CN111314055A - Method and device for key agreement and information transmission integration based on Y-00 - Google Patents
Method and device for key agreement and information transmission integration based on Y-00 Download PDFInfo
- Publication number
- CN111314055A CN111314055A CN202010090616.8A CN202010090616A CN111314055A CN 111314055 A CN111314055 A CN 111314055A CN 202010090616 A CN202010090616 A CN 202010090616A CN 111314055 A CN111314055 A CN 111314055A
- Authority
- CN
- China
- Prior art keywords
- sequence
- information
- negotiation
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a key agreement and information transmission integration method based on Y-00, which comprises the following steps: the first communication terminal generates a negotiation information sequence and an encryption base sequence; the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence; the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence; the second communication terminal obtains a decryption negotiation information sequence; the second communication terminal obtains the key negotiation information sequence and sends the key negotiation information sequence; the first communication terminal receives the key negotiation information sequence to obtain a key; the first communication terminal carries out third processing on an information sequence needing to be transmitted and an encryption base sequence and sends the information sequence subjected to the third processing; and the second communication terminal receives the information sequence subjected to the third processing, and decrypts the information subjected to the third processing through the decryption base sequence to obtain the information sequence required to be transmitted.
Description
Technical Field
The invention relates to the technical field of secure optical communication, in particular to a key agreement and information transmission integration method based on a Y-00 protocol.
Background
With the rapid development of information technology, the optical network provides a good transmission platform for the information flow of the well-injection type. Optical fiber communication is used as a network operation base and has been applied to all aspects of an Ethernet system, a telecommunication backbone infrastructure and a military communication system, but an optical cable has long transmission distance and complex line environment, and the existing optical communication cannot resist line or node eavesdropping. At present, the realization of the security of a communication system by using a physical layer security scheme becomes a new research hotspot and is widely valued at home and abroad. The physical layer safety optical communication is a new system optical communication technology which aims at resisting line or node eavesdropping attack and takes the enhancement of the capability of resisting intercepted information as a means. The current basic research on physical layer secure optical communication can be divided into two categories: one is quantum key distribution theory and the other is physical layer security theory. The new network information security technology represented by quantum key distribution still needs to be perfected, and a plurality of restriction factors exist at present. For example, in the present stage, the quantum key distribution system has limited performance in the aspects of key generation rate, available transmission distance and the like, and is difficult to popularize on a large scale. The mainstream research directions in the physical layer security theory are noise encryption security optical communication, chaotic optical communication, spread spectrum optical communication, covert optical communication and frequency hopping optical communication.
The traditional information transmission methods all need to rely on an external secret key, the information security still depends on the security of the secret key, namely, the security transmission and the security secret key are in a separated state, different lines are needed to carry out secret key negotiation and information transmission in the transmission process, and the method has higher system complexity and high cost.
Disclosure of Invention
In view of this, the present invention is to provide a method for integrating key agreement and information transmission based on Y-00 protocol, so as to solve the problems of high system complexity and high cost in the existing information transmission.
Based on the above purpose, the present invention provides a key agreement and information transmission integrated method based on Y-00 protocol, which includes:
a first communication terminal generates a negotiation information sequence and an encryption base sequence;
the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence;
the second communication terminal respectively carries out exclusive OR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence;
the second communication terminal carries out exclusive or on each bit in the key sequence and each bit in the decryption negotiation information sequence one by one in sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares the receiving negotiation sequence with the negotiation information sequence to obtain a key;
the first communication terminal carries out third processing on an information sequence to be transmitted and an encryption base sequence and sends the information subjected to the third processing;
and the second communication terminal receives the information subjected to the third processing, and respectively performs exclusive OR on the information bits of the information sequence obtained through the third processing and the information bits of the corresponding decryption base sequence one by one to obtain the information sequence needing to be transmitted.
In one embodiment, the encryption base sequence and the decryption base sequence have the same structure of base and base, including information bits for secure transmission, base information bits for transmitting information, negotiation bits for key negotiation, transmission information base information bits for marking transmitting base information, and noise bits.
In one embodiment, the number of bits of the bases in the encryption base sequence and the decryption base sequence is set to be N, the information bit is set at the Nth bit, the base information bit is set at the 2 nd to m-1 th bits, the transmission information base information bit is set at the 1 st bit and the m +1 th to N-1 th bits, the negotiation bit is set at the m th bit, and the noise bit is set at the 0 th bit.
In one embodiment, N is set to 10 and m is set to 7.
In one embodiment, the first processing includes: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
the negotiation bit of each encryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence;
the third processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
In one embodiment, the second processing the obtained sequence and the decryption base sequence includes:
respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence.
In one embodiment, the predetermined bit is the lowest bit.
In one embodiment, the comparison decision is conditioned
Wherein F (lambda) is the decision result, Q (lambda) is the bit error rate sequence,α, T + and T-are all constants.
The invention also provides a device for integrating key agreement and information transmission based on the Y-00 protocol, which comprises:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or
The device is used for receiving the information subjected to the third processing, and respectively performing exclusive OR on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence needing to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
and the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key.
In one embodiment, the first communication terminal receiving and processing module includes:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
In one embodiment, the second communication terminal receives a processing module, which includes:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
As can be seen from the above description, in the method and apparatus provided by the present invention, the negotiation information sequence is encrypted by the encryption base sequence of the first communication terminal and then transmitted, the second communication terminal receives the negotiation information sequence and then generates a decryption base sequence different from the encryption base sequence to receive a secret key, generates a secret key and then transmits the secret key after encryption, after the first communication terminal decrypts the secret key, the information to be transmitted is encrypted by the encryption base sequence and then transmitted, and the second communication terminal decrypts the received information by the decryption base sequence to obtain the information sequence to be transmitted. Therefore, the information used for carrying out key agreement and the information required to be transmitted can be encrypted through the encryption base sequence, the information required to be transmitted can be decrypted through the decryption base sequence, the information required to be subjected to key agreement and the information required to be transmitted can be decrypted, the key agreement and the information transmission are executed on the same line, the key agreement and the information transmission are effectively integrated, the complexity of the key agreement and the complexity of the information transmission are greatly simplified, the transmission efficiency is improved, and the cost is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a key agreement and information transmission integrated method based on Y-00 protocol according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a structure of an encryption base sequence according to an embodiment of the present invention;
fig. 3 is a flowchart of a first process performed on a negotiation information sequence and an encryption base sequence according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a Y-00 protocol encryption module model according to an embodiment of the present invention;
FIG. 5 is a block diagram of the Y-00 protocol according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating a key agreement and information transmission integrated method based on the Y-00 protocol according to an embodiment of the present invention;
FIG. 7 is another schematic diagram of a key agreement and information transmission integration method based on the Y-00 protocol according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an apparatus for integrating key agreement and information transmission based on the Y-00 protocol according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The inventor of the present invention finds, in a long-term research work on security of information transmission, that in an existing physical layer security system for information transmission based on Y-00 encryption and decryption, information transmission and key agreement are in a separate state, that is, an individual line is required to perform key agreement or information transmission during transmission, and a transceiver need to acquire a key required for information transmission (i.e., key agreement) through an individual link and then perform Y-00 encryption and decryption transmission through an individual information transmission optical fiber link. Therefore, the method of separating key agreement and information transmission has the disadvantages of obviously relatively high system complexity, high cost and the like when being realized, and the application of the method is greatly limited.
In order to solve the defects of complex system, high cost, difficult application and the like existing in the separation of key agreement and information transmission, the inventor provides a Y-00 secure transmission and key distribution integration method and device based on asymmetric bases, the core is that a transmitting side and a receiving side do not need to build a circuit specially used for key agreement (the transmitting side and the receiving side obtain the same key information), the transmitting side adopts asymmetric bases to obtain a transmitted information key through a Y-00 encryption and decryption module, the innovation is realized without changing the structure of the existing transmission system, the negotiation and transmission can be realized by using the circuit for transmitting information, compared with the existing quantum key distribution and physical layer security theory, the method greatly reduces the equipment complexity in implementation, and simultaneously reduces the cost to a certain extent.
As shown in fig. 1, a method for integrating key agreement and information transmission based on Y-00 according to an embodiment of the present invention includes:
s100, a first communication terminal generates a negotiation information sequence and an encryption base sequence;
s200, the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
s300, the second communication terminal receives the encryption negotiation information sequence and generates a decryption base sequence and a key sequence;
s400, the second communication terminal decrypts the encrypted negotiation information sequence through the decryption base sequence to obtain a decryption negotiation information sequence;
s500, the second communication terminal carries out exclusive OR on the key sequence and the decryption negotiation information sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
s600, the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares and judges the receiving negotiation sequence and the negotiation information sequence to obtain a key;
s700, the first communication terminal carries out third processing on an information sequence needing to be transmitted and an encryption base sequence and sends the information sequence subjected to the third processing;
and S800, the second communication terminal receives the information sequence subjected to the third processing, and decrypts the information subjected to the third processing through the decryption base sequence to obtain the information sequence required to be transmitted.
The method provided by the invention includes that a negotiation information sequence is encrypted through an encryption base sequence of a first communication end and then transmitted, a second communication end generates a decryption base sequence different from the encryption base sequence after receiving the negotiation information sequence and then receives and encrypts a secret key, the first communication end decrypts the secret key to obtain the secret key and then encrypts and transmits information needing to be transmitted through the encryption base sequence, and the second communication end decrypts the received information through the decryption base sequence to obtain a corresponding transmitted information sequence. Therefore, the information used for carrying out key agreement can be encrypted through the encryption base sequence, the information required to be transmitted can also be encrypted, the information required to be subjected to key agreement can be decrypted through the decryption base sequence, the information required to be subjected to key agreement can also be decrypted, the key agreement and the information transmission can be executed on the same line, and the integration of the key agreement and the information transmission is realized.
In step S100, specifically, the first communication terminal is a transmitting terminal. The sending end randomly generates a pseudo information sequence for negotiation through initialization, namely a negotiation information sequence, and a base sequence which belongs to the sending end and carries sending end information, namely an encryption base sequence. The encryption base sequence can be set to two or more to improve the security of key agreement. The number of encryption base sequences is the same as the number of bits of information in the negotiation information sequence, for example, when the number of information in the negotiation information sequence is set to 3, 3 encryption base sequences are set.
Specifically, the transmitting end may generate a negotiation information sequence and an encryption base sequence using a Pseudo Random Number Generator (PRNG).
As shown in fig. 2, the encryption base sequence may include an Nbit base, that is, N bits are included in the encryption base sequence, and five types of bits are included from top to bottom, that is, an information bit for secure transmission, a base information bit for transmission information, a negotiation bit for key negotiation, a near-noise bit (transmission information base information bit) for marking transmission base information, and a noise bit. By loading different information on different bits, key negotiation and information transmission can be synchronously realized in the transmission process, so that the transmission efficiency is improved, and the complexity of equipment is reduced.
Specifically, the information bit may be set at the nth bit, the base information bit may be set at bits 2 to m-1, the transmission information base information bit may be set at bits 1 and m +1 to N-1, the negotiation bit may be set at the mth bit, and the noise bit may be set at bit 0. When N is 10, m is set to 7 th.
Referring to fig. 3, step S200, the first process includes:
s210, respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence; and
s220, corresponding to the negotiation bit of each encryption base sequence, updating the negotiation bit of each encryption base sequence into a corresponding XOR result according to the corresponding XOR result.
In step S210, the preset bit may be the lowest bit of the encryption base sequence.
In step S220, the negotiation bit of each encryption base sequence is updated to the corresponding xor result, so as to obtain the encryption negotiation information sequence. The encrypted negotiation information sequence can be transmitted through a Y-00 protocol encryption module. It should be noted that, when transmission is performed, the transmission modes of the I path and the Q path are the same.
The Y-00 protocol encryption module may be as shown at the transmitting end of fig. 4. Y-00 is a protocol used in encryption of noise-based physical layer secure optical communications. The protocol uses dense M-ary keying (multi-level modulation) without additional bandwidth, and features the use of components that are widely used in current optical fiber communication systems. To avoid eavesdropping, one basic idea of the Y-00 protocol is to mask the signal level by noise so that an eavesdropper cannot correctly recognize the level. For security evaluation, one of the priority issues in current communication systems is to perform a robustness evaluation on key estimates for ciphertext attacks (COAs) and known plaintext attacks (kpa) only. The attack process of an eavesdropper typically includes two steps. The first step is to correctly read the encrypted data (ciphertext). The ciphertext is then mathematically processed to recover the original data (plaintext) or key. The Y-00 protocol uses multi-level encryption that is the "basis for sending binary data" making the first step difficult. In general, a conventional cipher based on a mathematical algorithm converts binary data of a plain text into a binary cipher text. Thus, the eavesdropper can easily recognize the two correct signal levels ("0", "1") of the ciphertext, so that the eavesdropper successfully obtains the correct ciphertext itself, which may lead to password cracking. On the other hand, in the Y-00 protocol, binary data is completely encrypted by a set of base-pair multi-level signaling. Each base carries binary data as shown in fig. 5, and when dense multilevel signals are used and the amount of noise is greater than the minimum decodable signal difference of the multilevel signal, the noise masks the signal level and prevents correct signal level detection. Thus, this type of password provides a higher level of security for eavesdroppers than mathematical passwords.
In step S300, the second communication terminal is a receiving terminal that can generate a decryption base sequence and a secret key by using a Pseudo Random Number Generator (PRNG) when receiving the encryption negotiation information sequence transmitted by the transmitting terminal.
The number of the decryption base sequences is the same as that of the encryption base sequences, the bit number and the base structure of the bases in the decryption base sequences are the same as those in the encryption base sequences, the specific form limitation is the same as that of the encryption base sequences, and details are not repeated here. The encryption base sequence but the content of the decryption base sequence is not the same as the encryption base sequence, i.e. the decryption is based on the encryption base being an asymmetric base.
The key can be generated in a single digital form, and the number of the obtained digits in the key sequence is the same as that in the negotiation information sequence after the corresponding multiple expansion.
In step S400, the decrypting the encrypted negotiation information sequence through the decryption base sequence to obtain a decrypted negotiation information sequence may specifically include: and respectively carrying out XOR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one, and combining the obtained XOR results into a sequence to obtain a decryption negotiation information sequence.
In step S500, performing xor on the key sequence and the decryption negotiation information sequence, specifically, performing xor on each bit in the key sequence and each bit in the decryption negotiation information sequence sequentially one by one, and obtaining a sequence composed of an xor result, that is, an obtained sequence.
The second processing includes: respectively carrying out one-to-one exclusive OR on each bit in the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence, so as to obtain the key negotiation information sequence.
The preset bits of the decryption base sequence in this step are at the same positions as the preset bits of the encryption base sequence, for example, the lowest bits.
The key agreement information sequence sent by the second communication terminal can be transmitted through the Y-00 protocol encryption module.
In step S600, the decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence specifically includes:
and respectively carrying out XOR on the negotiation bits of the encryption base sequence and the negotiation bits of the corresponding key negotiation information sequence one by one, and taking the result obtained by the XOR as an acceptance negotiation sequence.
The comparing and determining the received negotiation sequence and the negotiation information sequence to obtain a key comprises:
by passing
T±The comparison decision is made as the mean ± α × the variance, where T denotes a threshold, Q (λ) denotes a bit error rate sequence, and α is 0.2.
Before step S700, after step S600, the method further includes: and concentrating the key obtained by judgment to construct a key pool. By constructing the key pool, the keys required for transmitting information can be more sufficient, and further guarantee is provided for transmission safety.
In step S700, the third processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
In step S800, the decrypting the information subjected to the third processing may specifically include:
and respectively carrying out XOR on the information bits of the information sequence obtained through the third processing and the negotiation bits of the corresponding decryption base sequence one by one, and combining the XOR results into a sequence, namely obtaining the information sequence to be transmitted.
In another aspect, the present invention provides an embodiment of a key agreement and information transmission integrated method based on the Y-00 protocol, as shown in fig. 6.
Step 1: sender initialization-the sender generates an information sequence for negotiation using a Pseudo Random Number Generator (PRNG) and generates a base sequence belonging to the sender.
Step 2: y-00 encryption transmission (negotiation) -taking path I as an example (path Q is the same), assuming that the Y-00 encryption and decryption module adopts Nbit base for transmission, the lowest bit of the negotiation information sequence and the sending base bit is XOR-put on the mth bit and is transmitted through the Y-00 encryption module.
And step 3: y-00 decryption (negotiation) -the receiving end decrypts through the Y-00 decryption module after receiving the negotiated encryption sequence, but the decryption base sequence is an encryption base sequence (which is an asymmetric base) which is generated by a pseudo-random number generator of the receiving end and is different from that of the transmitting end.
And 4, step 4: and loading a key, namely generating a key sequence by using a pseudo-random number generator at a receiving end, carrying out key expansion on the key sequence, and then carrying out exclusive or on the key sequence and the decrypted negotiation information sequence.
And 5: and the receiving end sends a negotiation sequence of the loading key, namely the lowest bit of the decryption base sequence used by the receiving end and the negotiation sequence of the loading key are subjected to exclusive OR and put at the mth bit to be transmitted through a negotiation Y-00 encryption module.
Step 6: the sending end receives the negotiation sequence of the loading key, namely the sending end receives the negotiation sequence of the loading key transmitted by the receiving end and carries out Y-00 decryption by using the base sequence of the sending end to obtain the receiving negotiation sequence of the loading key.
And 7: the sending end recovers the transmitted key-the sending end compares and judges the negotiation information sequence transmitted before the negotiation sequence of the loaded key to obtain the key used by the transmission information, and the judgment condition is that
T±Mean ± a × variance (T denotes a threshold, and Q (λ) denotes a bit error rate sequence).
And 8: and (3) carrying out information transmission, namely, the sending end and the receiving end both obtain a secret key through negotiation at the moment, carrying out Y-00 encryption on the information which really needs to be transmitted by using the secret key, carrying out encryption transmission on the lowest bit of the information sequence and the base sequence of the sending end at the Nth bit, and otherwise, realizing integration of transmission and secret key distribution at the receiving end.
The key agreement and information transmission integration method based on the Y-00 protocol of the present invention will be described in more detail with reference to a more specific embodiment. As shown in fig. 7, the method may specifically include:
① the sender generates a sequence of information for negotiation using a pseudo-random number generator, for example {101} in the case of I-way (Q-way is the same), and generates base sequences belonging to the sender, for example {1001010011}, {0011100101}, {1100111000 }.
②, assuming that the Y-00 encryption/decryption module uses 10-bit base for transmission, the least significant bit of the negotiation information sequence and the transmission base bit is XOR-placed on the 7 th bit and transmitted through the Y-00 encryption module, i.e., {1000010011}, {0011100101}, and {1101111000 }.
③ the receiving end receives the negotiation encryption sequence and then decrypts it by the Y-00 decryption module, but its decryption base sequence is generated by the pseudo-random number generator of the receiving end and is different from the encryption base sequence (this is the asymmetric base) of the transmitting end, for example {1100111000}, {0011100101}, and {1001010011 }.
④ at the receiving end, pseudo-random number generator is used to generate a key sequence with example {1}, the key is expanded, it is assumed that it is expanded by 3 times, namely {111}, then it is XOR-ed with the decrypted negotiation information sequence, that is, the receiving end is loaded with the key information to be negotiated, to obtain {111 }.
⑤ is transmitted through the negotiated Y-00 encryption module using the lowest bit of the decryption base sequence used by the receiver and the negotiated sequence XOR of the load key at bit 7, i.e., {1101111000}, {0010100101}, {1000010011 }.
⑥ the sending end receives the negotiation sequence of the loading key transmitted by the receiving end, and uses the base sequence of the sending end to decrypt Y-00 to obtain the receiving negotiation sequence {011} of the loading key.
⑦ the sending end compares the received negotiation sequence of the loaded key with the negotiation information sequence transmitted before to obtain the key for transmitting information, the judgment condition is
T±Mean ± α × variance (T denotes a threshold, Q (λ) denotes a bit error rate sequence, and α is assumed to be 0.2).
⑧ at this time, the sending end and the receiving end both obtain the key {1} through negotiation, and the key sequence generates a public key pool through a pseudo-random number generator, and places the public key pool as the base information of information transmission at the 0 th, 8 th and 9 th bits of the base sequence.
⑨ finally, Y-00 encrypting the information to be transmitted, and performing XOR on the lowest order of the information sequence and the base sequence of the sending end at the 10 th order for encrypted transmission, otherwise, realizing the integration of transmission and key distribution at the receiving end.
According to the method provided by the embodiment of the invention, a Nbit base is adopted for carrying out key agreement and information transmission, a key agreement information sequence of a sending end is placed on an m-th bit by utilizing the exclusive OR of the lowest bit of sending end base information and an agreement information bit and is transmitted through a Y-00 module, and the base information is positioned at 2-m-1 bits; the information bit for safe transmission is at the Nth bit, the transmission information base information is at 1, m + 1-N-1 bits, and different information is loaded at different positions to synchronously realize key negotiation and information transmission in the transmission process, so that the key negotiation and the information transmission are both executed on the information transmission line, the integration of the key negotiation line and the information transmission line is realized, the complexity of the key negotiation and the information transmission is greatly simplified, the transmission efficiency is improved, and the cost is reduced.
It should be noted that the method of the embodiment of the present invention may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In the case of such a distributed scenario, one of the multiple devices may only perform one or more steps of the method according to the embodiment of the present invention, and the multiple devices interact with each other to complete the method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiment of the invention also provides a device for integrating key negotiation and information transmission based on Y-00, which comprises:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or the third processing module is used for receiving the information subjected to the third processing, and respectively performing exclusive or on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
and the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key.
The first processing of the encryption module of the first communication terminal comprises: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
and updating the negotiation bit of each encryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence.
The third processing of the encryption module of the first communication terminal comprises:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
Wherein, the first communication terminal receiving and processing module comprises:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
Wherein, the second communication end receives processing module, includes:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
And the second processing of the Y-00 encryption module of the second communication terminal comprises the following steps: respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence.
On the other hand, as shown in fig. 8, the key agreement and information transmission integrated device based on the Y-00 protocol provided in the embodiment of the present invention mainly includes a pseudo random number generation module, a key generation module, an error code determination analysis module, a key generation module, a Y-00 encryption module, and a Y-00 decryption module.
In the device provided by the invention, the Y-00 encryption module of the first communication end can be used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence, and can also be used for performing third processing on the information sequence to be transmitted and the encryption base sequence; the second communication end Y-00 decryption module can be used for decrypting information needing key agreement and decrypting information needing transmission, so that the key agreement and the information transmission in the first communication end and the second communication end can be executed in the same module, the device integration of the key agreement and the information transmission is realized, the complexity of a system is greatly reduced, the transmission efficiency is improved, and the cost is reduced.
The apparatus of the foregoing embodiment is used to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. A method for integrating key agreement and information transmission based on Y-00 is characterized by comprising the following steps:
a first communication terminal generates a negotiation information sequence and an encryption base sequence;
the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence;
the second communication terminal respectively carries out exclusive OR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence;
the second communication terminal carries out exclusive or on each bit in the key sequence and each bit in the decryption negotiation information sequence one by one in sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares the receiving negotiation sequence with the negotiation information sequence to obtain a key;
the first communication terminal carries out third processing on an information sequence to be transmitted and an encryption base sequence and sends the information subjected to the third processing;
and the second communication terminal receives the information subjected to the third processing, and respectively performs exclusive or on the information bits of the information sequence obtained through the third processing and the information bits of the corresponding decryption base sequence one by one to obtain the information sequence needing to be transmitted.
2. The method for integrating key agreement and information transmission based on Y-00 is characterized in that the encryption base sequence and the decryption base sequence have the same bit number and the same base structure, and comprise information bits for secure transmission, base information bits for transmitting information, agreement bits for key agreement, transmission information base information bits for marking transmitting end group information, and noise bits.
3. The method for key agreement and information transmission integration based on Y-00 as claimed in claim 2, wherein the number of bits of the base in the encryption base sequence and the decryption base sequence is set to N, the information bit is set at the Nth bit, the base information bit is set at the 2 nd to m-1 th bits, the transmission information base information bit is set at the 1 st bit and the m +1 th to N-1 th bits, the agreement bit is set at the m th bit, and the noise bit is set at the 0 th bit.
4. The method for integrating key agreement and information transmission based on Y-00 as claimed in claim 3, wherein N is set to 10 and m is set to 7.
5. The method of claim 2, wherein the first process comprises: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
the negotiation bit of each encryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence;
the third processing includes: respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
6. The method of claim 2, wherein the second processing of the obtained sequence and the decryption base sequence comprises:
respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence.
7. The method of claim 2, wherein the key agreement and information transmission are integrated based on Y-00,
the comparison judgment condition is
Wherein F (lambda) is a judgment result, Q (lambda) is an error rate sequence, and α, T + and T-are constants.
8. An apparatus for integrating key agreement and information transmission based on Y-00, comprising:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or
The device is used for receiving the information subjected to the third processing, and respectively performing exclusive OR on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence needing to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
and the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key.
9. The integrated Y-00-based key agreement and information transmission device according to claim 8, wherein the first communication end receiving and processing module comprises:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
10. The integrated device for key agreement and information transmission based on Y-00 as claimed in claim 8, wherein the second communication terminal receives the processing module, comprising:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010090616.8A CN111314055B (en) | 2020-02-13 | 2020-02-13 | Method and device for key agreement and information transmission integration based on Y-00 |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010090616.8A CN111314055B (en) | 2020-02-13 | 2020-02-13 | Method and device for key agreement and information transmission integration based on Y-00 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111314055A true CN111314055A (en) | 2020-06-19 |
| CN111314055B CN111314055B (en) | 2021-10-15 |
Family
ID=71148360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010090616.8A Active CN111314055B (en) | 2020-02-13 | 2020-02-13 | Method and device for key agreement and information transmission integration based on Y-00 |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111314055B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190007134A1 (en) * | 2017-04-27 | 2019-01-03 | Nec Laboratories America, Inc. | Physical layer security in optical communicatins using bessel modes |
| CN109412797A (en) * | 2018-11-05 | 2019-03-01 | 北京邮电大学 | Cryptographic key negotiation method and client based on bit error rate judgement state base |
| CN110365474A (en) * | 2019-06-19 | 2019-10-22 | 北京邮电大学 | Cryptographic key negotiation method and communication equipment |
-
2020
- 2020-02-13 CN CN202010090616.8A patent/CN111314055B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20190007134A1 (en) * | 2017-04-27 | 2019-01-03 | Nec Laboratories America, Inc. | Physical layer security in optical communicatins using bessel modes |
| CN109412797A (en) * | 2018-11-05 | 2019-03-01 | 北京邮电大学 | Cryptographic key negotiation method and client based on bit error rate judgement state base |
| CN110365474A (en) * | 2019-06-19 | 2019-10-22 | 北京邮电大学 | Cryptographic key negotiation method and communication equipment |
Non-Patent Citations (3)
| Title |
|---|
| TSUYOSHI NISHIOKA: "How much security does Y-00 protocol provide us?", 《PHYSICS LETTERS A》 * |
| 于浩: "基于光纤信道特征的物理层密钥分发技术", 《量子通信》 * |
| 张秋芳: "量子噪声随机加密技术研究的现状及其发展趋势", 《电子技术及信息科学》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111314055B (en) | 2021-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0537971B1 (en) | Method for algorithm independent cryptographic key management | |
| CN107222307B (en) | Controlled quantum secure direct communication method based on four-particle cluster state | |
| US9209969B2 (en) | System and method of per-packet keying | |
| JP4906732B2 (en) | Data transmission device, data reception device, and data communication device | |
| CN108449145B (en) | A kind of ciphertext transmission method based on quantum key | |
| JP2007274300A (en) | Synchronization processing method in common key cipher communication | |
| CN110611572A (en) | Asymmetric password terminal based on quantum random number, communication system and method | |
| EP1569381A1 (en) | System and method for authentification | |
| CN111082919B (en) | Dynamic probability 16cap mapping encryption method | |
| US6301361B1 (en) | Encoding and decoding information using randomization with an alphabet of high dimensionality | |
| CN111641500B (en) | Encryption and decryption method for wireless video transmission safety of unmanned aerial vehicle | |
| JPWO2006104090A1 (en) | Optical transmission apparatus and method for ciphertext transmission | |
| CN109495167B (en) | Client and consistent key negotiation method based on bit error rate | |
| CN111314055B (en) | Method and device for key agreement and information transmission integration based on Y-00 | |
| WO2012165901A2 (en) | Method for inter-terminal security channelization | |
| US7912215B2 (en) | Data transmission apparatus, data receiving apparatus and method executed thereof | |
| CN112637442B (en) | Method and device for encrypting circulating images by cloud server and local end | |
| CN110336667B (en) | Communication physical layer encryption communication method and device based on pseudo-random sequence control | |
| CN113795023A (en) | Bluetooth data transmission encryption method based on chaotic sequence and block encryption | |
| US7606367B2 (en) | Quantum cryptography with fewer random numbers | |
| JP2007241256A (en) | Data transmission apparatus, data receiving apparatus and data communication method | |
| CN115696313B (en) | Encryption communication method and system of unmanned mobile equipment based on channel detection | |
| CN117896064B (en) | Superlattice twin PUF key synchronization method and system with low calculation overhead | |
| CN114448628B (en) | Quantum noise stream encryption communication method, device, equipment and storage medium | |
| CN112564918B (en) | Lightweight active cross-layer authentication method in smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |