CN114024666B - Quantum key distribution method and system - Google Patents

Quantum key distribution method and system Download PDF

Info

Publication number
CN114024666B
CN114024666B CN202111080925.8A CN202111080925A CN114024666B CN 114024666 B CN114024666 B CN 114024666B CN 202111080925 A CN202111080925 A CN 202111080925A CN 114024666 B CN114024666 B CN 114024666B
Authority
CN
China
Prior art keywords
key
node
quantum
qkd
nodes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111080925.8A
Other languages
Chinese (zh)
Other versions
CN114024666A (en
Inventor
赵永利
朱青橙
郁小松
李亚杰
张�杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN202111080925.8A priority Critical patent/CN114024666B/en
Publication of CN114024666A publication Critical patent/CN114024666A/en
Application granted granted Critical
Publication of CN114024666B publication Critical patent/CN114024666B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

One or more embodiments of the present disclosure provide a quantum key distribution method and system, including: deploying QKD nodes and subordinate nodes in a key transmission domain of the QKD nodes; the QKD node pair generates a quantum key and constructs a key pool, and the quantum key generated by the QKD node pair is stored in the key pool; constructing a key Chi Qiepian of a lower node according to the received key pool slice construction instruction, and storing a part of quantum keys shared between the lower node pairs in a key Chi Qiepian; in response to successful construction of the key pool and the key Chi Qiepian, the quantum key is transmitted in the key transport domain to the subordinate node. The embodiment can realize multi-stage distribution of the quantum key.

Description

Quantum key distribution method and system
Technical Field
One or more embodiments of the present disclosure relate to the field of information security technologies, and in particular, to a quantum key distribution method and system.
Background
With the development of technologies such as quantum computers with strong computing power, the traditional data encryption method based on algorithm complexity is difficult to continuously guarantee data security. Quantum key distribution (Quantum Key Distribution, QKD) techniques can provide a way for information-theory security to generate symmetric keys against attacks and eavesdropping on the communication link. QKD devices can provide quantum keys to ensure communication security, however, due to the high cost of QKD devices, deployment of QKD devices has limitations in terms of energy consumption, mobility, quantum channel construction, etc., and each node has certain difficulties in configuring QKD devices. With the expansion of network scale and the increase of node types, a method capable of providing quantum keys for different nodes is needed to ensure communication security.
Disclosure of Invention
In view of this, it is an object of one or more embodiments of the present disclosure to provide a quantum key distribution method and system to solve the problem of quantum key distribution.
In view of the above object, one or more embodiments of the present specification provide a quantum key distribution method including:
deploying a QKD node and a subordinate node located in a key transmission domain of the QKD node; wherein the QKD node configures a QKD device and the subordinate node does not configure a QKD device;
the QKD node pair generates a quantum key and constructs a key pool, and the key pool stores the quantum key generated by the QKD node pair;
constructing a key Chi Qiepian of a lower node according to the received key pool slice construction instruction, wherein partial quantum keys shared between the lower node pairs are stored in the key Chi Qiepian; wherein the partial quantum key is part of the quantum key;
in response to the key pool and key Chi Qiepian building success, the quantum key is transmitted in the key transport domain to a subordinate node.
Optionally, the lower node includes a multi-level node, and the key pool slice for constructing the lower node is:
sequentially constructing a key Chi Qiepian of each level of nodes, wherein the key Chi Qiepian stores part of quantum keys shared between current level node pairs; wherein the current level nodes are located at the same level and in different key transmission domains.
Optionally, the current level node is located in the key transmission domain, and a key transmission sub-domain of a higher level node of the current level node; the quantum key is transmitted in the key transmission domain to a subordinate node, comprising:
a part of the quantum key is transmitted to the superordinate node in the key transmission domain, and a part of the partial quantum key obtained by the superordinate node is transmitted to the current-stage node in the key transmission sub-domain.
Optionally, the quantum key is transmitted to a subordinate node in the key transmission domain, including:
the QKD node transmitting a portion of the quantum key to a subordinate node in the key transmission domain, the QKD node deleting the portion of the quantum key;
after the quantum key is transmitted to the subordinate node in the key transmission domain, the method further comprises:
and deleting the part of the quantum key after the subordinate node performs secret communication by using the part of the quantum key.
Optionally, the capacity of the key pool for storing the quantum key is larger than the capacity of the subordinate node for storing part of the quantum key.
Optionally, the key pool slice construction instruction is determined according to the node pair and the node pair level of the quantum key to be distributed.
Optionally, the speed of the QKD node pair generating the quantum key is greater than the speed of redistributing the quantum key, which is greater than the speed of the subordinate node acquiring a portion of the quantum key.
The embodiments of the present specification also provide a quantum key distribution system, including:
a master control center for deploying QKD nodes and subordinate nodes located in a key transmission domain of the QKD nodes; wherein the QKD node configures a QKD device and the subordinate node does not configure a QKD device;
the QKD node management and control center is used for controlling the QKD node pair to generate a quantum key and constructing a key pool, wherein the key pool stores the quantum key generated by the QKD node pair;
the lower node management and control center is used for constructing a key Chi Qiepian of the lower node according to the received key pool slice construction instruction, and partial quantum keys shared between the lower node pairs are stored in the key Chi Qiepian; wherein the partial quantum key is part of the quantum key;
and the domain management and control center is used for transmitting the quantum key to a subordinate node in the key transmission domain in response to successful construction of the key pool and the key Chi Qiepian.
Optionally, the lower node comprises a multi-stage node, and the lower node control center comprises a multi-stage control center;
each level of management and control center is used for sequentially constructing keys Chi Qiepian of each level of nodes, and the keys Chi Qiepian are used for storing part of quantum keys shared between the current level of node pairs; wherein the current level nodes are located at the same level and in different key transmission domains.
Optionally, the current level node is located in the key transmission domain, and a key transmission sub-domain of a higher level node of the current level node;
the domain management and control center is configured to transmit a part of the quantum keys to the superordinate node in the key transmission domain, and a part of the partial quantum keys obtained by the superordinate node is transmitted to the current-level node in the key transmission sub-domain.
As can be seen from the foregoing, one or more embodiments of the present disclosure provide a quantum key distribution method and system by deploying QKD nodes and subordinate nodes located in a key transport domain of the QKD nodes; the QKD node pair generates a quantum key and constructs a key pool, and the quantum key generated by the QKD node pair is stored in the key pool; constructing a key Chi Qiepian of a lower node according to the received key pool slice construction instruction, and storing a part of quantum keys shared between the lower node pairs in a key Chi Qiepian; in response to successful construction of the key pool and the key Chi Qiepian, the quantum key is transmitted in the key transport domain to the subordinate node. The embodiment can realize multi-stage distribution of the quantum key, so that the quantum key can be obtained by nodes without the QKD equipment.
Drawings
For a clearer description of one or more embodiments of the present description or of the solutions of the prior art, the drawings that are necessary for the description of the embodiments or of the prior art will be briefly described, it being apparent that the drawings in the description below are only one or more embodiments of the present description, from which other drawings can be obtained, without inventive effort, for a person skilled in the art.
FIG. 1 is a schematic flow diagram of a method of one or more embodiments of the present disclosure;
FIG. 2 is a schematic diagram of a system architecture of one or more embodiments of the present disclosure;
FIG. 3 is a schematic flow chart of a method according to another embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a constructed key pool of one or more embodiments of the present disclosure;
FIG. 5 is a schematic diagram of a key distribution and management flow according to one or more embodiments of the present disclosure
FIG. 6 is a schematic structural diagram of a lateral management system of one or more embodiments of the present disclosure;
FIG. 7 is a schematic diagram of a longitudinal management system of one or more embodiments of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device according to one or more embodiments of the present disclosure.
Detailed Description
For the purposes of promoting an understanding of the principles and advantages of the disclosure, reference will now be made to the embodiments illustrated in the drawings and specific language will be used to describe the same.
It is noted that unless otherwise defined, technical or scientific terms used in one or more embodiments of the present disclosure should be taken in a general sense as understood by one of ordinary skill in the art to which the present disclosure pertains. The use of the terms "first," "second," and the like in one or more embodiments of the present description does not denote any order, quantity, or importance, but rather the terms "first," "second," and the like are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
As described in the background section, there are a plurality of interconnected nodes in the network, and the QKD device is configured in the network to generate a quantum key, and the security of data communicated between the nodes can be achieved by using the quantum key. However, because of the high cost of QKD devices, practical deployments need to meet certain conditions, and there are difficulties in configuring a QKD device per node.
The applicant finds in implementing the present disclosure that configuring QKD devices (referred to as QKD nodes) at nodes in a network that can partially meet conditions, generating quantum keys by the QKD nodes, establishing a key pool between the QKD nodes, and distributing the quantum keys in the key pool to other nodes not deploying the QKD devices, so that each node in the network can implement secure communications using the quantum keys.
In view of the foregoing, embodiments of the present disclosure provide a quantum key distribution method that constructs a key pool between QKD nodes, constructs a key Chi Qiepian between other nodes located in a secure transmission domain of the QKD nodes, and enables quantum keys generated by the QKD nodes to be transmitted to the other nodes in the secure transmission domain, thereby enabling each node in the network to obtain the quantum keys and utilizing the quantum keys to enable secure communications.
The technical scheme of the present disclosure is further described in detail below through specific examples.
As shown in fig. 1, an embodiment of the present disclosure provides a quantum key distribution method, including:
s101: deploying QKD nodes and subordinate nodes in a key transmission domain of the QKD nodes;
in this embodiment, the network includes QKD nodes that configure QKD devices and other nodes that do not configure QKD devices, which have the need for secure data transmission.
And dividing each node in the network into different levels according to the conditions of the region, the task security level, the key distribution times and the like. In some embodiments, a QKD node serves as a primary node, and may form a QKD node pair with other QKD nodes to generate a distributed quantum key, where one QKD node divides a key transmission domain, and the other nodes in the key transmission domain are downstream nodes of the QKD node, where the quantum key generated by the QKD node is only allowed to be transmitted to downstream nodes in its key transmission domain for security.
The lower node of the QKD node can be divided into a second-level node, a third-level node and other multi-level nodes, the second-level node is divided into a key transmission subdomain, other nodes in the key transmission subdomain are the lower nodes of the second-level node, and the like. Wherein the domain attributes of the nodes can be expressed as
Figure BDA0003263991430000051
Transmitting domain information for a key, < >>
Figure BDA0003263991430000052
For the key transmission subdomain information, that is, the current level node is located in the key transmission domain of the level one node (QKD node) and the key transmission subdomain of the level one node (non-level one node), part of the quantum key is firstly transmitted to the level one node in the key transmission domain, and part of the quantum key obtained by the level one node is transmitted to the current level node in the key transmission subdomain, so that the multi-level distribution of the quantum key is realized.
In an example, as shown in fig. 2, the primary nodes are node 1, node 2, node 3 and node 4, the secondary nodes 1.1, node 1.2 and node 1.3 are located in the secure transmission domain 1 of node 1, the secondary nodes 2.1, node 2.2 and node 2.3 are located in the secure transmission domain 2 of node 2, the secondary nodes 3.1, node 3.2 and node 3.3 are located in the secure transmission domain 3 of node 3, and the tertiary nodes are all terminals. The first-level node generates a quantum key based on a quantum principle and can be regarded as first-level distribution of the quantum key, the quantum key generated by the first-level node can be transmitted to a second-level node in a key transmission domain of the quantum key through a classical channel, so that second-level distribution of the quantum key is realized, the second-level node can distribute the quantum key to a third-level node in a key transmission sub-domain of the quantum key, third-level distribution of the quantum key is realized, all nodes in a network can obtain the quantum key through multi-level distribution of the quantum key, and communication security among the nodes is realized by utilizing the quantum key.
In some approaches, to configure QKD devices, QKD nodes need to meet space, energy consumption, etc. conditions while establishing quantum channels and classical channels. Alternatively, a low-loss wave band can be selected by a mode of dark optical fiber or a mode of co-fiber transmission with a classical channel, so as to construct a quantum channel for the transmission of signals in a quantum state; the secure channel can be constructed by physical layer security technologies such as quantum stream encryption, wireless physical layer security and the like, and is used for secure transmission of quantum keys. The QKD device comprises a decoy state scheme light source, a single photon detector and a two-way QKD module, can realize the quantum key distribution of the integrated transceiver and can continuously generate optical quantum signals. The specific principles and configurations of QKD devices are not limited by this embodiment.
S102: the QKD node pair generates a quantum key and constructs a key pool, and the quantum key generated by the QKD node pair is stored in the key pool;
in this embodiment, after the QKD node and its subordinate nodes are deployed, a quantum key is generated between two pairs of QKD nodes, and according to a key pool for constructing the quantum key generated by the pair of QKD nodes, after the key pool is constructed successfully, the QKD nodes store the quantum key.
In some approaches, quantum keys are generated between two QKD nodes based on a QKD protocol. And according to the conditions of transmission distance, relay reliability, transmission rate and the like, a proper QKD protocol is selected between the two nodes to establish a quantum channel, and a quantum key is generated based on the QKD protocol. Alternatively, the QKD protocol may be a discrete variable quantum key distribution protocol (DV-QKD), a continuous variable quantum key distribution protocol (CV-QKD), a device independent quantum key distribution protocol (MDI-QKD), or the like, and the method of generating and distributing a quantum key is not specifically limited in this embodiment.
The QKD node pairs for generating the quantum key have a one-to-one correspondence, and the generated quantum key is stored by using a key pool. As shown in fig. 4, QKD nodes 1 and 2 generate quantum keys based on the QKD protocol, store the quantum keys, and the constructed key pool stores the quantum keys generated by node pair (1, 2).
S103: constructing a key Chi Qiepian of a lower node according to the received key pool slice construction instruction, and storing a part of quantum keys shared between the lower node pairs in a key Chi Qiepian; the key pool slice construction instruction is determined according to the distribution demand information and the subordinate node information included in the key transmission domain; the partial quantum key is part of a quantum key;
in this embodiment, after the key pool is constructed, the key pool slice is constructed according to the received key pool slice construction instruction. The key pool slice construction instruction is determined according to the node to be distributed with the quantum key in the distribution demand information and the subordinate node information included in each key transmission domain. In some modes, according to the communication requirement of the application and the user level of the operation application, determining the node pair and the level of the node pair needing to be allocated with the quantum key, forming node pair list information comprising the quantum key to be allocated, and constructing the key pool slice between the node pairs of the corresponding level according to the node pair and the level of the node pair in the node pair list information by the key pool slice construction instruction. For example, if the node A, B needs to distribute the quantum key for secret communication, and the node A, B is a secondary node, the node list information includes the node A, B and the level node information thereof, and the key pool slice between the nodes A, B can be constructed according to the node information.
In some embodiments, the quantum key generated by the QKD node pair is a symmetric key, and a portion of the quantum key is distributed to a subordinate node pair in its key transport domain, the portion of the quantum key of the subordinate node pair also being a symmetric key. Thus, the key Chi Qiepian of the lower node pair in the key transmission domain to which the QKD node pair corresponds is established, and a partial quantum key shared between the lower node pairs is stored using the key Chi Qiepian.
As shown in fig. 4, in combination with the QKD node 1 and the QKD node 2, which are node pairs that generate quantum keys, the two-stage nodes 1.1, 1.2 and 1.3 are located in the secure transmission domain of the QKD node 1, the QKD node 1 generates quantum keys, distributes part of the quantum keys to the two-stage nodes 1.1, 1.2 and 1.3, then deletes part of the distributed quantum keys, and the quantum keys distributed to different two-stage nodes are different, so that only one pair of quantum keys is used by one node pair; secondary nodes 2.1, 2.2 and 2.3 are located within the secure transmission domain of QKD node 2, QKD node 2 generates quantum keys, distributes a portion of the quantum keys to secondary nodes 2.1, 2.2 and 2.3, then deletes the distributed portion of the quantum keys, and the quantum keys distributed to the different secondary nodes are different.
The key pool first-level slice of the second-level node is constructed, the key pool first-level slice between the second-level node pairs (1.1, 2.1) stores partial quantum keys shared between the node pairs (1.1, 2.1), the key first-level slice between the second-level node pairs (1.1,2.2) stores partial quantum keys shared between the node pairs (1.1,2.2), the key pool first-level slice between the second-level node pairs (1.1,2.3) stores partial quantum keys shared between the node pairs (1.1,2.3), and 9 key pool first-level slices of the 9 second-level node pairs can be constructed. Similarly, the tertiary node 1.3.1 is located in the key transmission sub-domain of the secondary node 1.3, and the secondary node 1.3 distributes part of the quantum keys obtained by the secondary node to the tertiary node 1.3.1 and deletes the distributed part of the quantum keys; the tertiary node 2.3.1 is positioned in a key transmission sub-domain of the secondary node 2.3, the secondary node 2.3 distributes part of the quantum keys obtained by the secondary node to the tertiary node 2.3.1, and deletes the distributed quantum keys; and constructing a key pool second-level slice of the tertiary node, wherein the key pool second-level slice between the tertiary node pairs (1.3.1,2.3.1) stores part of quantum keys shared between the tertiary node pairs (1.3.1,2.3.1).
S104: in response to successful construction of the key pool and the key Chi Qiepian, the quantum key is transmitted in the key transport domain to the subordinate node.
In this embodiment, when the key pool and key pool slice are constructed, the quantum key generated by the QKD node can be transmitted in the key transmission domain to the subordinate node, so that the node not configured with the QKD device can also obtain the quantum key.
The quantum key distribution method provided by the embodiment includes that QKD nodes and lower nodes located in a key transmission domain of the QKD nodes are deployed, a quantum key is generated by the QKD node pairs, a key pool is built, quantum key information generated by the QKD node pairs is stored in the key pool, a key Chi Qiepian of the lower nodes is built according to distribution demand information and the lower nodes included in the key transmission domain, partial quantum keys shared between the lower node pairs are stored in a key Chi Qiepian, and after the key pool and a key Chi Qiepian are successfully built, the quantum keys are transmitted to the lower nodes in the key transmission domain. The QKD nodes configuring the QKD device and other nodes not configuring the QKD device are deployed in the network, and by constructing a key pool and a key Chi Qiepian between secure transmission domains, quantum keys are transmitted to other nodes within the secure transmission domain, enabling multi-level distribution of quantum keys so that each node in the network can obtain and utilize the quantum keys to enable secure communications.
As shown in fig. 3, in some embodiments, the quantum key distribution method specifically includes: deploying QKD nodes and other nodes in the network, and determining the QKD nodes and subordinate nodes located in the secure transmission domain; constructing a key pool between QKD node pairs for generating quantum keys, and storing the quantum keys generated by the QKD node pairs by using the key pool; the key pool is constructed successfully and the QKD nodes store quantum keys. Acquiring distribution demand information, constructing a key Chi Qiepian of a lower node according to the distribution demand information and lower node information included in a key transmission domain, and storing partial quantum keys shared between lower node pairs in a key pool slice, wherein the lower node pairs are peer nodes in the same hierarchy but different key transmission domains; the key Chi Qiepian is successfully constructed, and the quantum key can be transmitted to the subordinate node in the key transmission domain and stored by the subordinate node.
In some embodiments, the subordinate nodes comprise multi-level nodes, and constructing key pool slices of the subordinate nodes is as follows:
sequentially constructing a key Chi Qiepian of each level of nodes, and storing a part of quantum keys shared between the current level of node pairs by a key Chi Qiepian; wherein the current level nodes are located at the same level and in different key transmission domains.
In this embodiment, the lower node may include multiple levels, requiring the key pool slice to be built level by level. For example, QKD nodes, secondary nodes and tertiary nodes are deployed in the network, the secondary nodes and tertiary nodes are located in key transmission domains of the QKD nodes, the tertiary nodes are located in key transmission sub-domains of the secondary nodes at the same time, a key pool is built between pairs of QKD nodes, and after the key pool is built successfully, the QKD nodes store quantum keys. Constructing a first slice of a key pool according to distribution demand information and second-level node information in a key transmission domain, and storing partial quantum keys shared between second-level node pairs positioned at a second level but in different key transmission domains by using the first slice of the key pool; and after the first-level slice of the key pool is successfully constructed, constructing a second-level slice of the key pool according to the third-level node information, and storing partial quantum keys shared between third-level node pairs positioned in a third-level but different key transmission domains by using the second-level slice of the key pool. After the second-level slice of the key pool is successfully constructed, the quantum key can be transmitted to the second-level node in the key transmission domain to realize second-level distribution, and further can be transmitted to the third-level node in the key transmission subdomain to realize third-level distribution, so that the multi-level distribution of the quantum key is completed, and other nodes can obtain the quantum key.
In some embodiments, the key pool stores quantum keys with a greater capacity than the key pool slice stores portions of the quantum keys. If the lower node has multiple stages and the key pool slice has multiple stages, the capacity of the key pool slice storage part quantum key of the node of the upper stage is larger than that of the key pool slice storage part quantum key of the node of the lower stage. That is, the capacity of the quantum key stored in the key pool is larger than the capacity of the quantum key stored in the first-stage slice of the key pool, the capacity of the quantum key stored in the first-stage slice of the key pool is larger than the capacity of the quantum key stored in the second-stage slice of the key pool, … …, and the capacity of the quantum key stored in the N-1-stage slice of the key pool is larger than the capacity of the quantum key stored in the N-stage slice of the key pool. Referring to FIG. 4, for example, the key pool has a capacity U t The first-level slice of the key pool has a capacity of 0.1U t The capacity of the key pool secondary slice is 0.05U t The capacity decreases stepwise.
In some embodiments, the QKD node pair may continuously generate quantum keys, distribute some of the quantum keys therein to subordinate nodes, and then delete the distributed partial quantum keys; the lower node receives part of the quantum key, after the part of the quantum key is used for one-time encryption communication, the part of the quantum key is deleted, and the QKD node is used for encrypting communication on the part of the quantum key which is redistributed in the next encryption communication, so that the quantum key used for encrypting communication between the nodes is a disposable key, and the communication safety can be improved.
Similarly, if the lower node has multiple stages, the node of the upper stage distributes part of the obtained partial quantum key to the node of the lower stage, then deletes the distributed partial quantum key, the node of the lower stage receives the partial quantum key, and after the partial quantum key is used for encryption communication once, the partial quantum key is deleted, and when the next encryption communication is carried out, the partial quantum key redistributed by the node of the upper stage is used for encryption communication.
It will be appreciated that to ensure progressive distribution of quantum keys, the QKD node pair should generate quantum keys at a rate greater than the rate at which quantum keys are redistributed, which is greater than the rate at which the lower nodes acquire part of the quantum keys. If the lower node has multiple stages, the lower node obtains the quantum key, wherein the lower node comprises the nodes of the stage for encrypted communication by using part of the quantum key and the nodes of the stage distribute part of the quantum key to the nodes of the next stage so as to ensure that all stages of nodes can obtain the quantum key.
It should be noted that the methods of one or more embodiments of the present description may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of one or more embodiments of the present description, the devices interacting with each other to accomplish the methods.
It should be noted that the foregoing describes specific embodiments of the present invention. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
As shown in fig. 5-7, embodiments of the present disclosure further provide a quantum key distribution system, including:
the master control center is used for deploying the QKD nodes and the subordinate nodes in the key transmission domain of the QKD nodes;
the QKD node management and control center is used for controlling the QKD node pair to generate a quantum key and constructing a key pool, wherein the key pool stores the quantum key generated by the QKD node pair;
the lower node management and control center is used for constructing a key Chi Qiepian of the lower node according to the received key pool slice construction instruction, and a part of quantum keys shared by the lower node pairs are stored in the key Chi Qiepian; wherein the key Chi Qiepian instruction is determined according to the distribution demand information and the lower node information included in the key transmission domain; the partial quantum key is part of a quantum key;
the domain management and control center is used for transmitting the quantum key to the subordinate node in the key transmission domain in response to successful construction of the key pool and the key Chi Qiepian.
In this embodiment, in order to implement multi-level unified management of quantum key generation and distribution, the provided quantum key construction system includes a master control center, a QKD node control center, a subordinate node control center, and a domain control center. The main control center is used for system configuration and unified management and can interact with other control centers; the QKD node management center is used for managing each QKD node, and comprises a QKD node pair for generating a quantum key, a key pool for constructing the QKD node pair, a quantum key storage and the like; the lower node management and control center is used for managing lower nodes, constructing keys Chi Qiepian of lower node pairs and the like; the domain management and control center is used for managing and maintaining the link relation among the nodes in the secure transmission domain, monitoring the link state and controlling the quantum key to be transmitted to each node in the key transmission domain. Through the cooperative work of the management and control centers, the efficient construction of the quantum key pool and the efficient management and control of the network can be realized.
Referring to fig. 5, the specific workflow of the quantum key distribution system of the present embodiment is: the QKD node management and control center sends quantum key generation and distribution information to the main management and control center, wherein the quantum key generation and distribution information comprises a QKD node pair capable of generating a quantum key, an initialization state of the quantum key is generated by the QKD node pair, and the rate of the quantum key generation by the QKD node pair is equal; the master control center receives the quantum key generation and distribution information, sends a key pool construction command to the QKD node control center, receives the key pool construction command, performs uniform formatting on the quantum key generated by the QKD node pair, constructs a key pool according to the quantum key pair subjected to the uniform formatting, and sends a key pool construction result and the constructed key pool to the master control center;
after the master control center judges that the key pool is successfully constructed, key pool construction success information is sent to the QKD node control center, the subordinate node control center and the domain control center, and the QKD node control center stores the generated quantum key.
The lower node management and control center sends distribution demand information to the main management and control center, the domain management and control center sends lower node information (including link relation and link state among nodes) contained in the key transmission domain to the main management and control center, the main management and control center sends a key Chi Qiepian construction command to the corresponding lower node management and control center according to the distribution demand information and the lower node information, and the key Chi Qiepian construction command comprises a key pool and lower node information; the lower node management and control center constructs a key Chi Qiepian of the lower node pair according to the key pool and the lower node information, and sends a key pool slice construction result and a key Chi Qiepian to the main management and control center;
after the master control center judges that the key Chi Qiepian is successfully constructed, a key Chi Qiepian construction success message and a key transmission command are sent to the QKD node control center; the QKD node management and control center receives a key transmission command and controls the QKD node to transmit a part of the quantum key to a secondary node in the key transmission domain;
after the key transmission is successful, namely after the secondary distribution, the main control center sends a key Chi Qiepian construction success message and a key transmission command to the domain control center, and the domain control center receives the key transmission command and controls the secondary node to transmit part of the obtained partial quantum key to a lower node in the secure transmission sub-domain (if a plurality of levels of nodes exist, the nodes are sequentially transmitted to each level of nodes);
after the key transmission is successful, namely after multi-level distribution, a lower node distributes partial quantum keys by the upper level, after the main control center determines that the quantum key safety transmission is successful, a key storage command is sent to the lower node control center, and the lower node control center controls each lower node to store the received partial quantum keys; if the master control center finds that the secure transmission of the quantum key fails, the lower node discards the received partial quantum key.
As shown in fig. 6, according to the level to which the node belongs, the QKD node management center is configured to manage the QKD node, and the lower node management center may deploy a corresponding management center according to the number of levels of the lower node, and if the lower node includes a second level node, a third level node, and a … … N level node, the lower node management center deploys the second level node management center, the third level node management center, … …, and the N level node management center, and each of the node management centers manages a key pool slice of each level node.
In some embodiments, if the secondary node has a distribution requirement, the secondary node management and control center sends distribution requirement information to the main management and control center, and accordingly, after key distribution, the secondary node obtains a part of the quantum key, and the node without the distribution requirement cannot obtain the quantum key.
As shown in fig. 7, according to the QKD nodes and their key transport domains, each key transport domain deploys a domain management center that is utilized to manage the nodes and link states within the secure transport domain. In this way, the embodiment can realize the construction of key pools and all levels of key pool slices and the distribution management of keys through the cooperation of the main control center, the multi-level node control center and the domain control center by deploying the horizontal multi-level node control center and the vertical domain control center.
The system of the foregoing embodiment is configured to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Fig. 8 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding method in the foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
The computer readable media of the present embodiments, including both permanent and non-permanent, removable and non-removable media, may be used to implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; combinations of features of the above embodiments or in different embodiments are also possible within the spirit of the present disclosure, steps may be implemented in any order, and there are many other variations of the different aspects of one or more embodiments described above which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure one or more embodiments of the present description. Furthermore, the apparatus may be shown in block diagram form in order to avoid obscuring the one or more embodiments of the present description, and also in view of the fact that specifics with respect to implementation of such block diagram apparatus are highly dependent upon the platform within which the one or more embodiments of the present description are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that one or more embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present disclosure is intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the one or more embodiments of the disclosure, are therefore intended to be included within the scope of the disclosure.

Claims (6)

1. A quantum key distribution method, comprising:
deploying a QKD node and a subordinate node located in a key transmission domain of the QKD node; wherein the QKD node configures a QKD device and the subordinate node does not configure a QKD device; the subordinate node comprises a plurality of stages of nodes;
the QKD node pair generates a quantum key and constructs a key pool, and the key pool stores the quantum key generated by the QKD node pair;
sequentially constructing keys Chi Qiepian of each level of nodes according to the received key pool slice construction instruction, wherein partial quantum keys shared between the current level of node pairs are stored in the keys Chi Qiepian; wherein the partial quantum key is part of the quantum key; the current level node is positioned in the key transmission domain and the key transmission sub-domain of the upper level node of the current level node; the current node pair is a peer node which is positioned in the same hierarchy but in different key transmission domains; the key pool slice construction instruction is determined according to the node required to distribute the quantum key and the lower node information included in each key transmission domain;
in response to successful construction of the key pool and key Chi Qiepian, the QKD node transmits a portion of the quantum key in a key transport domain in which the QKD node resides to the superordinate node in the key transport domain, the QKD node deletes the portion of the quantum key, and the superordinate node transmits a portion of the obtained portion of the quantum key in a key transport subdomain in which the superordinate node resides to the current-level node in the key transport subdomain.
2. The method as recited in claim 1, further comprising:
and deleting the partial quantum key after the current-stage node performs secret communication by using the obtained partial quantum key.
3. The method of claim 1, wherein the key pool stores quantum keys having a capacity greater than a capacity of the subordinate node to store portions of quantum keys.
4. The method of claim 1, wherein the key pool slice construction instructions are determined from node pairs and node pair levels of quantum keys to be assigned.
5. The method of claim 1, wherein the QKD node pair generates a quantum key at a rate greater than a rate at which the quantum key is redistributed, the rate at which the quantum key is redistributed being greater than a rate at which the subordinate node obtains a portion of the quantum key.
6. A quantum key distribution system, comprising:
a master control center for deploying QKD nodes and subordinate nodes located in a key transmission domain of the QKD nodes; wherein the QKD node configures a QKD device and the subordinate node does not configure a QKD device; the subordinate node comprises a plurality of stages of nodes;
the QKD node management and control center is used for controlling the QKD node pair to generate a quantum key and constructing a key pool, wherein the key pool stores the quantum key generated by the QKD node pair;
each level node management and control center is used for sequentially constructing keys Chi Qiepian of each level node according to received key pool slice construction instructions, and partial quantum keys shared between the current level node pairs are stored in the keys Chi Qiepian; wherein the partial quantum key is part of the quantum key; the current level node is positioned in the key transmission domain and the key transmission sub-domain of the upper level node of the current level node; the current node pair is a peer node which is positioned in the same hierarchy but in different key transmission domains; the key pool slice construction instruction is determined according to the node required to distribute the quantum key and the lower node information included in each key transmission domain;
and a domain management center, configured to, in response to successful construction of the key pool and the key Chi Qiepian, transmit a portion of the quantum key to the upper node in the key transmission domain where the QKD node is located, delete the portion of the quantum key, and transmit a portion of the obtained portion of the quantum key to the current node in the key transmission sub-domain where the upper node is located.
CN202111080925.8A 2021-09-15 2021-09-15 Quantum key distribution method and system Active CN114024666B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111080925.8A CN114024666B (en) 2021-09-15 2021-09-15 Quantum key distribution method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111080925.8A CN114024666B (en) 2021-09-15 2021-09-15 Quantum key distribution method and system

Publications (2)

Publication Number Publication Date
CN114024666A CN114024666A (en) 2022-02-08
CN114024666B true CN114024666B (en) 2023-04-25

Family

ID=80054428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111080925.8A Active CN114024666B (en) 2021-09-15 2021-09-15 Quantum key distribution method and system

Country Status (1)

Country Link
CN (1) CN114024666B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094078A (en) * 2017-06-01 2017-08-25 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and synchronous method based on multilevel relay
CN112910639A (en) * 2021-02-05 2021-06-04 北京邮电大学 Quantum encryption service transmission method under multi-domain scene and related equipment
CN113179514A (en) * 2021-03-25 2021-07-27 北京邮电大学 Quantum key distribution method and related equipment in relay coexistence scene

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107086908B (en) * 2016-02-15 2021-07-06 阿里巴巴集团控股有限公司 Quantum key distribution method and device
CN106961327A (en) * 2017-02-27 2017-07-18 北京邮电大学 Key management system and method based on quantum key pond
CN107171792A (en) * 2017-06-05 2017-09-15 北京邮电大学 A kind of virtual key pond and the virtual method of quantum key resource
CN110224815B (en) * 2019-05-08 2021-02-09 北京邮电大学 QKD network resource distribution method and system
CN110365476B (en) * 2019-07-01 2021-06-29 北京邮电大学 QKD network based on SDN and key scheduling management method thereof
CN112260825B (en) * 2020-09-21 2022-07-01 浙江九州量子信息技术股份有限公司 Quantum key synchronization system and method based on hierarchical tree cluster unit
CN112422284B (en) * 2020-11-19 2024-03-29 北京电子科技学院 Quantum communication system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107094078A (en) * 2017-06-01 2017-08-25 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and synchronous method based on multilevel relay
CN112910639A (en) * 2021-02-05 2021-06-04 北京邮电大学 Quantum encryption service transmission method under multi-domain scene and related equipment
CN113179514A (en) * 2021-03-25 2021-07-27 北京邮电大学 Quantum key distribution method and related equipment in relay coexistence scene

Also Published As

Publication number Publication date
CN114024666A (en) 2022-02-08

Similar Documents

Publication Publication Date Title
Gyongyosi et al. Advances in the quantum internet
Wu et al. SeQUeNCe: a customizable discrete-event simulator of quantum networks
CN113179514B (en) Quantum key distribution method and related equipment in relay coexistence scene
Martin et al. Quantum technologies in the telecommunications industry
CN109698822A (en) Combination learning method and system based on publicly-owned block chain and encryption neural network
CN110380844B (en) Quantum key distribution method, equipment and storage medium
CN112910639B (en) Quantum encryption service transmission method under multi-domain scene and related equipment
Wang et al. Effect of noise on deterministic joint remote preparation of an arbitrary two-qubit state
CN103532702A (en) Communication device, key generating device, communication and communication system
CN111049645A (en) Internet of things system and quantum key distribution method and device thereof
Xiao et al. High‐rate secret key generation aided by multiple relays for Internet of things
Huang et al. Protection of quantum dialogue affected by quantum field
do Nascimento et al. Quantum-chaotic key distribution in optical networks: from secrecy to implementation with logistic map
Gowda et al. An efficient authentication scheme for fog computing environment using symmetric cryptographic methods
Yu et al. VON embedding in elastic optical networks (EON) integrated with quantum key distribution (QKD)
RU2752844C1 (en) Key generation and distribution system and method for distributed key generation using quantum key distribution (options)
JP2023546427A (en) Quantum cryptographic key distribution method and device
CN114024666B (en) Quantum key distribution method and system
Meslouhi et al. A quantum secure direct communication protocol using entangled modified spin coherent states
Chen et al. A quantum key distribution routing scheme for hybrid-trusted QKD network system
CN116389947A (en) Dynamic service-oriented bandwidth and key distribution method and related device
Iñesta et al. Performance metrics for the continuous distribution of entanglement in multiuser quantum networks
Walenta et al. Towards a north american qkd backbone with certifiable security
WO2023003847A2 (en) System and method for quantum-secure microgrids
Zhang et al. Fault-tolerant asymmetric quantum dialogue protocols against collective noise

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant