Error-free secure key generation and distribution using dynamic Stokes parameters

Liuming Zhang; Liuming Zhang; Adnan A. E. Hajomer; Adnan A. E. Hajomer; Xuelin Yang; Weisheng Hu

doi:10.1364/OE.27.029207

1. Introduction

Driven by the emerging of high bandwidth services such as online gaming and high-resolution video, optical fiber networks have acquired much attention as a promising solution to cope with this requirement since they can offer large capacity, high speed and energy efficiency. However, optical fiber links, which are thought to be naturally secure, can be easily tapped using many technologies like fiber bending, splitting, and evanescent coupling [1], making the transmission data more vulnerable to malicious attackers. Therefore, security at the physical layer is of great significance in optical fiber networks [2,3].

For secure transmission, physical-layer security enhancement approaches using digital chaos have drawn interest of many researchers [4–7]. Nevertheless, in these schemes, the initial values of chaotic system, which are considered to be secret keys, are assumed to be pre-shared between two legal communication parties: Alice and Bob. Consequently, secure key generation and distribution (SKGD) is prerequisite for two legal users to establish secure transmission.

Conventionally, SKGD is addressed at the upper layer of the protocol stack by means of public-key encryption algorithms, which rely mainly on computational complexity as security mechanism, such as RSA and Diffie-Hellman [8]. However, the utility of these algorithms faces real challenges with the development of advanced quantum computer [9]. As an alternative, quantum key distribution (QKD), the most distinguished secure key distribution approach, has been widely studied since it can theoretically provide unconditional security [10]. However, QKD system is quite restricted in terms of transmission distance, since it requires high-sensitive optical detection devices while the optical amplifiers cannot be applied. Moreover, QKD requires a complex system structure and relatively high cost [11].

Alternatively, SKGD schemes harnessing the unique properties in the physical-layer can provide simple implementation and high-level security [12,13]. In wireless domain, a series of SKGD approaches have been proposed by utilizing the random fading of the wireless channel [14,15]. As examples, SKGD has been reported using the received signal strength (RSS) [16], channel impulse response (CIR) [17] and frequency-phase [18]. On the other hand, physical-layer secure key establishment in free-space optical (FSO) communication has also been proposed and discussed [19,20].

Recently, in the classical optical fiber channel, a family of SKGD schemes based on chaos synchronization between two semiconductor lasers have been proposed as an alternative solution [21–24]. Although these schemes can provide relatively high key generation rate (KGR), the system structure is very complicated. In contrast, SKGD schemes employing the distinct features at the physical layer [25–28] can provide advantages such as high-level security, lower cost, and simpler structure. Examples of these characteristics include phase fluctuations in large-scale Mach-Zehnder interferometer (MZI) [25], polarization mode dispersion (PMD) [26], mode mixing in multimode fiber [27], phase fluctuations between orthogonal polarization modes (OPMs) in delay interferometer (DI) [28]. However, in all of these distinct property-based approaches [25–28], the common problem is that the reported key error rate (KER) between the legal users is relatively high. Moreover, other characteristics in optical physical-layer that can offer high-level security together with simple implementation for SKGD have not been fully explored.

In this paper, we propose and experimentally demonstrate for the first time an error-free SKGD scheme based on Stokes parameters (SPs) of state of polarization (SOP) in classical optical fiber link. As a result of external perturbation effects, e.g., the combination of mechanical stress, vibration, and temperature fluctuation, on standard single-mode fiber (SSMF), the birefringence distribution in optical fiber link is dynamical and time-varying, leading to the random fluctuation of SPs. The channel reciprocity guarantees that highly-correlated SPs can be shared between Alice and Bob, which is the random source for key bit extraction. The feasibility of the proposed SKGD scheme is experimentally demonstrated over 25-km SSMF. Moreover, the information reconciliation (IR) technology of Bose-Chaudhuri-Hocquenghem (BCH) error correction codes is applied in the classical fiber link for the first time, where an error-free KGR of 213-bits/s is successfully achieved. In addition, the proposed SKGD scheme provides high tolerance against fiber-tapping attacks, low cost, simple structure and compatible with long-haul transmission, since optical amplifiers can be applied.

2. Principle of SKGD

The schematic diagram of the proposed SKGD scheme is shown in Fig. 1, where both Alice and Bob launch a polarized light (PL) into SSMF simultaneously. For arbitrarily polarized light, the SOP can be expressed using a set of SPs: ${\boldsymbol S} = {({{S_0},{S_1},{S_2},{S_3}} )^T}$, which are defined as

(1)$$\left\{ \begin{array}{l} {S_0} = {E_{x0}}^2 + {E_{y0}}^2\\ {S_1} = {E_{x0}}^2 - {E_{y0}}^2\\ {S_2} = 2{E_{x0}}{E_{y0}}\cos \varphi \\ {S_3} = 2{E_{x0}}{E_{y0}}\sin \varphi \end{array} \right.$$

where S₀ denotes the total intensity of the light beam, S₁, S₂, and S₃ denote the horizontally polarized component, +45°-directional polarized component and the circularly polarized component of the polarized light respectively. E_x0 and E_y0 are the intensity of the x-axis and y-axis components of the polarized light respectively, and φ is the phase difference between these two components, which can be further expressed as [29]

(2)$$\varphi = ({{\beta_x} - {\beta_y}} )L$$

where β_x and β_y are the propagation constants of two orthogonal polarization fundamental modes: LP_01x and LP_01y, which propagate along x-axis and y-axis respectively, and L is the length of SSMF. In ideal SSMF, two polarization modes have the same propagation constants and phase velocities. However, for any practical SSMF, many factors introduce the unequal propagation constants (β_x≠β_y). For instance, the asymmetrical core, asymmetrical lateral stress, bending and twist, which results in random birefringence distribution along the SSMF [29]. Due to these factors, the phase difference φ varies dynamically with respect to the length L of the fiber as well. This leads to the random rotation of SOP as the optical signals are propagating along the fiber. For example, the evolution of the SOP and its corresponding parameter S₂ with respect to the length of SSMF were observed, as shown in Fig. 2, where the input SOP is a linear-polarized light. It can be noted that the SOP varied to different elliptical-polarized state according to the length of SSMF. Therefore, the instant SOP of the optical signal is very sensitive to the fiber length, which ensures the high-level security of the SOP based SKGD scheme.

Fig. 1. Schematic diagram of the proposed SKGD scheme. PL: Polarized Light.

Download Full Size | PDF

Fig. 2. Evolution of SOP and its corresponding paremeter S₂ with respect to the length of SSMF.

Download Full Size | PDF

On the other hand, the evolution of SOP in SSMF is also sensitive to the initial SOP, which can be explained as [30]

(3)$${{\boldsymbol S}_{{\boldsymbol {out}}}} = {\boldsymbol M}\cdot {{\boldsymbol S}_{{\boldsymbol {in}}}}$$

where S_out and S_in are the SPs of the output and input optical signals respectively, and M is a 4 × 4 Mueller matrix, which is not only associated with the fiber itself, but also affected by the external factors. Consequently, as shown in Fig. 1, when two input polarized lights with identical initial SOP are injected and counter-propagating in the same SSMF, both Alice and Bob can obtain an output optical signals with random but almost identical SOP, since these two light beams experience the same unique channel with identical but stochastic birefringence.

Meanwhile, the output of the SOP is affected by the external factors, such as the mechanical vibration, squeezing or temperature changes in the lab, leading to random and time-varying birefringence distribution of SSMF. Therefore, SOP fluctuation can be used as the source of randomness to generate and share the secret key between Alice and Bob. Finally, in order to make use of SOP fluctuation for key bit extraction, it is decomposed into the normalized SPs: S₁, S₂, and S₃ (S₀=1). However, from Eq. (2), it can be noted that the SP S₁ is only related to the intensity of two components, E_x0 and E_y0, while S₂ and S₃ are associated with both E_x0, E_y0 and the phase difference φ, or the birefringence (Δβ=β_x-β_y). Therefore, a random trace can only be generated from S₂ or S₃ for key bit extraction rather than S₁.

From the attacker’s perspective, since he cannot access to the whole fiber link, and owing to the uniqueness of the channel, such as the exact length of the fiber, and un-replicable external affecting sources, it is quite difficult for him to get the entire birefringence distribution of the fiber link. Therefore, he will not get the same SPs fluctuation as the legal parties.

3. Experimental results and key extraction

The experimental setup of the proposed SKGD scheme is shown in Fig. 3, where two continuous-wave (CW) lasers operating at the same wavelength of 1550-nm launched light beams into the fiber, with an optical power of 10-dBm. The link was a 25-km SSMF, to mimic the practical transmission distance of passive optical network (PON). Two polarization controllers (PCs) were applied to adjust the initial SOPs at Alice and Bob sides. In order to monitor the trajectory of SOP on Poincare sphere and record the SPs for secret key extraction, two polarization analyzers (PAs, General Photonics, PSY-201) with the sampling rate of 10-kHz were deployed at Alice and Bob sides respectively. Moreover, for the purpose of security verification of the proposed SKGD scheme, we assume an attack, Eve, tries to eavesdrop by tapping the fiber link using an optical coupler (OC).

Fig. 3. Experimental setup of the proposed SKGD scheme. PC: Polarization Controller; PA: Polarization Analyzer; OC: Optical Coupler.

Download Full Size | PDF

Figure 4 shows an example of the SOP trajectories on the Poincare sphere and the waveforms of parameter S₂ recorded by Alice and Bob. Apparently, despite of the slight difference in the initial SOPs, the trajectories at both sides are fluctuating randomly in a similar way, as shown in Figs. 4(a) and 4(c). Also, the waveforms of S₂ and the corresponding Fourier transformed spectra are shown in Fig. 4(b) and Fig. 5 respectively, which provides evidences that Alice and Bob can share high-correlated but random fluctuation of SP S₂.

Fig. 4. Recorded SOP trajectories on Poincare sphere and waveforms of parameter S₂ by Alice and Bob. (a). SOP trajectory of Alice; (b). Waveforms of S₂ of Alice and Bob; (c). SOP trajectory of Bob.

Download Full Size | PDF

Fig. 5. Frequency spectra of the measured S₂ by (a). Alice; (b). Bob.

Download Full Size | PDF

For further quantitative evaluation, the cross-correlation function between the S₂ waveforms measured by Alice and Bob is calculated and plotted in Fig. 6, along with the corresponding auto-correlation functions. An enlarged version of the peak-values is depicted in Fig. 6 as the inset, which shows the value of ∼0.98 at the delay of 0. This high cross-correlation can be explained by the channel reciprocity. In other words, two light beams experience the same birefringence distribution as they counter-propagate through the same fiber. Therefore, when the birefringence distribution of SSMF is dynamically modified by all of the external factors, such as temperature fluctuation in the lab environment, mechanical vibration and stress, SOP will be influenced and varied in the same manner for both Alice and Bob. Therefore, high-correlated SPs can be utilized for key bit extraction. For the time synchronization between Alice and Bob, Alice sent part of his signals to Bob as a training sequence in the experiment, to decide the starting point of the secret key extraction by evaluating the cross-correlation function. In practical applications, time synchronization can be implemented by utilizing, for instance, the global GPS-based time clock [25].

Fig. 6. Cross-correlation and auto-correlation functions of the waveforms of S₂ obtained by Alice and Bob.

Download Full Size | PDF

Moreover, it can be seen from the auto-correlation functions that, the waveforms at Alice and Bob sides rapidly become uncorrelated when the delay is nearly ∼5-ms. Besides, the correlation coefficient takes negative values at some delays as the parameter of S₂ tends to increase, while the delayed S₂ leans to decrease or vice versa. In Fig. 6, the decorrelation time (T_d) is ∼4.5-ms, which is defined as the width of the auto-correlation curve [28]

(4)$${T_d} = \mathop {\arg \min }\limits_t (|{y(t) \ast y(t)} |)$$

where “*” denotes the auto-correlation function, and “arg min” is the argument of the minimum function [28]. Hence high randomness of the key bit sequences can be expected if two waveforms are resampled with the sampling interval equal to or greater than T_d. It should be pointed out that the decorrelation time reflects the speed of the SPs fluctuation. A smaller value of T_d can be achieved by using any active scrambling mechanisms to increase the frequency of SOP fluctuation.

As Alice and Bob have measured continuous random variable, the traces have to be quantized to obtain the binary sequence of the secret key. Before quantization, it is necessary to resample the waveforms with the sampling frequency equals to 1/T_d to remove the redundancy, so that high randomness of the secret key can be guaranteed. Here, the double threshold quantizer is applied, which is defined as

(5)$$Q(y )= \left\{ \begin{array}{l} 1\; if \; M(y )> q + \\ 0 \; if \; M(y )< q - \end{array} \right.q \pm = mean \pm \varepsilon \times variance$$

where M is the resampled sequence, q ± are the upper and lower thresholds of the quantizer, which are calculated from Alice’s and Bob’s waveforms, and $\varepsilon$ is a scalar. The KGR of 222-bits/s with the KER of 4.5% is obtained, for $\varepsilon = 0$. The KER seems relatively high, which could be attributed to the non-optimal value of the scalar $\varepsilon$. Figure 7 shows the variation of KGR and KER versus the scalar $\varepsilon$. It can be noted that the performance of KER can be further improved when increasing the scalar, at the cost of a reduced KGR. Therefore, there is a fundamental conflict between the KGR and KER, while a trade-off has to be taken.

Fig. 7. Variation of KGR and KER versus the scalar $\varepsilon$.

Download Full Size | PDF

For practical applications, error-free SKGD is a basic requirement, IR can be applied to rectify the inconsistent key bits between the legal parties [20]. However, for the classical optical fiber channel, the reported physical-layer SKGD schemes were only concentrated on the randomness extraction and the IR was not applied [25–28]. Recently, an interesting implementation of BCH error correction codes was reported for QKD [31], where Alice and Bob only shared the parity check. Based on the principle in [31], only the parity check of Alice’s key was sent to Bob, and then Bob combined his original key bits with this parity check to achieve the key agreement. Here, the parity check exchange could leak almost no information about the key to Eve, which will be discussed later. Considering the maximum KER is 4.5%, a (127, 71) BCH codes are adopted, which can correct 9-error-bit for each code-block. Finally, the error-free KGR of 213-bits/s was obtained. Here, the slight reduction of the KGR is attributed to the blocking process in BCH codes. Although the KGR is relatively low, it is adequate for the practical key applications. For example, symmetric encryption algorithms using the advanced encryption standard (AES) need only 128 bits [8].

To evaluate the randomness of the obtained secret keys, NIST test suite was employed [32], where all of the 15 sub-tests were implemented using a key sequence with a length of 10⁶. Each sub-test will return a P-value, which can ensure the randomness from some aspects if P > 0.01. Table 1 shows the final results of the tests. All of the 15 sub-tests have been passed, which confirms the randomness of the generated keys in the proposed SKGD scheme. It should be mentioned that, due to the limited KGR of 213-bit/s, it takes consecutively more than one month to obtain 1000 key sequences with a length of 1Mbits, for the evaluation of the accurate success rate of each sub-test, thus, unfortunately, we cannot provide the accurate success rate so far [32].

Table 1. Results of the 15 NIST-sub-tests.

View Table | View all tables in this article

The comparison of the proposed scheme with other physical layer SKGD schemes using MZI [25] and DI [28] in terms of KGR and KER are given in Table 2. It should be mentioned that the reported other schemes can also achieve an error-free SKGD if IR is applied. In our scheme, we provide not only an alternative physical-layer SKGD approach, but also apply for the first time the IR in optical fiber channel. Moreover, similar to other two schemes, the proposed SKGD scheme is also compatible with the existing fiber infrastructure, which is used for data transmission as well as SKGD simultaneously, and thus, lower cost can be expected.

Table 2. Comparison of KGR in recent schemes for optical fiber channel.

View Table | View all tables in this article

4. Security analysis

To assess the security performance of the proposed SKGD scheme, firstly, we assume an attacker, Eve, who has the same receiver as legal parties and has the ability to tap into the fiber using an optical coupler before Bob side, as depicted in Fig. 3. However, it is very difficult for Eve to obtain the same SPs fluctuation, as she has no knowledge about the initial SOP shared between Alice or Bob. Due to the different initial SOP, the final evolution of the SOP for Bob and Eve will be totally different, which is obvious from Eq. (3). As a result, Eve cannot get any information about the generated key.

The second possible attack is that Eve can attempt to obtain the same initial SOP as Alice and Bob sides using a PC. However, due to the fact that the birefringence distribution between Alice and Bob is different from that between Alice and Eve, Eve will not be able to measure the same trace of SP. Moreover, the local environment at Eve side will further modify the fluctuation of SP. Therefore, she cannot get any information about the secret keys shared between Alice and Bob, neither.

For verification, one example of the measured waveforms of S₂ and S₁ by Bob and Eve is shown in Fig. 8(a) and 8(b) respectively, while the corresponding cross-correlation functions are depicted in Fig. 8(c). It can be noted that what Eve received from S₂ is totally different from Bob, and this can be confirmed by the correlation coefficient, which is ∼0 at the zero-delay. If Eve quantizes her waveform using the same quantizer as Bob, the KER between them is still 0.5023, which is very close to the ideal value (0.5). Moreover, after attempting to use Bob’s parity check for error-correcting, the BER is still 0.5023, means that the IR procedure leaked no information about the key to Eve. This can be attributed to the fact that the error bits between Bob and Eve are far beyond the capability of BCH codes. In terms of the information theory, the mutual information between Bob’s and Eve’s key is only 1.2936×10⁻⁵ regardless of IR stage, which verifies the security robustness of the proposed SKGD scheme. This tiny information leakage can be further reduced by privacy amplification [33]. Therefore, S₂ provides the source of randomness for high-level security.

Fig. 8. Measured SPs by Bob and Eve. (a). S₂; (b). S₁; (c). Cross-correlation functions of S₁ and S₂.

Download Full Size | PDF

On the other hand, the waveforms that Bob and Eve extracted from S₁ are highly correlated, since S₁ is only related to the intensity of two components, E_x0 and E_y0, so the birefringence distribution has nothing to do in this case. Whereas for S₂, time-varying birefringence distribution between Bob and Eve results in different phase difference φ, leading to different waveforms of S₂.

In addition, the sensitivity of KER between Eve and Bob with respect to the mismatch of fiber length is simulated in OptiSystem. The birefringence mode of the fiber was set to be stochastic to simulate the effects of external perturbation. Figure 9 shows the KER variation versus the mismatch of fiber length. It can be observed that the KER significantly increases as the mismatch of fiber length increases. The KER reaches ∼50% if the mismatched length is longer than 1 m. The result implies that, after propagating through the fiber of approximately 1 m, the SOP will be significantly modified [34].

Fig. 9. Variation of KER with respect to the mismatched fiber length.

Download Full Size | PDF

Besides, Eve can attempt to emulate the reported predictable channel attack in the wireless channel [16]. However, the SOP evolution in fiber channel is completely different, as shown in Fig. 2 and Eq. (3), the SOP variation is very sensitive to the spatial distribution of birefringence, fiber length, and the local environments. Therefore, the estimation of the accurate SOP fluctuation pattern by tapping simultaneously at different points of fiber is quite difficult, since Eve has no knowledge of the SOP transformation matrix, which is determined by the birefringence distribution introduced by the whole fiber length between Alice and Bob.

For the man-in-the-middle attack, Eve can intercept the bidirectional CW signals and inject her CW signals to the two terminals. However, this can be easily detected by legal parties via monitoring the decorrelation time from their respective auto-correlation functions, since Eve cannot emulate the effect of external factors along the whole fiber channel. Thus, the decorrelation time at Alice and Bob sides will be different from the case without such attack. Generally, to prevent man-in-the-middle attacks, an authentication protocol can be deployed by Alice and Bob [25].

In summary, the security of the proposed SKGD scheme stems from two sources: the initial SOP and the uniqueness of the fiber channel. Missing any one of these two critical factors will put Eve in a quite difficult situation, and thus she cannot obtain the same fluctuation as Alice and Bob do.

5. Conclusion

We have proposed and experimentally demonstrated a SKGD scheme based on dynamic SPs within classical optical fiber channel, where high-level security is guaranteed by the uniqueness of birefringent fiber link and the sensitivity to the initial SOP of optical signals. The secret key sequences are generated from high-correlated, but random fluctuating signals of S₂, which are shared between two legal parties. Experimentally, an error-free KGR of 213-bits/s is successfully demonstrated over 25-km SSMF using IR technology of BCH error correction codes. Moreover, the proposed scheme has additional advantages of low cost, simple structure and compatible with the long-haul transmission.

Funding

Ministry of Science and Technology of the People's Republic of China (2016YFE0104500); National Natural Science Foundation of China (61431009, 61433009, 61571291).

References

1. K. Shaneman and S. Gray, “Optical network security: technical analysis of fiber tapping mechanisms and methods for detection & prevention,” in IEEE MILCOM 2004. Military Communications Conference, (IEEE, 2004), pp. 711–716.

2. N. Skorin-Kapov, M. Furdek, S. Zsigmond, and L. Wosinska, “Physical-layer security in evolving optical networks,” IEEE Commun. Mag. 54(8), 110–117 (2016). [CrossRef]

3. D. Dahan and U. Mahlab, “Security threats and protection procedures for optical networks,” IET Optoelectron. 11(5), 186–200 (2017). [CrossRef]

4. A. A. E. Hajomer, X. Yang, and W. Hu, “Chaotic Walsh–Hadamard transform for physical layer security in OFDM-PON,” IEEE Photonics Technol. Lett. 29(6), 527–530 (2017). [CrossRef]

5. C. Zhang, W. Zhang, C. Chen, X. He, and K. Qiu, “Physical-enhanced secure strategy for OFDMA-PON using chaos and deoxyribonucleic acid encoding,” J. Lightwave Technol. 36(9), 1706–1712 (2018). [CrossRef]

6. Z. Hu and C. Chan, “A 7-D hyperchaotic system-based encryption scheme for secure fast-OFDM-PON,” J. Lightwave Technol. 36(16), 3373–3381 (2018). [CrossRef]

7. B. Liu, L. Zhang, and X. Xin, “Enhanced secure 4-D modulation space optical multi-carrier system based on joint constellation and stokes vector scrambling,” Opt. Express 26(6), 6890–6898 (2018). [CrossRef]

8. J. Katz and Y. Lindell, Introduction to Modern Cryptography (Chapman and Hall/CRC, 2014).

9. Y. Wang, H. Zhang, and H. Wang, “Quantum polynomial-time fixed-point attack for RSA,” China Commun. 15(2), 25–32 (2018). [CrossRef]

10. C. H. Bennett and G. Brassard, “Quantum cryptography: public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems, and Signal Processing (IEEE, 1984), pp. 175–179.

11. N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. 74(1), 145–195 (2002). [CrossRef]

12. U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Inf. Theory 39(3), 733–742 (1993). [CrossRef]

13. R. Ahlswede and I. Csiszar, “Common randomness in information theory and cryptography. I. Secret sharing,” IEEE Trans. Inf. Theory 39(4), 1121–1132 (1993). [CrossRef]

14. J. Zhang, T. Q. Duong, A. Marshall, and R. Woods, “Key generation from wireless channels: a review,” IEEE Access 4, 614–626 (2016). [CrossRef]

15. M. Bottarelli, G. Epiphaniou, D. K. B. Ismail, P. Karadimas, and H. Al-Khateeb, “Physical characteristics of wireless communication channels for secret key establishment: a survey of the research,” Comput. Secur. 78, 454–476 (2018). [CrossRef]

16. S. N. Premnath, S. Jana, J. Croft, P. L. Gowda, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy, “Secret key extraction from wireless signal strength in real environments,” IEEE Trans. Mobile Comput. 12(5), 917–930 (2013). [CrossRef]

17. Y. Liu, S. C. Draper, and A. M. Sayeed, “Exploiting channel diversity in secret key generation from multipath fading randomness,” IEEE Trans. Inf. Forensics Secur. 7(5), 1484–1497 (2012). [CrossRef]

18. S. Mathur, R. Miller, A. Varshavsky, W. Trappe, and N. Mandayam, “ProxiMate: proximity-based secure pairing using ambient wireless signals,” in Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, Bethesda, Maryland, USA, (Springer, 2011), paper DBLP.

19. N. Wang, X. Song, J. Cheng, and V. C. M. Leung, “Enhancing the security of free-space optical communications with secret sharing and key agreement,” J. Opt. Commun. Netw. 6(12), 1072–1081 (2014). [CrossRef]

20. H. Endo, M. Fujiwara, M. Kitamura, O. Tsuzuki, T. Ito, R. Shimizu, M. Takeoka, and M. Sasaki, “Free space optical secret key agreement,” Opt. Express 26(18), 23305–23332 (2018). [CrossRef]

21. A. Zadok, J. Scheuer, J. Sendowski, and A. Yariv, “Secure key generation using an ultra-long fiber laser: transient analysis and experiment,” Opt. Express 16(21), 16680–16690 (2008). [CrossRef]

22. K. Yoshimura, J. Muramatsu, P. Davis, T. Harayama, H. Okumura, S. Morikatsu, H. Aida, and A. Uchida, “Secure key distribution using correlated randomness in lasers driven by common random light,” Phys. Rev. Lett. 108(7), 070602 (2012). [CrossRef]

23. N. Jiang, C. Xue, D. Liu, Y. Lv, and K. Qiu, “Secure key distribution based on chaos synchronization of VCSELs subject to symmetric random-polarization optical injection,” Opt. Lett. 42(6), 1055–1058 (2017). [CrossRef]

24. T. Sasaki, I. Kakesu, Y. Mitsui, D. Rontani, A. Uchida, S. Sunada, K. Yoshimura, and M. Inubushi, “Common-signal-induced synchronization in photonic integrated circuits and its application to secure key distribution,” Opt. Express 25(21), 26029–26044 (2017). [CrossRef]

25. K. Kravtsov, Z. Wang, W. Trappe, and P. R. Prucnal, “Physical layer secret key generation for fiber-optical networks,” Opt. Express 21(20), 23756–23771 (2013). [CrossRef]

26. I. U. Zaman, A. B. Lopez, M. A. A. Faruque, and O. Boyraz, “Physical layer cryptographic key generation by exploiting PMD of an optical fiber link,” J. Lightwave Technol. 36(24), 5903–5911 (2018). [CrossRef]

27. Y. Bromberg, B. Redding, S. M. Popoff, and H. Cao, “Remote key establishment by mode mixing in multimode fibres and optical reciprocity,” https://arxiv.org/abs/1506.07892 (2015).

28. A. A. E. Hajomer, X. Yang, A. Sultan, and W. Hu, “Key distribution based on phase fluctuation between polarization modes in optical channel,” IEEE Photonics Technol. Lett. 30(8), 704–707 (2018). [CrossRef]

29. S. Rashleigh, “Origins and control of polarization effects in single-mode fibers,” J. Lightwave Technol. 1(2), 312–331 (1983). [CrossRef]

30. A. Carnicer and B. Javidi, “Optical security and authentication using nanoscale and thin-film structures,” Adv. Opt. Photonics 9(2), 218–256 (2017). [CrossRef]

31. T. Wuthigorn, S. Keattisak, and S. Ornlarp, “Secret key reconciliation using BCH code in quantum key distribution,” in International Symposium on Communications and Information Technologies (IEEE, 2007), pp. 1482–1485.

32. A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, J. Dray, and S. Vo, “A statistical test suite for random and pseudorandom number generators for cryptographic applications,” in Special Publication, Revision 1a (2010), paper 800-22.

33. U. Maurer and S. Wolf, “Secret-key agreement over unauthenticated public channels. II. Privacy amplification,” IEEE Trans. Inf. Theory 49(4), 839–851 (2003). [CrossRef]

34. T. R. Woliński, “Polarimetric optical fibers and sensors,” Prog. Opt. 40, 1–75 (2000). [CrossRef]

Statistical test	P-value	Statistical test	P-value
Approximate entropy	0.4619	Overlapping Template	0.1544
Block frequency	0.9341	Random Excursions	0.1578
Cumulative sum	0.3345	Rank	0.8307
FFT	0.1957	Runs	0.6276
Frequency	0.3607	Serial	0.7107
Linear Complexity	0.8111	Universal	0.2067
Longest Run	0.2434	Variant	0.1495
Non-Overlapping Template	0.0148

Statistical test	P-value	Statistical test	P-value
Approximate entropy	0.4619	Overlapping Template	0.1544
Block frequency	0.9341	Random Excursions	0.1578
Cumulative sum	0.3345	Rank	0.8307
FFT	0.1957	Runs	0.6276
Frequency	0.3607	Serial	0.7107
Linear Complexity	0.8111	Universal	0.2067
Longest Run	0.2434	Variant	0.1495
Non-Overlapping Template	0.0148

Error-free secure key generation and distribution using dynamic Stokes parameters

Abstract

1. Introduction

2. Principle of SKGD

3. Experimental results and key extraction

4. Security analysis

5. Conclusion

Funding

References

Cited By

Figures (9)

Tables (2)

Equations (5)

Optics Express

Schemes	MZI [25]	DI [28]	SP (without IR)	SP (with IR)
KGR (bits/s)	160	220	222	213
KER	4%	5%	4.5%	0

Schemes	MZI [25]	DI [28]	SP (without IR)	SP (with IR)
KGR (bits/s)	160	220	222	213
KER	4%	5%	4.5%	0