CN111314055B - Method and device for key agreement and information transmission integration based on Y-00 - Google Patents

Method and device for key agreement and information transmission integration based on Y-00 Download PDF

Info

Publication number
CN111314055B
CN111314055B CN202010090616.8A CN202010090616A CN111314055B CN 111314055 B CN111314055 B CN 111314055B CN 202010090616 A CN202010090616 A CN 202010090616A CN 111314055 B CN111314055 B CN 111314055B
Authority
CN
China
Prior art keywords
sequence
information
negotiation
bit
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010090616.8A
Other languages
Chinese (zh)
Other versions
CN111314055A (en
Inventor
李亚杰
张�杰
李俊佳
雷超
张会彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202010090616.8A priority Critical patent/CN111314055B/en
Publication of CN111314055A publication Critical patent/CN111314055A/en
Application granted granted Critical
Publication of CN111314055B publication Critical patent/CN111314055B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a key agreement and information transmission integration method based on Y-00, which comprises the following steps: the first communication terminal generates a negotiation information sequence and an encryption base sequence; the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence; the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence; the second communication terminal obtains a decryption negotiation information sequence; the second communication terminal obtains the key negotiation information sequence and sends the key negotiation information sequence; the first communication terminal receives the key negotiation information sequence to obtain a key; the first communication terminal carries out third processing on an information sequence needing to be transmitted and an encryption base sequence and sends the information sequence subjected to the third processing; and the second communication terminal receives the information sequence subjected to the third processing, and decrypts the information subjected to the third processing through the decryption base sequence to obtain the information sequence required to be transmitted.

Description

Method and device for key agreement and information transmission integration based on Y-00
Technical Field
The invention relates to the technical field of secure optical communication, in particular to a key agreement and information transmission integration method based on a Y-00 protocol.
Background
With the rapid development of information technology, the optical network provides a good transmission platform for the information flow of the well-injection type. Optical fiber communication is used as a network operation base and has been applied to all aspects of an Ethernet system, a telecommunication backbone infrastructure and a military communication system, but an optical cable has long transmission distance and complex line environment, and the existing optical communication cannot resist line or node eavesdropping. At present, the realization of the security of a communication system by using a physical layer security scheme becomes a new research hotspot and is widely valued at home and abroad. The physical layer safety optical communication is a new system optical communication technology which aims at resisting line or node eavesdropping attack and takes the enhancement of the capability of resisting intercepted information as a means. The current basic research on physical layer secure optical communication can be divided into two categories: one is quantum key distribution theory and the other is physical layer security theory. The new network information security technology represented by quantum key distribution still needs to be perfected, and a plurality of restriction factors exist at present. For example, in the present stage, the quantum key distribution system has limited performance in the aspects of key generation rate, available transmission distance and the like, and is difficult to popularize on a large scale. The mainstream research directions in the physical layer security theory are noise encryption security optical communication, chaotic optical communication, spread spectrum optical communication, covert optical communication and frequency hopping optical communication.
The traditional information transmission methods all need to rely on an external secret key, the information security still depends on the security of the secret key, namely, the security transmission and the security secret key are in a separated state, different lines are needed to carry out secret key negotiation and information transmission in the transmission process, and the method has higher system complexity and high cost.
Disclosure of Invention
In view of this, the present invention is to provide a method for integrating key agreement and information transmission based on Y-00 protocol, so as to solve the problems of high system complexity and high cost in the existing information transmission.
Based on the above purpose, the present invention provides a key agreement and information transmission integrated method based on Y-00 protocol, which includes:
a first communication terminal generates a negotiation information sequence and an encryption base sequence;
the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence;
the second communication terminal respectively carries out exclusive OR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence;
the second communication terminal carries out exclusive or on each bit in the key sequence and each bit in the decryption negotiation information sequence one by one in sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares the receiving negotiation sequence with the negotiation information sequence to obtain a key;
the first communication terminal carries out third processing on an information sequence to be transmitted and an encryption base sequence and sends the information subjected to the third processing;
and the second communication terminal receives the information subjected to the third processing, and respectively performs exclusive OR on the information bits of the information sequence obtained through the third processing and the information bits of the corresponding decryption base sequence one by one to obtain the information sequence needing to be transmitted.
In one embodiment, the encryption base sequence and the decryption base sequence have the same structure of base and base, including information bits for secure transmission, base information bits for transmitting information, negotiation bits for key negotiation, transmission information base information bits for marking transmitting base information, and noise bits.
In one embodiment, the number of bits of the bases in the encryption base sequence and the decryption base sequence is set to be N, the information bit is set at the Nth bit, the base information bit is set at the 2 nd to m-1 th bits, the transmission information base information bit is set at the 1 st bit and the m +1 th to N-1 th bits, the negotiation bit is set at the m th bit, and the noise bit is set at the 0 th bit.
In one embodiment, N is set to 10 and m is set to 7.
In one embodiment, the first processing includes: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
the negotiation bit of each encryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence;
the third processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
In one embodiment, the second processing the obtained sequence and the decryption base sequence includes:
respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence.
In one embodiment, the predetermined bit is the lowest bit.
In one embodiment, the comparison decision is conditioned
Figure GDA0003026258680000031
Wherein F (lambda) is a judgment result, Q (lambda) is an error rate sequence, and alpha, T + and T-are constants.
The invention also provides a device for integrating key agreement and information transmission based on the Y-00 protocol, which comprises:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or
The device is used for receiving the information subjected to the third processing, and respectively performing exclusive OR on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence needing to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
and the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key.
In one embodiment, the first communication terminal receiving and processing module includes:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
In one embodiment, the second communication terminal receives a processing module, which includes:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
It can be seen from the above that, in the method and apparatus provided by the present invention, the negotiation information sequence is encrypted by the encryption base sequence of the first communication terminal and then transmitted, the second communication terminal receives the negotiation information sequence and then generates a decryption base sequence different from the encryption base sequence to decrypt, and generates a key and then transmits the key after encryption, after the first communication terminal decrypts the key, the information to be transmitted is encrypted by the encryption base sequence and then transmitted, and the second communication terminal decrypts the received information by the decryption base sequence to obtain the corresponding transmitted information sequence. Therefore, the information used for carrying out key agreement and the information required to be transmitted can be encrypted through the encryption base sequence, the information required to be transmitted can be decrypted through the decryption base sequence, the information required to be subjected to key agreement and the information required to be transmitted can be decrypted, the key agreement and the information transmission are executed on the same line, the key agreement and the information transmission are effectively integrated, the complexity of the key agreement and the complexity of the information transmission are greatly simplified, the transmission efficiency is improved, and the cost is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a key agreement and information transmission integrated method based on Y-00 protocol according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a structure of an encryption base sequence according to an embodiment of the present invention;
fig. 3 is a flowchart of a first process performed on a negotiation information sequence and an encryption base sequence according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a Y-00 protocol cryptographic module model according to an embodiment of the present invention;
FIG. 5 is a block diagram of the Y-00 protocol according to an embodiment of the present invention;
FIG. 6 is a diagram illustrating a key agreement and information transmission integrated method based on the Y-00 protocol according to an embodiment of the present invention;
FIG. 7 is another schematic diagram of a key agreement and information transmission integration method based on the Y-00 protocol according to an embodiment of the present invention;
fig. 8 is a schematic diagram of an apparatus for integrating key agreement and information transmission based on the Y-00 protocol according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present invention should have the ordinary meanings as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in this disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", and the like are used merely to indicate relative positional relationships, and when the absolute position of the object being described is changed, the relative positional relationships may also be changed accordingly.
The inventor of the present invention finds, in a long-term research work on security of information transmission, that in an existing physical layer security system for information transmission based on Y-00 encryption and decryption, information transmission and key agreement are in a separate state, that is, an individual line is required to perform key agreement or information transmission during transmission, and a transceiver need to acquire a key required for information transmission (i.e., key agreement) through an individual link and then perform Y-00 encryption and decryption transmission through an individual information transmission optical fiber link. Therefore, the method of separating key agreement and information transmission has the disadvantages of obviously relatively high system complexity, high cost and the like when being realized, and the application of the method is greatly limited.
The inventor provides a Y-00 secure transmission and key distribution integration method and device based on asymmetric basis in order to solve the defects of complex system, high cost, difficult application and the like existing in the separation of key agreement and information transmission, the core lies in that a transmitting side and a receiving side do not need to build a circuit specially used for key agreement (the transmitting side and the receiving side obtain the same key information), the transmitting side adopts asymmetric basis to obtain a transmitted information key through a Y-00 encryption and decryption module, the innovation is realized without changing the structure of the existing transmission system, the negotiation and transmission can be realized by using the circuit for transmitting information, compared with the existing quantum key distribution and physical layer security theory, the method and device greatly reduce the equipment complexity in implementation, and simultaneously reduce the cost to a certain extent.
As shown in fig. 1, a method for integrating key agreement and information transmission based on Y-00 according to an embodiment of the present invention includes:
s100, a first communication terminal generates a negotiation information sequence and an encryption base sequence;
s200, the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
s300, the second communication terminal receives the encryption negotiation information sequence and generates a decryption base sequence and a key sequence;
s400, the second communication terminal decrypts the encrypted negotiation information sequence through the decryption base sequence to obtain a decryption negotiation information sequence;
s500, the second communication terminal carries out exclusive OR on the key sequence and the decryption negotiation information sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
s600, the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares and judges the receiving negotiation sequence and the negotiation information sequence to obtain a key;
s700, the first communication terminal carries out third processing on an information sequence needing to be transmitted and an encryption base sequence and sends the information sequence subjected to the third processing;
and S800, the second communication terminal receives the information sequence subjected to the third processing, and decrypts the information subjected to the third processing through the decryption base sequence to obtain the information sequence required to be transmitted.
The method provided by the invention includes that a negotiation information sequence is encrypted through an encryption base sequence of a first communication end and then transmitted, a decryption base sequence different from the encryption base sequence is generated after a second communication end receives the negotiation information sequence and then decrypted, a secret key is generated and then transmitted after being encrypted, after the first communication end decrypts the secret key, information needing to be transmitted is encrypted through the encryption base sequence and then transmitted, and the second communication end decrypts the received information through the decryption base sequence to obtain a corresponding transmitted information sequence. Therefore, the information used for carrying out key agreement can be encrypted through the encryption base sequence, the information required to be transmitted can also be encrypted, the information required to be subjected to key agreement can be decrypted through the decryption base sequence, the information required to be subjected to key agreement can also be decrypted, the key agreement and the information transmission can be executed on the same line, and the integration of the key agreement and the information transmission is realized.
In step S100, specifically, the first communication terminal is a transmitting terminal. The sending end randomly generates a pseudo information sequence for negotiation through initialization, namely a negotiation information sequence, and a base sequence which belongs to the sending end and carries sending end information, namely an encryption base sequence. The encryption base sequence can be set to two or more to improve the security of key agreement. The number of encryption base sequences is the same as the number of bits of information in the negotiation information sequence, for example, when the number of information in the negotiation information sequence is set to 3, 3 encryption base sequences are set.
Specifically, the transmitting end may generate a negotiation information sequence and an encryption base sequence using a Pseudo Random Number Generator (PRNG).
As shown in fig. 2, the encryption base sequence may include an Nbit base, that is, N bits are included in the encryption base sequence, and five types of bits are included from top to bottom, that is, an information bit for secure transmission, a base information bit for transmission information, a negotiation bit for key negotiation, a near-noise bit (transmission information base information bit) for marking transmission base information, and a noise bit. By loading different information on different bits, key negotiation and information transmission can be synchronously realized in the transmission process, so that the transmission efficiency is improved, and the complexity of equipment is reduced.
Specifically, the information bit may be set at the nth bit, the base information bit may be set at bits 2 to m-1, the transmission information base information bit may be set at bits 1 and m +1 to N-1, the negotiation bit may be set at the mth bit, and the noise bit may be set at bit 0. When N is 10, m is set to 7 th.
Referring to fig. 3, step S200, the first process includes:
s210, respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence; and
s220, corresponding to the negotiation bit of each encryption base sequence, updating the negotiation bit of each encryption base sequence into a corresponding XOR result according to the corresponding XOR result.
In step S210, the preset bit may be the lowest bit of the encryption base sequence.
In step S220, the negotiation bit of each encryption base sequence is updated to the corresponding xor result, so as to obtain the encryption negotiation information sequence. The encrypted negotiation information sequence can be transmitted through a Y-00 protocol encryption module. It should be noted that, when transmission is performed, the transmission modes of the I path and the Q path are the same.
The Y-00 protocol encryption module may be as shown at the transmitting end of fig. 4. Y-00 is a protocol used in encryption of noise-based physical layer secure optical communications. The protocol uses dense M-ary keying (multi-level modulation) without additional bandwidth, and features the use of components that are widely used in current optical fiber communication systems. To avoid eavesdropping, one basic idea of the Y-00 protocol is to mask the signal level by noise so that an eavesdropper cannot correctly recognize the level. For security evaluation, one of the priority issues in current communication systems is to perform a robustness evaluation on key estimates for ciphertext attacks (COAs) and known plaintext attacks (kpa) only. The attack process of an eavesdropper typically includes two steps. The first step is to correctly read the encrypted data (ciphertext). The ciphertext is then mathematically processed to recover the original data (plaintext) or key. The Y-00 protocol uses multi-level encryption that is the "basis for sending binary data" making the first step difficult. In general, a conventional cipher based on a mathematical algorithm converts binary data of a plain text into a binary cipher text. Thus, the eavesdropper can easily recognize the two correct signal levels ("0", "1") of the ciphertext, so that the eavesdropper successfully obtains the correct ciphertext itself, which may lead to password cracking. On the other hand, in the Y-00 protocol, binary data is completely encrypted by a set of base-pair multi-level signaling. Each base carries binary data as shown in fig. 5, and when dense multilevel signals are used and the amount of noise is greater than the minimum decodable signal difference of the multilevel signal, the noise masks the signal level and prevents correct signal level detection. Thus, this type of password provides a higher level of security for eavesdroppers than mathematical passwords.
In step S300, the second communication terminal is a receiving terminal that can generate a decryption base sequence and a secret key by using a Pseudo Random Number Generator (PRNG) when receiving the encryption negotiation information sequence transmitted by the transmitting terminal.
The number of the decryption base sequences is the same as that of the encryption base sequences, the bit number and the base structure of the bases in the decryption base sequences are the same as those in the encryption base sequences, the specific form limitation is the same as that of the encryption base sequences, and details are not repeated here. The encryption base sequence but the content of the decryption base sequence is not the same as the encryption base sequence, i.e. the decryption is based on the encryption base being an asymmetric base.
The key can be generated in a single digital form, and the number of the obtained digits in the key sequence is the same as that in the negotiation information sequence after the corresponding multiple expansion.
In step S400, the decrypting the encrypted negotiation information sequence through the decryption base sequence to obtain a decrypted negotiation information sequence may specifically include: and respectively carrying out XOR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one, and combining the obtained XOR results into a sequence to obtain a decryption negotiation information sequence.
In step S500, performing xor on the key sequence and the decryption negotiation information sequence, specifically, performing xor on each bit in the key sequence and each bit in the decryption negotiation information sequence sequentially one by one, and obtaining a sequence composed of an xor result, that is, an obtained sequence.
The second processing includes: respectively carrying out one-to-one exclusive OR on each bit in the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence, so as to obtain the key negotiation information sequence.
The preset bits of the decryption base sequence in this step are at the same positions as the preset bits of the encryption base sequence, for example, the lowest bits.
The key agreement information sequence sent by the second communication terminal can be transmitted through the Y-00 protocol encryption module.
In step S600, the decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence specifically includes:
and respectively carrying out XOR on the negotiation bits of the encryption base sequence and the negotiation bits of the corresponding key negotiation information sequence one by one, and taking the result obtained by the XOR as an acceptance negotiation sequence.
The comparing and determining the received negotiation sequence and the negotiation information sequence to obtain a key comprises:
by passing
Figure GDA0003026258680000091
Making a comparison decision, wherein T represents a threshold value and Q (lambda) represents a bit error rateSequence, alpha is 0.2.
Before step S700, after step S600, the method further includes: and concentrating the key obtained by judgment to construct a key pool. By constructing the key pool, the keys required for transmitting information can be more sufficient, and further guarantee is provided for transmission safety.
In step S700, the third processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
In step S800, the decrypting the information subjected to the third processing may specifically include:
and respectively carrying out XOR on the information bits of the information sequence obtained through the third processing and the negotiation bits of the corresponding decryption base sequence one by one, and combining the XOR results into a sequence, namely obtaining the information sequence to be transmitted.
In another aspect, the present invention provides an embodiment of a key agreement and information transmission integrated method based on the Y-00 protocol, as shown in fig. 6.
Step 1: sender initialization-the sender generates an information sequence for negotiation using a Pseudo Random Number Generator (PRNG) and generates a base sequence belonging to the sender.
Step 2: y-00 encryption transmission (negotiation) -taking path I as an example (path Q is the same), assuming that the Y-00 encryption and decryption module adopts Nbit base for transmission, the lowest bit of the negotiation information sequence and the sending base bit is XOR-put on the mth bit and is transmitted through the Y-00 encryption module.
And step 3: y-00 decryption (negotiation) -the receiving end decrypts through the Y-00 decryption module after receiving the negotiated encryption sequence, but the decryption base sequence is an encryption base sequence (which is an asymmetric base) which is generated by a pseudo-random number generator of the receiving end and is different from that of the transmitting end.
And 4, step 4: and loading a key, namely generating a key sequence by using a pseudo-random number generator at a receiving end, carrying out key expansion on the key sequence, and then carrying out exclusive or on the key sequence and the decrypted negotiation information sequence.
And 5: and the receiving end sends a negotiation sequence of the loading key, namely the lowest bit of the decryption base sequence used by the receiving end and the negotiation sequence of the loading key are subjected to exclusive OR and put at the mth bit to be transmitted through a negotiation Y-00 encryption module.
Step 6: the sending end receives the negotiation sequence of the loading key, namely the sending end receives the negotiation sequence of the loading key transmitted by the receiving end and carries out Y-00 decryption by using the base sequence of the sending end to obtain the receiving negotiation sequence of the loading key.
And 7: the sending end recovers the transmitted key-the sending end compares and judges the negotiation information sequence transmitted before the negotiation sequence of the loaded key to obtain the key used by the transmission information, and the judgment condition is that
Figure GDA0003026258680000111
(T denotes a threshold value, and Q (lambda) denotes a bit error rate sequence).
And 8: and (3) carrying out information transmission, namely, the sending end and the receiving end both obtain a secret key through negotiation at the moment, carrying out Y-00 encryption on the information which really needs to be transmitted by using the secret key, carrying out encryption transmission on the lowest bit of the information sequence and the base sequence of the sending end at the Nth bit, and otherwise, realizing integration of transmission and secret key distribution at the receiving end.
The key agreement and information transmission integrated method based on the Y-00 protocol of the present invention will be described in more detail below with a more specific embodiment. As shown in fig. 7, the method may specifically include:
the transmitting end generates a sequence of information for negotiation using a pseudo-random number generator, taking path I as an example (Q path is the same), path 101 as an example, and generates base sequences belonging to the transmitting end, paths 1001010011, 0011100101, 1100111000 as an example.
Assuming that the Y-00 encryption/decryption module is for example transmitted with a base of 10 bits, the lowest bit of the negotiation information sequence and the transmission base bit is xored at the 7 th bit and transmitted through the Y-00 encryption module, i.e., {1000010011}, {0011100101}, and {1101111000 }.
The receiving end decrypts the negotiated encryption sequence through the Y-00 decryption module after receiving the negotiated encryption sequence, but the decryption base sequence is the encryption base sequence (which is an asymmetric base) generated by the pseudo-random number generator of the receiving end and different from the transmitting end, such as {1100111000}, {0011100101}, and {1001010011 }. The decrypted negotiation information sequence is 000.
At the receiving end, a pseudo-random number generator is utilized to generate a key sequence with the example of {1}, the key is expanded by 3 times, namely {111}, and then the key is subjected to XOR with the decrypted negotiation information sequence, namely, the key information needing negotiation is loaded at the receiving end, and the {111} is obtained.
The lowest bit of the decryption base sequence used by the receiving end and the negotiated sequence XOR of the loading key are reused and transmitted at the 7 th bit through the negotiated Y-00 encryption module, namely {1101111000}, {0010100101}, and {1000010011 }.
The sending end receives the negotiation sequence of the loading key transmitted by the receiving end, and the base sequence of the sending end is used for carrying out Y-00 decryption to obtain the receiving negotiation sequence {011} of the loading key.
The sending end compares the received negotiation sequence loaded with the key with the negotiation information sequence transmitted before to obtain the key used for transmitting the information, and the judgment condition is that
Figure GDA0003026258680000121
(T denotes a threshold, Q (lambda) denotes a bit error rate sequence, and alpha is assumed to be 0.2).
The sending end and the receiving end obtain a key of {1} through negotiation at this time, and the key sequence generates a public key pool through a pseudo-random number generator, and is placed at the 0 th, 8 th and 9 th bits of the base sequence as the base information of information transmission.
And ninthly, carrying out Y-00 encryption on the information which is really required to be transmitted, carrying out exclusive or on the lowest bit of the information sequence and the base sequence of the sending end at the 10 th bit for encrypted transmission, and otherwise, realizing integration of transmission and key distribution at the receiving end.
According to the method provided by the embodiment of the invention, a Nbit base is adopted for carrying out key agreement and information transmission, a key agreement information sequence of a sending end is placed on an m-th bit by utilizing the exclusive OR of the lowest bit of sending end base information and an agreement information bit and is transmitted through a Y-00 module, and the base information is positioned at 2-m-1 bits; the information bit for safe transmission is at the Nth bit, the transmission information base information is at 1, m + 1-N-1 bits, and different information is loaded at different positions to synchronously realize key negotiation and information transmission in the transmission process, so that the key negotiation and the information transmission are both executed on the information transmission line, the integration of the key negotiation line and the information transmission line is realized, the complexity of the key negotiation and the information transmission is greatly simplified, the transmission efficiency is improved, and the cost is reduced.
It should be noted that the method of the embodiment of the present invention may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In the case of such a distributed scenario, one of the multiple devices may only perform one or more steps of the method according to the embodiment of the present invention, and the multiple devices interact with each other to complete the method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiment of the invention also provides a device for integrating key negotiation and information transmission based on Y-00, which comprises:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or the third processing module is used for receiving the information subjected to the third processing, and respectively performing exclusive or on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
and the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key.
The first processing of the encryption module of the first communication terminal comprises: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
and updating the negotiation bit of each encryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence.
The third processing of the encryption module of the first communication terminal comprises:
respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
Wherein, the first communication terminal receiving and processing module comprises:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
Wherein, the second communication end receives processing module, includes:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
And the second processing of the Y-00 encryption module of the second communication terminal comprises the following steps: respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
and updating the negotiation bit of each decryption base sequence into a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence.
On the other hand, as shown in fig. 8, the key agreement and information transmission integrated device based on the Y-00 protocol provided in the embodiment of the present invention mainly includes a pseudo random number generation module, a key generation module, an error code determination analysis module, a key generation module, a Y-00 encryption module, and a Y-00 decryption module.
In the device provided by the invention, the Y-00 encryption module of the first communication end can be used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence, and can also be used for performing third processing on the information sequence to be transmitted and the encryption base sequence; the second communication end Y-00 decryption module can be used for decrypting information needing key agreement and decrypting information needing transmission, so that the key agreement and the information transmission in the first communication end and the second communication end can be executed in the same module, the device integration of the key agreement and the information transmission is realized, the complexity of a system is greatly reduced, the transmission efficiency is improved, and the cost is reduced.
The apparatus of the foregoing embodiment is used to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the invention, also features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the invention as described above, which are not provided in detail for the sake of brevity.
In addition, well known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures for simplicity of illustration and discussion, and so as not to obscure the invention. Furthermore, devices may be shown in block diagram form in order to avoid obscuring the invention, and also in view of the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the present invention is to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the invention, it should be apparent to one skilled in the art that the invention can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present invention has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the invention are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, substitutions, improvements and the like that may be made without departing from the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (7)

1. A method for integrating key agreement and information transmission based on Y-00 is characterized by comprising the following steps:
a first communication terminal generates a negotiation information sequence and an encryption base sequence;
the first communication terminal carries out first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sends the encryption negotiation information sequence;
the second communication terminal receives the encrypted negotiation information sequence and generates a decryption base sequence and a key sequence;
the second communication terminal respectively carries out exclusive OR on the negotiation bits of the decryption base sequence and the negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence;
the second communication terminal carries out exclusive or on each bit in the key sequence and each bit in the decryption negotiation information sequence one by one in sequence, carries out second processing on the obtained sequence and the decryption base sequence, obtains a key negotiation information sequence and sends the key negotiation information sequence;
the first communication terminal receives the key negotiation information sequence, decrypts the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and compares the receiving negotiation sequence with the negotiation information sequence to obtain a key;
the first communication terminal carries out third processing on an information sequence to be transmitted and an encryption base sequence and sends the information subjected to the third processing;
the second communication terminal receives the information subjected to the third processing, and respectively performs exclusive or on information bits of the information sequence obtained through the third processing and information bits of the corresponding decryption base sequence one by one to obtain an information sequence needing to be transmitted;
the encryption base sequence and the decryption base sequence have the same structure of base bits and base, and comprise an information bit for safe transmission, a base information bit for information transmission, a negotiation bit for key negotiation, a transmission information base information bit for marking sending terminal group information and a noise bit;
the first processing includes: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
the negotiation bit of each encryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence;
the second processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
the negotiation bit of each decryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence;
the third processing includes: respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
2. The method for key agreement and information transmission integration based on Y-00 as claimed in claim 1, wherein the number of bits of the base in the encryption base sequence and the decryption base sequence is set to N, the information bit is set at the Nth bit, the base information bit is set at the 2 nd to m-1 th bits, the transmission information base information bit is set at the 1 st bit and the m +1 th to N-1 th bits, the agreement bit is set at the m th bit, and the noise bit is set at the 0 th bit.
3. The method for integrating key agreement and information transmission based on Y-00 as claimed in claim 2, wherein N is set to 10 and m is set to 7.
4. The method for integrating key agreement and information transmission based on Y-00 as claimed in claim 1,
the comparison judgment condition is
Figure FDA0003026258670000021
T±Mean ± α × variance, wherein mean is a mean value; variance is variance; f (lambda) is the decision result, Q (lambda) is the bit error rate sequence, alpha, T+And T-Are all constants.
5. An apparatus for integrating key agreement and information transmission based on Y-00, comprising:
the first communication terminal pseudo-random number generation module is used for generating a negotiation information sequence and an encryption base sequence;
the first communication end Y-00 encryption module is used for performing first processing on the negotiation information sequence and the encryption base sequence to obtain an encryption negotiation information sequence and sending the encryption negotiation information sequence; or the third processing is carried out on the information sequence to be transmitted and the encryption base sequence, and the information subjected to the third processing is sent;
the second communication terminal receiving processing module is used for receiving the encryption negotiation information sequence and generating a decryption base sequence and a key sequence;
the second communication terminal Y-00 decryption module is used for respectively carrying out XOR on negotiation bits of the decryption base sequence and negotiation bits of the corresponding encryption negotiation information sequence one by one to obtain a decryption negotiation information sequence; or the third processing module is used for receiving the information subjected to the third processing, and respectively performing exclusive or on the information bits of the information sequence subjected to the third processing and the information bits of the corresponding decryption base sequence one by one to obtain an information sequence to be transmitted;
the second communication end Y-00 encryption module is used for sequentially carrying out one-to-one exclusive OR on each bit in the key sequence and each bit in the decryption negotiation information sequence, carrying out second processing on the obtained sequence and the decryption base sequence to obtain a key negotiation information sequence and sending the key negotiation information sequence;
the first communication terminal receiving processing module is used for receiving the key negotiation information sequence, decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence, and comparing and judging the receiving negotiation sequence and the negotiation information sequence to obtain a key;
the encryption base sequence and the decryption base sequence have the same structure of base bits and base, and comprise an information bit for safe transmission, a base information bit for information transmission, a negotiation bit for key negotiation, a transmission information base information bit for marking sending terminal group information and a noise bit;
the first processing includes: respectively carrying out one-to-one exclusive OR on each bit of the negotiation information sequence and a preset bit in a corresponding encryption base sequence;
the negotiation bit of each encryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each encryption base sequence;
the second processing includes:
respectively carrying out one-to-one exclusive OR on each bit of the obtained sequence and a preset bit in the corresponding decryption base sequence; and
the negotiation bit of each decryption base sequence is updated to a corresponding exclusive OR result according to the corresponding exclusive OR result corresponding to the negotiation bit of each decryption base sequence;
the third processing includes: respectively carrying out one-to-one exclusive OR on each bit of the information sequence to be transmitted and a preset bit in a corresponding encryption base sequence; and
and updating the information bits of each encryption base sequence into corresponding XOR results according to the corresponding XOR results corresponding to the negotiation bits of each encryption base sequence.
6. The integrated Y-00-based key agreement and information transmission device according to claim 5, wherein the first communication end receiving and processing module comprises:
the first communication terminal receiving module is used for receiving the key negotiation information sequence;
the first communication end Y-00 decryption module is used for decrypting the key negotiation information sequence through the encryption base sequence to obtain a receiving negotiation sequence;
the first communication end error code judgment analysis module is used for comparing and judging the received negotiation sequence and the negotiation information sequence; and
and the key generation module is used for obtaining a key according to the judgment result of the error code judgment analysis module of the first communication end and constructing a key pool.
7. The integrated device for key agreement and information transmission based on Y-00 as claimed in claim 5, wherein the second communication terminal receives the processing module, comprising:
the second communication terminal receiving module is used for receiving the encryption negotiation information sequence;
the second communication terminal pseudo-random number generation module is used for generating a decryption base sequence; and
and the second communication terminal key generation module is used for generating a key sequence and constructing a key pool.
CN202010090616.8A 2020-02-13 2020-02-13 Method and device for key agreement and information transmission integration based on Y-00 Active CN111314055B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010090616.8A CN111314055B (en) 2020-02-13 2020-02-13 Method and device for key agreement and information transmission integration based on Y-00

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010090616.8A CN111314055B (en) 2020-02-13 2020-02-13 Method and device for key agreement and information transmission integration based on Y-00

Publications (2)

Publication Number Publication Date
CN111314055A CN111314055A (en) 2020-06-19
CN111314055B true CN111314055B (en) 2021-10-15

Family

ID=71148360

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010090616.8A Active CN111314055B (en) 2020-02-13 2020-02-13 Method and device for key agreement and information transmission integration based on Y-00

Country Status (1)

Country Link
CN (1) CN111314055B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114665920A (en) * 2020-12-22 2022-06-24 广东国科量子通信网络有限公司 Frequency hopping communication method and system based on true random number

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10291318B2 (en) * 2017-04-27 2019-05-14 Nec Corporation Physical layer security in optical communications using Bessel modes
CN109412797B (en) * 2018-11-05 2020-09-25 北京捷安通科技有限公司 Key negotiation method and client based on bit error rate decision state base
CN110365474B (en) * 2019-06-19 2020-09-25 北京捷安通科技有限公司 Key agreement method and communication equipment

Also Published As

Publication number Publication date
CN111314055A (en) 2020-06-19

Similar Documents

Publication Publication Date Title
US5179591A (en) Method for algorithm independent cryptographic key management
CN107222307B (en) Controlled quantum secure direct communication method based on four-particle cluster state
US8284937B2 (en) Method for synchronization in encrypted communications using shared key
US7913085B2 (en) System and method of per-packet keying
JP4906732B2 (en) Data transmission device, data reception device, and data communication device
US7512794B2 (en) System and method for authentication
CN113904770B (en) Quantum noise stream encryption key updating method and device and storage medium
CN110365474A (en) Cryptographic key negotiation method and communication equipment
CN111082919B (en) Dynamic probability 16cap mapping encryption method
CN111314055B (en) Method and device for key agreement and information transmission integration based on Y-00
US6301361B1 (en) Encoding and decoding information using randomization with an alphabet of high dimensionality
JPWO2007043297A1 (en) Data transmitting apparatus and data receiving apparatus
CN116938321B (en) Satellite communication method based on anti-quantum access authentication of position key low orbit satellite
CN113795023A (en) Bluetooth data transmission encryption method based on chaotic sequence and block encryption
CN109495167B (en) Client and consistent key negotiation method based on bit error rate
US7912215B2 (en) Data transmission apparatus, data receiving apparatus and method executed thereof
Harun et al. Hybrid m-ary in braided single stage approach for multiphoton quantum secure direct communication protocol
CN112637442B (en) Method and device for encrypting circulating images by cloud server and local end
Yamamura et al. Error detection and authentication in quantum key distribution
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
JP2007241256A (en) Data transmission apparatus, data receiving apparatus and data communication method
CN110336667B (en) Communication physical layer encryption communication method and device based on pseudo-random sequence control
US7606367B2 (en) Quantum cryptography with fewer random numbers
JP2006295338A (en) Data transmission apparatus, data reception apparatus, and data communications apparatus
CN115696313B (en) Encryption communication method and system of unmanned mobile equipment based on channel detection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant