CN113346996A - Quantum-based content-centric network privacy protection method - Google Patents

Quantum-based content-centric network privacy protection method Download PDF

Info

Publication number
CN113346996A
CN113346996A CN202110788763.7A CN202110788763A CN113346996A CN 113346996 A CN113346996 A CN 113346996A CN 202110788763 A CN202110788763 A CN 202110788763A CN 113346996 A CN113346996 A CN 113346996A
Authority
CN
China
Prior art keywords
quantum
ciphertext
key
cloud server
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110788763.7A
Other languages
Chinese (zh)
Other versions
CN113346996B (en
Inventor
张建伟
吴作栋
孙海燕
蔡增玉
朱亮
梁树军
崔梦梦
彭中原
贺倩倩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou University of Light Industry
Original Assignee
Zhengzhou University of Light Industry
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou University of Light Industry filed Critical Zhengzhou University of Light Industry
Priority to CN202110788763.7A priority Critical patent/CN113346996B/en
Publication of CN113346996A publication Critical patent/CN113346996A/en
Application granted granted Critical
Publication of CN113346996B publication Critical patent/CN113346996B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1491Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a content center network privacy protection method based on quanta, which comprises the following steps: encrypting and aggregating the classical ciphertext using the ELGamal algorithm: generating a master public key according to public and private key pairs generated by all participants, generating ciphertexts according to plaintext information of the participants, sending the ciphertexts to a cloud server, aggregating according to the ciphertexts to obtain an aggregated ciphertext, and generating a classic message to be shared according to the aggregated ciphertext; a quantum encryption stage: in the interaction process of all data owners and the cloud server, the data owners convert classical information into quantum information, negotiate a shared key with the cloud server through a BB84 key negotiation protocol, and each data owner encrypts the quantum information by using the data owner; and the eavesdropping behavior is detected by randomly inserting decoy particles, so that the security of the eavesdropping behavior is ensured doubly. The invention ensures the confidentiality of sensitive content exchange between the publisher and the user, can be effectively executed under the condition of not revealing any privacy information, and can safely share and aggregate the content.

Description

Quantum-based content-centric network privacy protection method
Technical Field
The invention relates to the technical field of privacy protection, in particular to a content-centric network privacy protection method based on quanta.
Background
Recently, Cisco published reports predicted that by 2022, the IP traffic flowing through the global network would exceed the sum of traffic between the Internet's original year and the full 32 years of the end of 2016. Where most of the traffic will originate from the content acquisition class application. It is expected that by 2025, IP video traffic alone will account for 82% of all IP traffic (business and consumer), and the traffic generated by consumer-driven digital video content will still grow at a high rate in the coming years. To accommodate the transition of future traffic trends, researchers must provide native support for scalable and efficient content acquisition from the network infrastructure side, while enhancing the network's support for mobility and security. Therefore, the design of the content-centric network is aimed at relieving the severe pressure of the rapid increase of the network traffic on the network bandwidth, and has an important guiding significance on the development of the new generation network. Compared with the traditional TCP/IP network, the CCN (content-centric networking) enables the content to be a main unit of network communication, avoids the phenomenon of repeated transmission of the same content through in-network caching, and can directly send the cached data packet to a requester without forwarding the request to a server when the node receives the same data packet request again. Therefore, the CCN reduces the consumption of network bandwidth resources and accelerates the response speed of the network to the request.
The whole content sharing process of the CCN is shown in fig. 1, and there are two types of contents: interest packets and data packets, wherein the Attacker Attacker, the cache router CR and the Malicious Node Malcious Node. The consumer first sends an interest package to request the data, with the name of the desired content, to facilitate finding the data information. Once the interest packet reaches a node that owns the requested data, the node sends back a data packet carrying the associated name prefix, data content, and signature information of the data owner. The interest packet will leave a path to be followed during forwarding, and the data packet will be returned to the original consumer along this path. Neither interest packets nor data packets carry any host address or interface address. The interest package is based on finding the data provider under the routing mechanism of the interest data name, while the data package also finds the consumer through the record that the interest package leaves at each node. However, just because the content in the CCN is cached widely in the network routing nodes, the following serious threats are brought to the privacy security of the user while the network distribution performance is improved. This is because in a network, the privacy contained in the content includes a user name, a location, and the like. In many cases, most content is easily learned by attackers, and content providers have no control over their data because of the high cost and complexity. Moreover, most schemes are not safe to deliver data to third parties, and leakage of sensitive data may cause huge loss, and the adverse effects are infinitely expanded in a CCN network architecture with efficient transmission characteristics.
To address these ubiquitous CCN security issues, more and more researchers are beginning to apply advanced cryptographic techniques into the CCN architecture. Encrypting content before it is released to an ICN (information centric networking) network can alleviate most security and privacy concerns. The DiBenedetto adopts an onion routing idea to carry out multiple tunnel encryption on the data packet, so that the privacy protection of the CCN/ICN is realized. However, since multiple encryption/decryption operations need to be performed, a large content transmission delay and overhead are introduced. Arianfar proposes a concept of adopting public key encryption and hiding content names and data information, and mixes request target content and mask content names to increase the analysis difficulty and detection cost of an attacker and enhance the privacy protection of a user, but does not provide a specific evidence for resisting network attacks. Misra et al implement access control based on (t +1, n) -Shamir secret sharing Broadcast Encryption (BE) method, which effectively protects the privacy of the requesting user, but the data content is still subject to packet capturing or penetration by attackers into sensitive information during channel transmission. Dijk et al propose a fully homomorphic encryption algorithm (DGHV) based on the difficulty of approximating the maximum common factor, which uses modular arithmetic based on integer encryption instead of complex arithmetic on an ideal lattice, but have the drawback that the length of its public key is still long. Bernardini et al propose to protect the confidentiality of content names and content data by means of proxy re-encryption, confusing the monitoring of malicious nodes. But this also results in significant communication overhead. Feng et al propose a tree-like hierarchical access control structure, which is constructed to limit distribution of content to prevent third party disclosure, and users can still retrieve or return content to legitimate users. Jung et al propose an IBE (identity-based encryption scheme) encryption scheme that can hide the user's identity, and the public parameter and master key computation of the entire system is participated in by all authorities, transparent to the owner of the data, reducing the computational cost of the system, but with a lack of trust between the participants. Li et al innovatively utilize the idea of blockchains and CP-ABE (ciphertext policy-based attribute encryption), design a secure key distribution mechanism by taking blockchains as a trusted third party, and the mechanism can feed behavior records on ICN nodes back to the blockchains faithfully and the records cannot be tampered, and can provide key evidence when defending collusion attack and positioning malicious nodes.
As people's application to the internet has gradually shifted from host-oriented peer-to-peer communication to mass content acquisition, a content-centric network that routes and caches content becomes a promising candidate for future networks. One key feature of content-centric networks is the network built-in caching. The characteristic not only reduces bandwidth resources and network congestion, but also improves the transmission efficiency of consumer content acquisition, and achieves the aim that all nodes cooperate to realize the efficient distribution of the content. However, with the rapid improvement of the computing power of computers, especially the rise of quantum computing technology, a serious challenge is brought to the CCN which relies on the classical cryptographic technology to ensure safety.
Despite the wide application of existing solutions in ICN/CCN, several of the following problems remain a challenge:
(1) the transmission channel is insecure for the data owner when sharing content with other specific consumers. When a consumer in the CCN access control framework wants to share its content with a designated consumer, the data owner only locally uses a conventional encryption means to secure the content, and does not take precautions against network attacks on the channel in the sharing process.
(2) Most content sharing protection protocols utilize third parties to centrally store private data, and the data owner loses control over the shared data, which poses a risk of privacy disclosure.
(3) Some cache routing nodes may be destroyed by an intruder, resulting in information being revealed or tampered with, and the tampered information is then passed on to other CCN nodes. And the cache router administrator may collude with the malicious node to monitor the interests and content of other users for benefits.
Disclosure of Invention
Aiming at the technical problems that a transmission channel is unsafe and privacy is easy to leak when data is shared in the prior art, the invention provides a quantum-based content-centric network privacy protection method, and provides a quantum-based CCN content sharing and aggregation scheme on the basis of combining a CCN architecture, and the quantum cryptography can be used for ingeniously utilizing quantum state unclonable theorem and uncertainty theorem to achieve the purpose of preventing and detecting monitoring; the listener can be found inevitably when the measurement is carried out, and the listener can not copy and store the quantum bit (if the listener monitors and stores the quantum bit which is actually sent and is found inevitably), so even if infinite computing resources are available, effective ciphertext analysis can not be carried out, and the purpose of protecting the privacy information of the user is further achieved.
In order to achieve the purpose, the technical scheme of the invention is realized as follows: a content center network privacy protection method based on quanta comprises the following steps:
the method comprises the following steps: encrypting and aggregating the classical ciphertext using the ELGamal algorithm: all participants including data owners and consumers generate public and private key pairs respectively and send the public and private key pairs to a cloud server, the cloud server aggregates all public keys to generate a master public key and distributes the master public key to all participants, the participants generate ciphertexts according to respective plaintext information and the master public key and send the ciphertexts to the cloud server, and the cloud server aggregates the ciphertexts received from all the participants to obtain an aggregated ciphertext;
step two: a quantum encryption stage: in the process of interacting between a participant and a cloud server, the participant firstly converts classical information to be sent into quantum information, then the cloud server and a data owner share a key I through a BB84 key negotiation protocol, and the data owner encrypts the quantum information into a quantum ciphertext by using the key I; finally, the data owner detects the eavesdropping behavior by randomly inserting decoy particles, so that the security of the data owner is ensured to be double-guaranteed; the cloud server communicates with each data owner, and the privacy protection method for the content exchange between the consumers and the data owners based on quantum double encryption encrypts the classic messages to be shared by using the secret key I;
the cloud server and the consumer share a key II through a BB84 key agreement protocol, the cloud server is communicated with the consumer, and quantum information to be shared is encrypted by using the key II based on a privacy protection method for exchanging contents between the consumer and a data owner of quantum double encryption;
step three: and a quantum decryption stage: after the quantum ciphertext received by the consumer is received, the cloud server firstly forwards the position and the state of the decoy particles in each ciphertext of the consumer, and then the consumer removes the decoy particles and decrypts the quantum ciphertext to obtain the quantum message; finally, the consumer restores the classical message from the comparison of the quantum message and the classical message; and the consumer carries out a distributed decryption algorithm according to the aggregation ciphertext recovered by the private key of the consumer to recover the plaintext information of the classical message.
The number of the participants is n +1, and the n +1 participants comprise n data owners and 1 consumer; the cloud server is a homomorphic credible cloud server, has certain aggregation processing capacity, and can quickly aggregate ciphertext by using the advantages of cloud computing.
The method for aggregating the ciphertext by using the ELGamal algorithm in the first step comprises the following steps:
s1: the cloud server distributes identity Identification (ID) for n +1 participants, and the n +1 participants respectively run a distributed key generation algorithm to generate public and private key pairs: (PK)1,SK1),(PK2,SK2),…,(PKn,SKn),(PKn+1,SKn+1);
Wherein the public and private key pair of the ith participant is
Figure BDA0003160210970000031
SKiIs the private key, PK, of the ith participantiIs the public key of the ith participant, G represents the generator on the cyclic group G;
s2: the n +1 participants share their respective public keys PK1,PK2,...,PKn,PKn+1Sending to a cloud server, and generating a master public key by using the public key:
Figure BDA0003160210970000032
let main private key SK be SK1+SK2+…+SKn+SKn+1If the master public key PK is equal to gSK
S3: the cloud server sends the master public key PK to the n data owners, and the n data owners generate ciphertext by using the master public key PK:
Figure BDA0003160210970000033
wherein r is1,r2,r3,…,rnIs respectively n data congestionRandom number, m, randomly selected by the owner1,m2,m3,…,mnPlaintext for n data owners, respectively;
s4: n data owners respectively encrypt the ciphertext (A)1,B1),(A2,B2),…,(An,Bn) And sending the ciphertext content to a cloud server, and aggregating the ciphertext contents of n data owners by the cloud server to obtain:
Figure BDA0003160210970000034
a and B represent ciphertexts generated after being encrypted by an ELGmal algorithm, and the A and B form the ciphertexts;
s5: the cloud server runs a hidden key protocol with the participants: the cloud server issues the aggregated ciphertext B to all data owners, and all the data owners calculate the ciphertext
Figure BDA0003160210970000036
I.e. therein
Figure BDA0003160210970000035
The privacy protection method for the content exchange between the consumer and the data owner based on the quantum double encryption comprises the following steps: the cloud server and n data owners share an n-bit key through a BB84 key agreement protocol respectively, quantum information is converted into quantum encryption information by a method of randomly inserting decoy particles for safe transmission, and consumers and the data owners obtain identical bit streams in 2 different places and in any sequence; the data owner is an entity for storing the content object for a long time and providing service for the user, namely the content owner for providing service for a specific content request; the consumer is a user authorized to request the content object.
The privacy protection method for exchanging contents between consumers and data owners based on quantum double encryption comprises four components: the method comprises an initialization stage, a quantum key negotiation stage, an encryption stage and a decryption stage, and comprises the following steps:
1) an initialization stage:
(1) the data owner changes the classic message M to be shared into M1||M2||…||MnConversion into quantum message | S>=|S1>|S2>…|Sn>Namely: mt=0=|St>=|0>,Mt=1=|St>=|1>(ii) a Wherein the classical message M t0,1, quantum message | St>={|0>,|1>},t=1,2,…,n;
2) And a key negotiation stage:
(2) data owner and consumer share n-bit key through BB84 key protocol
Figure BDA0003160210970000041
Wherein the content of the first and second substances,
Figure BDA0003160210970000042
represents the tth key;
3) a quantum encryption stage:
(3) data owner using the obtained shared key pair quantum message | S>=|S1>|S2>…|Sn>Carrying out encryption operation to obtain ciphertext information:
Figure BDA0003160210970000043
wherein, | St′>Representing the encrypted quantum ciphertext parameter, wherein H is a quantum encryption operation gate;
(4) data owner according to ciphertext information | St′>Obtain ciphertext | S'>=|S1′>|S2′>…|Sn′>To ciphertext | S'>=|S1′>|S2′>…|Sn′>Adding one piece of decoy particles randomly, and adding the decoy particles to obtain a ciphertext
Figure BDA0003160210970000044
And sending the data to a cloud server; cloud server receiving
Figure BDA0003160210970000045
Then, the data owner tells the cloud server the positions and states of the l decoy particles;
4) and a quantum decryption stage:
(5) the consumer receives the ciphertext transmitted by the cloud server
Figure BDA0003160210970000046
Then, the consumer shares the positions and states of the one decoy particles with the cloud server, and the consumer removes the decoy particles to obtain quantum ciphertext | S'>;
(6) Consumer pair quantum ciphertext | ' S ' with shared Key '>And decrypting to obtain a message:
Figure BDA0003160210970000047
thereby obtaining a quantum message | S>=|S1>|S2>…|Sn>And (4) restoring the classical message M by comparing the quantum message with the classical message in the step (1).
The quantum operating gate satisfies H1=H,H0I, where I is a unit operator, and Hadamard gate
Figure BDA0003160210970000048
The state of the decoy particles is { |0>,|1>,|+>,|->Any one of the above, l is the length of the plaintext.
In the second step, the privacy protection method for exchanging contents between the quantum double-encrypted consumer and the data owner comprises the following steps:
(a1) the cloud server and n data owners share an n-bit key through a BB84 key agreement protocol respectively, wherein a key shared by the ith data owner and the cloud server through a BB84 key agreement protocol is as follows:
Figure BDA0003160210970000049
(b1) classic message to be shared
Figure BDA00031602109700000410
Conversion to quantum message | Q>i=|Q1>i|Q2>i…|Qn>iComprises the following steps:
Figure BDA0003160210970000051
Figure BDA0003160210970000052
Figure BDA0003160210970000053
Figure BDA0003160210970000054
wherein the classical message
Figure BDA0003160210970000055
Quantum message | Qt>={|0>,|1>,|+>,|->1,2, …, n; i denotes a connector, SKiA private key representing participant i;
(c1) ith data owner vs. quantum message | Q>i=|Q1>i|Q2>i…|Qn>iCarrying out encryption operation to obtain a message:
Figure BDA0003160210970000056
wherein i, j is 1,2, …, n;
(d1) according to message | Qj′>iObtain ciphertext | Q'>i=|Q1′>i|Q2′>i…|Qn′>iI th data owner pair ciphertext | Q'>i=|Q1′>i|Q2′>i…|Qn′>iAdding one decoy particle randomly to obtain cipher text
Figure BDA00031602109700000517
And will encrypt the text
Figure BDA00031602109700000518
Sending the data to a cloud server;
(e1) cloud server CS receives ciphertext
Figure BDA0003160210970000059
And then, the ith data owner tells the cloud server the position and the state of the l decoy particles, and the cloud server removes the decoy particles to obtain a quantum ciphertext | Q'>i
(f1) Cloud server pair quantum ciphertext | Q'>iAnd (3) decryption:
Figure BDA00031602109700000519
get quantum message | Q>i=|Q1>i|Q2>i…|Qn>i(ii) a Recovering the classical message from the comparison of the quantum message and the classical message in the step (b1)
Figure BDA00031602109700000511
(g1) Repeating the steps (b1-f1) n times to realize the quantum encryption of the n data owners and the cloud server, and obtaining the classical information of the n data owners by the cloud server
Figure BDA00031602109700000512
In the third step, the privacy protection method for exchanging contents between the consumers and the data owners with quantum double encryption comprises the following steps:
(a2) the cloud server and the consumer share one n-bit key through BB84 key agreement protocol
Figure BDA00031602109700000513
(b2) Classic message of data owner by cloud server
Figure BDA00031602109700000514
Respectively converted into a quantum message, a classic message of the ith data owner according to the method of the step (b1)
Figure BDA00031602109700000515
The subsequent quantum message is | Q>i=|Q1>i|Q2>i…|Qn>i
(c2) Cloud server using secret key K shared with consumern+1Quantum message | Q to ith data owner>i=|Q1>i|Q2>i…|Qn>iAnd (3) carrying out encryption operation:
Figure BDA00031602109700000516
wherein j is 1,2, …, n; | Qj″>iThe jth particle after the classical message representing the ith data owner is converted into the quantum message is encrypted by the cloud server,
Figure BDA0003160210970000061
key K representing sharing of cloud server and consumern+1J-th bit of the key, Qj>iThe classical message representing the ith data owner is converted into the jth particle after the quantum message;
(d2) the ciphertext | Q ″' can be obtained from the previous step>i=|Q1″>i|Q2″>i…|Qn″>iThe ith data owner pair ciphertext | Q ″)>iAdding one piece of decoy particles randomly, and adding the decoy particles to obtain a ciphertext
Figure BDA0003160210970000062
Cloud server for all classic messages
Figure BDA0003160210970000063
All the steps (c2) - (d2) are carried out to obtain ciphertext
Figure BDA0003160210970000064
And sent to the consumer;
(e2) the consumer receives the ciphertext
Figure BDA0003160210970000065
Then, the cloud server tells the position and the state of the decoy particles in each ciphertext of the consumer, the consumer removes the decoy particles, and the quantum ciphertext { | Q ″, is obtained>1,|Q″>2,…,|Q″>n};
(f2) Consumer to quantum ciphertext { | Q ″)>1,|Q″>2,…,|Q″>nCarrying out decryption:
Figure BDA0003160210970000066
obtaining quantum information | Q { | Q>i,|Q>i,…,|Q>i}; then, the classical message is recovered by the contrast of the quantum message and the classical message
Figure BDA0003160210970000067
The distributed decryption algorithm in the quantum decryption stage is as follows:
Figure BDA0003160210970000068
wherein A is a ciphertext parameter encrypted by an ELGmal algorithm, and m is1、m2……mnRespectively, the plaintext of the n data owners.
The process of the BB84 key agreement protocol for distributing keys is:
1) the sender Alice randomly generates a set of 8-bit binary sequence SA
2) The sender Alice then generates another set of 8-bit random sequences MAAs a transmission base sequence, according to the two sequences,the modulation produces 8 photons, and the state of each photon is determined to be:
Figure BDA0003160210970000069
3) the receiver Bob generates a group of 8-bit binary sequence random sequences for selecting a measurement base sequence MB(ii) a The method for selecting the measurement base sequence comprises the following steps:
Figure BDA0003160210970000071
4) the receiver Bob informs the sender Alice of the selected measurement base sequence M through a classical channelB(ii) a Sender Alice compares measurement base sequences MBAnd reserved transmission base sequence MAB, carrying out the following steps of; the sender Alice and the receiver Bob respectively store the correct measurement results of the measurement bases and abandon the wrong measurement results of the measurement bases;
5) the method comprises the steps that a sender Alice and a receiver Bob encode quantum states into binary bits according to a mode of-and/or representing 0, | and \ representing 1, and an original secret key is obtained;
6) finally, the sender Alice and the receiver Bob obtain the same key sequence;
the code system of the ElGamal algorithm is as follows:
(1) and (3) key generation: safely selecting a large prime number p, requiring p-1 to have a large prime number factor, and finding out a primitive element of modulo p
Figure BDA0003160210970000072
Randomly generating an integer a, and calculating: beta-alphaa(ii) a Wherein 1 is<a<p-2,
Figure BDA0003160210970000073
Is a finite field with p elements, and is a multiplication group formed by non-zero elements in the finite field;
(2) and (3) encryption process: selecting a secret random integer x, and calculating a ciphertext c ═ A, B ═ alpha for a plaintext message mx,mβx) (ii) a Wherein 1 is<x<p-1; a and B are two parameters of the encrypted ciphertext respectively;
(3) and (3) decryption process: for ciphertext c, compute message m ═ B (a)a)-1(ii) a And β are both secret parameters encrypted into ciphertext c, and are also elements constituting a public key and a private key;
homomorphism of the ElGamal algorithm: for plaintext m1,m2After encryption, we can get:
Figure BDA0003160210970000074
where D (,) represents a decryption operation and E () represents an encryption operation.
The invention has the beneficial effects that:
(1) the quantum encryption idea is put forward in the CCN for the first time, and a CCN content sharing encryption scheme QCPE2C based on a BB84 protocol is designed to solve the problem of safe distribution of common keys in a classical channel and enable the keys to have the characteristic of absolute privacy; and moreover, the eavesdropping behavior is detected by a method of randomly inserting decoy particles, so that the security is ensured doubly, and the end-to-end privacy protection between a consumer and a data owner is realized.
(2) In order to solve the content aggregation security problem of distributed consumers and data owners, a quantum encryption-based distributed content privacy protection method, namely an aggregation protocol QPADC, is designed on the basis of a QCPE2C scheme, the protocol not only utilizes the isomorphism of Elgamal to support many-to-one secure aggregation shared content, but also ensures the integrity and privacy of the aggregated content, a BB84 key distribution protocol enables a cloud server and n +1 participants to share an n-bit key, a random decoy particle insertion method is used for converting the content into quantum encryption information for secure transmission, the consumers and the data owners obtain completely same content in 2 different places, and the security and the reliability of the content are ensured. The cloud server shares an n-bit key with each of the n data owners, and the cloud server shares an n-bit key with the consumers by using a BB84 protocol.
(3) The safety of the two schemes is proved from both theory and experiment and is deployed under the CCN network. Experiments show that compared with other classical CCN privacy protection schemes, the two schemes have better performance in privacy protection capability, cache hit rate and content retrieval delay, and are very suitable for privacy protection of a content center network.
The invention provides two quantum-based encryption schemes for CCN content and sharing: 1) a scheme QCPE2C specific to exchanging content between consumers and data owners using quantum encryption; 2) a quantum encryption based distributed content privacy protection aggregation protocol QPADC. The QCPE2C scheme can ensure the confidentiality of the exchange of sensitive contents between a publisher and a user by utilizing the true randomness and the irreproducibility of the quantum key; the QPADC performs secure aggregation on distributed contents on the premise of unconditional security based on a quantum key, and can resist various network attacks. Finally, security analysis and performance tests on the proposed scheme show that the proposed encryption protocol can be effectively executed without revealing any private information, cache hit rate and content retrieval delay are improved, and content can be safely shared and aggregated.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a block diagram of a content-centric network according to the present invention.
Fig. 2 is a flow chart of the BB84 key agreement protocol of the present invention.
Fig. 3 is a block diagram of the QCPE2C protocol according to the present invention.
Fig. 4 is a schematic diagram of the exchange of content between a data publisher and a consumer using the QCPE2C protocol in accordance with the present invention.
Fig. 5 shows a ciphertext transmission process according to the present invention.
Fig. 6 is a simulated network topology of the present invention.
FIG. 7 is a graph comparing risk factors for privacy disclosure in accordance with aspects of the invention and other aspects
FIG. 8 is a graph comparing cache hit rates according to the present invention and other embodiments
Fig. 9 shows the present invention, wherein (a) is the content retrieval delay of Bernardini scheme, (b) is the content retrieval delay of Feng scheme, (c) is the content retrieval delay of CPE2C protocol, and (d) is the content retrieval delay of QPADC.
Fig. 10 is a flow chart of the QCPE2C protocol according to the present invention.
FIG. 11 is a flow chart of the QPADC protocol of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without inventive effort based on the embodiments of the present invention, are within the scope of the present invention.
Quantum cryptography was first proposed by the Brassard and Benett in the 70's of the 20 th century. In quantum cryptography, the most prominent feature is that these indivisible quantum and entangled states are directly constrained by quantum mechanics. Therefore, some fundamental theories in quantum mechanics play a crucial role in the field of quantum cryptography, including:
(1) to obtain information from the code in non-orthogonal quantum states, it is not possible to perturb these states;
(2) the momentum and displacement of a particle cannot be determined simultaneously no matter how accurate the measurement is (heisenberg uncertainty principle);
(3) the polarization state of a single photon cannot be measured simultaneously using 2 different orthogonal bases, namely a vertical-horizontal linear measurement base and a 45-diagonal rotation measurement base, and only one of the two bases can be selected for measurement;
(4) an unknown quantum state cannot be completely copied.
Quantum key distribution, which is one of the branches of quantum cryptography studied most extensively today, is a methodology for generating and distributing random one-time keys based on the fundamental principles of quantum theory. These keys are secure from eavesdropping or interference during transmission from the sender to the receiver without leaving traces. It is because of these fundamental principles that a third party in the process of detecting a quantum system will change the quantum state of the system and cannot completely restore the previous state. Quantum key distribution is used only for transport keys and not for the encryption algorithm itself. Nevertheless, it provides a feasible solution to the problem of generation and distribution of longer and longer keys, and the transmitted keys can be used in general encryption algorithms.
The means for encrypting data by some special characteristics of quantum are called quantum encryption. The security of quantum cryptography is based on some characteristics of quantum physics, and important characteristics of quantum include quantum inaccuracy principle and quantum unclonable principle.
(1) Quantum inaccuracy characteristic: when the system is in the eigenstate of the mechanical quantity A, if the mechanical quantity A is measured, an exact value can be obtained, and the fluctuation can not occur. If another mechanical quantity B is measured in this eigenstate of the mechanical quantity a, an exact value is not necessarily obtained.
Proof 1: suppose that
Figure BDA0003160210970000091
And
Figure BDA0003160210970000092
respectively, are operators representing two arbitrary mechanical quantities A and B, to
Figure BDA0003160210970000093
As an example, operators
Figure BDA0003160210970000094
Satisfy the equation
Figure BDA0003160210970000095
In the formula, x represents all variables, and the integration range is the entire region where all variables change. Phi and phi denote hermitian operators.
Is provided with
Figure BDA0003160210970000096
And
Figure BDA0003160210970000097
are respectively as
Figure BDA0003160210970000098
And
Figure BDA0003160210970000099
(hermitian) average value in ψ, order
Figure BDA00031602109700000910
Consider the following integral inequality
Figure BDA00031602109700000911
In the formula, psi is any wave function in the system, xi is any real parameter, the integral area is the whole space of variable change, I (xi) is any real parameter, I Hermite operator and tau wave function. The square term in the integral is expanded to:
Figure BDA00031602109700000912
according to
Figure BDA00031602109700000913
And
Figure BDA00031602109700000914
characteristics of hermitian, the above equationThe method comprises the following steps:
Figure BDA00031602109700000915
because of the fact that
Figure BDA00031602109700000916
(
Figure BDA00031602109700000917
And
Figure BDA00031602109700000918
not relatively easy), the integral inequality finally changes into:
Figure BDA00031602109700000919
wherein k is,
Figure BDA00031602109700000920
Are all hermitian operators.
According to the theory of unitary quadratic equations, the inequality holds if the coefficients satisfy the following relationship:
Figure BDA00031602109700000921
due to the fact that
Figure BDA00031602109700000922
And
Figure BDA00031602109700000923
is not easy, k is a non-zero real number, therefore
Figure BDA00031602109700000924
And
Figure BDA00031602109700000925
do not simultaneously become zeroDecrease of
Figure BDA00031602109700000926
Means that
Figure BDA00031602109700000927
An increase in the amount of force a, i.e. an accuracy of the mechanical quantity a, will lead to inaccuracies in the measurement of the mechanical quantity B.
Certificate completed!
(2) Quantum unclonable properties. There is no device that can be accurately replicated for each quantum state of a given system. Any physical means cannot accurately reproduce the unknown quantum state, otherwise the quantum superposition principle is violated.
Proof 2: two states are assumed to be linearly independent for a given system: phi1>And | ψ2>Making an exact copy, the state of the device before copying being | A>The replication process can be expressed as
Figure BDA00031602109700000928
Since the evolution of the states is linear, when the device acts on a state of | S>=α|ψ1>+β|ψ2>(α ≠ 0, β ≠ 0) the post-process evolution is: | A>ψ>=|A>(α|ψ1>+β|ψ2>)→α|Aψ1>|ψ1>|ψ1>+β|Aψ2>|ψ2>|ψ2>;
a) If | A>|ψ1>≠|A>|ψ2>The right side of the formula (1) is an entangled state of the device and the two systems, and the independent state of the two systems does not exist;
b) if | A>|ψ1>≠|A>|ψ2>The right side of the formula (1) is | A ψ1>(α|ψ1>|ψ1>+β|ψ2>|ψ2>) The device is no longer entangled with the two states, however the two system states α | ψ1>|ψ1>+β|ψ2>|ψ2>Still in an entangled state, there is no individual state for each system.
c) Whether or not | A>|ψ1>And | A>|ψ2>Whether or not they are equal, the right side of equation (1) is not for | ψ>State | ψ to be generated for precision reproduction>|ψ>(direct integration state).
The device cannot be copied for state | ψ >. Certificate completed!
Quantum Key Distribution (QKD) is used only to generate and distribute keys without transporting any communication information. These keys are used to assist the selected encryption algorithm in encrypting and decrypting the information before it can be transmitted over the channel. To solve the key management problem in classical cryptography, quantum cryptography researchers have proposed the first key distribution protocol in quantum cryptography, the BB84 protocol.
The BB84 protocol is the first key distribution protocol in quantum cryptography, proposed by Bennett and Brassard in 1984, and is one of the most used and experimented quantum key distribution schemes. In the BB84 protocol, binary information is conveyed using different polarization states of single photons. Each photon has a polarization direction, i.e. the oscillation direction of the electric field, and there are two important polarization types for photons: linear polarization and circular polarization. The fundamental principle of the method is that any unknown quantum state cannot be accurately measured based on the quantum inaccuracy characteristic, and any measurement of the unknown quantum state influences the state of a photon, so that the BB84 protocol can detect the existence of an eavesdropper based on the point. And, its great advantage is that it proves unconditionally safe, its quantum signal preparation and measurement are relatively easy. As shown in fig. 2, the procedure for distributing keys by the BB84 protocol is described as follows:
1) sender Alice randomly generates a set of binary sequences SA. Assume that the sequence is 8 bits, with a value of [01100101 ]]。
2) The sender Alice generates another random sequence M with the same lengthAAs a transmission base sequence, the value is [10111100 ]]. From these two sequences, the modulation produces 8 photons. How to modulate the state of each photon is determined according to the relationship in table 1.
TABLE 1BB84 protocol for modulating photon states and sequences SA、MAPair ofRelationship of stress
Figure BDA0003160210970000101
3) The receiver Bob generates a set of 8-bit binary sequence random sequences to select the measurement basis 00101010]Assumed to be called measurement basis sequence MB. The measurement basis is selected according to the relationship of table 2 and the receiver Bob performs the measurement on the particles.
TABLE 2 selection of Bob measurement bases
Figure BDA0003160210970000102
4) The receiver Bob informs the sender Alice of the selected measurement base sequence M through a classical channelB. Sender Alice compares measurement base sequences MBTransmission base sequence M reserved for herselfAAnd informs the recipient Bob which of the correct measurement bases to use. And the sender Alice and the receiver Bob respectively store the measurement results of the correct measurement bases and abandon the measurement results of the wrong measurement bases. And judging whether an attack exists according to the error rate of the selected measurement base sequence, and if the attack exists, stopping the protocol.
5) The sender Alice and the receiver Bob encode the quantum states into binary bits in the following manner, and obtain the original secret key. I.e. -and/or represents 0, | and \ represent 1.
6) Finally, the sender Alice and the receiver Bob obtain the same key sequence kAAnd kB
The ElGamal algorithm is a common encryption algorithm, and the security of the algorithm depends on the difficulty of calculating discrete logarithms in a finite field. In the encryption process, the length of the generated ciphertext is twice that of the plaintext, and a random number K is generated in the ciphertext after each encryption. The cryptosystem of the ElGamal algorithm is described as follows:
(1) and (3) key generation: safely selecting a large prime number p, requiring p-1 to have a large prime number factor, and finding out a primitive element of modulo p
Figure BDA0003160210970000111
Randomly generating an integer a (1)<a<p-2), calculating: beta-alphaa. Wherein the content of the first and second substances,
Figure BDA0003160210970000112
is a finite field with p elements and is a multiplication group formed by non-zero elements.
(2) And (3) encryption process: selecting a secret random integer x, and calculating a ciphertext c ═ A, B ═ alpha for a plaintext message mx,mβx). Wherein 1 is<x<p-1. A and B are two parameters of the encrypted ciphertext respectively. A and B represent ciphertext generated after being encrypted by an ELGmal algorithm, and A and B form the ciphertext.
(3) And (3) decryption process: for ciphertext c, compute message m ═ B (a)a)-1. Both α and β are secret parameters encrypted into a ciphertext c, and are elements that constitute a public key and a private key.
The encryption process of the ElGamal algorithm needs two times of modular exponential operation and one time of modular multiplication operation, and the decryption process needs the modular exponential operation and the modular multiplication product operation once respectively (the inversion operation is ignored). Each encryption operation needs to select a random number, so that the ciphertext depends on the plaintext and the selected random number, and the ciphertexts generated at different times are different for the same plaintext. In addition, encryption by the ElGamal algorithm spreads the message twice, i.e., the length of the ciphertext is twice that of the corresponding plaintext.
Homomorphism of the ElGamal algorithm: for plaintext m1,m2After encryption, we can get:
Figure BDA0003160210970000113
where D (,) represents a decryption operation and E () represents an encryption operation.
The invention mainly constructs a privacy protection method in the CCN, which is used for exchanging contents and safely aggregating the encrypted contents in the CCN. End-to-end user privacy for other users and service providers is achieved while sharing content over the CCN. Furthermore, the service provider cannot retain any private content while performing secure aggregation on the encrypted content. The invention provides two privacy protection protocols under different scenes: first, a consumer and a publisher exchange content in encrypted form; the second is the exchange of encrypted content between more than two users. Privacy analysis shows that the protocol can realize user privacy while exchanging and aggregating CCN encrypted content.
In this usage scenario, QCPE2C and QPADC protocols involve the following entities in addition to the physical entities used for communication:
(1) content: objects delivered and cached by the network include files, videos, and the like. More importantly, according to the model of the present invention, data owners are reluctant to publicly share, assuming that the content is privacy sensitive.
(2) Data owner: the long-term stored content object serves the user as an entity, i.e. the content owner, who serves a specific content request.
(3) The consumer: the user, who is authorized to request the content object, may also be a consumer.
(4) Caching nodes: routers and switches in the CCN network, which have cache resources, may cache entire content objects or certain content fragments.
(5) Homomorphic cloud servers: on the basis of having all functions of a common cloud server, the method has certain aggregation processing capacity, and can quickly aggregate ciphertext by using the advantages of cloud computing.
(6) POVM (generalized Quantum measurement Instrument) Server: the correct measurement results of the measurement bases are transmitted and received using positive operator value measures, also referred to as generalized observables, in the measurement bases.
As shown in FIG. 3, the present invention assumes that there are multiple data owners and consumers communicating and exchanging their confidential content through the CCN. All participants have the right to generate a key pair based on the Elgamal encryption algorithm and publish the public key to the network. Multiple publishers encrypt their content and return an aggregate ciphertext to the consumer. In the process, in addition to classical ELGamal homomorphic encryption, in order to ensure the unconditional security of a transmission channel, a Cloud Server (CS) shares an n-bit key with n data owners respectively through a BB84 key negotiation protocol in advance, and converts content into quantum encryption information for safe transmission by using a method of randomly inserting decoy particles, so that consumers and data owners obtain completely same randomly ordered bit streams at 2 different places, and the integrity and uniqueness of the content are ensured.
In the QCPE2C protocol, the main objective is not only to protect the content privacy for transmission over insecure channels, but also to prevent an attacker from detecting the response time of a neighboring node (a neighbor refers to a consumer connected to a CCN router) to the content, and thus from invading the privacy of the neighboring user. This protocol supports one-to-one sharing of content. It is assumed that the content to be shared by the protocol is sensitive and is transmitted over a quantum encrypted channel in the CCN. The secret key is safe in the transmission process from the sender to the receiver and cannot be intercepted or interfered without leaving traces, so that a third party can change the quantum state of the system and cannot be completely restored to the previous state in the process of detecting the quantum system.
Although CCNs are currently being designed to work, they still present challenges to the privacy of the content itself. Fig. 4 shows the exchange of content between a data publisher and a consumer using the QCPE2C protocol, with the various graphs in fig. 4 representing photons. The QCPE2C protocol primarily uses quantum encryption based on the BB84 protocol to protect content when shared between consumers and data owners. On one hand, the protocol can realize unconditional and safe communication by using a quantum channel, and ensure the content distribution safety of the CCN by using the true randomness and the non-replicability of a quantum key. On the other hand, the protocol carries out eavesdropping detection by a method of randomly inserting decoy particles, and then carries out secondary detection eavesdropping, so that the security of the protocol is ensured doubly. In the QCPE2C protocol, there are two roles, a consumer Alice and a data owner Bob, respectively. And the protocol includes four components: an initialization phase, a quantum key agreement phase, an encryption phase and a decryption phase, as shown in fig. 10.
The invention uses ELGAGAMMA algorithm to encrypt and aggregate classical ciphertext: generating a master public key according to public and private key pairs generated by all participants, generating a ciphertext according to plaintext information of each participant and the master public key, sending the ciphertext to a cloud server, aggregating according to the ciphertext to obtain an aggregated ciphertext, and generating a classic message to be shared according to the aggregated ciphertext; a quantum encryption stage: in all interaction processes with the cloud server, a data owner carries out negotiation and sharing of a key with the cloud server through a BB84 key negotiation protocol, and each data owner encrypts quantum information through the quantum information. In addition, the invention also detects the wiretapping behavior by a method of randomly inserting decoy particles, so that the security of the wiretapping behavior has double guarantees. Based on the privacy protection method of the content exchanged between the consumers and the data owners of quantum double encryption, the classical message or the quantum message to be shared is encrypted; and a quantum decryption stage: according to the quantum ciphertext received by the consumer, the cloud server firstly forwards the position and the state of the decoy particles in each ciphertext of the consumer, and then the consumer removes the decoy particles and decrypts the quantum ciphertext to obtain the quantum message. And finally, the consumer restores the classical message from the comparison of the quantum message and the classical message.
1) An initialization stage:
(1) the data owner changes the classic message M to be shared into M1||M2||…||MnConversion into quantum message | S>=|S1>|S2>…|Sn>The following operations are required: mt=0=|St>=|0>,Mt=1=|St>=|1>;
Wherein the classical message M t0,1, quantum message | St>={|0>,|1>},t=1,2,…,n。
2) And a key negotiation stage:
(2) data owner and consumer share n-bit key through BB84 key protocol
Figure BDA0003160210970000121
Wherein the content of the first and second substances,
Figure BDA0003160210970000122
is shown ast keys.
3) Quantum encryption stage
(3) It is known that
Figure BDA0003160210970000131
Is a Hadamard gate, and the quantum operation gate satisfies H1=H,H0I, where I is a unit operator. The data owner, namely the data owner, utilizes the shared secret key pair quantum message | S obtained in the step (2)>=|S1>|S2>…|Sn>Carrying out the following encryption operation to obtain ciphertext information:
Figure BDA0003160210970000132
wherein, | St′>Representing the encrypted quantum cipher text parameters, the quantum gate H can also be regarded as a matrix calculation in the mathematical sense, H1=H,H0An identity matrix.
(4) Obtaining ciphertext | S 'from the previous step'>=|S1′>|S2′>…|Sn′>Then, randomly adding one piece of decoy particles into the ciphertext, and adding the decoy particles into the ciphertext to obtain the ciphertext
Figure BDA0003160210970000133
And sending the data to a homomorphic cloud server. The state of the decoy particles is { |0>,|1>,|+>,|->Any of these, l is typically chosen to be the length of the plaintext.
4) Quantum decryption stage
(5) The consumer receives the ciphertext transmitted by the homomorphic cloud server
Figure BDA0003160210970000134
Then, the data owner, namely the data owner shares the positions and the states of the one decoy particle with the cloud server, and then the consumer removes the decoy particle to obtain the quantum ciphertext | S'>。
(6) Consumer pair quantum ciphertext | ' S ' with shared Key '>The decryption is carried out by the following operations:
Figure BDA0003160210970000135
thereby obtaining a quantum message | S>=|S1>|S2>…|Sn>And then, restoring the classical message M by the comparison of the quantum message and the classical message, namely the comparison relation in the step (1).
The QPADC protocol is a distributed aggregation scheme based on quantum and Elgamal algorithm joint encryption for obtaining confidential content from various distributed publishers, with the main goal of protecting the privacy of each participant. Any user should not be able to learn anything about other users except his own content. Multiple data owners can prevent the cloud server from learning any intermediate computing results when the cloud server performs distributed aggregation. The QPADC protocol supports many-to-one aggregated shared content, assuming there are multiple data owners and consumers exchanging their confidential content through CCN communications; all participants have the right to generate a key pair based on an Elgamal encryption algorithm and issue a public key to the network; multiple data owners encrypt their content and return an aggregate ciphertext to the consumer. In the process, in addition to classical ELGamal homomorphic encryption, in order to ensure the unconditional security of a transmission channel, a Cloud Server (CS) shares an n-bit key with n data owners respectively through a BB84 key negotiation protocol in advance, content is converted into quantum encryption information by using a method of randomly inserting decoy particles for safe transmission, so that consumers and data owners obtain completely same randomly ordered bit streams at 2 different places, and the integrity and uniqueness of the content are ensured. As shown in fig. 11, the specific steps of the QPADC protocol are as follows:
1) ELGamal algorithm aggregation ciphertext stage
S1: the cloud server CS distributes identity identification IDs for n +1 participants so as to facilitate identity identification of the cloud service, and the n +1 participants respectively run a distributed key generation algorithm to generate public and private key pairs. The n +1 participants include n data owners and 1 consumer.
(PK1,SK1),(PK2,SK2),…,(PKn,SKn),(PKn+1,SKn+1)
Wherein the public and private key pair of the ith participant is
Figure BDA0003160210970000136
The distributed key generation algorithm is: each data owner separately calculates
Figure BDA0003160210970000137
And sending the hidden private key to the consumer, and decrypting the content by using the private key of the consumer. SKiIs the private key, PK, of the ith participantiIs the public key of the ith participant and G denotes the generator on the cyclic group G.
S2: the n +1 participants share their respective public keys PK1,PK2,...,PKn,PKn+1Is sent to the cloud server CS for use in generating the master public key PK. The generation process of the master public key PK is as follows:
Figure BDA0003160210970000141
let main private key SK be SK1+SK2+…+SKn+SKn+1If the master public key PK is equal to gSK
S3: the cloud server CS sends the master public key PK to n +1 participants for encrypting contents, and the participants generate a ciphertext by using the master public key PK:
Figure BDA0003160210970000142
wherein r is1,r2,r3,…,rn,rn+1Respectively n +1 random numbers, m, randomly selected by the participants1,m2,m3,…,mnRespectively, the plaintext of n data owners. A and B represent ciphertext generated after ELGmal encryption, the ciphertext has two parameters of A and B, and A and B form the ciphertext.
S4: n +1 participants respectively transmit the ciphertext (A)1,B1),(A2,B2),…,(An,Bn),(An+1,Bn+1) And sending the data to the cloud server CS.
After the n +1 participants release the ciphertext to the cloud server CS, the cloud server CS aggregates the ciphertext contents of the n +1 participants:
Figure BDA0003160210970000143
s5: the cloud server CS runs a protocol of hidden keys together with the participants: the cloud server issues an aggregated ciphertext B to all data owners, and all data owners calculate the ciphertext:
Figure BDA0003160210970000144
i.e. therein
Figure BDA0003160210970000145
2) Quantum cryptography stage, as shown in FIG. 5
(1) The cloud server CS and the n data owners share an n-bit key through the BB84 key agreement protocol, respectively, wherein the key shared by the ith data owner and the cloud server CS through the BB84 key agreement protocol is:
Figure BDA0003160210970000146
next, quantum encryption is performed by taking the i-th data owner as an example.
(2) Classic message to be shared
Figure BDA0003160210970000147
Conversion to quantum message | Q>i=|Q1>i|Q2>i…|Qn>iThe following operations are required:
Figure BDA0003160210970000151
Figure BDA0003160210970000152
Figure BDA0003160210970000153
Figure BDA0003160210970000154
wherein the classical message
Figure BDA0003160210970000155
Quantum message | Qt>={|0>,|1>,|+>,|->1,2, …, n. I stands for AND operation, SKiRepresenting the private key of participant i.
(3) Ith data owner vs. quantum message | Q>i=|Q1>i|Q2>i…|Qn>iThe following encryption operations are performed:
Figure BDA0003160210970000156
wherein t, j is 1,2, …, n.
(4) Obtaining ciphertext | Q 'from the previous step'>i=|Q1′>i|Q2′>i…|Qn′>iAnd the ith data owner randomly adds l decoy particles (the state of the decoy particles is { | 0)>,|1>,|+>,|->Any one of them), the ciphertext after adding the decoy particles is
Figure BDA0003160210970000157
And will encrypt the text
Figure BDA0003160210970000158
And sending the data to the cloud server CS.
(5) Cloud server CS receives ciphertext
Figure BDA0003160210970000159
Then, the ith data owner tells the cloud server the positions and states of the l decoy particles, and then the cloud server removes the decoy particles to obtain a quantum ciphertext | Q'>i
(6) Cloud server then pairs quantum ciphertext | Q'>iThe decryption is carried out by the following operations:
Figure BDA00031602109700001510
thereby obtaining quantum message | Q>i=|Q1>i|Q2>i…|Qn>i. And then the classical message is recovered by the comparison of the quantum message and the classical message in the step (2)
Figure BDA00031602109700001511
The quantum encryption process of the ith data owner and the cloud server is finished, other data owners carry out quantum encryption communication with the cloud server according to the step, and the cloud server can obtain classical information of the data owners
Figure BDA00031602109700001512
(7) The cloud server CS shares an n-bit key with the consumer through BB84 key agreement protocol
Figure BDA00031602109700001513
(8) Classic data owner message is sent by cloud server
Figure BDA00031602109700001514
Respectively converting into quantum messages according to the method of the step (2), and also using the classical message of the ith data owner
Figure BDA00031602109700001515
For example, the quantum message after conversion is | Q>i=|Q1>i|Q2>i…|Qn>i
(9) Cloud server CS uses a secret key K shared with a consumer in advancen+1For quantum message | Q>i=|Q1>i|Q2>i…|Qn>iThe following encryption operations are performed:
Figure BDA0003160210970000161
wherein j is 1,2, …, n. B istAnd QtAll for describing the conversion relationship from classical information to quantum information.
(10) The ciphertext | Q ″' can be obtained from the previous step>i=|Q1″>i|Q2″>i…|Qn″>iAnd the ith data owner randomly adds l decoy particles (the state of the decoy particles is { | 0)>,|1>,|+>,|->Any one of them), the ciphertext after adding the decoy particles is
Figure BDA0003160210970000162
Likewise, the cloud server CS pairs all classical messages
Figure BDA0003160210970000163
All perform the same operation to obtain the ciphertext
Figure BDA0003160210970000164
And sent to the consumer.
(11) The consumer receives the ciphertext
Figure BDA0003160210970000165
Then, the cloud server CS tells the position and the state of the decoy particles in each ciphertext of the consumer, and the consumer removes the decoy particles to obtain the quantum ciphertext { | Q ″>1,|Q″>2,…,|Q″>n}。
(12) The consumer then checks the quantum ciphertext { | Q ″)>1,|Q″>2,…,|Q″>nThe decryption is carried out by the following steps:
Figure BDA0003160210970000166
thereby obtaining quantum message | Q>={|Q>i,|Q>i,…,|Q>i}. And then the classical message is recovered by the comparison of the quantum message and the classical message in the step (2)
Figure BDA0003160210970000167
The decryption process of the step (6) uses a key between the data owner and the cloud server, and the decryption uses a key shared between the cloud server and the consumer.
3) Quantum decryption stage
Consumer computing message
Figure BDA0003160210970000168
And a distributed decryption algorithm is carried out to recover the classical message:
Figure BDA0003160210970000169
wherein A is a ciphertext parameter encrypted by an ELGmal algorithm, and m is1、m2、mnThe plaintext of each data owner is represented separately.
The security of the QCPE2C and QPADC protocols mentioned in the invention is proved from the aspects of classical encryption and quantum encryption respectively. In terms of classical encryption security, the QPADC protocol is mainly analyzed because it includes classical encryption and quantum encryption. ELGamal homomorphic encryption is utilized to guarantee the security of data owners when aggregating contents, so that QPADC has the capability of resisting collusion attack. But also can prevent the group malicious members in the system from utilizing the partial secret key of the group malicious members to obtain the partnerAnd secret parameters in the system further impersonate other legal members in the group to perform access control. In the operation process, no information is leaked to any party, and the cloud server does not know the original content and only knows the ciphertext. In the aspect of quantum encryption security, a privacy protection encryption protocol QCPE2C based on a BB84 key protocol is firstly constructed and used for one-to-one content sharing in a system. Secondly, a content privacy protection aggregation protocol (QPADC) is constructed on the basis of QCPE2C protocol security, and classical messages are transmitted
Figure BDA0003160210970000175
Process for sending to cloud server and method for cloud server to have n data owners
Figure BDA0003160210970000174
The process of transmitting the aggregated key to the consumer is subjected to n +1 times of quantum encryption, unconditional security during key transmission is guaranteed, and eavesdropping attack and denial attack can be resisted.
The ElGamal encryption is adopted to protect the privacy of the data owner for publishing the aggregated content and prevent an attacker from speculating the privacy of the user through the aggregated content. Aiming at external data packet and interest packet monitoring and internal personnel snooping user privacy attacks, the following aspects are mainly analyzed:
1) network attacks such as collusion attacks may exist in the system, and when the system is completely attacked, key parameters of the scheme can be revealed.
2) The third party's cloud is an untrusted third party where the deposited information may be obtained by an attacker.
3) There is an untrusted channel between the user and the cache router, which may be eavesdropped.
Any participant in the QPADC needs to participate in generating the master public key, and the data owner must also participate in generating the master public key for decryption. Thus, if at least one user is honest, other users cannot collude to decrypt the content. In particular, all participants must generate the master public key at an initial stage
Figure BDA0003160210970000171
Wherein SKiIs a shard of the private key held by the owner of the data, so that the encrypted information can only be decrypted if all participants collaborate. In addition, the scheme only lets n +1 participants externally publish encryption information in the calculation process (A)i,Bi) I 1.. n +1, the value of the encryption information is a pair of random numbers, and only classical messages are published to the outside in the decryption process
Figure BDA0003160210970000172
In the protocol implementation, if there is no participation of n +1 participants, the aggregated content cannot be decrypted, so the content is completely confidential.
An attacker attacking the cloud server can protect the privacy of the user. After an attacker breaks down the cloud server, only the aggregated data of the cloud end can be obtained, the specific data of each data owner cannot be obtained, and the privacy of each data owner can be protected. User privacy may also be protected if the attacker is an insider. After an attacker attacks the cache router, the attacker still cannot obtain specific data of each data owner because the cache router only has the encrypted information and the aggregated decrypted information of the data owners in the neighborhood. If the attacker pretends to be a legal consumer to use the interest package to request the content, each data owner can authenticate with the system after completing the content request, and the signatures in the interest package and the data package are adopted to identify which are legal neighbor consumers and which are attackers.
When any data owner and consumer are changed into a malicious user by an attacker, the safety of other users is not affected. In this scenario, an attacker obtains a private key and a public key of a malicious node and a public key of a neighborhood, and the data of the participant is shared by the attacker, but since the private key of each participant is different, the attacker can only obtain the data of the participant, and since the private keys of other users in the neighborhood are not obtained by the attacker, the relevant data of the other users are safe. Moreover, the attacker needs to solve the discrete logarithm problem in the finite field, which is mathematically impossible.
In the QCPE2C protocol, the key is distributed by using a very classic key distribution protocol BB84 protocol in quantum cryptography, and the basic principle is that any unknown quantum state cannot be accurately measured based on the quantum inaccuracy characteristic, and any measurement on the unknown quantum state affects the state of photons, so that the BB84 protocol can detect the existence of an eavesdropper.
Specifically, during the key distribution process of the QCPE2C protocol, if the key is not intercepted, the two parties will use the key KDCThis is of course absolutely secure as a key for this communication.
During the communication between the data owner and the consumer, it is assumed that an eavesdropper performs a measurement replay attack on photons. Because two measurement bases are used in the communication process, according to the principle of inaccurate measurement, the probability that a consumer and an eavesdropper can correctly measure the binary bit sent by a data owner in the result retained after the measurement bases are screened is maximum
Figure BDA0003160210970000173
That is, when the measurement basis is selected, the probability of correct measurement is 1, and when the measurement basis is selected incorrectly, the probability of correct measurement is
Figure BDA0003160210970000181
In this case, the error rate after the consumer sifts through the information should be
Figure BDA0003160210970000182
If the eavesdropper eavesdrops with a probability p, i.e. the probability that a photon is intercepted by the eavesdropper is p, or the number of intercepted photons is p of the total number of photons. If p is 1, it means that each photon is intercepted by an eavesdropper. At this time, due to the interference of the eavesdropper, the quantum bit error rate of the consumer becomes:
Figure BDA0003160210970000183
according to the principles of inaccuracy in physics, etcThe basic regular eavesdropping behavior ensures the error rate of the information screened by the consumer
Figure BDA0003160210970000184
Become into
Figure BDA0003160210970000185
In this case, both the communication parties can find out whether an eavesdropper exists or not by analyzing the error rate.
In conclusion, the BB84 key distribution protocol can detect the existence of eavesdroppers, and ensure the absolute security of key distribution in the QCPE2C protocol.
For an eavesdropper in the message sharing process, even if it can fortunately intercept the quantum message in the quantum channel
Figure BDA0003160210970000186
It also cannot measure the exact state of the quantum information it intercepts.
In the QCPE2C protocol, the quantum information to be communicated actually has n + l bits, the probability of correct measurement when an eavesdropper selects a measurement base is 1, and the probability of correct measurement when an incorrect measurement base is selected is 1
Figure BDA0003160210970000187
In the case of (2), the probability that the eavesdropper can measure all the intercepted n + l bit quantum information correctly is
Figure BDA0003160210970000188
When n is large, the probability that an eavesdropper can measure the correct quantum information state is almost close to 0. Therefore, even if the quantum information in the quantum channel is intercepted by an eavesdropper, he is almost impossible to obtain any useful information from it.
Moreover, when an eavesdropper attempts to measure the quantum information intercepted by the eavesdropper with the self-guessed measurement basis, the probability of choosing the wrong measurement basis is
Figure BDA0003160210970000189
Once eavesdropper hasWhen the wrong measuring base is used for measurement, the state of the quantum information is collapsed, and the existence of an eavesdropper can be found by a consumer. In summary, the QCPE2C protocol is secure against eavesdropping attacks.
In the QCPE2C protocol, the data owner cannot deny that the consumer obtained the data from himself. Because a string of keys is shared between the data owner and the consumer during the key distribution phase
Figure BDA00031602109700001810
And in the certification of the signature, the key is also proved to be absolutely safe and cannot be obtained by any eavesdropper. Therefore, the consumer will use the key after receiving the quantum cipher text
Figure BDA00031602109700001811
Carrying out decryption operation to obtain a message M ═ M1||M2||…||Mn. Since no third person other than them knows the key
Figure BDA00031602109700001812
Consumers can think of quantum messages
Figure BDA00031602109700001813
Or a classical message M ═ M1||M2||…||MnMust be from the data owner.
The efficiencies of QCPE2C and QPADC referred to in the present invention are demonstrated primarily from both classical and quantum cryptography. In quantum terms, we firstly introduce the quantum bit efficiency to mainly analyze the quantum encryption efficiency of QCSE2C, and both QCSP2C and QPADC mainly use the BB84 protocol in quantum encryption, so that the quantum bit efficiency of the BB84 protocol is mainly analyzed. In the aspect of classical cryptography, two classical contents are selected as references, and the proposed QPADC scheme is compared in terms of time complexity, communication overhead, functionality and the like to verify the performance of the QPADC scheme. When measuring performance, the size of each cipher text and each key is considered to be l-1024 bits, e represents exponential operation, and h represents exponential operationaIndicating homomorphic add operationsBy, mul denotes a modular multiplication operation. The data owner encrypts the own content in parallel, and the total number of the ciphertext of all the content is n.
Qubit efficiency is a well-known indicator of the efficiency of secure quantum communication. Equation for quantum communication efficiency defined by Canello
Figure BDA0003160210970000191
Is shown in which bsIs the total number of bits of the transmitted information, qtIs the number of quantum bits exchanged in the protocol (the qubits used to check for eavesdropping do not count in), btIs the number of classical bits exchanged for decoding the message (classical bits used for eavesdropping checking are not counted).
As can be seen from the BB84 protocol, the bit strings in step 2) and step 3) are randomly selected and have the probability of
Figure BDA0003160210970000192
And because the data owner and the consumer are independent of each other
Figure BDA0003160210970000193
Generating respective base strings sharing a classical message of n-bit and quantum information of n + l bit, wherein the quantum information of l bit is used for detecting eavesdropping, so that the probability that the data bit string received by a consumer and the data bit string of a data owner are only the probability without eavesdropping
Figure BDA0003160210970000194
Thus in the quantum channel, bt=bs=qt=n=bs=qtN. The efficiency of the QCPE2C protocol is
Figure BDA0003160210970000195
Table 3 shows the computational cost of all methods, whose execution time is mainly spent on exponential operations, homomorphic encryption and multiplication operations, where exponential operations and homomorphic addition operations are most costly. Thus, two operations are analyzedThe QPADC protocol was evaluated. Obviously, the protocol of the present invention is less computationally intensive than the Bernardini scheme and the Feng scheme. Specifically, the working principle of the QPADC protocol is mainly completed by a distributed EIGamal-based algorithm in encryption, except for a key generation and decryption part, in which all data owners encrypt their own contents in parallel by using a master public key, and the total number of ciphertexts sending all contents is n. Therefore, in terms of computational overhead, the data owner needs to compute the overhead of 4 e. The Bernardini scheme requires more exponential operations in an encryption phase, and particularly, transmission, conversion and storage of contents in a protocol are completed by a cloud server, and a new proxy key needs to be generated each time. The Feng scheme is not as far as the QPADC protocol in terms of computation overhead, and the data owner also hides the private key and additionally adds an exponent (e) operation. In addition, the cloud server also performs n-1 homomorphic addition to compose a single key, which also requires (n-1) e-operations to decrypt. Fortunately, most of the operations consuming the traffic are undertaken by the cloud server, and under the same condition, the private key can be calculated and generated at the same time, so that the time and the expense are saved. During decryption, the consumer only needs to perform discrete logarithm operations to recover the content, which also requires
Figure BDA0003160210970000196
E operation to decrypt. QPADC protocol requires in total in the classical part
Figure BDA0003160210970000197
And second.
TABLE 3 computational complexity contrast
Figure BDA0003160210970000198
Table 4 shows the communication costs for all comparison protocols, including the public key PK length, the master key MK length, the ciphertext CT length, and the private key SK length.
TABLE 4 communication overhead comparison
Figure BDA0003160210970000199
Compared with the public key length, the user decryption key length, the master key length and the ciphertext length of other protocols, the protocol of the invention is more optimized in terms of communication load. The public key length of QPADC is shortened by n group element sizes compared to Bernardini scheme and by almost 3n length compared to Feng scheme. The length of the private key of the invention is only related to the number of users, while the length of the private key of the Bernardini scheme is related to the number of attributes in the system, and the number of the attributes of the system is far greater than the number of the attributes owned by the users, so the length of the private key is far greater than that of the private key of the invention. The length of the private key of the Feng scheme is a fixed value. The ciphertext length of the scheme of the invention is only related to the encryption times, the ciphertext is obtained by encrypting once, the length is far less than that of the Feng scheme, and the ciphertext length of the Feng scheme is nearly 2 times that of the invention and less than that of the Bernardin scheme.
To verify the performance of the proposed scheme, simulations of QCPE2C and QPADC were implemented on the NS-3 simulation platform, where the cryptographic operations and implementation by BB84 protocol were compared and analyzed mainly by calling three performance parameters, namely Cache Hit Ratio (CHR), privacy protection factor, and average request delay, inside the SimulaQron-based quantum encryption library.
The simulation topology adopts a network topology structure as shown in fig. 6, wherein there are 30 router nodes, each router node has the capacity of caching and routing forwarding content at the same time, and each router node has the same size of cache space; all 20 users are connected to one router node; a content source server CRS (corresponding to the content owner) is located in the center of the network, where a copy of all content is stored and is not permanently deleted. The parameters and their meanings mainly used in the simulation are shown in table 5.
TABLE 5 Main parameters and their meanings
Figure BDA0003160210970000201
Assume that there are 100 contents in the content source server CRS, each of which has a size of 1MB, and one content is composed of 1 chunk, i.e., N is 10000 and S is 1; the value of the cache space C of the router node is shown in table 5; the way cache probability of the strategy ProbC is 0.7, namely p is 0.7; the popularity of all content in the network, i.e. the probability that the content is accessed, follows a Zipf distribution with the parameter α ═ 1; selecting an LRU policy by a cache replacement policy of the router node; since the content access threshold T needs to be set according to the Zipf distribution and the total number of contents in the network, the content access amount threshold T is set to 400 here.
Quantum-related operations are mainly based on Python 3.8, where encryption operations and by BB84 protocol can be performed by calling libraries inside SimulaQron. SimulaQron is mainly a library set, and can realize storage and calculation of quanta.
It can be seen from a common privacy attack scenario that when a private key of a user is maliciously revealed, the probability that an attacker successfully acquires content is very high, and the CCN has a privacy disclosure risk. Therefore, in this part of the experiment, the cache privacy risk coefficient is introduced as an analysis index for evaluating the privacy protection effect of the QCPE2C and QPADC schemes. The cache privacy risk factor of a routing node may be expressed as: the attacker has a number of valid private keys in a single attack period. The privacy risk factor is calculated as follows: RCP ═ PS(k)TAWhere P issRepresents the number of successful attacks per unit time, T, of all nodesARepresents the attack period of the attacker, and k represents the number of private keys owned by the attacker. Assuming that the attack frequency of an attacker for attack is 100 times/s, the attack is mainly man-in-the-middle attack or other common attacks, and the attack probability of each type of content follows the Zipff distribution.
As shown in fig. 7, in the initial stage of the experiment, the privacy risk factor RCP values of all protocols are very close due to the fact that the experiment nodes and the cache contents in the network are not enough, and the one-to-one communication is adopted by both the consumers and the publishers. However, as nodes and cache contents are gradually increased, the RCP of the Bernardini scheme is significantly higher than other protocols. This is because an attacker can launch a denial or collusion attack, grasp the keys of all consumers, and illegally reveal them. Therefore, [1] extremely high privacy leakage risk, although the Feng scheme can improve the security by converting the key through the middleman, an attacker can acquire important parameters in a transmission channel in a way of hijacking and packet capturing. The protocol proposed by QCPE2C can make up for the deficiencies of Bernardini scheme and Feng scheme, but cannot guarantee the security of distributed aggregation, so that when the aggregation times of content are continuously increased, the risk of privacy disclosure also exists. The RCP of the QPADC protocol is minimal because it employs quantum cryptography and ELGamal homomorphic encryption mechanisms to secure the transport channel and key distribution, thereby rapidly reducing the RCP value.
Fig. 8 shows the average cache hit rate of each node during the entire CCN content sharing period, where the abscissa is the node number and the ordinate is the Cache Hit Rate (CHR). The Feng scheme has the lowest hit rate, because any content sharing in the protocol needs to be generated by the cooperation of a consumer and a data owner to generate a re-encryption key, when the content is requested by the consumer, the cache of the edge node is not hit, and the slave node fixedly and mechanically forwards the request to the consumer, so that the fixed consumer and the node perform further processing without utilizing the cache of the adjacent node. In addition, the consumer also serves the servers in the domain, which causes high frequency of content replacement update in the domain, resulting in increased cache miss probability and low cache hit rate. For the scheme proposed by the Bernardini scheme, since a third party is not used for processing shared content, a CCN flooding type all-way caching mode is adopted, a large amount of cache redundancy and high-frequency content replacement and updating are achieved, and the cache hit rate is not large compared with the QCSE2C due to the fact that the cache miss probability is increased. The protocol proposed by QCP2C uses BB84 protocol to distribute keys and encrypted contents, so that bandwidth resources consumed by interest packets and data packets on CCN are reduced, time is saved, and the average hit rate of nodes is improved along with the increase of nodes. The QPADC has the highest cache hit rate, because it not only has the advantages of QCPE2C, but also has the ability to share aggregated content securely in a distributed manner, so that the computation cost of each consumer and participant is not high, and the homomorphism does not hinder the normal cache decision, and does not increase the complexity of the system, which is more advantageous in practical applications.
Fig. 9 shows a comparison of the time spent in content retrieval for each scheme. In the initial stage of the experiment, the number of the nodes is increased continuously, the related information tables and caches in each scheme node are full gradually, and the time required for receiving and processing the content is increased gradually. However, as the experiment continues to run, the cache content with higher hit rate in the node will gradually replace the cache content with lower hit rate, and the time consumption for retrieving the content of each protocol will gradually decrease. However, for the Bernardini scheme, whether the content is popular or not, the third-party server controls the transmission of the content, the conversion and the storage are access structures finished by the semi-honest agent, and the consumer must receive the key of the agent to obtain the content. Therefore, the Bernardini scheme is not dominant in content retrieval latency, which is nearly 250 ms. In the other three protocols, in the face of such changes, the data owner encrypts the data packet to be distributed only once, so that the consumer can decrypt the content only by receiving the key, thereby bringing about less calculation cost and processing time. However, the Feng scheme depends on the overall performance of the CCN network, and when the edge node processes the data packet and the interest packet, the bandwidth resource and the processing time are consumed slightly, and the maximum delay reaches 200 ms. In QCPE2C, since the routing node needs to rely on the content transmission in quantum channels, and needs to negotiate and calculate the content, and needs to process the related quantum decryption operation in the single packet return process, it also causes slightly higher time consumption, but has certain advantages over the traditional channel transmission, and the maximum delay reaches 140 ms. The QPADC protocol adds a cloud server to process data based on the advantages of the QCPE2C protocol, and although the content data retrieval permission delay increases with the number of nodes, it always remains at a value below a second. When the node reaches 20, the content retrieval permission delay of the QPADC is almost stable and cannot be greatly increased, and the maximum delay reaches 120 ms. It is clear that QPADC can preserve data retrieval permission delay at a lower level and does not increase significantly with increasing network size.
The invention provides a privacy protection protocol based on quantum cryptography, which is used for exchanging contents and safely aggregating the encrypted contents in a CCN. When CCN exchanges content end to end, the key distribution problem of a classical channel is solved by utilizing a BB 84-based protocol, and eavesdropping detection is carried out, so that the scheme has double-layer protection, and unconditional safety of the content during transmission is realized. In addition, when the security aggregation is performed on the encrypted content, the ELGamal homomorphic encryption and the quantum encryption are mainly utilized, attacks such as collusion of attackers are prevented, the privacy of the user is prevented from being inferred by aggregating the content, and the cloud service provider does not keep any private content. Theoretical and practical safety and efficiency analysis shows that compared with other CCN content sharing protocols, the CCN content sharing protocol has higher cache hit rate, lower cache privacy risk and content retrieval delay on the premise of ensuring the user privacy in the CCN system.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (10)

1. A content-centric network privacy protection method based on quantum is characterized by comprising the following steps:
the method comprises the following steps: encrypting and aggregating the classical ciphertext using the ELGamal algorithm: all participants including data owners and consumers generate public and private key pairs respectively and send the public and private key pairs to a cloud server, the cloud server aggregates all public keys to generate a master public key and distributes the master public key to all participants, the participants generate ciphertexts according to respective plaintext information and the master public key and send the ciphertexts to the cloud server, and the cloud server aggregates the ciphertexts received from all the participants to obtain an aggregated ciphertext;
step two: a quantum encryption stage: in the process of interacting between a participant and a cloud server, the participant firstly converts classical information to be sent into quantum information, then the cloud server and a data owner share a key I through a BB84 key negotiation protocol, and the data owner encrypts the quantum information into a quantum ciphertext by using the key I; finally, the data owner detects the eavesdropping behavior by randomly inserting decoy particles, so that the security of the data owner is ensured to be double-guaranteed; the cloud server communicates with each data owner, and the privacy protection method for the content exchange between the consumers and the data owners based on quantum double encryption encrypts the classic messages to be shared by using the secret key I;
the cloud server and the consumer share a key II through a BB84 key agreement protocol, the cloud server is communicated with the consumer, and quantum information to be shared is encrypted by using the key II based on a privacy protection method for exchanging contents between the consumer and a data owner of quantum double encryption;
step three: and a quantum decryption stage: after the quantum ciphertext received by the consumer is received, the cloud server firstly forwards the position and the state of the decoy particles in each ciphertext of the consumer, and then the consumer removes the decoy particles and decrypts the quantum ciphertext to obtain the quantum message; finally, the consumer restores the classical message from the comparison of the quantum message and the classical message; and the consumer carries out a distributed decryption algorithm according to the aggregation ciphertext recovered by the private key of the consumer to recover the plaintext information of the classical message.
2. The quantum-based content-centric network privacy protection method according to claim 1, wherein the number of participants is set to n +1, and the n +1 participants include n data owners and 1 consumer; the cloud server is a homomorphic credible cloud server, has certain aggregation processing capacity, and can quickly aggregate ciphertext by using the advantages of cloud computing.
3. The privacy protection method for the quantum-based content-centric network according to claim 2, wherein the method for aggregating ciphertext by using ELGamal algorithm in the first step is as follows:
s1: the cloud server distributes identity Identification (ID) for n +1 participants, and each of the n +1 participantsGenerating a public-private key pair by a self-running distributed key generation algorithm: (PK)1,SK1),(PK2,SK2),…,(PKn,SKn),(PKn+1,SKn+1);
Wherein the public and private key pair of the ith participant is
Figure FDA0003160210960000011
SKiIs the private key, PK, of the ith participantiIs the public key of the ith participant, G represents the generator on the cyclic group G;
s2: the n +1 participants share their respective public keys PK1,PK2,...,PKn,PKn+1Sending to a cloud server, and generating a master public key by using the public key:
Figure FDA0003160210960000021
let main private key SK be SK1+SK2+…+SKn+SKn+1If the master public key PK is equal to gSK
S3: the cloud server sends the master public key PK to the n data owners, and the n data owners generate ciphertext by using the master public key PK:
Figure FDA0003160210960000022
wherein r is1,r2,r3,…,rnRespectively, n random numbers, m, randomly selected by the data owner1,m2,m3,…,mnPlaintext for n data owners, respectively;
s4: n data owners respectively encrypt the ciphertext (A)1,B1),(A2,B2),…,(An,Bn) And sending the ciphertext content to a cloud server, and aggregating the ciphertext contents of n data owners by the cloud server to obtain:
Figure FDA0003160210960000023
a and B represent ciphertexts generated after being encrypted by an ELGmal algorithm, and the A and B form the ciphertexts;
s5: the cloud server runs a hidden key protocol with the participants: the cloud server issues the aggregated ciphertext B to all data owners, and all the data owners calculate the ciphertext
Figure FDA0003160210960000024
I.e. therein
Figure FDA0003160210960000025
Figure FDA0003160210960000026
Figure FDA0003160210960000027
Figure FDA0003160210960000028
4. The privacy protection method for the quantum-based content-centric network according to claim 1, wherein the privacy protection method for the quantum-based dual encryption for the consumer and the data owner to exchange the content is as follows: the cloud server and n data owners share an n-bit key through a BB84 key agreement protocol respectively, quantum information is converted into quantum encryption information by a method of randomly inserting decoy particles for safe transmission, and consumers and the data owners obtain identical bit streams in 2 different places and in any sequence; the data owner is an entity for storing the content object for a long time and providing service for the user, namely the content owner for providing service for a specific content request; the consumer is a user authorized to request the content object.
5. The quantum-based privacy protection method for a content-centric network according to claim 4, wherein the privacy protection method for quantum-based dual encryption for consumers and data owners to exchange content comprises four components: the method comprises an initialization stage, a quantum key negotiation stage, an encryption stage and a decryption stage, and comprises the following steps:
1) an initialization stage:
(1) the data owner changes the classic message M to be shared into M1||M2||…||MnConversion into quantum message | S>=|S1>|S2>…|Sn>Namely: mt=0=|st>=|0>,Mt=1=|St>=|1>(ii) a Wherein the classical message Mt0,1, quantum message | St>={|0),|1>},t=1,2,…,n;
2) And a key negotiation stage:
(2) data owner and consumer share n-bit key through BB84 key protocol
Figure FDA0003160210960000031
Wherein the content of the first and second substances,
Figure FDA0003160210960000032
represents the tth key;
3) a quantum encryption stage:
(3) data owner using the obtained shared key pair quantum message | S>=|S1>|S2>…|Sn>Carrying out encryption operation to obtain ciphertext information:
Figure FDA0003160210960000033
wherein, | St′>Representing the encrypted quantum ciphertext parameter, wherein H is a quantum encryption operation gate;
(4) data owner according to ciphertext information | St′>Obtain ciphertext | S'>=|S1′>|S2′>…|Sn′>To ciphertext | S'>=|S1′>|S2′>…|Sn′>Adding one piece of decoy particles randomly, and adding the decoy particles to obtain a ciphertext
Figure FDA0003160210960000034
And sending the data to a cloud server; cloud server receiving
Figure FDA0003160210960000035
Then, the data owner tells the cloud server the positions and states of the l decoy particles;
4) and a quantum decryption stage:
(5) the consumer receives the ciphertext transmitted by the cloud server
Figure FDA0003160210960000036
Then, the consumer shares the positions and states of the one decoy particles with the cloud server, and the consumer removes the decoy particles to obtain quantum ciphertext | S'>;
(6) Consumer pair quantum ciphertext | ' S ' with shared Key '>And decrypting to obtain a message:
Figure FDA0003160210960000037
thereby obtaining a quantum message | S>=|S1>|S2>…|Sn>And (4) restoring the classical message M by comparing the quantum message with the classical message in the step (1).
6. The quantum-based content-centric network privacy protection method of claim 5, wherein the quantum-operated gate satisfies H1=H,H0I, where I is a unit operator, and Hadamard gate
Figure FDA0003160210960000038
The state of the decoy particles is { |0>,|1>,|+>,|->Any one of the above, l is the length of the plaintext.
7. The privacy protection method for the quantum-based content-centric network according to claim 5, wherein the privacy protection method for the quantum-based double encryption between the consumer and the data owner in the second step comprises:
(a1) the cloud server and n data owners share an n-bit key through a BB84 key agreement protocol respectively, wherein a key shared by the ith data owner and the cloud server through a BB84 key agreement protocol is as follows:
Figure FDA0003160210960000041
(b1) classic message to be shared
Figure FDA0003160210960000042
Conversion to quantum message | Q>i=|Q1>i|Q2>i…|Qn>iComprises the following steps:
Figure FDA0003160210960000043
Figure FDA0003160210960000044
Figure FDA0003160210960000045
Figure FDA0003160210960000046
wherein the classical message
Figure FDA0003160210960000047
Quantum message | Qt>={|0>,|1>,|+>,|->1,2, …, n; i denotes a connector, SKiA private key representing participant i;
(c1) ith data owner vs. quantum message | Q>i=|Q1>i|Q2>i…|Qn>iCarrying out encryption operation to obtain a message:
Figure FDA0003160210960000048
wherein i, j is 1,2, …, n;
(d1) according to message | Qj′>iObtain ciphertext | Q'>i=|Q1′>i|Q2′>i…|Qn′>iI th data owner pair ciphertext Q'>i=|Q1′>i|Q2′>i…|Qn′>iAdding one decoy particle randomly to obtain cipher text
Figure FDA0003160210960000049
And will encrypt the text
Figure FDA00031602109600000410
Sending the data to a cloud server;
(e1) cloud server CS receives ciphertext
Figure FDA00031602109600000411
And then, the ith data owner tells the cloud server the position and the state of the l decoy particles, and the cloud server removes the decoy particles to obtain a quantum ciphertext | Q'>i
(f1) Cloud server pair quantum ciphertext | Q'>iAnd (3) decryption:
Figure FDA00031602109600000412
get quantum message | Q>i=|Q1>i|Q2>i…|Qn>i(ii) a Recovering the classical message from the comparison of the quantum message and the classical message in the step (b1)
Figure FDA00031602109600000413
(g1) Repeating the steps (b1-f1) n times to realize the quantum encryption of the n data owners and the cloud server, and obtaining the classical information of the n data owners by the cloud server
Figure FDA00031602109600000414
8. The privacy protection method for the quantum-based content-centric network according to claim 7, wherein the privacy protection method for the quantum-based double encryption-based consumer and data owner to exchange contents in the third step is implemented by:
(a2) the cloud server and the consumer share one n-bit key through BB84 key agreement protocol
Figure FDA00031602109600000415
(b2) Classic message of data owner by cloud server
Figure FDA0003160210960000051
Respectively converted into a quantum message, a classic message of the ith data owner according to the method of the step (b1)
Figure FDA0003160210960000052
The subsequent quantum message is | Q>i=|Q1>i|Q2>i…|Qn>i
(c2) Cloud server using secret key K shared with consumern+1Quantum message | Q to ith data owner>i=|Q1>i|Q2>i…|Qn>iAnd (3) carrying out encryption operation:
Figure FDA0003160210960000053
wherein j is 1,2, …, n; | Qj″>iThe jth particle after the classical message representing the ith data owner is converted into the quantum message is encrypted by the cloud server,
Figure FDA0003160210960000054
key K representing sharing of cloud server and consumern+1J-th bit key, | Qj>iThe classical message representing the ith data owner is converted into the jth particle after the quantum message;
(d2) the ciphertext | Q ″' can be obtained from the previous step>i=|Q1″>i|Q2″>i…|Qn″>iThe ith data owner pair ciphertext | Q ″)>iAdding one piece of decoy particles randomly, and adding the decoy particles to obtain a ciphertext
Figure FDA0003160210960000055
Cloud server for all classic messages
Figure FDA0003160210960000056
All the steps (c2) - (d2) are carried out to obtain ciphertext
Figure FDA0003160210960000057
And sent to the consumer;
(e2) the consumer receives the ciphertext
Figure FDA0003160210960000058
Then, the cloud server tells the position and the state of the decoy particles in each ciphertext of the consumer, the consumer removes the decoy particles, and the quantum ciphertext { | Q ″, is obtained>1,|Q″>2,…,|Q″>n};
(f2) Consumer's right amountSub ciphertext { | Q ″)>1,|Q″>2,…,|Q″>nCarrying out decryption:
Figure FDA0003160210960000059
get quantum message | Q>={|Q>i,|Q>i,…,|Q>i}; then, the classical message is recovered by the contrast of the quantum message and the classical message
Figure FDA00031602109600000510
9. The quantum-based content-centric network privacy protection method according to claim 8, wherein the distributed decryption algorithm in the quantum decryption stage is:
Figure FDA00031602109600000511
wherein A is a ciphertext parameter encrypted by an ELGmal algorithm, and m is1、m2……mnRespectively, the plaintext of the n data owners.
10. The quantum-based privacy protection method for the content-centric network according to claim 5, wherein the BB84 key agreement protocol distributes the keys by:
1) the sender Alice randomly generates a set of 8-bit binary sequence SA
2) The sender Alice then generates another set of 8-bit random sequences MAAs a transmission base sequence, from these two sequences, 8 photons are generated by modulation, and the state of modulating each photon is determined as:
Figure FDA0003160210960000061
3) receiver Bob generates a group of 8-bit binary sequence random sequencesTo select a measurement basis sequence MB(ii) a The method for selecting the measurement base sequence comprises the following steps:
Figure FDA0003160210960000062
4) the receiver Bob informs the sender Alice of the selected measurement base sequence M through a classical channelB(ii) a Sender Alice compares measurement base sequences MBAnd reserved transmission base sequence MAB, carrying out the following steps of; the sender Alice and the receiver Bob respectively store the correct measurement results of the measurement bases and abandon the wrong measurement results of the measurement bases;
5) the method comprises the steps that a sender Alice and a receiver Bob encode quantum states into binary bits according to a mode of-and/or representing 0, | and \ representing 1, and an original secret key is obtained;
6) finally, the sender Alice and the receiver Bob obtain the same key sequence;
the code system of the ElGamal algorithm is as follows:
(1) and (3) key generation: safely selecting a large prime number p, requiring p-1 to have a large prime number factor, and finding out a primitive element of modulo p
Figure FDA0003160210960000063
Randomly generating an integer a, and calculating: beta-alphaa(ii) a Wherein a is more than 1 and less than p-2,
Figure FDA0003160210960000064
is a finite field with p elements, and is a multiplication group formed by non-zero elements in the finite field;
(2) and (3) encryption process: selecting a secret random integer x, and calculating a ciphertext c ═ A, B ═ alpha for a plaintext message mx,mβx) (ii) a Wherein x is more than 1 and less than p-1; a and B are two parameters of the encrypted ciphertext respectively;
(3) and (3) decryption process: for ciphertext c, compute message m ═ B (a)a)-1(ii) a And β are both secret parameters encrypted into ciphertext c, and are also elements constituting a public key and a private key;
ElGamahomomorphism of the algorithm: for plaintext m1,m2After encryption, we can get:
Figure FDA0003160210960000071
where D (,) represents a decryption operation and E () represents an encryption operation.
CN202110788763.7A 2021-07-13 2021-07-13 Quantum-based content-centric network privacy protection method Active CN113346996B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110788763.7A CN113346996B (en) 2021-07-13 2021-07-13 Quantum-based content-centric network privacy protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110788763.7A CN113346996B (en) 2021-07-13 2021-07-13 Quantum-based content-centric network privacy protection method

Publications (2)

Publication Number Publication Date
CN113346996A true CN113346996A (en) 2021-09-03
CN113346996B CN113346996B (en) 2022-07-12

Family

ID=77479586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110788763.7A Active CN113346996B (en) 2021-07-13 2021-07-13 Quantum-based content-centric network privacy protection method

Country Status (1)

Country Link
CN (1) CN113346996B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422130A (en) * 2022-01-04 2022-04-29 北京航空航天大学 Quantum encryption method based on quantum power function confusion
CN116094836A (en) * 2023-03-09 2023-05-09 深圳市网联天下科技有限公司 Router data secure storage method and system based on symmetric encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110126011A1 (en) * 2009-11-24 2011-05-26 Electronics And Telecommunications Research Institute Method of user-authenticated quantum key distribution
CN107959566A (en) * 2016-10-14 2018-04-24 阿里巴巴集团控股有限公司 Quantal data key agreement system and quantal data cryptographic key negotiation method
CN109756326A (en) * 2017-11-07 2019-05-14 中兴通讯股份有限公司 Quantum encryption communication method, equipment and computer readable storage medium
US20200044832A1 (en) * 2018-07-31 2020-02-06 International Business Machines Corporation System and method for quantum resistant public key encryption
WO2021000329A1 (en) * 2019-07-04 2021-01-07 深圳职业技术学院 Multi-party quantum key agreement method, computer terminal and storage device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110126011A1 (en) * 2009-11-24 2011-05-26 Electronics And Telecommunications Research Institute Method of user-authenticated quantum key distribution
CN107959566A (en) * 2016-10-14 2018-04-24 阿里巴巴集团控股有限公司 Quantal data key agreement system and quantal data cryptographic key negotiation method
CN109756326A (en) * 2017-11-07 2019-05-14 中兴通讯股份有限公司 Quantum encryption communication method, equipment and computer readable storage medium
US20200044832A1 (en) * 2018-07-31 2020-02-06 International Business Machines Corporation System and method for quantum resistant public key encryption
WO2021000329A1 (en) * 2019-07-04 2021-01-07 深圳职业技术学院 Multi-party quantum key agreement method, computer terminal and storage device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
P. SIVA LAKSHMI等: "Comparison of Classical and Quantum Cryptography using QKD Simulator", 《INTERNATIONAL CONFERENCE ON ENERGY, COMMUNICATION, DATA ANALYTICS AND SOFT COMPUTING (ICECDS-2017)》 *
唐建军等: "开放型量子保密通信系统架构及共纤传输技术研究与实验", 《电信科学》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422130A (en) * 2022-01-04 2022-04-29 北京航空航天大学 Quantum encryption method based on quantum power function confusion
CN114422130B (en) * 2022-01-04 2023-09-29 北京航空航天大学 Quantum encryption method based on quantum power function confusion
CN116094836A (en) * 2023-03-09 2023-05-09 深圳市网联天下科技有限公司 Router data secure storage method and system based on symmetric encryption
CN116094836B (en) * 2023-03-09 2023-06-06 深圳市网联天下科技有限公司 Router data secure storage method and system based on symmetric encryption

Also Published As

Publication number Publication date
CN113346996B (en) 2022-07-12

Similar Documents

Publication Publication Date Title
Badra et al. Lightweight and efficient privacy-preserving data aggregation approach for the smart grid
US20230188325A1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN113346996B (en) Quantum-based content-centric network privacy protection method
Xu et al. Expressive bilateral access control for internet-of-things in cloud-fog computing
Zheng et al. Achieving secure and scalable data access control in information-centric networking
Mahesh et al. Design of new security algorithm: Using hybrid Cryptography architecture
US11528127B2 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
Diovu et al. Enhancing the security of a cloud‐based smart grid AMI network by leveraging on the features of quantum key distribution
Zhang et al. Lightweight multidimensional encrypted data aggregation scheme with fault tolerance for fog-assisted smart grids
Sinha et al. Randomized Block Size (RBS) Model for Secure Data Storage in Distributed Server.
Khasawneh et al. ECS‐CP‐ABE: A lightweight elliptic curve signcryption scheme based on ciphertext‐policy attribute‐based encryption to secure downlink multicast communication in edge envisioned advanced metering infrastructure networks
Mishra et al. GraphCrypto: Next generation data security approach towards sustainable smart city building
Parmar et al. A comparative evaluation of algorithms in the implementation of an ultra-secure router-to-router key exchange system
Zhu et al. T-CAM: Time-based content access control mechanism for ICN subscription systems
Ghali et al. (The futility of) data privacy in content-centric networking
Peng et al. Efficient distributed decryption scheme for IoT gateway-based applications
Barenghi et al. Snake: An end-to-end encrypted online social network
Ning et al. TAW: cost-effective threshold authentication with weights for Internet of Things
Qin et al. Strongly secure and cost-effective certificateless proxy re-encryption scheme for data sharing in cloud computing
Zhang et al. Design of compressed sensing fault-tolerant encryption scheme for key sharing in IoT Multi-cloudy environment (s)
Boloorchi et al. Symmetric Threshold Multipath (STM): An online symmetric key management scheme
Kumar et al. A novel framework for secure file transmission using modified AES and MD5 algorithms
Arora et al. Securing web documents by using piggybacked framework based on Newton's forward interpolation method
Guo et al. Privacy-aware transmission scheme based on homomorphic proxy re-encryption for NDN
Gupta et al. Future Connected Technologies: Growing Convergence and Security Implications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant