HTML5 Webook

21/84

is picked up, the rate changes and the amount of informa-tion leaked to eavesdropper can be estimated. For more details see [24] and [25].・Key distillation blocke key distillation block consists of a key distillation device of the receiver and a public communication channel for connection. e random number sequence sources of control block A and B supply the same random number sequence to the encoder and decrypter to the key distilla-tion device. Also, the detection signal from the photon detector is supplied to Bob’s key distillation device via control block. e data comparing the detection signal of Bob and its corresponding random number sequence data is called the “raw key.” Time synchronizing is performed using a synchronous signal for exchanging random number sequence and detection signals. e raw key thus shared is processed for key distillation described as follows to extract the ultimate cryptography key.Figure 4 shows a rough ow of the key distillation process (conforming to the BB84 protocol as an example). Aer transmission of a photon, numerous data on the raw key data are created at Alice and Bob. e data is grouped in as large blocks as possible, for example one million bits, and the key is distillated by the blocks as is shown in Fig. 4.(i) For the rst, comparing the base via public com-munication channel and extracting the bit sequence of the same base as the “sied key”(ii) Picking up a part of the sied key as a test bit and sharing it between the transmitter and receiver via public communication channel, and then calculating the rate of dierent bits of the Z-base, the so-called “bit error rate PB”(iii) If this value is larger than a certain threshold Pth, (PB ≥ Pth), it is judged as a eavesdropping and key distil-lation is stopped by discarding the whole block.(iv) If the value is smaller than the threshold (PB < Pth), an error correction process is applied to the sied key.(v) Moreover, estimating the phase error rate and de-ciding the rate of “sacriced bits” according to the phase error rate, and extracting an ultimate safe cryptography key by performing condentiality enforcement processing ac-cording to the rateEven when Eve eavesdrops, if the bit error rate is smaller than the threshold (PB < Pth), it is possible to sup-press the amount of information leaked to Eve to eec-tively zero by discarding some amount of bits randomly selected from the “error corrected key” of which conden-tiality is strengthened as “sacriced bits.”For example, in the case of the standard BB84 protocol, the threshold is about Pth ~11 %.In reality, bit errors in QKD can be caused by transmis-sion errors in the quantum communication channel, device errors at modulation and demodulation and noise of the photon detector in addition to eavesdropping. As it is impossible to distinguish a bit error due to incompleteness of devices from that by eavesdropping, the worst condition for transmitters and receivers, it is assumed that all errors are caused by the eavesdropper.e most advanced QKD device can suppress the bit error rate Pth to several % through several 10 km eld in-stalled bers. If the bit error rate increases from this value, it is determined that eavesdropping occurred. By the conventional optical communication diagnosis technology, the attack where a photon is picked up for measuring from Checking error in sifted keycalculation of bit error rate PBAliceBobPhoton transmission Basis collationError collection (E.C.)Privacy amplification Sifted keySifted keySecure keySecure keyLow keyTest bit Test bitKey after E.C.Key after E.C.Sacrifice bitEstimation of phase errorLow keyLeakage informationPB＜Pthcontinue processPB＞Pthdiscard sifted keySuspecting eavesdropping Basis collationError collectionPrivacy amplificationFiF4　Flow of key distillation process173-1 Research and Development of Quantum Key Distribution Network in NICT