JP2018148544A - Key sharing device, key sharing system, key sharing method and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a key sharing device capable of swiftly carrying out quantum key delivery ensuring the secure key rate.SOLUTION: The key sharing device has plural a plurality of individual processing parts. Each of the individual processing part executes any one of plural series of individual processing included in a series of processing to generate a cipher key to be shared among the other key sharing devices by the quantum key delivery. The individual processing part has a control part. The control par controls execution of corresponding individual processing depending on the idle state of a storage part which stores a piece of result information, which is at least one of the results of the individual processing and a piece of identification information for identifying the result.SELECTED DRAWING: Figure 2

Description

  Embodiments described herein relate generally to a key sharing apparatus, a key sharing system, a key sharing method, and a program.

  Quantum Key Distribution (QKD) technology is known for securely sharing an encryption key using a single photon transmitted continuously between a transmitter and a receiver connected by an optical fiber. It has been.

Japanese Patent No. 4015385

  The amount of the encryption key to be shared per unit time is called a secure key rate and corresponds to the operation speed performance of the quantum cryptography communication system. A person who can use many encryption keys can perform faster and more secure encryption data communication. Therefore, there is a demand for a quantum cryptography communication system with a higher secure key rate, that is, a higher performance.

  The key sharing apparatus according to the embodiment includes a plurality of individual processing units. The individual processing unit executes each of a plurality of individual processes included in the process of generating an encryption key shared with other key sharing apparatuses by quantum key distribution. The individual processing unit includes a control unit. The control unit controls the execution of the corresponding individual process according to the availability of the storage unit that stores the result of the individual process and the result information that is at least one of the identification information for identifying the result.

The figure which shows the example of each process contained in QKD. 1 is a block diagram of a key sharing system according to a first embodiment. The block diagram of the separate processing part of 1st Embodiment. The flowchart of the flow control process in 1st Embodiment. The figure which shows an example of the data sharing method between processes. The block diagram of the key sharing apparatus concerning 2nd Embodiment. The block diagram of the separate process part of 2nd Embodiment. The flowchart of the flow control process in 2nd Embodiment. The figure which shows an example of the discard method of the data in 2nd Embodiment. The figure which shows an example of the relationship between an error rate and a secure key rate. The figure for demonstrating the flow control by the modification 1. FIG. The figure for demonstrating the flow control by the modification 2. FIG. The figure for demonstrating the flow control by the modification 3. FIG. The block diagram of the key sharing apparatus concerning 3rd Embodiment. The block diagram of the separate process part of 3rd Embodiment. The flowchart of the flow control process in 3rd Embodiment. The figure which shows an example of the data storage method by the modification 5. The figure which shows an example of the data storage method by the modification 6. The hardware block diagram of the key sharing apparatus concerning the 1st-3rd embodiment.

  Exemplary embodiments of a key sharing apparatus according to the present invention will be explained below in detail with reference to the accompanying drawings.

(QKD overview)
First, an outline of the quantum cryptography communication system will be described. The quantum cryptography communication system includes a transmission device and a reception device. The transmitting device transmits photons on the optical fiber link, and the receiving device receives and detects the photons. This process is called quantum communication. Thereafter, the transmission device and the reception device exchange control information with each other, whereby the encryption key is shared between the transmission device and the reception device. This process is called a shifting process.

  Based on the shared encryption key information, an error in the encryption key information generated between the transmission device and the reception device is corrected by error correction processing (EC, Error Correction). Furthermore, confidentiality enhancement processing (PA, Privacy Amplification) corresponding to information compression for canceling information that may have been wiretapped by the eavesdropper is performed among the encryption key information. Thus, finally, the transmission device and the reception device can share an encryption key that is guaranteed not to be wiretapped.

  The technique as described above can be realized by QKD. The shared encryption key is used when performing encrypted data communication between the transmission device and the reception device or between applications connected to the respective devices.

  In QKD, a quantum used for sharing an encryption key has an uncertain principle, which is one of the basic principles of quantum mechanics, whose state changes when observed. Due to this property, when an eavesdropper observes the quantum including the encryption key information transmitted by the transmitting device on the quantum communication channel, the quantum state changes, and the receiving device that received the quantum observed the quantum by the eavesdropper. I can know that. At this time, the change in the quantum state appears as a quantum bit error rate (QBER) of the link between the transmission device and the reception device. When an eavesdropper attempts to eavesdrop on the quantum, the quantum state changes and the QBER increases, so that the receiving device and the transmitting device can know the presence of the eavesdropper.

(Performance, secure key rate)
As described above, the amount of encryption key to be shared per unit time is called a secure key rate. It can be said that a higher cure key rate is a higher-performance quantum cryptography communication system. The secure key rate is calculated by subtracting the amount of information given to an eavesdropper during quantum communication or classical communication. For example, an error occurring in a quantum channel is regarded as an eavesdropping by an eavesdropper even if it is an error due to noise, and an information amount (such as an error rate of the quantum channel) indicating the error is subtracted from the secure key rate. In addition, when the error bit of the sieve key is corrected by error correction processing, the amount of information transmitted and received between the transmitting device and the receiving device on the classical communication channel is also stolen by an eavesdropper. Considered and deducted from the secure key rate.

  Thus, the performance of the quantum cryptography communication system can be evaluated with the secure key rate. The secure key rate is calculated from the error rate of the quantum communication channel, the communication amount of error correction processing, and the like.

(Flow control)
FIG. 1 is a diagram illustrating an example of each process included in the QKD. As shown in FIG. 1, in QKD, quantum communication processing, shifting processing, error correction processing (EC), confidentiality enhancement processing (PA), and encryption communication processing are executed.

  In the quantum communication processing, for example, based on a photon bit string which is bit information generated by random numbers, from a single photon generated so as to have a polarization state based on base information (transmission base) generated by a randomly selected base The configured photon sequence is transmitted to another key sharing apparatus via the quantum communication path. The other key sharing device is a device that becomes a partner to share the encryption key by QKD. The photon information is, for example, a photon bit string and a transmission base.

  In QKD, for example, a bit after encoding a quantum state is processed in the order of shifting processing, EC, and PA, thereby generating a final encryption key used for encrypted data communication.

  At this time, a final encryption key used for encryption communication is generated while passing data for generating the encryption key in each process. If the order in which each process processes data and the interface are different, the keys between the sender and the receiver may not match. Thus, for example, a method of using a FIFO (First In First Out) by preparing a storage unit (storage area) for accumulating data transferred between processes can be considered.

  An example of using the FIFO will be described. FIFO is also referred to as a first-in first-out method, in which first-in data is first out, and later-in data is out after first-in data, and the order in which the data is in / out is determined. The sieve key processed by the shifting process is inserted into a storage unit (FIFO memory) according to the FIFO method. The shifting process proceeds to a process for generating the next sieve key. The FIFO memory in which the sieving key is inserted by the shifting process can be referred to from the EC, which is a subsequent process. In EC, a sieve key inserted into a FIFO memory is read by shifting processing, and a correction key is generated using the read sieve key. The correction key is further inserted into another FIFO memory. The EC reads the next sieve key and proceeds to processing for generating the next correction key. The FIFO memory in which the correction key is inserted can also be referred from the PA, which is a subsequent process. In the PA, the correction key inserted into the FIFO memory is read by the EC, and an encryption key is generated using the read correction key. In this manner, an intermediate buffer (FIFO memory) that keeps the order between the shifting process, the EC process, and the PA process is prepared, and the processes are sequentially processed.

  When the processing speed of shifting processing, EC, and PA is different, in the method of passing sequentially when bit data can be generated in each process, if the processing speed of any process is slow, this process The rate of encryption key generation is limited, leading to a decrease in secure key rate. Even if a storage area for storing data is prepared between processes, if the processing speed of each process is different, the upper limit of the storage area may be exceeded. Even when monitoring the upper limit of the storage area is not controlled in the same way by the transmission device and the reception device, it is difficult to accurately synchronize. For this reason, there arises a problem that the encryption key is different between the transmission device and the reception device, or that the encryption key is not finally generated, leading to a decrease in the secure key rate. As described above, a method for transferring data processed in each process of QKD between processes without reducing efficiency is required.

  Although there is a technique that takes into account the case where the QKD processing speed is low and the encryption key is insufficient, this technique does not consider the situation where the QKD processing speed is high and the generated key cannot be stored. Therefore, in the following embodiment, even when the storage area for storing the intermediate key is exhausted, the system performance, that is, the flow control capable of performing QKD at high speed without reducing the secure key rate is enabled.

  The key sharing apparatus according to the embodiment includes a plurality of individual processing units that respectively execute one of a plurality of individual processes included in a process of generating an encryption key shared with another key sharing apparatus. For example, the quantum communication process, the shifting process, the error correction process (EC), the confidentiality enhancement process (PA), and the encryption communication process shown in FIG. 1 correspond to individual processes. Each individual processing unit controls execution of the corresponding individual process according to the free space of the storage unit that stores identification information for identifying data (result information) that is a result of the corresponding individual process.

  The flow control may be executed in at least a part of the plurality of individual processes. Hereinafter, a case where flow control is executed in the shifting process and the error correction process will be described as an example. Hereinafter, details of control of processing in each embodiment will be described.

(First embodiment)
The key sharing apparatus according to the first embodiment discards data (result information) to be newly saved when there is no free storage area prepared during each process of QKD. By discarding the data (result information) to be newly saved, it is possible to avoid exceeding the upper limit of the storage area and to avoid the synchronization between the transmitting device and the receiving device.

  FIG. 2 is a block diagram illustrating an example of the configuration of the key sharing system according to the first embodiment. As shown in FIG. 2, the key sharing system according to the first embodiment includes a key sharing device 100 and a key sharing device 200. Key sharing apparatus 100 and key sharing apparatus 200 are connected by quantum communication path 301 and classical communication path 302.

  The quantum communication channel 301 transmits a photon sequence composed of single photons indicating 0 or 1. The quantum communication path 301 is, for example, an optical fiber link. The classical communication path 302 transmits data. The classical communication path 302 transmits, for example, control data for shifting processing, error correction processing, and confidentiality enhancement processing. The classical communication path 302 may be wired or wireless, or may be realized by combining wired and wireless. The classical communication path 302 is, for example, Ethernet (registered trademark).

  Hereinafter, a case where the key sharing apparatus 100 functions as a transmission apparatus and the key sharing apparatus 200 functions as a reception apparatus will be described as an example. The key sharing apparatus 100 and the key sharing apparatus 200 may be configured to have both functions of a transmission apparatus and a reception apparatus.

  The key sharing apparatus 100 includes a quantum communication unit 101, a shifting unit 102, an error correction unit 103, a confidentiality enhancing unit 104, storage units 131 and 132, and a bit string storage unit 121.

  The quantum communication unit 101 performs quantum communication processing. For example, the quantum communication unit 101 transmits / receives photon information to / from the key sharing apparatus 200 and stores bit data extracted from the photon, information on the selected basis, information on a pulse used for transmitting the photon, and the like in a bit string storage Stored in the unit 121.

  The shifting unit 102 performs a shifting process. For example, the shifting unit 102 extracts bit string information, base information, and the like stored in the bit string storage unit 121, sifts the bit string information based on the base information, the key sharing device 100, the key sharing device 200, and the like. Shifting processing is performed to obtain the same bit string. The shifting unit 102 stores the extracted bit string (key bit string) in the bit string storage unit 121.

  The error correction unit 103 performs error correction processing. For example, the error correction unit 103 extracts information on the shared bit string after the shifting process stored in the bit string storage unit 121 and corrects an error included in the shared bit string. The error correction unit 103 stores the corrected bit string in the bit string storage unit 121.

  The confidentiality enhancing unit 104 executes confidentiality enhancing processing. For example, the confidentiality enhancing unit 104 extracts the information of the shared bit string after the error correction process stored in the bit string storage unit 121 and performs the confidentiality enhancing process with the key sharing apparatus 200. The confidentiality enhancing unit 104 stores the processed bit string in the bit string storage unit 121.

  The storage unit 131 is installed between the shifting unit 102 and the error correction unit 103. The storage unit 132 is installed between the error correction unit 103 and the confidentiality enhancing unit 104. The storage units 131 and 132 store key data in order to perform flow control for delivering key data when performing QKD. When flow control is performed by another individual processing unit, a storage unit that stores key data may be installed between the individual processing unit and a subsequent processing unit.

  The storage units 131 and 132 may store a key data file or the like stored in the bit string storage unit 121 together with identification information (ID) for identifying the key data instead of the bit string storage unit 121, or the bit string storage unit Only the identification information for identifying the entity of the key data stored in 121 may be stored. That is, the result information stored in the storage units 131 and 132 may be only the key data ID, or both the key data ID and the key data entity. Flow control is performed when QKD is performed based on the substance of the key data or the identification information stored in the storage units 131 and 132.

  The bit string storage unit 121 stores information acquired and generated in each process with the key sharing apparatus 200, such as a bit string obtained by the quantum communication unit 101. Such information may be used by other components (such as other individual processing units) via the bit string storage unit 121, or information may be directly transferred between the components.

  Each of the above units (quantum communication unit 101, shifting unit 102, error correction unit 103, and confidentiality enhancing unit 104) is realized by, for example, one or a plurality of processors. For example, each of the above units may be realized by causing a processor such as a CPU (Central Processing Unit) to execute a program, that is, by software. Each of the above sections may be realized by a processor such as a dedicated IC (Integrated Circuit), that is, hardware. Each of the above units may be realized by using software and hardware together. When using a plurality of processors, each processor may realize one of the respective units, or may realize two or more of the respective units.

  Each storage unit (the storage units 131 and 132 and the bit string storage unit 121) is made up of any commonly used storage medium such as an HDD (Hard Disk Drive), an optical disk, a memory card, or a RAM (Random Access Memory). Can be configured. Each storage unit may be a physically different storage medium, or may be realized as a different storage area of the physically same storage medium. Further, each storage unit may be realized by a plurality of physically different storage media.

  Next, a configuration example of the key sharing apparatus 200 that functions as a receiving apparatus will be described. As illustrated in FIG. 2, the key sharing apparatus 200 includes a quantum communication unit 201, a shifting unit 202, an error correction unit 203, a confidentiality enhancement unit 204, and a bit string storage unit 221.

  The key sharing device 200 communicates with each unit of the key sharing device 100 and executes each process (individual processing) of QKD. That is, the quantum communication unit 201, the shifting unit 202, the error correction unit 203, and the confidentiality enhancement unit 204 are respectively connected to the quantum communication unit 101, the shifting unit 102, the error correction unit 103, and the confidentiality of the key sharing device 100. Individual processing corresponding to the property enhancement unit 104 is executed. The bit string storage unit 221 stores information acquired and generated in each process with the key sharing apparatus 100.

  Next, details of the individual processing unit will be described. FIG. 3 is a block diagram illustrating a functional configuration example of the individual processing unit 500 according to the first embodiment. In the present embodiment, the shifting unit 102 and the error correction unit 103 correspond to the individual processing unit 500. The shifting unit 102 and the error correction unit 103 each have a function as shown in FIG. As illustrated in FIG. 3, the individual processing unit 500 includes a monitoring unit 501 and a control unit 502.

  The monitoring unit 501 monitors the substance or identification information of key data stored in a storage unit (storage unit 131 or storage unit 132) installed between the processing unit at the subsequent stage. The monitoring unit 501 performs flow control for delivering key data when performing QKD, so that the substance of the key data stored in the storage unit, the identification information is not stored, and the storage area is empty. Monitor whether there is any. The monitoring unit 501 may further monitor a storage unit installed between the preceding processing unit.

  The control unit 502 performs necessary control according to the state of the storage unit monitored by the monitoring unit 501. For example, if there is an empty storage unit installed between the control unit 502 and the subsequent processing unit, the control unit 502 stores data (result information) to be newly stored in the storage unit. If the entity of the key data stored in the storage unit installed between the upstream processing unit or the identification information is empty, the control unit 502 stores the data (result information) in the previous individual processing. Flow control is performed so as to wait. In addition, the control unit 502, if the substance of the key data stored in the storage unit installed between the subsequent processing units or the identification information is stored up to the upper limit, the data ( Flow control is performed so that (result information) is discarded. Whether the data (result information) is stored up to the upper limit may be determined based on, for example, whether the free capacity of the storage unit is smaller than a threshold (first threshold).

  Next, a flow control process performed by the key sharing apparatus 100 according to the first embodiment configured as described above will be described with reference to FIG. FIG. 4 is a flowchart illustrating an example of a flow control process according to the first embodiment. FIG. 4 illustrates an example of flow control in error correction processing. Similar procedures can be applied to other individual processes.

  The error correction unit 103 executes error correction processing (step S101). The monitoring unit 501 of the error correction unit 103 determines whether there is a free area in the storage unit 132 (step S102). If there is a free area (step S102: Yes), the control unit 502 stores the identification information (ID) of the key data for which the error correction processing has been completed in the storage unit 132 (step S103). The control unit 502 may store data (related parameters, error rate, etc.) other than the ID in the storage unit 132 together with the ID.

  When there is no free area (step S102: No), the control unit 502 discards data (result information) obtained by the error correction process (step S104).

  FIG. 5 is a diagram illustrating an example of a method for sharing data between processes. As an example, consider sharing data (result information) between EC and PA. The error correction unit 103 includes a module that repeatedly performs EC, for example. When the module completes EC, the error correction unit 103 outputs a correction key file. The correction key file is stored in the bit string storage unit 121, for example.

  The error correction unit 103 outputs a file and saves parameters and data (such as an error rate) associated with the ID of the file that has been processed in the storage unit 132. At this time, if there is no space in the storage area of the storage unit 132, the error correction unit 103 (control unit 502) discards the data (result information). When there is a free space in the storage area, the error correction unit 103 (control unit 502) writes an ID or the like in the storage area.

  The latter secrecy enhancing unit 104 includes a module that repeatedly performs PA. This module always monitors the storage area of the storage unit 132. If the storage area is empty, the confidentiality enhancing unit 104 waits for an ID for which EC has been completed to be stored. If there is data (result information) in the storage area, the confidentiality enhancing unit 104 extracts the ID and performs PA. At this time, the error correction unit 103 stores the IDs in the storage area in the order in which the processing is completed. The confidentiality enhancing unit 104 extracts IDs, for example, in the order stored in the storage area, reads a correction key file of the IDs, performs processing, and finally generates an encryption key.

  As described above, when the confidentiality enhancing unit 104 retrieves data (result information) from the storage unit 132 in order to perform the confidentiality enhancing process, the processing is performed from the previously inserted data (result information) using the characteristics of the FIFO. May be. In the example of FIG. 5, the confidentiality enhancing unit 104 takes out the data (result information) of [ID: 001] inserted earlier and performs the confidentiality enhancing process.

  In this way, data (result information) is transferred between the processes using the storage area. By detecting that there is no free space in the storage area, it is possible to avoid exceeding the upper limit of the storage area, and to prevent the synchronization with the key sharing apparatus 200 from shifting and the encryption keys from matching. Although not only the ID but also data such as an error rate is stored, in this embodiment, it is not necessary to execute flow control with reference to such data.

  In the prior art, since there is no function for performing data flow control between the processing units, each processing unit performs processing at each processing speed and stores key data in the storage unit. Further, the conventional technology does not consider processing when the storage area of the storage unit runs out. For this reason, synchronization between the transmitting device and the receiving device is not taken, overwriting the old key data among the stored key data, or destroying the key data, the encryption key can not be correctly, The secure key rate sometimes deteriorated.

  The key sharing apparatus 100 according to the first embodiment uses the storage units 131 and 132, the monitoring unit 501, the control unit 502, and the like to perform flow control for transferring key data when performing QKD. The key sharing apparatus 100 monitors whether the storage units 131 and 132 are empty and the data (result information) is empty. When the storage units 131 and 132 are not empty, a new save is performed. Discard the data (result information) to be attempted. Thereby, it is possible to avoid a synchronization shift caused by exceeding the upper limit of the storage area.

(Second Embodiment)
If the data (result information) to be newly saved is discarded, the encryption key finally generated is reduced by the amount of the data (result information), and the secure key rate may be lowered. Therefore, in the second embodiment, data (result information) that is favorable for generating an encryption key is preferentially stored instead of discarding data (result information) to be newly stored, and bad conditions are generated. Control to discard the data (result information). Whether it is a good condition for generating the encryption key is determined by a parameter such as an error rate.

  For example, parameters such as an error rate are compared between stored data (result information) and data to be newly stored (result information). If the data (result information) already stored in the storage area has parameters worse than the data (result information) to be newly stored, the data (result information) having bad parameters is deleted and vacant Data (result information) to be newly saved in the area is saved. When the parameter of data (result information) to be newly saved is worse than the parameter of data (result information) already saved, the data (result information) to be newly saved is discarded and the storage area Will not be updated.

  With such a configuration, the secure key rate is preferentially saved by suppressing the deterioration of the secure key rate due to the synchronization between the key sharing apparatuses being deviated and preferentially storing data (result information) related to the secure key rate. Can be further improved.

  FIG. 6 is a block diagram illustrating an example of the configuration of the key sharing apparatus 100-2 according to the second embodiment. As illustrated in FIG. 6, the key sharing apparatus 100-2 includes a quantum communication unit 101, a shifting unit 102-2, an error correction unit 103-2, a confidentiality enhancement unit 104-2, and a storage unit 131-. 2 and 132-2 and a bit string storage unit 121.

  FIG. 7 is a block diagram illustrating a functional configuration example of the individual processing unit 500-2 according to the second embodiment. In the present embodiment, the shifting unit 102-2 and the error correction unit 103-2 correspond to the individual processing unit 500-2. Each of the shifting unit 102-2 and the error correction unit 103-2 has a function as shown in FIG. As illustrated in FIG. 7, the individual processing unit 500-2 includes a monitoring unit 501 and a control unit 502-2.

  In the second embodiment, the control unit 502-2, the confidentiality enhancement unit 104-2, and the storage unit 131 included in the individual processing unit 500-2 (shifting unit 102-2, error correction unit 103-2). -2 and 132-2 are different from those in the first embodiment. Other configurations and functions are the same as those in FIG. 2 which is a block diagram of the key sharing apparatus 100 according to the first embodiment, and thus the same reference numerals are given and description thereof is omitted here.

  The storage units 131-2 and 132-2 are different from the storage units 131 and 132 of the first embodiment in that they further store data (priority) for determining conditions.

  The control unit 502-2 is different from the control unit 502 of the first embodiment in that flow control is performed in consideration of priority. For example, the control unit 502-2 assigns a priority to the data (result information such as identification information) obtained by the individual processing and stores it in the storage unit. The control unit 502-2 deletes data (result information) whose priority is smaller than other data (result information) from the storage unit when the storage unit has no space (the free capacity of the storage unit is smaller than the threshold value). To do. In addition, when data (result information) with priority is stored in the storage unit with the previous processing unit, the control unit 502-2 obtains data (results) obtained as a result of the previous processing unit. Among the information), data (result information) having a higher priority than the other data (result information) is read from the storage unit, and the corresponding individual processing is executed using the read data (result information).

  The confidentiality enhancing unit 104-2 is different from the confidentiality enhancing unit 104 of the first embodiment in that data (result information) to be processed is read from the storage unit 132-2 in consideration of priority. .

  Next, a flow control process performed by the key sharing apparatus 100-2 according to the second embodiment configured as described above will be described with reference to FIG. FIG. 8 is a flowchart illustrating an example of a flow control process according to the second embodiment. FIG. 8 illustrates an example of flow control in error correction processing. Similar procedures can be applied to other individual processes.

  The error correction unit 103-2 executes error correction processing (step S201). The monitoring unit 501 of the error correction unit 103-2 determines whether there is a free area in the storage unit 132-2 (step S202). When there is an empty area (step S202: Yes), the control unit 502-2 gives priority to the identification information (ID) of the key data for which the error correction processing has been completed, and stores it in the storage unit 132-2 (step S202). S203).

  When there is no free space (step S202: No), the control unit 502-2 includes the data (result information) stored in the storage unit 132-2 and the data to be newly saved (result information). The data (result information) having a low priority is discarded (deleted) (step S204). When the data (result information) stored in the storage unit 132-2 is deleted, the control unit 502-2 newly stores data to be saved in the free area of the storage unit 132-2 secured by the deletion. (Result information) is stored (step S203). In addition, when discarding data (result information) to be newly saved, the control unit 502-2 does not save the data (result information) in the storage unit 132-2.

  FIG. 9 is a diagram illustrating an example of a method of discarding data (result information) in the present embodiment. FIG. 9 shows an example in which data (result information) is shared between the error correction unit 103-2 and the confidentiality enhancement unit 104-2.

  The error correction unit 103-2 outputs a correction key file upon completion of the error correction process. At this time, the error correction unit 103-2 stores the file in the bit string storage unit 121, for example, and saves the file ID, related parameters, and data (such as an error rate) in the storage unit 132-2. The error correction unit 103-2 stores data (result information) in the storage unit 132-2 with a priority according to, for example, an error rate. The confidentiality enhancing unit 104-2, which is a subsequent processing unit, takes out data (result information) from the storage unit 132-2 with priority given to the assigned data (result information).

The error correction unit 103-2 discards low priority data (result information) when there is no free space in the storage unit 132-2. As illustrated in FIG. 9, a storage unit 132-2 that receives data (result information) from the error correction unit 103-2 and from which the confidentiality enhancing unit 104-2 extracts data (result information) will be described as an example. It is assumed that the following data (result information) that has already been subjected to error correction processing is stored in the storage unit 132-2 and that there is no space in the storage area.
・ [ID: 0, error rate: 5%]
・ [ID: 1, Error rate: 2%]
・ [ID: 2, Error rate: 4%]
・ [ID: 3, error rate: 2%]
・ [ID: 4, error rate: 3%]
・ [ID: 5, Error rate: 5%]
・ [ID: 6, Error rate: 6%]
・ [ID: 7, Error rate: 2%]

  The priority of these data (result information) is determined according to, for example, an error rate. The lower the error rate value, the lower the secure key rate, which is the system performance, so the priority is set low. The higher the error rate value, the higher the secure key rate, so the priority is set higher. For example, if the priority is determined to be the same as the error rate value, [ID: 0] has an error rate of 5%, so the priority is fifth, and [ID: 1] has an error rate of 2%, so the priority is second. Since [ID: 2] has an error rate of 4%, the priority is fourth. [ID: 3] has an error rate of 2%, so the priority is second. [ID: 4] has an error rate of 3%, so the priority is Since [ID: 5] has an error rate of 5%, the priority is fifth, and [ID: 6] has an error rate of 6%, so the priority is sixth, and [ID: 7] has an error rate of 2%. The priority is second.

  The error correction unit 103-2 newly completes the process, and the data (result information) of [ID: 8, error rate: 3%], that is, data of priority 3 (result information) is stored in the storage unit 132-2. Consider the case of trying to save. Since there is no space in the storage area of the storage unit 132-2, the error correction unit 103-2 (control unit 502-2) stores [ID: 6] data (result information) having the lowest priority 6. Discard (delete) from the section 132-2 to secure a free area. Thereafter, the error correction unit 103-2 stores the data (result information) of [ID: 8] in the storage unit 132-2.

  When new data (result information) is inserted when there is no free space in the storage unit 132-2, all data in which the priority of the newly inserted data (result information) is stored in the storage unit 132-2 When the priority is lower than (result information), the control unit 502-2 discards newly inserted data (result information). On the other hand, when the newly inserted data (result information) is higher than the priority of any data (result information) stored in the storage unit 132-2, the control unit 502-2 determines the priority. Data (result information) having a low value is discarded from the storage unit 132-2, and newly inserted data (result information) is stored in the storage unit 132-2. In this way, the control unit 502-2 performs control so that data (result information) with high priority remains as data (result information) stored in the storage unit 132-2.

  When the confidentiality enhancing unit 104-2 retrieves data (result information) from the storage unit 132-2 in order to perform the confidentiality enhancing process, for example, the confidentiality enhancing unit 104-2 retrieves data (result information) having a high priority. In the example of FIG. 9, the confidentiality enhancing unit 104-2 extracts the data (result information) having the highest priority [ID: 1, error rate: 2%] and executes the confidentiality enhancing process.

  For data (result information) having the same priority, data inserted earlier (result information) may be selected, data inserted later (result information) may be selected, or other parameters May be selected in consideration of When the confidentiality enhancement process is executed first from the data with high priority (result information), the data (result information) having the lowest error rate among the data (result information) stored in the storage unit 132-2 is sequentially ordered. Data that has been processed and has a high error rate (result information) remains in the storage area or becomes a candidate for data (result information) to be discarded. Since data with low error rate (result information) is processed preferentially, it is processed from data (result information) with a high calculated secure key rate. It becomes possible to make it higher.

  A specific example of improving the secure key rate will be described below. FIG. 10 is a diagram illustrating an example of the relationship between the error rate and the secure key rate.

  For example, it is assumed that the same data (result information) as FIG. 9 is stored in the storage unit 132-2, and the secure key rate estimated from each error rate is the value shown in FIG. At this time, it is assumed that the error correction unit 103-2 discards data (result information) [ID: 8, error rate: 3%] to be newly inserted without considering the priority. In this case, the secure key rate of 40 kb / s corresponding to the secure key rate is discarded.

  On the other hand, if the data (result information) of [ID: 6, error rate: 6%] is discarded in consideration of the priority as in the present embodiment, the secure key rate to be discarded becomes 20 kb / s, and the secure key Rate degradation can be suppressed by 20 (= 40-20) kb / s. In this way, it is possible to suppress deterioration of the secure key rate by assigning priorities according to the error rate.

So far, the error rate has been described as an example of the parameter, but the index for determining the priority may be other parameters or a combination thereof. An index that increases the value for data (result information) under conditions suitable for generating the encryption key may be set as the priority. For example, an index whose value changes according to the communication status or an index whose value increases when the reliability of encryption key sharing processing is high can be used. The priority may be determined according to one or more of the error rate of each communication channel, the processing speed of each communication channel, the estimated value of the generation amount of the encryption key per unit time, and the processing speed of the individual processing. . Examples of parameters that can be used for each individual processing unit are shown below.
Quantum communication unit 101: Photon information, quantum communication processing speed Shifting unit 102-2: Photon information, estimated error rate, shifting processing speed Error correction unit 103-2: Error rate, number of leaked bits, Error correction processing speed and common to all parts: Estimated secure key rate

  The method for storing and retrieving data (result information) is not limited to the above. Other methods will be described below.

(Modification 1)
In the first modification, the threshold for determining whether to discard or save the data (result information) is changed depending on the free space in the storage area. For example, when the priority is higher than the threshold (second threshold) changed according to the free capacity of the storage unit 132-2, the control unit 502-2 attaches the priority and stores the data (result information). The data (result information) is discarded when the priority is equal to or lower than the threshold value.

  FIG. 11 is a diagram for explaining the flow control according to the first modification. For example, when the ratio of the free capacity of the storage unit 132-2 is equal to or greater than X%, the control unit 502-2 has an error rate smaller than Y%. In other words, intermediate data (priority greater than a threshold (second threshold)) Result information) is stored in the storage unit 132-2. In addition, the control unit 502-2 discards intermediate data (result information) having an error rate equal to or higher than Y%, in other words, a priority equal to or lower than a threshold (second threshold).

  When the ratio of the free capacity of the storage unit 132-2 is less than X%, the control unit 502-2 changes the threshold to be compared with the error rate to Z% smaller than Y% and similarly determines. Thereby, parameters such as an error rate can be taken into consideration while avoiding a situation where the storage area is full.

  The case where X = 75, Y = 5, and Z = 3 are set will be described as an example with reference to FIG. When the free space of the storage unit 132-2 is 75 (= X)%, it is unlikely that there is no free space in the storage area, so data (result information) is saved as much as possible. For this reason, threshold Y = 5% is used, and data (result information) of [ID: 9, error rate: 4%] newly generated from the error correction unit 103-2 is stored in the storage unit 132-2. . On the other hand, when the free space becomes 12.5 (<75 = X)%, there is a high possibility that the storage area will be free, so data (result information) is discarded as much as possible. For this reason, the threshold value Z = 3% is used, and the data (result information) of [ID: 9, error rate: 4%] newly generated from the error correction unit 103-2 is discarded.

  Note that the method of changing the threshold (second threshold) according to the free capacity of the storage unit 132-2 is not limited to the above. Any method may be used as long as the threshold value is set so as to save data (result information) as much as possible as the free space increases. For example, a method of changing the threshold stepwise in accordance with the free space, a method of calculating the threshold value using a calculation formula from the free space value, and the like may be used.

(Modification 2)
In the second modification, a plurality of storage areas (storage units) are prepared, and data (result information) is allocated to each storage area according to a parameter value (priority). The plurality of storage areas may be physically different storage units, or may be different areas of the physically same storage unit. For example, the control unit 502-2 stores data (result information) in a storage region (storage unit) determined according to the priority among a plurality of storage regions (storage units).

  FIG. 12 is a diagram for explaining flow control according to the second modification. For example, the error correction unit 103-2 (control unit 502-2) stores data (result information) with an error rate of less than 4% in the storage area 1201a, and stores data (result information) with an error rate of 4% or more. Save in the area 1201b. In the example of FIG. 12, the error correction unit 103-2 stores data (result information) of [ID: 8, error rate: 3%] in the storage area 1201a. The number of storage areas is not limited to two, and three or more storage areas may be used.

  Thus, by dividing the storage area according to the parameter value, it becomes easy for the subsequent processing to select the data (result information) to be extracted. For example, the confidentiality enhancing unit 104-2 preferentially takes out data (result information) from the storage area 1201a, and when there is no data (result information) in the storage area 1201a, the data (result information) in the storage area 1201b is used. Then, when data (result information) is inserted into the storage area 1201a after that, a method of taking out the data (result information) from the storage area 1201a again can be adopted.

(Modification 3)
In the third modification, data (result information) is sorted in the order of good parameter values (priority) and stored in the storage unit 132-2, and the subsequent processing unit sequentially extracts the first data (result information). . For example, the control unit 502-2 sorts the data (result information) in order of priority and stores the data in the storage unit 132-2.

  FIG. 13 is a diagram for explaining flow control according to the third modification. The control unit 502-2 sorts the generated data (result information) according to the parameters and saves them in the storage unit 132-2. For example, the error correction unit 103-2 (control unit 502-2) inserts data (result information) according to the error rate when inserting data (result information) of [ID: 8, error rate: 3%]. Sort and store in the fourth position from the beginning. Since the sorted data (result information) is arranged in the order of good parameters, the confidentiality enhancing unit 104-2 may extract the data (result information) from the top.

  In Modifications 1 to 3 (FIGS. 11 to 13), it can be interpreted that the parameter value itself is used as the priority, but the priority determined according to the parameter value is not the parameter value itself. You may comprise so that it may be used.

(Modification 4)
The control unit 502-2 is configured not to discard the data (result information) according to the priority but to execute only the process of acquiring the processing result (result information) according to the priority processing unit according to the priority. May be. For example, if the storage capacity of the storage units 131-2 and 132-2 is sufficiently large so that data (result information) cannot be stored, even if the configuration as in the present modification is concerned, it is related to the secure key rate. It is possible to improve the secure key rate by preferentially storing data (result information) with good parameters.

  As described above, in the key sharing apparatus according to the second embodiment, data (result information) with low priority (poor parameter) is prioritized and discarded using priority according to parameters such as error rate. In addition, data (result information) having a high priority (good parameters) can be preferentially stored. Further, the threshold value of the parameter of data (result information) to be saved can be changed according to the ratio of the free capacity of the storage unit. As a result, the processing is synchronized between the transmission device and the reception device, and further, the lower priority data (result information) is preferentially discarded, thereby preventing the deterioration of the secure key rate and the QKD key generation speed. It will be possible to connect to higher speed. In other words, encryption keys can be shared more efficiently than when discarded without considering priority, and data (result information) can be safely shared between processes while maintaining reliability. It becomes possible.

(Third embodiment)
In the above embodiment, after the individual processing unit performs the process, it is determined whether or not the storage area is empty. When the storage area is not empty, the data (result information) processed so far is discarded. It was. In such a method, discarding the data (result information) wastes the processing up to that point, and it takes extra processing time for discarding, which may reduce the secure key rate.

  Therefore, the key sharing apparatus according to the third embodiment checks whether there is no free storage area before the individual processing unit starts processing, and does not start the process when there is no free storage area. Wait for a certain time and check the storage area again. The key sharing apparatus according to the present embodiment executes individual processing when the storage area is empty, and saves the processed data (result information) file in the storage unit. With this configuration, it is possible to avoid wasteful processing when there is no free space in the storage area. Since extra processing time is not required, deterioration of the secure key rate can be suppressed.

  FIG. 14 is a block diagram illustrating an example of the configuration of the key sharing apparatus 100-3 according to the third embodiment. As shown in FIG. 14, the key sharing apparatus 100-3 includes a quantum communication unit 101, a shifting unit 102-3, an error correction unit 103-3, a confidentiality enhancing unit 104, and storage units 131 and 132. A bit string storage unit 121.

  FIG. 15 is a block diagram illustrating a functional configuration example of the individual processing unit 500-3 according to the third embodiment. In the present embodiment, the shifting unit 102-3 and the error correction unit 103-3 correspond to the individual processing unit 500-3. The shifting unit 102-3 and the error correction unit 103-3 each have a function as shown in FIG. As shown in FIG. 15, the individual processing unit 500-3 includes a monitoring unit 501 and a control unit 502-3.

  In the third embodiment, the function of the control unit 502-3 included in the individual processing unit 500-3 (shifting unit 102-3, error correction unit 103-3) is different from that of the first embodiment. Other configurations and functions are the same as those in FIG. 2 which is a block diagram of the key sharing apparatus 100 according to the first embodiment, and thus the same reference numerals are given and description thereof is omitted here.

  The control unit 502-3 does not start the execution of individual processing when the free capacity of the storage units 131 and 132 is smaller than the threshold (first threshold), and individually when the free capacity of the storage units 131 and 132 is equal to or greater than the threshold. Start executing the process.

  Next, a flow control process performed by the key sharing apparatus 100-3 according to the third embodiment configured as described above will be described with reference to FIG. FIG. 16 is a flowchart illustrating an example of a flow control process according to the third embodiment. FIG. 16 illustrates an example of flow control in error correction processing. Similar procedures can be applied to other individual processes.

  The control unit 502-3 of the error correction unit 103-3 determines whether there is a free area in the storage unit 132 (step S301). When there is no free area (step S301: No), the control unit 502-3 returns to step S301 and repeats the process until a free area is generated. The controller 502-3 may be configured to execute the determination process in step S301 after waiting for a predetermined time.

  When there is a free area (step S301: Yes), the control unit 502-3 executes error correction processing (step S302). The control unit 502-3 stores the identification information (ID) of the key data for which the error correction processing has been completed in the storage unit 132 (Step S303). The control unit 502-3 may store data other than the ID (related parameters, error rate, etc.) in the storage unit 132 together with the ID. The storage units 131 and 132 may store a key data file or the like stored in the bit string storage unit 121 together with identification information (ID) for identifying the key data instead of the bit string storage unit 121, or the bit string storage unit Only the identification information for identifying the entity of the key data stored in 121 may be stored.

  If the storage unit 132 is empty, the confidentiality enhancing unit 104 in the subsequent stage waits for the ID that has been processed by the error correcting unit 103-3 to be accumulated. When the data (result information) is stored in the storage unit 132, the confidentiality enhancing unit 104 extracts the ID from the storage unit 132, reads the correction key file of the extracted ID, performs the confidentiality enhancing process, Generate the final encryption key.

  As described above, in the key sharing apparatus according to the third embodiment, before starting individual processing (such as error correction processing), it is checked whether there is no free space in the storage area, and if there is no free space, the individual processing is started. Control not to. As a result, it is possible to avoid the destruction of the secure key rate by avoiding discarding since individual processing is performed but cannot be stored in the storage area.

(Modification 5)
As described above, a storage unit (such as the storage units 131 and 132) used for flow control may store only the key data ID, or may store the key data entity and the key data ID. Good. That is, the information (result information) stored in the storage unit as the processing result of the individual processing may be only the key data ID, or may be both the key data ID and the key data entity. In the fifth modification, an example in which the key data entity and the key data ID are stored together will be described. In this modification, the case where the second embodiment is modified will be described as an example. However, the same modification can be applied to other embodiments.

  FIG. 17 is a diagram illustrating an example of a data storage method according to the fifth modification. As shown in FIG. 17, in this modification, the error correction unit 103-2 stores the key data (correction key data) for which correction processing has been completed, together with the key data ID, in the storage unit 132-2 as result information. . The confidentiality enhancing unit 104-2 takes out the ID and key data from the storage unit 132-2 and performs PA.

(Modification 6)
In the storage unit used for flow control, only the entity of the key data may be stored as result information. FIG. 18 is a diagram illustrating an example of a data storage method according to the sixth modification configured as described above. In this modification, a case where the second embodiment is modified will be described as an example, but the same modification can be applied to other embodiments.

  As shown in FIG. 18, in this modification, the error correction unit 103-2 stores the key data (correction key data) for which the correction processing has been completed in the storage unit 132-2 as result information. At this time, the ID of the key data need not be stored in the storage unit 132-2. The confidentiality enhancing unit 104-2 takes out the key data from the storage unit 132-2 and performs PA.

(Modification 7)
In the above embodiment, each individual processing unit executes the corresponding individual process according to the free space of the storage unit that stores result information (at least one of key data and key data ID) as a result of the individual process. Controlled. As long as the information indicates the availability of the storage unit, the execution of the individual processing may be controlled according to information other than the available capacity. For example, the control unit 502 (502-2, 502-3) monitors the availability of the storage unit based on the history of input / output of result information to / from the storage unit or the update frequency of data in the storage unit, and determines the availability status. The result information is retained and discarded. The control unit 502 (502-2, 502-3), for example, determines that the result information obtained by the error correction process is low when it is determined that there is not enough storage space due to frequent input / output or update of the result information. Discard (first embodiment), discard result information with a low priority (second embodiment), or the like.

  As described above, according to the first to third embodiments, when the storage area for storing the intermediate key is exhausted, the flow control is performed so that QKD can be performed at high speed without degrading the system performance. It becomes possible.

  Next, the hardware configuration of the key sharing apparatus according to the first to third embodiments will be described with reference to FIG. FIG. 19 is an explanatory diagram illustrating a hardware configuration example of the key sharing apparatus according to the first to third embodiments.

  A key sharing apparatus according to the first to third embodiments includes a control device such as a CPU (Central Processing Unit) 51, a storage device such as a ROM (Read Only Memory) 52 and a RAM (Random Access Memory) 53, and a network. A communication I / F 54 that communicates by connecting to each other and a bus 61 that connects each unit are provided.

  A program executed by the key sharing apparatus according to the first to third embodiments is provided by being incorporated in advance in the ROM 52 or the like.

  A program executed by the key sharing apparatus according to the first to third embodiments is an installable or executable file, which is a CD-ROM (Compact Disk Read Only Memory), a flexible disk (FD), a CD. It may be configured to be recorded on a computer-readable recording medium such as -R (Compact Disk Recordable) or DVD (Digital Versatile Disk) and provided as a computer program product.

  Further, the program executed by the key sharing apparatus according to the first to third embodiments is stored on a computer connected to a network such as the Internet and is provided by being downloaded via the network. Also good. Further, the program executed by the key sharing apparatus according to the first to third embodiments may be configured to be provided or distributed via a network such as the Internet.

  A program executed by the key sharing apparatus according to the first to third embodiments can cause a computer to function as each unit of the key sharing apparatus described above. In this computer, the CPU 51 can read and execute a program from a computer-readable storage medium onto a main storage device.

  Although several embodiments of the present invention have been described, these embodiments are presented by way of example and are not intended to limit the scope of the invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

100, 100-2, 100-3, 200 Key sharing device 101, 201 Quantum communication unit 102, 102-2, 102-3, 202 Shifting unit 103, 103-2, 103-3, 203 Error correction unit 104, 104-2, 204 Confidentiality enhancement unit 121, 221 Bit string storage unit 131, 131-2, 132, 132-2 storage unit 301 quantum communication channel 302 classical communication channel 500, 500-2, 500-3 individual processing unit 501 monitoring Unit 502, 502-2, 502-3 Control unit

Claims (13)

A plurality of individual processing units that respectively execute one of a plurality of individual processes included in a process of generating an encryption key shared by quantum key distribution with another key sharing apparatus;
The individual processing unit includes:
A control unit that controls execution of the corresponding individual process according to the availability of a storage unit that stores the result of the individual process and the result information that is at least one of identification information for identifying the result;
Key sharing device. The control unit discards the result when the free space of the storage unit is smaller than a first threshold;
The key sharing apparatus according to claim 1. The control unit assigns priority and stores the result information in the storage unit;
When the free space of the storage unit is smaller than a first threshold and the priority of the result information is lower than the priority stored in the storage unit, the result information is discarded, and the free space of the storage unit is When the priority of the result information is smaller than the first threshold and the priority of the result information is higher than the priority stored in the storage unit, the result information whose priority is smaller than the other result information is deleted from the storage unit, Prioritizing the result information and storing it in the storage unit,
The key sharing apparatus according to claim 1. The control unit assigns priority and stores the result information in the storage unit;
The first individual processing unit included in the plurality of individual processing units, among the result information of the second individual processing unit included in the plurality of individual processing units, the result information whose priority is larger than the other result information Read from the storage unit, using the read result information, to execute the corresponding individual processing,
The key sharing apparatus according to claim 1. The control unit stores the result information in the storage unit with the priority added when the priority of the result information is higher than a second threshold that is changed according to the free space of the storage unit. Discarding the result information when the priority is equal to or lower than the second threshold;
The key sharing apparatus according to claim 1. The control unit stores the result information in a storage unit that is determined according to the priority of the result information among a plurality of storage units.
The key sharing apparatus according to claim 1. The control unit rearranges the result information in order of priority, and stores the result information in the storage unit.
The key sharing apparatus according to claim 1. The priority is determined according to one or more of an error rate of a communication path, a processing speed of the communication path, an estimated value of the generation amount of the encryption key per unit time, and a processing speed of the individual processing.
The key sharing apparatus according to any one of claims 3 to 7. The control unit does not start the execution of the individual process when the free capacity of the storage unit is smaller than a first threshold, and the individual process of the individual process when the free capacity of the storage unit is equal to or greater than the first threshold. Start running,
The key sharing apparatus according to claim 1. The plurality of individual processing units are
A quantum communication unit that transmits and receives photons to and from the other key sharing device via a quantum communication path;
A shifting unit for generating a sieving key from the photon information;
An error correction unit that corrects an error of the sieve key to generate a correction key;
A secrecy enhancement unit that generates an encryption key with increased security of the correction key;
Including at least one of
The key sharing apparatus according to claim 1. A first key sharing device and a second key sharing device;
The first key sharing device includes:
A plurality of individual processing units that respectively execute one of a plurality of individual processes included in a process of generating an encryption key shared with the second key sharing apparatus by quantum key distribution;
The individual processing unit includes:
A control unit that controls execution of the corresponding individual process according to the availability of a storage unit that stores the result of the individual process and the result information that is at least one of identification information for identifying the result;
Key sharing system. Including a plurality of individual processing steps for executing any one of a plurality of individual processes included in a process of generating an encryption key shared by quantum key distribution with another key sharing apparatus,
The individual processing step includes
Including a control step for controlling execution of the corresponding individual process according to the availability of a storage unit that stores the result of the individual process and the result information that is at least one of identification information for identifying the result.
Key sharing method. Computer
Function as a plurality of individual processing units that respectively execute one of a plurality of individual processes included in the process of generating an encryption key shared by quantum key distribution with another key sharing device,
The individual processing unit includes:
A control unit that controls execution of the corresponding individual process according to the availability of a storage unit that stores the result of the individual process and the result information that is at least one of identification information for identifying the result;
program.

Images