**3.1. Basic configuration**

The Y-00 encryption transmission equipment shares the initial key (Seed Key) between transmitter and normal receiver and performs synchronization processing on each side.

And it configures a pair of transceivers between transmitter and receiver. Figure4 shows the basic configuration of the transmitter of the transceiver. A running key that actually makes encryption is generated from the Seed Key shared by the transmitter and receiver. And the base information (a pair of combination) is selected by the running key from multiple values. Furthermore, the signal level to be used actually is determined from this base information. Input data is converted to a multi-value level by the code modulator and is then output from the subsequent electrical/optical (E/O) converter as a Y-00 encryption optical signal. Figure5 shows the basic configuration of the receiver of the transceiver. The Y-00 encryption optical signal sent from the transmitter is converted to an electrical signal (voltage value) by the O/E converter. And base information is created by the Seed Key in the same procedure as the transmitter. A threshold value that allows the best reception signal to be distinguished is selected from this base information. And a value of 0 or 1 is distinguished by the decoder concurrently with the decoding processing to restore the previous data. This synchronized work between transmitter and receiver performs all processing in each bit of the data transmission rate.

**Figure 4.** Structure of transmitter of Y-00

8 Optical Communication

**Figure 2.** Signal basis and quantum noise

for background mentioned above (Figure3) [22,23].

**Figure 3.** Eavesdropping from optical fiber

**3. Implementation of Y-00** 

**3.1. Basic configuration** 

This reflectance varies by bending the optical fiber. If the optical fiber is bent at a sharp angle in particular, the refractive index of the core and clad extremely changes. Therefore optical signal not be able to total reflection. Part of the optical signal will leak out for that. Signal monitoring equipment that uses this principle has been commercialized and used as a measuring instrument. Tapping data from optical fibers has become relatively easy at present due to the technical advance (including high-speed, high-sensitivity detector and low-noise optical amplifier) in optical communication as shown in this example. Measures for improving safety to independently protect transmission paths have become imperative

The Y-00 encryption transmission equipment shares the initial key (Seed Key) between transmitter and normal receiver and performs synchronization processing on each side.

**Figure 5.** Structure of receiver of Y-00

## **3.2. Enhancing safety**

The probability of eavesdropper's signal level detection error increases with the increase in noise distribution range as described about the safety of Y-00 in the previous section. This effect makes it difficult to extract the correlation of signal level samples acquired by a eavesdropper. Therefore more samples are required. This determines irreducible absolute amount of time necessary to obtain the number of samples required for decryption. This time is for the safety of the people it is possible to secure almost forever (finite strictly) if it is an astronomical value (hundreds of millions of years). Quantum noise contained in coherent light is Poisson distribution dependent on the average optical power as is well known. But this quantum noise is effective between adjacent multi-value levels but it cannot affect entire signal area. For this reason, Y-00 enhances safety using various methods [5,17,18]. This quantum noise effect diffusion method is called Randomization. The following introduces several typical methods.

1. Overlap Selection Keying (OSK)

OSK is a method that allocates logic information (1 or 0) to "High" or "Low" level of light at random to make it difficult for eavesdroppers to decipher signal information "1" or "0" even if they can detect the reception level [16]. Logic of the signal is randomly allocated to a "1" and "0" for each 1bit in order to achieve the OSK. This operation makes it difficult to distinguish whether the signal level detected by tapping is positive logic "1" or negative logic "0". This method is the same as general stream cipher, but is different in purpose and effect. In the basic Y-00, adjacent signal levels are replaced with bit information "1" and "0" alternately. But eavesdroppers can predict the code by focusing on "1" or "0" every other level. Therefore, the safety level is equivalent to the case when the number of values (number of bases) is reduced to 1/2. To solve this problem, changing bit information on a bit basis can maintain degree of difficulty of decryption [12,15,17,24].

2. Keyed Deliberate Signal Randomization (KDSR)

Uniforming the conditional probability of multi-value signal detection in Y-00 is important in terms of cryptographic theory. KDSR is used to perform the uniforming [14]. It is a correction technology that does not directly enhance safety but spuriously evenly expands the quantum noise distribution that is effective for eavesdroppers in detecting the multi-value signal level. This method produces effects equivalent to the case where S/N deterioration effect (overlap of quantum noise between adjacent multi-value signal levels) of eavesdroppers is diffused to a wide area as described in the previous section. Figure6 illustrates this mechanism.

Y-00 of optical intensity modulation is causing a level detection error by the quantum noise distribution overlaps of the adjacent signal level as described in the previous section. It is preferable to uniform the entire multi-value signal level. But it degrades the receiving sensitivity of normal receivers making communication difficult. KDSR slightly fluctuates the selected signal level by shifting a part of multi-value level selections conditions at random to solve this problem. Figure 6 (a) shows this state. The k's true value M is diffused to a range of M±2 by diffusion using KDSR in this example. Furthermore, the noise effect can be

**Figure 6.** Mechanism of the spread by the random shifter.

**3.2. Enhancing safety** 

several typical methods.

1. Overlap Selection Keying (OSK)

The probability of eavesdropper's signal level detection error increases with the increase in noise distribution range as described about the safety of Y-00 in the previous section. This effect makes it difficult to extract the correlation of signal level samples acquired by a eavesdropper. Therefore more samples are required. This determines irreducible absolute amount of time necessary to obtain the number of samples required for decryption. This time is for the safety of the people it is possible to secure almost forever (finite strictly) if it is an astronomical value (hundreds of millions of years). Quantum noise contained in coherent light is Poisson distribution dependent on the average optical power as is well known. But this quantum noise is effective between adjacent multi-value levels but it cannot affect entire signal area. For this reason, Y-00 enhances safety using various methods [5,17,18]. This quantum noise effect diffusion method is called Randomization. The following introduces

OSK is a method that allocates logic information (1 or 0) to "High" or "Low" level of light at random to make it difficult for eavesdroppers to decipher signal information "1" or "0" even if they can detect the reception level [16]. Logic of the signal is randomly allocated to a "1" and "0" for each 1bit in order to achieve the OSK. This operation makes it difficult to distinguish whether the signal level detected by tapping is positive logic "1" or negative logic "0". This method is the same as general stream cipher, but is different in purpose and effect. In the basic Y-00, adjacent signal levels are replaced with bit information "1" and "0" alternately. But eavesdroppers can predict the code by focusing on "1" or "0" every other level. Therefore, the safety level is equivalent to the case when the number of values (number of bases) is reduced to 1/2. To solve this problem, changing bit information on a bit

Uniforming the conditional probability of multi-value signal detection in Y-00 is important in terms of cryptographic theory. KDSR is used to perform the uniforming [14]. It is a correction technology that does not directly enhance safety but spuriously evenly expands the quantum noise distribution that is effective for eavesdroppers in detecting the multi-value signal level. This method produces effects equivalent to the case where S/N deterioration effect (overlap of quantum noise between adjacent multi-value signal levels) of eavesdroppers is diffused to

Y-00 of optical intensity modulation is causing a level detection error by the quantum noise distribution overlaps of the adjacent signal level as described in the previous section. It is preferable to uniform the entire multi-value signal level. But it degrades the receiving sensitivity of normal receivers making communication difficult. KDSR slightly fluctuates the selected signal level by shifting a part of multi-value level selections conditions at random to solve this problem. Figure 6 (a) shows this state. The k's true value M is diffused to a range of M±2 by diffusion using KDSR in this example. Furthermore, the noise effect can be

a wide area as described in the previous section. Figure6 illustrates this mechanism.

basis can maintain degree of difficulty of decryption [12,15,17,24].

2. Keyed Deliberate Signal Randomization (KDSR)

diffused to a range of M±5 with the effect of quantum noise distribution (b). The quantum noise distribution function P(k|l) to the individual signal level k diffused by effects of KDSR is evenly arranged, where the l signal level measurement error probability is P(l|i) as the effect of quantum noise at this time. At this time, the effect (a) of KDSR is P(k|l). In addition, the quantum noise effect on the l that are distributed with the effect of (a) is P(l|i). Therefore, the conditional probability P(k|i) of error of true signal level k is shown by the following expression.

$$P\left(k \mid i\right) = \sum\_{i} P\left(k \mid l\right) P\left(l \mid i\right) \tag{1}$$

With respect to effects on the receiving sensitivity of normal receivers at that time, the signal level degradation PKDS is shown by the following expression. Conditions are described below. Also ±n is quantum noise diffusion effect by KDSR, 2M is number of multi-values and P2M is full signal amplitude.

$$P\_{KDSR} = 2\left(\frac{P\_{2M}}{2M}\right)|n|\tag{2}$$

For example, if 2M=4096 and n=±3, the level of effects on normal receivers deteriorates to about 1/683 of the signal's full amplitude power. This effect is slight for normal receivers. The following describes KDSR in terms of quantum noise distribution. Figure7 illustrates the range of effects of signal level "i" on the adjacent level when KDSR is not applied. The quantum noise effect is exerted to the reference level ±2 in this example. For this reason, the base selection information error probability is biased and therefore eavesdroppers can estimate a part of the base selection information more easily. KDSR is applied to the base

selection information that determines base selection as shown in Figure6 to diffuse noise effects on multi-value levels as shown in Figure8 to solve this problem. Thus the bias in the probability distribution of base selection information error is reduced. And making it very difficult to estimate the base selection information [17,25].

**Figure 7.** The spread of the noise (KDSR nothing)

**Figure 8.** The spread of the noise (KDR)

#### 3. Irregular mapping

12 Optical Communication

selection information that determines base selection as shown in Figure6 to diffuse noise effects on multi-value levels as shown in Figure8 to solve this problem. Thus the bias in the probability distribution of base selection information error is reduced. And making it very

difficult to estimate the base selection information [17,25].

**Figure 7.** The spread of the noise (KDSR nothing)

**Figure 8.** The spread of the noise (KDR)

Bit error positions become uneven due to effects of the quantum noise distribution in the basic model. Therefore, fast correlation attack may be enabled if the key length is short in the basic array (alternate arrangement of "1" and "0") of bit information of adjacent multivalue levels determined by the base information [25]. However, bit error positions must be uniform to disable such fast correlation attack. Irregular mapping has been developed in order to provide immunity against fast correlation attack even when the short key length [26]. This method disables eavesdroppers to decrypt Y-00 cipher except for complete Brute Force Attack. Figure9 shows the concept of irregular mapping. Synchronization is established between transmitter and receiver. Then bit information is arranged irregularly in the mapping of the multi-value level corresponding to the base. Bit error positions are evenly diffused because the arrangement of the bit information of adjacent multi-value levels is irregular even if the quantum noise distribution effect range is physically the same. This effect disables the fast correlation attack that uses non-uniformity of bit error rate for decryption when the multi-value signal is returned to bit information [17].

**Figure 9.** Irregular mapping

#### **3.3. Y-00 encryption circuit**

Figure10 shows the configuration of the encryption and modulation circuit that is actually mounted in the Y-00 transmitter. Clock is extracted from input plaintext data for selfsynchronization by the Clock Data Recovery (CDR) function. The information for synchronization processing and control is added to the original signal in the Y-00 transmission. Therefore, clock frequency is converted in the FIFO circuit and change the data rate. And frame processing is performed by the framer then information required for

synchronization is added. OSK processing is added to this signal to generate a main signal to be the original signal as described in section 3.1. On the other hand, multi-value level selection signal is generated as follows. Running Key is generated from the Seed Key as a first. Then a base selection signal to be the original signal is generated using the randomly mapped base configuration information. This selection signal generates a multi-level selection signal level after processing by KDSR. The multi-value level selection signal that is the same as the main signal is weighted by each driver circuit and added to determine the multi-value level and generate an encoding signal for encryption of Y-00. The operating principle of this final-stage processing is the same as that of the Digital to Analog (D/A) converter. By driving the optical external modulator using the Y-00 signal generated, the Y-00 encryption signal becomes an optical signal with valid quantum noise effect. [17,18].

**Figure 10.** The configuration of the coding of the Y-00 transmitter

### **3.4. Decoder circuit**

Figure11 shows the configuration of the decoder circuit in the Y-00 receiver. The Seed Key information and irregular mapping information are also provided in the receiver as common information. The basic circuit configuration of the decoder is the same as the encryption circuit of the transmitter. However, the receiver does not perform the decoding of KDSR. Therefore, from the decoder outputs a decoding signal (threshold value selection information) of Y-00. The threshold value controller distinguishes the signal on a bit by bit to generate a threshold value level with the best level and timing. Optimum adjustment is made for the threshold level and timing by the Automatic Gain Control (AGC) amplifier and the threshold value controller. Furthermore, the decoder establishes bit synchronization and key synchronization for encryption of Y-00 [17,18].

**Figure 11.** The configuration of the decoding circuit of the Y-00 receiver
