WO2004088915A1 - 量子鍵配送方法および通信装置 - Google Patents
量子鍵配送方法および通信装置 Download PDFInfo
- Publication number
- WO2004088915A1 WO2004088915A1 PCT/JP2004/003111 JP2004003111W WO2004088915A1 WO 2004088915 A1 WO2004088915 A1 WO 2004088915A1 JP 2004003111 W JP2004003111 W JP 2004003111W WO 2004088915 A1 WO2004088915 A1 WO 2004088915A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- parity check
- check matrix
- error correction
- communication device
- information
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/12—Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/03—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
- H03M13/05—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
- H03M13/09—Error detection only, e.g. using cyclic redundancy check [CRC] codes or single parity bit
- H03M13/095—Error detection codes other than CRC and single parity bit codes
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/03—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
- H03M13/05—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
- H03M13/09—Error detection only, e.g. using cyclic redundancy check [CRC] codes or single parity bit
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/03—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
- H03M13/05—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
- H03M13/13—Linear codes
- H03M13/19—Single error correction without using particular properties of the cyclic codes, e.g. Hamming codes, extended or generalised Hamming codes
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/35—Unequal or adaptive error protection, e.g. by providing a different level of protection according to significance of source information or by adapting the coding according to the change of transmission channel characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03M—CODING; DECODING; CODE CONVERSION IN GENERAL
- H03M13/00—Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
- H03M13/03—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words
- H03M13/05—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits
- H03M13/11—Error detection or forward error correction by redundancy in data representation, i.e. code words containing more digits than the source words using block codes, i.e. a predetermined number of check bits joined to a predetermined number of information bits using multiple parity bits
- H03M13/1102—Codes on graphs and decoding on graphs, e.g. low-density parity check [LDPC] codes
- H03M13/1148—Structural properties of the code parity-check or generator matrix
- H03M13/1151—Algebraically constructed LDPC codes, e.g. LDPC codes derived from Euclidean geometries [EG-LDPC codes]
Definitions
- the present invention relates to a quantum key distribution method capable of generating a symmetric key with a high degree of security, and more particularly to a quantum key distribution method capable of correcting a data error using an error correction code, and The present invention relates to a communication device capable of realizing the quantum key distribution.
- optical communication has been widely used as a high-speed, large-capacity communication technology.
- communication is performed with light on and off, and a large amount of photons is transmitted when on. Therefore, it is not a communication system where the quantum effect appears directly.
- quantum cryptosystems use photons as a communication medium, and transmit one bit of information with one photon so that quantum effects such as the uncertainty and I-life principle occur.
- the eavesdropper chooses an appropriate base and measures photons without knowing the quantum state such as its polarization and phase, the quantum state changes. Therefore, the receiving side can recognize whether or not the transmission data has been eavesdropped by checking the change in the quantum state of the photons.
- FIG. 10 is a diagram showing an outline of conventional quantum key distribution using polarization.
- a measuring instrument that can distinguish between horizontal and vertical polarizations will have a horizontal (
- a measuring instrument that can identify the polarization in the oblique direction uses the light polarized in the 45 ° direction and the light polarized in the 135 ° direction on the quantum communication path. And are correctly identified. In this way, each measuring instrument can correctly recognize the light polarized in the specified direction, but for example, converts the light polarized in the oblique direction into the light in the horizontal and vertical directions (0 °, 90 °).
- the light polarized horizontally and vertically is identified at random with a probability of 50%. In other words, when a measuring instrument that does not correspond to the identifiable polarization direction is used, even if the measurement result is analyzed, the polarized direction cannot be correctly identified.
- the key is shared between the sender and the receiver without the knowledge of the eavesdropper by using the uncertainty (randomness) (for example, Bennett et al. , CH and Brassard, G.Refer to 'Quantum Cryptography ).
- the sender and receiver can use a public communication channel other than the quantum communication channel. .
- the sender generates a random number sequence (sequence of 1 and 0: transmission data), and furthermore, a transmission code (+: corresponds to a measuring device that can identify light polarized horizontally and vertically, X: diagonally. (Corresponding to a measuring instrument that can identify polarized light)).
- the polarization direction of the transmitted light is automatically determined by the combination of the random number sequence and the transmission code.
- the light polarized in the horizontal direction by the combination of 0 and tens the light polarized in the vertical direction by the combination of 1 and +, the light polarized in the 45 ° direction by the combination of 0 and X,
- the light polarized in the direction of 135 ° by the combination of 1 and X is transmitted to the quantum channel (transmitted signal).
- the receiver randomly determines the receiving code (+: a measuring device that can identify light polarized in the horizontal and vertical directions, X: a measuring device that can identify light polarized in the oblique direction). Measure the light on the communication path (received signal). Then, reception data is obtained by a combination of the reception code and the reception signal.
- the received data is 0 for a combination of horizontally polarized light and tens, 1 for a combination of vertically polarized light and +, and X and 45 ° polarized light. 0, 1 3 5 ° in the combination of The combination of X and the polarized light gives 1 respectively.
- the receiver sends the received code to the sender via a public communication channel to check whether the measurement was performed by the correct measuring device.
- the sender checks whether the measurement was performed with the correct measuring instrument, and returns the result to the receiver via a public communication channel.
- the receiver leaves only the received data corresponding to the received signal received by the correct measuring instrument, and discards the others. At this point, the remaining received data has been reliably shared between the sender and the receiver.
- the sender and the receiver transmit a predetermined number of data selected from the shared data to the respective communication partners via the public communication channel. Then, it checks whether the received data matches its own data. For example, if even one of the confirmed data does not match, an eavesdropper can! /, Discard the shared data as it is, and repeat the key sharing procedure from the beginning. On the other hand, if all the confirmed data matches, it is determined that there is no eavesdropper, and the data used for confirmation is discarded, and the remaining shared data is used as the shared key between the sender and the receiver.
- the sender divides the transmission data into a plurality of blocks and detects the parity of each block on a public communication channel in order to detect a data error. Then, the receiver checks the data error by comparing the parity of each block received via the open communication channel with the parity of the corresponding block in the received data. At this time, if there is a different parity, the receiver returns information indicating which block has different parity power S on the public communication channel. Then, the sender further divides the corresponding block into a first half block and a second half block, and For example, the parity of the first half is returned to the public communication path (binary search). Thereafter, the sender and the receiver specify the position of the error bit by repeatedly executing the above binary search, and finally, the receiver corrects the bit.
- the sender assumes that there is a parity that is determined to be correct due to an even number of errors even though there is an error in the data, and randomly rearranges the transmitted data (random permutation). And the error correction process by the above binary search is performed again. Then, all data errors are corrected by repeatedly executing this error correction process by random permutation.
- the conventional quantum key distribution shown in Fig. 10 does not assume an erroneous communication channel, so if there is an error, the common data (common key) is discarded as if there is an eavesdropping act. Therefore, there is a problem that the generation efficiency of the common key is very poor depending on the transmission path.
- the quantum key distribution method capable of correcting a data error on the transmission path an enormous number of parity exchanges occur in order to identify an error bit, and error correction processing by random permutation is performed for a predetermined number of times. Because of this, a large amount of time is spent on error correction processing.
- the present invention has been made in view of the above, and generates a highly secure common key while correcting a data error on a transmission path using an error correction code having extremely high characteristics.
- the purpose is to provide a quantum key distribution method that can do this. Disclosure of the invention
- the original transmission data is estimated by correcting an error in the reception data with probability information obtained as a measurement result of the photons on the quantum communication channel,
- a quantum key distribution method in which the estimation result is used as shared information, in which the communication device on the transmission side and the communication device on the reception side individually receive the first parity check matrix (the same matrix whose elements are “0” or “1”).
- a correction information notifying step a first error correction step in which the receiving-side communication device corrects an error in the received data based on the first error correction information, and an error in the received data. If the correction cannot be completed completely, the communication devices on the receiving side and the transmitting side individually perform the second parity check matrix (so that the previous error correction information becomes a part of the information at the time of the next error correction).
- Second error correction A second error correction information notification step of notifying information to the communication device on the receiving side via a public communication path; and the communication device on the receiving side is configured to perform a communication based on the first and second error correction information.
- a cryptographic key generation step using the result as an encryption key.
- an error in received data is corrected using a deterministic parity check matrix, and a part of the shared information is discarded according to the published error correction information.
- the error correction process is repeatedly executed while increasing the number of rows of the parity check matrix under predetermined constraint conditions. This eliminates the need to discard the shared information generated for estimating the noise level of the communication channel, greatly improving the efficiency of generating a shared key.
- FIG. 1 is a diagram showing a configuration of a quantum cryptographic system according to the present invention
- FIG. FIG. 3 is a flowchart showing a process of quantum key distribution according to the present invention.
- FIG. 3 is a flowchart showing a method of constructing an “Irregular—LDPC code” based on finite affinity geometry
- FIG. is a diagram showing the Matrigel box of geometry code AG (2, 2 2)
- FIG. 5 is a diagram showing the final weight distribution and weight distribution of the row of the column
- FIG. 6 the communication of the sender
- FIG. 7 is a diagram showing a syndrome transmitted from the device to the communication device on the receiving side
- FIG. 7 is a diagram showing a parity check matrix generation method according to the present embodiment
- FIG. 9 is a hard decision value m B by the processing in step S 1 5
- the operation of the third embodiment when an error cannot be completely corrected is shown.
- the first 0 is a drawing showing an overview of a conventional quantum key distribution.
- quantum key distribution method and a communication device according to the present invention will be described in detail with reference to the drawings.
- the present invention is not limited to the embodiment.
- quantum key distribution using polarization will be described as an example.
- the present invention can be applied to, for example, those using phase, those using frequency, and any quantum state. There is no particular limitation on whether or not to use.
- Quantum key distribution is a key distribution method that guarantees security irrespective of the eavesdropper's computational power.For example, in order to generate a shared key more efficiently, data generated by passing through a transmission path Must be removed. Therefore, in the present embodiment, a description will be given of quantum key distribution in which error correction is performed using a low-density parity check (LDPC) code, which is known to have extremely high characteristics.
- LDPC low-density parity check
- FIG. 1 shows a quantum cryptographic system according to the present invention (transmission side and reception side communication devices).
- FIG. The quantum cryptography system received with the transmitting communication apparatus example Bei a function of transmitting information m a, information m a affected by noise or the like on a transmission path, i.e. a function of receiving information m b It consists of a communication device on the side and power.
- the transmitting-side communication device transmits the information m a through a quantum communication path, transmits a syndrome S A through the public communication path, a common encryption key (receiver on the basis of these transmission information
- the light is polarized in a predetermined direction using a polarization filters (see the first 0 Figure), to the communication equipment on the receiving side To send.
- the communication equipment on the receiving side can measure the polarization in the horizontal and vertical directions (0 °, 90 °) and the measurement equipment in the oblique direction (45 °, 135 °). The light polarized in the horizontal direction (0 °), the light polarized in the vertical direction (90 °), the light polarized in the 45 ° direction, and the light Discriminate light polarized in the ° direction.
- each measuring instrument can correctly recognize the light polarized in the specified direction, but, for example, can distinguish the light polarized in the oblique direction from the horizontal and vertical directions (0 °, 90 °).
- the light polarized horizontally and vertically is randomly identified with a probability of 50% each. In other words, if a measuring instrument that does not correspond to the identifiable polarization direction is used, it is not possible to correctly identify the polarized direction even if the measurement results are subjected to angular precipitation.
- FIG. 2 is a flowchart showing an outline of the quantum key distribution according to the present embodiment. Specifically, FIG. (B) shows the processing of the communication device on the receiving side.
- the parity check matrix generators 10 and 30 determine a parity check matrix H (n X k matrix) of a specific linear code.
- a generator matrix G (a matrix of (nk) Xn) that satisfies ": HG 0" is obtained, and further, an inverse matrix 1 of G (a matrix of nX (nk)) that becomes G— ⁇ G:! (Unit matrix) (Step S1, Step S11).
- a description will be given of quantum key distribution when an LDPC code having excellent characteristics very close to the Shannon limit is used as the specific linear code.
- an LDPC code is used as an error correction method.
- error correction protocol represented by a product Hm A described later error correction information (syndrome) is appropriate matrix H and the transmission data m A (part of the information m a) (e.g., as described in the prior art If it is an error correction protocol equivalent to “quantum key distribution that can correct data errors on the transmission path”), that is, if the error correction information and the linear I 1 raw of the transmission data m A are ensured,
- the matrix H may be used.
- FIG. 3 is a flowchart showing a method of forming a detection matrix for “Irregu 1 ar—LDPC code” based on finite affinity geometry.
- the parity check matrix generation section 30 operates in the same manner as the parity check matrix generation section 10, and a description thereof will be omitted.
- parity check matrix generation processing in the present embodiment may be configured to be executed by parity check matrix generation section 10 according to, for example, set parameters, or may be performed by another control device (computer) external to the communication device. Etc.).
- the parity check matrix generation processing according to the present embodiment is executed outside the communication device, the generated parity check matrix is stored in the communication device.
- the parity check matrix generation unit 1 The case where the above process is executed with 0 will be described.
- the parity check matrix generation unit 10 selects a finite affine geometric code AG (2, 2 s ) as a base of the check matrix for “I rregular—LDP C code” (FIG. 3, step S 21).
- the row weight and the column weight are each 2 s .
- FIG. 4 is a diagram showing, for example, a matrix of the finite-affine geometric code AG (2, 2 2 ) (blanks represent ⁇ ).
- the parity check matrix generation unit 10 determines the maximum value ri (2 ⁇ rj ⁇ 2 s ) of the column weight (step S22). Then, the coding rate rate (one syndrome length Z key length) is determined (step S22).
- the parity check matrix generation unit 10 tentatively calculates the column weight distribution ⁇ ( i ) and the row weight distribution / 0 U using optimization by Gaussian approximation (Gaussian Approximation).
- the generation function p (X) of the row weight distribution is p (x) ⁇ Pux ⁇ + (1- pu ) xu .
- the weight u is an integer of u ⁇ 2, and ' Pu represents the ratio of the weight u in the row.
- the parity check matrix generation unit 10 selects a row weight ⁇ u, u + 1 ⁇ , which can be constructed by dividing a row of finite-affine geometry, and further selects a partition coefficient ⁇ b u , b u + 1 ⁇ are obtained (step S24). Note that b u and b u + 1 are non-negative integers.
- the parity check matrix generation unit 10 obtains the weight ratio of the row updated by the above determined parameters u, u + 1, b u , b u + 1 , p u + by Eq. (3) (step S2 5). ux b,
- the parity check matrix generation unit 1 o tentatively uses the optimization by Gaussian approximation and further tentatively calculates the column values of u, u + l, p,; O u + as fixed parameters.
- the weight distribution ⁇ (i) is obtained (step S26).
- the weight 7i is gamma 2 integer
- e represents the proportion of weight 7i in the column.
- the weight of the number of columns becomes 1 or less (e ⁇ 7i w t, i is a positive integer) the candidate Where w t represents the total number of 1s contained in AG (2, 2 s ).
- each a represents a coefficient that is a non-negative integer with respect to ⁇ ⁇ 2 ,..., Y, ⁇ for constituting the column weight 2 s , i and j are positive integers, Represents the column weight, and ⁇ i represents the maximum column weight.
- the parity check matrix generating unit 10 using optimization by the Gaussian Approximation, u further determined above, u + 1, p u ', have a p u + ⁇ 2> ..., ⁇ ) a fixed parameter Then, a weight distribution for the column; L and a weight distribution Pu for the row are obtained (step S28).
- the NOTity check matrix generation unit 10 performs column weight distribution before performing the division processing.
- Min; L and row weight distribution / o u adjusting (step S 29).
- the weight distribution after adjustment should be as close as possible to the value obtained by the Gaussian approximation method.
- FIG. 5 is a diagram showing the final column weight distribution; L ( ⁇ ⁇ ) and the row weight distribution in step S29 . Also, ⁇ ( ⁇ ⁇ represents the total number of columns in the weight unit, and n u represents the total number of rows in the weight unit.
- the row and column in the finite-affinity geometry are divided by the parity check matrix generation unit 10 (step S30), and the n ⁇ k parity check is performed. Generate the matrix H.
- “1” is randomly extracted from each row or each column and is randomly divided (random division). This extraction processing may use any method as long as the randomness is maintained.
- the deterministic and stable characteristic check matrix H (Irregular—LDPC code) nXk).
- finite affine geometry is used for the basic code (basic matrix) (step S21).
- the present invention is not limited to this. If the matrix satisfies the condition that the number of cycles on the subgraph is 6 or more, use a matrix other than finite-affine geometry (such as a basic matrix based on a Cay 1 ey graph or a basic matrix based on a Ramanujan graph). It may be.
- the check matrix for “Irregu 1 ar one LDPC code” based on the finite-affine geometry is generated using steps S 21 to S 29 described above.
- the parity check matrix H generated in S11 is not limited to this, and may be generated by a configuration method other than the above.
- Random number generator 1 1 Generates information m a (sequence of 1, 0: transmission data) that is a random number sequence, and Randomly determine the code (+: code corresponding to a measuring instrument that can identify light polarized horizontally and vertically, X: code corresponding to a measuring instrument that can identify light polarized obliquely) ( Step S 2).
- the random number generator 31 receives the received code (+: code corresponding to a measuring instrument capable of distinguishing light polarized horizontally and vertically, X: light polarized obliquely). (Corresponding to a measuring instrument capable of identifying the) is randomly determined (step S12).
- the communication apparatus on the transmission side, a photon generating unit 1 2 force S transmits the photon polarization direction automatically determined by the combination of the transmission codes and the information m a (Step S 3).
- a horizontally polarized light with a combination of 0 and + For example, a horizontally polarized light with a combination of 0 and +, a vertically polarized light with a combination of 1 and +, and a 45 ° polarized light with a combination of 0 and X.
- the light polarized in the 135 ° direction by the combination of 1 and X is transmitted to the quantum channel (transmitted signal).
- the photon receiving unit 32 of the receiving communication device that has received the optical signal of the photon generating unit 12 measures the light on the quantum communication path (received signal). Then, automatically determined information m b (1, 0 of the column: the received data) by the combination of the received code the received signal to obtain the (scan Tetsupu S 1 3).
- the received data i3 ⁇ 4 is 0 for a combination of horizontally polarized light and +, 1 for a combination of vertically polarized light and tens, and X of 45 ° polarized light and X. 0 is obtained by the combination, and 0 is obtained by the combination of the light polarized in the 135 ° direction and X.
- the received data mb is a hard decision value with probability information.
- the random number generation unit 31 transmits the received code to the public communication channel communication unit 34 and the public communication channel. Is transmitted to the communication device on the transmission side via the network (step S13).
- the communication device on the transmitting side that has received the received code checks whether or not the above-mentioned measurement was performed by the correct measuring instrument, and checks the result with the open communication path communication unit 13, open communication It transmits to the communication device on the receiving side via the path (step S3). Then, the communication device on the receiving side and the communication device on the transmitting side receive the signal received by the correct measuring instrument.
- the received data m B is a hard decision value with probability information, similarly to the above-mentioned m b .
- the calculation is performed, and the result is notified to the communication device on the receiving side via the public communication path communication unit 13 and the public communication path (step S4).
- the syndrome S A (k bits of information) m A is likely to be known to the eavesdropper.
- 6 is a diagram showing the syndrome S A communication apparatus on the transmitting side is transmitted to the receiving-side communication device.
- the receiving side of the communication device receives the syndrome S A of m A in public communication path communication unit 3 4 notifies it in the syndrome decoding unit 3 3 (step S 1 4).
- the syndrome decoding unit 33 estimates the original transmission data m A by correcting an error of the hard decision value m B with probability information due to noise or the like using a known syndrome decoding method (step S15).
- the received data m B and m b was hard decision value with probability information, not limited to this, for example, is also applicable in the case of a soft decision value, how There is no particular stipulation as to whether or not to use appropriate received data.
- step S15, OK If the error of the hard decision value m B can be completely corrected by the processing of step S15 (step S15, OK), the shared key generation unit 35 is opened to the public at the receiving communication device. A part of the shared information m A is discarded according to the error correction information (information of the above k bits which may have been eavesdropped: S A ), and an encryption key r having an information amount of n—k bits is obtained.
- Step S16 That is, the shared key generation unit 35 calculates Using G- 1 (a matrix of n X (nk)), the encryption key r is generated by the following equation (5).
- the communication device on the receiving side uses the encryption key r as a shared key with the communication device on the transmitting side.
- the shared key generation The unit 15 discards a part of the shared information m A according to the published error correction information (information of the above k bits which may have been eavesdropped: S A ), and obtains an information amount of n—k bits.
- Generate an encryption key r with step S6). That is, the shared key generation unit 15 also generates the encryption key r by the above equation (5) using G- 1 (matrix of nx (nk)) calculated in advance (step S6).
- the communication device on the transmitting side uses the encryption key r as a shared key with the communication device on the receiving side.
- the shared key may be rearranged using a regular random matrix R.
- confidentiality can be enhanced.
- the communication device on the transmitting side generates a regular random matrix R (a matrix of (n ⁇ 1k) X (nk)), and further, the R is transmitted to the receiving side via a public communication channel.
- This process may be performed by the communication device on the receiving side.
- the communication devices on the transmitting and receiving sides generate the encryption key r by the following equation (6) using G ” 1 (matrix of nx (nk)) and the random matrix R calculated earlier. I do.
- FIG. 7 is a diagram showing a parity check matrix generation method according to the present embodiment.
- the size of t depends on the requirements of the system. For example, when the size of t is reduced, the power s that may increase the number of error correction processes s, while the key generation rate is improved. Also, when the size of t is increased, the number of error correction processes can be reduced, but the key generation rate decreases.
- the parity check matrix generation unit 10 of the communication device on the transmitting side that has received the syndrome request also performs parity check by the method shown in FIG. 3 or a known method different from that.
- the parity check matrix H ′ is also subject to the constraint that “the syndrome S A generated in Step S4 is retained” as described above. Generate.
- the syndrome generation unit 14 uses the parity check matrix (matrix of nx (k + t)) and the transmission data m A to generate the syndrome S for t rows shown in FIG. The calculation is performed, and the result is notified to the communication device on the receiving side via the public communication path communication unit 13 and the public communication path (step S8).
- the syndrome S A ′ (t bits of information) may be known to an eavesdropper.
- the public channel communication unit 34 receives the syndrome S A ′ for t rows, and notifies the syndrome decoding unit 33 of it (step S 19).
- the syndrome decoding unit 33 corrects the error of the hard decision value m B with probability information using the above known syndrome decoding method, and estimates the original transmission data m A again (step S 15). ).
- the number of rows of the parity check matrix is increased until the error of hard decision value m B can be completely corrected by the process of step S15.
- the shared key generation unit 35 releases the error correction information that has been released (for example, the possibility of eavesdropping).
- k + t bits S A + S (see FIG. 7)
- a part of the shared information m A is discarded, and, for example, n—k—t, nk ⁇ 2t, ⁇ — K -3 t,...
- the communication device on the receiving side uses the encryption key r as a shared key with the communication device on the transmitting side.
- the processes of steps S7 and S8 are repeatedly executed while increasing the number of rows of the knowledge detection matrix until a new syndrome request is not notified, and a new At the stage where the syndrome request is no longer notified, the shared key generation unit 15 transmits the published error correction information (for example, the information of the k + t bits that may have been eavesdropped: S A + S (7th According to)), a part of the shared information m A is discarded, and for example, an encryption key r having an information amount of n—k_t, nk ⁇ 2t, n—k ⁇ 13t,. Is generated (step S6).
- the communication device on the transmitting side uses the encryption key r as a shared key with the communication device on the receiving side.
- the error of the received data is corrected using the deterministic and stable characteristic check matrix for “Irregu 1 ar_LDPC code”, and the error is corrected in accordance with the published error correction information. And discard some of the shared information.
- a highly secure common key can be generated.
- the present embodiment has a configuration in which the error correction processing is repeatedly executed while increasing the number of rows of the parity check matrix under predetermined constraints until errors in the received data can be completely corrected. did. This eliminates the necessity of discarding the shared information generated for estimating the noise level of the communication channel, and can greatly improve the generation efficiency of the shared key.
- Embodiment 2 Next, a quantum key distribution method according to the second embodiment will be described.
- the configurations of the transmitting-side communication device and the receiving-side communication device are the same as those of the first embodiment described above, and thus the same reference numerals are given and the description is omitted.
- FIG. 8 is a diagram showing an operation of the second embodiment when an error of the hard decision value m B cannot be completely corrected by the process of step S15.
- steps S17 to S19, S7, and S8, which are characteristic operations of the present embodiment, will be described with reference to FIG.
- step S 15 the communication on the receiving side is performed to correct the error completely.
- the syndrome decoding unit 33 of the device sends a syndrome request to the communication device on the transmission side via the public communication channel communication unit 34 (public communication channel communication unit 34).
- the unit 30 while holding the parity check matrix H, as shown in FIG. 8, a matrix H ′ ′ (iXt matrix) for t rows is additionally generated, and then the original parity check matrix is generated.
- the size of t depends on the requirements of the system, for example, if the size of t is reduced, the number of error corrections will increase. There is a possibility, but on the other hand, the key generation rate is improved, and when the size of t is increased, the number of error correction processes can be reduced, but on the other hand, the key generation rate decreases I do.
- the parity check matrix generation unit 10 of the communication device on the transmitting side that has received the syndrome request performs the parity check by the same processing as described above.
- T While holding the matrix H, a matrix for t rows] H ′ ′ is additionally generated (see FIG. 8), and then the matrix H ′ obtained by combining the original parity check matrix H and the matrix H
- the syndrome generating unit 14 calculates a syndrome S A ′ for t rows shown in FIG. 8 using the parity check matrix H ′ and the transmission data m A , and calculates the result. Then, the public communication path communication unit 13 notifies the communication device on the receiving side via the public communication path (step S8). At this stage, the syndrome S (t bits of information) may be known to an eavesdropper. Then, in the communication device on the receiving side, the public communication path communication unit 34 receives the syndrome S for t rows, and notifies the syndrome decoding unit 33 of it (step S19).
- the syndrome decoding unit 33 corrects an error in the hard decision value m B with probability information using a known syndrome decoding method, and estimates the original transmission data m A again (step S15).
- “(S A + S) H " m c a m c satisfying j estimated from the hard decision value m B with probability information, the estimation result m c a shared information m A
- the number of rows of the parity check matrix is increased while increasing the number of rows of the parity check matrix until the error of hard decision value m B can be completely corrected by the processing of step S15.
- ⁇ S19 are repeatedly executed, and at the stage where the error has been completely corrected, the shared key generation unit 35 transmits the publicly-available error correction information (for example, the k + t bits that may have been eavesdropped).
- An encryption key r having an information amount is generated (step S16).
- the communication device on the receiving side uses the encryption key r as a shared key with the communication device on the transmitting side.
- the processes of steps S 7 and S 8 are repeatedly executed while increasing the number of rows of the notice check matrix until a new syndrome request is not notified, and a new The stage where the syndrome request is no longer notified
- the shared key generation unit 15 responds to the published error correction information (for example, the above-mentioned k + t bits of information that may have been eavesdropped: S A + S (see Fig. 8)).
- S A + S see Fig. 8
- a part of the shared information m A is discarded, and for example, an encryption chain r having an information amount of n—k—t, n ⁇ k ⁇ 2 t, n—k ⁇ 1 3 t,.
- the communication device on the transmitting side uses the encryption key r as a shared key with the communication device on the receiving side.
- the number of rows of the parity check matrix is increased under predetermined constraints until errors in received data can be completely corrected.
- the configuration is such that the error correction processing is repeatedly executed. This eliminates the need to discard the shared information generated for estimating the noise level of the communication channel, and can greatly increase the efficiency of generating a shared key.
- FIG. 9 is a diagram showing an operation of the third embodiment when an error in the hard decision value m B cannot be completely corrected by the processing in step S15.
- steps S17 to S19, S7, and S8, which are characteristic operations of the present embodiment, will be described with reference to FIG.
- step S 15 the receiving communication device
- the syndrome decoding unit 33 notifies the communication device of the transmitting side of the syndrome request via the public communication path communication unit 34 and the public communication path (step S17).
- the size of t depends on the requirements of the system. Further, the 0 matrix for the t columns is not necessarily required to be a 0 matrix as long as the ⁇ constraint condition can be satisfied.
- the parity check matrix generation unit 10 of the communication device on the transmitting side that has received the syndrome request performs the same processing as described above and holds the parity check matrix H for t rows.
- a matrix H ′ ′ is added (see FIG. 9), and then the original parity check matrix H, a matrix H that combines the t matrix of 0 columns and the above matrix H ′ ′′ ′,
- a generator matrix G ′, G— 1 ′ (G— 1 ′ ⁇ G ′ I: unit matrix) that satisfies “HG 0” is generated (step S7).
- the syndrome generation unit 14 reads out the transmission data m for t bits stored in the memory or the like in the processing of step S3, and the transmission data m, the transmission data m A, and the parity. Using the parity check matrix H, the syndrome S A ′ for t rows shown in Fig. 9 is calculated, and the result is transmitted to the communication device on the receiving side via the public communication path communication unit 13 and the public communication path. Notify (step S8). Then, in the communication device on the receiving side, the public communication path communication unit 34 receives the syndrome S for t rows and notifies the syndrome decoding unit 33 of the syndrome S (step S19).
- the syndrome S (information for t bits) may be known to an eavesdropper.
- the syndrome decoding unit 33 reads out t bits of the received data stored in the memory or the like in the processing of step S13, and uses a known syndrome decoding method to generate a hard decision value with probability information. corrects an error of m B and the received data m, estimates the transmission data m the original transmission data m a (step S 1 5).
- step S 15 the R and R inspections are performed.
- the process of steps S 17 to S 19 is repeatedly performed while increasing the number of rows and columns of the matrix, and when the error has been completely corrected, A part of the shared information (m A + m) is corrected according to the 'correction information' (for example, the above-mentioned k + t bits of information that may have been eavesdropped: S A + S (see Fig. 9)).
- the communication device on the receiving side transmits this encryption key r. It is a shared key with the communication device on the receiving side.
- the processing of steps S7 and S8 is repeated while increasing the number of rows and the number of columns of the parity check matrix until a new syndrome request is not notified.
- the shared key generation unit 15 transmits the published error correction information (for example, the information of the above k + t bits that may have been eavesdropped: S A + S discard a part of shared information (m a + m) according to (9 see Figure)), always generates an encryption key r having an amount of information of certain n-k bits (step S 6).
- the transmitting communication device uses the encryption key r as a shared key with the receiving communication device.
- the error correction process is repeatedly performed while increasing the number of rows and the number of columns of the parity check matrix under predetermined constraint conditions until errors in the received data can be completely corrected.
- Configuration This eliminates the need to discard the shared information generated for estimating the noise level of the communication channel, and can greatly improve the efficiency of generating a shared key. In addition, there is always a Key can be obtained. .
- an error in received data is corrected using a deterministic parity check matrix, and a part of the shared information is discarded according to the published error correction information.
- a huge number of parity exchanges for identifying / correcting the error bit are eliminated, and the time required for the error correction processing can be greatly reduced.
- since a part of the shared information is discarded according to the disclosed information it is possible to generate a highly secure common key.
- error correction processing is repeatedly executed while increasing the number of rows of the parity check matrix under predetermined constraints until errors in the received data can be completely corrected. As a result, it is not necessary to discard the shared information generated for estimating the noise level of the communication path, so that the efficiency of generating a shared key can be greatly improved.
- the quantum key distribution method and the communication device according to the present invention are useful as a technology for generating a highly secure shared key, and in particular, a transmission method in which an eavesdropper may exist. Suitable for communication on the road.
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE602004029992T DE602004029992D1 (de) | 2003-03-10 | 2004-03-10 | Quantenschlüsselverteilungsverfahren und Kommunikationsgerät |
AT04719121T ATE488069T1 (de) | 2003-03-10 | 2004-03-10 | Quantenschlüsselverteilungsverfahren und kommunikationsgerät |
EP04719121A EP1603268B1 (en) | 2003-03-10 | 2004-03-10 | Quantum key distribution method and communication apparatus |
US10/547,932 US7461323B2 (en) | 2003-03-10 | 2004-03-10 | Quantum key delivery method and communication device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003-063532 | 2003-03-10 | ||
JP2003063532A JP4346929B2 (ja) | 2003-03-10 | 2003-03-10 | 量子鍵配送方法および通信装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004088915A1 true WO2004088915A1 (ja) | 2004-10-14 |
Family
ID=33125089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/003111 WO2004088915A1 (ja) | 2003-03-10 | 2004-03-10 | 量子鍵配送方法および通信装置 |
Country Status (8)
Country | Link |
---|---|
US (1) | US7461323B2 (ja) |
EP (1) | EP1603268B1 (ja) |
JP (1) | JP4346929B2 (ja) |
KR (1) | KR100742450B1 (ja) |
CN (1) | CN1759561A (ja) |
AT (1) | ATE488069T1 (ja) |
DE (1) | DE602004029992D1 (ja) |
WO (1) | WO2004088915A1 (ja) |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100643278B1 (ko) * | 2003-10-22 | 2006-11-10 | 삼성전자주식회사 | 휴대용 저장 장치의 디지털 저작권을 관리하는 방법 및 장치 |
CN1934820A (zh) | 2004-02-10 | 2007-03-21 | 三菱电机株式会社 | 量子密钥分发方法以及通信装置 |
US7881472B2 (en) | 2004-02-10 | 2011-02-01 | Mitsubishi Electric Corporation | Quantum key distribution method and communication apparatus |
KR20050118056A (ko) * | 2004-05-12 | 2005-12-15 | 삼성전자주식회사 | 다양한 부호율을 갖는 Block LDPC 부호를 이용한이동 통신 시스템에서의 채널부호화 복호화 방법 및 장치 |
WO2006078033A1 (ja) * | 2005-01-24 | 2006-07-27 | Inter-University Research Institute Corporation / Research Organization of Information and Systems | 量子鍵配送方法、通信システムおよび通信装置 |
KR100659609B1 (ko) * | 2005-03-04 | 2006-12-21 | 삼성전자주식회사 | 디지털 서명 생성 및 확인 방법 및 그 장치 |
US9191198B2 (en) | 2005-06-16 | 2015-11-17 | Hewlett-Packard Development Company, L.P. | Method and device using one-time pad data |
US8054976B2 (en) * | 2005-06-16 | 2011-11-08 | Keith Alexander Harrison | Quantum key distribution apparatus and method |
JP2008005046A (ja) * | 2006-06-20 | 2008-01-10 | Oki Electric Ind Co Ltd | 暗号通信システム |
KR100822933B1 (ko) * | 2006-08-08 | 2008-04-16 | 미쓰비시덴키 가부시키가이샤 | 양자 키 배송 방법 및 통신 장치 |
KR100822507B1 (ko) * | 2006-08-09 | 2008-04-16 | 미쓰비시덴키 가부시키가이샤 | 양자 키 배송 방법 및 통신 장치 |
JP5424008B2 (ja) * | 2006-12-19 | 2014-02-26 | 日本電気株式会社 | 共有情報の管理方法およびシステム |
EP3059869B1 (en) * | 2007-09-28 | 2018-09-26 | Panasonic Corporation | Encoding method, encoder, and decoder |
GB2455283A (en) | 2007-10-31 | 2009-06-10 | Hewlett Packard Development Co | Error correction in data communication apparatus using toroidal-web Tanner graph |
CN101540760B (zh) * | 2009-04-23 | 2012-07-18 | 上海交通大学 | 量子密钥协商方法 |
RU2454810C1 (ru) * | 2010-11-24 | 2012-06-27 | Федеральное государственное бюджетное образовательное учреждение высшего профессионального образования "Санкт-Петербургский национальный исследовательский университет информационных технологий, механики и оптики" ("НИУ ИТМО") | Устройство квантовой рассылки криптографического ключа на поднесущей частоте модулированного излучения |
JP2013031151A (ja) * | 2011-06-20 | 2013-02-07 | Renesas Electronics Corp | 暗号通信システムおよび暗号通信方法 |
JP5992287B2 (ja) * | 2012-10-01 | 2016-09-14 | 株式会社東芝 | データ共有方法、送信機、受信機、データ共有システム及びデータ共有プログラム |
MY169621A (en) * | 2012-12-05 | 2019-04-23 | Mimos Berhad | Method for information reconciliation in quantum key distribution |
DE102013204891B4 (de) * | 2013-03-20 | 2021-03-25 | Robert Bosch Gmbh | Verfahren zur Rekonstruktion von Messdaten |
JP6165637B2 (ja) | 2014-01-08 | 2017-07-19 | 株式会社東芝 | 量子通信装置、量子通信方法及びプログラム |
JP6165638B2 (ja) * | 2014-01-08 | 2017-07-19 | 株式会社東芝 | 量子通信装置、量子通信方法及びプログラム |
KR101559076B1 (ko) * | 2014-01-24 | 2015-10-08 | 고려대학교 산학협력단 | 양자 채널을 통한 터보 코드 방식의 효율적인 정보 재건 기법 |
CN106027230B (zh) * | 2015-03-28 | 2019-04-09 | 北京大学 | 一种在量子密钥分发后的处理中进行误码纠错的方法 |
WO2016162941A1 (ja) * | 2015-04-07 | 2016-10-13 | 三菱電機株式会社 | 暗号システム及び鍵生成装置 |
DE102015211817A1 (de) * | 2015-06-25 | 2016-12-29 | Robert Bosch Gmbh | Verfahren zum Abgleich von Bitfolgen über ein Kommunikationsnetzwerk |
RU2692431C1 (ru) * | 2018-07-03 | 2019-06-24 | Федеральное государственное образовательное учреждение высшего образования "Казанский национальный исследовательский технический университет им. А.Н. Туполева - КАИ" | Устройство квантовой рассылки криптографического ключа с частотным кодированием |
US11444636B2 (en) * | 2018-10-12 | 2022-09-13 | Error Corp. | System and methods for quantum post-selection using logical parity encoding and decoding |
CN113302873A (zh) * | 2019-01-29 | 2021-08-24 | 杜塞尔多夫华为技术有限公司 | 用于处理量子密钥分发系统中数据的设备和方法 |
CN114448521B (zh) * | 2022-02-22 | 2023-10-27 | 中国海洋大学 | 基于ospf和量子css码的广域噪声量子网络通讯方法及系统 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0812616B2 (ja) * | 1991-09-11 | 1996-02-07 | インターナショナル・ビジネス・マシーンズ・コーポレイション | オペレーティングシステムカーネル用受動回復方法およびシステム |
ES2130194T3 (es) * | 1993-01-18 | 1999-07-01 | Siemens Ag | Sistema de control en tiempo real. |
US6460178B1 (en) * | 1999-06-30 | 2002-10-01 | Microsoft Corporation | Shared library optimization for heterogeneous programs |
US6748083B2 (en) * | 2000-04-28 | 2004-06-08 | The Regents Of The University Of California | Method and apparatus for free-space quantum key distribution in daylight |
US6804816B1 (en) * | 2000-12-21 | 2004-10-12 | Cisco Technology, Inc. | Method and template for developing device-centric network management applications |
WO2003058865A1 (en) * | 2001-12-21 | 2003-07-17 | Magiq Technologies, Inc. | Decoupling error correction from privacy amplification in quantum key distribution |
JP4290401B2 (ja) * | 2002-09-18 | 2009-07-08 | 三菱電機株式会社 | 量子鍵配送方法および通信装置 |
WO2005060139A2 (en) * | 2003-12-17 | 2005-06-30 | General Dynamics Advanced Information Systems, Inc. | Secure quantum key distribution using entangled photons |
-
2003
- 2003-03-10 JP JP2003063532A patent/JP4346929B2/ja not_active Expired - Fee Related
-
2004
- 2004-03-10 AT AT04719121T patent/ATE488069T1/de not_active IP Right Cessation
- 2004-03-10 EP EP04719121A patent/EP1603268B1/en not_active Expired - Lifetime
- 2004-03-10 WO PCT/JP2004/003111 patent/WO2004088915A1/ja active Application Filing
- 2004-03-10 KR KR1020057016821A patent/KR100742450B1/ko not_active IP Right Cessation
- 2004-03-10 CN CNA2004800065138A patent/CN1759561A/zh active Pending
- 2004-03-10 US US10/547,932 patent/US7461323B2/en not_active Expired - Fee Related
- 2004-03-10 DE DE602004029992T patent/DE602004029992D1/de not_active Expired - Lifetime
Non-Patent Citations (2)
Title |
---|
BRASSARD, G.; SALVAIL, L.: "Secret-Key Reconciliation by Public Discussion", IN ADVANCES IN CRYPTOLOGY - EUROCRYPT' 93, LECTURE NOTES IN COMPUTER SCIENCE, vol. 765, 1993, pages 410 - 423 |
WATANABE YODAI AL.: "Teimitsudo parity kensa gyoretsu o mochiita ryoshi kagi haiso no tame no ayamari teisei gijutsu", 2003 NEN ANGO TO JOHO SECURITY SYMPOSIUM YOKOSHU PAG.1219,1221,1223, vol. 2, 26 January 2003 (2003-01-26), XP002982723 * |
Also Published As
Publication number | Publication date |
---|---|
EP1603268B1 (en) | 2010-11-10 |
EP1603268A1 (en) | 2005-12-07 |
JP4346929B2 (ja) | 2009-10-21 |
DE602004029992D1 (de) | 2010-12-23 |
EP1603268A4 (en) | 2009-08-19 |
CN1759561A (zh) | 2006-04-12 |
KR20060003329A (ko) | 2006-01-10 |
US20060262925A1 (en) | 2006-11-23 |
KR100742450B1 (ko) | 2007-07-25 |
US7461323B2 (en) | 2008-12-02 |
JP2004274459A (ja) | 2004-09-30 |
ATE488069T1 (de) | 2010-11-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004088915A1 (ja) | 量子鍵配送方法および通信装置 | |
JP4290401B2 (ja) | 量子鍵配送方法および通信装置 | |
JP4554523B2 (ja) | 量子鍵配送方法および通信装置 | |
JP4554524B2 (ja) | 量子鍵配送方法 | |
JP4862159B2 (ja) | 量子鍵配送方法、通信システムおよび通信装置 | |
RU2367007C2 (ru) | Способ передачи и комплексной защиты информации | |
JP2006502440A (ja) | 連鎖的暗号化反応の系統的記号化および復号化 | |
US7415114B2 (en) | Quantum key system and method | |
JP4459526B2 (ja) | 量子鍵配送方法および通信装置 | |
CN108737075B (zh) | 一种生成共享密钥的方法、装置及系统 | |
JP4231926B2 (ja) | 量子鍵配送方法および通信装置 | |
KR100822507B1 (ko) | 양자 키 배송 방법 및 통신 장치 | |
KR100822933B1 (ko) | 양자 키 배송 방법 및 통신 장치 | |
Sreelatha et al. | Error correction and detection techniques in quantum cryptography protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004719121 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020057016821 Country of ref document: KR Ref document number: 20048065138 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2004719121 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057016821 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006262925 Country of ref document: US Ref document number: 10547932 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 10547932 Country of ref document: US |