example of error correction processing, the transmitter 101 and the receiver 102 divide the bit string of the selection key into a plurality of blocks, identify blocks including errors by collating the parity of each block, and perform Hamming codes on the blocks. Is applied to correct errors. In addition, assuming that an even number of errors are included in one block, the bit string is rearranged at random, and parity check and error correction are performed again. Such a confirmation operation is repeated a plurality of times (V times) to detect a residual error in the secret bit string. The confidentiality enhancement process is a process of generating a new random number by removing the amount of information that may have been leaked during key distribution. Here, the G-bit key information is dropped to F bits (F <G).

  In this way, an encryption key is generated. However, as described above, since quantum cryptography transmits 1-bit data with one photon, when the distance L between the base stations A and B increases, There is a property that the generation speed of the quantum encryption key is lowered due to the loss of photons due to the propagation loss of the optical fiber 105 or the occurrence of a bit error (see Non-Patent Document 2).

  FIG. 15 is a graph schematically showing a change in the quantum cryptography key generation rate depending on the transmission distance. The generation speed of the quantum encryption key can be defined as the key amount of the selection key per unit time, the key amount after error correction, or the key amount of the final key after enhancing the secret. The encryption key generation speed is actually measured based on one of these key amounts. Or it is also possible to calculate using the following general formula.

  The generation rate (generation rate) of the quantum encryption key using the above-described error-corrected key amount can be generally expressed by the following equation.

Here, the meaning of each symbol is as follows.

R: Quantum cryptographic key generation rate χ: Error correction efficiency
e: Quantum error rate
Pd: Dark count probability of photon detector η: Quantum efficiency of photon detector
L: Transmission distance
S: Probability of one or more photons per bit slot reaching the photon detector after a distance L transmission
N: Average number of photons contained per bit slot α: Loss per unit distance of optical transmission path β: Loss inside quantum cryptography device

  The quantum cryptography system can also have a 1: N connection structure including a master station that is a quantum cipher key distribution source and a plurality of slave stations that are quantum cipher key distribution destinations.

  FIG. 16 is a block diagram showing an example of a quantum key distribution system having a 1: N connection configuration. In this system, a quantum encryption key transmitter 101 of a master station and quantum cryptography receivers 111, 112, and 113 of a slave station A, a slave station B, and a slave station C are connected via an optical switch 110. , The quantum encryption key can be sequentially distributed from the master station to each of the slave station A, the slave station B, and the slave station C.

  Japanese Patent Application Laid-Open No. 9-502320 (Patent Document 1) discloses another example of a quantum encryption key distribution system having a 1: N connection structure. In this system, the transmitter T can distribute the encryption key to a plurality of receivers R through a 50/50 combiner.

JP-T 9-502320 "An Autocompensating Fiber-Optic Quantum Cryptography System Based on Polarization Splitting of Light" Donald S. Bethune and Wikkiam P. Risk, IEEE Journal of Quantum Electronics vol. 35, No. 4, March 2000, pp.340-347 "Security against eavesdropping in quantum cryptography" N. Lutkenhaus, Physical Review A vol. 54, 1996, pp.97-111

  However, in the case of a system with a 1: N connection configuration in which the transmitter (Alice) distributes the quantum encryption key to a plurality of receivers (Bob), the key generation speed is different if the distance from Alice to each Bob is different. There arises a problem that the management of the encryption key shared between the two is complicated.

For example, in the quantum key distribution system shown in FIG. 16, the distances LA, LB, and LC between the parent station and the child stations A, B, and C are generally not equal. The quantum key generation rates R _A , R _B , and R _C between the station and the slave station A, the slave station B, and the slave station _C are generally not equal. This complicates the management of the generation and use of quantum encryption keys in a 1: N connection structure quantum encryption key distribution system.

  Furthermore, the encryption key generation speed does not necessarily depend only on the transmission distance of the optical fiber. For example, depending on characteristics such as loss of the optical fiber, the quantum key generation speed is not necessarily slower as the distance increases. In any case, the difference in encryption key generation speed among a plurality of slave stations does not change the management of the encryption key after generation.

  Accordingly, an object of the present invention is to provide a 1: N connection configuration quantum key distribution system and quantum encryption key distribution method that solve the above-described conventional problems and facilitate the generation and management of shared encryption keys. There is.

  According to the present invention, the generation and use management of quantum encryption keys can be managed by artificially reducing the difference in quantum encryption key generation rates among a plurality of receivers in a 1: N connection structure quantum encryption key distribution system. Simplify. That is, a transmission means capable of relatively setting the number of photon bits reaching each of the plurality of receivers from the transmitter that is the distribution source of the quantum encryption key is provided, and between the transmitter and each of the plurality of receivers. Based on the key amount (key generation rate or key generation rate) shared per unit time, the control unit determines the relative setting state of the transmission unit.

  According to an embodiment of the present invention, path switching means (eg, an optical switch) that connects a transmitter to a selected one of a plurality of receivers can be used as such transmission means. In this case, the control means sets an allocation time for distributing the quantum encryption key to each receiver selected by the path switching means based on the key amount shared per unit time. The allocation time is desirably set shorter as the key amount shared per unit time between the selected receiver and transmitter is larger and longer as the key amount is smaller. This is because the difference in the key amount that each of the plurality of receivers shares with the transmitter is reduced. In particular, the allocation time is desirably set to be inversely proportional to the key generation rate between the selected receiver and transmitter. This is because the amount of keys shared by each of the plurality of receivers with the transmitter is substantially uniform.

  According to another embodiment of the present invention, it further comprises a key memory for holding an encryption key shared between the selected receiver and transmitter, and the control means is held in the key memory. A receiver and a transmitter that removes the encryption key used for encryption communication with the receiver from the encryption key of each receiver, measures the quantum cryptography shortage with reference to a predetermined key amount, and selects the allocation time. Is set based on the key generation speed between the two and the amount of quantum cryptography deficiency. It is desirable that the allocation time at this time be set longer as the value obtained by dividing the quantum encryption key shortage amount by the key generation speed between the selected slave station and the parent station becomes longer and shorter as it becomes smaller. For example, if the key generation speed is low but the key shortage is small, it is possible to make a reasonable determination that a large number of keys are not required.

  According to still another embodiment of the present invention, at least one branch optical waveguide is provided in an optical transmission medium between a transmitter and a plurality of receivers, and transmission when the branch optical waveguides have the same branch ratio. A key generation speed between the optical receiver and each receiver is determined, and a branching ratio of each branch optical waveguide to each receiver is set based on the key generation speed. The branching ratio of the branch optical waveguide toward the branch destination receiver having a low key generation speed may be set relatively large, and the branching ratio of the branch optical waveguide toward the branch destination receiver having a high key generation speed may be set to be relatively small. desirable. Furthermore, when the same bit string is generated in at least two of the plurality of receivers, the transmitter desirably discards the bit string and does not use it as a quantum encryption key.

  As described above, according to the present invention, photons that reach each distribution destination from the distribution source based on the key generation speed between the distribution source (transmitter) of the quantum encryption key and each distribution destination (receiver). By relatively setting the number of bits using, for example, connection allocation time or optical branching ratio, the difference in quantum encryption key generation speed among a plurality of distribution destinations can be reduced in a pseudo manner. Generation and usage management can be simplified.

  Furthermore, by setting the allocation time considering not only the key generation rate between the receiver and the transmitter but also the quantum cryptography shortage amount, for example, when the key generation rate is low but the key shortage amount is small, it is too much. It is possible to determine that the key is not required, and more rational key distribution can be performed.

1. First Embodiment FIG. 1 is a block diagram showing the configuration of a quantum key distribution system according to a first embodiment of the present invention. However, here, in order not to complicate the explanation, a case where an encryption key is distributed from one master station to three slave stations will be taken as an example. Also, a data transmission / reception system (see FIG. 13) for transmitting / receiving ciphertext is omitted.

  The quantum cryptography communication system according to this embodiment includes a master station, a slave station A, a slave station B, and a slave station C, and the master station and each slave station are connected by optical fibers 6 having different lengths. Here, it is assumed that the optical fiber distances between the master station and the slave stations A, B, and C are LA, LB, and LC, respectively, and that LA <LB <LC.

  The master station includes a quantum encryption key transmitter 1 and an optical switch 5, and the transmitter 1 includes a key generation unit 2, a control unit 3, and a key memory 4. The optical switch 5 is controlled by the control unit 3 as will be described later. The slave stations A, B and C have quantum encryption key receivers 7, 8 and 9, respectively, and are connected to the optical switch 5 through the optical fiber 6. Hereinafter, the quantum encryption key transmitter is referred to as “transmitter”, and the quantum encryption key receiver is referred to as “receiver”.

  The optical switch 5 is one of the key generation unit 2 of the transmitter 1, the receiver 7 of the slave station A, the receiver 8 of the slave station B, and the receiver 9 of the slave station C according to the switching control of the control unit 3. And two receivers are optically connected. The key generation unit 2 and the key memory 4 are also controlled by the control unit 3. Here, the control unit 3 is a program control processor or a computer, and controls the quantum key distribution system according to the present invention by executing a program stored in a memory (not shown). The key generation unit 2 and the receiver of the slave station selected and connected by the optical switch 5 generate an encryption key through a corresponding optical fiber 6 according to a protocol for generating a quantum encryption key (for example, see Non-Patent Document 1). To do. The finally obtained encryption key is stored in the key memory 4 of the transmitter 1 and the key memory (not shown) of the receiver of the slave station. In this way, the slave stations A, B and C are sequentially selected by the optical switch 5 in accordance with the time relationship described later, and the encryption key used with each of the slave stations A, B and C is individually stored in the key memory 4 of the transmitter 1. To store.

  As a method of obtaining bit synchronization between the master station and each slave station, synchronization is performed using a channel different from quantum key distribution, or immediately after the optical switch 5 is switched to each slave station. Insert a sequence for synchronization, or use the same optical fiber as the optical fiber that distributes the quantum encryption key and use a different optical wavelength (wavelength multiplexing method) from the quantum encryption key distribution There are methods such as synchronizing with slave stations. Since these techniques are well known to those skilled in the art, description thereof is omitted here.

  The master station and the slave station A, the slave station B, and the slave station C are connected by a data communication path such as a public network, a mobile phone network, or an internet network. B, data can be transmitted / received by the data transmitter / receiver of the slave station C, but this part is the same as the conventional quantum encryption key distribution system shown in FIG. 13 and is not directly related to the present invention. In FIG. 1, illustration is omitted.

  FIG. 2A is a timing chart showing the switching sequence of the optical switch 5 and the connection time of each slave station, and FIG. 2B shows the distance L between the master station and each slave station and the encryption key generation rate R. It is a graph which shows a relationship. In FIG. 2A, TA, TB, and TC indicate the length of time allocated to distribute the quantum encryption key from the master station to the slave stations A, B, and C, respectively. Corresponds to the station connection time. That is, a single photon detection output that depends on the difference in modulation phase depth between the key generation unit 2 of the master station and the receiver of each slave station is obtained as a raw key that is a bit string, A final bit string (encryption key) is generated in the receiver of each slave station by error correction processing and concealment enhancement processing, and the slave stations A, B, and C are stored in the key memory 4 of the master station. Each final bit string (encryption key) is stored and managed.

  In this way, the final bit string generated between the master station and each slave station is stored, and when performing cryptographic communication with a certain slave station, the corresponding slave station bit string stored in the key memory 4 The quantum encryption key is read from and used. It is desirable that the quantum encryption key is updated at predetermined intervals or appropriately. Therefore, the unit in which the quantum encryption key distribution from the master station to the slave stations A, B, and C is completed is one sequence, and the encryption key is updated by repeating the unit sequence.

  As shown in FIG. 2B, it is assumed that the distances LA, LB, and LC between the master station and the slave station A, the slave station B, and the slave station C are in a relationship of LA <LB <LC. As described above, the quantum encryption key generation rates RA, RB, and RC in the slave station A, the slave station B, and the slave station C have a relationship of RA> RB> RC. In such a quantum encryption key distribution system, the quantum encryption key distribution method according to the present embodiment controls the optical switch 5 as follows.

The allocation times TA, TB, and TC for distributing the quantum encryption keys from the master station to the slave stations A, B, and C are set with k as a constant,
TA = k / RA
TB = k / RB
TC = k / RC
Is set to be That is, the allocation times TA, TB, and TC are set to be inversely proportional to the quantum key generation rates RA, RB, and RC. Therefore, the amount of keys distributed to each slave station in one unit sequence is
TA × RA = TB × RB = TC × RC = k
And all are equal.

  On the other hand, when the allocation time is set to the same time T for each slave station according to the prior art, the amount of keys distributed to each slave station in one unit sequence differs for each slave station.

  FIG. 3A is a graph showing the key amount distributed in the unit sequence according to the present embodiment for each slave station, and FIG. 3B is a graph showing the key amount distributed in the unit sequence according to the conventional example for each slave station. It is. As shown in FIG. 3A, if quantum key distribution is performed from the master station to each slave station by repeating this unit sequence, an almost equal amount of quantum encryption keys are always distributed to each slave station. As can be seen from the comparison with the conventional example shown in FIG. 3B, according to the present embodiment, the generation and use management of the quantum encryption key can be simplified.

  The quantum key generation speeds RA, RB, RC in the slave station A, slave station B, and slave station C necessary for calculating the allocation times TA, TB, TC are the key amount of the selection key per unit time, What is necessary is just to determine by actually measuring the key amount after error correction, or the key amount of the final key after the enhancement of secrecy. Or you may calculate by (Formula 1) already stated.

  In the present embodiment, the quantum cryptographic keys are distributed in order from the slave station with the highest quantum cryptographic key generation speed in the unit sequence. However, the quantum cryptographic keys are not limited to this order and are distributed in an arbitrary order. A similar effect can be obtained.

  Furthermore, in the present embodiment, an example is shown in which the quantum cryptographic key generation rate is slower as the slave station is farther from the master station, but depending on characteristics such as loss of the optical fiber, if the quantum cryptographic key generation rate is slower as it is farther away, Is not limited. Even in such a case, the same effect can be obtained if the allocation time for distributing the quantum encryption key is set to be inversely proportional to the quantum encryption key generation rate.

  Further, in the present embodiment, an example is shown in which the allocation time for distributing the quantum encryption key is set to be inversely proportional to the quantum encryption key generation speed, but it is not necessarily required to be exactly inversely proportional. The same effect can be obtained by setting the allocation time shorter as the quantum key generation rate is higher and setting the allocation time longer as the quantum key generation rate is lower because the variation in the key amount for each slave station is reduced. .

2. Second Embodiment FIG. 4 is a block diagram showing the configuration of a quantum key distribution system according to a second embodiment of the present invention. However, the blocks having the same functions as those shown in FIG.

  The second embodiment of FIG. 4 differs from the first embodiment of FIG. 1 in that the optical switch 5 is provided not in the parent station but in the switching station 10 installed at a location different from the parent station. The switching station 10 is connected to the master station by the optical fiber 11 and the control path 12. The control path 12 may be a path physically different from the optical fiber 11, or may be a channel having a wavelength different from the optical wavelength used for quantum key distribution using the same optical fiber 11. . Other configurations are the same as those of the first embodiment shown in FIG.

  In FIG. 4, the optical switch 5 provided in the switching station 10 installed at a location different from the master station is controlled through the control path 12 by the control unit 3 of the quantum key transmitter 1 of the master station. . The operation of the optical switch 5 at this time is as described with reference to FIG. That is, assuming that the distances LA, LB, and LC between the master station and the slave stations A, B, and C are in a relationship of LA <LB <LC, the slave stations A, B, and The quantum key generation rates RA, RB, and RC in C have a relationship of RA> RB> RC. In such a quantum cryptography key distribution system, according to the quantum cryptography key distribution method according to the present embodiment, allocation times TA, TB, TC for distributing quantum cryptography keys from the master station to the slave stations A, B, C, respectively. Is set to be inversely proportional to the quantum key generation speeds RA, RB, RC, or so that the higher the quantum encryption key generation speed, the shorter the allocation time, and the lower the quantum encryption key generation speed, the longer the allocation time. The amount of keys distributed to each slave station in one unit sequence is all equal, or the variation is reduced.

  In the second embodiment, since it is not necessary to directly connect the master station and all the slave stations with an optical fiber, it is possible to reduce the installation cost or the rental cost of the optical fiber by appropriately determining the position of the switching station 10. There is. Other operations and effects are as described in the first embodiment.

3. Third Embodiment FIG. 5 is a block diagram showing the configuration of a quantum key distribution system according to a third embodiment of the present invention. However, the blocks having the same functions as those shown in FIG.

  The third embodiment of FIG. 5 is different from the second embodiment of FIG. 4 in that two switching stations 14 and 15 each having an optical switch 17 and an optical switch 18 provided therein are serially connected, The station can be connected to the slave station A through the optical switch 17 of the switching station 14, and can be connected to the slave station B or C through the optical switch 17 of the switching station 14 and the optical switch 18 of the switching station 15. Next, a specific operation will be described.

  FIG. 6 is a table showing the operation of the optical switches 17 and 18 in this embodiment. The optical switch 17 of the switching station 14 can select the position A and the through position as the switching position. By selecting the position of A, the transmitter 1 of the master station is connected to the receiver 7 of the slave station A, and the distribution destination of the quantum encryption key is the receiver 7 of the slave station A. By selecting the through position, it is connected to the optical switch 18 at the subsequent stage.

  The optical switch 18 of the switching station 15 can select the position B and the position C as the switching position. By selecting the position of B, the transmitter 1 of the master station is connected to the receiver 8 of the slave station B through the optical switches 17 and 18, and the distribution destination of the quantum encryption key becomes the receiver 8 of the slave station B. By selecting the position of C, the transmitter 1 of the master station is connected to the receiver 8 of the slave station C through the optical switches 17 and 18, and the distribution destination of the quantum encryption key becomes the receiver 9 of the slave station C. The optical switches 17 and 18 are controlled to be switched by the control unit 3 of the quantum encryption transmitter 1 of the master station via the control path 13.

  FIG. 7 is a timing chart showing the switching operation of the optical switches 17 and 18 and corresponds to FIG. 2A in the first embodiment. The basic quantum encryption key distribution operation is the same as that of the first embodiment except that the selection of the slave station to which the quantum encryption key is distributed is performed by the optical switches 17 and 18. That is, if the distances between the master station and the slave station A, the slave station B, and the slave station C are increased in this order, the quantum key generation speed RA in the slave station A, the slave station B, and the slave station C RB and RC have a relationship of RA> RB> RC. In such a quantum cryptography key distribution system, according to the quantum cryptography key distribution method according to the present embodiment, allocation times TA, TB, TC for distributing quantum cryptography keys from the master station to the slave stations A, B, C, respectively. Is set to be inversely proportional to the quantum key generation speeds RA, RB, RC, or so that the higher the quantum encryption key generation speed, the shorter the allocation time, and the lower the quantum encryption key generation speed, the longer the allocation time. The amount of keys distributed to each slave station in one unit sequence is all equal, or the variation is reduced. However, if the slave station A is the quantum encryption key distribution destination, the control unit 3 sets the optical switch 17 to the A position, and if the slave station B or C is the encryption key distribution destination, the control unit 3 sets the optical switch 17. Is set to the through position, and the optical switch 18 is set to the B or C position.

  In this embodiment, since there are a plurality of switching stations, the degree of freedom in designing the quantum encryption key distribution path is further increased compared to the second embodiment, and the optical fiber installation cost or rental cost can be further reduced. effective. Other operations and effects are the same as those in the first and second embodiments.

4). Fourth Embodiment FIG. 8 is a block diagram showing the configuration of a quantum key distribution system according to a fourth embodiment of the present invention. However, blocks having the same functions as those shown in FIG. 5 are denoted by the same reference numerals, and detailed description thereof is omitted. The fourth embodiment of FIG. 8 is different from the third embodiment of FIG. 5 in that optical switches 17 and 18 are provided inside the slave stations A and B, respectively. Therefore, in the fourth embodiment, no switching station is required, and the installation cost of the switching station can be reduced. Other configurations, operations, and effects are the same as those in the first to third embodiments described above.

5. Fifth Embodiment In the first embodiment shown in FIG. 1, the allocation time TA, TB, TC of quantum key distribution is inversely proportional to the quantum key generation rates RA, RB, RC, or quantum key generation The higher the speed, the shorter the allocation time, and the lower the quantum cryptographic key generation speed, the longer the allocation time. On the other hand, according to the fifth embodiment of the present invention, the setting methods of these allocation times TA, TB, and TC are different. Since the configuration of the system according to the fifth embodiment is the same as that of the quantum key distribution system of FIG. 1, description will be made based on the configuration of FIG.

  FIG. 9 is a graph for explaining a method for setting allocation times TA, TB, and TC in the quantum key distribution method according to the fifth embodiment of the present invention. First, the key memory 4 of the transmitter 1 shown in FIG. 1 stores the final bit string generated between the master station and each slave station as described above. When performing cryptographic communication, the quantum cryptographic key is read out from the bit string of the corresponding slave station stored in the key memory 4 and used. Therefore, by checking the key memory 4, it is possible to know the remaining amounts KA, KB, and KC of the quantum encryption keys that can be used between the master station and each slave station.

  Therefore, in the fifth embodiment, when setting the allocation times TA, TB, and TC, the control unit 3 first checks the remaining amounts KA, KB, and KC of the quantum encryption keys of each slave station. Next, the control unit 3 calculates a key shortage amount SA, SB, SC between the master station and each slave station by the following formula using a predetermined reference value S (see FIG. 9).

Key shortage SA between the master station and the slave station A = S−KA,
Key shortage SB = S-KB between the master station and the slave station B, and key shortage SC = S-KC between the master station and the slave station C.

  Next, the control unit 3 sets the quantum cipher key distribution allocation time TA, TB, TC to each slave station using the key shortage amounts SA, SB, SC (m is a constant).

TA = m × SA / RA,
TB = m × SB / RB, and TC = m × SC / RC.

That is, the allocation time is set to be proportional to a value obtained by dividing the key shortage amount by the key generation rate.

  FIG. 10 is a timing chart showing the switching operation of the optical switch 5 based on the allocated time set according to the fifth embodiment of the present invention. As described above, in this embodiment, not only the key generation speed between the master station and each slave station but also the key shortage amount is taken into account, so that more rational key distribution can be performed. For example, in FIG. 9, the allocation time TC for the slave station C is set to be short because the key generation rate RC is small but the key shortage SC is small, that is, it is considered that not many keys are required. ing.

  FIG. 11A is a flowchart showing an example of a quantum key distribution method according to the fifth embodiment of the present invention, and FIG. 11B is a flowchart showing another example. In the flow shown in FIG. 11 (a), the key shortage calculation and allocation time setting sequence and the key distribution unit sequence are executed alternately, and each time key distribution is performed, the key shortage calculation and allocation time setting sequence is Is done. Accordingly, it is possible to quickly and accurately reflect the shortage of keys of each slave station.

  In the flow shown in FIG. 11B, the key shortage calculation and allocation time setting sequence are performed after repeating the key distribution unit sequence a plurality of times. Therefore, the time used for key distribution becomes longer than that in the flow of FIG. 11A, and a large number of keys can be distributed in total.

  In the fifth embodiment, the allocation time is set to be proportional to the value obtained by dividing the key shortage amount by the key generation rate, but the key shortage amount is divided by the key generation rate even if it is not necessarily proportional. Even if the allocation time is set so that the larger the value is, the longer the value is, and the shorter the value is, the same effect is obtained.

  In the above description, the allocation time is set to be proportional to the value obtained by dividing the key shortage amount by the key generation rate in the first embodiment as an example. However, in the second to fourth embodiments, the allocation time is set to the key shortage amount. May be set to be proportional to the value obtained by dividing by the key generation speed. In that case, the same effect can be obtained.

6). Sixth Embodiment FIG. 12 is a block diagram showing a configuration of a quantum key distribution system according to a sixth embodiment of the present invention. However, the blocks having the same functions as those shown in FIG.

  The sixth embodiment of FIG. 12 differs from the second embodiment of FIG. 4 in that a branch optical waveguide 19 is provided instead of the optical switch 5 in the second embodiment, and that the control path 12 does not exist. It is. The branching optical waveguide 19 is set so that the branching ratio thereof is a: b: c with respect to the slave stations A, B, and C, respectively. Here, a method for setting the ratio of a: b: c will be described.

  First, assuming that the branching ratio of the branch optical waveguide 19 is equal, that is, 1: 1: 1, the quantum key generation speeds in the slave station A, slave station B, and slave station C are R0A, R0B, and R0C, respectively. To do. R0A, R0B, and R0C may be determined by actually measuring the key amount of the selected key per unit time, the key amount after error correction, or the key amount of the final key after enhancing the secret, or You may calculate by (Formula 1) already described. Using these, the branching ratio a: b: c of the branch optical waveguide 19 in the present embodiment is set by the following equation, where n is a constant.

a = n × R 0 B × R 0 C,
b = n * R0A * R0C, and c = n * R0A * R0B (Equation 2).

  In FIG. 12, the quantum encryption key generation rate in each slave station is approximately proportional to the number of photon bits that reach each slave station per unit time. Therefore, if the branching ratio of the branch optical waveguide 19 is equal, that is, 1: 1: 1, the quantum key generation speeds in the slave station A, slave station B, and slave station C are R0A, R0B, and R0C. This means that the ratio of the number of photon bits reaching each slave station per unit time is approximately R0A: R0B: R0C.

Here, in the sixth embodiment, since the branching ratio of the branching optical waveguide 19 is actually a: b: c, the ratio of the number of photon bits reaching the slave stations A, B, and C per unit time is a * R0A: b * R0B: c * R0C. Therefore, from Equation 2,
a × R0A = n × R0A × R0B × R0C,
b * R0B = n * R0A * R0B * R0C, and c * R0C = n * R0A * R0B * R0C
The ratio of the number of photon bits reaching the slave stations A, B, and C per unit time is R0A × R0B × R0C: R0A × R0B × R0C: R0A × R0B × R0C = 1: 1: 1. . That is, in the sixth embodiment, by setting the branching ratio of the branching optical waveguide 19 to a: b: c, the number of photons that reach the slave stations A, B, and C per unit time becomes equal. The key generation speeds in A, B, and C are almost equal. In the sixth embodiment, unlike the second embodiment, there is no need to control the optical switch by the control path, so that there is an effect that the system configuration and the operation cost can be reduced.

  In the quantum cryptography, it has been described that 1-bit data is transmitted by one photon. Strictly speaking, there are cases where a plurality of photons are included in a 1-bit signal with a certain low probability. In such a case, in the sixth embodiment, a plurality of photons having the same information in a 1-bit signal reach different slave stations, so that the same information can reach a plurality of slave stations. There is sex. In other words, information is leaked between the slave stations.

  Even in such a case, the control unit 3 of the master station can easily detect that the same bit string is distributed to a plurality of slave stations by checking the bit string obtained in the encryption key distribution protocol for each slave station. Can do. Therefore, information leakage between slave stations can be avoided by discarding bits in which such a situation has occurred and not using them as quantum encryption keys.

  In the sixth embodiment, the optical switch 5 is replaced with the branch waveguide 19 in the second embodiment. Similarly, all or some of the optical switches in the other embodiments are branched optically. The same effect can be obtained when a waveguide is replaced. For example, the optical switch 18 of FIG. 5 can be replaced with a branched optical waveguide.

  In the sixth embodiment, the example in which the branching ratio a: b: c of the branching optical waveguide 19 is set according to Equation 2 is shown, but it is not necessary to strictly follow Equation 2. If it is assumed that the branching ratios of the branching optical waveguides are equal, the same effect can be obtained even if the branching ratio is set to be larger as the quantum encryption key generation speed at each slave station is lower and the branching ratio is set to be lower as the branching ratio is higher. .

  As described above, in the first to sixth embodiments of the present invention, an example in which there are three slave stations has been described. However, the present invention is not limited to three stations, and the same is applicable to a system having two or more slave stations. An effect is obtained.

  The present invention can be applied as an encryption key distribution technique in a field where high security is required in data communication such as defense, diplomacy, and finance.

It is a block diagram which shows the structure of the quantum encryption key distribution system by 1st Embodiment of this invention. (A) is a timing chart showing the switching sequence of the optical switch 5 and the connection time of each slave station, and (B) shows the relationship between the distance L between the master station and each slave station and the encryption key generation rate R. It is a graph to show. (A) is a graph showing the key amount distributed in the unit sequence according to the present embodiment for each slave station, and (B) is a graph showing the key amount distributed in the unit sequence according to the conventional example for each slave station. . It is a block diagram which shows the structure of the quantum encryption key distribution system by 2nd Embodiment of this invention. It is a block diagram which shows the structure of the quantum encryption key distribution system by 3rd Embodiment of this invention. It is a table which shows operation | movement of the optical switches 17 and 18 in this embodiment. 3 is a timing chart showing switching operation of optical switches 17 and 18; It is a block diagram which shows the structure of the quantum encryption key distribution system by 4th Embodiment of this invention. It is a graph for demonstrating the setting method of allocation time TA, TB, and TC in the quantum key distribution method by 5th Embodiment of this invention. It is a timing chart which shows the switching operation | movement of the optical switch 5 based on the allocation time set by 5th Embodiment of this invention. (A) is a flowchart which shows an example of the quantum encryption key distribution method in 5th Embodiment of this invention, (b) is a flowchart which shows another example. It is a block diagram which shows the structure of the quantum encryption key distribution system by 6th Embodiment of this invention. It is a block diagram which shows the structural example of a general quantum cryptography communication system. It is a flowchart which shows the flow of a general quantum encryption key generation. It is a graph which shows roughly the change of the generation speed of the quantum encryption key depending on transmission distance. It is a block diagram which shows an example of the quantum key distribution system which has 1: N connection structure.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Quantum encryption key transmitter 2 Key generation part 3 Control part 4 Key memory 5 Optical switch 6 Optical fiber 7-9 Quantum encryption key receiver 10 Switching station 12 Control path 13 Control path 14, 15 Switching station 16 Optical fibers 17, 18 Optical switch 19 Branching waveguide

Claims (25)

In a quantum key distribution system in which a transmitter and a plurality of receivers are connected through optical transmission media,
Transmission means capable of relatively setting the number of photon bits reaching each of the plurality of receivers from the transmitter;
Control means for determining a relative setting state of the transmission means based on a key amount shared per unit time between the transmitter and each of the plurality of receivers;
A quantum cryptography key distribution system comprising:   The transmission means includes path switching means for connecting the transmitter to a selected one of the plurality of receivers, and the control means is configured to switch the path based on a key amount shared per unit time. 2. The quantum key distribution system according to claim 1, wherein an allocation time for distributing a quantum key to each receiver selected by the means is set.   The allocation time is set to be shorter as the key amount shared per unit time between the selected receiver and the transmitter is larger and longer as the key amount is smaller. Quantum key distribution system. Further comprising encryption key holding means for holding an encryption key shared between the selected receiver and the transmitter;
The control means removes the encryption key used for the encryption communication with the receiver from the encryption key of each receiver held in the encryption key holding means, and the quantum cryptography deficit amount based on a predetermined key amount Measure
3. The allocation time is set based on a key amount shared per unit time between the selected receiver and the transmitter and the quantum cryptography deficiency amount. Quantum key distribution system described in 1.   The allocation time is set longer as the value obtained by dividing the quantum encryption key shortage amount by the key amount shared per unit time between the selected receiver and the transmitter is longer, and is set shorter as the time is smaller. The quantum cryptography key distribution system according to claim 4, wherein   2. The quantum key distribution system according to claim 1, wherein the transmission unit is provided in a master station having the transmitter.   2. The quantum cryptography key distribution system according to claim 1, wherein the transmission means is provided in at least one switching station installed at a position different from the transmitter and the plurality of receivers.   The quantum key distribution system according to claim 1, wherein the transmission unit is provided in at least one of a plurality of slave stations each having the plurality of receivers. In a quantum key distribution system in which a transmitter and a plurality of receivers are connected through optical transmission media,
At least one branch optical waveguide provided in the optical transmission medium between the transmitter and the plurality of receivers;
Control means for determining a key amount shared per unit time between the transmitter and each receiver when the branching ratios of the branching optical waveguides are equal.
Quantum encryption key distribution characterized in that a branching ratio of each branch optical waveguide to each receiver is set based on a key amount shared per unit time between the transmitter and each receiver. system.   The branching ratio of the branch optical waveguide toward the branch destination receiver having a low key amount shared per unit time between the transmitter and each receiver is relatively large, and the head toward the high branch destination receiver. The quantum cryptography key distribution system according to claim 9, wherein a branching ratio of the branching optical waveguide is set to be relatively small.   11. The transmitter according to claim 10, wherein when the same bit string is generated in at least two receivers among the plurality of receivers, the transmitter discards the bit string and does not use it as a quantum encryption key. Quantum key distribution system. In a quantum key distribution method in a system in which a transmitter and a plurality of receivers are each connected through an optical transmission medium,
a) A key amount (hereinafter referred to as a key generation speed) shared per unit time between the transmitter and each of the plurality of receivers is obtained.
b) relatively setting the number of photon bits arriving from the transmitter to each of the plurality of receivers so as to reduce the difference in the key generation rate;
Quantum encryption key distribution method characterized by the above. Said b)
Based on a key generation rate between the transmitter and each of the plurality of receivers, the transmitter sets an allocation time for distributing a quantum encryption key to each receiver,
Selectively connecting the transmitter and the plurality of receivers according to the allocated time;
The quantum cryptography key distribution method according to claim 12, wherein:   The quantum key distribution method according to claim 13, wherein the allocation time is set to be shorter as the key generation speed between the selected receiver and the transmitter is larger and longer as the key generation speed is smaller. .   The quantum key distribution method according to claim 14, wherein the allocation time is set to be inversely proportional to a key generation rate between the selected receiver and the transmitter. Said b)
Holding an encryption key shared between the selected receiver and the transmitter;
Removing the encryption key used for encryption communication with the receiver from the held encryption key of each receiver;
Measure the amount of quantum cryptography shortage for each receiver based on a predetermined key amount,
The quantum cryptography key according to claim 12, wherein the allocation time is set based on the key generation rate between the selected receiver and the transmitter and the quantum cryptography deficiency. Distribution method.   The quantum key distribution method according to claim 16, wherein the allocation time is set to be longer as the value obtained by dividing the quantum key shortage amount by the key generation rate is larger and shorter as the allocation time is smaller.   18. The quantum key distribution method according to claim 17, wherein the allocation time is set in proportion to a value obtained by dividing the quantum encryption key shortage amount by the key generation rate. In the a), the key generation speed between the transmitter and each receiver when the optical branching ratio from the transmitter to each of the plurality of receivers is equal is obtained,
In b), the branching ratio is set based on the key generation speed between the transmitter and each receiver.
The quantum cryptography key distribution method according to claim 12, wherein:   20. The quantum key distribution method according to claim 19, wherein the branching ratio is set so that a key generation rate between the transmitter and each receiver is equal. Determining whether the same bit string is generated in at least two of the plurality of receivers;
When the same bit string is generated in at least two receivers, the bit string is not used as a quantum encryption key.
The quantum cryptography key distribution method according to claim 19. In a program for causing a computer to execute a quantum cryptography key distribution method at the transmitter in a system in which a transmitter and a plurality of receivers are respectively connected through an optical transmission medium,
a) obtaining a key amount (hereinafter referred to as a key generation rate) shared per unit time between the transmitter and each of the plurality of receivers;
b) relatively setting the number of photon bits reaching each of the plurality of receivers from the transmitter so as to reduce the difference in the key generation rate;
The program characterized by having. Said b)
Setting an allocation time for the transmitter to distribute a quantum encryption key to each receiver based on a key generation rate between the transmitter and each of the plurality of receivers;
Selectively connecting the transmitter and the plurality of receivers according to the allocated time;
The program according to claim 22, comprising: Said b)
Maintaining an encryption key shared between the selected receiver and the transmitter;
Removing the encryption key used for encrypted communication with the receiver from the held encryption key of each receiver;
Measuring a quantum cryptography deficiency for each receiver based on a predetermined key quantity;
Setting the allocation time based on the key generation rate between the selected receiver and the transmitter and the quantum cryptography deficiency;
The program according to claim 22, comprising: 25. The program according to claim 24, wherein the allocation time is set to be longer as the value obtained by dividing the quantum encryption key shortage amount by the key generation rate is larger and shorter as the value is smaller.

Images