CN108880804B - Network key distribution method, device and system based on cascade computing imaging - Google Patents

Network key distribution method, device and system based on cascade computing imaging Download PDF

Info

Publication number
CN108880804B
CN108880804B CN201810790902.8A CN201810790902A CN108880804B CN 108880804 B CN108880804 B CN 108880804B CN 201810790902 A CN201810790902 A CN 201810790902A CN 108880804 B CN108880804 B CN 108880804B
Authority
CN
China
Prior art keywords
current communication
user terminal
image
communication
measurement vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810790902.8A
Other languages
Chinese (zh)
Other versions
CN108880804A (en
Inventor
俞文凯
靳晓鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201810790902.8A priority Critical patent/CN108880804B/en
Publication of CN108880804A publication Critical patent/CN108880804A/en
Application granted granted Critical
Publication of CN108880804B publication Critical patent/CN108880804B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Abstract

The embodiment of the invention provides a network key distribution method, a device and a system based on cascade computing imaging. The method comprises the following steps: receiving a request for distributing a key, and acquiring identity information of a legal user terminal of current communication carried by the request; according to a preset measurement matrix, carrying out compression sampling on a verification image of the current communication corresponding to the identity information of a legal user terminal to obtain a measurement vector of the current communication; and encrypting the measurement vector of the current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication, and sending the distribution sequence of the current communication to a legal user terminal through a public channel. The network key distribution method, the device and the system provided by the embodiment of the invention are based on the cascade computing imaging and the public channel to distribute the network key, can simultaneously distribute a plurality of legal user terminal keys at high speed, have higher safety and can give consideration to both networking and safety.

Description

Network key distribution method, device and system based on cascade computing imaging
Technical Field
The embodiment of the invention relates to the technical field of communication, in particular to a network key distribution method, device and system based on cascade computing imaging.
Background
Key distribution and optical communication play a very important role in finance, networking, public information security, mobile internet. In the existing public network key distribution field, the one-time pad encryption method is recognized as having very high security in secure communication, but how to distribute the key to the legal users safely is still a very important problem and is also a research hotspot in the electronic information security field at present. The classical key distribution protocol comprises a symmetric key protocol, an asymmetric key protocol, a handshake protocol, a hash function protocol and the like. In recent years, scientists have also developed a Quantum Key Distribution (QKD) protocol, which is a Quantum scheme that can distribute keys to legitimate users safely, and the security of the QKD protocol is guaranteed by Quantum mechanics. The first QKD protocol was proposed by Bennett and Brassard in 1984 and is known as the BB84 protocol. Since then, many protocols for quantum key distribution have been proposed in succession, such as E91, B92, SARG04, and so on. Although these protocols are considered to be unconditionally secure, they are point-to-point communication methods, the key generation rate is low, the communication distance is limited, quantum repeaters are needed for long-distance quantum communication, cold atom storage is needed, the equipment cost is high, the entangled state is difficult to prepare, and the system noise is large, which all restrict the practicability and networking of the QKD protocol. To overcome these problems, some variations based on the BB84 protocol are continuously proposed, such as the scheme of Lo, which uses asymmetric probability transmission and measurement bases in combination with separate error analysis of the two subsets, increasing the key generation rate to 100% in the asymptotic limit; in another variation proposed by Hwang et al, Alice and Bob use a common secure-boot random sequence to set their bases, so no public comparison is necessary, so there is no need to discard qubits, although some pre-shared security information is required, but can be reused as long as the generation key is not used to encode and send messages; another approach to quantum key evolution proposed by Guan et al also requires Alice and Bob to establish a common initial key through the BB84 protocol to encode the message, with the key updated by error correction and hashing each time a message is sent over the quantum channel, i.e., a new key is generated by error correction and hashing each time a message is sent over the quantum channel, which has the advantage that the total number of qubits required to send a long message is less. However, all of the above schemes only improve the efficiency of conventional QKD or long message transmission and still require quantum channels to transmit the qubits, so they are also sensitive to photon loss and the long-term problem of multi-party key distribution is not solved.
Ghost imaging (correlated imaging), a deterministic algorithm for imaging that exploits the coherence of light, is based primarily on a second-order intensity correlation function or a higher-order intensity correlation function. The light emitted by the light source is divided into two beams by the spectroscope, wherein one beam irradiates to the verification object and is collected by a barrel detector without space resolution capability, the other beam does not pass through the verification object, the light field information about the light source is recorded by an array detector, and the verification object information can be obtained through coincidence calculation of two-arm detection. The initial ghost imaging experiment was performed using pump light spontaneous parametric down-conversion to generate entangled photon pairs, which was later confirmed to use pseudo-thermal or thermo-optical as the light source. The latter has lower cost, lower experiment difficulty and higher operability. In 2008, Shapiro et al proposed a computer-aided Imaging (CGI) scheme, in which an array detector was replaced by a Spatial Light Modulator (SLM), a reference Light path was removed, and modulation of a Light field was achieved by computer control to generate incoherent pseudo-thermo-Light. In 2010, Clemente et al proposed a CGI-based optical encryption scheme that utilizes computational ghost imaging principles to achieve secure transfer of information. The encryption method is different from the traditional optical encryption method in a great way, and has the advantages of small data volume, storage space saving and easy processing besides the advantages of high speed and parallelism of the optical encryption method, and the defects of certain problems in imaging time, signal reconstruction quality and especially safety and easy information leakage.
Therefore, quantum key distribution can provide unconditionally secure shared keys for two communication parties separated from each other, but the prior art is designed for point-to-point communication between the two communication parties, and network implementation based on quantum key distribution is still a challenge. Also, in the above prior art solutions, either a safety leak exists, or the system is too complex or too expensive and therefore difficult to apply in practice. Therefore, in the field of key distribution, a networked key distribution system based on a new principle and a new method is urgently needed to be researched to solve the problems in the prior art.
Disclosure of Invention
Aiming at the problem that networking and security are difficult to take into account in the prior art, the embodiment of the invention provides a network key distribution method, a device and a system based on cascade computing imaging.
According to a first aspect of the present invention, an embodiment of the present invention provides a network key distribution method based on cascaded computational imaging, including:
receiving a request for distributing a key, and acquiring identity information of a legal user terminal of current communication carried by the request;
according to a preset measurement matrix, carrying out compression sampling on a verification image of the current communication corresponding to the identity information of a legal user terminal to obtain a measurement vector of the current communication;
encrypting a measurement vector of current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication, and sending the distribution sequence of the current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of the current communication according to the cascade transfer function to obtain the measurement vector of the current communication, recovers the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of the current communication, performs identity verification on the legal user terminal according to a reconstructed image of the verification image of the current communication, and generates a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and the measurement vector of the current communication if an identity verification result passes;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
Preferably, before encrypting the measurement vector of the current communication according to the preset cascade transfer function and generating the distribution sequence of the current communication, the method further includes:
and recovering the measurement vector of the last communication according to a compressed sensing algorithm to obtain a reconstructed image of the verification image of the last communication.
According to a second aspect of the present invention, an embodiment of the present invention provides a network key distribution method based on cascaded computational imaging, including:
decrypting a distribution sequence of the current communication received through a public channel according to a preset cascade transfer function to obtain a measurement vector of the current communication, and recovering the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of the current communication;
performing identity authentication according to a reconstructed image of an authentication image of the current communication, and if the identity authentication result is passed, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
According to a third aspect of the present invention, an embodiment of the present invention provides a server in a network key distribution system based on cascaded computational imaging, including:
the request receiving module is used for receiving a request for distributing the key and acquiring the identity information of the legal user terminal of the current communication carried by the request;
the compression sampling module is used for carrying out compression sampling on the verification image of the current communication corresponding to the identity information of the legal user terminal according to a preset measurement matrix to obtain a measurement vector of the current communication;
a network distribution module used for encrypting the measurement vector of the current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication and sending the distribution sequence of the current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of the current communication according to the cascade transfer function to obtain the measurement vector of the current communication, recovering the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of the verification image of the current communication, and according to the reconstructed image of the authentication image of the current communication, the identity authentication is carried out on the legal user terminal, if the identity authentication result is passed, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
According to a fourth aspect of the present invention, an embodiment of the present invention provides a user terminal in a network key distribution system based on cascaded computational imaging, including:
the image reconstruction module is used for decrypting the distribution sequence of the current communication received through the public channel according to a preset cascade transfer function, acquiring the measurement vector of the current communication, and recovering the measurement vector of the current communication according to a compressed sensing algorithm to acquire a reconstructed image of the verification image of the current communication;
the key extraction module is used for carrying out identity authentication according to a reconstructed image of an authentication image of the current communication, and if the identity authentication result passes, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
According to a fifth aspect of the present invention, an embodiment of the present invention provides a network key distribution and distribution system based on cascaded computational imaging, including: the server in the network key distribution system based on the cascaded computational imaging and the user terminal in the network key distribution system based on the cascaded computational imaging are provided.
According to a sixth aspect of the present invention, an embodiment of the present invention provides an electronic device, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the method at the server side in the network key distribution method based on the cascaded computational imaging and the method of all the optional embodiments of the method.
According to a seventh aspect of the present invention, an embodiment of the present invention provides an electronic apparatus, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, and the processor calls the program instructions to execute the method of the invention on the user terminal side in the network key distribution method based on the cascade computing imaging and the method of all the optional embodiments.
According to an eighth aspect of the present invention, an embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the method of the service side in the network key distribution method based on cascaded computational imaging and all the optional embodiments thereof.
According to a ninth aspect of the present invention, an embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions for causing the computer to execute the method of the present invention on the user terminal side in the network key distribution method based on cascaded computational imaging and all its optional embodiments.
The network key distribution method, the device and the system based on the cascade computing imaging, provided by the embodiment of the invention, carry out network key distribution based on the cascade computing imaging and a public channel, so that different legal user terminals can obtain the same or different keys, can simultaneously distribute the keys to a plurality of legal user terminals at high speed, have higher safety, and can give consideration to both networking and safety of key distribution.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of an application scenario of a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 2 is a flowchart of a method for distributing a network key based on cascaded computational imaging according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a compression sampling module used in a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a compression sampling module used in a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a compression sampling module used in a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a compression sampling module used in a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 7 is a flowchart of a method for distributing network keys based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 8 is a functional block diagram of a server in a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 9 is a functional block diagram of a user terminal in a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 10 is a functional block diagram of a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention;
FIG. 11 is a block diagram of an electronic device according to an embodiment of the invention;
fig. 12 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to overcome the above problems in the prior art, embodiments of the present invention provide a network key distribution method based on cascaded computational imaging, and the inventive concept is that based on a classical key distribution protocol, a cascaded encryption method is applied to the generation of a distribution sequence and the decryption process of a key, so that the above defects of a QKD protocol are overcome, and the situation that a part of information is stolen in a primary communication process to break the key is prevented.
In order to facilitate understanding of the embodiment of the present invention, an application scenario of the network key distribution method based on the cascaded computational imaging provided in the embodiment of the present invention is described below.
Fig. 1 is a schematic view of an application scenario of a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention. As shown in fig. 1, a server 101 and a plurality of user terminals 102 together constitute a network key distribution system based on tandem computing imaging. The user terminal for each communication is part or all of the plurality of user terminals 102. When the user terminals need to perform the current communication, at least one of the user terminals that need to perform the current communication sends a request for distributing the key to the server 101, and the server 101 is requested to distribute the key to the user terminals that need to communicate. The user terminal that sends the request for distributing the key is typically, but not limited to, the user terminal that initiates the current communication. And the request for distributing the key at least comprises the identity information of the legal user terminal of the current communication. The legal user terminal of the current communication refers to a plurality of user terminals which need to perform the current communication.
For example, the plurality of user terminals 102 includes a user terminal U1, user terminals U2, … …, and a user terminal N, and if the current communication needs to be performed only between the user terminal U1 and the user terminal U2, although the user terminal U1, the user terminals U2, … …, and the user terminal N are all user terminals in the network key distribution system based on the tandem computing imaging, only the user terminal U1 and the user terminal U2 are valid user terminals of the current communication.
It should be noted that the current communication is for communication between different legitimate user terminals. I.e., the current communication, refers to the current communication between the user terminals that need to communicate. Therefore, the user terminal which needs to perform communication determines the last communication. The last communication refers to the last communication among the legal user terminals of the current communication.
For example, 2 communications are performed between the user terminal U1 and the user terminal U2, and 1 communication is performed between the user terminal U1, the user terminal U2, and the user terminal U3; if the 3 rd communication is needed between the user terminal U1 and the user terminal U2, the current communication refers to the 3 rd communication between the user terminal U1 and the user terminal U2, the 2 nd communication between the user terminal U1 and the user terminal U2 is the last communication, and the server distributes the current distributed key to the user terminal U1 and the user terminal U2; if the 2 nd communication is required among the ue U1, the ue U2, and the ue U3, the current communication refers to the 2 nd communication among the ue U1, the ue U2, and the ue U3, the 1 st communication among the ue U1, the ue U2, and the ue U3 is the last communication, and the server distributes the current distributed key to the ue U1, the ue U2, and the ue U3.
It should be noted that the user terminal may send the request for distributing the key to the server through a public channel or a quantum channel, and the communication channel used by the user terminal to send the request for distributing the key to the server is not particularly limited in the embodiment of the present invention.
Fig. 2 is a flowchart of a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention. As shown in fig. 1, a method for distributing network keys based on cascaded computational imaging includes: step S201, receiving a request for distributing a key, and acquiring the identity information of the valid user terminal of the current communication carried in the request.
It should be noted that the execution subject of the network key distribution method based on cascaded computational imaging provided by the embodiment of the present invention is a server.
After the user terminal sends the request for distributing the key, the server receives the request for distributing the key and acquires the identity information of each legal user terminal in current communication from the request for distributing the key.
The identity information of the legal user terminal in the current communication can be used for indicating to which user terminals the server side distributes the key.
Step S202, according to the identity information of the legal user terminal of the current communication and a preset measurement matrix, carrying out compression sampling on the verification image of the current communication corresponding to the identity information of the legal user terminal, and generating a measurement vector of the current communication.
After the identity information of the valid user terminal of the current communication is acquired through step S201, the authentication image of the current communication corresponding to the identity information of the valid user terminal is determined according to the identity information of the valid user terminal of the current communication.
And the verification image is an image with certain significance and is used for carrying out identity verification on the user terminal.
And the verification image corresponds to the identity information of the legal user terminal. The corresponding verification images of the identity information of different legal user terminals can be the same or different; when the corresponding authentication images are different, the security of key distribution is higher.
For example, when the identity information of the legal user terminal is the user terminal U1 and the user terminal U2, the authentication image corresponding to the user terminal U1 and the user terminal U2 is an image P1; when the identity information of the legal user terminal is the user terminal U1, the user terminal U2 and the user terminal U3, the authentication image corresponding to the user terminal U1, the user terminal U2 and the user terminal U3 may be the image P2.
For the same legal user terminal, when different times of communication are carried out, the verification images of each time of communication can be the same or different. Preferably, the authentication images of each communication of the same legal user terminal are substantially the same, but there are slight differences, such as, but not limited to, a small translation of the image position, a small local addition of noise in the image, and the like.
After the verification image of the current communication corresponding to the identity information of the legal user terminal is determined, the verification image of the current communication corresponding to the identity information of the legal user terminal is compressed and sampled according to a preset measurement matrix, and a measurement vector of the current communication is generated; after the measurement vector of the current communication is generated, the measurement vector of the current communication can be acquired.
And performing compression sampling on the verification image of the current communication corresponding to the identity information of the legal user terminal according to a preset measurement matrix, wherein the compression sampling is based on a compression perception theory.
Compressed Sensing theory (CS), formally proposed in 2006 by Donoho, canddes, and Tao et al, opens up a new era for signal processing and signal theory. The theory states that, assuming a signal can be sparsely represented, a few non-adaptive linear noisy measurements need to be performed on the signal to perfectly reconstruct the signal, and the sampling rate can be much lower than the Nyquist-Shannon rate. Compressed sensing, also known as compressed sampling.
The authentication image of the current communication corresponding to the identity information of the legal user terminal is determined, one image can be directly determined as the authentication image of the current communication, and the authentication image of the current communication can be generated based on the corresponding authentication object through an optical principle after the authentication object corresponding to the identity information of the legal user terminal is determined. Correspondingly, the verification image of the current communication can be directly subjected to compression sampling according to a plurality of preset masks, and the verification image of the current communication generated according to the verification object can also be subjected to optical compression sampling.
The optical compression sampling can be realized by using a compression sampling module. The compression sampling module is arranged at the server side. The compression sampling module at least comprises a light source, a beam expanding collimation element, a verification object, an imaging lens, a spatial light modulator, a collecting and converging lens and a detector.
Fig. 3 to fig. 6 are schematic structural diagrams of a compression sampling module used in a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention.
As shown in fig. 3, the compression sampling module includes a light source 1, a light attenuation element 2, a beam expansion collimation element 3, a verification object 4, an imaging lens 5, a spatial light modulator 6, a collection converging lens 7, and a detector 8, which are sequentially arranged along a light path.
A light source 1 for emitting a light beam to the authentication object 4.
And the beam expanding and collimating element 3 is used for expanding and collimating the light beam, so that the size of a beam spot is matched with the size of the verification object 4 and the size of a modulation area of the spatial light modulator 6, and the beam spot is changed into parallel light.
An imaging lens 5 is arranged between the authentication object 4 and the spatial light modulator 6 for imaging the authentication object 4 on the spatial light modulator 6.
And a spatial light modulator 6 for modulating the light by loading a predetermined plurality of masks. And stretching each mask into a matrix formed by splicing row vectors according to a row main sequence or a column main sequence, wherein the matrix is a preset measurement matrix.
A collecting condenser lens 7 for condensing the light onto a detector 8.
And a detector 8 disposed on a focal plane of the collecting condenser lens 7 for recording a measurement value corresponding to each mask, thereby constituting a measurement vector.
The light source 1, the beam expanding collimation element 3 and the spatial light modulator 6 are on the same main optical axis; the expanded and collimated light beam can be vertically incident or obliquely incident on the working plane of the spatial light modulator 6.
The collecting condenser lens 7 and the detector 8 are arranged on the same detection optical axis.
The spatial light modulator 6 and the detector 8 are logically or electrically connected and need to be synchronously arranged, and the specific arrangement position is independent of the optical path, so that the connection mode is not indicated in the drawings of the present invention, but the understanding of the technical scheme of the present invention by those skilled in the art is not affected.
The light source 1 includes any one of pseudo-thermo-optic light source, single photon light source, pump light source and entanglement light source, but is not limited to the above type. The embodiment of the present invention does not specifically limit the type of the light source.
The spatial light modulator 6 includes any one of a digital micromirror device, a pure amplitude liquid crystal spatial light modulator, a pure phase liquid crystal spatial light modulator, a reflective spatial light modulator, a transmissive spatial light modulator, a liquid crystal light valve, and a mask switching plate, but is not limited to the above type. The type of the spatial light modulator is not particularly limited by the embodiments of the present invention.
The detector 8 includes any one of a point detector, a bucket detector, a detector composed of a photodiode and an analog-to-digital converter, a photomultiplier, a single photon point detector and a counter, and a superconducting single photon point detector, but is not limited to the above types. The embodiment of the present invention does not specifically limit the type of the detector. The wavelength detected by the detector 8 covers the microwave, infrared, visible, ultraviolet and X-ray ranges.
When the detector 8 is a detector consisting of a photomultiplier, a single-photon point detector and a counter or a superconducting single-photon point detector, the light attenuation element 2 is also arranged between the light source 1 and the detector 8. It should be understood that the light attenuating element 2 may be disposed between the light source 1 and the detector 8, and is not limited to the mode shown in fig. 3 in which the light attenuating element 2 is disposed between the light source 1 and the beam expanding and collimating element 3. The embodiment of the present invention does not specifically limit the specific position where the light attenuation element 2 is disposed between the light source 1 and the detector 8.
And the light attenuation element 2 is used for attenuating light to a low light level or even a single photon level and preventing the detector 8 from being oversaturated.
It is understood that when the detector 8 is not one of a photomultiplier, a single photon point detector and a counter, and a superconducting single photon point detector, the compressive sampling module may not include the light attenuation element 2.
The compression sampling module shown in fig. 4 has substantially the same structure as that of the compression sampling module shown in fig. 3, except that a beam splitter 9 and an array detector 10 are provided in this order in the direction perpendicular to the optical path between the imaging lens 5 and the spatial light modulator 6.
And the beam splitter 9 is used for splitting the light into two beams, one beam is incident to the working plane of the spatial light modulator 6, and the other beam is incident to the array detector 10.
An array detector 10 is placed in conjugate with the spatial light modulator 6 for monitoring whether the image on the spatial light modulator 6 is sharp when the spatial light modulator 6 is not operating.
The compressive sampling module shown in fig. 5 has substantially the same structure as the compressive sampling module shown in fig. 3, except that structured light is used for illumination, i.e. the imaging lens 5 is arranged between the spatial light modulator 6 and the authentication object 4 and after the spatial light modulator 6.
And an imaging lens 5 for imaging the light beam modulated by the spatial light modulator 6 on the authentication object 4.
The compressive sampling module shown in fig. 6 has substantially the same structure as that of the compressive sampling module shown in fig. 5, except that a beam splitter 9 and an array detector 10 are sequentially provided in the optical path perpendicular direction between the imaging lens 5 and the test object 4.
And the beam splitter 9 is used for splitting the light into two beams, one beam is incident to the plane of the verification object 4, and the other beam is incident to the array detector 10.
An array detector 10 is placed in conjugate with the validation object 4 for monitoring whether the image of the structured light illumination in the plane of the validation object 4 is sharp when the spatial light modulator 6 is in operation.
The verification image of the ith communication may be represented by matrix XiRepresents, matrix XiThe number of rows and columns of (a) corresponds to the pixels of the verification image.
When the pixel of the verification image is p × q — N × 1, the verification image X may be stretched into a column vector X in the row main sequence or the column main sequence, that is, the verification image X is a pixel of a verification image p × q — N ×
Figure BDA0001734894810000121
For example, when the pixel of the verification image is 3 × 3, the verification image X of the 1 st communication1Verification image X with ith communicationiAre respectively represented as
Figure BDA0001734894810000122
X1And XiSpread into a column vector according to the main sequence of rows, then
Figure BDA0001734894810000123
Figure BDA0001734894810000124
Where T denotes the transposed symbol, i ═ 1,2,3, ….
The preset measurement matrix a may be generated before the server side first distributes the key.
It will be appreciated that the pixels of the mask are identical to those of the verification image, and that the p × q detector measures all values
Figure BDA0001734894810000131
Wherein the content of the first and second substances,
Figure BDA0001734894810000132
the detection values of the j-th probe representing the i-th communication.
The measurement matrix is formed by constructing measurement vectors by utilizing measurement values recorded by a detector and corresponding to different masks of the spatial light modulator, and stretching each mask loaded on the spatial light modulator into a row vector and splicing the row vectors according to a row main sequence or a column main sequence.
Setting the measurement times as M, and the measurement vector obtained by the ith communication as
Figure BDA0001734894810000133
The measurement matrix A is M × N, wherein each row vector 1 × N meets 1 × N-p × q, namely, each mask matrix is subjected to stretching transformation and is spliced to form a measurement matrix;
namely, it is
Figure BDA0001734894810000134
It should be noted that y can be obtained by noisy measurements.
It should be noted that, after the measurement matrix a is generated for the same legitimate ue, the generated measurement matrix a is used for each communication among the above-mentioned same legitimate ues.
For example, the authentication object 4 is measured 4 times per communication, and the mask matrix for each measurement is randomly generated. Mask matrix pattern1To pattern4Are respectively as
Figure BDA0001734894810000135
Figure BDA0001734894810000141
Expanding 4 mask matrixes into column vectors according to a row main sequence, namely constructing 4 matrixes 1 × 9 according to the mask matrixes, wherein the matrixes are respectively as follows:
a1=[1 -1 1 -1 1 1 1 1 1];
a2=[1 -1 1 1 1 -1 1 1 1];
a3=[1 1 1 -1 1 1 1 -1 1];
a4=[1 1 1 1 1 -1 1 -1 1];
the measurement matrix can be obtained as:
Figure BDA0001734894810000142
the measurement vector y of the ith communication is yi=Axi
For example, the 4 measurements recorded by the probe 8 for the 2 nd communication form a measurement vector of:
Figure BDA0001734894810000143
based on the compressive sensing theory, the column vector x obtained by verifying the stretching of the object can be sparsely represented under a certain sparse transformation matrix ψ, where the representation coefficient is x ', and x ═ ψ x' is satisfied. Then, y ═ Ax ═ a ψ x'.
Step S203, encrypting the measurement vector of the current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication, and sending the distribution sequence of the current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of the current communication according to the cascade transfer function to obtain the measurement vector of the current communication, recovers the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of the current communication, performs identity verification on the legal user terminal according to the reconstructed image of the verification image of the current communication, and generates a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and the measurement vector of the current communication if the identity verification result is passed; wherein the parameters of the cascade transfer function are obtained according to the reconstructed image of the verification image of the last communication.
When the current communication is the ith communication between legal user terminals of the current communication, obtaining a measurement vector y of the ith communicationiThen, the measurement vector of the current communication is encrypted according to the cascade transfer function to generate a distribution sequence Y of the current communicationi
Authentication image X of the last communication, i.e., (i-1) th communicationi-1Stretching the reconstructed image to obtain a column vector
Figure BDA0001734894810000151
As a parameter of the predetermined cascade transfer function G, expressed as
Figure BDA0001734894810000152
Will be provided with
Figure BDA0001734894810000153
Measurement vector y acting on the ith communicationiIn the above, the measurement vector yi of the ith communication is encrypted to generate the distribution sequence Y of the current communicationi
Figure BDA0001734894810000154
The cascade encryption mode generally uses multiple levels of mutually independent keys to encrypt the communication system, and if a plaintext attack is used, the cascade encryption is at least harder to decipher than the components thereof. The essence is to increase the length of the whole key, thereby improving security.
Generating a distribution sequence Y for a current communicationiThen, the distribution sequence Y of the current communication is divided intoiAnd sending the data to each legal user terminal through a common channel.
Common channels include the internet, local area networks, wireless networks, radio waves, cables, optical fibers, and the like. The embodiment of the present invention does not specifically limit the type of the common channel used for transmitting the distribution sequence of the current communication.
For the ith communication (i ≧ 2), each legal user terminal receives the distribution sequence Y of the current communicationiThen, the distribution sequence Y can be divided according to the preset cascade transfer function GiDecryption is performed. I.e. the verification image X of the (i-1) th communication of the last communicationi-1The column vector obtained by stretching the reconstructed image
Figure BDA0001734894810000155
Parameter derivation as a predetermined cascaded transfer function G
Figure BDA0001734894810000156
And will be
Figure BDA0001734894810000157
Is inverse function of
Figure BDA0001734894810000158
And acting on the distribution sequence Yi to obtain a measurement vector Yi of the current communication.
Figure BDA0001734894810000159
After obtaining the measurement vector yi of the current communication, the legal user terminal can sense the current communication according to the compression based on the preset measurement matrix AThe algorithm recovers the measurement vector yi of the current communication to obtain a column vector obtained by stretching the reconstructed image of the verification image of the current communication
Figure BDA00017348948100001510
Will be provided with
Figure BDA00017348948100001511
And restoring the communication data into a reconstructed image of the verification image of the current communication.
And reconstructing the reconstructed image of the verification image of the current communication for identity authentication. Carrying out identity authentication on a legal user terminal according to a reconstructed image of an authentication image of the current communication
Because the verification image is an image with certain significance, if the current key distribution is safe, the reconstructed image of the verification image is also an image with certain significance, and accordingly, the identity of the legal user terminal can be verified. When the reconstructed image of the verification image is an image with a certain meaning, the identity verification result is passed; when the reconstructed image of the verification image is not an image with certain significance, the identity verification result is failed.
For example, when the verification image is a mountain image, if the current key distribution is safe, the reconstructed image of the verification image obtained by the legal user terminal receiving the distribution sequence is also the mountain image, and the authentication result is a pass; if the current key distribution is unsafe, such as eavesdropping by an illegal user terminal, the reconstructed image of the verification image obtained by the legal user terminal receiving the distribution sequence is not a mountain image, such as a messy code, a random image and the like, and the identity verification result is failed; after the illegal user terminal receives the distribution sequence, the reconstructed image of the verification image of the last communication is difficult to obtain, so that the reconstructed image of the verification image of the current communication is difficult to obtain, and the identity verification result is failed.
After the user terminal passes the identity verification, the user terminal can perform the authentication according to a deterministic algorithm, a Hash function, a preset measurement matrix A and a measurement vector y of the current communicationiGenerating a distribution key K corresponding to the current communication1
The Hash function Hash includes SHA-2, SHA-3, SHA256, SM3, SM4, AES, Diffie-Hellman, etc. The hash function is not particularly limited in the embodiments of the present invention.
Deterministic algorithms are algorithms that take advantage of the analytical nature of the problem to produce a deterministic finite or infinite series of points to converge on a globally optimal solution. The method searches local minimum according to a certain deterministic strategy, tries to jump the obtained local minimum to reach a certain global optimum point, and can fully utilize the analytic property of the problem, thereby having high calculation efficiency.
Deterministic algorithms include, but are not limited to, algorithms for ghost imaging, coherent imaging, output determination. The deterministic algorithm is not particularly limited by the embodiments of the present invention.
When the deterministic algorithm is the algorithm of ghost imaging, the distribution key K corresponding to the current communicationiIs composed of
Ki=Hash(GI(A,yi));
Where GI denotes an algorithm for ghost imaging.
The sending party of the ith communication obtains the distribution key KiEncrypting the communication content, and the receiver of the ith communication passes the obtained distribution key KiAnd decrypting the communication content to obtain corresponding plaintext information.
It is to be understood that since each communication depends on the reconstructed image of the authentication image of the last communication, the 1 st communication does not exist for the last communication, and therefore, the 1 st communication is only an initialization and does not generate a distribution key.
It should be noted that, when the user terminal extracts the distribution key according to the distribution sequence, a preset measurement matrix a, a cascade transfer function G, a sparse transform matrix Ψ, a Hash function Hash, and the like need to be used, so that a legal user terminal can obtain an initial key in advance before the 1 st communication. The initial key comprises a cascade transfer function, a measurement matrix, a sparse transformation matrix, a hash function and basic parameters. The basic parameters include the pixel size of the verification image, the number of bits of operation, the parameters of each function, and the like.
The embodiment of the invention carries out network key distribution based on cascade calculation imaging and a public channel, so that different legal user terminals can obtain the same or different keys, can simultaneously distribute the keys to a plurality of legal user terminals at high speed, has higher safety, and can give consideration to networking and safety of key distribution. Furthermore, the key generation rate is not limited by distance, the key generation rate is high, the system cost is low, devices are simple and convenient to integrate, the measurement quantity can be effectively reduced, the measurement precision is improved, the robustness to noise is improved, the method has the advantages of low calculation complexity, high safety precision, easiness and rapidness in use, capability of simultaneously transmitting keys with a plurality of users and the like, can be popularized to all public network key distribution equipment systems, and has good application prospects.
Based on the content of the foregoing embodiment, encrypting the measurement vector of the current communication according to a preset cascade transfer function further includes, before generating the distribution sequence of the current communication: and recovering the measurement vector of the last communication according to a compressed sensing algorithm to obtain a reconstructed image of the verification image of the last communication.
The server generates a distribution sequence Y of the current communication according to the measurement vector A and the cascade transfer function G of the current communicationiPreviously, the measurement vector y for the last communication was measured based on the measurement vector a according to a compressed sensing algorithmi-1Restoring to obtain a column vector obtained by stretching the reconstructed image of the verification image of the last communication
Figure BDA0001734894810000171
Thereby obtaining a reconstructed image of the verification image of the last communication and obtaining the cascade transfer function
Figure BDA0001734894810000172
And will be
Figure BDA0001734894810000173
Measurement vector y acting on the ith communicationiMeasurement vector y for ith communicationiEncrypting to generate a distribution sequence Y of the current communicationi
Fig. 7 is a flowchart of a network key distribution method based on cascaded computational imaging according to an embodiment of the present invention. Based on the content of the foregoing embodiment, as shown in fig. 7, a method for distributing a network key based on cascaded computational imaging includes: step S701, a distribution sequence of the current communication received through a public channel is decrypted according to a preset cascade transfer function, a measurement vector of the current communication is obtained, the measurement vector of the current communication is recovered according to a compressed sensing algorithm, and a reconstructed image of a verification image of the current communication is obtained; wherein the parameters of the cascade transfer function are obtained according to the reconstructed image of the verification image of the last communication.
It should be noted that the main execution body of the network key distribution method based on cascaded computational imaging provided by the embodiment of the present invention is a user terminal.
The user terminal receives the distribution sequence Y of the current communication through the public channeliThen, the distribution sequence Y is divided according to a preset cascade transfer function GiDecrypting to obtain the (i-1) th communication verification image Xi-1The column vector obtained by stretching the reconstructed image
Figure BDA0001734894810000181
Parameter derivation as a predetermined cascaded transfer function G
Figure BDA0001734894810000182
And will be
Figure BDA0001734894810000183
Is inverse function of
Figure BDA0001734894810000184
Acting on the distribution sequence YiIn the above, the measurement vector y of the current communication is obtainedi
Figure BDA0001734894810000185
Obtaining a measurement vector y of the current communicationiThen, based on the preset measurement matrix A, performing alignment according to a compressed sensing algorithmMeasurement vector y of previous communicationiRestoring to obtain a column vector obtained by stretching a reconstructed image of the authentication image of the current communication
Figure BDA0001734894810000186
Will be provided with
Figure BDA0001734894810000187
And restoring the communication data into a reconstructed image of the verification image of the current communication.
And S702, performing identity authentication according to the reconstructed image of the authentication image of the current communication, and if the identity authentication result is passed, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication.
And reconstructing the reconstructed image of the verification image of the current communication for identity authentication. Carrying out identity authentication on a legal user terminal according to a reconstructed image of an authentication image of the current communication
Because the verification image is an image with certain significance, if the current key distribution is safe, the reconstructed image of the verification image is also an image with certain significance, and accordingly, the identity of the legal user terminal can be verified. When the reconstructed image of the verification image is an image with a certain meaning, the identity verification result is passed; when the reconstructed image of the verification image is not an image with certain significance, the identity verification result is failed.
After the user terminal passes the identity verification, according to a deterministic algorithm, a hash function, a preset measurement matrix A and a measurement vector y of the current communicationiGenerating a distribution key K corresponding to the current communication1
The Hash function Hash includes SHA-2, SHA-3, SHA256, SM3, SM4, AES, Diffie-Hellman, etc. The hash function is not particularly limited in the embodiments of the present invention.
Deterministic algorithms include, but are not limited to, algorithms for ghost imaging, coherent imaging, output determination. The deterministic algorithm is not particularly limited by the embodiments of the present invention.
When the deterministic algorithm isIn the algorithm of ghost imaging, the distribution key K corresponding to the current communicationiIs composed of
Ki=Hash(GI(A,yi));
Where GI denotes an algorithm for ghost imaging.
The sending party of the ith communication obtains the distribution key KiEncrypting the communication content, and the receiver of the ith communication passes the obtained distribution key KiAnd decrypting the communication content to obtain corresponding plaintext information.
It is to be understood that since each communication depends on the reconstructed image of the authentication image of the last communication, the 1 st communication does not exist for the last communication, and therefore, the 1 st communication is only an initialization and does not generate a distribution key.
It should be noted that, when the user terminal extracts the distribution key according to the distribution sequence, a preset measurement matrix a, a cascade transfer function G, a sparse transformation matrix ψ, a Hash function Hash, and the like need to be used, so that a legal user terminal can obtain an initial key in advance before the 1 st communication. The initial key comprises a cascade transfer function, a measurement matrix, a sparse transformation matrix, a hash function and basic parameters. The basic parameters include the pixel size of the verification image, the number of bits of operation, the parameters of each function, and the like.
The embodiment of the invention carries out network key distribution based on cascade calculation imaging and a public channel, so that different legal user terminals can obtain the same or different keys, can simultaneously distribute the keys to a plurality of legal user terminals at high speed, has higher safety, and can give consideration to networking and safety of key distribution. Furthermore, the key generation rate is not limited by distance, the key generation rate is high, the system cost is low, devices are simple and convenient to integrate, the measurement quantity can be effectively reduced, the measurement precision is improved, the robustness to noise is improved, the method has the advantages of low calculation complexity, high safety precision, easiness and rapidness in use, capability of simultaneously transmitting keys with a plurality of users and the like, can be popularized to all public network key distribution equipment systems, and has good application prospects.
Fig. 8 is a functional block diagram of a server in a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention. Based on the content of the foregoing embodiment, as shown in fig. 8, a server in a network key distribution system based on cascaded computational imaging includes: a request receiving module 801, configured to receive a request for distributing a key, and acquire identity information of a valid user terminal of current communication carried in the request; a compression sampling module 802, configured to perform compression sampling on a verification image of current communication corresponding to the identity information of a legal user terminal of the current communication according to the identity information of the legal user terminal of the current communication and a preset measurement matrix, and generate a measurement vector of the current communication; a network distribution module 803, configured to encrypt a measurement vector of current communication according to a preset cascade transfer function, generate a distribution sequence of current communication, and send the distribution sequence of current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of current communication according to the cascade transfer function to obtain the measurement vector of current communication, recovers the measurement vector of current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of current communication, performs identity verification on the legal user terminal according to the reconstructed image of the verification image of current communication, and generates a distribution key corresponding to current communication according to a deterministic algorithm, a hash function, a preset measurement matrix, and the measurement vector of current communication if an identity verification result passes; wherein the parameters of the cascade transfer function are obtained according to the reconstructed image of the verification image of the last communication.
The specific method and process for implementing the corresponding function by each module included in the service end in the network key distribution system based on the cascaded computational imaging according to the embodiment of the present invention are described in the embodiment of the method for the service end in the network key distribution method based on the cascaded computational imaging, and will not be described herein again.
The embodiment of the invention carries out network key distribution based on cascade calculation imaging and a public channel, so that different legal user terminals can obtain the same or different keys, can simultaneously distribute the keys to a plurality of legal user terminals at high speed, has higher safety, and can give consideration to networking and safety of key distribution. Furthermore, the key generation rate is not limited by distance, the key generation rate is high, the system cost is low, devices are simple and convenient to integrate, the measurement quantity can be effectively reduced, the measurement precision is improved, the robustness to noise is improved, the method has the advantages of low calculation complexity, high safety precision, easiness and rapidness in use, capability of simultaneously transmitting keys with a plurality of users and the like, can be popularized to all public network key distribution equipment systems, and has good application prospects.
Fig. 9 is a functional block diagram of a user terminal in a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention. Based on the content of the foregoing embodiment, as shown in fig. 9, a user terminal in a network key distribution system based on tandem computing imaging includes: an image reconstruction module 901, configured to decrypt, according to a preset cascade transfer function, a distribution sequence of current communication received through a common channel, obtain a measurement vector of the current communication, and recover, according to a compressed sensing algorithm, the measurement vector of the current communication, to obtain a reconstructed image of a verification image of the current communication; the key extraction module 902 is configured to perform identity authentication according to a reconstructed image of an authentication image of current communication, and if the authentication result passes, generate a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix, and a measurement vector of the current communication; wherein the parameters of the cascade transfer function are obtained according to the reconstructed image of the verification image of the last communication.
The user terminal in the network key distribution system based on the cascaded computational imaging according to the embodiment of the present invention is configured to execute the method at the user terminal side in the network key distribution method based on the cascaded computational imaging according to the embodiment of the present invention, and specific methods and processes for implementing corresponding functions by each module included in the user terminal in the network key distribution system based on the cascaded computational imaging are described in the above embodiment of the method at the user terminal side in the network key distribution method based on the cascaded computational imaging, and are not described herein again.
The embodiment of the invention carries out network key distribution based on cascade calculation imaging and a public channel, so that different legal user terminals can obtain the same or different keys, can simultaneously distribute the keys to a plurality of legal user terminals at high speed, has higher safety, and can give consideration to networking and safety of key distribution. Furthermore, the key generation rate is not limited by distance, the key generation rate is high, the system cost is low, devices are simple and convenient to integrate, the measurement quantity can be effectively reduced, the measurement precision is improved, the robustness to noise is improved, the method has the advantages of low calculation complexity, high safety precision, easiness and rapidness in use, capability of simultaneously transmitting keys with a plurality of users and the like, can be popularized to all public network key distribution equipment systems, and has good application prospects.
Fig. 10 is a functional block diagram of a network key distribution system based on cascaded computational imaging according to an embodiment of the present invention. A network key distribution system based on cascade computing imaging comprises a server 1001 in the network key distribution system based on cascade computing imaging and a user terminal 1002 in the network key distribution system based on cascade computing imaging.
The server 1001 function in the network key distribution system based on the cascaded computational imaging specifically refers to the server embodiment, and the user terminal 1001 function in the network key distribution system based on the cascaded computational imaging specifically refers to the user terminal embodiment.
Fig. 11 is a block diagram of an electronic device according to an embodiment of the present invention. Based on the contents of the above-described embodiment, as shown in fig. 11, an electronic apparatus includes: a processor (processor)1101, a memory (memory)1102, and a bus 1103; wherein, the processor 1101 and the memory 1102 complete communication with each other through the bus 1103; the processor 1101 is configured to call the program instructions in the memory 1102 to execute the methods provided by the embodiments of the server side methods described above, for example, the method includes: a network key distribution method based on cascade computing imaging; a method for acquiring the identity information of the legal user terminal of the current communication; a method for obtaining a measurement vector of current communication; a method of generating a measurement vector for a current communication; a method for encrypting the measurement vector of the current communication according to the cascade transfer function to generate the distribution sequence of the current communication; a method for obtaining a reconstructed image of a verification image of the last communication according to a compressed sensing algorithm, and the like.
Another embodiment of the present invention discloses a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-mentioned method embodiments, for example, including: a network key distribution method based on cascade computing imaging; a method for acquiring the identity information of the legal user terminal of the current communication; a method for obtaining a measurement vector of current communication; a method of generating a measurement vector for a current communication; a method for encrypting the measurement vector of the current communication according to the cascade transfer function to generate the distribution sequence of the current communication; a method for obtaining a reconstructed image of a verification image of the last communication according to a compressed sensing algorithm, and the like.
Another embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above method embodiments, for example, including: a network key distribution method based on cascade computing imaging; a method for acquiring the identity information of the legal user terminal of the current communication; a method for obtaining a measurement vector of current communication; a method of generating a measurement vector for a current communication; a method for encrypting the measurement vector of the current communication according to the cascade transfer function to generate the distribution sequence of the current communication; a method for obtaining a reconstructed image of a verification image of the last communication according to a compressed sensing algorithm, and the like.
Fig. 12 is a block diagram of an electronic device according to an embodiment of the present invention. Based on the contents of the above-described embodiment, as shown in fig. 12, an electronic apparatus includes: a processor (processor)1201, a memory (memory)1202, and a bus 1203; wherein, the processor 1201 and the memory 1202 complete the communication with each other through the bus 1203; the processor 1201 is configured to call the program instructions in the memory 1202 to execute the methods provided by the method embodiments of the ue side, for example, including: a network key distribution method based on cascade computing imaging; a method for decrypting the distribution sequence of the current communication according to a preset cascade transfer function to obtain the measurement vector of the current communication; a method for obtaining a reconstructed image of a verification image of current communication according to a compressed sensing algorithm; a method for performing identity authentication according to a reconstructed image of an authentication image of the current communication; and generating a distribution key corresponding to the current communication according to the deterministic algorithm, the hash function, the preset measurement matrix and the measurement vector of the current communication, and the like.
Another embodiment of the present invention discloses a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-mentioned method embodiments, for example, including: a network key distribution method based on cascade computing imaging; a method for decrypting the distribution sequence of the current communication according to a preset cascade transfer function to obtain the measurement vector of the current communication; a method for obtaining a reconstructed image of a verification image of current communication according to a compressed sensing algorithm; a method for performing identity authentication according to a reconstructed image of an authentication image of the current communication; and generating a distribution key corresponding to the current communication according to the deterministic algorithm, the hash function, the preset measurement matrix and the measurement vector of the current communication, and the like.
Another embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above method embodiments, for example, including: a network key distribution method based on cascade computing imaging; a method for decrypting the distribution sequence of the current communication according to a preset cascade transfer function to obtain the measurement vector of the current communication; a method for obtaining a reconstructed image of a verification image of current communication according to a compressed sensing algorithm; a method for performing identity authentication according to a reconstructed image of an authentication image of the current communication; and generating a distribution key corresponding to the current communication according to the deterministic algorithm, the hash function, the preset measurement matrix and the measurement vector of the current communication, and the like.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding, the above technical solutions may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method of the above embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A network key distribution method based on cascade computing imaging is characterized by comprising the following steps:
receiving a request for distributing a key, and acquiring identity information of a legal user terminal of current communication carried by the request;
according to a preset measurement matrix, carrying out compression sampling on a verification image of the current communication corresponding to the identity information of a legal user terminal to obtain a measurement vector of the current communication;
encrypting a measurement vector of current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication, and sending the distribution sequence of the current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of the current communication according to the cascade transfer function to obtain the measurement vector of the current communication, recovers the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of the current communication, performs identity verification on the legal user terminal according to a reconstructed image of the verification image of the current communication, and generates a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and the measurement vector of the current communication if an identity verification result passes;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
2. The method for network key distribution based on cascaded computational imaging as claimed in claim 1, wherein encrypting the measurement vector of the current communication according to a preset cascaded transfer function, and before generating the distribution sequence of the current communication, further comprising:
and recovering the measurement vector of the last communication according to a compressed sensing algorithm to obtain a reconstructed image of the verification image of the last communication.
3. A network key distribution method based on cascade computing imaging is characterized by comprising the following steps:
decrypting a distribution sequence of the current communication received through a public channel according to a preset cascade transfer function to obtain a measurement vector of the current communication, and recovering the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of a verification image of the current communication;
performing identity authentication according to a reconstructed image of an authentication image of the current communication, and if the identity authentication result is passed, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
4. A server in a network key distribution system based on cascaded computational imaging, comprising:
the request receiving module is used for receiving a request for distributing the key and acquiring the identity information of the legal user terminal of the current communication carried by the request;
the compression sampling module is used for carrying out compression sampling on the verification image of the current communication corresponding to the identity information of the legal user terminal according to a preset measurement matrix to obtain a measurement vector of the current communication;
a network distribution module used for encrypting the measurement vector of the current communication according to a preset cascade transfer function to generate a distribution sequence of the current communication and sending the distribution sequence of the current communication to a legal user terminal through a public channel, so that the legal user terminal decrypts the distribution sequence of the current communication according to the cascade transfer function to obtain the measurement vector of the current communication, recovering the measurement vector of the current communication according to a compressed sensing algorithm to obtain a reconstructed image of the verification image of the current communication, and according to the reconstructed image of the authentication image of the current communication, the identity authentication is carried out on the legal user terminal, if the identity authentication result is passed, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
5. A user terminal in a network key distribution system based on cascaded computational imaging, comprising:
the image reconstruction module is used for decrypting the distribution sequence of the current communication received through the public channel according to a preset cascade transfer function, acquiring the measurement vector of the current communication, and recovering the measurement vector of the current communication according to a compressed sensing algorithm to acquire a reconstructed image of the verification image of the current communication;
the key extraction module is used for carrying out identity authentication according to a reconstructed image of an authentication image of the current communication, and if the identity authentication result passes, generating a distribution key corresponding to the current communication according to a deterministic algorithm, a hash function, a preset measurement matrix and a measurement vector of the current communication;
and acquiring parameters of the cascade transfer function according to a reconstructed image of the verification image of the last communication.
6. A network key distribution system based on cascaded computational imaging, comprising the server according to claim 4 and the user terminal according to claim 5.
7. An electronic device, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, the processor invoking the program instructions to be capable of performing the method of claim 1 or 2.
8. An electronic device, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of claim 3.
9. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of claim 1 or 2.
10. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of claim 3.
CN201810790902.8A 2018-07-18 2018-07-18 Network key distribution method, device and system based on cascade computing imaging Active CN108880804B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810790902.8A CN108880804B (en) 2018-07-18 2018-07-18 Network key distribution method, device and system based on cascade computing imaging

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810790902.8A CN108880804B (en) 2018-07-18 2018-07-18 Network key distribution method, device and system based on cascade computing imaging

Publications (2)

Publication Number Publication Date
CN108880804A CN108880804A (en) 2018-11-23
CN108880804B true CN108880804B (en) 2020-06-30

Family

ID=64302942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810790902.8A Active CN108880804B (en) 2018-07-18 2018-07-18 Network key distribution method, device and system based on cascade computing imaging

Country Status (1)

Country Link
CN (1) CN108880804B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187457B (en) * 2020-09-30 2022-06-24 长春大学 Quantum cipher matrix correlation imaging method based on cloud service
CN114567879A (en) * 2022-02-16 2022-05-31 重庆九格慧科技有限公司 Key distribution system based on wireless cascade connection

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697371A (en) * 2004-05-13 2005-11-16 华为技术有限公司 Method for sending and receiving data of cipher key
EP1774695A2 (en) * 2004-07-02 2007-04-18 MagiQ Technologies, Inc. Qkd cascaded network with loop-back capability
CN102238005A (en) * 2011-08-17 2011-11-09 上海朗研光电科技有限公司 Relaying method for remote secure quantum communication
CN103973433A (en) * 2013-01-31 2014-08-06 中国科学院空间科学与应用研究中心 Method and system for network secret key distribution based on calculation correlated imaging

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9497626B2 (en) * 2010-11-15 2016-11-15 Interdigital Patent Holdings, Inc. Certificate validation and channel binding
US11228427B2 (en) * 2014-02-11 2022-01-18 Ericsson Ab System and method for securing content keys delivered in manifest files
CN106027231B (en) * 2015-03-28 2019-04-05 北京大学 A method of cascade error correction being carried out to error code in the processing after quantum key distribution

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697371A (en) * 2004-05-13 2005-11-16 华为技术有限公司 Method for sending and receiving data of cipher key
EP1774695A2 (en) * 2004-07-02 2007-04-18 MagiQ Technologies, Inc. Qkd cascaded network with loop-back capability
CN102238005A (en) * 2011-08-17 2011-11-09 上海朗研光电科技有限公司 Relaying method for remote secure quantum communication
CN103973433A (en) * 2013-01-31 2014-08-06 中国科学院空间科学与应用研究中心 Method and system for network secret key distribution based on calculation correlated imaging

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
压缩感知在超灵敏时间分辨成像光谱中的应用;俞文凯;《中国博士学位论文全文数据库-信息科技辑》;20151130;第I138-34页 *

Also Published As

Publication number Publication date
CN108880804A (en) 2018-11-23

Similar Documents

Publication Publication Date Title
Lim et al. Device-independent quantum key distribution with local Bell test
Zhou et al. Image compression–encryption scheme based on hyper-chaotic system and 2D compressive sensing
US9054871B2 (en) Physical key-protected one time pad
CN107370546B (en) Eavesdropping detection method, data sending method, device and system
Mirhosseini et al. High-dimensional quantum cryptography with twisted light
Erven et al. An experimental implementation of oblivious transfer in the noisy storage model
EP3043508A1 (en) Hybrid classical quantum cryptography
Yi et al. Optical encryption based on ghost imaging and public key cryptography
Khurana et al. An asymmetric image encryption based on phase truncated hybrid transform
Zhao et al. Image encryption based on nonlinear encryption system and public-key cryptography
Hatakeyama et al. Differential-phase-shift quantum-key-distribution protocol with a small number of random delays
Rogers Broadband quantum cryptography
Li et al. Quantum key distribution based on quantum dimension and independent devices
CN108880804B (en) Network key distribution method, device and system based on cascade computing imaging
Bykovsky et al. Quantum cryptography and combined schemes of quantum cryptography communication networks
CN109088725B (en) Network key distribution method, device and system based on cascade disturbance calculation imaging
Yu et al. Multi-party interactive cryptographic key distribution protocol over a public network based on computational ghost imaging
Liu et al. Compressive interference-based image encryption via sparsity constraints
CN113645038B (en) Quantum digital signature system and method irrelevant to measuring equipment
Ioannou et al. Steering-based randomness certification with squeezed states and homodyne measurements
Lang et al. Optical image cryptosystem using chaotic phase-amplitude masks encoding and least-data-driven decryption by compressive sensing
CN108989029B (en) Network key distribution method, device and system based on disturbance calculation imaging
Yang et al. Quantum oblivious transfer based on a quantum symmetrically private information retrieval protocol
US20220278834A1 (en) Long-distance quantum key distribution
Kang et al. Ghost key distribution under mutual authentication mechanism

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant