CN111786787B - Quantum key distribution post-processing method and system based on verifiable secret sharing - Google Patents
Quantum key distribution post-processing method and system based on verifiable secret sharing Download PDFInfo
- Publication number
- CN111786787B CN111786787B CN202010744955.3A CN202010744955A CN111786787B CN 111786787 B CN111786787 B CN 111786787B CN 202010744955 A CN202010744955 A CN 202010744955A CN 111786787 B CN111786787 B CN 111786787B
- Authority
- CN
- China
- Prior art keywords
- key
- post
- sender
- receiver
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a quantum key distribution post-processing method based on verifiable secret sharing, which comprises that quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by utilizing a verifiable secret sharing algorithm; all post-processing units of the sender and the receiver respectively screen the original key shares to obtain screened key shares; the sender and the receiver recover partial keys and carry out error code estimation; all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares and complete whole key error correction; all post-processing units of the sender and the receiver finish error correction of the whole key and error check of the whole key; the sender and the receiver perform privacy enhancement and generate an absolute security key. The invention also discloses a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing. The method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Description
Technical Field
The invention belongs to the technical field of quantum information security, and particularly relates to a quantum key distribution post-processing method and a quantum key distribution post-processing system based on verifiable secret sharing.
Background
In recent years, quantum communication technology has become a popular research object in the field of communication, and Quantum Key Distribution (QKD) technology has been developed very rapidly, and is now in the practical stage in China. In theory, quantum key distribution techniques enable unconditional secure communications. However, in practice, the security of quantum key distribution technology in implementation is still seriously threatened by quantum hackers due to imperfect QKD devices and the like. The best solution to these problems at present is device independent quantum key distribution DI-QKD: it allows legitimate users of the system (commonly referred to as Alice and Bob) to treat the quantum device as a black box; this can solve the security problem caused by the quantum device defects. Although DI-QKD is also at a theoretical stage, recent ring-hole clockless test demonstrations may make DI-QKD closer to experimental implementation.
While the security of DI-QKD is not a trivial issue, all QKD protocols currently suffer from a key drawback: they all default to the post-processing unit in the system being trusted. But in view of the many hardware and software trojan attacks that occur in conventional cryptographic systems, this suboptimal trust is not reasonable and it is difficult in practice to ensure that devices purchased from various device vendors of QKD systems are completely secure.
Disclosure of Invention
One of the purposes of the invention is to provide a quantum key distribution post-processing method based on verifiable secret sharing, which can ensure the safety and reliability of a quantum key distribution post-processing system.
The invention also aims to provide a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing.
The invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
The quantum key distribution units of the sender and the receiver in step S1 distribute the shares of the protocol information and the original key by using the verifiable secret sharing algorithm, specifically, distribute the shares of the protocol information and the original key by using the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. Quantum key distribution module Q of senderKDa adopts a distribution algorithm in verifiable secret sharing algorithm to distribute an original secret key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib。
All the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1, so as to obtain screened key shares, specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbTo receiveOf the original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est。
The sending party and the receiving party stated in step S3 adopt a verifiable secret sharing algorithm to recover part of the secret key, and perform error code estimation, specifically adopt the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain a secret key K for error code estimationa,est;
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error code estimationbi,estRecovering to obtain a secret key K for error code estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
In step S4, all post-processing units of the sender and the receiver respectively perform error correction on the key shares, and complete error correction of the whole key by using the verifiable secret sharing algorithm, specifically, perform error correction by using the following steps:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) obtaining partial K 'for key generation of the corrected sender after the completion of error correction between all pairs of post-processing units'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key。
Step S5, all post-processing units of the sender and the receiver complete error checking of the whole key by using a verifiable secret sharing algorithm, specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key;
If not, the protocol is directly terminated.
The sender and the receiver in step S6 perform privacy enhancement, and generate an absolute security key by using a verifiable secret sharing algorithm, specifically, generate an absolute security key by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
The verifiable secret sharing algorithm specifically comprises a distribution algorithm, an updating verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a k-1 degree polynomial h (x), wherein h (0) is 0, so as to obtain a polynomial f in a t-1 time periodt-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S communicateOver-verification, then set the k participants' shares (x)i,f(xi) A unique polynomial f (x) is derived by lagrange interpolation, and then the value of f (x) at zero is calculated to recover the secret s.
The invention also provides a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing, which comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
The quantum key distribution post-processing method and the system thereof based on verifiable secret sharing introduce redundant multiple post-processing units into a QKD system based on verifiable secret sharing, fill up the security vulnerability of the over-trusted post-processing units in the current QKD protocol, and realize the communication security of the post-processing process in the QKD system under the environment with malicious post-processing units, thereby ensuring the security of the QKD system; meanwhile, the traditional verifiable secret sharing scheme is improved, so that security holes caused by long-term capture of key information by a malicious post-processing unit in the QKD system are prevented, and each protocol participant periodically updates own share under the condition of not changing a system key; therefore, the method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
FIG. 2 is a functional block diagram of the system of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted to distribute the share of the protocol information and the original key:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter dividing into n parts, distributing to several post-processing units CPa of sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib;
S2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained; specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est;
S3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation; specifically, the following steps are adopted for recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est;
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error code estimationbi,estRecovering to obtain the secret key K for error code estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each timeA post-processing unit pair CPai-CPbiCarrying out error code estimation; and once the estimated value exceeds a set threshold, the protocol is directly terminated;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm; specifically, the following steps are adopted for error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key;
S5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if so, it is ensured that the probability ε is removed except for a minimumcorK 'outside'a,key=K'b,keyError checking is passed;
if not, directly terminating the protocol;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
i, the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain the minimum probability epsilonsecOuter K ″)a,key=K″b,keyThe absolute security key of (2).
In the above process, the verifiable secret sharing algorithm specifically includes a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliConcurrent computation and broadcast of commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
FIG. 2 is a functional block diagram of the system of the present invention: the system for realizing the quantum key distribution post-processing method based on verifiable secret sharing comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnUsed for screening the original key share to obtain the screened key share, recovering part of the key by adopting a verifiable secret sharing algorithm and carrying out error code estimation,Error correction of the overall key is accomplished using the verifiable secret sharing algorithm, error checking of the overall key is accomplished using the verifiable secret sharing algorithm, privacy enhancement is performed, and an absolute security key is generated using the verifiable secret sharing algorithm.
Claims (7)
1. A quantum key distribution post-processing method based on verifiable secret sharing comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction on the key shares, and the verifiable secret sharing algorithm is used for completing error correction of the whole key;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2Calculated to obtain K "ai,key=h2(K’ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri;
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2Calculated to obtain K "bi,key=h2(K’bi,key);
IV, recovering the secret key by adopting a recovery algorithm capable of verifying the secret sharing algorithm, thereby obtaining K'a,key=K”b,keyThe absolute security key of (1);
verifiable secret sharing algorithms include in particular a distribution algorithm, an update verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0Secrets to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t -1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time periodSimultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
2. The quantum key distribution post-processing method based on verifiable secret sharing according to claim 1, wherein the quantum key distribution units of the sender and the receiver in step S1 utilize verifiable secret sharing algorithm to distribute the share of the original key and the protocol information, specifically adopting the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia;
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia;
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib;
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib。
3. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 2, wherein all the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1 to obtain the screened key shares, specifically adopting the following steps:
a sender: for each post-processing unit CPaiUsing protocol information IaTo the receivedOriginal key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est;
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est。
4. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 3, wherein said sender and receiver of step S3 adopt verifiable secret sharing algorithm to recover partial key and perform error code estimation, specifically adopting the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est;
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est;
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
5. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 4, wherein all post-processing units of the sender and the receiver respectively perform error correction processing on the key shares in step S4, and complete the error correction of the whole key by using the verifiable secret sharing algorithm, specifically adopting the following steps to perform error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key。
6. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 5, wherein all post-processing units of the sender and the receiver utilize verifiable secret sharing algorithm to complete error check of the whole key in step S5, specifically adopting the following steps to perform error check:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length ofHash value h ofai=h1(K’ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) asHash value h ofbi=h1(K’bi,key);
3) As long as k non-malicious post-processing unit pairs exist, the sender recovers a complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb;
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K’b,key;
If not, the protocol is directly terminated.
7. A system for realizing the quantum key distribution post-processing method based on verifiable secret sharing of one of claims 1 to 6, which is characterized by comprising a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010744955.3A CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010744955.3A CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111786787A CN111786787A (en) | 2020-10-16 |
CN111786787B true CN111786787B (en) | 2022-07-01 |
Family
ID=72765460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010744955.3A Active CN111786787B (en) | 2020-07-29 | 2020-07-29 | Quantum key distribution post-processing method and system based on verifiable secret sharing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111786787B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113254410B (en) * | 2021-05-29 | 2024-02-02 | 陕西师范大学 | Publicly verifiable multi-level multi-secret sharing method and system capable of proving safety |
JP2023157174A (en) * | 2022-04-14 | 2023-10-26 | 株式会社東芝 | Cryptographic communication system, cryptographic communication device, and cryptographic communication method |
JP2023157175A (en) * | 2022-04-14 | 2023-10-26 | 株式会社東芝 | User base device, cryptographic communication system, and cryptographic communication method |
CN115208554B (en) * | 2022-09-13 | 2022-12-13 | 三未信安科技股份有限公司 | Management method and system for key self-checking, self-correcting and self-recovering |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101314210B1 (en) * | 2009-11-24 | 2013-10-02 | 한국전자통신연구원 | A method of User-authenticated Quantum Key Distribution |
CN110798312A (en) * | 2019-10-28 | 2020-02-14 | 中南大学 | Secret negotiation method of continuous variable quantum key distribution system |
-
2020
- 2020-07-29 CN CN202010744955.3A patent/CN111786787B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111786787A (en) | 2020-10-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111786787B (en) | Quantum key distribution post-processing method and system based on verifiable secret sharing | |
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
CN112970236B (en) | Collaborative risk awareness authentication | |
CN113194469B (en) | 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain | |
CN106104562B (en) | System and method for securely storing and recovering confidential data | |
KR100519770B1 (en) | Method and apparatus for distributed certificate management for Ad-hoc networks | |
Eldefrawy et al. | OTP-based two-factor authentication using mobile phones | |
US7360087B2 (en) | Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers | |
CN109905247B (en) | Block chain based digital signature method, device, equipment and storage medium | |
CN114730420A (en) | System and method for generating signatures | |
US8422670B2 (en) | Password authentication method | |
CN110971411B (en) | SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology | |
CN112787796B (en) | Aggregation method and device for detecting false data injection in edge calculation | |
CN111931249B (en) | Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism | |
CN113727296B (en) | Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment | |
CN102263787B (en) | Dynamic distributed certification authority (CA) configuration method | |
CN113055882B (en) | Efficient authentication method and device for unmanned aerial vehicle network, computer equipment and storage medium | |
CN110945831A (en) | Generation of anti-Sybil attack identities | |
Fatahi et al. | High-efficient arbitrated quantum signature scheme based on cluster states | |
CN110851859A (en) | Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof | |
CN110557367A (en) | Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography | |
CN115865520B (en) | Authentication and access control method with privacy protection in mobile cloud service environment | |
CN110737907B (en) | Anti-quantum computing cloud storage method and system based on alliance chain | |
CN110740034A (en) | Method and system for generating QKD network authentication key based on alliance chain | |
CN109522689B (en) | Multi-factor body-building authentication method in mobile office environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |