CN109274485B - Data encryption method, data authentication method, related equipment and system - Google Patents

Data encryption method, data authentication method, related equipment and system Download PDF

Info

Publication number
CN109274485B
CN109274485B CN201710581995.9A CN201710581995A CN109274485B CN 109274485 B CN109274485 B CN 109274485B CN 201710581995 A CN201710581995 A CN 201710581995A CN 109274485 B CN109274485 B CN 109274485B
Authority
CN
China
Prior art keywords
data
authenticated
encrypted
terminal
qkd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710581995.9A
Other languages
Chinese (zh)
Other versions
CN109274485A (en
Inventor
程节
汤艳琳
赵梅生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Quantumctek Co Ltd
Original Assignee
Quantumctek Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Quantumctek Co Ltd filed Critical Quantumctek Co Ltd
Priority to CN201710581995.9A priority Critical patent/CN109274485B/en
Publication of CN109274485A publication Critical patent/CN109274485A/en
Application granted granted Critical
Publication of CN109274485B publication Critical patent/CN109274485B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption method, a data authentication method, related equipment and a system, wherein the method comprises the following steps: determining the bit number N of data to be encrypted; determining the bit number m of data after encrypting the data to be encrypted; selecting an m-order primitive polynomial of LFSR shifting operation, and acquiring initial shifting data of m bits; processing at least two to-be-encrypted sub-matrixes belonging to the to-be-encrypted matrix and at least two random sub-matrixes belonging to the random matrix to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix; the matrix to be encrypted is an N-row 1-column matrix formed by N bits of data to be encrypted, the random matrix is an m-row N-column Toeplitz matrix formed by m + N-1 bit data, and the m + N-1 bit data comprises m-bit initial shift data and N-1 bit data which is newly generated by realizing N-1 times of shift based on an m-order primitive polynomial. The method and the device can improve the accuracy of data integrity authentication.

Description

Data encryption method, data authentication method, related equipment and system
Technical Field
The present application relates to the field of quantum key distribution technologies, and in particular, to a data encryption method, a data authentication method, and related devices and systems.
Background
The Quantum Key Distribution (QKD for short) is fundamentally different from the classical Key system in that different Quantum states of photons are used as carriers of the Key, and the basic principle of Quantum mechanics ensures that the process cannot be intercepted and deciphered, thereby providing a more secure Key system.
In the specific implementation of the QKD system, various possible attacks need to be considered for ensuring the safety of the system, one possible attack is man-in-the-middle attack, specifically, when an eavesdropper Eve owns the whole device capable of completing the QKD protocol, for two legal communication parties, namely a QKD terminal Alice and a Bob, the eavesdropper Eve can cut off the communication information sent by Alice to Bob and pretend to be Bob, and a shared key is established between the eavesdropper Eve and Alice, and simultaneously, Eve can cut off the communication information sent by Bob to Alice and establish another shared key between the eavesdropper and Bob, so that the communication information between Alice and Bob can be stolen and tampered by Eve.
In order to prevent man-in-the-middle attacks, the existing QKD data authentication algorithm has a CRC32 (32-bit cyclic redundancy check) check algorithm, the algorithm is adopted to perform CRC calculation on classical network interaction data to obtain a 32bits check value, and Alice and Bob determine whether the interaction data is tampered by comparing the CRC check values of the interaction data. However, the CRC algorithm is adopted for checking, and the collision probability of the CRC check value is high, so that an eavesdropper can easily forge the interactive data to pass the CRC check, and cannot perform a good data integrity verification function. Experiments prove that the CRC check value is calculated by using randomly generated data and counted, and the results show that 1820 thousands of data have the collision number reaching 38638, and the requirements of QKD terminal data authentication cannot be met.
Disclosure of Invention
In view of the above, a main objective of the present application is to provide a data encryption method, a data authentication method, and related devices and systems, which can improve accuracy of data integrity authentication.
In a first aspect, the present application provides a data encryption method, including:
determining the bit number N of data to be encrypted;
determining the bit number m of the data after the data to be encrypted is encrypted, wherein m is less than N;
selecting an m-order primitive polynomial for realizing LFSR (linear feedback shift register) shift operation, and acquiring initial shift data of m bits;
processing at least two to-be-encrypted sub-matrixes belonging to a to-be-encrypted matrix and at least two random sub-matrixes belonging to a random matrix to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, wherein the matrix data is data obtained by encrypting the to-be-encrypted data;
the matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial.
In a second aspect, the present application provides a data authentication method for use in a QKD system including first and second QKD terminals communicating over a classical network, the method comprising:
the first QKD terminal encrypts the first to-be-authenticated data by adopting the data encryption method provided by the first aspect; the first data to be authenticated comprises data sent by the first QKD terminal to the second QKD terminal within a preset time interval and data received by the first QKD terminal from the second QKD terminal within the preset time interval;
the second QKD terminal encrypts second data to be authenticated using the data encryption method provided by the first aspect; the second data to be authenticated comprises data sent by the second QKD terminal to the first QKD terminal within the preset time period and data received by the second QKD terminal from the first QKD terminal within the preset time period;
the first QKD terminal determines whether the first to-be-authenticated data is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the second QKD terminal;
and the second QKD terminal determines whether the second data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal.
In a third aspect, the present application provides a data encryption device, including:
the bit number determining unit is used for determining the bit number N of the data to be encrypted and determining the bit number m of the data after the data to be encrypted is encrypted, wherein m is smaller than N;
the shift parameter acquisition unit is used for selecting an m-order primitive polynomial for realizing the LFSR shift operation of the linear feedback shift register and acquiring initial shift data of m bits;
the encryption data generating unit is used for processing at least two to-be-encrypted sub-matrixes belonging to a to-be-encrypted matrix and at least two random sub-matrixes belonging to a random matrix so as to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, wherein the matrix data is data obtained by encrypting the to-be-encrypted data; the matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial.
In a fourth aspect, the present application provides a QKD system that includes a first QKD terminal and a second QKD terminal that communicate over a classical network;
the first QKD terminal is configured to encrypt the first data to be authenticated by using the data encryption device provided in the third aspect; the first data to be authenticated comprises data sent by the first QKD terminal to the second QKD terminal within a preset time interval and data received by the first QKD terminal from the second QKD terminal within the preset time interval;
the second QKD terminal is configured to encrypt second data to be authenticated by using the data encryption device provided in the third aspect; the second data to be authenticated comprises data sent by the second QKD terminal to the first QKD terminal within the preset time period and data received by the second QKD terminal from the first QKD terminal within the preset time period;
the first QKD terminal is used for determining whether the first to-be-authenticated data is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the second QKD terminal;
and the second QKD terminal is used for determining whether the second data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal.
The application provides a data encryption method, a data authentication method, related equipment and a system, a random sub-matrix belonging to a Toeplitz matrix is used for encrypting data to be authenticated, compared with the prior art, the collision rate of the encrypted data can be reduced, the randomness of the encrypted data is improved, and the safety of the encrypted data is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a quantum key distribution system provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a data encryption method according to an embodiment of the present application;
fig. 3 is a schematic diagram of an encryption process provided in an embodiment of the present application;
fig. 4 is a schematic diagram of an LFSR shifting principle provided in an embodiment of the present application;
fig. 5 is a schematic flowchart of a data authentication method according to an embodiment of the present application;
fig. 6 is a schematic composition diagram of a data encryption device according to an embodiment of the present application;
fig. 7 is a schematic diagram of a QKD system according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to a schematic diagram of a Quantum Key Distribution system shown in fig. 1, two QKD terminals Alice and Bob in a Quantum Key Distribution (QKD) system are used to generate the same Quantum Key. Specifically, Alice sends original Key data to Bob through a quantum channel, then Alice and Bob use a classical channel to communicate, data with consistent basis vectors are extracted from the original Key data to complete data screening, a screened Key signed Key is obtained, then an error correction algorithm is used to agree with the signed Key with certain errors at two ends, an error Corrected Key is obtained, finally the ciphered Key is secretly enhanced according to an estimated compression ratio, and a Final Key Final Key is obtained and output.
The Toeplitz matrix is used as a special case of the Two-Universal function family, has a simpler construction method and less resource consumption, and is suitable for encrypting the classical network interaction data in the QKD system, for example, encrypting the interaction data in the basis vector comparison stage shown in fig. 1, so that the integrity of the interaction data can be verified based on the encryption result.
The size of the Toeplitz matrix is determined according to the data length before and after encryption, namely, when the bit length of the data to be encrypted is N and the bit length of the data to be encrypted after encryption is m, the Toeplitz matrix is a matrix with m rows and N columns. Since each element on each oblique line from top left to bottom right in the Toeplitz matrix is the same, it only needs m + N-1 bit data for description. After the m + N-1 bit data is acquired, a Toeplitz matrix T can be constructedm*NThe structure is as follows:
Figure BDA0001352532850000051
wherein, Tm*NEach matrix element inPlain Ti,j=tj-i+m
For obtaining a matrix T for describing Toeplitzm*NThe m + N-1 bit data, in the embodiment of the present application, according to a Shift principle of a Linear Feedback Shift Register (LFSR for short), new N-1 bit data is generated on the basis of m-bit initial Shift data, and the Toeplitz matrix T is described by using the m-bit initial Shift data and the new N-1 bit datam*N
Since the number of bits of the data to be encrypted is N, an N-row 1-column matrix (DJM) can be constructedN*1By matrix operation (JM)m*1=Tm*N×(DJM)N*1Obtaining the encrypted data (JM)m*1. However, consider the Toeplitz matrix Tm*NAre usually large, not conducive to storage, and the matrix Tm*NAnd (DJM)N*1In the multiplication process, the matrix elements are required to be calculated one by one, which results in long time consumption. Therefore, in order to save the storage space and speed up the data processing speed, the data encryption method provided in the embodiment of the present application does not generate the whole Toeplitz matrix T in advancem*NNor directly coupling Tm*NAnd (DJM)N*1Matrix multiplication is carried out, and bit data newly generated by LFSR shift based on current LFSR data and current LFSR data are sequentially constructed to belong to Toeplitz matrix Tm*NThe m rows and the n columns of submatrices are simultaneously utilized to construct n rows and 1 column of submatrices to be encrypted, and T is obtained by splicing and calculating the submatricesm*NAnd (DJM)N*1Matrix calculation result (JM)m*1,(JM)m*1The matrix data is data obtained by encrypting data to be encrypted.
Example one
Referring to fig. 2, a schematic flow chart of a data encryption method provided in an embodiment of the present application is shown, where the method includes:
s201: the number of bits N of the data to be encrypted is determined.
S202: and determining the bit number m of the data after the data to be encrypted is encrypted, wherein m is less than N.
S203: and selecting an m-order primitive polynomial for realizing the LFSR shifting operation of the linear feedback shifting register, and acquiring initial shifting data of m bits.
An m-order primitive polynomial, for example, 64-order primitive polynomial x ^64+ x ^7+ x ^6+ x ^5+ x ^4+ x ^2+ x +1, needs to be selected in the LFSR function family according to the bit number m of the encrypted data, so as to generate new bit data by using the m-order primitive polynomial according to the LFSR shift principle. It can be understood that a primitive polynomial with a higher order number can be selected, so that the LFSR pseudo random sequence generator can output more different pseudo random numbers according to the shift principle, and when the data to be encrypted is encrypted by using m + N-1 pseudo random numbers bit in the subsequent step, the encrypted data has more randomness, thereby being safer.
It should be noted that the present embodiment does not limit the execution order of S201 and S202, and S201 may be executed first and then S202 may be executed, or S202 may be executed first and then S201 may be executed.
S204: processing at least two to-be-encrypted sub-matrixes belonging to a to-be-encrypted matrix and at least two random sub-matrixes belonging to a random matrix to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, wherein the matrix data is data obtained by encrypting the to-be-encrypted data.
The matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial.
In S204, the Toeplitz matrix T is sequentially constructed from the current LFSR data and the bit data newly generated by LFSR shift based on the current LFSR datam*NThe m rows and the n columns of submatrices are simultaneously utilized to construct n rows and 1 column of submatrices to be encrypted, and T is obtained by splicing and calculating the submatricesm*NAnd (DJM)N*1Matrix calculation result (JM)m*1,(JM)m*1The matrix data is data obtained by encrypting data to be encrypted.
In summary, in the data encryption method provided in this embodiment, the random submatrix belonging to the Toeplitz matrix is used to encrypt the data to be encrypted, and compared with the prior art, the collision rate of the encrypted data can be reduced, so that the randomness of the encrypted data is improved, and the security of the encrypted data is further improved.
In an embodiment of the present application, S204 may specifically include (see the schematic diagram of the encryption flow shown in fig. 3):
s301: and reading n-bit data from unread data in the data to be encrypted, and constructing a submatrix to be encrypted with n rows and 1 column.
All bit data of data to be encrypted are grouped, each group comprises nbits data, and first group data is read from the group data. For example, assuming that n is 16, first 16bits of data are read, and a submatrix DJM 1 to be encrypted with 16 rows x1 columns is constructed16*1
Figure BDA0001352532850000071
S302: and determining n-bit data which should be newly generated by performing the shift operation for n times according to an LFSR shift principle and the m-order primitive polynomial.
Referring to the schematic diagram of LFSR shift principle shown in FIG. 4, first, an existing key S with length m is used0,S1,...Sm-1Initialization of LFSR, S0,S1,...Sm-1I.e., the initial shift data in S203. Each time a new bit of data is generated, all bits in the LFSR are shifted one bit to the right, where the rightmost bit is shifted out of the LFSR and the leftmost bit is filled with the new bit of data.
In this embodiment, instead of using the LFSR to perform the actual shift operation, the bit data that should be newly generated by the shift operation may be converted according to the LFSR shift principle, in order to construct the Toeplitz matrix Tm*NI.e. forming m rows and n columnsThe random submatrix can generate n new bit data at a time.
Specifically, in an embodiment of the present application, S302 may specifically include: the method comprises the steps of performing parallel processing by using a Field-Programmable Gate Array (FPGA for short) to determine n-bit data to be newly generated by performing n-time shift operations in a preset number of clock cycles. In the present embodiment, for example, if the m-order primitive polynomial is a 64-order primitive polynomial, and n is 16, when the 64-order primitive polynomial is used, the FPGA code may be designed according to the LFSR shift principle to calculate 16 new bit data in parallel within 1 clock cycle, and this parallel processing method can greatly increase the update speed of the random submatrix, that is, increase the Hash operation processing bandwidth.
Furthermore, in order to quickly update n-bit data, for the selected m-th order primitive polynomial, there may be consecutive high-order terms whose coefficients are all 0. For example, a primitive polynomial of order 64 is selected, for example, x ^64+ x ^7+ x ^6+ x ^5+ x ^4+ x ^2+ x +1, since the coefficients of consecutive high-order terms in the primitive polynomial are 0 and only the coefficient of the low-order 8 terms is not 0, the calculation amount of the LFSR shift operation is less, and therefore, new 16-bit data can be quickly derived based on the current LFSR data.
S303: and constructing a random sub-matrix of m rows and n columns by using the m-bit data in the LFSR before the n shifts and the n-1-bit data which should be newly generated in S302.
When m is 64, the LFSR initial value is 64bits of initial shift data LFSR _ seed [63: 0%]I.e. S in FIG. 40,S1,...S63(ii) a Based on the initial value of LFSR, 16bits of data LFSR _ update [15:0] is obtained by updating in 1 clock cycle]The coding order is the bit generation order.
Take { lfsr _ update [14:0],lfsr_seed[63:0]79bits of data are totally formed, and a random sub-matrix T1 with 64 rows and 16 columns is formed64*16
Figure BDA0001352532850000081
Wherein, the 0 th bit to the 63 th bit in the lfsr _ seed correspond to T164*16S in (1)0To S63The 0 th bit to the 14 th bit in the lfsr _ update correspond to T164*16S in (1)64To S78
It should be noted that, in this embodiment, S301 may be executed first and then S302-S303 may be executed, or S302-S303 may be executed first and then S301 may be executed.
S304: and multiplying the random sub-matrix with the sub-matrix to be encrypted to obtain a sub-matrix multiplication result.
The sub-matrix T164*16And DJM 116*1Matrix multiplication is carried out to obtain a first sub-matrix multiplication result JM 164*1
Figure BDA0001352532850000082
Thus, a first round iteration Hash result JM 1 of a first packet data (16bits data) in the data to be encrypted is obtained64*1Bit width of 64bits, and converting JM 1 to JM 164*1Expressed as Tag.
S305: judging whether at least twice sub-matrix multiplication results are calculated; if so, executing S306; if not, the result is that the multiplication result of the submatrix is calculated only once, and a new multiplication result of the submatrix is obtained by executing S301-S304.
If the multiplication result of the submatrix is only calculated once at present, reading second grouped data (16bits data) from the data to be encrypted, and constructing a submatrix DJM 2 to be encrypted with 16 rows and x1 columns16*1
Figure BDA0001352532850000091
And updating the random submatrix, specifically, recording the current LFSR value as LFSR [79:16], which includes LFSR _ seed [63:16] and the latest newly generated LFSR _ update [15:0], wherein LFSR _ seed [63:16] corresponds to LFSR [63:16] in LFSR [79:16], and LFSR _ update [15:0] corresponds to LFSR [79:64] in LFSR [79:16 ]; then, based on the current LFSR value LFSR [79:16], 16bits of data LFSR _ update [15:0] are updated again within 1 clock cycle.
Take { lfsr _ update [14:0],lfsr_seed[63:0]79bits of data are totally formed, and a random sub-matrix T2 with 64 rows and 16 columns is formed64*16
Figure BDA0001352532850000092
The sub-matrix T264*16And DJM 216*1Matrix multiplication is carried out to obtain a second sub-matrix multiplication result JM 264*1
Figure BDA0001352532850000093
Thus, a second round of iterative Hash result JM 2 of a second packet data (16bits data) in the data to be encrypted is obtained64*1Bit width of 64bits, and converting JM 2 to JM 264*1Denoted as Tag and the last calculated Tag is denoted as Tag _ old.
S306: when the multiplication result of the submatrix is calculated at least twice, carrying out XOR operation on the multiplication result of the submatrix at this time and the multiplication result of the submatrix at last time to obtain an operation result comprising m-bit data; and continuing to execute S301 until the data to be encrypted is completely read.
And performing exclusive or on the Tag obtained by the current calculation and the Tag _ old obtained by the previous calculation to obtain Tag _ new, namely, Tag _ new equals to Tag _ old.
In the above way, the third packet data (16bits data) is continuously read from the data to be encrypted, and a 16-row x 1-column submatrix DJM 3 to be encrypted is constructed16*1And simultaneously updating to obtain a random submatrix T364*16The sub-matrix T364*16And DJM 316*1Matrix multiplication is carried out to obtain a third sub-matrix multiplication result JM 364*1… …; according to the above loop iteration steps, until all 16bits grouped data in the data to be encrypted are completely calculated, the final result is 6The Data _ Tag of 4bits is the Data after encrypting the Data to be encrypted. It should be noted that, if the last packet data in the data to be encrypted is less than 16bits, 16bits are obtained by zero padding, which does not affect the final calculation result.
Further, in order to improve the security of the data to be encrypted, S306 may further include:
s307: and taking preset key data as the data to be encrypted, and continuing to read n-bit data from the unread data in the data to be encrypted until the data to be encrypted is completely read.
Continuing with the example cited in the step of fig. 3, the Data _ Tag of 64bits may not be used as the final encrypted Data, but rather, the Data _ Tag may be used as the Tag _ old; then, obtaining a preset Key data, for example, a 64bits Key, dividing the preset Key data into 4 groups of 16bits, wherein each group of data respectively constitutes a to-be-encrypted submatrix with 16 rows and x1 columns, and executing the above loop iteration steps of S301-S306 again, where the iteration result Encrypt _ Tag is the data after encrypting the data to be encrypted.
In one embodiment of the present application, the initial shift data in S203 and the preset key data in S307 may be extracted from unused key data in a key buffer, where the key buffer stores pre-distributed key data and quantum key data output by the QKD system. In the present embodiment, as shown in fig. 1, Alice corresponds to a quantum key management terminal a that allocates a sufficient amount of key data to Alice in advance and stores the key data in a key buffer of Alice in advance, and similarly, Bob also corresponds to a quantum key management terminal B that allocates a sufficient amount of key data to Bob in advance and stores the key data in a key buffer of Bob, the key data being the same as the key data allocated to Alice in advance; in addition, the Alice and the Bob also store the quantum key which is generated each time and has the same two ends in the key cache region of the Alice and the Bob so as to continuously update the key cache region of the Alice and the Bob; in this way, when Alice and Bob encrypt respective data to be authenticated for data integrity verification, the same key data may be read from respective key buffers as the initial shift data or the predetermined key data.
Example two
The first embodiment describes a method for encrypting data to be encrypted, and the second embodiment describes a method for performing integrity authentication on data to be encrypted based on an encryption result.
Referring to fig. 5, a flow diagram of a data authentication method provided in an embodiment of the present application is applied to a QKD system including a first QKD terminal and a second QKD terminal that communicate via a classical network. The data authentication method comprises the following steps:
s501: the first QKD terminal encrypts first data to be authenticated; the first data to be authenticated comprises data A sent by the first QKD terminal to the second QKD terminal within a preset time interval and data B received by the first QKD terminal from the second QKD terminal within the preset time interval.
The first QKD terminal is Alice shown in fig. 1, and the second QKD terminal is Bob shown in fig. 1.
In this embodiment, the first data to be authenticated may be used as the data to be encrypted, and the data encryption method of the first embodiment is adopted to encrypt the first data to be authenticated.
In the first data to be authenticated, data B received by the first QKD terminal from the second QKD terminal is transmitted through a classical channel and risks being tampered during transmission, and therefore, the data B may be tampered data or data which is not tampered.
S502: the second QKD terminal encrypts second data to be authenticated; the second data to be authenticated comprises data B sent by the second QKD terminal to the first QKD terminal within the preset time period and data A received by the second QKD terminal from the first QKD terminal within the preset time period.
In this embodiment, the second data to be authenticated may be used as the data to be encrypted, and the data encryption method in the first embodiment is adopted to encrypt the second data to be authenticated.
In the second data to be authenticated, the data a received by the second QKD terminal from the first QKD terminal is transmitted through a classical channel and risks being tampered during transmission, and therefore, the data a may be tampered data or data which is not tampered.
In this embodiment, the first to-be-authenticated data and the second to-be-authenticated data may be classical network interaction data of the QKD system in a basis vector comparison stage or other stages, and a fixed data interaction duration, for example, 1 second, may be used as a preset time period to perform data integrity verification on interaction data in each second.
It can be understood that if the interactive data of the first QKD terminal and the second QKD terminal are not tampered while being transmitted through the classical channel, the first data to be authenticated and the second data to be authenticated are the same data; on the contrary, if the interactive data of the first QKD terminal and the second QKD terminal are tampered while being transmitted through the classical channel, the first data to be authenticated and the second data to be authenticated are different data.
S503: and the first QKD terminal determines whether the first data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the second QKD terminal.
S504: and the second QKD terminal determines whether the second data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal.
Steps S503 and S504 implement bidirectional data authentication, that is, the two QKD terminals respectively determine whether the data to be authenticated at the home terminal is tampered according to the encryption operation result at the home terminal and the encryption operation result at the opposite terminal, if the data to be authenticated at both ends are not tampered, it indicates that the interactive data of the two QKD terminals pass data integrity verification, otherwise, the interactive data do not pass verification.
In summary, in the data authentication method provided in the second embodiment, the method of the first embodiment is used to encrypt the data to be authenticated, that is, the random submatrix belonging to the Toeplitz matrix is used to encrypt the data to be authenticated, and compared with the prior art, the collision rate of the encrypted data can be reduced, so that the randomness of the encrypted data is improved, and the security of the encrypted data is improved.
Specifically, the data authentication method may adopt any one of the following embodiments.
In the first embodiment, since the first QKD terminal and the second QKD terminal each correspond to a quantum key management terminal, it may distribute three different key data, which are the first key, the second key, and the third key, to the corresponding QKD terminal in advance.
S501 may specifically include: the first QKD terminal encrypts the first to-be-authenticated data based on the first key to obtain a first hash value; and encrypting the first hash value by using a second key, and sending the obtained first ciphertext to a second QKD terminal. The first key may be the preset key Data in the first embodiment S307, and the first hash value may be an encryption result Data _ Tag1 or Encrypt _ Tag1 of the first QKD terminal by using the Data encryption method in the first embodiment; when the first hash value is encrypted, a symmetric encryption algorithm can be adopted for encryption.
S502 may specifically include: the second QKD terminal encrypts second data to be authenticated based on the first key to obtain a second hash value; and encrypting the second hash value by using a third key different from the second key, and sending the obtained second ciphertext to the first QKD terminal. The second hash value may also be an encryption result Data _ Tag2 or Encrypt _ Tag2 performed by the second QKD terminal by using the Data encryption method of the first embodiment; when the second hash value is encrypted, a symmetric encryption algorithm can be used for encryption.
S503 may specifically include: the first QKD terminal decrypts the second ciphertext by using the third key; judging whether the decrypted hash value is the same as the first hash value or not; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; and if the first data to be authenticated is different from the second data to be authenticated, determining that the first data to be authenticated is tampered. In this step, the first QKD terminal needs to decrypt the second ciphertext received from the second QKD terminal, and if the hash value obtained by decryption is the same as the first hash value of the terminal, the first QKD terminal considers that the first to-be-authenticated data of the terminal has not been tampered, that is, the authentication is passed, otherwise, the authentication is not passed.
S504 may specifically include: the second QKD terminal decrypts the first ciphertext by using the second key; judging whether the decrypted hash value is the same as the second hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered. In this step, the second QKD terminal needs to decrypt the first ciphertext received from the first QKD terminal, and if the hash value obtained by decryption is the same as the second hash value of the terminal, the second QKD terminal considers that the second to-be-authenticated data of the terminal has not been tampered, that is, the authentication is passed, otherwise, the authentication is not passed.
In the second embodiment, since the first QKD terminal and the second QKD terminal each correspond to a quantum key management terminal, it may distribute two different key data, i.e., the fourth key and the fifth key, to the corresponding QKD terminals in advance.
S501 may specifically include: the first QKD terminal encrypts the first to-be-authenticated data based on the fourth key to obtain a third hash value; encrypting the first to-be-authenticated data based on a fifth key to obtain a fourth hash value; and sending the fourth hash value to a second QKD terminal. When the fourth key is the preset key Data in the first embodiment S307, the third hash value may be the encryption result Data _ Tag3 or Encrypt _ Tag3 by using the Data encryption method in the first embodiment; likewise, when the fifth key is the preset key Data in the first embodiment S307, the fourth hash value may be the encryption result Data _ Tag4 or Encrypt _ Tag4 by using the Data encryption method of the first embodiment.
S502 may specifically include: the second QKD terminal encrypts second data to be authenticated based on the fourth key to obtain a fifth hash value; encrypting the second data to be authenticated based on the fifth key to obtain a sixth hash value; and sending the fifth hash value to the first QKD terminal. When the fourth key is the preset key Data in the first embodiment S307, the fifth hash value may be the encryption result Data _ Tag5 or Encrypt _ Tag5 by using the Data encryption method in the first embodiment; likewise, when the fifth key is also the preset key Data in the first embodiment S307, the sixth hash value may be the encryption result Data _ Tag6 or Encrypt _ Tag6 by using the Data encryption method in the first embodiment.
S503 may specifically include: the first QKD terminal judges whether the third hash value is the same as the fifth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; and if the first data to be authenticated is different from the second data to be authenticated, determining that the first data to be authenticated is tampered. In this step, after receiving the fifth hash value from the second QKD terminal, the first QKD terminal compares the fifth hash value with the third hash value of the terminal, and since the third hash value and the fifth hash value are both the result of encrypting by using the fourth key, if the third hash value and the fifth hash value are the same, the first QKD terminal considers that the first to-be-authenticated data of the terminal is not tampered, that is, the authentication is passed, otherwise, the authentication is not passed.
S504 may specifically include: the second QKD terminal judges whether the four hash values are the same as the sixth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered. In this step, the second QKD terminal receives the fourth hash value from the first QKD terminal, and then compares the fourth hash value with the sixth hash value of the terminal, and since the fourth hash value and the sixth hash value are both results of encrypting by using the fifth key, if the fourth hash value and the sixth hash value are the same, the second QKD terminal considers that the second data to be authenticated of the terminal is not tampered, that is, the authentication is passed, otherwise, the authentication is not passed.
Further, in order to prevent a counterfeit device from accessing the QKD system shown in fig. 1, in an embodiment of the present application, the first data to be authenticated further includes: terminal identification information received by the first QKD terminal from the second QKD terminal; the second data to be authenticated further includes: terminal identification information received by the second QKD terminal from the first QKD terminal; wherein the terminal identification information includes terminal identifications of the first and second QKD terminals.
In this embodiment, when the first QKD terminal and the second QKD terminal are respectively Alice and Bob shown in fig. 1, the quantum key management terminal corresponding to Alice sends the terminal identifiers of Alice and Bob to Alice in advance, and similarly, the quantum key management terminal corresponding to Bob also sends the terminal identifiers of Alice and Bob to Bob in advance, so that Alice and Bob both obtain the device identifier of the local terminal and the device identifier of the opposite terminal, and thus, while Alice or Bob sends classical network interaction data to the opposite terminal, the device identifiers of Alice and Bob are also sent to the opposite terminal. In this case, if a forged device accesses the QKD system and pretends to be Alice or Bob for communication, the forged device needs to forge the terminal identifiers of Alice and Bob in the data to be authenticated, and if Alice or Bob determines that the data to be authenticated on the local side does not pass the authentication, the terminal identifiers of Alice and/or Bob in the data to be authenticated may be tampered, so that it can be recognized that the forged device accesses the QKD system.
EXAMPLE III
Referring to fig. 6, a schematic diagram of a data encryption device provided in an embodiment of the present application is shown, where the data encryption device 600 includes:
a bit number determining unit 601, configured to determine a bit number N of data to be encrypted, and determine a bit number m of data obtained by encrypting the data to be encrypted, where m is smaller than N;
a shift parameter obtaining unit 602, configured to select an m-order primitive polynomial for implementing a shift operation of the LFSR, and obtain initial shift data of m bits;
an encrypted data generating unit 603, configured to process at least two to-be-encrypted sub-matrices belonging to a to-be-encrypted matrix and at least two random sub-matrices belonging to a random matrix to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, where the matrix data is data obtained by encrypting the to-be-encrypted data; the matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial.
In an embodiment of the present application, the encrypted data generating unit 603 may include:
the sub-matrix multiplication sub-unit is used for reading n-bit data from unread data in the data to be encrypted and constructing a sub-matrix to be encrypted with n rows and 1 column; determining n-bit data which should be newly generated by performing n-time shift operation according to an LFSR shift principle and the m-order primitive polynomial, and constructing a random sub-matrix of m rows and n columns by using m-bit data in an LFSR before the n-time shift and n-1-bit data which should be newly generated in the n-bit data; multiplying the random sub-matrix with the sub-matrix to be encrypted to obtain a sub-matrix multiplication result;
the sub-matrix multiplication subunit is also used for executing the steps again to obtain a new sub-matrix multiplication result when the sub-matrix multiplication result is only calculated once;
the cyclic processing subunit is used for performing exclusive-or operation on the result of the multiplication of the submatrix of the current time and the result of the multiplication of the submatrix of the last time when the result of the multiplication of the submatrix of at least two times is calculated to obtain an operation result comprising m-bit data; and calling the sub-matrix multiplication sub-unit until the data to be encrypted is completely read and an operation result comprising m-bit data is obtained.
In an embodiment of the application, the loop processing subunit is further configured to use preset key data as the data to be encrypted, and call the sub-matrix multiplication subunit until the data to be encrypted is completely read and an operation result including m-bit data is obtained.
In one embodiment of the present application, the initial shift data and the pre-key data are extracted from unused key data in a key buffer, where the key buffer stores pre-distributed key data and quantum key data output by a quantum key distribution QKD system.
In an embodiment of the present application, the sub-matrix multiplication sub-unit is specifically configured to perform parallel processing by using a field programmable gate array FPGA, so as to determine n bits of data that should be newly generated by performing n shift operations within a preset number of clock cycles.
In one embodiment of the present application, there are consecutive high-order terms in the m-th order primitive polynomial with coefficients of 0 all.
It should be noted that, the third embodiment is a data encryption device corresponding to the method provided in the first embodiment, and please refer to the related description of the first embodiment, which is not described herein again.
Example four
Referring to fig. 7, a QKD system according to an embodiment of the present application is schematically shown, where QKD system 700 includes a first QKD terminal 701 and a second QKD terminal 702 communicating via a classical network;
the first QKD terminal 701 is configured to encrypt the first to-be-authenticated data by using the data encryption apparatus 600 according to the third embodiment; the first data to be authenticated includes data sent by the first QKD terminal 701 to the second QKD terminal 702 within a preset time period, and data received by the first QKD terminal 701 from the second QKD terminal 702 within the preset time period;
the second QKD terminal 702 is configured to encrypt the second data to be authenticated by using the data encryption device 600 in the third embodiment; the second data to be authenticated includes data sent by the second QKD terminal 702 to the first QKD terminal 701 within the preset time period, and data received by the second QKD terminal 702 from the first QKD terminal 701 within the preset time period;
the first QKD terminal 701 is configured to determine whether the first to-be-authenticated data is tampered according to an encryption operation result of the local terminal and an encryption operation result of the second QKD terminal 702;
the second QKD terminal 702 is configured to determine whether the second data to be authenticated is tampered with according to an encryption operation result of the second QKD terminal and an encryption operation result of the first QKD terminal 701.
In an implementation manner of the present application, if the preset key data in the third embodiment is referred to as a first key, a second key, or a third key, then:
the first QKD terminal 701 may be specifically configured to encrypt the first to-be-authenticated data based on the first key to obtain a first hash value; encrypting the first hash value by using a second key, and sending an obtained first ciphertext to the second QKD terminal 702;
correspondingly, the second QKD terminal 702 may be specifically configured to encrypt the second data to be authenticated based on the first key, so as to obtain a second hash value; encrypting the second hash value by using a third key different from the second key, and sending an obtained second ciphertext to the first QKD terminal 701;
accordingly, the first QKD terminal 701 may be specifically configured to decrypt the second ciphertext with the third key; judging whether the decrypted hash value is the same as the first hash value or not; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; if the first data to be authenticated is different from the second data to be authenticated, the first data to be authenticated is determined to be tampered;
accordingly, the second QKD terminal 702 may be specifically configured to decrypt the first ciphertext with the second key; judging whether the decrypted hash value is the same as the second hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered.
In an implementation manner of the present application, the preset key data in the third embodiment is referred to as a fourth key or a fifth key, and the fourth key and the fifth key are different key data, then,
the first QKD terminal 701 may be specifically configured to encrypt the first to-be-authenticated data based on the fourth key to obtain a third hash value; encrypting the first to-be-authenticated data based on the fifth key to obtain a fourth hash value; sending the fourth hash value to the second QKD terminal 702;
correspondingly, the second QKD terminal 702 may be specifically configured to encrypt the second data to be authenticated based on the fourth key, so as to obtain a fifth hash value; encrypting the second data to be authenticated based on the fifth key to obtain a sixth hash value; sending the fifth hash value to the first QKD terminal 701;
correspondingly, the first QKD terminal 701 may be specifically configured to determine whether the third hash value is the same as the fifth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; if the first data to be authenticated is different from the second data to be authenticated, the first data to be authenticated is determined to be tampered;
correspondingly, the second QKD terminal 702 may be specifically configured to determine whether the four hash values are the same as the sixth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered.
In an embodiment of the present application, the first data to be authenticated may further include: terminal identification information received by the first QKD terminal 701 from the second QKD terminal 702; the second data to be authenticated may further include: terminal identification information received by the second QKD terminal 702 from the first QKD terminal 701; wherein the terminal identification information includes terminal identifications of the first QKD terminal 701 and the second QKD terminal 702.
It should be noted that the fourth embodiment is a QKD system corresponding to the method provided in the second embodiment, and reference is made to the related description of the second embodiment for related points, which are not repeated herein.
As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that all or part of the steps in the above embodiment methods can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present application may be essentially or partially implemented in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network communication device such as a media gateway, etc.) to execute the method according to the embodiments or some parts of the embodiments of the present application.
It should be noted that, in the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the equipment and the system disclosed by the embodiment, the description is simple because the equipment and the system correspond to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (11)

1. A method for data encryption, comprising:
determining the bit number N of data to be encrypted;
determining the bit number m of the data after the data to be encrypted is encrypted, wherein m is less than N;
selecting an m-order primitive polynomial for realizing LFSR (linear feedback shift register) shift operation, and acquiring initial shift data of m bits;
processing at least two to-be-encrypted sub-matrixes belonging to a to-be-encrypted matrix and at least two random sub-matrixes belonging to a random matrix to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, wherein the matrix data is data obtained by encrypting the to-be-encrypted data;
the matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial;
the processing of the at least two to-be-encrypted sub-matrices belonging to the to-be-encrypted matrix and the at least two random sub-matrices belonging to the random matrix includes:
reading n-bit data from unread data in the data to be encrypted, and constructing a submatrix to be encrypted with n rows and 1 column; determining n bit data which should be newly generated by carrying out n times of shift operation according to an LFSR shift principle and the m-order primitive polynomial, and constructing a random sub-matrix of m rows and n columns by using m bit data in an LFSR before the n times of shift and n-1 bit data generated in the n bit data; multiplying the random sub-matrix with the sub-matrix to be encrypted to obtain a sub-matrix multiplication result;
when the multiplication result of the submatrix is calculated only once, the steps are executed again to obtain a new multiplication result of the submatrix;
when the multiplication result of the submatrix is calculated at least twice, carrying out XOR operation on the multiplication result of the submatrix at this time and the multiplication result of the submatrix at last time to obtain an operation result comprising m-bit data; and circularly executing the steps of reading n-bit data from the unread data in the data to be encrypted and the subsequent steps until the data to be encrypted is completely read and an operation result comprising m-bit data is obtained.
2. The method of claim 1, further comprising:
and taking preset key data as the data to be encrypted, and circularly executing the steps of reading n-bit data from the unread data in the data to be encrypted and the subsequent steps until the data to be encrypted is completely read and an operation result comprising m-bit data is obtained.
3. The method of claim 2,
the initial shift data and the pre-set key data are extracted from unused key data in a key buffer, wherein the key buffer stores pre-distributed key data and quantum key data output by a quantum key distribution QKD system.
4. The method of claim 1, wherein said determining n bits of data that should be newly generated for n shift operations comprises:
and performing parallel processing by adopting a Field Programmable Gate Array (FPGA) so as to determine n bit data which should be newly generated by performing n times of shift operation in a preset number of clock cycles.
5. The method according to any of claims 1 to 4, characterized in that there are successive higher order terms in the m-th order primitive polynomial with coefficients all of 0.
6. A data authentication method applied to a QKD system including a first QKD terminal and a second QKD terminal communicating over a classical network, the method comprising:
the first QKD terminal adopts the method of any one of claims 1 to 5 to encrypt the first data to be authenticated; the first data to be authenticated comprises data sent by the first QKD terminal to the second QKD terminal within a preset time interval and data received by the first QKD terminal from the second QKD terminal within the preset time interval;
the second QKD terminal encrypts second data to be authenticated using the method of any of claims 1 to 5; the second data to be authenticated comprises data sent by the second QKD terminal to the first QKD terminal within the preset time period and data received by the second QKD terminal from the first QKD terminal within the preset time period;
the first QKD terminal determines whether the first to-be-authenticated data is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the second QKD terminal;
and the second QKD terminal determines whether the second data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal.
7. The method according to claim 6, wherein the preset key data in the method of claim 2 or 3 is referred to as a first key, a second key or a third key, and then:
the encrypting the first data to be authenticated includes:
the first QKD terminal encrypts the first to-be-authenticated data based on the first key to obtain a first hash value; encrypting the first hash value by using a second key, and sending an obtained first ciphertext to the second QKD terminal;
correspondingly, the encrypting the second data to be authenticated includes:
the second QKD terminal encrypts the second data to be authenticated based on the first key to obtain a second hash value; encrypting the second hash value by using a third key different from the second key, and sending an obtained second ciphertext to the first QKD terminal;
correspondingly, the determining, by the first QKD terminal, whether the first to-be-authenticated data is tampered according to the encryption operation result of the local terminal and the encryption operation result of the second QKD terminal includes:
the first QKD terminal decrypts the second ciphertext by using the third key; judging whether the decrypted hash value is the same as the first hash value or not; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; if the first data to be authenticated is different from the second data to be authenticated, the first data to be authenticated is determined to be tampered;
correspondingly, the second QKD terminal determining whether the second data to be authenticated is tampered according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal includes:
the second QKD terminal decrypts the first ciphertext by using the second key; judging whether the decrypted hash value is the same as the second hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered.
8. The method according to claim 6, wherein the preset key data in the method of claim 2 or 3 is referred to as a fourth key or a fifth key, and the fourth key and the fifth key are different key data,
the encrypting the first data to be authenticated includes:
the first QKD terminal encrypts the first to-be-authenticated data based on the fourth key to obtain a third hash value; encrypting the first to-be-authenticated data based on the fifth key to obtain a fourth hash value; sending the fourth hash value to the second QKD terminal;
correspondingly, the encrypting the second data to be authenticated includes:
the second QKD terminal encrypts the second data to be authenticated based on the fourth key to obtain a fifth hash value; encrypting the second data to be authenticated based on the fifth key to obtain a sixth hash value; sending the fifth hash value to the first QKD terminal;
correspondingly, the determining, by the first QKD terminal, whether the first to-be-authenticated data is tampered according to the encryption operation result of the local terminal and the encryption operation result of the second QKD terminal includes:
the first QKD terminal judges whether the third hash value is the same as the fifth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the first data to be authenticated is not tampered; if the first data to be authenticated is different from the second data to be authenticated, the first data to be authenticated is determined to be tampered;
correspondingly, the second QKD terminal determining whether the second data to be authenticated is tampered according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal includes:
the second QKD terminal judges whether the four hash values are the same as the sixth hash value; if the first data to be authenticated is the same as the second data to be authenticated, determining that the second data to be authenticated is not tampered; and if the two data are different, determining that the second data to be authenticated is tampered.
9. The method according to any one of claims 6 to 8,
the first data to be authenticated further includes: terminal identification information received by the first QKD terminal from the second QKD terminal;
the second data to be authenticated further includes: terminal identification information received by the second QKD terminal from the first QKD terminal;
wherein the terminal identification information includes terminal identifications of the first and second QKD terminals.
10. A data encryption device, comprising:
the bit number determining unit is used for determining the bit number N of the data to be encrypted and determining the bit number m of the data after the data to be encrypted is encrypted, wherein m is smaller than N;
the shift parameter acquisition unit is used for selecting an m-order primitive polynomial for realizing the LFSR shift operation of the linear feedback shift register and acquiring initial shift data of m bits;
the encryption data generating unit is used for processing at least two to-be-encrypted sub-matrixes belonging to a to-be-encrypted matrix and at least two random sub-matrixes belonging to a random matrix so as to obtain matrix data obtained by multiplying the to-be-encrypted matrix and the random matrix, wherein the matrix data is data obtained by encrypting the to-be-encrypted data; the matrix to be encrypted is an N-row 1-column matrix formed by N bits of the data to be encrypted; the random matrix is a Toeplitz matrix which is formed by m + N-1 bit data and is provided with m rows and N columns, wherein the m + N-1 bit data comprises initial shift data of m bits and N-1 bit data which is newly generated by realizing N-1 times of shift based on the m-order primitive polynomial;
the encrypted data generation unit is specifically configured to:
reading n-bit data from unread data in the data to be encrypted, and constructing a submatrix to be encrypted with n rows and 1 column; determining n bit data which should be newly generated by carrying out n times of shift operation according to an LFSR shift principle and the m-order primitive polynomial, and constructing a random sub-matrix of m rows and n columns by using m bit data in an LFSR before the n times of shift and n-1 bit data generated in the n bit data; multiplying the random sub-matrix with the sub-matrix to be encrypted to obtain a sub-matrix multiplication result;
when the multiplication result of the submatrix is calculated only once, the steps are executed again to obtain a new multiplication result of the submatrix;
when the multiplication result of the submatrix is calculated at least twice, carrying out XOR operation on the multiplication result of the submatrix at this time and the multiplication result of the submatrix at last time to obtain an operation result comprising m-bit data; and circularly executing the steps of reading n-bit data from the unread data in the data to be encrypted and the subsequent steps until the data to be encrypted is completely read and an operation result comprising m-bit data is obtained.
11. A QKD system comprising a first QKD terminal and a second QKD terminal in communication over a classical network;
the first QKD terminal configured to encrypt first data to be authenticated using the data encryption apparatus according to claim 10; the first data to be authenticated comprises data sent by the first QKD terminal to the second QKD terminal within a preset time interval and data received by the first QKD terminal from the second QKD terminal within the preset time interval;
the second QKD terminal configured to encrypt second data to be authenticated using the data encryption device of claim 10; the second data to be authenticated comprises data sent by the second QKD terminal to the first QKD terminal within the preset time period and data received by the second QKD terminal from the first QKD terminal within the preset time period;
the first QKD terminal is used for determining whether the first to-be-authenticated data is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the second QKD terminal;
and the second QKD terminal is used for determining whether the second data to be authenticated is tampered or not according to the encryption operation result of the terminal and the encryption operation result of the first QKD terminal.
CN201710581995.9A 2017-07-17 2017-07-17 Data encryption method, data authentication method, related equipment and system Active CN109274485B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710581995.9A CN109274485B (en) 2017-07-17 2017-07-17 Data encryption method, data authentication method, related equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710581995.9A CN109274485B (en) 2017-07-17 2017-07-17 Data encryption method, data authentication method, related equipment and system

Publications (2)

Publication Number Publication Date
CN109274485A CN109274485A (en) 2019-01-25
CN109274485B true CN109274485B (en) 2021-06-15

Family

ID=65147867

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710581995.9A Active CN109274485B (en) 2017-07-17 2017-07-17 Data encryption method, data authentication method, related equipment and system

Country Status (1)

Country Link
CN (1) CN109274485B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839772A (en) * 2021-09-18 2021-12-24 哲库科技(北京)有限公司 Toeplitz hash algorithm processing circuit, chip and terminal

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110048833B (en) * 2019-03-04 2021-10-29 全球能源互联网研究院有限公司 Electric power service encryption method and device based on quantum satellite key network
CN113055184B (en) * 2021-03-22 2022-11-29 中国工商银行股份有限公司 Data encryption and decryption method and device
CN113204771B (en) * 2021-04-21 2022-02-22 北京连山科技股份有限公司 Efficient method for improving defects of block cipher CBC mode by using SM3 cipher
CN113300843A (en) * 2021-06-22 2021-08-24 上海循态信息科技有限公司 Privacy enhancement method and system for use in quantum key distribution
CN115080929B (en) * 2022-07-20 2022-11-11 深圳研控自动化科技股份有限公司 Encryption method, decryption method, system and storage medium of FPGA program
CN115348018B (en) * 2022-07-26 2023-05-16 陕西洲盾软件科技有限公司 Data processing method, device and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1914851A (en) * 2004-02-10 2007-02-14 三菱电机株式会社 Quantum key delivering method and communication device
CN103440119A (en) * 2013-07-08 2013-12-11 中国航空无线电电子研究所 M sequence generator-based primitive polynomial pseudo-random sequence generator
WO2014088392A1 (en) * 2012-12-05 2014-06-12 Mimos Berhad Method for information reconciliation in quantum key distribution
CN104270247A (en) * 2014-05-23 2015-01-07 中国人民解放军信息工程大学 Efficient generic Hash function authentication scheme suitable for quantum cryptography system
CN104506313A (en) * 2015-01-19 2015-04-08 中国人民解放军国防科学技术大学 Quantum secret key distribution privacy amplification method supporting large-scale dynamic changes
CN105071929A (en) * 2015-07-15 2015-11-18 清华大学 Postprocessing method for quantum key distribution
CN106533673A (en) * 2016-12-08 2017-03-22 浙江神州量子网络科技有限公司 Privacy amplification method suitable for multi-party quantum communication
US10291399B2 (en) * 2013-09-30 2019-05-14 Traid National Security, LLC Quantum-secured communications overlay for optical fiber communications networks

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7631190B2 (en) * 2004-05-27 2009-12-08 Silverbrook Research Pty Ltd Use of variant and base keys with two entities
WO2006045114A2 (en) * 2004-10-13 2006-04-27 The Regents Of The University Of California Cryptographic primitives, error coding, and pseudo-random number improvement methods using quasigroups
US8516269B1 (en) * 2010-07-28 2013-08-20 Sandia Corporation Hardware device to physical structure binding and authentication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1914851A (en) * 2004-02-10 2007-02-14 三菱电机株式会社 Quantum key delivering method and communication device
WO2014088392A1 (en) * 2012-12-05 2014-06-12 Mimos Berhad Method for information reconciliation in quantum key distribution
CN103440119A (en) * 2013-07-08 2013-12-11 中国航空无线电电子研究所 M sequence generator-based primitive polynomial pseudo-random sequence generator
US10291399B2 (en) * 2013-09-30 2019-05-14 Traid National Security, LLC Quantum-secured communications overlay for optical fiber communications networks
CN104270247A (en) * 2014-05-23 2015-01-07 中国人民解放军信息工程大学 Efficient generic Hash function authentication scheme suitable for quantum cryptography system
CN104506313A (en) * 2015-01-19 2015-04-08 中国人民解放军国防科学技术大学 Quantum secret key distribution privacy amplification method supporting large-scale dynamic changes
CN105071929A (en) * 2015-07-15 2015-11-18 清华大学 Postprocessing method for quantum key distribution
CN106533673A (en) * 2016-12-08 2017-03-22 浙江神州量子网络科技有限公司 Privacy amplification method suitable for multi-party quantum communication

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113839772A (en) * 2021-09-18 2021-12-24 哲库科技(北京)有限公司 Toeplitz hash algorithm processing circuit, chip and terminal

Also Published As

Publication number Publication date
CN109274485A (en) 2019-01-25

Similar Documents

Publication Publication Date Title
CN109274485B (en) Data encryption method, data authentication method, related equipment and system
JP6720424B1 (en) Key sharing device and method
CN104270247B (en) Suitable for the efficient general Hash functions authentication method of quantum cryptography system
CN106850221B (en) Information encryption and decryption method and device
KR102136904B1 (en) Shared secret key generation device, encryption device, decryption device, shared secret key generation method, encryption method, decryption method, and program
CN111492616B (en) Configurable device for lattice-based cryptography
CN111492615B (en) Encryption device with updatable shared matrix
US9948460B2 (en) Multivariate cryptography based on clipped hopfield neural network
TWI688250B (en) Method and device for data encryption and decryption
CN108141352B (en) Cryptographic apparatus, method, apparatus and computer readable medium, and encoding apparatus, method, apparatus and computer readable medium
CN105379173A (en) System for sharing a cryptographic key
US20160012237A1 (en) Aes implementation with error correction
US9391770B2 (en) Method of cryption
JP2022095852A (en) Digital signature method, signature information verification method, related device, and electronic device
US11341217B1 (en) Enhancing obfuscation of digital content through use of linear error correction codes
JP2007019789A (en) Random number sharing system and method therefor
CN115632782B (en) Random number generation method, system and equipment based on SM4 counter mode
KR102211648B1 (en) Electronic device capable of data communication through electronic signatures based on syndrome and operating method thereof
CN114221753B (en) Key data processing method and electronic equipment
Faraoun Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata
CN115277064A (en) Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and medium
JP5207153B2 (en) Pseudo random number generation system
CN115632765A (en) Encryption method, decryption device, electronic equipment and storage medium
JP5489115B2 (en) Originality assurance device, originality assurance program, and recording medium for recording the program
Cusack et al. Using graphic methods to challenge cryptographic performance

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant