お問合せ
サイトマップ
English
検索
J-STOREについて
注目の特許
中国の大学の特許
クイック検索
国内特許検索
外国特許検索
特許マップ検索
技術シーズ検索
研究報告検索
テクニカルアイ検索
e-seeds.jp検索
よくあるQ&A
使い方
TOP
>
外国特許検索
>
Secret communication method and secret communication device thereof
Secret communication method and secret communication device thereof
外国特許コード
F110003554
整理番号
BE06201WO
掲載日
2011年6月29日
出願国
アメリカ合衆国
出願番号
37422707
公報番号
20090316901
公報番号
8239680
出願日
平成19年6月20日(2007.6.20)
公報発行日
平成21年12月24日(2009.12.24)
公報発行日
平成24年8月7日(2012.8.7)
国際出願番号
JP2007062375
国際公開番号
WO2008013008
国際出願日
平成19年6月20日(2007.6.20)
国際公開日
平成20年1月31日(2008.1.31)
優先権データ
特願2006-203984 (2006.7.26) JP
特願2006-203985 (2006.7.26) JP
2007JP062375 (2007.6.20) WO
発明の名称 （英語）
Secret communication method and secret communication device thereof
発明の概要（英語）
A secret communication method and a communication device used in the method are provided for secret communication using communication path less frequently as a whole while avoiding a duplicative use of public communication.
The secret communication method includes steps of: estimating an error ratio of initial random numbers X, Y; estimating the upper limit of an eavesdrop information amount; determining an encryption function determined by the error correction code based on the estimated error probability, an error correction decoding function g, and a decryption auxiliary variable; uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdrop information amount and the encoding ratio of the error correction code; uniquely generating a ciphertext Z from information M to be sent to a receiver using the encryption function, the initial random number X, and the confidentiality increase matrix C; transmitting the ciphertext Z; and decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function g.
従来技術、競合技術の概要（英語）
BACKGROUND ART
Because of the explosive growth of the Internet and the practical application of electronic transaction, the social needs for encryption technology in view of confidentiality, prevention of alteration, and personal authentication in the communication are increasing.
Currently, the common key system such as DES code and the public key system such as RSA code have been widely used.
These systems are, however, designed on the basis of the "computational security".
In other words, the existing encryption system is kept under threat of advancement in the computer hardware and the decryption algorithm.
Practical realization of the encryption system that guarantees safety in principle may give a significant impact on the fields which require especially high security, for example, bank transaction and communication with respect to military and diplomatic information.
One-time-pad method is the encryption system which has been proved as exhibiting unconditional security according to the information theory.
In the one-time-pad method, a disposable secret common key with the same length a message is used.
However, the one-time-pad method is established under the strict condition where two parties at remote locations share the perfectly matched secret common key which allows no information leakage to the third party on the assumption that no error occurs.
Generally, this may cause difficulties in the application.
Meanwhile, the condition where two parties at remote locations share the correlated initial random numbers and such information may be leaked to the third party can be realized relatively easily.
In fact, the sender and receiver share such random numbers using the quantum cryptography subsequent to the quantum communication, base collation and error probability estimation.
Under this condition, the secret communication between two parties is highly demanded.
Conventionally, the key distillation including the quantum cryptography described later is performed first, and then the secret communication with the one-time-pad method is performed by using the resultant key.
According to the above, the key distillation is a process performed to generate the perfectly matched secret common key for two parties, which allows substantially no information leakage to the third party, by performing communication properly between those two parties.
The error-correcting code, such as Reed-Solomon code and LDPC code, has been well known to be used for coping with the communication which causes error with a certain probability.
The use of the error-correcting code for the key distillation has been known (see Non-Patent Document 3).
The method for obtaining the error ratio of the initial random number generated through the quantum communication and the upper limit of an amount of information eavesdropped by the eavesdropper has been researched in various studies with respect to the quantum cryptography.
Accordingly, the initial random number generation unit, the device for estimating the error ratio with respect to the initial random number, and the device for estimating the upper limit of the eavesdropped information amount are considered as background of the present invention.
The generally employed secret communication device is operated using the one-time-pad method which allows the key distillation device to generate the secret common key for the purpose of transmitting the information from the sender to the receiver based on the initial random numbers of the sender and the receiver without leakage of the information to the third party (see Non-Patent Document 2).
The configuration of the secret communication device explained with respect to the secret communication method (see Non-Patent Document 2) will be described hereinafter.
FIG. 1 is a block diagram of a secret communication device as related art (Non-Patent Document 2) and FIG. 2 is a flowchart showing the secret communication method.
Referring to FIGS. 1 and 2, the secret communication device is formed of a key distillation section A and a one-time-pad secret communication section B. The key distillation section A includes initial random number generation units 1, 15, initial random number storage units 2, 16, transmission units 9, 28, public communication paths 10, 29, reception units 11, 30, common key generation units 24, 26, confidentiality increase matrix generation units 8, 18, a parity check matrix generation unit 25, an error correction code decoding function generation unit 21, an error ratio estimation unit 4, and an eavesdrop information amount estimation unit 19.
The one-time-pad secret communication section B includes the transmission unit 28, the public communication path 29, the reception unit 30, an input unit 6, an output unit 20, an encryption unit 27, and a decryption unit 31.
The error ratio estimation unit 4 and the eavesdropped information amount estimation unit 19 are provided for the sender side as an example, however, they may be provided for the receiver side.
The error ratio estimation unit 4 estimates the ratio of error which occurs in the initial random numbers shared by the sender S and the receiver R to determine an encoding ratio.
The parity check matrix generation unit 25 preliminarily stores the encoding function corresponding to the error ratio value.
The error correction code decoding function generation unit 21 preliminarily stores the decoding function corresponding to the error ratio.
The eavesdropped information amount estimation unit 19 estimates the upper limit value of the amount of the information which may be eavesdropped by the eavesdropper.
The confidentiality increase matrix generation units 8, 18 preliminarily store the confidentiality increase matrix uniquely determined by the eavesdropped information amount and the encoding ratio.
The common key generation unit 24 of the sender S generates the common key based on the initial random number, the confidentiality increase matrix and the encoding function.
The common key generation unit 26 of the receiver R generates the common key based on the initial random number, the confidentiality increase matrix, the decoding function, and the bit sequence sent from the sender S. According to Non-Patent Document 2, the initial random number generation units 1, 15, the error ratio estimation unit 4 and the eavesdropped information amount estimation unit 19 are configured by using the quantum communication.
Next, the operation of the secret communication device explained in Non-Patent Document 2 will be described.
The correlated initial random numbers are generated by the initial random number generation units 1, 15 of the sender S and the receiver R, respectively (step S1) and stored in the respective initial random number storage units 2, 16 (step S2, S3).
At the same time, the ratio of error which occurs in those random numbers (error ratio) is estimated by the error ratio estimation unit 4 (step S4).
The parity check matrix generation unit 25 generates the encoded parity check matrix corresponding to the error ratio value estimated by the error ratio estimation unit 4 (step S5).
The error correction code decoding function generation unit 21 generates the decoding function corresponding to the encoding using the error ratio estimation unit 4 (step S6).
The eavesdrop information amount estimation unit 19 estimates the upper limit value of the amount of information with respect to the random number which may be eavesdropped by the eavesdropper (step S7).
It is then determined whether or not the eavesdropped information amount is larger than the threshold value determined by the estimated error ratio (step S8).
If the amount is larger than the threshold value, the process returns to start generating the initial random numbers again.
Meanwhile, if the amount is smaller than the threshold value, the confidentiality increase matrix generation units 8, 18 of the sender S and the receiver R generate the confidentiality increase matrices, respectively (step S9, S10).
The sender S operates the common key generation unit 24 to generate the common key determined by the initial random number, the confidentiality increase matrix, and the encoded function (step S11).
The sender S operates the common key generation unit 24 to generate the information with respect to the syndrome required for the receiver R to generate the common key.
The information is then transmitted through the public communication path 10 (step S12).
The receiver R uses the bit sequence sent from the sender S to allow the common key generation unit 26 to generate the common key by the initial random number, the confidentiality increase matrix, and the decoding function (step S13).
This is the operation of the key distillation section A.
The operation of the one-time-pad secret communication section B will be described.
The sender S performs XOR operation of the input information (step S14) and the common key to generate the ciphertext (step S15) using the encryption unit 27.
The ciphertext is sent to the receiver R through the public communication path 29 (step S16).
Then the receiver R performs XOR operation of the received ciphertext and the common key to decrypt the ciphertext using the decryption section 31 (step S17).
In Non-Patent Document 2, the common key generation unit 24 of the sender S is formed of the syndrome generation unit and the common key generation unit.
Those components are collectively called as the common key generation unit 24 so as to be compared with the present invention.
In Non-Patent Document 2, the common key generation unit 26 of the receiver R is formed of the syndrome decoding unit and the common key generation unit.
Those components are collectively called as the common key generation unit 26 so as to be compared with the present invention.
In case of the quantum cryptography, key distillation of the correlated random number is performed after the quantum communication, the base collation and the error ratio estimation to generate the secret common key (see Patent Document 2).
Thereafter, the secret communication is normally executed using the generated secret common key.
The system for delivering interference quantum encryption key (Patent Document 1) and the method for delivering quantum key and communication device (Patent Document 2) have been disclosed.
SECOND BACKGROUND ART
Besides the aforementioned first background art, the second background art will be described.
The method for enhancing confidentiality using Toeplitz matrix is well known (see Non-Patent Document 2).
The secret communication device of the aforementioned type allows the sender to send the information to the receiver based on the initial random numbers owned by the sender and the receiver, respectively without leakage of the information to the third party.
Conventionally, the secret common key is generated by the key distillation device first, and then the one-time-pad method is conducted using the secret common key for executing the secret communication (see Non-Patent Document 5).
The configuration of the secret communication device explained in the secret communication method (method according to Non-Patent Document 5) will be described hereinafter.
FIG. 3 is a block diagram of the secret communication device of a related art (Non-Patent Document 5) and FIG. 4 is an operation flowchart of the process executed in the secret communication device.
Referring to FIGS. 3 and 4, the secret communication device is formed of a key distillation section A and a one-time-pad secret communication section B. The key distillation section A includes initial random number generation units 51, 65, initial random number storage units 52, 66, transmission units 59, 62, 78, public communication paths 60, 63, 79, reception units 61, 68, 80, common key generation units 74, 76, a confidentiality increase matrix generation unit 58, an encoding function generation unit 94, an error correction code decoding function generation unit 71, an error ratio estimation unit 54, an eavesdropped information amount estimation unit 69, converters 90, 91, an encoding unit 92, and an error correction decoding unit 93.
The one-time-pad secret communication section B includes a transmission unit 78, a public communication path 79, a reception unit 80, an input unit 56, an output unit 70, an encryption unit 77, and a decryption unit 81.
The error ratio estimation unit 54 and the eavesdropped information amount estimation unit 69 are provided for the sender side, however, they may be provided for the receiver side.
The error ratio estimation unit 54 estimates the ratio of the error which occurs in the initial random numbers of the sender S and the receiver R to determine the encoding ratio.
The encoding function generation unit 94 preliminarily stores the coded function corresponding to the error ratio.
The eavesdrop information amount estimation unit 69 estimates the upper limit value of the amount of information with respect to the initial random number of the sender S which can be eavesdropped by the eavesdropper.
The confidentiality increase matrix generation unit 58 preliminarily stores the confidentiality increase matrix uniquely determined by the eavesdropped information amount and the encoding ratio.
The common key generation unit 74 of the sender S generates the common key based on the initial random number, the confidentiality increase matrix, and the encoding function.
The common key generation unit 76 of the receiver R generates the common key based on the initial random number, the confidentiality increase matrix, the decoding function, and the bit sequence sent from the sender S. According to Non-Patent Document 5, the initial random number generation units 51, 65, the error ratio estimation unit 54, and the eavesdropped information amount estimation unit 69 are configured using the quantum communication.
The operation of the secret communication device according to Non-Patent Document 5 will be described hereinafter.
The initial random number generation units 51, 65 of the sender S and the receiver R generate the correlated initial random numbers, respectively (step S21), and the resultant numbers are stored in the initial random number storage units 52, 66, respectively (step S22, 23).
At the same time, the error ratio estimation unit 54 estimates the ratio of error which occurs in the random numbers (error ratio) (step S24).
The encoding function generation unit 94 generates the encoding function corresponding to the error ratio estimated (step S24) by the error ratio estimation unit 54 (step S25).
The error correction code decoding function generation unit 71 generates the decoding function corresponding to the encoding using the error ratio estimation unit 54 (step S26).
The eavesdropped information amount estimation unit 69 estimates the upper limit value of the amount of information with respect to the random number which may be eavesdropped by the eavesdropper.
Then it is determined whether or not the estimated eavesdropped information amount is larger than the threshold value determined by the estimated error ratio.
If the amount is larger than the threshold value, the process returns to start generating the initial random numbers again.
Meanwhile, if the amount is smaller than the threshold value, the sender S operates the confidentiality increase matrix generation unit 58 to generate the confidentiality increase matrix (step S32) so as to be transmitted through the transmission unit 62, the public communication path 63, and the reception unit 68 (step S34).
The sender S operates the random number generation unit 55 to generate the random number (step S27), and further operates the encoding unit 92 for encoding (step S28).
The encoded bit sequence is converted by the converter 90 using the initial random number (step S29), and the converted bit sequence is transmitted to the receiver R through the transmission unit 59, the public communication path 60, and the reception unit 61 (step S30).
The receiver R operates the converter 91 to convert the received bit sequence using the initial random number and decodes the converted bit sequence using the error correction decoding unit 93 (step S31).
The common key generation unit 76 is operated to generate the common key using the confidentiality increase matrix (step S35).
This is the operation of the key distillation section A.
The operation of the one-time-pad secret communication section B will be described.
The sender S operates the encryption unit 77 to perform XOR operation of the input information (step S36) and the common key, which is formed into the ciphertext (step S37).
The ciphertext is sent to the receiver R through the public communication path 79 (step S38).
Then the receiver R performs XOR operation of the ciphertext received in the decryption unit 81 and the common key for decrypting the ciphertext (step S39).
In case of the quantum cryptography, key distillation of the obtained correlated random number is performed after the quantum communication, the base collation and the error ratio estimation to form the secret common key (for example, see Patent Documents 2 and 5).
The secret communication is generally executed thereafter using the secret common key.
The inventor of the present invention has proposed the method for quantitatively evaluating the safety of the key distillation based on the protocol for determining the confidentiality increase matrix after generating the initial random number generated through the quantum communication (see Non-Patent Document 5).
The system for delivering interference quantum cryptography key (Patent Document 1) and the quantum key delivery method and communication device (Patent Document 2) are also disclosed.
Patent Document 1: U.S. Pat. No. 5,307,410
Patent Document 2: Japanese Patent Application Publication No. 2004-274459
Non-Patent Document 1: C. H. Bennett and B. Brassard, "Quantum Cryptography: Public Key Distribution and Coin Tossing," in Proc.
IEEE International Symposium on Computer, systems, and signal processing, pp. 175-179
Non-Patent Document 2: H. Krawczyk, "Advances in Cryptology -- CRYPTO '94 (Springer-Verlag), LNCS839, pp. 129-139, (1994), "LFSR-based Hashing and Authentication"
Non-Patent Document 3: Y. Watanabe, W. Matsumoto and H. Imai, "Information reconciliation in quantum key distribution using low-density parity-check codes," in Proc. of International Symposium on Information Theory and its Applications, ISITA 2004, Parma, Italy, pp. 1265-1269 (October, 2004)
Non-Patent Document 4: Peter W. Shor and John Preskill, "Simple Proof of Security of the BE84 Quantum Key Distribution Protocol," in Physical Review Letters volume 85, pp. 441-444, (2000)
Non-Patent Document 5: M. Hayashi, "Practical Evaluation of Security for Quantum Key Distribution," http://lanl.arxiv.org/abs/quant-ph/0602113
特許請求の範囲（英語）
[claim1]
1. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, the method comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side;
(b) estimating an upper limit of an eavesdropped information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side;
(c) step of determining, at the device of the sender side, an error correction code based on the estimated value of the error ratio, an encryption function corresponding to the error correction code by an encryption function determination unit, and determining at the device at the receiver side, an error correction decoding function g, and a decryption auxiliary variable by an error correction code decoding function determination unit, respectively;
(d) uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code, by confidentiality increase matrix generation units provided in the devices at the sender and the receiver sides;
(e) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, and the confidentiality increase matrix C by an encryption unit provided in the device at the sender side;
(f) transmitting the ciphertext Z from a transmission unit at the device at the sender side to a reception unit at the device at the receiver side via a public communication path; and
(g) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side.
[claim2]
2. The secret communication method according to claim 1, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y by the devices at the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdrop information amount.
[claim3]
3. The secret communication method according to claim 1, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 13 not included in text)
where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim4]
4. The secret communication method according to claim 3, wherein the ciphertext Z is decrypted to establish:
(Equation image 14 not included in text)
where T-1 as an inverse matrix of T denotes a decryption auxiliary variable.
[claim5]
5. The secret communication method according to claim 1, wherein elements of Z/dZ are used for all random numbers and elements of the matrix without using bits, where XOR denotes a sum on the Z/dZ, and d denotes a natural number.
[claim6]
6. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side;
(b) estimating an upper limit of an eavesdrop information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side;
(c) determining, at the device of the sender side, an error correction code based on an estimated value of the error ratio, and an encryption function F corresponding to the error correction code by an encryption function determination unit, and determining, at the device at the receiver side, an error correction decoding function g, by an error correction code decoding function determination unit, respectively;
(d) uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and the receiver sides;
(e) generating a k-bit random number D by a random number generation unit in the device at the sender side;
(f) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, the confidentiality increase matrix C, and the a random number D encryption unit provided in the device at the sender side;
(g) transmitting the ciphertext Z from a transmission unit at the device at the sender side to a reception unit at the device at the receiver side via a public communication path; and
(h) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, and the error correction decoding function g by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side.
[claim7]
7. The secret communication method according to claim 6, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y by the devices at the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdrop information amount.
[claim8]
8. The secret communication method according to claim 6, wherein the transmission information M is encrypted to establish a following relationship:
(Equation image 15 not included in text)
where F denotes the encryption function.
[claim9]
9. The secret communication method according to claim 6, wherein the ciphertext is decrypted to MB=(C,I)g(Z-Y) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 16 not included in text)
where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim10]
10. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) initial random number generation units for generating n-bit initial random numbers X and Y provided in the devices at the sender and the receiver sides;
(b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party;
(c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side;
(d) an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper;
(e) an input unit for inputting m-k-bit transmission information M provided in the device at the sender side;
(f) an encryption function determination unit for determining a function required for encryption encoding provided in the device at the sender side;
(g) an encryption unit for encryption provided in the device at the sender side;
(h) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective error ratios provided in the device at the receiver side:
(i) a decryption auxiliary variable determination unit for determining a decryption auxiliary variable for decryption provided in the device at the receiver side;
(j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side;
(k) a decryption unit for decryption provided in the device at the receiver side;
(l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit, from the device at the sender side to the device at the receiver side;
(m) a confidentiality increase matrix generation unit for determining a matrix C used for enhancing confidentiality of communication provided in the device at the sender and the device at the receiver side; and
(n) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side.
[claim11]
11. The secret communication method according to claim 10, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 17 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim12]
12. The secret communication method according to claim 11, wherein the ciphertext Z is decrypted to establish:
(Equation image 18 not included in text) where T-1 as an inverse matrix of T denotes a decryption auxiliary variable.
[claim13]
13. The secret communication method according to claim 10, wherein the confidentiality increase matrix is m-k * k generated if the value m is smaller than the value k.
[claim14]
14. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for sharing generating n-bit initial random numbers X and Y provided in the devices at the sender and the receiver sides;
(b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party;
(c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side;
(d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the device at the sender side or the device at the receiver side;
(e) an input unit for inputting m-k-bit transmission information M provided in the device at the sender side;
(f) a random number generation unit for generating a k-bit random number D provided in the device at the sender side;
(g) an encryption function determination unit for determining a function required for encryption encoding provided in the device at the sender side;
(h) an encryption unit for encryption provided in the device at the sender side;
(i) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective encoding ratios provided in the device at the receiver side;
(j) an error correction decoding unit for decoding an error correction by using the error correction decoding function g provided in the device at the receiver side;
(k) a decryption unit for decryption provided in the device at the receiver side;
(l) a transmission unit, a public communication path and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit from the device at the sender side to the device at the receiver side;
(m) a confidentiality increase matrix generation unit for determining a matrix C used for enhancing confidentiality of communication provided in the devices at the sender and the receiver sides; and
(n) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side.
[claim15]
15. The secret communication method according to claim 14, wherein the transmission information M is encrypted to establish a following relationship:
(Equation image 19 not included in text) where F denotes the encryption function.
[claim16]
16. The secret communication method according to claim 14, wherein the ciphertext is decrypted to MB=(C,I)g(Z-Y) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 20 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim17]
17. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side;
(b) estimating an upper limit of an eavesdropped information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side;
(c) determining, at the device at the sender side, an error correction code based on the estimated value of the error ratio, an encryption function corresponding to the error correction code by an encryption function determination unit, and determining at the device at the receiver side, an error correction decoding function g, and a decryption auxiliary variable, respectively;
(d) determining a confidentiality increase matrix C stochastically based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and receiver sides;
(e) transmitting the confidentiality increase matrix C from a transmission unit in the device at the sender side to a reception unit at the device at the receiver side via a public communication path;
(f) uniquely generating a ciphertext from transmission information M to be sent to the device at the receiver side, using the encryption function, the initial random number X, and the confidentiality increase matrix C, by an encryption unit provided in the device at the sender side;
(g) transmitting the ciphertext Z from a transmission unit in the device at the sender side to a reception unit in the device at the receiver side via a public communication path; and
(h) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function g, by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side.
[claim18]
18. The secret communication method according to claim 17, wherein a quantum cryptography protocol is used for generating initial random numbers of the sender and the receiver, estimating the error ratio of the initial random numbers X and Y by the device at the sender and the receiver sides, and estimating the upper limit of the eavesdropped information amount by the device at the sender side.
[claim19]
19. The secret communication method according to claim 17, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 21 not included in text)
where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim20]
20. The secret communication method according to claim 19, wherein the ciphertext Z is decrypted to establish:
(Equation image 22 not included in text)
where T-1 as an inverse matrix of T denotes a decryption auxiliary variable.
[claim21]
21. The secret communication method according to claim 19, wherein the ciphertext Z is decrypted to establish:
(Equation image 23 not included in text) where T-1 as an inverse matrix of T denotes a decryption auxiliary variable.
[claim22]
22. The secret communication method according to claim 17, wherein elements of Z/dZ are used for all random numbers and elements of the matrix without using bits, where XOR denotes a sum on the Z/dZ, and d denotes a natural number.
[claim23]
23. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error ratio estimation unit provided in the device at the sender side or the device at the receiver side;
(b) estimating an upper limit of an eavesdropped information amount eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side;
(c) determining, at the device at the sender side, an error correction code based on the estimated value of the error ratio, an encryption function F corresponding to the error correction code by an encryption function determination unit, and determining, at the device at the receiver side, and an error correction decoding function g, respectively;
(d) determining a confidentiality increase matrix C stochastically based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and receiver sides;
(e) transmitting the confidentiality increase matrix C from a transmission unit in the device at the sender side to a reception unit at the device at the receiver side via a public communication path;
(f) generating a k-bit random number D by a random bit generation unit in the device at the sender side;
(g) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, the confidentiality increase matrix C, and the a random number D by an encryption unit provided in the device at the sender side;
(h) step of transmitting the ciphertext Z from a transmission unit in the device at the sender side to a reception unit in the device at the receiver side via a public communication path; and
(i) decrypting the ciphertext Z to a transmission text MR using the initial random number Y, the confidentiality increase matrix C, and the error correction decoding function, by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side.
[claim24]
24. The secret communication method according to claim 23, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y at the devices of the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdropped information amount.
[claim25]
25. The secret communication method according to claim 23, wherein the transmission information M is encrypted to establish a following relationship:
(Equation image 24 not included in text)
where F denotes the encryption function.
[claim26]
26. The secret communication method according to claim 23, wherein the ciphertext is decrypted to MB=(C,I)g(Z-Y) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 25 not included in text)
wherein F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim27]
27. The secret communication method according to claim 23, wherein a Toeplitz matrix is used for generating the confidentiality increase matrix C.
[claim28]
28. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for sharing generating n-bit initial random numbers X and Y provided in the devices at the sender and receiver sides;
(b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and receiver sides under the situation that the information can be leaked to the third party;
(c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the devices at the sender side or the device at the receiver side;
(d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the devices at the sender side or the device at the receiver side;
(e) an input unit for inputting m-k-bit information M provided in the device at the sender side;
(f) an encryption function determination unit for determining a function required for encryption encoding;
(g) an encryption unit for encryption provided in the device at the sender side;
(h) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective encoding ratios provided in the device at the sender side;
(i) a decryption auxiliary variable determination unit for determining a decryption auxiliary variable used for decryption provided in the device at the receiver side;
(j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side;
(k) a decryption unit for decryption provided in the device at the receiver side;
(l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit from the device at the sender side to the device at the receiver side;
(m) a confidentiality increase matrix generation unit for determining a matrix used for enhancing confidentiality of the communication provided in the device at the sender side;
(n) a transmission unit, a public communication path, and a reception unit for transmitting the confidentiality increase matrix C from the device at the sender side to the device at the receiver side; and
(o) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side.
[claim29]
29. The secret communication method according to claim 28, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 26 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim30]
30. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for generating n-bit initial random numbers X and Y provided in the devices at the sender and the receiver sides;
(b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party;
(c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side;
(d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the device at the sender side or the device at the receiver side;
(e) an input unit for inputting m-k-bit transmission information M provided in the device at the sender side;
(f) a random number generation unit for generating a k-bit random number provided in the device at the sender side;
(g) an encryption function determination unit for determining a function required for encryption encoding;
(h) an encryption unit for encryption provided in the device at the sender side;
(i) an error correction decoding function determination unit for determining an error correction decoding function used for secret communication in accordance with the respective encoding ratios provided in the device at the sender side;
(j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side;
(k) a decryption unit for decryption provided in the device at the receiver side;
(l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit, from the device at the sender side to the device at the receiver side;
(m) a confidentiality increase matrix generation unit for determining a matrix used for enhancing confidentiality of the communication provided in the device at the sender side;
(n) a transmission unit, a public communication path, and a reception unit for transmitting the confidentiality increase matrix C from the device at the sender side to the device at the receiving side; and
(o) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side.
[claim31]
31. The secret communication method according to claim 30, wherein the transmission information M is encrypted to establish a following relationship:
(Equation image 27 not included in text) where F denotes the encryption function.
[claim32]
32. The secret communication method according to claim 30, wherein the ciphertext is decrypted to MB=(C,I)g(Z-Y) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship:
(Equation image 28 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g.
[claim33]
33. The secret communication method according to claim 30, wherein a Toeplitz matrix is used for generating the confidentiality increase matrix C.
発明者/出願人（英語）
HAYASHI MASAHITO
JAPAN SCIENCE AND TECHNOLOGY AGENCY
国際特許分類(IPC)
H04L 9/32
システムの利用者の身元または権限の照合のための手段を含むもの
H04L 9/00
秘密または安全な通信のための配置
米国特許分類/主・副
713/169
380/28
380/255
713/170
713/171
参考情報 （研究プロジェクト等）
ERATO/SORST Quantum Computation and Inforamtion AREA
日本語項目の表示
発明の名称
秘密通信方法及びその通信装置
※
ライセンスをご希望の方、特許の内容に興味を持たれた方は、問合せボタンを押してください。
『 Secret communication method and secret communication device thereof 』に関するお問合せ
国立研究開発法人科学技術振興機構（ＪＳＴ） 知的財産マネジメント推進部
URL:
http://www.jst.go.jp/chizai/
E-mail:
Address: 〒102-8666 東京都千代田区四番町5-3
TEL: 03-5214-8293
FAX: 03-5214-8476
※ 同じキーワードでJ-STORE内を検索することが出来ます。→
J-STORE内を検索
検索結果一覧へ戻る
『 Secret communication method and secret communication device thereof 』に関するお問合せ
国立研究開発法人科学技術振興機構（ＪＳＴ） 知的財産マネジメント推進部
URL:
http://www.jst.go.jp/chizai/
E-mail:
Address: 〒102-8666 東京都千代田区四番町5-3
TEL: 03-5214-8293
FAX: 03-5214-8476
関連情報
国内特許
・
秘密通信方法及びその秘密通信装置
公報
20090316901(PDF,376KB)
公報
8239680(PDF,411KB)