CN112311554B - Strong authentication method and system based on quantum symmetric key - Google Patents

Strong authentication method and system based on quantum symmetric key Download PDF

Info

Publication number
CN112311554B
CN112311554B CN202011218901.XA CN202011218901A CN112311554B CN 112311554 B CN112311554 B CN 112311554B CN 202011218901 A CN202011218901 A CN 202011218901A CN 112311554 B CN112311554 B CN 112311554B
Authority
CN
China
Prior art keywords
key
message
authentication code
quantum
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011218901.XA
Other languages
Chinese (zh)
Other versions
CN112311554A (en
Inventor
邓太行
林兴
周淳
汪洋
李家骥
鲍皖苏
张海龙
汪翔
江木生
李宏伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202011218901.XA priority Critical patent/CN112311554B/en
Publication of CN112311554A publication Critical patent/CN112311554A/en
Application granted granted Critical
Publication of CN112311554B publication Critical patent/CN112311554B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of quantum key distribution, and particularly relates to a strong authentication method and a strong authentication system based on a quantum symmetric key, wherein the method comprises the steps of obtaining a quantum key file, and carrying out secret amplification on the quantum key file according to a poly1305 algorithm; packaging the obtained quantum key by using a key packaging algorithm and a user password; the sender unseals the quantum key and the plaintext to obtain a message authentication code, a ciphertext and a unique value through a poly1305 algorithm, and the message authentication code, the ciphertext and the unique value are transmitted to the receiver through a public network after being packaged; and the receiver receives the packed message, unpacks the message to obtain a ciphertext, a unique value and a received message authentication code, calls a quantum key and a poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and compares whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message. The invention can strongly ensure the message integrity of the users of both communication sides, effectively prevent the leakage of sensitive information, resist the decoding of a quantum computer and ensure the information safety.

Description

Strong authentication method and system based on quantum symmetric key
Technical Field
The invention belongs to the technical field of quantum key distribution, and particularly relates to a strong authentication method and system based on a quantum symmetric key.
Background
The quantum key distribution stage mainly comprises two stages, namely a quantum signal transmission stage and a post-processing stage, wherein the quantum signal transmission stage mainly comprises the operations of sending, receiving, measuring and the like of quantum states carried out by Alice and Bob in a quantum channel.
The message integrity authentication based on the public key system is generally implemented by a method in which a generator of a message digitally signs a hash value of the message. The disadvantages are as follows:
1. the calculated amount is much higher than that of a symmetric key system, and the message authentication efficiency is low.
2. The safety depends on the computational complexity, the attack of quantum computation and quantum algorithm cannot be effectively faced, and potential safety hazards exist.
3. The symmetric key required by authentication is difficult to obtain and store, and cannot be obtained and used in real time.
In addition, the authentication security based on the symmetric cryptographic algorithm and the hash function with the key can be reduced to the computing security. When an attacker has sufficient computational power and storage capacity, an effective attack can be implemented.
Disclosure of Invention
In order to solve the potential safety hazard problem existing in the traditional message integrity authentication method depending on the computational complexity, the invention provides a strong authentication method and a strong authentication system based on a quantum symmetric key, which have the quantum security characteristic and are irrelevant to the computational capability, so that the message integrity of users of both communication sides can be strongly ensured, the leakage of sensitive information is effectively prevented, the sensitive information can be resisted from being decoded by a quantum computer, and the information security is ensured.
In order to solve the technical problems, the invention adopts the following technical scheme:
the invention provides a strong authentication method based on a quantum symmetric key, which comprises the following steps:
obtaining a quantum key file, and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
packaging the obtained quantum key by using a key packaging algorithm and a user password;
the sender unseals the quantum key and the plaintext to obtain a message authentication code, a ciphertext and a unique value through a poly1305 algorithm, and the message authentication code, the ciphertext and the unique value are transmitted to the receiver through a public network after being packaged;
and the receiver receives the packed message, unpacks the message to obtain a ciphertext, a unique value and a received message authentication code, calls a quantum key and a poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and compares whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message.
Further, the obtaining of the quantum key file and the secret amplification thereof according to the poly1305 algorithm to obtain the secure quantum key includes:
the system configures the QKD equipment through the FTP interface, and after the configuration is successful, the program accesses an FTP server of the QKD equipment and acquires a quantum key file from the FTP server;
obtaining error rate and classical communication leakage quantity parameters from QKD equipment, and calculating the compression ratio of secret amplification;
and calling a poly1305 algorithm according to the compression ratio to carry out secret amplification on the obtained quantum key file to obtain a safe quantum key.
Further, the encapsulating the obtained quantum key by using the key encapsulation algorithm and the user password includes:
the system uses a key encapsulation algorithm KeyWrap and a user password KEK to encapsulate the obtained quantum key, and stores the encapsulated key file locally.
Further, the unique value is a random unique value generated using a UUID algorithm.
Further, the obtaining of the message authentication code through the poly1305 algorithm includes:
generating a hash key K using a master key K H And an encryption key K E Encoding the input message M as a hash functionThe required input format, the encoded message in a hash key K H Under the control of (3), hashing the hash value H by a hash function to obtain a hash value H in an encryption key K E The result is the message authentication code MAC.
Further, the obtaining of the message authentication code through the poly1305 algorithm specifically includes the following steps:
step 1, key preprocessing
Dividing the acquired 32-byte quantum key into the first 16 bytes and the second 16 bytes as a hash key K respectively H And an encryption key K E
Step 2, message preprocessing
Acquiring the byte length l of a message plaintext, and rounding up w and rounding down t of l/16 to prepare for a subsequent plaintext packet;
dividing plaintext into 16-bit blocks c i If the length of the last packet is less than 16 bits, directly reserving the packet and not processing the packet;
in each packet c i Pre-insert the byte with value 0x01, and put each packet c i Conversion into an unsigned integer c i
Step 3, message hashing
Firstly, a hash key K is obtained H Converting into an unsigned integer r, making the number of message packets s, and then computing a hash value:
H'=(c 1 *r s +c 2 *r s -1+...c s *r l )mod prime(130)
H=H'mod2 128
wherein prime (130) is less than 2 130 Maximum prime number of 2 130 -5, H represents a hash value and H' represents an intermediate variable.
Step 4, terminating the operation
Converting the hash value H into a bit string, using an encryption key K E Obtaining S through an encryption algorithm, converting the S into an integer, and calculating mac (H + S) mod2 128 And then converted into a bit string and output.
The invention also provides a strong authentication system based on the quantum symmetric key, which comprises the following steps:
the quantum key file acquisition and secret amplification module is used for acquiring a quantum key file and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
the quantum key packaging module is used for packaging the obtained quantum key by using a key packaging algorithm and a user password;
the message authentication code generation module is used for deblocking the quantum key obtained by the sender and the plaintext to obtain a message authentication code, a ciphertext and a unique value through a poly1305 algorithm, and packaging and transmitting the message authentication code, the ciphertext and the unique value to the receiver through a public network;
and the message integrity detection module is used for receiving the packed message by the receiver, unpacking the packed message to obtain a ciphertext, a unique value and a received message authentication code, calling a quantum key and poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and comparing whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message.
Compared with the prior art, the invention has the following advantages:
1. the strong authentication method based on the quantum symmetric key can be used for carrying out secret amplification on the obtained quantum key file through the hash function algorithm, can also be used as a safety mechanism for providing message authentication to detect the integrity of the message, verifies whether the message is falsified by an attacker, and has higher message authentication code generation speed.
2. The invention calculates the compression ratio of secret amplification by using the error rate and the classical communication leakage quantity parameters obtained from the QKD equipment, calls the poly1305 algorithm to carry out secret amplification on the obtained quantum key file according to the compression ratio, effectively compresses and obtains a key with higher safety more quickly, and removes or reduces the information quantity obtained by an eavesdropper on the correct key to be within an acceptable safety range.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a strong authentication method based on quantum symmetric key according to an embodiment of the present invention;
fig. 2 is a flow diagram illustrating the calculation of a message authentication code using the poly1305 algorithm, according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, the strong authentication method based on quantum symmetric key of this embodiment includes:
step S11, obtaining a quantum key file, and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
the system configures QKD equipment through an FTP interface, after configuration is successful, a program accesses an FTP server of the QKD equipment, quantum key files are obtained from the FTP server, after grouping is carried out on the quantum key files, the system automatically obtains parameters such as error rate, classical communication leakage amount and the like from the QKD equipment, and the compression ratio of secret amplification is calculated; and calling poly1305 algorithm according to the compression ratio to carry out secret amplification on the obtained quantum key file, so that the quantum key is effectively compressed and safer is obtained more quickly.
Step S12, packaging the obtained quantum key by using a key packaging algorithm and a user password;
the system uses a key encapsulation algorithm KeyWrap and a user password KEK to encapsulate the obtained quantum key, the user password requires the user to set and remember by himself and is not easy to leak to others, and can also be managed dispersedly to protect the user password from being stolen to the greatest extent, and the user password can be stored in a temporary memory when a software program runs, according to the algorithm logic, some processing limits on the key are needed, namely, bits which need to be zeroed are zeroed at the quantum key processing part, and the encapsulated key file is stored locally to prevent the stored local key file from being stolen by an attacker to cause the leakage of a main key, so that the security of the key is better protected.
Step S13, the sender unseals to obtain a quantum key and obtains a plaintext of the user through an upper interface, then obtains a message authentication code, a ciphertext and a unique value by using a poly1305 algorithm, packages the message authentication code, the ciphertext and the unique value and transmits the packaged message authentication code, the ciphertext and the unique value to the receiver through a public network, wherein the unique value is a random unique value generated by using a UUID algorithm; the process of obtaining the message authentication code by the poly1305 algorithm is briefly summarized as follows: generating a hash key K using a master key K H And an encryption key K E Encoding the input message M into the input format required by the hash function, the encoded message being in the hash key K H Under the control of (3), hashing the hash value H through a generic hash function, and encrypting the key K with the obtained hash value H E As shown in fig. 2, the specific steps are as follows:
step S131, Key preprocessing
The preprocessed key is first conformed to its unique format, i.e. some bits are 0, and this operation can be performed when the original key is obtained and packaged. The 32-byte quantum key to be acquired in the key preprocessing is divided into the first 16 bytes and the second 16 bytes which are respectively used as a hash key K H And an encryption key K E
Step S132, message preprocessing
Acquiring the byte length l of a message plaintext, and rounding up w and rounding down t of l/16 to prepare for a subsequent plaintext packet;
for packets in plaintext: dividing plaintext into 16-bit blocks c i If the length of the last packet is less than 16 bitsDirectly reserving without processing;
since the bottom layer of the memory level integer is the bit string, the long integer can be packaged into a class and the bottom layer is set as the corresponding bit string; integer plus 2^ n per packet, where n is the length of the corresponding packet, this operation being equivalent to inserting the byte with value 0x01 before the bottom string of bits of the integer, so the whole operation can be simplified to first insert each packet c i Pre-insert the byte with value 0x01 and put each packet c i Conversion into an unsigned integer c i So as to satisfy the operation of the message hash stage on the plaintext packet.
Step S133, message hashing
Firstly, a hash key K is obtained H Converting into an unsigned integer r, making the number of message packets as s, and then computing a hash value:
H'=(c 1 *r s +c 2 *r s -1+...c s *r l )mod prime(130)
H=H'mod2 128
wherein prime (130) is less than 2 130 Maximum prime number of 2 130 -5, H represents a hash value and H' represents an intermediate variable.
Step S134, terminating the operation
Converting the hash value H into a bit string, using an encryption key K E Obtaining S by an encryption algorithm (here, AES encryption algorithm is used), converting S into an integer, and calculating mac ═ H + S mod2 128 And then converted into a bit string and output.
And step S14, the receiver receives the packed message, unpacks the message to obtain a ciphertext, a unique value and a received message authentication code, calls a quantum key and poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and compares whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message.
Correspondingly to the strong authentication method based on the quantum symmetric key, the embodiment also provides a strong authentication system based on the quantum symmetric key, which comprises a quantum key file acquisition and secrecy amplification module, a quantum key encapsulation module, a message authentication code generation module and a message integrity detection module.
The quantum key file acquisition and secret amplification module is used for acquiring a quantum key file and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
in the process of quantum key distribution, an attacker can eavesdrop a quantum channel and monitor a classical channel to obtain part of information of a key, so that the security of the generated key is threatened, and in order to reduce the leaked information amount, the secret amplification operation needs to be carried out on the part of secret quantum key, so that the key with higher security is extracted to be used as the key of final cipher communication.
The quantum key packaging module is used for packaging the obtained quantum key by using a key packaging algorithm and a user password;
since the key is stored in a less secure storage device and is to be propagated in the network, in order to protect the key, the key encapsulation algorithm KeyWrap and the user password KEK are used to complete the secure encapsulation of the key.
The message authentication code generation module is used for deblocking the quantum key obtained by the sender and the plaintext to obtain a message authentication code, a ciphertext and a unique value through a poly1305 algorithm, and packaging and transmitting the message authentication code, the ciphertext and the unique value to the receiver through a public network;
the poly1305 algorithm is used to check if the data has been altered illegally, ensuring that the message comes from the entity that owns the key.
And the message integrity detection module is used for receiving the packed message by the receiver, unpacking the packed message to obtain a ciphertext, a unique value and a received message authentication code, calling a quantum key and poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and comparing whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message.
The performance test and the function test are performed on the strong authentication system based on the quantum symmetric key, as shown in tables 1 and 2:
timing code is inserted into the code of the sender function and the receiver function and used for calculating the running time of the execution function so as to measure the performance of the system running. The function running time of each test is output to the console window, and the test result is shown in table 1.
TABLE 1 Performance test
Figure BDA0002761377170000091
As can be seen from Table 1, the operating efficiency of the system substantially meets the user requirements and the performance is good.
And inserting the code for outputting the content to the console into the codes of the sender execution function and the receiver execution function to test whether the generated content after the function execution conforms to the code logic. First we perform a simulated attack: after normal key docking and in a normal network environment, both clients can freely send and receive message files of the server. At this time, assuming that an attacker steals the message file of the sender through various means, knows the encryption key and deciphers the plaintext, wants to tamper the plaintext and encrypt the ciphertext, and packs the ciphertext, the unique value in the original message file and the message authentication code into a new message file to be sent to the receiver. Then, at the receiver side, we obtain the original message authentication code packaged in the message file by the sender, decrypt the tampered plaintext from the tampered ciphertext in the message file through the encryption key, and execute the authentication code generation algorithm on the plaintext to obtain the authentication code after the message is tampered. By comparing whether the original message authentication code is consistent with the tampered authentication code, whether the system can bear the attack can be tested. The test results are shown in table 2.
TABLE 2 functional testing
Figure BDA0002761377170000101
Figure BDA0002761377170000111
As can be seen from table 2, when the message sent by the user is maliciously tampered by the third party, the tampered message authentication code is obviously different from the correct message authentication code, and the system will display that the anomaly reaches the attack, and the communication fails this time. It can be seen that the strong authentication system substantially meets the design requirements.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (5)

1. A strong authentication method based on quantum symmetric key is characterized by comprising the following steps:
obtaining a quantum key file, and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
packaging the obtained quantum key by using a key packaging algorithm and a user password;
the sender unpacks the quantum key to obtain a quantum key, the quantum key and the plaintext obtain a message authentication code through a poly1305 algorithm, and the sender packs the message authentication code, the ciphertext and the unique value and transmits the packed message authentication code, the ciphertext and the unique value to the receiver through a public network;
the receiver receives the packed message, unpacks the message to obtain a ciphertext, a unique value and a received message authentication code, calls a quantum key and a poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and compares whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message;
the quantum key and the plaintext are used for obtaining a message authentication code through a poly1305 algorithm, and a master key is used forThe key K generates a hash key K H And an encryption key K E Then the input message M is encoded into the input format required by the hash function, and then the encoded message is stored in the hash key K H Under the control of (3), hashing the hash by a hash function, and finally obtaining a hash value H in an encryption key K E The encryption is carried out under the control of (1), and the result is the message authentication code MAC; the method specifically comprises the following steps:
step 1, key preprocessing
Dividing the acquired 32-byte quantum key into the first 16 bytes and the second 16 bytes as a hash key K respectively H And an encryption key K E
Step 2, message preprocessing
Acquiring byte length l of a message plaintext, and rounding-up w and rounding-down t of l/16 to prepare for a subsequent plaintext packet;
dividing plaintext into 16-bit blocks c i If the length of the last packet is less than 16 bits, directly reserving the packet and not processing the packet;
in each packet c i Pre-insert the byte with value 0x01, and put each packet c i Conversion into an unsigned integer c i
Step 3, message hashing
Firstly, a hash key K is obtained H Converting into an unsigned integer r, making the number of message packets as s, and then computing a hash value:
H'=(c 1 *r s +c 2 *r s-1 +...c s *r l )mod prime(130)
H=H'mod2 128
wherein prime (130) is less than 2 130 Maximum prime number of 2 130 -5, H represents a hash value, H' represents an intermediate variable;
step 4, terminating the operation
Converting the hash value H into a bit string, using an encryption key K E Obtaining S through an encryption algorithm, converting the S into an integer, and calculating mac (H + S) mod2 128 And then converted into a bit string and output.
2. The quantum symmetric key-based strong authentication method as claimed in claim 1, wherein said obtaining a quantum key file, and performing secret amplification on the quantum key file according to poly1305 algorithm to obtain a secure quantum key comprises:
the system configures the QKD equipment through the FTP interface, and after the configuration is successful, the program accesses an FTP server of the QKD equipment and acquires a quantum key file from the FTP server;
obtaining error rate and classical communication leakage quantity parameters from QKD equipment, and calculating the secret amplified compression ratio;
and calling poly1305 algorithm according to the compression ratio to carry out secret amplification on the obtained quantum key file to obtain a safe quantum key.
3. The quantum symmetric key-based strong authentication method according to claim 2, wherein the encapsulating the obtained quantum key by using a key encapsulation algorithm and a user password comprises:
the system uses a key encapsulation algorithm KeyWrap and a user password KEK to encapsulate the obtained quantum key, and stores the encapsulated key file in the local.
4. The quantum symmetric key-based strong authentication method according to claim 1, wherein the unique value is a random unique value generated using a UUID algorithm.
5. A strong authentication system based on quantum symmetric keys, comprising:
the quantum key file acquisition and secret amplification module is used for acquiring a quantum key file and carrying out secret amplification on the quantum key file according to a poly1305 algorithm to obtain a safe quantum key;
the quantum key packaging module is used for packaging the obtained quantum key by using a key packaging algorithm and a user password;
the message authentication code generation module is used for deblocking the sender to obtain a quantum key, obtaining a message authentication code by the quantum key and a plaintext through a poly1305 algorithm, and transmitting the message authentication code, the ciphertext and the unique value to the receiver through a public network after the sender packs the message authentication code, the ciphertext and the unique value;
the message integrity detection module is used for receiving the packed message by the receiver, unpacking the packed message to obtain a ciphertext, a unique value and a received message authentication code, calling a quantum key and poly1305 algorithm to calculate to obtain a plaintext and a calculated message authentication code, and comparing whether the calculated message authentication code is the same as the received message authentication code to authenticate the integrity of the message;
the quantum key and the plaintext are used for obtaining a message authentication code through a poly1305 algorithm, and a hash key K is generated by using a main key K H And an encryption key K E Then the input message M is encoded into the input format required by the hash function, and then the encoded message is stored in the hash key K H Under the control of (3), hashing the hash by a hash function, and finally obtaining a hash value H in an encryption key K E The encryption is carried out under the control of (1), and the result is the message authentication code MAC; the method specifically comprises the following steps:
step 1, key preprocessing
Dividing the acquired 32-byte quantum key into the first 16 bytes and the second 16 bytes as a hash key K respectively H And an encryption key K E
Step 2, message preprocessing
Acquiring byte length l of a message plaintext, and rounding-up w and rounding-down t of l/16 to prepare for a subsequent plaintext packet;
dividing plaintext into 16-bit blocks c i If the length of the last packet is less than 16 bits, directly reserving the packet and not processing the packet;
in each group c i Pre-insert the byte with value 0x01, and put each packet c i Conversion into an unsigned integer c i
Step 3, message hashing
Firstly, a hash key K is obtained H Converting into an unsigned integer r, making the number of message packets as s, and then computing a hash value:
H'=(c 1 *r s +c 2 *r s-1 +...c s *r l )mod prime(130)
H=H'mod2 128
wherein prime (130) is less than 2 130 Maximum prime number of 2 130 -5, H represents a hash value, H' represents an intermediate variable;
step 4, terminating the operation
Converting the hash value H into a bit string, using an encryption key K E Obtaining S through an encryption algorithm, converting the S into an integer, and calculating mac (H + S) mod2 128 And then converted into a bit string and output.
CN202011218901.XA 2020-11-04 2020-11-04 Strong authentication method and system based on quantum symmetric key Active CN112311554B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011218901.XA CN112311554B (en) 2020-11-04 2020-11-04 Strong authentication method and system based on quantum symmetric key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011218901.XA CN112311554B (en) 2020-11-04 2020-11-04 Strong authentication method and system based on quantum symmetric key

Publications (2)

Publication Number Publication Date
CN112311554A CN112311554A (en) 2021-02-02
CN112311554B true CN112311554B (en) 2022-08-12

Family

ID=74326092

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011218901.XA Active CN112311554B (en) 2020-11-04 2020-11-04 Strong authentication method and system based on quantum symmetric key

Country Status (1)

Country Link
CN (1) CN112311554B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113179160B (en) * 2021-04-15 2022-03-18 中国电子科技集团公司第三十研究所 Optimal input code length processing method and unit suitable for amplifying private key in QKD
CN114095259B (en) * 2021-11-23 2024-04-16 中国银行股份有限公司 Authentication encryption and decryption device and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904726A (en) * 2012-11-08 2013-01-30 中国科学院信息工程研究所 Classical channel message authentication method and device for quantum key distribution system
EP3213458A1 (en) * 2014-10-30 2017-09-06 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
CN109343173A (en) * 2018-12-06 2019-02-15 安徽问天量子科技股份有限公司 A kind of interferometer that hybrid waveguide is integrated

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6157974B2 (en) * 2013-07-31 2017-07-05 株式会社東芝 TRANSMITTER, RECEIVER, QUANTUM KEY DISTRIBUTION (QKD) QUANTUM KEY DISTRIBUTION SYSTEM AND QUANTUM KEY DISTRIBUTION METHOD

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102904726A (en) * 2012-11-08 2013-01-30 中国科学院信息工程研究所 Classical channel message authentication method and device for quantum key distribution system
EP3213458A1 (en) * 2014-10-30 2017-09-06 Alibaba Group Holding Limited Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
CN109343173A (en) * 2018-12-06 2019-02-15 安徽问天量子科技股份有限公司 A kind of interferometer that hybrid waveguide is integrated

Also Published As

Publication number Publication date
CN112311554A (en) 2021-02-02

Similar Documents

Publication Publication Date Title
US9172529B2 (en) Hybrid encryption schemes
JP3421950B2 (en) Non-deterministic mixture generator stream encryption system
CN109818741B (en) Decryption calculation method and device based on elliptic curve
CN102024123B (en) Method and device for importing mirror image of virtual machine in cloud calculation
CN109688098B (en) Method, device and equipment for secure communication of data and computer readable storage medium
CN111614621B (en) Internet of things communication method and system
CN112311554B (en) Strong authentication method and system based on quantum symmetric key
Terec et al. DNA security using symmetric and asymmetric cryptography
CN115632880B (en) Reliable data transmission and storage method and system based on state cryptographic algorithm
CN107249002B (en) Method, system and device for improving safety of intelligent electric energy meter
CN106788960A (en) A kind of method and device of key agreement
CN115001775B (en) Data processing method, device, electronic equipment and computer readable storage medium
CN111600948B (en) Cloud platform application and data security processing method, system, storage medium and program based on identification password
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN114567431A (en) Security authentication method for unidirectional transmission
CN115022102A (en) Transmission line monitoring data transmission method and device, computer equipment and storage medium
CN113965382A (en) Tamper-proof method for bidding supervision list data encryption algorithm
CN111490874B (en) Distribution network safety protection method, system, device and storage medium
EP2571192A1 (en) Hybrid encryption schemes
CN113784342B (en) Encryption communication method and system based on Internet of things terminal
CN115174085A (en) Data secure transmission method based on RSA encryption
CN112907247A (en) Block chain authorization calculation control method
CN111431721A (en) IBE-based Internet of things equipment encryption method in intelligent medical environment
CN114745192B (en) Communication method, system, equipment and medium
CN113923029B (en) Internet of things information encryption method based on ECC (error correction code) hybrid algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant