Open Access
Add to BibSonomy
Abstract
We present the operation of a 1.5-Gb/s real-time Y-00 quantum stream cipher as an overlay in a modern coherent wavelength-division multiplexed (WDM) transmission system. We investigate transmission performance in two different wavelength allocation scenarios. The first scenario places the Y-00 cipher signal in a vacant 50-GHz channel slot between two 50-GHz spaced real-time processed 32-Gbaud PDM-16-QAM (256-Gbit/s) channels. The second scenario puts the Y-00 cipher signal in the small gap between two adjacent 50-GHz spaced WDM channels, hence implementing a secure channel overlay in a fully loaded WDM system. In both scenarios, the Y-00 cipher signal and the 256-Gbit/s signals are transmitted over 320 km.
© 2017 Optical Society of America under the terms of the OSA Open Access Publishing Agreement
1. Introduction
With the proliferation of cloud computing and Big Data applications, the amount of mission-critical and sensitive data transported over optical networks drastically increases. At the same time, the underlying fiber-optic transmission systems are susceptible to various security risks. For example, fiber-optic cables are typically readily accessible and can be easily tapped using, e.g., evanescent coupling at an intentionally introduced fiber bend [1,2]. When carefully placed along the transmission link, e.g., at places of high optical power immediately following an optical amplifier, such eavesdropping attacks can remain undetected for a long period of time. Thus, the development of data protection schemes for optical fiber communications is of great importance. Traditionally, higher-layer encryption schemes are used that employ a secret or a shared key to encrypt a message, based on a suitable encryption function whose inversion without knowledge of the secret key is mathematically hard, which establishes various levels of computational security. Complete security can only be achieved by using the one-time pad (OTP), where a perfectly random secret key has the same length as the message to be transmitted. Secret keys may be generated through quantum key distribution (QKD), but the OTP requirement that the secret key must equal the message length limits messaging rates to the relatively low key rates achieved over relatively short distances by QKD. On the other hand, data protection schemes that combine physical randomness with suitable algorithms may allow for high-speed encryption based on physical ciphers [3–10]. Here we focus on the quantum stream cipher [6–10], which uses quantum noise to create a security advantage for legitimate users.
A physical cipher employing multi-level signaling that realizes a direct data encryption system was theoretically proposed as “alpha-eta” by H. P. Yuen et al. in [6,7] and experimentally demonstrated [8]. Later the cipher was called Y-00 quantum stream cipher. Since the scheme is compatible with optical fiber communication systems, there is no need to develop novel devices to realize a Y-00 cipher. The scheme provides high security against eavesdropping by masking signals with quantum noise. Implementations of the Y-00 cipher have been shown based on various modulation formats, including phase modulation (PM) [8], intensity modulation (IM) [9], and quadrature-amplitude modulation (QAM) [10]. Experimental demonstrations [9,11–18] include data rates in the Gbit/s regime. PM-based Y-00 receivers require either 1-bit differential detection using an optical delay interferometer or coherent detection using a local oscillator. QAM-based receivers require coherent detection. The practically simplest scheme is based on IM using direct detection. The security level of the IM scheme was theoretically investigated [19] and experimentally studied by measuring the amount of noise masking [18]. Recently, a transceiver of the intensity modulation Y-00 cipher using the Gigabit Ethernet (GbE) protocol has been developed. In the transceiver, an irregular mapping function was first incorporated as a randomization scheme to realize higher security levels [21,22]. Its performance was experimentally investigated in a single-channel transmission experiment over an 80-km long optical fiber without inline optical amplifiers [22]. A typical deployment of the Y-00 quantum stream cipher transceiver, however, would be implemented as an overlay to a conventional optical fiber transport system employing wavelength division multiplexing (WDM) technologies.
In this paper, we report an all real-time experiment using a real-time 1.5-Gb/s Y-00 quantum stream cipher transceiver as an overlay in a modern, high spectral efficiency coherent WDM system based on real-time 256-Gbit/s digital coherent transceivers employing polarization-division multiplexed (PDM) 16-ary quadrature amplitude modulation (16-QAM) on a 50-GHz channel grid. Investigations of both security and transmission performance are essential in evaluating the cipher. In this work, we focus on the investigation of the transmission performance. Two different overlay channel allocation schemes are demonstrated. The first scenario assumes that a vacant 50-GHz channel slot is available within the WDM band, and the Y-00 cipher signal is placed in this vacant channel slot, sandwiched by two 256-Gbits/s signal channels on either side. The second scenario assumes a fully loaded WDM scenario with no vacant 50-GHz channel slot. Here, the Y-00 cipher signal is placed in the small gap between two adjacent 50-GHz spaced 256-Gbit/s WDM signal channels. In both scenarios, the Y-00 cipher signal and the 4 coherent WDM channels were transmitted over 320-km standard single mode fiber (SMF).
2. Y-00 quantum stream cipher
The Y-00 quantum stream cipher provides a symmetric-key direct data encryption system for secure fiber-optic communications. One of the most essential features of the Y-00 quantum stream cipher is its use of multi-level optical modulation for cryptographic purposes. In the implementation discussed here, multiple intensity levels are being used to implement the cipher. With reference to Fig. 1(a), the transmitter generates 2M distinct signal intensity levels. These 2M intensity levels form M disjoint subsets, each subset consisting of two levels that encode a binary 0 and 1, respectively. We call each subset a signaling basis. The intensity levels are chosen such that within each basis, the intensity difference between the two levels is large enough to allow for proper discrimination of 0 and 1 levels, but between two adjacent bases the level spacing is so small that adjacent levels cannot be resolved. In addition, adjacent bases use inverted logic, i.e., while a logical 0 is represented by the lower intensity level in basis k, it is represented by the upper intensity level in basis k + 1.
Fig. 1 Basic principle of Y-00 quantum stream cipher. (a) Sets of modulation bases. (b) Basic transmitter and receiver setup. Schematics of (c) a waveform and (d) the power distribution at the center of eye diagram.
In each time slot, the transmitter first choses a basis using a pseudo-random number generator (PRNG), which expands a short pre-shared key into a much longer running key. The pre-shared secret key is K bits long and the expanded key has a length of 2K - 1 bits. Of this expanded bit stream, each group of log2M bits forms a pseudo-random index that determines the bias for the subsequent intensity modulator as shown in Fig. 1(b) and hence chooses a random basis for each transmitted bit; ~2K/log2M bits can be transmitted before the secret pseudo-random encoding sequence repeats. In our implementation, 2K/log2M corresponds to ~1076 (~1059 years at 1 Gb/s) for K = 256 and M = 211. In addition, the logic to be used for data modulation is inverted for adjacent bases, as shown in Fig. 1(a). Figure 1(c) shows the resulting intensity waveform at the transmitter output. As shown in Fig. 1(b), the receiver uses the same PRNG and pre-shared secret key to generate signals for both a bias-subtraction circuit and logic inversion depending on the respectively chosen basis. A preamble is used for synchronizing the running keys of the transmitter and receiver before starting cipher communication. Since the two intensity levels within each basis are chosen far apart from each other, error-free communication is possible between the legitimate users, even in the presence of noise, indicated by the red shaded areas in Fig. 1(c).
3. Security considerations in a system limited by shot noise and beat noise
There are various approaches to the security analysis of the Y-00 quantum stream cipher. For example, Barbosa et al. showed that the error probability of an eavesdropper with a quantum optimum receiver tends to 0.5 in an individual attack on the data bit for a phase modulation implementation of the Y-00 cipher by increasing the number of signal levels [8]. Nair et al. discussed the security features of this scheme in the framework of random ciphers including a response to some criticisms [23], and a more practical security analysis was done by Hirota [24]. As pointed out by [25], the basic model of the Y-00 quantum stream cipher requires a careful design against correlation attacks when the PRNG is implemented by an LFSR with a very short key. To counteract this problem, Shimizu et al. proposed an irregular mapping to provide immunity against correlation attacks even when the key of the installed LFSR is short [26].
If an eavesdropper without access to the expanded key were to extract the conveyed message from intensity measurements, it would have to uniquely resolve each of the 2M intensity levels. Depending on what side information is available to the eavesdropper, such an attempt could lead to an intercepted message and/or an intercepted key. This can be made impossible either practically (based on making the level spacings smaller than what can be resolved using state-of-the-art high-speed analog-to-digital converters (ADC)) or fundamentally (based on making the level spacings much smaller than the shot noise standard deviation as the ultimate noise limiting intensity resolution).
In fact, it has been rigorously proven that according to quantum signal detection theory [27], an eavesdropper cannot distinguish the signals without error due to the non-orthogonality of coherent states of light and the effect of quantum noise in a quantum measurement process. The error probability of the optimum quantum receiver of an eavesdropper in this attack can be made to be almost 0.5 by increasing M [27]. This means that the eavesdropper has no other choice except for pure guessing in this attack.
From a more practical point of view, Fig. 1(d) illustrates the signal power distribution over all signal levels. The power distribution was experimentally observed to be flattened so that the peak points of the signal levels are masked by noise [22].
Analyzing this situation more quantitatively, and with reference to Fig. 2(a), an eavesdropper (Eve) could use a perfect ADC to detect each transmitted intensity level. It is important to assess the probability with which Eve is able to record the correct intensity levels despite noise masking. Assuming a mark ratio of 0.5, an average power of 1 mW and extinction ratio (P2M-1/P0) of 2, as used in the experiments reported in this paper, P2M-1 and P0 are 1.33 and 0.66 mW, respectively. With M = 2048 and S = 0.85 A/W the level spacing Δi in terms of detected photocurrent at a 1-mA average optical power is Δi = (P2M-1 - P0)S/2M = 1.39 × 10−7 A. In order to assess detection noise, it is important to distinguish between an eavesdropper tapping close to the transmitter and an eavesdropper tapping close to the receiver. In the former case, detection will be limited by quantum (shot) noise, while in the latter case signal-ASE beat noise will fundamentally limit the eavesdropper’s ability to resolve intensity levels. For the first case (shot noise limited detection when tapping at the transmitter), the corresponding shot noise variance at the high signal levels is σ2M-1 = (2eSP2M-1B)1/2 = 9.89 × 10−7 A and at the low signal levels it is σ0 = (2eSP0B)1/2 = 6.97 × 10−7 A, where e is the elementary charge and the electrical receiver bandwidth B is 2.7 GHz. With these parameters, the probability of Eve detecting a wrong level becomes erfc(Δi/(2√2σ2M-1)) = 94% at the high signal levels and erfc(Δi/(2√2σ0)) = 92% at the low signal levels. It is evident that Eve, when eavesdropping a shot-noise limited signal with a receiver that is cooled to avoid any masking by thermal noise, could obtain data including ~8% correct intensity levels. However, Eve does not know which part of the data is correct. Exploiting this information through various forms of correlation attacks is beyond the scope of this work. Moreover, in practice, thermal noise and insufficient ADC resolution will technologically further inhibit eavesdropping attempts.
Fig. 2 (a) Probability calculation for Eve to detect the wrong level; (b) Eve's probability of detecting the wrong level vs. number of levels 2M at an extinction ratio of 3 dB; (c) Eve's probability of detecting the wrong level vs. extinction ratio at 2M = 4096.
When eavesdropping signal in the presence of amplified spontaneous emission (ASE), the beat noise between signal and ASE will limit Eve’s ability to correctly detect the intensity levels. The signal-ASE beat noise variance is given by σs-ASE = (2S2P2M-12B/(BrefOSNR))1/2 for the higher-intensity levels and σs-ASE = (2S2P02B/(BrefOSNR))1/2 for the lower-intensity levels. For an optical signal-to-noise ratio (OSNR) of 30 dB within a noise reference bandwidth of Bref = 12.5 GHz (0.1 nm), the level detection error probability is 99.7% at the higher-intensity levels and 99.5% at the lower-intensity levels. Signal-ASE beat noise is much stronger than shot noise and yields a probability that Eve can detect the correct intensity levels of only 0.5%, making correct level decisions much harder.
Figures 2(b) and 2(c) show the level detection error probabilities as a function of the number of levels 2M in Fig. 2(b) and of the extinction ratio in Fig. 2(c); both M and the extinction ratio are design parameters of Y-00 cipher. The operating points used in our experiments are indicated by circle makers. For the case of the signal-ASE beat noise, the error probability is approximately 1 regardless of M and extinction ratio. When only shot noise is considered, which is an unrealistically idealizing assumption for Eve due to the presence of thermal noise and limited ADC resolution, the level detection error probabilities approach to 1 for sufficiently large values of M. We also observe that the error probabilities increase for smaller extinction ratios.
To avoid correlation attacks, various randomization schemes can be added to the Y-00 quantum stream cipher transceivers. The transceiver of the Y-00 quantum stream cipher used in this work possesses two types of additional randomizations: overlap selection keying (OSK) and irregular mapping. The former is used for scrambling message bits, and the latter defines a non-standard binary-to-decimal conversion rule. Detailed discussions on these as well as additional randomization techniques can be found in [20–22].
4. Back-to-back performance of Y-00 quantum stream cipher transceiver
In the Y-00 cipher transmitter, a binary signal is modulated at 1.5 Gbit/s using a LiNbO3 Mach-Zehnder modulator, whose bias is set on a bit-by-bit basis based on a stream of pseudo-random numbers (PRNs) as discussed above. Taking account of the effect of noise masking and the implementation of both OSK and irregular mapping, one can use a linear feedback shift register (LFSR) as the PRNG. The length of the initial pre-shared key is 256 bits, and the length of the resulting key stream is 2256 - 1. The number of bias levels in the Y-00 cipher transceiver is M = 2048 ( = 211), and consequently the Y-00 optical cipher signals generated by the transmitter has 4096-intensity levels. The power ratio of the highest cipher signal to the lowest, P2M-1 / P0 in Fig. 1(c), is set to 2.0 (3 dB). The binary data is a pseudo-random bit sequence (PRBS) with a length of 231 - 1. The wavelength of the Y-00 cipher signal is set to 1550.12 nm and the average transmit power is 0 dBm. In the Y-00 cipher receiver, the incoming Y-00 cipher signal is converted to an electrical signal by direct detection using a photo-diode of 9 GHz bandwidth and a responsivity of 0.85 A/W, followed by electronic components of 2.7 GHz, which set the receiver’s electrical bandwidth. Then, the multi-level electrical signal is decrypted to a binary signal by changing the threshold level of a decision circuit in a bit-by-bit manner using the same PRNs generated from the key shared between the transmitter and receiver. The details of the Y-00 cipher transceiver are described in [22].
We first measure the bit error ratio (BER) in a back-to-back configuration using optical noise loading as shown in Fig. 3. The OSNR is set by adding ASE from an erbium doped fiber amplifier (EDFA) to the signal. A 0.5-nm optical bandpass filter is used to suppress out-of-band ASE. The optical power at the photodetector is kept constant at −5 dBm. The noise reference bandwidth for OSNR measurements is 0.1 nm, and the OSNR is reported with both ASE polarizations included. Open circles in Fig. 4(a) show the BER of the Y-00 signal with 4096 intensity levels and a max-to-min power ratio of 2.0. The OSNR required for achieving a BER of 10−9 is 30 dB. An eye diagram of the Y-00 signal is shown at the top of Fig. 4(b). The bandwidth of a photo-detector used for measuring the eye-diagrams was 12.4 GHz. The white horizontal line indicates the absence of optical power as a reference line. The eye looks closed since the power difference between neighboring power levels is as small as 0.16 μW when the average power of the Y-00 signal is 1 mW. The eye diagram contains 2048 basis sets, and the extinction ratio (ER) of the bases ranges from 1.33 (highest-power basis set) to 1.50 (lowest-power basis set). To verify Y-00 receiver performance, we disabled the pseudo-random bias modulation and set the number of intensity levels generated by the transmitter to 2, which corresponds to a conventional binary intensity modulation with a relatively high DC bias. Eye diagrams and BERs were measured for the highest and lowest power basis sets as shown in Fig. 4(b). The ERs were 1.33 and 1.5 for the highest and lowest settings, respectively. The BERs for these cases are plotted as filled circles and squares in Fig. 4(a). As expected, the two curves represent the best-case and the worst-case performance of the actual Y-00 signal: At high OSNR and/or for low-ER signals (highest-intensity eye), signal-ASE beat noise has a stronger impact, and the performance of the Y-00 signal hence approaches that of the high-intensity eye at high OSNR. Conversely, at low OSNR and/or for high-ER signals (lowest-intensity eye), ASE-ASE beat noise is more important, and the performance of the Y-00 signal hence approaches that of the low-intensity eye at low OSNR.
Fig. 4 (a) Bit error ratio characteristic of Y-00 cipher signals. Open circles: 4096-intensity levels, filled circles: binary intensity modulation using the highest-power basis set; filled squares: binary intensity modulation using the lowest-power basis set. (b) Eye-diagrams measured by a photodiode with 12.4-GHz bandwidth. Top: 4096-intensity levels, middle: binary intensity modulation using the highest-power basis set; bottom: binary intensity modulation using the lowest-power basis set.
5. Single-channel transmission of Y-00 cipher signal
Next, we investigate the transmission performance of the Y-00 cipher signal in an optical fiber transmission system using the setup shown in Fig. 5. Two Y-00 cipher transceivers as described above serve as transmitter and receiver for the secure channel. The transmission line consists of 4 spans of standard single mode fiber (SMF). Each span is 80 km long with EDFAs compensating for the span loss. The total transmission distance is 320 km.
The input power of the Y-00 cipher signal (PY-00) to each SMF span is set to the same value and is varied as a single parameter. Figure 6(a) shows an eye diagram of the Y-00 cipher signal at the transmitter (the bandwidth of the photo-detector is 30 GHz). At the receiver, a fiber Bragg grating (FBG) with a 3-dB bandwidth of 0.05 nm (6.2 GHz) is used to suppress out-of-band ASE noise, and the BER of the binary data after Y-00 decryption is measured. The BER as a function of OSNR is plotted with open circles in Fig. 6(b). An OSNR of 20 dB corresponds to a per-span launch power of −9 dBm and an OSNR of 33.2 dB corresponds to a launch power of 4 dBm. As can be seen from the figure, BERs below 10−9 were achieved. For comparison, the back-to-back performance (filled circles) is measured using the noise loading setup of Fig. 3, but with the FBG filter instead of the 0.5-nm filter. No significant penalty is observed. Deviations at high OSNR are caused by the onset of nonlinear distortions at the correspondingly high signal launch powers.
Fig. 6 (a) Y-00 cipher optical signal measured at the transmitter by a photo-detector with 30-GHz bandwidth. The white line shows the zero level. (b) Bit error ratio characteristics of the Y-00 cipher signal. Filled circles: back-to-back transmission; open circles: transmission after 320 km.
6. WDM transmission of the Y-00 cipher signal as an overlay
We next transmit the Y-00 cipher signal as an overlay in a WDM transmission system consisting of 4 wavelengths, each carrying 256-Gbit/s signals using 16-ary quadrature amplitude modulation (16-QAM) and real-time digital coherent detection based on Nokia’s PSE2s line card [28]. The setup is shown in Fig. 7. Transmission performance is evaluated in two different channel allocation scenarios as shown in Fig. 8. In the first scenario as shown in Fig. 8(a), there are a total of five 50-GHz channel slots allocated in the system, with the Y-00 signal occupying the center channel and four 256-Gbit/s coherent signals occupying the remaining four channels. This setting tests the application of a secure communication channel within a vacant WDM channel slot that is normally reserved for 256-Gbit/s coherent signals. In the second scenario as shown in Fig. 8(b), there are only four 50 GHz channel slots used, and all are allocated to 256-Gbit/s coherent signals. The Y-00 cipher signal is inserted in the small gap between two 50-GHz spaced 256-Gbit/s channels.
Fig. 7 Setup of the WDM transmission experiment using a Y-00 cipher signal and four channels of 256-Gbit/s polarization multiplexed 16-QAM over 320 km.
Fig. 8 Optical spectra of two different channel allocation scenarios, measured with a resolution of 0.01 nm. (a) five 50-GHz channel slots allocated, with the Y-00 signal occupying the center channel and four 256-Gbit/s coherent signals occupying the remaining four channels. (b) four 50-GHz channel slots allocated and loaded with 256-Gbit/s coherent signals. The Y-00 cipher signal is inserted in the small gap between two 50-GHz spaced 256-Gbit/s channels.
The wavelength of the Y-00 cipher signal is fixed to λY-00 = 1550.12 nm (193.400 THz). The Y-00 cipher launch power (PY-00) is set between −6 dBm to approximately + 5 dBm. The coherent 256-Gbit/s signals are generated as polarization-multiplexed 16-QAM at a symbol rate of 32 Gbaud. A digital Nyquist filter with a root raised cosine (RRC) roll-off factor of 0.2 is applied to shape the spectrum. The effective data rate excluding forward error correction (FEC) overhead is 200 Gbit/s per WDM channel. A pseudo random bit sequence with a length of 231 - 1 is loaded as test data for the coherent channels. At the receiver side, the WDM signals were input to a 256-Gbit/s digital coherent receiver and a Y-00 receiver, respectively. In the Y-00 receiver, the Y-00 signal was filtered by the 6.2-GHz FBG filter, and BERs were measured after decryption. In the 256-Gbit/s digital coherent receiver, the channel to be received was selected by tuning the wavelength of the local oscillator laser. BERs were measured in real time, from which Q-factors were calculated. Constellations of each polarization component were also recovered. The details of the digital coherent transmitter and receiver are described in [28].
The input powers of the 256-Gbit/s signals into the 80-km spans of SMF were optimized in the WDM configuration with four channels of 256-Gbit/s signals only. The optimum input power was 0 dBm/ch, achieving Q-factors of 11.4 dB after 320-km transmission. With the help of FEC, error free operation of all channels was achieved at this power level. In the following transmission experiments, the powers of the 256-Gbit/s channels launched into the transmission fibers were kept fixed at 0 dBm/ch.
6.1 Y-00 cipher overlay in a vacant 50-GHz spaced frequency grid
In the scenario of Fig. 8(a), the four 256-Gbit/s channels were set to the 50-GHz spaced frequency grid of λ#1 = 1549.32 nm (193.500 THz), λ#2 = 1549.72 nm (193.450 THz), λ#3 = 1550.52 nm (193.350 THz) and λ#4 = 1550.92nm (193.300 THz). The Y-00 signal was set to 1550.12 nm (193.400 THz). The BERs of the 256-Gbit/s channels were measured as a function of the Y-00 cipher power (PY-00) to evaluate the impact of the Y-00 signal on the coherent channels. The OSNR of the Y-00 signal is set between 20 dB and 33 dB. Q-factors calculated from the BERs are plotted in Fig. 9(a). The Q-factors were 11.40 ± 0.15 dB, which is comparable to the case where the Y-00 cipher signal is absent, indicating that no penalty to the coherent channels is induced by inserting the Y-00 cipher signal. After FEC decoding, error free transmission of the four coherent channels at a 200-Gbit/s net data rate was achieved. A representative constellation of one of the two polarization components of 256-Gbit/s signals at λ#2 is shown in Fig. 9(b), which shows no visible degradation when PY-00 = + 4.5 dBm. Similar constellations were observed for the other channels.
Fig. 9 (a) Q-factors of 256-Gbit/s channels for Y-00 cipher signal powers from −6 to 4.5 dBm; (b) Constellation of 256-Gbit/s 16-QAM signals when the Y-00 cipher power was + 4.5 dBm.
A waveform of the Y-00 cipher signal was measured at the receiver by a photo-detector with 30-GHz bandwidth when PY-00 = + 4.5 dBm. As expected, no clear eye-opening can be observed due to the 4096 closely spaced intensity modulation levels, as shown in Fig. 10(a). However, the BER after decryption to a binary signal was less than 10−9. BERs for the Y-00 cipher signals after 320-km transmission and for launch powers larger than 2 dBm (OSNRs exceeding 30.5 dB), as shown in Fig. 10(b). For comparison, BERs measured at the receiver end when only the Y-00 cipher signal was transmitted are re-plotted from Fig. 6 as open circles. No significant penalty was observed.
Fig. 10 (a) Y-00 cipher signal measured at the receiver by a photo-detector with 30-GHz bandwidth when the Y-00 cipher power was + 4.5 dBm. The white line shows the zero level. (b) Bit error ratio characteristics of Y-00 cipher signal after 320-km transmission. Squares: WDM transmission, circles: single channel transmission for reference.
6.2 Y-00 cipher overlay in the gap between 50-GHz spaced 256-Gbit/s channels
In the second wavelength setting as shown in Fig. 8(b), all channel slots of the 50-GHz grid WDM transmission system are utilized and the secure channel is added in the small gap between equally spaced 256-Gbit/s signal channels. The wavelengths of the 4 WDM channels were set to λ#1 = 1549.52 nm (193.475 THz), λ#2 = 1549.92 nm (1993.425 THz), λ#3 = 1550.32 nm (193.375 THz) and λ#4 = 1550.72 nm (193.325 THz). The Y-00 cipher signal at 1550.12 nm (193.400 THz) was located in the gap between the two channels at λ#2 and λ#3. The per-span launch powers of the 256-Gbit/s signals were fixed to 0 dBm/ch, while the Y-00 cipher power, PY-00, was varied from −6 to 4.9 dBm to evaluate its impact on the coherent signals. Except for the wavelength allocation of the 256-Gbit/s signal channels, all other experimental conditions were the same as those in the previous subsection.
At the receiver end, transmission performance was investigated by changing the power of Y-00 cipher signal, PY-00. Q-factors and constellations of the 256-Gbit/s channels are shown in Fig. 11. The Q-factors of two outer channels at λ#1 and λ#4 were unchanged around 11.4 dB during the entire power sweep of the Y-00 cipher signal as shown in Fig. 11 (a). This result shows that there is no negative impact of Y-00 cipher signal on the two outer channels at λ#1 and λ#4. On the other hand, when the Y-00 cipher power increased, the Q-factors of the two inner channels at λ#2 and λ#3, which are adjacent to the Y-00 cipher signal, decreased due to crosstalk from the Y-00 cipher signal. When PY-00 = + 4.9 dBm, the Q-factor was reduced to 9.3 dB; however, the underlying FEC is still able to correct the distorted signal to error-free performance. Figures 11 (b) and 11(c) show the constellations of one of the two polarization components of the 256-Gbit/s signals at λ#1 and λ#2, respectively, when PY-00 = 4.9 dBm. The constellation of the 256-Gbit/s signal at λ#2 is visibly degraded as compared to that at λ#1. We also measured the performance of the Y00 channel in this fully-loaded WDM overlay scenario and obtained a BER performance of 10−8, limited by crosstalk from the shoulders of the closely spaced WDM neighbors, cf. Figure 8. Removing this error floor to establish error-free performance for the Y-00 signal therefore requires a low-overhead FEC to be implemented on this channel.
Fig. 11 (a) Q-factors of 256-Gb/s channels against Y-00 cipher signal powers, PY-00. Constellation of 256-Gb/s signals at (b) λ#1 and (c) λ#2 when Y-00 cipher signal powers, PY-00 = 4.9 dBm.
7. Summary
Transceivers of 1.5-Gbit/s Y-00 quantum stream cipher that incorporate an irregular mapping function as a randomization scheme have been applied to a WDM transmission of 256-Gbit/s polarization multiplexed 16QAM over 320-km SMF. Two different wavelength allocation schemes have been demonstrated as application scenarios to realize a secure communication channel overlay in a high-capacity coherent WDM system. The first scenario is to set the Y-00 cipher signal in a vacant 50-GHz channel slot between the 256-Gbit/s signal channels. The second scenario is to set the Y-00 cipher signal in a small gap between two 50-GHz spaced 256-Gbit/s signal channels when the WDM system is fully loaded. In both scenarios, the Y-00 cipher signal and 4 WDM channels of 256-Gbit/s signals have been transmitted over 320-km SMF.
Funding
Japan Society for the Promotion of Science (JSPS) KAKENHI Grand No. JP15K06082.
References and links
1. M. Medard, D. Marquis, R. A. Barry, and S. G. Finn, “Security issues in all-optical networks,” IEEE Netw. 11(3), 42–48 (1997). [CrossRef]
2. K. Shaneman and S. Gray, “Optical network security: technical analysis of fiber tapping mechanisms and methods for detection and prevention,” in Proceedings of Military Communications Conference (IEEE, 2004), pp.711–716. [CrossRef]
3. K. Guan, J. Cho, and P. J. Winzer, “Physical layer security in fiber-optic MIMO-SDM systems: An overview,” Opt. Commun. 408, 31–41 (2018). [CrossRef]
4. M. P. Fok, Z. Wang, Y. Deng, and P. R. Prucnal, “Optical layer security in fiber-optic networks,” IEEE Trans. Inf. Forensics Security 6(3), 725–736 (2011). [CrossRef]
5. T. H. Shake, “Security performance of optical CDMA against eavesdropping,” J. Lightwave Technol. 22(2), 665–670 (2005).
6. H. P. Yuen, “KCQ: A new approach to quantum cryptography I. General principles and key generation,” https://arXiv:quant-ph/0311061v6.
7. H. P. Yuen, P. Kumar, and G. A. Barbosa, “Ultra-secure, ultra-efficient cryptographic system,” US Patent 7,333,611 B1.
8. G. A. Barbosa, E. Corndorf, P. Kumar, and H. P. Yuen, “Secure communication using mesoscopic coherent states,” Phys. Rev. Lett. 90(22), 227901 (2003). [CrossRef] [PubMed]
9. O. Hirota, M. Sohma, M. Fuse, and K. Kato, “Quantum stream cipher by Yuen 2000 protocol: Design and experiment by intensity modulation scheme,” Phys. Rev. A 72(2), 022335 (2005). [CrossRef]
10. K. Kato and O. Hirota, “Quantum quadrature amplitude modulation system and its applicability to coherent state quantum cryptography,” Proc. SPIE 5893, 589303 (2005). [CrossRef]
11. E. Corndorf, C. Liang, G. S. Kanter, P. Kumar, and H. P. Yuen, “Quantum-noise randomized data encryption for wavelength-division-multiplexed fiber-optic networks,” Phys. Rev. A 71(6), 062326 (2005). [CrossRef]
12. G. S. Kanter, D. Reilly, and N. Smith, “Practical physical-layer encryption: the marriage of optical noise with traditional cryptography,” IEEE Commun. Mag. 47(11), 74–81 (2009). [CrossRef]
13. K. Ohhata, O. Hirota, M. Honda, S. Akutsu, Y. Doi, K. Harasawa, and K. Yamashita, “10-Gb/s optical transceiver using the Yuen 2000 encryption protocol,” J. Lightwave Technol. 28(18), 2714–2723 (2010). [CrossRef]
14. K. Harasawa, O. Hirota, K. Yamashita, M. Honda, K. Ohhata, S. Akutsu, T. Hosoi, and Y. Doi, “Quantum encryption communication over a 192-km 2.5-Gbit/s line with optical transceivers employing Yuen-2000 protocol based on intensity modulation,” J. Lightwave Technol. 29(3), 316–323 (2011). [CrossRef]
15. F. Futami, “Experimental demonstrations of Y-00 cipher for high capacity and secure optical fiber communications,” Quantum Inform. Process. 13(10), 2277–2291 (2014). [CrossRef]
16. M. Nakazawa, M. Yoshida, T. Hirooka, and K. Kasai, “QAM quantum stream cipher using digital coherent optical transmission,” Opt. Express 22(4), 4098–4107 (2014). [CrossRef] [PubMed]
17. F. Futami and O. Hirota, “100 Gbit/s (10 × 10 Gbit/s) Y-00 cipher transmission over 120 km for secure optical fiber communication between data centers,” in Proceedings of2014OptoElectronics and Communication Conference and Australian Conference on Optical Fibre Technology (OECC/ACOFT), paper MO1A2.
18. F. Futami and O. Hirota, “Masking of 4096-level intensity modulation signals by noises for secure communication employing Y-00 cipher protocol,” in Proceedings of 37th European Conference on Optical Communication (ECOC), Tu.6.C.4 (2011). [CrossRef]
19. K. Kato, “A unified analysis of optical signal modulation formats for quantum enigma cipher,” Proc. SPIE 10409, 104090K (2017).
20. K. Kato and O. Hirota, “Randomization techniques for the intensity modulation-based quantum stream cipher and progress of experiment,” Proc. SPIE 8163, 81630A (2011). [CrossRef]
21. K. Kato, “Quantum enigma cipher as a generalization of the quantum stream cipher,” Proc. SPIE 9980, 998005 (2016). [CrossRef]
22. F. Futami, K. Kato, and O. Hirota, “A novel transceiver of the Y-00 quantum stream cipher with the randomization technique for optical communication with higher security performance,” Proc. SPIE 9980, 99800O (2016). [CrossRef]
23. R. Nair, H. P. Yuen, E. Corndorf, T. Eguchi, and P. Kumar, “Quantum-noise randomized ciphers,” Phys. Rev. A 74(5), 052309 (2006). [CrossRef]
24. O. Hirota, “Practical security analysis of a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 76(3), 032307 (2007). [CrossRef]
25. S. Donnet, A. Thangaraj, M. Bloch, J. Cussey, J. M. Merolla, and L. Larger, “Security of Y-00 under heterodyne measurement and fast correlation attack,” Phys. Lett. A 356(6), 406–410 (2006). [CrossRef]
26. T. Shimizu, O. Hirota, and Y. Nagasako, “Running key mapping in a quantum stream cipher by the Yuen 2000 protocol,” Phys. Rev. A 77(3), 034305 (2008). [CrossRef]
27. C. W. Helstrom, Quantum detection and estimation theory (Academic, 1976).
28. J. Cho, X. Chen, S. Chandrasekhar, G. Raybon, R. Dar, L. Schmalen, E. Burrows, A. Adamiecki, S. Corteselli, Y. Pan, D. Correa, B. McKay, S. Zsigmond, P. Winzer, and S. Grubb, “Trans-Atlantic field trial using probabilistically shaped 64-QAM at high spectral efficiencies and single-carrier real-time 250-Gb/s 16-QAM,” in Proceedings of Optical Fiber Communication Conference, OSA Technical Digest (Optical Society of America, 2017), paper Th5B.3. [CrossRef]
