Disclosure of Invention
In order to solve the technical problem, the invention provides a secret communication method based on key fusion transformation, which replaces the original key with the output of the key fusion transformation, thereby greatly reducing the influence of single key leakage on the information security state.
The technical scheme adopted by the invention is as follows: secret communication method based on key fusion transformation, and data transmission system adopted by the secret communication method comprises: the system comprises an information source, a channel and an information sink, wherein the information source and the information sink generate a series of shared key sequences based on a key generation mechanism; the information source and the information sink utilize the same fusion transformation to process the key sequence, then the information source uses the output result of the fusion transformation as a temporary key to encrypt and encode the message, and sends a ciphertext to the information sink; the sink decodes the message with the output of the fused transform as a temporary key to obtain plaintext.
The fused transform corresponds to a function that receives a sequence of keys as input, outputs a new key as a temporary key, and the minimum entropy of the temporary key is always greater than or equal to the minimum entropy of any input key. The key sequence with length w is X1,X2,...,XwIf the keys are independent of each other, a function KFT that always satisfies the condition (0,1)n×(0,1)n×...×(0,1)n→(0,1)nReferred to as key fusion transformation.
H∞(KFT(X1,X2,...,Xw))≥H∞(Xi),i=1,2,...,w
Where n is the key bit length, (0,1)nIs the value space of the key, H∞(X) represents the minimum entropy of X, also called key entropy, and is calculated as:
where min denotes the minimum value, X ← X denotes randomly sampling one X from a random variable X, log is a logarithmic function, and Pr [ X ═ X ] denotes the probability of sampling X from X.
In the secret communication method based on the key fusion transformation, the keys in the key sequence can be generated by one or more key generation mechanisms, and the key generation mechanisms work in a mode meeting the following assumed conditions of an ideal model:
t1: each generated key is a random variable extracted from an (n; l) -key source;
t2: the keys are independent of each other;
t3: if H is present∞(X) ≧ l, then the symmetric encryption used for encryption and decryption is absolutely secure.
Wherein, T1 regards each key as a random variable, where n is the key length, l is the security threshold, and the closer l is to n, the better the randomness of the key. For an (n; l) -key source, if key X is revealed to an eavesdropper, it is equivalent to H∞(X)<l; otherwise, H∞(X) is not less than l. Whereas T2 is reasonable in that almost all key generation mechanisms, such as PLKG, related research work requires testing the statistical independence of keys. It is generally considered that a symmetric encryption algorithm, such as AES, is strong enough to even resist attack by a quantum computer as long as the key length is large enough, and therefore T3 is also a reasonable assumption.
The invention has the beneficial effects that: aiming at the problem that the existing security coding method has the key easy to leak, the secret communication method based on the key fusion transformation provided by the invention processes a plurality of keys to protect the privacy of a single key by using the key fusion transformation; the method has compatibility with various existing key generation mechanisms, such as PLKG, can greatly reduce the probability of secret interruption, has wide universality and has great application potential in secret data communication occasions.
Detailed Description
In order to facilitate the understanding of the technical contents of the present invention by those skilled in the art, the present invention will be further explained with reference to the accompanying drawings.
The invention provides a secret communication method based on key fusion transformation, a data transmission system, comprising: the system comprises an information source, a channel and an information sink, wherein the information source and the information sink generate a series of key sequences shared by both parties based on one or more key generation mechanisms; the information source processes the key sequence by fusion transformation, then uses the output result as a temporary key to encrypt and encode the message, and sends the ciphertext to the information sink; the sink decodes the message to obtain plaintext, again using the result of the fused transform as a temporary key. Since the key fusion transformation protects the randomness of the individual keys, the probability of privacy disruption can be significantly reduced. The key generation mechanism includes: based on physical layer key generation mechanisms, public key cryptography (e.g., trellis-based cryptography, quantum cryptography, or quantum key distribution, etc.). (e.g., physical-layer key generation, PLKG)
The keys in the key sequence of the present invention may be generated by various key generation algorithms. Using the common physical layer key generation mechanism PLKG (physical layer cipher) in the fieldA Key generation mechanism, physical-layer Key generation) as an example, in an implementation manner of managing Key sequences at an information source and an information sink, a Key fusion Transformation sliding window (KFT sliding window, Key-Fusing Transformation) is respectively set in each system, and a specific implementation manner is that the information source and the information sink respectively maintain a first-in first-out queue data structure, the window can continuously slide or slide once per m keys (m is less than or equal to w), the window length w can be preset, w is an integer, and the value range is 1 to infinity; the larger w is, the higher the security level is, but the calculation, storage and synchronization overhead is increased; the source and the sink select a same key fusion transformation, the fusion transformation is a special function called KFT (), and the KFT () is characterized in that: a key sequence is received, a new key, called a temporary key, is output, and the minimum entropy (also called key entropy) of the output key is always greater than or equal to the minimum entropy of any input key. The key can be viewed as a random variable X e (0,1)nIts minimum entropy is defined as:
where min denotes the minimum value, X ← X denotes randomly sampling X from X, log is a logarithmic function, and Pr [ X ═ X]Representing the probability of sampling X from X,
the expression is defined as
∞(X) is defined as
The specific working process of the present invention is described below by taking the implementation mode based on PLKG as an example:
s1, managing shared key sequence generated by PLKG by first-in first-out queue structure
S11, adopting PLKG between the information source and the information sink, and extracting the key shared by the two parties by using the unique characteristics of the wireless channel;
and S12, the source and the sink respectively store the generated keys into own KFT sliding windows.
S2, the source processes the key sequence based on the key fusion transformation KFT for encrypting the message
S21, the signal source takes the key sequence in the KFT sliding window as input, calls a KFT function and generates a temporary key;
s22, the source encrypts and encodes the plaintext with the temporary key, and then transmits the output ciphertext to the sink.
S3, the source processes the key sequence based on the key fusion transformation KFT for decrypting the message
S31, the signal sink takes the key sequence in the KFT sliding window as input, calls a KFT function and generates a temporary key;
s32, the sink decrypts the received message by the temporary key to obtain the plaintext.
Fig. 1 shows a work flow diagram of a secret communication method based on key fusion transformation. Under the mechanism of PLKG, the source and the sink can acquire a series of keys by performing 5 steps of channel exploration, random sequence extraction, quantization, information coordination and privacy amplification. Before the keys are used for encryption/decryption, key fusion transformation is carried out on the keys by calling a KFT () function so as to promote key entropy as much as possible and further improve the safety of a data transmission system.
The key fusion transformation can be regarded as a special multivariate function called KFT (), and the KFT () is characterized in that: receiving a key sequence, a new key, called a temporary key, is output, and the minimum entropy (also called key entropy) of the output key is always greater than or equal to the minimum entropy of any input key. The key sequence with length w is X1,X2,...,XwThen, a function KFT (0,1) satisfying the following conditionn×(0,1)n×...×(0,1)n→(0,1)nReferred to as key fusion transformation.
H∞(KFT(X1,X2,...,Xw))≥H∞(Xi),i=1,2,...,w
→ is the function mapping notation for function definition, front is the definition domain and back is the value domain.
The key fusion transformation is a multivariate function and can be realized by iteration of a binary KFT function, and the specific realization mode is that two keys are taken according to any specified sequence for a key sequence with the length of w, binary KFT () transformation is applied, and the output temporary key is put back to the sequence, so that the length of the sequence becomes w-1; this process continues until only one key remains in the sequence, which is the temporary key output by the key fusion transformation, and can be used for encryption and decryption.
The binary KFT function is defined as KFT (0,1)n×(0,1)n→(0,1)nAnd simultaneously satisfies the following two conditions.
H∞(KFT(X,Y))≥H∞(X)
And H∞(KFT(X,Y))≥H∞(Y)
Wherein X and Y are 2 mutually independent random variables, and X belongs to (0,1)n,Y∈(0,1)n. The simplest existing binary key fusion transformations are MOD addition (modular Operation) and bitwise xor [. alpha. ]), which are primitives widely used in modern encryption technology. Note that applying a one-to-one mapping on a random variable does not change its key entropy, so a typical way to construct a key fusion transform is to combine modulo addition (MOD), bitwise xor, and one-to-one mapping to generate KFT instances. In this way we can get at least (2) under the key space of n-bitn| A ) A KFT instance. Moreover, even if the order of the input key sequence is disturbed, the output result will remain unchanged as long as the chosen KFT instance satisfies the commutative and associative laws.
A typical construction method of a binary key fusion transformation can be defined in an iterative manner as follows:
1)g(x,y)=x⊕y⊕b
2)g(x,y)=(x+y+b)MOD 2n
3)g(x,y)=>KFT
4)g(h(x),y)=>KFT
5)g(x,h(y))=>KFT
6)h(KFT(x,y))=>KFT
wherein X ← X ∈ (0,1)nAnd Y ← Y ∈ (0,1)nIs 2 mutually independent keys, b is belonged to (0,1)nIs a constant; g (,) represents binary modulo addition (MOD) or bitwise XOR (#), defined as g (0,1)n×(0,1)n→(0,1)nThe implementation mode is as the above formula 1) 2); h (.) is a one-to-one mapping defined as h (0,1)n→(0,1)nTypical implementations include MOD, bitwise xor, cyclic shift, etc.; equation 3 above) illustrates that the function g (,) is a binary key fusion transformation; the above formula 4)5) shows that the function obtained by applying h () and then g () to one of x and y is a binary key fusion transformation; equation 6) above illustrates that the function obtained by applying h (·) to the output of the key fusion transform KFT remains a binary key fusion transform.
In the secret communication method based on key fusion transformation, the keys in the key sequence can be generated by various key generation algorithms, and typical key generation algorithms include a physical layer-based key generation mechanism, a grid-based cryptography, quantum cryptography, or Quantum Key Distribution (QKD). In order to strictly verify the correctness of the proposed scheme, the present invention designs an ideal model to abstract various key generation mechanisms, including PLKG. These key generation mechanisms work in a way that satisfies the following assumptions of an ideal model:
t1: each generated key is a random variable extracted from an (n; l) -key source;
t2: the keys are independent of each other;
t3: if H is present∞(X) ≧ l, then the symmetric encryption used for encryption and decryption is absolutely secure, i.e., as long as key X is not revealed, the eavesdropper can neither break the key from the ciphertext nor decrypt the ciphertext directly.
T1 considers each key as a random variable, where n is the key length, l is the security threshold, and the closer l is to n, the better the randomness of the key. The specific value of l depends on the computational power estimate for the eavesdropper. Typical conditionsUnder the condition, the eavesdropper needs to do average 2lThe next brute force guess can be made to guess a correct key. For an (n; l) -key source, if a key X of n-bit length is leaked to an eavesdropper, it is equivalent to H∞(X)<l; otherwise, H∞(X) is not less than l. Whereas T2 is reasonable in that almost all key generation mechanisms, such as PLKG, related research work requires testing the statistical independence of keys. It is generally considered that a symmetric encryption algorithm, such as AES, is strong enough to even resist attack by a quantum computer as long as the key length is large enough, and therefore T3 is also a reasonable assumption.
Considering a typical key leakage scenario of PLKG, as shown in fig. 2, the source and the sink generate 3 keys using the PLKG mechanism: k is a radical ofA,kBAnd kCAnd assume kBIs revealed to the eavesdropper. From the hypothesis T1, we can obtain H∞(kA)≥l,H∞(kB)<l, and H∞(kC) Not less than l. According to the hypothesis T3, with kAAnd kCEncrypted communication is secure but with kBThe security of encrypted communications is compromised. The main problem is that eavesdropping may be done by eavesdropping, and neither the sender nor the receiver may even know kBHas already leaked out.
To solve this problem, our solution is to transform k by using key fusion KFTA,kBAnd kCAnd (4) carrying out fusion. Specifically, we start from kA,kBTo obtain kABThen from kABAnd kCTo obtain kABC. According to the assumption T3, only H needs to be certified∞(kABC) When l is greater than or equal to l, k is usedABCIn place of kA,kBAnd kCIt is secure for encryption and decryption.
The present embodiment uses a key of
length 2 to verify the correctness of the model, and as a result, the conclusion is shown in fig. 3, which is applicable to any key of any bit length. An example of KFT selected in this embodiment is
Where n is 2, then k is
AB=f(k
A,k
B) And k
ABC=f(k
AB,k
C). Since the keys are 2-bit in length, each key can take one of four values, 0,1, 2, 3, with different probabilities. The distribution probabilities respectively set in the embodiment are {1/3, 1/4, 1/6, 1/4}, k
CThe distribution probability of (a) is (1/2, 1/5, 1/6, 2/15). Because k is
BThe probability of the distribution is {0, 0, 0, 1} assuming that it is 3. Because k is
BHas been leaked out, so k
BThe key entropy of (a) is zero. Accordingly, k
ABHas a and k
AThe same key entropy is 1.58 but with a different probability distribution (note: real numbers in the figure retain only two decimal degrees of precision). Can be verified by computer programs or manually
ABCIs always greater than or equal to k
A,k
BAnd k
CKey entropy of (1), which represents H
∞(k
ABC) More than or equal to l is proved. And no matter k
AOr k
CWith any random distribution of how much, this conclusion is always true.
For a key X, its exposure probability is defined as H∞(X)<Probability of l, and probability of a secret interruption (SOP) means that at least one key V for encryption and decryption satisfies H during communication∞(V)<l probability of the signal. Fig. 4 shows the effect of the key fusion transformation KFT on the probability of a privacy disruption of the whole communication process, where a total of 60 keys are extracted, the size w of the KFT window being 1 to 10, respectively. The approach to using KFT is to replace every w keys in the key sequence with a corresponding KFT output. In fig. 4, two legends "no fusion transformation" and "with fusion transformation" correspond to the privacy disruption probability of the entire communication process when KFT is not applied and KFT is applied, respectively. By changing the size (w) of the KFT sliding window and the key exposure probability (p), it can be seen that when p is 0.1 and w is 10, the secret break probability when applying KFT is less than 10-8And approximately 0.998 without the application of KFT. Applying KFT and setting w to 10 may reduce the privacy disruption probability below 0.057 even at a fairly high key exposure probability, e.g., p ═ 0.5.
The above examples and analysis are only intended to illustrate the feasibility of the secret communication method based on the key fusion transformation, and in fact, any method satisfying the technical feature requirements of the 3 assumption conditions of the above ideal model can be used as the secret communication method based on the key fusion transformation. The key fusion transformation implemented by using binary KFT function iteration in the above example is only for convenience of description, and typical key generation algorithms include physical layer-based key generation mechanisms, public key cryptography (such as grid-based cryptography, quantum cryptography, or quantum key distribution), etc., without excluding other implementations. It is to be understood that the scope of the invention is not to be limited to such specific statements and examples. Various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the claims of the present invention.