CN108737075A - A kind of method, apparatus and system generating shared key - Google Patents
A kind of method, apparatus and system generating shared key Download PDFInfo
- Publication number
- CN108737075A CN108737075A CN201710240078.4A CN201710240078A CN108737075A CN 108737075 A CN108737075 A CN 108737075A CN 201710240078 A CN201710240078 A CN 201710240078A CN 108737075 A CN108737075 A CN 108737075A
- Authority
- CN
- China
- Prior art keywords
- network node
- error rate
- bit error
- data
- relaying
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
Abstract
An embodiment of the present invention provides the method, apparatus and system that generate shared key, in preset link, between two adjacent network nodes, after the shared data for obtaining two adjacent network nodes, and shared key is obtained without error correction operation and privacy amplification operation, communication directly is encrypted using the shared data of two adjacent network nodes.Relay node need not carry out privacy amplification operation in the preset link, and, it is not that each relay node is required for carrying out error correction operation yet, therefore, reduce the load of relay node in preset link, also, the program can be applied in the link with any number of relay network nodes, and the efficiency of network communication is improved.
Description
Technical field
The present invention relates to fields of communication technology, more particularly to a kind of method, apparatus and system generating shared key.
Background technology
Quantum communications are a kind of new communication technologys being combined quantum theory and information theory, can under physics limit,
High performance communication is realized using quantum effect.It is with quantum key distribution (Quantum Key Distribution, QKD) agreement
The quanta cryptology technique on basis is one of most important practical application in quantum communications.Quantum cryptography networks are close using quantum
A kind of secure communication network of code technology.
Quantum cryptography networks include two kinds of network nodes, and one is terminal network node, another kind is relay network node,
Each network node includes a QKD equipment.One terminal network node can via at least one relay network node, with
Communication is encrypted using shared key in another terminal network node.
The method that two terminal network nodes obtain shared key is as follows:Using each between per two adjacent network nodes
Quantum communications are carried out from the QKD equipment possessed, obtain the shared quantal data of two adjacent network nodes;Per adjacent
The shared quantal data obtained is screened between two network nodes, obtains being total to for two adjacent network nodes
Data are enjoyed, and estimate the bit error rate of the shared data;Cross-check information between per two adjacent network nodes, according to the school
It tests information and correcting data error operation is carried out to the shared data obtained, also to carry out privacy amplification operation, obtain adjacent two
Shared key between network node;One link for including first terminal network node and second terminal network node utilizes
Communication is encrypted in shared key in the link between every two adjacent network nodes, ultimately generates first terminal network section
The shared key of point and second terminal network node.
The method of the shared key of two terminal nodes of above-mentioned generation, will cross-check letter between each two network node
Breath will execute correcting data error operation and privacy amplification operation, lead to the relay network node load for belonging to a plurality of different links
Greatly, the communication quality of quantum cryptography networks is influenced.
Invention content
Present invention solves the technical problem that being to provide a kind of method, apparatus and system generating shared key, to real
The load for now reducing relay network node, improves the communication quality of quantum cryptography networks.
For this purpose, the technical solution that the present invention solves technical problem is:
A method of shared key is generated, the method includes:
First network node encodes primary data according to preset error correcting code, obtains relaying data and verification is believed
Breath, the first network node is terminal network node;
The first network node obtains the bit error rate of shared data and the shared data, and the shared data is described
The shared data of first network node and the second network node, the first network node is with second network node default
Link in it is direct-connected, second network node is relay network node;
The first network node is encrypted the relaying data using the shared data, obtains relaying ciphertext;
The first network node is by the relaying ciphertext, the check information, the bit error rate of the shared data and
The accumulative bit error rate is sent to second network node, and the accumulative bit error rate is the bit error rate of the shared data;
When receiving the privacy amplification factor that third network node is sent in the preset link, the first network
Node according to the privacy amplification factor to the primary data carry out privacy amplify operation, obtain the first network node with
The shared key of the third network node, the third network node is terminal network node.
In one example, the method further includes:
The first network node judges whether the bit error rate of the shared data is more than preset threshold value, if not, holding
The row first network node is encrypted the relaying data using the shared data, obtains relaying ciphertext.
In one example,
The primary data is random number.
In one example,
The primary data is the shared data of the first network node and second network node.
A method of shared key is generated, the method includes:
Second network node receives the first relaying ciphertext that first network node is sent, check information, the first accumulative error code
Rate and the first bit error rate set, first bit error rate set include all to the shared data of relaying data encryption
The bit error rate, the first network node are terminal network node or relay network node, and second network node is relaying
Network node, the first network node and second network node are direct-connected in preset link;
Second network node obtains the first shared data, close to first relaying using first shared data
Text is decrypted, and obtains the relaying data, and first shared data is second network node and the first network
The shared data of node;
Second network node obtains the bit error rate of the second shared data and the second shared data, and described second is total
The shared data that data are second network node and third network node is enjoyed, the third network node is junction network section
Point or terminal network node, second network node are direct-connected in the preset link with the third network node;
Second network node calculates the sum of the bit error rate of the described first accumulative bit error rate and second shared data,
Obtain the second accumulative bit error rate;
Second network node is according to the described second accumulative bit error rate, and preset Error Correct Threshold value, described second is shared
Data obtain the second relaying ciphertext and third adds up the bit error rate;
Second relaying ciphertext, the check information, the third described in second network node add up the bit error rate, with
And second bit error rate set be sent to the third network node, second bit error rate set includes first bit error rate collection
Close the bit error rate with second shared data.
In one example, second network node is according to the described second accumulative bit error rate, preset Error Correct Threshold value,
Second shared data obtains the second relaying ciphertext and the accumulative bit error rate of third includes:
When the described second accumulative bit error rate is more than the preset Error Correct Threshold value, second network node utilizes institute
It states check information and error correction operation is carried out to the relaying data, using second shared data to the relaying number after error correction
The first ciphertext is obtained according to being encrypted, using first ciphertext as the second relaying ciphertext, by second shared data
The bit error rate as the third add up the bit error rate.
In one example, second network node is according to the described second accumulative bit error rate, preset Error Correct Threshold value,
Second shared data obtains the second relaying ciphertext and the accumulative bit error rate of third includes:
When the described second accumulative bit error rate is not more than the preset Error Correct Threshold value, second network node utilizes
Second shared data is encrypted the relaying data and obtains the second ciphertext, using second ciphertext as described second
Ciphertext is relayed, adds up the bit error rate using the described second accumulative bit error rate as the third.
A method of shared key is generated, the method includes:
Third network node receives the relaying ciphertext that the second network node is sent, and check information adds up the bit error rate and mistake
Code check set, the bit error rate set include the bit error rate of the shared data of all-network node in preset link, and described
Three network nodes are terminal network nodes, and second network node is relay network node;
The third network node obtains shared data, and the relaying ciphertext is decrypted using the shared data,
Relaying data are obtained, the shared data is the shared data of second network node and the third network node;
The third network node obtains initial according to the relaying data, the check information, the accumulative bit error rate
Data;
The third network node is according to the bit information digit of the primary data, the bit error rate set acquisition privacy
Amplification factor;
Privacy amplification factor described in the third network node is sent to first network node, the first network node
It is terminal network node;
The third network node carries out privacy to the primary data according to the privacy amplification factor and amplifies operation, obtains
Obtain the shared key of the first network node and the third network node.
In one example, the third network node is according to the relaying data, the check information, the accumulative mistake
Code check obtains primary data:
When the accumulative bit error rate is not 0, the third network node is according to the check information to the relaying number
According to progress error correction operation;
The third network node is decoded the relaying data after error correction using preset error correcting code, obtains just
Beginning data.
In one example, the third network node is according to the relaying data, the check information, the accumulative mistake
Code check obtains primary data:
When the accumulative bit error rate is 0, the third network node is using preset error correcting code to the relaying data
It is decoded, obtains primary data.
In one example, the third network node is according to the bit information digit of the primary data, the error code
Rate set obtains privacy amplification factor:
The third network node calculates the noise entropy of the bit error rate of each shared data in the bit error rate set;
The third network node calculate the noise entropy of all shared datas and as giving up information list amount;
The third network node calculates bit informational capacity and gives up the difference of informational capacity as the privacy times magnification
Number, the bit information total amount is the product of the bit information digit and 1 bit information amount of the primary data, described to give up letter
Breath total amount is the bit information digit of the primary data and the product for giving up information list amount.
A kind of first network node generating shared key, the first network node is terminal network node, described the
One network node is direct-connected in preset link with the second network node, and second network node is relay network node, the
Three network nodes are terminal network nodes, and the first network node includes:
Coding unit obtains relaying data and verification is believed for being encoded to primary data according to preset error correcting code
Breath;
Acquiring unit, the bit error rate for obtaining shared data and the shared data, the shared data are described
The shared data of one network node and the second network node;
Encryption unit obtains relaying ciphertext for the relaying data to be encrypted using the shared data;
Transmission unit, for by the relaying ciphertext, the check information, the bit error rate of the shared data and accumulative
The bit error rate is sent to second network node, and the accumulative bit error rate is the bit error rate of the shared data;
Arithmetic element, for when the privacy amplification factor for receiving third network node transmission in the preset link
When, according to the privacy amplification factor to the primary data carry out privacy amplify operation, obtain the first network node with
The shared key of the third network node.
In one example, the first network node further includes:
Judging unit, for judging whether the bit error rate of the shared data is more than preset threshold value, if it is not, then described
Encryption unit is encrypted the relaying data using the shared data, obtains relaying ciphertext.
A kind of the second network node generating shared key, first network node is with second network node preset
Direct-connected in link, the first network node is terminal network node or relay network node, and second network node is
Relay network node, second network node is direct-connected in the preset link with third network node, the third net
Network node is relay network node or terminal network node, and second network node includes:
Receiving unit, the first relaying ciphertext for receiving the transmission of first network node, check information, the first accumulative error code
Rate and the first bit error rate set, first bit error rate set include all to the shared data of relaying data encryption
The bit error rate;
First acquisition unit, for obtaining the first shared data, using first shared data to first relaying
Ciphertext is decrypted, and obtains the relaying data, and first shared data is second network node and first net
The shared data of network node;
Second acquisition unit, the bit error rate for obtaining the second shared data and the second shared data, described second is total
Enjoy the shared data that data are second network node and third network node;
Computing unit, the sum of the bit error rate for calculating the described first accumulative bit error rate and second shared data, is obtained
Obtain the second accumulative bit error rate;
Third acquiring unit, for according to the described second accumulative bit error rate, preset Error Correct Threshold value, described second is shared
Data obtain the second relaying ciphertext and third adds up the bit error rate;
Transmission unit, for relaying ciphertext, the check information by described second, the third adds up the bit error rate, and
Second bit error rate set is sent to the third network node, and second bit error rate set includes first bit error rate set
With the bit error rate of second shared data.
In one example,
The third acquiring unit is additionally operable to be more than the preset Error Correct Threshold value when the described second accumulative bit error rate
When, using the check information to the relaying data carry out error correction operation, using second shared data to error correction after
The relaying data, which are encrypted, obtains the first ciphertext, first ciphertext is relayed ciphertext as described second, by described the
The bit error rate of two shared datas adds up the bit error rate as the third.
In one example,
The third acquiring unit is additionally operable to be not more than the preset Error Correct Threshold value when the described second accumulative bit error rate
When, using second shared data to the relaying data be encrypted obtain the second ciphertext, using second ciphertext as
The second relaying ciphertext, adds up the bit error rate using the described second accumulative bit error rate as the third.
A kind of third network node generating shared key,
Second network node and the third network node are direct-connected in preset link, during second network node is
After network node, the third network node is terminal network node, and the third network node includes:
Receiving unit, the relaying ciphertext for receiving the transmission of the second network node, check information add up the bit error rate and mistake
Code check set, the bit error rate set include the bit error rate of the shared data of all-network node in preset link;
First acquisition unit is decrypted the relaying ciphertext using the shared data for obtaining shared data,
Relaying data are obtained, the shared data is the shared data of second network node and the third network node;
Second acquisition unit, for according to the relaying data, the check information, the accumulative bit error rate to obtain initial
Data;
Third acquiring unit, for the bit information digit according to the primary data, the bit error rate set obtains hidden
Private amplification factor;
Transmission unit, for the privacy amplification factor to be sent to first network node, the first network node is
Terminal network node;
4th acquiring unit amplifies operation for carrying out privacy to the primary data according to the privacy amplification factor,
Obtain the shared key of the first network node and the third network node.
In one example,
The second acquisition unit is additionally operable to when the accumulative bit error rate is not 0, according to the check information to described
It relays data and carries out error correction operation;The relaying data after error correction are decoded using preset error correcting code, are obtained initial
Data.
In one example,
The second acquisition unit is additionally operable to when the accumulative bit error rate is 0, using preset error correcting code in described
It is decoded after data, obtains primary data.
In one example, the third acquiring unit includes:
First computation subunit, the noise entropy for calculating the bit error rate of each shared data in the bit error rate set;
Second computation subunit, for calculate all shared datas noise entropy and as giving up information list amount;
Third computation subunit is amplified for calculating bit informational capacity and giving up the difference of informational capacity as the privacy
Multiple, the bit information total amount is the product of the bit information digit and 1 bit information amount of the primary data, described to give up
Informational capacity is the bit information digit of the primary data and the product for giving up information list amount.
A kind of system generating shared key, the system comprises:
First network node described in one the above, the second network node described at least one the above, with
And the third network node described in a above.
According to the above-mentioned technical solution, the method have the advantages that:
An embodiment of the present invention provides the method, apparatus and system that generate shared key, in preset link, adjacent two
Between a network node, after the shared data for obtaining two adjacent network nodes, and without error correction operation and privacy
Amplify operation and obtain shared key, communication directly is encrypted using the shared data of two adjacent network nodes.This is pre-
If link in relay node need not carry out privacy amplification operation, also, be not that each relay node is required for carrying out yet
Therefore error correction operation reduces the load of relay node in preset link, also, the program can be applied with arbitrary
In the link of multiple relay network nodes, the efficiency of network communication is improved.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is quantum cryptography networks structural schematic diagram provided in an embodiment of the present invention;
Fig. 2 is a kind of one example flow chart of method generating shared key provided in an embodiment of the present invention;
Fig. 3 is the method another example flow chart provided in an embodiment of the present invention for generating shared key;
Fig. 4 is the method yet another embodiment flow chart provided in an embodiment of the present invention for generating shared key;
Fig. 5 is the first network node structure schematic diagram provided in an embodiment of the present invention for generating shared key;
Fig. 6 is the second network node structure schematic diagram provided in an embodiment of the present invention for generating shared key;
Fig. 7 is the third network node structure schematic diagram provided in an embodiment of the present invention for generating shared key;
Fig. 8 is the system structure diagram provided in an embodiment of the present invention for generating shared key.
Specific implementation mode
In order to provide the implementation for the load for reducing relay network node, generated altogether an embodiment of the present invention provides a kind of
The method, apparatus and system of key are enjoyed, preferred embodiment of the present invention will be described below in conjunction with Figure of description.
Structure shown in FIG. 1 includes source terminal network node, at least one relay network node, purpose terminal network section
Point, source terminal network node are communicated by least one relay network node with the purpose terminal network node, i.e., source is whole
The link that end network node is communicated with purpose terminal network node is the preset link.Preset link, can not only
Indicate network node included in the link, moreover it is possible to indicate the transmission sequence between network node of the data in the link.
In preset link, per two adjacent network nodes QKD equipment by quantum communications, obtain this adjacent two
The shared quantal data of a network node often carries out the shared quantal data obtained between two adjacent network nodes
Screening, obtains the shared data of two adjacent network nodes, and estimate the bit error rate of the shared data.
If the bit error rate of the shared data of two adjacent network nodes is more than preset when giving up the bit error rate, the phase is indicated
The QKD equipment of two adjacent network nodes is by quantum communications, the shared quantum of two adjacent network nodes for being obtained
Data are unavailable, delete the shared data of two adjacent network nodes, re-use QKD equipment and carry out quantal data point
Hair.Wherein, this it is preset give up practical experience of the bit error rate according to technical staff, could be provided as 11%, can also be according to reality
Other specific values are arranged in border situation, and which is not described herein again.
The bit error rate of the shared data of two adjacent network nodes, the nodal point separation of adjacent with this two network nodes
From the several factors such as ambient noise are related, and the bit error rate of the shared data may be 0 to preset times given up between the bit error rate
Meaning value.If the bit error rate of the shared data is more than preset threshold value, the BER excess of the shared data is indicated, it is total using this
The error for enjoying the ciphertext that gained is encrypted in data is big, has been more than the error correcting capability of used preset error correcting code.At this point, should
The shared check information of interaction between two adjacent network nodes shares check information using this and carries out error correction to the shared data
Operation, then privacy amplification operation is carried out, the shared key between two adjacent network nodes is obtained as new shared number
According to, and the bit error rate of the shared data is set as 0.Wherein, preset threshold value is according to the practical experience of technical staff, Ke Yishe
It is set to 6%, other specific values can also be set according to actual conditions, and which is not described herein again.
Before executing the method that the embodiment of the present invention is provided, above-mentioned steps are first carried out, are finally obtained in preset link
The bit error rate of the shared data of shared data and two adjacent network nodes per two adjacent network nodes.Under
Method in face of obtaining the shared key of source terminal network node and purpose terminal network node in the preset link carries out detailed
Thin description.
Fig. 2 is a kind of method flow diagram generating shared key provided in an embodiment of the present invention, and method shown in Fig. 2 is by one
Source terminal network node is executive agent in the preset link of item, including:
201:First network node encodes primary data according to preset error correcting code, obtains relaying data and verification
Information, which is terminal network node.
First network node is a terminal network node in preset link, i.e. source terminal network shown in Fig. 1
Node.First network node obtains a primary data, which is the source data of generated shared key.First net
Network node obtains primary data, and there are two types of possible realization methods:The first possible realization method, is generated using true random number
Device generates the true random number of a preset length as the primary data;Second of possible realization method, by first network section
The shared data with the second network node is put as the primary data.Wherein, the second network node is in preset link and should
The direct-connected relay network node of first network node.
First network node obtains preset error correcting code, coding mode used by which can characterize and
Decoding process, and the maximum error rate that can correct.For example, preset error correcting code can be polarization code, and Hamming code, convolution
Code, BCH (Bose Ray-Chaudhuri Hocquenghem) code, in grid code or RS (Reed-solomon, inner institute) code
Any one.
First network node encodes primary data according to preset error correcting code, obtains relaying data and verification is believed
Breath, illustrated by taking polarization code as an example, determine the bit value of the fixed bit and fixed bit in polarization code, using primary data as
Information bit in polarization code encodes the information bit and fixed bit using the encoder matrix of polarization code, obtains relaying data,
Using the location information of fixed bit and bit value as check information.It is, of course, also possible to select other error correction according to practical application
Code, no longer repeats one by one here.
202:First network node obtains the bit error rate of shared data and shared data, which is first network section
The shared data of point and the second network node, first network node and the second network node are direct-connected in preset link, and second
Network node is relay network node.
203:First network node is encrypted the relaying data using the shared data, obtains relaying ciphertext.
The above has been described in detail, every in preset link before executing the method that the embodiment of the present invention is provided
By the quantum communications of QKD equipment between two adjacent network nodes, the bit error rate of shared data and shared data is obtained.
Therefore, first network node obtains the first network node and the shared data of the second network node and the error code of shared data
Rate, in preset link, the second network node is the relay network node direct-connected with first network node.
First network node, which is utilized, is encrypted relaying data with the shared data of the second network node, and it is close to obtain relaying
Text.After second network node receives the relaying ciphertext, it can utilize close to the relaying with the shared data of first network node
Text is decrypted, and obtains the relaying data.
First network node and the second network node are two network nodes adjacent in preset link, first network section
The obtained relaying ciphertext of point, is to be encrypted to be obtained using the shared data of first network node and the second network node
, rather than the shared key of first network node and the second network node.That is, first network node and the second network
After node obtains shared data, being total to by complicated operation acquisition first network node and the second network node is not needed to
Enjoy key.
204:First network node is by the relaying ciphertext, the check information, the bit error rate of the shared data and accumulative misses
Code check is sent to the second network node, which is the bit error rate of the shared data.
First network node will relay ciphertext, check information, the shared data of first network node and the second network node
The bit error rate and the accumulative bit error rate be sent to the second network node.Since first network node is in preset link
One network node then adds up the bit error rate that the bit error rate is the shared data of the first network node and the second network node.
After second network node receives the relaying ciphertext that first network node is sent, first network node and the second net are utilized
The relaying ciphertext is decrypted in the shared data of network node, obtains relaying data.Second network node can according to routing table,
Find next-hop network node direct-connected with the second network node in the preset link.Second network node obtain this second
The shared data of network node and next-hop network node in preset link, using in the second network node and preset link
The shared data of next-hop network node obtains another relaying ciphertext to the relaying data encryption after relaying data or error correction
The next-hop network node direct-connected with the second network node is sent in preset link.Relay data according to the method described above, quilt
Each network node in preset link encrypts forwarding successively, until being forwarded to another terminal network in the preset link
Node, that is, third network node, whole process are key relaying.
After third network node obtains relaying ciphertext in preset link, acquisition relaying number is decrypted to the relaying ciphertext
According to carrying out error correction operation to the relaying data, acquisition primary data be decoded to the relaying data after error correction, calculate privacy and put
Big multiple, using the privacy amplification factor to the primary data carry out privacy amplification operation (also known as:Secret amplifies operation), it obtains
The shared key of first network node and third network node.The third network node privacy amplification factor is sent to the first net
Network node.
205:When receiving the privacy amplification factor that third network node is sent in preset link, first network node
Privacy is carried out to primary data according to the privacy amplification factor and amplifies operation, obtains first network node and the third network section
The shared key of point, third network node is terminal network node.
When first network node receives the privacy amplification factor of third network node transmission, the privacy amplification factor is utilized
Privacy is carried out to primary data and amplifies operation, obtains the shared key of first network node and the third network node.Wherein,
First network node is with third network node using the algorithm of identical privacy amplification operation.The algorithm of privacy amplification operation has
The algorithm of any one available privacy amplification operation in the prior art may be used in many kinds, such as:Paper " quantum key
The algorithm of privacy amplification operation described in the research of distribution secret amplification " (author Du Pengyan, in June, 2013).Certainly, may be used also
To amplify the algorithm of operation using other privacies, no longer repeat one by one here.
Method shown in Fig. 2, is mainly described in detail, the operating method of source terminal network node in preset link.Under
Face will be in preset link, the operating method of each relay network node, i.e., how each relay network node be to relaying number
It is described in detail according to key relaying is carried out.
Fig. 3 is the method flow diagram provided in an embodiment of the present invention for generating shared key, and method shown in Fig. 3 is pre- by one
If link in relay network node be executive agent, including:
301:Second network node receives the first relaying ciphertext that first network node is sent, and check information, first is accumulative
The bit error rate and the first bit error rate set, first bit error rate set include all to the shared data of relaying data encryption
The bit error rate, first network node is terminal network node or relay network node, and the second network node is junction network section
Point, first network node and second network node are direct-connected in preset link.
Second network node is relay network node, and first network node is straight with the second network node in preset link
Upper hop network node even, first network node can be terminal network node, and first network node can also be trunk network
Network node.
Second network node receives the first relaying ciphertext that first network node is sent, which is by first
The ciphertext that the shared key of network node and the second network node is encrypted.Second network node also receives first network node
The first accumulative bit error rate sent, the first accumulative bit error rate are at least one shared numbers crossed to relaying key data encryption
According to the bit error rate accumulative and.
Obtaining the first accumulative bit error rate, there are three types of realize scene:
First scene, if first network node is terminal network node, the first accumulative bit error rate is then first network section
The bit error rate of point and the shared data of the second network node, and the shared data of the first network node and the second network node
It is the shared data to relaying data encryption.
Second scene, if first network node is relay network node, in the preset link, source terminal network node with
First network node is direct-connected, if the then bit error rate of source terminal network node and the shared data of first network node, first network
The bit error rate of the shared data of node and the second network node, if the bit error rate of above-mentioned two shared data and no more than default
Error Correct Threshold value, then the first accumulative bit error rate is the sum of the bit error rate of above-mentioned two shared data;If above-mentioned two is shared
The bit error rate of data and be more than preset Error Correct Threshold value, then the first accumulative bit error rate is first network node and the second net
The bit error rate of the shared data of network node.
Third scene, if first network node is relay network node, in preset link, source terminal network node via
Multiple relay network nodes are connected with first network node, then the first accumulative bit error rate then be sequentially in time, add up and not
More than the preset Error Correct Threshold value, and recently to the accumulative of at least one shared data for crossing of relaying encrypted data and.
Since third scene is more complicated, third scene is illustrated below.In preset link, source terminal net
Network node is between first network node, including relay network node A1, relay network node A2, relay network node A3, in
After network node A4.If source terminal network node and the bit error rate of the shared data of relay network node A1 are B1, junction network
The bit error rate of the shared data of node A1 and relay network node A2 is B2, relay network node A2 and relay network node A3
The bit error rate of shared data is that the bit error rate of the shared data of B3, relay network node A3 and relay network node A4 is B4, in
After the bit error rate of network node A4 and the shared data of first network node be B5, first network node and the second network node
The bit error rate of shared data is B6.It is assumed that B1, B2 and B3 and be more than preset Error Correct Threshold value, B3 and B4's and more than pre-
If Error Correct Threshold value, B4, B5 and B6's and be not more than preset Error Correct Threshold value.Then relay network node A2 is to junction network
The accumulative bit error rate that node A3 is sent is B3, and the accumulative bit error rate that relay network node A3 is sent to relay network node A4 is
B4, the accumulative bit error rate that first network node is sent to the second network node are the sum of B4, B5 and B6.
First bit error rate set includes all bit error rates to the shared data for relaying data encryption.Above-mentioned first
Under scape, the first bit error rate set only includes the bit error rate of the shared data of first network node and the second network node.Above-mentioned
Under two scenes, the first bit error rate set includes the bit error rate of source terminal network node and the shared data of first network node, with
And the bit error rate of the shared data of first network node and the second network node.Under above-mentioned third scene, the first bit error rate set
Including in preset link, from source terminal network node to the sublink of the second network node in, between each two network node
Shared data the bit error rate.I.e. in examples detailed above, B1, B2, B3, B4, the sum of B5 and B6.
302:Second network node obtains the first shared data, is solved using the first shared data pair first relaying ciphertext
It is close, relaying data are obtained, which is the shared data of the second network node and first network node.
303:Second network node obtains the bit error rate of the second shared data and the second shared data, this is second shared
Data are the shared datas of the second network node and third network node, and third network node is relay network node or terminal
Network node, the second network node are direct-connected in preset link with third network node.
Second network node is obtained with the shared data of first network node as the first shared data, and first relaying is close
Text is that acquisition is encrypted by the first shared data, is decrypted, is obtained using the first shared data pair first relaying ciphertext
Relay data.
Relaying data forwarding of second network node in order to be obtained obtains the second network node to third network node
Shared data with third network node obtains the bit error rate of the second shared data as the second shared data.Third network
Node is the network node of the second network node next-hop direct-connected in preset link, and third network node can be terminal
Network node can also be relay network node.
304:Second network node calculates the sum of the bit error rate of the first accumulative bit error rate and the second shared data, obtains second
The accumulative bit error rate.
305:Second network node is obtained according to the second accumulative bit error rate, preset Error Correct Threshold value, the second shared data
Second relaying ciphertext and third add up the bit error rate.
Second network node first calculate the bit error rate of the first accumulative bit error rate and the second shared data and, obtain second and tire out
Count the bit error rate.Second network node obtains second according to the second accumulative bit error rate, preset Error Correct Threshold value, the second shared data
It relays ciphertext and third adds up the bit error rate.
In one example, described according to the second accumulative bit error rate, preset Error Correct Threshold value, the acquisition of the second shared data
Second relaying ciphertext and third add up the bit error rate:
When the described second accumulative bit error rate is more than the preset Error Correct Threshold value, second network node utilizes institute
It states check information and error correction operation is carried out to the relaying data, using second shared data to the relaying number after error correction
The first ciphertext is obtained according to being encrypted, using first ciphertext as the second relaying ciphertext, by second shared data
The bit error rate as the third add up the bit error rate.
In another example, described according to the second accumulative bit error rate, preset Error Correct Threshold value, the second shared data obtains
It obtains the second relaying ciphertext and the accumulative bit error rate of third includes:
When the described second accumulative bit error rate is not more than the preset Error Correct Threshold value, second network node utilizes
Second shared data is encrypted the relaying data and obtains the second ciphertext, using second ciphertext as described second
Ciphertext is relayed, adds up the bit error rate using the described second accumulative bit error rate as the third.
Wherein, preset Error Correct Threshold value indicates that the maximum error correcting capability of check information, the i.e. check information can only be corrected
No more than the error of the preset Error Correct Threshold value.Therefore, preset Error Correct Threshold value cannot be less than arbitrary in preset link
The bit error rate of the shared data of two adjacent network nodes.Certainly, preset Error Correct Threshold can not be arranged excessive, verification letter
Breath is bigger, and the trunk information exposed is more, can reduce the efficiency for the shared key finally negotiated.Wherein, preset error correction
A value slightly larger than the bit error rate of maximum shared data in preset link can be arranged in threshold value.For example, this is pre-
If Error Correct Threshold value be set as 6%, i.e., the error code of the shared data of two network nodes of arbitrary neighborhood in preset link
Rate is both less than 6%.
If the second accumulative bit error rate has been more than preset Error Correct Threshold value, indicate according to the second shared data to relaying number
After being encrypted, it has been more than verification letter to recycle the error in the new relaying data obtained after the decryption of the second shared data
The error correcting capability of breath, at this point, can not error correction obtain correctly relaying data, also can not just obtain correct primary data.At this point,
Second network node using the second shared data to relaying data be encrypted before, first use check information to relaying data into
Row error correction operation obtains the relaying data after error correction, and the relaying data after error correction are during source terminal network node is generated
After data.It recycles the second shared data that the relaying data after error correction are encrypted, obtains the first ciphertext as the second relaying
Ciphertext.
If the second accumulative bit error rate is not above preset Error Correct Threshold value, indicate using the second shared data to relaying number
After being encrypted, the error in the new relaying data obtained after the decryption of the second shared data is recycled to be not above verification
The error correcting capability of information.At this point, the second network node without carrying out error correction operation, directly utilizes the second shared data to relaying number
According to being encrypted, the second ciphertext is obtained as the second relaying ciphertext.
It is understood that when the second accumulative bit error rate has been more than preset Error Correct Threshold value, the second network node profit
The relaying data after error correction operation obtains error correction are carried out to relaying data with verification data, the relaying data after the error correction are source
The error of the initial relaying data that terminal network node is generated, i.e., the relaying data after error correction is 0, by the second shared data
The bit error rate as third add up the bit error rate.When the second accumulative bit error rate is not above preset Error Correct Threshold value, the second net
Network node does not carry out error correction to the relaying data of gained after decryption, adds up the bit error rate using the second accumulative bit error rate as third.
Therefore, third, which adds up the bit error rate, to obtain according to the following equation:
306:Second network node the second relaying ciphertext, the check information, the third add up the bit error rate and second
Bit error rate set is sent to third network node, which includes the first bit error rate set and the second shared data
The bit error rate, third network node is relay network node or terminal network node.
Second network node second relays ciphertext, check information, and third adds up the bit error rate and the second bit error rate set
It is sent to third network node.Wherein, include not only all shared numbers in the first bit error rate set in the second bit error rate set
According to the bit error rate, further include the bit error rate of the second shared data.
In preset link, each relay network node is operated all in accordance with the step of 301 to 306, obtains relaying number
According to, then by data encryption is relayed it is transmitted to the network node of next-hop in preset link, it realizes in the key to relaying data
After.By the above process it is found that in preset link, each relay network node amplifies operation without privacy, also, also not
It is that each relay network node is required for carrying out error correction operation, reduces the load of relay network node.
Method shown in Fig. 3, is mainly described in detail, the operating method of relay network node in preset link.Below
It will be in preset link, the operating method of purpose terminal network node be described in detail.
Fig. 4 is the method flow diagram provided in an embodiment of the present invention for generating shared key, and method shown in Fig. 4 is pre- by one
If link in purpose terminal network node be executive agent, including:
401:Third network node receive the second network node send relaying ciphertext, check information, add up the bit error rate with
And bit error rate set, the bit error rate set include the bit error rate of the shared data of all-network node in preset link, third
Network node is terminal network node, and the second network node is relay network node.
402:Third network node obtains shared data, and the relaying ciphertext is decrypted using shared data, obtains
Data are relayed, which is the shared data of second network node and the third network node.
Third network node is the purpose terminal network node of the other end in preset link, and the second network node is default
Link in the relay network node direct-connected with third network node, i.e. third network node is the second network in preset link
The next-hop network node of node.
After third network node receives relaying ciphertext, the shared number of the second network node and third network node is obtained
According to the relaying ciphertext is to encrypt obtained ciphertext using the shared data by the second network node, then utilizes the shared data
Acquisition relaying data are decrypted to relaying ciphertext.
403:Third network node adds up the bit error rate and obtains primary data according to relaying data, check information.
In one example, the third network node is according to the relaying data, the check information, the accumulative mistake
Code check obtains primary data:
When the accumulative bit error rate is not 0, the third network node is according to the check information to the relaying number
According to progress error correction operation;
The third network node is decoded the relaying data after error correction using preset error correcting code, obtains just
Beginning data.
In another example, for the third network node according to the relaying data, the check information is described accumulative
The bit error rate obtains primary data:
When the accumulative bit error rate is 0, the third network node is using preset error correcting code to the relaying data
It is decoded, obtains primary data.
Third network node judges to add up whether the bit error rate is 0.
When the accumulative bit error rate is not 0, the relaying data are indicated there are error, third network node utilizes check information pair
The relaying data carry out error correction operation, obtain the relaying data after error correction, the relaying data after the error correction are source terminal network
The relaying data that node is generated.Third network node is decoded the relaying data after error correction according to preset error correcting code,
Obtain primary data.
When the accumulative bit error rate is 0, indicate that error is not present in the relaying data, which is source terminal network section
The generated relaying data of point.Third network node is directly decoded the relaying data according to preset error correcting code, obtains
Primary data.
404:Third network node is according to the bit information digit of primary data, bit error rate set acquisition privacy times magnification
Number.
In one example, the third network node is according to the bit information digit of the primary data, the error code
Rate set obtains privacy amplification factor:
The third network node calculates the noise entropy of the bit error rate of each shared data in the bit error rate set;
The third network node calculate the noise entropy of all shared datas and as giving up information list amount;
The third network node calculates bit informational capacity and gives up the difference of informational capacity as the privacy times magnification
Number, the bit information total amount is the product of the bit information digit and 1 bit information amount of primary data, and described to give up information total
Amount is the bit information digit of primary data and gives up the product of information list amount.
Third network node obtains the bit information digit of the primary data, it is assumed that each bit information in the primary data
Position includes 1 bit information amount, then the bit information total amount that primary data includes is the bit information digit and 1 of the primary data
The product of bit information amount.
It include the error code of the shared data of all two adjacent network nodes in preset link in bit error rate set
Rate.Third network node calculates the noise entropy of the bit error rate of each shared data in bit error rate set.Third network node calculates
The noise entropy of all shared datas and as giving up information list amount, this is given up information list amount and indicates 1 bit information amount needs
The bit information amount given up.Then need to give up in the primary data gives up the bit information position that informational capacity is the primary data
Number and the product for giving up information list amount.
Then privacy amplification factor is that bit information total amount that primary data includes and primary data give up informational capacity
Difference.
It illustrates:If the bit error rate of any one shared data is P in bit error rate seti, i=1,2,3,4 ..., n, i
For the number of the bit error rate of shared data, n is the number of the bit error rate of shared data.That is the bit error rate of any one shared data
Noise entropy be h (Pi), then give up the sum for the noise entropy that information list amount is all shared datasThat is 1 bit information
Amount needs to give upBit information amount.The bit information digit of primary data is k, it is assumed that is each compared in the primary data
Special information bit includes 1 bit information amount, then the bit information total amount that the primary data includes is k bit information amounts, the initial number
According to comprising informational capacity of giving up beTherefore, privacy amplification factor is
405:Third network node privacy amplification factor is sent to first network node, and first network node is terminal network
Network node.
406:Third network node carries out privacy to primary data according to privacy amplification factor and amplifies operation, obtains the first net
The shared key of network node and third network node.
Third network node privacy amplification factor is sent to first network node, which is preset chain
Source terminal network node in road.Third network node carries out privacy to primary data according to privacy amplification factor and amplifies operation,
Obtain the shared key of first network node and third network node.First network node is also according to privacy amplification factor to initial
Data carry out privacy and amplify operation, obtain the shared key of first network node and third network node.First network node with
The method of privacy amplification operation used by third network node is identical, to which first network node and third network node can
Obtain identical shared key.Communication is encrypted using the shared key in first network node and third network node.
In the prior art, after obtaining shared data per two adjacent network nodes, shared check information can be interacted, profit
Error correction operation is carried out to the shared data with the shared check information, privacy amplification operation is then carried out again, finally obtains this
The shared key of two adjacent network nodes, is encrypted using shared key.But preset link can be led in this way
In, the relay network node load for belonging to multilink is big.
In the embodiment of the present invention, in preset link, between adjacent two network nodes, this adjacent two are obtained
After the shared data of network node, and shared key is obtained without error correction operation and privacy amplification operation, directly utilizes the phase
The shared data of two adjacent network nodes is encrypted.Therefore, in preset link, relay node need not carry out privacy and put
Macrooperation, also, be not also that each relay node is required for carrying out error correction operation, therefore, in reducing in preset link
After the load of node.
What needs to be explained here is that method shown in Fig. 2, method shown in Fig. 3 and method shown in Fig. 4, although
It is mutually related in logic, still, each method is independent from each other in name, even if the same title, representative
Particular content is substantially not necessarily identical, subject to the specific descriptions in describing in this way.
Fig. 5 be it is provided in an embodiment of the present invention generate shared key first network node structure schematic diagram, described first
Network node is terminal network node, and the first network node and the second network node are direct-connected in preset link, described
Second network node is relay network node, and third network node is terminal network node, and the first network node includes:
Coding unit 501 obtains relaying data and verification for being encoded to primary data according to preset error correcting code
Information.
Acquiring unit 502, the bit error rate for obtaining shared data and the shared data, the shared data are described
The shared data of first network node and the second network node.
Encryption unit 503 obtains relaying ciphertext for the relaying data to be encrypted using the shared data.
Transmission unit 504, for by the relaying ciphertext, the check information, the bit error rate of the shared data and
The accumulative bit error rate is sent to second network node, and the accumulative bit error rate is the bit error rate of the shared data.
Arithmetic element 505, for when the privacy times magnification for receiving third network node transmission in the preset link
When number, privacy is carried out to the primary data according to the privacy amplification factor and amplifies operation, obtains the first network node
With the shared key of the third network node.
In one example, the first network node further includes:
Judging unit, for judging whether the bit error rate of the shared data is more than preset threshold value, if it is not, then described
Encryption unit 503 is encrypted the relaying data using the shared data, obtains relaying ciphertext.
First network node shown in fig. 5 be with the network node corresponding to method shown in Fig. 2, specific implementation with
Method shown in Fig. 2 is similar, and with reference to the description of method shown in Fig. 2, which is not described herein again.
Fig. 6 is the second network node structure schematic diagram provided in an embodiment of the present invention for generating shared key, first network
Node and second network node are direct-connected in preset link, the first network node be terminal network node or in
After network node, second network node is relay network node, and second network node is with third network node in institute
State direct-connected in preset link, the third network node is relay network node or terminal network node, second net
Network node includes:
Receiving unit 601, the first relaying ciphertext for receiving the transmission of first network node, check information, first is accumulative
The bit error rate and the first bit error rate set, first bit error rate set include all to the shared number of relaying data encryption
According to the bit error rate.
First acquisition unit 602, for obtaining the first shared data, using first shared data in described first
It is decrypted after ciphertext, obtains the relaying data, first shared data is second network node and described first
The shared data of network node.
Second acquisition unit 603, for obtaining the bit error rate of the second shared data and the second shared data, described the
Two shared datas are the shared datas of second network node and third network node.
Computing unit 604, the sum of the bit error rate for calculating the described first accumulative bit error rate and second shared data,
Obtain the second accumulative bit error rate.
Third acquiring unit 605, for according to the described second accumulative bit error rate, preset Error Correct Threshold value, described second
Shared data obtains the second relaying ciphertext and third adds up the bit error rate.
Transmission unit 606, for relaying ciphertext, the check information by described second, the third adds up the bit error rate, with
And second bit error rate set be sent to the third network node, second bit error rate set includes first bit error rate collection
Close the bit error rate with second shared data.
In one example, the third acquiring unit 605 is additionally operable to when the described second accumulative bit error rate is more than described pre-
If Error Correct Threshold value when, error correction operation is carried out to the relaying data using the check information, it is shared using described second
Data are encrypted the relaying data after error correction and obtain the first ciphertext, using first ciphertext as second relaying
The bit error rate of second shared data is added up the bit error rate by ciphertext.
In one example, the third acquiring unit 605 is additionally operable to when the described second accumulative bit error rate is no more than described
When preset Error Correct Threshold value, the relaying data are encrypted using second shared data and obtain the second ciphertext, it will
Second ciphertext adds up the bit error rate as the second relaying ciphertext using the described second accumulative bit error rate as the third.
First network node shown in fig. 6 is the network node corresponding to method as shown in figure 3, specific implementation with
Method shown in Fig. 3 is similar, and with reference to the description of method shown in Fig. 3, which is not described herein again.
Fig. 7 is the third network node structure schematic diagram provided in an embodiment of the present invention for generating shared key, the second network
Node and the third network node are direct-connected in preset link, and second network node is relay network node, described
Third network node is terminal network node, and the third network node includes:
Receiving unit 701, the relaying ciphertext for receiving the transmission of the second network node, check information, the accumulative bit error rate with
And bit error rate set, the bit error rate set include the bit error rate of the shared data of all-network node in preset link.
First acquisition unit 702 solves the relaying ciphertext using the shared data for obtaining shared data
It is close, relaying data are obtained, the shared data is the shared data of second network node and the third network node.
Second acquisition unit 703, for according to the relaying data, the check information, the accumulative bit error rate acquisition
Primary data.
Third acquiring unit 704, for the bit information digit according to the primary data, the bit error rate set obtains
Privacy amplification factor.
Transmission unit 705, for the privacy amplification factor to be sent to first network node, the first network node
It is terminal network node.
4th acquiring unit 706, for carrying out privacy amplification fortune to the primary data according to the privacy amplification factor
It calculates, obtains the shared key of the first network node and the third network node.
In one example, the second acquisition unit 703 is additionally operable to when the accumulative bit error rate is not 0, according to institute
It states check information and error correction operation is carried out to the relaying data;Using preset error correcting code to the relaying data after error correction into
Row decoding, obtains primary data.
In one example, the second acquisition unit 703 is additionally operable to when the accumulative bit error rate is 0, using default
Error correcting code the relaying data are decoded, obtain primary data.
In one example, the third acquiring unit 704 includes:
First computation subunit, the noise entropy for calculating the bit error rate of each shared data in the bit error rate set;
Second computation subunit, for calculate all shared datas noise entropy and as giving up information list amount;
Third computation subunit is amplified for calculating bit informational capacity and giving up the difference of informational capacity as the privacy
Multiple, the bit information total amount is the product of the bit information digit and 1 bit information amount of the primary data, described to give up
Informational capacity is the bit information digit of the primary data and the product for giving up information list amount.
First network node shown in Fig. 7 is the network node corresponding to method as shown in fig. 4, specific implementation with
Method shown in Fig. 4 is similar, and with reference to the description of method shown in Fig. 4, which is not described herein again.
Fig. 8 is the system structure diagram provided in an embodiment of the present invention for generating shared key, including:
One first network node 801 shown in fig. 5, at least one second network node 802, Yi Jiyi shown in fig. 6
A third network node 803 shown in Fig. 7.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the principle of the present invention, it can also make several improvements and retouch, these improvements and modifications are also answered
It is considered as protection scope of the present invention.
Claims (21)
1. a kind of method generating shared key, which is characterized in that the method includes:
First network node encodes primary data according to preset error correcting code, obtains relaying data and check information, institute
It is terminal network node to state first network node;
The first network node obtains the bit error rate of shared data and the shared data, and the shared data is described first
The shared data of network node and the second network node, the first network node is with second network node in preset chain
Direct-connected in road, second network node is relay network node;
The first network node is encrypted the relaying data using the shared data, obtains relaying ciphertext;
The first network node is by the relaying ciphertext, the check information, the bit error rate of the shared data and accumulative
The bit error rate is sent to second network node, and the accumulative bit error rate is the bit error rate of the shared data;
When receiving the privacy amplification factor that third network node is sent in the preset link, the first network node
According to the privacy amplification factor to the primary data carry out privacy amplify operation, obtain the first network node with it is described
The shared key of third network node, the third network node is terminal network node.
2. according to the method described in claim 1, it is characterized in that, the method further includes:
The first network node judges whether the bit error rate of the shared data is more than preset threshold value, if not, executing institute
It states first network node the relaying data are encrypted using the shared data, obtains relaying ciphertext.
3. according to the method described in claim 1-2 any one, which is characterized in that
The primary data is random number.
4. according to the method described in claim 1-2 any one, which is characterized in that
The primary data is the shared data of the first network node and second network node.
5. a kind of method generating shared key, which is characterized in that the method includes:
Second network node receive first network node send first relaying ciphertext, check information, the first accumulative bit error rate with
And first bit error rate set, first bit error rate set include all error codes to the shared data for relaying data encryption
Rate, the first network node are terminal network node or relay network node, and second network node is junction network
Node, the first network node and second network node are direct-connected in preset link;
Second network node obtains the first shared data, using first shared data to the first relaying ciphertext into
Row decryption, obtains the relaying data, first shared data is second network node and the first network node
Shared data;
Second network node obtains the bit error rate of the second shared data and the second shared data, the described second shared number
According to the shared data for being second network node and third network node, the third network node be relay network node or
Person's terminal network node, second network node are direct-connected in the preset link with the third network node;
Second network node calculates the sum of the bit error rate of the described first accumulative bit error rate and second shared data, obtains
The second accumulative bit error rate;
Second network node is according to the described second accumulative bit error rate, preset Error Correct Threshold value, second shared data
It obtains the second relaying ciphertext and third adds up the bit error rate;
Second relaying ciphertext, the check information, the third described in second network node add up the bit error rate, Yi Ji
Two bit error rate set are sent to the third network node, second bit error rate set include first bit error rate set and
The bit error rate of second shared data.
6. according to the method described in claim 5, it is characterized in that, second network node is according to the described second accumulative error code
Rate, preset Error Correct Threshold value, second shared data obtains the second relaying ciphertext and the accumulative bit error rate of third includes:
When the described second accumulative bit error rate is more than the preset Error Correct Threshold value, second network node utilizes the school
Test information to the relaying data carry out error correction operation, using second shared data to the relaying data after error correction into
Row encryption obtains the first ciphertext, using first ciphertext as the second relaying ciphertext, by the mistake of second shared data
Code check adds up the bit error rate as the third.
7. according to the method described in claim 5, it is characterized in that, second network node is according to the described second accumulative error code
Rate, preset Error Correct Threshold value, second shared data obtains the second relaying ciphertext and the accumulative bit error rate of third includes:
When the described second accumulative bit error rate is not more than the preset Error Correct Threshold value, described in the second network node utilization
Second shared data is encrypted the relaying data and obtains the second ciphertext, using second ciphertext as second relaying
The described second accumulative bit error rate is added up the bit error rate by ciphertext.
8. a kind of method generating shared key, which is characterized in that the method includes:
Third network node receives the relaying ciphertext that the second network node is sent, and check information adds up the bit error rate and the bit error rate
Set, the bit error rate set includes the bit error rate of the shared data of all-network node in preset link, the third net
Network node is terminal network node, and second network node is relay network node;
The third network node obtains shared data, and the relaying ciphertext is decrypted using the shared data, obtains
Data are relayed, the shared data is the shared data of second network node and the third network node;
The third network node obtains primary data according to the relaying data, the check information, the accumulative bit error rate;
The third network node is according to the bit information digit of the primary data, the bit error rate set acquisition privacy amplification
Multiple;
Privacy amplification factor described in the third network node is sent to first network node, and the first network node is eventually
Hold network node;
The third network node carries out privacy to the primary data according to the privacy amplification factor and amplifies operation, obtains institute
State the shared key of first network node and the third network node.
9. according to the method described in claim 8, it is characterized in that, the third network node is according to the relaying data, institute
Check information is stated, the accumulative bit error rate obtains primary data and includes:
When the accumulative bit error rate is not 0, the third network node according to the check information to the relaying data into
Row error correction operation;
The third network node is decoded the relaying data after error correction using preset error correcting code, obtains initial number
According to.
10. according to the method described in claim 8, it is characterized in that, the third network node is according to the relaying data, institute
Check information is stated, the accumulative bit error rate obtains primary data and includes:
When the accumulative bit error rate is 0, the third network node carries out the relaying data using preset error correcting code
Decoding obtains primary data.
11. according to the method described in claim 8-10 any one, which is characterized in that the third network node is according to
The bit information digit of primary data, the bit error rate set obtain privacy amplification factor and include:
The third network node calculates the noise entropy of the bit error rate of each shared data in the bit error rate set;
The third network node calculate the noise entropy of all shared datas and as giving up information list amount;
The third network node calculates bit informational capacity and gives up the difference of informational capacity as the privacy amplification factor, institute
State the product that bit information total amount is the bit information digit and 1 bit information amount of the primary data, described to give up information total
Amount is the bit information digit of the primary data and the product for giving up information list amount.
12. a kind of first network node generating shared key, which is characterized in that
The first network node is terminal network node, and the first network node and the second network node are in preset link
In it is direct-connected, second network node is relay network node, and third network node is terminal network node, the first network
Node includes:
Coding unit obtains relaying data and check information for being encoded to primary data according to preset error correcting code;
Acquiring unit, the bit error rate for obtaining shared data and the shared data, the shared data are first nets
The shared data of network node and the second network node;
Encryption unit obtains relaying ciphertext for the relaying data to be encrypted using the shared data;
Transmission unit is used for the relaying ciphertext, the check information, the bit error rate of the shared data and accumulative error code
Rate is sent to second network node, and the accumulative bit error rate is the bit error rate of the shared data;
Arithmetic element, for when receiving the privacy amplification factor that third network node in the preset link is sent, root
Privacy is carried out to the primary data according to the privacy amplification factor and amplifies operation, obtains the first network node and described the
The shared key of three network nodes.
13. first network node according to claim 12, which is characterized in that the first network node further includes:
Judging unit, for judging whether the bit error rate of the shared data is more than preset threshold value, if it is not, then the encryption
Unit is encrypted the relaying data using the shared data, obtains relaying ciphertext.
14. a kind of the second network node generating shared key, which is characterized in that
First network node and second network node are direct-connected in preset link, and the first network node is terminal network
Network node or relay network node, second network node is relay network node, second network node and third
Network node is direct-connected in the preset link, and the third network node is relay network node or terminal network section
Point, second network node include:
Receiving unit, for receive first network node transmission first relaying ciphertext, check information, the first accumulative bit error rate with
And first bit error rate set, first bit error rate set include all error codes to the shared data for relaying data encryption
Rate;
First acquisition unit, for obtaining the first shared data, using first shared data to the first relaying ciphertext
It is decrypted, obtains the relaying data, first shared data is second network node and the first network section
The shared data of point;
Second acquisition unit, the bit error rate for obtaining the second shared data and the second shared data, the described second shared number
According to the shared data for being second network node and third network node;
Computing unit, the sum of the bit error rate for calculating the described first accumulative bit error rate and second shared data obtain the
The two accumulative bit error rates;
Third acquiring unit, for according to the described second accumulative bit error rate, preset Error Correct Threshold value, second shared data
It obtains the second relaying ciphertext and third adds up the bit error rate;
Transmission unit, for relaying ciphertext, the check information by described second, the third adds up the bit error rate and second
Bit error rate set is sent to the third network node, and second bit error rate set includes first bit error rate set and institute
State the bit error rate of the second shared data.
15. the second network node according to claim 14, which is characterized in that
The third acquiring unit is additionally operable to when the described second accumulative bit error rate is more than the preset Error Correct Threshold value, profit
Error correction operation is carried out to the relaying data with the check information, using second shared data in described after error correction
It is encrypted after data and obtains the first ciphertext, using first ciphertext as the second relaying ciphertext, described second is shared
The bit error rate of data adds up the bit error rate as the third.
16. the second network node according to claim 14, which is characterized in that
The third acquiring unit is additionally operable to when the described second accumulative bit error rate is not more than the preset Error Correct Threshold value,
The relaying data are encrypted using second shared data and obtain the second ciphertext, using second ciphertext as described in
Second relaying ciphertext, adds up the bit error rate using the described second accumulative bit error rate as the third.
17. a kind of third network node generating shared key, which is characterized in that
Second network node and the third network node are direct-connected in preset link, and second network node is trunk network
Network node, the third network node is terminal network node, and the third network node includes:
Receiving unit, the relaying ciphertext for receiving the transmission of the second network node, check information add up the bit error rate and the bit error rate
Set, the bit error rate set includes the bit error rate of the shared data of all-network node in preset link;
First acquisition unit is decrypted the relaying ciphertext using the shared data for obtaining shared data, obtains
Data are relayed, the shared data is the shared data of second network node and the third network node;
Second acquisition unit, for according to the relaying data, the check information, the accumulative bit error rate acquisition initial number
According to;
Third acquiring unit, for the bit information digit according to the primary data, the bit error rate set obtains privacy and puts
Big multiple;
Transmission unit, for the privacy amplification factor to be sent to first network node, the first network node is terminal
Network node;
4th acquiring unit is amplified operation for carrying out privacy to the primary data according to the privacy amplification factor, is obtained
The shared key of the first network node and the third network node.
18. third network node according to claim 17, which is characterized in that
The second acquisition unit is additionally operable to when the accumulative bit error rate is not 0, according to the check information to the relaying
Data carry out error correction operation;The relaying data after error correction are decoded using preset error correcting code, obtain primary data.
19. third network node according to claim 17, which is characterized in that
The second acquisition unit is additionally operable to when the accumulative bit error rate is 0, using preset error correcting code to the relaying number
According to being decoded, primary data is obtained.
20. according to the third network node described in claim 17-19 any one, which is characterized in that the third obtains single
Member includes:
First computation subunit, the noise entropy for calculating the bit error rate of each shared data in the bit error rate set;
Second computation subunit, for calculate all shared datas noise entropy and as giving up information list amount;
Third computation subunit, for calculating bit informational capacity and giving up the difference of informational capacity as the privacy times magnification
Number, the bit information total amount is the product of the bit information digit and 1 bit information amount of the primary data, described to give up letter
Breath total amount is the bit information digit of the primary data and the product for giving up information list amount.
21. a kind of system generating shared key, which is characterized in that the system comprises:
First network node described in one claim 12-13 any one, at least one claim 14-16
The third network section described in the second network node and a claim 17-20 any one described in any one
Point.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710240078.4A CN108737075B (en) | 2017-04-13 | 2017-04-13 | Method, device and system for generating shared key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710240078.4A CN108737075B (en) | 2017-04-13 | 2017-04-13 | Method, device and system for generating shared key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108737075A true CN108737075A (en) | 2018-11-02 |
| CN108737075B CN108737075B (en) | 2021-03-30 |
Family
ID=63923731
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710240078.4A Active CN108737075B (en) | 2017-04-13 | 2017-04-13 | Method, device and system for generating shared key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108737075B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109547118A (en) * | 2018-12-03 | 2019-03-29 | 北京邮电大学 | The method and client carried out data transmission using position of closely making an uproar |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888358A (en) * | 2010-07-15 | 2010-11-17 | 华中科技大学 | Transmission method for reducing computational complexity of two-way relay nodes based on network coding |
| CN105553648A (en) * | 2014-10-30 | 2016-05-04 | 阿里巴巴集团控股有限公司 | Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system |
| CN106161012A (en) * | 2016-08-26 | 2016-11-23 | 暨南大学 | A kind of quantum key distribution after-treatment system based on polarization code error correction and method |
-
2017
- 2017-04-13 CN CN201710240078.4A patent/CN108737075B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888358A (en) * | 2010-07-15 | 2010-11-17 | 华中科技大学 | Transmission method for reducing computational complexity of two-way relay nodes based on network coding |
| CN105553648A (en) * | 2014-10-30 | 2016-05-04 | 阿里巴巴集团控股有限公司 | Quantum key distribution, privacy amplification and data transmission methods, apparatuses, and system |
| CN106161012A (en) * | 2016-08-26 | 2016-11-23 | 暨南大学 | A kind of quantum key distribution after-treatment system based on polarization code error correction and method |
Non-Patent Citations (1)
| Title |
|---|
| 崔珂: "量子密钥分发实时处理技术研究", 《中国博士学位论文全文数据库 信息科技辑》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109547118A (en) * | 2018-12-03 | 2019-03-29 | 北京邮电大学 | The method and client carried out data transmission using position of closely making an uproar |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108737075B (en) | 2021-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109672518B (en) | Node data processing of quantum attack resistant blockchains | |
| JP6988912B2 (en) | Key exchange systems, terminals, key exchange methods, programs, and recording media | |
| CN105024801B (en) | Quantum encryption communication method | |
| RU2752697C1 (en) | Cryptographic device with variable configuration | |
| US8347084B2 (en) | Information transmission security method | |
| JP5871142B2 (en) | Communication device and encryption key generation method in encryption key sharing system | |
| CN106330434A (en) | First quantum node, second quantum node, secure communication architecture system and methods | |
| US11711208B2 (en) | Method and system for key agreement utilizing semigroups | |
| CN105071927B (en) | Method is locally stored in a kind of mobile device data | |
| CN103795529A (en) | Wireless sensor network data safety infusion method based secret key vectors | |
| US7995764B2 (en) | Sharing a secret using hyperplanes over GF(2m) | |
| CN105515728B (en) | A kind of network coding method based on sliding window | |
| CN106027231B (en) | A method of cascade error correction being carried out to error code in the processing after quantum key distribution | |
| Li et al. | Practical quantum all-or-nothing oblivious transfer protocol | |
| Park | Authentication protocol providing user anonymity and untraceability in wireless mobile communication systems | |
| CN108737075A (en) | A kind of method, apparatus and system generating shared key | |
| CN111277406B (en) | Block chain-based safe two-direction quantity advantage comparison method | |
| Shah et al. | Distributed secret dissemination across a network | |
| Wen et al. | Realizable quantum broadcasting multi-signature scheme | |
| Zhang et al. | Secure error-correcting (SEC) schemes for network coding through McEliece cryptosystem | |
| Zhang et al. | A novel scheme for secure network coding using one-time pad | |
| Huang et al. | Rateless resilient network coding against byzantine adversaries | |
| Wu et al. | A practical network coding and routing scheme based on maximum flow combination | |
| Dolev et al. | Magnifying computing gaps: Establishing encrypted communication over unidirectional channels | |
| Lin et al. | Quantum key distribution in partially-trusted QKD ring networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |