CN110808835B - Quantum key distribution network and quantum key distribution method and device - Google Patents
Quantum key distribution network and quantum key distribution method and device Download PDFInfo
- Publication number
- CN110808835B CN110808835B CN201911133640.9A CN201911133640A CN110808835B CN 110808835 B CN110808835 B CN 110808835B CN 201911133640 A CN201911133640 A CN 201911133640A CN 110808835 B CN110808835 B CN 110808835B
- Authority
- CN
- China
- Prior art keywords
- node
- trusted
- nodes
- relay
- quantum key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0855—Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Abstract
The invention provides a quantum key distribution network, a quantum key distribution method and a quantum key distribution device, wherein the method comprises the following steps: determining a trusted relay route from a source node to a destination node; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops; for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes; based on the credible relay route and the determined relay of the non-credible node, realizing the distribution of the shared quantum key between the source node and the destination node; the trusted nodes are provided with a QKD transmitter and a receiver; and the untrusted nodes are provided with a QKD transmitter and an MDI-QKD receiver. By applying the method and the device, quantum key distribution between two remote nodes can be realized by using the relay node under the scene that the trusted node and the untrusted node coexist, and the safety of the QKD network is improved.
Description
Technical Field
The present invention relates to the field of quantum key distribution technologies, and in particular, to a quantum key distribution network, and a method and an apparatus for quantum key distribution.
Background
In the information era, the security of network information faces serious potential safety hazard. The safety of the quantum secret communication network is ensured by the 'Heisenberg inaccurate measuring principle' and the 'quantum unclonable law' and the same quantum mechanics basic law, and the quantum secret communication network has the advantage of theoretical 'unconditional safety'. With the rapid development of communication networks, the application field of quantum communication technology is continuously widened. A typical application that is developed relatively mature at the present stage and has industrialization potential is a Quantum secret communication network based on QKD (Quantum Key Distribution).
At present, from the technical aspect, the QKD has the following implementation schemes: (1) a trusted relay; (2) MDI-QKD (Measurement-Device-Independent Quantum Key Distribution, measuring Device-Independent Quantum Key Distribution).
The trusted relay technology firstly caches a key generated by a point-to-point quantum key distribution link in a trusted relay node, and then transfers an end-to-end key required by a user hop by hop in an OTP encryption mode by utilizing a multi-hop link.
In the trusted relay technology, a secret key is encrypted and relayed between trusted relay nodes, and the specific principle is as follows: a trusted repeater R is connected between the node A and the node B, and the node A encrypts the KAB through the KAR by using a One-time-pad (OTP), transmits the encrypted KAB to the trusted repeater R and decrypts the encrypted KAB to obtain the KAB. The trusted repeater R re-encrypts the KAB by using the key KRB and sends the KAB to the node B, the node B decrypts the KAB to obtain the KAB, and the node A and the node B carry out encrypted communication by sharing the key KAB.
For example, as shown in fig. 1, it is assumed that the key distribution paths of two distant nodes, Alice and Bob, are Alice → Node1 → Node2 → Bob. The relay procedure is as follows:
(1) alice and Node1 generate a shared secret key K1;
(2) the Node1 encrypts the K1 by means of XOR with the key K2 generated by the Node2 and transmits the encrypted K1 to the Node 2;
(3) the Node2 decrypts the received encryption key by using K2 to obtain K1, and then repeats the steps of the Node1 to transfer K1 to the next Node;
(4) the whole process is finished until Bob obtains K1, at which time Alice and Bob obtain the secret key K1.
In the MDI-QKD technology, a sender transmits signals to an untrusted third party to carry out Bell State Measurement (BSM), a Measurement module can be regarded as a complete black box, post-processing is carried out according to the Measurement result to obtain a quantum key, the MDI-QKD can carry out immune detection channel attack and is suitable for a star network, but the link transmission distance is still limited to a certain extent.
As shown in fig. 2, a plurality of nodes are respectively connected to optical switches in different optical fibers through WDM channels and then sent to untrusted Charlie. The optical switch is only connected with two nodes Alice and Bob in a time slot through a time division multiplexing mechanism, and Charlie carries out Bell state measurement on single photons sent by Alice and Bob. Charlie sends the measurement time to Alice and Bob respectively, and Alice and Bob perform measurement base ratio peer-to-peer post-processing through a public channel to generate a secret key.
MDI-QKD is best suited for star network topologies, allowing eavesdroppers to have full control over the relay without compromising security while achieving sharing of expensive probes. However, MDI-QKD based star networks have limited distances to implement, and how to relay between star networks is an always unsolved problem.
However, in most QKD networks in real scenes, it is difficult to ensure that all nodes are completely trusted, and trusted nodes and untrusted nodes coexist, so that there is a considerable safety problem if a trusted relay technology is adopted in this scene; the MDI-QKD technique suffers from a transmission distance limitation, that is, the MDI-QKD gradually degrades in performance as the transmission distance increases.
Disclosure of Invention
In view of this, the present invention provides a quantum key distribution network, a quantum key distribution method and a quantum key distribution device, which can implement quantum key distribution between two distant nodes by using a relay node in a scenario where a trusted node and an untrusted node coexist, so as to improve the security of a QKD network.
Based on the above object, the present invention provides a quantum key distribution method, including:
determining a trusted relay route from a source node to a destination node; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops;
for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes;
based on the credible relay route and the determined relay of the non-credible node, realizing the distribution of the shared quantum key between the source node and the destination node;
the trusted nodes are provided with quantum key distribution QKD transmitters and receivers; and the non-trusted nodes are provided with a QKD transmitter and a measuring device independent quantum key distribution MDI-QKD receiver.
Preferably, the determining the trusted relay route from the source node to the destination node specifically includes:
adding the source node into the trusted relay route as a first node;
for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node which is added into the trusted relay route next.
Preferably, for each pair of adjacent nodes with a distance of 2 hops in the trusted relay route, determining an untrusted node connected to the pair of nodes, specifically includes:
determining each pair of adjacent nodes with the distance of 2 hops in the credible relay route;
and aiming at each pair of determined nodes, determining the non-credible nodes with the distances of 1 hop from each node in the pair of nodes.
Preferably, the distributing of the shared quantum key between the source node and the destination node is realized based on the relay of the trusted relay route and the determined untrusted node, and specifically includes:
generating a shared quantum key between each pair of adjacent nodes in the trusted relay route;
and when the quantum key shared with the source node is transmitted to the destination node through each relay node of the credible relay route, the shared quantum key generated between adjacent nodes in the credible relay route is used for encryption.
Wherein, the generation of the shared quantum key between each pair of adjacent nodes specifically includes:
for each pair of adjacent nodes with the distance of 1 hop, the pair of nodes realizes point-to-point shared quantum key generation through the respectively arranged QKD transmitter and receiver;
for each pair of adjacent nodes with the distance of 2 hops, the pair of nodes realize shared quantum key generation through an MDI-QKD receiver of an untrusted node connected with the pair of nodes based on an MDI-QKD protocol.
The present invention also provides a quantum key distribution network, comprising:
the trusted node is provided with a QKD transmitter and a receiver;
the non-trusted node is provided with a QKD transmitter and an MDI-QKD receiver;
a central controller for determining a trusted relay route from a source node to a destination node; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops; and for each pair of adjacent nodes with the distance of 2 hops in the trusted relay route, after determining the non-trusted node connected with the pair of nodes, notifying each node in the trusted relay route and the determined non-trusted node, and realizing the distribution of the shared quantum key between the source node and the destination node.
The present invention also provides a quantum key distribution apparatus, comprising:
the relay route determining module is used for determining a credible relay route from the source node to the destination node; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops;
the non-trusted node determining module is used for determining a non-trusted node connected with each pair of adjacent nodes with the distance of 2 hops in the trusted relay route;
the relay strategy notification module is used for notifying each node in the trusted relay route and the determined non-trusted node so as to realize the distribution of the shared quantum key between the source node and the destination node;
the trusted nodes are provided with quantum key distribution QKD transmitters and receivers; and the non-trusted nodes are provided with a QKD transmitter and a measuring device independent quantum key distribution MDI-QKD receiver.
The present invention also provides a central controller, comprising: the quantum key distribution apparatus as described above.
In the technical scheme provided by the invention, a credible relay route from a source node to a destination node is determined; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops; for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes; and realizing the distribution of the shared quantum key between the source node and the destination node based on the credible relay route and the determined relay of the non-credible node. Therefore, based on the relay of the adjacent credible node with the distance of 1 hop in the credible relay route and the relay of the non-credible node of the MDI-QKD technology directly connected with the adjacent credible node with the distance of 2 hops in the credible relay route, the safety problem of the non-credible node is solved by using the MDI-QKD technology, and the distance limitation problem of the MDI-QKD is solved by using the credible relay technology; therefore, under the scene that the trusted node and the untrusted node coexist, quantum key distribution between two remote nodes is realized by using the relay node, and the safety of the QKD network is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of quantum key distribution based on a trusted relay technology in the prior art;
FIG. 2 is a diagram of prior art quantum key distribution based on the MDI-QKD technique;
fig. 3 is a schematic structural diagram of a quantum key distribution network according to an embodiment of the present invention;
fig. 4 is a flowchart of a quantum key distribution method in a quantum key distribution network according to an embodiment of the present invention;
fig. 5a is a flowchart of a method for determining a trusted relay route according to an embodiment of the present invention;
fig. 5b is a schematic diagram of a trusted relay route determined in a lattice-type quantum key distribution network according to an embodiment of the present invention;
fig. 6 is a flowchart of distributing a shared quantum key between a source node and a destination node based on a relay of a trusted relay route and an untrusted node according to an embodiment of the present invention;
fig. 7 is a block diagram of an internal structure of a quantum key distribution apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The inventor considers that in a quantum key distribution network with both trusted nodes and untrusted nodes, the trusted relay technology and MDI-QKD are combined, and on one hand, the MDI-QKD technology is utilized to solve the safety problem of the untrusted nodes; on the other hand, the distance limitation problem of the MDI-QKD is solved by using the credible relay technology; therefore, under the scene that the trusted node and the untrusted node coexist, quantum key distribution between two remote nodes is realized by using the relay node, and the safety of the QKD network is improved.
Therefore, in the technical scheme of the invention, the credible relay route from the source node to the destination node is determined; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops; for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes; and realizing the distribution of the shared quantum key between the source node and the destination node based on the credible relay route and the determined relay of the non-credible node. Therefore, based on the relay of the adjacent credible node with the distance of 1 hop in the credible relay route and the relay of the non-credible node of the MDI-QKD technology directly connected with the adjacent credible node with the distance of 2 hops in the credible relay route, the safety problem of the non-credible node is solved by using the MDI-QKD technology, and the distance limitation problem of the MDI-QKD is solved by using the credible relay technology; therefore, under the scene that the trusted node and the untrusted node coexist, quantum key distribution between two remote nodes is realized by using the relay node, and the safety of the QKD network is improved.
The technical solution of the embodiments of the present invention is described in detail below with reference to the accompanying drawings.
A quantum key distribution network provided in an embodiment of the present invention is configured as shown in fig. 3, and includes: a mesh-type network consisting of a plurality of trusted nodes 301 and a plurality of untrusted nodes 302, and a central controller (not shown);
where each trusted node 301 has a QKD transmitter and a QKD receiver, and each untrusted node 302 has a QKD transmitter and an MDI-QKD receiver.
After receiving the key generation request, the central controller determines a trusted relay route from the source node to the destination node; and for each pair of adjacent nodes with the distance of 2 hops in the trusted relay route, after determining the non-trusted node connected with the pair of nodes, notifying each node in the trusted relay route and the determined non-trusted node, and realizing the distribution of the shared quantum key between the source node and the destination node. The head node and the tail node in the trusted relay route are respectively the source node and the destination node, the node between the head node and the tail node in the trusted relay route is a relay node, and the relay nodes in the trusted relay route are all trusted nodes; and the distances between adjacent nodes in the credible relay route are all less than or equal to 2 hops.
Specifically, the central controller determines a trusted relay route from a source node to a destination node, determines an untrusted node connected to each pair of adjacent nodes with a distance of 2 hops in the trusted relay route, forms a final relay route policy according to the trusted relay route and the determined untrusted node, and notifies each node in the trusted relay route and the determined untrusted node of the relay route policy.
Receiving the trusted node 301 of the relay routing strategy sent by the central controller, and for an adjacent trusted node with a distance of 1 hop from the node in the relay routing strategy, realizing point-to-point shared quantum key generation; for an adjacent trusted node with the distance of 2 hops away from the node in the relay routing strategy, generating a shared quantum key through an MDI-QKD receiver of an untrusted node connected with the node in the relay routing strategy on the basis of an MDI-QKD protocol;
and the untrusted node 302 which receives the relay routing strategy sent by the central controller assists a pair of trusted nodes connected with the node in the relay routing strategy to realize shared quantum key generation through the MDI-QKD receiver of the node based on the MDI-QKD protocol.
The trusted node 301 that receives the relay routing policy is further configured to, if it is determined that the node is the first trusted relay node in the relay routing policy, encrypt the quantum key shared by the node and the next trusted node using the quantum key shared by the node and the next trusted node, and transmit the encrypted quantum key to the next trusted node of the node in the relay routing policy;
if the trusted node 301 determines that the node is a node between the first and last trusted relay nodes in the relay routing policy, for the received quantum key, decrypting the received quantum key by using the quantum key shared by the previous trusted node of the node and the node in the relay routing policy, and transmitting the decrypted quantum key to the next trusted node after encrypting the received quantum key by using the quantum key shared by the next trusted node of the node and the node in the relay routing policy;
if the trusted node 301 determines that the node is the last trusted relay node in the relay routing policy, the received quantum key is decrypted by using the quantum key shared by the previous trusted node of the node and the node in the relay routing policy, and then encrypted by using the quantum key shared by the node and the destination node, and then transmitted to the destination node.
If the trusted node 301 determines that the node is the destination node, the encrypted quantum key sent by the previous trusted node of the node in the relay routing policy is decrypted by using the quantum key shared by the node and the previous trusted node, so as to obtain the quantum key shared by the source node.
The specific method flow of quantum key distribution in the quantum key distribution network is shown in fig. 4, and includes the following steps:
step S401: the central controller determines a trusted relay route from the source node to the destination node.
In this step, after receiving the key generation request, the central controller determines a source node and a destination node of the key generation request, and further determines a trusted relay route from the source node to the destination node according to the following method:
adding the source node into the trusted relay route as a first node; for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node which is added into the trusted relay route next. Specifically, a method flow for determining a trusted relay route from a source node to a destination node may be as shown in fig. 5a, and includes the following sub-steps:
substep S501: and adding the source node into the credible relay route as a first node.
For example, in a mesh type network as shown in fig. 5b, the coordinates of each node are defined as: (i, j): n-1, 0, 1.. ·; n-1, 0, 1. Wherein n is the number of nodes arranged horizontally and vertically in the network;
the distance between two nodes is defined as formula one, and the unit is hop:
d[(i1,j1);(i2,j2)]=|i2-i1|+|j2-j1l (formula one)
Two nodes which are not directly connected in the network can have a plurality of paths, the condition of each path is different, and the problem to be solved by the invention is how to select the shortest path and realize quantum key distribution under the scene that trusted nodes and untrusted nodes coexist.
As shown in fig. 5B, quantum key distribution needs to be completed at the source node with coordinate B (0,1) and the destination node with coordinate J (3,5), and in this sub-step, the source node B (0,1) is added to the trusted relay route as the first node.
Substep S502: judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if yes, executing the substep S504 and finishing; otherwise, substep S503 is performed.
Substep S503: and selecting the node closest to the destination node from the trusted nodes with the distance to the currently added node being less than or equal to 2 hops as the next node added to the trusted relay route, adding the node to the trusted relay route, and then jumping to the substep S502.
For example, in the mesh type network shown in fig. 5B, if the node currently joined to the trusted relay route is the source node B (0,1), it may be determined that a (0,0) and C (0,2) are trusted nodes that are less than or equal to 2 hops away from the node, that is, trusted nodes whose distance d from the source node B (0,1) is 1 hop or d is 2 hop away, wherein the distance d from the node a (0,0) and the destination node J (3,5) is 8, wherein the distance d from the node C (0,2) and the destination node J (3,5) is 6, so that the node C (0,2) with smaller distance d is selected as the node to be joined to the trusted relay route next, that is, the first trusted relay node in the trusted relay route.
Alternatively, in the mesh type network shown in fig. 5b, if the node currently joining the trusted relay route is C (0,2), the only trusted node E (1,3) among the nodes having the distance C (0,2) of d-2 or d-1 is taken as the node to join the trusted relay route next.
Substep S504: and adding the destination node into the credible relay route as a tail node.
For a mesh type network as shown in fig. 5b, sequentially joining nodes in a trusted relay route according to the sub-steps in the flow shown in fig. 5a as described above comprises: source node B (0,1), trusted relay nodes C (0,2), E (1,3), F (2,3), I (3,4), and destination node J (3, 5). The source node B (0,1) and the destination node J (3,5) are respectively a head node and a tail node in the trusted relay route. That is, the determined trusted relay route is B (0,1) -C (0,2) -E (1,3) -F (2,3) -I (3,4) -J (3, 5).
Step S402: and the central controller determines an untrusted node connected with each pair of adjacent nodes with the distance of 2 hops in the trusted relay route.
In this step, for each pair of adjacent trusted nodes with a distance of 2 hops in the trusted relay route, the central controller determines an untrusted node with a distance of 1 hop from each node in the pair of nodes.
For example, in the trusted relay route shown in fig. 5b, the neighboring trusted node pair with a distance of 2 hops includes: node pairs C (0,2) and E (1,3), node pairs F (2,3) and I (3, 4);
for node pairs C (0,2) and E (1,3), it may be determined that an untrusted node, which is 1 hop away from each node in the pair of nodes, is D (1, 2);
for node pairs F (2,3) and I (3,4), it may be determined that the untrusted node, which is 1 hop away from each node in the pair, is H (3, 3).
Step S403: and the central controller forms a final relay routing strategy according to the credible relay route and the determined non-credible node, and informs each node in the credible relay route and the determined non-credible node of the relay routing strategy.
In this step, the central controller forms a final relay routing strategy according to the trusted relay route and the determined connection relationship between the untrusted node and the trusted node in the trusted relay route; and sending the relay routing strategy to each node in the trusted relay routing and the determined non-trusted node.
For example, as shown in fig. 5B, the central controller may form a final relay routing policy according to the trusted relay routes B (0,1) -C (0,2) -E (1,3) -F (2,3) -I (3,4) -J (3,5), and the determined untrusted nodes connected to the node pairs C (0,2) and E (1,3) are D (1,2), and the untrusted nodes connected to the node pairs F (2,3) and I (3,4) are H (3,3), and notify each node in the trusted relay routes and the determined untrusted nodes of the relay routing policy, including nodes: b (0,1), C (0,2), E (1,3), F (2,3), I (3,4), J (3,5), D (1,2), H (3, 3).
Step S404: and realizing the distribution of the shared quantum key between the source node and the destination node based on the credible relay route and the determined relay of the non-credible node.
In this step, a shared quantum key is generated between each pair of adjacent nodes in the trusted relay route: for each pair of adjacent nodes with the distance of 1 hop, the pair of nodes realizes point-to-point shared quantum key generation through the respectively arranged QKD transmitter and receiver; for each pair of adjacent nodes with the distance of 2 hops, the pair of nodes realize the generation of a shared quantum key through an MDI-QKD receiver of an untrusted node connected with the pair of nodes based on an MDI-QKD protocol;
further, when the quantum key shared with the source node is transferred to the destination node via each relay node of the trusted relay route, the quantum key is encrypted using the shared quantum key generated between adjacent nodes in the trusted relay route.
A specific method flow for implementing this step may be as shown in fig. 6, and includes the following sub-steps:
substep S601: and generating a shared quantum key by the trusted node receiving the relay routing strategy sent by the central controller.
In this sub-step, after receiving the relay routing strategy, the trusted node generates a point-to-point shared quantum key for an adjacent trusted node with a distance of 1 hop from the trusted node in the relay routing strategy; for an adjacent trusted node with the distance of 2 hops away from the node in the relay routing strategy, generating a shared quantum key through an MDI-QKD receiver of an untrusted node connected with the node in the relay routing strategy on the basis of an MDI-QKD protocol;
meanwhile, receiving the non-trusted nodes of the relay routing strategy, and assisting a pair of trusted nodes connected with the relay routing strategy to realize shared quantum key generation through the MDI-QKD receiver of the relay routing strategy based on the MDI-QKD protocol.
For example, in the relay routing policy shown in fig. 5b, the neighboring trusted node pair with a distance of 1 hop includes: b (0,1) -C (0,2), E (1,3) -F (2,3), and I (3,4) -J (3, 5); the node pairs can directly realize point-to-point shared quantum key generation.
In the relay routing strategy shown in fig. 5b, the neighboring trusted node pair with a distance of 2 hops includes: c (0,2) -E (1,3) and F (2,3) -I (3, 4); the node pair C (0,2) -E (1,3) can realize the generation of a shared quantum key through the MDI-QKD receiver of the non-trusted node D (1,2) connected with the node pair based on the MDI-QKD protocol; the node pair F (2,3) -I (3,4) can realize shared quantum key generation through the MDI-QKD receivers of the non-trusted nodes H (3,3) connected with the node pair based on the MDI-QKD protocol.
With this sub-step, as in the relay routing policy shown in fig. 5B, the adjacent trusted node pairs B (0,1) -C (0,2), C (0,2) -E (1,3), E (1,3) -F (2,3), F (2,3) -I (3,4), I (3,4) -J (3,5) respectively generate the shared quantum key K0、K1、K2、K3、K4。
Substep S602: and the trusted relay node in the relay routing strategy utilizes the generated shared quantum key to realize relay transmission of the shared quantum key of the source node.
Specifically, if a trusted relay node in the relay routing policy determines that the node is the first trusted relay node in the relay routing policy, a quantum key shared by the node and the next trusted node is used, and the quantum key shared by the node and the source node is encrypted and then transmitted to the next trusted node of the node in the relay routing policy;
for example, in the relay routing policy shown in fig. 5b, C (0,2) is the first trusted relay node in the relay routing policy, and C (0,2) uses the quantum key K shared with E (1,3)1Quantum key K shared for source node B (0,1)0Encrypted and sent to E (1, 3).
If the trusted relay node in the relay routing strategy judges that the node is a node between the first trusted relay node and the last trusted relay node in the relay routing strategy, for the received quantum key, the received quantum key is decrypted by using the quantum key shared by the last trusted node and the node in the relay routing strategy, and then is encrypted by using the quantum key shared by the next trusted node and the node in the relay routing strategy, and then is transmitted to the next trusted node;
for example, E (1,3) receives the encrypted quantum key K sent by C (0,2)0Then, use K1Decrypt it to obtain K without encryption0And further reuse K2To K0Encrypted and sent to F (2, 3);
f (2,3) receives the encrypted quantum key K sent by E (1,3)0Then, use K2Decrypt it to obtain K without encryption0And further reuse K3To K0Sending the encrypted data to I (3, 4);
and if the trusted relay node in the relay routing strategy judges that the node is the last trusted relay node in the relay routing strategy, for the received quantum key, decrypting the received quantum key by using the quantum key shared by the last trusted node of the node and the node in the relay routing strategy, encrypting the received quantum key by using the quantum key shared by the node and the destination node, and transmitting the encrypted quantum key to the destination node.
For example, I (3,4) receives the encrypted quantum key K sent by F (2,3)0Then, use K3Decrypt it to obtain K without encryption0And further reuse K4To K0Encrypted and then sent to J (3, 5);
substep S603: and the destination node acquires the quantum key shared with the source node.
After receiving the encrypted quantum key sent by the previous trusted node of the node in the relay routing strategy, the destination node decrypts the received encrypted quantum key by using the quantum key shared by the node and the previous trusted node to obtain the quantum key shared with the source node, thereby realizing quantum key distribution between the source node and the destination node.
For example, J (3,5) receives an I (3,4) transmissionEncrypted quantum key K0Then, use K4Decrypts it to obtain K without encryption0I.e. obtain the quantum key shared with source node B (0, 1).
It should be noted that the method of the embodiment of the present invention may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In the case of such a distributed scenario, one of the multiple devices may only perform one or more steps of the method according to the embodiment of the present invention, and the multiple devices interact with each other to complete the method.
An internal structural block diagram of a quantum key distribution device provided in an embodiment of the present invention is shown in fig. 7, and includes: a relay route determining module 701, an untrusted node determining module 702, and a relay policy notifying module 703.
The relay route determining module 701 is configured to determine a trusted relay route from a source node to a destination node; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops;
specifically, the relay route determining module 701 adds the source node to the trusted relay route as a first node; for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node which is added into the trusted relay route next.
The untrusted node determining module 702 is configured to determine, for each pair of adjacent nodes with a distance of 2 hops in the trusted relay route, an untrusted node connected to the pair of nodes;
the relay policy notification module 703 is configured to notify each node in the trusted relay route and the determined untrusted node, so as to implement distribution of a shared quantum key between the source node and the destination node; specifically, the relay policy notification module 703 forms a final relay routing policy according to the trusted relay route and the determined untrusted node, and notifies each node in the trusted relay route and the determined untrusted node of the relay routing policy.
The quantum key distribution device may be disposed in the central controller, and a detailed method for implementing functions of each module in the device may refer to a method detailed in each step in the flow shown in fig. 4, which is not described herein again.
In the technical scheme of the invention, a credible relay route from a source node to a destination node is determined; relay nodes in the credible relay route are all credible nodes, and the distances between adjacent nodes are less than or equal to 2 hops; for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes; and realizing the distribution of the shared quantum key between the source node and the destination node based on the credible relay route and the determined relay of the non-credible node. Therefore, based on the relay of the adjacent credible node with the distance of 1 hop in the credible relay route and the relay of the non-credible node of the MDI-QKD technology directly connected with the adjacent credible node with the distance of 2 hops in the credible relay route, the safety problem of the non-credible node is solved by using the MDI-QKD technology, and the distance limitation problem of the MDI-QKD is solved by using the credible relay technology; therefore, under the scene that the trusted node and the untrusted node coexist, quantum key distribution between two remote nodes is realized by using the relay node, and the safety of the QKD network is improved.
Computer-or server-readable media of the embodiments, including non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (9)
1. A quantum key distribution method, comprising:
in a mesh-type network consisting of a plurality of trusted nodes and a plurality of untrusted nodes, a central controller determines a trusted relay route from a source node to a destination node: the central controller adds the source node into the trusted relay route as a head node; for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node added to the trusted relay route next; wherein the coordinates of each node in the mesh-type network are defined as: (i, j): n-1, 0, 1.. ·; n-1, 0, 1. Wherein n is the number of nodes arranged horizontally and vertically in the network; the distance between two nodes is defined as formula d [ (i)1,j1);(i2,j2)]=|i2-i1|+|j2-j1Shown in |, the unit is hop;
for each pair of adjacent nodes with the distance of 2 hops in the credible relay route, determining an unreliable node connected with the pair of nodes;
based on the credible relay route and the determined relay of the non-credible node, realizing the distribution of the shared quantum key between the source node and the destination node;
the trusted nodes are provided with quantum key distribution QKD transmitters and receivers; and the non-trusted nodes are provided with a QKD transmitter and a measuring device independent quantum key distribution MDI-QKD receiver.
2. The method according to claim 1, wherein the determining, for each pair of adjacent nodes with a distance of 2 hops in the trusted relay route, an untrusted node connected to the pair of adjacent nodes specifically includes:
determining each pair of adjacent nodes with the distance of 2 hops in the credible relay route;
and aiming at each pair of determined nodes, determining the non-credible nodes with the distances of 1 hop from each node in the pair of nodes.
3. The method according to claim 1, wherein the distributing the shared quantum key between the source node and the destination node is realized based on the trusted relay route and the determined relay of the untrusted node, specifically including:
generating a shared quantum key between each pair of adjacent nodes in the trusted relay route;
and when the quantum key shared with the source node is transmitted to the destination node through each relay node of the credible relay route, the shared quantum key generated between adjacent nodes in the credible relay route is used for encryption.
4. The method according to claim 3, wherein generating the shared quantum key between each pair of adjacent nodes specifically comprises:
for each pair of adjacent nodes with the distance of 1 hop, the pair of nodes realizes point-to-point shared quantum key generation through the respectively arranged QKD transmitter and receiver;
for each pair of adjacent nodes with the distance of 2 hops, the pair of nodes realize shared quantum key generation through an MDI-QKD receiver of an untrusted node connected with the pair of nodes based on an MDI-QKD protocol.
5. A quantum key distribution network, comprising:
the trusted node is provided with a QKD transmitter and a receiver;
the non-trusted node is provided with a QKD transmitter and an MDI-QKD receiver;
a central controller for determining a trusted relay route from a source node to a destination node: adding the source node into the trusted relay route as a first node; for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node added to the trusted relay route next; for each pair of adjacent nodes with the distance of 2 hops in the trusted relay route, after determining the non-trusted node connected with the pair of nodes, notifying each node in the trusted relay route and the determined non-trusted node to realize the distribution of the shared quantum key between the source node and the destination node;
wherein the coordinates of each node in the network are defined as: (i, j): n-1, 0, 1.. ·; n-1, 0, 1. Wherein n is the number of nodes arranged horizontally and vertically in the network; the distance between two nodes is defined as formula d [ (i)1,j1);(i2,j2)]=|i2-i1|+|j2-j1And | is shown, the unit is hop.
6. A quantum key distribution network as claimed in claim 5,
the central controller is specifically configured to determine a trusted relay route from a source node to a destination node, determine, for each pair of adjacent nodes with a distance of 2 hops in the trusted relay route, an untrusted node connected to the pair of nodes, form a final relay route policy according to the trusted relay route and the determined untrusted node, and notify each node in the trusted relay route and the determined untrusted node of the relay route policy.
7. The quantum key distribution network of claim 6,
the trusted node is specifically configured to, after receiving the relay routing policy, generate a point-to-point shared quantum key for an adjacent trusted node in the relay routing policy, where the distance from the trusted node to the local node is 1 hop; for an adjacent trusted node with the distance of 2 hops away from the node in the relay routing strategy, generating a shared quantum key through an MDI-QKD receiver of an untrusted node connected with the node in the relay routing strategy on the basis of an MDI-QKD protocol; and
if the trusted node judges that the node is the first trusted relay node in the relay routing strategy, the quantum key shared by the node and the next trusted node is used, and the quantum key shared by the node and the source node is encrypted and then transmitted to the next trusted node of the node in the relay routing strategy;
if the trusted node judges that the node is a node between the first trusted relay node and the last trusted relay node in the relay routing strategy, for the received quantum key, the received quantum key is decrypted by using the quantum key shared by the previous trusted node of the node and the node in the relay routing strategy, and then encrypted by using the quantum key shared by the next trusted node of the node and the node in the relay routing strategy, and then transmitted to the next trusted node;
and if the trusted node judges that the node is the last trusted relay node in the relay routing strategy, the received quantum key is decrypted by using the quantum key shared by the previous trusted node of the node and the node in the relay routing strategy, and then encrypted by using the quantum key shared by the node and the destination node, and then transmitted to the destination node.
8. A quantum key distribution apparatus, comprising:
a relay route determining module, configured to determine a trusted relay route from a source node to a destination node in a mesh-type network formed by a plurality of trusted nodes and a plurality of untrusted nodes: adding the source node into the trusted relay route as a first node; for each node newly added into the trusted relay route, judging whether the distance between the currently added node and the destination node is less than or equal to 2 hops; if so, taking the destination node as a tail node of the credible relay route; otherwise, selecting the node closest to the destination node from the trusted nodes less than or equal to 2 hops away from the node as the node added to the trusted relay route next;
the non-trusted node determining module is used for determining a non-trusted node connected with each pair of adjacent nodes with the distance of 2 hops in the trusted relay route;
the relay strategy notification module is used for notifying each node in the trusted relay route and the determined non-trusted node so as to realize the distribution of the shared quantum key between the source node and the destination node;
the trusted nodes are provided with quantum key distribution QKD transmitters and receivers; the non-trusted nodes are provided with a QKD transmitter and a measuring device independent quantum key distribution MDI-QKD receiver;
wherein the coordinates of each node in the mesh-type network are defined as: (i, j): n-1, 0, 1.. ·; n-1, 0, 1. Wherein n is the number of nodes arranged horizontally and vertically in the network; the distance between two nodes is defined as formula d [ (i)1,j1);(i2,j2)]=|i2-i1|+|j2-j1And | is shown, the unit is hop.
9. A central controller, comprising: a quantum key distribution apparatus according to claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911133640.9A CN110808835B (en) | 2019-11-19 | 2019-11-19 | Quantum key distribution network and quantum key distribution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911133640.9A CN110808835B (en) | 2019-11-19 | 2019-11-19 | Quantum key distribution network and quantum key distribution method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110808835A CN110808835A (en) | 2020-02-18 |
| CN110808835B true CN110808835B (en) | 2021-06-29 |
Family
ID=69490691
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911133640.9A Active CN110808835B (en) | 2019-11-19 | 2019-11-19 | Quantum key distribution network and quantum key distribution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110808835B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110855438B (en) * | 2019-11-21 | 2022-09-06 | 国网福建省电力有限公司 | Quantum key distribution method and system based on annular QKD network |
| CN111328092B (en) * | 2020-02-27 | 2021-10-01 | 中山大学 | Method for dynamically updating pre-information in D2D communication relay packet buffer allocation |
| CN112073180B (en) * | 2020-07-30 | 2022-02-11 | 北京邮电大学 | QKD network deployed in metropolitan area network and access network and key distribution method thereof |
| CN112422286B (en) * | 2020-11-30 | 2024-03-05 | 中通服咨询设计研究院有限公司 | Quantum key distribution method based on trust center |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270557A (en) * | 2016-12-30 | 2018-07-10 | 科大国盾量子技术股份有限公司 | A kind of backbone system and its trunking method based on quantum communications |
| CN108847939A (en) * | 2018-10-09 | 2018-11-20 | 南京南瑞国盾量子技术有限公司 | A kind of MDI-QKD agreement based on quantum network |
| CN109194468A (en) * | 2018-07-20 | 2019-01-11 | 国科量子通信网络有限公司 | Dispositions method, device and the equipment of relay node, computer readable storage medium |
| CN109286443A (en) * | 2017-07-20 | 2019-01-29 | 中国科学技术大学 | A kind of quantum communications method and network based on credible relay node |
| CN109302288A (en) * | 2018-11-12 | 2019-02-01 | 中共中央办公厅电子科技学院 | It is a kind of based on the quantum secret communication network system of quantum key distribution technology and its application |
| CN109818814A (en) * | 2019-04-08 | 2019-05-28 | 哈尔滨工业大学 | A kind of quantum secret communication network simulation system |
| CN109995515A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key trunking method |
| CN110266473A (en) * | 2019-04-22 | 2019-09-20 | 北京邮电大学 | Method, relay node and the distribution method of relay node distribution quantum key |
| CN110380844A (en) * | 2018-04-13 | 2019-10-25 | 华为技术有限公司 | A kind of quantum key delivering method, equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10333701B2 (en) * | 2016-02-29 | 2019-06-25 | The Board Of Trustees Of The University Of Illinois | Reconfigurable free-space quantum cryptography system |
| CN109067518B (en) * | 2018-06-28 | 2021-09-28 | 南京邮电大学 | Quantum network system and method based on plug-and-play MDI-QKD |
| CN208924260U (en) * | 2018-11-02 | 2019-05-31 | 科大国盾量子技术股份有限公司 | A kind of MDI-QKD network communicating system |
| CN209218114U (en) * | 2019-03-11 | 2019-08-06 | 四川大学锦城学院 | A kind of hybrid anti-quantum calculation communication system of long range |
-
2019
- 2019-11-19 CN CN201911133640.9A patent/CN110808835B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108270557A (en) * | 2016-12-30 | 2018-07-10 | 科大国盾量子技术股份有限公司 | A kind of backbone system and its trunking method based on quantum communications |
| CN109286443A (en) * | 2017-07-20 | 2019-01-29 | 中国科学技术大学 | A kind of quantum communications method and network based on credible relay node |
| CN109995515A (en) * | 2017-12-29 | 2019-07-09 | 成都零光量子科技有限公司 | A kind of quantum key trunking method |
| CN110380844A (en) * | 2018-04-13 | 2019-10-25 | 华为技术有限公司 | A kind of quantum key delivering method, equipment and storage medium |
| CN109194468A (en) * | 2018-07-20 | 2019-01-11 | 国科量子通信网络有限公司 | Dispositions method, device and the equipment of relay node, computer readable storage medium |
| CN108847939A (en) * | 2018-10-09 | 2018-11-20 | 南京南瑞国盾量子技术有限公司 | A kind of MDI-QKD agreement based on quantum network |
| CN109302288A (en) * | 2018-11-12 | 2019-02-01 | 中共中央办公厅电子科技学院 | It is a kind of based on the quantum secret communication network system of quantum key distribution technology and its application |
| CN109818814A (en) * | 2019-04-08 | 2019-05-28 | 哈尔滨工业大学 | A kind of quantum secret communication network simulation system |
| CN110266473A (en) * | 2019-04-22 | 2019-09-20 | 北京邮电大学 | Method, relay node and the distribution method of relay node distribution quantum key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110808835A (en) | 2020-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110808835B (en) | Quantum key distribution network and quantum key distribution method and device | |
| CN106330434B (en) | First quantum node, second quantum node, secure communication architecture system and method | |
| Mehic et al. | Quantum key distribution: a networking perspective | |
| KR101083127B1 (en) | Method for sharing secret key between sensor nodes in wireless multi-hop sensor network | |
| US11438149B2 (en) | Quantum key distribution method and system based on tree QKD network | |
| TW201633742A (en) | Quantum key distribution system, method and apparatus based on trusted relay | |
| US9264225B1 (en) | Quantum communication using quantum teleportation | |
| CN111970244B (en) | Method for constructing anonymous communication network and forwarding message based on ring-shaped architecture | |
| US20240073004A1 (en) | System and method for group key formation | |
| JP2011082832A (en) | Encryption communication system and encryption communication method | |
| GB2604666A (en) | Key exchange protocol chaining | |
| US11424836B2 (en) | Path computation engine and method of configuring an optical path for quantum key distribution | |
| Takahashi et al. | A high-speed key management method for quantum key distribution network | |
| Parakh et al. | Network routing protocols for multi-photon quantum cryptography | |
| KR20160050912A (en) | Method for Quantum Cryptography for Network Combining Ring and Star Structure | |
| KR102134347B1 (en) | Method for quantum key distribution | |
| Eswar et al. | Integrated Collective Node Behavior Analysis with Onion Protocol for Best and Secured Data Transmission | |
| KR20130003616A (en) | Apparatus and method for generating session key and cluster key | |
| Kong | Challenges of Routing in Quantum Key Distribution Networks with Trusted Nodes for Key Relaying | |
| JP2007267069A (en) | Encryption system, encryption key relay device, and quantum encryption key distribution method used for them | |
| US20240106637A1 (en) | Qkd switching system and protocols | |
| Monita et al. | Routing Performance Based On Software Defined Quantum Key Distribution Network | |
| Gupta et al. | Symmetric Secret Key-Based Quantum Key and Its Distribution Over the Networks | |
| WO2023186383A1 (en) | Data transmission | |
| WO2024013466A1 (en) | Systems and methods for encrypted gossip communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |