Synchronization of random bit generators based on coupled chaotic lasers and application to cryptography

doi:10.1364/OE.18.018292

Synchronization of random bit generators based on coupled chaotic lasers and application to cryptography

Ido Kanter, Maria Butkovski, Yitzhak Peleg, Meital Zigzag, Yaara Aviad, Igor Reidler, Michael Rosenbluh, and Wolfgang Kinzel »View Author Affiliations

Optics Express, Vol. 18, Issue 17, pp. 18292-18302 (2010)
http://dx.doi.org/10.1364/OE.18.018292

View Full Text Article

Acrobat PDF (1210 KB)

Journal Search
Article Lookup

Article Tools

Citations

Alert me when this article is cited
Export Citation/Save

Article Navigation

▸ Article Outline
– Abstract
1. Introduction
2. Results
3. Discussion
4. Methods
– References and links

Article Tools
Full Text
Article Info
References
Cited By
Figures
Metrics
Download PDF

Viewing Equations in the
HTML Article

Optimal Viewing Recommendations

Full Text
Article Info
References (24)
Cited By
Figures (7)
Metrics

Abstract

Random bit generators (RBGs) constitute an important tool in cryptography, stochastic simulations and secure communications. The later in particular has some difficult requirements: high generation rate of unpredictable bit strings and secure key-exchange protocols over public channels. Deterministic algorithms generate pseudo-random number sequences at high rates, however, their unpredictability is limited by the very nature of their deterministic origin. Recently, physical RBGs based on chaotic semiconductor lasers were shown to exceed Gbit/s rates. Whether secure synchronization of two high rate physical RBGs is possible remains an open question. Here we propose a method, whereby two fast RBGs based on mutually coupled chaotic lasers, are synchronized. Using information theoretic analysis we demonstrate security against a powerful computational eavesdropper, capable of noiseless amplification, where all parameters are publicly known. The method is also extended to secure synchronization of a small network of three RBGs.

1. Introduction

In a typical scenario of a secure channel the communicating parties have to hold a common key in the form of a bit string which is known only to the two parties [1

M. A. Nielsen, and I. L. Chuang, Quantum Computation and Quantum Information. (Cambridge University Press, Cambridge, 2000).

–3

R. G. Gallager, Principles of Digital Communication. (Cambridge University Press, Cambridge, 2008).

]. A secure deterministic key-exchange protocol between two parties over a public channel was discovered in 1976 by Diffie and Hellman based on number theory, and paved the road for modern cryptography [2

D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).

]. Alternative physical mechanisms based on quantum mechanics have been suggested more recently for a secure key-exchange protocol with the important and unique ability of the two communicating parties to detect the presence of any third party trying to gain knowledge of the key [4

C. H. Bennett, C. Hand, and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984).

–6

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]

]. The first layer of the quantum protocol is based on quantum ingredients such as entangled pairs of photons and results in correlated keys for both partners. A second, classical layer, consists of information reconciliation and privacy amplification (error correcting code and source coding). These result in identical keys for the communicating pair while leakage of information to an eavesdropper is eliminated, however, these procedures lower the rate at which random bits can be generated.

In addition to cryptography and secure communications a fast physical RBG is also important in stochastic simulations and in applications to gaming and random sampling [7

N. Metropolis and S. Ulam, “The Monte Carlo method,” J. Am. Stat. Assoc. 44(247), 335–341 (1949). [CrossRef] [PubMed]

S. Asmussen, and P. W. Glynn, Stochastic Simulation: Algorithms and Analysis. (Springer-Verlag, New York, 2007).

]. An intriguing possibility for a non-deterministic, physical RBG that is appropriate to all of these applications, is a semiconductor laser (SL) in the presence of external feedback, whose output consists of large chaotic intensity fluctuations, characterized by pulses with typical width of 100 ps [9

T. E. Murphy and R. Roy, “Chaotic lasers: The world's fastest dice,” Nat. Photonics 2(12), 714–715 (2008). [CrossRef]

–12

I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics 4(1), 58–61 (2010). [CrossRef]

]. Indeed great progress has been made recently in demonstrating an RBG based on such lasers, with rates from a few Gbit/s [10

A. Uchida, K. Amano, M. Inoue, K. Hirano, S. Naito, H. Someya, I. Oowada, T. Kurashige, M. Shiki, S. Yoshimori, K. Yoshimura, and P. Davis, “Fast physical random bit generation with chaotic semiconductor lasers,” Nat. Photonics 2(12), 728–732 (2008). [CrossRef]

,11

I. Reidler, Y. Aviad, M. Rosenbluh, and I. Kanter, “Ultrahigh-speed random number generation based on a chaotic semiconductor laser,” Phys. Rev. Lett. 103(2), 024102 (2009). [CrossRef] [PubMed]

] towards tera-bits/s [12

I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics 4(1), 58–61 (2010). [CrossRef]

,13

K. Hirano, T. Yamazaki, S. Morikatsu, H. Okumura, H. Aida, A. Uchida, S. Yoshimori, K. Yoshimura, T. Harayama, and P. Davis, “Fast random bit generation with bandwidth-enhanced chaos in semiconductor lasers,” Opt. Express 18(6), 5512–5524 (2010). [CrossRef] [PubMed]

]. A secure synchronization method, however, which is essential for utilization of the fast generation rate of the physical RBGs in a multiple node public channel cryptography network, remains to be demonstrated.

The focus of this work is to demonstrate secure synchronization of two high bandwidth RBGs over a public channel using a classical mechanism. zero lag synchronization (ZLS) of two mutually coupled chaotic lasers [14

E. Klein, N. Gross, M. Rosenbluh, W. Kinzel, L. Khaykovich, and I. Kanter, “Stable isochronal synchronization of mutually coupled chaotic lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 73(6), 066214 (2006). [CrossRef] [PubMed]

]. The ZLS mechanism is not sufficiently secure in its simple form to act as a key-exchange protocol [15

I. Kanter, E. Kopelowitz, and W. Kinzel, “Public channel cryptography: chaos synchronization and Hilbert’s tenth problem,” Phys. Rev. Lett. 101(8), 084102 (2008). [CrossRef] [PubMed]

], and it serves only as an information carrier to generate correlated random bit sequences. Identical random bit sequences can be constructed from these correlated sequences via information reconciliation and privacy amplification [4

–6

]. Furthermore, the presented mechanism allows the secure generation of a synchronized random bit string amongst a small network of communicating parties.

2. Results

Synchronization of two RBGs

We have numerically investigated the scenario of Fig. 1(a) where two mutually coupled lasers, A and B, are subject to both optical feedback and mutual coupling in a symmetric configuration. In general, ZLS can be achieved when that the sum of the self-coupling delay times of lasers A and B equals twice the mutual coupling delay time [16

M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]

]. For simplicity of the discussion we first investigate the case where the optical self-feedback time delays, τ_A and τ_B, and the mutual coupling time delay, τ, are all equal to 10 ns in the examples below. The strength of self-feedback and the mutual coupling are denoted by κ and σ, respectively. The injection current to the threshold current ratio is selected to be 1.5, so that the lasers operate in the coherence collapse regime [17

R. J. Jones, P. S. Spencer, J. Lawrence, and D. M. Kane, “Influence of external cavity length on the coherence collapse regime in laser diodes subject to optical feedback,” IEEE Proc. Optoelectron. 148(1), 7–12 (2001). [CrossRef]

]. In simulations, we use the Lang-Kobayashi (LK) equations which are a good model for the intensity dynamics of coupled semiconductor lasers [18

R. Lang and K. Kobayashi, “External optical feedback effects on semiconductor injection laser properties,” IEEE J. Quantum Electron. 16(3), 347–355 (1980). [CrossRef]

,19

V. Ahlers, U. Parlitz, and W. Lauterborn, “Hyperchaotic dynamics and synchronization of external-cavity semiconductor lasers,” Phys. Rev. E Stat. Phys. Plasmas Fluids Relat. Interdiscip. Topics 58(6), 7208–7213 (1998). [CrossRef]

] and are explicitly given in references [19

] and [20

E. Klein, N. Gross, E. Kopelowitz, M. Rosenbluh, L. Khaykovich, W. Kinzel, and I. Kanter, “Public-channel cryptography based on mutual chaos pass filters,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 74(4), 046201 (2006). [CrossRef] [PubMed]

]. For each point in the phase space, (κ,σ), the cross correlation at zero time lag was measured over a window of 20 ns and averaged over 1 μs.

Fig. 1 Zero lag synchronization scheme for two and three lasers and an attacker. (a) Two mutually coupled SLs, A and B, where a third SL, C, is unidirectionally coupled to the mutually transmitted signals. The self-coupling delays for A and B are τ_A and τ_B, mutual coupling delay is τ, κ and σ are the strengths of self and mutual couplings. and similarly κ_C and σ_C for C. (b) A small network of three symmetrically mutually coupled SLs, A, B and C, where all coupling delays are equal to τ and a fourth laser, D, is coupled unidirectionally to each of the three transmitted signals. All delay times are equal.

There are mainly two phases as shown in Fig. 2(a) . For small κ+σ, A and B are not synchronized, whereas for larger values, ZLS emerges as the cross correlation gradually increases towards one. The cross correlation between A or B and a third laser, C, coupled unidirectionally (Fig. 1(a)) with the same time delays, τ_C=τ_A=τ_B=τ and coupling strengths, σ_C=σ, κ_C=κ, is depicted in Fig. 2(b). A comparison of Fig. 2(a) and 2(b) indicates that ZLS of mutually coupled chaotic lasers is superior to the unidirectional coupling of laser C in a large fraction of the phase space (κ,σ) [14

], however, laser C can achieve the same level of synchronization as the mutually coupled lasers by amplifying the coupling signal, σ_C>σ, while maintaining its total input κ_C+σ_C~κ+σ. In what follows, we first describe the utilization of ZLS as a carrier synchronizing the RBGs of A and B and then we analyze the security of the channel.

Fig. 2 Cross correlation for mutual and unidirectional coupling. (a) Cross correlation at zero time lag is calculated for two mutually coupled SLs (Fig. 1(a)) for a range of parameter values: κ, feedback strength and σ, coupling strength. (b) Cross correlation at zero time lag between a third SL coupled unidirectionally to one of the parties (Fig. 1(a)), using identical κ and σ as the parties.

In the first step, each partner encodes a random binary sequence [7

N. Metropolis and S. Ulam, “The Monte Carlo method,” J. Am. Stat. Assoc. 44(247), 335–341 (1949). [CrossRef] [PubMed]

–9

T. E. Murphy and R. Roy, “Chaotic lasers: The world's fastest dice,” Nat. Photonics 2(12), 714–715 (2008). [CrossRef]

] by modulating the chaotic intensity of its laser. The modulated intensity is thus M²I, where M=1 corresponds to the transmission of “1” while M=M₀ corresponds to the transmission of “-1”. In simulations we modulate the intensity by changing the field and in the examples below M₀ is set to 0.9 with a bandwidth of 1 Gbit/s, the explicit equations are given in 20. Our simulations indicate that the ZLS between the communicating pair remains robust even in the presence of such independent modulation by each of the parties. B for instance, decodes the massage transmitted from A by dividing the intensity received from A with its own synchronized laser output, prior to his modulation, <I_A ^R>/<I_B>, where the average, <…>, is over a predetermined duration of one bit transmission time. If this fraction is larger than (1+M₀ ²)/2 then the estimated received bit is “1”, otherwise “-1”. The encoding/decoding procedures are implemented simultaneously at both lasers and are known as a mutual chaos pass filter (MCPF) mechanism [20

]. The average bit error rate (BER) as a function of (κ,σ) is presented in Fig. 3(b) .

Fig. 3 Bit error rate for the attacker and the parties. (a) BER is calculated for laser C in the setup of Fig. 1(a) as a function of (κ, σ), when A and B are operating with κ=90 ns⁻¹ and σ=40 ns⁻¹ (indicated by the arrow). (b) BER among the parties in the setup of Fig. 1(a) as a function of (κ, σ). The BER for each (κ, σ) is averaged over 1 μs and the modulation bandwidth is 1 Gbit/s.

Protocol

Parties A and B encode different random bit sequences, hence, the decoded bits are uncorrelated and independent of BER level. An identical random binary sequence is obtained using the following protocol:

• The two partners start with an identical public random binary sequence of length L, S_A=S_B=S.
• A compares his estimated received bit at time interval m, R_A(m), to his random transmitted bit at the same time interval, T_A(m). If R_A(m)=T_A(m), S_A(m) is set equal to R_A(m), otherwise S_A(m) remains unchanged. Similarly, in the event R_B(m)=T_B(m), S_B(m) is set equal to R_B(m).
• At the end of the MCPF procedure the average fraction of identical bits between S_A and S_B is given by

$P_{A B} = 1 - p + 0.5 p^{2}$

(1)

where p stands for the BER of the MCPF procedure and is calculated using symbolic mathematics as presented in Methods section. The meaning of p=0 is that A and B acted identically on the initial vectors S and P_AB=1, whereas for p=1 only when the partners send different bits, S is altered differently by the two partners, hence P_AB=0.5. For simplicity of discussion we assume statistically independent errors in the decoding procedure of A and B. However, it is expected that both decoders are correlated, since in the event the two lasers are temporally desynchronized the probability for an error bit for both of them increases in comparison to time slots of enhanced synchronization, as was indeed observed in simulations and is analyzed using symbolic mathematics in Methods section. The two partners now possess correlated bit sequences.

• To achieve the goal of two identical random bit sequences, an information reconciliation procedure is performed, a form of error correcting code, as for protocols of quantum cryptography [2
D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).
]. At the end of this procedure the two partners hold identical random bit sequences.
• Inevitably, leakage of information occurs during the information reconciliation procedure and is eliminated by a privacy amplification procedure which is also utilized in quantum cryptography for similar reasons [6
V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]
,14
E. Klein, N. Gross, M. Rosenbluh, W. Kinzel, L. Khaykovich, and I. Kanter, “Stable isochronal synchronization of mutually coupled chaotic lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 73(6), 066214 (2006). [CrossRef] [PubMed]
].

The identical random bit sequences can serve as a common key generated over a public channel. The main question is whether a passive, unidirectionally coupled attacker, C, is capable of deducing the key, when all details of the protocol are publicly known.

Figure 2 indicates that it is possible to select sets of parameters (κ,σ) such that the ZLS of A and B, is superior to the ZLS of C. For instance, for κ=90 ns⁻¹ and σ=40 ns⁻¹ the cross correlation at zero time lag between the parties is much higher, ~0.94, than correlation between the attacker and the parties ~0.5. An attacker using the same set of parameters as A and B would obtain a very high BER in his CPF mechanism [21

A. Argyris, D. Syvridis, L. Larger, V. Annovazzi-Lodi, P. Colet, I. Fischer, J. García-Ojalvo, C. R. Mirasso, L. Pesquera, and K. A. Shore, “Chaos-based communications at high bit rates using commercial fibre-optic links,” Nature 438(7066), 343–346 (2005). [CrossRef] [PubMed]

], q~0.4 in our simulations (Fig. 3(a)), in comparison to p~0.07 for A and B (Fig. 3(b)). In order to minimize his BER, the attacker can amplify σ_C while decreasing κ_C so that κ_C+σ_C~κ+σ. (Note that minimizing BER of C differs from maximizing its ZLS). Figure 3(a) indicates that the minimum BER for the attacker, q~0.15, is obtained for (κ=40 ns⁻¹, σ_C=90 ns⁻¹) while the parties are operating with (κ=90 ns⁻¹, σ=40 ns⁻¹). Though this is a much lower BER then C would obtain without the use of amplification, it remains more than twice as high as the BER of A and B.

Information theory analysis

The MCPF procedure is based on the synchronization of lasers A and B on the unmodulated portion of the mutual signal, while the modulated part can be considered as “noise”. The noise to signal ratio for A and B is given by

\frac{σ M^{2}}{I (σ + κ)}

(2)

and this is larger for the attacker

\frac{σ_{C} M^{2}}{I (σ_{C} + κ_{C})}

(3)

since σ_C>σ and as a result q>p. A higher BER for C, however, does not necessarily indicate that the fraction of identical bits between S_C and S_A is reduced in comparison to the fraction of identical bits between S_A and S_B. One can show, using symbolic mathematics (Methods section), that the average fraction of identical bits between S_C and S_A (or S_B) is given by

P_{A C} = 1 - 0.5 p - q (1 - 1.5 p) + q^{2} (0.5 - p)

(4)

A comparison between Eqs. (1) and (4) yields the range of (p,q) values where P_AC<P_AB, indicated by the blue and red colored region in Fig. 4(a) . Note that for p=q and also for a limited region where p<q, one finds P_AC<P_AB.

Fig. 4 Secure regions for two and three synchronized RBGs. (a) Two mutually coupled lasers as in the setup of Fig. 1(a). where all delays are equal. (b) Three mutually coupled lasers as in schematic Fig. 1(b). The BER of the MCPF procedure between a pair of parties, p, and between a party and the attacker, q, is calculated assuming uncorrelated decoded bits by the parties and by the attacker. The colored regions (colored in either blue or red) indicate a necessary condition for the failure of an attacker before the reconciliation procedure, P_AC<P_AB . The region where an attacker cannot succeed in recovering the key, even when using the leakage of information of the reconciliation procedure, is indicated in red.

A reconciliation procedure sets P_AB=1, resulting in identical random bit sequences for A and B. The leakage of information in the reconciliation procedure for the case P_AC< P_AB, can be also expected to be usable for enhancing P_AC, but it cannot be boosted to one. The exact bound for when A and B can be considered secure from attack by C is given by

{I(S}_{A} {,S}_{B}) {>I(S}_{C} {,S}_{A} {)+I(S}_{C} {,S}_{B} {|S}_{A})

(5)

where I(S_C,S_B) and I(S_C,S_B|S_A) stands for the mutual information and the conditional mutual information [22

T. M. Cover, and J. A. Thomas, Elements of Information Theory (John Wiley and Sons, New York, 1991).

], respectively, and S_A, S_B and S_C stand for the binary sequences before the reconciliation procedure. Equation (5) states that in case the minimum required exchange of information for the reconciliation procedure, 1-I(S_A,S_B), is less than the total missing information C possesses about S_A and S_B, 1- I(S_C,S_A)-I(S_C,S_B|S_A), the attacker fails to recover the random bits sequence. Condition (5) as a function of p and q is calculated using symbolic mathematics and depicted by the red region of Fig. 4(a). In the above-mentioned example the point (p=0.07,q=0.15) lies in the red region of Fig. 4(a) and thus indicates that a secure synchronization of two RBGs over a public channel is achieved. The case of correlated decoded bits is also found to be secure (Methods section).

An attacker may try to decipher the transmitted bit from a measurement of the average intensity over the duration of a bit length. Figure 5(a) depicts the intensity histogram for bit duration of 1 ns and Fig. 5(b) for 50 ns, indicating that the histogram narrows as the bandwidth decreases and it is clear that the histogram is shifted as the intensity is modulated. For low enough bandwidth, the chaotic fluctuations are averaged and two non-overlapping histograms for 1 and −1 bits, may be separately identified by the attacker. However, for high bandwidths the shifted histogram substantially overlaps with the non-modulated histogram, hence the attacker fails to decode the transmitted bits using the knowledge of the average intensity.

Fig. 5 Histogram of averaged chaotic intensity and BER as a function of bit length. (a) 1 ns bit length for a run time of 25 μs. (b) 50 ns bit length for a run time of 25 μs. (c) BER of the parties for a run time of 16 μs. Parameters: κ=90 ns⁻¹, σ=40 ns⁻¹.

Another possible attack is the use of repetition code which might decrease the attacker’s BER. The BER among the parties as a function of bit length is depicted in Fig. 5(c), indicating significantly increased BER for bit lengths of less than 1 ns. This renders the use of repetition code inefficient for bandwidth higher than or equal to 1 Gbit/s, as the potential lower BER resulting from the repetition code is cancelled by the increased BER due to the higher bandwidth. In addition, simulation indicates that the repetition code does not improve the BER for the attacker, since errors in successive bits are highly correlated. These correlations are caused by the temporal deterioration in synchronization over periods much longer than the bit length.

Extended protocol for non identical delay times

The proposed prototypical scheme, Fig. 1(a), was demonstrated in the case where the mutual and self-coupling delays are identical, τ_A=τ_B=τ, which might not be realistic in public channel scenarios. However, the ZLS as well as the proposed algorithm can be generalized to the case where the mutual delay differs from the self-coupling delay. For a delay configuration given by τ_A+τ_B=2τ, for instance, and κ=σ it was shown that the two partners are synchronized, where A lags after B by Δ=(τ_B-τ_A)/2 assuming τ_B>τ_A [16

M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]

]. Note, that ZLS, τ_B=τ_A, is a particular solution of this more general case. This scenario can be realized in practice where a 50% semi-transparent mirror is located at τ_A/2 and τ_B/2 from the two mutually communicating lasers A and B, respectively (Fig. 6 ) [23

V. Flunkert, O. D’Huys, J. Danckaert, I. Fischer, and E. Schöll, “Bubbling in delay-coupled lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 79(6), 065201 (2009). [CrossRef] [PubMed]

,16

M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]

]. The shifted cross correlation at Δ between A and B as a function of (κ,σ) is very similar to the ZLS correlation presented in Fig. 2(a). The key-exchange protocol for this generalized scenario has to be slightly modified since the modulation affects self-feedback as well as the mutual coupling. For instance, the incoming beam to A consists of the modulated beam from B and its own modulated beam, reflected from the semi-transparent mirror.

Fig. 6 Scheme of two mutually coupled lasers via a semi-permeable mirror. Two mutually coupled SLs, A and B, where a 50% semi-transparent mirror (M) is placed at a distance of τ_Α/2 and τ_Β/2 from A and B, respectively. The scheme is equivalent to Fig. 1(a) with τ=(τ_A+τ_B)/2 and κ = σ.

The main steps of the modified protocol are as follows:

• The two partners start with an identical public random binary sequence of length L, S_A=S_B=S and encode random bit streams onto their chaotic intensities as for the ZLS case.
• A calculates the ratio between its received average intensity over one bit length and its own average intensity at time t−τ−Δ. In case of complete Δ lagged synchronization, there are three possible outcomes for the ratio. The ratio is 1 in case both A and B do not modulate their intensities (both send 1), (1+M₀ ²)/2 in case only one of the parties modulated its intensity (one sends −1 and the other sends 1) and M₀ ² in case both parties modulate their intensities (both send −1). To identify the correct ratio, A sets two thresholds between the three ratios, (3+M₀ ²)/4 and (1+3M₀ ²)/4, as opposed to the one threshold case in ZLS.
• A knows its transmitted bits, thus it can estimate the received bit from B. For instance, if the ratio was determined to be (1+M₀ ²)/2 and A’s sent bit was 1 then the estimation of the bit sent by B is −1.
• Actions of the parties on the public vector, S, remain identical as in ZLS.

In simulation we observe that the synchronization of an attacker coupled unidirectionally as in Fig. 1(a) and using the same coupling strengths is similar to the synchronization level depicted in Fig. 2(b) and is lower in comparison to the parties synchronization level. Hence, we expect a similar gap between the BER levels of the parties and the attacker. Indeed, in simulations the BER of each of the parties, p, is much lower than the minimal BER of the attacker, q, in (κ,σ) space. For instance, for M₀=0.95, τ=20 ns, τ_A=17 ns, τ_B=23 ns, κ=σ=4 ns ⁻¹ and a bandwidth of 1 Gbit/s, p~0.09 and q~0.23 and the key-exchange protocol is secure, Fig. 4(a). Note that since the message is transmitted in both the mutual and self-feedback, the total modulation is increased. Thus to preserve the noise to signal ratio, a higher M₀ is used.

Secure synchronization of three RBGs

Key-exchange protocols based on number theory are fundamentally limited to only two users [2

D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).

]. Our proposed protocol, however, can be generalized to secure synchronization of RBGs among a small network of three mutually coupled lasers, as shown in Fig. 1(b). Each laser has three inputs, a self-feedback of strength κ and two input signals from the other two lasers, each with strength σ, and ZLS is achieved in (κ,σ) similarly to Fig. 2(a) [24

J. Kestler, W. Kinzel, and I. Kanter, “Sublattice synchronization of chaotic networks with delayed couplings,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 76(3), 035202 (2007). [CrossRef] [PubMed]

]. Each party starts with a given public random binary sequence. In case the estimated two received bits, using MCPF procedure, are equal to the party’s transmitted bit, the corresponding bit in the public random binary sequence is set to the value of this common bit. An attacker represented by the fourth, middle laser in Fig. 1(b), is assumed to be capable of noiseless amplification of the transmitted signal and eavesdropping to each of the three communicating signals and thus to estimate the transmitted bit sequence using a CPF procedure [21

Assuming uncorrelated decoded bits by each party and the attacker, the average number of identical bits between any pair of (S_A, S_B, S_C) is calculated using symbolic mathematics and is given by P=1-p+7/4p²-3/2p³+1/2p⁴ whereas between the attacker and a party P _attacker =1-p/2+p²/4-(3/4-2p+5/4p²)q+(3/4-5/2p+2p²)q²-(1/4-p+p²)q³ (Methods section). The region where P>P_attacker is denoted by the colored (both blue and red) regions of Fig. 4(b), indicating a similar lower bound as for the two lasers case, Fig. 4(a). The exact condition for a secure synchronization of three RBGs is given by

{I(S}_{D} {,S}_{A} {)+I(S}_{D} {,S}_{B} {|S}_{C} {)+I(S}_{D} {,S}_{C} {|S}_{A} {,S}_{B} {)-2I(S}_{A} {,S}_{B} {)-I(S}_{A} {,S}_{C} {|S}_{B})+1>0

(6)

where SD is the binary recovered sequence of the attacker. This inequality was derived using a Venn diagram, Fig. 7 . 1-T₁=1-I(S_A,S_B)-I(S_A,S_C|S_B) stands for the independent information of one party, T₂ = I(S_A,S_C|S_B) stands for the common information of two parties only and T₃=T₁-2T₂ is the common information for the three parties. The total entropy of the three parties is 3+T₂-2T₁, hence the required exchange of information in the reconciliation procedure is 2+T₂-2T₁. Failure of the attacker requires that the leakage of information in the reconciliation procedure plus the mutual information of the attacker with the three parties, I(S_D,S_A)+I(S_D,S_B|S_C)+I(S_D,S_C|S_A,S_B), is less than 1 and results in inequality (6). The region of secure synchronization is indicated by the red region of Fig. 4(b) and is limited by p ≲ 0.1 for q→0.5. Is it realistic to create such a gap between the BER of the parties and the attacker? Simulation results, averaged over transmission of 20,000 bits, with κ=σ=60 ns⁻¹ for the parties indicate p=0.025, whereas an exhaustive search of the attacker indicates that the minimum q=0.145 is obtained for κ_attacker=50 ns⁻¹ and σ_attacker=120 ns⁻¹. Figure 4(b) shows that (p=0.025,q=0.145) is in the red region, hence a secure synchronization of three RBGs over a public channel is achieved.

Fig. 7 Venn diagram for the mutual information of three communicating parties. The entropy of a transmitted bit of each party is represented by a circle normalized to 1. T₃ – common information for all parties, T₂ – common information for each pair of parties and 1-T₁ stands for the independent information of each party.

3. Discussion

A possible experimental implementation of a three laser network can be realized in a setup just as drawn in Fig. 1b, where each diode laser has two outputs/inputs, one from each of the laser facets. In many such lasers, due to different facet coatings, the two output intensities are not equal, and thus the stronger output can be conveniently divided by a beam splitter – reflector combination to provide the self feedback for each laser. Matching the mutual and self feedback distances and equalizing the intensities can be accomplished using standard optical components, just as in a two coupled laser configuration. Alternatively, by the incorporation of additional beam splitters, diode laser with a single emitting facet can also be configured to make a three laser network.

For synchronizing more than three RBGs, it is expected that the secure region in (p,q), will become smaller, since the superior information of a party (knowledge of its transmitted bit) relative to the attacker is reduced. Sufficiently low BER values, p, are within the secure region for any number of synchronized RBGs, and the remaining question is whether sufficiently low p values can be achieved. It is experimentally expected that by implementing a high pass filter on the mutually transmitted signals, p can be significantly reduced to the order of 10⁻⁷ as was observed in a unidirectional configuration and modulation bandwidth of 1Gbit/s [21

]. Consequently, it is expected that the presented secure synchronization of three RBGs can be extended to a larger network of communicating chaotic lasers.

An important property of the proposed key-exchange protocol is to detect the presence of an active attacker trying to interfere with the mutual transmitted signals in order to enhance his ZLS or to prevent the parties from achieving an identical key. A possible solution for the parties is to communicate part of their encoded and estimated decoded bits over a public channel, where each encoded/decoded configuration has a given probability which is a function of p. An active attacker cannot imitate these probabilities, since its knowledge of the transmitted information is inferior in comparison to the parties. This additional feature of the the key-exchange protocol, based on synchronization of chaotic lasers, is similar to known features of the quantum key-exchange protocol and certainly deserves future research.

4. Methods

Symbolic mathematics

Initial binary sequences of the parties and the attacker before transmission, S_A, S_B and S_C are identical. All possible probabilities for actions of the parties on the S vectors are calculated and summarized in Table 1 . Using symbolic mathematics, the fraction of identical bits is derived and depicted in Eq. (1). A more complex case, where the joint probability distribution of the attacker and the parties are taken into account using symbolic mathematics, results in Eq. (4). A comparison of Eq. (1) and (3) results in

0 < p < \frac{1}{2} (1 + 3 q - 2 q^{2} - \sqrt{{(1 + 3 q - 2 q^{2})}^{2} - 4 q (2 - q)})

which is the boundary line between blue and white areas in Fig. 4(a). Similar calculation for the case of three communicating parties and an attacker as in Fig. 1(b), results in 2048 different scenarios. The boundary line of the red region in Fig. 4(b) is found to be

0 < p < \sqrt{2 Z^{4} - 6 Z^{3} + (6 + 5 q - 8 q^{2} + 4 q^{3}) Z^{2} - (2 + 8 q - 10 q^{2} + 4 q^{3}) Z + (3 q - 3 q^{2} + q^{3}) = 0}

Table 1 Probabilities for all possible scenarios of transmitted and received bits by the communicating parties.

A	*R_A*	B	*R_B*	*Act.* A	*Act.* B	*Prob. of* *configuration*
1	1	1	1	1	1	(1-p)²/4
1	1	1	−1	1	0	p(1-p)/4
1	1	−1	1	1	0	p(1-p)/4
1	1	−1	−1	1	−1	P²/4
1	−1	1	1	0	1	p(1-p)/4
1	−1	1	−1	0	0	P²/4
1	−1	−1	1	0	0	(1-p)²/4
1	−1	−1	−1	0	−1	p(1-p)/4
−1	1	1	1	0	1	p(1-p)/4
−1	1	1	−1	0	0	(1-p)²/4
−1	1	−1	1	0	0	P²/4
−1	1	−1	−1	0	−1	p(1-p)/4
−1	−1	1	1	−1	1	P²/4
−1	−1	1	−1	−1	0	p(1-p)/4
−1	−1	−1	1	−1	0	p(1-p)/4
−1	−1	−1	−1	−1	−1	(1-p)²/4

A, B, R_A and R_B denote transmitted bit by A, transmitted bit by B, decoded bit by A and B, respectively. Zero in the action column indicates no action is performed on the initial sequence, S.

Correlation of decoded bits

The errors in decoding of the received bits by the parties are assumed to be statistically uncorrelated. Simulations indicate a deviation from the above assumption, since for a period of desynchronization, deterioration in the probability to correctly decode a bit occurs for both parties simultaneously and similarly for the case of desynchronization of the attacker with the two synchronized parties. The joint probability to decode the received bit by the two communicating parties was analyzed for the case depicted in Fig. 1(a), with same parameters as in Fig. 3. The probabilities are described by a 2x2 matrix, M, where M_1,1 denotes the probability for correct bit decoding by both parties, M_2,2 denotes the probability for incorrect bit decoding by both parties and M_1,2 and M_2,1 denote the probability for correct bit decoding by one of the parties and incorrect decoding by the other. A similar matrix, N, is defined for the attacker. Using simulation, elements of the matrices were estimated and are given by:

M = (\begin{array}{l} 0.899 0.035 \\ 0.035 0.031 \end{array}), N = (\begin{array}{l} 0.714 0.122 \\ 0.122 0.042 \end{array})

whereas given the assumption of statistically independent decoded bits with p = 0.066 and q = 0.165, the expected matrices are:

M_{} = (\begin{array}{l} 0.872 0.062 \\ 0.062 0.004 \end{array}), N = (\begin{array}{l} 0.697 0.138 \\ 0.138 0.027 \end{array})

The comparison between the first and second set of matrices, clearly indicates correlation among decoded bits. Using joint probability distribution of decoded bits and symbolic mathematics, the leakage of information from the parties to the attacker is estimated at 0.352 and similarly the mutual information between the parties and the attacker is 0.436. Thus the attacker fails to recover the information as 0.352+0.436 <1.

Similar results for correlated bits were obtained for the case of three communicating parties and an attacker (Fig. 1(b)), the leakage of information to the attacker is estimated at 0.231 and the mutual information between the parties and the attacker is 0.592. Hence, the attacker also fails to recover the information as 0.231+0.592<1.

Acknowledgments

The research of IK and MR is partially supported by the Israel Science Foundation.

References and links

1.	M. A. Nielsen, and I. L. Chuang, Quantum Computation and Quantum Information. (Cambridge University Press, Cambridge, 2000).
2.	D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).
3.	R. G. Gallager, Principles of Digital Communication. (Cambridge University Press, Cambridge, 2008).
4.	C. H. Bennett, C. Hand, and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984).
5.	A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef] [PubMed]
6.	V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]
7.	N. Metropolis and S. Ulam, “The Monte Carlo method,” J. Am. Stat. Assoc. 44(247), 335–341 (1949). [CrossRef] [PubMed]
8.	S. Asmussen, and P. W. Glynn, Stochastic Simulation: Algorithms and Analysis. (Springer-Verlag, New York, 2007).
9.	T. E. Murphy and R. Roy, “Chaotic lasers: The world's fastest dice,” Nat. Photonics 2(12), 714–715 (2008). [CrossRef]
10.	A. Uchida, K. Amano, M. Inoue, K. Hirano, S. Naito, H. Someya, I. Oowada, T. Kurashige, M. Shiki, S. Yoshimori, K. Yoshimura, and P. Davis, “Fast physical random bit generation with chaotic semiconductor lasers,” Nat. Photonics 2(12), 728–732 (2008). [CrossRef]
11.	I. Reidler, Y. Aviad, M. Rosenbluh, and I. Kanter, “Ultrahigh-speed random number generation based on a chaotic semiconductor laser,” Phys. Rev. Lett. 103(2), 024102 (2009). [CrossRef] [PubMed]
12.	I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics 4(1), 58–61 (2010). [CrossRef]
13.	K. Hirano, T. Yamazaki, S. Morikatsu, H. Okumura, H. Aida, A. Uchida, S. Yoshimori, K. Yoshimura, T. Harayama, and P. Davis, “Fast random bit generation with bandwidth-enhanced chaos in semiconductor lasers,” Opt. Express 18(6), 5512–5524 (2010). [CrossRef] [PubMed]
14.	E. Klein, N. Gross, M. Rosenbluh, W. Kinzel, L. Khaykovich, and I. Kanter, “Stable isochronal synchronization of mutually coupled chaotic lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 73(6), 066214 (2006). [CrossRef] [PubMed]
15.	I. Kanter, E. Kopelowitz, and W. Kinzel, “Public channel cryptography: chaos synchronization and Hilbert’s tenth problem,” Phys. Rev. Lett. 101(8), 084102 (2008). [CrossRef] [PubMed]
16.	M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]
17.	R. J. Jones, P. S. Spencer, J. Lawrence, and D. M. Kane, “Influence of external cavity length on the coherence collapse regime in laser diodes subject to optical feedback,” IEEE Proc. Optoelectron. 148(1), 7–12 (2001). [CrossRef]
18.	R. Lang and K. Kobayashi, “External optical feedback effects on semiconductor injection laser properties,” IEEE J. Quantum Electron. 16(3), 347–355 (1980). [CrossRef]
19.	V. Ahlers, U. Parlitz, and W. Lauterborn, “Hyperchaotic dynamics and synchronization of external-cavity semiconductor lasers,” Phys. Rev. E Stat. Phys. Plasmas Fluids Relat. Interdiscip. Topics 58(6), 7208–7213 (1998). [CrossRef]
20.	E. Klein, N. Gross, E. Kopelowitz, M. Rosenbluh, L. Khaykovich, W. Kinzel, and I. Kanter, “Public-channel cryptography based on mutual chaos pass filters,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 74(4), 046201 (2006). [CrossRef] [PubMed]
21.	A. Argyris, D. Syvridis, L. Larger, V. Annovazzi-Lodi, P. Colet, I. Fischer, J. García-Ojalvo, C. R. Mirasso, L. Pesquera, and K. A. Shore, “Chaos-based communications at high bit rates using commercial fibre-optic links,” Nature 438(7066), 343–346 (2005). [CrossRef] [PubMed]
22.	T. M. Cover, and J. A. Thomas, Elements of Information Theory (John Wiley and Sons, New York, 1991).
23.	V. Flunkert, O. D’Huys, J. Danckaert, I. Fischer, and E. Schöll, “Bubbling in delay-coupled lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 79(6), 065201 (2009). [CrossRef] [PubMed]
24.	J. Kestler, W. Kinzel, and I. Kanter, “Sublattice synchronization of chaotic networks with delayed couplings,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 76(3), 035202 (2007). [CrossRef] [PubMed]

OCIS Codes
(060.4510) Fiber optics and optical communications : Optical communications
(060.4785) Fiber optics and optical communications : Optical security and encryption

ToC Category:
Fiber Optics and Optical Communications

History
Original Manuscript: July 6, 2010
Revised Manuscript: August 1, 2010
Manuscript Accepted: August 1, 2010
Published: August 10, 2010

Citation
Ido Kanter, Maria Butkovski, Yitzhak Peleg, Meital Zigzag, Yaara Aviad, Igor Reidler, Michael Rosenbluh, and Wolfgang Kinzel, "Synchronization of random bit generators based on coupled chaotic lasers and application to cryptography," Opt. Express 18, 18292-18302 (2010)
http://www.opticsinfobase.org/oe/abstract.cfm?URI=oe-18-17-18292

Sort: Author | Year | Journal | Reset

References

M. A. Nielsen, and I. L. Chuang, Quantum Computation and Quantum Information. (Cambridge University Press, Cambridge, 2000).
D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).
R. G. Gallager, Principles of Digital Communication. (Cambridge University Press, Cambridge, 2008).
C. H. Bennett, C. Hand, and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984).
A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef] [PubMed]
V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]
N. Metropolis and S. Ulam, “The Monte Carlo method,” J. Am. Stat. Assoc. 44(247), 335–341 (1949). [CrossRef] [PubMed]
S. Asmussen, and P. W. Glynn, Stochastic Simulation: Algorithms and Analysis. (Springer-Verlag, New York, 2007).
T. E. Murphy and R. Roy, “Chaotic lasers: The world's fastest dice,” Nat. Photonics 2(12), 714–715 (2008). [CrossRef]
A. Uchida, K. Amano, M. Inoue, K. Hirano, S. Naito, H. Someya, I. Oowada, T. Kurashige, M. Shiki, S. Yoshimori, K. Yoshimura, and P. Davis, “Fast physical random bit generation with chaotic semiconductor lasers,” Nat. Photonics 2(12), 728–732 (2008). [CrossRef]
I. Reidler, Y. Aviad, M. Rosenbluh, and I. Kanter, “Ultrahigh-speed random number generation based on a chaotic semiconductor laser,” Phys. Rev. Lett. 103(2), 024102 (2009). [CrossRef] [PubMed]
I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics 4(1), 58–61 (2010). [CrossRef]
K. Hirano, T. Yamazaki, S. Morikatsu, H. Okumura, H. Aida, A. Uchida, S. Yoshimori, K. Yoshimura, T. Harayama, and P. Davis, “Fast random bit generation with bandwidth-enhanced chaos in semiconductor lasers,” Opt. Express 18(6), 5512–5524 (2010). [CrossRef] [PubMed]
E. Klein, N. Gross, M. Rosenbluh, W. Kinzel, L. Khaykovich, and I. Kanter, “Stable isochronal synchronization of mutually coupled chaotic lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 73(6), 066214 (2006). [CrossRef] [PubMed]
I. Kanter, E. Kopelowitz, and W. Kinzel, “Public channel cryptography: chaos synchronization and Hilbert’s tenth problem,” Phys. Rev. Lett. 101(8), 084102 (2008). [CrossRef] [PubMed]
M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]
R. J. Jones, P. S. Spencer, J. Lawrence, and D. M. Kane, “Influence of external cavity length on the coherence collapse regime in laser diodes subject to optical feedback,” IEEE Proc. Optoelectron. 148(1), 7–12 (2001). [CrossRef]
R. Lang and K. Kobayashi, “External optical feedback effects on semiconductor injection laser properties,” IEEE J. Quantum Electron. 16(3), 347–355 (1980). [CrossRef]
V. Ahlers, U. Parlitz, and W. Lauterborn, “Hyperchaotic dynamics and synchronization of external-cavity semiconductor lasers,” Phys. Rev. E Stat. Phys. Plasmas Fluids Relat. Interdiscip. Topics 58(6), 7208–7213 (1998). [CrossRef]
E. Klein, N. Gross, E. Kopelowitz, M. Rosenbluh, L. Khaykovich, W. Kinzel, and I. Kanter, “Public-channel cryptography based on mutual chaos pass filters,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 74(4), 046201 (2006). [CrossRef] [PubMed]
A. Argyris, D. Syvridis, L. Larger, V. Annovazzi-Lodi, P. Colet, I. Fischer, J. García-Ojalvo, C. R. Mirasso, L. Pesquera, and K. A. Shore, “Chaos-based communications at high bit rates using commercial fibre-optic links,” Nature 438(7066), 343–346 (2005). [CrossRef] [PubMed]
T. M. Cover, and J. A. Thomas, Elements of Information Theory (John Wiley and Sons, New York, 1991).
V. Flunkert, O. D’Huys, J. Danckaert, I. Fischer, and E. Schöll, “Bubbling in delay-coupled lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 79(6), 065201 (2009). [CrossRef] [PubMed]
J. Kestler, W. Kinzel, and I. Kanter, “Sublattice synchronization of chaotic networks with delayed couplings,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 76(3), 035202 (2007). [CrossRef] [PubMed]

Ahlers, V.
Aida, H.
Amano, K.
Annovazzi-Lodi, V.
Argyris, A.
Aviad, Y.
Bechmann-Pasquinucci, H.
Butkovski, M.
Cerf, N. J.
Cohen, E.
Colet, P.
D’Huys, O.
Danckaert, J.
Davis, P.
Dušek, M.
Ekert, A. K.
Englert, A.
Fischer, I.
Flunkert, V.
García-Ojalvo, J.
Gross, N.
Harayama, T.
Hirano, K.
Inoue, M.
Jones, R. J.
Kane, D. M.
Kanter, I.
Kestler, J.
Khaykovich, L.
Kinzel, W.
Klein, E.
Kobayashi, K.
Kopelowitz, E.
Kurashige, T.
Lang, R.
Larger, L.
Lauterborn, W.
Lawrence, J.
Lütkenhaus, N.
Metropolis, N.
Mirasso, C. R.
Morikatsu, S.
Murphy, T. E.
Naito, S.
Okumura, H.
Oowada, I.
Parlitz, U.
Peev, M.
Pesquera, L.
Reidler, I.
Rosenbluh, M.
Roy, R.
Scarani, V.
Schöll, E.
Shiki, M.
Shore, K. A.
Someya, H.
Spencer, P. S.
Syvridis, D.
Uchida, A.
Ulam, S.
Yamazaki, T.
Yoshimori, S.
Yoshimura, K.
Zigzag, M.

Europhys. Lett.

M. Zigzag, M. Butkovski, A. Englert, W. Kinzel, and I. Kanter, “Zero lag synchronization of chaotic units with time-delayed couplings,” Europhys. Lett. 85(6), 60005 (2009). [CrossRef]

IEEE J. Quantum Electron.

R. Lang and K. Kobayashi, “External optical feedback effects on semiconductor injection laser properties,” IEEE J. Quantum Electron. 16(3), 347–355 (1980). [CrossRef]

IEEE Proc. Optoelectron.

R. J. Jones, P. S. Spencer, J. Lawrence, and D. M. Kane, “Influence of external cavity length on the coherence collapse regime in laser diodes subject to optical feedback,” IEEE Proc. Optoelectron. 148(1), 7–12 (2001). [CrossRef]

J. Am. Stat. Assoc.

N. Metropolis and S. Ulam, “The Monte Carlo method,” J. Am. Stat. Assoc. 44(247), 335–341 (1949). [CrossRef] [PubMed]

Nat. Photonics

T. E. Murphy and R. Roy, “Chaotic lasers: The world's fastest dice,” Nat. Photonics 2(12), 714–715 (2008). [CrossRef]
A. Uchida, K. Amano, M. Inoue, K. Hirano, S. Naito, H. Someya, I. Oowada, T. Kurashige, M. Shiki, S. Yoshimori, K. Yoshimura, and P. Davis, “Fast physical random bit generation with chaotic semiconductor lasers,” Nat. Photonics 2(12), 728–732 (2008). [CrossRef]
I. Kanter, Y. Aviad, I. Reidler, E. Cohen, and M. Rosenbluh, “An optical ultrafast random bit generator,” Nat. Photonics 4(1), 58–61 (2010). [CrossRef]

Nature

A. Argyris, D. Syvridis, L. Larger, V. Annovazzi-Lodi, P. Colet, I. Fischer, J. García-Ojalvo, C. R. Mirasso, L. Pesquera, and K. A. Shore, “Chaos-based communications at high bit rates using commercial fibre-optic links,” Nature 438(7066), 343–346 (2005). [CrossRef] [PubMed]

Opt. Express

K. Hirano, T. Yamazaki, S. Morikatsu, H. Okumura, H. Aida, A. Uchida, S. Yoshimori, K. Yoshimura, T. Harayama, and P. Davis, “Fast random bit generation with bandwidth-enhanced chaos in semiconductor lasers,” Opt. Express 18(6), 5512–5524 (2010). [CrossRef] [PubMed]

Phys. Rev. E Stat. Nonlin. Soft Matter Phys.

E. Klein, N. Gross, M. Rosenbluh, W. Kinzel, L. Khaykovich, and I. Kanter, “Stable isochronal synchronization of mutually coupled chaotic lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 73(6), 066214 (2006). [CrossRef] [PubMed]
V. Flunkert, O. D’Huys, J. Danckaert, I. Fischer, and E. Schöll, “Bubbling in delay-coupled lasers,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 79(6), 065201 (2009). [CrossRef] [PubMed]
J. Kestler, W. Kinzel, and I. Kanter, “Sublattice synchronization of chaotic networks with delayed couplings,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 76(3), 035202 (2007). [CrossRef] [PubMed]
E. Klein, N. Gross, E. Kopelowitz, M. Rosenbluh, L. Khaykovich, W. Kinzel, and I. Kanter, “Public-channel cryptography based on mutual chaos pass filters,” Phys. Rev. E Stat. Nonlin. Soft Matter Phys. 74(4), 046201 (2006). [CrossRef] [PubMed]

Phys. Rev. E Stat. Phys. Plasmas Fluids Relat. Interdiscip. Topics

V. Ahlers, U. Parlitz, and W. Lauterborn, “Hyperchaotic dynamics and synchronization of external-cavity semiconductor lasers,” Phys. Rev. E Stat. Phys. Plasmas Fluids Relat. Interdiscip. Topics 58(6), 7208–7213 (1998). [CrossRef]

Phys. Rev. Lett.

I. Kanter, E. Kopelowitz, and W. Kinzel, “Public channel cryptography: chaos synchronization and Hilbert’s tenth problem,” Phys. Rev. Lett. 101(8), 084102 (2008). [CrossRef] [PubMed]
I. Reidler, Y. Aviad, M. Rosenbluh, and I. Kanter, “Ultrahigh-speed random number generation based on a chaotic semiconductor laser,” Phys. Rev. Lett. 103(2), 024102 (2009). [CrossRef] [PubMed]
A. K. Ekert, “Quantum cryptography based on Bell’s theorem,” Phys. Rev. Lett. 67(6), 661–663 (1991). [CrossRef] [PubMed]

Rev. Mod. Phys.

V. Scarani, H. Bechmann-Pasquinucci, N. J. Cerf, M. Dušek, N. Lütkenhaus, and M. Peev, “The security of practical quantum key distribution,” Rev. Mod. Phys. 81(3), 1301–1350 (2009). [CrossRef]

Other

S. Asmussen, and P. W. Glynn, Stochastic Simulation: Algorithms and Analysis. (Springer-Verlag, New York, 2007).
M. A. Nielsen, and I. L. Chuang, Quantum Computation and Quantum Information. (Cambridge University Press, Cambridge, 2000).
D. R. Stinson, Cryptography: Theory and Practice. (CRC Press, Boca Raton, 1995).
R. G. Gallager, Principles of Digital Communication. (Cambridge University Press, Cambridge, 2008).
C. H. Bennett, C. Hand, and G. Brassard, “Quantum Cryptography: Public key distribution and coin tossing,” Proceedings of the IEEE International Conference on Computers, Systems, and Signal Processing, Bangalore, p. 175 (1984).
T. M. Cover, and J. A. Thomas, Elements of Information Theory (John Wiley and Sons, New York, 1991).

Cited By

Alert me when this paper is cited

OSA is able to provide readers links to articles that cite this paper by participating in CrossRef's Cited-By Linking service. CrossRef includes content from more than 3000 publishers and societies. In addition to listing OSA journal articles that cite this paper, citing articles from other participating publishers will also be listed.

Click here to see a list of articles that cite this paper