WO2024038633A1 - Physical encryption device, physical encryption method, physical decryption device, and physical decryption method - Google Patents

Physical encryption device, physical encryption method, physical decryption device, and physical decryption method Download PDF

Info

Publication number
WO2024038633A1
WO2024038633A1 PCT/JP2023/006614 JP2023006614W WO2024038633A1 WO 2024038633 A1 WO2024038633 A1 WO 2024038633A1 JP 2023006614 W JP2023006614 W JP 2023006614W WO 2024038633 A1 WO2024038633 A1 WO 2024038633A1
Authority
WO
WIPO (PCT)
Prior art keywords
symbol
encrypted
physical
unit
encryption
Prior art date
Application number
PCT/JP2023/006614
Other languages
French (fr)
Japanese (ja)
Inventor
剛 吉田
Original Assignee
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 三菱電機株式会社 filed Critical 三菱電機株式会社
Publication of WO2024038633A1 publication Critical patent/WO2024038633A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M13/00Coding, decoding or code conversion, for error detection or error correction; Coding theory basic assumptions; Coding bounds; Error probability evaluation methods; Channel models; Simulation or testing of codes
    • H03M13/25Error detection or forward error correction by signal space coding, i.e. adding redundancy in the signal constellation, e.g. Trellis Coded Modulation [TCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L27/00Modulated-carrier systems
    • H04L27/26Systems using multi-frequency codes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner

Definitions

  • the disclosed technology relates to a physical encryption device, a physical encryption method, a physical decryption device, and a physical decryption method.
  • probabilistic shaping is a digital signal processing technique that shapes the probability distribution of a modulated signal. More specifically, probability shaping can be said to be a technique for mapping the position of a signal with a high frequency of occurrence, that is, a high probability of occurrence, to a position close to the origin on the complex plane, that is, a position that can be realized with low energy. For this reason, stochastic shaping has come to be recognized as a technology that can bring communication efficiency as close as possible to the theoretical limit known as the Shannon limit, and is being studied around the world.
  • Patent Document 1 discloses a technique for improving communication performance by combining probability shaping and error correction coding.
  • the present technology aims to provide a physical encryption device that achieves both probability shaping and physical encryption in a communication system.
  • the physical encryption device includes a probability shaping coding unit that performs probability shaping on a plurality of bits input from the outside, and a probability shaping coding unit that performs probability shaping on error correction information bits sent from the probability shaping coding unit.
  • An error correction encoding unit that performs error correction encoding; a temporary symbol generation unit that generates temporary symbols from a bit string consisting of error correction information bits and error correction redundant bits; and a temporary symbol generation unit that generates an encrypted bit string based on a shared key.
  • an encrypted bit string generator that determines an encryption matrix based on at least a portion of the encrypted bit string; and an encryption matrix generator that generates an encrypted symbol from a temporary symbol using the encryption matrix.
  • a cipher that multiplexes a symbol generation unit, a known symbol generation unit that generates a known symbol, an encrypted known symbol generation unit that encrypts the known symbol into an encrypted known symbol, an encrypted symbol, and an encrypted known symbol. and a symbol multiplexing section.
  • the physical encryption device Since the physical encryption device according to the disclosed technology has the above configuration, it is possible to achieve both probability shaping and physical encryption.
  • FIG. 1 is a block diagram showing the functional configuration of a physical encryption device according to the first embodiment.
  • FIG. 2 is a block diagram showing the functional configuration of the physical decoding device according to the first embodiment.
  • FIG. 3 is an explanatory diagram showing an example of generating one 8-value PAM symbol from 3 bits.
  • FIG. 4 is an explanatory diagram showing the operation of the physical encryption device according to the first embodiment using a specific numerical example.
  • FIG. 5 is an explanatory diagram showing the processing contents of the temporary symbol termination unit 203 configuring the physical decoding device according to the first embodiment using a specific numerical example.
  • FIG. 6 is a block diagram showing the functional configuration of an optical transmission system that is an application example of the disclosed technology.
  • FIG. 1 is a block diagram showing the functional configuration of a physical encryption device according to the first embodiment.
  • FIG. 2 is a block diagram showing the functional configuration of the physical decoding device according to the first embodiment.
  • FIG. 3 is an explanatory diagram showing an example of generating one 8-value P
  • FIG. 7 is a configuration diagram showing the hardware configuration of the physical encryption device according to the second embodiment.
  • FIG. 8 is a configuration diagram showing the hardware configuration of the physical decoding device according to the second embodiment.
  • FIG. 9 is a block diagram showing the functional configuration of the physical encryption device according to the third embodiment.
  • FIG. 10 is an explanatory diagram showing the processing of the encrypted symbol multiplexing unit of the physical encryption device according to the third embodiment.
  • FIG. 11 is a block diagram showing the functional configuration of a physical decoding device according to Embodiment 3.
  • FIG. 12 is an explanatory diagram showing a transceiver combining a physical encryption device and a physical decryption device according to the third embodiment.
  • Mathematical cryptography and physical cryptography are known as types of cryptography.
  • physical cryptography refers to cryptography whose implementation is based on fundamental laws of physics, such as quantum cryptography.
  • quantum cryptography is based on the physics of quantum mechanics.
  • the difference between mathematical cryptography and physical cryptography is also explained by the difference in security.
  • Mathematical cryptography is said to be a cryptography based solely on computational security.
  • Computational security is a concept related to security that focuses on the computational complexity of the algorithm required for cryptanalysis.
  • physical cryptography is said to be a cipher that can implement information-theoretic security rather than computational security.
  • Information-theoretical security is a concept that guarantees the confidentiality of communications from an attacker (called Eve) who has unlimited computing power.
  • a level of encryption that handles bits 0 and 1 is referred to as a mathematical encryption
  • a level of encryption that introduces the concept of "symbol” is referred to as a physical encryption.
  • a symbol is a symbol assigned to a "state" of a light wave. It can also be said that the difference in the state of light waves is a physical difference.
  • a layer that handles symbols is referred to as a physical layer.
  • FIG. 1 is a block diagram showing the functional configuration of a physical encryption device 100 according to the first embodiment.
  • the physical encryption device 100 according to the first embodiment includes a probability shaping coding section 101, an error correction coding section 102, a temporary symbol generation section 103, and an encrypted symbol generation section 104. , an encrypted bit string generation section 111, an encryption matrix generation section 112, a digital-to-analog conversion section 121, an optical modulation section 122, and an optical amplification section 123.
  • FIG. 2 is a block diagram showing the functional configuration of physical decoding device 200 according to the first embodiment.
  • the physical decoding device 200 according to the first embodiment includes a probability shaping decoding section 201, an error correction decoding section 202, a temporary symbol termination section 203, an encrypted symbol termination section 204, and an encryption symbol termination section 204. It includes a bit string generation section 211, an encryption matrix generation section 212, an analog-to-digital conversion section 221, and a light detection section 222.
  • the probability shaping encoding unit 101 configuring the physical encryption device 100 is a component that performs probability shaping on a plurality of bits input from the outside.
  • the bits that have been probability-shaped by the probability-shaping encoding unit 101 are referred to as "probability-shaped bits" in this specification.
  • the probability-shaped bits generated in probability-shaping encoding section 101 are sent to error-correction encoding section 102 .
  • the error correction encoding section 102 constituting the physical encryption device 100 collects a plurality of probability-shaped bits sent from the probability shaping encoding section 101.
  • the bits obtained by this first processing are referred to as "error correction information bits" in this specification.
  • error correction encoding section 102 performs error correction encoding on the error correction information bits.
  • the bits obtained by this second processing are referred to as "error correction redundant bits” in this specification.
  • the error correction code employed by the error correction encoding unit 102 may be, for example, a BCH code, a low density parity check code, a turbo code, or the like.
  • the error correction information bits and error correction redundant bits generated in error correction encoding section 102 are sent to temporary symbol generation section 103.
  • the temporary symbol generation unit 103 configuring the physical encryption device 100 is a component that generates N temporary symbols from a bit string consisting of error correction information bits and error correction redundant bits sent from the error correction encoding unit 102. .
  • N represents the number of temporary symbols generated by the temporary symbol generation unit 103.
  • the term "temporary" in the prefix of the name "temporary symbol” means that only probability shaping has been performed on the bit string, and that it is temporary and not the final form. Note that the final form obtained by the physical encryption device 100 according to the disclosed technique is referred to as an "encrypted symbol" in this specification. Details of the encryption symbol will become clear from the explanation below.
  • Each temporary symbol is a one-dimensional symbol.
  • the temporary symbol assumed by the technology of the present disclosure may be, for example, a symbol related to one-dimensional pulse amplitude modulation (PAM). Further, the temporary symbol assumed by the presently disclosed technique may be, for example, a one-dimensional projection of a multidimensional symbol related to two-dimensional quadrature amplitude modulation (Quadrature Amplitude Modulation).
  • the disclosed technology performs probability shaping in the most upstream probability shaping encoding unit 101 and introduces the concept of an encryption matrix, thereby changing the probability distribution of temporary symbols in the temporary symbol generation unit 103 to a discretized Gaussian distribution. This has the excellent effect of being able to approximate .
  • the disclosed technology performs probability shaping before encryption, introduces the concept of an encryption matrix, and performs encryption without affecting the probability of occurrence of signal points. It is possible to achieve both high performance and high secrecy through encryption.
  • the N temporary symbols generated by the temporary symbol generation section 103 are sent to the encrypted symbol generation section 104.
  • the encrypted bit string generation unit 111 configuring the physical encryption device 100 is a component that generates an encrypted bit string based on a shared encryption key input from the outside. Note that AES (Advanced Encryption Standard) and the like are generally known as common key encryption algorithms.
  • the encrypted bit string generated by the encrypted bit string generator 111 is sent to the encrypted matrix generator 112.
  • the encryption matrix generation unit 112 configuring the physical encryption device 100 is a component that determines an encryption matrix based on at least a portion of the encrypted bit string sent from the encrypted bit string generation unit 111.
  • the encryption matrix generation unit 112 may be configured to hold a plurality of encryption matrix candidates (hereinafter referred to as "encryption matrix candidates"). All of the encryption matrix candidates are matrices with a size of N ⁇ N, and each has an inverse matrix. It is desirable that the encryption matrix candidate is an orthonormal matrix.
  • the method of determining an encryption matrix by the encryption matrix generation unit 112 may be to select and determine one encryption matrix from candidate encryption matrices.
  • the encryption matrix determined by encryption matrix generation section 112 is sent to encryption symbol generation section 104.
  • L encryption matrices (L is an integer of 1 or more) constitute one "physical encryption block.”
  • Each of the encryption matrices constituting the physical cipher block is selected from at least two encryption matrix candidates.
  • the encryption matrix candidate may be realized, for example, by cyclically shifting matrix elements.
  • the physical encryption block is composed of encryption matrices related to at least 2 to the L power of combinations.
  • the encrypted symbol generation unit 104 configuring the physical encryption device 100 is a component that generates an encrypted symbol using the encryption matrix sent from the encryption matrix generation unit 112. Specifically, the encrypted symbol generation unit 104 multiplies the first to Nth temporary symbols sent from the temporary symbol generation unit 103 by an encryption matrix from the left, thereby generating the first to Nth temporary symbols. Generate cryptographic symbols up to. The first to Nth encrypted symbols generated in the encrypted symbol generator 104 are sent to the digital-to-analog converter 121 in the form of digital signals.
  • FIG. 3 is an explanatory diagram showing an example of generating one 8-value PAM symbol from 3 bits.
  • a state in which there is no signal that is, a state in which 0 continues, is considered to have a high probability of occurring. Therefore, "0, 0, 0", which is a series of 0's, is assigned an output symbol "1" close to the origin (zero).
  • bit string represents a plurality of bits input to the probability shaping encoding unit 101 from the outside.
  • the bit string shown in FIG. 4 shows an example in which 3 bits are treated as one unit.
  • the left side represents the beginning.
  • the leftmost column (“0, 1, 1” arranged vertically) is the first three bits input to the probability shaping encoding unit 101 from the outside.
  • three bits consisting of "0, 1, 1” correspond to "5" of the output symbol.
  • the second column from the left (“1, 1, 0” arranged vertically) is the second 3 bits input to the probability shaping encoding unit 101 from the outside. .
  • three bits consisting of "1, 1, 0" correspond to "-7" of the output symbol.
  • first temporary symbol string X p1 5, 3, -1, 1, -3
  • the first temporary symbol string (X p1 ) may be considered to correspond to the real axis of the complex plane.
  • the second temporary symbol sequence (X p2 ) may be considered to correspond to the imaginary axis of the complex plane.
  • probability shaping maps the position of a signal with a high frequency of occurrence, that is, a high probability of occurrence, to a position close to the origin on the complex plane.
  • ⁇ 0, 0, 0'' and ⁇ 0, 0, 0'' which are six consecutive 0s, are mapped to (1, 1) on the complex plane, but the design is such that a position close to the origin is selected. be done.
  • the first three bits (“0, 1, 1”) of the bit string are converted to the output symbol “5” based on the conversion table shown in FIG. 3, and are allocated to the beginning of the first temporary symbol string (X p1 ). It will be done.
  • the second three bits (“1, 1, 0”) of the bit string are converted to the output symbol “-7” based on the conversion table shown in FIG . will be allocated to Thereafter, output symbols are sequentially and alternately allocated to the first provisional symbol string (X p1 ) and the second provisional symbol string (X p2 ) in the same manner.
  • the portion described as "shared key 11001" is a shared key for encryption that is input to the encrypted bit string generation unit 111 from the outside.
  • the portion described as "encrypted bit string 10001" represents the encrypted bit string generated by the encrypted bit string generation unit 111.
  • the encrypted bit string is a bit string generated only from shared key information.
  • the encrypted bit string may be generated based on the above-mentioned AES algorithm, for example.
  • the encryption matrix (E 0 , E 1 ) illustrated in FIG. 4 is shown below. What should be noted in particular is that the encryption matrices (E 0 , E 1 ) shown in equation (1) are all orthogonal matrices. There are various ways to define an orthogonal matrix, but one definition is that the column vectors that make up the orthogonal matrix form an orthonormal basis.
  • the length of all vectors is 1, and the inner product of the vectors is equal to Kronecker's delta, that is, when two different lines are extracted (when i ⁇ j), the inner product is 0.
  • the inner product is 0.
  • the encryption matrix (E 0 , E 1 ) shown in equation (1) the whole is divided by the square root of 2, which is the column vector of the encryption matrix (E 0 , E 1 ) that becomes the base vector. This is for normalizing the size of 1 to 1.
  • the most important technical feature of the physical encryption device 100 is that it implements encryption by introducing the concept of "encryption matrix.” More specifically, the most important feature of the technology disclosed herein is that it has realized the idea of preparing a plurality of encryption matrix candidates (for example, E 0 and E 1 ) and switching between them as appropriate. Furthermore, the technology of the present disclosure has a technical feature in that the encryption matrix candidates are composed of a plurality of different orthogonal matrices.
  • the encryption matrix which is an orthogonal matrix, has the property of linear mapping, in that the distribution characteristics when the temporary symbol string, which is the mapping source, is plotted on a complex plane are maintained at the mapping destination. In the specific numerical example shown in FIG.
  • E1 of the encryption matrix can be interpreted as follows.
  • the bold R that appears in equation (2) represents a two-dimensional rotation matrix. That is, the encryption matrix E1 is nothing but a rotation matrix that rotates 45 degrees around the origin. Therefore, E 1 of the encryption matrix maintains the distribution characteristics when the temporary symbol string, which is the mapping source, is plotted on the complex plane even in the mapping destination.
  • E 0 of the encryption matrix shown in FIG. 4 can be interpreted as follows.
  • the matrix described as Y-axis mirror that appears in equation (3) can be interpreted as a matrix that provides a mapping that implements line symmetry about the Y axis.
  • the encryption matrix E 0 is nothing but a matrix that provides a mapping that first performs line symmetry around the Y axis and then performs a 45 degree rotation around the origin. Therefore, E 0 of the encryption matrix also maintains the distribution characteristics in the mapping destination when the temporary symbol string that is the mapping source is plotted on the complex plane.
  • An encryption matrix candidate consisting of a plurality of different orthogonal matrices may be generated by combining rotation and line symmetry in this way. Note that in the numerical example shown in FIG. 4, the encryption matrix candidate is created by 45-degree rotation and line symmetry about the Y-axis, but the disclosed technology is not limited to this. The angle of rotation may be other than 45 degrees, and the center of line symmetry may be at the Y-axis level.
  • An encryption matrix candidate consisting of a plurality of different orthogonal matrices can also be generated by randomly generating "1" or "-1". This method is particularly effective when N in the size (N ⁇ N) of the encryption matrix is an even number.
  • the vertical vector of "1, 1" is considered to be the first basis vector (e 1 ) and is set as the leftmost column vector of the encryption matrix (E in equation (1) 0 , see E1 ).
  • the next step is to further randomly generate "1" or "-1” and use it as a candidate for the second basis vector (e 2 ).
  • E the inner product of the first basis vector (e 1 ) and the second basis vector (e 2 ) must be zero. That is, the equation shown at the bottom of equation (4) must hold true. For example, assume that as a result of randomly generating "1" or "-1", the second basis vector (e 2 ) is "1, -1". At this time, since the inner product of the vectors becomes 0, it can be said that the encryption matrix (E) has been successfully generated (see E 0 in equation (1)).
  • E the procedure from there is, for example, fixing the first basis vector (e 1 ) and creating a new second basis vector (e 2 ) may be found using a similar method. Furthermore, if one encryption matrix (E) is successfully generated, the procedure from there may use line symmetry or rotation such as the Y-axis mirror described above to generate multiple encryption matrix candidates. . Note that since orthogonal matrices have the property that the value of the determinant is 1 or -1, this property may be used to check whether the encryption matrix candidate has been successfully generated. E 0 shown in equation (1) has a determinant value of -1. E 1 shown in equation (1) has a determinant value of 1.
  • an encryption matrix candidate when N 4, obtained by a method of randomly generating "1" or "-1".
  • a square matrix whose elements are either 1 or -1 and whose columns (and rows) are orthogonal is called a Hadamard matrix.
  • Sylvester's generation method is known as a method for generating Hadamard matrices.
  • the subscript 2 in E 2 and the subscript 3 in E3 are distinguished from the matrix (E 0 , E 1 ) shown in equation (1). Different numbers are selected for the purpose.
  • N in the encryption matrix size (N ⁇ N) is an odd number
  • a Hadamard matrix cannot be created.
  • the first basis vector is set to "1, 1, 1" (strictly speaking, it is divided by the root 3 for normalization, see equation (6))
  • the orthogonal matrix that can be generated is, for example, as follows. It is given to In this way, when N in the size (N ⁇ N) of the encryption matrix is an odd number, it is easy to generate the encryption matrix by combining rotation and symmetry.
  • the portions described as “2 ⁇ 2 matrices E 1 , E 0 , E 0 , E 0 , E 1 , . . . ” indicate that the encryption matrix generation unit 112 sequentially generates one of the encryption matrix candidates. This represents the selected encryption matrix.
  • the arrangement of the encryption matrix “E 1 , E 0 , E 0 , E 0 , E 1 ,...” corresponds to the arrangement of the encrypted bits in “Encrypted bit string 10001...” .
  • the encryption and decryption operations are given by the following equation using the encryption matrix (E b[i] ).
  • i appearing in formula (7) is a variable that specifies the number of the symbol in the symbol string.
  • first encrypted symbol string and “second encrypted symbol string" refer to the first to Nth encrypted symbols generated in the encrypted symbol generation unit 104. It represents a symbol.
  • the digital-to-analog conversion unit 121 configuring the physical encryption device 100 is a component that converts the encrypted symbol sent from the temporary symbol generation unit 103 as a digital signal into an electrical analog signal.
  • the digital-to-analog conversion unit 121 performs digital-to-analog conversion for each physical lane of the encrypted symbol sent from the temporary symbol generation unit 103.
  • axis For example, if the optical transmission system performs orthogonal polarization multiplexing to generate orthogonal amplitude modulation, then Four physical lanes are prepared: axis.
  • the in-phase axis is referred to as the I-axis.
  • the orthogonal phase axis shall be referred to as the Q axis.
  • the letter I on the I axis comes from the initial letter In-phase.
  • the letter Q on the Q-axis comes from the initial letter Quadrature.
  • the optical modulator 122 configuring the physical encryption device 100 is a component that modulates light, which is a carrier wave, based on the electrical analog signal sent from the digital-to-analog converter 121. If the electrical analog signal sent from the digital-to-analog converter 121 is of four systems: The section 122 performs four modulations and generates one modulated optical signal. The optical signal generated by the optical modulation section 122 is sent to the optical amplification section 123.
  • optical amplifying section 123 configuring the physical encryption device 100 is a component that amplifies the optical signal sent from the optical modulating section 122.
  • the optical signal amplified by the optical amplification section 123 is sent to an optical transmission system (not shown) consisting of an optical fiber or the like.
  • a device that is a subcombination of the physical encryption device 100 is the physical decryption device 200 shown in FIG. As shown in FIGS. 1 and 2, the components of the physical encryption device 100 and the components of the physical decryption device 200 have a corresponding relationship.
  • the optical detection unit 222 that constitutes the physical decoding device 200 is a component that detects an optical signal from an optical transmission system made of an optical fiber or the like.
  • the optical signal is converted into electrical analog signals of four systems: X polarization-I-axis, X-polarization-Q-axis, Y-polarization-I-axis, and Y-polarization-Q-axis.
  • the four electrical analog signals are sent to an analog-to-digital converter 221.
  • the analog-to-digital converter 221 configuring the physical decoding device 200 is a component that converts an electrical analog signal sent from the photodetector 222 into a digital signal.
  • the digital signal converted by the analog-to-digital converter 221 is sent as an encrypted symbol to the encrypted symbol termination section 204.
  • the encrypted bit string generation unit 211 configuring the physical decryption device 200 is a component that generates the same encrypted bit string based on the same shared key that the physical encryption device 100 has.
  • the common key encryption algorithm used by the encrypted bit string generator 211 is the same as that used by the encrypted bit string generator 111 of the physical encryption device 100.
  • the encrypted bit string generated by the encrypted bit string generator 211 is sent to the encrypted matrix generator 212.
  • the encryption matrix generation unit 212 configuring the physical decryption device 200 is a component that determines an encryption matrix based on at least a part of the encrypted bit string sent from the encrypted bit string generation unit 211.
  • the way the encryption matrix generation unit 212 determines the encryption matrix is the same as the way the encryption matrix generation unit 112 in the physical encryption device 100 determines the encryption matrix.
  • the encryption matrix determined by the encryption matrix generation section 212 is sent to the encryption symbol termination section 204.
  • the encrypted symbol termination unit 204 configuring the physical decoding device 200 is a component that decodes encrypted symbols into temporary symbols using the encryption matrix sent from the encryption matrix generation unit 212. Specifically, the encrypted symbol termination unit 204 multiplies the first to Nth encrypted symbols sent from the analog-to-digital converter 221 by the inverse matrix of the encryption matrix from the left. Decoding into the 1st to Nth temporary symbols is performed. The first to Nth temporary symbols decoded by the encrypted symbol termination section 204 are sent to the temporary symbol termination section 203.
  • FIG. 5 is an explanatory diagram showing the processing contents of temporary symbol termination section 203 configuring physical decoding device 200 according to the first embodiment using a specific numerical example.
  • the table shown on the left side of the leftward arrow is a numerical example of the bit string decoded in the temporary symbol termination section 203.
  • the bit string decoded in the temporary symbol termination unit 203 includes "hard decision bits" (bits displayed in bold) that are decoded based on the conversion table shown in FIG. , "reliability information (example of 2 bits)" (2 bits displayed in non-bold).
  • the error correction decoding section 202 configuring the physical decoding device 200 is a component that performs error correction decoding on the bit string sent from the temporary symbol termination section 203.
  • the error correction decoding performed by the error correction decoding section 202 corresponds to the error correction encoding performed in the error correction encoding section 102 of the physical encryption device 100, and has the opposite effect.
  • the bit string subjected to error correction decoding in the error correction decoding section 202 is sent to the probability shaping decoding section 201.
  • the probability shaping decoding unit 201 configuring the physical decoding device 200 is a component that performs a reverse probability shaping operation on the bit string sent from the error correction decoding unit 202.
  • Physical decoding processing is realized by the actions of the respective components constituting the physical decoding device 200 described above.
  • FIG. 6 is a block diagram showing the functional configuration of an optical transmission system that is an application example of the disclosed technology.
  • the physical encryption device 100 according to the disclosed technology is installed on the left side of the optical transmission system shown in FIG. It can be applied to the functional blocks described as "optical multiplexing" and "optical amplification.” Further, the physical decoding device 200 according to the disclosed technology is located on the right side of the optical transmission system shown in FIG. It can be applied to the part of the functional block that has been created.
  • One of the excellent effects of the physical encryption device 100 according to the first embodiment is that it is possible to achieve both probability shaping and physical encryption in this way.
  • Embodiment 2 The physical encryption device 100 and the physical decryption device 200 according to the second embodiment are the physical encryption device 100 and the physical decryption device 200 according to the presently disclosed technology in terms of hardware configuration.
  • the same symbols used in the first embodiment are used unless otherwise specified. Further, in the second embodiment, explanations that overlap with those in the first embodiment will be omitted as appropriate.
  • FIG. 7 is a configuration diagram showing the hardware configuration of the physical encryption device 100 according to the second embodiment.
  • Each function of the physical encryption device 100 is realized by a processing circuit. Even if the processing circuit is dedicated hardware, it is also called a CPU (Central Processing Unit, central processing unit, processing unit, arithmetic unit, microprocessor, microcomputer, processor, DSP) that executes a program stored in memory. ).
  • CPU Central Processing Unit, central processing unit, processing unit, arithmetic unit, microprocessor, microcomputer, processor, DSP
  • FIG. 7A is a configuration diagram showing the hardware configuration of physical encryption device 100 according to the second embodiment, and shows a case where the processing circuit is dedicated hardware.
  • the physical encryption device 100 in this case includes a transmission side input interface 152, a transmission side processing circuit 154, and a transmission side output interface 158.
  • the device that performs the encryption is referred to as the "sending" device.
  • an encryption device is generally sometimes referred to as a transmitter.
  • the dedicated hardware transmitter processing circuit 154 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC, an FPGA, or a combination thereof.
  • Each function of the physical encryption device 100 may be realized by a separate transmission side processing circuit 154 for each function, or may be realized all by one transmission side processing circuit 154.
  • FIG. 7B is a configuration diagram showing the hardware configuration of the physical encryption device 100 according to the second embodiment, and shows a case where the processing circuit is a CPU.
  • the functions of each part of the physical encryption device 100 are executed by software.
  • the physical encryption device 100 in this case includes a sending side input interface 152, a sending side processor 155, a sending side memory 156, and a sending side output interface 158.
  • the transmitting side processor 155 which is a processing circuit realized by a CPU, realizes the functions of each part by reading and executing a program stored in the transmitting side memory 156.
  • the physical encryption device 100 includes a transmitting side memory 156 for storing a program that, when executed by the transmitting side processor 155, results in the processing steps related to the functions of each unit being executed. It can also be said that these programs cause the sending processor 155, which is a computer, to execute the procedures and methods of the physical encryption device 100.
  • the transmitting side memory 156 may be a non-volatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, etc., for example.
  • the transmitting side memory 156 may include a disk such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. Further, the transmitting side memory 156 may be in the form of an HHD or an SSD.
  • the physical encryption device 100 may have some functions realized by dedicated hardware and the remaining functions realized by software or firmware. In this manner, the functions of each part of the processing circuit related to the physical encryption device 100 can be realized by hardware, software, firmware, or a combination thereof.
  • FIG. 8 is a configuration diagram showing the hardware configuration of the physical decoding device 200 according to the second embodiment.
  • Each function of the physical decryption device 200 is realized by a processing circuit different from that of the physical encryption device 100.
  • the processing circuit related to the physical decryption device 200 may be dedicated hardware or a CPU that executes a program stored in memory.
  • FIG. 8A is a configuration diagram showing the hardware configuration of the physical decoding device 200 according to the second embodiment, and as shown in FIG. 8A in which the processing circuit is dedicated hardware, in this case,
  • the physical decoding device 200 includes a receiving side input interface 252, a receiving side processing circuit 254, and a receiving side output interface 258.
  • the device that performs the decoding is referred to as the "receiving" device.
  • the decoding device is generally also referred to as a receiver.
  • the dedicated hardware receiver processing circuit 254 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC, an FPGA, or a combination thereof.
  • Each function of the physical decoding device 200 may be realized by a separate receiving side processing circuit 254 for each function, or may be realized all by one receiving side processing circuit 254.
  • FIG. 8B is a configuration diagram showing the hardware configuration of physical decoding device 200 according to the second embodiment, and shows a case where the processing circuit is a CPU.
  • the functions of each part of the physical decoding device 200 are executed by software.
  • the physical decoding device 200 in this case includes a receiving side input interface 252, a receiving side processor 255, a receiving side memory 256, and a receiving side output interface 258.
  • the receiving processor 255 which is a processing circuit implemented by a CPU, implements the functions of each section by reading and executing a program stored in the receiving memory 256.
  • the physical decoding device 200 includes a receiving side memory 256 for storing a program that, when executed by the receiving side processor 255, results in the processing steps related to the functions of each unit being executed. It can also be said that these programs cause the receiving processor 255, which is a computer, to execute the procedures and methods of the physical decoding device 200.
  • the receiving side memory 256 may be a non-volatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, etc., for example.
  • the receiving side memory 256 may be of a mode including a disk such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. Further, the receiving side memory 256 may be in the form of an HHD or an SSD.
  • the physical decoding device 200 may have some functions realized by dedicated hardware and the remaining functions realized by software or firmware. In this way, the processing circuit related to the physical decoding device 200 can realize the functions of each part using hardware, software, firmware, or a combination thereof.
  • the functions of each part can be realized by hardware, software, firmware, or a combination thereof.
  • the physical encryption device 100 and the physical decryption device 200 according to the second embodiment realized in this way have the same effects as those described in the first embodiment.
  • Embodiment 3 The physical encryption device 100 and the physical decryption device 200 according to the third embodiment are modified examples of the physical encryption device 100 and the physical decryption device 200 according to the disclosed technology.
  • the same reference numerals as those used in the previously described embodiments are used unless otherwise specified.
  • descriptions that overlap with those of the previously described embodiments will be omitted as appropriate.
  • the encryption can be strengthened by converting the signal into multiple values.
  • multi-level signal conversion cannot be carried out unconditionally (easily).
  • the receiving side must be able to correctly detect the signal. If the receiving side cannot detect the signal correctly, communication will not be established.
  • Analog components that make up optical communication systems have various limitations or undesirable properties. Limitations or properties due to analog components include, specifically, band limitations, delay differences, loss differences, nonlinearity, carrier frequency differences, carrier phase noise, and the like.
  • optical transmission lines have properties such as chromatic dispersion, polarization mode dispersion, band limitation, polarization dependent loss, and polarization state fluctuation.
  • the above-mentioned properties are generally overcome by compensation by waveform equalization.
  • the central theme is how to realize compensation, which becomes more difficult as the multilevel degree of the signal increases.
  • FIG. 9 is a block diagram showing the functional configuration of physical encryption device 100 according to the third embodiment.
  • physical encryption device 100 according to Embodiment 3 includes known symbol generation section 105 in addition to the components of physical encryption device 100 according to Embodiment 1 (see FIG. 1). , an encrypted known symbol generator 106, and an encrypted symbol multiplexer 107.
  • the known symbol generation unit 105 is a component that generates known symbols.
  • the known symbol may actually be considered to be the same as what is generally called a "pilot symbol.”
  • Commonly known pilot symbols are used to detect cycle slips (eg, WO 2010/138198).
  • the known symbols in the disclosed technology are used to realize compensation, which becomes more difficult as the multilevel degree of the signal increases, as described above. That is, the disclosed technology uses known symbols differently from the general use of pilot symbols.
  • the known symbols in the disclosed technology are referred to as "known symbols" to distinguish them from general pilot symbols. Note that, as described above, the known symbols are actually the same as the pilot symbols. Therefore, the known symbols can be used not only for usage specific to the disclosed technology but also for general pilot symbol usage.
  • the known symbols generated by the known symbol generation section 105 do not depend on the bit string input to the probability shaping encoding section 101 described above.
  • the known symbols are used for waveform equalization on the receiving side. Details of how the known symbols are used for waveform equalization will become clear from the description below.
  • the known symbols are N_P one-dimensional symbols.
  • the known symbol may be, for example, a one-dimensional PAM symbol based on a pseudo-random bit string.
  • the known symbol may be created by projecting a two-dimensional QAM symbol or a multidimensional symbol onto one dimension. It is desirable that the known symbol is a symbol with a probability distribution equivalent to that of the symbol generated in the probability shaping encoding section 101 described above. By using symbols with the same probability distribution in this way, it becomes difficult for an eavesdropper to specify the position of a known symbol, and encryption becomes stronger.
  • the encrypted known symbol generation unit 106 is a component that encrypts the known symbols generated by the known symbol generation unit 105.
  • the known symbols encrypted by the encrypted known symbol generation unit 106 are referred to as "encrypted known symbols.”
  • the encrypted known symbol generation unit 106 is also a component that generates encrypted known symbols.
  • the encrypted known symbol generation unit 106 uses the encryption matrix (size is N_P ⁇ N_P ) created by the encryption matrix generation unit 112 in order to generate encrypted known symbols from known symbols (see FIG. 9). ).
  • the matrix operation in which the encrypted known symbol generator 106 generates an encrypted known symbol from a known symbol is the matrix operation (matrix multiplication shown in formula (7)) in which the encrypted symbol generator 104 generates an encrypted symbol from a temporary symbol. ) is formally the same as
  • the physical encryption device 100 can encrypt the known symbols separately from the symbols to be communicated. If the symbol to be communicated and the known symbol are encrypted in combination, it will be difficult to perform waveform equalization in the encrypted state, and this will prevent physical encryption as intended by the disclosed technology. Not compatible with the method.
  • FIG. 10 is an explanatory diagram showing the processing of encrypted symbol multiplexing section 107 of physical encryption device 100 according to the third embodiment.
  • the horizontal axis represents time and the vertical axis represents space.
  • four physical lanes are defined in the space. These four physical lanes may be considered, for example, as a combination of two orthogonal polarizations (horizontal polarization and vertical polarization) and two carrier wave orthogonal phases.
  • the time domain is divided into multiple (10) regions. Each divided time width shall be referred to as a "time slot.”
  • FIG. 10 shows that encrypted known symbols with known data information are periodically inserted into the transmitted data.
  • the encrypted known symbols are inserted in the same time slot in all four physical lanes, but the disclosed technology is not limited to this. Even if the encrypted symbol multiplexing unit 107 inserts encrypted known symbols into each physical lane at the same period using different time slots as initial insertion positions (as if the initial phases are different), good. In this way, the encrypted symbol and the encrypted known symbol are arranged in time and space, respectively, in such a manner that they do not mix. Note that in Figure 10, the frequency at which encrypted known symbols appear is sufficiently low compared to the frequency at which encrypted symbols appear; however, in order to increase the probability that the receiver can correctly detect the signal, It is also envisioned that the frequency with which known symbols appear will be further increased. The three-dot leader (“...”) appearing in FIG. 10 represents that the encrypted known symbol appears less frequently.
  • FIG. 11 is a block diagram showing the functional configuration of physical decoding device 200 according to Embodiment 3.
  • physical decoding device 200 according to Embodiment 3 includes a known symbol generation unit 205 and a cryptographic symbol in addition to the components of physical decoding device 200 according to Embodiment 1 (see FIG. 2).
  • the encrypted known symbol generation section 206, an encrypted symbol division section 207, a waveform equalization section 230, an encrypted known symbol termination section 231, and a known symbol comparison section 232 are provided.
  • the known symbol generation unit 205 configuring the physical decoding device 200 is a component that generates the same known symbol as the known symbol generation unit 105 configuring the physical encryption device 100. That is, the disclosed technology uses the same known symbols on the transmitting side and the receiving side. As shown in FIG. 11, the known symbols generated by the known symbol generation section 205 are sent to the encrypted known symbol generation section 206 and the known symbol comparison section 232.
  • the encrypted known symbol generation unit 206 configuring the physical decoding device 200 is a component that generates the same encrypted known symbols as the encrypted known symbol generation unit 106 configuring the physical encryption device 100. That is, the disclosed technology uses the same encryption known symbol on the transmitting side and the receiving side. As shown in FIG. 11, the encrypted known symbols generated by the encrypted known symbol generator 206 are sent to the waveform equalizer 230.
  • the waveform equalizer 230 is a component that performs waveform equalization based on encrypted known symbols.
  • the target of waveform equalization performed by the waveform equalization unit 230 is the digital signal (also referred to as “received digital waveform signal”) that is the output of the analog-to-digital conversion unit 221.
  • the waveform-equalized received digital waveform signal is sent to encrypted symbol dividing section 207 .
  • Waveform equalization is a process that restores the transmitted signal waveform by compensating for waveform distortion caused by the superposition of a plurality of arriving waves that have passed through different routes. Waveform equalization is a technology widely used in the technical field of wireless communications.
  • Equalizers are sometimes used not only on the receiving side but also on the transmitting side.
  • the encrypted known symbols are known and their expected values are also known. Therefore, the receiving side can perform waveform equalization using the encrypted known symbol as a reference.
  • the waveform equalization performed by the waveform equalization unit 230 is implemented, for example, by signal processing such as a finite impulse response filter or phase rotation. Specifically, when performing waveform equalization, the waveform equalization unit 230 generates a finite impulse response so that the encrypted known symbols are located at the original coordinates and at least the measured average value is located at the original coordinates. Define the filter coefficient or phase rotation amount of the filter.
  • the encrypted symbol dividing section 207 configuring the physical decoding device 200 converts the waveform-equalized received digital waveform signal (also referred to as "received multiplexed symbol") sent from the waveform equalizing section 230 into encrypted symbols. It is a component that is separated into encryption known symbols. It can be said that the encrypted symbol division section 207 that constitutes the physical decoding device 200 is a component that performs an operation opposite to that of the encrypted symbol multiplexing section 107 that constitutes the physical encryption device 100. Among the symbols separated by the encrypted symbol dividing section 207, the encrypted symbols are sent to the encrypted symbol termination section 204. Among the symbols separated by the encrypted symbol dividing section 207, the encrypted known symbols are sent to the encrypted known symbol termination section 231.
  • the encrypted known symbol termination unit 231 that constitutes the physical decoding device 200 is a component that decodes encrypted known symbols into known symbols. Decoding an encrypted known symbol into a known symbol is sometimes expressed as "recovering a known symbol.”
  • the encrypted known symbol termination unit 231 uses the inverse matrix of the encryption matrix (size is N_P ⁇ N_P ) generated by the encryption matrix generation unit 212 when decoding the encrypted known symbol into a known symbol. It can be said that the encrypted known symbol termination section 231 that constitutes the physical decoding device 200 is a component that performs an inverse operation to the encrypted known symbol generation section 106 that constitutes the physical encryption device 100.
  • the known symbol obtained by decoding the encrypted known symbol termination section 231 is sent to the photodetector section 222.
  • known symbol comparison unit 232 configuring the physical decoding device 200 compares the known symbols generated by the known symbol generation unit 105 on the transmission side and the known symbols decoded (recovered) by the encrypted known symbol termination unit 231 on the reception side. It is a component that compares and.
  • the comparison result of the known symbol comparison unit 232 can be used as an index for determining whether or not communication in the optical transmission system is normal.
  • the optical transmission system to which the technology of the present disclosure is applied may determine that communication is normal if the mismatch rate is, for example, 1% or less in the comparison result of the known symbol comparison unit 232.
  • FIG. 12 is an explanatory diagram showing a transceiver that combines the physical encryption device 100 and the physical decryption device 200 according to the third embodiment.
  • the technology of the present disclosure assumes a system facing a communication partner, and may be implemented as a transceiver at one location by combining a physical encryption device 100 and a physical decryption device 200.
  • the shared key is the same in both directions.
  • the known symbol generating section 205 and the encrypted known symbol generating section 206 which are present on the transmitting side and are redundant on the receiving side, can be omitted.
  • a technical feature of physical encryption device 100 and physical decryption device 200 according to the third embodiment is that known encryption symbols are used for waveform equalization.
  • the physical encryption device 100 and the physical decryption device 200 according to the third embodiment have the effect of being able to solve the compensation problem that becomes more difficult as the multilevel degree of the signal increases.
  • the physical encryption device 100 according to the third embodiment is capable of establishing communication even when encryption is performed using high multi-values of 16 values, 32 values, and 64 values or more per dimension. Can be done. Since the physical encryption device 100 according to the third embodiment encrypts known symbols that are generally not encrypted, the strength of the encryption is maintained.
  • [Claim 1] a probability shaping encoding unit that performs probability shaping on a plurality of bits input from the outside; an error correction code that performs error correction encoding on error correction information bits sent from the probability shaping encoding unit; a temporary symbol generating section that generates a temporary symbol from a bit string consisting of the error correction information bits and error correction redundant bits; an encrypted bit string generating section that generates an encrypted bit string based on the shared key; an encryption matrix generation unit that determines an encryption matrix based on at least a portion of the encrypted bit string; an encryption symbol generation unit that uses the encryption matrix to generate an encryption symbol from the provisional symbol; Including; physical encryption device.
  • a physical encryption device for a physical encryption device including a probability shaping coding unit, an error correction coding unit, a temporary symbol generation unit, an encrypted bit string generation unit, an encryption matrix generation unit, and an encrypted symbol generation unit.
  • the probability shaping encoding unit performs probability shaping on a plurality of bits input from the outside; and the error correction encoding unit performs probability shaping on the error sent from the probability shaping encoding unit.
  • the temporary symbol generation section generates a temporary symbol from a bit string consisting of the error correction information bits and the error correction redundant bits;
  • the encrypted bit string generation section : generating an encrypted bit string based on the shared key; the encryption matrix generating section determining an encryption matrix based on at least a portion of the encrypted bit string; the encrypting symbol generating section generating the encrypted bit string; A physical encryption method in which an encrypted symbol is generated from the temporary symbol using an encryption matrix.
  • a physical decoding device comprising: an error correction decoding unit that performs error correction decoding; and a probability shaping decoding unit that performs an inverse probability shaping operation on the bit string sent from the error correction decoding unit.
  • a physical decoding method for a physical decoding device including an encrypted bit string generation section, an encrypted matrix generation section, an encrypted symbol termination section, a temporary symbol termination section, an error correction decoding section, and a probability shaping decoding section.
  • the encrypted bit string generation unit generates an encrypted bit string based on a shared key;
  • the encryption matrix generation unit determines an encryption matrix based on at least a portion of the encrypted bit string;
  • the encrypted symbol termination section decodes the encrypted symbol into a temporary symbol using the encryption matrix;
  • the temporary symbol termination section decodes the temporary symbol into a bit string;
  • the error correction The decoding unit performs error correction decoding on the bit string sent from the temporary symbol terminal part;
  • the probability shaping decoding unit performs an inverse effect of probability shaping on the bit string sent from the error correction decoding unit. Physical decoding method.
  • the disclosed technology can be applied, for example, to encryption of optical transmission systems, particularly on the metro core network (MET) side, and has industrial applicability.
  • the area called “metro” means an area on the other side of the core network than the area called “access” that accommodates base stations.
  • “Metro” is sometimes referred to as "aggregation.”

Abstract

A physical encryption device according to the present disclosed technology comprises: a probabilistic shaping encoding unit (101) that implements a probabilistic shaping with respect to multiple externally inputted bits; an error correction encoding unit (102) that performs an error correction encoding with respect to error correction information bits sent from the probabilistic shaping encoding unit (101); a provisional symbol generating unit (103) that generates a provisional symbol from a bit sequence consisting of the error correction information bits and error correction redundant bits; an encrypted bit sequence generating unit (111) that generates an encrypted bit sequence on the basis of a shared key; an encrypted matrix generating unit (112) that determines an encrypted matrix on the basis of at least a portion of the encrypted bit sequence; an encrypted symbol generating unit (104) that uses the encrypted matrix to generate an encrypted symbol from the provisional symbol; an encrypted known-symbol generating unit (106) that encrypts a known symbol into an encrypted known-symbol; and an encrypted symbol multiplexing unit (107) that multiplexes the encrypted symbol with the encrypted known-symbol.

Description

物理暗号化装置、物理暗号化方法、物理復号装置、及び物理復号方法Physical encryption device, physical encryption method, physical decryption device, and physical decryption method
 本開示技術は、物理暗号化装置、物理暗号化方法、物理復号装置、及び物理復号方法に関する。 The disclosed technology relates to a physical encryption device, a physical encryption method, a physical decryption device, and a physical decryption method.
 光伝送システムの技術分野において、Probabilistic Shaping(Probabilistic Constellation Shapingとも称される。以降、本明細書においては「確率整形」と称する。)が注目されている。確率整形は、簡単に言えば変調信号の確率分布を整形するデジタル信号処理技術である。より具体的に言えば、確率整形は、出現頻度すなわち発生確率の高い信号の位置を、複素平面における原点に近い位置、すなわち低いエネルギーで実現できる位置、に写像する技術とも言える。このため確率整形は、通信効率をシャノン限界と称される理論限界に限りなく近づけられる技術だ、と認識されるようになり、世界中で検討が行われるようになった。 In the technical field of optical transmission systems, probabilistic shaping (also referred to as probabilistic constellation shaping, hereinafter referred to as "probabilistic shaping" in this specification) has been attracting attention. Simply put, probability shaping is a digital signal processing technique that shapes the probability distribution of a modulated signal. More specifically, probability shaping can be said to be a technique for mapping the position of a signal with a high frequency of occurrence, that is, a high probability of occurrence, to a position close to the origin on the complex plane, that is, a position that can be realized with low energy. For this reason, stochastic shaping has come to be recognized as a technology that can bring communication efficiency as close as possible to the theoretical limit known as the Shannon limit, and is being studied around the world.
 例えば、特許文献1には、確率整形と誤り訂正符号化とを組み合わせることにより、通信を高性能化する技術が開示されている。 For example, Patent Document 1 discloses a technique for improving communication performance by combining probability shaping and error correction coding.
特開2020-48188号公報JP2020-48188A
 ところで、光伝送システムなどの通信システムにおいて、信号を暗号化し、通信の秘匿性を高めることも求められている。最も直感的に考え得る暗号化の1つは、擬似ランダムビット列を用意し、暗号化対象である信号のビット列との排他的ORを取る、というビットレベルにおける数理暗号の手法であろう。
 しかし、このような数理暗号を施すことは、各信号点の発生確率を原理的に均一にしてしまうため、各信号点の発生確率を偏らせて高性能化する上記の確率整形と併用することができない、という問題がある。 By the way, in communication systems such as optical transmission systems, it is also required to encrypt signals to improve the confidentiality of communication. One of the encryption methods that can be considered most intuitively is a bit-level mathematical encryption method in which a pseudo-random bit string is prepared and exclusive ORed with the bit string of the signal to be encoded.
However, applying such mathematical encryption essentially equalizes the probability of occurrence of each signal point, so it should be used in conjunction with the above-mentioned probability shaping, which biases the probability of occurrence of each signal point and improves performance. The problem is that it cannot be done.
 本開示技術は、上記課題を鑑み、通信システムにおいて、確率整形と物理暗号化とを両立する物理暗号化装置を提供することを目的とする。 In view of the above-mentioned problems, the present technology aims to provide a physical encryption device that achieves both probability shaping and physical encryption in a communication system.
 本開示技術に係る物理暗号化装置は、外部から入力される複数のビットに対して、確率整形を実施する確率整形符号化部と、確率整形符号化部から送られる誤り訂正情報ビットに対し、誤り訂正の符号化を行う誤り訂正符号化部と、誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、仮シンボルを生成する仮シンボル生成部と、共有鍵に基づいて、暗号化ビット列を生成する暗号化ビット列生成部と、暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する暗号化行列生成部と、暗号化行列を用いて、仮シンボルから暗号化シンボルを生成する暗号化シンボル生成部と、既知シンボルを生成する既知シンボル生成部と、既知シンボルを暗号化既知シンボルに暗号化する暗号化既知シンボル生成部と、暗号化シンボルと、暗号化既知シンボルと、を多重する暗号化シンボル多重部と、を含む、というものである。 The physical encryption device according to the disclosed technique includes a probability shaping coding unit that performs probability shaping on a plurality of bits input from the outside, and a probability shaping coding unit that performs probability shaping on error correction information bits sent from the probability shaping coding unit. An error correction encoding unit that performs error correction encoding; a temporary symbol generation unit that generates temporary symbols from a bit string consisting of error correction information bits and error correction redundant bits; and a temporary symbol generation unit that generates an encrypted bit string based on a shared key. an encrypted bit string generator that determines an encryption matrix based on at least a portion of the encrypted bit string; and an encryption matrix generator that generates an encrypted symbol from a temporary symbol using the encryption matrix. A cipher that multiplexes a symbol generation unit, a known symbol generation unit that generates a known symbol, an encrypted known symbol generation unit that encrypts the known symbol into an encrypted known symbol, an encrypted symbol, and an encrypted known symbol. and a symbol multiplexing section.
 本開示技術に係る物理暗号化装置は上記構成を備えるため、確率整形と物理暗号化とを両立して実現することができる。 Since the physical encryption device according to the disclosed technology has the above configuration, it is possible to achieve both probability shaping and physical encryption.
図1は、実施の形態1に係る物理暗号化装置の機能構成を示すブロック図である。FIG. 1 is a block diagram showing the functional configuration of a physical encryption device according to the first embodiment. 図2は、実施の形態1に係る物理復号装置の機能構成を示すブロック図である。FIG. 2 is a block diagram showing the functional configuration of the physical decoding device according to the first embodiment. 図3は、3bitから1つの8値PAMシンボルを生成する例を示す説明図である。FIG. 3 is an explanatory diagram showing an example of generating one 8-value PAM symbol from 3 bits. 図4は、実施の形態1に係る物理暗号化装置の動作を具体的な数値例で示す説明図である。FIG. 4 is an explanatory diagram showing the operation of the physical encryption device according to the first embodiment using a specific numerical example. 図5は、実施の形態1に係る物理復号装置を構成する仮シンボル終端部203の処理内容を具体的な数値例で示す説明図である。FIG. 5 is an explanatory diagram showing the processing contents of the temporary symbol termination unit 203 configuring the physical decoding device according to the first embodiment using a specific numerical example. 図6は、本開示技術の応用例である光伝送システムの機能構成を示す部ブロック図である。FIG. 6 is a block diagram showing the functional configuration of an optical transmission system that is an application example of the disclosed technology. 図7は、実施の形態2に係る物理暗号化装置のハードウエア構成を示す構成図である。FIG. 7 is a configuration diagram showing the hardware configuration of the physical encryption device according to the second embodiment. 図8は、実施の形態2に係る物理復号装置のハードウエア構成を示す構成図である。FIG. 8 is a configuration diagram showing the hardware configuration of the physical decoding device according to the second embodiment. 図9は、実施の形態3に係る物理暗号化装置の機能構成を示すブロック図である。FIG. 9 is a block diagram showing the functional configuration of the physical encryption device according to the third embodiment. 図10は、実施の形態3に係る物理暗号化装置の暗号化シンボル多重部の処理を示す説明図である。FIG. 10 is an explanatory diagram showing the processing of the encrypted symbol multiplexing unit of the physical encryption device according to the third embodiment. 図11は、実施の形態3に係る物理復号装置の機能構成を示すブロック図である。FIG. 11 is a block diagram showing the functional configuration of a physical decoding device according to Embodiment 3. 図12は、実施の形態3に係る物理暗号化装置及び物理復号装置を組み合わせた送受信器を示す説明図である。FIG. 12 is an explanatory diagram showing a transceiver combining a physical encryption device and a physical decryption device according to the third embodiment.
 暗号の種類には、数理暗号、及び物理暗号が知られている。一般に物理暗号と言えば、量子暗号のように、その実装の基礎が物理学の基本法則に基づいている暗号を意味する。例えば、量子暗号は、その実装の基礎が量子力学という物理学に基づいている。
 数理暗号と物理暗号との違いは、安全性の違いによっても説明される。数理暗号は、もっぱら計算量的安全性に基づいている暗号だと言われている。計算量的安全性とは、暗号解読に必要なアルゴリズムの計算量に着目した安全性に関する概念である。一方で、物理暗号は、計算量的安全性ではなく、情報理論的安全性を実装できる暗号だと言われている。情報理論的安全性とは、無限の計算能力を持つ攻撃者(イブと呼ばれる)から通信の秘匿性を保証できるとする概念である。
 本明細書においては、ビットの0、1を取り扱っているレベルの暗号は数理暗号と、「シンボル」という概念を導入したレベルの暗号は物理暗号と、それぞれ称されるものとする。シンボルは、光波の「状態」に対して割り振られる記号である。光波の状態の違いは物理的な違いだ、とも言える。本明細書においては、シンボルを扱うレイヤーは、物理レイヤーと称されるものとする。 Mathematical cryptography and physical cryptography are known as types of cryptography. Generally speaking, physical cryptography refers to cryptography whose implementation is based on fundamental laws of physics, such as quantum cryptography. For example, quantum cryptography is based on the physics of quantum mechanics.
The difference between mathematical cryptography and physical cryptography is also explained by the difference in security. Mathematical cryptography is said to be a cryptography based solely on computational security. Computational security is a concept related to security that focuses on the computational complexity of the algorithm required for cryptanalysis. On the other hand, physical cryptography is said to be a cipher that can implement information-theoretic security rather than computational security. Information-theoretical security is a concept that guarantees the confidentiality of communications from an attacker (called Eve) who has unlimited computing power.
In this specification, a level of encryption that handles bits 0 and 1 is referred to as a mathematical encryption, and a level of encryption that introduces the concept of "symbol" is referred to as a physical encryption. A symbol is a symbol assigned to a "state" of a light wave. It can also be said that the difference in the state of light waves is a physical difference. In this specification, a layer that handles symbols is referred to as a physical layer.
実施の形態1.
 図1は、実施の形態1に係る物理暗号化装置100の機能構成を示すブロック図である。図1に示されるとおり、実施の形態1に係る物理暗号化装置100は、確率整形符号化部101と、誤り訂正符号化部102と、仮シンボル生成部103と、暗号化シンボル生成部104と、暗号化ビット列生成部111と、暗号化行列生成部112と、デジタルアナログ変換部121と、光変調部122と、光増幅部123と、を含む。 Embodiment 1.
FIG. 1 is a block diagram showing the functional configuration of a physical encryption device 100 according to the first embodiment. As shown in FIG. 1, the physical encryption device 100 according to the first embodiment includes a probability shaping coding section 101, an error correction coding section 102, a temporary symbol generation section 103, and an encrypted symbol generation section 104. , an encrypted bit string generation section 111, an encryption matrix generation section 112, a digital-to-analog conversion section 121, an optical modulation section 122, and an optical amplification section 123.
 図2は、実施の形態1に係る物理復号装置200の機能構成を示すブロック図である。図2に示されるとおり、実施の形態1に係る物理復号装置200は、確率整形復号部201と、誤り訂正復号部202と、仮シンボル終端部203と、暗号化シンボル終端部204と、暗号化ビット列生成部211と、暗号化行列生成部212と、アナログデジタル変換部221と、光検出部222と、を含む。 FIG. 2 is a block diagram showing the functional configuration of physical decoding device 200 according to the first embodiment. As shown in FIG. 2, the physical decoding device 200 according to the first embodiment includes a probability shaping decoding section 201, an error correction decoding section 202, a temporary symbol termination section 203, an encrypted symbol termination section 204, and an encryption symbol termination section 204. It includes a bit string generation section 211, an encryption matrix generation section 212, an analog-to-digital conversion section 221, and a light detection section 222.
《物理暗号化装置100を構成する確率整形符号化部101》
 物理暗号化装置100を構成する確率整形符号化部101は、外部から入力される複数のビットに対して、確率整形を実施する構成要素である。確率整形符号化部101により確率整形されたビットは、本明細書においては、「確率整形後ビット」と称されるものとする。
 確率整形符号化部101において生成された確率整形後ビットは、誤り訂正符号化部102へと送られる。 <<Probability shaping encoding unit 101 configuring the physical encryption device 100>>
The probability shaping encoding unit 101 configuring the physical encryption device 100 is a component that performs probability shaping on a plurality of bits input from the outside. The bits that have been probability-shaped by the probability-shaping encoding unit 101 are referred to as "probability-shaped bits" in this specification.
The probability-shaped bits generated in probability-shaping encoding section 101 are sent to error-correction encoding section 102 .
《物理暗号化装置100を構成する誤り訂正符号化部102》
 物理暗号化装置100を構成する誤り訂正符号化部102は、第1に、確率整形符号化部101から送られる確率整形後ビットを複数まとめてる。この第1の処理により得られたビットは、本明細書においては、「誤り訂正情報ビット」と称されるものとする。
 誤り訂正符号化部102は、第2に、誤り訂正情報ビットに対し、誤り訂正符号化を行う。この第2の処理により得られたビットは、本明細書においては、「誤り訂正冗長ビット」と称されるものとする。
 誤り訂正符号化部102が採用する誤り訂正符号は、例えば、BCH符号、低密度パリティ検査符号、ターボ符号、等の符号でよい。
 誤り訂正符号化部102において生成された誤り訂正情報ビット及び誤り訂正冗長ビットは、仮シンボル生成部103へと送られる。 <<Error correction encoding unit 102 configuring the physical encryption device 100>>
First, the error correction encoding section 102 constituting the physical encryption device 100 collects a plurality of probability-shaped bits sent from the probability shaping encoding section 101. The bits obtained by this first processing are referred to as "error correction information bits" in this specification.
Second, error correction encoding section 102 performs error correction encoding on the error correction information bits. The bits obtained by this second processing are referred to as "error correction redundant bits" in this specification.
The error correction code employed by the error correction encoding unit 102 may be, for example, a BCH code, a low density parity check code, a turbo code, or the like.
The error correction information bits and error correction redundant bits generated in error correction encoding section 102 are sent to temporary symbol generation section 103.
《物理暗号化装置100を構成する仮シンボル生成部103》
 物理暗号化装置100を構成する仮シンボル生成部103は、誤り訂正符号化部102から送られる誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、N個の仮シンボルを生成する構成要素である。以降、本明細書においては、Nは、仮シンボル生成部103が生成する仮シンボルの個数を表すものとする。
 名称「仮シンボル」の接頭語における「仮」の用語は、ビット列に対して確率整形のみを実施したものであり、暫時のもの、最終形ではないこと、を意味するものである。なお本開示技術に係る物理暗号化装置100により得られる最終形のものは、本明細書において、「暗号化シンボル」と称されるものとする。暗号化シンボルの詳細は、後述の説明により明らかとなる。
 仮シンボルは、それぞれ1次元シンボルである。本開示技術が想定する仮シンボルは、例えば、1次元のパルス振幅変調(PAM:Pulse Amplitude Modulation)に係るシンボルであってもよい。また本開示技術が想定する仮シンボルは、例えば、2次元の直交振幅変調(Quadrature Amplitude Modulation)に係る多次元のシンボルを、1次元に射影したもの、であってもよい。
 本開示技術は、最上流の確率整形符号化部101において確率整形を実施し、暗号化行列という概念を導入することにより、仮シンボル生成部103における仮シンボルの確率分布を離散化されたガウス分布に近似できる、という優れた効果を奏する。言い換えれば本開示技術は、暗号化よりも先に確率整形を実施し、暗号化行列という概念を導入して暗号化を実施することにより、信号点の発生確率に影響を与えずに確率整形による高性能化と暗号化による高秘匿化を両立することができる。
 仮シンボル生成部103において生成されたN個の仮シンボルは、暗号化シンボル生成部104へと送られる。 <<Temporary symbol generation unit 103 configuring the physical encryption device 100>>
The temporary symbol generation unit 103 configuring the physical encryption device 100 is a component that generates N temporary symbols from a bit string consisting of error correction information bits and error correction redundant bits sent from the error correction encoding unit 102. . Hereinafter, in this specification, N represents the number of temporary symbols generated by the temporary symbol generation unit 103.
The term "temporary" in the prefix of the name "temporary symbol" means that only probability shaping has been performed on the bit string, and that it is temporary and not the final form. Note that the final form obtained by the physical encryption device 100 according to the disclosed technique is referred to as an "encrypted symbol" in this specification. Details of the encryption symbol will become clear from the explanation below.
Each temporary symbol is a one-dimensional symbol. The temporary symbol assumed by the technology of the present disclosure may be, for example, a symbol related to one-dimensional pulse amplitude modulation (PAM). Further, the temporary symbol assumed by the presently disclosed technique may be, for example, a one-dimensional projection of a multidimensional symbol related to two-dimensional quadrature amplitude modulation (Quadrature Amplitude Modulation).
The disclosed technology performs probability shaping in the most upstream probability shaping encoding unit 101 and introduces the concept of an encryption matrix, thereby changing the probability distribution of temporary symbols in the temporary symbol generation unit 103 to a discretized Gaussian distribution. This has the excellent effect of being able to approximate . In other words, the disclosed technology performs probability shaping before encryption, introduces the concept of an encryption matrix, and performs encryption without affecting the probability of occurrence of signal points. It is possible to achieve both high performance and high secrecy through encryption.
The N temporary symbols generated by the temporary symbol generation section 103 are sent to the encrypted symbol generation section 104.
《物理暗号化装置100を構成する暗号化ビット列生成部111》
 物理暗号化装置100を構成する暗号化ビット列生成部111は、外部から入力される暗号化用の共有鍵に基づいて、暗号化ビット列を生成する構成要素である。なお、一般には、共通鍵暗号のアルゴリズムとして、AES(Advanced Encryption Standard)などが知られている。
 暗号化ビット列生成部111で生成された暗号化ビット列は、暗号化行列生成部112へと送られる。 <<Encrypted bit string generation unit 111 configuring the physical encryption device 100>>
The encrypted bit string generation unit 111 configuring the physical encryption device 100 is a component that generates an encrypted bit string based on a shared encryption key input from the outside. Note that AES (Advanced Encryption Standard) and the like are generally known as common key encryption algorithms.
The encrypted bit string generated by the encrypted bit string generator 111 is sent to the encrypted matrix generator 112.
《物理暗号化装置100を構成する暗号化行列生成部112》
 物理暗号化装置100を構成する暗号化行列生成部112は、暗号化ビット列生成部111から送られた暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する構成要素である。
 暗号化行列生成部112は、複数の暗号化行列の候補(以降、「暗号化行列候補」と称する)を保有する構成を備えていてよい。暗号化行列候補は、いずれもサイズがN×Nの行列であり、いずれも逆行列が存在するものである。暗号化行列候補は、正規直交行列であることが望ましい。
 暗号化行列生成部112による暗号化行列の決め方は、暗号化行列候補から1つを選択して決める、というものでよい。
 暗号化行列生成部112において決められた暗号化行列は、暗号化シンボル生成部104へと送られる。 <<Encryption matrix generation unit 112 configuring the physical encryption device 100>>
The encryption matrix generation unit 112 configuring the physical encryption device 100 is a component that determines an encryption matrix based on at least a portion of the encrypted bit string sent from the encrypted bit string generation unit 111.
The encryption matrix generation unit 112 may be configured to hold a plurality of encryption matrix candidates (hereinafter referred to as "encryption matrix candidates"). All of the encryption matrix candidates are matrices with a size of N×N, and each has an inverse matrix. It is desirable that the encryption matrix candidate is an orthonormal matrix.
The method of determining an encryption matrix by the encryption matrix generation unit 112 may be to select and determine one encryption matrix from candidate encryption matrices.
The encryption matrix determined by encryption matrix generation section 112 is sent to encryption symbol generation section 104.
 L個(Lは1以上の整数)の暗号化行列は、1つの「物理暗号ブロック」を構成する。物理暗号ブロックを構成する暗号化行列のそれぞれは、少なくとも2つの暗号化行列候補から選択されたものである。
 暗号化行列候補は、例えば、行列要素を巡回シフトする操作により実現されてよい。
 物理暗号ブロックは、少なくとも2のL乗通りの組合せに係る暗号化行列から構成される。 L encryption matrices (L is an integer of 1 or more) constitute one "physical encryption block." Each of the encryption matrices constituting the physical cipher block is selected from at least two encryption matrix candidates.
The encryption matrix candidate may be realized, for example, by cyclically shifting matrix elements.
The physical encryption block is composed of encryption matrices related to at least 2 to the L power of combinations.
《物理暗号化装置100を構成する暗号化シンボル生成部104》
 物理暗号化装置100を構成する暗号化シンボル生成部104は、暗号化行列生成部112から送られる暗号化行列を用いて、暗号化シンボルを生成する構成要素である。暗号化シンボル生成部104は、具体的には、仮シンボル生成部103から送られる第1から第Nまでの仮シンボルに対して、暗号化行列を左から乗算することにより、第1から第Nまでの暗号化シンボルを生成する。
 暗号化シンボル生成部104において生成される第1から第Nまでの暗号化シンボルは、デジタル信号の態様でデジタルアナログ変換部121へと送られる。 <<Encrypted symbol generation unit 104 configuring physical encryption device 100>>
The encrypted symbol generation unit 104 configuring the physical encryption device 100 is a component that generates an encrypted symbol using the encryption matrix sent from the encryption matrix generation unit 112. Specifically, the encrypted symbol generation unit 104 multiplies the first to Nth temporary symbols sent from the temporary symbol generation unit 103 by an encryption matrix from the left, thereby generating the first to Nth temporary symbols. Generate cryptographic symbols up to.
The first to Nth encrypted symbols generated in the encrypted symbol generator 104 are sent to the digital-to-analog converter 121 in the form of digital signals.
《具体的な数値例について》
 図3は、3bitから1つの8値PAMシンボルを生成する例を示す説明図である。光伝送システムにおいて、信号が何もない状態、すなわち0が続く状態は、発生確率が高いと考えられる。したがって、0が連続する「0、0、0」は、原点(ゼロ)に近い出力シンボルの「1」が割り当てられる。 《About specific numerical examples》
FIG. 3 is an explanatory diagram showing an example of generating one 8-value PAM symbol from 3 bits. In an optical transmission system, a state in which there is no signal, that is, a state in which 0 continues, is considered to have a high probability of occurring. Therefore, "0, 0, 0", which is a series of 0's, is assigned an output symbol "1" close to the origin (zero).
 図4は、実施の形態1に係る物理暗号化装置100の動作を具体的な数値例で示す説明図である。図4は、具体的には、N=2、L=2、であり、仮シンボルが±1、±3、±5、±7のいずれか1つをとる8値PAMシンボルである場合の数値例を示すものである。 FIG. 4 is an explanatory diagram showing the operation of the physical encryption device 100 according to the first embodiment using a specific numerical example. Specifically, FIG. 4 shows the numerical values when N=2, L=2, and the temporary symbol is an 8-value PAM symbol that takes one of ±1, ±3, ±5, and ±7. This is an example.
 図4において、「ビット列」と記載された表は、外部から確率整形符号化部101へ入力される複数のビットを表したものである。図4に示されるビット列は、3ビットを1つの単位として扱う場合の例を示している。図4に示される表において、左側が先頭を表している。図4に示される表において、一番左の列(「0、1、1」を縦に並べたもの)は、外部から確率整形符号化部101へ入力される1番目の3ビットである。図3に示されるように、「0、1、1」からなる3ビットは、出力シンボルの「5」に該当する。図4に示される表において、左から2番目の列(「1、1、0」を縦に並べたもの)は、外部から確率整形符号化部101へ入力される2番目の3ビットである。図3に示されるように、「1、1、0」からなる3ビットは、出力シンボルの「-7」に該当する。 In FIG. 4, the table labeled "bit string" represents a plurality of bits input to the probability shaping encoding unit 101 from the outside. The bit string shown in FIG. 4 shows an example in which 3 bits are treated as one unit. In the table shown in FIG. 4, the left side represents the beginning. In the table shown in FIG. 4, the leftmost column (“0, 1, 1” arranged vertically) is the first three bits input to the probability shaping encoding unit 101 from the outside. As shown in FIG. 3, three bits consisting of "0, 1, 1" correspond to "5" of the output symbol. In the table shown in FIG. 4, the second column from the left (“1, 1, 0” arranged vertically) is the second 3 bits input to the probability shaping encoding unit 101 from the outside. . As shown in FIG. 3, three bits consisting of "1, 1, 0" correspond to "-7" of the output symbol.
 図4において、「第1の仮シンボル列 Xp1=5、3、-1、1、-3…」「第2の仮シンボル列 Xp2=-7、1、-1、-1、3…」と記載された箇所は、それぞれ、誤り訂正符号化部102を経て仮シンボル生成部103において生成されるN個の仮シンボルを表したものである。
 第1の仮シンボル列(Xp1)は、複素平面の実軸に該当すると考えてよい。同様に、第2の仮シンボル列(Xp2)は、複素平面の虚軸に該当すると考えてよい。前述のとおり、確率整形は、出現頻度すなわち発生確率の高い信号の位置を複素平面における原点に近い位置へと写像する。0が6回連続する「0、0、0」「0、0、0」は、複素平面における(1、1)へと写像されるが、このように原点に近い位置が選ばれるように設計される。
 ビット列の先頭の3ビット(「0、1、1」)は、図3に示される変換テーブルに基づいて出力シンボル「5」に変換され、第1の仮シンボル列(Xp1)の先頭に割り振られる。ビット列の2番目の3ビット(「1、1、0」)は、図3に示される変換テーブルに基づいて出力シンボル「-7」に変換され、第2の仮シンボル列(Xp2)の先頭に割り振られる。以降は同様にして、出力シンボルは、順番に、第1の仮シンボル列(Xp1)と第2の仮シンボル列(Xp2)とに、交互に割り振られる。 In FIG. 4, "first temporary symbol string X p1 =5, 3, -1, 1, -3..." and "second temporary symbol string X p2 = -7, 1, -1, -1, 3... ” each represents N temporary symbols generated by the temporary symbol generation unit 103 via the error correction encoding unit 102.
The first temporary symbol string (X p1 ) may be considered to correspond to the real axis of the complex plane. Similarly, the second temporary symbol sequence (X p2 ) may be considered to correspond to the imaginary axis of the complex plane. As described above, probability shaping maps the position of a signal with a high frequency of occurrence, that is, a high probability of occurrence, to a position close to the origin on the complex plane. ``0, 0, 0'' and ``0, 0, 0'', which are six consecutive 0s, are mapped to (1, 1) on the complex plane, but the design is such that a position close to the origin is selected. be done.
The first three bits (“0, 1, 1”) of the bit string are converted to the output symbol “5” based on the conversion table shown in FIG. 3, and are allocated to the beginning of the first temporary symbol string (X p1 ). It will be done. The second three bits (“1, 1, 0”) of the bit string are converted to the output symbol “-7” based on the conversion table shown in FIG . will be allocated to Thereafter, output symbols are sequentially and alternately allocated to the first provisional symbol string (X p1 ) and the second provisional symbol string (X p2 ) in the same manner.
 図4において、「共有鍵 11001…」と記載された箇所は、外部から暗号化ビット列生成部111へ入力される暗号化用の共有鍵である。
 図4において、「暗号化後ビット列 10001…」と記載された箇所は、暗号化ビット列生成部111で生成された暗号化ビット列を表したものである。暗号化後ビット列は、共有鍵の情報のみから生成されるビット列である。暗号化後ビット列は、例えば、前述のAESのアルゴリズムに基づいて生成されたものでもよい。 In FIG. 4, the portion described as "shared key 11001..." is a shared key for encryption that is input to the encrypted bit string generation unit 111 from the outside.
In FIG. 4, the portion described as "encrypted bit string 10001..." represents the encrypted bit string generated by the encrypted bit string generation unit 111. The encrypted bit string is a bit string generated only from shared key information. The encrypted bit string may be generated based on the above-mentioned AES algorithm, for example.
 図4において、「2×2行列候補 E=…、E=…」と記載された箇所は、暗号化行列生成部112が保有する暗号化行列候補(E、E)を表したものである。図4に例示されている暗号化行列(E、E)は、以下に示されるものである。

Figure JPOXMLDOC01-appb-I000001

 特記すべきことは、式(1)に示される暗号化行列(E、E)が、いずれも直交行列である、ということである。直交行列には色々な定義の仕方があるが、定義の1つは、直交行列を構成する列ベクトルが、正規直交基底をなす、というものである。ここで、正規直交は、すべてのベクトルの長さが1で、ベクトルの内積がクロネッカのデルタに等しい、すなわち異なる2本を抽出したときに(i≠jのときに)その内積が0となる、という性質を有する。
 式(1)に示される暗号化行列(E、E)において、2の平方根で全体を割っているが、これは、基底ベクトルとなる暗号化行列(E、E)の列ベクトルの大きさを、1にする正規化のためのものである。 In FIG. 4, the portion described as “2×2 matrix candidates E 0 =…, E 1 =…” represents the encryption matrix candidates (E 0 , E 1 ) held by the encryption matrix generation unit 112. It is something. The encryption matrix (E 0 , E 1 ) illustrated in FIG. 4 is shown below.

Figure JPOXMLDOC01-appb-I000001

What should be noted in particular is that the encryption matrices (E 0 , E 1 ) shown in equation (1) are all orthogonal matrices. There are various ways to define an orthogonal matrix, but one definition is that the column vectors that make up the orthogonal matrix form an orthonormal basis. Here, in orthonormality, the length of all vectors is 1, and the inner product of the vectors is equal to Kronecker's delta, that is, when two different lines are extracted (when i≠j), the inner product is 0. It has the following properties.
In the encryption matrix (E 0 , E 1 ) shown in equation (1), the whole is divided by the square root of 2, which is the column vector of the encryption matrix (E 0 , E 1 ) that becomes the base vector. This is for normalizing the size of 1 to 1.
 本開示技術に係る物理暗号化装置100の最たる技術的特徴は、「暗号化行列」という概念を導入して暗号化を実現したことである。より具体的には、本開示技術の最たる特徴は、暗号化行列候補を複数用意し(例えば、EとE)、これらを適宜、切り替えて用いる、という着想を実現したことである。さらに、本開示技術は、暗号化行列候補を、それぞれ異なる複数の直交行列で構成したところに技術的特徴がある。
 直交行列である暗号化行列は、写像元である仮シンボル列を複素平面にプロットしたときの分布特性を、写像先においても維持する、という線形写像の性質を有する。
 図4に示された具体的な数値例で言えば、暗号化行列のEは、以下のように解釈できる。

Figure JPOXMLDOC01-appb-I000002

ただし、式(2)に登場する太字のRは、2次元の回転行列を表す。すなわち暗号化行列のEは、原点を中心に45度回転させる回転行列に他ならない。したがって、暗号化行列のEは、写像元である仮シンボル列を複素平面にプロットしたときの分布特性を、写像先においても維持する。
 さらに、図4に示された暗号化行列のEは、以下のように解釈できる。

Figure JPOXMLDOC01-appb-I000003

ただし、式(3)に登場するY-axis mirrorと記載された行列は、Y軸を中心とした線対称を実施する写像を与える行列である、と解釈できる。すなわち暗号化行列のEは、まずY軸を中心とした線対称を実施し、原点を中心とした45度回転を実施する写像を与える行列に他ならない。したがって、暗号化行列のEも、写像元である仮シンボル列を複素平面にプロットしたときの分布特性を、写像先においても維持する。 The most important technical feature of the physical encryption device 100 according to the disclosed technology is that it implements encryption by introducing the concept of "encryption matrix." More specifically, the most important feature of the technology disclosed herein is that it has realized the idea of preparing a plurality of encryption matrix candidates (for example, E 0 and E 1 ) and switching between them as appropriate. Furthermore, the technology of the present disclosure has a technical feature in that the encryption matrix candidates are composed of a plurality of different orthogonal matrices.
The encryption matrix, which is an orthogonal matrix, has the property of linear mapping, in that the distribution characteristics when the temporary symbol string, which is the mapping source, is plotted on a complex plane are maintained at the mapping destination.
In the specific numerical example shown in FIG. 4, E1 of the encryption matrix can be interpreted as follows.

Figure JPOXMLDOC01-appb-I000002

However, the bold R that appears in equation (2) represents a two-dimensional rotation matrix. That is, the encryption matrix E1 is nothing but a rotation matrix that rotates 45 degrees around the origin. Therefore, E 1 of the encryption matrix maintains the distribution characteristics when the temporary symbol string, which is the mapping source, is plotted on the complex plane even in the mapping destination.
Furthermore, E 0 of the encryption matrix shown in FIG. 4 can be interpreted as follows.

Figure JPOXMLDOC01-appb-I000003

However, the matrix described as Y-axis mirror that appears in equation (3) can be interpreted as a matrix that provides a mapping that implements line symmetry about the Y axis. That is, the encryption matrix E 0 is nothing but a matrix that provides a mapping that first performs line symmetry around the Y axis and then performs a 45 degree rotation around the origin. Therefore, E 0 of the encryption matrix also maintains the distribution characteristics in the mapping destination when the temporary symbol string that is the mapping source is plotted on the complex plane.
 複数の異なる直交行列からなる暗号化行列候補は、このように、回転と線対称とを組み合わせて生成してもよい。なお、図4に示された数値例においては、45度回転とY軸中心の線対称とにより暗号化行列候補が作られているが、本開示技術はこれに限定されない。回転の角度は45度以外の角度であってもよいし、線対称の中心はY軸位階のものであってもよい。 An encryption matrix candidate consisting of a plurality of different orthogonal matrices may be generated by combining rotation and line symmetry in this way. Note that in the numerical example shown in FIG. 4, the encryption matrix candidate is created by 45-degree rotation and line symmetry about the Y-axis, but the disclosed technology is not limited to this. The angle of rotation may be other than 45 degrees, and the center of line symmetry may be at the Y-axis level.
 複数の異なる直交行列からなる暗号化行列候補は、「1」又は「-1」をランダムに発生させる方法によっても生成することができる。この手法は、特に暗号化行列のサイズ(N×N)におけるNが偶数のときに有効な方法である。
 以下は、暗号化行列(E)の生成手順を説明するN=2のときの簡単な数値例である。ランダムに「1」又は「-1」を発生させた結果、「1、1」が得られたとする。「1、1」を縦にならべて縦ベクトルにしたものは、1つ目の基底ベクトル(e)と考えて、暗号化行列の一番左の列ベクトルにする(式(1)のE、Eを参照)。N=2のときに、Eが直交行列となる条件は、以下の式で与えられる。

Figure JPOXMLDOC01-appb-I000004

 次の手順は、さらにランダムに「1」又は「-1」を発生させ、2つ目の基底ベクトル(e)の候補とする、というものである。Eが直交行列であるためには、1つ目の基底ベクトル(e)と2つ目の基底ベクトル(e)との内積が0にならなければならない。すなわち、式(4)の最下段に示した式が成立しなければならない。例えば、ランダムに「1」又は「-1」を発生させた結果、2つ目の基底ベクトル(e)が「1、-1」だったとする。このときにベクトルの内積が0になるため、暗号化行列(E)の生成に成功したと言える(式(1)のEを参照)。
 暗号化行列(E)を1つ生成することに成功すれば、そこからの手順は、例えば、1つ目の基底ベクトル(e)を固定して、新たな2つ目の基底ベクトル(e)を同様の手法で見つけてもよい。また、1つ暗号化行列(E)の生成に成功すれば、そこからの手順は、前述のY-axis mirror等の線対称又は回転を使い、複数の暗号化行列候補を生成してもよい。
 なお、直交行列は、行列式の値が1又は-1であるという性質を有するため、この性質を利用して暗号化行列候補をうまく生成できたか否かを確認するようにしてもよい。式(1)に示されるEは、行列式の値が-1である。式(1)に示されるEは、行列式の値が1である。 An encryption matrix candidate consisting of a plurality of different orthogonal matrices can also be generated by randomly generating "1" or "-1". This method is particularly effective when N in the size (N×N) of the encryption matrix is an even number.
The following is a simple numerical example when N=2 to explain the generation procedure of the encryption matrix (E). Assume that "1, 1" is obtained as a result of randomly generating "1" or "-1". The vertical vector of "1, 1" is considered to be the first basis vector (e 1 ) and is set as the leftmost column vector of the encryption matrix (E in equation (1) 0 , see E1 ). The condition for E to be an orthogonal matrix when N=2 is given by the following equation.

Figure JPOXMLDOC01-appb-I000004

The next step is to further randomly generate "1" or "-1" and use it as a candidate for the second basis vector (e 2 ). In order for E to be an orthogonal matrix, the inner product of the first basis vector (e 1 ) and the second basis vector (e 2 ) must be zero. That is, the equation shown at the bottom of equation (4) must hold true. For example, assume that as a result of randomly generating "1" or "-1", the second basis vector (e 2 ) is "1, -1". At this time, since the inner product of the vectors becomes 0, it can be said that the encryption matrix (E) has been successfully generated (see E 0 in equation (1)).
If one encryption matrix (E) is successfully generated, the procedure from there is, for example, fixing the first basis vector (e 1 ) and creating a new second basis vector (e 2 ) may be found using a similar method. Furthermore, if one encryption matrix (E) is successfully generated, the procedure from there may use line symmetry or rotation such as the Y-axis mirror described above to generate multiple encryption matrix candidates. .
Note that since orthogonal matrices have the property that the value of the determinant is 1 or -1, this property may be used to check whether the encryption matrix candidate has been successfully generated. E 0 shown in equation (1) has a determinant value of -1. E 1 shown in equation (1) has a determinant value of 1.
 以下は、「1」又は「-1」をランダムに発生させる方法によって得られた、N=4のときの暗号化行列候補に関する簡単な数値例である。

Figure JPOXMLDOC01-appb-I000005

ここで、要素が1又は-1のいずれかであり、かつ各列(及び各行)が直交するような正方行列は、アダマール行列と称されている。アダマール行列の生成法には、シルベスターの生成法が知られている。式(5)上段に示された行列のEは、シルベスターの生成法により得られるN=4のときのアダマール行列である。なお、式(5)に示される行列において、Eにおける下付き添え字の2、及びE3における下付き添え字の3は、式(1)に示される行列(E、E)と区別するために異なる数字が選択されている。 The following is a simple numerical example regarding an encryption matrix candidate when N=4, obtained by a method of randomly generating "1" or "-1".

Figure JPOXMLDOC01-appb-I000005

Here, a square matrix whose elements are either 1 or -1 and whose columns (and rows) are orthogonal is called a Hadamard matrix. Sylvester's generation method is known as a method for generating Hadamard matrices. E2 of the matrix shown in the upper part of equation (5) is the Hadamard matrix when N=4 obtained by Sylvester's generation method. In addition, in the matrix shown in equation (5), the subscript 2 in E 2 and the subscript 3 in E3 are distinguished from the matrix (E 0 , E 1 ) shown in equation (1). Different numbers are selected for the purpose.
 暗号化行列のサイズ(N×N)におけるNが奇数のとき、アダマール行列は作れない。1つ目の基底ベクトルを「1、1、1」としたとき(厳密には、正規化のためルート3で割ったもの、式(6)参照)、生成し得る直交行列は、例えば、以下に与えられるものである。

Figure JPOXMLDOC01-appb-I000006

 このように、暗号化行列のサイズ(N×N)におけるNが奇数のときは、回転及び対称を組み合わせて生成する手法が容易である。 When N in the encryption matrix size (N×N) is an odd number, a Hadamard matrix cannot be created. When the first basis vector is set to "1, 1, 1" (strictly speaking, it is divided by the root 3 for normalization, see equation (6)), the orthogonal matrix that can be generated is, for example, as follows. It is given to

Figure JPOXMLDOC01-appb-I000006

In this way, when N in the size (N×N) of the encryption matrix is an odd number, it is easy to generate the encryption matrix by combining rotation and symmetry.
 図4において、「2×2行列 E、E、E、E、E、…」と記載された箇所は、暗号化行列生成部112により順次、暗号化行列候補から1つを選択して決められた暗号化行列を表したものである。暗号化行列の並び方「E、E、E、E、E、…」(下付き添え数字に着目)は、「暗号化後ビット列 10001…」における暗号化ビットの並び方に対応する。 In FIG. 4, the portions described as “2×2 matrices E 1 , E 0 , E 0 , E 0 , E 1 , . . . ” indicate that the encryption matrix generation unit 112 sequentially generates one of the encryption matrix candidates. This represents the selected encryption matrix. The arrangement of the encryption matrix “E 1 , E 0 , E 0 , E 0 , E 1 ,…” (pay attention to the subscript numbers) corresponds to the arrangement of the encrypted bits in “Encrypted bit string 10001…” .
 図4に示されるとおり、暗号化及び復号の操作は、暗号化行列(Eb[i])を用いた以下の式により与えられる。

Figure JPOXMLDOC01-appb-I000007

ここで、数式(7)に登場するiは、シンボル列中の何番目のシンボルかを特定する変数である。また暗号化行列を表す文字にEに付された下付き添え字であるb[i]は、暗号化後ビット列におけるi番目のビットの値を示したものである。したがって、図4に示される例においては、具体的な値は、b[1]=1、b[2]=0、b[3]=0、b[4]=0、b[5]=1、である。 As shown in FIG. 4, the encryption and decryption operations are given by the following equation using the encryption matrix (E b[i] ).

Figure JPOXMLDOC01-appb-I000007

Here, i appearing in formula (7) is a variable that specifies the number of the symbol in the symbol string. Furthermore, b[i], which is a subscript added to the letter E representing the encryption matrix, indicates the value of the i-th bit in the bit string after encryption. Therefore, in the example shown in FIG. 4, the specific values are b[1]=1, b[2]=0, b[3]=0, b[4]=0, b[5]= 1.
 図4において、「第1の暗号化シンボル列 …」「第2の暗号化シンボル列 …」と記載された箇所は、暗号化シンボル生成部104において生成された第1から第Nまでの暗号化シンボルを表したものである。
 例えば、i=1に係る暗号化シンボルは、以下の式に示される計算を経て算出される。

Figure JPOXMLDOC01-appb-I000008
 In FIG. 4, the parts described as "first encrypted symbol string..." and "second encrypted symbol string..." refer to the first to Nth encrypted symbols generated in the encrypted symbol generation unit 104. It represents a symbol.
For example, the encrypted symbol for i=1 is calculated through the calculation shown in the following equation.

Figure JPOXMLDOC01-appb-I000008
《物理暗号化装置100を構成するデジタルアナログ変換部121》
 物理暗号化装置100を構成するデジタルアナログ変換部121は、デジタル信号として仮シンボル生成部103から送られる暗号化シンボルを、電気アナログ信号に変換する構成要素である。デジタルアナログ変換部121は、仮シンボル生成部103から送られる暗号化シンボルの物理レーンのそれぞれに対し、デジタルアナログ変換を実施する。例えば、光伝送システムが、直交偏波多重を行い直交振幅変調を生成するものである場合には、X偏波同相軸、X偏波直交位相軸、Y偏波同相軸、Y偏波直交位相軸、の4つの物理レーンが用意される。なお、本明細書において、同相軸は、I軸と称するものとしする。また直交位相軸は、Q軸と称するものとする。I軸におけるIの文字は、In-phaseの頭文字に由来する。Q軸におけるQの文字は、Quadratureの頭文字に由来する。 <<Digital-to-analog converter 121 that constitutes the physical encryption device 100>>
The digital-to-analog conversion unit 121 configuring the physical encryption device 100 is a component that converts the encrypted symbol sent from the temporary symbol generation unit 103 as a digital signal into an electrical analog signal. The digital-to-analog conversion unit 121 performs digital-to-analog conversion for each physical lane of the encrypted symbol sent from the temporary symbol generation unit 103. For example, if the optical transmission system performs orthogonal polarization multiplexing to generate orthogonal amplitude modulation, then Four physical lanes are prepared: axis. Note that in this specification, the in-phase axis is referred to as the I-axis. Further, the orthogonal phase axis shall be referred to as the Q axis. The letter I on the I axis comes from the initial letter In-phase. The letter Q on the Q-axis comes from the initial letter Quadrature.
《物理暗号化装置100を構成する光変調部122》
 物理暗号化装置100を構成する光変調部122は、デジタルアナログ変換部121から送られる電気アナログ信号に基づいて、搬送波である光の変調を行う構成要素である。デジタルアナログ変換部121から送られる電気アナログ信号が、X偏波-I軸、X偏波-Q軸、Y偏波-I軸、Y偏波-Q軸、の4系統であれば、光変調部122は、4つの変調を行い、変調がなされた1つの光信号を生成する。
 光変調部122で生成された光信号は、光増幅部123へと送られる。 <<Light modulation section 122 configuring physical encryption device 100>>
The optical modulator 122 configuring the physical encryption device 100 is a component that modulates light, which is a carrier wave, based on the electrical analog signal sent from the digital-to-analog converter 121. If the electrical analog signal sent from the digital-to-analog converter 121 is of four systems: The section 122 performs four modulations and generates one modulated optical signal.
The optical signal generated by the optical modulation section 122 is sent to the optical amplification section 123.
《物理暗号化装置100を構成する光増幅部123》
 物理暗号化装置100を構成する光増幅部123は、光変調部122から送られる光信号を増幅する構成要素である。
 光増幅部123で増幅された光信号は、光ファイバ等からなる光伝送系(不図示)へ送られる。 <<Optical amplification unit 123 configuring the physical encryption device 100>>
The optical amplifying section 123 configuring the physical encryption device 100 is a component that amplifies the optical signal sent from the optical modulating section 122.
The optical signal amplified by the optical amplification section 123 is sent to an optical transmission system (not shown) consisting of an optical fiber or the like.
 物理暗号化装置100のサブコンビネーションとなる装置が、図2に示される物理復号装置200である。図1及び図2に示されるとおり、物理暗号化装置100の構成要素と物理復号装置200の構成要素とは、それぞれが対応関係にある。 A device that is a subcombination of the physical encryption device 100 is the physical decryption device 200 shown in FIG. As shown in FIGS. 1 and 2, the components of the physical encryption device 100 and the components of the physical decryption device 200 have a corresponding relationship.
《物理復号装置200を構成する光検出部222》
 物理復号装置200を構成する光検出部222は、光ファイバ等からなる光伝送系からの光信号を検出する構成要素である。光検出部222において光信号は、X偏波-I軸、X偏波-Q軸、Y偏波-I軸、Y偏波-Q軸、の4系統の電気アナログ信号へと変換される。4系統の電気アナログ信号は、アナログデジタル変換部221へと送られる。 <<Photodetector 222 configuring physical decoding device 200>>
The optical detection unit 222 that constitutes the physical decoding device 200 is a component that detects an optical signal from an optical transmission system made of an optical fiber or the like. In the photodetector 222, the optical signal is converted into electrical analog signals of four systems: X polarization-I-axis, X-polarization-Q-axis, Y-polarization-I-axis, and Y-polarization-Q-axis. The four electrical analog signals are sent to an analog-to-digital converter 221.
《物理復号装置200を構成するアナログデジタル変換部221》
 物理復号装置200を構成するアナログデジタル変換部221は、光検出部222から送られる電気アナログ信号を、デジタル信号に変換する構成要素である。
 アナログデジタル変換部221において変換されたデジタル信号は、暗号化シンボルとして、暗号化シンボル終端部204へと送られる。 <<Analog-to-digital converter 221 configuring physical decoding device 200>>
The analog-to-digital converter 221 configuring the physical decoding device 200 is a component that converts an electrical analog signal sent from the photodetector 222 into a digital signal.
The digital signal converted by the analog-to-digital converter 221 is sent as an encrypted symbol to the encrypted symbol termination section 204.
《物理復号装置200を構成する暗号化ビット列生成部211》
 物理復号装置200を構成する暗号化ビット列生成部211は、物理暗号化装置100が有するものと同じ共有鍵に基づいて、同じ暗号化ビット列を生成する構成要素である。暗号化ビット列生成部211が用いる共通鍵暗号のアルゴリズムは、物理暗号化装置100の暗号化ビット列生成部111が用いるものと同じである。
 暗号化ビット列生成部211で生成された暗号化ビット列は、暗号化行列生成部212へと送られる。 <<Encrypted bit string generation unit 211 configuring the physical decryption device 200>>
The encrypted bit string generation unit 211 configuring the physical decryption device 200 is a component that generates the same encrypted bit string based on the same shared key that the physical encryption device 100 has. The common key encryption algorithm used by the encrypted bit string generator 211 is the same as that used by the encrypted bit string generator 111 of the physical encryption device 100.
The encrypted bit string generated by the encrypted bit string generator 211 is sent to the encrypted matrix generator 212.
《物理復号装置200を構成する暗号化行列生成部212》
 物理復号装置200を構成する暗号化行列生成部212は、暗号化ビット列生成部211から送られた暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する構成要素である。
 暗号化行列生成部212による暗号化行列の決め方は、物理暗号化装置100における暗号化行列生成部112による暗号化行列の決め方と同じである。
 暗号化行列生成部212において決められた暗号化行列は、暗号化シンボル終端部204へと送られる。 <<Encryption matrix generation unit 212 configuring the physical decryption device 200>>
The encryption matrix generation unit 212 configuring the physical decryption device 200 is a component that determines an encryption matrix based on at least a part of the encrypted bit string sent from the encrypted bit string generation unit 211.
The way the encryption matrix generation unit 212 determines the encryption matrix is the same as the way the encryption matrix generation unit 112 in the physical encryption device 100 determines the encryption matrix.
The encryption matrix determined by the encryption matrix generation section 212 is sent to the encryption symbol termination section 204.
《物理復号装置200を構成する暗号化シンボル終端部204》
 物理復号装置200を構成する暗号化シンボル終端部204は、暗号化行列生成部212から送られる暗号化行列を用いて、暗号化シンボルを仮シンボルへと復号する構成要素である。暗号化シンボル終端部204は、具体的には、アナログデジタル変換部221から送られる第1から第Nまでの暗号化シンボルに対して、暗号化行列の逆行列を左から乗算することにより、第1から第Nまでの仮シンボルへの復号を実施する。
 暗号化シンボル終端部204で復号された第1から第Nまでの仮シンボルは、仮シンボル終端部203へと送られる。 <<Encrypted symbol termination section 204 configuring physical decoding device 200>>
The encrypted symbol termination unit 204 configuring the physical decoding device 200 is a component that decodes encrypted symbols into temporary symbols using the encryption matrix sent from the encryption matrix generation unit 212. Specifically, the encrypted symbol termination unit 204 multiplies the first to Nth encrypted symbols sent from the analog-to-digital converter 221 by the inverse matrix of the encryption matrix from the left. Decoding into the 1st to Nth temporary symbols is performed.
The first to Nth temporary symbols decoded by the encrypted symbol termination section 204 are sent to the temporary symbol termination section 203.
《物理復号装置200を構成する仮シンボル終端部203》
 物理復号装置200を構成する仮シンボル終端部203は、暗号化シンボル終端部204から送られる第1から第Nまでの仮シンボルから、ビット列への復号を実施する構成要素である。
 図5は、実施の形態1に係る物理復号装置200を構成する仮シンボル終端部203の処理内容を具体的な数値例で示す説明図である。図5において、左向き矢印の左側に示される表は、仮シンボル終端部203において復号されるビット列の数値例である。図5に示されるように、仮シンボル終端部203において復号されるビット列は、図3に示される変換テーブルに基づいて復号される「硬判定ビット」(太字で表示されたビット)のほか、例えば、「信頼度情報(2bitの例)」(非太字で表示された2ビット)を含んでもよい。 <<Temporary symbol termination section 203 configuring physical decoding device 200>>
The temporary symbol termination section 203 configuring the physical decoding device 200 is a component that decodes the first to Nth temporary symbols sent from the encrypted symbol termination section 204 into a bit string.
FIG. 5 is an explanatory diagram showing the processing contents of temporary symbol termination section 203 configuring physical decoding device 200 according to the first embodiment using a specific numerical example. In FIG. 5, the table shown on the left side of the leftward arrow is a numerical example of the bit string decoded in the temporary symbol termination section 203. As shown in FIG. 5, the bit string decoded in the temporary symbol termination unit 203 includes "hard decision bits" (bits displayed in bold) that are decoded based on the conversion table shown in FIG. , "reliability information (example of 2 bits)" (2 bits displayed in non-bold).
《物理復号装置200を構成する誤り訂正復号部202》
 物理復号装置200を構成する誤り訂正復号部202は、仮シンボル終端部203から送られたビット列に対し、誤り訂正復号を行う構成要素である。誤り訂正復号部202が行う誤り訂正復号は、物理暗号化装置100の誤り訂正符号化部102において行われる誤り訂正符号化に対応したものであり、逆の作用を及ぼすものである。
 誤り訂正復号部202において誤り訂正復号が行われたビット列は、確率整形復号部201へと送られる。 <<Error correction decoding unit 202 that constitutes the physical decoding device 200>>
The error correction decoding section 202 configuring the physical decoding device 200 is a component that performs error correction decoding on the bit string sent from the temporary symbol termination section 203. The error correction decoding performed by the error correction decoding section 202 corresponds to the error correction encoding performed in the error correction encoding section 102 of the physical encryption device 100, and has the opposite effect.
The bit string subjected to error correction decoding in the error correction decoding section 202 is sent to the probability shaping decoding section 201.
《物理復号装置200を構成する確率整形復号部201》
 物理復号装置200を構成する確率整形復号部201は、誤り訂正復号部202から送られたビット列に対し、確率整形の逆作用を実施する構成要素である。
 以上の物理復号装置200を構成する各構成要素の作用により、物理復号の処理が実現される。 <<Probability shaping decoding unit 201 configuring the physical decoding device 200>>
The probability shaping decoding unit 201 configuring the physical decoding device 200 is a component that performs a reverse probability shaping operation on the bit string sent from the error correction decoding unit 202.
Physical decoding processing is realized by the actions of the respective components constituting the physical decoding device 200 described above.
 図6は、本開示技術の応用例である光伝送システムの機能構成を示す部ブロック図である。本開示技術に係る物理暗号化装置100は、図6に示される光伝送システムにおける左側、具体的には、「符号化」-「予補償」-「デジタルアナログ変換」-「光変調」-「光多重」-「光増幅」と記載された機能ブロックの部分に応用できる。また、本開示技術に係る物理復号装置200は、図6に示される光伝送システムにおける右側、具体的には、「光検波」-「アナログデジタル変換」-「後補償」-「復号」と記載された機能ブロックの部分に応用できる。 FIG. 6 is a block diagram showing the functional configuration of an optical transmission system that is an application example of the disclosed technology. The physical encryption device 100 according to the disclosed technology is installed on the left side of the optical transmission system shown in FIG. It can be applied to the functional blocks described as "optical multiplexing" and "optical amplification." Further, the physical decoding device 200 according to the disclosed technology is located on the right side of the optical transmission system shown in FIG. It can be applied to the part of the functional block that has been created.
 実施の形態1に係る物理暗号化装置100の優れた効果の1つは、このようにして、確率整形と物理暗号化とを両立して実現できることである。 One of the excellent effects of the physical encryption device 100 according to the first embodiment is that it is possible to achieve both probability shaping and physical encryption in this way.
実施の形態2.
 実施の形態2に係る物理暗号化装置100及び物理復号装置200は、本開示技術に係る物理暗号化装置100及び物理復号装置200を、ハードウエア構成という観点で示した態様のものである。
 実施の形態2においては、特に明記する場合を除き、実施の形態1で用いられたものと同じ符号が用いられる。また、実施の形態2においては、実施の形態1と重複する説明は、適宜、省略される。 Embodiment 2.
The physical encryption device 100 and the physical decryption device 200 according to the second embodiment are the physical encryption device 100 and the physical decryption device 200 according to the presently disclosed technology in terms of hardware configuration.
In the second embodiment, the same symbols used in the first embodiment are used unless otherwise specified. Further, in the second embodiment, explanations that overlap with those in the first embodiment will be omitted as appropriate.
 図7は、実施の形態2に係る物理暗号化装置100のハードウエア構成を示す構成図である。物理暗号化装置100の各機能は、処理回路により実現される。処理回路は、専用のハードウエアであっても、メモリに格納されるプログラムを実行するCPU(Central Processing Unit、中央処理装置、処理装置、演算装置、マイクロプロセッサ、マイクロコンピュータ、プロセッサ、DSPとも称される)であってもよい。 FIG. 7 is a configuration diagram showing the hardware configuration of the physical encryption device 100 according to the second embodiment. Each function of the physical encryption device 100 is realized by a processing circuit. Even if the processing circuit is dedicated hardware, it is also called a CPU (Central Processing Unit, central processing unit, processing unit, arithmetic unit, microprocessor, microcomputer, processor, DSP) that executes a program stored in memory. ).
 図7Aは、実施の形態2に係る物理暗号化装置100のハードウエア構成を示す構成図であり、処理回路が専用のハードウエアの場合を示したものである。図7Aに示されるように、この場合の物理暗号化装置100は、送信側入力インタフェース152と、送信側処理回路154と、送信側出力インタフェース158と、を含む。このように、暗号化を行う側の装置は、「送信側」の装置と称される。また、一般に暗号化装置は、送信器と称されることもある。
 専用ハードウエアである送信側処理回路154は、例えば、単一回路、複合回路、プログラム化したプロセッサ、並列プログラム化されたプロセッサ、ASIC、FPGA、又はこれらを組み合わせたものが該当する。物理暗号化装置100の各機能は、機能ごとに別々の送信側処理回路154により実現されてもよいし、まとめて1つの送信側処理回路154により実現されてもよい。 FIG. 7A is a configuration diagram showing the hardware configuration of physical encryption device 100 according to the second embodiment, and shows a case where the processing circuit is dedicated hardware. As shown in FIG. 7A, the physical encryption device 100 in this case includes a transmission side input interface 152, a transmission side processing circuit 154, and a transmission side output interface 158. In this way, the device that performs the encryption is referred to as the "sending" device. Additionally, an encryption device is generally sometimes referred to as a transmitter.
The dedicated hardware transmitter processing circuit 154 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC, an FPGA, or a combination thereof. Each function of the physical encryption device 100 may be realized by a separate transmission side processing circuit 154 for each function, or may be realized all by one transmission side processing circuit 154.
 図7Bは、実施の形態2に係る物理暗号化装置100のハードウエア構成を示す構成図であり、処理回路がCPUの場合を示したものである。この場合、物理暗号化装置100の各部の機能は、ソフトウエアにより実行される。図7Bに示されるように、この場合の物理暗号化装置100は、送信側入力インタフェース152と、送信側プロセッサ155と、送信側メモリ156と送信側出力インタフェース158と、を含む。
 CPUで実現された処理回路である送信側プロセッサ155は、送信側メモリ156に記憶されたプログラムを読み出して実行することにより、各部の機能を実現する。すなわち、物理暗号化装置100は、送信側プロセッサ155により実行されるときに、各部の機能に係る処理ステップが結果的に実行されることになるプログラムを格納するための送信側メモリ156を備える。また、これらのプログラムは、物理暗号化装置100の手順及び方法をコンピュータである送信側プロセッサ155に実行させるものであるとも言える。ここで送信側メモリ156は、例えば、RAM、ROM、フラッシュメモリ、EPROM、等の不揮発性又は揮発性の半導体メモリであってもよい。また送信側メモリ156は、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ミニディスク、DVD、等のディスクを備える態様のものであってもよい。さらに送信側メモリ156は、HHD、又はSSDの態様であってもよい。 FIG. 7B is a configuration diagram showing the hardware configuration of the physical encryption device 100 according to the second embodiment, and shows a case where the processing circuit is a CPU. In this case, the functions of each part of the physical encryption device 100 are executed by software. As shown in FIG. 7B, the physical encryption device 100 in this case includes a sending side input interface 152, a sending side processor 155, a sending side memory 156, and a sending side output interface 158.
The transmitting side processor 155, which is a processing circuit realized by a CPU, realizes the functions of each part by reading and executing a program stored in the transmitting side memory 156. That is, the physical encryption device 100 includes a transmitting side memory 156 for storing a program that, when executed by the transmitting side processor 155, results in the processing steps related to the functions of each unit being executed. It can also be said that these programs cause the sending processor 155, which is a computer, to execute the procedures and methods of the physical encryption device 100. Here, the transmitting side memory 156 may be a non-volatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, etc., for example. Further, the transmitting side memory 156 may include a disk such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. Further, the transmitting side memory 156 may be in the form of an HHD or an SSD.
 なお、物理暗号化装置100は、一部の機能を専用のハードウエアで実現し、残りの機能をソフトウエア又はファームウエアで実現する、というものでもよい。このように物理暗号化装置100に係る処理回路は、ハードウエア、ソフトウエア、ファームウエア、又はこれらの組合せによって、各部の機能を実現することができる。 Note that the physical encryption device 100 may have some functions realized by dedicated hardware and the remaining functions realized by software or firmware. In this manner, the functions of each part of the processing circuit related to the physical encryption device 100 can be realized by hardware, software, firmware, or a combination thereof.
 図8は、実施の形態2に係る物理復号装置200のハードウエア構成を示す構成図である。物理復号装置200の各機能は、物理暗号化装置100のものとは別の処理回路により実現される。物理暗号化装置100のときと同様に、物理復号装置200に係る処理回路は、専用のハードウエアであっても、メモリに格納されるプログラムを実行するCPUであってもよい。 FIG. 8 is a configuration diagram showing the hardware configuration of the physical decoding device 200 according to the second embodiment. Each function of the physical decryption device 200 is realized by a processing circuit different from that of the physical encryption device 100. As with the physical encryption device 100, the processing circuit related to the physical decryption device 200 may be dedicated hardware or a CPU that executes a program stored in memory.
 図8Aは、実施の形態2に係る物理復号装置200のハードウエア構成を示す構成図であり、処理回路が専用のハードウエアの場合を示したものである図8Aに示されるように、この場合の物理復号装置200は、受信側入力インタフェース252と、受信側処理回路254と、受信側出力インタフェース258と、を含む。このように、復号を行う側の装置は、「受信側」の装置と称される。また、一般に復号装置は、受信器と称されることもある。
 専用ハードウエアである受信側処理回路254は、例えば、単一回路、複合回路、プログラム化したプロセッサ、並列プログラム化されたプロセッサ、ASIC、FPGA、又はこれらを組み合わせたものが該当する。物理復号装置200の各機能は、機能ごとに別々の受信側処理回路254により実現されてもよいし、まとめて1つの受信側処理回路254により実現されてもよい。 FIG. 8A is a configuration diagram showing the hardware configuration of the physical decoding device 200 according to the second embodiment, and as shown in FIG. 8A in which the processing circuit is dedicated hardware, in this case, The physical decoding device 200 includes a receiving side input interface 252, a receiving side processing circuit 254, and a receiving side output interface 258. Thus, the device that performs the decoding is referred to as the "receiving" device. Additionally, the decoding device is generally also referred to as a receiver.
The dedicated hardware receiver processing circuit 254 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC, an FPGA, or a combination thereof. Each function of the physical decoding device 200 may be realized by a separate receiving side processing circuit 254 for each function, or may be realized all by one receiving side processing circuit 254.
 図8Bは、実施の形態2に係る物理復号装置200のハードウエア構成を示す構成図であり、処理回路がCPUの場合を示したものである。この場合、物理復号装置200の各部の機能は、ソフトウエアにより実行される。図7Bに示されるように、この場合の物理復号装置200は、受信側入力インタフェース252と、受信側プロセッサ255と、受信側メモリ256と受信側出力インタフェース258と、を含む。
 CPUで実現された処理回路である受信側プロセッサ255は、受信側メモリ256に記憶されたプログラムを読み出して実行することにより、各部の機能を実現する。すなわち、物理復号装置200は、受信側プロセッサ255により実行されるときに、各部の機能に係る処理ステップが結果的に実行されることになるプログラムを格納するための受信側メモリ256を備える。また、これらのプログラムは、物理復号装置200の手順及び方法をコンピュータである受信側プロセッサ255に実行させるものであるとも言える。ここで受信側メモリ256は、例えば、RAM、ROM、フラッシュメモリ、EPROM、等の不揮発性又は揮発性の半導体メモリであってもよい。また受信側メモリ256は、磁気ディスク、フレキシブルディスク、光ディスク、コンパクトディスク、ミニディスク、DVD、等のディスクを備える態様のものであってもよい。さらに受信側メモリ256は、HHD、又はSSDの態様であってもよい。 FIG. 8B is a configuration diagram showing the hardware configuration of physical decoding device 200 according to the second embodiment, and shows a case where the processing circuit is a CPU. In this case, the functions of each part of the physical decoding device 200 are executed by software. As shown in FIG. 7B, the physical decoding device 200 in this case includes a receiving side input interface 252, a receiving side processor 255, a receiving side memory 256, and a receiving side output interface 258.
The receiving processor 255, which is a processing circuit implemented by a CPU, implements the functions of each section by reading and executing a program stored in the receiving memory 256. That is, the physical decoding device 200 includes a receiving side memory 256 for storing a program that, when executed by the receiving side processor 255, results in the processing steps related to the functions of each unit being executed. It can also be said that these programs cause the receiving processor 255, which is a computer, to execute the procedures and methods of the physical decoding device 200. Here, the receiving side memory 256 may be a non-volatile or volatile semiconductor memory such as RAM, ROM, flash memory, EPROM, etc., for example. Further, the receiving side memory 256 may be of a mode including a disk such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, a DVD, or the like. Further, the receiving side memory 256 may be in the form of an HHD or an SSD.
 なお、物理復号装置200は、一部の機能を専用のハードウエアで実現し、残りの機能をソフトウエア又はファームウエアで実現する、というものでもよい。このように物理復号装置200に係る処理回路は、ハードウエア、ソフトウエア、ファームウエア、又はこれらの組合せによって、各部の機能を実現することができる。 Note that the physical decoding device 200 may have some functions realized by dedicated hardware and the remaining functions realized by software or firmware. In this way, the processing circuit related to the physical decoding device 200 can realize the functions of each part using hardware, software, firmware, or a combination thereof.
 以上のとおり実施の形態2に係る物理暗号化装置100及び物理復号装置200は、ハードウエア、ソフトウエア、ファームウエア、又はこれらの組合せによって、各部の機能を実現することができる。このように実現された実施の形態2に係る物理暗号化装置100及び物理復号装置200は、実施の形態1に記載されたものと同じ効果を奏する。 As described above, in the physical encryption device 100 and the physical decryption device 200 according to the second embodiment, the functions of each part can be realized by hardware, software, firmware, or a combination thereof. The physical encryption device 100 and the physical decryption device 200 according to the second embodiment realized in this way have the same effects as those described in the first embodiment.
実施の形態3.
 実施の形態3に係る物理暗号化装置100及び物理復号装置200は、本開示技術に係る物理暗号化装置100及び物理復号装置200の変形例である。
 実施の形態3においては、特に明記する場合を除き、既出の実施の形態で用いられたものと同じ符号が用いられる。また、実施の形態3においては、既出の実施の形態と重複する説明は、適宜、省略される。 Embodiment 3.
The physical encryption device 100 and the physical decryption device 200 according to the third embodiment are modified examples of the physical encryption device 100 and the physical decryption device 200 according to the disclosed technology.
In the third embodiment, the same reference numerals as those used in the previously described embodiments are used unless otherwise specified. Furthermore, in the third embodiment, descriptions that overlap with those of the previously described embodiments will be omitted as appropriate.
(実施の形態3において焦点を当てる課題)
 これまでも述べてきたように、信号を多値化することにより、暗号を強化できる。ところが、信号の多値化は、無条件に(容易に)実施できる、というものでもない。信号を多値化する場合、当然ながら、受信側は、その信号を正しく検出できなければならない。受信側が信号を正しく検出できなければ、通信が成立しない。
 光通信システムを構成するアナログ部品には、様々な制限又は意に反する性質が存在する。アナログ部品に起因する制限又は性質は、具体的には、帯域制限、遅延差、損失差、非線形性、搬送波周波数差、搬送波位相雑音、等である。また光伝送路おいても、波長分散、偏波モード分散、帯域制限、偏波依存性損失、偏波状態変動、等の性質がある。
 上記の性質は、一般に、波形等化による補償を行うことで克服される。しかし、信号の多値度が大きくなると、補償がうまく行えなくなる。実施の形態3においては、信号の多値度が大きくなるにつれて難しくなる補償をどのように実現すればよいか、ということが中心のテーマとなる。 (Issues to be focused on in Embodiment 3)
As mentioned above, the encryption can be strengthened by converting the signal into multiple values. However, multi-level signal conversion cannot be carried out unconditionally (easily). When a signal is multi-valued, it goes without saying that the receiving side must be able to correctly detect the signal. If the receiving side cannot detect the signal correctly, communication will not be established.
Analog components that make up optical communication systems have various limitations or undesirable properties. Limitations or properties due to analog components include, specifically, band limitations, delay differences, loss differences, nonlinearity, carrier frequency differences, carrier phase noise, and the like. Also, optical transmission lines have properties such as chromatic dispersion, polarization mode dispersion, band limitation, polarization dependent loss, and polarization state fluctuation.
The above-mentioned properties are generally overcome by compensation by waveform equalization. However, when the multilevel degree of the signal increases, compensation cannot be performed well. In the third embodiment, the central theme is how to realize compensation, which becomes more difficult as the multilevel degree of the signal increases.
(実施の形態3についての詳細)
 図9は、実施の形態3に係る物理暗号化装置100の機能構成を示すブロック図である。図9に示されるように、実施の形態3に係る物理暗号化装置100は、実施の形態1に係る物理暗号化装置100の構成要素(図1を参照)に加え、既知シンボル生成部105と、暗号化既知シンボル生成部106と、暗号化シンボル多重部107と、を備える。 (Details about Embodiment 3)
FIG. 9 is a block diagram showing the functional configuration of physical encryption device 100 according to the third embodiment. As shown in FIG. 9, physical encryption device 100 according to Embodiment 3 includes known symbol generation section 105 in addition to the components of physical encryption device 100 according to Embodiment 1 (see FIG. 1). , an encrypted known symbol generator 106, and an encrypted symbol multiplexer 107.
《物理暗号化装置100を構成する既知シンボル生成部105》
 既知シンボル生成部105は、その名称が示すとおり、既知シンボルを生成する構成要素である。
 既知シンボルは、実態としては、一般的に「パイロットシンボル」と称されるものと同じと考えてよい。一般的に知られているパイロットシンボルは、サイクルスリップの検出に用いられる(例えば、国際公開2010/138198号)。一方、本開示技術における既知シンボルは、前述のとおり、信号の多値度が大きくなるにつれて難しくなる補償を実現するために用いられる。すなわち、本開示技術は、既知シンボルを、パイロットシンボルの一般的な使い方とは異なった使い方をする。本明細書は、本開示技術における既知シンボルを「既知シンボル」と称して、一般的なパイロットシンボルと区別する。
 なお、前述のとおり既知シンボルは、実態としてはパイロットシンボルと同じものである。したがって、既知シンボルは、本開示技術に特有な使い方のほか、一般的なパイロットシンボルの用途としても利用できる。 <<Known symbol generation unit 105 configuring the physical encryption device 100>>
As its name suggests, the known symbol generation unit 105 is a component that generates known symbols.
The known symbol may actually be considered to be the same as what is generally called a "pilot symbol." Commonly known pilot symbols are used to detect cycle slips (eg, WO 2010/138198). On the other hand, the known symbols in the disclosed technology are used to realize compensation, which becomes more difficult as the multilevel degree of the signal increases, as described above. That is, the disclosed technology uses known symbols differently from the general use of pilot symbols. In this specification, the known symbols in the disclosed technology are referred to as "known symbols" to distinguish them from general pilot symbols.
Note that, as described above, the known symbols are actually the same as the pilot symbols. Therefore, the known symbols can be used not only for usage specific to the disclosed technology but also for general pilot symbol usage.
 既知シンボル生成部105において生成される既知シンボルは、前述の確率整形符号化部101に入力されるビット列に依存しない。既知シンボルは、受信側における波形等化に用いられる。既知シンボルがどのようにして波形等化に使われるかの詳細は、後述の説明により明らかとなる。
 既知シンボルは、N_P個の1次元シンボルである。既知シンボルは、例えば、擬似ランダムビット列に基づく1次元のPAMシンボルであってもよい。他にも既知シンボルは、2次元のQAMシンボル又は多次元のシンボルを1次元に射影して作成されてもよい。既知シンボルは、前述の確率整形符号化部101において生成されるシンボルと同等の確率分布を備えたシンボルであることが望ましい。このように同等の確率分布を備えたシンボルとすることによって、盗聴者から既知シンボル位置が特定されにくくなり、暗号化が強力になる。 The known symbols generated by the known symbol generation section 105 do not depend on the bit string input to the probability shaping encoding section 101 described above. The known symbols are used for waveform equalization on the receiving side. Details of how the known symbols are used for waveform equalization will become clear from the description below.
The known symbols are N_P one-dimensional symbols. The known symbol may be, for example, a one-dimensional PAM symbol based on a pseudo-random bit string. In addition, the known symbol may be created by projecting a two-dimensional QAM symbol or a multidimensional symbol onto one dimension. It is desirable that the known symbol is a symbol with a probability distribution equivalent to that of the symbol generated in the probability shaping encoding section 101 described above. By using symbols with the same probability distribution in this way, it becomes difficult for an eavesdropper to specify the position of a known symbol, and encryption becomes stronger.
《物理暗号化装置100を構成する暗号化既知シンボル生成部106》
 暗号化既知シンボル生成部106は、簡単に言えば、既知シンボル生成部105で生成された既知シンボルを暗号化する構成要素である。暗号化既知シンボル生成部106において暗号化された既知シンボルは、「暗号化既知シンボル」と称される。別の言い方をすれば、暗号化既知シンボル生成部106は、暗号化既知シンボルを生成する構成要素でもある。
 暗号化既知シンボル生成部106は、既知シンボルから暗号化既知シンボルを生成するために、暗号化行列生成部112で作られる暗号化行列(サイズがN_P×N_P)を用いる(図9を参照)。暗号化既知シンボル生成部106が既知シンボルから暗号化既知シンボルを生成する行列演算は、暗号化シンボル生成部104が仮シンボルから暗号化シンボルを生成する行列演算(数式(7)に示される行列積)と形式的に同じである。
 本開示技術に係る物理暗号化装置100は、暗号化既知シンボル生成部106を備えることにより、通信対象のシンボルと分けて、既知シンボルの暗号化を実施できる。もし、通信対象のシンボルと既知シンボルとを組み合わせた状態で暗号化がなされると、暗号化された状態のままで波形等化を行うことが困難になり、本開示技術が意図する物理暗号化方法と相性がよくない。 <<Encrypted known symbol generation unit 106 configuring the physical encryption device 100>>
Simply put, the encrypted known symbol generation unit 106 is a component that encrypts the known symbols generated by the known symbol generation unit 105. The known symbols encrypted by the encrypted known symbol generation unit 106 are referred to as "encrypted known symbols." In other words, the encrypted known symbol generation unit 106 is also a component that generates encrypted known symbols.
The encrypted known symbol generation unit 106 uses the encryption matrix (size is N_P × N_P ) created by the encryption matrix generation unit 112 in order to generate encrypted known symbols from known symbols (see FIG. 9). ). The matrix operation in which the encrypted known symbol generator 106 generates an encrypted known symbol from a known symbol is the matrix operation (matrix multiplication shown in formula (7)) in which the encrypted symbol generator 104 generates an encrypted symbol from a temporary symbol. ) is formally the same as
By including the encrypted known symbol generation unit 106, the physical encryption device 100 according to the disclosed technology can encrypt the known symbols separately from the symbols to be communicated. If the symbol to be communicated and the known symbol are encrypted in combination, it will be difficult to perform waveform equalization in the encrypted state, and this will prevent physical encryption as intended by the disclosed technology. Not compatible with the method.
《物理暗号化装置100を構成する暗号化シンボル多重部107》
 暗号化シンボル多重部107は、暗号化シンボル生成部104から送られる暗号化シンボルと、暗号化既知シンボル生成部106から送られる暗号化既知シンボルと、を多重する構成要素である。
 図10は、実施の形態3に係る物理暗号化装置100の暗号化シンボル多重部107の処理を示す説明図である。図10に示されるグラフにおいて、横軸は時間を表し、縦軸は空間を表す。
 図10に示されるグラフにおいて、空間は4つの物理レーンが定義されている。この4つの物理レーンは、例えば、2つの直交偏波(水平偏波および垂直偏波)と、2つの搬送波直交位相と、を組み合わせたものと考えてよい。
 図10に示されるグラフにおいて、時間領域は複数(10個)に分割されている。分割されたそれぞれの時間幅は、「時間スロット」と称されるものとする。図10は、既知のデータ情報を有する暗号化既知シンボルが、周期的に送信データに挿入されることを表している。 <<Encrypted symbol multiplexing unit 107 configuring physical encryption device 100>>
The encrypted symbol multiplexer 107 is a component that multiplexes the encrypted symbol sent from the encrypted symbol generator 104 and the encrypted known symbol sent from the encrypted known symbol generator 106.
FIG. 10 is an explanatory diagram showing the processing of encrypted symbol multiplexing section 107 of physical encryption device 100 according to the third embodiment. In the graph shown in FIG. 10, the horizontal axis represents time and the vertical axis represents space.
In the graph shown in FIG. 10, four physical lanes are defined in the space. These four physical lanes may be considered, for example, as a combination of two orthogonal polarizations (horizontal polarization and vertical polarization) and two carrier wave orthogonal phases.
In the graph shown in FIG. 10, the time domain is divided into multiple (10) regions. Each divided time width shall be referred to as a "time slot." FIG. 10 shows that encrypted known symbols with known data information are periodically inserted into the transmitted data.
 図10に示されるグラフにおいて、4つすべての物理レーンで同じ時間スロットに暗号化既知シンボルが挿入されているが、本開示技術はこれに限定されない。暗号化シンボル多重部107は、物理レーンのそれぞれに、異なった時間スロットを初期の挿入位置として(あたかも初期位相が異なるような態様で)、同じ周期で暗号化既知シンボルを挿入していってもよい。
 このように暗号化シンボルと暗号化既知シンボルとは、混ざらない態様で、それぞれ時間上及び空間上に配置される。なお、図10では、暗号化既知シンボルが出現する頻度が、暗号化シンボルが出現する頻度と比べて十分少なく作図しているが、受信器にて正しく信号検出できる確率を高めるために、暗号化既知シンボルが出現する頻度を更に高めることも想定される。図10に登場する三点リーダ(“…”)は、暗号化既知シンボルが出現する頻度が少ないことを表現している。 In the graph shown in FIG. 10, the encrypted known symbols are inserted in the same time slot in all four physical lanes, but the disclosed technology is not limited to this. Even if the encrypted symbol multiplexing unit 107 inserts encrypted known symbols into each physical lane at the same period using different time slots as initial insertion positions (as if the initial phases are different), good.
In this way, the encrypted symbol and the encrypted known symbol are arranged in time and space, respectively, in such a manner that they do not mix. Note that in Figure 10, the frequency at which encrypted known symbols appear is sufficiently low compared to the frequency at which encrypted symbols appear; however, in order to increase the probability that the receiver can correctly detect the signal, It is also envisioned that the frequency with which known symbols appear will be further increased. The three-dot leader (“...”) appearing in FIG. 10 represents that the encrypted known symbol appears less frequently.
 図11は、実施の形態3に係る物理復号装置200の機能構成を示すブロック図である。図11に示されるように、実施の形態3に係る物理復号装置200は、実施の形態1に係る物理復号装置200の構成要素(図2を参照)に加え、既知シンボル生成部205と、暗号化既知シンボル生成部206と、暗号化シンボル分割部207と、波形等化部230と、暗号化既知シンボル終端部231と、既知シンボル比較部232と、を備える。 FIG. 11 is a block diagram showing the functional configuration of physical decoding device 200 according to Embodiment 3. As shown in FIG. 11, physical decoding device 200 according to Embodiment 3 includes a known symbol generation unit 205 and a cryptographic symbol in addition to the components of physical decoding device 200 according to Embodiment 1 (see FIG. 2). The encrypted known symbol generation section 206, an encrypted symbol division section 207, a waveform equalization section 230, an encrypted known symbol termination section 231, and a known symbol comparison section 232 are provided.
《物理復号装置200を構成する既知シンボル生成部205》
 物理復号装置200を構成する既知シンボル生成部205は、物理暗号化装置100を構成する既知シンボル生成部105と同じ既知シンボルを生成する構成要素である。すなわち、本開示技術は、送信側と受信側とで、同じ既知シンボルを使用する。
 図11に示されるとおり、既知シンボル生成部205で生成された既知シンボルは、暗号化既知シンボル生成部206と、既知シンボル比較部232と、へ送られる。 <<Known symbol generation unit 205 configuring physical decoding device 200>>
The known symbol generation unit 205 configuring the physical decoding device 200 is a component that generates the same known symbol as the known symbol generation unit 105 configuring the physical encryption device 100. That is, the disclosed technology uses the same known symbols on the transmitting side and the receiving side.
As shown in FIG. 11, the known symbols generated by the known symbol generation section 205 are sent to the encrypted known symbol generation section 206 and the known symbol comparison section 232.
《物理復号装置200を構成する暗号化既知シンボル生成部206》
 物理復号装置200を構成する暗号化既知シンボル生成部206は、物理暗号化装置100を構成する暗号化既知シンボル生成部106と同じ暗号化既知シンボルを生成する構成要素である。すなわち、本開示技術は、送信側と受信側とで、同じ暗号化既知シンボルを使用する。
 図11に示されるとおり、暗号化既知シンボル生成部206で生成された暗号化既知シンボルは、波形等化部230へと送られる。 <<Encrypted known symbol generation unit 206 that constitutes the physical decoding device 200>>
The encrypted known symbol generation unit 206 configuring the physical decoding device 200 is a component that generates the same encrypted known symbols as the encrypted known symbol generation unit 106 configuring the physical encryption device 100. That is, the disclosed technology uses the same encryption known symbol on the transmitting side and the receiving side.
As shown in FIG. 11, the encrypted known symbols generated by the encrypted known symbol generator 206 are sent to the waveform equalizer 230.
《物理復号装置200を構成する波形等化部230》
 波形等化部230は、暗号化既知シンボルに基づいて、波形等化を行う構成要素である。波形等化部230が行う波形等化の対象は、アナログデジタル変換部221の出力であるデジタル信号(「受信デジタル波形信号」とも称される)である。波形等化された受信デジタル波形信号は、暗号化シンボル分割部207へと送られる。
 波形等化は、異なる経路を通ってきた複数の到来波の重ね合わせにより発生する波形歪みを補償し、送信した信号波形を復元する処理である。波形等化は、無線通信の技術分野において、広く用いられる技術である。
 なお、一般の等化器は、イコライザ(Equalizer)とも称される。イコライザは、受信側のみならず、送信側で用いられることもある。
 受信側において、暗号化既知シンボルは既知であり、その期待値もわかっている。したがって、受信側は、暗号化既知シンボルを基準として、波形等化が可能である。 <<Waveform equalization unit 230 configuring the physical decoding device 200>>
The waveform equalizer 230 is a component that performs waveform equalization based on encrypted known symbols. The target of waveform equalization performed by the waveform equalization unit 230 is the digital signal (also referred to as “received digital waveform signal”) that is the output of the analog-to-digital conversion unit 221. The waveform-equalized received digital waveform signal is sent to encrypted symbol dividing section 207 .
Waveform equalization is a process that restores the transmitted signal waveform by compensating for waveform distortion caused by the superposition of a plurality of arriving waves that have passed through different routes. Waveform equalization is a technology widely used in the technical field of wireless communications.
Note that a general equalizer is also called an equalizer. Equalizers are sometimes used not only on the receiving side but also on the transmitting side.
On the receiving side, the encrypted known symbols are known and their expected values are also known. Therefore, the receiving side can perform waveform equalization using the encrypted known symbol as a reference.
 波形等化部230が行う波形等化は、例えば、有限インパルス応答フィルタ、又は位相回転といった信号処理により実装される。具体的に言えば波形等化部230は、波形等化を実施する際に、暗号化既知シンボルが本来あるべき座標に、少なくとも計測した平均値が本来あるべき座標に位置するよう、有限インパルス応答フィルタのフィルタ係数を、又は位相回転量を、定める。 The waveform equalization performed by the waveform equalization unit 230 is implemented, for example, by signal processing such as a finite impulse response filter or phase rotation. Specifically, when performing waveform equalization, the waveform equalization unit 230 generates a finite impulse response so that the encrypted known symbols are located at the original coordinates and at least the measured average value is located at the original coordinates. Define the filter coefficient or phase rotation amount of the filter.
《物理復号装置200を構成する暗号化シンボル分割部207》
 物理復号装置200を構成する暗号化シンボル分割部207は、波形等化部230から送られる波形等化された受信デジタル波形信号(「受信多重化シンボル」とも称される)を、暗号化シンボルと暗号化既知シンボルとに分離する構成要素である。物理復号装置200を構成する暗号化シンボル分割部207は、物理暗号化装置100を構成する暗号化シンボル多重部107とは逆の操作を行う構成要素である、と言える。
 暗号化シンボル分割部207により分離されたシンボルのうち、暗号化シンボルは暗号化シンボル終端部204へと送られる。
 暗号化シンボル分割部207により分離されたシンボルのうち、暗号化既知シンボルは暗号化既知シンボル終端部231へと送られる。 <<Encrypted symbol division unit 207 configuring physical decoding device 200>>
The encrypted symbol dividing section 207 configuring the physical decoding device 200 converts the waveform-equalized received digital waveform signal (also referred to as "received multiplexed symbol") sent from the waveform equalizing section 230 into encrypted symbols. It is a component that is separated into encryption known symbols. It can be said that the encrypted symbol division section 207 that constitutes the physical decoding device 200 is a component that performs an operation opposite to that of the encrypted symbol multiplexing section 107 that constitutes the physical encryption device 100.
Among the symbols separated by the encrypted symbol dividing section 207, the encrypted symbols are sent to the encrypted symbol termination section 204.
Among the symbols separated by the encrypted symbol dividing section 207, the encrypted known symbols are sent to the encrypted known symbol termination section 231.
《物理復号装置200を構成する暗号化既知シンボル終端部231》
 物理復号装置200を構成する暗号化既知シンボル終端部231は、暗号化既知シンボルを既知シンボルに復号する構成要素である。暗号化既知シンボルを既知シンボルに復号することは、「既知シンボルを回復する」と表現されることもある。暗号化既知シンボル終端部231は、暗号化既知シンボルを既知シンボルに復号するに際し、暗号化行列生成部212で生成された暗号化行列(サイズがN_P×N_P)の逆行列を用いる。物理復号装置200を構成する暗号化既知シンボル終端部231は、物理暗号化装置100を構成する暗号化既知シンボル生成部106とは逆演算を行う構成要素である、と言える。
 暗号化既知シンボル終端部231の復号により得られる既知シンボルは、光検出部222へと送られる。 <<Encrypted known symbol termination unit 231 that constitutes the physical decoding device 200>>
The encrypted known symbol termination unit 231 that constitutes the physical decoding device 200 is a component that decodes encrypted known symbols into known symbols. Decoding an encrypted known symbol into a known symbol is sometimes expressed as "recovering a known symbol." The encrypted known symbol termination unit 231 uses the inverse matrix of the encryption matrix (size is N_P × N_P ) generated by the encryption matrix generation unit 212 when decoding the encrypted known symbol into a known symbol. It can be said that the encrypted known symbol termination section 231 that constitutes the physical decoding device 200 is a component that performs an inverse operation to the encrypted known symbol generation section 106 that constitutes the physical encryption device 100.
The known symbol obtained by decoding the encrypted known symbol termination section 231 is sent to the photodetector section 222.
《物理復号装置200を構成する既知シンボル比較部232》
 物理復号装置200を構成する既知シンボル比較部232は、送信側の既知シンボル生成部105が生成する既知シンボルと、受信側の暗号化既知シンボル終端部231により復号された(回復された)既知シンボルと、を比較する構成要素である。
 既知シンボル比較部232の比較結果は、光伝送システムの通信が正常か否かを判断する指標とすることができる。本開示技術を適用した光伝送システムは、既知シンボル比較部232の比較結果において、不一致率が例えば1[%]以下であれば通信が正常である、と判定してもよい。 <<Known symbol comparison unit 232 configuring the physical decoding device 200>>
The known symbol comparison unit 232 configuring the physical decoding device 200 compares the known symbols generated by the known symbol generation unit 105 on the transmission side and the known symbols decoded (recovered) by the encrypted known symbol termination unit 231 on the reception side. It is a component that compares and.
The comparison result of the known symbol comparison unit 232 can be used as an index for determining whether or not communication in the optical transmission system is normal. The optical transmission system to which the technology of the present disclosure is applied may determine that communication is normal if the mismatch rate is, for example, 1% or less in the comparison result of the known symbol comparison unit 232.
 図12は、実施の形態3に係る物理暗号化装置100及び物理復号装置200を組み合わせた送受信器を示す説明図である。図12に示されるように、本開示技術は、通信相手と対向するシステムを想定し、物理暗号化装置100及び物理復号装置200を組み合わせ、1地点における送受信器として実現されてもよい。
 図12に示される送受信器として実現される場合、共有鍵は、双方向で同じとなる。
 図12に示される送受信器の場合、送信側に存在し受信側では冗長となる既知シンボル生成部205と、暗号化既知シンボル生成部206と、を省くことができる。 FIG. 12 is an explanatory diagram showing a transceiver that combines the physical encryption device 100 and the physical decryption device 200 according to the third embodiment. As shown in FIG. 12, the technology of the present disclosure assumes a system facing a communication partner, and may be implemented as a transceiver at one location by combining a physical encryption device 100 and a physical decryption device 200.
When implemented as a transceiver shown in FIG. 12, the shared key is the same in both directions.
In the case of the transceiver shown in FIG. 12, the known symbol generating section 205 and the encrypted known symbol generating section 206, which are present on the transmitting side and are redundant on the receiving side, can be omitted.
 実施の形態3に係る物理暗号化装置100及び物理復号装置200の技術的特徴は、暗号化既知シンボルを波形等化に用いる、という点である。
 この技術的特徴を備えることにより、実施の形態3に係る物理暗号化装置100及び物理復号装置200は、信号の多値度が大きくなるにつれて難しくなる補償の問題を解決できる、という効果を奏する。より具体的に言えば、実施の形態3に係る物理暗号化装置100は、1次元当たり16値、32値、及び64値以上の高多値による暗号化を行っても、通信を成立させることができる。実施の形態3に係る物理暗号化装置100は、一般には暗号化されない既知シンボルについても暗号化を行うため、暗号の強度が保たれる。 A technical feature of physical encryption device 100 and physical decryption device 200 according to the third embodiment is that known encryption symbols are used for waveform equalization.
By having this technical feature, the physical encryption device 100 and the physical decryption device 200 according to the third embodiment have the effect of being able to solve the compensation problem that becomes more difficult as the multilevel degree of the signal increases. More specifically, the physical encryption device 100 according to the third embodiment is capable of establishing communication even when encryption is performed using high multi-values of 16 values, 32 values, and 64 values or more per dimension. Can be done. Since the physical encryption device 100 according to the third embodiment encrypts known symbols that are generally not encrypted, the strength of the encryption is maintained.
(付記)
 本願が主張する優先権の基礎となる出願において、出願当初(優先日)の特許請求の範囲の記載は、以下のとおりである。なお、出願当初の特許請求の範囲において、読点と改行との組合せは、セミコロン“;”に置き換えられている。
  [請求項1]
 外部から入力される複数のビットに対して、確率整形を実施する確率整形符号化部と; 前記確率整形符号化部から送られる誤り訂正情報ビットに対し、誤り訂正の符号化を行う誤り訂正符号化部と; 前記誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、仮シンボルを生成する仮シンボル生成部と; 共有鍵に基づいて、暗号化ビット列を生成する暗号化ビット列生成部と; 前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する暗号化行列生成部と; 前記暗号化行列を用いて、前記仮シンボルから暗号化シンボルを生成する暗号化シンボル生成部と; を含む; 物理暗号化装置。
  [請求項2]
 確率整形符号化部と、誤り訂正符号化部と、仮シンボル生成部と、暗号化ビット列生成部と、暗号化行列生成部と、暗号化シンボル生成部と、を含む物理暗号化装置の物理暗号化方法であって; 前記確率整形符号化部が、外部から入力される複数のビットに対して、確率整形を実施し; 前記誤り訂正符号化部が、前記確率整形符号化部から送られる誤り訂正情報ビットに対し、誤り訂正の符号化を行い; 前記仮シンボル生成部が、前記誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、仮シンボルを生成し; 前記暗号化ビット列生成部が、共有鍵に基づいて、暗号化ビット列を生成し; 前記暗号化行列生成部が、前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定し; 前記暗号化シンボル生成部が、前記暗号化行列を用いて、前記仮シンボルから暗号化シンボルを生成する; 物理暗号化方法。
  [請求項3]
 共有鍵に基づいて、暗号化ビット列を生成する暗号化ビット列生成部と; 前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する暗号化行列生成部と; 前記暗号化行列を用いて、暗号化シンボルを仮シンボルへと復号する暗号化シンボル終端部と; 前記仮シンボルから、ビット列への復号を実施する仮シンボル終端部と; 前記仮シンボル終端部から送られたビット列に対し、誤り訂正復号を行う誤り訂正復号部と; 前記誤り訂正復号部から送られたビット列に対し、確率整形の逆作用を実施する確率整形復号部と; を含む; 物理復号装置。
  [請求項4]
 暗号化ビット列生成部と、暗号化行列生成部と、暗号化シンボル終端部と、仮シンボル終端部と、誤り訂正復号部と、確率整形復号部と、を含む物理復号装置の物理復号方法であって; 前記暗号化ビット列生成部が、共有鍵に基づいて、暗号化ビット列を生成し; 前記暗号化行列生成部が、前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定し; 前記暗号化シンボル終端部が、前記暗号化行列を用いて、暗号化シンボルを仮シンボルへと復号し; 前記仮シンボル終端部が、前記仮シンボルから、ビット列への復号を実施し; 前記誤り訂正復号部が、前記仮シンボル終端部から送られたビット列に対し、誤り訂正復号を行い; 前記確率整形復号部が、前記誤り訂正復号部から送られたビット列に対し、確率整形の逆作用を実施する; 物理復号方法。 (Additional note)
In the application on which the priority claimed by this application is based, the scope of claims at the time of filing (priority date) is as follows. In addition, in the claims originally filed, the combination of a comma and a line break is replaced with a semicolon ";".
[Claim 1]
a probability shaping encoding unit that performs probability shaping on a plurality of bits input from the outside; an error correction code that performs error correction encoding on error correction information bits sent from the probability shaping encoding unit; a temporary symbol generating section that generates a temporary symbol from a bit string consisting of the error correction information bits and error correction redundant bits; an encrypted bit string generating section that generates an encrypted bit string based on the shared key; an encryption matrix generation unit that determines an encryption matrix based on at least a portion of the encrypted bit string; an encryption symbol generation unit that uses the encryption matrix to generate an encryption symbol from the provisional symbol; Including; physical encryption device.
[Claim 2]
A physical encryption device for a physical encryption device including a probability shaping coding unit, an error correction coding unit, a temporary symbol generation unit, an encrypted bit string generation unit, an encryption matrix generation unit, and an encrypted symbol generation unit. The probability shaping encoding unit performs probability shaping on a plurality of bits input from the outside; and the error correction encoding unit performs probability shaping on the error sent from the probability shaping encoding unit. Perform error correction encoding on the correction information bits; The temporary symbol generation section generates a temporary symbol from a bit string consisting of the error correction information bits and the error correction redundant bits; The encrypted bit string generation section: generating an encrypted bit string based on the shared key; the encryption matrix generating section determining an encryption matrix based on at least a portion of the encrypted bit string; the encrypting symbol generating section generating the encrypted bit string; A physical encryption method in which an encrypted symbol is generated from the temporary symbol using an encryption matrix.
[Claim 3]
an encrypted bit string generator that generates an encrypted bit string based on a shared key; an encrypted matrix generator that determines an encryption matrix based on at least a portion of the encrypted bit string; an encrypted symbol termination section that decodes the encrypted symbol into a temporary symbol; a temporary symbol termination section that decodes the temporary symbol into a bit string; and a bit string sent from the temporary symbol termination section; A physical decoding device, comprising: an error correction decoding unit that performs error correction decoding; and a probability shaping decoding unit that performs an inverse probability shaping operation on the bit string sent from the error correction decoding unit.
[Claim 4]
A physical decoding method for a physical decoding device including an encrypted bit string generation section, an encrypted matrix generation section, an encrypted symbol termination section, a temporary symbol termination section, an error correction decoding section, and a probability shaping decoding section. the encrypted bit string generation unit generates an encrypted bit string based on a shared key; the encryption matrix generation unit determines an encryption matrix based on at least a portion of the encrypted bit string; The encrypted symbol termination section decodes the encrypted symbol into a temporary symbol using the encryption matrix; The temporary symbol termination section decodes the temporary symbol into a bit string; The error correction The decoding unit performs error correction decoding on the bit string sent from the temporary symbol terminal part; the probability shaping decoding unit performs an inverse effect of probability shaping on the bit string sent from the error correction decoding unit. Physical decoding method.
 本開示技術は、例えば、光伝送システムの、特にメトロコアネットワーク(MET)側の暗号化に応用でき、産業上の利用可能性を有する。なお、「メトロ」と称される領域は、「アクセス」と称される基地局を収容する領域よりも、コア・ネットワークに違い側の領域を意味する。「メトロ」は、「アグリゲーション」と称されることもある。 The disclosed technology can be applied, for example, to encryption of optical transmission systems, particularly on the metro core network (MET) side, and has industrial applicability. Note that the area called "metro" means an area on the other side of the core network than the area called "access" that accommodates base stations. "Metro" is sometimes referred to as "aggregation."
 100 物理暗号化装置、101 確率整形符号化部、102 誤り訂正符号化部、103 仮シンボル生成部、104 暗号化シンボル生成部、105 既知シンボル生成部、106 暗号化既知シンボル生成部、107 暗号化シンボル多重部、111 暗号化ビット列生成部、112 暗号化行列生成部、121 デジタルアナログ変換部、122 光変調部、123 光増幅部、152 送信側入力インタフェース、154 送信側処理回路、155 送信側プロセッサ、156 送信側メモリ、158 送信側出力インタフェース、200 物理復号装置、201 確率整形復号部、202 誤り訂正復号部、203 仮シンボル終端部、204 暗号化シンボル終端部、205 既知シンボル生成部、206 暗号化既知シンボル生成部、207 暗号化シンボル分割部、211 暗号化ビット列生成部、212 暗号化行列生成部、221 アナログデジタル変換部、222 光検出部、230 波形等化部、231 暗号化既知シンボル終端部、232 既知シンボル比較部、252 受信側入力インタフェース、254 受信側処理回路、255 受信側プロセッサ、256 受信側メモリ、258 受信側出力インタフェース。 100 Physical encryption device, 101 Probability shaping coding unit, 102 Error correction coding unit, 103 Temporary symbol generation unit, 104 Encrypted symbol generation unit, 105 Known symbol generation unit, 106 Encrypted known symbol generation unit, 107 Encryption Symbol multiplexing unit, 111 Encrypted bit string generation unit, 112 Encryption matrix generation unit, 121 Digital-to-analog conversion unit, 122 Optical modulation unit, 123 Optical amplification unit, 152 Transmission side input interface, 154 Transmission side processing circuit, 155 Transmission side processor , 156 Transmission side memory, 158 Transmission side output interface, 200 Physical decoding device, 201 Probability shaping decoding unit, 202 Error correction decoding unit, 203 Temporary symbol termination unit, 204 Encrypted symbol termination unit, 205 Known symbol generation unit, 206 Cipher Encrypted known symbol generation unit, 207 Encrypted symbol division unit, 211 Encrypted bit string generation unit, 212 Encrypted matrix generation unit, 221 Analog-to-digital conversion unit, 222 Photodetection unit, 230 Waveform equalization unit, 231 Encrypted known symbol termination section, 232 known symbol comparison section, 252 receiving side input interface, 254 receiving side processing circuit, 255 receiving side processor, 256 receiving side memory, 258 receiving side output interface.

Claims (4)

  1.  外部から入力される複数のビットに対して、確率整形を実施する確率整形符号化部と、
     前記確率整形符号化部から送られる誤り訂正情報ビットに対し、誤り訂正の符号化を行う誤り訂正符号化部と、
     前記誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、仮シンボルを生成する仮シンボル生成部と、
     共有鍵に基づいて、暗号化ビット列を生成する暗号化ビット列生成部と、
     前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する暗号化行列生成部と、
     前記暗号化行列を用いて、前記仮シンボルから暗号化シンボルを生成する暗号化シンボル生成部と、
     既知シンボルを生成する既知シンボル生成部と、
     前記既知シンボルを暗号化既知シンボルに暗号化する暗号化既知シンボル生成部と、
     前記暗号化シンボルと、前記暗号化既知シンボルと、を多重する暗号化シンボル多重部と、を含む、
     物理暗号化装置。     a probability shaping encoder that performs probability shaping on a plurality of bits input from the outside;
    an error correction encoding unit that performs error correction encoding on the error correction information bits sent from the probability shaping encoding unit;
    a temporary symbol generation unit that generates a temporary symbol from the bit string consisting of the error correction information bits and the error correction redundant bits;
    an encrypted bit string generator that generates an encrypted bit string based on the shared key;
    an encryption matrix generation unit that determines an encryption matrix based on at least a portion of the encrypted bit string;
    an encrypted symbol generation unit that uses the encryption matrix to generate an encrypted symbol from the temporary symbol;
    a known symbol generation unit that generates known symbols;
    an encrypted known symbol generation unit that encrypts the known symbol into an encrypted known symbol;
    an encrypted symbol multiplexing unit that multiplexes the encrypted symbol and the encrypted known symbol;
    Physical encryption device.
  2.  確率整形符号化部と、誤り訂正符号化部と、仮シンボル生成部と、暗号化ビット列生成部と、暗号化行列生成部と、暗号化シンボル生成部と、既知シンボル生成部と、暗号化既知シンボル生成部と、暗号化シンボル多重部と、を含む物理暗号化装置の物理暗号化方法であって、
     前記確率整形符号化部が、外部から入力される複数のビットに対して、確率整形を実施し、
     前記誤り訂正符号化部が、前記確率整形符号化部から送られる誤り訂正情報ビットに対し、誤り訂正の符号化を行い、
     前記仮シンボル生成部が、前記誤り訂正情報ビット及び誤り訂正冗長ビットからなるビット列から、仮シンボルを生成し、
     前記暗号化ビット列生成部が、共有鍵に基づいて、暗号化ビット列を生成し、
     前記暗号化行列生成部が、前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定し、
     前記暗号化シンボル生成部が、前記暗号化行列を用いて、前記仮シンボルから暗号化シンボルを生成し、
     前記既知シンボル生成部が、既知シンボルを生成し、
     前記暗号化既知シンボル生成部が、前記既知シンボルを暗号化既知シンボルに暗号化し、
     前記暗号化シンボル多重部が、前記暗号化シンボルと、前記暗号化既知シンボルと、を多重する、
     物理暗号化方法。     Probability shaping encoding unit, error correction encoding unit, temporary symbol generation unit, encrypted bit string generation unit, encryption matrix generation unit, encrypted symbol generation unit, known symbol generation unit, encryption known A physical encryption method for a physical encryption device including a symbol generation unit and an encrypted symbol multiplexing unit,
    The probability shaping encoding unit performs probability shaping on a plurality of bits input from the outside,
    The error correction encoding unit performs error correction encoding on the error correction information bits sent from the probability shaping encoding unit,
    The temporary symbol generation unit generates a temporary symbol from the bit string consisting of the error correction information bits and the error correction redundant bits,
    The encrypted bit string generation unit generates an encrypted bit string based on a shared key,
    the encryption matrix generation unit determines an encryption matrix based on at least a portion of the encrypted bit string;
    the encrypted symbol generation unit generates an encrypted symbol from the temporary symbol using the encryption matrix;
    The known symbol generation unit generates a known symbol,
    the encrypted known symbol generation unit encrypts the known symbol into an encrypted known symbol;
    the encrypted symbol multiplexing unit multiplexes the encrypted symbol and the encrypted known symbol;
    Physical encryption method.
  3.  暗号化既知シンボルに基づいて、波形等化を行う波形等化部と、
     前記波形等化部により波形等化され得られた受信多重化シンボルを、暗号化シンボルと前記暗号化既知シンボルとに分離する暗号化シンボル分割部と、
     共有鍵に基づいて、暗号化ビット列を生成する暗号化ビット列生成部と、
     前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定する暗号化行列生成部と、
     前記暗号化行列を用いて、前記暗号化シンボルを仮シンボルへと復号する暗号化シンボル終端部と、
     前記仮シンボルから、ビット列への復号を実施する仮シンボル終端部と、
     前記仮シンボル終端部から送られたビット列に対し、誤り訂正復号を行う誤り訂正復号部と、
     前記誤り訂正復号部から送られたビット列に対し、確率整形の逆作用を実施する確率整形復号部と、
     を含む、
     物理復号装置。     a waveform equalizer that performs waveform equalization based on the encrypted known symbol;
    an encrypted symbol division unit that separates the received multiplexed symbol obtained by waveform equalization by the waveform equalization unit into an encrypted symbol and the encrypted known symbol;
    an encrypted bit string generator that generates an encrypted bit string based on the shared key;
    an encryption matrix generation unit that determines an encryption matrix based on at least a portion of the encrypted bit string;
    an encrypted symbol termination unit that decodes the encrypted symbol into a temporary symbol using the encrypted matrix;
    a temporary symbol termination unit that decodes the temporary symbol into a bit string;
    an error correction decoding unit that performs error correction decoding on the bit string sent from the temporary symbol terminal part;
    a probability shaping decoding unit that performs an inverse probability shaping operation on the bit string sent from the error correction decoding unit;
    including,
    Physical decoding device.
  4.  波形等化部と、暗号化シンボル分割部と、暗号化ビット列生成部と、暗号化行列生成部と、暗号化シンボル終端部と、仮シンボル終端部と、誤り訂正復号部と、確率整形復号部と、を含む物理復号装置の物理復号方法であって、
     前記波形等化部が、暗号化既知シンボルに基づいて、波形等化を行い、
     前記暗号化シンボル分割部が、前記波形等化部により波形等化され得られた受信多重化シンボルを、暗号化シンボルと前記暗号化既知シンボルとに分離し、
     前記暗号化ビット列生成部が、共有鍵に基づいて、暗号化ビット列を生成し、
     前記暗号化行列生成部が、前記暗号化ビット列の少なくとも一部に基づいて、暗号化行列を決定し、
     前記暗号化シンボル終端部が、前記暗号化行列を用いて、前記暗号化シンボルを仮シンボルへと復号し、
     前記仮シンボル終端部が、前記仮シンボルから、ビット列への復号を実施し、
     前記誤り訂正復号部が、前記仮シンボル終端部から送られたビット列に対し、誤り訂正復号を行い、
     前記確率整形復号部が、前記誤り訂正復号部から送られたビット列に対し、確率整形の逆作用を実施する、
     物理復号方法。     Waveform equalization section, encrypted symbol division section, encrypted bit string generation section, encryption matrix generation section, encrypted symbol termination section, temporary symbol termination section, error correction decoding section, probability shaping decoding section A physical decoding method for a physical decoding device, comprising:
    The waveform equalization unit performs waveform equalization based on the encrypted known symbol,
    The encrypted symbol dividing unit separates the received multiplexed symbol obtained by waveform equalization by the waveform equalizing unit into an encrypted symbol and the encrypted known symbol,
    The encrypted bit string generation unit generates an encrypted bit string based on a shared key,
    the encryption matrix generation unit determines an encryption matrix based on at least a portion of the encrypted bit string;
    the encrypted symbol termination unit decodes the encrypted symbol into a temporary symbol using the encryption matrix;
    The temporary symbol termination unit decodes the temporary symbol into a bit string,
    The error correction decoding unit performs error correction decoding on the bit string sent from the temporary symbol terminal part,
    The probability shaping decoding unit performs a reverse probability shaping operation on the bit string sent from the error correction decoding unit.
    Physical decoding method.
PCT/JP2023/006614 2022-08-19 2023-02-24 Physical encryption device, physical encryption method, physical decryption device, and physical decryption method WO2024038633A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PCT/JP2022/031285 WO2024038568A1 (en) 2022-08-19 2022-08-19 Physical encryption device, physical encryption method, physical decryption device, and physical decryption method
JPPCT/JP2022/031285 2022-08-19

Publications (1)

Publication Number Publication Date
WO2024038633A1 true WO2024038633A1 (en) 2024-02-22

Family

ID=89941660

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2022/031285 WO2024038568A1 (en) 2022-08-19 2022-08-19 Physical encryption device, physical encryption method, physical decryption device, and physical decryption method
PCT/JP2023/006614 WO2024038633A1 (en) 2022-08-19 2023-02-24 Physical encryption device, physical encryption method, physical decryption device, and physical decryption method

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/031285 WO2024038568A1 (en) 2022-08-19 2022-08-19 Physical encryption device, physical encryption method, physical decryption device, and physical decryption method

Country Status (1)

Country Link
WO (2) WO2024038568A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006514499A (en) * 2003-03-27 2006-04-27 ドコモ コミュニケーションズ ラボラトリーズ ヨーロッパ ゲーエムベーハー Apparatus and method for estimating a plurality of channels
CN110336667A (en) * 2019-07-26 2019-10-15 电子科技大学 A kind of communication physical layer encryption communication method and device based on pseudo-random sequence control
WO2021019620A1 (en) * 2019-07-26 2021-02-04 三菱電機株式会社 Subchannel encoding device, subchannel decoding device, subchannel encoding method, subchannel decoding method, and subchannel multiplexing optical communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006514499A (en) * 2003-03-27 2006-04-27 ドコモ コミュニケーションズ ラボラトリーズ ヨーロッパ ゲーエムベーハー Apparatus and method for estimating a plurality of channels
CN110336667A (en) * 2019-07-26 2019-10-15 电子科技大学 A kind of communication physical layer encryption communication method and device based on pseudo-random sequence control
WO2021019620A1 (en) * 2019-07-26 2021-02-04 三菱電機株式会社 Subchannel encoding device, subchannel decoding device, subchannel encoding method, subchannel decoding method, and subchannel multiplexing optical communication system

Also Published As

Publication number Publication date
WO2024038568A1 (en) 2024-02-22

Similar Documents

Publication Publication Date Title
US8189787B2 (en) Data transmitting apparatus, data receiving apparatus and data communication apparatus
CN109768990B (en) Physical layer secure transmission method based on asymmetric key
EP3167569B1 (en) Method and system for providing a secure update of code on a memory-constrained device
CN109743279B (en) Polar code coding encryption and OFDM system peak-to-average power ratio suppression-based combined method
Huo et al. XOR encryption versus phase encryption, an in-depth analysis
CN112533199A (en) OFDM channel physical key generation method and device based on USRP and computer equipment
US9893880B2 (en) Method for secure symbol comparison
CN113810172B (en) Low-redundancy encryption method and system for polarization code quantum noise stream physical layer
US20240048372A1 (en) Secure multi-state quantum key distribution with wavelength division multiplexing
US20230224143A1 (en) Modulation-agnostic transformations using unitary braid divisional multiplexing (ubdm)
Dubrova et al. CRC-based message authentication for 5G mobile technology
JP5395051B2 (en) A low complexity encryption method for content encoded by rateless codes
KR20050034185A (en) Method of public key encryption and decryption method
US7349542B2 (en) Systems, methods and computer program products for encryption and decryption using wavelet transforms
CN114928435B (en) Quantum noise stream encryption method and system based on DNA coding and SLM
CN109743155B (en) Physical layer secure transmission method based on antenna selection differential chaos keying
Mihaljević et al. An approach for stream ciphers design based on joint computing over random and secret data
Li et al. Related-tweak statistical saturation cryptanalysis and its application on QARMA
WO2024038633A1 (en) Physical encryption device, physical encryption method, physical decryption device, and physical decryption method
CN110266321B (en) Novel communication method and system based on polarization code
Harun et al. Hybrid M-Ary in Braided Single Stage Approach for Multiphoton Quantum Secure Direct Communication Protocol
Tang et al. FBMC/OQAM security strategy based on diversity DNA encryption
Chai et al. On the (in) security of two Joint Encryption and Error Correction schemes
Korzhik et al. Performance evaluation of keyless authentication based on noisy channel
Shoushtari et al. Post-Quantum Cryptography Based on Codes: A Game Changer for Secrecy in Aeronautical Mobile Telemetry

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23854673

Country of ref document: EP

Kind code of ref document: A1