Information security technologies are becoming increasingly important in communication and computer systems. In secret-key cryptography systems, secure communication between two legitimate users—conventionally called Alice and Bob—is based on encrypting the messages they exchange using a secret key known only to them. An eavesdropper—conventionally called Eve—who intercepts their encrypted messages will not be able to decrypt them without knowing the secret key. However, unless Alice and Bob can meet in private, they will need some way to initially agree upon a key by exchanging messages over a public channel, in a manner that cannot be intercepted by Eve.
Such schemes for secure key distribution are based on two main security paradigms, namely, computational security and information-theoretic security. Computational security relies on the hypothetical hardness of a computational problem. In other words, the system is hard to defeat in practice because it would take an infeasible amount of time or computational power. Information-theoretic security is instead based on probability theory and means the system cannot be defeated in principle, even by an adversary with unlimited computational power.
One approach to information-theoretic security is based on a scenario where Alice, Bob, and Eve are all able to access ‘correlated random sequences,’ such as can be produced by observing random physical phenomena. It is well established that, in such a situation, Alice and Bob can create a shared secret key from correlated random sequences by exchanging messages over a public channel.1 Recently, our group showed that this approach can also be implemented by taking advantage of a property called ‘bounded observability,’ which arises in the context of physical systems due to the practical difficulty of completely observing physical phenomena.2 For example, a light wave with a broad bandwidth, which has a fast and randomly fluctuating phase or amplitude, is difficult to completely measure by current technology. We previously proposed and demonstrated an experimental implementation based on this concept using the synchronized responses of laser systems injected with a common random light signal having a broad bandwidth.3 The response laser system consists of unidirectionally coupled laser stages, and requires a large number of cascaded stages to resist attack from a powerful eavesdropper.
We recently followed this up by experimentally demonstrating that information-theoretic secure key distribution can be accomplished using unidirectionally coupled cascades of semiconductor lasers.4 Figure 1 illustrates the configuration of the two cascaded laser systems with common random light injection and the secure key generation procedure. Each of the systems shown has only two laser stages, which is the simplest possible example of a cascaded system. We carried out our experiment on this simplest case to demonstrate the feasibility of the scheme in principle. However, a larger number of stages are needed for practical use. Each stage consists of a semiconductor laser and an optical self-feedback unit. The phase of the feedback light is shifted by a phase modulator, which can be set to apply a phase shift of either 0 or π. The external driving light signal, which has a randomly fluctuating phase, is injected into the first laser stage. The output of the first laser stage provides the input to the second laser stage, and the output of the second stage is the output of the overall cascaded laser system.
Figure 1. Schematic diagram of the secure key distribution scheme based on correlated randomness phenomena. In the example, random switching of the binary (0 or π)phase-shift parameter and one bit sampling of the corresponding waveform is repeated eight times. The parameter settings and the bits sampled by Alice and Bob match in two of the eight instances, indicated by red circles.
To achieve secret key generation, the setup must satisfy the following properties. The correlation between the outputs of Alice and Bob's cascaded systems should be high (i.e., synchronization should be achieved) if and only if the values of the phase-shift parameters are identical to each other at every stage, whereas it should be low if the parameter values are mismatched for any of the stages. In addition, the correlation between the waveform of the drive injection signal and the output of each of the laser stages must be low for all phase-shift parameter values.
The procedure for generating a secret key requires Alice and Bob to independently and randomly decide the sets of phase-shift parameter values (0 or π for each laser stage) to use on their respective systems. Common random light from the drive system is then injected into Alice and Bob's cascaded laser systems, each of which generates an optical output dependent on both the injected light and the phase-shift parameters at each stage. Alice and Bob extract binary output bit sequences from their separate systems by sampling the temporal intensity output waveforms at a predetermined timing and quantizing the sampled values. They store their pairs of phase-shift parameter values and generated bits in their respective data recorders. Alice and Bob repeat this procedure a great many times, injecting continuously varying nonrepeating random light.
At the end of this procedure, both Alice and Bob will have a sequence of many pairs of generated bits and the corresponding phase-shift parameter values. Next, they exchange only the sequences of the parameter values that they used over a public channel. Alice and Bob then separately examine their undisclosed bit sequences and retain only those bits generated when their parameter values matched for all stages, and discard all the other bits. Their retained bits will be almost identical to each other due to the required correlation property. A common secret key is obtained from the retained bits using an information reconciliation protocol (a method of error correction that helps Alice and Bob ensure their retained bits are identical) and a privacy amplification protocol (a way to eliminate any partial information Eve may have acquired about the key).5
Our study experimentally demonstrated this method of information-theoretic secure key distribution using correlated random bit sequences over a distance of 120km. This result confirms the feasibility of the scheme in principle, and shows the method to be practicable, since it works with ordinary optical fiber and over long distances. The described setup and protocol for generating correlated random bit sequences is thus a promising approach for implementing information-theoretic secure key distribution. In future work, we propose to investigate cascaded laser systems having a greater number of stages and driven by common random light with much broader bandwidth, up to the terahertz range.
Atsushi Uchida, Hayato Koizumi, Izumi Kakesu
Saitama City, Japan
Kazuyuki Yoshimura, Jun Muramatsu
NTT Communication Science Laboratories
NTT Communication Science Laboratories
1. U. M. Maurer, Secret key agreement by public discussion from common information, IEEE Trans. Inf. Theory 39(3), p. 733-742, 1993.
2. J. Muramatsu, K. Yoshimura, P. Davis, Information theoretic security based on bounded observability, Lect. Notes Comput. Sci. 5973, p. 128-139, 2010.
3. K. Yoshimura, J. Muramatsu, P. Davis, T. Harayama, H. Okumura, S. Morikatsu, H. Aida, A. Uchida, Secure key distribution using correlated randomness in lasers driven by common random light, Phys. Rev. Lett. 108(7), p. 070602, 2012.
4. H. Koizumi, S. Morikatsu, H. Aida, T. Nozawa, I. Kakesu, A. Uchida, K. Yoshimura, J. Muramatsu, P. Davis, Information-theoretic secure key distribution based on common random-signal induced synchronization in unidirectionally-coupled cascades of semiconductor lasers, Opt. Express 21(15), p. 17869-17893, 2013.
5. M. Bloch, J. Barros, Physical-Layer Security: From Information Theory to Security Engineering, Cambridge University Press, 2011.