CN114697004B - Centralized wide area quantum cryptography network group key distribution method and system - Google Patents
Centralized wide area quantum cryptography network group key distribution method and system Download PDFInfo
- Publication number
- CN114697004B CN114697004B CN202011584554.2A CN202011584554A CN114697004B CN 114697004 B CN114697004 B CN 114697004B CN 202011584554 A CN202011584554 A CN 202011584554A CN 114697004 B CN114697004 B CN 114697004B
- Authority
- CN
- China
- Prior art keywords
- node
- group
- wide area
- routing
- nodes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000009826 distribution Methods 0.000 title claims abstract description 72
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000004891 communication Methods 0.000 claims abstract description 40
- 238000010586 diagram Methods 0.000 claims abstract description 14
- 238000005304 joining Methods 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a centralized wide area quantum cryptography network group key distribution method and system, which are characterized in that group node information is acquired, and in each routing period, the group node information of newly joining or exiting group communication is determined, wherein the group node is a quantum cryptography network node where a group member participating in the group communication is located; selecting a group node from each metropolitan area network containing group nodes as a wide area routing node, taking the total path of group key distribution among the metropolitan area networks as the best target, and calculating wide area routing spanning trees of all the wide area routing nodes according to a quantum cryptography network routing diagram; according to the metropolitan area route graph of each wide area route node, calculating a metropolitan area route spanning tree of group nodes of the metropolitan area of each wide area route node; and the wide area routing nodes and the metropolitan area group nodes respectively distribute the group keys layer by layer according to the corresponding routing spanning tree until all nodes at the lowest layer of the metropolitan area routing spanning tree acquire the group keys. The invention can reduce the cost of the quantum cryptography network group key distribution.
Description
Technical Field
The invention belongs to the technical field of encryption communication of quantum cryptography networks, and particularly relates to a centralized wide area quantum cryptography network group key distribution method and system.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
The quantum key is widely paid attention to by the unique security characteristic, and is paid more attention to by more and more users, but with the advent of large-scale service users, the quality requirement on the quantum key service is higher and higher.
The group key service mode is one of the quantum key service modes, and is mainly applied to the scene of multiparty participation in the quantum key distribution networking environment, such as video conference, network game, video on demand, financial transaction and the like. The group key in current quantum cryptography networks is obtained by key relay between nodes of the quantum cryptography network. When people apply the quantum cryptography network group key, only the application of the quantum cryptography network group key is often considered, and the path cost of the group key distribution is not considered; the longer the distance of the relay path, the greater the cost of generating the relay path, and how to complete the distribution of all the group keys in the shortest or shorter total path is a problem not considered by the current group key application scheme, and the problem is directly related to the cost of the group key encrypted communication.
Current quantum cryptography networks have evolved from metropolitan area networks to wide area networks. The number of path costs occupied by group key distribution between metropolitan area networks is higher than the number of group key distribution within the metropolitan area networks, so when the number of group members is large, the group key distribution path planning between metropolitan area networks should be considered first.
Disclosure of Invention
In order to solve the problems that the cost of a group key distribution path is not considered in the current group key application and distribution scheme, and the optimal path is not adopted for group key distribution, the path cost of group key distribution is increased, and the encryption communication cost of the group key is increased, the invention provides a centralized wide area quantum cryptography network group key distribution method and system.
According to some embodiments, the present invention employs the following technical solutions:
a centralized wide area quantum cryptography network group key distribution method comprises the following steps:
Acquiring group node information, and determining the group node information of newly joining or exiting group communication in each routing period, wherein the group node is a quantum cryptography network node where a group member participating in the group communication is located;
selecting a group node from each metropolitan area network containing group nodes as a wide area routing node, taking the total path of group key distribution among the metropolitan area networks as the best target, and calculating wide area routing spanning trees of all the wide area routing nodes according to a quantum cryptography network routing diagram;
according to the metropolitan area route graph of each wide area route node, calculating a metropolitan area route spanning tree of group nodes of the metropolitan area of each wide area route node;
And the wide area routing nodes and the metropolitan area group nodes respectively distribute the group keys layer by layer according to the corresponding routing spanning tree until all nodes at the lowest layer of the metropolitan area routing spanning tree acquire the group keys.
As an alternative embodiment, the group node information is a quantum cryptography network node ID where the group member is located.
As an alternative embodiment, with the best overall path of group key distribution among metropolitan area networks as a target, the specific process of calculating the wide area route spanning tree of all the wide area route nodes according to the quantum cryptography network routing diagram includes:
Determining root nodes of the wide area route spanning tree, calculating the shortest key relay path sum from each wide area route node to other nodes, and taking the wide area route node S with the smallest sum as the root node of the route spanning tree;
Searching the node with the shortest path length of the key relay in the rest nodes, and taking the node as a child node of the corresponding wide-area routing node, and repeating the steps until no rest nodes exist.
As a further limitation, the set of all wide area routing nodes except the root node S is denoted as V, the set of wide area routing spanning trees is denoted as (U, T), U is the node set of the spanning tree, T is the edge set of the connecting nodes in the spanning tree, and initially, U contains only one root node S, T is null;
Searching two nodes with shortest path length of key relay in U and V, setting the nodes as U and V, wherein U epsilon U and V epsilon V, adding edges (U, V) into a set T, adding V into the set U, deleting the node V from the set V, and repeating the steps until the set V is empty.
As an alternative embodiment, if there are a plurality of nodes with the shortest path length from a node key relay, the corresponding node is the node of the next layer of the node.
As an alternative embodiment, the method for calculating the metropolitan area route spanning tree is as follows:
the method comprises the steps that a set of all metropolitan area group nodes except a wide area routing node S is marked as V, a set of metropolitan area routing spanning tree is marked as (U, T), U is a node set of the spanning tree, T is a side set of connecting nodes in the spanning tree, and initially, U only comprises one wide area routing node S and T is null;
Searching two nodes with shortest key relay path length between the nodes in U and V, setting the two nodes as U and V, wherein U epsilon U and V epsilon V, adding edges (U and V) into a set T, adding V into the set U, and deleting the node V from the set V; this step is repeated until set V is empty.
The specific process of the wide area routing node and the metropolitan area group node for respectively distributing the group keys layer by layer according to the corresponding routing spanning tree until all nodes at the lowest layer of the metropolitan area routing spanning tree obtain the group keys comprises the following steps: each wide area routing node transmits a group password layer by layer according to the wide area routing spanning tree and group node information of a metropolitan area network where the wide area routing node is located until the node of each wide area routing spanning tree receives the group key;
As an alternative implementation manner, after each wide area routing node receives the group key, according to the metropolitan area routing graph where the wide area routing node is located, the metropolitan area routing spanning tree of the group node of the metropolitan area where the wide area routing node is located is calculated by taking the node as a root node, the metropolitan area routing spanning tree is sent to each metropolitan area group node of the metropolitan area where the wide area routing node is located, and the group key is transferred layer by layer until all nodes of the lowest layer of the metropolitan area routing spanning tree obtain the group key.
As an alternative embodiment, the quantum cryptography network node information does not change during a certain routing period, and the routing spanning tree does not need to be updated.
Alternatively, if there are multiple optimal group key distribution total paths, the group keys are distributed in parallel using multiple lines.
A centralized wide area quantum cryptography network group key distribution system comprising:
the group communication authentication server is configured to acquire group node information, and determine the group node information of newly joining or exiting group communication in each routing period, wherein the group node is a quantum cryptography network node where a group member participating in the group communication is located;
A group key distribution routing server configured to select a group node from each metropolitan area network containing group nodes as a wide area routing node, to calculate wide area routing spanning trees of all the wide area routing nodes according to a quantum cryptography network routing graph with the best total path of group key distribution among the metropolitan area networks as a target, and to send the wide area routing spanning trees and group node information contained in each metropolitan area network to the wide area routing node of the metropolitan area network;
a wide area routing node configured to receive a wide area routing distribution of the group key while providing routing services of the group key distribution for the metropolitan area group node;
the metropolitan area group node is configured to transfer group passwords layer by layer according to the metropolitan area route spanning tree until all nodes at the lowest layer of the metropolitan area route spanning tree obtain the group key.
Compared with the prior art, the invention has the beneficial effects that:
The invention establishes the route server to uniformly plan the optimal route of the wide area route of the group key distribution, thereby preventing the repeated distribution of the group key among metropolitan area networks and increasing the distribution cost of the group key and solving the problems existing in the prior art.
The invention groups the group nodes according to the metropolitan area networks, and the routing server only needs to communicate with the wide area routing nodes in each metropolitan area network, thereby reducing the calculation complexity and the communication complexity of the wide area communication path of the routing server.
The invention selects the wide area routing node positioned at the network center position as the root node for starting the distribution of the group key in the calculation of the wide area routing spanning tree, thereby being beneficial to improving the distribution speed of the group key, reducing the relay path length of the key for the distribution of the group key and reducing the distribution cost of the group key;
The group key distribution method based on the route spanning tree, provided by the invention, is easy to form multi-line parallel distribution in the group key distribution process, and the concurrent execution increases the speed of the group key distribution.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a block diagram of a group key distribution system;
fig. 2 is a schematic diagram of a group key distribution flow.
The specific embodiment is as follows:
The invention will be further described with reference to the drawings and examples.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
In the invention, the process of obtaining the group key through quantum key relay by the quantum cipher network node participating in the group communication in the quantum cipher network is called quantum cipher network group key distribution.
As shown in fig. 1, the whole system comprises a group communication authentication server, a group key distribution routing server, a wide area routing node and a metropolitan area group node, and the functions of the parts are as follows:
a group communication authentication server configured to participate in registration, login authentication, and logout management of group members of the group communication.
A group key distribution routing server (hereinafter referred to as a routing server) provides routing services of group key distribution for the wide area routing nodes. The routing server is connected with the group communication authentication server. When the group communication starts, the group communication authentication server transmits the ID of the quantum cryptography network node (simply called group node) where the group member participating in the group communication is located to the routing server. The group communication authentication server transmits a group node ID newly joining or exiting the group communication to the routing server every routing period.
Of course, in other embodiments, the group node ID is not limited to being sent only, and other information may be substituted or included.
The wide area routing nodes are from metropolitan area group nodes, and the group key distribution routing server selects one group node from each metropolitan area network with group nodes as the wide area routing node. The wide area routing node is configured to receive a wide area routing distribution of the group key while providing routing services of the group key distribution to the metropolitan area group node.
The metropolitan area group node is a quantum cryptography network node where group members of group communication are located, and a group key is obtained through a wide area routing node of the metropolitan area where the quantum cryptography network node is located.
As shown in fig. 2, the specific process of the centralized wide area quantum cryptography network group key distribution method is divided into two processes: the group key distribution of the wide area routing node and the group key distribution of the metropolitan area group node.
The group key distribution process of the wide area routing node is as follows:
When the group communication starts, the group communication authentication server transmits the group node ID participating in the group communication to the routing server. The routing server receives the group node ID of the new joining and exiting group communication sent by the group communication authentication server every routing period. The routing server groups all group node IDs participating in group communication in the period of the routing server according to metropolitan areas, namely, the group nodes of the same metropolitan area network are a group, and one group node is selected from each group to serve as a wide area routing node of the group. And the routing server calculates a wide area routing spanning tree of all the wide area routing nodes according to the wide area quantum cryptography network routing diagram. The routing server transmits the wide area routing spanning tree and the group node ID contained in each metropolitan area network to the wide area routing nodes of the metropolitan area network.
Each wide area routing node receives the wide area routing spanning tree and the group node ID of the metropolitan area in which the wide area routing node is located. First, the group key distribution among the wide area routing nodes is performed, starting from the wide area routing node where the root node of the wide area routing spanning tree is located. The root node selects a true random number as a group key, and relays it to child nodes of the root node of the wide area route generation tree, respectively. The node of each wide area routing spanning tree receives the group key relayed by its parent node, if there are child nodes for the node, the group key is relayed to each child node of the node until the node of each wide area routing spanning tree receives the group key.
The metropolitan area group node group key distribution process is as follows:
After each wide area routing node receives the group key, according to the metropolitan area routing graph where the wide area routing node is located, the metropolitan area routing spanning tree of the group node of the metropolitan area where the wide area routing node is located is calculated by taking the node as a root node, and then the metropolitan area routing spanning tree is sent to each metropolitan area group node. According to the metropolitan area routing spanning tree, the wide area routing node relays the group key to each child node on the metropolitan area routing spanning tree where it is located. Each metropolitan area group node receives the group key relayed by the upper layer node of the metropolitan area route spanning tree, if the group node has the child nodes in the metropolitan area route spanning tree, the group key is relayed to each child node until all the child nodes at the lowest layer of the metropolitan area route spanning tree obtain the group key.
The calculation method of the wide area route spanning tree comprises the following steps:
1. firstly, determining a root node of a wide area route spanning tree, calculating the shortest key relay path sum from each wide area route node to other wide area route nodes, and taking the wide area route node S with the smallest sum as the root node of the route spanning tree;
2. the method comprises the steps that a set of all wide area routing nodes except a root node S is marked as V, a set of wide area routing spanning trees is marked as (U, T), U is a node set of the spanning trees, T is a side set of connecting nodes in the spanning trees, and initially, the U only comprises one root node S, and T is null;
3. Searching two nodes closest to U and V (the distance refers to the shortest path length of key relay among nodes), setting U and V, wherein U belongs to U, V belongs to V, adding edges (U, V) into a set T, adding V into the set U, and deleting the node V from the set V;
4. Step 3 is repeated until the set V is empty.
The calculation method of the metropolitan area route spanning tree comprises the following steps:
1. The method comprises the steps that a set of all metropolitan area group nodes except a wide area routing node S is marked as V, a set of metropolitan area routing spanning tree is marked as (U, T), U is a node set of the spanning tree, T is a side set of connecting nodes in the spanning tree, and initially, U only comprises one wide area routing node S and T is null;
2. Searching two nodes closest to U and V (the distance refers to the shortest path length of key relay among nodes), setting U and V, wherein U belongs to U, V belongs to V, adding edges (U, V) into a set T, adding V into the set U, and deleting the node V from the set V;
3. Step 2 is repeated until the set V is empty.
If the quantum cryptography network node ID received by the routing server does not change during the routing period, the routing server and the routing node do not need to update the routing spanning tree.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.
Claims (6)
1. A centralized wide area quantum cryptography network group key distribution method is characterized in that: the method comprises the following steps:
The group communication authentication server sends the group node information participating in the group communication to a group key distribution routing server, the group key distribution routing server acquires the group node information, determines the group node information newly joining or exiting the group communication in each routing period, and groups the group node information participating in the group communication in all the period according to a metropolitan area;
The group key distribution routing server is used for providing routing service of group key distribution for the wide area routing node, and is connected with the group communication authentication server;
the group node is a quantum cryptography network node where a group member participating in group communication is located;
Selecting a group node from each metropolitan area network containing group nodes as a wide area routing node, taking the total path of group key distribution among the metropolitan area networks as the best target, and calculating wide area routing spanning trees of all the wide area routing nodes according to a quantum cryptography network routing diagram; specific: determining root nodes of the wide area route spanning tree, calculating the shortest key relay path sum from each wide area route node to other wide area route nodes, and taking the wide area route node S with the smallest sum as the root node of the route spanning tree;
Searching the node with the shortest path length of the key relay in the rest nodes, and taking the node as a child node of the corresponding wide area routing node, and repeating the steps until no rest nodes exist;
the method comprises the steps that a set of all wide area routing nodes except a root node S is marked as V, a set of wide area routing spanning trees is marked as (U, T), U is a node set of the spanning trees, T is a side set of connecting nodes in the spanning trees, and initially, the U only comprises one root node S, and T is null;
searching two nodes with shortest path length of key relay in U and V, and setting the two nodes as U and V, wherein U is U,v/>V, adding edges (U, V) to the set T, adding V to the set U, deleting the node V from the set V, and repeating the steps until the set V is empty;
According to the metropolitan area route graph of each wide area route node, calculating a metropolitan area route spanning tree of group nodes of the metropolitan area of each wide area route node; specifically, the set of all metropolitan area group nodes except the wide area routing node S is marked as V, the set of metropolitan area routing spanning tree is marked as (U, T), U is the node set of the spanning tree, T is the edge set of the connecting node in the spanning tree, and initially, U only comprises one wide area routing node S and T is empty; searching two nodes with shortest key relay path length between the nodes in U and V, and setting the two nodes as U and V, wherein U is U,v/>V, adding edges (U, V) to the set T, adding V to the set U, and deleting the node V from the set V; repeating the step until the set V is empty;
The method comprises the steps that wide area routing nodes and metropolitan area group nodes respectively distribute group keys layer by layer according to corresponding routing spanning trees until all nodes at the lowest layer of the metropolitan area routing spanning trees obtain the group keys, specifically, each wide area routing node transmits the group keys layer by layer according to the wide area routing spanning trees and group node information of the metropolitan area network where the wide area routing nodes are located until the nodes of each wide area routing spanning tree receive the group keys;
The group key distribution process of the wide area routing node is as follows: after each wide area routing node receives the wide area routing spanning tree and the group node information of the metropolitan area where the wide area routing node is located, firstly, group key distribution among the wide area routing nodes is carried out, and the wide area routing nodes where the root node of the wide area routing spanning tree is located start; the root node selects a true random number as a group key and relays the true random number to child nodes of the root node of the wide area route generation tree respectively; the node of each wide area route spanning tree receives the group key relayed by the parent node, if the node has a child node, the group key is relayed to each child node of the node until the node of each wide area route spanning tree receives the group key;
The distribution process of the metropolitan area group node group key is as follows: after each wide area routing node receives the group key, according to the metropolitan area routing graph where the wide area routing node is located, calculating a metropolitan area routing spanning tree of the group node of the metropolitan area where the wide area routing node is located by taking the node as a root node, sending the metropolitan area routing spanning tree to each metropolitan area group node of the metropolitan area network where the wide area routing node is located, and according to the metropolitan area routing spanning tree, the wide area routing node relays the group key to each child node on the metropolitan area routing spanning tree where the wide area routing node is located; each metropolitan area group node receives the group key relayed by the upper layer node of the metropolitan area route spanning tree, if the group node has the child nodes in the metropolitan area route spanning tree, the group key is relayed to each child node until all the child nodes at the lowest layer of the metropolitan area route spanning tree obtain the group key.
2. The method for distributing the centralized wide area quantum cryptography network group key according to claim 1, wherein the method comprises the following steps: the group node information is a quantum cryptography network node ID where the group member is located.
3. The method for distributing the centralized wide area quantum cryptography network group key according to claim 1, wherein the method comprises the following steps: if there are a plurality of nodes with the shortest path length from the key relay of a certain node, the corresponding node is used as the node of the next layer of the certain node.
4. The method for distributing the centralized wide area quantum cryptography network group key according to claim 1, wherein the method comprises the following steps: in a certain routing period, the quantum cryptography network node information does not change, and the routing spanning tree does not need to be updated.
5. The method for distributing the centralized wide area quantum cryptography network group key according to claim 1, wherein the method comprises the following steps: if there are multiple optimal group key distribution total paths, the group keys are distributed in parallel by using multiple lines.
6. A centralized wide area quantum cryptography network group key distribution system is characterized in that: comprising the following steps:
the group communication authentication server is configured to acquire group node information, and determine the group node information of newly joining or exiting group communication in each routing period, wherein the group node is a quantum cryptography network node where a group member participating in the group communication is located;
a group key distribution routing server, namely a routing server, which provides routing service of group key distribution for the wide area routing node, and is connected with the group communication authentication server; the group key distribution routing server is configured to select one group node as a wide area routing node in each metropolitan area network containing group nodes, and group node information of all the group nodes participating in group communication in the period of time according to metropolitan areas; calculating wide area route spanning trees of all wide area route nodes according to a quantum cipher network route diagram by taking the optimal total path of group key distribution between metropolitan area networks as a target, and transmitting the wide area route spanning trees and group node information contained in each metropolitan area network to the wide area route nodes of the metropolitan area network; the method comprises the following steps: determining root nodes of the wide area route spanning tree, calculating the shortest key relay path sum from each wide area route node to other wide area route nodes, and taking the wide area route node S with the smallest sum as the root node of the route spanning tree;
Searching the node with the shortest path length of the key relay in the rest nodes, and taking the node as a child node of the corresponding wide area routing node, and repeating the steps until no rest nodes exist;
the method comprises the steps that a set of all wide area routing nodes except a root node S is marked as V, a set of wide area routing spanning trees is marked as (U, T), U is a node set of the spanning trees, T is a side set of connecting nodes in the spanning trees, and initially, the U only comprises one root node S, and T is null;
searching two nodes with shortest path length of key relay in U and V, and setting the two nodes as U and V, wherein U is U,v/>V, adding edges (U, V) to the set T, adding V to the set U, deleting the node V from the set V, and repeating the steps until the set V is empty;
a wide area routing node configured to receive a wide area routing distribution of the group key while providing routing services of the group key distribution for the metropolitan area group node; specifically, each wide area routing node transmits a group key layer by layer according to the wide area routing spanning tree and group node information of a metropolitan area network where the wide area routing node is located until the node of each wide area routing spanning tree receives the group key;
The group key distribution process of the wide area routing node is as follows: after each wide area routing node receives the wide area routing spanning tree and the group node information of the metropolitan area where the wide area routing node is located, firstly, group key distribution among the wide area routing nodes is carried out, and the wide area routing nodes where the root node of the wide area routing spanning tree is located start; the root node selects a true random number as a group key and relays the true random number to child nodes of the root node of the wide area route generation tree respectively; the node of each wide area route spanning tree receives the group key relayed by the parent node, if the node has a child node, the group key is relayed to each child node of the node until the node of each wide area route spanning tree receives the group key;
A metropolitan area group node configured to deliver group keys layer by layer according to a metropolitan area route spanning tree until all nodes at a lowest layer of the metropolitan area route spanning tree obtain the group keys;
the metropolitan area route spanning tree is as follows: the method comprises the steps that a set of all metropolitan area group nodes except a wide area routing node S is marked as V, a set of metropolitan area routing spanning tree is marked as (U, T), U is a node set of the spanning tree, T is a side set of connecting nodes in the spanning tree, and initially, U only comprises one wide area routing node S and T is null; searching two nodes with shortest key relay path length between the nodes in U and V, and setting the two nodes as U and V, wherein U is U,v/>V, adding edges (U, V) to the set T, adding V to the set U, and deleting the node V from the set V; repeating the step until the set V is empty;
The distribution process of the metropolitan area group node group key is as follows: after each wide area routing node receives the group key, according to the metropolitan area routing graph where the wide area routing node is located, calculating a metropolitan area routing spanning tree of the group node of the metropolitan area where the wide area routing node is located by taking the node as a root node, sending the metropolitan area routing spanning tree to each metropolitan area group node of the metropolitan area network where the wide area routing node is located, and according to the metropolitan area routing spanning tree, the wide area routing node relays the group key to each child node on the metropolitan area routing spanning tree where the wide area routing node is located; each metropolitan area group node receives the group key relayed by the upper layer node of the metropolitan area route spanning tree, if the group node has the child nodes in the metropolitan area route spanning tree, the group key is relayed to each child node until all the child nodes at the lowest layer of the metropolitan area route spanning tree obtain the group key.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011584554.2A CN114697004B (en) | 2020-12-28 | 2020-12-28 | Centralized wide area quantum cryptography network group key distribution method and system |
| PCT/CN2021/117785 WO2022142462A1 (en) | 2020-12-28 | 2021-09-10 | Centralized wide area quantum cryptography network group key distribution method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011584554.2A CN114697004B (en) | 2020-12-28 | 2020-12-28 | Centralized wide area quantum cryptography network group key distribution method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697004A CN114697004A (en) | 2022-07-01 |
| CN114697004B true CN114697004B (en) | 2024-05-17 |
Family
ID=82129320
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011584554.2A Active CN114697004B (en) | 2020-12-28 | 2020-12-28 | Centralized wide area quantum cryptography network group key distribution method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114697004B (en) |
| WO (1) | WO2022142462A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6684331B1 (en) * | 1999-12-22 | 2004-01-27 | Cisco Technology, Inc. | Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110446239A (en) * | 2019-07-25 | 2019-11-12 | 汕头大学 | A kind of wireless sensor network cluster-dividing method and system based on multiple magic square |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9392525B2 (en) * | 2014-05-16 | 2016-07-12 | Qualcomm Incorporated | Establishing reliable routes without expensive mesh peering |
| WO2020125967A1 (en) * | 2018-12-19 | 2020-06-25 | Telefonaktiebolaget Lm Ericsson (Publ) | Quantum key distribution apparatus and method |
-
2020
- 2020-12-28 CN CN202011584554.2A patent/CN114697004B/en active Active
-
2021
- 2021-09-10 WO PCT/CN2021/117785 patent/WO2022142462A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6684331B1 (en) * | 1999-12-22 | 2004-01-27 | Cisco Technology, Inc. | Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110446239A (en) * | 2019-07-25 | 2019-11-12 | 汕头大学 | A kind of wireless sensor network cluster-dividing method and system based on multiple magic square |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697004A (en) | 2022-07-01 |
| WO2022142462A1 (en) | 2022-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109040279B (en) | Block chain network networking method, device, equipment and readable storage medium | |
| CN112580821A (en) | Method, device and equipment for federated learning and storage medium | |
| Zhang | Key management scheme for secure channel establishment in fog computing | |
| EP3813298B1 (en) | Method and apparatus for establishing trusted channel between user and trusted computing cluster | |
| CN110266817A (en) | Across channel data sharing model, sharing method and device based on block chain | |
| CN106210064B (en) | A kind of extensive remotely-sensed data distribution method of controllable P 2 P based on authorization | |
| Ometov et al. | Securing network-assisted direct communication: The case of unreliable cellular connectivity | |
| CN108964961A (en) | A kind of method, apparatus and system of management transmission network slice | |
| CN113472513B (en) | Parallel secure multiparty computing method based on block chain | |
| CN116957109A (en) | Model construction method, device, equipment and medium based on federal learning | |
| CN113055902B (en) | Intelligent mobile communication network system | |
| CN114697004B (en) | Centralized wide area quantum cryptography network group key distribution method and system | |
| CN115550070B (en) | Multiparty collaboration method and related device | |
| CN108768787B (en) | Block link point excitation method and device | |
| CN114697005B (en) | Distributed wide area quantum cryptography network group key distribution method and system | |
| CN114362947B (en) | Wide-area quantum key service method and system | |
| WO2022142463A1 (en) | Group key distribution method in distributed quantum cryptography network, and system | |
| CN114697003B (en) | Centralized type quantum cipher network group key distribution method and system | |
| Yuan et al. | Demonstration of blockchain-based IoT devices anonymous access network using zero-knowledge proof | |
| CN111190606B (en) | Automatic deployment method of big data cluster | |
| CN114697003A (en) | Centralized quantum cryptography network group key distribution method and system | |
| CN111738722B (en) | Intelligent contract generation method based on block link and by directory server | |
| CN110708179B (en) | Block chain-based data communication bridging method and storage medium | |
| CN108668151A (en) | Audio/video interaction method and device | |
| WO2022142461A1 (en) | Distributed wide area quantum cryptography network group key distribution method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |