CN111786787A - Quantum key distribution post-processing method and system based on verifiable secret sharing - Google Patents
Quantum key distribution post-processing method and system based on verifiable secret sharing Download PDFInfo
- Publication number
- CN111786787A CN111786787A CN202010744955.3A CN202010744955A CN111786787A CN 111786787 A CN111786787 A CN 111786787A CN 202010744955 A CN202010744955 A CN 202010744955A CN 111786787 A CN111786787 A CN 111786787A
- Authority
- CN
- China
- Prior art keywords
- key
- post
- sender
- algorithm
- secret sharing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Abstract
The invention discloses a quantum key distribution post-processing method based on verifiable secret sharing, which comprises that quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by utilizing a verifiable secret sharing algorithm; all post-processing units of the sender and the receiver respectively screen the original key shares to obtain screened key shares; the sender and the receiver recover partial keys and carry out error code estimation; all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares and complete whole key error correction; all post-processing units of the sender and the receiver finish error correction of the whole key and error check of the whole key; the sender and the receiver perform privacy enhancement and generate an absolute security key. The invention also discloses a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing. The method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Description
Technical Field
The invention belongs to the technical field of quantum information security, and particularly relates to a quantum key distribution post-processing method and a quantum key distribution post-processing system based on verifiable secret sharing.
Background
In recent years, quantum communication technology has become a popular research object in the field of communication, and Quantum Key Distribution (QKD) technology has been developed very rapidly, and is now in the practical stage in China. In theory, quantum key distribution techniques enable unconditional secure communications. However, in practice, the security of quantum key distribution technology in implementation is still seriously threatened by quantum hackers due to imperfect QKD devices and the like. The best solution to these problems at present is device independent quantum key distribution DI-QKD: it allows legitimate users of the system (commonly referred to as Alice and Bob) to treat the quantum device as a black box; this can solve the security problem caused by the quantum device defects. Although DI-QKD is also at a theoretical stage, recent ring-hole clockless test demonstrations may make DI-QKD closer to experimental implementation.
While the security of DI-QKD is not a trivial issue, all QKD protocols currently suffer from a key drawback: they all default to the post-processing unit in the system being trusted. But in view of the many hardware and software trojan attacks that occur in conventional cryptographic systems, this suboptimal trust is not reasonable and it is difficult in practice to ensure that devices purchased from various device vendors of QKD systems are completely secure.
Disclosure of Invention
One of the purposes of the invention is to provide a quantum key distribution post-processing method based on verifiable secret sharing, which can ensure the safety and reliability of a quantum key distribution post-processing system.
The invention also aims to provide a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing.
The invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
The quantum key distribution units of the sender and the receiver described in step S1 distribute the share of the protocol information and the original key by using the verifiable secret sharing algorithm, specifically, distribute the share of the protocol information and the original key by using the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnGo to and froVerifying by an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib。
All the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1, so as to obtain screened key shares, specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est。
The sending party and the receiving party stated in step S3 adopt a verifiable secret sharing algorithm to recover part of the secret key, and perform error code estimation, specifically adopt the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est;
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estIs recovered to obtainTo a key K for error estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
In step S4, all post-processing units of the sender and the receiver respectively perform error correction on the key shares, and complete error correction of the whole key by using the verifiable secret sharing algorithm, specifically, perform error correction by using the following steps:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key。
Step S5, all post-processing units of the sender and the receiver complete error checking of the whole key by using a verifiable secret sharing algorithm, specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key;
If not, the protocol is directly terminated.
The sender and the receiver stated in step S6 perform privacy enhancement, and generate an absolute security key by using a verifiable secret sharing algorithm, specifically, generate an absolute security key by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
The verifiable secret sharing algorithm specifically comprises a distribution algorithm, an updating verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
The invention also provides a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing, which comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnFor screening the original key shares to obtain screened key shares, recovering part of the key using verifiable secret sharing algorithm and proceedingEstimating line error code, finishing error correction of the whole secret key by using a verifiable secret sharing algorithm, finishing error check of the whole secret key by using the verifiable secret sharing algorithm, performing confidentiality enhancement and generating an absolute security key by using the verifiable secret sharing algorithm.
The quantum key distribution post-processing method and the system thereof based on verifiable secret sharing, provided by the invention, have the advantages that based on verifiable secret sharing, redundant multiple post-processing units are introduced into the QKD system, the security vulnerability of the post-processing units which are excessively trusted in the existing QKD protocol is filled, and the communication security of the post-processing process in the QKD system is realized under the environment of the malicious post-processing units, so that the security of the QKD system is ensured; meanwhile, the traditional verifiable secret sharing scheme is improved, so that the security vulnerability caused by long-term capture of key information by a malicious post-processing unit in the QKD system is prevented, and each protocol participant periodically updates own share under the condition of not changing a system key; therefore, the method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
FIG. 2 is a functional block diagram of the system of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted to distribute the share of the protocol information and the original key:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the sourceStarting key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib;
S2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained; specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening to obtain the original densityAnd dividing the screened original key share into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est;
S3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation; specifically, the following steps are adopted for recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est;
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and once the estimated value exceeds a set threshold, the protocol is directly terminated;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm; specifically, the following steps are adopted for error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key;
S5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if so, the probability of excepting the minimum can be guaranteedcorK 'outside'a,key=K'b,keyError checking is passed;
if not, directly terminating the protocol;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
sender ISelecting a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain the minimum removal probabilitysecOuter K ″)a,key=K″b,keyThe absolute security key of (2).
In the above process, the verifiable secret sharing algorithm specifically includes a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siBy securityChannel delivery to participant piSimultaneously computing and broadcasting commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
FIG. 2 is a functional block diagram of the system of the present invention: the system for realizing the quantum key distribution post-processing method based on verifiable secret sharing comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
Claims (9)
1. A quantum key distribution post-processing method based on verifiable secret sharing comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
2. The quantum key distribution post-processing method based on verifiable secret sharing according to claim 1, wherein the quantum key distribution units of the sender and the receiver in step S1 utilize verifiable secret sharing algorithm to distribute the share of the original key and the protocol information, specifically adopting the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after passing the verification, the receiverSeveral post-processing units CPb1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib。
3. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 2, wherein all the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1 to obtain the screened key shares, specifically adopting the following steps:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est。
4. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 3, wherein said sender and receiver of step S3 adopt verifiable secret sharing algorithm to recover partial key and perform error code estimation, specifically adopting the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est;
b. Receiving partyFor each post-processing unit CPb, using a recovery algorithm in a verifiable secret sharing algorithmiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
5. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 4, wherein all post-processing units of the sender and the receiver respectively perform error correction processing on the key shares in step S4, and complete the error correction of the whole key by using the verifiable secret sharing algorithm, specifically adopting the following steps to perform error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key。
6. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 5, wherein all post-processing units of the sender and the receiver utilize verifiable secret sharing algorithm to complete error check of the whole key in step S5, specifically adopting the following steps to perform error check:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key;
If not, the protocol is directly terminated.
7. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 6, wherein the sending party and the receiving party perform privacy enhancement and generate the absolute security key by using verifiable secret sharing algorithm in step S6, specifically by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
8. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 7, wherein the verifiable secret sharing algorithm specifically comprises a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t -1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) Deriving a unique polynomial f (x) by Lagrangian interpolation, and then calculating f (x) atThe value of zero, thereby recovering the secret s.
9. A system for realizing the quantum key distribution post-processing method based on verifiable secret sharing of one of claims 1 to 8, which is characterized by comprising a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010744955.3A CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010744955.3A CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111786787A true CN111786787A (en) | 2020-10-16 |
CN111786787B CN111786787B (en) | 2022-07-01 |
Family
ID=72765460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010744955.3A Active CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111786787B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254410A (en) * | 2021-05-29 | 2021-08-13 | 陕西师范大学 | Provable and safe public verification multi-level multi-secret sharing method and system |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
EP4262139A1 (en) * | 2022-04-14 | 2023-10-18 | Kabushiki Kaisha Toshiba | User base device, cryptographic communication system, and cryptographic communication method |
EP4280532A1 (en) * | 2022-04-14 | 2023-11-22 | Kabushiki Kaisha Toshiba | Encryption communication system, encryption communication apparatus, and encryption communication method |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110126011A1 (en) * | 2009-11-24 | 2011-05-26 | Electronics And Telecommunications Research Institute | Method of user-authenticated quantum key distribution |
CN110798312A (en) * | 2019-10-28 | 2020-02-14 | 中南大学 | Secret negotiation method of continuous variable quantum key distribution system |
-
2020
- 2020-07-29 CN CN202010744955.3A patent/CN111786787B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110126011A1 (en) * | 2009-11-24 | 2011-05-26 | Electronics And Telecommunications Research Institute | Method of user-authenticated quantum key distribution |
CN110798312A (en) * | 2019-10-28 | 2020-02-14 | 中南大学 | Secret negotiation method of continuous variable quantum key distribution system |
Non-Patent Citations (1)
Title |
---|
李默等: "量子密钥分配后处理概述", 《密码学报》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254410A (en) * | 2021-05-29 | 2021-08-13 | 陕西师范大学 | Provable and safe public verification multi-level multi-secret sharing method and system |
CN113254410B (en) * | 2021-05-29 | 2024-02-02 | 陕西师范大学 | Publicly verifiable multi-level multi-secret sharing method and system capable of proving safety |
EP4262139A1 (en) * | 2022-04-14 | 2023-10-18 | Kabushiki Kaisha Toshiba | User base device, cryptographic communication system, and cryptographic communication method |
EP4280532A1 (en) * | 2022-04-14 | 2023-11-22 | Kabushiki Kaisha Toshiba | Encryption communication system, encryption communication apparatus, and encryption communication method |
CN115208554A (en) * | 2022-09-13 | 2022-10-18 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
Also Published As
Publication number | Publication date |
---|---|
CN111786787B (en) | 2022-07-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111786787B (en) | Quantum key distribution post-processing method and system based on verifiable secret sharing | |
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
CN108111301B (en) | Method and system for realizing SSH protocol based on post-quantum key exchange | |
CN112970236B (en) | Collaborative risk awareness authentication | |
CN106104562B (en) | System and method for securely storing and recovering confidential data | |
CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
CN109905247B (en) | Block chain based digital signature method, device, equipment and storage medium | |
Eldefrawy et al. | OTP-based two-factor authentication using mobile phones | |
US7360087B2 (en) | Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers | |
KR100519770B1 (en) | Method and apparatus for distributed certificate management for Ad-hoc networks | |
CN106789047A (en) | A kind of block chain identification system | |
US8422670B2 (en) | Password authentication method | |
CN113727296B (en) | Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment | |
CN102263787B (en) | Dynamic distributed certification authority (CA) configuration method | |
CN110945831A (en) | Generation of anti-Sybil attack identities | |
CN110830244A (en) | Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain | |
CN112787796A (en) | Aggregation method and device for detecting virtual dummy data injection in edge calculation | |
CN111565169A (en) | Cloud edge authentication method under mobile edge computing architecture | |
CN110971411A (en) | SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology | |
CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
CN111931249A (en) | Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN110557367B (en) | Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography | |
CN110851859A (en) | Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof | |
Guo et al. | A novel RLWE-based anonymous mutual authentication protocol for space information network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |