CN102904726B - Classical channel message authentication method and device for quantum key distribution system - Google Patents

Classical channel message authentication method and device for quantum key distribution system Download PDF

Info

Publication number
CN102904726B
CN102904726B CN201210443964.4A CN201210443964A CN102904726B CN 102904726 B CN102904726 B CN 102904726B CN 201210443964 A CN201210443964 A CN 201210443964A CN 102904726 B CN102904726 B CN 102904726B
Authority
CN
China
Prior art keywords
message
data
decoding
mac value
progression
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210443964.4A
Other languages
Chinese (zh)
Other versions
CN102904726A (en
Inventor
杨理
周瑞瑞
李昭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201210443964.4A priority Critical patent/CN102904726B/en
Publication of CN102904726A publication Critical patent/CN102904726A/en
Application granted granted Critical
Publication of CN102904726B publication Critical patent/CN102904726B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a classical channel message authentication method for a quantum key distribution (QKD) system. The method comprises the following steps of: generating a message authentication code (MAC) value of an original message M, and interpolating the MAC value into the original message M according to a preset position to form an original data bit string; performing an appointed number of grades of error correction on the data bit string, sending the data bit string to a receiver through a classical channel, and performing a corresponding number of grades of decoding on the data by the receiver according to a preset decoding method; extracting the message M and the corresponding MAC value from the decoded data string, and calculating the MAC value of the message M extracted by decoding according to a preset calculation method; and comparing the calculated MAC with the MAC extracted by encoding by the receiver, if the MAC values are the same, determining that the extracted original message M is from a sender and is not modified, otherwise, determining that the original message M does not pass through the authentication. By the method, a necessary cryptology scheme is supplied to the QKD system.

Description

For classical channel massage authentication method and the device of quantum key dispatching system
Technical field
The present invention relates to data communication technology field, particularly relate to a kind of classical channel massage authentication method for quantum key dispatching system and device.
Background technology
The cryptographic system of existing use; usually based on certain difficult math question do not separated (factorization as counted greatly); the assumptions that its communication security usually depends on " active computer ability can not solve " ensure, the possibility be not decrypted in theory is not proven.In addition, the eavesdropping behavior of assailant effectively cannot be found in classical channel, this key is not tampered or exchanges in transmitting procedure not have sufficient reason to illustrate after key distribution, and the cipher key distribution problem therefore in classical cryptographic system is a more difficult problem always.The quantum computer studied in the world, theoretical research has shown it and has had special function, if this computer development is successfully talked about, it can solve the difficult problems such as such as large several Factorizations, its speed several order of magnitude faster than classic computer.If secure communication is still undertaken by classical mode, the decoding of quantum computer cannot be stopped.
Quantum cryptography system is a physical system, and transmission medium comprises optical fiber and free space, and it allows two sides or in many ways sets up shared key when not having shared secret information by overt channel, and carries out the quantum communications of maintaining secrecy.The fail safe of quantum cryptography can not the fundamental principles of quantum mechanics such as cloning mechanisms based on Heisenberg uncertainty principle, quantum, ensure that listener-in can not carry out when not destroying system quantum state eavesdropping or obtaining information, thus reach a kind of disclosed method to realize unconditional encryption.
The secure distribution of key is the prerequisite of secure communication.Before quantum key distribution (Quantum KeyDistribution, QKD) proposes, safest key distribution mode is the transmission of reliable courier.The fail safe of this key distribution mode is based upon on the loyalty of courier and the hypothesis of enemy attack Technology Restriction.QKD is the technology that a kind of characteristic of utilization subsystem realizes unconditional security key distribution, and the basis of its fail safe is principle of quantum mechanics.QKD achieves cryptographic ideal, on the reliability fail safe of key being based upon the principles of science, instead of on human reriability.
A most important character of QKD is, if there is third party to attempt to eavesdrop password, then the both sides communicated just can discover.This character is based on quantum-mechanical general principle: any measurement to quantized system all can produce interference to system.Third party attempts to eavesdrop password, must measure it by some way, and these measurements will bring perceptible exception.Carry out transmission information by quantum superposition state or Quantum Entangled States, communication system just can detect whether there is eavesdropping.When eavesdropping is lower than certain standard, one has the key of safety guarantee just can to produce.QKD agreement utilizes quantum mechanical characteristic to ensure the fail safe of communication, and it enables the both sides of communication produce and shares a key that is random, safety, carrys out encryption and decryption information.
Quantum key distribution agreement mainly comprises Quantum Teleportation, data screening (comprising error rate measurement), correcting data error, maintains secrecy and strengthens Four processes.In fact, so-called quantum key distribution agreement can be referred to as " quantum bit screening " agreement, because specific key distribution can not be given a specific user by QKD technology.Before communicating pair starts quantum communications, do not produce specific quantum key in advance, and then throughput subchannel sends; But according to the characteristic of quantum state, from state selection bit sequence, screen a random subset as key data, more secret enhancing is carried out to key data realize sharing of quantum key.
Quantum-key distribution QKD and classic key are distributed the most essential difference and are that the former uses quantum state to characterize random number 0 or 1, and existing encryption key distribution uses physical quantity to characterize.Bit is transmitted according to light pulse, in classical information, light pulse has photon to represent 1, unglazed filial generation table 0 is then adopt the polarization state of single photon to characterize bit in quantum information, as circular polarization state represents 0, linear polarization represents 1, and each light pulse can only have at most a photon, and the different quantum states residing for this photon show the different bit informations that it carries.When quantum-key distribution, transmit leg can be in different polarization states photon by random transmission carries out the transmission of classical information.4 polarization states of the photon shown in Fig. 1 can be used for mark and levy random information, and in figure, two, the left side is horizontal polarization and vertical polarization, is prepared by right angle base; Two, the right is 135 ° of polarizations and 45 ° of polarizations, is prepared by oblique angle base.
In quantum-key distribution, sender prepare at random be in different polarization states photon to characterize classical information, such as horizontal polarization and 45 ° of polarizations characterize 0, and vertical polarization and 135 ° of polarizations characterize 1.Recipient measures the concrete polarization state residing for it after receiving photon, thus obtains the classical information entrained by photon.It should be noted that, recipient only has the correct measurement base (being divided into right angle base and oblique angle base) of selection just can carry out correct measurement, on oblique angle base, such as measure the photon (characterizing bit 0) being in horizontal state of polarization, each probability with 50% is obtained left-handed 45 ° of polarization states and 135 ° of polarization states by so measured result, namely each probability with 50% obtains classical bit 0 and 1, that is has 50% may make mistakes.A typical quantum-key distribution process as shown in Figure 2, specifically:
Quantum signal transmits
The random generation length of transmit leg Alice is the classical Bit String of n, and the photon of different polarization states is according to the random selection right angle base of the value of each bit in Bit String or the preparation of oblique angle base, now each photon is the random any one for four kinds of polarization states.Such as first bit is that 0, Alice have selected right angle base, and the photon so prepared is in horizontal state of polarization; Otherwise if Alice have selected oblique angle base, the photon so prepared is in 45 ° of polarization states.
Transmit leg Alice sends photon throughput subchannel to recipient Bob.To each photon received, the selection right angle base that Bob is random or oblique angle base are measured its polarization state, and record measurement result.After measurement terminates, Bob will obtain the classical Bit String that a length is n, and it is Stochastic choice that the state due to Bob measures base, so have mistake in its Bit String obtained, therefore need to carry out data screening, select useful bit value, so far the first stage terminates.
Data screening
After first stage terminates, recipient Bob announces its measurement base selected by the overt channel that certification is intact, but does not announce measurement result, and anyone can see the information that Bob announces; Transmit leg Alice can determine base selected by Bob by the information that Bob announces, and which is correct, and which is wrong; Alice abandons the bit value of mistake measurement corresponding to base, and notify the sequence number corresponding to measurement base correct in its measurement base selected of Bob by the overt channel that certification is intact, Bob retains the bit in measurement result corresponding to these sequence numbers, and abandons remaining bit.After this step, legitimate correspondence both sides Alice and Bob establishes the secret bit string that a length is about n2, other people also can see the information that Alice announces, but because Bob does not announce measurement result, therefore except Alice and Bob, other people cannot obtain the information of secret bit string.
Error rate measurement
Listener-in whether is had to exist in order to detect, transmit leg Alice and recipient Bob randomly draws a subset by the classical channel that certification is intact and carries out open comparison from the random bit string set up, namely Alice announces the bit value of a certain subset immediately, and whether Bob detects consistent with the measurement result of oneself.If the Bit String that Alice and Bob extracts is respectively a and b.Under normal circumstances except a small amount of mistake that interchannel noise in transmitting procedure brings, each bit in Bit String a should have with corresponding bit in b the value that identical bit value Alice and Bob contrasts Bit String a and b, if certain bit is different with the corresponding bit in a in b, then think this bit-errors, and calculate the error rate of b:
if the upper limit δ that the error rate is appointed in advance beyond, then protocol ends; If the error rate is in an acceptable scope, then communicating pair abandon disclosed in the bit of comparing, using remaining bit as the key shared, the size that opponent steals amount is grasped in effect.
Correcting data error
Communicating pair is after above-mentioned data screening and error rate measurement, and communicating pair have shared the key of an error rate in tolerance interval, and it is called naked key.Owing to there is certain error rate, therefore next communicating pair carries out correcting data error to naked key.General data error correction carries out data interaction realization by the overt channel that certification is perfect.This step communicating pair is shared the inconsistent situation of naked key corrected.
Maintain secrecy and strengthen
The naked key of Alice and Bob respectively in local opponent makes Privacy amplification operations.The effect of this step is the confidentiality strengthening final key.
It is to be noted that 1 for quantum signal transmission, 2-5 is classical signals transmission and classical information reprocessing.Be not difficult to find out from the process of quantum-key distribution, quantum-key distribution is exactly a kind of data screening technology, it is not to a specific user specific key distribution, but screening is carried out to random bit sequence obtain some shared key bits, its fail safe is based on the validity detecting eavesdropping, and making in this way can not be straight
Tap into the communication of row particular data.
Due to the process that quantum-key distribution QKD is the screening of bit, the classical channel therefore needing certification perfect after quantum signal sign off carries out open comparison, thus filters out useful quantum bit position.Due to the existence of ambient noise and listener-in, open comparison comprises the screening and error rate measurement of measuring base.Alice with Bob prepares base by comparison determination state and measures the identical quantum bit of base with state, and retains the measurement result of these quantum bits, and the data then after open part screening check the error rate.
The difficulty that structure meets the classical Channel authentication mode of real QKD system requirements is that it at least will meet following four conditions simultaneously: 1) this authentication mode must have Information theoretical secure, instead of computational security; 2) this authentication mode must have fully little key consumption rate, and this is the basis realizing " cipher key spreading "; 3) this authentication mode must have software and hardware implementation fast, to adapt to the demand of QKD; 4) from demand, especially from military requirement, the operational environment that QKD system faces may be very severe, so this authentication mode must resist the mistake of classical channel to a certain extent, even enemy is to the attack of classical channel, to ensure that QKD system normally works in the presence of a harsh environment.
Article 1, can accomplish, because people propose the authentication code much with Information theoretical secure successively.To accomplish that Article 2 will be selected these Information theoretical secure authentication codes, because the authentication code with Information theoretical secure often will consume a large amount of keys simultaneously.Article 3 needs to be met adopt based on CRC (Cyclical Redundancy Check simultaneously, CRC) authentication code, this is that a class is for stream cipher, the Wegman-Carter class authentication code that can be carried out fast coding by linear feedback shift register (LFSR).Although people have had a lot of research to the authentication code based on CRC, Article 4 be taken into account and still had a lot of difficulty to overcome.This is because need to calculate a message authentication code (Message Authentication Code for each longer message based on the authentication code of CRC, MAC), i.e. MAC value, to ensureing fail safe while saving key, even if this causes only occurring a bit-errors in long message, message authentication can not pass through.So, how to meet Article 4, ensure that depositing QKD system in the case of an error at classical channel still can normally work, just become a key issue of the classical Channel authentication technology of development QKD system.
Summary of the invention
In order to solve the problem that the QKD system in the case of an error of depositing of classical channel in prior art cannot normally work, the invention provides a kind of classical channel massage authentication method for QKD system and device.
On the one hand, the classical channel massage authentication method for QKD system of the present invention comprises:
Transmit leg in conjunction with CRC coding and the cipher mode of one-time pad, the message authentication code MAC value of generation origination message M;
MAC value is inserted in origination message M according to the position of arranging in advance, forms original data bits string;
The error correction coding of specifying progression is carried out to data Bit String, wherein, all proceeded as follows before every one-level error correction coding, until complete the error correction coding of specifying progression:
Data bit string is divided into multiple groups of regular length;
All carrying out bracing wire displacement to often organizing data, forming new data bit string;
Error correction coding at the corresponding levels is carried out to the data bit string after bracing wire displacement;
Ganged up classical channel send to recipient by completing the data bit after specifying progression error correction coding, recipient carries out the decoding of corresponding progression to data according to the decoded mode appointed in advance; Wherein, all proceed as follows in every one-level decoding, until complete the decoding of corresponding progression:
Decoding is carried out to data;
Data after decoding are divided into multiple groupings of regular length;
The inverse permutation of the bracing wire displacement that each grouping uses according to transmit leg is operated;
The MAC value of message M and its correspondence is extracted the serial data that recipient obtains according to the position of prior agreement after decoding;
Recipient, according to predetermined account form, calculates the MAC value of the message M extracted after decoding;
Whether recipient compares the MAC value calculated identical with the MAC value extracted after decoding, if the two is identical, then judges that the origination message M that it extracts comes from transmit leg really, and is not tampered, otherwise be considered as not passing through certification.
Further, described error correcting code coding adopts Hamming code; Described appointment progression is 6 grades.
Further, MAC value is inserted in origination message M according to the position of arranging in advance, and this position is arranged in advance by transmit leg and recipient.
On the other hand, the classical channel massage authenticate device for quantum key dispatching system of the present invention comprises:
Initial data concatenates into processing module, and for generating the message authentication code MAC value of origination message M, and MAC value be inserted in origination message string and generate initial data string, this initial data string comprises MAC value two parts of origination message M and M;
Error correcting code coding module, for carrying out the error correcting code coding of specifying progression to initial data string, wherein, at every one-level error correcting code coding, error correcting code coding module all proceeds as follows, until complete the error correction coding of specifying progression:
Data bit string is divided into multiple groups of regular length;
All carrying out prior bracing wire displacement of arranging to often organizing data, forming new data bit string;
Error correction coding at the corresponding levels is carried out to the data bit string after bracing wire displacement;
Message transmission module, for specifying the data of progression error correction coding to send to recipient by completing;
Message reception module, for receiving the data from message transmission module;
Decoding processing module, for according to predetermined decoded mode to data string receiving to data carry out the decoding of corresponding progression, wherein, in every one-level decoding, decoding processing module all proceeds as follows, until complete the decoding of specifying progression:
Decoding is carried out to data;
Data after decoding are divided into multiple groupings of regular length;
The inverse permutation of the bracing wire displacement that each grouping uses according to transmit leg is operated;
Initial data string Recovery processing module, for obtaining the MAC value of origination message M and M from the serial data after decoding, wherein, recipient extracts MAC value and message M according to the position of arranging in advance;
Message authentication code computing module, for making recipient according to predetermined account form, calculates the MAC value of the message M extracted;
Message judge module, for comparing the MAC value calculated and the MAC value extracted, if the two is identical, then judges that the origination message M obtained comes from transmit leg really, and is not tampered, otherwise be considered as not passing through certification.
Beneficial effect of the present invention is as follows:
The invention provides a kind of message authentication scheme with the classical channel for quantum key dispatching system of Information theoretical secure and certain fault tolerant and attack tolerance, key consumption rate is little, software and hardware realizes fast, core algorithm and overall certificate scheme can be realized, for QKD system provides an indispensable cryptographic schemes based on FPGA platform.
Accompanying drawing explanation
Fig. 1 is 4 polarization state schematic diagrames of photon.
Fig. 2 is typical quantum-key distribution process schematic.
Fig. 3 is the message authentication scheme block diagram based on CRC.
Fig. 4 is the classical channel massage authentication method flow chart of the present invention for quantum key dispatching system.
Fig. 5 is the bracing wire replacement Treatment schematic diagram of the embodiment of the present invention.
Fig. 6 is error rate comparison diagram before the error rate and error correction after the error correction of the embodiment of the present invention.
Fig. 7 is Hamming code (7,4,3) the code code thread figure of the embodiment of the present invention.
Fig. 8 is Hamming code (7,4,3) the code decoding circuitry figure of the embodiment of the present invention.
Fig. 9 is the classical channel massage authenticate device structural representation of the present invention for quantum key dispatching system.Embodiment
Below in conjunction with accompanying drawing and embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, do not limit the present invention.
In this area, the MAC based on CRC is a kind of message authentication code with Information theoretical secure demonstrated, and its fail safe meets our requirement to required authentication mechanism.The message common hash function effect of certification is first obtained its hashed value by this system, then fills hashed value with one time key and sends to recipient as MAC together with the message of certification.A kind of certificate scheme based on cyclic check code CRC as shown in Figure 3, after recipient receives the message passed in channel, first the n bit mac value extracted origination message Bit String M and be attached to below, and calculate the MAC value of M according to the p (x) shared in advance in hand and K and received MAC value contrasts, if the two is identical, then authentication success, otherwise think authentification failure.Whether certification is here a double authentication, on the one hand, message can be checked to be tampered in transmitting procedure, reach the object of message integrity certification by MAC value; On the other hand, because used p (x) and K has communicating pair to share in advance, therefore only have legal transmission know its value just now and calculate MAC, therefore complete the authentication to sender of the message.
To arbitrary value m and n>1, if h () is hash function, c (x) is its likely polynomial set of residue, and p (x) is the irreducible function used in function, then, based in the MAC of CRC namely and if only if, and p (x) eliminates M (x) x n-c (x), the number of times of this formula is up to m+n time, and the number of times of p (x) is n, so this formula is decomposed at most (m+n)/n n irreducible function.That is have the selection of (m+n)/n p (x) to produce collision, and the sum of p (x) can not more than 2 n-1/ n.So collision probability is (m+n/n)/(2 n-1/ n)=(m+n)/(2 n-1), a probability of not knowing that the assailant of MAC key forges MAC is at most (m+n)/(2 n-1), when the value of n is enough large, this probability is almost 0, and therefore this certificate scheme has Unconditional security.
CRC authentication code can use linear displacement feedback register hardware implementing, thus the speed of calculation check code.For 1G (2 24) size of message of bit and m be 2 24can get n is 64.So only need the key of 64 just can authenticate 2 24the message of position, thus have authenticated more size of message with less key consumption, thus this authentication method is applicable to being applied in quantum key distribution protocol.
The certificate scheme more than considered is applicable to desirable not have noisy classical channel, does not consider the interference of noise.And in practical application, such as satellite communication system etc., due to system self, usual all inevasible certain noise jamming existence that has in channel, thus in the message bit string causing recipient to receive, there is the mistake of certain ratio.And for the CRC-based message authentication system that uses in certificate scheme, the message error of 1 bit can infinitely be amplified, thus causes the failure of certification, and this is that the character of the hash function used by it determines.
Fig. 4 is the classical channel massage authentication method flow chart for quantum key dispatching system of the present invention, in order to the failure preventing the interference of noise from causing certification, need to carry out error correcting code coding to the data bit string that will send before transmitting, then make the message after coding transmit in the channel to resist interchannel noise.Recipient obtains original message bit string and corresponding MAC value by decoding, and then carries out message integrity certification.
In message transmitting procedure, assailant can eavesdrop partial information, thus introduces the mistake of similar noise.This kind of mistake is usually more concentrated, after the error correction of single-wheel error correcting code, still there is decoding error, so often the error rate of whole bit sequence can not be dropped to an acceptable level.For this reason, we add random permutation in fault-tolerant encoding, and the encoding block preventing assailant from selecting some information destroys.
The embodiment of the present invention adopts bracing wire displacement to realize random permutation, as shown in Figure 5, bracing wire displacement is the simple and direct random permutation of a digital circuit fast technology, and this replacement technique does not need gate circuit, simple bit line can realize random permutation, greatly improves speed and the reliability of random permutation.Bracing wire displacement has a variety of mode.Displacement in error-correction protocol requires that displacement is even as far as possible.Make each bit in each grouping be dispersed in after replacement operator among the different group of next round as far as possible.Can see that this bracing wire is replaced first grouping (a by Fig. 5 11, a 12..., a 1n) in first bit a 11taking-up is placed on rear first position of displacement.By second grouping (a 21, a 22..., a 2n) in first bit a 21take out second position after being placed on displacement.Until get last group i.e. m group (a m1, a m2..., a mn) first bit a m1be put into rear m the position of displacement.Then from first group, again get first grouping (a 11, a 12..., a 1n) in second bit a 12put into m+1 position after grouping.Second grouping (a 21, a 22..., a 2n) in second bit a 22put m+2 position after grouping.Until m group (a m1, a m2..., a mn) second m bit put m+m position after grouping.Such repeated arrangement is gone down until last bit (a of each grouping 1n, a 2n..., a mn) put into last m position after grouping.The bit of each group is taken out arrangement by visible this bracing wire displacement one by one successively, thus after making grouping in each grouping each bit after replacement operator in dispersed sequence after grouping.
All need before error correction at different levels to do bracing wire displacement.I-th grade of bracing wire displacement is as follows.
Actual bracing wire displacement can have a variety of.The bracing wire displacement used before every grade of error correction coding is all different, and the method for replacing of use is determined by the key of communicating pair.For the error rate of normal message, after the error correction wheel number of arranging in advance, the probability that the key after error correction exists mistake is very little.If the error rate still be can not ignore after Bob finds the error correction wheel through arranging in advance, then he only needs simple notice Alice BER excess, restarts to take turns new quantum key distribution protocol.Why the error rate can be dropped to one arbitrarily in a small amount by cascade error correction scheme, is that because the error rate all can decline to some extent after every grade of error correction, this just needs the error correcting code selecting error correcting capability enough strong, to resist the larger error rate introduced because opponent attacks.
Consider that to click the patient error rate upper limit of error correction coding institute limited, the present invention adopts the structure of multilayer cascade to realize fault tolerant, such as, adopt six to take turns (7,4,3) coding, data augmentation about 28.7 times.
The progression of concatenated coding is determined by the initial error rate under normal circumstances and the final acceptable error rate.Be example concatenated coding with (7,4,3) Hamming code, one takes turns the error rate p before error correction and the error rate p after error correction 1between relation as follows:
p 1=9p 2-26p 3+30p 4-12p 5(2)
Table 1
p 0.05 0.07 0.09 0.10
L 5 5 6 6
η 0.061 0.061 0.035 0.035
α 5.22×10 -14 5.93×10 -10 1.20×10 -12 1.74×10 -10
The relevant statistics of table 1 lists (7,4,3) Hamming code concatenated coding, p is the initial error rate, and L is the progression of cascade, and η is surplus ratio, and α is the error rate.
If BER excess exceeds the error correcting capability of error correcting code, then cascade how many levels all cannot error correction.Fig. 6 to give before error correction error rate p after error rate p and error correction 1relation, as seen from Figure 6, when p is in interval time middle, often taking turns error correction can reduce the error rate.
Transmit leg carries out six to message and takes turns error correction coding, and each all enters row stochastic bracing wire displacement to the message that will encode before taking turns coding, adopts the mode of " displacement → coding " mistake to be distributed to uniformly in each grouping block.After recipient receives code word, carry out multi-level decoding according to the mode of " decoding → displacement " conversely, thus recover original message and corresponding MAC value.The structure of multilayer cascade can improve the patient error rate upper limit greatly, and six levels that the embodiment of the present invention adopts join patient error rate and reach 10%.
For 1G (10 9) message of bit, if the error rate of classical channel (10%) within an acceptable scope, and the error rate after error correction can be dropped to 10 by the multilayer concatenated coding adopted -10below, then recipient can recover initial data string by error correction, and from the serial data recovered, extract message M and MAC value according to the key shared in advance, calculate the MAC value of M and contrast with the MAC value received, if the two is consistent, then indicates and complete authentication and message authentication.
MAC value is the data that will lay special stress on protecting, and concentrate to prevent assailant and attack MAC, transmit leg can be inserted in the ad-hoc location of message string after calculating the MAC value of message.The key that its position of inserting is shared in advance by transmit leg (Alice) and recipient (Bob) determines, this key is can be reusable.Then Alice carries out cascade error correction coding to whole serial data.Code word after coding can resist the mistake that opponent introduces the eavesdropping of certain partial data.
The structure of the hardware circuit implementation tolerated to make attack is simply efficient, and the present invention adopts Hamming code (7,4,3) code to encode.Because the I/O module resource of FPGA is limited, b+64 bit is divided into N group (also can filling bit 0) by the present invention, if often organize n bit.Then to error correction coding+bracing wire displacement that each group execution 6 is taken turns, namely often perform first encoding operation and just bracing wire displacement is performed to the bit after coding.Execute concatenated coding, the bit number of each group is about 28.7 × n.For every one-level error correcting code of the concatenated coding scheme based on Hamming code (7,4,3) code, if bit error rate is p before decoding, then after decoding, bit error rate is p 1=9p 2-26p 3+ 30p 4-12p 5.If initial bit error rate p<10%, then carried out message+MAC bit error rate p (6) <1.74 × 10 after decoding that 6 take turns concatenated coding -10, can calculate thus, if once certification 100,000,000 message, then each probability of not makeing mistakes is 0.9818, this namely the message transmitted of random error channel (p<10%) by the probability of certification.
Generator matrix (G) and the check matrix (H) of Hamming code (7,4,3) code are respectively:
G = 1 0 0 0 1 1 1 0 1 0 0 1 1 0 0 0 1 0 1 0 1 0 0 0 1 0 1 1 ,
H = 1 1 1 0 1 0 0 1 1 0 1 0 1 0 1 0 1 1 0 0 1
Coding schedule is in table 2:
Table 2
In conjunction with the feature (four inputs output) of fpga logic unit, take Hamming code (7,4,3) code code thread as shown in Figure 7, Hamming code (7 as shown in Figure 8,4,3) code decoding circuitry, message to be encoded is a6, a5, a4, a3, in seven bit word generated, a6, a5, a4, a3 are information bit, a2, a1, a0 are check bit, because first 4 of encoding are information bits, therefore only need correct the mistake of first 4 after decoding, namely a6 is corrected, a5, a4, a3.
In order to solve the problem that the QKD system in the case of an error of depositing of classical channel in prior art cannot normally work, present invention also offers a kind of classical channel massage authenticate device for quantum key dispatching system, as shown in Figure 9, comprise: initial data concatenates into processing module 201, for generating the message authentication code MAC value of origination message M, and MAC value is inserted in origination message string generates initial data string, this initial data string comprises MAC value two parts of origination message M and M; Error correcting code coding module 202, for carrying out the error correcting code coding of specifying progression to initial data string, wherein, at every one-level error correcting code coding, error correcting code coding module all proceeds as follows, and specifies the error correction coding of progression: data bit string is divided into multiple groups of regular length until complete; All carrying out prior bracing wire displacement of arranging to often organizing data, forming new data bit string.Error correction coding at the corresponding levels is carried out to the data bit string after bracing wire displacement.Message transmission module 203, for specifying the data of progression error correction coding to send to recipient by completing; Message reception module 204, for receiving the data from message transmission module; Decoding processing module 205, for according to predetermined decoded mode to data string receiving to data carry out the decoding of corresponding progression, wherein, in every one-level decoding, decoding processing module all proceeds as follows, and specifies the decoding of progression: carry out decoding to data until complete; Data after decoding are divided into multiple groupings of regular length; The inverse permutation of the bracing wire displacement that each grouping uses according to transmit leg is operated.Initial data string Recovery processing module 206, for obtaining the MAC value of origination message M and M from the serial data after decoding, wherein, recipient extracts MAC value and message M according to the position of arranging in advance; Message authentication code computing module 207, for making recipient according to predetermined account form, calculates the MAC value of the message M extracted; Message judge module 208, for comparing the MAC value calculated and the MAC value extracted, if the two is identical, then judges that the origination message M obtained comes from transmit leg really, and is not tampered, otherwise be considered as not passing through certification.
Although be example object, disclose the preferred embodiments of the present invention, it is also possible for those skilled in the art will recognize various improvement, increase and replacement, and therefore, scope of the present invention should be not limited to above-described embodiment.

Claims (6)

1., for a classical channel massage authentication method for quantum key dispatching system, it is characterized in that, comprising:
Transmit leg in conjunction with CRC coding and the cipher mode of one-time pad, the message authentication code MAC value of generation origination message M;
Be inserted in origination message M by MAC value according to the position of arranging in advance, this position is arranged in advance by transmit leg and recipient, forms original data bits string;
The error correction coding of specifying progression is carried out to the original data bits string of origination message and MAC value formation, wherein, all proceeded as follows before every one-level error correction coding, until complete the error correction coding of specifying progression:
A1, data bit string is divided into multiple groups of regular length;
A2, all carrying out bracing wire displacement to often organizing data, forming new data bit string;
A3, to bracing wire displacement after data bit string carry out error correction coding at the corresponding levels;
Ganged up classical channel send to recipient by completing the data bit after specifying progression error correction coding, recipient carries out the decoding of corresponding progression to data according to the decoded mode appointed in advance; Wherein, all proceed as follows in every one-level decoding, until complete the decoding of corresponding progression:
B1, decoding is carried out to data;
B2, the data after decoding are divided into multiple groupings of regular length;
B3, the inverse permutation of bracing wire displacement used according to transmit leg each grouping operate;
The MAC value of message M and its correspondence is extracted the serial data that recipient obtains according to the position of prior agreement after decoding, and according to predetermined account form, the MAC value of the message M extracted after calculating decoding;
Whether recipient compares the MAC value calculated identical with the MAC value extracted after decoding, if the two is identical, then judges that the origination message M that it extracts comes from transmit leg really, and is not tampered, otherwise be considered as not passing through certification.
2., as claimed in claim 1 for the classical channel massage authentication method of quantum key dispatching system, it is characterized in that, described appointment progression is 6 grades.
3. as claimed in claim 1 for the classical channel massage authentication method of quantum key dispatching system, it is characterized in that, described error correction coding uses Hamming code coding.
4., as claimed in claim 1 for the classical channel massage authentication method of quantum key dispatching system, it is characterized in that, the bracing wire displacement used and inverse permutation are arranged in advance by transmit leg and recipient.
5., for a classical channel massage authenticate device for quantum key dispatching system, it is characterized in that, comprising:
Initial data concatenates into processing module, for the cipher mode in conjunction with CRC coding and one-time pad, generate the message authentication code MAC value of origination message M, and according to the position of prior agreement MAC value is inserted in origination message and generates initial data string, wherein, the position of MAC value in origination message M is arranged in advance by transmit leg and recipient;
Error correcting code coding module, for carrying out the error correcting code coding of specifying progression to initial data string, wherein, at every one-level error correcting code coding, error correcting code coding module all proceeds as follows, until complete the error correction coding of specifying progression:
Data bit string is divided into multiple groups of regular length;
All carrying out prior bracing wire displacement of arranging to often organizing data, forming new data bit string;
Error correction coding at the corresponding levels is carried out to the data bit string after bracing wire displacement;
Message transmission module, for ganging up classical channel sent to recipient by completing the data bit after specifying progression error correction coding;
Message reception module, for receiving the data from message transmission module;
Decoding processing module, for according to predetermined decoded mode to data string receiving to data carry out the decoding of corresponding progression, wherein, in every one-level decoding, decoding processing module all proceeds as follows, until complete the decoding of specifying progression:
Decoding is carried out to data;
Data after decoding are divided into multiple groupings of regular length;
The inverse permutation of the bracing wire displacement that each grouping uses according to transmit leg is operated;
Initial data string Recovery processing module, for obtaining the MAC value of origination message M and M from the serial data after decoding according to the position of arranging in advance;
Message authentication code computing module, for according to predetermined account form, calculates the MAC value of the message M extracted;
Message judge module, for comparing the MAC value calculated and the MAC value extracted, if the two is identical, then judges that the origination message M obtained comes from transmit leg really, and is not tampered, otherwise be considered as not passing through certification.
6., as claimed in claim 5 for the classical channel massage authenticate device of quantum key dispatching system, it is characterized in that, in error correcting code coding module and decoding processing module, the bracing wire displacement used and inverse permutation are arranged in advance by transmit leg and recipient.
CN201210443964.4A 2012-11-08 2012-11-08 Classical channel message authentication method and device for quantum key distribution system Expired - Fee Related CN102904726B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210443964.4A CN102904726B (en) 2012-11-08 2012-11-08 Classical channel message authentication method and device for quantum key distribution system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210443964.4A CN102904726B (en) 2012-11-08 2012-11-08 Classical channel message authentication method and device for quantum key distribution system

Publications (2)

Publication Number Publication Date
CN102904726A CN102904726A (en) 2013-01-30
CN102904726B true CN102904726B (en) 2015-07-01

Family

ID=47576780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210443964.4A Expired - Fee Related CN102904726B (en) 2012-11-08 2012-11-08 Classical channel message authentication method and device for quantum key distribution system

Country Status (1)

Country Link
CN (1) CN102904726B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103532705B (en) * 2013-10-30 2016-08-17 上海朗研光电科技有限公司 A kind of code book method of calibration for quantum secret communication
CN105553648B (en) 2014-10-30 2019-10-29 阿里巴巴集团控股有限公司 Quantum key distribution, privacy amplification and data transmission method, apparatus and system
CN105991285B (en) 2015-02-16 2019-06-11 阿里巴巴集团控股有限公司 Identity identifying method, apparatus and system for quantum key distribution process
CN106027230B (en) * 2015-03-28 2019-04-09 北京大学 A method of carrying out error code correction in the processing after quantum key distribution
CN106027231B (en) * 2015-03-28 2019-04-05 北京大学 A method of cascade error correction being carried out to error code in the processing after quantum key distribution
GB2542751B (en) * 2015-07-02 2021-08-18 Kent Adrian Future position commitment
CN105049197B (en) * 2015-08-04 2018-06-29 电子科技大学 Challenge model library method for building up in quantum cryptographic protocols
CN106470101B (en) 2015-08-18 2020-03-10 阿里巴巴集团控股有限公司 Identity authentication method, device and system for quantum key distribution process
CN106411525B (en) * 2016-09-23 2019-12-13 浙江神州量子网络科技有限公司 Message authentication method and system
CN106452788A (en) * 2016-10-17 2017-02-22 清华大学 Quantum information authentication apparatus and method
CN106411511B (en) * 2016-11-18 2019-07-19 浙江神州量子网络科技有限公司 A kind of error correction method of multi-party quantum key distribution system
CN108632218A (en) * 2017-03-21 2018-10-09 罗伯特·博世有限公司 Method and apparatus for message safety
CN108111302B (en) * 2017-12-13 2020-10-23 安徽大学 Quantum method for safely calculating Hamming distance based on Bell state
CN108173649B (en) * 2018-01-10 2020-08-11 如般量子科技有限公司 Message authentication method and system based on quantum key card
CN109450590A (en) * 2018-08-24 2019-03-08 浙江九州量子信息技术股份有限公司 The adaptive cipher key machinery of consultation based on quasi-cyclic LDPC for QKD
CN109150518B (en) * 2018-09-14 2020-12-18 北京信息科技大学 Double-channel information transmission method oriented to quantum key distribution
US11139963B2 (en) * 2019-09-12 2021-10-05 General Electric Company Communication systems and methods
CN111522685B (en) * 2019-10-16 2023-05-12 中国南方电网有限责任公司 Distributed storage method and apparatus, server, and computer-readable storage medium
CN112311554B (en) * 2020-11-04 2022-08-12 中国人民解放军战略支援部队信息工程大学 Strong authentication method and system based on quantum symmetric key
CN112600666B (en) * 2020-11-18 2022-04-26 中山大学 Quantum secure communication method and device, computer equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697512A (en) * 2009-11-09 2010-04-21 中国电子科技集团公司第三十研究所 Method and system for anti-interference quantum secure direct communication
CN102664710A (en) * 2012-05-17 2012-09-12 北京航空航天大学 Data integrity protection method for wireless channel

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7227955B2 (en) * 2003-02-07 2007-06-05 Magiq Technologies, Inc. Single-photon watch dog detector for folded quantum key distribution system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101697512A (en) * 2009-11-09 2010-04-21 中国电子科技集团公司第三十研究所 Method and system for anti-interference quantum secure direct communication
CN102664710A (en) * 2012-05-17 2012-09-12 北京航空航天大学 Data integrity protection method for wireless channel

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"One-way information reconciliation schemes of quantum key distribution";Yang L, Li Z;《arXiv:1201.1196v3 [quant-ph]》;20120514;第2-5节 *
"基于一次一密的量子身份识别方案";潘江游,杨理;《中国科学院研究生院学报》;20120331;第29卷(第2期);全文 *

Also Published As

Publication number Publication date
CN102904726A (en) 2013-01-30

Similar Documents

Publication Publication Date Title
CN102904726B (en) Classical channel message authentication method and device for quantum key distribution system
CN102916806B (en) Cryptograph key distribution system
CN107359985B (en) Controlled quantum secure direct communication method based on Huffman compression coding
CN104780022B (en) Safe transmission method of physical layer and system based on channel coding matrix dynamic change
CN104468097B (en) A kind of secure data communication implementation method based on quantum key distribution
Yang et al. Arbitrated quantum signature of classical messages against collective amplitude damping noise
CN101714910B (en) Anti-pollution network encoding method based on probability detection
CN105024801B (en) Quantum encryption communication method
CN108449145B (en) A kind of ciphertext transmission method based on quantum key
CN112769558B (en) Code rate self-adaptive QKD post-processing method and system
CN103684772B (en) Dynamic deficiency encryption system
CN102449951B (en) For performing the method for cryptographic tasks in electronic building brick
CN106027230A (en) Method for carrying out Hamming error correction for error code in quantum secret key distribution postprocessing
Yu-Guang et al. Scalable arbitrated quantum signature of classical messages with multi-signers
CN102611557B (en) Safe network coding data transmission method based on knapsack cryptosystem
Yan et al. Quantum secure direct communication protocol with mutual authentication based on single photons and bell states
CN102045161A (en) Quantum key agreement method
CN101854347B (en) User ID authentication method and system based on quantum network
CN1447558A (en) Quantum encryption method for realizing safety communication
CN105978684B (en) Safe communication system and method based on open Limited Feedback and dynamic matrix coding
Hwang et al. Probabilistic authenticated quantum dialogue
Wang et al. Communication with partial noisy feedback
CN110932863A (en) Generalized signcryption method based on coding
Sloane Error-correcting codes and cryptography
Yamamura et al. Error detection and authentication in quantum key distribution

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150701

Termination date: 20191108

CF01 Termination of patent right due to non-payment of annual fee