Any-point-to-any-point ("AP2AP") quantum key distribution protocol for optical ring network

-

A QKD node in an optical ring network enables distribution of quantum keys between node pairs having neither photon sources nor photon detectors. The QKD node transmits corresponding pulses P1 and P2 into the ring network in opposing directions. A first node (Alice) of the pair randomly modulates pulse P1 and a second node (Allie) of the pair randomly modulates pulse P2, each with phases selected from two encoding bases: B1(0, π) and B2(π/2, 3+/2). Node Allie then publicly signals to node Alice and the QKD node to indicate which bases were used for encoding QKD bits in sequence, for example, B1, B2, B2, B1, etc. Node Alice compares the encoding types used by node Allie and publicly signals to nodes Allie and Bob to indicate which encoding types match. The QKD node then deletes all mismatched measurements, and nodes Allie and Alice also delete the corresponding bits. The QKD node then publicly signal to nodes Allie and Alice to indicate the XOR bit string. Nodes Allie and Alice negotiate which is going to do the XOR to their key bit string. After the XORing operation, nodes Allie and Alice form a shifted key and they start quantum error correction and privacy amplification procedures to form a final secret key. Further, the QKD node may modulate a secret key Φs into pulse P1 before transmission, and into pulse P2 after receipt, to facilitate security and detection of an eavesdropping attack.

Skip to: Description  ·  Claims  · Patent History  ·  Patent History
Description
FIELD OF THE INVENTION

This invention relates generally to the field of network communications, and more particularly to cryptology.

BACKGROUND OF THE INVENTION

Public key encryption is currently a popular technique for secure network communications. Public key encryption utilizes “one-way functions” that are relatively simple for computers to calculate, but difficult to reverse calculate. In particular, a one way function f(x) is relatively easy for a computer to calculate given the variable x, but calculating x given f(x) is difficult for the computer, although not necessarily impossible. Some one way functions can be much more easily reverse calculated with the assistance of particular “trap door” information, i.e., a key. Public key cryptography utilizes such one-way functions in a two-key system in which one key is used for encryption and the other key is used for decryption. In particular, the one-way function is a “public key” which is openly advertised by Node A for the purposes of sending encrypted messages to Node A. The trap door is a “private key” which is held in confidence by Node A for decrypting the messages sent to. Node A. For two-way encrypted communications each node utilizes a different public key and a different private key. One advantage of this system is that secure key distribution is not required. However, advances in the capabilities of computers tend to erode the level of security provided by public key encryption because the difficulty of reverse calculating the one-way function decreases as computing capabilities increase.

It is generally accepted in the field of cryptology that the most secure encryption technique is the Vernam cipher, i.e., one-time pad. A Vernam cipher employs a key to encrypt a message that the intended recipient decrypts with an identical key. The encrypted message is secure provided that the key is random, at least equal to the message in length, used for only a single message, and known only to the sender and intended receiver. However, in modern communication networks the distribution of Vernam cipher keys is often impractical, e.g., because the keys can be quite long and key distribution itself is subject to eavesdropping.

One technique for secure key distribution is known as Quantum Key Distribution (“QKD”). Particular Quantum Key Distribution protocols such as BB84 enable secure key exchange between two devices by representing each bit of a key with a single photon. Photons may be polarization-modulated in order to differentiate between logic 1 and logic 0. Distribution of the quantum keys is secure because, in accordance with the laws of quantum physics, an eavesdropper attempting to intercept the key would introduce detectable errors into the key since it is not possible to measure an unknown quantum state of a photon without modifying it. However, the network resources required to implement QKD are relatively costly. In particular, each network device that implements current QKD techniques requires a photon source and a photon detector.

SUMMARY OF THE INVENTION

In accordance with the invention, apparatus for distributing a quantum key between a first node and a second node in an optical ring communications network comprises: an enabler node with a photon source operable to generate a base pulse; a splitter operable to split the base pulse into corresponding pulses P1 and P2; a port operable to transmit pulse P1 and pulse P2 into the network, pulse P1 being modulated by the first node with phases selected from two encoding bases and pulse P2 being modulated by the second node with phases selected from the two encoding bases, the port being further operable to receive modulated pulses P1 and P2; a receiver operable to receive an indication, from the first node, of which bases were employed by the first node, and also to receive an indication from the second node of base matches relative to the bases employed by the second node, and control logic operable to remove mismatches from consideration and communicate with at least one of the first and second nodes to indicate a remaining XOR bit string, following which one of the first and second nodes performs an XOR on their respective bit string, and the first and second nodes form a shifted key.

A method in accordance with the invention for distributing a quantum key between a first node and a second node in a communications network, comprises the steps of: generating a base pulse with a photon source; splitting the base pulse into corresponding pulses P1 and P2 with a splitter; transmitting pulse P1 and pulse P2 via a port into the network; modulating pulse P1 by the first node with phases selected from two encoding bases; modulating pulse P2 by the second node with phases selected from the two encoding bases; receiving, via the port, modulated pulses P1 and P2, receiving an indication from the first node of which bases were employed by the first node; receiving an indication from the second node of base matches relative to the bases employed by the second node; removing mismatches from consideration; and communicating with at least one of the first and second nodes to indicate a remaining XOR bit string, following which one of the first and second nodes performs an XOR on their respective bit string, and the first and second nodes form a shifted key.

The invention improves QKD in a communications network by obviating the need for the network nodes in a QKD pair to have a photon source and a photon detector. In particular, a QKD node with a photon detector and photon source employs those resources on behalf of node pair to establish a key for the node pair. Since the QKD node can perform QKD services on behalf of any of various node pairs in the network, a single set of relatively costly photon source and photon detector resources can be leveraged to support a relatively large number of lower cost devices. Further, the QKD node need not be fully trusted by the node pair because the QKD node does not learn the key in the course of supporting QKD for the node pair. Further, the QKD node can detect attempted eavesdropping by modulating a secret phase key into one of the pulses prior to transmission and modulating the same secret phase key into the other pulse after its returning to the QKD node.

BRIEF DESCRIPTION OF THE FIGURES

FIGS. 1 and 2 are block diagrams illustrating distribution of a quantum key between node Allie and node Alice with node Bob as enabler, wherein FIG. 1 shows processing of pulse P1 in detail and FIG. 2 shows processing of pulse P2 in detail.

FIGS. 3 and 4 illustrate key decoding in greater detail.

DETAILED DESCRIPTION

FIG. 1 illustrates an optical ring network including nodes Bob (100), Alice (102), Anna (104), and Allie (106). Node Bob (100) includes a photon source such as a laser diode (108), photon detectors (110-D0, 110-D1), an attenuator (112), a coupler (114), and a phase modulator (116). Node Alice (102) includes an Optical Add/Drop Multiplexer (“OADM”) (118) and a phase modulator (120). Similarly, node Anna (104) includes an OADM (122) and a phase modulator (124), and node Allie (106) includes an OADM (126) and a phase modulator (128).

Node Bob (100) functions as a Quantum Key Distribution (“QKD”) enabler for pairs of nodes in the network. In particular, node Bob enables any pair of nodes in the network to exchange quantum keys even though those nodes have neither a photon source nor a photon detector. Node Bob accomplishes this task by transmitting corresponding pulses around the loop for independent modulation by the node pair, and then indicating correlation of the modulation to the node pair.

QKD is initiated by node Alice (102) and node Allie (106) each signaling a request to node Bob (100). In response to the request, node Bob generates a source pulse (130) with the laser diode (108). The source pulse is then attenuated by attenuator (112) such that a suitable average number of photons per pulse is set. The attenuated pulse is then split by the coupler (114), resulting in corresponding pulses P1 and P2. Pulse P1 is then phase-modulated using phase modulator PMb (116) with a randomly generated secret phase key Φs. Pulse P1 is transmitted on the optical loop in a first direction, i.e., toward node Alice (102), and pulse P2 is transmitted on the optical loop in a second direction, i.e., toward node Allie (106). Further, signaling from node Bob instructs node Alice to process pulse P1 (and not pulse P2), and node Allie to process pulse P2 (and not pulse P1).

Node Alice is operable upon receipt of pulse P1 to drop the pulse into an inner loop via the OADM (118). Node Alice then modulates pulse P1 using the phase modulator PMa (120). In particular, node Alice randomly modulates pulse P1 with the phase modulator thereby introducing phase Φ1 selected from two encoding bases: B1(0, π) and B2(π/2, 3π/2). The resulting pulse P1, having phase Φs+Φ1, is returned to the optical ring via the OADM (118). Nodes Anna and Allie pass, pulse P1 through their respective OADMs (122, 126). Hence, pulse P1 eventually returns to node Bob (100), where it is directed to the coupler (114).

Referring now to FIG. 2, node Allie (106) is operable in response to receipt of pulse P2 from node Bob (100) to drop the pulse into an inner loop via the OADM (126). Node Allie then modulates pulse P2using the phase modulator PMa (128). In particular, node Allie randomly modulates pulse P2 with the phase modulator thereby introducing phase Φ2 selected from two encoding bases: B1(0, π) and B2(π/2, 3π/2). The resulting pulse P2, having phase Φ2, is returned to the optical ring via the OADM. Nodes Anna and Alice pass pulse P2 through their respective OADMs (122, 118). Hence, pulse P2 eventually returns to node Bob.

Node Bob is operable upon receipt of pulse P2 to direct the pulse to the phase modulator PMb (116), where pulse P2 is modulated with Φs, resulting in a pulse P2 having phase Φs+Φ2. Pulse P2 is then directed to the coupler (114), where a comparison is made with pulse P1 with the assistance of the detectors (110). The phase shift difference (“ΔΦ”) between P1 and P2 at coupler is ΔΦ=(Φs+Φ2)−(Φs+Φ1)=Φ2−Φ1. When the two pulses P1 and P2 are combined into one pulse, ΔΦ=0 indicates constructive interference which triggers detector D0, and ΔΦ=π indicates destructive interference which triggers detector D1. This information is employed for key decoding.

FIGS. 3 and 4 illustrate one technique for key decoding in further detail. Following the measurements described above, node Allie (or alternatively node Alice) publicly signals to her counterpart, node Alice (or alternatively node Allie) and the QKD enabler node Bob to indicate, in sequence, which bases were used for encoding the QKD bits, for example, B1, B2, B2, B1, etc. The enabler node Bob takes no further action until receiving a response signal from node Alice. In particular, node Alice compares node Allie's encoding types with her encoding types and publicly signals to nodes Allie and Bob to indicate which encoding types match, i.e., measurement/result=match. The enabler node Bob then deletes all QKD bits for which the measurement/result=mismatch, i.e., ΔΦ=π/2 and ΔΦ=3π/2. Nodes Allie and Alice also delete the mismatched measurements. From FIGS. 3 and 4 it can be seen that, if the enabler node Bob detects ΔΦ=0→0, then nodes Allie and Alice employed the same key bit value, 0 or 1, but node Bob does not know its actual value. However, if node Bob detects ΔΦ=π→1, then nodes Allie and Alice employed an inverse key value so one of them must flip the value in order to match. Again, node Bob does not know its actual value. What this means is that node Bob's measurements do not indicate the QKD key bit values, but rather node Bob's measurements indicate the XOR between Allie's and Alice's key. Therefore, node Bob publicly signal to nodes Allie and Alice to indicate the XOR bit string of QKD bits for which measurement/result=XOR, i.e., ΔΦ=π. Nodes Allie and Alice then negotiate which is going to do the XOR to their key bit string. After the XORing operation, nodes Allie and Alice form a shifted key and they start quantum error correction and privacy amplification procedures to form a final secret key.

Referring now to FIGS. 1 through 4, the use of the secret phase key Φs facilitates detection of attempted eavesdropping. For example, a potential eavesdropper node Anna would need to decode the secret phase key Φs, split pulse P2 (which is not modulated with the secret phase key Φs), split pulse P1 (which is modulated with Φs), and then randomly modulate a phase to one of the pulses and combine two pulses to recreate the original photon or photons. However, because of the randomness of the modulation Anna would require a relatively large number of attempts to reach the solution. Such a large number of attempts can be made unavailable to Anna because Bob attenuates the pulses to a certain level, such as μ=10. Further, the eavesdropping attempts by Anna will tend to increase the Quantum Bit Error Rate (“QBER”), which can be detected by node Bob.

One result of the described technique is that node Bob does not learn the phase modulated bases used by nodes Alice and Allie for the QKD. In particular, the participation and measurements of node Bob do not directly result in the key, and thereby provide node Bob with the key. Rather, node Bob's measurements reveal only the XOR between the two keys of Allie and Alice to node Bob. Consequently, node Bob need not be fully trusted by nodes Alice and Allie in order to be utilized as an enabler for QKD. This aspect of the invention could be advantageous in shared networks.

While the invention is described through the above exemplary embodiments, it will be understood by those of ordinary skill in the art that modification to and variation of the illustrated embodiments may be made without departing from the inventive concepts herein disclosed. Moreover, while the preferred embodiments are described in connection with various illustrative structures, one skilled in the art will recognize that the system may be embodied using a variety of specific structures. Accordingly, the invention should not be viewed as limited except by the scope and spirit of the appended claims.

Claims

1. Apparatus for distributing a quantum key between a first node and a second node in a communications network, comprising:

a photon source operable to generate a base pulse;
a splitter operable to split the base pulse into corresponding pulses P1 and P2;
a port operable to transmit pulse P1 and pulse P2 into the network, pulse P1 being modulated by the first node with phases selected from two encoding bases and pulse P2 being modulated by the second node with phases selected from the two encoding bases, the port being further operable to receive modulated pulses P1 and P2;
a receiver operable to receive an indication, from the first node, of which bases were employed by the first node, and also to receive an indication from the second node of base matches relative to the bases employed by the second node; and
control logic operable to remove mismatches from consideration and communicate with at least one of the first and second nodes to indicate a remaining XOR bit string,
following which one of the first and second nodes performs an XOR on their respective bit string, and the first and second nodes form a shifted key.

2. The apparatus of claim 1 wherein the communications network is a ring network, and further including logic operable to direct pulses P1 and P2 into the ring in opposite directions.

3. The apparatus of claim 1 further including a phase modulator operable to modulate pulse P1 with a secret phase key before transmitting the pulse into the network.

4. The apparatus of claim 3 wherein the phase modulator is further operable, after receiving pulse P2 from the network, to modulate pulse P2 with the secret phase key before the comparator is employed to compare the pulses.

5. The apparatus of claim 4 further including control logic operable to indicate potential eavesdropping based on quantum bit error rate.

6. The apparatus of claim 1 further including an attenuator operable to reduce the number of photons in the pulse.

7. The apparatus of claim 1 wherein the first node is operable to indicate to the second node which base types were used by the first node.

8. The apparatus of claim 7 wherein the second node is operable to compare base types used by the first node with base types used by the second node, and to indicate base type matches to the control logic and the first node.

9. The apparatus of claim 8 wherein the control logic is further operable to remove mismatched bits.

10. The apparatus of claim 9 wherein the control logic is further operable to indicate to the first node which bits are neither matched nor mismatched.

11. A method for distributing a quantum key between a first node and a second node in a communications network, comprising the steps of:

generating a base pulse with a photon source;
splitting the base pulse into corresponding pulses P1 and P2 with a splitter;
transmitting pulse P1 and pulse P2 via a port into the network;
modulating pulse P1 by the first node with phases selected from at least two encoding bases;
modulating pulse P2 by the second node with phases selected from the at least two encoding bases;
receiving, via the port, modulated pulses P1 and P2;
receiving an indication from the first node of which bases were employed by the first node;
receiving an indication from the second node of base matches relative to the bases employed by the second node;
removing mismatches from consideration; and
communicating with at least one of the first and second nodes to indicate a remaining XOR bit string,
following which one of the first and second nodes performs an XOR on their respective bit string, and the first and second nodes form a shifted key.

12. The method of claim 11 wherein the communications network is a ring network, and further including the step of directing pulses P1 and P2 into the ring in opposite directions.

13. The method of claim 11 further including the step of modulating pulse P1 with a secret phase key before transmitting the pulse into the network.

14. The method of claim 13 further including the step of, after receiving pulse P2 from the network, modulating pulse P2 with the secret phase key before the comparator is employed to compare the pulses.

15. The method of claim 14 further including the step of monitoring quantum bit error rate to detect potential eavesdropping.

16. The method of claim 15 further including the step of reducing the number of photons in the pulse.

17. The method of claim 11 further including the step of indicating, by the first node to the second node, which base types were used by the first node.

18. The method of claim 17 further including the step of comparing, by the second node, base types used by the first node with base types used by the second node, and indicating base type matches to the control logic and the first node.

19. The method of claim 18 further including the step of removing mismatched bits.

20. The method of claim 19 further including the step of indicating to the first node which bits are neither matched nor mismatched.

Patent History
Publication number: 20070076878
Type: Application
Filed: Sep 30, 2005
Publication Date: Apr 5, 2007
Applicant:
Inventor: Randy Kuang (Kanata)
Application Number: 11/241,140
Classifications
Current U.S. Class: 380/255.000
International Classification: H04K 1/00 (20060101);