CN114389795A - Quantum cloud key negotiation method, device and system, quantum and quantum cloud server - Google Patents

Abstract

The application provides a quantum cloud key negotiation method, device and system, and a quantum cloud server, which can solve the technical problem of low key distribution efficiency caused by large calculation amount of a third-party server and a relay node, thereby improving the key distribution efficiency. The method comprises the following steps: the quantum cloud server receives a quantum key negotiation request of an access node; the quantum cloud server then determines a target relay link according to the access node and the target access node; the quantum cloud server sends a key sharing instruction to the nodes in the target relay link; the quantum cloud server receives an exclusive or value of a node in a target relay link; and the quantum cloud server obtains a target exclusive-OR value according to the exclusive-OR value of the nodes in the target relay link.

Description

Quantum cloud key negotiation method, device and system, quantum and quantum cloud server

The present application claims priority of chinese patent application entitled "quantum cloud key agreement method, apparatus and system, quantum and quantum cloud server" filed by the national intellectual property office at 16/10/2020, application number 2020111107900, the entire contents of which are incorporated herein by reference.

Technical Field

The present application relates to the field of quantum communication, and in particular, to a quantum cloud key agreement method, device, and system, and a quantum cloud server.

Background

With the advent of quantum computers, it is possible to provide longer "new" keys for each encryption/decryption session in order to ensure that information is not deciphered and that true secure communications is desired. Thus, quantum distribution networks began to emerge. The quantum key is a single photon sequence transmitted on the optical fiber, and the quantum state of the single photon cannot be copied and amplified like the traditional communication because the quantum state of the single photon cannot be copied and intercepted, and the distribution distance of the point-to-point optical fiber quantum key is limited because of the transmission loss of the optical fiber.

In order to solve the above problem, a patent application with publication number CN110661620A discloses a shared key negotiation method based on virtual quantum links, which includes: the third-party server selects m virtual link states to respectively send the m virtual link states to the two service nodes, the two service nodes negotiate and adopt the associated key group of one service node as a shared key for each virtual link state, and the two service nodes adopt the same privacy enhancement method to carry out privacy enhancement on the m shared keys to obtain a shared session key.

In the related art, the above patent application document requires that the relay nodes in all links send the xor values to the cloud server, and the third-party server sends the finally calculated xor values to both the two service nodes, which increases the calculation amount for the third-party server and also increases the workload for the relay nodes, so that the key distribution efficiency is low.

Disclosure of Invention

The embodiment of the application provides a quantum cloud key negotiation method, device and system, and a quantum cloud server, which can solve the technical problem of low key distribution efficiency caused by large calculation amount of a third-party server and a relay node, so that the key distribution efficiency is improved.

In order to achieve the purpose, the technical scheme is as follows:

in a first aspect, a quantum cloud key agreement method is provided. The quantum cloud key negotiation method comprises the following steps: the quantum cloud server receives a quantum key negotiation request of an access node. The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node. The quantum cloud server then determines a target relay link according to the access node and the target access node. The target relay link comprises an access node and a target access node which are respectively positioned at two ends, and at least one relay node positioned between the access node and the target access node; adjacent nodes in the target relay link are connected by quantum channels. And the quantum cloud server sends a key sharing instruction to the nodes in the target relay link. The key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to the adjacent relay nodes and instructing the relay nodes to send own quantum keys to the adjacent nodes along the same direction of the target relay link. The quantum cloud server receives the exclusive or values of the nodes in the target relay link. And the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node. And the quantum cloud server obtains a target exclusive-OR value according to the exclusive-OR value of the nodes in the target relay link. And the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node. And the quantum cloud server sends the target exclusive-or value to the target node. The target node is an access node or a target access node and is not the party of the quantum key.

Based on the quantum cloud key negotiation method, the relay nodes needing to calculate the exclusive OR value are selected through the quantum cloud server, the key sender of each node is indicated, only the relay nodes selected by the quantum cloud server calculate and upload the exclusive OR value of the key of the adjacent node, the calculation amount of the quantum cloud server on the exclusive OR value is reduced, the calculation amount of the relay nodes on the exclusive OR value is reduced, the technical problem that the key distribution efficiency is low due to the fact that the calculation amount of a third-party server and the relay nodes is large is solved, and the key distribution efficiency is improved.

In one possible design, the determining, by the quantum cloud server, a target relay link according to the access node and the target access node may include: the quantum cloud server acquires the communication state of the relay node between the access node and the target access node according to the access node and the target access node. Wherein the communication state of the relay node comprises neighboring node information of the relay node. The quantum cloud server determines at least one relay link according to adjacent node information of a relay node between the access node and the target access node. The quantum cloud server selects a target relay link from the at least one relay link. Therefore, the quantum cloud server selects the relay node which needs to calculate the XOR value through the communication state of the relay node, and only the relay node selected by the cloud server calculates and uploads the XOR value of the key of the adjacent node, so that the calculation amount of the quantum cloud server on the XOR value is reduced, the calculation amount of the relay node on the XOR value is reduced, and the key distribution efficiency is improved.

Optionally, the communication status of the relay node includes one or more of: the data packet processing amount of the relay node or the coding rate of the relay node. The quantum cloud server selects a target relay link from at least one relay link, and the method comprises the following steps: and the quantum cloud server counts the number of the relay nodes in each relay link. The quantum cloud server determines a target relay link from the at least one relay link according to one or more of the following: the number of relay nodes, the coding rate of the relay nodes and the packet processing capacity of the relay nodes.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the number of relay nodes includes: and the quantum cloud server counts the number of the relay nodes in each relay link. And the quantum cloud server determines the relay link with the minimum relay node number as a target relay link. Therefore, the target relay link is determined by the number of the relay nodes, and the number of the relay nodes of the target relay link is the least, so that the calculation amount of the XOR value by the quantum cloud server and the relay nodes is the least, and the key distribution efficiency is further improved.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the coding rate of the relay node includes: and the quantum cloud server counts the resultant code rate of the relay node in each relay link. And recording the minimum value of the rate of each relay node in each relay link as the rate of each relay link. And the quantum cloud server determines the relay link with the maximum code rate as a target relay link.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the packet throughput of the relay node of the relay link includes: and the quantum cloud server counts the data packet processing amount of the relay node in each relay link. And recording the maximum value of the packet processing capacity in each relay node in each relay link as the packet processing capacity of the relay link. And the quantum cloud server determines the relay link with the minimum packet processing capacity as a target relay link.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the number of the relay nodes and the coding rate of the relay nodes includes: and the quantum cloud server counts the number and the coding rate of the relay nodes of each relay link. And recording the minimum value of the rate of each relay node in each relay link as the rate of each relay link. And the quantum cloud server determines a target relay link from at least one relay link according to the bit rate of each relay link and the number of the relay nodes. Therefore, the target relay link is determined through the number of the relay nodes and the coding rate, the number of the relay nodes of the relay link is considered, the coding rate of information transmitted between adjacent relay nodes is considered, and the key distribution efficiency is further improved.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the coding rate of each relay link and the number of relay nodes includes: when the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is larger than a first preset value, the quantum cloud server determines the relay link with the minimum number of the relay nodes as a target relay link; or when the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is smaller than or equal to a first preset value, the quantum cloud server determines the relay link with the maximum code rate as the target relay link.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the number of the relay nodes and the packet throughput of the relay nodes includes: and the quantum cloud server counts the number of the relay nodes and the data packet processing capacity of each relay link. And recording the maximum value of the packet processing amount of each relay node in each relay link as the packet processing amount of the relay link. And the quantum cloud server determines a target relay link from at least one relay link according to the data packet processing amount of each relay link and the number of the relay nodes. Therefore, the target relay link is determined through the number of the relay nodes and the coding rate, the number of the relay nodes of the relay link is considered, the coding rate of information transmitted between adjacent relay nodes is considered, and the key distribution efficiency is further improved.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the packet throughput of each relay link and the number of relay nodes includes: when the difference value of the number of the relay nodes between the relay link with the least number of the relay nodes and the relay link with the second smallest number of the relay nodes is larger than a second preset value, determining the relay link with the least number of the relay nodes as a target relay link; or when the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is less than or equal to a second preset value, determining the relay link with the minimum data packet processing capacity as a target relay link.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the number of the relay nodes, the coding rate of the relay nodes, and the packet throughput of the relay nodes includes: and the quantum cloud server counts the number of the relay nodes of each relay link, the coding rate and the data packet processing capacity. And recording the minimum value of the rate of each relay node in each relay link as the rate of each relay link, and recording the maximum value of the packet processing capacity of each relay node in each relay link as the packet processing capacity of each relay link. The quantum cloud server determines a target relay link from at least one relay link according to the bit rate of each relay link, the data packet processing amount and the number of relay nodes in each relay link.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the coding rate of each relay link, the packet throughput, and the number of relay nodes in each relay link, includes: when the difference value of the number of the relay nodes between the relay link with the least number of the relay nodes and the relay link with the second smallest number of the relay nodes is larger than a third preset value, determining the relay link with the least number of the relay nodes as a target relay link; or when the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is smaller than or equal to a third preset value, the quantum cloud server selects one relay link between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes as a target relay link. The code forming rate of the target relay link is higher than that of the other relay link, and the data packet processing capacity is lower than that of the other relay link; or the coding rate of the target relay link is higher than that of the other relay link, and the difference value of the data packet processing amount of the target relay link and the data packet processing amount of the other relay link is lower than a first threshold value; or the data packet processing amount of the target relay link is lower than that of the other relay link, and the difference value of the coding rate of the target relay link and the coding rate of the other relay link is lower than a second threshold value.

Optionally, the determining, by the quantum cloud server, a target relay link from the at least one relay link according to the relay node bit rate and the packet throughput of the relay link includes: and (4) counting the relay node bit rate and the data packet processing capacity in each relay link. And recording the minimum value of the rate of each relay node in each relay link as the rate of each relay link, and recording the maximum value of the packet processing capacity in each relay node in each relay link as the packet processing capacity of each relay link. And the quantum cloud server determines a target relay link from at least one relay link according to the data packet processing amount and the coding rate of each relay link.

Optionally, the coding rate of the target relay link is higher than that of other relay links, and the data packet processing amount is lower than that of other relay links; or the coding rate of the target relay link is higher than that of other relay links, and the difference value of the processing amount of the data packets of the target relay link and the data packets of other relay links is lower than a third threshold value; or the data packet processing amount of the target relay link is lower than that of other relay links, and the difference value of the coding rate of the target relay link and the coding rate of the other relay links is lower than a fourth threshold value.

In a second aspect, a quantum cloud key agreement method is provided. The quantum cloud key negotiation method comprises the following steps: and the access node sends a quantum key negotiation request to the quantum cloud server. The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node. And the access node receives a key sharing instruction of the quantum cloud server. The key sharing instruction is used for instructing the access node to send the quantum key of the access node to a specified adjacent relay node. The access node sends the quantum key of the access node to the designated adjacent relay node.

In a possible design, the quantum cloud key agreement method may further include: the access node receives the quantum key of the neighboring relay node. And the access node sends the exclusive or value to the quantum cloud server. The exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the adjacent relay node.

Optionally, the quantum cloud key agreement method may further include: and the access node receives the target exclusive-or value of the quantum cloud server. And the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node. And the access node acquires the quantum key of the target access node according to the quantum key and the exclusive OR value of the access node.

In addition, the technical effect of the quantum cloud key agreement method according to the second aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a third aspect, a quantum cloud key agreement method is provided, where the method includes: the relay node receives a key sharing instruction of the quantum cloud server; wherein the key sharing instruction is to instruct the relay node to receive a quantum key specifying the neighboring node. The relay node receives a quantum key specifying a neighboring node. And the relay node sends the exclusive-or value to the quantum cloud server. The exclusive-or value is an exclusive-or operation result of the quantum key of the relay node and the quantum key of the appointed adjacent node.

Optionally, in one possible design, the key sharing instruction is further configured to instruct the relay node to send the quantum key of the relay node to another specified neighboring node. The quantum cloud key negotiation method may further include: the relay node sends the quantum key of the relay node to another designated neighboring node.

In addition, the technical effect of the quantum cloud key agreement method according to the third aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a fourth aspect, a quantum cloud key agreement method is provided, where the method includes: and the target access node receives a key sharing instruction of the quantum cloud server. The key sharing instruction is used for indicating a target access node to send a quantum key of the target access node to a specified adjacent relay node; and the target access node sends the quantum key of the target access node to the appointed adjacent relay node.

In addition, the technical effect of the quantum cloud key agreement method according to the fourth aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a fifth aspect, a quantum cloud key agreement device is provided, which includes a transceiver module and a processing module. The processing module is used for controlling the receiving and sending module to receive the quantum key negotiation request of the access node. The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node. The processing module is further configured to determine a target relay link according to the access node and the target access node. The target relay link comprises an access node and a target access node which are respectively positioned at two ends, and at least one relay node positioned between the access node and the target access node; adjacent nodes in the target relay link are connected by quantum channels. The processing module is further configured to control the transceiver module to send a key sharing instruction to a node in the target relay link. The key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to the adjacent relay nodes and instructing the relay nodes to send own quantum keys to the adjacent nodes along the same direction of the target relay link. The processing module is further configured to control the transceiver module to receive the xor value of the node in the target relay link. And the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node. The processing module is further configured to obtain a target exclusive-or value according to the exclusive-or value of the node in the target relay link. And the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node. The processing module is further used for controlling the transceiver module to send the target exclusive-or value to the target node. The target node is an access node or a target access node and is not the party of the quantum key.

Optionally, the quantum cloud key agreement device according to the fifth aspect may further include a storage module, where the storage module stores a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement device may be enabled to execute the quantum cloud key agreement method described in the first aspect.

Optionally, the transceiver module may include a receiving module and a transmitting module.

It should be noted that, the quantum cloud key agreement apparatus in the fifth aspect may be a network device, a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus including the network device, and the present application is not limited thereto.

In addition, the technical effect of the quantum cloud key agreement device according to the fifth aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a sixth aspect, a quantum cloud key agreement device is provided, which includes a transceiver module and a processing module. The processing module is used for controlling the transceiver module to send the quantum key negotiation request to the quantum cloud server. The quantum key negotiation request comprises a target access node and a party to which the quantum key used for negotiation belongs, and the party to which the quantum key belongs is the access node or the target access node. The processing module is further used for controlling the receiving and sending module to receive the key sharing instruction of the quantum cloud server. The key sharing instruction is used for instructing the access node to send the quantum key of the access node to a specified adjacent relay node. The processing module is further used for controlling the transceiver module to send the quantum key of the access node to the specified adjacent relay node.

Optionally, the quantum cloud key agreement device according to the sixth aspect may further include a storage module, where the storage module stores a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement device may be enabled to execute the quantum cloud key agreement method described in the second aspect.

Optionally, the transceiver module may include a receiving module and a transmitting module.

In addition, for technical effects of the quantum cloud key agreement device according to the sixth aspect, reference may be made to the technical effects of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a seventh aspect, a quantum cloud key agreement apparatus is provided, which includes a transceiver module and a processing module. The processing module is used for controlling the receiving and sending module to receive the key sharing instruction of the quantum cloud server. Wherein the key sharing instruction is to instruct the relay node to receive a quantum key specifying the neighboring node. The processing module is further used for controlling the transceiver module to receive the quantum key of the specified adjacent node. The processing module is further used for controlling the transceiver module to send the exclusive or value to the quantum cloud server. The exclusive-or value is an exclusive-or operation result of the quantum key of the relay node and the quantum key of the appointed adjacent node.

Optionally, the quantum cloud key agreement device according to the seventh aspect may further include a storage module, where the storage module stores a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement device may be enabled to execute the quantum cloud key agreement method described in the third aspect.

Optionally, the transceiver module may include a receiving module and a transmitting module.

In addition, for technical effects of the quantum cloud key agreement device according to the seventh aspect, reference may be made to the technical effects of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

An eighth aspect provides a quantum cloud key agreement device, which includes a transceiver module and a processing module. The processing module is used for controlling the receiving and sending module to receive a key sharing instruction of the quantum cloud server. The key sharing instruction is used for instructing the target access node to send the quantum key of the target access node to a specified adjacent relay node. The processing module is also used for controlling the transceiver module to send the quantum key of the transceiver module to the appointed adjacent relay node.

Optionally, the quantum cloud key agreement device according to the eighth aspect may further include a storage module, where the storage module stores a program or an instruction. When the processing module executes the program or the instructions, the quantum cloud key agreement device may be enabled to execute the quantum cloud key agreement method described in the fourth aspect.

Optionally, the transceiver module may include a receiving module and a transmitting module.

In addition, the technical effect of the quantum cloud key agreement device according to the eighth aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a ninth aspect, a quantum cloud server is provided. The quantum cloud server is configured to execute the quantum cloud key agreement method described in the first aspect.

In addition, the technical effect of the quantum cloud server according to the ninth aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a tenth aspect, a quantum server is provided. The quantum cloud server is configured to execute the quantum cloud key agreement method according to any one of the second aspect to the fourth aspect.

In addition, for the technical effect of the quantum server in the tenth aspect, reference may be made to the technical effect of the quantum cloud key agreement method in the first aspect, and details are not repeated here.

In an eleventh aspect, a quantum cloud key agreement system is provided. The quantum cloud key agreement system comprises: a quantum cloud server configured to execute the quantum cloud key agreement method according to the first aspect; an access node, configured to perform the quantum cloud key agreement method according to the second aspect; a relay node, configured to perform the quantum cloud key agreement method according to the third aspect; a target access node, configured to execute the quantum cloud key agreement method according to the fourth aspect.

In addition, the technical effect of the quantum cloud key agreement system according to the eleventh aspect may refer to the technical effect of the quantum cloud key agreement method according to the first aspect, and details are not repeated here.

In a twelfth aspect, a quantum cloud key agreement apparatus is provided. The quantum cloud key agreement device comprises: a processor, configured to execute the quantum cloud key agreement method according to any one of possible implementation manners of the first aspect to the fourth aspect.

In a possible design, the quantum cloud key agreement device according to the twelfth aspect may further include a transceiver. The transceiver may be a transmit-receive circuit or an interface circuit. The transceiver may be used for the quantum cloud key agreement device described in the twelfth aspect to communicate with other quantum cloud key agreement devices.

In a possible design, the quantum cloud key agreement device according to the twelfth aspect may further include a memory. The memory may be integral with the processor or may be separate. The memory may be configured to store computer programs and/or data related to the quantum cloud key agreement method according to any one of the first to fourth aspects.

In this application, the quantum cloud key agreement apparatus according to the twelfth aspect may be the network device in the first aspect, the second aspect, the third aspect, or the fourth aspect, or a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus that includes the network device.

In addition, for technical effects of the quantum cloud key agreement device according to the twelfth aspect, reference may be made to technical effects of the quantum cloud key agreement method according to any one implementation manner of the first aspect to the fourth aspect, and details are not repeated here.

In a thirteenth aspect, a processor is provided. The processor is configured to execute the quantum cloud key agreement method described in any one of possible implementation manners of the first aspect to the fourth aspect.

In a fourteenth aspect, a computer-readable storage medium is provided, comprising: computer programs or instructions; when the computer program or the instructions runs on a computer, the computer is caused to execute the quantum cloud key agreement method described in any one of the possible implementation manners of the first aspect to the fourth aspect.

A fifteenth aspect provides a computer program product, which includes a computer program or instructions, and when the computer program or instructions runs on a computer, the computer executes the quantum cloud key agreement method described in any one of the possible implementation manners of the first aspect to the fourth aspect.

Drawings

Fig. 1 is a first schematic diagram of an architecture of a quantum cloud key agreement system according to an embodiment of the present disclosure;

fig. 2 is a schematic diagram of an architecture of a quantum cloud key agreement system according to an embodiment of the present application;

fig. 3 is a first flowchart of a quantum cloud key agreement method according to an embodiment of the present application;

fig. 4 is a schematic diagram of a relay link provided in an embodiment of the present application;

fig. 5 is a schematic flowchart of a quantum cloud key agreement method according to an embodiment of the present application;

fig. 6 is a first schematic structural diagram of a quantum cloud key agreement device according to an embodiment of the present disclosure;

fig. 7 is a schematic structural diagram of a quantum cloud key agreement device according to an embodiment of the present application.

Detailed Description

The technical solution in the present application will be described below with reference to the accompanying drawings.

The technical solution of the embodiment of the present application may be applied to various communication systems, for example, a wireless fidelity (WiFi) system, a vehicle to any object (V2X) communication system, a device-to-device (D2D) communication system, an internet of vehicles communication system, a 4th generation (4G) mobile communication system, such as a Long Term Evolution (LTE) system, a Worldwide Interoperability for Microwave Access (WiMAX) communication system, a fifth generation (5G) mobile communication system, such as a new radio, NR) system, and a future communication system, such as a sixth generation (6G) mobile communication system.

This application is intended to present various aspects, embodiments or features around a system that may include a number of devices, components, modules, and the like. It is to be understood and appreciated that the various systems may include additional devices, components, modules, etc. and/or may not include all of the devices, components, modules etc. discussed in connection with the figures. Furthermore, a combination of these schemes may also be used.

In addition, in the embodiments of the present application, words such as "exemplarily", "for example", etc. are used for indicating as examples, illustrations or explanations. Any embodiment or design described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the term using examples is intended to present concepts in a concrete fashion.

In the embodiment of the present invention, "information", "signal", "message", "channel", "signaling" may be used in combination, and it should be noted that the meaning to be expressed is consistent when the difference is not emphasized. "of", "corresponding", and "corresponding" may sometimes be used in combination, it being noted that the intended meaning is consistent when no distinction is made.

The quantum cloud key agreement system architecture and the service scenario described in the embodiments of the present application are for more clearly illustrating the technical solution of the embodiments of the present application, and do not constitute a limitation to the technical solution provided in the embodiments of the present application, and as can be known by those skilled in the art, along with the evolution of the quantum cloud key agreement system architecture and the appearance of a new service scenario, the technical solution provided in the embodiments of the present application is also applicable to similar technical problems.

For the convenience of understanding the embodiments of the present application, a communication system applicable to the embodiments of the present application will be first described in detail by taking the quantum cloud key agreement system shown in fig. 1 as an example. Fig. 1 is a first schematic structural diagram of a quantum cloud key agreement system to which the quantum cloud key agreement method provided in the embodiment of the present application is applied.

As shown in fig. 1, the quantum cloud key agreement system includes a quantum cloud server, an access node, a relay node, and a target access node.

The quantum cloud server is a network device located in the quantum cloud key agreement system, and has a wireless transceiving function or a chip system that can be set in the device. The quantum cloud server includes but is not limited to: an Access Point (AP) in a wireless fidelity (WiFi) system, such as a home gateway, a router, a server, a switch, a bridge, etc., an evolved Node B (eNB), a Radio Network Controller (RNC), a Node B (NB), a Base Station Controller (BSC), a Base Transceiver Station (BTS), a home base station (e.g., home evolved Node B, or home Node B, HNB), a Base Band Unit (BBU), a wireless relay Node, a wireless backhaul Node, a transmission point (transmission and reception point, TRP or transmission point, etc.), and may be 5G, such as a new radio interface (NR) system, a TP, a Transmission Point (TP), a group of antennas including one or more antenna panels (antenna panels) in the system, alternatively, the network node may also be a network node forming a gNB or a transmission point, such as a baseband unit (BBU), or a Distributed Unit (DU), a roadside unit (RSU) having a base station function, or the like.

The above-mentioned access node and target access node may be devices or virtual devices configured to access a metropolitan area network to a quantum communication backbone network, and the relay node may be a device or virtual device configured to connect adjacent access nodes. A relay node refers to a node that serves as a relay in the target quantum network. The access node and the target access node may be relay nodes. The access node, the relay node and the target access node may all be quantum servers. The quantum server may generate a quantum key. And quantum keys are transmitted between two adjacent quantum servers through quantum communication channels. That is, the quantum key can only be transmitted between two adjacent nodes through the quantum communication channel.

As shown in fig. 1, the access node, the relay node, and the target access node may transmit information to the quantum cloud server through a conventional communication channel, and the access node and the target access node may also transmit information through a conventional communication channel. For example, the service data encrypted by using the quantum key is transmitted between the access node and the target access node through a traditional communication channel. Conventional communication channels include, but are not limited to, one or more of wired communication, wireless, mobile, and satellite communication channels. In the above access node, relay node and target access node, two adjacent nodes may also transmit information through a conventional communication channel.

It should be noted that, no quantum communication channel is used for transmitting information between the access node and the target access node, for example, no optical fiber direct connection exists between the access node and the target access node, and two adjacent nodes among the access node, the relay node, and the target access node are directly connected through an optical fiber. Therefore, information can be transmitted between two adjacent nodes through the quantum communication channel.

In addition, in the quantum cloud key agreement system, the relay node may be plural. Fig. 2 is a schematic diagram of an architecture of a quantum cloud key agreement system provided in an embodiment of the present application, and as shown in fig. 2, the quantum cloud key agreement system in the figure includes a relay node 1 and a relay node 2.

In addition, the quantum cloud key negotiation method provided in this embodiment of the present application may be applied to any two nodes shown in fig. 1, such as between relay nodes, between an access node and a relay node, between a target access node and a relay node, and between an access node, a relay node, and a target access node and a quantum cloud server.

It should be understood that fig. 1 is a simplified schematic diagram that is merely illustrated for ease of understanding, and other network devices and/or other terminal devices, which are not shown in fig. 1, may also be included in the quantum cloud key agreement system.

The quantum cloud key agreement method provided in the embodiment of the present application will be specifically described below with reference to fig. 2 to 4.

Exemplarily, fig. 3 is a first flowchart of a quantum cloud key agreement method provided in the embodiment of the present application. As shown in fig. 3, the quantum cloud key agreement method includes the following steps:

s301, the quantum cloud server receives a quantum key negotiation request of the access node.

The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node.

Before the service data encrypted by the quantum key needs to be transmitted between the access node and the target access node, the access node and the target access node need to perform key agreement. The access node may specify, in the quantum key agreement request, the quantum key generated by the access node as the quantum key used for the agreement, or may also specify the quantum key generated by the target access node as the quantum key used for the agreement. Further, the access node may send a quantum key agreement request to the quantum cloud server over a conventional communication channel.

S302, the quantum cloud server determines a target relay link according to the access node and the target access node.

The target relay link comprises an access node and a target access node which are respectively positioned at two ends and at least one relay node positioned between the access node and the target access node, and adjacent nodes in the target relay link are connected through a quantum channel.

After receiving a quantum key negotiation request sent by an access node, a quantum cloud server needs to select an optimal link from relay links connecting the access node and a target access node as a target relay link.

Optionally, the determining, by the quantum cloud server, a target relay link according to the access node and the target access node may include the following steps:

step 3021, the quantum cloud server obtains a communication state of a relay node between the access node and the target access node according to the access node and the target access node. Wherein the communication state of the relay node comprises neighboring node information of the relay node.

Optionally, in order to acquire the communication state of the relay node located between the access node and the target access node, the quantum cloud server may send an information acquisition request to all relay nodes located between the access node and the target access node. The information acquisition request is used for acquiring the communication state of the relay node. And after receiving the information acquisition request, the relay node sends the communication state of the node to the quantum cloud server.

The communication state of the relay node may include neighbor node information of the relay node, packet throughput, and coding rate. Packet throughput refers to the number of packets that each relay node needs to encrypt using a quantum key. For example, if the packet processing amount of the relay node 1 is 100, the relay node 1 needs to generate 100 quantum keys to correspondingly encrypt 100 packets. The bit rate of the relay node refers to the total number of bits of the effective shared key which can be obtained between the relay node and the adjacent node in unit time.

Step 3022, the quantum cloud server determines at least one relay link according to the adjacent node information of the relay node located between the access node and the target access node.

Step 3023, the quantum cloud server selects a target relay link from the at least one relay link.

In a possible scheme, when the communication state of the relay node includes neighbor node information of the relay node, the quantum cloud server may count the number of relay nodes in each relay link, and select the relay link with the smallest number of relay nodes as the target relay link.

Fig. 3 is a schematic flowchart of a quantum cloud key negotiation method provided in an embodiment of the present application, and as shown in fig. 3, a relay link exists between an access node and a target access node, and the relay link is a relay link 1 and a relay link 2. The relay link 1 comprises two relay nodes, namely a relay node 1 and a relay node 2; the relay link 2 includes three relay nodes, which are a relay node 3, a relay node 4, and a relay node 5. Since the number of relay nodes in the relay link 1 is the minimum, the quantum cloud server may select the relay link 1 as the target relay link.

In another possible scheme, when the communication state of the relay node includes neighboring node information of the relay node and a packet throughput, the quantum cloud server may select a target relay link from at least one relay link according to the number of relay nodes in each relay link and the packet throughput.

Optionally, the quantum cloud server may count the number of relay nodes in each relay link and the packet throughput of each relay node. And the quantum cloud server records the maximum value of the data packet processing amount in each relay node in each relay link as the data packet processing amount of the relay link.

When the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is larger than a first preset value, for example, larger than 3, the quantum cloud server takes the relay link with the minimum number of the relay nodes as a target relay link.

When the difference value of the number of relay nodes between the relay link with the minimum number of relay nodes and the relay link with the second minimum number of relay nodes is smaller than or equal to a first preset value, for example, smaller than or equal to 3, the quantum cloud server takes the relay link with the minimum packet processing amount as a target relay link.

As shown in fig. 3, the number of relay nodes in the relay link 2 is only one more than the number of relay nodes in the relay link 1, and if the packet throughput of the relay link 2 is less than that of the relay link 1, the quantum cloud server may select the relay link 2 as the target relay link.

In other embodiments, how the quantum cloud server selects the target relay link according to the number of relay nodes in the relay link and the packet throughput of the relay node may also be another scheme, which is not limited in this application.

The data packet processing amount of the relay link can measure the load of the link, and under the condition that the difference between the number of relay nodes among the relay links is small, the larger the data packet processing amount is, the larger the load is, the lower the efficiency of processing a new data packet is, so that the quantum cloud server determines the relay link with the minimum data packet processing amount in the relay links as a target relay link, and the efficiency of processing the data packet can be improved.

In another possible scheme, when the communication state of the relay node includes adjacent node information of the relay node and a rate of coding of the relay node, the quantum cloud server may select a target relay link from at least one relay link according to the number of relay nodes in each relay link and the rate of coding of the relay node.

Optionally, the quantum cloud server may count the number of relay nodes in each relay link and the coding rate of each relay node. And the quantum cloud server records the minimum value of the rate of each relay node in each relay link as the rate of each relay link.

When the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is larger than a second preset value, for example, larger than 4, the quantum cloud server takes the relay link with the minimum number of the relay nodes as a target relay link.

When the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is smaller than or equal to a second preset value, for example, smaller than or equal to 4, the quantum cloud server takes the relay link with the highest success rate as the target relay link.

As shown in fig. 3, the number of relay nodes in the relay link 2 is only one more than the number of relay nodes in the relay link 1, and if the rate of coding of the relay link 2 is greater than that of the relay link 1, the quantum cloud server may select the relay link 2 as the target relay link.

It should be noted that, in other embodiments, how the quantum cloud server selects the target relay link according to the number of the relay nodes in the relay link and the coding rate of the relay nodes may also be another scheme, which is not limited in this application.

The code rate is a very important technical index in the quantum device communication process, and the communication quality between two communication parties can be ensured only when one relay link has a sufficiently high code rate. Under the condition that the number of relay nodes between the relay links has small difference, the technical index influencing the communication of the whole relay link is the code rate. Therefore, the quantum cloud server selects the relay link with the highest code rate as the target relay link.

In another possible scheme, when the communication state of the relay node includes adjacent node information of the relay node, a packet throughput, and a coding rate, the quantum cloud server may select a target relay link from at least one relay link according to the number of relay nodes in each relay link, the packet throughput, and the coding rate.

Optionally, the quantum cloud server may count the number of relay nodes in each relay link, the packet throughput of each relay node, and the coding rate of each relay node. The quantum cloud server records the maximum value of the data packet processing amount in each relay node in each relay link as the data packet processing amount of the relay link, and records the minimum value of the rate of the relay node in each relay link as the rate of the relay link.

When the difference value of the number of the relay nodes between the relay link with the minimum number of the relay nodes and the relay link with the second minimum number of the relay nodes is larger than a third preset value, for example, larger than 2, the quantum cloud server takes the relay link with the minimum number of the relay nodes as a target relay link.

When the difference value of the number of relay nodes between the relay link with the minimum number of relay nodes and the relay link with the second minimum number of relay nodes is smaller than or equal to a third preset value, for example, smaller than or equal to 2, the quantum cloud server selects one relay link between the relay link with the minimum number of relay nodes and the relay link with the second minimum number of relay nodes as a target relay link. The code forming rate of the target relay link is higher than that of the other relay link, and the data packet processing capacity is lower than that of the other relay link; or the coding rate of the target relay link is higher than that of the other relay link, and the difference value of the data packet processing amount of the target relay link and the data packet processing amount of the other relay link is lower than a first threshold value; or the data packet processing amount of the target relay link is lower than that of the other relay link, and the difference value of the coding rate of the target relay link and the coding rate of the other relay link is lower than a second threshold value.

As shown in fig. 3, the number of relay nodes in the relay link 2 is only one more than the number of relay nodes in the relay link 1, and if the coding rate of the relay link 2 is greater than that of the relay link 1 and the packet throughput of the relay link 2 is less than that of the relay link 1, the quantum cloud server may select the relay link 2 as the target relay link.

In another possible scheme, when the communication state of the relay node includes the packet throughput and the coding rate of the relay node, the quantum cloud server may select a target relay link from the at least one relay link according to the packet throughput and the coding rate of the relay node in each relay link.

Optionally, the quantum cloud server needs to count the bit rate and the packet throughput of the relay node in each relay link, and record the minimum value of the bit rate in each relay node in each relay link as the bit rate of the relay link, and record the maximum value of the packet throughput in each relay node in each relay link as the packet throughput of the relay link. And the quantum cloud server determines a target relay link from at least one relay link according to the data packet processing amount and the coding rate of each relay link.

Optionally, the coding rate of the target relay link is higher than that of other relay links, and the packet throughput is lower than that of other relay links; or the coding rate of the target relay link is higher than that of other relay links, and the difference value of the processing amount of the data packets of the target relay link and the data packets of other relay links is lower than a third threshold value; or the data packet processing amount of the target relay link is lower than that of other relay links, and the difference value of the coding rate of the target relay link and the coding rate of the other relay links is lower than a fourth threshold value.

It should be noted that the first preset value, the second preset value, and the third preset value may be the same or different. The first preset value, the second preset value, the third preset value, the first threshold value, the second threshold value, the third threshold value and the fourth threshold value can be set according to actual conditions. In addition, in other embodiments, how the quantum cloud server selects the target relay link according to the number of relay nodes of the relay link, the packet throughput and the coding rate of the relay node may also be other schemes, which is not specifically limited in this application. In addition, the quantum cloud server may also select the target relay link only according to the packet throughput or the coding rate of the relay node of the relay link, which is not specifically described in the present application for the simplicity of the description.

And S303, the quantum cloud server sends a key sharing instruction to the nodes in the target relay link.

The key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to the adjacent relay nodes and instructing the relay nodes to send own quantum keys to the adjacent nodes along the same direction of the target relay link.

The quantum cloud server may issue a key sharing instruction to each node in the target relay link. As shown in fig. 2, it is assumed that the target relay link includes an access node, a relay node 1, a relay node 2, and a target access node. The quantum cloud server may send the key sharing instruction to the access node, the relay node 1, the relay node 2, and the target access node.

In a possible scheme, after receiving a key sharing instruction, the access node instructs the access node to send the quantum key to the relay node 1, and then the access node sends the quantum key generated by itself to the relay node 1 through a quantum communication channel. After the relay node 1 receives the key sharing instruction, the key sharing instruction instructs the relay node 1 to send the quantum key to the relay node 2, and then the relay node 1 sends the quantum key generated by itself to the relay node 2 through the quantum communication channel. After the target access node receives the key sharing instruction, the key sharing instruction instructs the target access node to send the quantum key to the relay node 2, and then the target access node sends the quantum key of the target access node to the relay node 2 through the quantum communication channel. The node receiving the quantum key of the adjacent node needs to perform exclusive or operation on the self-generated quantum key and the quantum key of the adjacent node, and send the calculated exclusive or value to the quantum cloud server. In this case, the relay node 2 needs to perform two exclusive-or operations, calculate an exclusive-or value between the quantum key of the target access node and the quantum key of the relay node 2 and an exclusive-or value between the quantum key of the relay node 1 and the quantum key of the relay node 2, and send the two exclusive-or values to the quantum cloud server.

Optionally, in the above scheme, the quantum cloud server may not send the key sharing instruction to the relay node 2, and after receiving the quantum keys of the target access node and the relay node 1, the relay node 2 calculates an exclusive or value between the quantum key of the target access node and the quantum key of the relay node 2 and an exclusive or value between the quantum key of the relay node 1 and the quantum key of the relay node 2, and sends the calculated exclusive or value to the quantum cloud server.

In another possible scheme, after receiving the key sharing instruction, the target access node instructs the target access node to send the quantum key to the relay node 2, and then the target access node sends the quantum key generated by itself to the relay node 2 through the quantum communication channel. After receiving the key sharing instruction, the relay node 2 instructs the relay node 2 to send the quantum key to the relay node 1, and then the relay node 2 sends the quantum key generated by itself to the relay node 1 through the quantum communication channel. After receiving the key sharing instruction, the access node instructs the access node to send the quantum key to the relay node 1, and then the access node sends the quantum key of the access node to the relay node 1 through the quantum communication channel. The node receiving the quantum key of the adjacent node needs to perform exclusive or operation on the self-generated quantum key and the quantum key of the adjacent node, and send the calculated exclusive or value to the quantum cloud server. In this case, the relay node 1 needs to perform two exclusive-or operations, calculate an exclusive-or value between the quantum key of the access node and the quantum key of the relay node 1 and an exclusive-or value between the quantum key of the relay node 1 and the quantum key of the relay node 2, and send the two exclusive-or values to the quantum cloud server.

Optionally, in the above scheme, the quantum cloud server may not send the key sharing instruction to the relay node 1, and after receiving the quantum keys of the access node and the relay node 2, the relay node 1 calculates an exclusive or value between the quantum key of the access node and the quantum key of the relay node 1 and an exclusive or value between the quantum key of the relay node 1 and the quantum key of the relay node 2, and sends the calculated exclusive or value to the quantum cloud server.

Optionally, after the node in the relay link receives the quantum key of the adjacent node and calculates the exclusive or value between the node and the quantum key of the adjacent node, the quantum key of the adjacent node is deleted, that is, the key of the adjacent node is not always stored, so that the possibility that the quantum key is cracked can be further avoided, and the security of information transmission is improved.

S304, the quantum cloud server receives the exclusive OR value of the nodes in the target relay link.

And the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node.

As shown in fig. 2, the quantum cloud server receives the xor value sent by the relay node 1 and the relay node 2.

S305, the quantum cloud server obtains a target exclusive-OR value according to the exclusive-OR value of the nodes in the target relay link.

And the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node.

As shown in fig. 2, assuming that the quantum key of the relay node 1 is R1, the quantum key of the relay node 1 is R1, the quantum key of the access node is Ra, the quantum key of the target access node is Rb, and the relay node 1, the relay node 2, and the target access node send an exclusive or value to the quantum cloud server. The relay node 1 transmits an exclusive or value of Ra ≧ R1, and the relay node 2 transmits exclusive or values of R1 ≧ R2 and R2 ≦ Rb. The quantum cloud server needs to perform the following operations:

Ra⊕R1⊕R1⊕R2⊕R2⊕Rb＝Ra⊕Rb；

the operation result Ra ≦ Rb is the target exclusive-or value, and then step S306 is executed.

S306, the quantum cloud server sends the target exclusive OR value to the target node.

The target node is an access node or a target access node and is not the party of the quantum key.

As shown in fig. 2, if the quantum key negotiation request of the access node indicates to negotiate with the target access node to use the quantum key Ra of the access node, that is, the data to be encrypted before the access node and the target access node communicate needs to be encrypted by using the quantum key Ra. Thus, the target node is a target access node. The quantum cloud server sends Ra ≦ Rb to the target access node. And after receiving the target exclusive-or value, the target access node performs exclusive-or operation by using the quantum key Rb of the target access node and the target exclusive-or value. Namely, the following operations are performed:

Ra⊕Rb⊕Rb＝Ra；

the result Ra of the operation is the quantum key used for negotiation, i.e. the quantum key of the access node.

In this way, the target access node obtains the quantum key Ra that is negotiated for use with the access node. Further, before the access node sends the data packet to be encrypted to the target access node, the access node encrypts the data packet to be encrypted by using the negotiated quantum key Ra; then, sending the encrypted data packet to a target access node through a traditional communication channel; and then, after receiving the encrypted data packet of the access node, the target access node decrypts the encrypted data packet by using the negotiated quantum key Ra, so as to obtain a decrypted data packet of the access node.

Similarly, before the target access node sends the data packet to be encrypted to the access node, the negotiated quantum key Ra is used for encrypting the data packet to be encrypted; then, sending the encrypted data packet to an access node through a traditional communication channel; and then, after receiving the encrypted data packet of the target access node, the access node decrypts the encrypted data packet by using the negotiated quantum key Ra, so as to obtain the decrypted data packet of the target access node.

Continuing with fig. 2, if the quantum key negotiation request of the access node indicates to negotiate with the target access node to use the quantum key Rb of the target access node, that is, the data to be encrypted before the access node and the target access node communicate needs to be encrypted by using the quantum key Rb. Thus, the target node is an access node. The quantum cloud server sends Ra ≦ Rb to the access node. And after receiving the target exclusive-or value, the access node performs exclusive-or operation by using the quantum key Ra of the access node and the target exclusive-or value. Namely, the following operations are performed:

Ra⊕Ra⊕Rb＝Rb；

the result Rb of the operation is the quantum key used for negotiation, i.e. the quantum key of the target access node.

In this manner, the target access node obtains a quantum key Rb for use in negotiation with the access node. Further, before the access node sends the data packet to be encrypted to the target access node, the negotiated quantum key Rb is used for encrypting the data packet to be encrypted; then, sending the encrypted data packet to a target access node through a traditional communication channel; and then, after receiving the encrypted data packet of the access node, the target access node decrypts the encrypted data packet by using the negotiated quantum key Rb, so as to obtain a decrypted data packet of the access node.

Similarly, before the target access node sends the data packet to be encrypted to the access node, the negotiated quantum key Rb is used for encrypting the data packet to be encrypted; then, sending the encrypted data packet to an access node through a traditional communication channel; and then, after receiving the encrypted data packet of the target access node, the access node decrypts the encrypted data packet by using the negotiated quantum key Rb, so as to obtain the decrypted data packet of the target access node.

In the following, with reference to fig. 2 and fig. 5, a quantum cloud key agreement method will be described in a complete embodiment from the perspective of a quantum cloud key agreement system.

Fig. 5 is a schematic flowchart of a second quantum cloud key agreement method according to an embodiment of the present application. As shown in fig. 2 and 5, the quantum cloud key agreement method includes the following steps:

s501, the access node sends a quantum key negotiation request to a quantum cloud server.

The quantum key negotiation request indicates a target access node and a quantum key which is used for negotiation by using the quantum key of the target access node.

S502, the quantum cloud server determines a target relay link according to the access node and the target access node.

Wherein the target relay link comprises a relay node 1 and a relay node 2. The process of the quantum cloud server determining the target relay link may refer to the description of step S302.

S503-11, the quantum cloud server sends a key sharing instruction to the target access node.

The key sharing instruction is used to instruct the target access node to send its own quantum key to the relay node 2 through the quantum communication channel.

S503-12, the target access node sends the quantum key Rb to the relay node 2 through the quantum communication channel.

S503-13, the relay node 2 performs an exclusive or operation to obtain an exclusive or value Rb ≠ R2.

Where R2 is the quantum key of relay node 2.

And S503-14, the relay node 2 sends the exclusive or value Rb ^ R2 to the quantum cloud server.

And S503-21, the quantum cloud server sends a key sharing instruction to the relay node 2.

Wherein, the key sharing instruction is used to instruct the relay node 2 to send its own quantum key to the relay node 1 through the quantum communication channel.

S503-22, relay node 2 sends quantum key R2 to relay node 1 over the quantum communication channel.

S503-23, the quantum cloud server sends a key sharing instruction to the access node.

Wherein, the key sharing instruction is used to instruct the access node to send its own quantum key to the relay node 1 through the quantum communication channel.

S503-24, the access node sends the quantum key Ra to the relay node 1 through the quantum communication channel.

S503-25, the relay node 1 performs XOR operation to obtain XOR values R1 ^ R2 and Ra ^ R1.

Where R1 is the quantum key of relay node 1.

And S503-26, the relay node 1 sends exclusive-or values R1 ^ R2 and Ra ^ R1 to the quantum cloud server.

Optionally, the quantum cloud server may also send a key sharing instruction to the relay node 1. The key sharing instruction may be used to instruct the relay node 1 to perform an exclusive or operation after receiving the quantum keys of the relay node 2 and the access node, and send an operated exclusive or value to the quantum cloud server.

S504, the quantum cloud server obtains a target exclusive-or value Ra ^ Rb according to Ra ^ R1, R1 ^ R2 and R2 ^ Rb.

And S505, the quantum cloud server sends the target exclusive-or value Ra ≦ Rb to the access node.

And S506, the access node obtains the quantum key Rb of the access node according to the Ra and the Ra ≦ Rb.

Based on the quantum cloud key negotiation method shown in fig. 3 and 5, the relay nodes needing to calculate the exclusive or value are selected through the quantum cloud server, and the key sender of each node is indicated, only the relay nodes selected by the quantum cloud server calculate and upload the exclusive or value of the key of the adjacent node, so that the calculation amount of the quantum cloud server on the exclusive or value is reduced, the calculation amount of the relay nodes on the exclusive or value is reduced, the technical problem of low key distribution efficiency caused by large calculation amount of a third-party server and the relay nodes is solved, and the key distribution efficiency is improved.

The quantum cloud key agreement method provided by the embodiment of the present application is described in detail above with reference to fig. 1 to 5. The following describes in detail a quantum cloud key agreement apparatus for performing the quantum cloud key agreement method provided in the embodiments of the present application with reference to fig. 6 to 7.

Fig. 6 is a schematic structural diagram of a quantum cloud key agreement device according to an embodiment of the present application. As shown in fig. 6, the quantum cloud key agreement apparatus 600 includes: a processing module 601 and a transceiver module 602. For convenience of explanation, fig. 6 shows only main components of the quantum cloud key agreement apparatus.

In some embodiments, the quantum cloud key agreement device 600 may be applied to the quantum cloud key agreement system illustrated in fig. 1 or fig. 2, and performs the quantum cloud key agreement method illustrated in fig. 3.

The processing module 601 is configured to control the transceiver module 602 to receive a quantum key negotiation request of an access node. The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node.

The processing module 601 is further configured to determine a target relay link according to the access node and the target access node. The target relay link comprises an access node and a target access node which are respectively positioned at two ends, and at least one relay node positioned between the access node and the target access node; adjacent nodes in the target relay link are connected by quantum channels.

The processing module 601 is further configured to control the transceiver module 602 to send a key sharing instruction to a node in the target relay link. The key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to the adjacent relay nodes and instructing the relay nodes to send own quantum keys to the adjacent nodes along the same direction of the target relay link.

The processing module 601 is further configured to control the transceiver module 602 to receive the xor value of the nodes in the target relay link. And the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node.

The processing module 601 is further configured to obtain a target xor value according to an xor value of nodes in the target relay link. And the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node.

The processing module 601 is further configured to control the transceiver module 602 to send the target exclusive-or value to the target node. The target node is an access node or a target access node and is not the party of the quantum key.

Optionally, the transceiver module 602 may include a receiving module and a transmitting module. The receiving module is used for receiving information sent by the access node, the relay node and the target access node, and the sending module is used for sending the information to the receiving access node, the relay node and the target access node.

Optionally, the quantum cloud key agreement apparatus 600 may further include a storage module (not shown in fig. 6) storing a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement device 600 may be enabled to execute the quantum cloud key agreement method shown in fig. 3.

It should be understood that the process 602 involved in the quantum cloud key agreement apparatus 600 may be implemented by a transceiver or transceiver-related circuit component, which may be a transceiver or a transceiver unit.

It should be noted that the quantum cloud key agreement apparatus 600 may be a network device, such as a server, a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus including the network device, and this application is not limited thereto.

In addition, for technical effects of the quantum cloud key agreement device 600, reference may be made to the technical effects of the quantum cloud key agreement method shown in fig. 3, which are not described herein again.

The quantum cloud key agreement device 600 shown in fig. 6 may also execute a quantum cloud key agreement method mainly involving an access node. As shown in fig. 6, the quantum cloud key agreement apparatus 600 includes: a processing module 601 and a transceiver module 602. For convenience of explanation, fig. 6 shows only main components of the quantum cloud key agreement apparatus.

The processing module 601 is configured to control the transceiver module 602 to send a quantum key negotiation request to the quantum cloud server. The quantum key negotiation request comprises an affiliated party of a quantum key used by negotiation between the access node and the target access node, and the affiliated party of the quantum key is the access node or the target access node.

The processing module 601 is configured to control the transceiver module 602 to receive a key sharing instruction of the quantum cloud server. The key sharing instruction is used for instructing the access node to send the quantum key of the access node to a specified adjacent relay node.

The processing module 601 is configured to control the transceiver module 602 to send the quantum key of the access node to the specified neighboring relay node.

Optionally, the transceiver module 602 may include a receiving module and a transmitting module. The receiving module is used for receiving information sent by the quantum cloud server, the relay node and the target access node, and the sending module is used for sending information to the quantum cloud server, the relay node and the target access node.

Optionally, the quantum cloud key agreement apparatus 600 may further include a storage module (not shown in fig. 6) storing a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement apparatus 600 may be enabled to execute a quantum cloud key agreement method mainly including an access node.

It should be understood that the process 602 involved in the quantum cloud key agreement apparatus 600 may be implemented by a transceiver or transceiver-related circuit component, which may be a transceiver or a transceiver unit.

It should be noted that the quantum cloud key agreement apparatus 600 may be a network device, such as a server, a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus including the network device, and this application is not limited thereto.

In addition, for technical effects of the quantum cloud key agreement device 600, reference may be made to the technical effects of the quantum cloud key agreement method shown in fig. 3, which are not described herein again.

The quantum cloud key agreement device 600 shown in fig. 6 may execute a quantum cloud key agreement method mainly including a relay node. As shown in fig. 6, the quantum cloud key agreement apparatus 600 includes: a processing module 601 and a transceiver module 602. For convenience of explanation, fig. 6 shows only main components of the quantum cloud key agreement apparatus.

The processing module 601 is configured to control the transceiver module 602 to receive a key sharing instruction of the quantum cloud server. Wherein the key sharing instruction is to instruct the relay node to receive a quantum key specifying the neighboring node.

The processing module 601 is configured to control the transceiver module 602 to receive a quantum key specifying a neighboring node.

The processing module 601 is configured to control the transceiver module 602 to send the exclusive or value to the quantum cloud server. The exclusive-or value is an exclusive-or operation result of the quantum key of the relay node and the quantum key of the appointed adjacent node.

Optionally, the transceiver module 602 may include a receiving module and a transmitting module. The receiving module is used for receiving information sent by the quantum cloud server, the access node, other relay nodes and the target access node, and the sending module is used for sending information to the quantum cloud server, the access node, other relay nodes and the target access node.

Optionally, the quantum cloud key agreement apparatus 600 may further include a storage module (not shown in fig. 6) storing a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement apparatus 600 is enabled to execute a quantum cloud key agreement method mainly including a relay node.

It should be understood that the process 602 involved in the quantum cloud key agreement apparatus 600 may be implemented by a transceiver or transceiver-related circuit component, which may be a transceiver or a transceiver unit.

It should be noted that the quantum cloud key agreement apparatus 600 may be a network device, such as a server, a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus including the network device, and this application is not limited thereto.

In addition, for technical effects of the quantum cloud key agreement device 600, reference may be made to the technical effects of the quantum cloud key agreement method shown in fig. 3, which are not described herein again.

The quantum cloud key agreement device 600 shown in fig. 6 may also execute a quantum cloud key agreement method mainly involving a target access node. As shown in fig. 6, the quantum cloud key agreement apparatus 600 includes: a processing module 601 and a transceiver module 602. For convenience of explanation, fig. 6 shows only main components of the quantum cloud key agreement apparatus.

The processing module 601 is configured to control the transceiver module 602 to receive a key sharing instruction of the quantum cloud server. The key sharing instruction is used for instructing the target access node to send the quantum key of the target access node to a specified adjacent relay node.

The processing module 601 is configured to control the transceiver module 602 to send its own quantum key to the specified neighboring relay node.

Optionally, the transceiver module 602 may include a receiving module and a transmitting module. The receiving module is used for receiving information sent by the quantum cloud server, the relay node and the access node, and the sending module is used for sending the information to the quantum cloud server, the relay node and the access node.

Optionally, the quantum cloud key agreement apparatus 600 may further include a storage module (not shown in fig. 6) storing a program or instructions. When the processing module executes the program or the instructions, the quantum cloud key agreement apparatus 600 may be enabled to execute a quantum cloud key agreement method mainly involving a target access node.

It should be understood that the process 602 involved in the quantum cloud key agreement apparatus 600 may be implemented by a transceiver or transceiver-related circuit component, which may be a transceiver or a transceiver unit.

It should be noted that the quantum cloud key agreement apparatus 600 may be a network device, such as a server, a chip (system) or other component or assembly that may be disposed in the network device, or an apparatus including the network device, and this application is not limited thereto.

In addition, for technical effects of the quantum cloud key agreement device 600, reference may be made to the technical effects of the quantum cloud key agreement method shown in fig. 3, which are not described herein again.

Fig. 7 is a schematic structural diagram of a quantum cloud key agreement device according to an embodiment of the present application. The quantum cloud key agreement apparatus may be a network device, or may be a chip (system) or other component or assembly that may be provided to the network device. As shown in fig. 7, quantum cloud key agreement apparatus 700 may include a processor 701. Optionally, quantum cloud key agreement device 700 may further comprise a memory 702 and/or a transceiver 703. The processor 701 is coupled to a memory 702 and a transceiver 703, such as may be connected by a communication bus.

The following specifically describes each constituent component of the quantum cloud key agreement apparatus 700 with reference to fig. 7:

the processor 701 is a control center of the quantum cloud key agreement apparatus 700, and may be a single processor or a collective term for a plurality of processing elements. For example, the processor 701 is one or more Central Processing Units (CPUs), or may be an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present application, such as: one or more microprocessors (digital signal processors, DSPs), or one or more Field Programmable Gate Arrays (FPGAs).

Alternatively, processor 701 may perform various functions of quantum cloud key agreement device 700 by running or executing software programs stored within memory 702, and invoking data stored within memory 702.

In particular implementations, processor 701 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 7, as one embodiment.

In a specific implementation, as an embodiment, the quantum cloud key agreement apparatus 700 may also include a plurality of processors, such as the processor 701 and the processor 704 shown in fig. 2. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).

The memory 702 is configured to store a software program for executing the scheme of the present application, and is controlled by the processor 701 to execute the software program.

Alternatively, memory 702 may be a read-only memory (ROM) or other type of static storage device that may store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that may store information and instructions, an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disc storage, optical disc storage (including compact disc, laser disc, optical disc, digital versatile disc, Blu-ray disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 702 may be integrated with the processor 701, or may exist independently, and is coupled to the processor 701 through an interface circuit (not shown in fig. 7) of the quantum cloud key agreement apparatus 700, which is not specifically limited in this embodiment of the present application.

A transceiver 703 for communication with other quantum cloud key agreement devices. For example, the quantum cloud key agreement apparatus 700 is a network device, and the transceiver 703 may be used to communicate with a terminal device or communicate with another network device.

Optionally, the transceiver 703 may include a receiver and a transmitter (not separately shown in fig. 7). Wherein the receiver is configured to implement a receive function and the transmitter is configured to implement a transmit function.

Optionally, the transceiver 703 may be integrated with the processor 701, or may exist independently, and is coupled to the processor 701 through an interface circuit (not shown in fig. 7) of the quantum cloud key agreement apparatus 700, which is not specifically limited in this embodiment of the present application.

It should be noted that the structure of the quantum cloud key agreement device 700 shown in fig. 7 does not constitute a limitation of the quantum cloud key agreement device, and an actual quantum cloud key agreement device may include more or less components than those shown, or combine some components, or arrange different components.

In addition, for technical effects of the quantum cloud key agreement device 700, reference may be made to the technical effects of the quantum cloud key agreement method described in the foregoing method embodiment, and details are not described here again.

An embodiment of the present application further provides a chip system, including: a processor coupled to a memory for storing a program or instructions that, when executed by the processor, cause the system-on-chip to implement the method of any of the above method embodiments.

Optionally, the system on a chip may have one or more processors. The processor may be implemented by hardware or by software. When implemented in hardware, the processor may be a logic circuit, an integrated circuit, or the like. When implemented in software, the processor may be a general-purpose processor implemented by reading software code stored in a memory.

Optionally, the memory in the system-on-chip may also be one or more. The memory may be integrated with the processor or may be separate from the processor, which is not limited in this application. For example, the memory may be a non-transitory processor, such as a read only memory ROM, which may be integrated with the processor on the same chip or separately disposed on different chips, and the type of the memory and the arrangement of the memory and the processor are not particularly limited in this application.

The system-on-chip may be, for example, a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a system on chip (SoC), a Central Processing Unit (CPU), a Network Processor (NP), a digital signal processing circuit (DSP), a Microcontroller (MCU), a Programmable Logic Device (PLD), or other integrated chips.

The embodiment of the application also provides a quantum cloud server, and the quantum cloud server is used for executing the quantum cloud key negotiation method taking the quantum cloud server as a main body.

The embodiment of the application also provides a quantum server, which is used for executing the quantum cloud key agreement method taking one of the following nodes as a main body: an access node, a relay node, or a target access node. The quantum server is provided with a quantum communication channel interface, and the quantum communication channel interface is used for carrying out quantum communication with adjacent nodes.

The embodiment of the application provides a quantum cloud key agreement system. The quantum cloud key agreement system comprises the quantum cloud server, the access node, the relay node and the target access node.

It should be understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), and the processor may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It will also be appreciated that the memory in the embodiments of the subject application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable EPROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DRRAM).

The above embodiments may be implemented in whole or in part by software, hardware (e.g., circuitry), firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.

It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, which may be understood with particular reference to the former and latter text.

In the present application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.

It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1. A quantum cloud key agreement method is characterized by comprising the following steps:

the quantum cloud server receives a quantum key negotiation request of an access node; the quantum key negotiation request comprises a party to which a quantum key used by the access node and a target access node are negotiated, wherein the party to which the quantum key belongs is the access node or the target access node;

the quantum cloud server determines a target relay link according to the access node and the target access node; the target relay link comprises the access node and the target access node which are respectively positioned at two ends, and at least one relay node positioned between the access node and the target access node; adjacent nodes in the target relay link are connected through a quantum channel;

the quantum cloud server sends a key sharing instruction to the nodes in the target relay link; the key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to adjacent relay nodes and instructing the relay nodes to send own quantum keys to adjacent nodes along the same direction of the target relay link;

the quantum cloud server receives an exclusive or value of a node in the target relay link; the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node;

the quantum cloud server obtains a target exclusive OR value according to the exclusive OR value of the nodes in the target relay link; wherein the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node;

the quantum cloud server sends the target exclusive or value to a target node; wherein the target node is the access node or the target access node and is not a party to which the quantum key belongs.

2. The quantum cloud key agreement method according to claim 1, wherein the quantum cloud server determines a target relay link according to the access node and the target access node, including:

the quantum cloud server acquires the communication state of a relay node between the access node and the target access node according to the access node and the target access node; the communication state of the relay node comprises adjacent node information of the relay node;

the quantum cloud server determines at least one relay link according to adjacent node information of a relay node between the access node and the target access node;

the quantum cloud server selects a target relay link from the at least one relay link.

3. The quantum cloud key agreement method according to claim 2, wherein the communication state of the relay node comprises one or more of: the data packet processing amount of the relay node or the code forming rate of the relay node;

the quantum cloud server selects a target relay link from the at least one relay link, and the method includes:

the quantum cloud server counts the number of relay nodes in each relay link;

the quantum cloud server determines a target relay link from the at least one relay link according to one or more of the following: the number of relay nodes, the coding rate of the relay nodes and the packet processing capacity of the relay nodes.

4. A quantum cloud key agreement method is characterized by comprising the following steps:

the target access node receives a key sharing instruction of the quantum cloud server; the key sharing instruction is used for instructing the target access node to send a quantum key of the target access node to a specified adjacent relay node;

and the target access node sends the quantum key of the target access node to the appointed adjacent relay node.

5. A quantum cloud key agreement device is characterized by comprising a receiving and sending module and a processing module; wherein the content of the first and second substances,

the processing module is used for controlling the transceiver module to receive a quantum key negotiation request of an access node; the quantum key negotiation request comprises a party to which a quantum key used by the access node and a target access node are negotiated, wherein the party to which the quantum key belongs is the access node or the target access node;

the processing module is further configured to determine a target relay link according to the access node and the target access node; the target relay link comprises the access node and the target access node which are respectively positioned at two ends, and at least one relay node positioned between the access node and the target access node; adjacent nodes in the target relay link are connected through a quantum channel;

the processing module is further configured to control the transceiver module to send a key sharing instruction to a node in the target relay link; the key sharing instruction is used for instructing the access node and the target access node to send own quantum keys to adjacent relay nodes and instructing the relay nodes to send own quantum keys to adjacent nodes along the same direction of the target relay link;

the processing module is further configured to control the transceiver module to receive an exclusive or value of a node in the target relay link; the XOR value of the node is the XOR operation result between the quantum key of the node and the received quantum key of the adjacent node;

the processing module is further configured to obtain a target exclusive-or value according to the exclusive-or value of the node in the target relay link; wherein the target exclusive-or value is an exclusive-or operation result of the quantum key of the access node and the quantum key of the target access node;

the processing module is further configured to control the transceiver module to send the target exclusive-or value to a target node; wherein the target node is the access node or the target access node and is not a party to which the quantum key belongs.

6. A quantum cloud key agreement device is characterized by comprising a receiving and sending module and a processing module; wherein the content of the first and second substances,

the processing module is used for controlling the receiving and sending module to receive a key sharing instruction of the quantum cloud server; the key sharing instruction is used for instructing a target access node to send a quantum key of the target access node to a specified adjacent relay node;

the processing module is further configured to control the transceiver module to send its own quantum key to the designated adjacent relay node.

7. A quantum cloud server, comprising: a processor and a memory; the memory is to store computer instructions that, when executed by the processor, cause the quantum cloud server to perform the quantum cloud key agreement method of any of claims 1-3.

8. A quantum server, comprising: a processor and a memory; the memory is to store computer instructions that, when executed by the processor, cause the quantum server to perform the quantum cloud key agreement method of claim 4; wherein two adjacent quantum servers are connected through a quantum channel.

9. A quantum cloud key agreement system, comprising:

a quantum cloud server to perform the quantum cloud key agreement method of any one of claims 1-37;

an access node configured to: sending a quantum key negotiation request to a quantum cloud server; the quantum key negotiation request comprises a party to which a quantum key used by the access node and a target access node are negotiated, wherein the party to which the quantum key belongs is the access node or the target access node; receiving a key sharing instruction of the quantum cloud server; the key sharing instruction is used for instructing the access node to send the quantum key of the access node to a specified adjacent relay node; sending the quantum key of the access node to the specified adjacent relay node;

a relay node, the relay node to: receiving a key sharing instruction of a quantum cloud server; wherein the key sharing instruction is to instruct the relay node to receive a quantum key specifying an adjacent node; receiving a quantum key of the designated neighbor node; sending an exclusive or value to the quantum cloud server; the XOR value is the XOR operation result of the quantum key of the relay node and the quantum key of the appointed adjacent node;

a target access node for performing the quantum cloud key agreement method of claim 4.

10. A computer-readable storage medium comprising a computer program or instructions which, when run on a computer, cause the computer to perform the quantum cloud key agreement method according to any one of claims 1-4.

Images