## Abstract

We propose and numerically demonstrate a new scheme for key distribution on the physical layer based on the chaos synchronization and physical random bit generation. In this scheme, two chaotic semiconductor lasers are commonly driven by a third semiconductor laser, their output chaotic signals are employed as the physical sources of the random bit generators (RBGs). Under symmetry operation scenario, the two RBGs are well synchronized and the random bits generated by them are used to generate identical secret keys for Alice and Bob by the way of a dynamic post-processing technology. The feasibility and security of the proposed scheme are investigated by testing the parameters mismatch tolerance and the sensitivity to the systematic noise. The numerical results indicate that the dynamic and unpredictable post-processing can provide a great enhancement for the security of the secret key distribution. The security of the proposed scheme mainly determined by the post-processing, not confidential source, which provides a new potential way for implementing high-speed secure secret key distribution.

© 2015 Optical Society of America

## 1. Introduction

Recently, building secure communication schemes on physical layer (PHY) has drawn great attention in field of optical communications. The researches on physical layer security improvement reported so far can be roughly classified into two categories: security-enhancement schemes without secret key and the physical secret key distribution schemes. Regarding the schemes without secret key, all-optical chaos communication based on the semiconductor lasers subject optical feedback, optical injection, or optoelectronic feedback has been considered as an attractive candidate, for the intrinsic privacy of chaotic signals [1–3]. For the second category schemes, the generation of shared secure keys by employing the rich correlated randomness and dynamics available in the optical medium, provides a new direction for improving physical layer security [4]. In these secure key distribution schemes, the secure transmission can be easily achieved by using the conventional symmetric-key cryptography.

Quantum key distribution (QKD) based on quantum mechanics has been proved as an ideal secure key distribution scheme theoretically, which can provide high quantifiable security [5–7]. However, it is very difficult to implement the QKD in commercial optical communication systems for its stringent requirement on the quantum devices. From a different perspective, some other secure key distribution schemes have been proposed in recent years. Scheuer and Yariv proposed a novel secure key distribution scheme by establishing laser oscillations named giant giber lasers, between the transmitter ends and receiver ends [8]. Kanter et al. proposed a synchronized random bit generation scheme for the purpose of encryption by using mutually coupled chaotic lasers [9]. Buskila et al. proposed a physical layer data encryption scheme based on the distribution of a broadband optical noise-like signal between Alice and Bob [10]. Yoshimura and associates demonstrated a scheme based on the synchronization of cascading optical scramblers [11]. In most of these schemes utilizing the related random sources, the security of key is mainly dependent on the complexity of the physical random source (PRS), while few of them considered making use of the post-processing to enhance the security of secret key distribution.

In this work, we propose a novel secret key distribution scheme in virtue of the chaos synchronization of two modified RBGs and the technology of dynamic post-processing. The synchronization RBGs is achieved by introducing symmetric chaotic injections from a driving laser. The dynamic post-processing (DPP) is adopted to generate dynamic changing secret key, which can greatly enhance the security of key distribution. Numerical simulations have been performed to investigate the tolerance to intrinsic parameters mismatch in the SLs and the ADC noise. In addition, the security is also tested by investigating the performance of eavesdropper equipped with a SL that is similar to the built-in SLs of RBGs.

## 2. Scheme for distribution of the secret key

The proposed secret key distribution scheme is depicted in Fig. 1. Two identical dynamic key generators composed of built-in semiconductor lasers, analog-to-digital converter (ADC), photodetector (PD) and dynamic fiber delay line (DFDL), are employed to realize the secret key distribution. The built-in lasers SL1 and SL2 are subjected to common frequency-detuning chaotic injections from a driving semiconductor laser (DSL) working in a chaotic regime. The chaotic output of DSL is split into two identical beams by a 50:50 optical coupler, and then the two beams are unidirectionally injected into SL1 and SL2, respectively. Under such a scenario, synchronization between the built-in SLs can be easily obtained [12], and moreover, the bandwidths of the chaotic outputs of SL1 and SL2 used as the physics random sources are also broadened. The output of SL1 (SL2) is split into two portions, one is directly detected by a photo-detector (PD), while the other one is firstly delayed by a dynamic fiber delay line and then detected by a PD. The two detected electronic signals are simultaneously and synchronously sampled by ADCs at a given clock rate with single-bit vertical resolution. The whole sampling process is divided into *n* parts, every adjacent parts separated by the non-fixed idle times, during which no sampling is carried out. The introduction of non-fixed idle time, different sampling time span, various sampling rate (we call it frequency-hopping sampling) and dynamic time-delay, can greatly enlarge the key space and complicate the key generation process. In addition, the robust sampling technique (using dual thresholds) proposed in [8], is introduced to transform the sample sequences into binary sequences. Since the physical resources (the outputs of SL1 and SL2) are synchronized, the identical sampling and coding conditions guarantee that the keys generated at both sides of Alice and Bob are identical. With the dual thresholds sampling method, the samples with values smaller than the low threshold are coded as “0”, the samples with values larger than the high threshold are coded as “1”, moreover, those samples with values smaller than the high threshold but larger than the low threshold are coded as a special symbol “T”, which stands for the useless bit. Subsequently, a logical exclusive-or (XOR) operation between the two binary sequences is performed to obtain one low self-correlation sequence (Sque1 and Sque2) which would be used to generate the secret key (random numbers). Here, it is define that if one of the two symbols used for XOR operation is “T”, the resulting symbol after XOR is “T”. Next, the positions of “T” in Sequ1 and Sequ2 are calculated and the position information are respectively named as A1 and set A2, which are exchanged between Alice and Bob. When Alice and Bob receive the position information from each other, they have a shared set A = A1∪A2, and then they discard the symbols “T” according to the shared set A to reduced the bit error rate (BER). Here, the BER denotes the probability of symbols being different between Alice and Bob in the whole binary sequence. Consequently, they hold identical binary sequence, and the secure key distribution is completed. Except a small part of the sequence is stored in the memorizer to be used as the control numbers (CNs) for the next key generation, the rest is used as the secret key. Because the exchange messages do not include any symbol of the secret keys (only the messages of the A1 and A2 are included), the eavesdroppers cannot extract the key from the public channel, even when the exchange messages are totally intercepted and captured.

To satisfy the requirement that 0/1 ratio of Sque1 and Sque2 is closed to 1, here the method presented in [13], is modified to adjust the two thresholds [*I*_{0}, *I*_{1}], *I*_{0}≤*I*_{1} in the robust sampling process

*I*denotes the optical intensities of SL1 and SL2, $\rho (I)$ is the probability density function (PDF) of

*I*. The probability of “1” and “0” symbols in the sequence before XOR is calculated by

The dynamic sampling process is organized as follows. Each part of sampling process has an independent set of parameters $\left\{{T}_{d\text{\hspace{0.05em}},i}\text{\hspace{0.05em}}\text{\hspace{0.05em}},{R}_{i}\text{\hspace{0.05em}},{L}_{i}\text{\hspace{0.05em}},{T}_{w\text{\hspace{0.05em}},\text{\hspace{0.05em}}i}\right\},(i=1,2,\dots ,n)$ determined by a CN. *T _{d}* denotes the delay time induced by DFDL,

*R*and

*L*are the sampling rate and the sampling length, respectively,

*T*represents the idle time before the sampling,

_{w}*i*means the

*i*part in the sampling process. The synchronous variations of the idle time, DFDL delay, sampling length and sampling rate are controlled by a shared CN. Alice and Bob start with a shared agreement that every parameter on the list $\left\{{T}_{d},R,{T}_{w},L\right\}$ has ${2}^{m}-1$ registered candidates (assuming that they have same number of candidates). A random 4

_{th}*m*-bit CN is applied to determine the values of the parameters at the beginning of every part, and each

*m*bits in the CN correspond to a parameter. For instance, when

*m*= 2, (0, 0) means no change for the corresponding parameter, (0, 1) means the parameter value is fixed at candidate A, (1, 0) corresponds to candidate B, and (1, 1) corresponds to candidate C. The dynamic sampling process is implemented according to the variable parameters controlled by the CNs.

## 3. Numerical simulations

To numerically confirm the feasibility of the proposed scheme, the modified Lange-Kobayashi rate equations [14], have been used to model the semiconductor lasers, which are expressed as

*D*and

*S*(

*S*= 1, 2) represent the DSL, SL1 and SL2, respectively.

*E*denotes the complex electric field amplitude.

*N*is the corresponding carrier number in the laser cavity. The spontaneous emission noise is modeled by the term

*χ*which is a Gauss white noise with zero mean and unity variance. The optical gain is given as

In our simulations, the fourth-order Runge-Kutta algorithm is applied to solve these rate equations. The simulation step length is set as 1ps, and the duration of time is 1000 ns. The operation currents for DSL and SL1 are 2*I _{th}* and 1.5

*I*, respectively. For the purpose of statistics, 10

_{th}^{6}secret keys are generated to explore the performance of the proposed scheme. For each key generation process, the sampling process is divided into 100 parts (n = 100) and an 8-bit CN (

*m*= 2) is used to control the dynamic post-processing. In each part, the length of the sample is randomly selected from the set {64, 128, 256} according to the CN. Given the loss caused by the removing in DPP, there are about 10

^{9}bits in every statistical calculation. The parameter values for SL1 and SL2 are identical, unless otherwise stated. All the parameters values used in the simulation are given in the Table 1.

## 4. Results and discussion

The bandwidth of the physical random source is the most important factor for the random bit (used as the secret key) generation, because it limits the maximum rate for random bit generation. Figure 2(a) and 2(b) present the intensity spectra of DSL and SL1. Since SL1 and SL2 synchronize with each other, the spectrum for SL2 is not shown here. The efficient bandwidth of the chaotic output of DSL is 6.45 GHz, with the optical injection from DSL, the efficient bandwidth of SL1 is enhanced to 10.35 GHz. The PDF of SL1 obtained by the statistics approach is shown in Fig. 2(c). Here, the efficient bandwidth is defined as the span between the DC and the frequency where 80% of the energy is contained within it [15]. It is worth noting that, although the PDF of the physical random resource is asymmetric, its influence on the randomness feature of the secret key is minor and negligible, because the 0/1 ratio is adjustable by properly selecting the dual thresholds. The thresholds in the ADC are given as ${I}_{0}={I}_{\mathrm{min}}+a({I}_{\mathrm{max}}-{I}_{\mathrm{min}})$, $\text{\hspace{0.05em}}{I}_{1}={I}_{\mathrm{min}}+b({I}_{\mathrm{max}}-{I}_{\mathrm{min}})$ (0<*a*<*b<*1), moreover, they also have to meet the condition in Eq. (1). The gap between the two thresholds is determined according to the trade-off among the robustness to noise, the tolerance of synchronous error and the rate of key generation.

To explore the feasibility of the proposed scheme, the influences of the intrinsic parameters mismatch between SL1 and SL2 on the synchronization performance and the bit error rate (BER) of secret key are shown in Fig. 3. Here, the mismatch is introduced by the method reported in [16]: the intrinsic parameters for SL1 and DSL are unchanged, while those of SL2 are varied. The mismatched parameters of SL2 are mathematically described as ${\tau}_{e2}=(1+\mu ){\tau}_{e}$, ${\epsilon}_{2}=(1+\mu )\epsilon $, ${N}_{02}=(1+\mu ){N}_{0}$, $\text{\hspace{0.05em}}{\alpha}_{2}=(1-\mu )\alpha $, ${g}_{2}=(1-\mu )g$, $\text{\hspace{0.05em}}{\tau}_{p2}=(1-\mu ){\tau}_{p}$, where *μ* is the mismatch ratio. Apparently, high quality synchronization with a correlation coefficient (CC) larger than 0.9 between the physical random resources SL1 and SL2 can be maintained in a relatively large mismatch range up to a few tens of percentage, even though the synchronization quality is degraded gradually as the increase of mismatch. This is mainly attributed to injection-locking effects induced by the symmetric injection from DSL, which drive the evolutions of SL1 and SL2 towards to that of DSL. On the other hand, the BER of secret key can be kept at a level lower than 10^{−6} in the mismatch range $\mu \in [-10\%,16\%]$. By comparing with the results of the singe threshold sampling case, it is obvious that the mismatch tolerance of the secret key BER for the dual threshold sampling is much better than that of singe threshold sampling which is much sensitive to the mismatch. The prominent mismatch robustness properties of the synchronization of physical random sources and secret key BER confirm the feasibility of the proposed scheme.

Another important factor that would affect the feasibility and performance of the proposed scheme is the ADC noise. The ADC noise is regarded as the clock jitter (CJ) and clock synchronization error (CSE). Figure 4 displays the influences of the CJ and CSE on the BER performance of secret key for the cases with different values of *μ* and *γ*. It is apparent that a smaller parameters mismatch would induce a better performance with respect to the case of larger mismatch, which is in line with the results in Fig. 3. On the other hand, when the synchronization quality of SL1 and SL2 is fixed, smaller *γ* can induce better BER performance with respect to the larger *γ* cases, which is because a smaller *γ* means a larger gap between the two thresholds, and the occurring of error bit induced by ADC noise becomes more difficult. It can be concluded that the BER degradation caused by CJ and CSE can be limited in an acceptable range by exploiting a better source (higher synchronization quality) or properly decreasing the value of *γ*.

Next, we turn to discuss the security of the proposed scheme. Since only the position information A1 and A2 is exchanged between Alice and Bob, the secret key is not accessible for eavesdroppers. Here we consider one scenario, under which an eavesdropper wants to take a similar approach to regenerate the secret keys. There are four elements playing vital roles in the key distribution. The first one is the privacy of physical source. For the sake of security, a confidential and synchronous physical random source is crucial and is well discussed in the [10, 11], but not the key point in this paper, therefore we do not report it here. The second one is the CN that is used to control the dynamic post-processing. In our scheme, the CN is a portion of the secret key, therefore is secret to the eavesdropper, and moreover, it has a great key space 2^{800} (≈10^{80}). The third one is the exchanged position information A1 and A2. Though A1 and A2 are exchanged in public channel, it does not include any information of secret key, and that, it affords a large key space (> 2^{6400}). Without the related information, even if the sequence after the XOR in the legal process is well regenerated, the final step of the key generation cannot be completed by the eavesdropper. The last one is the parameters of the dynamic post-processing, which are the core of the proposed scheme. Here we assume that the eavesdropper is equipped with devices that are identical to those of Alice and Bob. With these devices, he can generate a set of DPP parameters by himself. The BER performances of secret key versus the mismatches of idle time and DFDL delay for different values of *γ* are illustrated in Fig. 5. It is revealed that the BER of secret key is much sensitive to the mismatches of idle time and DFDL delay. For the idle time mismatch case [see Fig. 5(a)], only a few picoseconds can be tolerated when γ<0.5. When the idle time mismatch is approximate to 30 ps, the BER of secret key is close to 0.5. For the DFDL delay mismatch [see Fig. 5(b)], the secret key BER increases sharply as the mismatch increasing from 0 ps to 60 ps, and then it decreases very slowly as the further increase of mismatch. When the DFDL delay mismatch is in the vicinity of 60 ps, the BER is clearly higher than 0.5, since there is a higher negative correlation around that position, which can be found in the inset of Fig. 5(b). In addition, it is worth mentioning that the BER of secret key is also highly sensitive to the mismatch of sampling rate and sampling length (not shown here). These high sensitivities to the mismatches of DPP parameters indicate that the eavesdropper could not generate identical secret key without exact knowledge of these parameters, even if the CN and the exchanged position information (A1 and A2) are revealed. The strict requirement on the accuracy of the parameters would not only enhance the security of the key distribution scheme into a new level, but also afford a relatively wide range for the DPP parameters. In summary, it is extremely difficult for the eavesdropper to obtain correct secret key, and a secure secret key distribution can be achieved in the proposed scheme.

Recently, fast RBGs with chaotic semiconductor lasers have made a significant breakthrough, and TGb/s random bit generation has been achieved by multi-bit resolution sampling [17–20]. Nevertheless, only single-bit resolution sampling and the dual thresholds sampling are suitable for the proposed scheme, for the purpose of guaranteeing a better tolerance to the intrinsic parameters mismatch, the ADC noise, and etc. Therefore the reported speed of the RBGs with multi-bit resolution sampling cannot be reached, but several Gigabit/s can be easily achieved by single-bit sampling with a chaotic semiconductor laser [18]. In the proposed scheme, the generation rate of secret key is non-fixed and majorly limited by the speed of RBGs, there is a trade-off between the secret key generation rate and the randomness of the secret key, which is beyond the scale of the present paper and may be found in our future works. In addition, the synchronization quality of SL1 and SL2 and the dual thresholds gap would also affect the key generation rate by changing the percentage of retained-bit-ratio in the sequence before the position information exchange. The retained-bit-ratio *ρ* is defined as the ratio of the length of generated key to that of the sequence it stems from, and subsequently, the key generation rate can be roughly evaluated by *ρ* × *R*. Obviously, a larger retained-bit-ratio means a higher key rate for a fixed sampling rate. The relation between the retained-bit-ratio and the parameter *γ* is shown in Fig. 6. The results indicate that a larger parameter γ means a larger retained-bit-ratio. Moreover, since the better the synchronization quality, the larger the parameter *γ*, it can be concluded that, the better the synchronization quality, the higher the retained ratio, and the higher the key rate. On the other hand, a smaller thresholds gap corresponds to a higher retained-bit-ratio, but it would degrade the mismatch tolerance. Therefore there is a trade-off between the key rate and mismatch tolerance.

## 5. Conclusion

We have introduced a new secret key distribution scheme by adopting two highly synchronous RBGs and a dynamic post-processing technology. By adopting identical parameters candidates and performing the symmetrically dynamic post-processing, the secret key shared by the legal partners can be established by exchanging the position information of the useless symbols with each other. The exchanged position information does not include any secret key, which can greatly enhance the security of the key distribution. The numerical results indicate that a relatively low BER of the key can be achieved in the proposed scheme, and moreover the investigation on the influences of SL parameter mismatch and ADC noise on the BER of secret key indicates that the proposed scheme is robust to parameter mismatch of SLs and ADC noise. By properly adjusting the operation parameters of dynamic post-processing, a good performance for the secret key distribution can be maintained. From the security of view, the proposed scheme shows several advantages. Primarily, it enlarges the key space greatly by introducing the candidates of parameters, CNs, and the position information exchange in the dynamic post-processing. Secondly, no secret key is directly exchanged, which greatly enhances the security of key distribution. Moreover, through employing unique candidates for the parameters in the post-processing between the partners, the proposed scheme is suitable for the one-to-many communication modes, therefore can be used in the optical access network. Nevertheless, there is a trade-off between the key generation rate and the randomness of secret key which limits the key rate of the proposed scheme below 10 Gb/s and requires exact clock synchronization.

## Acknowledgments

This work was supported by the National Natural Science Foundation of China (Grant No. 61301156, 61471087), the Specialized Research Fund for the Doctoral Program of Higher Education of China (Grant No. 20130185120007), and the Fundamental Research Funds for the Central Universities (Grant No. ZYGX2013J001).

## References and links

**1. **P. Colet and R. Roy, “Digital communication with synchronized chaotic lasers,” Opt. Lett. **19**(24), 2056–2058 (1994). [CrossRef] [PubMed]

**2. **V. Annovazzi-Lodi, S. Donati, and A. Scire, “Synchronization of chaotic injected-laser systems and its application to optical cryptography,” IEEE J. Quantum Electron. **32**(6), 953–959 (1996). [CrossRef]

**3. **H. D. I. Abarbanel, M. B. Kennel, L. Illing, S. Tang, H. F. Chen, and J. M. Liu, “Synchronization and communication using semiconductor lasers with optoelectronic feedback,” IEEE J. Quantum Electron. **37**(10), 1301–1311 (2001). [CrossRef]

**4. **U. M. Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Inf. Theory **39**(3), 733–742 (1993). [CrossRef]

**5. **P. Toliver, R. J. Runser, T. E. Chapuran, J. L. Jackel, T. C. Banwell, M. S. Goodman, R. J. Hughes, C. G. Peterson, D. Derkacs, J. E. Nordholt, L. Mercer, S. McNown, A. Goldman, and J. Blake, “Experimental investigation of quantum key distribution through transparent optical switch elements,” IEEE Photon. Technol. Lett. **15**(11), 1669–1671 (2003). [CrossRef]

**6. **K. J. Gordon, V. Fernandez, P. D. Townsend, and G. S. Buller, “A short wavelength gigahertz clocked fiber-optic quantum key distribution system,” IEEE J. Quantum Electron. **40**(7), 900–908 (2004). [CrossRef]

**7. **A. R. Dixon, Z. L. Yuan, J. F. Dynes, A. W. Sharpe, and A. J. Shields, “Continuous operation of high bit rate quantum key distribution,” Appl. Phys. Lett. **96**(16), 161102 (2010). [CrossRef]

**8. **J. Scheuer and A. Yariv, “Giant Fiber Lasers: A New Paradigm for Secure Key Distribution,” Phys. Rev. Lett. **97**(14), 140502 (2006). [CrossRef] [PubMed]

**9. **I. Kanter, M. Butkovski, Y. Peleg, M. Zigzag, Y. Aviad, I. Reidler, M. Rosenbluh, and W. Kinzel, “Synchronization of random bit generators based on coupled chaotic lasers and application to cryptography,” Opt. Express **18**(17), 18292–18302 (2010). [PubMed]

**10. **O. Buskila, A. Eyal, and M. Shtaif, “Secure communication in fiber optic systems via transmission of broad-band optical noise,” Opt. Express **16**(5), 3383–3396 (2008). [CrossRef] [PubMed]

**11. **K. Yoshimura, J. Muramatsu, P. Davis, T. Harayama, H. Okumura, S. Morikatsu, H. Aida, and A. Uchida, “Secure key distribution using correlated randomness in lasers driven by common random light,” Phys. Rev. Lett. **108**(7), 070602 (2012). [CrossRef] [PubMed]

**12. **I. Oowada, H. Ariizumi, M. Li, S. Yoshimori, A. Uchida, K. Yoshimura, and P. Davis, “Synchronization by injection of common chaotic signal in semiconductor lasers with optical feedback,” Opt. Express **17**(12), 10025–10034 (2009). [CrossRef] [PubMed]

**13. **T. Harayama, S. Sunada, K. Yoshimura, P. Davis, K. Tsuzuki, and A. Uchida, “Fast nondeterministic random-bit generation using on-chip chaos lasers,” Phys. Rev. A **83**(3), 031803 (2011). [CrossRef]

**14. **R. Lang and K. Kobayashi, “External optical feedback effects on semiconductor injection laser properties,” IEEE J. Quantum Electron. **16**(3), 347–355 (1980). [CrossRef]

**15. **A. B. Wang, Y. C. Wang, and J. F. Wang, “Route to broadband chaos in a chaotic laser diode subject to optical injection,” Opt. Lett. **34**(8), 1144–1146 (2009). [CrossRef] [PubMed]

**16. **A. Bogris, P. Rizomiliotis, K. E. Chlouverakis, A. Argyris, and D. Syvridis, “Feedback phase in optically generated chaos: a secret key for cryptographic applications,” IEEE J. Quantum Electron. **44**(2), 119–124 (2008). [CrossRef]

**17. **I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics **4**(1), 58–61 (2010). [CrossRef]

**18. **T. Yamazaki and A. Uchida, “Performance of random number generators using noise-based super-luminescent diode and chaos-based semiconductor lasers,” IEEE J. Sel. Top. Quantum Electron. **19**(4), 0600309 (2013). [CrossRef]

**19. **N. Li, B. Kim, V. N. Chizhevsky, A. Locquet, M. Bloch, D. S. Citrin, and W. Pan, “Two approaches for ultrafast random bit generation based on the chaotic dynamics of a semiconductor laser,” Opt. Express **22**(6), 6634–6646 (2014). [CrossRef] [PubMed]

**20. **R. Sakuraba, K. Iwakawa, K. Kanno, and A. Uchida, “Tb/s physical random bit generation with bandwidth-enhanced chaos in three-cascaded semiconductor lasers,” Opt. Express **23**(2), 1470–1490 (2015). [CrossRef] [PubMed]