CN111786787B - Quantum key distribution post-processing method and system based on verifiable secret sharing - Google Patents

Quantum key distribution post-processing method and system based on verifiable secret sharing Download PDF

Info

Publication number
CN111786787B
CN111786787B CN202010744955.3A CN202010744955A CN111786787B CN 111786787 B CN111786787 B CN 111786787B CN 202010744955 A CN202010744955 A CN 202010744955A CN 111786787 B CN111786787 B CN 111786787B
Authority
CN
China
Prior art keywords
key
post
sender
receiver
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010744955.3A
Other languages
Chinese (zh)
Other versions
CN111786787A (en
Inventor
黄端
罗盾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Central South University
Original Assignee
Central South University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Central South University filed Critical Central South University
Priority to CN202010744955.3A priority Critical patent/CN111786787B/en
Publication of CN111786787A publication Critical patent/CN111786787A/en
Application granted granted Critical
Publication of CN111786787B publication Critical patent/CN111786787B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0858Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a quantum key distribution post-processing method based on verifiable secret sharing, which comprises that quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by utilizing a verifiable secret sharing algorithm; all post-processing units of the sender and the receiver respectively screen the original key shares to obtain screened key shares; the sender and the receiver recover partial keys and carry out error code estimation; all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares and complete whole key error correction; all post-processing units of the sender and the receiver finish error correction of the whole key and error check of the whole key; the sender and the receiver perform privacy enhancement and generate an absolute security key. The invention also discloses a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing. The method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.

Description

Quantum key distribution post-processing method and system based on verifiable secret sharing
Technical Field
The invention belongs to the technical field of quantum information security, and particularly relates to a quantum key distribution post-processing method and a quantum key distribution post-processing system based on verifiable secret sharing.
Background
In recent years, quantum communication technology has become a popular research object in the field of communication, and Quantum Key Distribution (QKD) technology has been developed very rapidly, and is now in the practical stage in China. In theory, quantum key distribution techniques enable unconditional secure communications. However, in practice, the security of quantum key distribution technology in implementation is still seriously threatened by quantum hackers due to imperfect QKD devices and the like. The best solution to these problems at present is device independent quantum key distribution DI-QKD: it allows legitimate users of the system (commonly referred to as Alice and Bob) to treat the quantum device as a black box; this can solve the security problem caused by the quantum device defects. Although DI-QKD is also at a theoretical stage, recent ring-hole clockless test demonstrations may make DI-QKD closer to experimental implementation.
While the security of DI-QKD is not a trivial issue, all QKD protocols currently suffer from a key drawback: they all default to the post-processing unit in the system being trusted. But in view of the many hardware and software trojan attacks that occur in conventional cryptographic systems, this suboptimal trust is not reasonable and it is difficult in practice to ensure that devices purchased from various device vendors of QKD systems are completely secure.
Disclosure of Invention
One of the purposes of the invention is to provide a quantum key distribution post-processing method based on verifiable secret sharing, which can ensure the safety and reliability of a quantum key distribution post-processing system.
The invention also aims to provide a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing.
The invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
and S6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm.
The quantum key distribution units of the sender and the receiver in step S1 distribute the shares of the protocol information and the original key by using the verifiable secret sharing algorithm, specifically, distribute the shares of the protocol information and the original key by using the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. Quantum key distribution module Q of senderKDa adopts a distribution algorithm in verifiable secret sharing algorithm to distribute an original secret key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
All the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1, so as to obtain screened key shares, specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbTo receiveOf the original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
The sending party and the receiving party stated in step S3 adopt a verifiable secret sharing algorithm to recover part of the secret key, and perform error code estimation, specifically adopt the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain a secret key K for error code estimationa,est
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error code estimationbi,estRecovering to obtain a secret key K for error code estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
In step S4, all post-processing units of the sender and the receiver respectively perform error correction on the key shares, and complete error correction of the whole key by using the verifiable secret sharing algorithm, specifically, perform error correction by using the following steps:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) obtaining partial K 'for key generation of the corrected sender after the completion of error correction between all pairs of post-processing units'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
Step S5, all post-processing units of the sender and the receiver complete error checking of the whole key by using a verifiable secret sharing algorithm, specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure BDA0002608041010000051
Hash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure BDA0002608041010000052
Hash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K'b,key
If not, the protocol is directly terminated.
The sender and the receiver in step S6 perform privacy enhancement, and generate an absolute security key by using a verifiable secret sharing algorithm, specifically, generate an absolute security key by using the following steps:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K' is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain K ″a,key=K″b,keyThe absolute security key of (2).
The verifiable secret sharing algorithm specifically comprises a distribution algorithm, an updating verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Figure BDA0002608041010000061
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a k-1 degree polynomial h (x), wherein h (0) is 0, so as to obtain a polynomial f in a t-1 time periodt-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure BDA0002608041010000062
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure BDA0002608041010000063
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure BDA0002608041010000071
when any k participants in S communicateOver-verification, then set the k participants' shares (x)i,f(xi) A unique polynomial f (x) is derived by lagrange interpolation, and then the value of f (x) at zero is calculated to recover the secret s.
The invention also provides a system for realizing the quantum key distribution post-processing method based on verifiable secret sharing, which comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
The quantum key distribution post-processing method and the system thereof based on verifiable secret sharing introduce redundant multiple post-processing units into a QKD system based on verifiable secret sharing, fill up the security vulnerability of the over-trusted post-processing units in the current QKD protocol, and realize the communication security of the post-processing process in the QKD system under the environment with malicious post-processing units, thereby ensuring the security of the QKD system; meanwhile, the traditional verifiable secret sharing scheme is improved, so that security holes caused by long-term capture of key information by a malicious post-processing unit in the QKD system are prevented, and each protocol participant periodically updates own share under the condition of not changing a system key; therefore, the method can ensure the safety and reliability of the quantum key distribution post-processing system and has good practicability.
Drawings
FIG. 1 is a schematic process flow diagram of the process of the present invention.
FIG. 2 is a functional block diagram of the system of the present invention.
Detailed Description
FIG. 1 is a schematic flow chart of the method of the present invention: the invention provides a quantum key distribution post-processing method based on verifiable secret sharing, which comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted to distribute the share of the protocol information and the original key:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter dividing into n parts, distributing to several post-processing units CPa of sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key, and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
S2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained; specifically, the following steps are adopted for screening:
a sender: for each post-processing unit CPaiUsing protocol information IaFor received original key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
S3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation; specifically, the following steps are adopted for recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error code estimationbi,estRecovering to obtain the secret key K for error code estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each timeA post-processing unit pair CPai-CPbiCarrying out error code estimation; and once the estimated value exceeds a set threshold, the protocol is directly terminated;
s4, all post-processing units of the sender and the receiver respectively carry out error correction processing on the key shares, and the error correction of the whole key is completed by utilizing a verifiable secret sharing algorithm; specifically, the following steps are adopted for error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
S5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm; specifically, the following steps are adopted for error checking:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure BDA0002608041010000101
Hash value h ofai=h1(K'ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure BDA0002608041010000102
Hash value h ofbi=h1(K′bi,key);
3) If only k non-malicious post-processing unit pairs exist, the sender recovers the complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if so, it is ensured that the probability ε is removed except for a minimumcorK 'outside'a,key=K'b,keyError checking is passed;
if not, directly terminating the protocol;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
i, the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2K is obtained by calculationai,key=h2(K'ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2K' is obtained by calculationbi,key=h2(K′bi,key);
And IV, recovering the key by adopting a recovery algorithm capable of verifying the secret sharing algorithm so as to obtain the minimum probability epsilonsecOuter K ″)a,key=K″b,keyThe absolute security key of (2).
In the above process, the verifiable secret sharing algorithm specifically includes a distribution algorithm, an update verification algorithm, and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0A secret to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliConcurrent computation and broadcast of commitments
Figure BDA0002608041010000121
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t-1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure BDA0002608041010000122
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure BDA0002608041010000123
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure BDA0002608041010000131
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
FIG. 2 is a functional block diagram of the system of the present invention: the system for realizing the quantum key distribution post-processing method based on verifiable secret sharing comprises a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnUsed for screening the original key share to obtain the screened key share, recovering part of the key by adopting a verifiable secret sharing algorithm and carrying out error code estimation,Error correction of the overall key is accomplished using the verifiable secret sharing algorithm, error checking of the overall key is accomplished using the verifiable secret sharing algorithm, privacy enhancement is performed, and an absolute security key is generated using the verifiable secret sharing algorithm.

Claims (7)

1. A quantum key distribution post-processing method based on verifiable secret sharing comprises the following steps:
s1, quantum key distribution units of a sender and a receiver distribute protocol information and shares of an original key by using a verifiable secret sharing algorithm;
s2, all post-processing units of the sender and the receiver respectively screen the original key shares obtained in the step S1, so that screened key shares are obtained;
s3, recovering partial keys by the sender and the receiver by adopting a verifiable secret sharing algorithm, and performing error code estimation;
s4, all post-processing units of the sender and the receiver respectively carry out error correction on the key shares, and the verifiable secret sharing algorithm is used for completing error correction of the whole key;
s5, all post-processing units of the sender and the receiver complete error verification of the whole secret key by using a verifiable secret sharing algorithm;
s6, carrying out confidentiality enhancement on the sender and the receiver, and generating an absolute security key by adopting a verifiable secret sharing algorithm; specifically, the following steps are adopted to generate an absolute security key:
the sender selects a hash function h2All post-processing units CPa of the senderiUsing a selected hash function h2Calculated to obtain K "ai,key=h2(K’ai,key);
Each post-processing unit CPa of the senderiClassical signal hashing function h through authentication2Transmitted to a post-processing unit CPb corresponding to the receiveri
III Each post-processing Unit CPb of the receiveriAccording to the received hash function h2Calculated to obtain K "bi,key=h2(K’bi,key);
IV, recovering the secret key by adopting a recovery algorithm capable of verifying the secret sharing algorithm, thereby obtaining K'a,key=K”b,keyThe absolute security key of (1);
verifiable secret sharing algorithms include in particular a distribution algorithm, an update verification algorithm and a recovery algorithm:
and (3) a distribution algorithm:
secret distributor D randomly selects n nonzero elements x from GF (q)1,...,xnRespectively serving as the identity identifications of n participants, wherein a secret space and a share space are finite fields GF (q), a secret distributor D is a QKD unit, q is greater than n, and the parameters are all open;
secret distributor D chooses two polynomials of degree k-1 of the form:
f(x)=a0+a1x+a2x2+...+ak-1xk-1,ai∈GF(q)
g(x)=b0+b1x+b2x2+...+bk-1xk-1,bi∈GF(q)
wherein s is a0Secrets to be distributed;
secret distributor D then bases on participant piIs calculated si=(f(xi),g(xi) And as participant piThe fraction of (A); and will siDelivery to participant p over a secure channeliSimultaneously computing and broadcasting commitments
Figure FDA0003641651580000021
Updating the verification algorithm:
dividing time into a plurality of time periods t 1,2 and 3; performing a share updating algorithm and a share verifying algorithm in each time period;
at ft-1(x) Adding a polynomial h (x) of degree k-1, where h (0) ═ 0, to obtain a polynomial f in the time period t-1t -1(x) Polynomial f updated to t time periodt(x)=ft-1(x) + h (x); at the same time, p for each participantiUpdating the shares in the t time period to obtain the shares in the t time period
Figure FDA0003641651580000022
Simultaneously calculating and broadcasting a commitment;
each participant piAfter obtaining the corresponding share of the user, judging whether the following formula is satisfied:
Figure FDA0003641651580000023
if so, each participant piThe resulting fraction is effective;
if not, each participant piThe resulting shares are invalid and D is required to resend the correct shares;
and (3) recovery algorithm:
s represents a set of not less than k participants participating in reconstruction; any participant p in SiShow own share siThe remaining participants verified s using the following equationiWhether it is correct:
Figure FDA0003641651580000031
when any k participants in S pass the verification, the shares (x) of the k participants are collectedi,f(xi) A unique polynomial f (x) is derived by lagrange interpolation and then the value of f (x) at zero is calculated to recover the secret s.
2. The quantum key distribution post-processing method based on verifiable secret sharing according to claim 1, wherein the quantum key distribution units of the sender and the receiver in step S1 utilize verifiable secret sharing algorithm to distribute the share of the original key and the protocol information, specifically adopting the following steps:
A. the quantum key distribution module QKDa of the sender obtains the original key K in the quantum channelaAnd protocol information Ia
B. The quantum key distribution module QKDa of the sender adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KaAfter being divided into n parts, distributed to several post-processing units CPa of the sender1~CPanVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
C. after the verification is passed, several post-processing units CPa of the sender1~CPanReceiving the original key and the ith post-processing unit CPaiThe received original key share is KaiThe protocol information is Ia
D. The quantum key distribution module QKDb of the receiver obtains the original key K in the quantum channelbAnd protocol information Ib
E. The quantum key distribution module QKDb of the receiver adopts a distribution algorithm in a verifiable secret sharing algorithm to distribute the original key KbAfter being divided into n parts, the n parts are distributed to a plurality of post-processing units CPb of a receiver1~CPbnVerifying through an updating verification algorithm in the verifiable secret sharing algorithm;
F. after the verification is passed, several post-processing units CPb of the receiver1~CPbnReceiving the original key and the ith post-processing unit CPbiThe received original key share is KbiThe protocol information is Ib
3. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 2, wherein all the post-processing units of the sender and the receiver in step S2 respectively screen the original key shares obtained in step S1 to obtain the screened key shares, specifically adopting the following steps:
a sender: for each post-processing unit CPaiUsing protocol information IaTo the receivedOriginal key share KaiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationai,keyAnd part K for error estimationai,est
The receiving side: for each post-processing unit CPbiUsing protocol information IbFor received original key share KbiScreening is carried out to obtain the screened original key share, and the screened original key share is divided into two parts: partial K for key generationbi,keyAnd part K for error estimationbi,est
4. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 3, wherein said sender and receiver of step S3 adopt verifiable secret sharing algorithm to recover partial key and perform error code estimation, specifically adopting the following steps to perform recovery and error code estimation:
a. the sender employs a recovery algorithm in a verifiable secret sharing algorithm for each post-processing unit CPaiCorresponding part K for error estimationai,estRecovering to obtain the secret key K for error code estimationa,est
b. The receiver adopts a recovery algorithm in the verifiable secret sharing algorithm to each post-processing unit CPbiCorresponding part K for error estimationbi,estRecovering to obtain the secret key K for error code estimationb,est
c. Through classical authenticated channel, using Ia、Ib、Ka,estAnd Kb,estFor each post-processing unit pair CPai-CPbiCarrying out error code estimation; and terminates the protocol directly once the estimate exceeds a set threshold.
5. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 4, wherein all post-processing units of the sender and the receiver respectively perform error correction processing on the key shares in step S4, and complete the error correction of the whole key by using the verifiable secret sharing algorithm, specifically adopting the following steps to perform error correction:
(1) the sender for each partial K used for key generationai,keyObtaining the parity check code S by using the generator matrix G of the LDPC codea=Kai,key·G;
(2) Receiver for each partial K used for key generationbi,keyObtaining the parity check code S by using the generator matrix G of the LDPC codeb=Kbi,key·G;
(3) Through authenticated classical channel, at each post-processing unit pair CPai-CPbiAdopting a recovery algorithm in the verifiable secret sharing algorithm to correct errors;
(4) after error correction between all post-processing unit pairs is finished, obtaining a part K 'for key generation of the sender after error correction'ai,keyAnd a part K 'for key generation of the receiver after error correction'bi,key
6. The quantum key distribution post-processing method based on verifiable secret sharing as claimed in claim 5, wherein all post-processing units of the sender and the receiver utilize verifiable secret sharing algorithm to complete error check of the whole key in step S5, specifically adopting the following steps to perform error check:
1) randomly selecting a hash function h1Each post-processing unit CPa of the senderiAll utilize the hash function to calculate the length of
Figure FDA0003641651580000051
Hash value h ofai=h1(K’ai,key);
2) Each post-processing unit CPb of the receiveriCalculating the length of the hash function in the step 1) as
Figure FDA0003641651580000061
Hash value h ofbi=h1(K’bi,key);
3) As long as k non-malicious post-processing unit pairs exist, the sender recovers a complete hash value h by using a recovery algorithm capable of verifying the secret sharing algorithmaThe receiver recovers the complete hash value h by using a recovery algorithm which can verify the secret sharing algorithmb
4) Judging h through the authenticated classical signala=hbWhether or not:
if yes, K'a,key=K’b,key
If not, the protocol is directly terminated.
7. A system for realizing the quantum key distribution post-processing method based on verifiable secret sharing of one of claims 1 to 6, which is characterized by comprising a sender and a receiver; the sender comprises a quantum key distribution unit QKDa and n post-processing units CPa1~CPanThe receiver comprises a quantum key distribution unit QKDb and n post-processing units CPb1~CPbn(ii) a The quantum key distribution unit QKDa of the sender and the quantum key distribution unit QKDb of the receiver are used for distributing the share of the protocol information and the original key; n post-processing units CPa of the sender1~CPanAnd n post-processing units CPb of the receiver1~CPbnThe method is used for screening the original secret key share to obtain the screened secret key share, recovering part of the secret key by adopting a verifiable secret sharing algorithm and carrying out error code estimation, finishing error correction of the whole secret key by utilizing the verifiable secret sharing algorithm, finishing error check of the whole secret key by utilizing the verifiable secret sharing algorithm, carrying out confidentiality enhancement and generating an absolute security key by adopting the verifiable secret sharing algorithm.
CN202010744955.3A 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing Active CN111786787B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010744955.3A CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010744955.3A CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Publications (2)

Publication Number Publication Date
CN111786787A CN111786787A (en) 2020-10-16
CN111786787B true CN111786787B (en) 2022-07-01

Family

ID=72765460

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010744955.3A Active CN111786787B (en) 2020-07-29 2020-07-29 Quantum key distribution post-processing method and system based on verifiable secret sharing

Country Status (1)

Country Link
CN (1) CN111786787B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113254410B (en) * 2021-05-29 2024-02-02 陕西师范大学 Publicly verifiable multi-level multi-secret sharing method and system capable of proving safety
JP2023157174A (en) * 2022-04-14 2023-10-26 株式会社東芝 Cryptographic communication system, cryptographic communication device, and cryptographic communication method
JP2023157175A (en) * 2022-04-14 2023-10-26 株式会社東芝 User base device, cryptographic communication system, and cryptographic communication method
CN115208554B (en) * 2022-09-13 2022-12-13 三未信安科技股份有限公司 Management method and system for key self-checking, self-correcting and self-recovering

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101314210B1 (en) * 2009-11-24 2013-10-02 한국전자통신연구원 A method of User-authenticated Quantum Key Distribution
CN110798312A (en) * 2019-10-28 2020-02-14 中南大学 Secret negotiation method of continuous variable quantum key distribution system

Also Published As

Publication number Publication date
CN111786787A (en) 2020-10-16

Similar Documents

Publication Publication Date Title
CN111786787B (en) Quantum key distribution post-processing method and system based on verifiable secret sharing
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
CN112970236B (en) Collaborative risk awareness authentication
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
CN106104562B (en) System and method for securely storing and recovering confidential data
KR100519770B1 (en) Method and apparatus for distributed certificate management for Ad-hoc networks
Eldefrawy et al. OTP-based two-factor authentication using mobile phones
US7360087B2 (en) Pervasive, user-centric network security enabled by dynamic datagram switch and an on-demand authentication and encryption scheme through mobile intelligent data carriers
CN109905247B (en) Block chain based digital signature method, device, equipment and storage medium
CN114730420A (en) System and method for generating signatures
US8422670B2 (en) Password authentication method
CN110971411B (en) SM2 homomorphic signature method for encrypting private key by multiplying based on SOTP technology
CN112787796B (en) Aggregation method and device for detecting false data injection in edge calculation
CN111931249B (en) Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN113727296B (en) Anonymous privacy protection authentication protocol method based on wireless sensor system in intelligent medical treatment
CN102263787B (en) Dynamic distributed certification authority (CA) configuration method
CN113055882B (en) Efficient authentication method and device for unmanned aerial vehicle network, computer equipment and storage medium
CN110945831A (en) Generation of anti-Sybil attack identities
Fatahi et al. High-efficient arbitrated quantum signature scheme based on cluster states
CN110851859A (en) Distributed authoritative node block chain system with (n, t) threshold and authentication method thereof
CN110557367A (en) Secret key updating method and system for quantum computing secure communication resistance based on certificate cryptography
CN115865520B (en) Authentication and access control method with privacy protection in mobile cloud service environment
CN110737907B (en) Anti-quantum computing cloud storage method and system based on alliance chain
CN110740034A (en) Method and system for generating QKD network authentication key based on alliance chain
CN109522689B (en) Multi-factor body-building authentication method in mobile office environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant