ICTON 2013 We.B1.

A New All-Optical Cryptography Technique Applied to

WDM-Compatible DPSK Signals
Marcelo L. F. Abbade1, Member, IEEE, Carlos A. Messani1, Cleiton J. Alves1, Guilherme M. Taniguti1,
Iguatemi E. Fonseca2, Eric A. M. Fagotto1, Member, IEEE.
1
PUC-Campinas, 13086-900, Rod. D. Pedro I, km 136, Campinas-SP, Brazil
2
Universidade Federal da Paraíba, Cidade Universitária, João Pessoa, PB, 58051-900, Brazil
Tel and Fax: 55 (19) 3343-7088, e-mail: abbade@puc-campinas.edu.br
ABSTRACT
We investigate the application of a new all-optical cryptography technique to wavelength division multiplexing
(WDM)-compatible differential phase-shift keying (DPSK) signals. The technique uses current optical band-pass
optical filters with narrow bandwidths to divide a given input WDM-compatible signal into several spectral
slices, which are submitted to two cryptographic key stages. The first one impresses amplitude encoding,
whereas the second imposes delay variations to each spectral slice. The technique performance is assessed by
evaluating the encrypted and decrypted signals bit error rates. Computer simulations suggest that encrypted
DPSK signals may be properly recovered even after being propagated through typical metropolitan area network
distances.1
Keywords: Network security, transparent optical networks, optical cryptography, spectral slicing.

1. INTRODUCTION
Security is a major issue for network communications. In particular, networks with electronic routing are prone
to malicious router software that may copy and route data packets to unauthorized destinations. This problem is
not present in transparent optical networks (TONs), where routing is performed in the optical domain. In spite of
this positive aspect, it is possible to tap and to transmit TON data to illegal facilities with the aid of
commercially available equipment [1].
Data encryption is the most common way to improve data security and to prevent eavesdroppers from
understanding the meaning of stolen data. Although cryptography techniques are usually implemented in the
presentation layer of Open Systems Interconnection (OSI) reference model, overall security is improved when
data are encrypted in multiple layers [2]. This strategy encompasses the physical encryption of signals in the
optical layer. In fact, several recent proposals approach this subject by utilizing hybrid electro-optical schemes
[3], nonlinear effects [4], and spectral phase-encoding (SPE) [5].
In this work, we analyse a new wavelength division multiplexing (WDM)-compatible all-optical cryptography
technique [6] that could be applied in TONs. Such technique is based on the contemporary advances in the
fabrication of optical bandpass filters (OBPF) with narrow bandwidths (e.g., 6.125 GHz or lower) [7] that allows
single WDM signals to be divided in several spectral slices. Optical encoding is then achieved by providing
different attenuations and delays to each spectral slice. In this work, such analysis is performed for differential
phase-shift keying (DPSK) signals that are spectrally sliced and propagated through a cascade of amplified
optical links. To the best of our knowledge, this is the first time that such investigations are presented in
literature.
The remaining of the paper is organized in the following way. In Section 2, the theoretical principle of the
considered all-optical cryptographic technique is approached. In Section 3, we describe the simulation setup
utilized for our analysis. Results are presented in Section 4. Finally, our conclusions are depicted in Section 5. It
is noted that the terms “encrypt” and “encode” are used as synonyms in this work.

2. THEORY
The optical cryptography technique analysed in this work may be applied to TON domains and is constituted by
the optical signal processing steps illustrated in Fig. 1(a). A single WDM-compatible signal with essential
optical bandwidth Bo is split into n spectral slices. This is accomplished, for instance, by using a 1:n power
splitter whose outputs are connected to narrow bandwidths OBPFs. The i-th OBPF is centred at an optical
frequency fi and, ideally, presents a bandwidth Bo/n, in such a way that fi+1 = fi + (Bo/n). Following this, signals at
each spectral slice go through two stages of encryption. In the first one, such signals receive an attenuation αi,
with maximum value αmax. In the second encryption stage, spectral slice signals are submitted to an optical delay
τi that is on the order of bit period, Tb, and whose maximum value is τmax. We term this process as spectral delay
encoding (SDE). Finally, all spectral slices are combined, for instance, by an n:1 power coupler. The signal at the

This work was supported by CNPq and FAPESP under grants 574017/2008-9, 08/57857-2, 310644/2011-9,
and 310990/2011-4.

978-1-4799-0683-3/13/$31.00 ©2013 IEEE 1

ICTON 2013 We.B1.4

Figure 1. Block diagrams for the (a) encoder and (b) decoder.

output of the optical coupler corresponds to a distorted version of the input signal and, in case of ideal OBPFs,
this distortion can be controlled by solely adjusting the encoding attenuations and delays of each spectral slice.
Therefore the previous optical signal processing steps implement all-optical encryption with a cryptographic key
that depends on the values of n, αi and τi. In this work, we designate such cryptographic key by the set K = {n;
α1, …, αn; τ1, …, τn}. If K is known, signal decryption can be promptly performed by using a decoder that is
constituted by the same elements of the encoder, but imposes to the signal of the i-th spectral slice an attenuation
αmax/αi and a delay τmax – τi. This decoder is illustrated in Fig. 1(b).
Attributing attenuations to different spectral slices, in the first encryption stage, is equivalent to using the
spectral amplitude encoding (SAE) [8] approach that is widely deployed in the context of optical code division
multiple access (OCDMA) technologies. However, in contrast to the OCDMA approach, where broadband
optical sources are utilized, in this work SAE is applied to WDM-compatible signals, for instance in the
100 GHz ITU-T grid.
In this work, it is not our aim to discuss ways of breaking the considered cryptographic keys and it is assumed
that such keys may be changed in a time period inferior to the one necessary for its physical identification. It is
noted, however, that in case optical spectral analysers (OSA) with a resolution bandwidth considerably lower
than (Bo/ n) are available, slices with SAE could be spectrally detected. For this reason, it is observed that,
besides achieving the general goal of any second cryptographic stage (i.e., increasing the number of key possible
combinations), the SDE stage is attractive because (i) it cannot be spectrally detected and (ii) temporarily, its
encoding effects depend on the transmitted information that is naturally random.

3. SIMULATION SETUP
Figure 2(a) presents the setup utilized in our back-to-back simulations. In a transmitter (Tx), a laser source,
operating at an optical carrier fc = 193.1 THz, is externally modulated by a 211-1 pseudo random bit sequence
(PRBS) to generate a 20 Gbps DPSK signal. Such signal is sent to an Erbium doped fibre amplifier (EDFA),
EDFAe, with gain Ge and noise figure Nfe = 4.0 dB. The signal is then transmitted through an optical encoder as
the one described in section 2, where the DPSK signal is divided in seven spectral slices, n = 7. It is assumed that
OBPFs responsible for generating the optical slices are characterized by a rectangular profile with a bandwidth
of 7 GHz; different cryptographic keys are tested. The signal at the encoder output is band-pass filtered by
OBPFe. Since the signal at this point corresponds to the encrypted one, its bit error rate (BER), BERe, should be
as high as possible. In fact, if forward error correction (FEC) is utilized, BERe should be greater than the FEC
limit BER. In this work, it is considered that a valid cryptographic key occurs when BERe ≥ 10-1, which is a limit
considerably higher than those for hard-decision FECs. For each cryptographic key, Ge is set to provide an
average optical power of 0 dBm at the output of OBPFe. The encoded signal is transmitted through a second
EDFA, EDFAd, with gain Gd and noise figure Nfd = 5.0 dB. The amplified encoded signal is then sent to an
optical decoder, as the one presented in section 2, and bandpass filtered by OBPFe. The gain Gd is adjusted to
assure the signal at the output of OBPFe presents an optical power of 0 dBm. After being detected signal BER,
BERd, should be as low as possible in order to this signal become comprehensible for the authorized receiver.

Figure 2. Setups for (a) back-to-back and (b) transmission simulations.

2
ICTON 2013 We.B1.4

Figure 3. Power spectra for the (a) input and (b) decoded signals.
Simulations to evaluate BERd after propagation of the encoded signal through a chain of nl optical links were
also performed. The setup for these tests is illustrated in Fig. 2(b). The optical signal-to-noise ratio (OSNR),
at the input of the encoder is set to 45 dB for a spectral resolution of 12.5 GHz. Each optical link is constituted
by a standard 40-km long single mode fibre (STDF) followed by a dispersion compensating fibre (DCF) and an
EDFA, EDFAl (l = 1,..., nl). The STDF fibre spans are characterized by an attenuation of 0.20 dB/km,
a chromatic dispersion of 16 ps/(nm.km) at 193.1THz, a dispersion slope of 0.080 ps/(nm2·km), and a non-linear
parameter of 1.31 (W.km)-1. The DCF spans are 7.11 km long; such fibres present an attenuation of 0.60 dB/km,
a chromatic dispersion of -90 ps/(nm·km) at 193.1THz, a dispersion slope of 0.21 ps/(nm2·km), and a non-linear
parameter of 5 (W·km)-1. The gain Gl of the EDFA in the l optical link (l = 1,..., nl) is adjusted to 12.3 dB in
order to compensate STDF and DCF losses. The noise figure of EDFAl is Nfl = 5.0 dB.
It should be stressed that all simulations were performed in a commercially available software program. The
minimum value of the utilized τi was of τi = Tb = 50 ps and the sampling period between simulated points was set
to 97.65 fs; in fact, we verified that the BERs estimated by the software were the same for sampling periods
equal or lower than this value.

4. RESULTS
It was relatively easy to find cryptographic keys that achieve good encoding performance (BERe > 1.0 10-1). To
highlight some important features, we choose to present results for four of such optical cryptographic keys,
named K1, K2, K3 and K4. Their composition and BERe are presented in Table 1. The same table also exhibits
information concerning optical cryptographic keys Kja0 and Kjd0 (j = 1 to 4), which are similar to Kj with
exception that all αi (I = 1 to n) are set to zero in the former and that all τi are null in the latter. It is important to
note that, in the "Cryptographic Key" column all attenuations are expressed in dB units and all delays are
indicated as multiples of Tb (e.g., αi= 4 dB is presented as “4” and τi = 3Tb is indicated as “3”). It is seen, for
instance, that K1 causes BERe = 1.5 10-1. If all slice attenuations are turned off from K1 (K1a0), then such BER is
of 9.7 10-2; similarly, if all slice delays of K1 are set to zero (K1d0), then BERe = 2.5 10-2. This shows that for K1,
most of the influence on BERe arises from the cryptographic parameters related to slice delays. In opposition to
this, for K2 and K3, BERe is mostly affected by the cryptographic parameters related to attenuation. An important
difference between K2 and K3 is that the first of these possesses αmax of 20 dB, whereas such parameter is 5 dB
lower for K3. For K4, the attenuation parameters exert a very weak influence on BERe. A first reason for this is
that αmax = 12 dB is lower than in the other keys. Another important cause is that the three central spectral slices
(those with i = 3, 4 and 5), that carry most of signal power, are weakly attenuated. All these features will be
important for the later discussion on the propagation of encoded signals. It is interesting to note that, for all the
Table 1. Utilized cryptographic keys and the bit error rates caused by them in encoded signal. Attenuations
are in dB units and delays are indicated as multiples of Tb (e.g., τi= 3Tb is indicated as “3”).
Name Cryptographic Key {n; α1, …, αn; τ1, …, τn} BERe
K1 {7; 8,15,0,12,14,4,6; 6,5,7,6,0,5,10} 1.5 10-1
K1a0 {7; 0,0,0,0,0,0,0;6, 5,7,6,0,5,10} 9.7 10-2
K1d0 {7; 8,15,0,12,14,4,6; 0,0,0,0,0,0,0} 2.5 10-2
K2 {7; 20,18,0,18,19,17,11; 6,5,7,8,5,7,10} 2.0 10-1
K2a0 {7; 0,0,0,0,0,0,0; 6,5,7,8,5,7,10} 1.5 10-1
K2d0 {7; 20,18,0,18,19,17,11; 0,0,0,0,0,0,0} 9.2 10-1
K3 {7; 8,15,0,15,14,0,6; 0,3,10,9,10,4,7} 1.3 10-1
K3a0 {7; 0,0,0,0,0,0,0; 0,3,10,9,10,4,7} 3.3 10-2
K3d0 {7; 8,15,0,15,14,0,6; 0,0,0,0,0,0,0} 4.6 10-2
K4 {7; 8,7,3,2,0,6,12; 2,10,3,8,4,7,5} 2.2 10-1
K4a0 {7; 0,0,0,0,0,0,0; 2,10,3,8,4,7,5} 2.1 10-1
K4d0 {7; 8,7,3,2,0,6,12; 0,0,0,0,0,0,0} < 10-15

3
ICTON 2013 We.B1.4

Figure 4: (a) Input signal; Encoded signal for keys (b) K2d0, (c) K2a0, and (d) K2.

Figure 5. Eye diagrams for (a) the input signal, (b) the signal encoded with key K1
and (c) the decoded signal.

cases presented in Table 1 and for all others analysed up to this moment, BERe associated with key Kj is greater
than the sum of the BERs of the encoded signals related to Kja0 and Kjd0. Also for all the cryptographic keys
presented in Table I, BERd < 10-15 in the back-to-back configuration.
Figure 3 presents the power spectra of the (a) input and (b) decoded signals, for K2. The limited bandwidth of
the latter is clearly related to the number of utilized spectral slices. Fig. 4a shows the amplitude as a function of
time for a 20-bit sequence (a) of the input signal and of its encoded versions generated by the application of keys
(b) K2d0, (c) K2a0, and (d) K2. It is evident that turning off the slice delays or the slice attenuations of key K2 leads
to different distortions to the input signal. Fig. 5 (a) shows the eye diagrams for the (a) input signal, (b) its
version encoded by key K2 and (c) its decoded version. As expected, the eye diagram of the encoded signal
suggests an unintelligible signal. The eye diagram of the decoded signal is clearly open; however, the regions
associated with levels '0' and '1' are wider than those of the input signal. This happens because of the limited
bandwidth imposed by the encoder and by the decoder. Results similar to those presented in Figs. 3, 4 and 5
were also obtained for the other considered cryptographic keys.
Figure 6 shows the dependence of BERd with propagation distance (setup illustrated in Fig. 2(b)) for signals
encoded by keys K1, K2, K3 and K4. In a FEC-less situation, with a maximum tolerable BER of 10-12, the
maximum reach of the signal encoded by K1 is of 240 km, whereas those signals encrypted by K3 and K4 may
be propagated by distances of up to 200 km. On the other hand the reach of the signal encoded by K2 is of only

Figure 6. BERd performance for the signals encrypted by keys K1, K2, K3, and K4.

4
ICTON 2013 We.B1.4

120 km. Possibly, this is related to the higher value of αmax (αmax = 20 dB) utilized by K2. In fact, spectral slices
with very different attenuations undergoing a cascade of optical amplifiers will experience stronger noise
degradation than the one suffered by spectral slices with similar attenuations. It is interesting to note that in the
case of K4, whose encoding strength may be almost solely attributed to the influence of slice delays, BERd
presents a performance very similar to the one experienced by the signal encoded by K3. This suggests that the
second encryption stage may be set to provide BER performances equivalent to those obtained when both stages
are considered simultaneously. Finally, if a FEC with BER limit of ~10-3 is assumed, the curves of Fig. 6 suggest
that the reach of all considered encoded signals may exceed 300 km.

5. CONCLUSIONS
We have analysed a new all-optical cryptography technique. It is based on recent advances in optical filtering
and utilizes OBPFs with narrow bandwidth to slice WDM-compatible signals. After this, it utilizes a SAE stage
followed by a SDE one. It should be noted that the analysed technique is transparent to modulation formats and
may be applied to any bit rate. Our simulation results suggest that the technique provide a good performance for
the encoded as well as for the decoded signals, which could be properly propagated by distances higher than
300 km. This reach could possibly be enhanced by working with a higher number of spectral slices and suggests
that the investigated technique is, in principle, suitable to be applied in metropolitan area networks. It is
interesting to note that key K4a0 led to BERe = 2.1 10-1. This indicates that spectral delay encoding may be,
intrinsically, a good strategy to encrypt phase-modulated signals.
The slice bandwidth is a key parameter for the success of the technique. The narrower such slices are, the
longer and safer the cryptographic keys become. In addition to this, as mentioned in Section 2, the width of
spectral slices should be as narrow as possible to prevent them to be spectrally identified by OSAs. Another
possibility to solve this problem is to substitute SAE, in the first encryption stage, by SPE. Finally, a further
important step is to investigate the impact of spectral slices generated by OBPFs with actual optical profiles on
the performance of the considered technique.

ACKNOWLEDGEMENTS
Authors thank Dr. Ben-Hur V. Borges and Dr. Hugo L. Fragnito for fruitful discussions. Authors also thank
VPIphotonicsTM for providing academic licenses of the simulation software utilized in this work.

REFERENCES
[1] K. Shaneman, S. Gray, “Optical network security: Technical analysis of fiber tapping mechanisms and
methods for detection & prevention”, in Proc. IEEE MILCOM 2004 – IEEE Military Communication
Conference, pp. 711-717, New York, 2004.
[2] K. I. Kitayama, M. Sasaki, S. Araki, M. Tsubokawa, A. Tomita K. Inoue, K. Harasawa, Y. Nagasako,
A. Takada, “Security in photonic networks: Threats and security enhancement”, IEEE/OSA Journal of
Lightwave Technology, vol. 29, no. 21, pp. 3210-3222, 2011.
[3] J. Goedgebuer, P. Levy, L. Larger, C. Chen, W. T. Rhodes, “Optical communication with synchronized
hyperchaos generated electrooptically”, IEEE Journal of Quantum Electronics, vol. 38, no 9, pp. 1178-
1183, 2002.
[4] L. Yi, T. Zhang, Z. Li, J. Zhou, Y. Dong, W. Hu, “Secure optical communication using stimulated
Brillouin scattering in optical fiber”, Elsevier Optics Communications, vol. 290, pp. 146-151, 2013.
[5] J. A Cornejo, C. E. Perez, J. B Tocnaye, “WDM-compatible channel scrambling for secure high-data-rate
optical transmissions”, IEEE/OSA Journal of Lightwave Technology, vol. 25, no 8, pp. 2081-2089, 2007.
[6] M. L. F. Abbade, L. A. Fossaluzza Junior, R. F. Silva, E. A. M. Fagotto, “Criptografia óptica mediante
controle analógico da amplitude e do atraso de fatias espectrais: Análise para sinais NRZ,” (in Portuguese),
MOMAG 2012, pp. ST-20.5.1-ST-20.5.6, 2012.
[7] O. Gerstel, M. Jinno, A. Lord, S. J. Ben Yoo, “Elastic optical networking: A new dawn for the optical
layer?, ” IEEE Communications Magazine, vol. 50, no. 2, pp. S12-S20, 2012.
[8] C. C. Yang, “Hybrid wavelength-division-multiplexing/spectral-amplitude-coding optical CDMA system,"
Photonics Technology Letters, IEEE , vol.17, no. 6, pp.1343,1345, 2005.