Disclosure of Invention
Compared with a physical layer key generation scheme based on polarization mode dispersion, the method does not need to be provided with additional key distribution devices and the like, does not need to modify lines, is compatible with the existing information transmission system, and is favorable for saving the cost; and parameters can be adaptively adjusted according to different channel environments in the process of producing the key based on the error rate of the channel, so that the key utilization rate is improved, namely, a high-rate key and a consistent key meeting the requirements are generated.
Based on the above object, the present invention provides a key generation method based on error rate parameter adaptive adjustment, comprising:
in the parameter adjustment stage, error rate measurement and quantization are carried out on a channel shared by an opposite terminal for many times, and error rate measurement/quantization parameters are adjusted, so that the resultant code rate of the quantization result of the error rate meets the preset requirement;
and based on the adjusted parameters, measuring the error rate of the channel, and quantizing the measured error rate to obtain a consistent key.
In the parameter adjustment process, the error rate measurement and quantization are performed on a channel shared by the opposite terminal for multiple times, and the error rate measurement/quantization parameter is adjusted, so that the resultant code rate of the quantization result of the error rate meets the preset requirement, and the method specifically comprises the following steps:
in the parameter adjustment process, calculating the bit rate for at least one time;
after the calculation of one bit rate is finished, if the bit rate is judged to meet the preset requirement, the parameter adjusting process is finished; otherwise, adjusting the error rate measurement/quantization parameter, and calculating the next bit rate;
wherein, the calculation process of one coding rate comprises the following steps:
based on the current error rate measurement parameters, carrying out multiple error rate measurements on the channel;
and quantizing the error rate obtained by each measurement based on the current error rate quantization parameter, and further obtaining the resultant code rate of the quantization result of the error rates of multiple measurements as the calculation result of the present resultant code rate.
The bit error rate measurement parameter is specifically the data length L of negotiation data sent by performing one-time bit error rate measurement;
the bit error rate quantization parameter is specifically a calculation coefficient alpha of an upper decision threshold and a lower decision threshold adopted by the quantization bit error rate.
Wherein, the measuring of the bit error rate for the channel for multiple times based on the current bit error rate measurement parameter specifically includes:
based on the current data length L, carrying out K times of error rate measurement on the channel; wherein, K is Z/L, and Z is the total length of the negotiation data generated locally and randomly;
wherein performing one bit error rate measurement for the channel comprises:
mapping the local randomly generated negotiation data with the length of L by using a key base to a near noise area, and then sending the negotiation data to the opposite terminal through the channel;
after loop-back negotiation data with the length of L is obtained according to the signal returned by the opposite terminal, the loop-back negotiation data is compared with the locally randomly generated negotiation data;
and obtaining the bit error rate of the measurement according to the comparison result.
The method for quantizing the bit error rate obtained by each measurement based on the current bit error rate quantization parameter specifically comprises the following steps:
calculating an upper decision threshold and a lower decision threshold based on the current calculation coefficient alpha;
and quantizing the bit error rate obtained by each measurement according to the upper and lower judgment thresholds obtained by calculation.
Preferably, the adjusting the ber measurement/quantization parameter specifically includes:
the L/α is adjusted up/down.
The present invention also provides a client, including:
the parameter adjusting module is used for measuring and quantizing the error rate of a channel shared by the opposite terminal for multiple times and adjusting the error rate measurement/quantization parameter so that the resultant code rate of the quantization result of the error rate meets the preset requirement;
and the key distribution module is used for measuring the error rate of the channel based on the parameters obtained by the adjustment of the parameter adjustment module, and quantizing the measured error rate to obtain a consistent key.
In the technical scheme of the invention, the error rate of the physical characteristics of a channel is utilized, the measurement or quantization parameters of the error rate are adjusted in a self-adaptive manner, and the consistency keys of two mutually communicated clients are generated by the error rate quantization; because the two communication parties generate the consistent key in a self-adaptive quantization mode mainly by analyzing the change situation of the error rate of the characteristic quantity of the channel shared by the two communication parties, the consistent key is difficult to detect the same error rate characteristic quantity and acquire the key as a third party eavesdropping party which does not share the channel, so that the consistent key has the advantages of strong randomness, high confidentiality and difficulty in being intercepted by the eavesdropping party, meanwhile, an additional key distribution device and the like are not required to be arranged, the line is not required to be modified, the consistent key is compatible with the existing information transmission system, and the cost is saved; the invention can flexibly and adaptively adjust the measurement or quantization parameter of the error rate according to the environment change, dynamically adapt to the change of the environment, adaptively quantize and generate the key, extract the available key and improve the effectiveness of the key, thereby improving the key utilization rate, namely generating the high-speed key and the consistent key which meet the requirements.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two entities with the same name but different names or different parameters, and it should be noted that "first" and "second" are merely for convenience of description and should not be construed as limitations of the embodiments of the present invention, and they are not described in any more detail in the following embodiments.
The inventor of the invention considers that the key is extracted based on the physical characteristics of the wireless channel, such as loss, fading and the like, but the error rates of the two schemes often do not meet the requirements, the key is greatly influenced by the environment, and the key utilization rate is low; the physical layer key generation scheme based on polarization mode dispersion in optical communication has the defects of low key rate, incompatibility with the existing equipment and the like, so that the high-rate and large-capacity data encryption is difficult to meet. Therefore, the invention provides a method for generating a consistency key of two mutually communicated clients by utilizing the self physical characteristic error rate of a channel and adaptively adjusting the measurement or quantization parameter of the error rate and quantizing the error rate; because the two communication parties generate the consistent key in a self-adaptive quantization mode mainly by analyzing the change situation of the error rate of the characteristic quantity of the channel shared by the two communication parties, the consistent key is difficult to detect the same error rate characteristic quantity and acquire the key as a third party eavesdropping party which does not share the channel, so that the consistent key has the advantages of strong randomness, high confidentiality and difficulty in being intercepted by the eavesdropping party, meanwhile, an additional key distribution device and the like are not required to be arranged, the line is not required to be modified, the consistent key is compatible with the existing information transmission system, and the cost is saved; the invention can flexibly and adaptively adjust the measurement or quantization parameter of the error rate according to the environment change, dynamically adapt to the change of the environment, adaptively quantize and generate the key, extract the available key and improve the effectiveness of the key, thereby improving the key utilization rate, namely generating the high-speed key and the consistent key which meet the requirements.
The technical solution of the embodiments of the present invention is described in detail below with reference to the accompanying drawings.
For two clients that communicate with each other, such as a first client and a second client, a key generation method based on error rate parameter adaptive adjustment provided by the embodiment of the present invention has a flow shown in fig. 2a, and includes the following steps:
step S201: in the parameter adjustment stage, two clients which are communicated with each other perform error rate measurement and quantization on a channel shared by the opposite terminal for many times, and adjust error rate measurement/quantization parameters, so that the resultant code rate of the quantization result of the error rate meets the preset requirement.
In the parameter adjustment stage of this step, the first and second clients simultaneously perform multiple error rate measurements on the shared channel, and adjust the error rate measurement and quantization parameters in the quantization process, so as to achieve the purpose of enabling the resultant code rate of the quantization result of the error rate to meet the preset requirement. For example, fig. 2b shows the error rate measurement result and the quantization result obtained by the first client and the second client performing the error rate measurement on the channel multiple times. The following describes the parameter adjustment process in detail by taking the first client as an example; the second client also adopts the same parameter adjustment method, which is not described herein again.
The first client side calculates the bit rate at least once in the parameter adjustment process; after the calculation of the one-time code forming rate is finished, if the first client judges that the code forming rate meets the preset requirement, the parameter adjusting process is finished; otherwise, adjusting the current error rate measurement/quantization parameter, and calculating the next bit rate; wherein, the calculation process of one coding rate comprises the following steps: based on the current error rate measurement parameters, carrying out multiple error rate measurements on the channel; and quantizing the error rate obtained by each measurement based on the current error rate quantization parameter, and further obtaining the resultant code rate of the quantization result of the error rates of multiple measurements as the calculation result of the present resultant code rate.
Fig. 3 shows a specific flow of the parameter adjustment process, which includes the following sub-steps:
substep S300: and setting initial values for error rate measurement and quantization parameters.
Specifically, the error rate measurement parameter may be a data length L of negotiation data transmitted by performing one error rate measurement; preferably, the initial value of L may be a smaller value, and specifically may be a minimum value within a variation range thereof, such as 500, and in the subsequent adjusting sub-step, the value of L is gradually increased, such as the increasing step size may be 500; the range of L can be set to 500-10000.
The bit error rate quantization parameter can be a calculation coefficient alpha of an upper decision threshold and a lower decision threshold adopted by the quantization bit error rate, and the value range of the alpha is 0-1; preferably, the initial value of α may be a large value, and may specifically be the maximum value within its variation range, such as 1, and the α value will be gradually decreased in the subsequent adjustment substep.
Substep S301: based on the current error rate measurement parameters, the first client performs a round (multiple times) of error rate measurements for a channel shared with the opposite end (second client).
Specifically, the first client may perform K error rate measurements for the channel based on the current error rate measurement parameter L; wherein, K is Z/L, and Z is the total length of the negotiation data generated locally and randomly; the specific process of obtaining an error rate measurement result by performing an error rate measurement on the channel based on a section of negotiation data with a length of L is as follows:
the first client side performs near-noise area mapping on a piece of negotiation data with the length of L, which is locally and randomly generated, by using a key base based on a quantum noise encryption technology and then sends the negotiation data to the opposite terminal (a second client side) through the channel;
after receiving the signal sent by the first client, an opposite end (a second client) performs near-noise region demapping on the received signal by using the same key base based on a quantum noise encryption technology to obtain received negotiation data; the opposite end (the second client) uses the key base to map the noise-approximating region of the received negotiation data and then returns the mapping data to the first client;
and the first client performs near-noise region demapping on the signal returned by the opposite end (the second client) by using the key base, so as to obtain looped-back negotiation data.
After a first client obtains loopback negotiation data with the length of L, comparing the loopback negotiation data with the locally randomly generated negotiation data; and obtaining the error rate result of the measurement according to the comparison result. Obviously, the smaller L, the larger K, the greater the number of measured bit error rates, and the greater the number of bits of the key composed of the quantization results of the bit error rates measured K times.
As can be seen from fig. 2b, since the first and second clients simultaneously perform the error rate measurement on the shared channel, the error rate measurement results obtained by the first and second clients are very close to each other.
Substep S302: based on the current error rate quantization parameter, the first client quantizes the error rate obtained by each measurement, and further obtains the resultant code rate of the quantization result of the error rates of multiple measurements.
Specifically, the error rate obtained by the first client for each measurement is quantified according to the following method: for the bit error rate obtained by each measurement, the first client compares the bit error rate obtained by the measurement with an upper decision threshold Th1 and a lower decision threshold Th0 respectively; if the bit error rate is greater than Th1, judging the quantization result of the bit error rate to be 1, and if the bit error rate is less than Th0, judging the quantization result of the bit error rate to be 0; and if the bit error rate is between Th0 and Th1, judging that the quantization result of the bit error rate is invalid. The quantization results of 0 and 1 are effective quantization results.
The code forming rate of the quantization results of the error rates measured for multiple times refers to the number of effective quantization results in unit time counted by the quantization results of the error rates measured for multiple times, namely the generation rate of the effective quantization results. Therefore, the first client counts the number of effective quantization results in the quantization results of the bit error rate obtained by K times of measurement in unit time, namely the generation rate of the effective quantization results, and the effective quantization results are used as the calculation result of the current bit rate. The higher the coding rate, the higher the rate of the key generated based on the quantization result of the bit error rate.
Wherein, the lower decision threshold Th0 is c- α x, and the upper decision threshold Th1 is c + α x; c is the mean of the error rates measured a plurality of times in the above sub-step S301, and is the variance of the error rates measured a plurality of times in the above sub-step S301. Obviously, the larger the α value is, the larger the distance between Th0 and Th1 is, and the coding rate is relatively lowered, but the higher the consistency of the obtained key is based on the effective result of quantization.
As can be seen from fig. 2b, since the error rate measurement results of the first and second clients are very close to each other, the quantization results obtained by quantizing the error rates of the first and second clients are also substantially the same.
Substep S303: the first client side judges whether the calculated code forming rate meets a preset requirement or not; if yes, go to substep S305 to end the parameter adjustment process; if not, then go to substep S304 to adjust the ber measurement/quantization parameter.
Specifically, the first client determines whether the bitrate calculated this time meets a preset requirement, for example, determines whether the bitrate calculated this time is greater than a preset threshold; if yes, go to substep S305 to end the parameter adjustment process; if not, then go to substep S304 to adjust the ber measurement/quantization parameter.
Substep S304: after the error rate measurement/quantization parameter is adjusted, the substep S301 is skipped to, and the next error rate measurement and the next code rate calculation are continued.
Specifically, when the first client determines that the bit error rate does not meet the preset requirement, the bit error rate measurement parameter or the bit error rate quantization parameter needs to be adjusted, so that the bit error rate obtained based on the adjusted parameter can be closer to the preset requirement.
Preferably, L may be adjusted to be increased, or α may be adjusted to be decreased.
As a more preferred embodiment, the adjustment sequence of the parameters may be: firstly fixing an alpha value, increasing a step value delta L to L when each parameter is adjusted, and reducing the alpha value by a step value delta alpha when the L reaches the maximum value; namely, the parameter adjusting method comprises the following steps:
judging whether the current L is the maximum value in the variation range; if not, L is increased by a step value Δ L, otherwise α is decreased by a step value Δ α.
Based on the parameter adjustment strategy, when the bit rate meets the preset requirement, a larger alpha value and a smaller L value can be obtained, so that the rate of generating the key based on the bit error rate quantization result meets the requirement, and the key has higher consistency, more key bits and higher safety.
Substep S305: the parameter adjustment process is ended.
After the first client determines that the bit rate meeting the preset requirement is obtained, for example, the bit rate greater than the preset threshold is obtained, the parameter adjustment process is ended, and the adjusted bit error rate measurement parameter L and the adjusted bit error rate quantization parameter α are output.
Step S202: in the key distribution stage, based on the adjusted parameters, two clients which are communicated with each other measure the error rate of the channel, and quantize the measured error rate to obtain a consistent key.
In the key distribution stage of the step, the first client and the second client can measure the error rate of the shared channel for multiple times, quantize the measured error rate, and obtain a consistent key according to the quantization result.
The following describes the key distribution process of the first client in detail by taking the first client as an example; the second client may also use the same key distribution method, which is not described herein again.
Fig. 4 shows a specific flow of a key distribution process, which includes the following steps:
step S401: based on the adjusted error rate measurement parameter L, the first client performs one round (multiple times) of error rate measurement for a channel shared with an opposite end (second client).
Specifically, the first client may perform one round of error rate measurement, that is, K times of error rate measurement, on the channel based on the error rate measurement parameter L obtained through adjustment in the parameter adjustment stage; wherein, K is Z/L, and Z is the total length of the negotiation data generated locally and randomly;
as shown in fig. 5, the method flow for performing one bit error rate measurement on the channel based on a piece of negotiation data with a length of L includes the following sub-steps:
substep S501: the first client side performs near-noise area mapping on locally randomly generated negotiation data with the length of L by using a key base based on a quantum noise encryption technology and then sends the negotiation data to the opposite terminal (second client side) through the channel;
substep S502: after receiving the signal sent by the first client, an opposite end (a second client) performs near-noise region demapping on the received signal by using the same key base based on a quantum noise encryption technology to obtain received negotiation data; the opposite end (the second client) uses the key base to map the noise-approximating region of the received negotiation data and then returns the mapping data to the first client;
substep S503: and the first client performs near-noise region demapping on the signal returned by the opposite end (the second client) by using the key base, so as to obtain looped-back negotiation data.
Substep S504: after a first client obtains loopback negotiation data with the length of L, comparing the loopback negotiation data with the locally randomly generated negotiation data; and obtaining the bit error rate of the measurement according to the comparison result.
Step S402: based on the error rate quantization parameter alpha obtained by adjustment, the first client quantizes the error rate obtained by each measurement, and generates a consistency key according to the quantization result.
Specifically, the error rate obtained by the first client for each measurement is quantified according to the following method: for the bit error rate obtained by each measurement, the first client compares the bit error rate obtained by the measurement with an upper decision threshold Th1 and a lower decision threshold Th0 respectively; if the bit error rate is greater than Th1, judging the quantization result of the bit error rate to be 1, and if the bit error rate is less than Th0, judging the quantization result of the bit error rate to be 0; and if the bit error rate is between Th0 and Th1, judging that the quantization result of the bit error rate is invalid. The quantization results of 0 and 1 are effective quantization results.
Wherein, the lower decision threshold Th0 is c- α x, and the upper decision threshold Th1 is c + α x; c is the mean value of the error rates measured for a plurality of times in the step S401, and is the variance of the error rates measured for a plurality of times in the step S401, and α is an error rate quantization parameter obtained by the adjustment in the parameter adjustment stage.
One method of generating a key according to the quantization result of the bit error rate may be to directly compose an effective quantization result of the bit error rate obtained by K measurements into a key;
preferably, to further improve the security of the key, the key may be generated by xoring the effective quantization result of the bit error rate obtained by the K measurements with the average value of the bit error rate obtained by the K measurements.
In fact, as shown in fig. 2b, since the first and second clients share the channel, the bit error rates measured by both clients are substantially close to each other, so that the quantization results obtained by quantizing the bit error rates by both clients are substantially identical, and the keys generated based on the quantization results are also identical.
After the first client and the second client generate the consistency key, the first client and the second client can use the key to encrypt and decrypt data to realize secure communication.
Based on the above method for generating a key based on adaptive adjustment of bit error rate parameters, an internal structure of a client provided in an embodiment of the present invention is shown in fig. 6, and the method includes: a parameter adjusting module 601 and a key distribution module 602.
The parameter adjusting module 601 is configured to perform error rate measurement and quantization on a channel shared with an opposite end for multiple times, and adjust an error rate measurement/quantization parameter so that a resultant code rate of a quantization result of an error rate meets a preset requirement. Specifically, the parameter adjusting module 601 performs at least one calculation of the bit rate during the parameter adjusting process; after the calculation of one bit rate is finished, if the bit rate is judged to meet the preset requirement, the parameter adjusting process is finished; otherwise, adjusting the current error rate measurement/quantization parameter, and calculating the next bit rate; wherein, the calculation process of one coding rate comprises the following steps: based on the current error rate measurement parameters, carrying out multiple error rate measurements on the channel; and quantizing the error rate obtained by each measurement based on the current error rate quantization parameter, and further obtaining the resultant code rate of the quantization result of the error rates of multiple measurements as the calculation result of the present resultant code rate. The bit error rate measurement parameter is specifically the data length L of negotiation data sent by performing one-time bit error rate measurement; the bit error rate quantization parameter is specifically a calculation coefficient alpha of an upper decision threshold and a lower decision threshold adopted by the quantization bit error rate. The detailed functions of the parameter adjustment module 601 refer to the method detailed in step S201, and are not described herein again.
The key distribution module 602 is configured to measure an error rate of the channel based on the parameter obtained by the parameter adjustment module, and quantize the measured error rate to obtain a consistent key. The specific functions of the key distribution module 602 may refer to the method detailed in step S202, and are not described herein again.
In addition, the parameter adjusting module 601 may be further configured to, when receiving a signal sent by an opposite end after performing near-noise region mapping on negotiation data randomly generated by the opposite end using a key base, perform near-noise region demapping on the received signal using the key base to obtain received negotiation data, and return the received negotiation data to the opposite end after performing near-noise region mapping on the received negotiation data using the key base.
Similarly, the key distribution module 602 may also be configured to, when receiving a signal sent by an opposite end after performing near-noise region mapping on negotiation data randomly generated by the opposite end using a key base, perform near-noise region demapping on the received signal using the key base to obtain received negotiation data, and return the received negotiation data to the opposite end after performing near-noise region mapping on the received negotiation data using the key base.
The invention provides a key generation method based on error rate parameter self-adaptive adjustment, which extracts the characteristic error rate of an optical communication physical layer channel through double-end measurement to generate a key. The key with high randomness can be obtained by utilizing the inherent randomness characteristics (temperature, pressure and vibration) of the physical layer channel. Meanwhile, parameters can be flexibly adjusted according to environment change, the environment change is dynamically adapted, keys are generated in a self-adaptive quantization mode, and available keys are extracted. Because both ends measure the same channel at the same time, better consistency can be obtained. The inherent noise of the channel enhances the randomness of the key. Therefore, the invention solves the key technology of channel security feature extraction and consistency negotiation, thereby ensuring the reciprocity, randomness and independence.
That is to say, in the technical scheme of the invention, the error rate of the physical characteristics of the channel is utilized, the measurement or quantization parameter of the error rate is adjusted in a self-adaptive manner, and the consistency keys of two mutually communicated clients are generated through error rate quantization; because the two communication parties generate the consistent key in a self-adaptive quantization mode mainly by analyzing the change situation of the error rate of the characteristic quantity of the channel shared by the two communication parties, the consistent key is difficult to detect the same error rate characteristic quantity and acquire the key as a third party eavesdropping party which does not share the channel, so that the consistent key has the advantages of strong randomness, high confidentiality and difficulty in being intercepted by the eavesdropping party, meanwhile, an additional key distribution device and the like are not required to be arranged, the line is not required to be modified, the consistent key is compatible with the existing information transmission system, and the cost is saved; the invention can flexibly and adaptively adjust the measurement or quantization parameter of the error rate according to the environment change, dynamically adapt to the change of the environment, adaptively quantize and generate the key, extract the available key and improve the effectiveness of the key, thereby improving the key utilization rate, namely generating the high-speed key and the consistent key which meet the requirements.
Those of skill in the art will appreciate that various operations, methods, steps in the processes, acts, or solutions discussed in the present application may be alternated, modified, combined, or deleted. Further, various operations, methods, steps in the flows, which have been discussed in the present application, may be interchanged, modified, rearranged, decomposed, combined, or eliminated. Further, steps, measures, schemes in the various operations, methods, procedures disclosed in the prior art and the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.