CN113965318B - Quantum migration security system - Google Patents

Quantum migration security system Download PDF

Info

Publication number
CN113965318B
CN113965318B CN202111103127.2A CN202111103127A CN113965318B CN 113965318 B CN113965318 B CN 113965318B CN 202111103127 A CN202111103127 A CN 202111103127A CN 113965318 B CN113965318 B CN 113965318B
Authority
CN
China
Prior art keywords
security system
key
quantum
information
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111103127.2A
Other languages
Chinese (zh)
Other versions
CN113965318A (en
Inventor
廖正赟
刘熙胖
孙晓鹏
李亚运
武宗品
刘长河
彭金辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Xinda Jiean Information Technology Co Ltd
Original Assignee
Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Xinda Jiean Information Technology Co Ltd filed Critical Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority to CN202111103127.2A priority Critical patent/CN113965318B/en
Publication of CN113965318A publication Critical patent/CN113965318A/en
Application granted granted Critical
Publication of CN113965318B publication Critical patent/CN113965318B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optics & Photonics (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a quantum migration security system, which comprises: a security system equipment side A and a security system support side B; the security system equipment side A also comprises security equipment; the security system equipment side A acquires an initial cooperative key from the security system support side B through quantum key distribution equipment; the security system equipment side A performs real-time quantum key distribution with the security system support side B through quantum key distribution equipment to obtain a real-time cooperative key; the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm. The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system.

Description

Quantum migration security system
Technical Field
The invention relates to the technical field of quantum communication, in particular to a quantum migration security system.
Background
With the development of quantum computers and the development of quantum algorithms, the security of classical cryptographic systems based on computational complexity assumptions is severely challenged. In order to address the potential threat that quantum computers and quantum algorithms pose to classical cryptosystems, new cryptosystems have been developed that can combat quantum computing attacks, quantum cryptosystems have emerged in this context. Quantum cryptography is a novel cryptosystem produced by combining classical cryptotheory and quantum mechanics basic principles. Unlike classical cryptographic systems, which are designed based on physical laws with quantum states as information carriers, their security is ensured by quantum mechanical basic properties, irrespective of the size of the attacker's computing power. Therefore, applications in traditional cryptography with respect to quantum migration are receiving increasing attention.
Disclosure of Invention
Based on the foregoing, it is necessary to provide a quantum migration security system, which can enrich the application scenarios of quantum technologies in a cryptographic system.
The invention provides a quantum migration security system, comprising: a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
The security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm.
Based on the above, the security and privacy device performs the following steps when generating a random number based on the initial cooperative key and the real-time cooperative key:
the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
for the ith chaotic random source, i=1, 2, 3 … N; meter with a meter bodyCalculating an initial cooperative key X i0
Figure GDA0004210006140000021
Real-time collaborative key X i1 Obtaining an initial random key X i2 The result value X i2 As the input of the ith chaotic random source, and through piecewise linear chaotic function processing, the initial chaotic source of the ith chaotic random source is output >
Figure GDA0004210006140000022
Then obtaining a random source at the j moment through a plurality of chaotic motions
Figure GDA0004210006140000023
Figure GDA0004210006140000024
Is an exclusive or operator; wherein the initial cooperative key X i0 The real-time cooperative key X is obtained from the security system support party B by the security system equipment party A through the quantum key distribution equipment i1 The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment; />
The random number output processing part outputs random sources of each path of chaotic random source
Figure GDA0004210006140000025
Exclusive OR operation is performed to output a random number of +.>
Figure GDA0004210006140000026
Based on the above, when the security system device side a obtains the initial cooperative key from the security system support side B through the quantum key distribution device, the following steps are performed:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B can store the key cooperation request from the local storageSelecting modulation basis from modulation basis of (2) and using the selected modulation basis to locally store initial cooperative key X i0 Modulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
After receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
Based on the above, after the random number generator generates a random number based on the initial cooperative key and the real-time cooperative key, the security system device side a performs quantum key distribution with the security system support side B through the quantum key distribution device to obtain a cooperative key, and uses the cooperative key as n-bit new information M i
Based on the above, the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device, and when obtaining a real-time cooperative key, performs the following steps:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
the security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system supporting side B, eliminates the small part of quantum bits when the measurement result is correct, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 Simultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1
Based on the above, the security system device side a adopts the device key and the corresponding encryption algorithm to encrypt and protect the modulation option.
Based on the above, the security system device side a locally and securely stores the acquisition key of the device key, and when the device key needs to be utilized, requests to acquire the device key from the device key support side C based on the acquisition key; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
Based on the above, after receiving the random number generation request, the security system support B performs security mutual authentication with the security system device a, and specifically includes:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
after receiving the quantum state sent by the security system equipment side A, the security system support side B uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
Based on the above, after receiving the key obtaining request, the device key supporting party C performs secure mutual authentication with the security system device party a, and specifically includes:
the security system device side a and the device key support side C cooperate in advance with two n-bit information M p Sum information M q
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
Device key supportAfter receiving the quantum state sent by the security system equipment side A, the side C uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The remaining n/2 bits of the information are compared, and if the bit information is consistent with the bit information, the authentication of the equipment key supporting party C is passed.
Based on the above, n is 512, and the preset selection rules are to select bits 1, 3, 5, …, 509, 511 as modulation selection base and measurement selection base.
The invention generates the initial cooperative key through quantum communication negotiation and generates the real-time cooperative key through quantum key distribution, and synthesizes the input value of the chaotic random source by the initial cooperative key and the real-time cooperative key, and ensures that the initial values are fully different by ensuring that the actual initial values of the chaotic random source are infinitely long analog quantities. One essential feature that determines chaos is the sensitivity dependence on the initial value, any small deviation from the initial value will cause a sufficiently large separation of the sequence tracks, exhibiting random properties. Because of the inherent nature of the chaotic system, the system can be made to produce a bit stream output with unpredictability.
The multi-channel chaotic random source circuit is composed of independent chaotic bit units, and the chaotic mapping circuit of each bit unit is completely independent, so that the chaotic mapping circuit signals are independent, and the random process of each chaotic source/bit unit has independence. The multiplexing or superposition output generates the random number which is used finally, the random sequence which cannot be predicted and is distributed to be uniform is better generated, and the information entropy of the random number is further improved.
The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system; especially in the white-box implementation scheme based on the SM4 algorithm, the whitening processing process of the SM3 algorithm and the operation process of the SM2 algorithm cooperate with key information through the quantum key distribution equipment to prepare random numbers required in the schemes or processes, and the security of the schemes or processes is further enhanced due to the fact that the random numbers have quantum unpredictability.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
Fig. 1 shows a first block diagram of the quantum migration security system according to the invention.
Fig. 2 shows a flow chart of a first implementation method of the quantum migration security system according to the present invention.
Fig. 3 shows a second block diagram of the quantum migration security system according to the invention.
Fig. 4 shows a flow chart of a second implementation method of the quantum migration security system according to the present invention.
Fig. 5 shows a flow chart of the random number preparation method according to the present invention.
Fig. 6 shows a flow chart of the generation of an initial cooperative key according to the present invention.
Fig. 7 shows a flow chart of a security mutual authentication procedure of the security system device side a and the security system support side B according to the present invention.
Fig. 8 shows a flow chart of the generation of the real-time cooperative key according to the present invention. FIG. 9 shows the information M according to the invention i Updating the flow chart.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those described herein, and therefore the scope of the present invention is not limited to the specific embodiments disclosed below.
As shown in fig. 1-2, the present invention proposes a quantum migration security system comprising:
a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
the security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm.
The quantum key distribution equipment can realize point-to-point key coordination and information coordination among backbone nodes, namely, the consistent key and consistent information among security and privacy equipment are obtained through BB84 or B92 protocols, and real-time performance and satisfiability are ensured, namely, the effects of generating just by just use and generating just by just how much are realized.
It will be appreciated that as shown in fig. 3 and 4, the security system support B also protects a security device comprising a random number generator; after the security system support party B sends an initial cooperative key to the security system equipment party A through the quantum key distribution equipment and carries out real-time quantum key distribution with the security system equipment party A through the quantum key distribution equipment to obtain a real-time cooperative key, the random number generator generates a random number based on the initial cooperative key and the real-time cooperative key; the security and privacy equipment uses the random number to support a white-box decryption implementation scheme based on an SM4 algorithm, a whitening decryption processing procedure of the SM3 algorithm and a signature verification processing procedure of the SM2 algorithm. Further, as shown in fig. 5, the security device performs the following steps when generating a random number based on the initial cooperative key and the real-time cooperative key: the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
For the ith chaotic random source, i=1, 2, 3 … N; calculating an initial cooperative key X i0
Figure GDA0004210006140000091
Real-time collaborative key X i1 Obtaining an initial random key X i2 The result value X i2 As the input of the ith path of chaotic random source, and outputs the ith path of chaotic function through piecewise linear chaotic function processingInitial chaotic source of chaotic random source>
Figure GDA0004210006140000092
Then obtaining the disorder source ++of the j moment through a plurality of chaotic motions>
Figure GDA0004210006140000093
Figure GDA0004210006140000094
Is an exclusive or operator; wherein the initial cooperative key X i0 The real-time cooperative key X is obtained from the security system support party B by the security system equipment party A through the quantum key distribution equipment i1 The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment;
the random number output processing part outputs random sources of each path of chaotic random source
Figure GDA0004210006140000095
Exclusive OR operation is performed to output a random number of +.>
Figure GDA0004210006140000096
Further, in the specific implementation, the chaotic random source based on the piecewise linear chaotic function is realized through a simulated IP physical random source based on the quantum key distribution equipment, and the simulated IP generates unpredictable true random numbers as an information entropy source of the whole random number generator. The analog IP physical random source implementation mode ensures that the initial value of the piecewise linear chaotic function is determined by the initial value of the circuit, and the initial value of the circuit is synthesized by the initial cooperative key and the quantum key distribution system in real time, so that the actual initial value is an infinitely long analog quantity, and the initial value can be ensured to be sufficiently different. One essential feature that determines chaos is the sensitivity dependence on the initial value, any small deviation from the initial value will cause a sufficiently large separation of the sequence tracks, exhibiting random properties. Because of the inherent nature of the chaotic system, the system can be made to produce a bit stream output with unpredictability.
And the random number output processing part is used for performing exclusive-or superposition output after the multi-path chaotic random source is digitized, the multi-path chaotic random source circuits are all formed by independent chaotic bit units, and the chaotic mapping circuit of each bit unit is completely independent, so that the chaotic mapping circuit signals are independent, and the random process of each chaotic source/bit unit has independence. The multiplexing or superposition output generates the random number which is used finally, the random sequence which cannot be predicted and is distributed to be uniform is better generated, and the information entropy of the random number is further improved.
It can be understood that in the white-box implementation scheme of the SM4 cryptographic algorithm, both the whitening process of the SM3 algorithm and the signature process of the SM2 algorithm need to have random number participation. The invention uses the key information coordinated by the quantum key distribution equipment as the input information of the chaotic random source, and then the random number is prepared by the chaotic random source. The randomness and the safety of the random number can be effectively enhanced by the preparation method of the random number.
Further, for the white-box implementation scheme based on SM4 algorithm used by the security equipment in the security system equipment side A, the security system equipment side A and the security system support side B cooperatively generate an initial cooperative key and a real-time cooperative key through the quantum key distribution equipment so as to output random numbers by combining the initial cooperative key and the real-time cooperative key and a chaotic random source
Figure GDA0004210006140000101
Random number +.>
Figure GDA0004210006140000102
As a random number for constructing a white-box implementation scheme based on an SM4 algorithm, constructing the white-box implementation scheme based on the SM4 algorithm based on the random number;
SM3 algorithm used for security device of security system device side a and security system support side B cooperate by quantum key distribution deviceGenerating an initial cooperative key and a real-time cooperative key simultaneously, outputting random numbers by combining the initial cooperative key and the real-time cooperative key and a chaotic random source
Figure GDA0004210006140000103
Figure GDA0004210006140000104
Random number +.>
Figure GDA0004210006140000105
As the random number behind the 1 when the SM3 algorithm whitening filling is constructed, completing the whitening processing process of the SM3 algorithm based on the random number;
for SM2 algorithm used by security equipment of security system equipment side A, the security system equipment side A and security system support side B cooperatively generate an initial cooperative key and a real-time cooperative key through quantum key distribution equipment so as to output random numbers by combining the initial cooperative key and the real-time cooperative key with a chaotic random source
Figure GDA0004210006140000111
Figure GDA0004210006140000112
Random number +.>
Figure GDA0004210006140000113
As a random number used in constructing the signature operation process of the SM2 algorithm, the signature processing process of the SM2 algorithm is further completed based on the random number.
Further, as shown in fig. 6, when the security system device side a obtains the initial cooperative key from the security system support side B through the quantum key distribution device, the following steps are performed:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B selects a modulation base from locally stored modulation bases and uses the selected modulation base to locally store initial cooperationKey X i0 Modulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
after receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
Preferably, n is 512, and the preset selection rules are to select bits 1, 3, 5, …, 509, 511 as modulation selection bases and measurement selection bases. The more bits of the initial and real-time cooperative keys, the greater the randomness of the random numbers ultimately generated based on the initial and real-time cooperative keys.
It may be understood that, after the security system support B receives the random number generation request, it needs to perform security mutual authentication with the security system device a, as shown in fig. 7, and specifically includes:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Wherein n/2 bit information is selected as a random number of a modulation base to perform modulation base selection, and the remaining n/2 bit information is used as a programming signal, Modulating the corresponding programming signals into quantum states by the selected modulation bases respectively, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
after receiving the quantum state sent by the security system equipment side A, the security system support side B uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
Further, as shown in fig. 8, the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device to obtain a real-time cooperative key X i1 When executing toThe method comprises the following steps:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
The security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system supporting side B, eliminates the small part of quantum bits when the measurement result is correct, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 Simultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1
Further, after obtaining the random number based on the initial cooperative key, the real-time cooperative key and the chaotic random number generation method, obtaining the real-time cooperative key by performing real-time quantum key distribution with the security system support party B, and using the cooperative key information as N N-bit new information M i As shown in fig. 9.
By updating the information M after generation of the random number i Updating the next initial cooperative key to enable the initial cooperative key to meet the one-time-pad mechanism, thereby further improving the final performanceRandomness of the generated random numbers.
Furthermore, the security system equipment side A adopts an equipment key and a corresponding encryption algorithm to carry out encryption protection on the modulation option, thereby preventing a third party from stealing the modulation option, and acquiring an initial cooperative key from the security system support side B based on the stolen modulation option, and further improving the security level of the system.
Specifically, the security system equipment side a locally and safely stores an acquisition key of the equipment key, and when the equipment key needs to be utilized, the acquisition key is used for requesting the equipment key support side C to acquire the equipment key; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
It can be understood that, after the device key supporting party C receives the key obtaining request, the device key supporting party C needs to perform secure mutual authentication with the security system device party a, which specifically includes:
security systemThe system device side a and the device key support side C cooperate in advance with two n-bit information M r Sum information M s
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M r From information M according to a predetermined selection rule r Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
after receiving the quantum state sent by the security system device side A, the device key support side C uses the same n-bit information M r From information M according to the same selection rules as those of security system device side A r Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M r The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M s From information M according to a predetermined selection rule s Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M s From information M according to the same selection rules as those of security system support B s Wherein n/2 bit information is selected as the random of the measurement baseCounting, measuring the received quantum state with the selected measuring base, and mixing the obtained measuring result with information M s The remaining n/2 bits of the information are compared, and if the bit information is consistent with the bit information, the authentication of the equipment key supporting party C is passed.
Further, the security system support party B adopts the device key and the corresponding encryption algorithm to carry out the encryption on the information M i Is cryptographically protected. Similarly, the security system support B securely stores the acquisition key of the device key locally, and requests the device key support C to acquire the device key based on the acquisition key when the device key needs to be utilized.
The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system; especially in the white-box implementation scheme based on the SM4 algorithm, the whitening processing process of the SM3 algorithm and the operation process of the SM2 algorithm cooperate with key information through the quantum key distribution equipment to prepare random numbers required in the schemes or processes, and the security of the schemes or processes is further enhanced due to the fact that the random numbers have quantum unpredictability.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (9)

1. A quantum migration security system, comprising: a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
the security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm;
The security and privacy device generates a random number based on the initial cooperative key and the real-time cooperative key by performing the following steps:
the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
for the ith chaotic random source, i=1, 2, 3 … N; computing an initial cooperative key
Figure QLYQS_3
Real-time collaborative key->
Figure QLYQS_5
Obtain the initial random key->
Figure QLYQS_7
The result value +.>
Figure QLYQS_1
As the input of the ith chaotic random source, and through piecewise linear chaotic function processing, the initial chaotic source of the ith chaotic random source is output>
Figure QLYQS_6
Then obtaining the disorder source ++of the j moment through a plurality of chaotic motions>
Figure QLYQS_8
,/>
Figure QLYQS_9
Is an exclusive or operator; wherein the initial cooperative key +.>
Figure QLYQS_2
The real-time cooperative key +.>
Figure QLYQS_4
The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment;
the random number output processing part outputs random sources of each path of chaotic random source
Figure QLYQS_10
Exclusive OR operation is performed to output a random number of +.>
Figure QLYQS_11
2. The quantum migration security system of claim 1, wherein the security system device side a, upon obtaining an initial cooperative key from the security system support side B via the quantum key distribution device, performs the steps of:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B selects a modulation base from locally stored modulation bases and uses the selected modulation base to locally store an initial cooperation key
Figure QLYQS_12
Modulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
after receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
3. The quantum migration security system according to claim 2, wherein after the random number generator generates a random number based on the initial cooperative key, the real-time cooperative key, the security system device side a performs quantum key distribution with the security system support side B through the quantum key distribution device, obtains a cooperative key, and regards the cooperative key as n-bit new information M i
4. The quantum migration security system according to claim 1, wherein the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device, and performs the following steps when obtaining a real-time cooperative key:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
The security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system support side B, eliminates the small part of quantum bits when the measurement result is correct, and selects a binary string with the same length as Xio from the rest binary strings to be used as a real-time cooperative key
Figure QLYQS_13
Simultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string with the same length from the rest binary strings as the real-time cooperative key ++>
Figure QLYQS_14
5. The quantum migration security system of claim 1, wherein the security system device side a employs a device key and a corresponding encryption algorithm to cryptographically protect the modulation option.
6. The quantum migration security system of claim 5, wherein the security system device side a securely stores an acquisition key of the device key locally, and requests the device key support side C to acquire the device key based on the acquisition key when the device key needs to be utilized; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
7. The quantum migration security system according to claim 1, wherein the security system support B performs security mutual authentication with the security system device a after receiving the random number generation request, specifically comprising:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
Security system support side B connectionAfter receiving the quantum state sent by the security system equipment side A, the same n-bit information M is utilized p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
8. The quantum migration security system of claim 6, wherein the device key support C performs security mutual authentication with the security system device a after receiving the key acquisition request, specifically comprising:
the security system device side a and the device key support side C cooperate in advance with two n-bit information M p Sum information M q
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
After receiving the quantum state sent by the security system device side A, the device key support side C uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q Bit message of remaining n/2And comparing the information, and if the information is consistent, authenticating the equipment key supporting party C.
9. The quantum mobility security system of claim 2 wherein n is 512 and the predetermined selection rule is to select bits 1, 3, 5, …, 509, 511 as modulation and measurement basis.
CN202111103127.2A 2021-09-18 2021-09-18 Quantum migration security system Active CN113965318B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111103127.2A CN113965318B (en) 2021-09-18 2021-09-18 Quantum migration security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111103127.2A CN113965318B (en) 2021-09-18 2021-09-18 Quantum migration security system

Publications (2)

Publication Number Publication Date
CN113965318A CN113965318A (en) 2022-01-21
CN113965318B true CN113965318B (en) 2023-06-06

Family

ID=79461804

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111103127.2A Active CN113965318B (en) 2021-09-18 2021-09-18 Quantum migration security system

Country Status (1)

Country Link
CN (1) CN113965318B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09288565A (en) * 1996-04-22 1997-11-04 Toshiba Corp Random number generation device and method, ciphering device and method, decoding device and method, key system generation device and method, and storage medium
CN103944712A (en) * 2014-05-16 2014-07-23 西北大学 Method for generating MBE-SSP (Multi Band Excitation-Service Switching Point) control code sequence
WO2017080860A1 (en) * 2015-11-10 2017-05-18 ID Quantique Method and device for optics based quantum random number generation
CN109388374A (en) * 2018-10-12 2019-02-26 太原理工大学 A method of the generating random number based on chaos amplification quantum noise

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3306464B1 (en) * 2016-10-09 2021-09-29 Université de Genève Method and device for quantum random number generation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09288565A (en) * 1996-04-22 1997-11-04 Toshiba Corp Random number generation device and method, ciphering device and method, decoding device and method, key system generation device and method, and storage medium
CN103944712A (en) * 2014-05-16 2014-07-23 西北大学 Method for generating MBE-SSP (Multi Band Excitation-Service Switching Point) control code sequence
WO2017080860A1 (en) * 2015-11-10 2017-05-18 ID Quantique Method and device for optics based quantum random number generation
CN109388374A (en) * 2018-10-12 2019-02-26 太原理工大学 A method of the generating random number based on chaos amplification quantum noise

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种量子密钥分配方案的研究;刘辛涛;现代导航;全文 *

Also Published As

Publication number Publication date
CN113965318A (en) 2022-01-21

Similar Documents

Publication Publication Date Title
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
CN105024994B (en) Without the safety to computing label decryption method is mixed without certificate
US6298153B1 (en) Digital signature method and information communication system and apparatus using such method
US7899184B2 (en) Ends-messaging protocol that recovers and has backward security
CN113259329B (en) Method and device for data careless transmission, electronic equipment and storage medium
CN112564907B (en) Key generation method and device, encryption method and device, and decryption method and device
CN110545279A (en) block chain transaction method, device and system with privacy and supervision functions
US20100098253A1 (en) Broadcast Identity-Based Encryption
CN112822014A (en) Data processing method and device, electronic equipment and storage medium
JP2006174356A (en) Pseudo public key encryption method and system
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
CN110958219A (en) SM2 proxy re-encryption method and device for medical cloud shared data
CN112383397B (en) Heterogeneous signcryption communication method based on biological characteristics
CN112771832A (en) Computer-implemented system and method for sharing a common secret
CN111030801A (en) Multi-party distributed SM9 key generation and ciphertext decryption method and medium
CN111355582A (en) Two-party combined signature and decryption method and system based on SM2 algorithm
Plesa et al. A new quantum encryption scheme
CN114726546A (en) Digital identity authentication method, device, equipment and storage medium
CN113271209A (en) Trustable public key encryption system and method based on non-interactive zero-knowledge proof
Huang et al. Constructing a Secure Point-to-Point Wireless Environment by Integrating Diffie-Hellman PKDS RSA and Stream Ciphering for Users Known to Each Other.
JP5171787B2 (en) Sign-encryption system and sign-encryption generation method
CN113965318B (en) Quantum migration security system
CN107465508B (en) Method, system and equipment for constructing true random number by combining software and hardware
JP5512598B2 (en) Information sharing system, method, apparatus and program
CN113965319A (en) Key management system and method based on quantum key distribution system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant