Open Access
Add to BibSonomy
Abstract
The physical-layer properties of the classical optical fiber channel provide an inherent, unique, random and reciprocal source for secure key generation and distribution (SKGD). However, the key generation rate (KGR) is generally less than kbit/s in the reported SKGD schemes. In this paper, an accelerated SKGD scheme based on active polarization scrambling is proposed in the classical optical fiber channel. A combination of unique birefringence distribution of optical fiber channel and active scrambling of instant state of polarization (SOP) enables a fast and random SOP fluctuation to be securely shared between the legitimate users for accelerated SKGD. The proposed SKGD scheme is experimentally demonstrated over 24-km standard single-mode fiber (SSMF), where a KGR of 200-kbit/s with an error-free operation is achieved after the post-processing procedure. Moreover, the possible fiber-tapping attacks are theoretically and experimentally analyzed for the security robustness of the proposed scheme. The results imply that a faster SKGD scheme could be achieved by incorporating an active polarization scrambling mechanism into the random properties of the fiber channel.
© 2019 Optical Society of America under the terms of the OSA Open Access Publishing Agreement
1. Introduction
With the fast advancement in Internet services, the importance of cryptography becomes a growing challenge [1,2]. In the cryptosystem, the ability to share secret key between two users, Alice and Bob, which is known as secure key distribution, is the most challenging issue. Conventionally, secure key distribution is often based on the public key algorithms, namely RSA and Diffie-Hellman, where computational security is harnessed [1]. However, with respect to the development in the computer system, especially quantum computer [3,4], the robustness of these algorithms will face severe challenges.
In contrast, quantum key distribution (QKD), the most well-known example of physical-layer secure key distribution approach, promises to achieve unconditional security as the attacker is restricted by the laws of physics rather than the computational complexity [5]. However, the QKD implementation over a longer distance and higher key rate is still quite difficult. Thus, secure key distribution schemes in classical optical fiber channel with simple implementation will be of great importance for the cryptosystem.
For the classical secure key generation and distribution (SKGD) approaches, SKGD based on optical chaos of two identical semiconductor lasers has been widely studied as an alternative solution [6–10]. These schemes provide high-level security depending on identical system architecture at Alice and Bob sides. However, the practical realization of these techniques is still quite restricted due to the strong requirement of identical devices and hardware parameters.
Recently, SKGD schemes employing the unique physical-layer characteristics of optical fiber channel have been regarded as a promising candidate for secure optical data transmission in fiber networks [11–15], where high-level security was achieved. They also offer additional benefits, such as simple structure, low cost, and compatibility for long-distance transmission. For example, SKGD schemes were demonstrated using phase fluctuation in Mach-Zehnder interferometer (MZI) [11], mode mixing (MM) in multi-mode fiber [12], phase fluctuation between orthogonal polarization modes in delay interferometer (DI) [13], dynamic Stokes parameters (SPs) in standard single-mode fiber (SSMF) [14], and polarization mode dispersion (PMD) [15]. However, the key generation rate (KGR) was quite low (<1k bit/s) in these schemes due to the slow variation of the physical properties in the optical fiber channel.
In this paper, an accelerated physical-layer SKGD scheme based on the active polarization scrambling is proposed and experimentally demonstrated for the first time. Since the random birefringence distribution along the fiber is shared between Alice and Bob, the same state of polarization (SOP) dynamics can be extracted between the legal partners. An active polarization scrambler is applied to increase the fluctuation rate of SOP, which can be extracted for accelerated SKGD. In the experiment, an average KGR of 200-kbit/s with error-free operation is achieved after the post-processing procedure. The KGR can be further increased to the order of Mbit/s using wavelength-division multiplexing (WDM) technique. Moreover, the robustness of the proposed SKGD scheme is evaluated theoretically and experimentally against several fiber-tapping attacks.
2. Principle
Figure 1 shows the schematic principle of the proposed SKGD scheme. An active polarization scrambler is applied inside the polarization interferometer, which is constructed with a couple of polarizers. While Alice and Bob are located at the ends of the interferometer.
In the proposed SKGD scheme, the accelerated key generation is achieved by using active polarization scrambling. Since the birefringence inside the optical fiber is strongly affected by fiber length, the local environment, and external perturbations, the physical properties of SOP become very sensitive and complicated, which is strongly dependent on the physical properties of the unique optical fiber channel. However, due to the channel reciprocity, the SOP is shared between Alice and Bob. Thus, the highly-correlated SOP can be applied as the source of randomness for physical-layer SKGD. In other words, in the proposed scheme, the unique distribution of fiber birefringence between Alice and Bob is considered as the main secret parameter, as it defines the transfer matrix of the SOP, while the scrambling mechanism is used to increase the SOP fluctuation rate.
The random evolution of SOP inside the SSMF is analyzed using the birefringence modal of SSMF. A polarized light at angle δ or α with respect to the x-axis excites two modes with orthogonal polarizations. These two modes propagate at different phase velocities due to the random distribution of birefringence induced by various fiber properties such as noncircular core, asymmetrical stress, bending and environmental effects along the length of SSMF [16]. Therefore, the polarized light will go through different SOP as the phase retardation varies with length [15], which can be expressed as [16],
where βx and βy are the propagation constants that relate to the x and y-axes respectively, and L is the length of SSMF.An example of random SOP evolution with respect to the length of SSMF is depicted in Fig. 2, where the input SOP is a linear-polarized light. Due to the birefringence distribution of optical fiber, the input SOP is significantly varied after propagation in 1-m fiber. Since SOP variation associates with the fiber length, the high sensitivity of the instant SOP, which is estimated by ∼1-m [17], ensures the high-level security in the proposed SKGD.
Furthermore, the random evolution of SOP can be regarded as the matrix transformation using Mueller matrix and SOP Stokes vector $\boldsymbol{S} = {({{S_0},{S_1},{S_2},{S_3}} )^T}$, which can be expressed as [18],
where Sout and Sin are the Stokes vectors associated with the output and input SOP respectively, and M is the 4 × 4 Mueller matrix, which is defined by the unique birefringence distribution of the fiber channel shared between Alice and Bob. From Eq. (2), it can be noted that the fluctuation rate of output SOP relies on birefringence dynamics (the environment dynamics). Moreover, Eq. (2) suggests that, by applying an active polarization scrambler on the input SOP, Alice and Bob can share the instant, random and fast SOP fluctuation. Therefore, by exploiting this combination of unique birefringence of fiber channel (the SOP transfer matrix M) and polarization scrambling, accelerated SKGD can be realized. To track the fast and random SOP fluctuation, a polarization interferometer can be used to interpret the SOP fluctuation into intensity variation, depending on the corresponding phase retardations of $\varPhi$ and $\varPhi$s, which are associated with SSMF and the active polarization scrambler respectively [17],3. Experimental results
Figure 3 shows the experimental setup of the proposed SKGD scheme, where two polarizers with an angle of 45° were applied to construct the polarization interferometer. A SSMF of 24-km was placed between Alice and Bob to match the practical fiber length in passive optical network (PON). To swiftly change the instant SOP, a polarization scrambler (General Photonics, PCD-104) with a scrambling rate of 750-kHz was used inside the interferometer. Since the polarization scrambler is a wavelength-sensitive device, two continuous-wave (CW) tunable lasers operated at a same wavelength of 1550-nm were used at Alice and Bob sides. Two photodiodes with a bandwidth of 10-GHz were used at both ends to detect the intensity fluctuation after the polarizers. The intensity waveforms were then recorded using two independent synchronized channels of a real-time oscilloscope (Teledyne-LeCroy, 820Zi-B) with the sampling frequency of 1-Ms/s, for later key bit extraction using offline digital signal processing (DSP).
An example of the measured waveforms received by Alice and Bob is shown in Fig. 4(a). The waveforms are quite similar with respect to time. The physics behind this is that the launched SOPs from both ends experience the same birefringence distribution as they propagate through the same optical fiber length. Thereby, when the birefringence distribution of SSMF is randomly changed by asymmetrical stress, bending or other environmental perturbations, the launched SOP from both sides will be affected in the same way. This implies the feasibility of the shared key generation.
Fig. 4. Comparison of the measured waveforms by Alice and Bob. (a). waveforms; (b). Cross-correlation and auto-correlation functions.
Furthermore, the cross-correlation between the two waveforms is quantitatively calculated to confirm the similarity. As plotted in Fig. 4(b), the maximal value of correlation coefficient is ∼0.97. Thus, significant similarity can be expected between the waveforms. As a result, a high key agreement rate between Alice and Bob can be achieved, and these intensity waveforms can be applied for key bit extraction. Moreover, the decorrelation time, which is defined as the width of the correlation curve, is ∼3-µs. This means that the proposed SKGD scheme has no memory longer than 3-µs. Therefore, two independent observations can be expected if the measurement interval is chosen to be longer than ∼3-µs. Besides, the correlation coefficient becomes negative at a delay larger than the decorrelation time as the signal tends to decrease while the delayed version of the signal increase or vice versa. The physics behind that could be attributed to the reverse fluctuation of the phase difference between two orthogonal polarization modes for the original signal and delayed version. In general, a faster KGR can be expected with shorter decorrelation time, since the waveforms have to be sampled with a sampling interval greater than or equal to the decorrelation time to eliminate any redundancy.
Generally, the polarization scrambler is placed at the exact middle point of the fiber link, however, the mismatch from the middle point leads to a delay in the correlation between Alice and Bob measurements, due to the traveling time difference of the counter-propagating optical signals. To overcome this problem, Alice can send a part of her signal to Bob as the training sequence for time synchronization.
For a higher KGR in the proposed SKGD, WDM can be applied. Accordingly, the correlation variation of the polarization scrambler with respect to the wavelength was also investigated. The wavelength at Alice's side was fixed at 1550-nm, while Bob’s wavelength was tuned within C-band. Figure 5 shows the correlation coefficient at zero lag at different wavelengths. For the symmetric spacing of 6-nm around 1550-nm, the correlation coefficient falls to <0.3. That implies, if the wavelength is tuned as far as 6-nm away, there will be a significant drop in the correlation between the measured waveforms, so the generated secret key at Alice and Bob sides will be completely different. Hence, according to the wavelength sensitivity of the polarization scrambler, the secret key can be parallelly generated when multiple wavelengths with the channel spacing of 6-nm are used. Therefore, six wavelengths can be parallelly applied for the key bit extraction within C-band only. If these wavelengths are applied together, a multi-fold KGR can be achieved. In addition, since the polarization scrambler applied in the experiment is operated by a mechanical mechanism, the speed of SOP fluctuation is limited to ∼750-kHz. However, the KGR could be much faster for an electro-optical effect-based polarization scrambler.
4. Secret key extraction
In the procedure of the key bit extraction, 5 million samples within 5-second time interval were recorded. Then Alice and Bob calculated the decorrelation times of the recorded samples, as described in [11], and exchanged them. Afterward, the signals were resampled with the interval chosen to be greater than the decorrelation time (∼3-µs). The purpose of resampling is to remove any redundancy within the sampled measurements, so that high randomness can be ensured for the practical available key. Moreover, in the case that Alice and Bob have different decorrelation time, the average of decorrelation had to apply before resampling to avoid any mismatched indexes. Finally, the resampled signals were quantized using a simple cross-level quantizer [19],
The average KGR of 200-kbit/s was demonstrated by the above-mentioned key bit extraction approach, with a key error-rate (KER) of 0.1%, which was within the forward error correction (FEC) threshold for a single wavelength. The result was obtained with the optimal value of ɛ = 0.5. Therefore, as a proof of concept, assuming a WDM with six channels within C-band, the KGR can be increased up to 1.20-Mbit/s (6×200-kbit/s). It should be mentioned that, the KGR relies strongly on the scrambling rate of the polarization scrambler. With the use of a faster polarization scrambler, for instance, a commercial Photonics-PSC-LN, from iXblue Inc., which provides ∼10-GHz scrambling rate, a KGR in the order of ∼ Gbit/s could be obtained.
Figure 6(a) shows the variation of KER and KGR when ɛ is changed from 0.1 to 0.5. It can be noted that, a higher KGR can be expected at the cost of a higher key inconsistency. Therefore, the trade-off between the KGR and KER has to be considered. It is worth noting that, the information reconciliation techniques will be applied to eliminate the mismatched key bits between Alice and Bob [20]. However, a lower KER will reduce the information leakage during the information reconciliation. As a consequence, ɛ is set to be 0.5, to provide a KER within the FEC threshold while maintaining a high KGR.
Fig. 6. Performances of secure key. (a). KGR and KER variation versus ɛ; (b). KER versus correlation coefficient; (c). Entropy of generated key versus ɛ; (d). Down sampling factor versus the randomness of the generated key.
To assess the security robustness of the quantization scheme when ɛ=0.5, the KER variation between the generated key of Alice and Eve is investigated for different correlation coefficients via numerical simulation, as shown in Fig. 6(b). It is visible that the KER is almost declining linearly with the correlation coefficient. Accordingly, to ensure high-level security, the correlation between Alice and Eve measurements should be less than 0.2. In addition, the entropy is generally used as a performance metric for the security robustness of the quantization schemes, since it reflects the distribution of the generated key bits. The entropy variation of the generated key of the legal users is shown in Fig. 6(c). When ɛ is increased from 0.1 to 1.0, the entropy of the generated key is always ∼1, indicating that the key is uniformly distributed. Therefore, the value of ɛ is set at 0.5 to provide an optimal trade-off among the KGR, KER and security robustness.
To evaluate the randomness of the generated key, 15-NIST sub-tests [21] have been implemented, where 1000 key sequences with a length of one million bits were used as in [6]. Figure 6(d) shows the relations between the down sampling factor (N), the randomness of the generated key and the key generation rate. It can be noted that all of NIST tests were passed for a higher down sampling factor (N ≥3) since the correlation between the adjacent samples is eliminated which ensures the high randomness of the generated key. Meanwhile, the KGR (R/N) (where R is the sampling rate) decreases when N is bigger. Therefore, it is necessary to obtain the smallest N that can guarantee the true randomness of the generated key for fast KGR. Table 1 depicts the results of the 15 NIST-sub-tests for N = 3, which is in accordance with the aforementioned decorrelation time of ∼3-µs. The successful tests should have a P-value larger than 0.01, while the proportion for the success ratio should be in the range of 0.99 ± 0.0094392. Accordingly, from Table 1, all 15 sub-tests have been passed, which ensures the true randomness of the generated secret key.
Table 1. Results of statistical NIST tests.
For an error-free SKGD, the reported Bose-Chaudhuri-Hocquenghem (BCH) based information reconciliation technique has been employed [22]. In this approach, only the parity check of Alice’s key is sent to Bob, then Bob combines his original key bits with the parity check to achieve the key agreement. The parity check leaks almost no information about the key to Eve. Considering the KER of 0.1%, a (63,57) BCH code with the correction capability of 1 error-bit for each block is deployed. Finally, an error-free KGR of 200-kbit/s is achieved. During the information reconciliation, Eve may obtain a small amount of key information, thus the following privacy amplification should be implemented [23].
5. Security analysis
Theoretically, the proposed system can only be broken if Eve has the knowledge of the instant SOP transfer matrix M of the unique fiber channel between Alice and Bob, which is determined by the birefringence distribution, and the scrambling pattern of the input SOP. However, from the algebraic point of view, it is quite difficult to obtain M in Eq. (2), since it does not provide a unique solution of M even for a given Sin and Sout. Therefore, the SOP transfer matrix can be considered as the main secret parameter in the proposed SKGD scheme, which provides the high-robustness of security.
Experimentally, the high-level security performance of the proposed SKGD scheme can be evaluated via the possible fiber tapping attacks, which can be performed by Eve who tries to obtain the secret key from the fiber channel. It is assumed that Eve has all of the knowledge about the core parameters of the transmission system, such as the polarization scrambler model, the polarizers’ angles and the length of the optical fiber. Moreover, it is assumed that Alice and Bob keep the polarizers in protected locations. The cross-correlation function and the mutual information proposed in [7] are deployed as the performance metrics in the security analysis.
5.1 Attack scenario 1
Eve can attempt to tap at either position (a) or (b) using a setup as shown in Fig. 7. Nevertheless, she will not obtain the same optical intensity waveforms as the legal partners: Alice and Bob, because she does not have access to the entire optical fiber between Alice and Bob. When the polarized light propagates throughout the entire fiber link, the SOP will be modified by the birefringence distribution along the length of the fiber, which affects the final SOP at the fiber end. Assuming that Eve can estimate the spatial distribution of birefringence via a polarization optical time-domain reflectometer [24], however, the precision of the reflectometer is very low (∼1-m), which will not allow Eve to get the exact SOP transformation effect of the entire fiber. Thus, if Eve has no access to the entire fiber link between Alice and Bob, theoretically she cannot obtain the overall birefringence. As a consequence, different intensity waveforms will be measured by Eve.
To confirm the difference in measurements, the waveforms recorded by Bob, Eve and Alice are shown in Fig. 8(a) respectively. The corresponding cross-correlation functions between Alice/Bob and Eve are plotted in Fig. 8(b). Apparently, in both of these cases, the correlation coefficient at zero lag shows a very small value of ∼0. This implies that the waveform obtained by Eve is totally uncorrelated with the waveforms of Alice/Bob, and thus it cannot be used to obtain the correct secret key. This is also confirmed by the KER between Alice's and Eve's keys, which is 49% quantized from their waveforms at ɛ=0.5 after information reconciliation.
Fig. 8. Comparison of the measurements by Bob, Eve and Alice. (a). Waveforms; (b). Cross-correlation function.
Here there is also another possibility that is, Eve can try to find a close point to Alice (c) or Bob (d) as shown in Fig. 7 such that she could measure the same SOP fluctuation. This possibility can be easily tackled by placing additional fiber at Alice and Bob sides so that it can create enough random birefringence to randomly modify the SOP compared with the random birefringence generated by the unprotected part. According to [17], at least one meter should be placed in Alice’s and Bob's side to modify the propagated SOP.
Finally, though the mechanical polarization scrambler randomizes the SOP, the knowledge of the device might enable the estimation of the few parameters that describe the randomization pattern, typically the rotation angles of the various plates. The analysis was shown to estimate the birefringence if Eve has knowledge of any final SOP trace [25]. Therefore, in the practical application, the electro-optical polarization scrambler driven by a random sequence generator is necessary to ensure high-level security. However, as a proof of concept, a mechanical polarization scrambler was used in the experiment.
5.2 Attack scenario 2
To make use of the entire fiber length between Alice and Bob, Eve can directly combine the measured optical intensity after the polarizers from both positions (a) and (b) in Fig. 7 using an optical coupler. But, since the measured quantity, in this case, is the optical intensity rather than the SOP fluctuation itself, Eve will not be able to obtain directly the same waveform as Alice and Bob. Figure 9(a) illustrates the dissimilarity between the waveforms of Bob and the combined optical intensity waveform obtained by Eve. The corresponding cross-correlation function between the waveforms depicted in Fig. 9(b) is ∼0 at zero lag, which proves the fundamental difference between the two waveforms.
Fig. 9. Comparison of the measurements by Bob and Eve. (a). Waveforms; (b). Cross-correlation function.
Alternatively, Eve can try to estimate the transfer matrix of the fiber channel between Alice and Bob by re-constructing two matrices Ma and Mb, then the overall transfer matrix becomes M = Ma Mb. After that, with the knowledge of the SOP scrambling pattern, Eve can calculate the final SOP using Eq. (2). However, as it has been mentioned that, M does not have a unique solution for a given Sin and Sout, Eve will not be sure to re-construct the correct two matrices to obtain the overall transfer matrix M. Moreover, another difficulty that Eve will face is that, the transfer matrix is dynamically varied by the environmental effects, while the birefringence distribution is modified with respect to time for the entire fiber channel between Alice and Bob.
5.3 Attack scenario 3
Eve can attempt to combine the beam of light from Alice’s and Bob’s directions before the polarizers by a 50:50 optical coupler. Then, she can use a polarizer to obtain the optical intensity waveform. However, from a practical point of view, it is quite difficult for Eve to make sure she can obtain the same SOP fluctuation happening between Alice and Bob, since in the fiber tapping attack, the additional optical tapping length, optical coupling as well as the local environment effects will definitely further modify the final SOP. To emulate this attack, the intensity waveforms are measured by Eve and Bob, as shown in Fig. 10(a). The cross-correlation between the waveforms is presented in Fig. 10(b), which again verifies that there is a significant discrepancy between the two waveforms. Another important case is that Eve can use a polarimeter to track the SOP fluctuation, however, she has to figure out how to combine this complex polarization states from both directions, which could be quite difficult from the practical point of view, especially when the fast rate of scrambling is applied. Therefore, both of the direct combination of the optical intensity, and the polarized light will not allow Eve to obtain the correct SOP as Alice and Bob do.
Fig. 10. Comparison of the measurements by Alice and Eve. (a). Waveforms; (b). Cross-correlation function.
5.4 Attack scenario 4
Eve can perform the man-in-the-middle attack. Here, two cases have been considered. First, Eve may cut the SSMF and send intensity-modulated signals to simulate the SOP fluctuation at Alice and Bob sides. However, this attack can be detected by measuring the power before the polarizers, which is supposed to be stable. Second, Eve may also cut the SSMF and use two polarization scramblers between Alice and Bob, so that she can obtain two different waveforms similar to Alice and Bob. However, in this case, the initial SOP, which is determined by the polarizer angles, provides additional security against such an attack. Generally, an authentication protocol is necessary to guarantee the high-security of the proposed SKGD scheme.
For further verification of the security robustness of the proposed SKGD scheme, the mutual information I(B; E) between Bob’s and Eve’s bits sampled from their waveforms is calculated after the information reconciliation [26],
Table 2. The mutual information between Bob and Eve.
So far, it has been shown that Eve will be in a difficult situation for obtaining the correct key using various fiber-tapping attacks since the entire fiber channel is inaccessible for her. In addition, the local environmental perturbations will modify the instant final SOP. To summarize, the high-level security provided by the proposed SKGD scheme is basically initiated from the random birefringence created by the exact fiber length and the different local environmental perturbations between the legal users and Eve. Assuming Eve can access and have the knowledge of the polarization scrambler, she cannot re-construct the transfer matrix of the entire optical fiber channel, so in practical implementation, the lack of knowledge for Eve about the fiber length and other core transmission parameters, for instance, polarizer directions can further enhance the level of security.
Comparing with other reported physical-layer SKGD schemes [11–15], the proposed SKGD scheme can provide many advantages, as shown in Table 3. To the best of our knowledge, an accelerated KGR of 200-kbit/s is achieved for the first time, using the fast polarization scrambling of SOP. The KGR can be further increased by using a faster polarization scrambler and WDM based parallel SKGD. The current infrastructure can be directly applied simultaneously for SKGD and data transmission, providing a compatible and cost-effective solution for SKGD. In addition, the proposed SKGD scheme is compatible with current long-distance fiber transmission networks, since the optical amplifiers can be applied. Moreover, no additional fiber-length is required for the proposed scheme, if compared with the other SKGD schemes in [11,13,15]. Although the reported SKGD based on optical chaos [6–10] provides a KGR at the order of Gbit/s, the requirement of the identical devices makes the practical implementation quite difficult, if compared to the proposed SKGD.
Table 3. Comparison of the reported SKGD schemes in optical fiber channel.
On the other hand, for long-distance fiber transmission, the position of the polarization scrambler is the main challenge of the proposed scheme. The KGR could be further increased using, for instance, digital chaos-based polarization scrambling. In addition, the protocol design of SKGD including optimal quantization, information reconciliation, and privacy amplification needs to be further investigated as well.
6. Conclusion
An accelerated SKGD scheme using the active polarization scrambling is proposed and demonstrated in classical fiber channel, where high-level of security is guaranteed by the uniqueness and randomness of birefringence distribution within the fiber channel. An error-free, 200-kbit/s SKGD is successfully demonstrated over 24-km SSMF. The secure robustness of the SKGD is also evaluated against various fiber-tapping attacks. Moreover, parallel key generation using WDM technique is investigated to further increase the KGR to the order of Mbit/s. The SKGD provides the advantages of cost-effective, simple structure and compatible with the current long-distance fiber networks.
Funding
Ministry of Science and Technology of the People's Republic of China (2016YFE0104500); National Natural Science Foundation of China (61431009, 61433009, 61571291).
References
1. J. Katz and Y. Lindell, Introduction to modern cryptography (Chapman and Hall/CRC, 2014).
2. R. E. Blahut, Cryptography and secure communication (Cambridge University, 2014).
3. B. Patra, R. M. Incandela, J. P. G. van. Dijk, H. A. R. Homulle, L. Song, M. Shahmohammadi, R. B. Staszewski, A. Vladimirescu, M. Babaie, F. Sebastiano, and E. Charbon, “Cryo-CMOS circuits and systems for quantum computing applications,” IEEE J. Solid-State Circuits 53(1), 309–321 (2018). [CrossRef]
4. A. Montanaro, “Quantum algorithms: an overview,” npj Quantum Inform. 2(1), 15023 (2016). [CrossRef]
5. N. Gisin, G. Ribordy, W. Tittel, and H. Zbinden, “Quantum cryptography,” Rev. Mod. Phys. 74(1), 145–195 (2002). [CrossRef]
6. A. Argyris, E. Pikasis, and D. Syvridis, “Gb/s one-time-pad data encryption with synchronized chaos-based true random bit generators,” J. Lightwave Technol. 34(22), 5325–5331 (2016). [CrossRef]
7. H. Koizumi, S. Morikatsu, H. Aida, T. Nozawa, I. Kakesu, A. Uchida, K. Yoshimura, J. Muramatsu, and P. Davis, “Information-theoretic secure key distribution based on common random-signal induced synchronization in unidirectionally-coupled cascades of semiconductor laser,” Opt. Express 21(15), 17869–17893 (2013). [CrossRef]
8. N. Jiang, C. Xue, Y. Lv, and K. Qiu, “Secure key distribution based on chaos synchronization of VCSELs subject to symmetric random-polarization optical injection,” Opt. Lett. 42(6), 1055–1058 (2017). [CrossRef]
9. C. Xue, N. Jiang, Y. Lv, and K. Qiu, “Secure key distribution based on dynamic chaos synchronization of cascaded semiconductor laser systems,” IEEE Trans. Commun. 6(1), 312–319 (2016). [CrossRef]
10. C. Xue, N. Jiang, K. Qiu, and Y. Lv, “Key distribution based on synchronization in bandwidth-enhanced random bit generators with dynamic post-processing,” Opt. Express 23(11), 14510–14519 (2015). [CrossRef]
11. K. Kravtsov, Z. Wang, W. Trappe, and P. R. Prucnal, “Physical-layer secret key generation for fiber-optic networks,” Opt. Express 21(20), 23756–23771 (2013). [CrossRef]
12. Y. Bromberg, B. Redding, S. M. Popoff, N. Zhao, G. Li, and H. Cao, “Remote key establishment by random mode mixing in multimode fibers and optical reciprocity,” Opt. Eng. 58(01), 1 (2019). [CrossRef]
13. A. A. E. Hajomer, X. Yang, A. Sultan, and W. Hu, “Key distribution based on phase fluctuation between polarization modes in optical channel,” IEEE Photonics Technol. Lett. 30(8), 704–707 (2018). [CrossRef]
14. L. Zhang, A. A. E. Hajomer, X. Yang, and W. Hu, “Error-free secure key generation and distribution using dynamic Stokes parameters,” Opt. Express 27(20), 29207–29216 (2019). [CrossRef]
15. I. U. Zaman, A. B. Lopez, M. A. A. Faruque, and O. Boyraz, “Physical-layer cryptographic key generation by exploiting PMD of an optical fiber link,” J. Lightwave Technol. 36(24), 5903–5911 (2018). [CrossRef]
16. S. Rashleigh, “Origins and control of polarization effects in single-mode fibers,” J. Lightwave Technol. 1(2), 312–331 (1983). [CrossRef]
17. T. R. Woliński, “Polarization in optical fibers,” Acta Phys. Pol., A 95(5), 749–760 (1999). [CrossRef]
18. A. Carnicer and B. Javidi, “Optical security and authentication using nanoscale and thin-film structures,” Adv. Opt. Photonics 9(2), 218–256 (2017). [CrossRef]
19. K. Ren, H. Su, and Q. Wang, “Secret key generation exploiting channel characteristics in wireless communications,” IEEE Wireless Commun. 18(4), 6–12 (2011). [CrossRef]
20. C. Huth, R. Guillaume, T. Strohm, P. Duplys, I. A. Samuel, and T. Güneysu, “Information reconciliation schemes in physical-layer security: A survey,” Comput. Netw. 109, 84–104 (2016). [CrossRef]
21. A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, J. Dray, and S. Vo, “A statistical test suite for random and pseudorandom number generators for cryptographic applications,” in Special Publication, Revision 1a (2010), paper 800-22.
22. T. Wuthigorn, S. Keattisak, and S. Ornlarp, “Secret key reconciliation using BCH code in quantum key distribution,” in International Symposium on Communications and Information Technologies (IEEE, 2007), pp. 1482–1485.
23. C. H. Bennett, G. Brassard, C. Crépeau, and U. M. Maurer, “Generalized privacy amplification,” IEEE Trans. Inf. Theory 41(6), 1915–1923 (1995). [CrossRef]
24. M. Wuilpart, P. Megret, M. Blondel, A. Rogers, and Y. Defosse, “Measurement of the spatial distribution of birefringence in optical fibers,” IEEE Photonics Technol. Lett. 13(8), 836–838 (2001). [CrossRef]
25. J. B. Geddes, K. M. Short, and K. Black, “Extraction of signals from chaotic laser data,” Phys. Rev. Lett. 83(25), 5389–5392 (1999). [CrossRef]
26. C. E. Shannon, “Communication theory of secrecy systems,” Bell Syst. Tech. J. 28(4), 656–715 (1949). [CrossRef]
