CN113965318B - Quantum migration security system - Google Patents
Quantum migration security system Download PDFInfo
- Publication number
- CN113965318B CN113965318B CN202111103127.2A CN202111103127A CN113965318B CN 113965318 B CN113965318 B CN 113965318B CN 202111103127 A CN202111103127 A CN 202111103127A CN 113965318 B CN113965318 B CN 113965318B
- Authority
- CN
- China
- Prior art keywords
- security system
- key
- quantum
- information
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/001—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Optics & Photonics (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a quantum migration security system, which comprises: a security system equipment side A and a security system support side B; the security system equipment side A also comprises security equipment; the security system equipment side A acquires an initial cooperative key from the security system support side B through quantum key distribution equipment; the security system equipment side A performs real-time quantum key distribution with the security system support side B through quantum key distribution equipment to obtain a real-time cooperative key; the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm. The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system.
Description
Technical Field
The invention relates to the technical field of quantum communication, in particular to a quantum migration security system.
Background
With the development of quantum computers and the development of quantum algorithms, the security of classical cryptographic systems based on computational complexity assumptions is severely challenged. In order to address the potential threat that quantum computers and quantum algorithms pose to classical cryptosystems, new cryptosystems have been developed that can combat quantum computing attacks, quantum cryptosystems have emerged in this context. Quantum cryptography is a novel cryptosystem produced by combining classical cryptotheory and quantum mechanics basic principles. Unlike classical cryptographic systems, which are designed based on physical laws with quantum states as information carriers, their security is ensured by quantum mechanical basic properties, irrespective of the size of the attacker's computing power. Therefore, applications in traditional cryptography with respect to quantum migration are receiving increasing attention.
Disclosure of Invention
Based on the foregoing, it is necessary to provide a quantum migration security system, which can enrich the application scenarios of quantum technologies in a cryptographic system.
The invention provides a quantum migration security system, comprising: a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
The security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm.
Based on the above, the security and privacy device performs the following steps when generating a random number based on the initial cooperative key and the real-time cooperative key:
the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
for the ith chaotic random source, i=1, 2, 3 … N; meter with a meter bodyCalculating an initial cooperative key X i0 Real-time collaborative key X i1 Obtaining an initial random key X i2 The result value X i2 As the input of the ith chaotic random source, and through piecewise linear chaotic function processing, the initial chaotic source of the ith chaotic random source is output >Then obtaining a random source at the j moment through a plurality of chaotic motions Is an exclusive or operator; wherein the initial cooperative key X i0 The real-time cooperative key X is obtained from the security system support party B by the security system equipment party A through the quantum key distribution equipment i1 The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment; />
The random number output processing part outputs random sources of each path of chaotic random sourceExclusive OR operation is performed to output a random number of +.>
Based on the above, when the security system device side a obtains the initial cooperative key from the security system support side B through the quantum key distribution device, the following steps are performed:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B can store the key cooperation request from the local storageSelecting modulation basis from modulation basis of (2) and using the selected modulation basis to locally store initial cooperative key X i0 Modulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
After receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
Based on the above, after the random number generator generates a random number based on the initial cooperative key and the real-time cooperative key, the security system device side a performs quantum key distribution with the security system support side B through the quantum key distribution device to obtain a cooperative key, and uses the cooperative key as n-bit new information M i 。
Based on the above, the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device, and when obtaining a real-time cooperative key, performs the following steps:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
the security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system supporting side B, eliminates the small part of quantum bits when the measurement result is correct, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 Simultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 。
Based on the above, the security system device side a adopts the device key and the corresponding encryption algorithm to encrypt and protect the modulation option.
Based on the above, the security system device side a locally and securely stores the acquisition key of the device key, and when the device key needs to be utilized, requests to acquire the device key from the device key support side C based on the acquisition key; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
Based on the above, after receiving the random number generation request, the security system support B performs security mutual authentication with the security system device a, and specifically includes:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q ;
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
after receiving the quantum state sent by the security system equipment side A, the security system support side B uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
Based on the above, after receiving the key obtaining request, the device key supporting party C performs secure mutual authentication with the security system device party a, and specifically includes:
the security system device side a and the device key support side C cooperate in advance with two n-bit information M p Sum information M q ;
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
Device key supportAfter receiving the quantum state sent by the security system equipment side A, the side C uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The remaining n/2 bits of the information are compared, and if the bit information is consistent with the bit information, the authentication of the equipment key supporting party C is passed.
Based on the above, n is 512, and the preset selection rules are to select bits 1, 3, 5, …, 509, 511 as modulation selection base and measurement selection base.
The invention generates the initial cooperative key through quantum communication negotiation and generates the real-time cooperative key through quantum key distribution, and synthesizes the input value of the chaotic random source by the initial cooperative key and the real-time cooperative key, and ensures that the initial values are fully different by ensuring that the actual initial values of the chaotic random source are infinitely long analog quantities. One essential feature that determines chaos is the sensitivity dependence on the initial value, any small deviation from the initial value will cause a sufficiently large separation of the sequence tracks, exhibiting random properties. Because of the inherent nature of the chaotic system, the system can be made to produce a bit stream output with unpredictability.
The multi-channel chaotic random source circuit is composed of independent chaotic bit units, and the chaotic mapping circuit of each bit unit is completely independent, so that the chaotic mapping circuit signals are independent, and the random process of each chaotic source/bit unit has independence. The multiplexing or superposition output generates the random number which is used finally, the random sequence which cannot be predicted and is distributed to be uniform is better generated, and the information entropy of the random number is further improved.
The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system; especially in the white-box implementation scheme based on the SM4 algorithm, the whitening processing process of the SM3 algorithm and the operation process of the SM2 algorithm cooperate with key information through the quantum key distribution equipment to prepare random numbers required in the schemes or processes, and the security of the schemes or processes is further enhanced due to the fact that the random numbers have quantum unpredictability.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the invention will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
Fig. 1 shows a first block diagram of the quantum migration security system according to the invention.
Fig. 2 shows a flow chart of a first implementation method of the quantum migration security system according to the present invention.
Fig. 3 shows a second block diagram of the quantum migration security system according to the invention.
Fig. 4 shows a flow chart of a second implementation method of the quantum migration security system according to the present invention.
Fig. 5 shows a flow chart of the random number preparation method according to the present invention.
Fig. 6 shows a flow chart of the generation of an initial cooperative key according to the present invention.
Fig. 7 shows a flow chart of a security mutual authentication procedure of the security system device side a and the security system support side B according to the present invention.
Fig. 8 shows a flow chart of the generation of the real-time cooperative key according to the present invention. FIG. 9 shows the information M according to the invention i Updating the flow chart.
Detailed Description
In order that the above-recited objects, features and advantages of the present invention will be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description. It should be noted that, in the case of no conflict, the embodiments of the present application and the features in the embodiments may be combined with each other.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those described herein, and therefore the scope of the present invention is not limited to the specific embodiments disclosed below.
As shown in fig. 1-2, the present invention proposes a quantum migration security system comprising:
a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
the security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security and privacy equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm.
The quantum key distribution equipment can realize point-to-point key coordination and information coordination among backbone nodes, namely, the consistent key and consistent information among security and privacy equipment are obtained through BB84 or B92 protocols, and real-time performance and satisfiability are ensured, namely, the effects of generating just by just use and generating just by just how much are realized.
It will be appreciated that as shown in fig. 3 and 4, the security system support B also protects a security device comprising a random number generator; after the security system support party B sends an initial cooperative key to the security system equipment party A through the quantum key distribution equipment and carries out real-time quantum key distribution with the security system equipment party A through the quantum key distribution equipment to obtain a real-time cooperative key, the random number generator generates a random number based on the initial cooperative key and the real-time cooperative key; the security and privacy equipment uses the random number to support a white-box decryption implementation scheme based on an SM4 algorithm, a whitening decryption processing procedure of the SM3 algorithm and a signature verification processing procedure of the SM2 algorithm. Further, as shown in fig. 5, the security device performs the following steps when generating a random number based on the initial cooperative key and the real-time cooperative key: the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
For the ith chaotic random source, i=1, 2, 3 … N; calculating an initial cooperative key X i0 Real-time collaborative key X i1 Obtaining an initial random key X i2 The result value X i2 As the input of the ith path of chaotic random source, and outputs the ith path of chaotic function through piecewise linear chaotic function processingInitial chaotic source of chaotic random source>Then obtaining the disorder source ++of the j moment through a plurality of chaotic motions> Is an exclusive or operator; wherein the initial cooperative key X i0 The real-time cooperative key X is obtained from the security system support party B by the security system equipment party A through the quantum key distribution equipment i1 The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment;
the random number output processing part outputs random sources of each path of chaotic random sourceExclusive OR operation is performed to output a random number of +.>
Further, in the specific implementation, the chaotic random source based on the piecewise linear chaotic function is realized through a simulated IP physical random source based on the quantum key distribution equipment, and the simulated IP generates unpredictable true random numbers as an information entropy source of the whole random number generator. The analog IP physical random source implementation mode ensures that the initial value of the piecewise linear chaotic function is determined by the initial value of the circuit, and the initial value of the circuit is synthesized by the initial cooperative key and the quantum key distribution system in real time, so that the actual initial value is an infinitely long analog quantity, and the initial value can be ensured to be sufficiently different. One essential feature that determines chaos is the sensitivity dependence on the initial value, any small deviation from the initial value will cause a sufficiently large separation of the sequence tracks, exhibiting random properties. Because of the inherent nature of the chaotic system, the system can be made to produce a bit stream output with unpredictability.
And the random number output processing part is used for performing exclusive-or superposition output after the multi-path chaotic random source is digitized, the multi-path chaotic random source circuits are all formed by independent chaotic bit units, and the chaotic mapping circuit of each bit unit is completely independent, so that the chaotic mapping circuit signals are independent, and the random process of each chaotic source/bit unit has independence. The multiplexing or superposition output generates the random number which is used finally, the random sequence which cannot be predicted and is distributed to be uniform is better generated, and the information entropy of the random number is further improved.
It can be understood that in the white-box implementation scheme of the SM4 cryptographic algorithm, both the whitening process of the SM3 algorithm and the signature process of the SM2 algorithm need to have random number participation. The invention uses the key information coordinated by the quantum key distribution equipment as the input information of the chaotic random source, and then the random number is prepared by the chaotic random source. The randomness and the safety of the random number can be effectively enhanced by the preparation method of the random number.
Further, for the white-box implementation scheme based on SM4 algorithm used by the security equipment in the security system equipment side A, the security system equipment side A and the security system support side B cooperatively generate an initial cooperative key and a real-time cooperative key through the quantum key distribution equipment so as to output random numbers by combining the initial cooperative key and the real-time cooperative key and a chaotic random source Random number +.>As a random number for constructing a white-box implementation scheme based on an SM4 algorithm, constructing the white-box implementation scheme based on the SM4 algorithm based on the random number;
SM3 algorithm used for security device of security system device side a and security system support side B cooperate by quantum key distribution deviceGenerating an initial cooperative key and a real-time cooperative key simultaneously, outputting random numbers by combining the initial cooperative key and the real-time cooperative key and a chaotic random source Random number +.>As the random number behind the 1 when the SM3 algorithm whitening filling is constructed, completing the whitening processing process of the SM3 algorithm based on the random number;
for SM2 algorithm used by security equipment of security system equipment side A, the security system equipment side A and security system support side B cooperatively generate an initial cooperative key and a real-time cooperative key through quantum key distribution equipment so as to output random numbers by combining the initial cooperative key and the real-time cooperative key with a chaotic random source Random number +.>As a random number used in constructing the signature operation process of the SM2 algorithm, the signature processing process of the SM2 algorithm is further completed based on the random number.
Further, as shown in fig. 6, when the security system device side a obtains the initial cooperative key from the security system support side B through the quantum key distribution device, the following steps are performed:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B selects a modulation base from locally stored modulation bases and uses the selected modulation base to locally store initial cooperationKey X i0 Modulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
after receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
Preferably, n is 512, and the preset selection rules are to select bits 1, 3, 5, …, 509, 511 as modulation selection bases and measurement selection bases. The more bits of the initial and real-time cooperative keys, the greater the randomness of the random numbers ultimately generated based on the initial and real-time cooperative keys.
It may be understood that, after the security system support B receives the random number generation request, it needs to perform security mutual authentication with the security system device a, as shown in fig. 7, and specifically includes:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q ;
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Wherein n/2 bit information is selected as a random number of a modulation base to perform modulation base selection, and the remaining n/2 bit information is used as a programming signal, Modulating the corresponding programming signals into quantum states by the selected modulation bases respectively, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
after receiving the quantum state sent by the security system equipment side A, the security system support side B uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
Further, as shown in fig. 8, the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device to obtain a real-time cooperative key X i1 When executing toThe method comprises the following steps:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
The security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system supporting side B, eliminates the small part of quantum bits when the measurement result is correct, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 Simultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string and X from the rest binary string i0 Binary strings of equal length as real-time cooperative key X i1 。
Further, after obtaining the random number based on the initial cooperative key, the real-time cooperative key and the chaotic random number generation method, obtaining the real-time cooperative key by performing real-time quantum key distribution with the security system support party B, and using the cooperative key information as N N-bit new information M i As shown in fig. 9.
By updating the information M after generation of the random number i Updating the next initial cooperative key to enable the initial cooperative key to meet the one-time-pad mechanism, thereby further improving the final performanceRandomness of the generated random numbers.
Furthermore, the security system equipment side A adopts an equipment key and a corresponding encryption algorithm to carry out encryption protection on the modulation option, thereby preventing a third party from stealing the modulation option, and acquiring an initial cooperative key from the security system support side B based on the stolen modulation option, and further improving the security level of the system.
Specifically, the security system equipment side a locally and safely stores an acquisition key of the equipment key, and when the equipment key needs to be utilized, the acquisition key is used for requesting the equipment key support side C to acquire the equipment key; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
It can be understood that, after the device key supporting party C receives the key obtaining request, the device key supporting party C needs to perform secure mutual authentication with the security system device party a, which specifically includes:
security systemThe system device side a and the device key support side C cooperate in advance with two n-bit information M r Sum information M s ;
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M r From information M according to a predetermined selection rule r Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
after receiving the quantum state sent by the security system device side A, the device key support side C uses the same n-bit information M r From information M according to the same selection rules as those of security system device side A r Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M r The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M s From information M according to a predetermined selection rule s Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
After receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M s From information M according to the same selection rules as those of security system support B s Wherein n/2 bit information is selected as the random of the measurement baseCounting, measuring the received quantum state with the selected measuring base, and mixing the obtained measuring result with information M s The remaining n/2 bits of the information are compared, and if the bit information is consistent with the bit information, the authentication of the equipment key supporting party C is passed.
Further, the security system support party B adopts the device key and the corresponding encryption algorithm to carry out the encryption on the information M i Is cryptographically protected. Similarly, the security system support B securely stores the acquisition key of the device key locally, and requests the device key support C to acquire the device key based on the acquisition key when the device key needs to be utilized.
The invention realizes the application of quantum migration in the traditional password system, and further enriches the application scene of quantum technology in the password system; especially in the white-box implementation scheme based on the SM4 algorithm, the whitening processing process of the SM3 algorithm and the operation process of the SM2 algorithm cooperate with key information through the quantum key distribution equipment to prepare random numbers required in the schemes or processes, and the security of the schemes or processes is further enhanced due to the fact that the random numbers have quantum unpredictability.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. A quantum migration security system, comprising: a security system equipment side A and a security system support side B; the security system equipment side A and the security system support side B respectively comprise quantum key distribution equipment, and the security system equipment side A also comprises security equipment;
the security system equipment side A acquires an initial cooperative key from the security system support side B through the quantum key distribution equipment;
the security system equipment side A performs real-time quantum key distribution with the security system support side B through the quantum key distribution equipment to obtain a real-time cooperative key;
the security equipment generates a random number based on the initial cooperative key and the real-time cooperative key, and supports a white-box encryption implementation scheme based on an SM4 algorithm by using the random number, a whitening encryption processing process of the SM3 algorithm and a signature processing process of the SM2 algorithm;
The security and privacy device generates a random number based on the initial cooperative key and the real-time cooperative key by performing the following steps:
the security and privacy equipment comprises a random number generator, wherein the random number generator comprises a random number output processing part and a chaotic random source with an N-base based on a piecewise linear chaotic function;
for the ith chaotic random source, i=1, 2, 3 … N; computing an initial cooperative keyReal-time collaborative key->Obtain the initial random key->The result value +.>As the input of the ith chaotic random source, and through piecewise linear chaotic function processing, the initial chaotic source of the ith chaotic random source is output>Then obtaining the disorder source ++of the j moment through a plurality of chaotic motions>,/>Is an exclusive or operator; wherein the initial cooperative key +.>The real-time cooperative key +.>The secure security system equipment side A performs real-time quantum key distribution and acquisition with the secure security system support side B through the quantum key distribution equipment;
2. The quantum migration security system of claim 1, wherein the security system device side a, upon obtaining an initial cooperative key from the security system support side B via the quantum key distribution device, performs the steps of:
the security system equipment party A sends a key cooperation request to the security system supporting party B so that the security system supporting party B selects a modulation base from locally stored modulation bases and uses the selected modulation base to locally store an initial cooperation keyModulating the mixture into a quantum state, and transmitting the quantum state to the security and privacy system equipment side A through a quantum channel;
after receiving the quantum state sent by the security system support party B, the security system equipment party A selects a measurement base from locally stored measurement bases, measures the received quantum state by using the selected measurement base, and the obtained measurement result is the initial cooperative key;
wherein the security system equipment side A and the security system support side B cooperate with n bits of information M in advance i The security system equipment side A selects information M according to a preset selection rule i The n/2 bit of the (B) is used as a modulation base for safe storage, and the supporting party B of the security system selects the information M according to the same selection rule i N/2 bits of (2) are used as measurement base for safe storage and information M is stored i The remaining n/2 bits of (2) are used as the initial cooperative key for secure storage.
3. The quantum migration security system according to claim 2, wherein after the random number generator generates a random number based on the initial cooperative key, the real-time cooperative key, the security system device side a performs quantum key distribution with the security system support side B through the quantum key distribution device, obtains a cooperative key, and regards the cooperative key as n-bit new information M i 。
4. The quantum migration security system according to claim 1, wherein the security system device side a performs real-time quantum key distribution with the security system support side B through the quantum key distribution device, and performs the following steps when obtaining a real-time cooperative key:
the security system equipment side A generates a quantum bit string, randomly selects a measuring base to measure the quantum bit string to generate a quantum state, and sends the quantum state to the security system support side B through the quantum key distribution equipment; the security system supporting party B randomly selects a measurement base to measure the quantum state to obtain a measurement result, and returns the used measurement base to the security system equipment party A;
The security system equipment side A compares the received measurement base with the used measurement base and sends the position of the correct measurement base to the security system support side B; the security system support party B eliminates the wrong quantum bit in the measurement result according to the message sent by the security system equipment party A, and selects a small part of correct measurement result to inform the security system equipment party A;
the security system equipment side A confirms the correctness of the measurement result of the security system support side B, eliminates the small part of quantum bits when the measurement result is correct, and selects a binary string with the same length as Xio from the rest binary strings to be used as a real-time cooperative keySimultaneously sending confirmation information to a security system support party B for security; the security system supporting party B also eliminates the small part of the quantum bits after receiving the confirmation information, and selects the binary string with the same length from the rest binary strings as the real-time cooperative key ++>。
5. The quantum migration security system of claim 1, wherein the security system device side a employs a device key and a corresponding encryption algorithm to cryptographically protect the modulation option.
6. The quantum migration security system of claim 5, wherein the security system device side a securely stores an acquisition key of the device key locally, and requests the device key support side C to acquire the device key based on the acquisition key when the device key needs to be utilized; the specific acquisition process comprises the following steps:
the security system equipment side A sends a key acquisition request to the equipment key support side C so that the equipment key support side C selects a modulation base from locally stored modulation bases, modulates the locally stored equipment key into a quantum state by using the selected modulation base, and sends the quantum state to the security system equipment side A through a quantum channel;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A selects a measurement base from locally stored measurement bases, and measures the received quantum state by using the selected measurement base to obtain a device key;
wherein the security system device side A and the device key support side C cooperate with n bits of information M in advance g The security system equipment side A selects information M according to a preset selection rule g The n/2 bit of the (2) is used as a modulation base for safe storage, and the equipment key supporting party C selects the information M according to the same selection rule g N/2 bits of (2) are used as measurement base for safe storage and information M is stored g The other n/2 bits of (a) are used as a device key for secure storage.
7. The quantum migration security system according to claim 1, wherein the security system support B performs security mutual authentication with the security system device a after receiving the random number generation request, specifically comprising:
the security system equipment side A and the security system support side B cooperate with two n-bit information M in advance p Sum information M q ;
Authentication phase of the security system support B to the security system device a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system supporting party B through quantum key distribution equipment;
Security system support side B connectionAfter receiving the quantum state sent by the security system equipment side A, the same n-bit information M is utilized p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system equipment side A to the security system support side B:
security system support B uses n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the security system support party B, the security system equipment party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q The rest n/2 bit information is compared, and if the bit information is consistent with the rest n/2 bit information, the authentication of the security system support party B is passed.
8. The quantum migration security system of claim 6, wherein the device key support C performs security mutual authentication with the security system device a after receiving the key acquisition request, specifically comprising:
the security system device side a and the device key support side C cooperate in advance with two n-bit information M p Sum information M q ;
Authentication phase of the device key support side C to the security system device side a:
the security system device side a uses n bits of information M p From information M according to a predetermined selection rule p Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a device key supporting party C through quantum key distribution equipment;
After receiving the quantum state sent by the security system device side A, the device key support side C uses the same n-bit information M p From information M according to the same selection rules as those of security system device side A p Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M p The bit information of the rest n/2 in the security system is compared, and if the bit information is consistent with the bit information of the rest n/2 in the security system, the authentication of the security system equipment side A is passed;
the authentication phase of the security system device side A to the device key support side C:
the device key support C uses the n-bit information M q From information M according to a predetermined selection rule q Selecting n/2 bit information as a random number of a modulation selection base to select the modulation base, taking the rest n/2 bit information as programming signals, respectively modulating the corresponding programming signals into quantum states by the selected modulation bases, and sending the quantum states to a security and privacy system device side A through quantum key distribution equipment;
after receiving the quantum state sent by the device key supporting party C, the security and privacy system device party A uses the same n-bit information M q From information M according to the same selection rules as those of security system support B 2 Selecting n/2 bit information as random number of measurement base, measuring the received quantum state with the selected measurement base, and mixing the obtained measurement result with information M q Bit message of remaining n/2And comparing the information, and if the information is consistent, authenticating the equipment key supporting party C.
9. The quantum mobility security system of claim 2 wherein n is 512 and the predetermined selection rule is to select bits 1, 3, 5, …, 509, 511 as modulation and measurement basis.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111103127.2A CN113965318B (en) | 2021-09-18 | 2021-09-18 | Quantum migration security system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111103127.2A CN113965318B (en) | 2021-09-18 | 2021-09-18 | Quantum migration security system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113965318A CN113965318A (en) | 2022-01-21 |
CN113965318B true CN113965318B (en) | 2023-06-06 |
Family
ID=79461804
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111103127.2A Active CN113965318B (en) | 2021-09-18 | 2021-09-18 | Quantum migration security system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113965318B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09288565A (en) * | 1996-04-22 | 1997-11-04 | Toshiba Corp | Random number generation device and method, ciphering device and method, decoding device and method, key system generation device and method, and storage medium |
CN103944712A (en) * | 2014-05-16 | 2014-07-23 | 西北大学 | Method for generating MBE-SSP (Multi Band Excitation-Service Switching Point) control code sequence |
WO2017080860A1 (en) * | 2015-11-10 | 2017-05-18 | ID Quantique | Method and device for optics based quantum random number generation |
CN109388374A (en) * | 2018-10-12 | 2019-02-26 | 太原理工大学 | A method of the generating random number based on chaos amplification quantum noise |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3306464B1 (en) * | 2016-10-09 | 2021-09-29 | Université de Genève | Method and device for quantum random number generation |
-
2021
- 2021-09-18 CN CN202111103127.2A patent/CN113965318B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09288565A (en) * | 1996-04-22 | 1997-11-04 | Toshiba Corp | Random number generation device and method, ciphering device and method, decoding device and method, key system generation device and method, and storage medium |
CN103944712A (en) * | 2014-05-16 | 2014-07-23 | 西北大学 | Method for generating MBE-SSP (Multi Band Excitation-Service Switching Point) control code sequence |
WO2017080860A1 (en) * | 2015-11-10 | 2017-05-18 | ID Quantique | Method and device for optics based quantum random number generation |
CN109388374A (en) * | 2018-10-12 | 2019-02-26 | 太原理工大学 | A method of the generating random number based on chaos amplification quantum noise |
Non-Patent Citations (1)
Title |
---|
一种量子密钥分配方案的研究;刘辛涛;现代导航;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113965318A (en) | 2022-01-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111740828B (en) | Key generation method, device and equipment and encryption and decryption method | |
CN105024994B (en) | Without the safety to computing label decryption method is mixed without certificate | |
US6298153B1 (en) | Digital signature method and information communication system and apparatus using such method | |
US7899184B2 (en) | Ends-messaging protocol that recovers and has backward security | |
CN113259329B (en) | Method and device for data careless transmission, electronic equipment and storage medium | |
CN112564907B (en) | Key generation method and device, encryption method and device, and decryption method and device | |
CN110545279A (en) | block chain transaction method, device and system with privacy and supervision functions | |
US20100098253A1 (en) | Broadcast Identity-Based Encryption | |
CN112822014A (en) | Data processing method and device, electronic equipment and storage medium | |
JP2006174356A (en) | Pseudo public key encryption method and system | |
CN107294696B (en) | Method for distributing full homomorphic keys for Leveled | |
CN110958219A (en) | SM2 proxy re-encryption method and device for medical cloud shared data | |
CN112383397B (en) | Heterogeneous signcryption communication method based on biological characteristics | |
CN112771832A (en) | Computer-implemented system and method for sharing a common secret | |
CN111030801A (en) | Multi-party distributed SM9 key generation and ciphertext decryption method and medium | |
CN111355582A (en) | Two-party combined signature and decryption method and system based on SM2 algorithm | |
Plesa et al. | A new quantum encryption scheme | |
CN114726546A (en) | Digital identity authentication method, device, equipment and storage medium | |
CN113271209A (en) | Trustable public key encryption system and method based on non-interactive zero-knowledge proof | |
Huang et al. | Constructing a Secure Point-to-Point Wireless Environment by Integrating Diffie-Hellman PKDS RSA and Stream Ciphering for Users Known to Each Other. | |
JP5171787B2 (en) | Sign-encryption system and sign-encryption generation method | |
CN113965318B (en) | Quantum migration security system | |
CN107465508B (en) | Method, system and equipment for constructing true random number by combining software and hardware | |
JP5512598B2 (en) | Information sharing system, method, apparatus and program | |
CN113965319A (en) | Key management system and method based on quantum key distribution system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |