Abstract

The physical-layer security of a quantum-noise randomized cipher (QNRC) system is, for the first time, quantitatively evaluated with secrecy capacity employed as the performance metric. Considering quantum noise as a channel advantage for legitimate parties over eavesdroppers, the specific wire-tap models for both channels of the key and data are built with channel outputs yielded by quantum heterodyne measurement; the general expressions of secrecy capacities for both channels are derived, where the matching codes are proved to be uniformly distributed. The maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. The influences of various system parameters on secrecy capacities are assessed in detail. The results indicate that QNRC combined with proper channel codes is a promising framework of secure communication for long distance with high speed, which can be orders of magnitude higher than the perfect secrecy rates of other encryption systems. Even if the eavesdropper intercepts more signal power than the legitimate receiver, secure communication (up to Gb/s) can still be achievable. Moreover, the secrecy of running key is found to be the main constraint to the systemic maximal secrecy rate.

© 2017 Optical Society of America

1. Introduction

Despite its better security than copper-wired links and wireless communications in terms of no-leakage of electromagnetic radiation, optical fiber communication (OFC) is still vulnerable to various attacks [1, 2]. Meanwhile, conventional encryption based on computation complexity is under the threat of rapidly increasing computing power of modern computers [3]. Based on quantum mechanical principles, quantum key distribution (QKD) is an effective approach to solving the aforementioned problems [4], which combined with one-time pad (OTP) encryption can provide unconditional security theoretically. Unfortunately, the attainable key generation efficiency and transmission distance of QKD are quite limited (eg., 2.38 Mbps, 70 km [5]).

Quantum-noise randomized cipher (QNRC) is an alternative quantum secure communication method [6], the well-known encryption protocol of which is Yuen 2000 (Y-00) [7]. Based on Heisenberg’s uncertainty principle, the intrinsic quantum noise protects both the data and the key from being intercepted by eavesdroppers. Since ciphertext is directly modulated onto the phase of mesoscopic coherent states, the Y-00 protocol is well compatible with the currently existing OFC infrastructure so that secure communication with high speed and long distance can be realized (eg., 100 Gbit/s, 120km [8]). Therefore, QNRC is an important direction for the practical application of high-speed quantum secure communication.

However, the security of Y-00 protocol hasn’t been proven perfectly in theory, which has been challenged in [9–11] with corresponding refutations in [12–14] by the inventors. The current security metrics of Y-00, like correct detection probability [15] and unicity distance [7], tend to be qualitative or merely focus on the eavesdropper. Ref [16]. has pointed out the applicability of wire-tap channel model [17] as the framework for consideration of Y-00 security of the key and developing secure instantiations. In the wire-tap channel theory, a well-developed theoretical system originated from Wyner [17], there exists a nonzero secrecy capacity, which is the information-theoretic limit of secure transmission rate. As the transmission rate is under secrecy capacity, there exist certain proper channel codes making eavesdropper’s acquisition useless for the knowledge of source information. So far, some specific coding strategies for certain channel models are presented to achieve secrecy capacity [18], such as schemes based on low-density parity-check codes for binary erasure/symmetric channel [19] and polar codes for binary-input symmetric discrete channel [20]. In spite of no general coding schemes, it’s doubtless that secrecy capacity is an instructive metric of security and performance. By its very nature, it is the channel advantage of legal parties over eavesdroppers, which takes into consideration both the main channel and the wire-tap channel as a whole system. Fortunately, such advantages can be provided by Y-00 protocol from the physical layer. Therefore, it’s desirable to investigate the security of Y-00 by considering quantum noise as physical-layer superiority in the wire-tap channel model.

In this paper, we focus on the quantitative security analysis of the Y-00 protocol with secrecy capacity employed as the performance metric. It turns out that QNRC is of great potential for physical-layer security, and the investigation results may contribute to setting proper system parameters for security promotion. The rest of this paper is organized as follows. In Section 2, a brief overview about Y-00 quantum-encryption protocol is provided. In Section 3, we introduce the wire-tap models for both channels of the key and data in detail and characterize their secrecy capacities respectively. Furthermore, the maximal achievable secrecy rate of the system is proposed. In Section 4, comprehensive simulation results about the influences of key system parameters and in-depth discussion about their implications are presented. Finally, we summarize our main findings.

2. Overview of Y-00 protocol

The operation principle of Y-00 quantum-encryption protocol is reviewed as follows [7].

  • (1) Legitimate communication parties, namely Alice and Bob, share a seed key KS that is absolutely safe, probably from QKD key pool.
  • (2) With expansion function ENC(•) (e.g., linear feedback shift register or AES in stream cipher mode), S-bit K is extended into a running key U that is divided into n blocks subsequently: ENC(KS) = UN = (u1, u2,…, un). Each subkey u has l = N/n bits with Mb = 2l values at most.
  • (3) n-bit data Xn=(x1,x2,,xn) will be encrypted by UN with each bit encrypted by u. The encryption mapping is
    m=f(x,u)=u+[xPol(u)]Mb

    POL(u) is 0 or 1 according to whether u is even or odd.

  • (4) Ciphertext m is modulated into the phase of coherent states. Thus, the original quantum states are
    |ϕ(m)=|αeimπMb,m{0,1,,2Mb1}

    where α is the coherent-state amplitude. We can find that the data bits encoded in all neighboring states are antipodal, given that Mb is odd.

    Note that ui determines the basis {|αeiθi,|αei(θi+π)}, where θi=uiπ/Mb; then xi is transmitted selecting one of them; and Mb is called the number of bases.

  • (5) Bob runs an identical ENC(•) function as Alice, so knowing the basis ui, he only needs to distinguish |αei0 and |αeiπ, the orthogonal states with |α| big enough (>>1).

On the other hand, the eavesdropper (named Eve) ignorant of the key has to discriminate 2Mb quantum states and tell the difference of neighboring states that is masked by unavoidable quantum noise. So the information Eve derives from the measurement is a seriously noisy version where key and data are both protected from the physical layer.

3. Wire-tap channel model and secrecy capacity for QNRC system

Three preconditions of our research are illustrated, as follows.

  • (1) We consider the scenarios where the sample size of running key is bounded by |U|≤2S.
  • (2) Besides unlimited computation power and memory capacity, we assume there are two kinds of wiretappers. The ordinary one can only intercept small part of the signal from Alice. The other could get nearly full copy of signal without being detected. For example, Eve might replace ordinary fiber with ultra-low-loss fiber, so her interception could hide in the fiber loss.
  • (3) We take no account of optical amplifiers that increase optical power but reduce SNR.

Figure 1 describes the situation of legal communication with an external eavesdropper. In order to obtain useful information, Eve has to intercept part of the signal from the main channel by fiber bending, beam splitting or other fiber-tapping methods. Suppose that Eve’s interception rate of received power is r and Bob takes a fraction t. Generally, r + t = 1.

 figure: Fig. 1

Fig. 1 General case of wire tapping in OFC system.

Download Full Size | PPT Slide | PDF

Consider that Alice sends signals with initial amplitude α and the distances between Alice and Bob, and between Alice and Eve are LB, LE respectively. Hence, the average number of photons arriving at Bob and Eve are

{|αB|2=t|α|2eμLB|αE|2=r|α|2eμLE
where μ(km1) is the fiber transmission loss coefficient.

With the received quantum states, coherent heterodyne measurement is an indispensable step to obtain all bits of the output for each qumode [16, 21]. If the coherent state received is |ϕ(m)=|αxeiθm (θm=mMbπ), then (r, θ), the observed values of amplitude |αx| and phase angle θm, will be obtained from the constellation. With a shot noise variance σ2 defined as unity, the probability density function in polar coordinates for a quantum heterodyne receiver is [21],

p(r,θ|m)=r2πσ2exp(|αx|2r2+2|αx|rcos(θmθ)2σ2)

Based upon the two-tuples (r, θ), Eve need make a decision on the original state |ϕ(m) and cipher text m. According to the Bayes strategy, the polar coordinate plane should be divided into M = 2Mb decision regions [21],

Dm={(r,θ)|0r<,θm'π/2Mbθ<θm'+π/2Mb},m=0,1,,M1
corresponding to the M qumodes. The best decision is that when (r,θ)Dm, make the choice of m'. Thus, symbol transition probability of cipher text in Eve’s wire-tap channel is
P(m|m)=Dmp(r,θ|m)drdθ
Note that αx = αE in p(r, θ| m).

While with knowledge of the key K and u, Bob only needs to judge between |ϕ(m) or |ϕ(m+Mb) so that the coordinate plane needs to be divided into two parts, namely,

Dm={(r,θ)|0r<,θmπ/2θ<θm+π/2},m=morm+Mb
Correspondingly, the symbol transition probability in the main channel is
P(m|m)=Dmp(r,θ|m)drdθ
Here note that αx = αB in p(r, θ| m).

On the basis of the fundamental channel built above, the wire-tap channel models for the secret key and data can be founded concretely.

3.1 Secret key part

The seed key is shared in advance between Alice and Bob. So is the extended key. However, the transmitted quantum state |ϕ(m) still contains the information of the subkey u, which Eve can intercept so as to figure out the K in a further step. Hence, it’s necessary to analyze the security of running key in a wire-tap channel, as shown in Fig. 2.

 figure: Fig. 2

Fig. 2 Wire-tap channel model of the running key.

Download Full Size | PPT Slide | PDF

We regard the running key U as the information source to be sent from Alice, which already has been known by Bob. In this sense, the main channel is always error-free. Actually such a decoder is non-existent. While the wire-tap channel is noisy under heterodyne measurement with serious disturbance from quantum noise. In order to make the noisy running key totally useless for Eve, U is encoded into Uc before selecting bases, and Uc is then chopped into n subkeys to encrypt the corresponding data.

In fact the wire-tap channel above includes: mapping ucimi, transmission mim^i and inverse mapping m^iu^ci. Because different subkeys are applied in different coherent states transmitting separately, the channel is discrete, memoryless channel (DMC), that is,

P(U^c|Uc)=i=1nP(u^ci|uci)P(u^ci|uci)=mim^iP(u^ci|m^i)P(m^i|mi)P(mi|uci)

Due to the mapping rule of encryption, for given uci and u^ci, ciphertext equals only two values depending on the corresponding value of xi. So,

P(u^ci|uci)=(P(m^u^ci+Mb|muci+Mb)+P(m^u^ci|muci+Mb))P(muci+Mb|uci)+(P(m^u^ci|muci)+P(m^u^ci+Mb|muci))P(muci|uci)

We note that muc=uc, m^u^c=u^c for simplicity. And it is provable that P(m^u^c|muc)=P(m^u^c+Mb|muc+Mb) and P(m^u^c|muc+Mb)=P(m^u^c+Mb|muc). Accordingly, the transition probability of running key in wire-tap channel can be simplified as below.

P(u^c|uc)=(P(m^u^c|muc)+P(m^u^c+Mb|muc))(P(muci|uci)+P(muci+Mb|uci))=P(m^u^c|muc)+P(m^u^c+Mb|muc)
which can be calculated together with Eqs. (4) (6).

An equivalent wire-tap channel model for the running key has been founded, and according to Wyner’s theory [17], its secrecy capacity is

CSu=maxP(uc){I(uc,uc)I(uc,u^c)}=maxP(uc){[H(uc)H(uc|uc)][H(uc)H(uc|u^c)]}=maxP(uc){H(uc|u^c)}
Hereinto, I denotes the mutual information, and H is the (conditional) entropy function.

We can find that the wire-tap channel with channel matrix [P(u^c|uc)] is a symmetric discrete channel. By using Lagrange multipliers technique and taking the channel characteristics into account, we derive that H(uc|u^c) is maximal when subkeys uc are uniformly distributed. Thus, it provides a normal demand for the encoding of U. Moreover, resorting to the symmetric discrete channel matrix and matching distribution of uc, the applied CSu formula for calculation is given by

CSu=j=0Mb1P(u^c=j|uc=i)log2P(u^c=j|uc=i),0i<Mb
where each row of [P] consists of same elements, so i can be arbitrary, and we take 0•log0 = 0 in this paper.

3.2 Data bit part

Also, Eve can derive a noisy version of the original data from heterodyne measurement. Consequently, we study the physical-layer security of data X on the basis of wire-tap channel, as shown in Fig. 3.

 figure: Fig. 3

Fig. 3 Wire-tap channel model of the data.

Download Full Size | PPT Slide | PDF

Likewise, source Xk=(x1,x2,,xk) is encoded into Xcn=(xc1,xc2,,xcn) before encryption so as to make Eve’s measurement of data meaningless. Still, the wire-tap channel is noisy and output is Zn. However, the main channel isn’t always noiseless any more, because SNR degrades after channel transmission. Output of main channel is Yn. Since Xcn is encrypted bit by bit with subkeys from Ucn, it’s easy to know that the main channel XcnYn and wire-tap channel XcnZn are both DMCs, i.e.,

P(Yn|Xcn)=i=1nP(yi|xci),P(Zn|Xcn)=i=1nP(zi|xci),P(yi|xci)=mim^iP(yi|m^Bi)P(m^Bi|mi)P(mi|xci),P(zi|xci)=mim^iP(zi|m^Ei)P(m^Ei|mi)P(mi|xci)
Hereinto, m^B and m^E are the respective ciphertexts received by Bob and Eve. Specifically, for given xc y z,
P(m|xc)=P(uc)
P(y|m^B)={1,m^B=f(y,uc)0,else,P(z|m^E)={1,m^E=f(z,u^c)0,else
By substituting Eqs. (15) (16) into Eq. (14), then we have
P(z|xc)=ucu^cP(m^E=f(z,u^c)|m=f(xc,uc))P(uc)(a)¯¯ucP(uc)u^cP(m^E=f(z,u^c)|m=f(xc,0))=u^cP(m^E=f(z,u^c)|m=f(xc,0))
where (a) follows that the matrix [P(m^E|m)] is also symmetric discrete, consisting of same elements in each row, and generally we take the row of uc = 0. Similarly,
P(y|xc)=u^cP(m^B=f(y,u^c)|m=f(xc,0))(b)¯¯P(m^B=f(y,0)|m=f(xc,0))
where (b) follows only probability items with u^c=uc exist, given that Bob knows running key, i.e., the basis level. Further, it’s not hard to prove both channels of data communication leading to Bob and Eve are binary symmetric channels (BSC). Their crossover probabilities, namely, the respective error rates, are
PBe=P(m^B=Mb|m=0)
PEe=u^cP(m^E=f(1,u^c)|m=0)(c)¯¯i=1MbP(m^E=2i1|m=0)
provided that uc = 0~Mb-1 and Mb is odd for (c). Note that the transition probabilities in Eqs. (17) and (20) and (18) and (19) follow Eqs. (6) and (8) respectively.

The wire-tap channel model for data communication is clearly demonstrated above. The secrecy capacity of data is given by

CSx=maxP(xc){I(xc,y)I(xc,z)}=maxP(xc){[H(y)H(y|xc)][H(z)H(z|xc)]}=maxP(xc){H(y)H(z)}+H(z|xc)H(y|xc)(d)H(z|xc)H(y|xc)
Inequality (d) follows that YZ could be treated as another BSC, if error rates PBePEe, and the entropy of output of a BSC is not less than that of its input [22], i.e., H(y) ≤ H(z). Further, the condition for equality is P(xc = 0) = P(xc = 1) = 1/2, which provides a normal demand for encoding X. On this condition, the final CSx is given by
CSx=h(PEe)h(PBe)
where h(p) = -plog2 p-(1-p)log2(1-p), 0≤ p≤1. For further analysis, we express it as CSx = [1-h(PBe)]-[1-h(PEe)] = CM-CW.

3.3 Maximal achievable secrecy rate of the system

Now that the transmitted quantum states contain information of both the data and the key, we need to take their secrecy restrictions into consideration at the same time for strict security of the whole system. That is to say, RuCSu and RxCSx, where Ru, Rx denote the respective rate. Meanwhile, each state |ϕ(m) includes l-bit u and 1-bit x, which means Ru = lRx. As a result,

{RxCSxlRxCSuRxmin{CSx,CSul}=min{CSx,CSu0}
where CSu0 = CSu/l can be regarded as the average secrecy capacity per bit of running key. We define the maximal achievable secrecy rate of the system as RS = min{CSx, CSu0}.

In addition, since KUUc form a Markov-chain series channel, when Eve can acquire nothing about the running key (U), the initial key (K) will be more impossible to be revealed. Thus, transmission at rate up to RS is achievable with both key and data in perfect secrecy.

4. Results and discussion

The secrecy capacities derived above are dependent on key system parameters, such as the number of bases, the initial amplitude of coherent state, the signal transmission distances, the interception rate and so on. In this section, we focus on impacts of the parameters mentioned above. Moreover, comparison between CSu and CSx is analyzed. We try to find some meaningful results to optimize those parameters for greater secrecy capacities.

4.1 Secrecy capacity of running key

According to the formula (13), secrecy capacity of running key CSu is evaluated with regard to different parameters, as shown in Fig. 4-6. In Fig. 4, CSu is considered as a function of transmission distance between Alice and Eve (LE), for the case of interception ratio r = {0.01,0.1,0.5,1}, Mb = 127, |α|=Mb/3π13.5 and fiber loss coefficient with typical value μ = 0.2dB/km. Evidently, secrecy capacity increases with LE and decreases as the interception ratio rises. When r is large, it’s difficult to reach the maximum. In order to obtain more information, smart wiretappers would choose to eavesdrop as close as possible to Alice (LE→0) with r as large as possible. Though Eve is likely to be discovered as r>10−2 resulting in a noticeable power reduction, to maximize Eve’s ability and consider the worst situation, we still assume Eve with strongest ability can have a full copy of signal, implying r = t = 1.

 figure: Fig. 4

Fig. 4 Secrecy capacity of the running key vs. LE, with Mb = 127, |α| = 13.5 andμ = 0.2 dB/km.

Download Full Size | PPT Slide | PDF

 figure: Fig. 5

Fig. 5 Secrecy capacity of running key (normalized to CMu) vs. Mb = 2l-1. Smart Eve (LE = 0) with strongest ability (r = t = 1).

Download Full Size | PPT Slide | PDF

 figure: Fig. 6

Fig. 6 Secrecy capacity of running key (normalized to CMu) vs. Nσ, assuming LE = 0 and r = t = 1.

Download Full Size | PPT Slide | PDF

In Fig. 5, we evaluate the impact of number of bases under smart Eve with strongest ability, that is, |αE| = |α|. Specifically, we set Mb = 2l-1 for l-bit subkey. In fact, here CSu is normalized to CMu, capacity of the main channel with CMu = log2Mb, and is approximatively the average secrecy capacity per bit of subkey. As Mb increases with the length of subkey, there are more state levels Eve has to discriminate with more difficulties. As a result, the phase difference between adjacent quantum states diminishes and Eve will surely make more mistakes, leading to a larger CSu.

While the question is, Alice has to emit more photons in each coherent state so as to communicate reliably for longer distance. According to uncertainty principle, the more photons Eve receives, the smaller the uncertainty of signal phase will be, and smaller quantum phase noise results in more accurate detection leaking more information to Eve. Then, more bases in turn are needed to protect signal information from being intercepted. We observe that, when average number of photons |α|2 is large, the growth of CSu is too slow to reach the biggest value, i.e., CMu. For instance, to protect merely 25 photons on average (for |α| = 5) to 0.81CMu, about 1023 bases are needed. It’s extremely difficult to actualize perfect CSu = CMu in practically remote communication. Therefore, we have to set the running key rate not exceeding CSu to ensure the security of key, together with proper encoding of U.

From the analyses above, we know coherent-state amplitude |α| is decisive to Δφ, the quantum noise in phase detection, which quantitatively is Δφ=1/N¯=1/|α|, and the number of bases Mb is to δφ, the phase difference of adjacent quantum states, which is δφ = π/Mb. In the physical nature, it’s only when Δφ masks δφ that secure QNRC becomes possible. Moreover, define the number of states masked by quantum noise as Nσ=Δφδφ=Mbπ|α|.

Figure 6 shows the more states are masked, the better CSu (normalized to CMu) will be achieved for certain number of bases generally. And particularly, CSu increases most rapidly in the first division of Nσ, implying that more than 20 state levels need to be masked there to ensure CSu large enough, especially for large Mb. Normalized CSu will reduce when Mb increases proportional to |α| with fixed Nσ. It means that Nσ isn’t the only decisive factor of CSu per bit, which is more sensitive to the negative impact of |α| instead of the protection of Mb with their proportion fixed.

4.2 Secrecy capacity of data

According to the Eq. (22), secrecy capacity of data CSx is evaluated for different cases, as shown in Fig. 7-9. Thereinto, we regard Eve as a wiretapper smart enough to eavesdrop close to Alice (LE→0).

 figure: Fig. 7

Fig. 7 Secrecy capacity of data vs. LB, with Nσ = 3. Smart wiretapper (LE = 0) and Mb = 127.

Download Full Size | PPT Slide | PDF

 figure: Fig. 8

Fig. 8 (a) Secrecy capacity of data, CSx vs. |α|, with Eve of normal ability (r = 0.01, t = 0.99); (b) CSx vs. |α|, with Eve of strongest power (r = t = 1); (c) Data capacity of main channel, CM and data capacity of wire-tap channel, CW vs. |α|, with r = 0.01, t = 0.99; (d) CM and CW vs. |α|, with r = t = 1. LB = 100km and LE = 0 for all (a)~(d).

Download Full Size | PPT Slide | PDF

 figure: Fig. 9

Fig. 9 Secrecy capacity of data vs. Nσ, with optimal wiretapper (r = t = 1, LE = 0), and LB = 100km.

Download Full Size | PPT Slide | PDF

We investigate CSx versus the transmission distance between Alice and Bob (LB), for the case of transmissivity t = {0.1,0.3,0.5,0.99}, Mb = 127, |α| = 13.5 and μ = 0.2dB/km, in Fig. 7. CSx decreases along with the growth of LB and reduction of t. While under this case, CW, the capacity of wire-tap channel, remains constant 0 irrelevant to LB or t, since Nσ = 3 states are masked at source. It indicates Eve could derive nothing useful from her interception, as long as data is protected at source. Actually, the decrease of CSx here results from the reduction of main channel capacity, CM. After long distance transmission, the coherent states are pulled closer to the vacuum states, with the phase uncertainty so large that even Bob’s measurement is affected with errors. If Nσ<1, nonzero CW shall decrease with t = 1-r. Anyway, transmission distance unavailable for the honest parties is a relative advantage that Eve could utilize.

Next, we illustrate the influence of coherent-state amplitude. Figure 8 (a) and (b) plot CSx versus |α| in the presence of eavesdroppers with normal ability (r = 0.01, t = 0.99) and strongest power (r = t = 1), respectively, at the length of 100km. And Fig. 8 (c) and (d) plot the corresponding CW and CM versus |α| for further analysis. It’s obvious that the scenario with strongest Eve, which is the worst case, degenerates the security performance seriously. Taking Mb = 15 as an example, CSx in the case against normal Eve attains the maximum 1 with |α| ranging 41~45; in contrast, CSx against the strongest Eve can only reach 0.24 at most with |α| = 10.

Curves in both Fig. 8(a) and 8(b) show the trend that increases in the beginning, keeps the peak value at some point or for an interval in the middle and then decreases. According to Fig. 8(c) and 8(d), we can make an explanation correspondingly. We note that CM, which increases from the very beginning, is related to |α| but irrelevant to Mb. While CW starts rising only when signal is intensive enough to overcome the disturbance of Δφ. In other words, as |α| is small, CW = 0 or its increment speed is slower than CM. Thus, CSx = CM-CW keeps increasing up to the maximum before CW increases faster than CM. If CSx saturates before CW starts increasing for certain interval, there will be a corresponding interval where CSx holds the peak value.

From the analyses above, we infer that to achieve the maximal CSx, |α| is supposed to satisfy the constraint given below,

{|αB||αB0|Mbπ|αE|>1|αB0|10βLB20|α|<Mbπr
where αB, αE are from Eq. (3) and αB0 corresponds to the minimum of average number of photons for correct heterodyne detection in PSK scheme. Typically, to ensure PBe≈10−9, |αB0|2≈18 at least. The second inequality ensures that accurate measurement is impossible for Eve. The final in Eq. (24) is of significance to set proper values of |α| and Mb to maximize CSx, for given length from Alice to Bob. The intervals meeting the inequation conform to Fig. 8(a), 8(c) and 8(b) for Mb = 255, approximatively. Otherwise, for given LB and Mb, if the interval meeting the inequation doesn’t exist, CSx will not achieve the theoretical maximum 1, as shown in Fig. 8(b), 8(d) for Mb = {15, 31, 63}.

Further, according to in Eq. (24), as LB is quite long, Mb needs to be sufficiently large against the strongest Eve. For instance, as LB = 300km, Mb needs to be more than 104, of which the realization is quite a trouble. We suggest designing the parameters for secure QNRC based on different requirements of security. For those vital communication applications requiring absolute safety, we adopt the conservative designing strategy, imagining Eve most powerful and taking r = 1; while in ordinary scenarios with general demands for security, designing against Eve with normal ability (i.e., r = 0.01) is safe enough, and it’s easier to be realized.

Similarly, we study the impact of Nσ, the number of states masked by quantum noise, on data secrecy capacity in Fig. 9. Here consider Eve as an optimal wiretapper. The variation trend of CSx also includes rising, holding or not, and dropping. We observe that for given Mb, it is unnecessary or harmful to set Nσ too big value and some value of Nσ1 is sufficient to attain the maximum of CSx. Moreover, as Nσ keeps constant, CSx is much larger with more bases, implying the protection of Mb prevails over the negative impact of |α| in data communication part when they increase proportionally. In comparison, normalized CSu in Fig. 6 reaches the maximum with much higher Nσ. Though the data are indeed protected as long as the adjacent quantum states are masked by quantum noise, the states within the standard deviation of phase uncertainty are likely to have several bits in common, which reveals partial information of the key to Eve. Therefore, it’s harder for the running key to be completely secure by contrast with data on equal conditions. An effective way to improve security of the key is devising more disordered mappers.

4.3 Comparison between CSu and CSx

According to Eq. (23), the comparison between CSx and CSu0 for different cases is shown in Fig. 10. In particular, the strict maximal secrecy rate RS is pointed out. Generally, CSx<CSu0 as |α| is small, implying RS is limited to CSx there; when |α| becomes large enough, CSx>CSu0, during which time CSu0 is the restriction of RS. From the practical viewpoint, the region limited to CSu0 with larger |α| is of more significance. Although the peak value of RS moves higher with bigger Mb, the great gain in CSx doesn’t make much difference, unfortunately. Therefore, more attention should be paid to the restriction from CSu0, and improving the secrecy of running key is the key point to achieve a strict maximal secrecy rate much higher.

 figure: Fig. 10

Fig. 10 Comparisons between secrecy capacities of data and running key per bit as function of |α|. Parameter values: (a) Mb = 63, LB = 100km, (b) Mb = 127, LB = 100km, (c) Mb = 255, LB = 100km, (d) Mb = 127, LB = 200km, (e) Mb = 255, LB = 200km, (f) Mb = 1023, LB = 200km, with optimal Eve (r = t = 1 and LE = 0) for all (a)~(f).

Download Full Size | PPT Slide | PDF

Meanwhile, Fig. 10(d)-10(f) indicate that RS and CSx degrade drastically with long distance transmission, where much more bases are needed. However, even for transmission of 200km with merely 127 bases against the optimal Eve, we can still obtain a maximal secrecy rate up to RS = 0.16, i.e., 16% of the maximal transmission bit rate of the main channel. If capacity of the main channel is CMt = 100 Gb/s as reported in [8], secure bit rate on the scale of Gb/s can be yielded with both the key and data in perfect secrecy. We remark here that the framework of QNRC + QKD combined with Wyner’s theory can achieve perfectly secure bit rate orders of magnitude higher than that of OTP + QKD. It’s quite a promising direction of secure communication since RS can be greatly improved by increasing both CSu0 and CMt.

5. Conclusion

The QNRC system with inevitable quantum noise suffered by eavesdroppers can provide a great channel advantage for the legal users, which shows a huge potential for the physical-layer security. This kind of security is quantitatively investigated with secrecy capacity as the performance metric for the first time. Moreover, considering the secrecy constraints of both the key and data, the maximal achievable secrecy rate of the system (i.e., RS) is proposed. The results show that QNRC can potentially provide physical-layer security at data rates orders of magnitude higher than the perfect secrecy rate of QKD. Also, even if the eavesdropper intercepts much more signal power than the legitimate receiver, a considerable secrecy capacity can still exist. Furthermore, it is found that the secrecy capacity of running key per bit is the main constraint to RS, which suggests the critical importance of improving the running key secrecy.

By analyzing the security of QNRC via taking both the legitimate and wire-tap channels into account as a whole system, we believe that these results can provide effective instructions for the system configuration according to specific security requirements. Moreover, the design of secure encoding schemes is a potential research area in the next step, where we have proved the matching codes must be uniformly distributed.

Funding

National Natural Science Foundation of China (NSFC) (61475193 and 61504170); Natural Science Foundation of Jiangsu Province (BK20140069).

References and links

1. K. Shaneman and S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and methods for detection prevention,” in Proc. IEEE MILCOM (IEEE, 2004), pp. 711–716. [CrossRef]  

2. K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

3. P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIMA. J. Comput. (Taipei) 26(5), 1484–1509 (1997).

4. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]  

5. K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014). [CrossRef]  

6. G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009). [CrossRef]  

7. R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006). [CrossRef]  

8. F. Futami and O. Hirota, “100 Gbit/s (10 x 10 Gbit/s) Y-00 cipher transmission over 120 km for secure optical communication between data centers,” in Proc. OECC/ACOFT2014, pp.4–6.

9. T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004). [CrossRef]  

10. T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005). [CrossRef]  

11. Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005). [CrossRef]   [PubMed]  

12. H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005). [CrossRef]  

13. R. Nair, H. P. Yuen, E. Corndorf, and P. Kumar, “Reply to: Reply to: Comment on: How much security does Y-00 protocol provide us?” arXiv preprint quant-ph/ 0509092.

14. H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005). [CrossRef]  

15. O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007). [CrossRef]  

16. M. J. Mihaljević, “Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach,” Phys. Rev. A 75(5), 052334 (2007). [CrossRef]  

17. A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J. 54(8), 1355–1387 (1975). [CrossRef]  

18. W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013). [CrossRef]  

19. A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007). [CrossRef]  

20. H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011). [CrossRef]  

21. S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006). [CrossRef]  

22. A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973). [CrossRef]  

References

  • View by:
  • |
  • |
  • |

  1. K. Shaneman and S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and methods for detection prevention,” in Proc. IEEE MILCOM (IEEE, 2004), pp. 711–716.
    [Crossref]
  2. K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).
  3. P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIMA. J. Comput. (Taipei) 26(5), 1484–1509 (1997).
  4. V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
    [Crossref]
  5. K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
    [Crossref]
  6. G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
    [Crossref]
  7. R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
    [Crossref]
  8. F. Futami and O. Hirota, “100 Gbit/s (10 x 10 Gbit/s) Y-00 cipher transmission over 120 km for secure optical communication between data centers,” in Proc. OECC/ACOFT2014, pp.4–6.
  9. T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
    [Crossref]
  10. T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
    [Crossref]
  11. Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005).
    [Crossref] [PubMed]
  12. H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
    [Crossref]
  13. R. Nair, H. P. Yuen, E. Corndorf, and P. Kumar, “Reply to: Reply to: Comment on: How much security does Y-00 protocol provide us?” arXiv preprint quant-ph/ 0509092.
  14. H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
    [Crossref]
  15. O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007).
    [Crossref]
  16. M. J. Mihaljević, “Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach,” Phys. Rev. A 75(5), 052334 (2007).
    [Crossref]
  17. A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J. 54(8), 1355–1387 (1975).
    [Crossref]
  18. W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
    [Crossref]
  19. A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
    [Crossref]
  20. H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011).
    [Crossref]
  21. S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
    [Crossref]
  22. A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973).
    [Crossref]

2015 (1)

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

2014 (1)

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

2013 (1)

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

2011 (1)

H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011).
[Crossref]

2009 (2)

G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
[Crossref]

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

2007 (3)

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007).
[Crossref]

M. J. Mihaljević, “Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach,” Phys. Rev. A 75(5), 052334 (2007).
[Crossref]

2006 (2)

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

2005 (4)

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005).
[Crossref] [PubMed]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

2004 (1)

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

1997 (1)

P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIMA. J. Comput. (Taipei) 26(5), 1484–1509 (1997).

1975 (1)

A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J. 54(8), 1355–1387 (1975).
[Crossref]

1973 (1)

A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973).
[Crossref]

Almeida, J.

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

Barbosa, G.

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

Barros, J.

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

Bechmann-Pasquinucci, H.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Bloch, M.

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Bloch, M. R.

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

Calderbank, A. R.

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

Cerf, N. J.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Choi, I.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Corndorf, E.

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

Cussey, J.

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Dihidar, D.

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

Donnet, S.

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Dušek, M.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Dynes, J.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Eguchi, T.

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

Gray, S.

K. Shaneman and S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and methods for detection prevention,” in Proc. IEEE MILCOM (IEEE, 2004), pp. 711–716.
[Crossref]

Guan, K.

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

Harrison, W. K.

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

Hasegawa, T.

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

Hirota, O.

O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007).
[Crossref]

Imafuku, K.

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

Imai, H.

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

Ishizuka, H.

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

Kanter, G. S.

G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
[Crossref]

Kumar, P.

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

Larger, L.

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Lucamarini, M.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Lütkenhaus, N.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Mahdavifar, H.

H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011).
[Crossref]

McLaughlin, S. W.

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

Merolla, J. M.

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Mihaljevic, M. J.

M. J. Mihaljević, “Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach,” Phys. Rev. A 75(5), 052334 (2007).
[Crossref]

Nair, R.

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

Nishioka, T.

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

Patel, K.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Peev, M.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Penty, R.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Reilly, D.

G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
[Crossref]

Scarani, V.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

Shaneman, K.

K. Shaneman and S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and methods for detection prevention,” in Proc. IEEE MILCOM (IEEE, 2004), pp. 711–716.
[Crossref]

Sharpe, A.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Shields, A.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Shields, A. J.

Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005).
[Crossref] [PubMed]

Shor, P. W.

P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIMA. J. Comput. (Taipei) 26(5), 1484–1509 (1997).

Smith, N.

G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
[Crossref]

Soljanin, E.

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

Thangaraj, A.

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

Tulino, A.

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

Vardy, A.

H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011).
[Crossref]

Winzer, P.

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

Wyner, A. D.

A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J. 54(8), 1355–1387 (1975).
[Crossref]

A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973).
[Crossref]

Yuan, Z. L.

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005).
[Crossref] [PubMed]

Yuen, H.

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

Yuen, H. P.

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

Ziv, J.

A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973).
[Crossref]

Appl. Phys. Lett. (1)

K. Patel, J. Dynes, M. Lucamarini, I. Choi, A. Sharpe, Z. L. Yuan, R. Penty, and A. Shields, “Quantum key distribution for 10 Gb/s dense wavelength division multiplexing networks,” Appl. Phys. Lett. 104(5), 051123 (2014).
[Crossref]

Bell Syst. Tech. J. (1)

A. D. Wyner, “The wire-tap channel,” Bell Syst. Tech. J. 54(8), 1355–1387 (1975).
[Crossref]

IEEE Commun. Mag. (1)

G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: The marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009).
[Crossref]

IEEE Signal Process. Mag. (1)

W. K. Harrison, J. Almeida, M. R. Bloch, S. W. McLaughlin, and J. Barros, “Coding for secrecy: an overview of error-control coding techniques for physical-layer security,” IEEE Signal Process. Mag. 30(5), 41–50 (2013).
[Crossref]

IEEE T Inf. Foren. Sec (1)

K. Guan, A. Tulino, P. Winzer, and E. Soljanin, “Secrecy capacities in space-division multiplexed fiber optic communication systems,” IEEE T Inf. Foren. Sec 10(7), 1325–1335 (2015).

IEEE Trans. Inf. Theory (3)

A. Thangaraj, D. Dihidar, A. R. Calderbank, S. W. McLaughlin, and J. M. Merolla, “Applications of LDPC codes to the wiretap channel,” IEEE Trans. Inf. Theory 53(8), 2933–2945 (2007).
[Crossref]

H. Mahdavifar and A. Vardy, “Achieving the secrecy capacity of wiretap channels using polar codes,” IEEE Trans. Inf. Theory 57(10), 6428–6443 (2011).
[Crossref]

A. D. Wyner and J. Ziv, “A theorem on the entropy of certain binary sequences and applications: part I,” IEEE Trans. Inf. Theory IT-19(6), 769–772 (1973).
[Crossref]

Phys. Lett. A (4)

S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “How much security does Y-00 protocol provide us?” Phys. Lett. A 327(1), 28–32 (2004).
[Crossref]

T. Nishioka, T. Hasegawa, H. Ishizuka, K. Imafuku, and H. Imai, “Reply to: Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 7–16 (2005).
[Crossref]

H. P. Yuen, P. Kumar, E. Corndorf, and R. Nair, “Comment on: How much security does Y-00 protocol provide us?” Phys. Lett. A 346(1–3), 1–6 (2005).
[Crossref]

Phys. Rev. A (3)

R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006).
[Crossref]

O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007).
[Crossref]

M. J. Mihaljević, “Generic framework for the secure Yuen 2000 quantum-encryption protocol employing the wire-tap channel approach,” Phys. Rev. A 75(5), 052334 (2007).
[Crossref]

Phys. Rev. Lett. (2)

H. Yuen, E. Corndorf, G. Barbosa, and P. Kumar, “Reply to Comment on Secure Communication using mesoscopic coherent states,” Phys. Rev. Lett. 94(4), 048902 (2005).
[Crossref]

Z. L. Yuan and A. J. Shields, “Comment on “Secure Communication using Mesoscopic coherent states”,” Phys. Rev. Lett. 94(4), 048901 (2005).
[Crossref] [PubMed]

Rev. Mod. Phys. (1)

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009).
[Crossref]

SIMA. J. Comput. (Taipei) (1)

P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIMA. J. Comput. (Taipei) 26(5), 1484–1509 (1997).

Other (3)

K. Shaneman and S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and methods for detection prevention,” in Proc. IEEE MILCOM (IEEE, 2004), pp. 711–716.
[Crossref]

F. Futami and O. Hirota, “100 Gbit/s (10 x 10 Gbit/s) Y-00 cipher transmission over 120 km for secure optical communication between data centers,” in Proc. OECC/ACOFT2014, pp.4–6.

R. Nair, H. P. Yuen, E. Corndorf, and P. Kumar, “Reply to: Reply to: Comment on: How much security does Y-00 protocol provide us?” arXiv preprint quant-ph/ 0509092.

Cited By

OSA participates in Crossref's Cited-By Linking service. Citing articles from OSA journals and other participating publishers are listed here.

Alert me when this article is cited.


Figures (10)

Fig. 1
Fig. 1 General case of wire tapping in OFC system.
Fig. 2
Fig. 2 Wire-tap channel model of the running key.
Fig. 3
Fig. 3 Wire-tap channel model of the data.
Fig. 4
Fig. 4 Secrecy capacity of the running key vs. LE, with Mb = 127, |α| = 13.5 and μ = 0.2 dB/km.
Fig. 5
Fig. 5 Secrecy capacity of running key (normalized to CMu) vs. Mb = 2l-1. Smart Eve (LE = 0) with strongest ability (r = t = 1).
Fig. 6
Fig. 6 Secrecy capacity of running key (normalized to CMu) vs. Nσ, assuming LE = 0 and r = t = 1.
Fig. 7
Fig. 7 Secrecy capacity of data vs. LB, with Nσ = 3. Smart wiretapper (LE = 0) and Mb = 127.
Fig. 8
Fig. 8 (a) Secrecy capacity of data, CSx vs. |α|, with Eve of normal ability (r = 0.01, t = 0.99); (b) CSx vs. |α|, with Eve of strongest power (r = t = 1); (c) Data capacity of main channel, CM and data capacity of wire-tap channel, CW vs. |α|, with r = 0.01, t = 0.99; (d) CM and CW vs. |α|, with r = t = 1. LB = 100km and LE = 0 for all (a)~(d).
Fig. 9
Fig. 9 Secrecy capacity of data vs. Nσ, with optimal wiretapper (r = t = 1, LE = 0), and LB = 100km.
Fig. 10
Fig. 10 Comparisons between secrecy capacities of data and running key per bit as function of |α|. Parameter values: (a) Mb = 63, LB = 100km, (b) Mb = 127, LB = 100km, (c) Mb = 255, LB = 100km, (d) Mb = 127, LB = 200km, (e) Mb = 255, LB = 200km, (f) Mb = 1023, LB = 200km, with optimal Eve (r = t = 1 and LE = 0) for all (a)~(f).

Equations (24)

Equations on this page are rendered with MathJax. Learn more.

m = f ( x , u ) = u + [ x P o l ( u ) ] M b
| ϕ ( m ) = | α e i m π M b , m { 0 , 1 , , 2 M b 1 }
{ | α B | 2 = t | α | 2 e μ L B | α E | 2 = r | α | 2 e μ L E
p ( r , θ | m ) = r 2 π σ 2 exp ( | α x | 2 r 2 + 2 | α x | r cos ( θ m θ ) 2 σ 2 )
D m = { ( r , θ ) | 0 r < , θ m ' π / 2 M b θ < θ m ' + π / 2 M b } , m = 0 , 1 , , M 1
P ( m | m ) = D m p ( r , θ | m ) d r d θ
D m = { ( r , θ ) | 0 r < , θ m π / 2 θ < θ m + π / 2 } , m = m or m + M b
P ( m | m ) = D m p ( r , θ | m ) d r d θ
P ( U ^ c | U c ) = i = 1 n P ( u ^ c i | u c i ) P ( u ^ c i | u c i ) = m i m ^ i P ( u ^ c i | m ^ i ) P ( m ^ i | m i ) P ( m i | u c i )
P ( u ^ c i | u c i ) = ( P ( m ^ u ^ c i + M b | m u c i + M b ) + P ( m ^ u ^ c i | m u c i + M b ) ) P ( m u c i + M b | u c i ) + ( P ( m ^ u ^ c i | m u c i ) + P ( m ^ u ^ c i + M b | m u c i ) ) P ( m u c i | u c i )
P ( u ^ c | u c ) = ( P ( m ^ u ^ c | m u c ) + P ( m ^ u ^ c + M b | m u c ) ) ( P ( m u c i | u c i ) + P ( m u c i + M b | u c i ) ) = P ( m ^ u ^ c | m u c ) + P ( m ^ u ^ c + M b | m u c )
C S u = max P ( u c ) { I ( u c , u c ) I ( u c , u ^ c ) } = max P ( u c ) { [ H ( u c ) H ( u c | u c ) ] [ H ( u c ) H ( u c | u ^ c ) ] } = max P ( u c ) { H ( u c | u ^ c ) }
C S u = j = 0 M b 1 P ( u ^ c = j | u c = i ) log 2 P ( u ^ c = j | u c = i ) , 0 i < M b
P ( Y n | X c n ) = i = 1 n P ( y i | x c i ) , P ( Z n | X c n ) = i = 1 n P ( z i | x c i ) , P ( y i | x c i ) = m i m ^ i P ( y i | m ^ B i ) P ( m ^ B i | m i ) P ( m i | x c i ) , P ( z i | x c i ) = m i m ^ i P ( z i | m ^ E i ) P ( m ^ E i | m i ) P ( m i | x c i )
P ( m | x c ) = P ( u c )
P ( y | m ^ B ) = { 1 , m ^ B = f ( y , u c ) 0 , e l s e , P ( z | m ^ E ) = { 1 , m ^ E = f ( z , u ^ c ) 0 , e l s e
P ( z | x c ) = u c u ^ c P ( m ^ E = f ( z , u ^ c ) | m = f ( x c , u c ) ) P ( u c ) ( a ) ¯ ¯ u c P ( u c ) u ^ c P ( m ^ E = f ( z , u ^ c ) | m = f ( x c , 0 ) ) = u ^ c P ( m ^ E = f ( z , u ^ c ) | m = f ( x c , 0 ) )
P ( y | x c ) = u ^ c P ( m ^ B = f ( y , u ^ c ) | m = f ( x c , 0 ) ) ( b ) ¯ ¯ P ( m ^ B = f ( y , 0 ) | m = f ( x c , 0 ) )
P B e = P ( m ^ B = M b | m = 0 )
P E e = u ^ c P ( m ^ E = f ( 1 , u ^ c ) | m = 0 ) ( c ) ¯ ¯ i = 1 M b P ( m ^ E = 2 i 1 | m = 0 )
C S x = max P ( x c ) { I ( x c , y ) I ( x c , z ) } = max P ( x c ) { [ H ( y ) H ( y | x c ) ] [ H ( z ) H ( z | x c ) ] } = max P ( x c ) { H ( y ) H ( z ) } + H ( z | x c ) H ( y | x c ) ( d ) H ( z | x c ) H ( y | x c )
C S x = h ( P E e ) h ( P B e )
{ R x C S x l R x C S u R x min { C S x , C S u l } = min { C S x , C S u 0 }
{ | α B | | α B 0 | M b π | α E | > 1 | α B 0 | 10 β L B 20 | α | < M b π r

Metrics