CN114124384B - QKD network virtualization method and quantum key cloud platform - Google Patents

QKD network virtualization method and quantum key cloud platform Download PDF

Info

Publication number
CN114124384B
CN114124384B CN202210090752.6A CN202210090752A CN114124384B CN 114124384 B CN114124384 B CN 114124384B CN 202210090752 A CN202210090752 A CN 202210090752A CN 114124384 B CN114124384 B CN 114124384B
Authority
CN
China
Prior art keywords
qkd
node
virtual
physical
link
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210090752.6A
Other languages
Chinese (zh)
Other versions
CN114124384A (en
Inventor
董智超
郑韶辉
王士通
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Quantum Technologies Co ltd
Original Assignee
Zhejiang Quantum Technologies Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Quantum Technologies Co ltd filed Critical Zhejiang Quantum Technologies Co ltd
Priority to CN202210090752.6A priority Critical patent/CN114124384B/en
Publication of CN114124384A publication Critical patent/CN114124384A/en
Application granted granted Critical
Publication of CN114124384B publication Critical patent/CN114124384B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Optics & Photonics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A quantum key cloud platform for realizing the virtualization of a QKD network comprises a physical QKD resource layer, a virtual QKD resource layer and a key cloud service layer, wherein the physical QKD resource layer comprises a physical resource management component and a physical resource database; the virtual QKD resource layer comprises virtual resource management, a virtual resource database, a mapping algorithm and a virtual network access interface; the key cloud service layer is connected with the virtual QKD resource layer through the virtual network access interface and manages the virtual QKD network. Compared with the prior art, the invention enhances the usability of the QKD network by a dynamic node mapping and link mapping algorithm, and avoids a single node from becoming a performance bottleneck; the deep fusion of the QKD network and the cloud platform is realized; the problems of elasticity and expansion deployment of the QKD network are solved; and meanwhile, compatible management of different kinds of QKD equipment is realized.

Description

QKD network virtualization method and quantum key cloud platform
Technical Field
The invention relates to the technical field of quantum communication, in particular to a QKD network virtualization method and a quantum key cloud platform.
Background
Quantum Key Distribution (QKD) is based on the uncertainty, inseparable and unclonable principles in Quantum mechanics, and Key Distribution protocols such as BB84, B92 and EPR are used to ensure the Distribution safety of keys in a network. In recent years, due to the continuous breakthrough of the QKD technology, quantum key distribution platforms based on the QKD technology are widely used in fields with high security requirements, such as e-government affairs, finance, energy and the like. With the rapid development of cloud computing technology, various application services based on a cloud platform put forward higher-level abstract requirements on infrastructure in the internet, and as a quantum key platform core infrastructure, the virtualization process of the QKD network is imperative.
In the current scheme for building a quantum cryptography cloud platform based on QKD, a three-layer or multi-layer network architecture evolved from an SECOQC network model is mostly adopted, in the architecture, a key management layer in the middle layer usually adopts a key center to perform centralized management on all keys, and a routing strategy of a QKD network in the bottom layer usually adopts three schemes of optical nodes, quantum relay or key relay.
But the problems of the current QKD network and the quantum key management platform thereon are: firstly, the key centralized management scheme makes the key center become the performance bottleneck of the whole platform; secondly, the centralized key management scheme in the wide area network environment makes the key consumption of the QKD network huge; thirdly, the isolation of each composition layer of the cloud platform is damaged by the conventional key cloud architecture scheme, so that the cloud platform is difficult to exert the elasticity and the expansion capability and is difficult to be integrated into the architecture of the cloud platform; finally, most of the existing quantum key management platforms only support QKD equipment with a single source of a certain enterprise or organization, and cannot be compatible with QKD products of other manufacturers.
Disclosure of Invention
The invention provides a virtualization method of a QKD network and a quantum key cloud platform, aiming at solving the technical defects that the key management center performance of the key cloud platform in the prior art is bottleneck, the consumption of a wide area network key is high, the existing QKD network architecture destroys the hierarchical isolation of the cloud platform and QKD network equipment is incompatible, and the method specifically comprises the following steps:
the technical scheme of the invention is realized as follows:
a quantum key cloud platform for realizing the virtualization of a QKD network structurally comprises a physical QKD resource layer, a virtual QKD resource layer and a key cloud service layer, wherein the physical QKD resource layer comprises a physical resource management component and a physical resource database and respectively manages QKD equipment node resources and physical link resources correspondingly; the virtual QKD resource layer is used for abstracting QKD equipment node resources and physical link resources of the physical QKD resource layer, and comprises virtual resource management, a virtual resource database, a mapping algorithm and a virtual network access interface; the key cloud service layer is connected with the virtual QKD resource layer through the virtual network access interface, manages the virtual QKD network and manages the quantum key.
Preferably, the QKD device node resources managed by the physical QKD resource layer include, but are not limited to, QKD devices of a single-photon protocol, a continuous variable protocol, an entanglement protocol, a DRP protocol, and combinations thereof, and the physical link resources represent physical connections between QKD devices and are connected through separate fiber resources or by multiplexing the current fiber resources.
Preferably, the physical QKD resource layer also enables dynamic awareness of resource states through a physical resource management component.
Preferably, the dynamic sensing of the resource state includes dynamic sensing of a node fault state, dynamic sensing of a node network delay, and dynamic sensing of a node key usage.
The invention also provides a virtualization method of the QKD network, which comprises the following steps:
step 1, determining a usable QKD network, wherein the QKD network at least comprises more than 2 QKD nodes;
step 2, a cloud service environment is built at the deployment position of the QKD nodes in the QKD network, and a quantum key cloud platform is built;
step 3, adding a QKD node in the QKD network to the quantum key cloud platform through a physical resource management component in the physical QKD resource layer;
step 4, configuring basic parameters of the QKD node and the QKD link, wherein the basic parameters comprise a node ID, a node position, a maximum key capacity and a link distance;
step 5, periodically refreshing dynamic parameters through a dynamic sensing function of the physical resource management component, wherein the dynamic parameters comprise current key usage, key distribution processing time delay, key transmission algorithm construction time delay and link quantum key security code rate;
step 6, creating a virtual QKD node and a virtual QKD link by using an interface provided by a key cloud service layer;
step 7, the mapping algorithm in the virtual QKD resource layer dynamically maps the virtual QKD node to the physical QKD node and calculates the optimal physical link;
step 8, using the quantum key for constructing the security application service by using the interface provided by the key cloud service layer;
preferably, the method further comprises:
and 9, when the state of the physical QKD node or link is changed, the physical resource management component in the physical QKD resource layer can dynamically sense the state change, the dynamic parameters are updated in time, and the mapping algorithm in the virtual QKD resource layer adjusts the mapping in time to ensure that the platform is in an available state and ensure that the whole process is transparent to upper-layer services.
Preferably, the method further comprises:
and step 10, when the QKD network needs to add a new QKD node, adding the new QKD node through a physical resource management component in a physical QKD resource layer, namely realizing the new QKD node.
Compared with the prior art, the invention has the following beneficial effects:
according to the virtualization method of the QKD network and the quantum key cloud platform, the usability of the QKD network is enhanced through a dynamic node mapping and link mapping algorithm, and a single node is prevented from becoming a performance bottleneck; the QKD network and the cloud platform are deeply fused by a design method of the virtual QKD node and the virtual QKD link; the problems of elasticity and expansion deployment of the QKD network are solved through the dynamic mapping from the physical QKD network to the virtual QKD network; through the abstraction of the QKD resources, including node resources and link resources, compatible management of heterogeneous QKD devices is achieved.
Drawings
Fig. 1 illustrates a virtualization method of the QKD network and a quantum key cloud platform composition structure according to the present invention;
FIG. 2 is a schematic diagram of a physical QKD network according to the present invention;
FIG. 3 is a schematic diagram of the mapping relationship between the virtual QKD network and the physical QKD network according to the present invention;
fig. 4 is a schematic diagram of dynamic mapping after a link failure according to the present invention.
Detailed Description
The present invention will now be described more fully hereinafter with reference to the accompanying drawings, in which embodiments of the invention are shown.
As shown in fig. 1, a quantum key cloud platform for implementing virtualization of a QKD network structurally includes a physical QKD resource layer, a virtual QKD resource layer, and a key cloud service layer, where the physical QKD resource layer includes a physical resource management component and a physical resource database, and manages node resources and physical link resources of QKD devices respectively; the virtual QKD resource layer is used for abstracting QKD equipment node resources and physical link resources of the physical QKD resource layer, and comprises virtual resource management, a virtual resource database, a mapping algorithm and a virtual network access interface; the key cloud service layer is connected with the virtual QKD resource layer through the virtual network access interface, manages the virtual QKD network and manages the quantum key.
The QKD device node resources managed by the physical QKD resource layer include, but are not limited to, QKD devices of a single-photon protocol, a continuous variable protocol, an entanglement protocol, a DRP protocol, and combinations thereof, and the physical link resources represent physical connections between QKD devices and are connected through independent fiber resources or through multiplexing of current fiber resources.
The physical QKD resource layer may also enable dynamic awareness of resource states through physical resource management components.
The dynamic perception of the resource state comprises the dynamic perception of the node fault state, the dynamic perception of the node network delay and the dynamic perception of the node key usage.
The invention also provides a virtualization method of the QKD network, which comprises the following steps:
step 1, as shown in fig. 2, determining a usable QKD network, where the QKD network at least includes more than 2 QKD nodes;
step 2, a cloud service environment is built at the deployment position of the QKD nodes in the QKD network, and a quantum key cloud platform is built;
step 3, adding a QKD node in the QKD network to the quantum key cloud platform through a physical resource management component in the physical QKD resource layer;
step 4, configuring basic parameters of the QKD node and the QKD link, wherein the basic parameters comprise a node ID, a node position, a maximum key capacity and a link distance;
step 5, periodically refreshing dynamic parameters through a dynamic sensing function of the physical resource management component, wherein the dynamic parameters comprise current key usage, key distribution processing time delay, key transmission algorithm construction time delay and link quantum key security code rate;
step 6, creating a virtual QKD node and a virtual QKD link by using an interface provided by a key cloud service layer;
step 7, the mapping algorithm in the virtual QKD resource layer is responsible for dynamically mapping the virtual QKD nodes to the physical QKD nodes and for calculating the optimal physical links, and the mapping is completed as shown in fig. 3;
step 8, using the quantum key for constructing the security application service by using the interface provided by the key cloud service layer;
step 9, when the physical QKD node or link has a state change, for example, a certain link has a fault, the physical resource management component located in the physical QKD resource layer dynamically senses the state change, updates the dynamic parameters in time, and adjusts the mapping in time by the mapping algorithm located in the virtual QKD resource layer, as shown in fig. 4, so as to ensure that the platform is in an available state and make the whole process transparent to upper layer services;
and step 10, when the QKD network needs to add a new QKD node, adding the new QKD node through a physical resource management component in a physical QKD resource layer, namely realizing the new QKD node.
The specific QKD network virtualization process of the present invention is as follows:
the node data and link data stored by the physical resource database in the physical QKD resource layer may be represented using the following formulas:
Figure 166665DEST_PATH_IMAGE001
g denotes a set, superscript P denotes a physical resource, N denotes a set of QKD node resources, and L denotes a set of link resources between nodes. Node resource collection
Figure 561875DEST_PATH_IMAGE002
The description of the node includes: the unique identification of the node is set as
Figure 110668DEST_PATH_IMAGE003
The node position is set as
Figure 401972DEST_PATH_IMAGE004
Setting a key distribution processing delay to
Figure 669005DEST_PATH_IMAGE005
Maximum key capacity is set to
Figure 336747DEST_PATH_IMAGE006
The current key usage is set to
Figure 740046DEST_PATH_IMAGE007
Then node resource set
Figure 998989DEST_PATH_IMAGE008
The elements in (1) can be defined as the five-tuple form:
Figure 205849DEST_PATH_IMAGE009
assuming node A, B is used to represent a set of QKD nodes that are connected to each other, the set of link resources
Figure 942860DEST_PATH_IMAGE010
The description of the link includes: the identity of link endpoint a is set to
Figure 669508DEST_PATH_IMAGE011
And the identification of the link endpoint B is set as
Figure 99352DEST_PATH_IMAGE012
The time delay of the construction of the key transmission algorithm is set as
Figure 996770DEST_PATH_IMAGE013
Link distance is set to
Figure 6314DEST_PATH_IMAGE014
Setting the link quantum key safety coding rate to
Figure 853048DEST_PATH_IMAGE015
Then the link resources are aggregated
Figure 188214DEST_PATH_IMAGE016
The elements in (1) can be defined as the five-tuple form:
Figure 635245DEST_PATH_IMAGE017
since the link is symmetrical, there are:
Figure 714059DEST_PATH_IMAGE018
further, the virtual node data and virtual link data stored by the virtual resource database in the virtual QKD resource layer may be represented using the following formulas:
Figure 212037DEST_PATH_IMAGE019
the superscript V represents a virtual resource, the virtual node
Figure 921367DEST_PATH_IMAGE020
Referring to the above description of the node five tuple, comprising: the unique identification of the virtual node is set as
Figure 137584DEST_PATH_IMAGE021
The virtual node position is set as
Figure 223352DEST_PATH_IMAGE022
The virtual node key distribution processing time delay is set as
Figure 575836DEST_PATH_IMAGE023
The maximum key capacity of the virtual node is set as
Figure 518384DEST_PATH_IMAGE024
The current key usage of the virtual node is set to
Figure 674428DEST_PATH_IMAGE025
Specifically defined as:
Figure 95045DEST_PATH_IMAGE026
virtual link
Figure 770877DEST_PATH_IMAGE027
Referring to the link quintuple description above, comprising: the identity of virtual link endpoint a is set to
Figure 618747DEST_PATH_IMAGE028
The identity of virtual link endpoint B is set to
Figure 543978DEST_PATH_IMAGE029
The time delay of the virtual link key transmission algorithm is set as
Figure 237127DEST_PATH_IMAGE030
The virtual link distance is set to
Figure 564203DEST_PATH_IMAGE031
Setting the safe coding rate of the virtual link quantum key to
Figure 295225DEST_PATH_IMAGE032
Specifically defined as:
Figure 707752DEST_PATH_IMAGE033
further, the mapping algorithm in the virtual QKD resource layer defines procedures and constraints for resource mapping, which includes mapping of virtual resource nodes to physical resource nodes
Figure 470171DEST_PATH_IMAGE034
Hereinafter, simply referred to as node mapping, is defined as:
Figure 120595DEST_PATH_IMAGE035
the resource mapping process further includes mapping of virtual links to physical links
Figure 575848DEST_PATH_IMAGE036
Hereinafter simply referred to as link map, defined as:
Figure 475670DEST_PATH_IMAGE037
further, node mapping
Figure 245043DEST_PATH_IMAGE038
The constraint conditions should be satisfied:
Figure 281132DEST_PATH_IMAGE039
not necessarily full shot;
Figure 907286DEST_PATH_IMAGE040
if, if
Figure 763246DEST_PATH_IMAGE041
Then, then
Figure 867469DEST_PATH_IMAGE042
Figure 23643DEST_PATH_IMAGE043
If, if
Figure 273228DEST_PATH_IMAGE044
Then, then
Figure 882064DEST_PATH_IMAGE045
Order to
Figure 258819DEST_PATH_IMAGE046
Then, then
Figure 269500DEST_PATH_IMAGE047
Order to
Figure 237456DEST_PATH_IMAGE048
Figure 802429DEST_PATH_IMAGE049
Satisfy the requirement of
Figure 248454DEST_PATH_IMAGE050
Three node attributes are defined for assisting resource mapping calculations: let the Degree of the node be Degree, the key generation capability of the node be Capacity, and the Degree of the node being close to the center be Central, and let the node be
Figure 831751DEST_PATH_IMAGE051
Defining the complete set of links associated with node x
Figure 970609DEST_PATH_IMAGE052
Figure 554037DEST_PATH_IMAGE053
If the X dimension is n, the correlation calculation formula is defined as follows:
Figure 272594DEST_PATH_IMAGE054
Figure 257868DEST_PATH_IMAGE055
Figure 567626DEST_PATH_IMAGE056
in the mapping process, the node with the highest node degree, the strongest key capability and the highest central degree needs to be found, so the physical node is dynamically planned by using the constraint and matching the following formula:
Figure 841613DEST_PATH_IMAGE057
wherein
Figure 895019DEST_PATH_IMAGE058
The default value is set to be 1,
Figure 452908DEST_PATH_IMAGE059
the default value is 0, and the dynamic adjustment can be carried out according to the actual network environment in the specific implementation process.
Further, link mapping
Figure 933568DEST_PATH_IMAGE060
The mathematical modeling is as follows, the number of physical node resources is set as n, a physical link mapping matrix is constructed by using a link distance D, and
Figure 226009DEST_PATH_IMAGE061
representing the distance between node i and node j, the matrix can be represented as:
Figure 286369DEST_PATH_IMAGE062
and is
Figure 980656DEST_PATH_IMAGE063
The link mapping process may then be formulated to be matrix-based using the Dijkstra algorithm
Figure 632217DEST_PATH_IMAGE064
Calculating the shortest path problem, wherein the virtual QKD link can be from 0 to n objects according to different physical QKD network structuresManaging the link to form
Figure 146375DEST_PATH_IMAGE065
It is known that
Figure 541584DEST_PATH_IMAGE066
Furthermore, the virtual QKD resource layer calls a corresponding mapping algorithm through the virtual resource management component to realize the creation and management of the virtual QKD nodes and the virtual links, and provides support for upper-layer services through a uniform virtual network access interface.
Further, the key cloud service layer provides a management interface for the virtual QKD network, through which virtual QKD nodes can be created and managed, and virtual QKD link mappings can be created and maintained.
Further, the key cloud service layer also provides a quantum key management interface, including but not limited to operations of generating, finding, using, destroying, etc. a quantum key, which is derived from the virtual QKD network.
By integrating the structure and the specific virtualization process, the virtualization method of the QKD network and the quantum key cloud platform enhance the usability of the QKD network through a dynamic node mapping and link mapping algorithm, and prevent a single node from becoming a performance bottleneck; the QKD network and the cloud platform are deeply fused by a design method of the virtual QKD node and the virtual QKD link; the problems of elasticity and expansion deployment of the QKD network are solved through the dynamic mapping from the physical QKD network to the virtual QKD network; through the abstraction of the QKD resources, including node resources and link resources, compatible management of heterogeneous QKD devices is achieved.

Claims (7)

1. A quantum key cloud platform for realizing the virtualization of a QKD network is characterized in that the composition structure of the quantum key cloud platform comprises a physical QKD resource layer, a virtual QKD resource layer and a key cloud service layer, wherein the physical QKD resource layer comprises a physical resource management component and a physical resource database, and respectively manages QKD device node resources and physical link resources correspondingly; the virtual QKD resource layer is used for abstracting QKD equipment node resources and physical link resources of the physical QKD resource layer, and comprises virtual resource management, a virtual resource database, a mapping algorithm and a virtual network access interface; the key cloud service layer is connected with the virtual QKD resource layer through the virtual network access interface, manages the virtual QKD network and manages the quantum key.
2. The quantum key cloud platform that enables virtualization of a QKD network according to claim 1, wherein the QKD device node resources managed by the physical QKD resource layer include, but are not limited to, QKD devices of a single-photon protocol, a continuous variable protocol, an entanglement protocol, a DRP protocol, and combinations thereof, and the physical link resources represent physical connections between QKD devices and are connected through separate fiber resources or by multiplexing current fiber resources.
3. The quantum key cloud platform that implements virtualization of a QKD network according to claim 1, wherein the physical QKD resource layer further enables dynamic awareness of resource states through physical resource management components.
4. The quantum key cloud platform that implements virtualization of a QKD network of claim 3, wherein the dynamic perception of resource states includes dynamic perception of node failure states, dynamic perception of node network delays, dynamic perception of node key usage.
5. A method of virtualizing a QKD network, comprising the steps of:
step 1, determining a usable QKD network, wherein the QKD network at least comprises more than 2 QKD nodes;
step 2, building a cloud service environment at the deployment position of a QKD node in the QKD network and creating a quantum key cloud platform according to any one of claims 1-4;
step 3, adding a QKD node in the QKD network to the quantum key cloud platform through a physical resource management component in the physical QKD resource layer;
step 4, configuring basic parameters of the QKD node and the QKD link, wherein the basic parameters comprise a node ID, a node position, a maximum key capacity and a link distance;
step 5, periodically refreshing dynamic parameters through a dynamic sensing function of the physical resource management component, wherein the dynamic parameters comprise current key usage, key distribution processing time delay, key transmission algorithm construction time delay and link quantum key security code rate;
step 6, creating a virtual QKD node and a virtual QKD link by using an interface provided by a key cloud service layer;
step 7, the mapping algorithm in the virtual QKD resource layer dynamically maps the virtual QKD node to the physical QKD node and calculates the optimal physical link;
step 8, using quantum key to construct safety application service by using interface provided by key cloud service layer,
the virtualization method of the QKD network comprises the following specific steps:
the node data and link data stored by the physical resource database in the physical QKD resource layer may be represented using the following formulas:
Figure 335153DEST_PATH_IMAGE002
g represents a set, the superscript P represents a physical resource, N represents a set of QKD node resources, L represents a set of link resources between nodes, and the set of node resources
Figure 730362DEST_PATH_IMAGE003
The description of the node includes: the unique identification of the node is set as
Figure 216838DEST_PATH_IMAGE005
The node position is set as
Figure 304880DEST_PATH_IMAGE006
Key distribution processingTime delay is set to
Figure 571913DEST_PATH_IMAGE007
Maximum key capacity is set to
Figure 770813DEST_PATH_IMAGE008
The current key usage is set to
Figure 174113DEST_PATH_IMAGE009
Then node resource set
Figure 370739DEST_PATH_IMAGE010
The elements in (1) can be defined as the five-tuple form:
Figure 125068DEST_PATH_IMAGE011
assuming node A, B is used to represent a set of QKD nodes that are connected to each other, the set of link resources
Figure 862080DEST_PATH_IMAGE012
The description of the link includes: the identity of link endpoint a is set to
Figure 385466DEST_PATH_IMAGE014
And the identification of the link endpoint B is set as
Figure 815310DEST_PATH_IMAGE016
The time delay of the construction of the key transmission algorithm is set as
Figure 726110DEST_PATH_IMAGE017
Link distance is set to
Figure 266812DEST_PATH_IMAGE018
Setting the link quantum key safety coding rate to
Figure 910283DEST_PATH_IMAGE020
Then the link resources are aggregated
Figure 245450DEST_PATH_IMAGE021
The elements in (1) can be defined as the five-tuple form:
Figure 974371DEST_PATH_IMAGE022
since the link is symmetrical, there are:
Figure 53186DEST_PATH_IMAGE023
the virtual node data and virtual link data stored by the virtual resource database in the virtual QKD resource layer may be represented using the following formulas:
Figure 488846DEST_PATH_IMAGE024
the superscript V represents a virtual resource, the virtual node
Figure 994914DEST_PATH_IMAGE025
Referring to the above description of the node five tuple, comprising: the unique identification of the virtual node is set as
Figure 211132DEST_PATH_IMAGE027
The virtual node position is set as
Figure 93637DEST_PATH_IMAGE028
The virtual node key distribution processing time delay is set as
Figure 383804DEST_PATH_IMAGE029
The maximum key capacity of the virtual node is set as
Figure 326352DEST_PATH_IMAGE030
The current key usage of the virtual node is set to
Figure 764287DEST_PATH_IMAGE031
Specifically defined as:
Figure 184904DEST_PATH_IMAGE032
virtual link
Figure 657474DEST_PATH_IMAGE034
Referring to the link quintuple description above, comprising: the identity of virtual link endpoint a is set to
Figure 505344DEST_PATH_IMAGE036
The identity of virtual link endpoint B is set to
Figure 368258DEST_PATH_IMAGE037
The time delay of the virtual link key transmission algorithm is set as
Figure 592566DEST_PATH_IMAGE039
The virtual link distance is set to
Figure 919642DEST_PATH_IMAGE040
Setting the safe coding rate of the virtual link quantum key to
Figure 203992DEST_PATH_IMAGE042
Specifically defined as:
Figure 616519DEST_PATH_IMAGE044
the mapping algorithm in the virtual QKD resource layer defines the procedures and constraints for resource mapping, including virtual resourcesMapping of source nodes to physical resource nodes
Figure 316622DEST_PATH_IMAGE046
Hereinafter, simply referred to as node mapping, is defined as:
Figure 498205DEST_PATH_IMAGE047
the resource mapping process further includes mapping of virtual links to physical links
Figure 953457DEST_PATH_IMAGE049
Hereinafter simply referred to as link map, defined as:
Figure 853280DEST_PATH_IMAGE050
node mapping
Figure 419390DEST_PATH_IMAGE051
The constraint conditions should be satisfied:
Figure 455479DEST_PATH_IMAGE053
not necessarily full shot;
Figure 19316DEST_PATH_IMAGE054
if, if
Figure 406435DEST_PATH_IMAGE055
Then, then
Figure 510657DEST_PATH_IMAGE056
Figure 666832DEST_PATH_IMAGE057
If, if
Figure 463887DEST_PATH_IMAGE058
Then, then
Figure 10406DEST_PATH_IMAGE059
Order to
Figure 183898DEST_PATH_IMAGE060
Then, then
Figure 194579DEST_PATH_IMAGE061
Order to
Figure 162535DEST_PATH_IMAGE062
Figure 258667DEST_PATH_IMAGE064
Satisfy the requirement of
Figure 642375DEST_PATH_IMAGE065
Three node attributes are defined for assisting resource mapping calculations: let the Degree of the node be Degree, the key generation capability of the node be Capacity, and the Degree of the node being close to the center be Central, and let the node be
Figure 773142DEST_PATH_IMAGE066
Defining the complete set of links associated with node x
Figure DEST_PATH_IMAGE067
Figure DEST_PATH_IMAGE068
If the X dimension is n, the correlation calculation formula is defined as follows:
Figure DEST_PATH_IMAGE069
Figure DEST_PATH_IMAGE070
Figure DEST_PATH_IMAGE071
in the mapping process, the node with the highest node degree, the strongest key capability and the highest central degree needs to be found, so the physical node is dynamically planned by using the constraint and matching the following formula:
Figure DEST_PATH_IMAGE072
wherein
Figure DEST_PATH_IMAGE073
The default value is set to be 1,
Figure DEST_PATH_IMAGE075
the default value is 0, can be dynamically adjusted according to the actual network environment in the specific implementation process,
mapping to links
Figure DEST_PATH_IMAGE076
The mathematical modeling is as follows, the number of physical node resources is set as n, a physical link mapping matrix is constructed by using a link distance D, and
Figure DEST_PATH_IMAGE077
representing the distance between node i and node j, the matrix can be represented as:
Figure DEST_PATH_IMAGE078
and is
Figure DEST_PATH_IMAGE079
The link mapping process may then be formulated to be matrix-based using the Dijkstra algorithm
Figure DEST_PATH_IMAGE080
Calculating the shortest path problem, wherein the virtual QKD link may be composed of 0 to n physical links according to the difference of the physical QKD network structure, so that
Figure DEST_PATH_IMAGE081
It is known that
Figure DEST_PATH_IMAGE082
6. The method of virtualizing a QKD network of claim 5, further comprising:
and 9, when the state of the physical QKD node or link is changed, the physical resource management component in the physical QKD resource layer can dynamically sense the state change, the dynamic parameters are updated in time, and the mapping algorithm in the virtual QKD resource layer adjusts the mapping in time to ensure that the platform is in an available state and ensure that the whole process is transparent to upper-layer services.
7. The method of virtualizing a QKD network of claim 6, further comprising:
and step 10, when the QKD network needs to add a new QKD node, adding the new QKD node through a physical resource management component in a physical QKD resource layer, namely realizing the new QKD node.
CN202210090752.6A 2022-01-26 2022-01-26 QKD network virtualization method and quantum key cloud platform Active CN114124384B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210090752.6A CN114124384B (en) 2022-01-26 2022-01-26 QKD network virtualization method and quantum key cloud platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210090752.6A CN114124384B (en) 2022-01-26 2022-01-26 QKD network virtualization method and quantum key cloud platform

Publications (2)

Publication Number Publication Date
CN114124384A CN114124384A (en) 2022-03-01
CN114124384B true CN114124384B (en) 2022-04-29

Family

ID=80361951

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210090752.6A Active CN114124384B (en) 2022-01-26 2022-01-26 QKD network virtualization method and quantum key cloud platform

Country Status (1)

Country Link
CN (1) CN114124384B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114499861B (en) * 2022-03-30 2022-07-12 浙江九州量子信息技术股份有限公司 Quantum key cloud security situation sensing method based on machine learning
CN114499864B (en) * 2022-04-18 2022-07-12 浙江九州量子信息技术股份有限公司 Quantum key scheduling method for cloud computing platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677241A (en) * 2019-09-01 2020-01-10 成都量安区块链科技有限公司 Quantum network virtualization architecture method and device
CN110690961A (en) * 2019-09-01 2020-01-14 成都量安区块链科技有限公司 Quantum network function virtualization method and device
CN113179514A (en) * 2021-03-25 2021-07-27 北京邮电大学 Quantum key distribution method and related equipment in relay coexistence scene

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107171792A (en) * 2017-06-05 2017-09-15 北京邮电大学 A kind of virtual key pond and the virtual method of quantum key resource
CN110224815B (en) * 2019-05-08 2021-02-09 北京邮电大学 QKD network resource distribution method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677241A (en) * 2019-09-01 2020-01-10 成都量安区块链科技有限公司 Quantum network virtualization architecture method and device
CN110690961A (en) * 2019-09-01 2020-01-14 成都量安区块链科技有限公司 Quantum network function virtualization method and device
CN113179514A (en) * 2021-03-25 2021-07-27 北京邮电大学 Quantum key distribution method and related equipment in relay coexistence scene

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一个新型的量子密钥服务体系架构;陈晖;《中国电子科学研究院学报》;20200320(第03期);全文 *

Also Published As

Publication number Publication date
CN114124384A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
CN114124384B (en) QKD network virtualization method and quantum key cloud platform
Kobo et al. Fragmentation-based distributed control system for software-defined wireless sensor networks
Mayer et al. Fogstore: Toward a distributed data store for fog computing
Sun et al. A reliability-aware approach for resource efficient virtual network function deployment
Raghavendra et al. Dynamic graph query primitives for sdn-based cloudnetwork management
US10956501B2 (en) Network-wide, location-independent object identifiers for high-performance distributed graph databases
Sun [Retracted] Research on the Construction of Smart Tourism System Based on Wireless Sensor Network
US10554500B2 (en) Modeling access networks as trees in software-defined network controllers
JP6274680B1 (en) Transaction recording system and program
Hao et al. BlockP2P: Enabling fast blockchain broadcast with scalable peer-to-peer network topology
Ak et al. T6conf: Digital twin networking framework for ipv6-enabled net-zero smart cities
Guerrero et al. Optimization policy for file replica placement in fog domains
Panigrahi et al. DATALET: An approach to manage big volume of data in cyber foraged environment
Guan et al. A multi‐controller placement method for software defined network based on improved firefly algorithm
Gupta et al. Fedfm: Towards a robust federated learning approach for fault mitigation at the edge nodes
Barakat et al. Gavel: Software-defined network control with graph databases
Banjar et al. Daim: a mechanism to distribute control functions within openflow switches
CN113392160A (en) Personnel information synchronization method, device, equipment and storage medium
Kurle et al. Machine learning based trust routing for clustered IoT devices
CN110213149A (en) A kind of virtual network mapping algorithm based on node entropy
Wei et al. Data placement strategies for data-intensive computing over edge clouds
Yang Hierarchical computing: A high performance computing architecture for data-processing in IoT era
Dhar et al. A cost‐effective and load‐balanced controller placement method in software‐defined networks
Wang et al. Dynamic resource virtualisation method for survivability enhancement based on SDN
Oleshchenko et al. AODV Protocol Optimization Software Method of Ad Hoc Network Routing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant