Secret communication method and secret communication device thereof
外国特許コード  F110003554 

整理番号  BE06201WO 
掲載日  2011年6月29日 
出願国  アメリカ合衆国 
出願番号  37422707 
公報番号  20090316901 
公報番号  8239680 
出願日  平成19年6月20日(2007.6.20) 
公報発行日  平成21年12月24日(2009.12.24) 
公報発行日  平成24年8月7日(2012.8.7) 
国際出願番号  JP2007062375 
国際公開番号  WO2008013008 
国際出願日  平成19年6月20日(2007.6.20) 
国際公開日  平成20年1月31日(2008.1.31) 
優先権データ 

発明の名称 （英語）  Secret communication method and secret communication device thereof 
発明の概要（英語） 
(US8239680) A secret communication method and a communication device used in the method are provided for secret communication using communication path less frequently as a whole while avoiding a duplicative use of public communication. The secret communication method includes steps of: estimating an error ratio of initial random numbers X, Y; estimating the upper limit of an eavesdrop information amount; determining an encryption function determined by the error correction code based on the estimated error probability, an error correction decoding function g, and a decryption auxiliary variable; uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdrop information amount and the encoding ratio of the error correction code; uniquely generating a ciphertext Z from information M to be sent to a receiver using the encryption function, the initial random number X, and the confidentiality increase matrix C; transmitting the ciphertext Z; and decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function g. 
特許請求の範囲（英語） 
[claim1] 1. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, the method comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side; (b) estimating an upper limit of an eavesdropped information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side; (c) step of determining, at the device of the sender side, an error correction code based on the estimated value of the error ratio, an encryption function corresponding to the error correction code by an encryption function determination unit, and determining at the device at the receiver side, an error correction decoding function g, and a decryption auxiliary variable by an error correction code decoding function determination unit, respectively; (d) uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code, by confidentiality increase matrix generation units provided in the devices at the sender and the receiver sides; (e) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, and the confidentiality increase matrix C by an encryption unit provided in the device at the sender side; (f) transmitting the ciphertext Z from a transmission unit at the device at the sender side to a reception unit at the device at the receiver side via a public communication path; and (g) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side. [claim2] 2. The secret communication method according to claim 1, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y by the devices at the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdrop information amount. [claim3] 3. The secret communication method according to claim 1, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 13 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim4] 4. The secret communication method according to claim 3, wherein the ciphertext Z is decrypted to establish: (Equation image 14 not included in text) where T1 as an inverse matrix of T denotes a decryption auxiliary variable. [claim5] 5. The secret communication method according to claim 1, wherein elements of Z/dZ are used for all random numbers and elements of the matrix without using bits, where XOR denotes a sum on the Z/dZ, and d denotes a natural number. [claim6] 6. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side; (b) estimating an upper limit of an eavesdrop information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side; (c) determining, at the device of the sender side, an error correction code based on an estimated value of the error ratio, and an encryption function F corresponding to the error correction code by an encryption function determination unit, and determining, at the device at the receiver side, an error correction decoding function g, by an error correction code decoding function determination unit, respectively; (d) uniquely determining a confidentiality increase matrix C based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and the receiver sides; (e) generating a kbit random number D by a random number generation unit in the device at the sender side; (f) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, the confidentiality increase matrix C, and the a random number D encryption unit provided in the device at the sender side; (g) transmitting the ciphertext Z from a transmission unit at the device at the sender side to a reception unit at the device at the receiver side via a public communication path; and (h) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, and the error correction decoding function g by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side. [claim7] 7. The secret communication method according to claim 6, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y by the devices at the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdrop information amount. [claim8] 8. The secret communication method according to claim 6, wherein the transmission information M is encrypted to establish a following relationship: (Equation image 15 not included in text) where F denotes the encryption function. [claim9] 9. The secret communication method according to claim 6, wherein the ciphertext is decrypted to MB=(C,I)g(ZY) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 16 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim10] 10. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) initial random number generation units for generating nbit initial random numbers X and Y provided in the devices at the sender and the receiver sides; (b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party; (c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side; (d) an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper; (e) an input unit for inputting mkbit transmission information M provided in the device at the sender side; (f) an encryption function determination unit for determining a function required for encryption encoding provided in the device at the sender side; (g) an encryption unit for encryption provided in the device at the sender side; (h) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective error ratios provided in the device at the receiver side: (i) a decryption auxiliary variable determination unit for determining a decryption auxiliary variable for decryption provided in the device at the receiver side; (j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side; (k) a decryption unit for decryption provided in the device at the receiver side; (l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit, from the device at the sender side to the device at the receiver side; (m) a confidentiality increase matrix generation unit for determining a matrix C used for enhancing confidentiality of communication provided in the device at the sender and the device at the receiver side; and (n) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side. [claim11] 11. The secret communication method according to claim 10, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 17 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim12] 12. The secret communication method according to claim 11, wherein the ciphertext Z is decrypted to establish: (Equation image 18 not included in text) where T1 as an inverse matrix of T denotes a decryption auxiliary variable. [claim13] 13. The secret communication method according to claim 10, wherein the confidentiality increase matrix is mk * k generated if the value m is smaller than the value k. [claim14] 14. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for sharing generating nbit initial random numbers X and Y provided in the devices at the sender and the receiver sides; (b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party; (c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side; (d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the device at the sender side or the device at the receiver side; (e) an input unit for inputting mkbit transmission information M provided in the device at the sender side; (f) a random number generation unit for generating a kbit random number D provided in the device at the sender side; (g) an encryption function determination unit for determining a function required for encryption encoding provided in the device at the sender side; (h) an encryption unit for encryption provided in the device at the sender side; (i) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective encoding ratios provided in the device at the receiver side; (j) an error correction decoding unit for decoding an error correction by using the error correction decoding function g provided in the device at the receiver side; (k) a decryption unit for decryption provided in the device at the receiver side; (l) a transmission unit, a public communication path and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit from the device at the sender side to the device at the receiver side; (m) a confidentiality increase matrix generation unit for determining a matrix C used for enhancing confidentiality of communication provided in the devices at the sender and the receiver sides; and (n) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side. [claim15] 15. The secret communication method according to claim 14, wherein the transmission information M is encrypted to establish a following relationship: (Equation image 19 not included in text) where F denotes the encryption function. [claim16] 16. The secret communication method according to claim 14, wherein the ciphertext is decrypted to MB=(C,I)g(ZY) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 20 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim17] 17. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error estimation unit provided in the device at the sender side or the device at the receiver side; (b) estimating an upper limit of an eavesdropped information amount by an eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side; (c) determining, at the device at the sender side, an error correction code based on the estimated value of the error ratio, an encryption function corresponding to the error correction code by an encryption function determination unit, and determining at the device at the receiver side, an error correction decoding function g, and a decryption auxiliary variable, respectively; (d) determining a confidentiality increase matrix C stochastically based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and receiver sides; (e) transmitting the confidentiality increase matrix C from a transmission unit in the device at the sender side to a reception unit at the device at the receiver side via a public communication path; (f) uniquely generating a ciphertext from transmission information M to be sent to the device at the receiver side, using the encryption function, the initial random number X, and the confidentiality increase matrix C, by an encryption unit provided in the device at the sender side; (g) transmitting the ciphertext Z from a transmission unit in the device at the sender side to a reception unit in the device at the receiver side via a public communication path; and (h) decrypting the ciphertext Z to a transmission text MB using the initial random number Y, the confidentiality increase matrix C, the decryption auxiliary variable, and the error correction decoding function g, by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side. [claim18] 18. The secret communication method according to claim 17, wherein a quantum cryptography protocol is used for generating initial random numbers of the sender and the receiver, estimating the error ratio of the initial random numbers X and Y by the device at the sender and the receiver sides, and estimating the upper limit of the eavesdropped information amount by the device at the sender side. [claim19] 19. The secret communication method according to claim 17, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 21 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim20] 20. The secret communication method according to claim 19, wherein the ciphertext Z is decrypted to establish: (Equation image 22 not included in text) where T1 as an inverse matrix of T denotes a decryption auxiliary variable. [claim21] 21. The secret communication method according to claim 19, wherein the ciphertext Z is decrypted to establish: (Equation image 23 not included in text) where T1 as an inverse matrix of T denotes a decryption auxiliary variable. [claim22] 22. The secret communication method according to claim 17, wherein elements of Z/dZ are used for all random numbers and elements of the matrix without using bits, where XOR denotes a sum on the Z/dZ, and d denotes a natural number. [claim23] 23. A secret communication method for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held at the sender and the receiver sides, comprising: (a) estimating an error ratio between the initial random numbers X and Y, stored in initial random number storage units of the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party, the estimating performed by an error ratio estimation unit provided in the device at the sender side or the device at the receiver side; (b) estimating an upper limit of an eavesdropped information amount eavesdropped information amount estimation unit provided in the device at the sender side or the device at the receiver side; (c) determining, at the device at the sender side, an error correction code based on the estimated value of the error ratio, an encryption function F corresponding to the error correction code by an encryption function determination unit, and determining, at the device at the receiver side, and an error correction decoding function g, respectively; (d) determining a confidentiality increase matrix C stochastically based on the estimated upper limit value of the eavesdropped information amount and an encoding ratio of the error correction code by confidentiality increase matrix generation units provided in the devices at the sender and receiver sides; (e) transmitting the confidentiality increase matrix C from a transmission unit in the device at the sender side to a reception unit at the device at the receiver side via a public communication path; (f) generating a kbit random number D by a random bit generation unit in the device at the sender side; (g) uniquely generating a ciphertext Z from transmission information M to be sent to the device at the receiver side using the encryption function, the initial random number X, the confidentiality increase matrix C, and the a random number D by an encryption unit provided in the device at the sender side; (h) step of transmitting the ciphertext Z from a transmission unit in the device at the sender side to a reception unit in the device at the receiver side via a public communication path; and (i) decrypting the ciphertext Z to a transmission text MR using the initial random number Y, the confidentiality increase matrix C, and the error correction decoding function, by an encryption decoding unit and an error correction decoding unit provided in the device at the receiver side. [claim24] 24. The secret communication method according to claim 23, wherein a quantum cryptography protocol is used for generating the initial random numbers X and Y at the devices of the sender and the receiver sides, estimating the error ratio of the initial random numbers X and Y by the device at the sender side, and estimating the upper limit of the eavesdropped information amount. [claim25] 25. The secret communication method according to claim 23, wherein the transmission information M is encrypted to establish a following relationship: (Equation image 24 not included in text) where F denotes the encryption function. [claim26] 26. The secret communication method according to claim 23, wherein the ciphertext is decrypted to MB=(C,I)g(ZY) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 25 not included in text) wherein F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim27] 27. The secret communication method according to claim 23, wherein a Toeplitz matrix is used for generating the confidentiality increase matrix C. [claim28] 28. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for sharing generating nbit initial random numbers X and Y provided in the devices at the sender and receiver sides; (b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and receiver sides under the situation that the information can be leaked to the third party; (c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the devices at the sender side or the device at the receiver side; (d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the devices at the sender side or the device at the receiver side; (e) an input unit for inputting mkbit information M provided in the device at the sender side; (f) an encryption function determination unit for determining a function required for encryption encoding; (g) an encryption unit for encryption provided in the device at the sender side; (h) an error correction decoding function determination unit for determining an error correction decoding function g used for secret communication in accordance with the respective encoding ratios provided in the device at the sender side; (i) a decryption auxiliary variable determination unit for determining a decryption auxiliary variable used for decryption provided in the device at the receiver side; (j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side; (k) a decryption unit for decryption provided in the device at the receiver side; (l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit from the device at the sender side to the device at the receiver side; (m) a confidentiality increase matrix generation unit for determining a matrix used for enhancing confidentiality of the communication provided in the device at the sender side; (n) a transmission unit, a public communication path, and a reception unit for transmitting the confidentiality increase matrix C from the device at the sender side to the device at the receiver side; and (o) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side. [claim29] 29. The secret communication method according to claim 28, wherein the transmission information M is encrypted to establish Z=BM+(I,A+BC)TX, where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 26 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim30] 30. A secret communication device for efficiently communicating information between a device at a sender side and a device at a receiver side, each at remote locations, using correlated initial random numbers X and Y respectively held by the sender and the receiver sides, comprising: (a) initial random number generation units for generating nbit initial random numbers X and Y provided in the devices at the sender and the receiver sides; (b) initial random number storage units for storing the initial random numbers X and Y provided in the devices at the sender and the receiver sides under the situation that the information can be leaked to the third party; (c) an error ratio estimation unit for estimating an error ratio of the initial random numbers X and Y to determine an encoding ratio m/n provided in the device at the sender side or the device at the receiver side; (d) an eavesdropped information amount estimation unit for estimating an upper limit value k of an amount of information with respect to the initial random number X possibly eavesdropped by an eavesdropper provided in the device at the sender side or the device at the receiver side; (e) an input unit for inputting mkbit transmission information M provided in the device at the sender side; (f) a random number generation unit for generating a kbit random number provided in the device at the sender side; (g) an encryption function determination unit for determining a function required for encryption encoding; (h) an encryption unit for encryption provided in the device at the sender side; (i) an error correction decoding function determination unit for determining an error correction decoding function used for secret communication in accordance with the respective encoding ratios provided in the device at the sender side; (j) an error correction decoding unit for decoding an error correction using the error correction decoding function g provided in the device at the receiver side; (k) a decryption unit for decryption provided in the device at the receiver side; (l) a transmission unit, a public communication path, and a reception unit for transmitting a ciphertext Z encrypted by the encryption unit, from the device at the sender side to the device at the receiver side; (m) a confidentiality increase matrix generation unit for determining a matrix used for enhancing confidentiality of the communication provided in the device at the sender side; (n) a transmission unit, a public communication path, and a reception unit for transmitting the confidentiality increase matrix C from the device at the sender side to the device at the receiving side; and (o) an output unit for outputting decrypted information MB from the decryption unit provided in the device at the receiver side. [claim31] 31. The secret communication method according to claim 30, wherein the transmission information M is encrypted to establish a following relationship: (Equation image 27 not included in text) where F denotes the encryption function. [claim32] 32. The secret communication method according to claim 30, wherein the ciphertext is decrypted to MB=(C,I)g(ZY) where I denotes a unit matrix, and A, B, and T denote the encryption functions which satisfy a following relationship: (Equation image 28 not included in text) where F denotes an encoding matrix for error correction corresponding to the error correction decoding function g. [claim33] 33. The secret communication method according to claim 30, wherein a Toeplitz matrix is used for generating the confidentiality increase matrix C. 


国際特許分類(IPC) 

参考情報 （研究プロジェクト等）  ERATO/SORST Quantum Computation and Inforamtion AREA 
日本語項目の表示
発明の名称  秘密通信方法及びその通信装置 

※
ライセンスをご希望の方、特許の内容に興味を持たれた方は、問合せボタンを押してください。
『 Secret communication method and secret communication device thereof 』に関するお問合せ
 国立研究開発法人科学技術振興機構（ＪＳＴ） 知的財産マネジメント推進部
 URL: http://www.jst.go.jp/chizai/
 Email:
 Address: 〒1028666 東京都千代田区四番町53
 TEL: 0352148486
 FAX: 0352148417