CN110519050A - Cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping - Google Patents
Cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping Download PDFInfo
- Publication number
- CN110519050A CN110519050A CN201910762216.4A CN201910762216A CN110519050A CN 110519050 A CN110519050 A CN 110519050A CN 201910762216 A CN201910762216 A CN 201910762216A CN 110519050 A CN110519050 A CN 110519050A
- Authority
- CN
- China
- Prior art keywords
- key
- message
- bit
- random number
- data block
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of cryptographic key negotiation methods mapped based on the exchange of quantum true random number with black box, both link ends intercourse one group of dynamic quantum rotation gate true random number evidence by key agreement protocol, received quantum true random number is obtained into the position map information of different value bit according to being compared according to the quantum true random number sent with local terminal;Map information is set based on institute rheme bit; the truly random data block of continuous 8 mapping objects determined by message sequence number is obtained one by one corresponds to the true random number of the position bit according to bit value; concatenation is constituted; true random number mapping bit string as key original material; after randomness test is qualified, shared message key and Data protection keys are obtained.Any information relevant to key original material is neither transmitted in cipher key agreement process, is not needed upon algorithm parameter exchange and mathematical operation also to form key, is made opponent that can not obtain any any information related with generated shared key.
Description
Technical field
The present invention relates to a kind of cryptographic key negotiation methods mapped based on the exchange of quantum true random number with black box.
Background technique
It is the key point of secret communication that key is shared, and the secure communication between two legitimate users is based on only communicating double
The privacy key known just now, it is that design is close that how legal communicating pair could share a group key safely, in real time
Code system must solve the problems, such as.
Classical cryptoraphy establishes the safety of key agreement on difficult math question and the complexity for cracking calculating, key
In negotiations process the key information of interaction transmitting be usually by it is now recognized that also safety, asymmetrical public key algorithm comes in fact
The encrypted transmission protection of key information is applied, but this can not ensure its absolute safety, the reason is that with supercomputer
The continuous promotion of operational capability, especially when the quantum computer with index acceleration computation capability enters practical application
When, the safety of the cryptographic key negotiation method based on classical cryptoraphy especially public key cryptography will will receive serious threat.Therefore,
Network security applies the demand to developing and designing the new type key machinery of consultation with high security very urgent.
The method for taking artificial key injection, although can also make key information avoid stealing attack by channel, under
Once its key is substantially fixation before injection, does not have the ability of dynamic change, and if the long-term circulation of cryptographic system
The security risk that using fixed key both there is key may be cracked, there is also steal preservation by other approach by opponent
Key data security threat.Moreover, being both inconvenient to apply, it may have artificially let out in the frequent replacement process of artificial key
Close high risk.
Quantum key distribution (QKD) method based on the physical securitys characteristic such as uncertainty, nonclonability, although resonable
There is absolute safety by upper, but can not also solve Radio Link, wide area remote link and cross on internet to realize
The problem of quick real-time cipher key distribution.
Therefore, the present invention proposes a kind of cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping, uses
The security mechanism of the truly random data exchange of dynamic quantum rotation gate and black box mapping can obtain the truly random of needs by fast-negotiation
Key data.In this cryptographic key negotiation method, it is only necessary to according to the truly random data block of the dynamic quantum rotation gate of exchange, be based on bit
The information black box mapping mechanism set obtains key data ma-terial from mapping objects true random number according to mapping in several memories, is not required to
The initial data material for generating key is transmitted on unsafe link channel, the security mechanism of this information black box mapping is true
It has protected cipher key agreement process and has had high safety.In addition, to key negotiation information body in addition to taking true random number exclusive or to add
Close cover protection, also takes the safety protecting mechanism of even odd segmentation and block encryption, so that key negotiation information has three
Weight key space encryption protection, and negotiate every time the exclusive or encryption key used and message protection key it is all entirely different and
Irrelevant, these security mechanisms provide the high safeguard protection of encryption intensity for key negotiation information, it is ensured that key association
Quotient's process has high safety, so as to real on unsafe wireless, long-range wire link of wide area and internet
The dynamic key of existing high safety is negotiated.
Summary of the invention
In order to overcome the disadvantages mentioned above of the prior art, the invention proposes one kind based on the exchange of quantum true random number and black box
The cryptographic key negotiation method of mapping.
The technical solution adopted by the present invention to solve the technical problems is: one kind is based on the exchange of quantum true random number and black box
The cryptographic key negotiation method of mapping, the key agreement device of both link ends are occurred by key agreement control module, quantum true random number
Device, mapping objects true random number memory, message mask true random number memory and cryptographic algorithm computing module are constituted;It is described
Key agreement control module respectively with quantum real random number generator, mapping objects true random number memory, message mask very with
Machine number memory and the connection of cryptographic algorithm computing module, realize the negotiations process of the shared key of both link ends, including key
Negotiation message encapsulation/decapsulation processing, key negotiation information body odd even bit segmentation and synthesis processing, dynamic real random number-static state
True random number bit mapping processing, static truly random data block location calculating, cipher key agreement process control processing, position mapping produce
The randomness test processing of raw true random number mapping bit string and the update processing of key negotiation information protection key;It is described
Quantum real random number generator generates quantum true random number in real time, provides dynamic real random number according to block for cipher key agreement process;Institute
It states mapping objects true random number memory and stores the static quantum true random number generated in advance, provide needs for cipher key agreement process
The truly random data block of mapping objects;The static quantum that the message mask true random number memory storage generates in advance is truly random
Number, provides the truly random data block of message mask of needs for cipher key agreement process;The cryptographic algorithm computing module provides grouping
The operation of algorithm enciphering/deciphering and hash signature calculation function, and it is close to save pre-set two key negotiation informations protection
Key, key negotiation information head cover the data enciphering/deciphering key for protecting key, Hash operation key and encryption device to use
Initial value.
Compared with prior art, the positive effect of the present invention is:
It is proposed by the present invention based on quantum true random number exchange with black box mapping cryptographic key negotiation method, based on quantum very with
The exchange of machine number, by different/same position value bit black box mapping mechanism, the mapping objects true random number that will be determined by message sequence number
Bit string is mapped as key original material information according to the true random number for mapping acquisition in block to cut after randomness test qualification
Take 4 message keys and encryption device Data protection keys for obtaining protection cipher key agreement process safety, a key agreement mistake
Journey can generate the truly random key data of 4096 bytes.The random bit value and the position bit map information table of black box mapping output
Mark value it is unrelated, thus completely eliminate opponent decoded by cryptanalysis to key negotiation information obtain negotiate it is shared
The security risk of key.This encryption key method takes full advantage of the truly random characteristic of quantum random number, with the message changed at random
Serial number is specifically mapped to the truly random data block of which mapping objects to determine, and with the characteristic of the truly random variation of dynamic come with
The mark information for changing to machine the position the bit mapping table of black box is imparted to each mapping objects true random number evidence with motor-driven
The characteristic of state variation.This mapping mechanism makes opponent can not be by stealing the key negotiation information data application cryptanalysis means obtained
It is inferred to true key information, the attack of the high-performance calculation including quantum calculation, thus the present invention can be resisted
The cryptographic key negotiation method of proposition is a kind of dynamic key machinery of consultation with high security.
Using method proposed by the present invention, even if opponent can eavesdrop or obtain the key negotiation information transmitted on link,
What it is due to both link ends exchange is only the truly random data information of dynamic quantum rotation gate, and is served only for comparing and obtaining different/same value bit
Position map information, and both link ends do not transmit, the not true random number evidence in commuting mappings black box, therefore opponent's root
Originally any information relevant to key can not be obtained.
In the cryptographic key negotiation method proposed by the present invention mapped based on the exchange of quantum true random number with black box, key agreement association
View has used key negotiation request, key negotiation response, key agreement confirmation and key agreement 4 kinds of message of success.For side
Just the processing of key negotiation information, this 4 kinds of message take unified encapsulation format, including key negotiation information type codomain (4
Byte), key negotiation information serial number codomain (4 byte), dynamic quantum rotation gate true random number codomain (512 byte) and hash signature value
Domain (32 byte).Wherein, hash signature codomain is for providing the detection and identification verification function that message is distorted and palmed off.This
Outside, when needing to generate key agreement confirmation message, quantum true random number codomain is equally filled with the real-time quantum of 480 bytes
True random number, and 32 byte Hash calculation values of dynamic key material bit string are carried, for detecting and ensuring that both ends generate
Key consistency, and the consistency of the shared truly random data block in detection both ends.
In cryptographic key negotiation method proposed by the present invention, cipher key agreement process is related to 4 message protection keys.This 4
A message protection key is respectively the message protection key mk1 (32B) for being used for the odd bit data block grouping enciphering/deciphering of message body,
The message protection key mk2 (32B) of even bit data block grouping enciphering/deciphering for message body, is used for secrete key negotiation message
Key mk3 (8B) is covered in the exclusive or encryption of agreement header field, and anti-tamper, anti-counterfeiting the Hash label for the close state message packet of IP
Name key mk4.This 4 message protection keys that cipher key agreement process uses each time are generated by last key agreement
, and by generation, key agreement needs this 4 message protection keys to be used to cipher key agreement process next time each time.Link
The initial value for this 4 message protection keys that both ends use for the first time is in addition to this all periodically to pass through key by being artificially injected setting
Negotiations process dynamic exchange and black box mapping generate.
The beneficial effects of the present invention are: not transmitted in cipher key agreement process relevant to key primary key material any
Information makes opponent that can not be eavesdropped or be decoded means based on channel and obtains any any letter related with generated shared key
Breath.The 4 message protection keys and Data protection keys that cipher key agreement process dynamic generates are not to be based on negotiating with mathematical method
Parameter generate, but the dynamic real random number by generating in real time it is different/with value bit position-target true random number correspondence
The black box mapping mechanism of position bit value generates.Therefore, cryptographic key negotiation method proposed by the present invention can be fought including quantum
The cryptanalysis cracking attacks of the high-performance computer counted.
Detailed description of the invention
Examples of the present invention will be described by way of reference to the accompanying drawings, in which:
Fig. 1 is that key agreement realizes configuration diagram.
Fig. 2 (a) is key negotiation request and response message format schematic diagram.
Fig. 2 (b) is key agreement confirmation and success message form schematic diagram.
Fig. 2 (c) is the key agreement even odd message packet form schematic diagram of IP+UDP encapsulation.
Fig. 3 is cipher key agreement process schematic diagram.
Specific embodiment
Term of the present invention is as follows:
Quantum real random number generator: for generating in real time and providing the random data block with truly random characteristic.
The truly random data block of dynamic quantum rotation gate: the truly random data block obtained from quantum real random number generator real-time online.
Mapping objects true random number memory: the non-volatile number of large capacity for the quantum true random number that storage generates offline in advance
According to memory, data content is the target true random number evidence that dynamic quantum rotation gate true random number negotiates mapping.Both link ends are preset
The data content of mapping objects true random number memory is completely the same.
Message mask true random number memory: the non-volatile data storage for the quantum true random number that storage generates offline in advance
Device, data content cover the dynamic real random number evidence that key negotiation information carries for exclusive or encryption.Both link ends are preset
The data content of mapping objects true random number memory is completely the same.
Key negotiation information body: the information field main body of key negotiation information, key negotiation request message and key agreement are rung
The message body for answering message includes 3 key negotiation information type, key negotiation information serial number and dynamic quantum rotation gate true random number values
Domain.The message body of key agreement confirmation message and key agreement success message also additionally comprises a negotiation bit string Hash codomain.
Key agreement even odd bit message body: the data byte of key negotiation information volume data block is executed and presses bit odd even
The segmentation of position, merges into odd bit data block for the bit concatenation of the odd position bit, and the bit concatenation of the even position bit is merged into idol
Bit data block.
The position bit map information table: it is divided into different value bit position map information table and with the position value bit map information table, base
It is generated in the dynamic real random number of both link ends exchange according to the comparison one by one of block bit value.
The truly random data block of mapping objects: length 512B is generated and stored in mapping objects true random number offline in advance
In container and the continuous one section of quantum true random number evidence of byte address, the exclusive or in truly random data block storage protection key dk
Encipherment protection state.
The truly random data block of message mask: length 512B is generated and stored in message mask true random number offline in advance
In container and the continuous one section of quantum true random number evidence of byte address, the exclusive or in truly random data block storage protection key dk
Encipherment protection state.
Static truly random data block: the general designation of the truly random data block of mapping objects and the truly random several piece of message mask.
Key initial value: encipherment protection key mk1 (32B) and mk2 (32B) including key agreement even odd bit message body,
Key mk3 (8B), hash signature key mk4 (32B) and truly random data block are covered in the exclusive or encryption of key negotiation information head
Storage protection key dk (512B), this 5 keys are stored in cryptographic algorithm computing module, based on the mode that is artificially injected or automatically
Replace to mode periodical safety.
The close state message packet of the associated IP of IP serial number: the IP serial number difference of the close state message packet of two IP is 1, and even-order number
It is worth bigger than odd sequence number value by 1.
Message protection key mk: grouping enciphering/deciphering key and key agreement for protecting key negotiation information content disappear
Key is covered in the exclusive or encryption for ceasing head, and mk1 (32B), mk2 (32B), mk3 (8B), mk4 (32B) four is employed herein and disappears
Breath protection key, they are dynamically generated by cipher key agreement process, and the message key for negotiating to generate every time is stored in non-easy
It loses in storage chip, by the message protection key as next round cipher key agreement process.
Key negotiation information serial number: length 4B, based on the 4 byte quantum true random number value moulds 10 read in real time9It is remaining
The remainder that number subtracts mould 8 again is formed, and value range is [0, (109- 8)], 4 message of each round key agreement use same
A message sequence number value.
Truly random data block storage protection key dk: the exclusive or of static truly random data block encrypts storage protection key, long
Degree is 512 bytes, is saved by being artificially injected in cryptographic algorithm computing module.
Negotiation bit string Hash: negotiate Hash calculation value of the dynamic key material bit string based on mk4 that mapping obtains.
Data protection keys: by key agreement protocol negotiate to be obtained and provided to data transmission that encryption device uses plus/
Decruption key is indicated with wk.
The method of the present invention is described in detail as follows below in conjunction with attached drawing:
(1) Technical Architecture of the position bit black box mapping key machinery of consultation
The present invention proposes a kind of cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping, core concept
It is the black box mapping mechanism of dynamic quantum rotation gate true random number exchange and different/same position value bit generated by real-time online to realize
Dynamic key agreement is thrown one by one that is, by different/same position value bit of the truly random data block of the dynamic quantum rotation gate for exchanging both sides
It is mapped to the identical position bit of the truly random data block of mapping objects, obtains the identical position bit from the truly random data block of mapping objects
Bit value, concatenation forms different value true random number mapping objects bit string and goes here and there with value true random number mapping objects bit, then the two is gone here and there
Connect the random data material for being formed as key bit.In cipher key agreement process, dynamic is taken to disappear on key negotiation information head first
Cease key exclusive or encryption cover, and to the dynamic quantum rotation gate true random number of exchange accordingly the truly random data block of static message mask into
The encryption of row exclusive or is covered.Then, message segmentation is implemented by odd, even bit to entire key negotiation information body, it is random forms surprise bit
Data block and idol bit random data block take irrelevant message protection key to implement packet data encipherment protection respectively, and
It is encapsulated as the message format of IP+UDP, the hash signature value by cipher controlled is carried, forms two close states of the associated IP of serial number and disappear
Breath message transmits on the link.Finally, recipient is to be verified the true of the close state message packet of IP by the hash signature of cipher controlled
Reality distorted and impersonation attack with resisting, and prevents Denial of Service attack with the close state message packet serial number mechanism of IP.
The present invention is not related to quantum real random number generator module, mapping objects true random number memory module, message and covers
The specific implementation of code true random number memory module, cryptographic algorithm computing module, is not related to the specific implementation of random number detection yet,
These realization technologies are not belonging to the contents of the present invention, they are exchanged as just description true random number proposed by the present invention and black box
The technical foundation of mapping key machinery of consultation.
1, the realization architecture design based on true random number exchange with the cryptographic key negotiation method of black box mapping
In the cryptographic key negotiation method proposed by the present invention mapped based on the exchange of quantum true random number with black box, framework is realized
It designs as shown in Figure 1, its key negotiation information format is as shown in Fig. 2, its cipher key agreement process is as shown in Figure 3.
The key agreement device of both link ends, respectively by key agreement control module, quantum real random number generator module,
Mapping objects true random number memory module, message mask true random number memory module and cryptographic algorithm computing module group
At.Wherein, key agreement control module realizes the negotiations process of both link ends shared key, and major function includes key agreement
Protocol message send and receive processing, message encapsulation/decapsulation processing, the segmentation of message body odd even and synthesis processing, dynamic very with
Machine number and static true random number bit mapping processing, the reading position calculating of static truly random data block and cipher key agreement process
Control;Quantum real random number generator is a hardware module, generates quantum true random number in real time for online, is key agreement
Process provides dynamic real random number according to block;Mapping objects true random number memory is based on massive store chip, and (capacity is at least
The flash chip of 512GB) it realizes, it is continuous static true that the data block location for being determined according to message sequence number reads byte address
Random data provides mapping the truly random data block of target for cipher key agreement process;Message mask true random number memory is based on big
Capacity memory chips (flash chip that capacity is at least 512GB) are realized, for the data block location determining according to message sequence number
Byte address continuously static true random number evidence is read, provides the message mask true random number evidence of needs for cipher key agreement process
Block;Cryptographic algorithm computing module is based on hardware realization, provides the block encryption for key negotiation information and the Hash with key
Signature calculation function, protects the preservation and injection/replacement of the algorithm initial value key of key negotiation information.
The system key that key agreement device receives encryption device negotiates control command, and encryption device is in power-up initializing
To the IP address of key agreement device load local terminal.When encryption device is needed replacing with link opposite end or is set with some VPN password
When data encryption key between standby, the control command of starting key agreement is issued to key agreement device by internal bus,
The IP address of opposite end key agreement device is contained in the control command.
The present invention takes the truly random bit mapping mechanism of dynamic for the truly random data block of mapping objects of each 512B,
Different/identical probability of the random bit value of two dynamic quantum rotation gates is respectively 0.5, every time negotiate can averagely map obtain 256B it is different/
The true random number evidence of the identical position bit.Even if negotiating the truly random data block of mapping objects of the same 512B of reuse every time,
The position random number bit of these different/same value bit is also to change at random, so that out of each mapping objects truly random data block
The random bit string of mapping output also shows the characteristic of truly random variation, is equivalent to and randomly selects from 4096 positions bit
2048 positions bit, a combination thereof sum are [4096!/(2048!)2]≈1.146×101230。
Different value and the truly random bit of dynamic with value are carried out in the truly random data block of mapping objects of continuous 8 512B
Mapping processing, the different value true random number mapping objects bit string of acquisition and same value true random number mapping objects bit string concatenation are formed always
The dynamic key material bit of a length of 4096B goes here and there.
Even if the data content of static truly random memory is changed without, as long as manually refilling truly random data block storage
Key dk is protected, the content for changing static truly random data block is also corresponded to, thus changes storage protection key dk and also can
The data content decryption output of static truly random memory is set to produce huge random variation effect.
The key agreement mechanisms that the present invention designs, can find automatically both link ends configuration initial parameter and it is static very with
Machine data block it is inconsistent, and can realize the one of message key automatically through consultation when both ends message key is inconsistent
It causes.
2, the ability of anti-leaking data is improved using truly random data block storage protection key dk
Even if leaking data event occurs during the transport of true random number memory, as long as crypto-operation module is in
Safeguard protection state, the message protection key initial value being stored in crypto-operation module and truly random data block storage protection are close
Key dk is not revealed, and opponent also can not obtain the key negotiated with cryptanalysis by eavesdropping.In addition, only by change very with
Machine data block storage protection key dk, the data content that the truly random data block of mapping objects can also decrypted occur substantial
Random variation.
3, exclusive or encryption is implemented to key negotiation information body and covers the ability for improving anti-cryptanalysis and decoding
The present invention has carried out exclusive or encryption to key negotiation information header value domain first with message key mk3 and has covered, then right
The intracorporal dynamic quantum rotation gate true random number codomain of key negotiation information has carried out exclusive or with the truly random data block of message mask (512B)
Encryption is covered.The message exclusive or mask that the key agreement of different messages serial number uses is entirely different and irrelevant, thus greatly
Ground improves the ability that the anti-cryptanalysis of key agreement protocol is decoded.
4, the segmentation of message odd even combines the ability that anti-cryptanalysis is decoded that improves with block encryption
The present invention carries out odd even bit segmentation to the key negotiation information load after exclusive or encryption is covered, and forms two
The random data block of even odd bit, then implement block encryption protection respectively with two incoherent key mk1 and mk2.Even odd
Bit divides the mechanism encrypted respectively again, protects key negotiation information by two independent symmetry algorithm key spaces.And its
The input of block encryption is all the data content of truly randomization, and opponent can not pass through the cryptanalysis side based on bright-ciphertext comparison
Method is implemented to decode, and decodes key negotiation information to analysis, it is necessary to implement exhaustion decryption operation, In in two packet key spaces
It is infeasible in Project Realization.In addition, after key agreement each time, mk1 and mk2 can be changed to newly generated close
Key, thus mk1 and mk2 have been only used 4 times, and the ciphertext sample content retransmitted be also it is duplicate, opponent can not pass through
Eavesdropping obtains more different ciphertext samples of data content, and it is extremely difficult to implement only ciphertext analysis attack.
5, the position bit black box mapping mechanism has blocked any approach of opponent's acquisition key information
4 symmetric keys mk1, mk2, mk3, mk4 that key negotiation information uses and the data guarantor negotiated for encryption apparatus
Key wk is protected, is all that the mapping objects true random number evidence that determining data block location is read is calculated according to key negotiation information serial number
Block, then the dynamic real random number by exchanging are mapped according to the black box of the position bit those of value bit different in block/same and are generated, thus
Opponent has been blocked by decoding analysis key negotiation information to obtain any approach of key information, even if opponent has decoded key
The key negotiation information transmitted in negotiations process can not also get about the truly random data block of mapping objects and be negotiated close
Any information of key.Therefore, this position bit black box mapping mechanism provides a kind of similar to physics peace for cipher key agreement process
Full security mechanism ensures that key agreement protocol has very high safety.
(2) workflow
1, dynamic real random number-target true random number mapping processing workflow
When key agreement control module, which needs to exchange by true random number, obtains dynamic key with black box mapping mechanism, adopt
Take following processing step:
The first step, first different value bit position map information table are reset.Then it will be sent out in this key negotiation request message
The truly random data block of the dynamic quantum rotation gate sent, with the dynamic quantum rotation gate true random number evidence received in this key negotiation response message
Block successively carries out byte-by-byte XOR operation, and obtaining the position different value bit map information table (will correspond to different value bit in the table
The bit value of position is labeled as " 1 ").
Second step, according to key negotiation information serial number determine 512B length data block address, from mapping objects very with
8 truly random data blocks of static state in exclusive or encipherment protection state are read out in machine number memory, continuously with true random number evidence
Block storage protection key dk carries out exclusive or to each static truly random data block respectively and decrypts operation, obtains 8 mapping objects
Truly random data block.
Third step is directed to the truly random data block of continuous 8 mapping objects, sequentially respectively from each of these
Its bit value is successively taken out in the truly random data block of mapping objects, based on the bit in the map information table of the same position different value bit
Position marker information concatenates the bit value taken out from the truly random data block of mapping objects if corresponding bit position mark is " 1 "
Into different value true random number mapping objects bit string, otherwise it is concatenated into in value true random number mapping objects bit string.The step
Operation result form different value true random number mapping objects bit string and with value true random number mapping objects bit string.
Different value true random number mapping objects bit string is serially connected in one with value true random number mapping objects bit by the 4th step
, dynamic key material bit string is formed, if unqualified through randomness test, this key agreement is unsuccessful, return negotiation
Failure indicates.
5th step, according to the length of 4 message keys, successively intercepts messages are protected from dynamic key material bit string respectively
The random number bit of key mk1, mk2, mk3, mk4 corresponding length, forming key agreement next time needs message protection to be used close
Key.
6th step, the remainder for going here and there dynamic key material bit, the encryption device number obtained as this key agreement
According to protection key wk.
2, the close state message packet of IP sends processing workflow
When key agreement control module needs to send the close state message packet of the IP comprising key negotiation information, take
Following processing step:
The first step obtains 4 byte quantum true random number values in real time, with integer value 109Remainder after modular arithmetic, then subtract this
The remainder values of residual mode 8, key form negotiation message sequence number value, by the key negotiation information types value of key negotiation information, close
Key negotiation message sequence number value is filled into corresponding codomain, reads the length that real-time online generates from quantum real random number generator
For 512B dynamic real random number according to block, be filled into the intracorporal dynamic quantum rotation gate true random number codomain of key negotiation information.
Second step, the protocol header generated with last cipher key agreement process cover key mk3 to key negotiation information header field
It carries out exclusive or and covers cryptographic calculation.
Third step, the initial address that key negotiation information serial number is converted to a 512B data block are true from message mask
In random number memories read a 512B the truly random data block of message mask in exclusive or encipherment protection state, first with
Truly random data block storage protection key dk carries out exclusive or and decrypts operation, decrypts the truly random data block of outbound message mask, then needle
Exclusive or is carried out to the intracorporal dynamic quantum rotation gate true random number codomain of key negotiation information and covers cryptographic calculation, forms key negotiation information
Body exclusive or covers encrypted data chunk.
4th step covers encrypted data chunk to the entire key negotiation information body exclusive or of acquisition, since first character section
The odd even segmentation of bit one by one is successively carried out to a last byte, and the bit value concatenation of all surprise positions bit is successively merged into shape
At message surprise bit random data block, successively the bit value concatenation of all idol positions bit is merged and forms message idol bit random number
According to block.
5th step, to message surprise bit random data block, based on preset (key agreement for the first time) or last key agreement
The key mk1 of protocol negotiation (in addition to key agreement for the first time) implements block encryption operation using scheduled block cipher,
Form key agreement surprise bit message body data block.To message idol bit random data block, based on preset (key agreement for the first time)
Or last key agreement protocol negotiates the key mk2 of (in addition to key agreement for the first time), using scheduled block cipher
Implement block encryption operation, forms key agreement idol bit message body data block.
6th step, the IP+UDP agreement for adding a standard before key agreement even odd bit message body data block respectively
Head encapsulation, forms the data content of 5 codomain load before the close state message packet of IP.Wherein, encapsulation key agreement surprise bit is disappeared
The close state message packet serial number codomain of IP of breath volume data block is set as incremental odd sequence number value, and encapsulation key agreement idol bit is disappeared
The close state message packet serial number codomain of IP of breath volume data block is set as incremental even sequence number value, they are associated with (difference for IP serial number
For the close state message packet of two IP 1).
7th step, using Hash key mk4, respectively for including UDP message protocol before the close state message packet of two IP
The data content of 4 codomains including head calculates hash signature value, is filled into the hash signature codomain of the close state message packet of IP,
The associated complete close state message packet of IP of two IP serial numbers is formed, the close state message packet of the two IP is close via chain road direction opposite end
Key consulting device is sent.
So far key agreement control module just completes the transmission process flow of key negotiation information.
3, IP Mi Tai message packet receiving area manages workflow
When key agreement control module receives the close state message packet of two associated IP of IP serial number, following processing is taken
Step:
The first step, with Hash key mk4, calculate separately before the two associated close state message packets of IP include UDP report
The hash signature value of 4 codomain data including literary protocol header, and the hash signature value ratio carried with the close state message packet of its IP
Compared with.If inconsistent, verified with the initial value of mk4, if still inconsistent, abandons the close state message packet of this IP, report different
Normal state, does not further process.
Second step, the IP+UDP head for peeling off encapsulation.
Third step, the close state message packet of IP corresponding for odd IP serial number, based on message protection key mk1 to its surprise bit
Data block block encryption protected field load implements packet deciphering operation, obtains the odd bit random data block of key negotiation information;It is right
In the close state message packet of the corresponding IP of even IP serial number, its idol bit data block block encryption is protected based on message protection key mk2
Domain load implements packet deciphering operation, obtains the even bit random data block of key negotiation information.
4th step is based on surprise bit random data block and idol bit random data block, and the odd, even position executed by bit interlocks
The union operation of insertion recovers key negotiation information body exclusive or and covers encrypted data chunk.
5th step covers encrypted data chunk for key negotiation information body exclusive or, with the generation of last cipher key agreement process
Messaging protocol head exclusive or cover key mk3, to key negotiation information header field carry out exclusive or cover decryption operation, recover key
The setting value of negotiation message head obtains key negotiation information sequence number value.
6th step, the initial address that key negotiation information sequence number value is converted to a 512B data block, from message mask
The truly random data block of static state in exclusive or encipherment protection state is read out in true random number memory, then with true random number evidence
Block storage protection key dk carries out exclusive or decryption operation to it, the truly random data block of message mask is obtained, for dynamic quantum rotation gate
True random number codomain carries out exclusive or decryption and goes to cover operation.
So far key agreement control module just completes the reception process flow of key negotiation information.
4, the workflow of key agreement originating end
When the key agreement control module in key agreement device initiates key agreement process, following processing is taken to walk
It is rapid:
Key negotiation information transmission processing workflow is first carried out in the first step, and it is close to generate two associated IP of IP serial number
Then they are sent to the key agreement device of link opposite end, and save the close state of the two IP and ask by state request message message
Seek the copy of message packet.Start request message retransmission timer simultaneously, retransmits the close state request message of the two IP if time-out
The copy of message, until receiving two IP serial numbers associated and effective (verify by Hash and message sequence number is consistent)
The close state response message message of IP just stops request message retransmission timer;If request message repeating transmission has been more than defined number,
The close state request message message of IP is regenerated with message key initial value to send, and starts request message retransmission timer, if time-out
It retransmits, if retransmitting again above defined number, key agreement failure terminates cipher key agreement process, and to encryption device
Report abnormality.
Second step, after receiving that two IP serial numbers are associated and effective IP close state response message message, be first carried out
Key negotiation information receiving area manages workflow, and decryption obtains key negotiation response message.
If third step, received response message serial number are identical as the request message serial number of transmission, asked for key agreement
The truly random data block of dynamic quantum rotation gate for including in message and key negotiation response message is sought, it is true to execute dynamic real random number-target
Random number black box mapping processing workflow, obtains dynamic key material bit string.
If the 4th step, dynamic real random number-target true random number black box mapping processing workflow return and negotiate unsuccessfully to refer to
Show, then this key agreement fails, and temporary message packet copy is removed, and return to the first step, with new negotiation message sequence
Number initiate a new round key agreement workflow.
5th step generates a key agreement confirmation message, negotiates that it is close to be filled with dynamic in bit string Hash codomain at it
(mk4) Hash calculation value of key material bit string.Then it executes the close state message packet of IP and sends process flow, the close state of IP is confirmed
Message packet is sent to key negotiation response end, and saves the copy of the close state confirmation message message of the two IP, starts simultaneously
Confirm retransmission timer, sends the copy of the close state confirmation message message of two IP again if time-out, wait two IP sequences to be received
Number associated and effective close state success message message of IP.
If the 6th step receives that two IP serial numbers are associated and the effective close state success message message of IP, it is first carried out close
Key negotiation message receiving area manages workflow, and decryption obtains key agreement success message.If received negotiation success message and hair
The negotiation bit string cryptographic Hash for including in the negotiation response message sent is consistent, then stops confirmation message retransmission timer, 4 are disappeared
Breath protection key is saved in nonvolatile storage, and Data protection keys are submitted to encryption device, terminates this secondary key association
Quotient's process.If it is inconsistent to negotiate bit string cryptographic Hash, temporary message packet copy is removed, and return to the first step, with new
The key agreement workflow of a negotiation message serial number initiation new round.
So far key agreement control module just completes the workflow of key agreement originating end.
5, the workflow at key negotiation response end
When the key agreement control module response key in key agreement device negotiates process, following processing is taken to walk
It is rapid:
The first step, after receiving that two IP serial numbers are associated and effective IP close state request message message, remove first
Previously temporary message packet copy executes key negotiation information receiving area and manages workflow, and decryption obtains key negotiation request
Message.If message sink process flow returns to abnormality, cipher key agreement process is terminated, and report key manages safe thing
Part.
Second step sends processing workflow according to key negotiation information, generates the close state of two associated IP of IP serial number and rings
Answer message packet, then they sent via the key negotiation module of chain road direction opposite end key agreement device, and save this two
The copy of a close state response message message of IP, while starting response message retransmission timer, send two IP again if time-out
The copy of close state response message message, until receiving two close state confirmation message messages of the associated IP of IP serial number.
Third step, when receiving that two IP serial numbers are associated and the close state confirmation message message of effective IP, be first carried out
Key negotiation information receiving area manages workflow, and decryption obtains the content of key negotiation response message body.
If the 4th step, the confirmation message sequence number received are identical as the response message serial number of transmission, for what is received
It is true to execute dynamic for the dynamic quantum rotation gate true random number evidence for including in key negotiation request message and the key negotiation response message of transmission
Random number-target true random number black box maps process flow, obtains dynamic key material bit string, and it is fixed to stop response message repeating transmission
When device.
If the 5th step, dynamic real random number-target true random number black box mapping processing workflow return and negotiate unsuccessfully to refer to
Show, then this key agreement fails, and report key manages security incident, and removes temporary message packet copy, returns initial
State waits opposite end to initiate the key agreement workflow of a new round.
If the negotiation bit string cryptographic Hash and local terminal that include in the 6th step, the key agreement confirmation message received are with dynamic
The cryptographic Hash of key material bit string is inconsistent, then starts the cipher key agreement process of a new round immediately.
If the 7th step, two negotiation bit string cryptographic Hash are consistent, a key agreement success message is generated, in its negotiation bit
It goes here and there in Hash codomain, is filled with (mk4) cryptographic Hash of dynamic key material bit string.Then the close state message packet of IP is executed to send
The close state success message message of IP is sent to key agreement originating end, and saves the close state of the two IP and successfully disappear by process flow
The copy for ceasing message, 4 message protection keys is saved in nonvolatile storage, and Data protection keys are submitted to password
Equipment.
If the 8th step receives that two IP serial numbers are associated and the effective close state confirmation message message of IP again, will all save
The close state success message message copy of two IP retransmit it is primary.
So far key agreement control module just completes the workflow at key negotiation response end.
Claims (6)
1. a kind of cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping, it is characterised in that: both link ends
Key agreement device by key agreement control module, quantum real random number generator, mapping objects true random number memory, disappears
It ceases mask true random number memory and cryptographic algorithm computing module is constituted;The key agreement control module is true with quantum respectively
Randomizer, mapping objects true random number memory, message mask true random number memory and cryptographic algorithm operation mould
Block connection, realizes the negotiations process of the shared key of both link ends, including key negotiation information encapsulation/decapsulation processing, key
Negotiation message body odd even bit segmentation and synthesis processing, the processing of dynamic real random number-static state true random number bit mapping, static state very with
The randomness for the true random number mapping bit string that the calculating of machine data block location, cipher key agreement process control processing, position mapping generate
Examine the update processing of processing and key negotiation information protection key;The quantum real random number generator generates quantum in real time
True random number provides dynamic real random number according to block for cipher key agreement process;The mapping objects true random number memory storage is pre-
The static quantum true random number first generated, the truly random data block of mapping objects for providing needs for cipher key agreement process;It is described to disappear
Breath mask true random number memory stores the static quantum true random number generated in advance, provides disappearing for needs for cipher key agreement process
Cease the truly random data block of mask;The cryptographic algorithm computing module provides the operation of grouping algorithm enciphering/deciphering and hash signature operation
Function, and save pre-set two key negotiation informations protection key, key negotiation information head covers protection key,
The initial value for the data enciphering/deciphering key that Hash operation key and encryption device use.
2. the cryptographic key negotiation method according to claim 1 based on the exchange of quantum true random number with black box mapping, feature
Be: when key agreement control module need based on dynamic real random number according to block it is different/with the position value bit-static object it is truly random
When the black box mapping mechanism of data block comes negotiation message key and data key, following processing step is taken:
The first step, first different value bit position map information table are reset, and then will be sent in this key negotiation request message
The truly random data block of dynamic quantum rotation gate, and the truly random data block of dynamic quantum rotation gate received in this key negotiation response message,
Byte-by-byte XOR operation is successively carried out, the position different value bit map information table is obtained;
The data block address of second step, the 512B length determined according to key negotiation information serial number, from mapping objects true random number
8 truly random data blocks of static state in exclusive or encipherment protection state are continuously read out in memory, are deposited with truly random data block
Storage protection key dk carries out exclusive or to each static truly random data block respectively and decrypts operation, obtain 8 mapping objects very with
Machine data block;
Third step is directed to the truly random data block of continuous 8 mapping objects, sequentially respectively from each of these mapping
Its bit value is successively taken out in the truly random data block of target, based on the position bit in the map information table of the same position different value bit
The bit value taken out from the truly random data block of mapping objects is concatenated into different by mark information if corresponding bit position mark is " 1 "
It is worth in true random number mapping objects bit string, is otherwise concatenated into in value true random number mapping objects bit string;
Different value true random number mapping objects bit string is serially connected by the 4th step with value true random number mapping objects bit,
Formation dynamic key material bit string, if unqualified through randomness test, this key agreement is unsuccessful, return negotiation mistake
Lose instruction;
5th step, according to the length of 4 message keys, successively intercepts messages protect key from dynamic key material bit string respectively
The random number bit of mk1, mk2, mk3, mk4 corresponding length, forming key agreement next time needs message protection key to be used;
6th step, the remainder for going here and there dynamic key material bit, the encryption device data obtained as this key agreement are protected
Protect key wk.
3. the cryptographic key negotiation method according to claim 2 based on the exchange of quantum true random number with black box mapping, feature
It is: when key agreement control module needs to generate a key negotiation information, encipherment protection is divided based on message odd even bit
Mechanism takes following processing step:
The first step, based on the 4 byte quantum true random number values obtained in real time, with integer value 109Remainder after modular arithmetic, then subtract
The remainder values of the residual mode 8 form the message sequence number that this key agreement uses, by the key negotiation information of key negotiation information
Types value, key negotiation information sequence number value are filled into corresponding codomain, read real-time online from quantum real random number generator
The length of generation is the dynamic real random number of 512B according to block, is filled into the truly random numerical value of the intracorporal dynamic quantum rotation gate of key negotiation information
In domain;
Second step covers key mk3 to the progress of key negotiation information header field with the protocol header that last cipher key agreement process generates
Exclusive or covers cryptographic calculation;
Third step, the initial address that key negotiation information serial number is converted to a 512B data block, it is truly random from message mask
Number memories in read a 512B the truly random data block of message mask in exclusive or encipherment protection state, first with very with
Machine data block storage protection key dk carries out exclusive or and decrypts operation, decrypts the truly random data block of outbound message mask, then for close
The intracorporal dynamic quantum rotation gate true random number codomain of key negotiation message carries out exclusive or and covers cryptographic calculation, and it is different to form key negotiation information body
Or cover encrypted data chunk;
4th step covers encrypted data chunk to the entire key negotiation information body exclusive or of acquisition, to most since first character section
The latter byte successively carries out the odd even segmentation of bit one by one, and the bit value concatenation of all surprise positions bit is successively merged formation and is disappeared
Surprise bit random data block is ceased, successively the bit value concatenation of all idol positions bit is merged and forms message idol bit random data block;
5th step, to message surprise bit random data block, block encryption fortune is implemented using scheduled block cipher based on mk1
It calculates, forms key agreement surprise bit message body data block;To message idol bit random data block, scheduled grouping is applied based on mk2
Cryptographic algorithm implements block encryption operation, forms key agreement idol bit message body data block;
6th step, the IP+UDP protocol header envelope for adding a standard before key agreement even odd bit message body data block respectively
Dress forms the data content of 5 codomain load before the close state message packet of IP, wherein will encapsulate key agreement surprise bit message body
The close state message packet IP serial number codomain of the IP of data block is set as incremental odd sequence number value, will encapsulate key agreement idol bit message
The close state message packet IP serial number codomain of the IP of volume data block is set as incremental even sequence number value;
7th step, using Hash key mk4, respectively for including that UDP message protocol head exists before the close state message packet of two IP
The data content of 4 interior codomains calculates hash signature value, is filled into the hash signature codomain of the close state message packet of IP, is formed
The associated complete close state message packet of IP of two IP serial numbers assists the close state message packet of the two IP via chain road direction opposite end key
Quotient's device is sent.
4. the cryptographic key negotiation method according to claim 3 based on the exchange of quantum true random number with black box mapping, feature
It is: when key agreement control module receives the close state message packet of neat two associated IP, takes following processing step:
The first step, with Hash key mk4, calculate separately before the two associated close state message packets of IP include UDP message assist
The hash signature value of 4 codomain data including head is discussed, and compared with the hash signature value that the close state message packet of its IP carries: if
Unanimously, then enter in next step;If inconsistent, verified with the initial value of mk4, is entered after being verified in next step, if still
It is inconsistent, then the close state message packet of this IP is abandoned, abnormality is reported, does not further process;
Second step, the IP+UDP head for peeling off encapsulation;
Third step, the close state message packet of IP corresponding for odd IP serial number, based on message protection key mk1 to its surprise bit data
Block block encryption protected field load implements packet deciphering operation, obtains the odd bit random data block of key negotiation information;For idol
The close state message packet of the corresponding IP of IP serial number carries its idol bit data block block encryption protected field based on message protection key mk2
Lotus implements packet deciphering operation, obtains the even bit random data block of key negotiation information;
4th step is based on surprise bit random data block and idol bit random data block, and the odd, even position executed by bit is staggeredly inserted into
Union operation, recover key negotiation information body exclusive or cover encrypted data chunk;
5th step covers encrypted data chunk for key negotiation information body exclusive or, is disappeared with what last cipher key agreement process generated
It ceases protocol header exclusive or and covers key mk3, exclusive or is carried out to key negotiation information header field and covers decryption operation, recovers key agreement
The setting value of message header obtains key negotiation information sequence number value;
6th step, the initial address that key negotiation information sequence number value is converted to a 512B data block, from message mask very with
The truly random data block of static state in exclusive or encipherment protection state is read out in machine number memory, is then deposited with truly random data block
Storage protection key dk it is carried out exclusive or decryption operation, obtain the truly random data block of message mask, for dynamic quantum rotation gate very with
Machine Numerical Range carries out exclusive or decryption and goes to cover operation.
5. the cryptographic key negotiation method according to claim 1 based on the exchange of quantum true random number with black box mapping, feature
It is: when key agreement control module initiates key agreement process, takes following processing step:
Key negotiation information transmission processing workflow is first carried out in the first step, generates two close states of the associated IP of IP serial number and asks
Message packet is sought, then sends them to the key agreement device of link opposite end, and saves the close state request of the two IP and disappears
Cease the copy of message;Start request message retransmission timer simultaneously, retransmits the close state request message message of the two IP if time-out
Copy, until receiving, two IP serial numbers are associated and the effective close state response message message of IP, just stopping request message weight
Send out timer;If it has been more than the number set that request message, which is retransmitted, the close state request of IP is regenerated with message key initial value and is disappeared
It ceases message to send, starts request message retransmission timer, retransmitted if time-out, if retransmitting the number again above setting,
Key agreement failure terminates cipher key agreement process, and reports abnormality to encryption device;
Second step, after receiving that two IP serial numbers are associated and effective IP close state response message message, key is first carried out
Negotiation message receiving area manages workflow, and decryption obtains key negotiation response message;
If third step, received response message serial number are identical as the request message serial number of transmission, disappear for key negotiation request
It is truly random to execute dynamic real random number-target for the truly random data block of dynamic quantum rotation gate for including in breath and key negotiation response message
Number black box mapping processing workflow, obtains dynamic key material bit string;
If the 4th step, dynamic real random number-target true random number black box mapping processing workflow return and negotiate unsuccessfully to indicate,
The failure of this key agreement removes temporary message packet copy, and returns to the first step, is initiated with new negotiation message serial number
The key agreement workflow of a new round;
5th step generates a key agreement confirmation message, negotiates to fill dynamic key material in bit string Hash codomain at it
Then the Hash calculation value of bit string executes the close state message packet of IP and sends process flow, the close state confirmation message message of IP is sent
Key negotiation response end is given, and saves the copy of the close state confirmation message message of the two IP, while starting confirmation and retransmitting timing
Device sends the copy of the close state confirmation message message of two IP again if time-out, waits two IP serial numbers to be received associated and have
The close state success message message of the IP of effect;
If the 6th step receives that two IP serial numbers are associated and the effective close state success message message of IP, key association is first carried out
Quotient's message sink handles workflow, and decryption obtains key agreement success message;If received negotiate success message and transmission
It is consistent to negotiate the negotiation bit for including in response message string cryptographic Hash, then stops confirmation message retransmission timer, 4 message is protected
Shield key is saved in nonvolatile storage, and Data protection keys are submitted to encryption device, terminates this key agreement mistake
Journey;If it is inconsistent to negotiate bit string cryptographic Hash, temporary message packet copy is removed, and return to the first step, with new negotiation
The key agreement workflow of a message sequence number initiation new round.
6. the cryptographic key negotiation method according to claim 1 based on the exchange of quantum true random number with black box mapping, feature
It is: when key agreement control module response key negotiates process, takes following processing step:
The first step, after receiving that two IP serial numbers are associated and effective IP close state request message message, remove first previous
Temporary message packet copy executes key negotiation information receiving area and manages workflow, and decryption obtains key negotiation request message;
If message sink process flow returns to abnormality, cipher key agreement process is terminated, and report key manages security incident;
Second step sends processing workflow according to key negotiation information, generates the close state response of two associated IP of IP serial number and disappears
Message is ceased, then they are sent via the key negotiation module of chain road direction opposite end key agreement device, and save the two IP
The copy of close state response message message, while starting response message retransmission timer, send two close states of IP again if time-out
The copy of response message message, until receiving two close state confirmation message messages of the associated IP of IP serial number;
Third step, when receiving that two IP serial numbers are associated and the close state confirmation message message of effective IP, key is first carried out
Negotiation message receiving area manages workflow, and decryption obtains the content of key negotiation response message body;
If the 4th step, the confirmation message sequence number received are identical as the response message serial number of transmission, for the key received
It is truly random to execute dynamic for the dynamic quantum rotation gate true random number evidence for including in negotiation request message and the key negotiation response message of transmission
Number-target true random number black box maps process flow, obtains dynamic key material bit string, stops response message retransmission timer;
If the 5th step, dynamic real random number-target true random number black box mapping processing workflow return and negotiate unsuccessfully to indicate,
The failure of this key agreement, report key manages security incident, and removes temporary message packet copy, returns to original state,
Opposite end is waited to initiate the key agreement workflow of a new round;
If the negotiation bit string cryptographic Hash and local terminal that include in the 6th step, the key agreement confirmation message received are with dynamic key
The cryptographic Hash of material bit string is inconsistent, then starts the cipher key agreement process of a new round immediately;
If the 7th step, two negotiation bit string cryptographic Hash are consistent, a key agreement success message is generated, negotiates bit string at it and breathes out
In uncommon codomain, the cryptographic Hash of filling dynamic key material bit string;Then it executes the close state message packet of IP and sends process flow, it will
The close state success message message of IP is sent to key agreement originating end, and saves the pair of the close state success message message of the two IP
This, 4 message protection keys is saved in nonvolatile storage, and Data protection keys are submitted to encryption device;
If the 8th step receives that two IP serial numbers are associated and the effective close state confirmation message message of IP again, by the two of preservation
A close state success message message copy of IP retransmits primary.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910762216.4A CN110519050B (en) | 2019-08-19 | 2019-08-19 | Secret key negotiation method based on quantum true random number exchange and black box mapping |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910762216.4A CN110519050B (en) | 2019-08-19 | 2019-08-19 | Secret key negotiation method based on quantum true random number exchange and black box mapping |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110519050A true CN110519050A (en) | 2019-11-29 |
| CN110519050B CN110519050B (en) | 2021-12-17 |
Family
ID=68626727
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910762216.4A Active CN110519050B (en) | 2019-08-19 | 2019-08-19 | Secret key negotiation method based on quantum true random number exchange and black box mapping |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110519050B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113193958A (en) * | 2021-05-10 | 2021-07-30 | 成都量安区块链科技有限公司 | High-safety high-efficiency quantum key service method and system |
| CN113609518A (en) * | 2021-06-18 | 2021-11-05 | 天津津航计算技术研究所 | Message protocol overtime retransmission method and system based on associated container map |
| CN114124370A (en) * | 2021-10-14 | 2022-03-01 | 阿里云计算有限公司 | Key generation method and device |
| WO2022042137A1 (en) * | 2020-08-31 | 2022-03-03 | Oppo广东移动通信有限公司 | Data transmission method and apparatus, device, and storage medium |
| CN114172637A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Multi-wave sequencing secure communication method based on quantum distribution |
| CN114448628A (en) * | 2022-02-22 | 2022-05-06 | 国网上海市电力公司 | Quantum noise stream encryption communication method, device, equipment and storage medium |
| CN115001688A (en) * | 2022-07-14 | 2022-09-02 | 北京算讯科技有限公司 | Data secure transmission method and system based on quantum encryption |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN106612176A (en) * | 2016-12-16 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Negotiation system and negotiation method based on quantum truly random number negotiation secret key |
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| US20170132743A1 (en) * | 2012-06-14 | 2017-05-11 | Digimarc Corporation | Methods and systems for signal processing |
| CN107359987A (en) * | 2017-07-07 | 2017-11-17 | 上海交通大学 | Continuous variable quantum key distribution multidimensional machinery of consultation under finite dimensional effect |
-
2019
- 2019-08-19 CN CN201910762216.4A patent/CN110519050B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170132743A1 (en) * | 2012-06-14 | 2017-05-11 | Digimarc Corporation | Methods and systems for signal processing |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN106612176A (en) * | 2016-12-16 | 2017-05-03 | 中国电子科技集团公司第三十研究所 | Negotiation system and negotiation method based on quantum truly random number negotiation secret key |
| CN106656510A (en) * | 2017-01-04 | 2017-05-10 | 天地融科技股份有限公司 | Encryption key acquisition method and system |
| CN107359987A (en) * | 2017-07-07 | 2017-11-17 | 上海交通大学 | Continuous variable quantum key distribution multidimensional machinery of consultation under finite dimensional effect |
Non-Patent Citations (1)
| Title |
|---|
| 孔令荣等: "一种RFID标签信息安全传输协议", 《信息安全与通信保密》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022042137A1 (en) * | 2020-08-31 | 2022-03-03 | Oppo广东移动通信有限公司 | Data transmission method and apparatus, device, and storage medium |
| US11949781B2 (en) | 2020-08-31 | 2024-04-02 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Data transmission method, device, apparatus and storage medium |
| CN114172637A (en) * | 2020-09-11 | 2022-03-11 | 军事科学院系统工程研究院网络信息研究所 | Multi-wave sequencing secure communication method based on quantum distribution |
| CN114172637B (en) * | 2020-09-11 | 2023-07-14 | 军事科学院系统工程研究院网络信息研究所 | Multi-wave ordering safety communication method based on quantum distribution |
| CN113193958A (en) * | 2021-05-10 | 2021-07-30 | 成都量安区块链科技有限公司 | High-safety high-efficiency quantum key service method and system |
| CN113609518A (en) * | 2021-06-18 | 2021-11-05 | 天津津航计算技术研究所 | Message protocol overtime retransmission method and system based on associated container map |
| CN113609518B (en) * | 2021-06-18 | 2023-12-12 | 天津津航计算技术研究所 | Message protocol timeout retransmission method and system based on association container map |
| CN114124370A (en) * | 2021-10-14 | 2022-03-01 | 阿里云计算有限公司 | Key generation method and device |
| CN114448628A (en) * | 2022-02-22 | 2022-05-06 | 国网上海市电力公司 | Quantum noise stream encryption communication method, device, equipment and storage medium |
| CN114448628B (en) * | 2022-02-22 | 2024-01-23 | 国网上海市电力公司 | Quantum noise stream encryption communication method, device, equipment and storage medium |
| CN115001688A (en) * | 2022-07-14 | 2022-09-02 | 北京算讯科技有限公司 | Data secure transmission method and system based on quantum encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110519050B (en) | 2021-12-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110519050A (en) | Cryptographic key negotiation method based on the exchange of quantum true random number with black box mapping | |
| CN106612176B (en) | One kind being based on quantum true random number arranging key negotiating system and machinery of consultation | |
| EP0998799B1 (en) | Security method and system for transmissions in telecommunication networks | |
| CN107846282A (en) | A kind of electronic data distribution keeping method and system based on block chain technology | |
| CN108768930A (en) | A kind of encrypted transmission method of data | |
| CN111245862A (en) | System for safely receiving and sending terminal data of Internet of things | |
| CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
| CN113872762B (en) | Quantum encryption communication system based on power distribution terminal equipment and use method thereof | |
| CN107172056A (en) | A kind of channel safety determines method, device, system, client and server | |
| CN105897748B (en) | A kind of transmission method and equipment of symmetric key | |
| CN105610848A (en) | Centralized data preservation method and system with source data security guaranty mechanism | |
| CN109922047B (en) | Image transmission system and method | |
| CN111614691B (en) | Outbound message processing method and device based on power gateway | |
| CN109274502A (en) | The creation method of public key encryption and key signature, equipment and readable storage medium storing program for executing | |
| CN104243494A (en) | Data processing method | |
| CN107483388A (en) | A kind of safety communicating method and its terminal and high in the clouds | |
| CN101552792B (en) | A method and apparatus for transmitting information with dynamic secondary cipher key | |
| CN110011786A (en) | A kind of IP secret communication method of high safety | |
| CN107154855A (en) | The anti-omnipotent attack secure network coding method signed based on homomorphism linear subspaces | |
| US7133525B1 (en) | Communication security apparatus and method of using same | |
| CN114567431A (en) | Security authentication method for unidirectional transmission | |
| CN110022204B (en) | Method for enhancing security of file secret communication based on content true randomization segmentation | |
| CN109005151A (en) | A kind of encryption of information, decryption processing method and processing terminal | |
| CN108650096A (en) | A kind of industrial field bus control system | |
| CN113591109B (en) | Method and system for communication between trusted execution environment and cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |