CN117155554A - Quantum classical fusion communication network system and key distribution method - Google Patents
Quantum classical fusion communication network system and key distribution method Download PDFInfo
- Publication number
- CN117155554A CN117155554A CN202311067623.6A CN202311067623A CN117155554A CN 117155554 A CN117155554 A CN 117155554A CN 202311067623 A CN202311067623 A CN 202311067623A CN 117155554 A CN117155554 A CN 117155554A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- quantum
- distribution center
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000004927 fusion Effects 0.000 title claims description 18
- 230000005540 biological transmission Effects 0.000 claims abstract description 51
- 238000012805 post-processing Methods 0.000 claims abstract description 29
- 238000013475 authorization Methods 0.000 claims description 45
- 239000013307 optical fiber Substances 0.000 claims description 18
- 230000003287 optical effect Effects 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 7
- 238000012216 screening Methods 0.000 claims description 3
- 230000002238 attenuated effect Effects 0.000 claims description 2
- 238000001914 filtration Methods 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 6
- 206010033799 Paralysis Diseases 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000005610 quantum mechanics Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention discloses a quantum classical convergence communication network system and a key distribution method, wherein the system comprises a QKD layer module, a key management layer module and an application layer module which are connected in sequence; the QKD layer module comprises a QKD system and a key post-processing module; the application layer module comprises N users; the key management layer module comprises N key management pools; each key management pool comprises a first quantum key pool, a key distribution center and a second quantum key pool; the QKD system generates an original key and sends the original key to a key post-processing module, and after post-processing, a final key is obtained and then sent to a first quantum key pool; and the key distribution center selects part of the final key as an encryption key and sends the encryption key to a user in the application layer module in the second quantum key pool for information encryption transmission. The invention randomly selects the key sequences in different intervals to form a new key for the user of the application layer module to encrypt the message, thereby improving the security of the key.
Description
Technical Field
The invention relates to the technical field of quantum information and optical communication, in particular to a quantum classical fusion communication network and a key distribution method.
Background
Quantum key distribution is to use quantum mechanical properties to ensure communication security. It enables two parties to generate and share a random and secure key. The quantum key distribution is a quantum cryptography technology with high security realized by utilizing quantum effect, is an emerging science combining quantum mechanics and classical cryptography, and is a research hotspot of the current international quantum physics and information science.
Quantum classical converged communication networks are a trend for quantum key distribution applications. Since 1984, bennett and Brassard published the first paper on QKD, researchers around the world have continually improved, perfected the experimental techniques of QKD, and through decades of technological development, QKD links were linked from initial point-to-point to today's multipoint-to-multipoint, forming a network. Transmission distances from the first few meters to hundreds of kilometers today, and key rate increases from the bit to the mega level, certainly do not represent a rapid advance in QKD technology.
In order to avoid interference of classical strong light signals on quantum signals at single photon level, the quantum signals and classical signals are often transmitted in different optical fibers. Although this approach effectively avoids the interference of classical light with quantum light, the cost required to lay the fiber optic link is greatly increased. Therefore, in fiber optic communications, dense wavelength division multiplexing (DWDM, dense Wavelength Division Multiplexing): i.e. being able to transmit multiple optical signals on the same optical fiber, is one of the attractive techniques for simultaneously transmitting quantum signals and classical data signals.
Research at home and abroad shows that the dense wavelength division multiplexing technology can solve the problem that quantum signals and classical signals can not coexist. Further provides technical support for quantum key distribution of a plurality of sending ends and receiving ends. With the development of QKD technology, the problem of QKD networking is also getting more and more attention from researchers. A typical converged communication network system with perfect key security and high key generation rate needs large-scale application.
The prior art proposal proposes that the application layer, the key management layer and the quantum layer are fused into a perfect system, so that the large-scale application of the quantum and classical fusion communication network can be realized. Still other technical solutions use dynamic distribution technology, i.e. on-line distribution technology of request-distribution, to establish a session mechanism with a key distribution center according to a user's request, to accomplish key distribution in real time and efficiently, but in these systems, security problems of keys are not considered in the process of quantum key distribution.
In the prior art, DPS is combined with wavelength division multiplexing to realize one-to-many quantum key distribution, so that the insertion loss is not increased and the key generation rate is reduced when Bob users are increased; the system has the advantages of simple structure, convenient operation, stable transmission and high code rate. However, in the system, only one ALICE end is adopted as a transmitting end, so that the system is single, and the key generation rate is low; once the ALICE end fails, the entire system is paralyzed.
Therefore, to improve the defects of the prior art, a quantum classical fusion communication network system and a key distribution method are provided.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a quantum classical fusion communication network system and a key distribution method for solving the security and photon utilization rate of a key.
The invention is realized by the following technical scheme:
a quantum classical convergence communication network system comprises a QKD layer module, a key management layer module and an application layer module which are sequentially connected;
the QKD layer module comprises a QKD system and a key post-processing module which are sequentially connected;
the application layer module comprises N users connected through optical fibers;
the key management layer module comprises N key management pools corresponding to N users; each key management pool comprises a first quantum key pool, a key distribution center and a second quantum key pool which are sequentially connected;
the QKD system is used for generating an original key and sending the original key to the key post-processing module;
the key post-processing module is used for obtaining a final key from the original key through post-processing and sending the final key to the first quantum key pool;
the first quantum key pool is used for storing the final key and sending part of the final key to the key distribution center;
the key distribution center is used for selecting part of the final key as an encryption key to be sent to the second quantum key pool;
the second quantum key pool is used for storing the final key and sending part of the final key to the user in the application layer module.
Preferably, any user a in the application layer module sends a session request to a key distribution center a in a corresponding key management pool a;
after receiving the session request of the user A, the key distribution center A searches the website of the key distribution center B to which the communication target user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees to the communication connection request of the user A, the transmission authorization code distributors of the user A and the user B and the transmission authorization code distributors of the key distribution centers corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A.
Preferably, after the key distribution center a corresponding to the user a obtains the first encryption key from the first quantum key pool, the first encryption key is encrypted by using the transmission authorization code KA and then sent to the user a;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key with the same length as the first encryption key from the first quantum key pool, encrypts the second encryption key by using a transmission authorization code KB and sends the second encryption key to the user B;
the user A and the user B respectively decrypt the first encryption key and the second encryption key by using the transmission authorization codes KA and KB, and the user A encrypts the information by using the first encryption key after obtaining the first encryption key to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key, the information is decrypted by adopting the second encryption key to obtain the information;
the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
Preferably, the session request includes two data items, namely a first data item and a second data item, the first data item is identity information of a user A and a user B of both communication parties, the second data item is an identifier S1 of the communication, and the S1 is a time stamp, a counter or a random number.
Preferably, the QKD system includes N transmitting ends Alice, a dense wavelength division multiplexer, a dense wavelength division demultiplexer, a wavelength selective switch, and N receiving ends Bob;
the N sending terminals Alice are respectively connected with the dense wavelength division multiplexer; the dense wavelength division multiplexer, the dense wavelength division demultiplexer and the wavelength selective switch are sequentially connected, and the wavelength selective switch is respectively connected with the N receiving ends Bob.
Preferably, each of the N sending ends Alice includes a laser, a phase modulator, an intensity modulator, and a variable optical attenuator, which are sequentially connected.
Preferably, the N receiving ends Bob respectively include an isolator, a beam splitter, a beam combiner, a first detector and a second detector;
the isolator is connected with the beam splitter and the beam combiner in sequence, and the beam combiner is connected with the first detector and the second detector respectively.
Preferably, the laser generates multi-wavelength laser and enters a phase modulator, the phase modulator carries out phase modulation on the wavelength laser and then outputs continuous laser with 0 or pi to enter an intensity modulator, the intensity modulator modulates the continuous laser with 0 or pi into pulse laser with a time interval T, and the pulse laser enters an attenuator for attenuation and then is input to the dense wavelength division multiplexer.
Preferably, the pulse laser with the time interval of T enters the dense wavelength division multiplexer for multiplexing, is transmitted through the same optical fiber and is input into the dense wavelength division multiplexer, the dense wavelength division multiplexer demultiplexes the pulse laser and then inputs the pulse laser into the wavelength selective switch, and the corresponding receiving end Bob is respectively selected according to the wavelength addressing mode to input the pulse laser and detect and respond.
Preferably, after the pulse laser enters any receiving end Bob, firstly, filtering noise interference through an optical isolator, and then inputting the filtered noise interference into a beam splitter to split the noise interference to obtain a first signal and a second signal; the first path of signals enter the beam combiner through the upper arm optical fiber, and the second path of signals enter the beam combiner through the lower arm optical fiber;
the first path of signals and the second path of signals are interfered in the beam combiner, and then the combined beam signals are output to enter the first detector or the second detector for detection and response; the receiving end Bob records and publishes the response condition of the first detector or the second detector to obtain an original key; and the original key enters a key post-processing module and is subjected to post-processing to obtain a final key.
Preferably, the success rate of the error rate detection in the post-processing is set as QBER, and the calculation formula is as follows:
QBER=Nerr/Nsift;
wherein Nerr is the number of code value errors, and Nsift is the total number after screening;
when QBER is more than 11%, it is determined that communication between Alice of the sending end and the receiving end may be intercepted, and this communication needs to be discarded and communication connection needs to be reestablished.
The key distribution method of quantum classical fusion is applied to the quantum classical fusion communication network system, and comprises the following steps:
step 1: after the QKD layer module generates a quantum key, the quantum key is processed by the key post-processing module to obtain a final key, and the final key is sent to a first quantum key pool of the key management layer module;
step 2: the user A sends a session request to a key distribution center A in a key management pool A corresponding to the user A, wherein the session request comprises a first data item and a second data item, the first data item is identity information of a user A and a user B of both communication parties, the second data item is an identifier S1 of the communication, and the S1 is a time stamp, a counter or a random number;
step 3: after receiving the session request of the user A, the key distribution center A corresponding to the user A searches the whole network for the website of the key distribution center B to which the communication object user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees with the communication connection request of the user A, the step 4 is skipped;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A and repeats the step 3;
step 4: the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B and the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
step 5: after a key distribution center A corresponding to a user A acquires a first encryption key from a first quantum key pool, the first encryption key is encrypted by a transmission authorization code KA and then sent to the user A;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key with the same length as the first encryption key from the first quantum key pool, encrypts the second encryption key by using a transmission authorization code KB and sends the second encryption key to the user B;
step 6: the user A and the user B respectively decrypt the first encryption key and the second encryption key by using the transmission authorization codes KA and KB, and the user A encrypts the information by using the first encryption key after obtaining the first encryption key to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key, the information is decrypted by adopting the second encryption key to obtain the information;
step 7: the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
The beneficial effects of the invention are as follows:
the key management layer module in the invention randomly selects the key sequences in different intervals from the quantum key generated by the QKD layer module to form a new key for the user of the application layer module to encrypt the message, thus obtaining the new key sequence, changing the original key sequence and improving the security of the key.
The invention adopts multi-type QKD (such as DPS-based quantum key distribution, for example), the external influence on the front pulse and the rear pulse is almost consistent in the optical fiber transmission process, and the invention has higher anti-interference performance; the error rate caused by unstable external conditions is effectively reduced, and the photon utilization rate and the bit rate are improved.
The invention adopts a plurality of sending ends, can solve the problem that only one ALICE sending end is adopted, and can avoid the problem that the normal work is not realized due to the paralysis of the network.
Drawings
FIG. 1 is a block diagram of a quantum cryptography pool fusion network space structure of the present invention;
FIG. 2 is a schematic diagram of a QKD system of the present invention;
FIG. 3 is a diagram of the re-combination of the key sequence of the present invention;
fig. 4 is a flow chart of the method of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the following examples, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent, but the scope of the present invention is not limited to the following specific examples.
A quantum classical converged communication network system, as shown in fig. 1, the system comprises a QKD layer module, a key management layer module and an application layer module, which are connected in sequence;
the QKD layer module comprises a QKD system and a key post-processing module which are sequentially connected; as shown in fig. 2, the QKD system includes N transmitting ends Alice, a dense wavelength division multiplexer, a dense wavelength division demultiplexer, a wavelength selective switch, and N receiving ends Bob; the QKD system adopts DPS protocol to carry out quantum key distribution, modulates and demodulates quantum signals to generate an original key and carries out post-processing operation to obtain a final key meeting the error rate requirement, and the final key is stored in a first quantum key pool of a key management layer module.
The N sending terminals Alice are respectively connected with the dense wavelength division multiplexer; the dense wavelength division multiplexer, the dense wavelength division demultiplexer and the wavelength selective switch are sequentially connected, and the wavelength selective switch is respectively connected with the N receiving ends Bob.
Specifically, each of the N sending ends Alice includes a laser, a phase modulator, an intensity modulator, and a variable optical attenuator, which are sequentially connected; wherein the laser is a multi-wavelength continuous laser.
The N receiving ends Bob respectively comprise an isolator, a beam splitter, a beam combiner, a first detector and a second detector; the beam combiner is connected with the first detector and the second detector respectively.
The application layer module comprises N users connected through optical fibers; each user includes a transmission authorization code distributor;
the key management layer module comprises N key management pools corresponding to N users; each key management pool comprises a first quantum key pool QKP, a key distribution center and a second quantum key pool QKP which are sequentially connected; wherein the key center comprises a transmission authorization code distributor for generating a shared transmission authorization code with the corresponding user.
The QKD system is used for generating an original key and sending the original key to the key post-processing module;
the key post-processing module is used for obtaining a final key by post-processing the original key and sending the final key to the first quantum key pool QKP1;
the first quantum key pool QKP1 is used for storing a final key and transmitting part of the final key to a key distribution center;
the key distribution center is used for selecting part of the final key as an encryption key to be sent to the second quantum key pool QKP2;
the second quantum key pool QKP is used to store the final key and send a portion of the final key to the user in the application layer module.
The principle and process of the quantum classical fusion communication network system based on the embodiment are as follows:
after the QKD layer module generates a quantum key, the quantum key is processed by the key post-processing module to obtain a final key, and the final key is sent to a first quantum key pool QKP1 of the key management layer module; specifically, the process of the QKD layer module generating the quantum key is: a laser in a sending end Alice in a QKD system generates multi-wavelength laser and enters a phase modulator, the phase modulator carries out phase modulation on the multi-wavelength laser and then outputs continuous laser with the phase of 0 or pi to enter an intensity modulator, the intensity modulator modulates the continuous laser with the phase of 0 or pi into pulse laser with the time interval of T, and the pulse laser enters a variable attenuator to be attenuated into pulse laser with the average photon number of less than 1 and then is input into a dense wavelength division multiplexer.
The variable optical attenuator can be used for reducing the transmission power of a data signal transmitting end, so that the power leakage and the crosstalk of adjacent channels caused by the overhigh data signal power are reduced.
The pulse laser with the time interval of T enters the dense wavelength division multiplexer for multiplexing, is transmitted through the same optical fiber and is input to the dense wavelength division multiplexer, the dense wavelength division multiplexer demultiplexes the pulse laser, and then is input to the wavelength selective switch, and is input to the corresponding receiving end Bob according to the wavelength addressing mode to input the pulse laser, and detection and response are carried out. In particular, the method comprises the steps of, the wavelength selective switch is provided with wavelengths lambda 1, lambda 2 according to the wavelength of the transmitted pulse distribution of λ3···λN to Bob1 Bob2, bob3 BobN.
After the pulse laser enters any receiving end Bob, noise is filtered through an optical isolator, and the filtered noise is input to a beam splitter for beam splitting to obtain a first signal and a second signal; the first path of signals enter the beam combiner through the upper arm optical fiber, the second path of signals directly enter the beam combiner through the lower arm optical fiber, and the length of the upper arm optical fiber is longer than that of the lower arm optical fiber, so that a certain time delay is generated;
the first path of signals and the second path of signals are interfered in the beam combiner, and then the combined beam signals are output to enter the first detector or the second detector for detection and response; when the phase difference of the two paths of signals is 0, the first detector responds, and the measurement result is recorded to be 0; when the phase difference of the two paths of signals is pi, the second detector responds, and the recording measurement result is 1;
the receiving end Bob records and publishes the response condition of the first detector or the second detector to obtain an original key; and the original key enters a key post-processing module and is subjected to post-processing to obtain a final key. The success rate of error rate detection in the post-processing is set as QBER, and a calculation formula is as follows:
QBER=Nerr/Nsift;
wherein Nerr is the number of code value errors, and Nsift is the total number after screening;
when QBER is more than 11%, it is determined that communication between Alice of the sending end and the receiving end may be intercepted, and this communication needs to be discarded and communication connection needs to be reestablished.
Specifically, the final key generated by the QKD layer is first sent to the first quantum key pool QKP1 of the key management layer, and the first quantum key pool QKP of the key management layer temporarily stores the final key generated by the QKD layer.
Any user A in the application layer module sends a session request to a key distribution center A in a key management pool A corresponding to the user A; the session request comprises a first data item and a second data item, wherein the first data item is identity information of a user A and a user B of both communication parties, the second data item is an identifier S1 of the communication, and the S1 is a time stamp, a counter or a random number.
After receiving the session request of the user A, the key distribution center A searches the website of the key distribution center B to which the communication object user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees to the communication connection request of the user A, the transmission authorization code distributors of the user A and the user B and the transmission authorization code distributors of the key distribution centers corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A.
After a key distribution center A corresponding to the user A acquires a first encryption key K1 from a first quantum key pool, the first encryption key K1 is encrypted by a transmission authorization code KA and then sent to the user A; as shown in fig. 3, the key distribution center a randomly selects a random combination of keys in each section of different intervals to obtain a first encryption key K1;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key K2 with the same length as the first encryption key K1 from the first quantum key pool QKP, encrypts the second encryption key K2 by using a transmission authorization code KB and then sends the encrypted second encryption key K2 to the user B;
as shown in fig. 3, the key distribution center B randomly selects the random combination of the keys in each section of different intervals to obtain the second encryption key K2, and the key distribution center B tracks the position of the key selected by the key distribution center a in real time, so as to ensure that after the user a transmits the encryption information to the user B, the second encryption key K2 obtained by the user B can decrypt the encryption transmitted information.
The key management layer module in the invention randomly selects the key sequences in different intervals from the quantum key generated by the QKD layer module to form a new key for the user of the application layer module to encrypt the message, thus obtaining the new key sequence, changing the original key sequence and improving the security of the key.
The user A and the user B respectively decrypt the first encryption key K1 and the second encryption key K2 by using the transmission authorization codes KA and KB, and the user A encrypts information by using the first encryption key K1 after obtaining the first encryption key K1 to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key K2, the information is decrypted by adopting the second encryption key K2 to obtain information;
the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
A quantum classical fusion communication network method is applied to the quantum classical fusion communication network system, as shown in fig. 4, and comprises the following steps:
step 1: after the QKD layer module generates a quantum key, the quantum key is processed by the key post-processing module to obtain a final key, and the final key is sent to a first quantum key pool of the key management layer module;
step 2: the user A sends a session request to a key distribution center A in a key management pool A corresponding to the user A, wherein the session request comprises a first data item and a second data item, the first data item is identity information of a user A and a user B of both communication parties, the second data item is an identifier S1 of the communication, and the S1 is a time stamp, a counter or a random number;
step 3: after receiving the session request of the user A, the key distribution center A corresponding to the user A searches the whole network for the website of the key distribution center B to which the communication object user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees with the communication connection request of the user A, the step 4 is skipped;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A and repeats the step 3;
step 4: the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B and the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
step 5: after a key distribution center A corresponding to a user A acquires a first encryption key from a first quantum key pool, the first encryption key is encrypted by a transmission authorization code KA and then sent to the user A;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key with the same length as the first encryption key from the first quantum key pool, encrypts the second encryption key by using a transmission authorization code KB and sends the second encryption key to the user B;
step 6: the user A and the user B respectively decrypt the first encryption key and the second encryption key by using the transmission authorization codes KA and KB, and the user A encrypts the information by using the first encryption key after obtaining the first encryption key to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key, the information is decrypted by adopting the second encryption key to obtain the information;
step 7: the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
The invention adopts DPS-based quantum key distribution, and the external influence on the front pulse and the rear pulse is almost consistent in the optical fiber transmission process, thus having higher anti-interference performance; the error rate caused by unstable external conditions is effectively reduced, and the photon utilization rate and the bit rate are improved.
The invention adopts a plurality of sending ends, can solve the problem that only one ALICE sending end is adopted, and can avoid the problem that the normal work is not realized due to the paralysis of the network.
Variations and modifications to the above would be obvious to persons skilled in the art to which the invention pertains from the foregoing description and teachings. Therefore, the invention is not limited to the specific embodiments disclosed and described above, but some modifications and changes of the invention should be also included in the scope of the claims of the invention. In addition, although specific terms are used in the present specification, these terms are for convenience of description only and do not constitute any limitation on the invention.
Claims (12)
1. The quantum classical convergence communication network system is characterized by comprising a QKD layer module, a key management layer module and an application layer module which are connected in sequence;
the QKD layer module comprises a QKD system and a key post-processing module which are sequentially connected;
the application layer module comprises N users connected through optical fibers;
the key management layer module comprises N key management pools corresponding to N users; each key management pool comprises a first quantum key pool, a key distribution center and a second quantum key pool which are sequentially connected;
the QKD system is used for generating an original key and sending the original key to the key post-processing module;
the key post-processing module is used for obtaining a final key from the original key through post-processing and sending the final key to the first quantum key pool;
the first quantum key pool is used for storing the final key and sending part of the final key to the key distribution center;
the key distribution center is used for selecting part of the final key as an encryption key to be sent to the second quantum key pool;
the second quantum key pool is used for storing the final key and sending part of the final key to the user in the application layer module.
2. The quantum classical convergence communication network system as claimed in claim 1, wherein any user a in said application layer module issues a session request to a key distribution center a in its corresponding key management pool a;
after receiving the session request of the user A, the key distribution center A searches the website of the key distribution center B to which the communication target user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees to the communication connection request of the user A, the transmission authorization code distributors of the user A and the user B and the transmission authorization code distributors of the key distribution centers corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A.
3. The quantum classical convergence communication network system as claimed in claim 2, wherein the key distribution center a corresponding to the user a obtains a first encryption key from the first quantum key pool, encrypts the first encryption key with the transmission authorization code KA, and sends the encrypted first encryption key to the user a;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key with the same length as the first encryption key from the first quantum key pool, encrypts the second encryption key by using a transmission authorization code KB and sends the second encryption key to the user B;
the user A and the user B respectively decrypt the first encryption key and the second encryption key by using the transmission authorization codes KA and KB, and the user A encrypts the information by using the first encryption key after obtaining the first encryption key to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key, the information is decrypted by adopting the second encryption key to obtain the information;
the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
4. A quantum classical converged communication network system according to claim 2, wherein the session request comprises two data items, a first data item and a second data item, the first data item is identity information of a user a and a user B of both communication parties, the second data item is an identifier S1 of the present communication, and the S1 is a time stamp, a counter or a random number.
5. The quantum classical fusion communication network system of claim 1, wherein the QKD system includes N senders Alice, dense wavelength division multiplexers, dense wavelength division demultiplexers, wavelength selective switches, and N receivers Bob;
the N sending terminals Alice are respectively connected with the dense wavelength division multiplexer; the dense wavelength division multiplexer, the dense wavelength division demultiplexer and the wavelength selective switch are sequentially connected, and the wavelength selective switch is respectively connected with the N receiving ends Bob.
6. The quantum classical convergence communication network system as claimed in claim 5, wherein each of the N transmitting ends Alice comprises a laser, a phase modulator, an intensity modulator, and a variable optical attenuator connected in sequence.
7. The quantum classical convergence communication network system as claimed in claim 6, wherein N of said receiving ends Bob each comprise an isolator, a beam splitter, a beam combiner, a first detector, and a second detector;
the isolator is connected with the beam splitter and the beam combiner in sequence, and the beam combiner is connected with the first detector and the second detector respectively.
8. A quantum classical fusion communication network system according to claim 7 wherein the laser produces multiple wavelength lasers into a phase modulator which phase modulates the wavelength lasers to output continuous lasers with 0 or pi phases into an intensity modulator which modulates the continuous lasers with 0 or pi phases into pulse lasers with a time interval T, and the pulse lasers are attenuated by an attenuator and input to a dense wavelength division multiplexer.
9. The quantum classical fusion communication network system of claim 8, wherein the pulse laser with the time interval of T enters the dense wavelength division multiplexer for multiplexing and is transmitted through the same optical fiber and is input to the dense wavelength division multiplexer, and the dense wavelength division multiplexer demultiplexes the pulse laser and inputs the pulse laser to the wavelength selective switch to respectively select the corresponding receiving end Bob to input the pulse laser according to the wavelength addressing mode and detect and respond.
10. The quantum classical fusion communication network system of claim 9, wherein after the pulse laser enters any receiving end Bob, the pulse laser is firstly subjected to noise-filtering interference through an optical isolator and then is input into a beam splitter to be split so as to obtain a first signal and a second signal; the first path of signals enter the beam combiner through the upper arm optical fiber, and the second path of signals enter the beam combiner through the lower arm optical fiber;
the first path of signals and the second path of signals are interfered in the beam combiner, and then the combined beam signals are output to enter the first detector or the second detector for detection and response; the receiving end Bob records and publishes the response condition of the first detector or the second detector to obtain an original key; and the original key enters a key post-processing module and is subjected to post-processing to obtain a final key.
11. The quantum classical convergence communication network system as claimed in claim 10, wherein a success rate of the bit error rate detection in the post-processing is set to QBER, and a calculation formula is:
QBER=N err /N sift ;
wherein N is err N is the number of code value errors sift The total number after screening;
when QBER is more than 11%, it is determined that the communication between Alice of the sending terminal and the receiving terminal is intercepted, and the communication is needed to be discarded and the communication connection is re-established.
12. A quantum classical fusion key distribution method, to which a quantum classical fusion communication network system according to any of claims 1-11 is applied, characterized in that the method comprises the steps of:
step 1: after the QKD layer module generates a quantum key, the quantum key is processed by the key post-processing module to obtain a final key, and the final key is sent to a first quantum key pool of the key management layer module;
step 2: the user A sends a session request to a key distribution center A in a key management pool A corresponding to the user A, wherein the session request comprises a first data item and a second data item, the first data item is identity information of a user A and a user B of both communication parties, the second data item is an identifier S1 of the communication, and the S1 is a time stamp, a counter or a random number;
step 3: after receiving the session request of the user A, the key distribution center A corresponding to the user A searches the whole network for the website of the key distribution center B to which the communication object user B of the user A belongs and establishes communication connection;
if the key distribution center corresponding to the user B agrees with the communication connection request of the user A, the step 4 is skipped;
if the inter-key length negotiation between the users A and B fails, the key distribution center B corresponding to the user B refuses the request of the user A and repeats the step 3;
step 4: the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B and the transmission authorization code distributor of the key distribution center corresponding to the user A and the user B respectively generate shared transmission authorization codes KA and KB;
step 5: after a key distribution center A corresponding to a user A acquires a first encryption key from a first quantum key pool, the first encryption key is encrypted by a transmission authorization code KA and then sent to the user A;
meanwhile, a key distribution center B corresponding to the user B takes out a second encryption key with the same length as the first encryption key from the first quantum key pool, encrypts the second encryption key by using a transmission authorization code KB and sends the second encryption key to the user B;
step 6: the user A and the user B respectively decrypt the first encryption key and the second encryption key by using the transmission authorization codes KA and KB, and the user A encrypts the information by using the first encryption key after obtaining the first encryption key to form encrypted information and sends the encrypted information to the user B; after the user B obtains the second encryption key, the information is decrypted by adopting the second encryption key to obtain the information;
step 7: the user B encrypts a random number by adopting a transmission authorization code KB to obtain an encrypted random number and sends the encrypted random number to a key distribution center B corresponding to the user B; and the key distribution center B sends the encrypted random number to a key distribution center A corresponding to the user A, and the user A and the user B establish secure communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311067623.6A CN117155554A (en) | 2023-08-23 | 2023-08-23 | Quantum classical fusion communication network system and key distribution method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311067623.6A CN117155554A (en) | 2023-08-23 | 2023-08-23 | Quantum classical fusion communication network system and key distribution method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117155554A true CN117155554A (en) | 2023-12-01 |
Family
ID=88903725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311067623.6A Pending CN117155554A (en) | 2023-08-23 | 2023-08-23 | Quantum classical fusion communication network system and key distribution method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117155554A (en) |
-
2023
- 2023-08-23 CN CN202311067623.6A patent/CN117155554A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108111305B (en) | Multi-type quantum terminal compatible converged network access system and method | |
| Cao et al. | KaaS: Key as a service over quantum key distribution integrated optical networks | |
| Xu et al. | Field experiment on a robust hierarchical metropolitan quantum cryptography network | |
| US10757570B2 (en) | Architecture for reconfigurable quantum key distribution networks based on entangled photons directed by a wavelength selective switch | |
| CN106330434B (en) | First quantum node, second quantum node, secure communication architecture system and method | |
| EP2003812B1 (en) | Method and device for managing cryptographic keys in secret communications network | |
| JP2019522434A (en) | Phase polarization multi-degree-of-freedom modulation QKD network system and method | |
| KR101031978B1 (en) | Method and system for quantum key distribution over multi-user wdm network with wavelength routing | |
| JP5784612B2 (en) | Method and apparatus for use in quantum key distribution | |
| CN105515767B (en) | DPS-based multi-user QKD network system and key distribution method thereof | |
| US7457416B1 (en) | Key distribution center for quantum cryptographic key distribution networks | |
| US20160248581A1 (en) | Quantum key distribution system, method and apparatus based on trusted relay | |
| CN111510224B (en) | Quantum communication method and system based on wavelength division multiplexing coding and key storage conversion | |
| AU7544094A (en) | System and method for quantum cryptography | |
| EP2366231A1 (en) | Method of establishing a quantum key for use between network nodes | |
| CN109660337A (en) | A kind of communications network system and its cryptographic key distribution method that quantum is merged with classics | |
| Piparo et al. | Long-distance trust-free quantum key distribution | |
| Futami et al. | Dynamic routing of Y-00 quantum stream cipher in field-deployed dynamic optical path network | |
| Huang et al. | Realizing a downstream-access network using continuous-variable quantum key distribution | |
| Maeda et al. | Technologies for quantum key distribution networks integrated with optical communication networks | |
| CN115987514A (en) | Quantum and classical password fusion encryption transmission equipment | |
| CN111245618B (en) | Internet of things secret communication system and method based on quantum key | |
| CN117155554A (en) | Quantum classical fusion communication network system and key distribution method | |
| WO2020211950A1 (en) | Efficient quantum-key-secured passive optical point to multipoint network | |
| CN220421832U (en) | QKD system suitable for quantum classical fusion network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |