CN111786787A - Quantum key distribution post-processing method and system based on verifiable secret sharing - Google Patents

Quantum key distribution post-processing method and system based on verifiable secret sharing Download PDF

Info

Publication number
CN111786787A
CN111786787A CN202010744955.3A CN202010744955A CN111786787A CN 111786787 A CN111786787 A CN 111786787A CN 202010744955 A CN202010744955 A CN 202010744955A CN 111786787 A CN111786787 A CN 111786787A
Authority
CN
China
Prior art keywords
key
post
sender
algorithm
secret sharing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010744955.3A
Other languages
Chinese (zh)
Other versions
CN111786787B (en
Inventor
黄端
罗盾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN202010744955.3A priority Critical patent/CN111786787B/en
Publication of CN111786787A publication Critical patent/CN111786787A/en
Application granted granted Critical
Publication of CN111786787B publication Critical patent/CN111786787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

The invention discloses a quantum key distribution post-processing method based on verifiable secret sharing, which comprises that quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by utilizing a verifiable secret sharing algorithm; all post-processing units of the sender and the receiver respectively screen the original key shares to obtain screened key shares; the sender and the receiver recover partial keys and carry out error code estimation; all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares and complete whole key error correction; all post-processing units of the sender and the receiver finish error correction of the whole key and error check of the whole key; the sender and the receiver perform privacy enhancement and generate an absolute security key. The invention also discloses a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing. The method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.

Description

Quantum key distribution post-processing method and system based on verifiable secret sharing
Technical Field
The invention belongs to the technical field of quantum information security, and particularly relates to a quantum key distribution post-processing method and a quantum key distribution post-processing system based on verifiable secret sharing.
Background
In recent years, quantum communication technology has become a popular research object in the field of communication, and Quantum Key Distribution (QKD) technology has been developed very rapidly, and is now in the practical stage in China. In theory, quantum key distribution techniques enable unconditional secure communications. However, in practice, the security of quantum key distribution technology in implementation is still seriously threatened by quantum hackers due to imperfect QKD devices and the like. The best solution to these problems at present is device independent quantum key distribution DI-QKD: it allows legitimate users of the system (commonly referred to as Alice and Bob) to treat the quantum device as a black box; this can solve the security problem caused by the quantum device defects. Although DI-QKD is also at a theoretical stage, recent ring-hole clockless test demonstrations may make DI-QKD closer to experimental implementation.
While the security of DI-QKD is not a trivial issue, all QKD protocols currently suffer from a key drawback: they all default to the post-processing unit in the system being trusted. But in view of the many hardware and software trojan attacks that occur in conventional cryptographic systems, this suboptimal trust is not reasonable and it is difficult in practice to ensure that devices purchased from various device vendors of QKD systems are completely secure.
Disclosure of Invention
One of the purposes of the invention is to provide a quantum key distribution post-processing method based on verifiable secret sharing, which can ensure the safety and reliability of a quantum key distribution post-processing system.
The invention also aims to provide a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing.
The invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
The quantum key distribution units of the sender and the receiver described in step S1 distribute the share of the protocol information and the original key by using the verifiable secret sharing algorithm, specifically, distribute the share of the protocol information and the original key by using the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnGo to and froVerifying by an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
All the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1, so as to obtain screened key shares, specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
The sending party and the receiving party stated in step S3 adopt a verifiable secret sharing algorithm to recover part of the secret key, and perform error code estimation, specifically adopt the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estIs recovered to obtainTo a key K for error estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
In step S4, all post-processing units of the sender and the receiver respectively perform error correction on the key shares, and complete error correction of the whole key by using the verifiable secret sharing algorithm, specifically, perform error correction by using the following steps:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
Step S5, all post-processing units of the sender and the receiver complete error checking of the whole key by using a verifiable secret sharing algorithm, specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure BDA0002608041010000051
Hash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure BDA0002608041010000052
Hash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key
If not, the protocol is directly terminated.
The sender and the receiver stated in step S6 perform privacy enhancement, and generate an absolute security key by using a verifiable secret sharing algorithm, specifically, generate an absolute security key by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
The verifiable secret sharing algorithm specifically comprises a distribution algorithm, an updating verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Figure BDA0002608041010000061
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure BDA0002608041010000062
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure BDA0002608041010000063
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure BDA0002608041010000071
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
The invention also provides a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing, which comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnFor screening the original key shares to obtain screened key shares, recovering part of the key using verifiable secret sharing algorithm and proceedingEstimating line error code, finishing error correction of the whole secret key by using a verifiable secret sharing algorithm, finishing error check of the whole secret key by using the verifiable secret sharing algorithm, performing confidentiality enhancement and generating an absolute security key by using the verifiable secret sharing algorithm.
The quantum key distribution post-processing method and the system thereof based on verifiable secret sharing, provided by the invention, have the advantages that based on verifiable secret sharing, redundant multiple post-processing units are introduced into the QKD system, the security vulnerability of the post-processing units which are excessively trusted in the existing QKD protocol is filled, and the communication security of the post-processing process in the QKD system is realized under the environment of the malicious post-processing units, so that the security of the QKD system is ensured; meanwhile, the traditional verifiable secret sharing scheme is improved, so that the security vulnerability caused by long-term capture of key information by a malicious post-processing unit in the QKD system is prevented, and each protocol participant periodically updates own share under the condition of not changing a system key; therefore, the method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
FIG. 2 is a functional block diagram of the system of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted to distribute the share of the protocol information and the original key:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the sourceStarting key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
S2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained; specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening to obtain the original densityAnd dividing the screened original key share into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
S3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation; specifically, the following steps are adopted for recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and once the estimated value exceeds a set threshold, the protocol is directly terminated;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm; specifically, the following steps are adopted for error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
S5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure BDA0002608041010000101
Hash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure BDA0002608041010000102
Hash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if so, the probability of excepting the minimum can be guaranteedcorK 'outside'a,key=K'b,keyError checking is passed;
if not, directly terminating the protocol;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
sender ISelecting a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain the minimum removal probabilitysecOuter K ″)a,key=K″b,keyThe absolute security key of (2).
In the above process, the verifiable secret sharing algorithm specifically includes a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siBy securityChannel delivery to participant piSimultaneously computing and broadcasting commitments
Figure BDA0002608041010000121
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure BDA0002608041010000122
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure BDA0002608041010000123
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure BDA0002608041010000131
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
FIG. 2 is a functional block diagram of the system of the present invention: the system for realizing the quantum key distribution post-processing method based on verifiable secret sharing comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.

Claims (9)

1. A quantum key distribution post-processing method based on verifiable secret sharing comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
2. The quantum key distribution post-processing method based on verifiable secret sharing according to claim 1, wherein the quantum key distribution units of the sender and the receiver in step S1 utilize verifiable secret sharing algorithm to distribute the share of the original key and the protocol information, specifically adopting the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after passing the verification, the receiverSeveral post-processing units CPb1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
3. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 2, wherein all the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1 to obtain the screened key shares, specifically adopting the following steps:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
4. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 3, wherein said sender and receiver of step S3 adopt verifiable secret sharing algorithm to recover partial key and perform error code estimation, specifically adopting the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est
b. Receiving partyFor each post-processing unit CPb, using a recovery algorithm in a verifiable secret sharing algorithmiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
5. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 4, wherein all post-processing units of the sender and the receiver respectively perform error correction processing on the key shares in step S4, and complete the error correction of the whole key by using the verifiable secret sharing algorithm, specifically adopting the following steps to perform error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
6. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 5, wherein all post-processing units of the sender and the receiver utilize verifiable secret sharing algorithm to complete error check of the whole key in step S5, specifically adopting the following steps to perform error check:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure FDA0002608039000000041
Hash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure FDA0002608039000000042
Hash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key
If not, the protocol is directly terminated.
7. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 6, wherein the sending party and the receiving party perform privacy enhancement and generate the absolute security key by using verifiable secret sharing algorithm in step S6, specifically by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
8. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 7, wherein the verifiable secret sharing algorithm specifically comprises a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Figure FDA0002608039000000051
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t -1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure FDA0002608039000000052
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure FDA0002608039000000061
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure FDA0002608039000000062
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) Deriving a unique polynomial f (x) by Lagrangian interpolation, and then calculating f (x) atThe value of zero, thereby recovering the secret s.
9. A system for realizing the quantum key distribution post-processing method based on verifiable secret sharing of one of claims 1 to 8, which is characterized by comprising a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
CN202010744955.3A 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing Active CN111786787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010744955.3A CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010744955.3A CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Publications (2)

Publication Number Publication Date
CN111786787A true CN111786787A (en) 2020-10-16
CN111786787B CN111786787B (en) 2022-07-01

Family

ID=72765460

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010744955.3A Active CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Country Status (1)

Country Link
CN (1) CN111786787B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN115208554A (en) * 2022-09-13 2022-10-18 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering
EP4262139A1 (en) * 2022-04-14 2023-10-18 Kabushiki Kaisha Toshiba User base device, cryptographic communication system, and cryptographic communication method
EP4280532A1 (en) * 2022-04-14 2023-11-22 Kabushiki Kaisha Toshiba Encryption communication system, encryption communication apparatus, and encryption communication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110126011A1 (en) * 2009-11-24 2011-05-26 Electronics And Telecommunications Research Institute Method of user-authenticated quantum key distribution
CN110798312A (en) * 2019-10-28 2020-02-14 中南大学 Secret negotiation method of continuous variable quantum key distribution system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110126011A1 (en) * 2009-11-24 2011-05-26 Electronics And Telecommunications Research Institute Method of user-authenticated quantum key distribution
CN110798312A (en) * 2019-10-28 2020-02-14 中南大学 Secret negotiation method of continuous variable quantum key distribution system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李默等: "量子密钥分配后处理概述", 《密码学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254410A (en) * 2021-05-29 2021-08-13 陕西师范大学 Provable and safe public verification multi-level multi-secret sharing method and system
CN113254410B (en) * 2021-05-29 2024-02-02 陕西师范大学 Publicly verifiable multi-level multi-secret sharing method and system capable of proving safety
EP4262139A1 (en) * 2022-04-14 2023-10-18 Kabushiki Kaisha Toshiba User base device, cryptographic communication system, and cryptographic communication method
EP4280532A1 (en) * 2022-04-14 2023-11-22 Kabushiki Kaisha Toshiba Encryption communication system, encryption communication apparatus, and encryption communication method
CN115208554A (en) * 2022-09-13 2022-10-18 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering

Also Published As

Publication number Publication date
CN111786787B (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN111786787B (en) Quantum key distribution post-processing method and system based on verifiable secret sharing
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
CN108111301B (en) Method and system for realizing SSH protocol based on post-quantum key exchange
CN112970236B (en) Collaborative risk awareness authentication
CN106104562B (en) System and method for securely storing and recovering confidential data
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN109905247B (en) Block chain based digital signature method, device, equipment and storage medium
Eldefrawy et al. OTP-based two-factor authentication using mobile phones
US7360087B2 (en) Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
KR100519770B1 (en) Method and apparatus for distributed certificate management for Ad-hoc networks
CN106789047A (en) A kind of block chain identification system
US8422670B2 (en) Password authentication method
CN113727296B (en) Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment
CN102263787B (en) Dynamic distributed certification authority (CA) configuration method
CN110945831A (en) Generation of anti-Sybil attack identities
CN110830244A (en) Anti-quantum computing vehicle networking method and system based on identity secret sharing and alliance chain
CN112787796A (en) Aggregation method and device for detecting virtual dummy data injection in edge calculation
CN111565169A (en) Cloud edge authentication method under mobile edge computing architecture
CN110971411A (en) SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
CN110719172B (en) Signature method, signature system and related equipment in block chain system
CN111931249A (en) Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111416712B (en) Quantum secret communication identity authentication system and method based on multiple mobile devices
CN110557367B (en) Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography
CN110851859A (en) Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof
Guo et al. A novel RLWE-based anonymous mutual authentication protocol for space information network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant