Disclosure of Invention
The method comprises the steps of calculating whether the remaining amount of a current matching quantum key meets the requirement of consumption of the current ciphertext throughput in the emergency maintaining time length under the lowest encryption strength, namely firstly, judging whether the reserve amount of the matching quantum key is enough to the consumption requirement of the current ciphertext throughput in the emergency maintaining time length, if the remaining amount of the matching quantum key meets the requirement of maintaining the emergency maintaining time length under the lowest encryption strength, showing that the remaining amount of the current matching quantum key can also provide higher encryption strength for the current ciphertext throughput, and adjusting the updating frequency of the current quantum key to the updating frequency of the quantum key corresponding to any encryption strength between the lowest encryption strength and the maximum encryption strength which can be met; if the situation cannot be met, due to the existence of the emergency maintaining time, warning information can be sent out before the situation of flow cutoff really occurs, the potential risk of the flow cutoff situation can be obviously reduced through real-time dynamic adjustment, and the actual application effect is better.
Another object of the present application is to provide a system, a quantum encryption device, and a computer-readable storage medium for adjusting a quantum key update frequency.
In order to achieve the above object, the present application provides a method for adjusting a quantum key update frequency, which is applied to a quantum encryption device, and the method includes:
acquiring the surplus of a matched quantum key, the throughput of a ciphertext and a preset emergency maintaining time of the quantum encryption equipment in the current time period;
according to
Calculating to obtain actual encryption strength;
judging whether the actual encryption strength is smaller than a preset minimum encryption strength;
if yes, sending alarm information which does not meet the lowest encryption strength through a preset path;
if not, adjusting the current quantum key updating frequency to be the quantum key updating frequency corresponding to any encryption intensity between the lowest encryption intensity and the actual encryption intensity.
Optionally, before determining whether the actual encryption strength is smaller than a preset minimum encryption strength, the method further includes:
acquiring the key bit rate of the quantum encryption equipment in the current time period, and calculating to obtain the new generation quantity of the matched quantum keys corresponding to the current time period according to the key bit rate;
according to
Calculating to obtain new actual encryption strength;
and modifying the value of the actual encryption strength into the value of the new actual encryption strength.
Optionally, the method further includes:
acquiring real-time performance parameters of the quantum encryption equipment;
judging whether the numerical value of the real-time performance parameter exceeds a dangerous parameter threshold value;
and if the quantum key updating frequency exceeds the preset dangerous time length, the quantum key updating frequency of the quantum encryption equipment is adjusted to the quantum key updating frequency corresponding to the lowest encryption strength according to the highest priority.
Optionally, the method further includes:
setting a storage quantity upper limit for a key storage pool for storing the matched quantum key;
and when the matching quantum keys stored in the key storage pool reach the upper limit of the storage quantity, replacing the matching quantum key generated earliest by using the matching quantum key generated latest.
To achieve the above object, the present application further provides a system for adjusting a quantum key update frequency, the system comprising:
the parameter obtaining unit is used for obtaining the surplus of the matched quantum key, the ciphertext throughput and the preset emergency maintaining time length in the current time period of the quantum encryption equipment;
a first actual encryption strength calculation unit for calculating the actual encryption strength according to
Calculating to obtain actual encryption strength;
the encryption strength comparison unit is used for judging whether the actual encryption strength is smaller than the preset lowest encryption strength;
the lowest encryption strength unsatisfied processing unit is used for sending alarm information which does not meet the lowest encryption strength through a preset path when the actual encryption strength is smaller than the lowest encryption strength;
and the quantum key updating frequency adjusting unit is used for adjusting the current quantum key updating frequency to a quantum key updating frequency corresponding to any encryption intensity between the lowest encryption intensity and the actual encryption intensity when the actual encryption intensity is not less than the lowest encryption intensity.
Optionally, the system further comprises:
the key code rate obtaining and calculating unit is used for obtaining the key code rate of the quantum encryption equipment in the current time period and calculating to obtain the new generation quantity of the matched quantum keys corresponding to the current time period according to the key code rate;
a second actual encryption strength calculation unit for calculating the actual encryption strength according to
Calculating to obtain new actual encryption strength;
and the actual encryption strength value modifying unit is used for modifying the actual encryption strength value into the new actual encryption strength value.
Optionally, the system further comprises:
the real-time performance parameter acquisition unit is used for acquiring the real-time performance parameters of the quantum encryption equipment;
the real-time performance parameter value judging unit is used for judging whether the value of the real-time performance parameter exceeds a dangerous parameter threshold value;
and the time length counting and overtime processing unit is used for counting the time length of the quantum encryption equipment which keeps exceeding the dangerous parameter threshold when the value of the real-time performance parameter exceeds the dangerous parameter threshold, and adjusting the quantum key updating frequency of the quantum encryption equipment to the quantum key updating frequency corresponding to the lowest encryption strength with the highest priority when the time length exceeds the preset dangerous time length.
Optionally, the system further comprises:
the storage quantity upper limit setting unit is used for setting the storage quantity upper limit for a key storage pool for storing the matched quantum key;
and the overrun replacing unit is used for replacing the matching quantum key generated earliest by using the matching quantum key generated latest when the matching quantum key stored in the key storage pool reaches the upper limit of the storage quantity.
To achieve the above object, the present application also provides a quantum cryptography apparatus including:
a memory for storing a computer program;
a processor for implementing the steps of the method for adjusting the update frequency of a quantum key as described in the above when executing the computer program.
To achieve the above object, the present application further provides a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to implement the steps of the method for adjusting the quantum key update frequency as described in the above.
Obviously, according to the method for adjusting the quantum key updating frequency provided by the application, whether the remaining amount of the current matching quantum key meets the requirement that the current ciphertext throughput consumes the preset emergency maintaining time under the lowest encryption strength is calculated, that is, whether the reserve amount of the matching quantum key is enough to the consumption requirement of the current ciphertext throughput within the emergency maintaining time is firstly checked, if the emergency maintaining time under the lowest encryption strength is met, the remaining amount of the current matching quantum key can also provide higher encryption strength for the current ciphertext throughput, and the current quantum key updating frequency can be adjusted to the quantum key updating frequency corresponding to any encryption strength between the lowest encryption strength and the maximum encryption strength which can be met; if the situation cannot be met, due to the existence of the emergency maintaining time, warning information can be sent out before the situation of flow cutoff really occurs, the potential risk of the flow cutoff situation can be obviously reduced through real-time dynamic adjustment, and the actual application effect is better. The application also provides a system for adjusting the quantum key updating frequency, a quantum encryption device and a computer readable storage medium, which have the beneficial effects and are not described herein again.
Detailed Description
The core of the application is to provide a method for adjusting the quantum key updating frequency, which is applied to quantum encryption equipment, and is characterized in that whether the residual quantity of a current matching quantum key meets the consumption requirement of the current ciphertext throughput under the lowest encryption strength for a preset emergency maintaining time length is calculated, namely whether the reserve quantity of the matching quantum key is enough for the consumption of the current ciphertext throughput within the emergency maintaining time length is firstly seen, if the emergency maintaining time length under the lowest encryption strength is met, the residual quantity of the current matching quantum key can also provide higher encryption strength for the current ciphertext throughput, and the current quantum key updating frequency can be adjusted to the quantum key updating frequency corresponding to any encryption strength between the lowest encryption strength and the maximum encryption strength which can be met; if the situation cannot be met, due to the existence of the emergency maintaining time, warning information can be sent out before the situation of flow cutoff really occurs, the potential risk of the flow cutoff situation can be obviously reduced through real-time dynamic adjustment, and the actual application effect is better.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The generation of some nouns and quantum keys to be used subsequently is generally described here:
the process of obtaining a matching quantum key can be generally described as follows: the most important part in the quantum encryption equipment is a quantum key generation part, in order to ensure high security of a quantum key for encrypting plaintext data, an information sending party firstly transmits a string of single photon flow to an information receiving party, and based on the heisenberg inaccuracy measuring principle, if the transmitted single photon (quantum) flow is not subjected to state measurement, the state of each photon in the transmitted single photon flow cannot be obtained, namely the state cannot be consistent with the information receiving party.
In order to achieve agreement between the sender and receiver of information in some way and to ensure the security of the subsequent quantum keys generated based on this, the receiver of information usually uses directional filters of the "|" type, "-" type, "\\" type and "/" type to measure the polarization states of the photons passing through these filters (the corresponding up-down, left-right polarization, up-down-left-right, up-down-right-down-left polarization states of the resulting photons), and using completely random directional filters for different photons (i.e. completely random using the above four filters), assuming that the information receiver uses a group of directional filters of "|/-/| |", obtaining a group of corresponding polarization information of photons (the polarization state of the photons is agreed with the information receiver to correspond to binary code 0 when the upper and lower sides and the upper and lower left sides, and the polarization state of the photons corresponds to binary code 1 when the left and right sides and the upper and lower left sides): up-down, right-down, left-right, up-down, and corresponding binary code 011011100, which is transmitted to a set of directional filters (usually only using "+" and "×") randomly arranged by the information receiver, assuming that the information receiver uses a set of directional filters of "+ × × × × × × × × × × +" because the receiver can pass the photons polarized up-down or left-right smoothly if the "+" filter is used, while the photons polarized up-down, right-down, and up-down-right will change their quantum states when passing, become polarized up-down or left-right and uncertain, and the opposite will happen if the receiver uses the "×" filter. Finally, the information receiver obtains the polarization information of the photon flow measured by the information receiver: up-down, left-right, up-right-down-left, up-left-down-right, left-right, up-right-down-left, up-down-up-down, the corresponding binary code is 011011110. Then the information receiver sends the filter type combination used by the information receiver to the information sender, and the comparison is carried out by the information sender: counting from left to right, the information receiver only has the directional filters used by the 1 st bit, the 4 th bit, the 5 th bit, the 7 th bit and the 9 th bit without changing the original quantum state, the binary code corresponding to the part is '00110', the part is the same part for information transceiving, and therefore the binary code based on the same part is the matching quantum key shared by the two parts.
The quantum key has the security which cannot be possessed by a digital key obtained based on cryptography, because the quantum key is obtained based on the physical characteristics of photons and based on the principle that Heisebang is inaccurate to measure, even if a third party stealer exists, the quantum key intercepts and captures the directional filter combination sent by an information receiving party to an information sending party, but the third party stealer cannot know binary codes corresponding to different photon polarization states agreed by the information receiving party and the information sending party, and therefore the quantum key cannot be correctly matched. If a third party who steals the secret adopts a mode of inserting the directional filter before the information receiver to measure the polarization state of the photon, the secret stealer cannot know the completely random directional filter combination which is used by the information receiver later and confirmed in advance, so the secret stealer can only be made in a mess or obtain a group of directional filter combinations in a completely random mode, the result of the combination can cause the original polarization state of the quantum to be changed with great probability, and finally, the information transceiver can not decrypt the data encrypted by the quantum key obtained by the information transceiver, and the existence of the third party who steals the secret can be judged.
The matching quantum key is a quantum key which enables both the information transmitting and receiving parties to decrypt the ciphertext data, and the quantum key obtained when a third party who is a thief cannot enable both the information transmitting and receiving parties to decrypt the ciphertext data can be called as an error key. Correspondingly, the key coding rate refers to the ratio of the matching quantum keys to all quantum keys in a unit time.
Example one
With reference to fig. 1, fig. 1 is a flowchart of a method for adjusting a quantum key update frequency according to an embodiment of the present application, which specifically includes the following steps:
s101: acquiring the surplus of a matched quantum key, the throughput of a ciphertext and a preset emergency maintaining time of the quantum encryption equipment in the current time period;
the method aims to obtain the surplus of the matched quantum key, the ciphertext throughput and the preset emergency maintaining time of the quantum encryption equipment in the current time period in real time.
Because the two ends are uncontrollable as described in the background art, a key storage pool for storing the matching quantum key is usually arranged in the quantum encryption device, the newly generated matching quantum key is injected into the key storage pool, and a corresponding number of matching quantum keys are taken out from the key storage pool when data to be encrypted are encrypted.
The ciphertext throughput is an order of magnitude of data to be encrypted at the current time, and in order to ensure the encryption degree and uninterrupted flow, an important parameter is the minimum encryption strength, for example, the following description: assuming that 10 units of data to be encrypted are received in 1 hour, in order to ensure the encryption quality of the 10 units of data to be encrypted, it is set that at least 2 units of matching quantum keys are needed to encrypt the 10 units of data to be encrypted, if the minimum number is less, the encryption quality cannot be ensured, and if one unit of matching quantum key is a matching quantum key, it indicates that 2 matching quantum keys need to be provided for encrypting the 10 units of data to be encrypted in 1 hour, that is, the encryption strength corresponds to the number of matching quantum keys provided for the unit of data to be encrypted in unit time.
S102: push button
Calculating to obtain actual encryption strength;
on the basis of obtaining the parameters in the step S101, the step aims to calculate and obtain the actual encryption strength corresponding to the remaining amount of the current matching quantum key when the current cryptograph throughput is satisfied and the emergency maintenance duration is maintained. An example is illustrated: if the emergency maintaining time length is set to be 1 day (24 hours), the current ciphertext throughput is 20 units/hour, and if the current matching quantum key residual amount is 98 units, the current matching quantum key residual amount can be calculated according to the formula
The actual encryption strength can be referred to in S101 in the horizontal direction.
S103: judging whether the actual encryption strength is smaller than the preset minimum encryption strength;
on the basis of S102, this step is intended to determine the magnitude relationship between the calculated actual encryption strength and the preset minimum encryption strength. If according to the example given in S101,
is low because of 0.20417>0.2, the actual encryption strength is illustrated>The lowest encryption strength.
S104: sending alarm information which does not meet the lowest encryption strength through a preset path;
based on the determination result of S103 that the actual encryption strength is smaller than the preset minimum encryption strength, if the same example in S101 is assumed, but the preset minimum encryption strength is modified to 0.3, that is, 10 units of data to be encrypted are encrypted in 1 hour, and it is necessary to encrypt the data using 3 units of matching quantum keys to achieve the required encryption quality, then since the remaining amount of the current matching quantum key is only 98 units, it cannot be satisfied that 24 hours are simply consumed under the condition that the throughput of the current ciphertext is 20 units/hour (that is, 0.20417<0.3), and if the minimum encryption strength is 0.3, at least 0.3 × 20 × 24 ═ 144 units of matching quantum keys are left.
Therefore, the minimum encryption strength is met while the current ciphertext throughput consumption emergency maintaining time cannot be met, if the minimum encryption strength is forcibly met, the minimum encryption strength can only be maintained for 16.333 hours, and the situation that no available matching quantum key is used for encrypting the data to be encrypted occurs after 16.33 hours of the situation is kept, namely, the interruption occurs, so that the step provides the alarm information which does not meet the minimum encryption strength and is sent through the preset path under the condition that the actual encryption strength cannot meet the minimum encryption strength through calculation, and the alarm information is actually equal to the interruption warning information which is sent in advance because the minimum encryption strength must be met.
Furthermore, the specific time when the current condition is maintained and the current flow is to be interrupted can be given according to the corresponding calculation formula, so that the personnel receiving the warning message has enough time to prepare in advance.
S105: the current quantum key update frequency is adjusted to a quantum key update frequency corresponding to any encryption strength between the minimum encryption strength and the actual encryption strength.
This step is established on the basis that the actual encryption strength is not less than the preset minimum encryption strength as a result of the determination in S103, and if the same example in S101 is also adopted as an assumption and the situation that the minimum encryption strength set in the example in S101 is maintained to be 0.2 is not changed, since the actual encryption strength > the minimum encryption strength (0.20417>0.2), it indicates that the remaining amount of the current matching quantum key satisfies the requirement of maintaining consumption of the preset emergency consumption duration for the current ciphertext throughput and also remains, and therefore the quantum key update frequency can be appropriately increased on the basis that there remains a matching quantum key. If other assumption conditions are not changed, if only the remaining amount of the currently matched quantum key is assumed to be the remaining 192 units, the corresponding actual encryption strength is 0.4, and the lowest encryption strength at this time is 0.2, and if the subsequent encryption situation is not considered, the current quantum key update frequency can be adjusted to the quantum key update frequency corresponding to any encryption strength between 0.2 and 0.4.
When 20 units/hour of ciphertext throughput is encrypted with an actual encryption strength of 0.4, it means that a matching quantum key of 8 units per hour is provided for encrypting the 20 units of data to be encrypted, i.e. the updating frequency of the quantum key is 8 units/hour, which provides an encryption quality at least double the encryption quality with the lowest encryption strength of 0.2. The method can be flexibly adjusted to any effective value between 0.2 and 0.4 according to different requirements on encryption quality and stock consumption of the matched quantum key under actual conditions, and further, a step-type adjustment mode can be set to gradually increase or reduce the load of equipment.
In this embodiment, only the most extreme case is considered, that is, no newly generated matching quantum is injected into the key storage pool, so that a more accurate and comprehensive new actual encryption strength can be obtained by recalculating the key coding rate in combination with the parameter that directly affects the number of the newly generated matching quantum keys. And comparing the new actual encryption strength with a preset minimum encryption strength by using the new actual encryption strength instead of the actual encryption strength corresponding to the case of not considering the key coding rate, so that a judgment result different from the original judgment result may be obtained. That is, following the example mentioned in S104, the matching quantum key that satisfies 20 units/per hour ciphertext throughput and is consumed for 24 hours with the lowest encryption strength of 0.3 should be 144 units, and if a matching quantum key of 2 units is newly generated and injected into the key storage pool for each hour under the current key coding rate, the remaining total amount of the matching quantum key will satisfy the requirement of 144 units, that is, the determination result that the previous step is skipped to S104 to send the alarm information because the matching quantum key is not satisfied will be changed, and the step is skipped to S105 to use the determination result of the quantum key update frequency corresponding to the encryption strength of 0.3.
Further, a situation that the upper limit of the storage quantity is reached when the matched quantum key stored in the key storage pool is injected with a higher key success rate under the condition that the matched quantum key only satisfies the consumption of the quantum key updating frequency corresponding to the lowest encryption strength is always adopted can be considered, and at the moment, a mode that the matched quantum key which is generated firstly and stored in the key storage pool can be replaced by the newly generated matched quantum key based on a new and old covering principle; or when the stored matching quantum key has different safety and stability along with the length of the storage time, randomly replacing any matching quantum key or directly discarding the newly generated matching quantum key; and under the condition of not considering the storage cost, adding a storage device for storing the matched quantum key, setting a rotation mechanism of the main and standby key storage pools, and the like, wherein the rotation mechanism is not particularly limited and can be flexibly adjusted according to the actual condition.
Based on the technical scheme, the method for adjusting the quantum key updating frequency provided by the embodiment of the application is applied to quantum encryption equipment, whether the remaining amount of the current matching quantum key meets the preset emergency maintaining time of the current ciphertext throughput under the lowest encryption strength is calculated, namely whether the reserve amount of the matching quantum key is enough for the consumption of the current ciphertext throughput in the emergency maintaining time is firstly seen, if the emergency maintaining time is met under the lowest encryption strength, the remaining amount of the current matching quantum key can also provide higher encryption strength for the current ciphertext throughput, and the current quantum key updating frequency can be adjusted to the quantum key updating frequency corresponding to any encryption strength between the lowest encryption strength and the maximum encryption strength which can be met; if the situation cannot be met, due to the existence of the emergency maintaining time, warning information can be sent out before the situation of flow cutoff really occurs, the potential risk of the flow cutoff situation can be obviously reduced through real-time dynamic adjustment, and the actual application effect is better.
Example two
With reference to fig. 2 and fig. 2, a flowchart of another method for adjusting quantum key update frequency according to an embodiment of the present application is shown, where this embodiment adds consideration to uncontrollable key coding rate to provide a more appropriate method for adjusting quantum key update frequency according to the influence that the key coding rate may have on final determination and processing results, and specifically includes the following steps:
s201: acquiring the surplus of a matched quantum key, the throughput of a ciphertext and a preset emergency maintaining time of the quantum encryption equipment in the current time period;
s202: according to
Calculating to obtain actual encryption strength;
s203: acquiring the key bit rate of the quantum encryption equipment in the current time period, and calculating according to the key bit rate to obtain the new generation quantity of the matched quantum keys corresponding to the current time period;
s204: according to
Calculating to obtain new actual encryption strength;
the embodiment also considers the influence that the key coding rate can directly make subsequent judgment without considering the injection speed of the newly generated matching quantum key under the non-extreme condition, adds the factor of the key coding rate, and obtains the new actual encryption strength obtained when the factor of the key coding rate is added according to a new calculation formula.
S205: modifying the value of the actual encryption strength into the value of the new actual encryption strength;
the calculation formula in S202 is based on the fact that the injection speed of the newly generated matching quantum key is not considered at all, so that as long as the key coding rate is greater than 0, the value of the new actual encryption strength calculated based on the calculation formula in S204 is certainly greater than the value of the actual encryption strength calculated based on the calculation formula in S202, and a more accurate judgment result is obviously obtained based on a larger value, so that the probability of triggering alarm information can be effectively reduced on the basis of more comprehensive consideration.
S206: judging whether the actual encryption strength is smaller than the preset minimum encryption strength;
s207: sending alarm information which does not meet the lowest encryption strength through a preset path;
s208: the current quantum key update frequency is adjusted to a quantum key update frequency corresponding to any encryption strength between the minimum encryption strength and the actual encryption strength.
In this embodiment, steps having the same contents in the first embodiment are not explained and illustrated, and related contents may directly refer to the description in the first embodiment, and are not described herein again.
Example three and example four
With reference to fig. 3 and fig. 4, fig. 3 is a flowchart of a method for adjusting a quantum key update frequency according to a real-time performance parameter of a quantum encryption device in a method for adjusting a quantum key update frequency according to an embodiment of the present application; fig. 4 is a flowchart of a new and old matching quantum key replacing method in the method for adjusting the quantum key update frequency according to the embodiment of the present application. The methods shown in fig. 3 and 4 are based on the first embodiment and the second embodiment, and may be performed in appropriate steps according to actual situations, and are not limited in detail here.
S301: acquiring real-time performance parameters of quantum encryption equipment;
s302: judging whether the numerical value of the real-time performance parameter exceeds a dangerous parameter threshold value;
s303: and counting the time length of the quantum encryption equipment exceeding the dangerous parameter threshold, and adjusting the quantum key updating frequency of the quantum encryption equipment to the quantum key updating frequency corresponding to the lowest encryption strength with the highest priority when the time length exceeds the preset dangerous time length.
The real-time performance parameters include CPU utilization, memory utilization, device real-time power consumption, device access delay, and any other parameters that can be used to describe the current operating state of the quantum encryption device and can be used to some extent as parameters for measuring the availability of the current device, and correspondingly, the risk parameter threshold is a threshold set for these parameters, taking CPU utilization as an example, in general, when the CPU utilization of one device exceeds 90%, it can be said that the device is already in an abnormal state, and generally, all processes of the device in this state will have a very large probability of being in a stuck state, and the normal operation has been limited, so 90% can be used as a risk parameter threshold. Sometimes, the CPU utilization rate is adjusted to 90% in a short time due to short running abnormity of program running, but the CPU utilization rate is recovered to a normal level only after a short time, the fluctuation phenomenon can be considered as not a long-term phenomenon, and therefore, the judgment of the time length can be added.
Meanwhile, different quantum key update frequency adjustment step lengths can be set according to the difference of the time lengths of the real-time performance parameters exceeding the dangerous parameter threshold, for example, when the time length is 30 seconds, the current quantum key update frequency (which is greater than the quantum key update frequency corresponding to the lowest encryption intensity) is adjusted down by one minimum adjustment unit, if the state is maintained for 30 seconds, the minimum adjustment unit is adjusted down again, if the state is maintained consistently, the minimum adjustment unit is adjusted down every 30 seconds until the quantum key update frequency corresponding to the lowest encryption intensity is reached, and if the time length is maintained for a longer time, corresponding equipment operation abnormity alarm information can be sent out to remind a manager. Of course, the 30 seconds is only an example, and may be flexibly set according to the actual situation and the magnitude of the influence of different time lengths on the availability of the device, and is not particularly limited herein.
The content in this embodiment provides, in an added form, how to handle the effect that the real-time performance parameters in the quantum encryption device may cause on the quantum key update frequency under a dangerous condition, so as to ensure long-term normal operation of the device, and prevent the device from being halted due to too high performance parameters, which may cause greater loss, that is, the current-cutoff phenomenon directly caused by the device downtime should be avoided with the highest priority.
S401: setting a storage quantity upper limit for a key storage pool for storing the matched quantum key;
s402: and when the matching quantum key stored in the key storage pool reaches the upper limit of the storage quantity, replacing the matching quantum key generated earliest by using the matching quantum key generated latest.
The content of this embodiment provides an alternative method given when the matching quantum key in the quantum key storage pool reaches the storage upper limit in an added form, so as to reduce the potential risk that the old matching quantum key is internally leaked due to various factors existing for a long time.
With the combination of the above embodiments, on the basis of the first embodiment, a factor that the key coding rate is actually added, which may affect the determination result, is added, so that the obtained determination result is more accurate under more comprehensive consideration. Meanwhile, a scheme of replacing the earliest generated matching quantum key by the latest generated matching quantum key when the key storage pool reaches the upper limit is provided, and the actual effect is better.
Because the situation is complicated and cannot be illustrated by a list, a person skilled in the art can realize that many examples exist according to the basic method principle provided by the application and the practical situation, and the protection scope of the application should be protected without enough inventive work.
Referring to fig. 5, fig. 5 is a block diagram illustrating a structure of a system for adjusting a quantum key update frequency according to an embodiment of the present application, where the system may include:
the parameter obtaining unit 100 is configured to obtain a matching quantum key remaining amount, a ciphertext throughput, and a preset emergency maintaining duration in a current time period of the quantum encryption device;
a first actual encryption
strength calculation unit 200 for calculating the actual encryption strength according to
Calculating to obtain actual encryption strength;
an encryption strength comparing unit 300, configured to determine whether the actual encryption strength is smaller than a preset minimum encryption strength;
the lowest encryption strength unsatisfying processing unit 400 is used for sending alarm information which does not meet the lowest encryption strength through a preset path when the actual encryption strength is smaller than the lowest encryption strength;
a quantum key update frequency adjustment unit 500, configured to, when the actual encryption strength is not less than the lowest encryption strength, adjust the current quantum key update frequency to a quantum key update frequency corresponding to any encryption strength between the lowest encryption strength and the actual encryption strength.
Further, the system may further include:
the key rate obtaining and calculating unit is used for obtaining the key rate of the quantum encryption equipment in the current time period and calculating to obtain the new generation quantity of the matched quantum keys corresponding to the current time period according to the key rate;
a second actual encryption strength calculation unit for calculating the actual encryption strength according to
Calculating to obtain new actual encryption strength;
and the actual encryption strength value modifying unit is used for modifying the actual encryption strength value into the new actual encryption strength value.
Further, the system may further include:
the real-time performance parameter acquiring unit is used for acquiring the real-time performance parameters of the quantum encryption equipment;
the real-time performance parameter value judging unit is used for judging whether the value of the real-time performance parameter exceeds a dangerous parameter threshold value;
and the time length counting and overtime processing unit is used for counting the time length of the quantum encryption equipment which keeps exceeding the dangerous parameter threshold when the value of the real-time performance parameter exceeds the dangerous parameter threshold, and adjusting the quantum key updating frequency of the quantum encryption equipment to the quantum key updating frequency corresponding to the lowest encryption strength with the highest priority when the time length exceeds the preset dangerous time length.
Further, the system may further include:
the storage quantity upper limit setting unit is used for setting the storage quantity upper limit for a key storage pool for storing the matched quantum key;
and the overrun replacing unit is used for replacing the matching quantum key generated earliest by using the matching quantum key generated latest when the matching quantum key stored in the key storage pool reaches the upper limit of the storage quantity.
Based on the foregoing embodiments, the present application further provides a quantum encryption device, where the quantum encryption device may include a memory and a processor, where the memory stores a computer program, and when the processor calls the computer program in the memory, the steps provided in the foregoing embodiments may be implemented. Of course, the quantum encryption device may also include various necessary network interfaces, power supplies, other components, and the like.
The present application also provides a computer-readable storage medium, on which a computer program is stored, which, when executed by an execution terminal or processor, can implement the steps provided by the above-mentioned embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It will be apparent to those skilled in the art that various changes and modifications can be made in the present invention without departing from the principles of the invention, and these changes and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.