CN114697005B - Distributed wide area quantum cryptography network group key distribution method and system - Google Patents
Distributed wide area quantum cryptography network group key distribution method and system Download PDFInfo
- Publication number
- CN114697005B CN114697005B CN202011587019.2A CN202011587019A CN114697005B CN 114697005 B CN114697005 B CN 114697005B CN 202011587019 A CN202011587019 A CN 202011587019A CN 114697005 B CN114697005 B CN 114697005B
- Authority
- CN
- China
- Prior art keywords
- group
- node
- nodes
- wide area
- metropolitan area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000009826 distribution Methods 0.000 title claims abstract description 64
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000010586 diagram Methods 0.000 claims abstract description 18
- 238000004891 communication Methods 0.000 claims description 31
- 230000008569 process Effects 0.000 claims description 21
- 230000008859 change Effects 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 5
- 238000005304 joining Methods 0.000 claims description 2
- 238000004364 calculation method Methods 0.000 abstract description 5
- 238000007726 management method Methods 0.000 description 60
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a distributed wide area quantum cryptography network group key distribution method and a distributed wide area quantum cryptography network group key distribution system, which are used for obtaining a routing diagram of a quantum cryptography network in a current routing period; grouping the group nodes according to the metropolitan area network where the group nodes are located, selecting one group node from each group of group nodes as a group management node, and acquiring other group management node information and the same group of group node information by the group management node; each group management node calculates wide area route spanning trees of all the group management nodes and metropolitan area route spanning trees of all the group nodes according to the routing graph and with the aim that the total path of the group key distribution is smaller than a set threshold value; and sequentially transmitting the group keys layer by layer according to the wide area routing spanning tree and the metropolitan area routing spanning tree until all nodes of all metropolitan area routing spanning trees acquire the group keys. The invention reduces the dependence on the central node through the distributed route calculation.
Description
Technical Field
The invention belongs to the technical field of encryption communication of quantum cryptography networks, and particularly relates to a distributed wide area quantum cryptography network group key distribution method and system.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
The group key service mode is one of the main modes of the quantum key service, and is often used in communication scenes between applications participated in by multiple parties in a networking environment, such as video conferences, online transactions, network games and the like, and such applications can be regarded as applications of group communication facing an open network environment.
To the best of the inventors' knowledge, the group key in a quantum cryptography network is obtained by key relay between nodes of the quantum cryptography network, and when the quantum cryptography network group key is applied, the current technology often only considers the application of the group key and does not consider the path cost of the group key distribution.
In addition, current quantum cryptography networks have evolved from metropolitan area networks to wide area networks. The number of path costs occupied by group key distribution between metropolitan area networks is higher than the number of group key distribution within the metropolitan area networks, so when the number of group members is large, the group key distribution path planning between metropolitan area networks should be considered first. This problem has not been considered in current group key application and distribution schemes.
Disclosure of Invention
In order to solve the problems, the invention provides a distributed wide area quantum cryptography network group key distribution method and a distributed wide area quantum cryptography network group key distribution system.
According to some embodiments, the present invention employs the following technical solutions:
a distributed wide area quantum cryptography network group key distribution method comprises the following steps:
obtaining a route diagram of a quantum cryptography network in a current route period;
Grouping the group nodes according to the metropolitan area network where the group nodes are located, selecting one group node from each group of group nodes as a group management node, and acquiring other group management node information and the same group of group node information by the group management node;
each group management node calculates wide area route spanning trees of all the group management nodes and metropolitan area route spanning trees of all the group nodes according to the routing graph and with the aim that the total path of the group key distribution is smaller than a set threshold value;
and sequentially transmitting the group keys layer by layer according to the wide area routing spanning tree and the metropolitan area routing spanning tree until all nodes of all metropolitan area routing spanning trees acquire the group keys.
As an alternative embodiment, the node information is a node ID.
As an alternative implementation manner, when obtaining the routing diagram of the quantum cryptography network in the current routing period, confirming whether group node information of newly joining or exiting group communication exists, wherein the group node is a quantum cryptography network node where a group member participating in the group communication is located, and if so, updating the routing diagram of the quantum cryptography network according to the information content.
As an alternative embodiment, if there is no change in the group members engaged in group communication during the routing period, there is no need to reselect group management nodes, each of which does not need to recalculate and update the wide area routing spanning tree.
As an alternative embodiment, if there is no change in a group node participating in a group communication in a metro network during a routing period, there is no need to reselect a group management node of the metro network, and there is no need for each group node of the metro network to recalculate and update a metro route spanning tree of the metro network.
As an alternative embodiment, the specific process of calculating the wide area route spanning tree for all group management nodes includes:
Determining a root node of the wide area route spanning tree, calculating the shortest key relay path sum from each group management node to other group management nodes, and taking the group management nodes with the path sum smaller than a set value as the root node of the wide area route spanning tree;
Taking all group management nodes except the determined root node as a first set, and taking the nodes of the wide area route spanning tree as a second set;
Searching a plurality of nodes with the smallest or smaller distance from each group node in the second set in the first set as lower nodes or child nodes of the corresponding group nodes, adding the connecting edges of the lower nodes and the corresponding upper nodes into the third set, adding the lower nodes into the second set, and deleting the lower nodes from the first set;
The process is repeated until the first set is empty.
In an alternative embodiment, the specific process of calculating the metropolitan area route spanning tree includes:
taking a group management node of the group as a root node;
taking all the metropolitan area group nodes except the determined root node as a first set, and taking the nodes of the metropolitan area route spanning tree as a second set;
Searching a plurality of nodes with the smallest or smaller distance from each group node in the second set in the first set as lower nodes or child nodes of the corresponding group nodes, adding the connecting edges of the lower nodes and the corresponding upper nodes into the third set, adding the lower nodes into the second set, and deleting the lower nodes from the first set;
The process is repeated until the first set is empty.
As an alternative embodiment, the specific process of layer-by-layer delivering the group key according to the wide area routing spanning tree includes: the distribution of the group key is started by a root node of the wide area route spanning tree, the group node where the root node is located selects a true random number as the group key, the group key is stored, and the group key is relayed to the child node of each root node;
And if the node has a child node, relaying the group key to each child node until all nodes of all the wide area routing spanning trees acquire the group key.
As an alternative embodiment, the specific process of layer-by-layer delivering the group key according to the metro route spanning tree includes: after each group management node receives the group key, if the group key is used as the root node of the metropolitan area route spanning tree where the group key is located, the group key is relayed to each child node;
After each node of the metropolitan area route spanning tree receives the group key relayed by the father node, the group key is saved, if the node has the child node, the group key is relayed to each child node of the node until each node of the metropolitan area route spanning tree obtains the group key.
As an alternative embodiment, if there are multiple group key distribution paths whose total paths are smaller than the set threshold, the group key is distributed in parallel using multiple lines.
A distributed wide area quantum cryptography network group key distribution system comprising:
The group communication authentication server is configured to perform registration, login authentication and exit management of group members participating in group communication, groups the group members according to a metropolitan area network where the group nodes are located in each routing period, determines the group management nodes of each group, and sends information of all the group management nodes and information of all the group nodes of the group where the group management nodes are located to each group management node;
the group management node is used as a transfer of a group key from a wide area network to a metropolitan area network, is configured to transfer all metropolitan area group node information of the metropolitan area network where the group key is located to the metropolitan area group node where the group key is located, calculates wide area route spanning trees of all group management nodes with the aim that a total path of group key distribution is smaller than a set threshold according to a routing diagram, and transmits the group key layer by layer according to the wide area route spanning trees and the metropolitan area route spanning trees of all group nodes in sequence;
The metropolitan area group node is configured to obtain the group key by obtaining the group key from a group management node of the metropolitan area network where it is located.
Compared with the prior art, the invention has the beneficial effects that:
the invention divides the group key distribution process into two processes of group key distribution of group management nodes and group key distribution of metropolitan area nodes, firstly carries out the group key distribution of the group management nodes, and plans the optimal path of the group key distribution between metropolitan area networks, thereby preventing the problem of increasing the distribution cost of the group key due to repeated distribution of the group key between metropolitan area networks.
The invention groups the group nodes according to the metropolitan area network, the group communication authentication server only needs to communicate with the group management node in each metropolitan area network, and the group management node communicates with the group nodes of the group where the group management node is located, thereby reducing the communication complexity of the distribution of the group key.
The wide area group key distribution route only needs to consider the route spanning tree of the group management node, so that the complexity of calculation of the wide area group key distribution route is reduced; and the wide area routing node positioned at the network center is selected as the root node for starting the distribution of the group key in the calculation of the wide area routing spanning tree, thereby being beneficial to improving the distribution speed of the group key and reducing the cost of a key relay path for the distribution of the group key.
The invention aims at calculating the wide area route spanning tree of all group management nodes and the metropolitan area route spanning tree of each group node with the aim that the total path of the group key distribution is smaller than the set threshold value, thereby being easy to form multi-line parallel distribution in the process of the group key distribution and improving the speed of the group key distribution.
The invention calculates the wide area route of the group key and the metropolitan area route of the metropolitan area network of each group node, which reduces the dependence on the center node.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention.
FIG. 1 is a system configuration diagram of a first embodiment;
Fig. 2 is a schematic diagram of a group key distribution flow in the second embodiment.
The specific embodiment is as follows:
the invention will be further described with reference to the drawings and examples.
It should be noted that the following detailed description is illustrative and is intended to provide further explanation of the invention. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present invention. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
As described in the background art, the longer the distance of the relay path is, the greater the generation cost of the relay path is, and the current group key distribution technology does not consider the path cost problem of group key distribution, does not use the optimal path to perform group key distribution, and increases the path cost of group key distribution, thereby increasing the cost of group key encrypted communication.
In order to solve this problem, the present invention provides a distributed wide area quantum cryptography network group key distribution method and system, and the detailed description will be given below with different embodiments.
Embodiment one:
A distributed wide area quantum cryptography network group key distribution system, as shown in fig. 1, specifically comprising: the group communication authentication server, the group management node and the metropolitan group node function as follows:
The group communication authentication server is responsible for registration, login authentication and exit management of group members participating in group communication. In each routing period, the quantum cryptography network nodes (hereinafter referred to as group nodes) where the group members participating in the group communication are located are grouped according to the metropolitan area network where the group nodes are located, each group selects one group node as a group management node, and the IDs of all the group management nodes and all the group node IDs of the group where the group management node is located are sent to each group management node.
The group management node is a routing node for wide area group key distribution, is a transfer of the group key from the wide area network to the metropolitan area network, and is responsible for forwarding the IDs of all metropolitan area group nodes of the metropolitan area network where the group key is located to the metropolitan area group node where the group key is located.
Of course, in other embodiments, the node ID may be replaced by other node information, or other related information of the node may be sent while forwarding the node ID.
The metropolitan area group node is a quantum cryptography network node where group members of group communication are located, and a group key is obtained through a group management node of the metropolitan area network where the quantum cryptography network node is located.
Embodiment two:
based on the system of the first embodiment, a distributed wide area quantum cryptography network group key distribution method is provided, and the specific process is as shown in fig. 2, where the wide area quantum cryptography network group key distribution is divided into two processes: group management node group key distribution and metropolitan area group node group key distribution.
Wherein: the group management node group key distribution process is as follows:
and each routing period, grouping the group nodes participating in group communication by the group communication authentication server according to a metropolitan area network where the group nodes are positioned, and selecting one group node from each group node as a group management node. The group communication authentication server transmits all group management node IDs to each group management node, and simultaneously transmits all group node IDs of the group in which each group management node is located to the group management node.
Each group management node receives all group management node IDs transmitted by the group communication authentication server and all group node IDs of the metropolitan area network where the group management node is located. Each group management node calculates a wide area route spanning tree of all the group management nodes according to the wide area quantum cryptography network routing diagram.
Specifically, the calculation method of the wide area route spanning tree may be selected in the following manner:
A. Firstly, determining a root node of a wide area route spanning tree, and calculating the shortest key relay path sum from each group management node to other group management nodes, wherein in the embodiment, the group node S with the smallest sum is used as the root node of the wide area route spanning tree;
B. the method comprises the steps that the set of all group management nodes except a root node S is marked as V, the set of a wide-area route spanning tree is marked as (U, T), U is the node set of the spanning tree, T is the edge set of a connecting node in the spanning tree, and initially, the U only comprises one root node S, and T is null;
C. searching two nodes closest to U and V (the distance refers to the shortest path length of key relay among nodes), setting U and V, wherein U belongs to U, V belongs to V, adding edges (U, V) into a set T, adding V into the set U, and deleting the node V from the set V;
D. step C is repeated until set V is empty.
In a specific distribution process, the distribution of the group key is started by a root node of the wide area route spanning tree, the group node where the root node is located selects a true random number as the group key, the group key is stored, and the group key is relayed to the child node of each root node. And if the node has a child node, relaying the group key to each child node until all nodes of all the wide area routing spanning trees acquire the group key.
Of course, in other embodiments, the root node may be determined by taking the shortest key relay path and the point less than the set threshold as the root node.
The metropolitan area group node group key distribution process is as follows:
Each group management node receives all group node IDs of the group in which the group management node is located, and then forwards all group node IDs of the group to each group node of the group. Each group node comprises a group management node, and the group management node of the group is taken as a root node according to the metropolitan area network route map of the node, so as to calculate metropolitan area route spanning trees of all the group nodes of the group.
The calculation method of the metropolitan area route spanning tree can be selected as follows:
(1) The method comprises the steps that the set of all metropolitan group nodes except a root node S is marked as V, the set of metropolitan route spanning tree is marked as (U, T), U is the node set of the spanning tree, T is the edge set of a connecting node in the spanning tree, and initially, U only comprises one root node S, and T is null;
(2) Searching two nodes closest to U and V (the distance refers to the shortest path length of key relay among nodes), setting U and V, wherein U belongs to U, V belongs to V, adding edges (U, V) into a set T, adding V into the set U, and deleting the node V from the set V;
(3) Repeating the step (2) until the set V is empty.
After each group management node receives the group key, if the group key is used as the root node of the metropolitan area route spanning tree where the group key is located, the group key is relayed to each child node.
After each node of the metropolitan area route spanning tree receives the group key relayed by the father node, the group key is saved, if the node has the child node, the group key is relayed to each child node of the node until each node of the metropolitan area route spanning tree obtains the group key.
The group communication authentication server does not need to reselect group management nodes if there is no change in the group members participating in the group communication during the routing period, and each group management node does not need to recalculate and update the wide area routing spanning tree.
If there is no change in the group nodes participating in the group communication in a metropolitan area network within the routing period, the group communication authentication server does not need to reselect the group management node of the metropolitan area network, nor does each group node of the metropolitan area network need to recalculate and update the metropolitan area routing spanning tree of the metropolitan area network.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
While the foregoing description of the embodiments of the present invention has been presented in conjunction with the drawings, it should be understood that it is not intended to limit the scope of the invention, but rather, it is intended to cover all modifications or variations within the scope of the invention as defined by the claims of the present invention.
Claims (6)
1. A distributed wide area quantum cryptography network group key distribution method is characterized in that: the method comprises the following steps:
obtaining a route diagram of a quantum cryptography network in a current route period;
Grouping the group nodes according to the metropolitan area network where the group nodes are located, selecting one group node from each group of group nodes as a group management node, and acquiring other group management node information and the same group of group node information by the group management node;
each group management node calculates wide area route spanning trees of all the group management nodes and metropolitan area route spanning trees of all the group nodes according to the routing graph and with the aim that the total path of the group key distribution is smaller than a set threshold value;
Sequentially transmitting the group key layer by layer according to the wide area route spanning tree and the metropolitan area route spanning tree until all nodes of all metropolitan area route spanning trees obtain the group key;
If a plurality of group key distribution paths with total paths smaller than a set threshold exist, distributing the group keys in parallel by utilizing a plurality of lines;
the specific process of calculating the wide area route spanning tree for all group management nodes includes:
Determining a root node of the wide area route spanning tree, calculating the shortest key relay path sum from each group management node to other group management nodes, and taking the group management nodes with the path sum smaller than a set value as the root node of the wide area route spanning tree;
Taking all group management nodes except the determined root node as a first set, and taking the nodes of the wide area route spanning tree as a second set;
Searching a plurality of nodes with the smallest or smaller distance from each group node in the second set in the first set as lower nodes or child nodes of the corresponding group nodes, adding the connecting edges of the lower nodes and the corresponding upper nodes into the third set, adding the lower nodes into the second set, and deleting the lower nodes from the first set;
repeating until the first set is empty;
the metropolitan area group node group key distribution process is as follows:
Each group management node receives all group node information of the group in which the group management node is located, and forwards all group node information of the group to each group node of the group; each group node comprises a group management node, and according to the metropolitan area network route map where the group management node is located, the group management node of the group is taken as a root node, and a metropolitan area route spanning tree of all the group nodes of the group is calculated;
the specific process for calculating the metropolitan area route spanning tree comprises the following steps:
taking a group management node of the group as a root node;
taking all the metropolitan area group nodes except the determined root node as a first set, and taking the nodes of the metropolitan area route spanning tree as a second set;
Searching a plurality of nodes with the smallest or smaller distance from each group node in the second set in the first set as lower nodes or child nodes of the corresponding group nodes, adding the connecting edges of the lower nodes and the corresponding upper nodes into the third set, adding the lower nodes into the second set, and deleting the lower nodes from the first set;
repeating until the first set is empty;
After each group management node receives the group key, if the group key is used as the root node of the metropolitan area route spanning tree where the group key is located, the group key is relayed to each child node;
After each node of the metropolitan area route spanning tree receives the group key relayed by the father node, the group key is saved, if the node has the child node, the group key is relayed to each child node of the node until each node of the metropolitan area route spanning tree obtains the group key.
2. The distributed wide area quantum cryptography network group key distribution method of claim 1, wherein: when a routing diagram of a quantum cipher network in a current routing period is obtained, whether group node information of newly joining or exiting group communication exists is confirmed, wherein the group node is a quantum cipher network node where a group member participating in the group communication is located, and if so, the routing diagram of the quantum cipher network is updated according to information content.
3. The distributed wide area quantum cryptography network group key distribution method of claim 2, wherein: if the group members engaged in the group communication do not change during the routing period, no group management nodes need to be reselected, and each group management node does not need to recalculate and update the wide area routing spanning tree;
Or alternatively, the first and second heat exchangers may be,
If there is no change in the group nodes participating in the group communication in a metropolitan area network within the routing period, there is no need to reselect the group management node of the metropolitan area network, nor is each group node of the metropolitan area network required to recalculate and update the metropolitan area routing spanning tree of the metropolitan area network.
4. The distributed wide area quantum cryptography network group key distribution method of claim 1, wherein: the node information is a node ID.
5. The distributed wide area quantum cryptography network group key distribution method of claim 1, wherein: the specific process of transmitting the group key layer by layer according to the wide area route spanning tree comprises the following steps: the distribution of the group key is started by a root node of the wide area route spanning tree, the group node where the root node is located selects a true random number as the group key, the group key is stored, and the group key is relayed to the child node of each root node;
And if the node has a child node, relaying the group key to each child node until all nodes of all the wide area routing spanning trees acquire the group key.
6. A distributed wide area quantum cryptography network group key distribution system, adopting a distributed wide area quantum cryptography network group key distribution method according to any one of claims 1-5, characterized in that: comprising the following steps:
The group communication authentication server is configured to perform registration, login authentication and exit management of group members participating in group communication, groups the group members according to a metropolitan area network where the group nodes are located in each routing period, determines the group management nodes of each group, and sends information of all the group management nodes and information of all the group nodes of the group where the group management nodes are located to each group management node;
the group management node is used as a transfer of a group key from a wide area network to a metropolitan area network, is configured to transfer all metropolitan area group node information of the metropolitan area network where the group key is located to the metropolitan area group node where the group key is located, calculates wide area route spanning trees of all group management nodes with the aim that a total path of group key distribution is smaller than a set threshold according to a routing diagram, and transmits the group key layer by layer according to the wide area route spanning trees and the metropolitan area route spanning trees of all group nodes in sequence;
a metropolitan area group node configured to obtain a group key by from a group management node of a metropolitan area network where it is located;
the specific process of calculating the wide area route spanning tree for all group management nodes includes:
Determining a root node of the wide area route spanning tree, calculating the shortest key relay path sum from each group management node to other group management nodes, and taking the group management nodes with the path sum smaller than a set value as the root node of the wide area route spanning tree;
Taking all group management nodes except the determined root node as a first set, and taking the nodes of the wide area route spanning tree as a second set;
Searching a plurality of nodes with the smallest or smaller distance from each group node in the second set in the first set as lower nodes or child nodes of the corresponding group nodes, adding the connecting edges of the lower nodes and the corresponding upper nodes into the third set, adding the lower nodes into the second set, and deleting the lower nodes from the first set;
The process is repeated until the first set is empty.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011587019.2A CN114697005B (en) | 2020-12-28 | 2020-12-28 | Distributed wide area quantum cryptography network group key distribution method and system |
| PCT/CN2021/117784 WO2022142461A1 (en) | 2020-12-28 | 2021-09-10 | Distributed wide area quantum cryptography network group key distribution method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011587019.2A CN114697005B (en) | 2020-12-28 | 2020-12-28 | Distributed wide area quantum cryptography network group key distribution method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697005A CN114697005A (en) | 2022-07-01 |
| CN114697005B true CN114697005B (en) | 2024-06-07 |
Family
ID=82129833
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011587019.2A Active CN114697005B (en) | 2020-12-28 | 2020-12-28 | Distributed wide area quantum cryptography network group key distribution method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN114697005B (en) |
| WO (1) | WO2022142461A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6684331B1 (en) * | 1999-12-22 | 2004-01-27 | Cisco Technology, Inc. | Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110446239A (en) * | 2019-07-25 | 2019-11-12 | 汕头大学 | A kind of wireless sensor network cluster-dividing method and system based on multiple magic square |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100440865C (en) * | 2005-10-21 | 2008-12-03 | 清华大学 | Application layer group broadcasting method with integrated type and distributed type combination |
| CN103023781B (en) * | 2012-12-13 | 2015-06-10 | 清华大学 | Shortest path tree and spanning tree combined energy-saving routing method |
| CN103001875B (en) * | 2013-01-07 | 2015-03-11 | 山东量子科学技术研究院有限公司 | Quantum cryptography network dynamic routing method |
| US9392525B2 (en) * | 2014-05-16 | 2016-07-12 | Qualcomm Incorporated | Establishing reliable routes without expensive mesh peering |
| CN104202772B (en) * | 2014-09-09 | 2018-04-10 | 河海大学常州校区 | Mobile Sink collecting methods applied to the node memory resource-sharing of wireless sensor network |
| CN108270557B (en) * | 2016-12-30 | 2021-02-19 | 科大国盾量子技术股份有限公司 | Backbone network system based on quantum communication and relay method thereof |
| CN109962774B (en) * | 2017-12-22 | 2021-12-10 | 山东量子科学技术研究院有限公司 | Quantum cipher network key relay dynamic routing method |
| CN109660337B (en) * | 2017-12-29 | 2021-07-13 | 广东国腾量子科技有限公司 | Quantum and classical converged communication network system and key distribution method thereof |
| CN110086713B (en) * | 2019-04-17 | 2020-11-24 | 北京邮电大学 | Domain-divided routing method for wide-area quantum key distribution network |
-
2020
- 2020-12-28 CN CN202011587019.2A patent/CN114697005B/en active Active
-
2021
- 2021-09-10 WO PCT/CN2021/117784 patent/WO2022142461A1/en active Application Filing
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6684331B1 (en) * | 1999-12-22 | 2004-01-27 | Cisco Technology, Inc. | Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure |
| CN101022333A (en) * | 2007-02-01 | 2007-08-22 | 华为技术有限公司 | Distributing system, method and device for group key control message |
| CN104579964A (en) * | 2013-01-07 | 2015-04-29 | 山东量子科学技术研究院有限公司 | Dynamic route architecture system for quantum cryptography network |
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110446239A (en) * | 2019-07-25 | 2019-11-12 | 汕头大学 | A kind of wireless sensor network cluster-dividing method and system based on multiple magic square |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697005A (en) | 2022-07-01 |
| WO2022142461A1 (en) | 2022-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108270557B (en) | Backbone network system based on quantum communication and relay method thereof | |
| CN101960801B (en) | Technique for determining a point-to-multipoint tree linking a root node to a plurality of leaf nodes | |
| US20090080345A1 (en) | Efficient multipoint distribution tree construction for shortest path bridging | |
| US20150263867A1 (en) | Virtual Private Network Migration and Management in Centrally Controlled Networks | |
| Chen et al. | SDN-based privacy preserving cross domain routing | |
| CN111385198B (en) | Path determining method, device and communication system | |
| CN107210850A (en) | Method and system for selecting the messaging parameter in wireless network | |
| CN105656771A (en) | Service path determining method, device and system | |
| WO2019204987A1 (en) | Information transmission method controlled by cloud, robot, and group robot system | |
| US10341220B2 (en) | Virtual shortest path tree establishment and processing methods and path computation element | |
| JP2010536259A5 (en) | ||
| CN114697005B (en) | Distributed wide area quantum cryptography network group key distribution method and system | |
| CN114697003B (en) | Centralized type quantum cipher network group key distribution method and system | |
| CN114697002B (en) | Distributed quantum cryptography network group key distribution method and system | |
| Chen et al. | Privacy-preserving cross-domain routing optimization-a cryptographic approach | |
| CN117675355A (en) | Multi-layer network data exchange method and system based on node identification matching | |
| CN104967562B (en) | A kind of method for routing between internet of things equipment node | |
| CN114697004B (en) | Centralized wide area quantum cryptography network group key distribution method and system | |
| JP2009038416A (en) | Multicast communication system, and group key management server | |
| CN111190606B (en) | Automatic deployment method of big data cluster | |
| CN103023780A (en) | Method and device for routing computation | |
| CN116418492A (en) | Route establishment method, system and quantum cryptography network | |
| CN108923946B (en) | Centralized multicast control method based on software definition | |
| CN102082811B (en) | Multi-domain network establishment method, multi-domain network, node communication method and network node | |
| Chang et al. | Universally Optimal Information Dissemination and Shortest Paths in the HYBRID Distributed Model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |