CN112422283B - Quantum key transmission method - Google Patents

Quantum key transmission method Download PDF

Info

Publication number
CN112422283B
CN112422283B CN202011303633.1A CN202011303633A CN112422283B CN 112422283 B CN112422283 B CN 112422283B CN 202011303633 A CN202011303633 A CN 202011303633A CN 112422283 B CN112422283 B CN 112422283B
Authority
CN
China
Prior art keywords
key
quantum
pool
data
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011303633.1A
Other languages
Chinese (zh)
Other versions
CN112422283A (en
Inventor
谢四江
冯雁
刘念
阎亚龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Original Assignee
BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE filed Critical BEIJING ELECTRONIC SCIENCE AND TECHNOLOGY INSTITUTE
Priority to CN202011303633.1A priority Critical patent/CN112422283B/en
Publication of CN112422283A publication Critical patent/CN112422283A/en
Application granted granted Critical
Publication of CN112422283B publication Critical patent/CN112422283B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Abstract

The embodiment of the specification discloses a quantum key transmission method, wherein in the key data synchronization process, a key sending end transmits a key fragment together with position information and length information of the key fragment, and a key receiving end records the key fragment based on the position information and the length information of the key fragment. Correspondingly, the key receiving terminal can simply and efficiently judge which fragments have errors or lost packets in the transmission process according to the position information and the length information of the key fragments which are actually received. The key receiving end can only use the correctly received key fragments to use the keys, and the key sending end is complete corresponding to the stored keys, so that the corresponding decryption keys can be effectively extracted according to the encryption keys used by the key receiving end, and normal decryption of the data is ensured. Therefore, the data encryption transmission based on the quantum key can be realized without complicated error control and data check and retransmission in the key transmission process.

Description

Quantum key transmission method
Technical Field
The present disclosure relates to the field of quantum cryptography, and in particular, to a method for transmitting a quantum key.
Background
With the development of quantum cryptography, quantum key distribution has become a research hotspot for students as a typical application of quantum cryptography. By building a quantum secret communication network, a secret key pool is built on each network node, secret communication among the network nodes is realized, and quantum key distribution of the whole network can be realized. Similar to the traditional TCP/IP network, the quantum secret network can generate transmission errors and can generate 'errors' or 'packet loss' phenomena in the key transmission process, so that a certain error processing mechanism is needed, and the accuracy and the reliability of the transmission quantum key transmission are ensured.
Conventional TCP/IP network transmission uses specific network protocols such as TCP protocol, ARQ protocol, ICMP protocol for error control, through which two communication parties can perform error-free data transmission on a communication line where errors may occur, but the protocol requires multiple information interactions of the two communication parties, so as to ensure that the transmitted data packets are accurate. The quantum secret communication network fills keys in the key pools of all network nodes, information interaction among the nodes is protected by key encryption in the key pools, and multiple times of information interaction can cause consumption and waste of key resources, so that protocols in the TCP/IP network cannot be effectively applied to the quantum secret communication network. There is thus a great need for a quantum key transmission method that can be adapted to a quantum secure communication network.
Disclosure of Invention
An object of the embodiments of the present disclosure is to provide a quantum key transmission method, which can improve key transmission efficiency and effectively reduce resource waste in a key transmission process.
The present specification provides a quantum key transmission method implemented in the following manner:
a quantum key transmission method is applied to a quantum communication system, and the system comprises at least one network node. The network node comprises at least one child node corresponding to a different communication layer. A pair of first key pools are correspondingly distributed in adjacent sub-nodes of the same communication layer. The adjacent sub-nodes are two sub-nodes which carry out information encryption transmission based on a quantum key shared between the two sub-nodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes. A second key pool is arranged in at least part of the child nodes of the same communication layer; the second key pools are arranged in pairs in the two sub-nodes, and the pair of second key pools corresponds to a pair of first key pools of a communication layer which is next to the communication layer where the pair of second key pools are located. The pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools. The communication layer is arranged in the sequence from top to bottom, and the sequence is the sequence of quantum key transmission in the network node. The method comprises the following steps. Taking a second key pool with a key filling requirement as a current second key pool, and taking another second key pool which is arranged in pairs with the current second key pool as a target second key pool; and taking the child node of the current second key pool as the current child node. Determining a key synchronization path corresponding to the current second key pool; the key synchronization path is a key transmission path for realizing quantum key agreement in a pair of second key pools. And determining a first key pool, which fills the quantum key into the current second key pool, in the current child node based on the key synchronization path, as a designated first key pool. And taking out at least part of quantum keys from the appointed first key pool and filling the quantum keys into the current second key pool. Splitting the at least part of quantum keys to obtain at least one quantum key fragment. For any quantum key fragment, acquiring position information and length information of the quantum key fragment; and transmitting the quantum key fragments and the position information and the length information of the quantum key fragments to a target second key pool based on the key synchronization path. And storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments.
In other embodiments of the method provided in the present disclosure, when determining that a first key pool has a key filling requirement, adjacent sub-nodes of other communication layers except for an uppermost communication layer take at least part of quantum keys from a second key pool corresponding to the first key pool and located at a previous communication layer, and transmit the quantum keys to the first key pool having the key filling requirement.
In other embodiments of the method provided in the present disclosure, a pair of first key pools corresponding to the current second key pool and the target second key pool and located in a next communication layer are respectively used as the current first key pool and the target first key pool. Correspondingly, the child node where the current first key pool is located is used as a first receiver of data transmission, the child node where the target first key pool is located is used as a first sender of data transmission, and the following method is executed to carry out quantum key encryption data transmission. A first sender acquires synchronous quantum key data stored in the target first key pool; the synchronous quantum key data refers to a quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronous path. The first sender extracts quantum key data segments with specified lengths from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the subkey segment is free of key data missing. The first sender encrypts transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the first receiver; and transmitting the location information and the length information of the at least one sub-key segment to the first receiver. The first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and decrypting the received encrypted transmission data by using the extracted corresponding quantum key data segment.
In other embodiments of the method provided in the present disclosure, the service applications corresponding to the current second key pool and the target second key pool are respectively used as a second sender and a second receiver of data transmission, and the following manner is executed to perform quantum key encrypted data transmission. The second sending party sends an encryption key use request to the target child node; the target child node is the child node where the target second key pool is located. The target child node obtains synchronous quantum key data stored in the target second key pool; the synchronous quantum key data refers to a quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronous path. The target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the subkey segment is free of key data missing. And the target sub-node feeds back the position information and the length information of the at least one sub-key segment to the second sender. The second sender encrypts the transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the second receiver; and transmitting the location information and the length information of the at least one sub-key segment to the second receiver. And the second receiver sends a decryption key use request to the current sub-node according to the received position information and the length information of at least one sub-key segment. And the current sub-node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one sub-key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver. And the second receiver decrypts the received encrypted transmission data by utilizing the received corresponding quantum key data segment.
In other embodiments of the method provided in the present specification, the transmitting the quantum key shard and the location information and the length information of the quantum key shard to the target second key pool based on the key synchronization path includes the following steps. Determining each adjacent child node on the key transmission path based on the key synchronization path; and taking the child node of the target second key pool as a target child node. And encrypting and transmitting the quantum key fragments, the position information and the length information of the corresponding quantum key fragments hop by hop based on the quantum keys in the determined first key pools of the adjacent child nodes, and transmitting the encrypted and transmitted quantum key fragments and the position information and the length information of the corresponding quantum key fragments to the target child nodes. And filling the quantum key fragments received by the target child nodes into the target second key pool based on the position information and the length information of the corresponding quantum key fragments.
In other embodiments of the methods provided herein, each child node within the network node performs data transmission based on an IP communication protocol. Accordingly, the fetched at least part of the quantum key is transferred to the first key pool where there is a need for key filling based on the IP communication protocol.
In other embodiments of the methods provided herein, at least a portion of the quantum key fetched based on SSL protocol is transferred to the first pool of keys where there is a need for key filling.
In other embodiments of the methods provided herein, when the number of quantum keys in a first key pool is less than a first preset threshold, it is determined that a key filling requirement exists for the corresponding first key pool.
In other embodiments of the methods provided herein, when the quantum key storage in the second key pool is less than a second preset threshold, it is determined that a key filling requirement exists for the corresponding second key pool.
In the quantum key transmission method provided by one or more embodiments of the present disclosure, in a key data synchronization process, a key sending end transmits a key fragment together with position information and length information of the key fragment, and a key receiving end records the key fragment based on the position information and the length information of the key fragment. Correspondingly, based on the position information and the length information of the key fragments actually received by the key receiving end in the using process, the method can simply and efficiently judge which fragments have errors or packet loss in the transmission process. The key receiving end only uses the correctly received key fragments to use the key, and sends the encrypted data, the position information and the length information of the used key to the key sending end. When the key sending terminal receives the encrypted data, the key sending terminal can extract corresponding key data based on the received position information and length information of the key and perform decryption processing. Therefore, complicated error control and data check and retransmission in the key transmission process are not needed, the key transmission efficiency is improved, and the resource waste in the key transmission process is effectively reduced.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some of the embodiments described in the present description, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
fig. 1 is a schematic diagram of a quantum communication system architecture in some embodiments provided herein;
fig. 2 is a schematic diagram of a quantum communication system architecture in other embodiments provided herein;
FIG. 3 is a key pool layout schematic of a quantum communication system in some embodiments provided herein;
FIG. 4 is a key pool layout schematic of a quantum communication system in further embodiments provided herein;
FIG. 5 is a schematic diagram of quantum key data synchronization in some embodiments provided herein;
FIG. 6 is a schematic diagram of quantum key data synchronization in other embodiments provided herein;
FIG. 7 is a schematic diagram of quantum key data synchronization in other embodiments provided herein;
FIG. 8 is a schematic diagram of quantum key data storage in some embodiments provided herein;
FIG. 9 is a schematic diagram of a quantum key data storage in further embodiments provided herein;
fig. 10 is a schematic diagram of quantum key data extraction in some embodiments provided herein.
Detailed Description
In order that those skilled in the art will better understand the technical solutions in this specification, a clear and complete description of the technical solutions in one or more embodiments of this specification will be provided below with reference to the accompanying drawings in one or more embodiments of this specification, and it is apparent that the described embodiments are only some embodiments of the specification and not all embodiments. All other embodiments, which may be made by one or more embodiments of the disclosure without undue effort by one of ordinary skill in the art, are intended to be within the scope of the embodiments of the disclosure.
The present specification embodiments provide a quantum communication system that may include at least one network node. The network node may comprise at least one child node corresponding to a different communication layer. A pair of first key pools are correspondingly distributed in adjacent sub-nodes of the same communication layer. The adjacent sub-nodes can refer to two sub-nodes which carry out information encryption transmission based on a quantum key shared between the two sub-nodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes. A second key pool is arranged in at least part of the child nodes of the same communication layer. The second key pools are arranged in pairs in the two sub-nodes, and the pair of second key pools corresponds to a pair of first key pools of a communication layer which is next to the communication layer where the pair of second key pools are located. The pair of second key pools is used for storing quantum keys required by the corresponding pair of first key pools. The communication layer is arranged in the sequence from top to bottom, and the sequence is the sequence of quantum key transmission in the network node.
Fig. 1 is a schematic diagram of the overall architecture of a quantum communication system provided in one application scenario example of the present specification. As shown in fig. 1, the system is divided from a layout location and a physical connection relationship, and may include a plurality of network nodes. The network nodes may include network nodes located on the ground and network nodes located on satellites. The network nodes located on the ground can be further divided into ground station network nodes for ground-to-satellite communication and local area network nodes for ground-to-ground station communication.
For example, as shown in fig. 1, the ground stations a and B located in different areas may be respectively provided with a quantum communication device, and the satellite S may also be provided with a quantum communication device. The quantum communication device may include devices that enable quantum key production, storage, and distribution. The quantum communication devices arranged on the ground station A, the ground station B and the satellite S can be respectively used as different network nodes. The same region may include only one network node, or may include a plurality of network nodes. Referring to fig. 1, for different users, different lan network nodes, such as lan access node B, lan node C, and lan node D, may also be correspondingly configured. Thus constructing and obtaining the 'heaven and earth integrated' quantum key transmission architecture.
Only one integrated device implementing quantum key production, storage and distribution functions may be included within one network node. Alternatively, a network node may also include a system of devices that each perform a different function. Of course, a network node may also comprise a system of integrated devices. The description is not intended to be limiting.
The different network nodes can be connected through optical fibers or similar photon lines, so that quantum key sharing among the different network nodes is realized, and quantum key encryption transmission of information among downstream service applications corresponding to the different network nodes is realized. The security of information transmission between devices or components in the same network node is generally higher, and the possibility of cutting information is less, so that information transmission can be performed by adopting an information transmission mode such as an IP protocol (Internet Protocol ) in a TCP/IP network system.
As shown in fig. 1, the system is divided from the communication level and may comprise at least different communication layers. The communication layer can be divided into a key production layer and a key service layer, for example. The key production layer may be used for the production and distribution of quantum keys. The key service layer can be used for receiving the quantum key produced by the key production layer and providing the quantum key for the corresponding service application so that the service application can carry out information encryption transmission based on the quantum key. In some embodiments, a key exchange layer may be further configured between the key production layer and the key service layer. The key exchange layer can be used for transmission of quantum keys, network routing, management of key distribution of quantum communication systems and the like. The number of node layers of the key production layer, the key exchange layer and the key service layer can be configured according to the needs, and the number of node layers of the key production layer, the key exchange layer and the key service layer corresponding to different ground stations or local area network access points, local area network user nodes and the like can also be different, and the method is not limited herein.
Fig. 2 is a schematic diagram of a layered design of a quantum communication system. As shown in fig. 2, in one example scenario, the quantum communication system may include a key production layer, a key exchange layer, and a key service layer. Wherein,
the key production layer can be arranged in network nodes of the quantum ground network and satellite network nodes. The key production layer may be coupled to a quantum key production device (Quantum Key Distribution, QKD) for receiving quantum key data produced by the QKD and for key distribution to other communication layers.
QKD devices for quantum key production may be deployed within network nodes to enable quantum key production. The key production devices of the network nodes may be connected by optical fibers or similar photonic lines. Correspondingly, the generated quantum key data are consistent through the optical fiber or the similar photon lines between key production devices which are connected through the optical fiber or the similar photon lines, so as to encrypt and decrypt the data transmitted between the corresponding network nodes. The quantum key produced by the key production device may be stored directly into the key pool of the key production layer.
A key exchange layer, through which the key production layer can transfer the QKD-generated quantum keys to the key service layer. Correspondingly, the key exchange layer can be also provided with key exchange equipment (Quantum Key Exchange, QKX) which is mainly responsible for quantum key transmission, network routing, key service system management and the like.
And the key service layer requests quantum key data from the key exchange layer and provides the quantum key data for corresponding business applications. Correspondingly, the key service layer can be also provided with key service devices (Quantum Key Service, QKS), QKS devices can be in butt joint with each service application, and key sharing and synchronization can be carried out between the two ends QKS devices corresponding to the service application needing key distribution, so that the quantum key distribution to the service application is realized.
In the embodiment of the present disclosure, for convenience of description, different communication layers in each network node may be respectively used as different sub-nodes.
As shown in fig. 1, ground station a may be followed by SQKD-a (key production sub-node a in communication with the satellite), one or more layers of key exchange sub-nodes, and QKS-a (key service sub-node a); QKS-A may be connected to a plurality of service applications APP-A1, APP-A2, … …, APP-An. The quantum key produced by SQKD-A can be transmitted to QKS-A and QKS-A through the key exchange sub-nodes, and then the quantum key is transmitted to the service application, so that the service application can carry out encrypted transmission on information. Under local area network node D there is QKD-D (key generation subnode D), one or more layers of key exchange subnodes, QKS-A (key service subnode D); QKS-D can be connected with a plurality of service applications APP-D1, APP-D2, … …, APP-Dn.
The quantum key produced by QKD-D may be transmitted to QKS-D, QKS-D via the key exchange child node, which in turn transmits the quantum key to the service application for encrypted transmission of information by the service application. Assuming that the APP-A1 and the APP-D1 need to transmit information, quantum keys can be obtained from QKS-A, QKS-D respectively so as to transmit information in an encrypted manner and decrypt the information to obtain corresponding information.
Of course, the above layout manner is a preferred example, and in the implementation, flexible designs such as the number of network nodes, the number of layers, the relationship between network nodes, etc. may be performed on this basis, which is not limited herein. And the distribution process of the quantum key is completed through the cooperation of the layering and the design of the node communication structure.
Each network node may be configured with a key pool. The key pools are distributed in pairs in the network nodes of the two communication parties and are used for storing quantum keys shared between the network nodes of the two communication parties so as to realize the encryption transmission and decryption of information by utilizing the shared quantum keys between the two network nodes or between service applications corresponding to the network nodes. In this embodiment of the present disclosure, the key pool may be divided into a first key pool and a second key pool.
A pair of first key pools may be correspondingly disposed in adjacent sub-nodes of the same communication layer. The adjacent sub-nodes can refer to two sub-nodes which carry out information encryption transmission based on a quantum key shared between the two sub-nodes in the same communication layer. The first key pool stores quantum keys shared by corresponding adjacent child nodes.
A pair of first key pools may be configured in the key production layer sub-nodes of two network nodes that directly establish a connection through optical fibers or similar photonic lines. Accordingly, the quantum key data produced by the key production device may be stored in the first key pool corresponding to the sub-node of the key production layer. Because the quantum keys produced by the two network nodes are consistent through optical fibers or photon lines, the quantum keys of a pair of first key pools configured in the corresponding key production layer sub-nodes are also consistent, and the quantum keys can be used for data transmission between the two key production layer sub-nodes. Accordingly, the two key production layer children may be considered as neighboring children.
For example, as shown in fig. 1, when the ground station a and the ground station B are directly connected to the satellite S through photon lines, a pair of first key pools NP are respectively arranged corresponding to the SQKD-a sub-node of the ground station a and the SQKD-B sub-node of the ground station B AS 1 NP and NP BS 1 . SQKD-A and NP in SQKD-S AS 1 The quantum keys stored in the storage unit are consistent, so that the quantum keys are used for encrypting and decrypting transmission data between the SQKD-A and the SQKD-S. SQKD-B and NP in SQKD-S BS 1 The quantum keys stored in the storage unit are consistent, so that the quantum keys are used for encrypting and decrypting the transmission data between the SQKD-B and the SQKD-S. Correspondingly, the SQKD-A sub-node and the SQKD-S sub-node are a pair of adjacent sub-nodes, and the SQKD-B sub-node and the SQKD-S sub-node are a pair of adjacent sub-nodes.
Of course, for other communication layers, two sub-nodes in the same communication layer that perform information encryption transmission based on a quantum key shared between the two sub-nodes may be used as neighboring sub-nodes. And a pair of first key pools may be disposed in the adjacent sub-nodes for storing quantum keys shared by the corresponding adjacent sub-nodes. The quantum keys in the first key pool may be filled and synchronously processed by the key-producing layer sub-nodes of the respective network node to obtain quantum keys shared by the respective neighboring sub-nodes, in addition to the key-producing layer.
A second key pool may also be disposed within at least some of the child nodes of the same communication layer. The second key pools are also arranged in pairs in the two sub-nodes, and one pair of the second key pools corresponds to an adjacent sub-node of a next communication layer of the communication layer where the pair of the second key pools are located. The pair of second key pools may store quantum keys shared by corresponding adjacent child nodes. The communication layer is arranged in the sequence from top to bottom, and the sequence is the sequence of quantum key transmission in the network node.
For convenience of description, in the embodiment of the present disclosure, the arrangement order of different communication layers from top to bottom is the order of quantum key transmission in the network node, that is, the order of transferring the quantum keys produced by the quantum key production device from the key production layer to the key service layer by layer, and is the order of transferring the quantum keys from top to bottom layer by layer. Correspondingly, the key production layer is located at the uppermost layer, and the key service layer is located at the lowermost layer. Of course, the above description of the layout order is only for convenience of illustration, and does not constitute a direct limitation on the specific architecture of the embodiments of the present disclosure.
As shown in fig. 3, each network node may be configured with multiple communication layers based on the need, and the communication layers correspondingly configured by different network nodes may be different. It is assumed that the first communication layer of each network node in fig. 3 is a key production layer, and in addition, each network node may further sequentially arrange one or more communication layers as required, which are respectively used as the second communication layer, the third communication layer, and so on.
If communication needs to be established between the second communication layer sub-nodes of some two network nodes. As in A of FIG. 3 2 And C 2 The child node needs to establish communication, and can be arranged at the two child nodes A 2 、C 2 A pair of first key pool (Neighbor pool) NPs are correspondingly configured AC 2 For storing the two child nodes A 2 、C 2 Quantum keys required for communication between. Correspondingly, can be at A 2 And C 2 The child node A of the last communication layer (i.e. the first communication layer) in the network node 1 And C 1 A pair of second key pools (Cross Pool) CP is configured AC 1 . Correspondingly, the pair of second key pools CP AC 1 With the first key pool NP AC 2 Corresponding to each other. The same approach may be used for configuring the first key pool and the corresponding second key pool for the child nodes of the other communication layers.
Based on the above scenario example, if a communication connection is established between two sub-nodes, a pair of first key pools may be configured correspondingly in the two sub-nodes, and a pair of second key pools may be configured correspondingly in the sub-node at the last communication layer of the corresponding network node. Correspondingly, each adjacent sub-node of each other communication layer except each adjacent sub-node of the first communication layer corresponds to a pair of second key pools in the last communication layer. That is, in the quantum communication system constructed by the above configuration, any pair of the second key pools arranged in each of the child nodes corresponds to a neighboring child node of a communication layer next to the communication layer in which the pair of the second key pools is located.
In some embodiments, the security of information transmission between the communication layers in the same network node is generally higher, the possibility of cutting information is less, and the information transmission mode such as a protocol in a TCP/IP network can be directly adopted without collecting the information encryption transmission mode based on quantum communication. Accordingly, the quantum key in the same network node can be transmitted from the key production layer sub-node to the key service layer sub-node layer by layer through a TCP/IP network protocol, and then provided for the corresponding service application to carry out quantum encryption communication.
Based on the above-described quantum communication system, the distribution and transmission of the quantum key can be performed in the following manner.
For adjacent child node a in fig. 3 2 And C 2 After the configuration of the first key pool NP is completed in the way AC 2 A corresponding second key pool CP AC 1 Thereafter, the first key pool NP may be presented AC 2 Filling of quantum key and synchronization processing are performed to make NP AC 2 The quantum key shared by the corresponding adjacent sub-nodes is stored in the memory to realize the adjacent sub-node A 2 And C 2 Information is transmitted in an encrypted mode.
Each sub-node of the same network node adopts integrated configuration, and is composed of sub-node A 2 The filling of the quantum key and the synchronization process are initiated by the network node A as an example and are described as follows. Of course, in the actual application scenario, if each child node corresponds to a processor, the child node a may also 2 Filling of the quantum key and synchronization processing is initiated. Of course, sub-node C in practical application 2 Or C 2 The network node C where it is located may also initiate the filling of the quantum key and the synchronisation process.The corresponding key filling and execution subject initiated by the synchronization process may be determined according to the actual hardware design manner and the application scenario processing manner, which is not limited herein.
Network node a may be at NP AC 2 CP AC 1 After the configuration is completed, the key filling is initiated, and the sub-node A of the key production layer is followed 1 Is the first key pool NP of (2) AC 1 Writing the extracted partial quantum key into a second key pool CP AC 1 Is a kind of medium. The network node a may synchronize the extracted quantum key to C either simultaneously with the padding process or after completion of the padding process 1 Is a second key pool CP of (2) AC 1 Is a kind of medium.
In some embodiments, network node a may first determine synchronization to C 1 Is a second key pool CP of (2) AC 1 Key synchronization path in (a). The network node a may determine a key synchronization path corresponding to the present synchronization process based on parameter information such as the network node, the child node, and the key pool of the present synchronization process.
In some embodiments, the key synchronization path may be preconfigured and stored. For example, the key synchronization path corresponding to the current synchronization process may be obtained from a storage device based on parameter information such as the network node, the child node, and the key pool of the current synchronization process. In an actual application scene, the paths for key synchronization can correspond to one or more paths, and the path with the minimum jump times among the nodes can be used as the key synchronization path in advance and stored based on the corresponding network nodes, sub-nodes, key pools and other parameter information. Of course, the above-mentioned path optimization method is merely illustrative, and may be configured according to needs in a specific application scenario. Alternatively, a plurality of paths may be stored at the same time, and then, a preferable condition may be set to screen the key synchronization path of the present synchronization process.
Alternatively, in other embodiments, the key synchronization path may not be preconfigured, topology architecture information of the quantum communication system is stored in a storage device of the network node, and the server of the network node selects, in real time, the key synchronization path corresponding to the present synchronization process according to parameter information such as the network node, the child node, and the key pool of the present synchronization process, or further referring to preconfigured preferred conditions.
Assuming that the key synchronization path corresponding to the synchronization process is adjacent sub-node A 1 And S is equal to 1 Adjacent child node S 1 And B is connected with 1 Neighboring child node B 1 And C 1 And synchronize to C 1 Is a second key pool CP of (2) AC 1 Then network node a may be from a 1 Is the first key pool NP of (2) AS 1 Take out A 1 And S is equal to 1 Shared quantum key K AS K can then be used AS Encrypting the key, and encrypting the encrypted quantum key AS And the key synchronization path is sent to the child node S of the network node S 1 . As may be transmitted to the sub-node S 1 Is locally cached. The network node S can be a slave S 1 Is the first key pool NP of (2) AS 1 The consistency key K is fetched AS K can then be used AS For key AS And (5) performing decryption processing to obtain a key. The keys can also be cached locally first. The cached data is then cleaned up after the key is encrypted and transmitted to the next hop child node. Alternatively, the cached data may be cleaned up periodically. The following hop-by-hop key transmission may be used to store the key in the same or similar manner as in the present embodiment, which will not be described in detail below. And if the key synchronization path is also encrypted, decrypting the encrypted key synchronization path to obtain the key synchronization path.
The network node S may then synchronize the path from S based on the key 1 Is the first key pool NP of (2) BS 1 Take out S 1 And B is connected with 1 Shared quantum key K BS K can then be used BS Encrypting the key, and encrypting the encrypted quantum key BS And a sub node B of which the key synchronization path is transmitted to the network node B 1 . The network node B may be a slave B 1 Is the first key pool NP of (2) BS 1 The consistency key K is fetched BS K can then be used BS For key BS And (5) performing decryption processing to obtain a key. And if the key synchronization path is also encrypted, decrypting the encrypted key synchronization path to obtain the key synchronization path.
The network node B may then repeat the above steps, utilizing B with the key and key synchronization path 1 And C 1 The corresponding quantum key in the first key pool is encrypted and transmitted to the child node C 1 . Finally, network node C can populate the key to QKD-C based on the key synchronization path 1 Is a second key pool CP of (2) AC 1 And finishing the synchronous processing.
Based on the above example of a scenario, in some embodiments, the shared quantum key within the second key pool may be obtained in the following manner. And when the second key pool is determined to have the key filling requirement, taking the second key pool with the key filling requirement as a current second key pool, and taking another second key pool which is arranged in pairs with the current second key pool as a target second key pool. And taking the child node of the current second key pool as the current child node. Determining a key synchronization path corresponding to the current second key pool; the key synchronization path is a key transmission path for realizing quantum key agreement in a pair of second key pools. And determining a first key pool for filling the quantum key into the current second key pool based on the key synchronization path as a designated first key pool. And taking out at least part of quantum keys from the appointed first key pool and filling the quantum keys into the current second key pool. Transmitting the fetched at least part of the quantum key to the target second key pool based on the key synchronization path.
Wherein the transmission of the fetched at least part of the quantum key into the target second key pool based on the key synchronization path may comprise the following steps. And determining each adjacent child node on the key transmission path based on the key synchronization path. And taking the child node of the target second key pool as a target child node. And correspondingly, based on the shared quantum key stored in the first key pool of each adjacent child node, carrying out hop-by-hop encryption transmission on at least part of the extracted quantum keys, and transmitting the at least part of the extracted quantum keys to the target child node. And filling at least part of the extracted quantum keys received by the target child nodes into the target second key pool.
In other embodiments, network node A or C may each be configured from a corresponding CP AC 1 Extracting key from the tree, and filling the key into adjacent child nodes A 2 And C 2 Is the first key pool NP of (2) AC 2 Is a kind of medium.
Based on the above quantum communication system, the network nodes A, C can be respectively connected with the corresponding CPs based on the IP communication protocol AC 1 Extracting key from the tree, and filling the key into adjacent child nodes A 2 、C 2 Is the first key pool NP of (2) AC 2 Is a kind of medium. In some embodiments, the network node A, C may also respectively fill the extracted quantum key to the neighboring child nodes a based on SSL (Secure Sockets Layer, secure socket layer) protocol 2 、C 2 Is the first key pool NP of (2) AC 2 Is a kind of medium. Of course, other communication protocols may be used for secure transmission, without limitation.
When quantum keys are extracted from the corresponding second key pools and the first key pools of adjacent child nodes are filled with quantum keys, a full-fill manner may be employed. That is, all quantum key data stored therein may be extracted from the respective second key pools and filled into its corresponding pair of first key pools located at the next communication layer. By means of the full-scale filling, the convenience of quantum key filling can be improved. In other embodiments, a non-full population manner may be adopted, and accordingly, the key population instruction may include a key from a corresponding CP AC 1 Extracting key parameter information to enable the network node C to be controlled from the corresponding CP AC 1 Extracting corresponding quantum key from the data, and filling the data into NP AC 2 In the middle, guarantee child node A 2 And C 2 The first key pool NP in (a) AC 2 Is provided for the consistency of the quantum key data.
Based on the above scenario examples, in some embodiments, when determining that a first key pool has a key filling requirement, adjacent sub-nodes of other communication layers except the uppermost communication layer may take at least part of quantum keys from a second key pool corresponding to the first key pool and transmit the quantum keys to the first key pool having the key filling requirement.
In the case that each sub-node in the network node performs data transmission based on the IP communication protocol, at least part of the extracted quantum key may be transmitted to the first key pool with the key filling requirement based on the IP communication protocol. Furthermore, at least part of the extracted quantum key can be safely transmitted to the first key pool with the key filling requirement based on the SSL protocol.
In other embodiments, a key filling requirement determination mechanism may be configured for each of the first key pool and the second key pool. The network node may determine whether the respective first and second key pools require key filling based on the respective key filling requirement determination mechanism. In some embodiments, the key filling requirement determining mechanism may be, for example, that a quantum key storage amount in the first key pool or the second key pool is smaller than a preset threshold.
Accordingly, when the quantum key storage amount in the second key pool is smaller than a second preset threshold value, it can be determined that the key filling requirement exists in the corresponding second key pool. And determining that the corresponding first key pool has a key filling requirement when the quantum key number in the first key pool is smaller than a first preset threshold value. Based on the judging mechanism, the network node or the child node can initiate filling and synchronous processing of the quantum key when determining that the quantum key storage amount in each first key pool or each second key pool is smaller than a corresponding preset threshold value. The first preset threshold value and the second preset threshold value can be configured according to the communication requirements of the sub-nodes or service applications corresponding to the first key pool or the second key pool and the requirements of the layer-by-layer transmission of the keys, so that the flexibility of key filling is improved.
For example, network node A is determining the sub-Node A 2 First Key pool NP AC 2 When the storage amount of the intermediate quantum key is smaller than the corresponding first preset threshold value, the intermediate quantum key can be selected from the corresponding CP AC 1 Extracting key and filling the key into a child node A 2 Is the first key pool NP of (2) AC 2 Is a kind of medium. And, can be directed to the corresponding child node C 2 Transmitting a key filling instruction to cause the network node C to move from the corresponding CP AC 1 Extracting key from the tree, and filling the key into a child node C 2 Is the first key pool NP of (2) AC 2 Is a kind of medium.
If network node A is determining sub-node QKD-A 1 Is a second key pool CP of (2) AC 1 When the storage amount of the intermediate quantum key is smaller than the corresponding second preset threshold value, the intermediate quantum key storage amount can be selected from QKD-A 1 Is the first key pool NP of (2) AC 1 The extracted quantum key is filled into a second key pool CP AC 1 Is a kind of medium. And, the extracted quantum key can be synchronized to the sub-node QKD-C based on the above synchronization processing method 1 Is a second key pool CP of (2) AC 1 Is a kind of medium.
The above-mentioned key filling requirement determining mechanism is preferably exemplified, and in practical application, other key filling requirement determining mechanisms may be adopted, such as setting filling time, etc., which is not limited herein.
The key pool design mode and the key transmission scheme provided by the embodiment of the specification can be suitable for different quantum secret communication network structures, node equipment or network protocols, can be simultaneously suitable for a quantum ground network, a quantum satellite network or a 'heaven-earth integrated' mixed network consisting of the quantum ground network and the satellite network, have stronger universality, and can be popularized and used in various currently known quantum secret communication network design schemes. Namely, the key pool design mode and the key transfer scheme provided by the embodiments can realize the layer-by-layer transfer of the quantum key by directly utilizing the loop iteration of the first key pool pair between adjacent sub-nodes and the second key pool pair correspondingly arranged on the last communication layer, and does not need to distinguish which communication layer the equipment needing to be communicated works on, and what communication mode is adopted among the equipment of the communication layer, thereby greatly improving the simplicity and universality of quantum key transfer.
Based on the solutions provided by the foregoing embodiments, the embodiments of the present disclosure further provide a service application scenario example, so as to further illustrate, corresponding to a service application, the practicality of the solutions provided by the foregoing embodiments.
As shown in fig. 4, for example, the service applications APP-1 to APP-m correspond to key service layer sub-node a of network node a 3 Key service layer sub-node P of network node P corresponding to business application APP-1' to APP-m 3 . Information transmission is carried out between APP-1 and APP-1', between APP-2 and APP-2', and between APP-m and APP-m ' of … …, respectively. Can be used in A according to the information transmission requirement 3 P 3 A pair of second key pools is correspondingly configured, and quantum keys required by a corresponding pair of business applications in information transmission are stored in the second key pools. Accordingly, when a pair of service applications performs information transmission, any one of the service applications can extract quantum key data from the second key pool corresponding to the service application, encrypt the transmission information, and send the encrypted transmission data to another service application. The other business application can extract the quantum key data from the corresponding second key pool, and then decrypt the received encrypted transmission information to obtain the transmission information.
In determining A 3 P 3 When the quantum key storage amount of any second key pool is smaller than the corresponding preset threshold value, the key synchronization path corresponding to the second key pool can be determined first, and the determination mode can be implemented by referring to the embodiment. Suppose that is A 3 Second key pool CP corresponding to medium APP-1 AP 3,1 The quantum key storage amount in the key pool is smaller than a corresponding preset threshold value, and a second key pool CP is determined AP 3,1 The corresponding key synchronization path is adjacent child node A 3 And C 3 Adjacent child node C 3 And P 3 And synchronize to P 3 Is a second key pool CP of (2) AP 3,1 . Based on the key synchronization path, the direction A can be determined 3 A second key pool CP in (a) AP 3,1 First key pool NP with key filling AC 3 . First Key pool NP AC 3 Namely A is 3 And C 3 The corresponding first key pool.
That is, the first key pool and the second key pool in the child node are not necessarily one-to-one, and in an actual application scenario, the first key pool of the key may be determined to be filled into the second key pool based on the key synchronization path corresponding to the second key pool. Network node a may then select from the first pool of keys NP AC 3 Extracting quantum key-1 from the data, and filling the data into a second key pool CP AP 3,1 Is a kind of medium. Meanwhile, the extracted quantum key-1 can also be based on the first key pool NP AC 3 The quantum key in the data is encrypted and transmitted to the child node C 3 . Child node C 3 After decryption, key-1 is based on the first key pool NP CP 3 The quantum key in the data is encrypted and transmitted to the child node P 3 . Child node P 3 After decryption, key-1 may be padded to P 3 A second key pool CP in (a) AP 3,1 . The synchronization processing manner may be specifically implemented with reference to the above-described embodiments, and will not be explained here.
By the method, the quantum keys in the second key pools corresponding to the service applications can be synchronously filled, the service applications directly extract the quantum keys from the corresponding second key pools and carry out information encryption transmission, and the quantum keys are distributed simply and efficiently.
In an actual application scene, the corresponding second key pool can be flexibly configured according to the requirements of service application, and meanwhile, the communication connection relation among all sub-nodes of an upper communication layer can be flexibly configured based on the key filling requirements of the second key pool, so that the key synchronization path is effectively shortened, and the key filling and synchronization processing efficiency is improved.
In the process of configuring the communication connection relation among all the sub-nodes of the upper communication layer, a first key pool corresponding to the sub-nodes needing to establish communication and a second key pool corresponding to the sub-nodes can be directly configured in the sub-nodes, and then, the consistency filling of the quantum keys of the newly configured key pools can be realized by utilizing a key filling and synchronous processing mechanism, so that the communication construction among the sub-nodes and the consistency filling of the quantum keys are simply and conveniently realized. Meanwhile, when the redundant communication connection relation occurs, the corresponding first key pool and second key pool can be directly removed, and the cleaning of the redundant communication relation can be completed on the basis that the whole communication system is not affected substantially. Therefore, based on the scheme provided by the embodiment of the specification, the whole quantum communication system can be constructed more simply, conveniently and flexibly, and the expansibility is stronger.
Based on the above quantum communication system, some embodiments provided in the present specification further provide a quantum key transmission method, which may include the following steps.
S00: taking a second key pool with a key filling requirement as a current second key pool, and taking another second key pool which is arranged in pairs with the current second key pool as a target second key pool; taking the child node of the current second key pool as a current child node; and taking the child node of the target second key pool as a target child node.
The following steps S01-S05 may be performed with the current child node or the network node where the current child node is located as an execution body. Of course, the execution subject of each step may be determined based on the actual hardware layout, which is not limited herein.
S01: determining a key synchronization path corresponding to the current second key pool; the key synchronization path is a key transmission path for realizing quantum key agreement in a pair of second key pools.
S02: and determining a first key pool, which fills the quantum key into the current second key pool, in the current child node based on the key synchronization path, as a designated first key pool.
S03: and taking out at least part of quantum keys from the appointed first key pool and filling the quantum keys into the current second key pool.
S04: splitting the at least part of quantum keys to obtain at least one quantum key fragment.
S05: for any quantum key fragment, acquiring position information and length information of the quantum key fragment; and transmitting the quantum key fragments and the position information and the length information of the quantum key fragments to a target second key pool based on the key synchronization path.
For step S05, in the process of transmitting the key synchronization path, each neighboring sub-node may perform the steps of quantum key encryption, encryption transmission, and decryption by using the sub-node to which the quantum key is transmitted in pieces or the network node where the sub-node is located as an execution body, respectively.
The following step S06 may be performed by taking the target child node or the network node where the target child node is located as an execution body. Of course, the execution subject of each step may be determined based on the actual hardware layout, which is not limited herein.
S06: and storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments.
A maximum transmission unit (Maximum Transmission Unit, MTU) may be set to divide the keys in the key Pool Cross Pool into several slices according to the size of the MTU. Wherein the MTU is used to limit the key data size of a single transmission. The MTU size can be set according to actual needs, so that the influence on the use of the whole key when the key data is lost is reduced. The network node may determine the key synchronization path by querying the routing table. As shown in fig. 5, each child node of the path to the destination node may be found, and each child node may be divided into a current child node, one or more intermediate child nodes, and a target child node, for example. And encrypting the key fragments by using the quantum keys shared by adjacent child nodes in the key synchronization path, and sequentially until the target child node. The processing manner of synchronizing each key fragment from the current child node to the target child node may be implemented with reference to the above embodiment, which is not described herein.
As shown in fig. 6, it is assumed that the key synchronization path corresponding to a certain synchronization process is as follows, and the current child node is T 1 The intermediate child nodes are respectively T 2 、T 3 … …, target child node T m . The sub-synchronous processing of the quantum key data to be transmitted is key, and the key can be the key from T 1 And T is 2 And the quantum key data is taken out from the corresponding first key pool. Assuming that the execution body is each child node, child node T 1 Key may be written to child node T 1 Corresponding to T 1 And T is m Is a second key pool CP of (2) 1m
As shown in fig. 7, the child node T 1 The key may be further partitioned into n key slices per MTU: k (K) 1 、K 2 、K 3 、…、K n . Accordingly, the specific synchronization process of each key fragment is performed as follows.
(1) Child node T 1 Determining the next hop child node T according to the key synchronization path 2
(2) Child node T 1 Slave child node T 1 And T is 2 Is the first key pool NP of (2) 12 Extracting the quantum key K 12 Then, utilize K 12 To key sharding K 1 OTP (One Time Password, one-time password) protection is performed.
(3) Child node T 1 Will protect the K 1 、K 1 Key Length (Length) L of (a) 1 、K 1 At the child node T 1 A second key pool CP in (a) 1m Is set by (a) and (b) 1 (offset), K 12 Key length L of (2) 12 K is as follows 12 At the child node T 1 The first key pool NP in (a) 12 Is set by (a) and (b) 12 Transmitted to child node T 2
(4) Child node T 2 Receiving child node T 1 After the data is transmitted, according to K 12 Key length and K of (a) 12 Is set by (a) and (b) 12 Slave child node T 2 The first key pool NP in (a) 12 Take out key K 12 For the protected K 1 、K 1 Key length L of (2) 1 、K 1 Is set by (a) and (b) 1 Decrypting to obtain K 1 、L 1 Offset 1
(5) Child node T 2 Will be treated in a similar manner to (1) - (4) 1 、L 1 Offset 1 To the next hop node T 3 . And so on until K 1 、L 1 Offset 1 Transmitted to child node T m
(6) Child node T m Obtaining K 1 、L 1 Offset 1 Thereafter, according to L 1 Offset 1 Will K 1 Write child node T m A second key pool CP in (a) 1m
(7) Likewise, for K 2 、K 3 、…、K n The equal key fragments are also transmitted to T according to the processing modes of (1) - (6) m A second key pool CP in (a) 1m
As shown in fig. 8, each key fragment K is transferred and written by the above-described key fragment transfer and writing method 1 、K 2 、K 3 、…、K n Sequentially written to the second key pool CP according to its corresponding offset and Length 1m . If each child node transmits K 1 、K 2 、K 3 、…、K n During the transmission of some key fragments, such as the loss of key fragment data or the error of key data during the transmission, resulting in T m If the corresponding key fragment is not received, a hole is formed at the corresponding position, namely the key fragment data is missing.
As shown in fig. 7 and 8, let K be 1 、K 2 、K 3 、…、K n In the process of equal-key slicing transmission, key slicing K i (1. Ltoreq.i.ltoreq.n) and K j (1.ltoreq.j.ltoreq.n and i.noteq.j) fails to transmit at the intermediate child node,
(1)K i is the next key fragment K of (2) i+1 Reach child node T m At the time, child node T m According to K i+1 Is set by (a) and (b) i+1 L and i+1 will K i+1 Write second Key pool CP 1m Is a kind of medium. Thus, the child node T m Is a second key pool CP of (2) 1m Corresponds to K i A "hole" will appear in that segment of the region, namely child node T 1 Is a second key pool CP of (2) 1m With K i While child node T m Is a second key pool CP of (2) 1m Only reserve K i Without the key data filling, as shown in the left-hand diagram of fig. 8.
(2) Child node T m Can record K i Offset of (2) i And length L i
(3) Similarly, when K j Is the next key fragment K of (2) j+1 Reach child node T m At the time, child node T m According to K j+1 Offset of (2) i And length L i Will K j+1 Write second Key pool CP 1m Is a kind of medium. Thus, the child node T m Is a second key pool CP of (2) 1m Corresponds to K j A "hole" will also appear in that region of (i) the child node T 1 Is a second key pool CP of (2) 1m With K j While child node T m Is a second key pool CP of (2) 1m Only reserve K j Is not filled with key data.
(4) Child node T m Can record K j Offset of (2) j And length L j
Based on the above scenario example, in some embodiments, the transmitting the quantum key shard and the location information and the length information of the quantum key shard to the target second key pool based on the key synchronization path may include the following steps. Determining each adjacent child node on the key transmission path based on the key synchronization path; and taking the child node of the target second key pool as a target child node. Encrypting and transmitting the quantum key fragments, the position information and the length information of the corresponding quantum key fragments hop by hop based on the quantum keys in the determined first key pools of the adjacent child nodes, and transmitting the encrypted and transmitted quantum key fragments and the position information and the length information of the corresponding quantum key fragments to the target child nodes; and filling the quantum key fragments received by the target child nodes into the target second key pool based on the position information and the length information of the corresponding quantum key fragments. Of course, other ways of characterizing the present invention may be used in practice, and are not limited thereto.
In this way, the quantum key data synchronized to the second key pool may have a missing key data, and in this embodiment of the present disclosure, error correction may not be performed on the key data in the second key pool, so as to avoid further consumption of the key data in the error correction process.
When the quantum key is extracted from the second key pool and the key filling is carried out on the first key pool of the next communication layer corresponding to the second key pool, the extracted quantum key can be directly written into the corresponding first key pool through an IP communication protocol. Accordingly, when the adjacent sub-node encrypts and transmits the transmission data by using the quantum key data in the first key pool, the sub-node initiating the data transmission in the adjacent sub-node, namely the data sender, can encrypt the transmission data by using the quantum key data synchronously transmitted in the first key pool corresponding to the adjacent sub-node.
For example, for the scenario example above, T m CP of (c) 1m Corresponding to store the slave T m Directly filled quantum key from a first key pool of (c) and a second key pool of (c) from T 1 A synchronized transmitted quantum key; likewise, T 1 CP of (c) 1m Corresponding to store the slave T 1 Directly filled quantum key from a first key pool of (c) and a second key pool of (c) from T m Is provided. The quantum keys which are filled and synchronously processed at this time can be respectively marked in the second key pool.
T can be set m CP of (c) 1m Middle slave T m The first key pool of (2) is directly filled with the quantum key, and the mark is filled with quantum key data; will T m CP of (c) 1m Middle slave T 1 And the quantum key which is synchronously transmitted based on the key synchronous path is identified as synchronous quantum key data. For T 1 CP of (c) 1m Can be identified in the same manner. Alternatively, the two quantum keys may also be stored separately in a data table of the respective identifications. Of course, the above identifiers are merely examples, and do not constitute a direct limitation of the corresponding quantum key data storage manner of the present application. The identification mode and the storage mode can be set by a person skilled in the relevant technical field according to the need.
Assume CP 1m Corresponding toThe first key pool of the next communication layer of (a) is NP 1m ,NP 1m The adjacent child nodes are respectively T 1 ' and T m '。T 1 ' and T m ' Slave T 1 And T m CP of (c) 1m Extract quantum key, T 1 And T m Writing the extracted quantum key to T via IP communication protocol 1 ' and T m ' NP 1m In (C), then T 1 ' and T m ' NP 1m The corresponding quantum key is directly filled and the quantum key is synchronously transmitted. T (T) 1 And T m Writing extracted quantum key to T through IP communication protocol 1 ' and T m ' NP 1m The identification information associated with the quantum key may be transmitted together. Accordingly, the quantum key may be written to T based on the identification information associated with the quantum key 1 ' and T m ' NP 1m Is a kind of medium.
In other embodiments, the first key pool and the second key pool may be further divided to obtain sub-key pools, which are respectively identified as a first synchronous sub-key pool, a first filler sub-key pool, and a second synchronous sub-key pool and a second filler sub-key pool. Correspondingly, T m CP of (c) 1m May include a second sync sub-key pool CP 1m-2 Second filler key pool CP 1m-1 。NP 1m May include a first pool of sync sub-keys NP 1m-2 First filler pool NP 1m-1 . Then from T m The first key pool of (2) is directly filled with the quantum key, and can be written into the CP 1m-1 The method comprises the steps of carrying out a first treatment on the surface of the From T 1 Based on the quantum key transmitted synchronously by the key synchronous path, the CP can be written in 1m-2 . For T 1 CP of (c) 1m The molecular key pool can be divided in the same way, and the quantum key written. T (T) 1 And T m Writing extracted quantum key to T through IP communication protocol 1 ' and T m ' NP 1m In (c), can be respectively from CP 1m-1 、CP 1m-2 Respectively taking out the quantum key and correspondingly writing into NP 1m-1 、NP 1m-2 Is a kind of medium.
Data senders may utilize NPs 1m The transmission data is encrypted by the synchronous quantum key. The data sender may extract the quantum key data segment for encryption based on the Offset and the length L of the key data missing portion in the synchronous quantum key such that the quantum key data segment for encryption has no key missing.
In some embodiments, e.g. from a position Offset 0 Start extracting a specified length L 0 If no missing part of the key data is involved, the extracted quantum key data segment accordingly comprises only one sub-key segment, which starts at Offset 0 Length L 0
From a certain position Offset 0 Start extracting a specified length L 0 If the missing part of the key data is involved, the Offset from a certain position is extracted 0 Starting to the sub-key segment of the first key missing part and recording the start position Offset of the sub-key segment 0 Length information L 1 . Then, skipping the missing part of the first key, and continuing to extract the quantum data until the sum of the lengths of all the extracted sub-key segments is L 0 . Correspondingly, the extracted quantum key data segment can comprise two or more sub-key segments, and the starting position and the length information of each sub-key segment are recorded.
Accordingly, the data sender may extract a quantum key data segment for encryption according to the Offset and the length L of the missing portion of the key data in the synchronous quantum key, and the extracted quantum key data segment may include at least one sub-key segment. The data sender may record location information and length information of the at least one sub-key segment.
The data sender may encrypt the transmission data using the extracted quantum key data segment and send the encrypted transmission data to the data receiver, i.e., the child node receiving the transmission data in the neighboring child node. The data sender may also send the location information and the length information of at least one sub-key segment of the extracted quantum key data segments to the data receiver. The data sender may send the encrypted dataAnd transmitting the position information and the length information of at least one sub-key segment in the extracted quantum key data segments to a data receiver together. Alternatively, the data transmitter may transmit the location information and the length information of one sub-key segment to the data receiver every time one word key segment is extracted. The data receiver may use the location information and the length information of the at least one sub-key segment from the NP of the data receiver 1m The corresponding quantum key data segment for decryption is extracted to decrypt the encrypted transmission data.
By the method, in the using process, the key receiving terminal can simply and efficiently judge which fragments have errors or packet losses in the transmission process according to the position information and the length information of the key fragments which are actually received. The key receiving end only uses the correctly received key fragments to use the keys, and the key sending end is complete corresponding to the stored keys, so that the corresponding decryption keys can be effectively extracted according to the encryption keys used by the key receiving end, and normal decryption of data is ensured. Therefore, the data encryption transmission based on the quantum key can be realized without complicated error control and data check and retransmission in the key transmission process, and the resource waste in the key transmission process is effectively reduced.
In one example scenario, NP 1m The key data stored therein is shown in FIG. 9, T 1 ' and T m The encrypted data transmission can be performed in the following manner.
(1)T m The' application is for encrypted quantum key data segment key, and the designated length of the application is length. The designated length can be determined according to actual needs. For example, the transmission information to be encrypted is a quantum key with length, based on the corresponding encryption algorithm, T m The quantum key data segment used for encryption of the' application is also length.
(2)T m ' from first Key pool NP 1m The rules for extracting the quantum key data segment are as follows.
(1) First-in first-out, i.e. bottom-up, fetching key data segments from the first key pool as shown in fig. 10.
(2) If the first key pool NP 1m In the above, when there is no hole in the area covered between the current Offset and the offset+Length, T is m 'directly fetching a Length-Length quantum key data segment key, length' of the key, and the key in the first key pool NP 1m Is the same as Length at this time. The extracted quantum key data segment includes a sub-key segment whose position information is Offset and Length.
(3) If the first key pool NP is determined from the record of missing key data 1m In the above, there is a hole in the area covered between the current Offset and the offset+length, as shown in fig. 10. Then T is m 'first, the quantum key data of Length' is taken out, and at this time, length 'is not equal to Length and Length' < Length. Quantum key data between the extracted Offset and the offset+Length' is taken as a first subkey segment. The first subkey segment is in the first key pool NP 1m The starting position of (2) is Offset and the Length is Length'.
Assume that the Length of the first hole is Length 1 Skipping the first hole, and extracting the next subkey segment from the first hole at the initial position of offset 1 =offset+Length’+Length 1 . Then, can be offset 1 For the initial position, extract Length 1 'quantum key data of Length-Length' Length. If offset 1 And offset 1 +Length 1 ' without covering the cavity, ending the extraction, and extracting the offset 1 And offset 1 +Length 1 The quantum key data between' is used as the second sub-key segment. The second sub-key segment starts at an offset 1 Length of Length 1 '. Correspondingly, the extracted quantum key data segment comprises a first sub-key segment and a second sub-key segment.
If offset 1 And offset 1 +Length 1 Covering a cavity between' and taking the cavity as a second cavity to extract the offset 1 Quantum key data between the first hollow and the initial position of the second hollow is used as a second sub-key segment, and the second sub-key is recordedSegment start position offset 1 Length 1 '. Then, the second hole is skipped, and the initial position of the next sub-key segment extracted is offset 2 =offset 1 +Length 1 ’+Length 2 Wherein, length 2 Is the length of the second void. Then, can be offset 2 For the initial position, extract Length 2 ’=Length-Length’-Length 1 ' length quantum key data. If offset 2 And offset 2 +Length 2 And if the space is not covered, ending the extraction. Will offset 2 And offset 2 +Length 2 The quantum key data between' is used as the third subkey segment. If the hole is covered, repeating the similar processing steps, extracting the third subkey segment, and skipping the hole to continue the extraction of the next subkey segment. And so on until the overall length of the extracted quantum key data is equal to length. (3) T (T) m ' encrypt the transmission data by using key, and transmit the position information and length information of at least one sub-key segment in key to T when transmitting the encrypted transmission data 1 '。
(4)T 1 After 'receiving the position information and the length information of at least one sub-key segment in the key', the key can be obtained from T 1 First pool of keys NP in 1m And extracting the quantum key data segment key corresponding to the corresponding position information and the length information. Then T 1 And decrypting the received encrypted transmission data by using the extracted key to obtain the transmission data.
Based on the above scenario examples, in some embodiments, a pair of first key pools corresponding to the current second key pool and the target second key pool and located in the next communication layer may be used as the current first key pool and the target first key pool, respectively. Correspondingly, the child node where the current first key pool is located is used as a first receiver of data transmission, the child node where the target first key pool is located is used as a first sender of data transmission, and the following method is executed to carry out quantum key encryption data transmission.
S101: a first sender acquires synchronous quantum key data stored in the target first key pool; the synchronous quantum key data refers to a quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronous path.
S102: the first sender extracts quantum key data segments with specified lengths from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the subkey segment is free of key data missing.
S103: the first sender encrypts transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the first receiver; and transmitting the location information and the length information of the at least one sub-key segment to the first receiver.
S104: the first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and decrypting the received encrypted transmission data by using the extracted corresponding quantum key data segment.
If CP 1m Corresponding to the business application, the child node T is assumed 1 、T m The corresponding service applications are APP-i and APP-i ', respectively, and the APP-i and APP-i' can transmit encrypted data in the following manner.
(1) APP-i' to T m The quantum key data segment key for encryption is applied, and the length of the application is length. The specified length may be determined by the quantum key size required for the service application to transmit the data.
(2)T m From the second key pool CP 1m The rules for extracting the quantum key data segment are as follows.
(1) First-in first-out, i.e. bottom-up, fetching key data segments from the second key pool as shown in fig. 10.
(2) If the second key pool CP 1m In the above, when there is no hole in the area covered between the current Offset and the offset+Length, T is m Directly extracting the Length of the quantum key data segment key and the Length Le of the keyThe length' and key are in the first key pool CP 1m Is the same as Length at this time. The extracted quantum key data segment includes a sub-key segment whose position information is Offset and Length.
(3) If T m Determining a second key pool CP from a record of missing key data 1m In the above, there is a hole in the area covered between the current Offset and the offset+length, as shown in fig. 10. Then T is m Key quantum key data of Length ' is fetched, where Length ' is not equal to Length and Length ' < Length. Quantum key data between the extracted Offset and the offset+Length' is taken as a first subkey segment. The first subkey segment is in the second key pool CP 1m The starting position of (2) is Offset and the Length is Length'.
Assume that the Length of the first hole is Length 1 Skipping the first hole, and extracting the next subkey segment from the first hole at the initial position of offset 1 =offset+Length’+Length 1 . Then, can be offset 1 For the initial position, extract Length 1 'quantum key data of Length-Length' Length. If offset 1 And offset 1 +Length 1 ' without covering the cavity, ending the extraction, and extracting the offset 1 And offset 1 +Length 1 The quantum key data between' is used as the second sub-key segment. The second sub-key segment starts at an offset 1 Length of Length 1 '. Correspondingly, the extracted quantum key data segment comprises a first sub-key segment and a second sub-key segment.
If offset 1 And offset 1 +Length 1 Covering a cavity between' and taking the cavity as a second cavity to extract the offset 1 Quantum key data between the first sub-key segment and the initial position of the first cavity is used as the first sub-key segment, and the initial position offset of the first sub-key segment is recorded 1 Length 1 '. Then, the second hole is skipped, and the initial position of the next sub-key segment extracted is offset 2 =offset 1 +Length 1 ’+Length 2 Wherein, length 2 Is the length of the second void. Then, can be offset 2 For the initial position, extract Length 2 ’=Length-Length’-Length 1 ' length quantum key data. If offset 2 And offset 2 +Length 2 And if the space is not covered, ending the extraction. Will offset 2 And offset 2 +Length 2 The quantum key data between' is used as the third subkey segment. If the hole is covered, repeating the similar processing steps, extracting the third subkey segment, and skipping the hole to continue the extraction of the next subkey segment. And so on until the overall length of the extracted quantum key data is equal to length.
(3)T m The method comprises the steps of sending position information and length information of at least one sub-key segment in a key and the key to a service application APP-i ', encrypting transmission data by the APP-i' through the key, and sending the position information and the length information of the at least one sub-key segment in the key to the APP-i when the encrypted transmission data are sent.
(4) After APP-i receives the position information and the length information of at least one sub-key segment in the key, the APP-i transmits the position information and the length information to T 1 And applying for a decryption key, wherein parameters corresponding to the key data segment are position information and length information of at least one sub-key segment in the key.
(5)T 1 Can be from T 1 A second key pool CP in (a) 1m And extracting the quantum key data segment key corresponding to the corresponding position information and the length information. And then feeding back to the service application APP-i.
(6) And the service application APP-i decrypts the received encrypted transmission data by using the extracted key to obtain the transmission data.
Based on the above scenario examples, in some embodiments, the service applications corresponding to the current second key pool and the target second key pool may be respectively used as a second sender and a second receiver of the data transmission, and perform the following manner to perform quantum key encrypted data transmission.
S201: the second sending party sends an encryption key use request to the target child node; the target child node is the child node where the target second key pool is located. The encryption key use request may include address information of the second sender, instruction information to acquire quantum key data for encryption, and the like.
S202: the target child node obtains synchronous quantum key data stored in the target second key pool; the synchronous quantum key data refers to a quantum key received by the target second key pool and transmitted from the designated first key pool based on a key synchronous path.
S203: the target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the subkey segment is free of key data missing.
S204: and the target sub-node feeds back the position information and the length information of the at least one sub-key segment to the second sender.
S205: the second sender encrypts the transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the second receiver; and transmitting the location information and the length information of the at least one sub-key segment to the second receiver.
S206: and the second receiver sends a decryption key use request to the current sub-node according to the received position information and the length information of at least one sub-key segment. The decryption key use request may include address information of the second receiver, location information and length information of at least one sub-key segment received by the second receiver, instruction information for obtaining quantum key data corresponding to the location information and the length information of the at least one sub-key segment, and the like. S207: and the current sub-node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one sub-key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver.
S208: and the second receiver decrypts the received encrypted transmission data by utilizing the received corresponding quantum key data segment.
According to the key distribution and use method provided by the embodiment, when the keys are synchronized, the writing of the key fragments is performed based on the position information and the length information of each key fragment, when the key is used, the key data segments without data missing are directly extracted to perform encryption processing of the keys, and the position information and the length information of the corresponding key data segments are sent to the other party, so that the other party extracts the corresponding key data segments based on the corresponding position information and the length information, and decryption processing can be achieved. Therefore, after the key synchronization processing, the data encryption transmission by utilizing the quantum key can be simply and conveniently realized without carrying out additional error correction processing on the quantum key data, and the simplicity of the data encryption transmission based on the quantum key is improved. Meanwhile, the waste of the quantum key can be avoided, and the use ratio of the quantum key is improved.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. Specific reference may be made to the foregoing description of related embodiments of the related process, which is not described herein in detail.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The present description embodiments are not limited to cases that are necessarily compliant with standard data models/templates or described in the present description embodiments. Some industry standards or embodiments modified slightly based on the implementation described by the custom manner or examples can also realize the same, equivalent or similar or predictable implementation effect after modification of the above examples. Examples of data acquisition, storage, judgment, processing, etc., using these modifications or variations are still within the scope of alternative embodiments of the present description.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present specification. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the disclosure. Various modifications and alterations to this specification will become apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present description, are intended to be included within the scope of the claims of the present description.

Claims (9)

1. A quantum key transmission method, characterized by being applied to a quantum communication system, the system comprising at least one network node; the network node comprises at least one child node corresponding to a different communication layer; a pair of first key pools are correspondingly distributed in adjacent sub-nodes of the same communication layer; the adjacent sub-nodes are two sub-nodes which carry out information encryption transmission based on a quantum key shared between the two sub-nodes in the same communication layer; the first key pool stores quantum keys shared by corresponding adjacent child nodes; a second key pool is arranged in at least part of the child nodes of the same communication layer; the second key pools are arranged in pairs in the two sub-nodes, and the pair of second key pools corresponds to a pair of first key pools of a communication layer which is next to the communication layer where the pair of second key pools are positioned; the pair of second key pools are used for storing quantum keys required by the corresponding pair of first key pools; the communication layer is arranged in the sequence from top to bottom, wherein the sequence of quantum key transmission in the network node is the sequence of quantum key transmission in the network node; the method comprises the following steps:
Taking a second key pool with a key filling requirement as a current second key pool, and taking another second key pool which is arranged in pairs with the current second key pool as a target second key pool; taking the child node of the current second key pool as a current child node;
determining a key synchronization path corresponding to the current second key pool; the key synchronization path is a key transmission path for realizing the consistency of quantum keys in a pair of second key pools;
determining a first key pool of the current sub-node, which fills the quantum key into the current second key pool, based on the key synchronization path, as a designated first key pool;
retrieving at least part of quantum keys from the appointed first key pool to fill the quantum keys into the current second key pool;
splitting the at least part of quantum keys to obtain at least one quantum key fragment;
for any quantum key fragment, acquiring position information and length information of the quantum key fragment; transmitting the position information and the length information of the quantum key fragments to a target second key pool based on the key synchronization path;
and storing the corresponding quantum key fragments in the target second key pool based on the position information and the length information of the quantum key fragments.
2. The method of claim 1, wherein when it is determined that a key filling requirement exists in a first key pool, adjacent sub-nodes of other communication layers than the uppermost communication layer extract at least part of quantum keys from a second key pool corresponding to the first key pool and transmit the quantum keys to the first key pool with the key filling requirement.
3. The method according to claim 2, wherein a pair of first key pools corresponding to the current second key pool and the target second key pool and located in a next communication layer are respectively used as the current first key pool and the target first key pool; correspondingly, the child node where the current first key pool is located is used as a first receiver of data transmission, the child node where the target first key pool is located is used as a first sender of data transmission, and the following method is executed to carry out quantum key encryption data transmission:
the first sender acquires synchronous quantum key data stored in the target second key pool; the synchronous quantum key data refers to a quantum key which is received by the target second key pool and transmitted from the appointed first key pool based on a key synchronous path;
The first sender extracts quantum key data segments with specified lengths from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data missing;
the first sender encrypts transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the first receiver; and transmitting the location information and the length information of the at least one sub-key segment to a first receiver;
the first receiver extracts a corresponding quantum key data segment from the current first key pool according to the received position information and length information of at least one sub key segment; and decrypting the received encrypted transmission data by using the extracted corresponding quantum key data segment.
4. The method of claim 1, wherein the service applications corresponding to the current second key pool and the target second key pool are respectively used as a second sender and a second receiver of the data transmission, and perform quantum key encryption data transmission in the following manner:
the second sending party sends an encryption key use request to the target child node; the target child node is the child node where the target second key pool is located;
The target child node obtains synchronous quantum key data stored in the target second key pool; the synchronous quantum key data refers to a quantum key which is received by the target second key pool and transmitted from the appointed first key pool based on a key synchronous path;
the target child node extracts a quantum key data segment with a specified length from the synchronous quantum key data; acquiring position information and length information of at least one sub-key segment in the extracted quantum key data segment; the sub-key segment has no key data missing;
the target sub-node feeds back the position information and the length information of the at least one sub-key segment to the second sender;
the second sender encrypts the transmission data by using the extracted quantum key data segment and sends the encrypted transmission data to the second receiver; and transmitting the location information and the length information of the at least one sub-key segment to the second receiver;
the second receiver sends a decryption key use request to the current sub-node according to the received position information and length information of at least one sub-key segment;
the current sub-node extracts a corresponding quantum key data segment from the current second key pool based on the position information and the length information of at least one sub-key segment in the decryption key use request, and feeds the corresponding quantum key data segment back to the second receiver;
And the second receiver decrypts the received encrypted transmission data by utilizing the received corresponding quantum key data segment.
5. The method of claim 1, wherein transmitting the quantum key shard and the location information, length information of the quantum key shard to the target second key pool based on the key synchronization path comprises:
determining each adjacent child node on the key transmission path based on the key synchronization path; taking the child node of the target second key pool as a target child node;
encrypting and transmitting the quantum key fragments, the position information and the length information of the corresponding quantum key fragments hop by hop based on the quantum keys in the determined first key pools of the adjacent child nodes, and transmitting the encrypted and transmitted quantum key fragments and the position information and the length information of the corresponding quantum key fragments to the target child nodes; and filling the quantum key fragments received by the target child nodes into the target second key pool based on the position information and the length information of the corresponding quantum key fragments.
6. The method according to claim 2, wherein each sub-node within the network node performs data transmission based on an IP communication protocol; accordingly, the fetched at least part of the quantum key is transferred to the first key pool where there is a need for key filling based on the IP communication protocol.
7. The method of claim 6, wherein transmitting the extracted at least part of the quantum key to the first key pool in which there is a key filling requirement comprises:
at least part of the quantum key fetched based on the SSL protocol is transferred to the first key pool where there is a need for key filling.
8. The method of claim 2, wherein when the number of quantum keys in the first key pool is less than a first preset threshold, determining that a key filling requirement exists for the corresponding first key pool.
9. The method of claim 1, wherein when the quantum key storage in the second key pool is less than a second preset threshold, determining that a key filling requirement exists for the corresponding second key pool.
CN202011303633.1A 2020-11-19 2020-11-19 Quantum key transmission method Active CN112422283B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011303633.1A CN112422283B (en) 2020-11-19 2020-11-19 Quantum key transmission method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011303633.1A CN112422283B (en) 2020-11-19 2020-11-19 Quantum key transmission method

Publications (2)

Publication Number Publication Date
CN112422283A CN112422283A (en) 2021-02-26
CN112422283B true CN112422283B (en) 2024-03-29

Family

ID=74773621

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011303633.1A Active CN112422283B (en) 2020-11-19 2020-11-19 Quantum key transmission method

Country Status (1)

Country Link
CN (1) CN112422283B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2023157174A (en) * 2022-04-14 2023-10-26 株式会社東芝 Cryptographic communication system, cryptographic communication device, and cryptographic communication method
JP2023157175A (en) * 2022-04-14 2023-10-26 株式会社東芝 User base device, cryptographic communication system, and cryptographic communication method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483192A (en) * 2017-08-25 2017-12-15 厦门科华恒盛股份有限公司 A kind of data transmission method and device based on quantum communication
WO2019099526A1 (en) * 2017-11-14 2019-05-23 Alibaba Group Holding Limited Method and system for quantum key distribution and data processing
CN110224815A (en) * 2019-05-08 2019-09-10 北京邮电大学 QKD network resource allocation method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110243331A1 (en) * 2008-12-10 2011-10-06 Nec Corporation Shared random numbers management method and management system in secret communication network

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483192A (en) * 2017-08-25 2017-12-15 厦门科华恒盛股份有限公司 A kind of data transmission method and device based on quantum communication
WO2019099526A1 (en) * 2017-11-14 2019-05-23 Alibaba Group Holding Limited Method and system for quantum key distribution and data processing
CN110224815A (en) * 2019-05-08 2019-09-10 北京邮电大学 QKD network resource allocation method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
量子密钥分发光网络密钥池构建方法;张梓平等;激光与光电子学进展;第56卷(第21期);212703-1~212703-7 *

Also Published As

Publication number Publication date
CN112422283A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US10594672B2 (en) Secure node admission in a communication network
JP5013728B2 (en) System and processing method thereof, and communication apparatus and processing method
Snoeyink et al. A lower bound for multicast key distribution
CN112422283B (en) Quantum key transmission method
CN108574569B (en) Authentication method and authentication device based on quantum key
US20070140480A1 (en) Key update system, key management device, communication terminal, and key information construction method for multihop network
CN112422284B (en) Quantum communication system
KR20120047911A (en) Method for combining authentication and secret keys management mechanism in a sensor network
WO2023082599A1 (en) Blockchain network security communication method based on quantum key
JP7337800B2 (en) Secure content routing using one-time pads
JP2022519688A (en) End-to-end double ratchet encryption with epoch key exchange
WO2011041933A1 (en) Method for key pre-distribution and key establishment in a sensor network
JP2022516352A (en) One-time pad encryption hub
CN102611574A (en) Automatic configuration system and configuration method for VPN (Virtual Private Network)
JP2017050580A (en) Communication system, communication method, control device, control program, communication device and communication program
US11695575B2 (en) Computing device and method for performing a secure neighbor discovery
JP4233437B2 (en) Anonymous data transmission method, anonymous data relay method, anonymous data transmission device, anonymous data relay device, anonymous data transmission program, and anonymous data relay program
Soroush et al. Providing transparent security services to sensor networks
US20170324716A1 (en) Autonomous Key Update Mechanism with Blacklisting of Compromised Nodes for Mesh Networks
Abraham et al. An efficient protocol for authentication and initial shared key establishment in clustered wireless sensor networks
JP5811809B2 (en) Multi-hop communication system, communication apparatus, and communication program
JP4939155B2 (en) Shared encryption key generation device and program thereof
US20160255555A1 (en) Wireless Communication Device as Context Forwarding Entity
JP5664104B2 (en) COMMUNICATION SYSTEM, COMMUNICATION DEVICE, AND PROGRAM
KR101786607B1 (en) Event notification method, device and communication server for performing the method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant