CN114697013B - Quantum key management method based on trusted relay node shared key - Google Patents
Quantum key management method based on trusted relay node shared key Download PDFInfo
- Publication number
- CN114697013B CN114697013B CN202011628932.2A CN202011628932A CN114697013B CN 114697013 B CN114697013 B CN 114697013B CN 202011628932 A CN202011628932 A CN 202011628932A CN 114697013 B CN114697013 B CN 114697013B
- Authority
- CN
- China
- Prior art keywords
- user node
- quantum key
- key
- node
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 60
- 238000013528 artificial neural network Methods 0.000 claims abstract description 49
- 238000004891 communication Methods 0.000 claims abstract description 37
- 238000010276 construction Methods 0.000 claims abstract description 16
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000012360 testing method Methods 0.000 claims description 15
- 238000012549 training Methods 0.000 claims description 15
- 238000005457 optimization Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 abstract description 9
- 239000010410 layer Substances 0.000 description 11
- 238000009826 distribution Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 238000003860 storage Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 239000013589 supplement Substances 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 229920002430 Fibre-reinforced plastic Polymers 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000011151 fibre-reinforced plastic Substances 0.000 description 1
- 239000002346 layers by function Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
- G06N3/084—Backpropagation, e.g. using gradient descent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Electromagnetism (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a quantum key management method based on a trusted relay node shared key, which can avoid the participation of a user node in a routing process in secure communication by forming a shared key pool in a user node and a directly connected metropolitan area network trusted relay node, reduce the complexity of a quantum communication network in terms of routing management and network configuration, reduce the network construction cost, and manage the quantum key buffer quantity of the shared key pool based on a gray neural network prediction model so as to improve the real-time performance of quantum secure communication while guaranteeing the freshness of the buffered quantum key.
Description
Technical Field
The invention relates to the field of quantum key management, in particular to a quantum key management method based on a trusted relay node shared key.
Background
With the development of quantum communication technology, the construction scale of the quantum communication network is also expanding, and the architecture of the quantum communication network is also changing. Logically, a quantum secure communication network can be divided into three main functional layers, a quantum layer, a key management layer and an application layer, respectively. The quantum layer is used for carrying out quantum signal transceiving and information negotiation through a Quantum Key Distribution (QKD) link (comprising a quantum channel and a classical channel) to generate a quantum key, and forwarding the generated quantum key to the key management layer; the key management layer stores and manages quantum keys; the application layer obtains the quantum key from the key management layer for secure communication.
The key management layer enables the key application device to obtain a quantum key for secure communications through user node access to the quantum communication network. However, as the network scale is expanded, the quantum key output for secret communication between wide area user nodes lacks real-time performance, and has larger delay, so that the real-time performance of secret communication between key application devices of the wide area user nodes is also reduced, and the key management layer of the quantum communication network cannot preset shared keys for the wide area user nodes due to the huge number of user nodes between the metropolitan area user nodes.
Compared with other types of nodes, the user nodes have the largest proportion in the whole network, the current key management server needs to provide route management and route service for the user nodes, has higher performance requirements on the key management server, and has higher hardware configuration requirements on the user nodes. In the current quantum key distribution network, quantum key sharing is generally realized among multi-user nodes through a key relay technology, which is a small challenge for the complexity of realizing the user nodes, the calculation performance of the whole network route, the network construction cost and the like. For example, as shown in fig. 1, when secret communication is performed between key application devices suspended by a plurality of user nodes, a key relay process needs to be initiated between each user node to obtain a shared quantum key, so that secret communication is performed between application devices by using the shared quantum key. When an initial user node initiates a key relay, a relay route for reporting key quantity calculation by integrating whole network equipment by a key management server needs to be obtained, and the initial user node sequentially transmits a quantum key to a target user node through a metropolitan area network trusted relay node, a backbone access node and an opposite metropolitan area network trusted relay node according to the relay route to complete a quantum key relay process.
It can be seen that at least the following disadvantages exist in the existing quantum key management methods:
1. the key relay is initiated by a key management layer of the user nodes, and the key management server needs to calculate routes among the user nodes, so that the requirement on the route calculation performance of the key management server is higher, the complexity of network construction is increased, more shared key pools among other user nodes need to be built for the user nodes, and the configuration requirement is higher;
2. in the current quantum key distribution network, quantum key sharing is generally realized between user nodes directly through a key relay technology, so that the complexity of network realization is increased, the performance of whole network route calculation is reduced, and the network construction cost is increased;
3. in general, compared with other types of nodes, the user nodes have the largest proportion in the whole network, the key management server needs to calculate routes for each pair of user nodes, the requirement on the route calculation performance of the key management server is higher, the network construction is complex, and the requirement on the hardware configuration of the user nodes is higher.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention provides a quantum key management method based on a shared key of a trusted relay node, which can avoid the participation of a user node in a routing process in secure communication by forming a shared key pool in the trusted relay node of a user node and a metropolitan area network directly connected with the user node, reduce the complexity of a quantum communication network in terms of routing management and network configuration, reduce the network construction cost, and manage the quantum key buffer quantity of the shared key pool based on a gray neural network prediction model so as to improve the real-time performance of quantum secure communication while guaranteeing the freshness of the buffered quantum key.
Specifically, in the quantum key management method based on the trusted relay node shared key according to the present invention, the relay node shared quantum key is cached between the metropolitan area network trusted relay nodes, and a user node shared key pool is established between the metropolitan area network trusted relay nodes and the user nodes directly connected thereto for caching the user node shared quantum key.
When secret communication is carried out between a first user node and a second user node, if the first user node and the second user node are directly connected with the same metropolitan area network trusted relay node, the same metropolitan area network trusted relay node outputs a second user node shared quantum key cached in a user node shared key pool between the first user node and the second user node to the first user node, and the second user node is used for encrypting communication between the first user node and the second user node; and if the first user node and the second user node are respectively and directly connected with different first and second metropolitan area network trusted relay nodes, the first and second metropolitan area network trusted relay nodes respectively output a relay node sharing quantum key between the first metropolitan area network trusted relay node and the second metropolitan area network trusted relay node to the first user node and the second user node for encrypting communication between the first user node and the second user node.
Further, when the first and second user nodes are directly connected to the same metropolitan area network trusted relay node, the same metropolitan area network trusted relay node encrypts the second user node shared quantum key by using a first user node shared quantum key cached in a user node shared key pool between the first user node and the first user node to form encrypted data, and sends the encrypted data to the first user node, and the first user node decrypts the encrypted data by using the first user node shared quantum key to obtain the second user node shared quantum key; and/or the number of the groups of groups,
when the first metropolitan area network trusted relay node is different from the second metropolitan area network trusted relay node, the relay node sharing quantum key is used for encrypting a first user node sharing quantum key between the first user node and the first metropolitan area network trusted relay node and a second user node sharing quantum key between the second user node and the second metropolitan area network trusted relay node respectively to form first encrypted data and second encrypted data, the first encrypted data and the second encrypted data are sent to the first user node and the second user node respectively, the first user node decrypts the first encrypted data by using the first user node sharing quantum key to obtain the relay node sharing quantum key, and the second user node decrypts the second encrypted data by using the second user node sharing quantum key to obtain the relay node sharing quantum key.
Optionally, a quantum key shared by the relay nodes can be generated between the trusted relay nodes of the metropolitan area network in a key relay mode; and/or said encryption and decryption is achieved by means of an exclusive-or operation.
The quantum key management method according to the present invention may further comprise the step of predicting quantum key consumption predictors in the user node shared key pool using a grey neural network prediction model.
Further, the gray neural network prediction model may be formed by a model data construction step, a model training step, and a prediction accuracy test and actual test step, wherein:
in the model data construction step, setting N time intervals, wherein N is the number of samples; obtaining the quantum key consumption actual value of the user node shared key pool in each time interval i as a sample x (0) (i) Wherein i is any natural number from 1 to N; construction of the original sequence X (0) ={x (0) (1),x (0) (2),...,x (0) (N); constructing a sample data sequence { α (j),.. (0) (1),x (0) (2),...,x (0) (n 1 ) -wherein parameter j=1, (N-M-L), N 1 =n-m+1-j, M and L are preset non-zero natural numbers;
in the model training step, respectively constructing a one-dimensional gray model based on the sample data sequence under different values of the parameter j, and predicting; taking a quantum key consumption predicted value based on the one-dimensional gray model as input, taking an actual quantum key consumption value as expected output, constructing a neural network, and training to form the gray neural network predicted model;
in the prediction precision test and actual test steps, determining the prediction precision Accurcy of the gray neural network prediction model by utilizing quantum key consumption actual values in the last M time intervals in the N time intervals and quantum key consumption predicted values in the last M time intervals predicted by the gray neural network prediction model; based on the prediction precision Accuracy, determining a quantum key consumption maximum gray value of a time interval next to the last 1 time intervals in the N time intervalsx m As a quantum key consumption predicted value for the next time interval.
Still further, the quantum key management method of the present invention may further include a model optimization step, wherein an actual value of quantum key consumption of the user node shared key pool in each time interval is saved, and the gray neural network prediction model is continuously optimized based on the actual value of quantum key consumption.
Further, the quantum key consumption maximum gray value x of the next time interval m =x/Accuracy, x is the quantum key consumption prediction value of the next time interval predicted to be output by the gray neural network prediction model.
Still further, the plurality of time intervals are consecutive in time; and/or the duration of the time interval is 1 or 2 hours; and/or, the value of M is 1 or 2; and/or the value of L is 4.
Preferably, the neural network is a BP neural network. Wherein the BP neural network may be trained by: initializing weight parameters and threshold parameters of the BP neural network; setting a learning rate, and generating network structure parameters through a preset random number; and training the BP neural network by a loop iteration method.
Further, calculating a difference value between the user node shared quantum key amount cached in the user node shared key pool and the quantum key consumption predicted value, and carrying out quantum key relay on the user node shared key pool when the difference value is smaller than or equal to a preset value.
Preferably, quantum key relay is performed on the user node shared key pool with the smallest difference value in order from small to large until the difference value is larger than the preset value.
Drawings
The following describes the embodiments of the present invention in further detail with reference to the drawings.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 schematically illustrates the principle of a prior art quantum key management method;
fig. 2 schematically shows an example of a quantum key management method according to the invention;
fig. 3 schematically illustrates a process in which a metropolitan area network trusted relay node outputs a user node shared quantum key to a key application device of the user node in a quantum key management method according to the present invention;
fig. 4 schematically illustrates the formation of a grey neural network predictive model for a shared key pool in accordance with the present invention.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following examples are provided by way of illustration to fully convey the spirit of the invention to those skilled in the art to which the invention pertains. Thus, the present invention is not limited to the embodiments disclosed herein.
The current metropolitan area network of quantum communication is divided into a metropolitan area network trusted relay node and a user node, one metropolitan area network can generally comprise several or more than ten centralized control station nodes (also called metropolitan area network trusted relay nodes) for relay of quantum keys, and adjacent trusted relay nodes are connected through quantum links. One trusted relay node may hang tens, or even hundreds of user nodes down. The metropolitan area network and the metropolitan area network are connected through a backbone quantum link to form a wide area quantum communication network.
Because each trusted relay node of a metropolitan area network needs to perform QKD communications with numerous user nodes that underlie it and with neighboring relay nodes, multiple QKD devices are typically required. The QKD devices of each relay node are managed by a key management system of the relay node, which provides configuration connection signals for the QKD devices, managing the quantum keys generated by the QKD devices. Each user node is typically configured with a QKD device that is managed by the user node's key management system. When a plurality of user nodes or adjacent relay nodes hung under the trusted relay node of the metropolitan area network have the quantum key distribution service requirement, the user nodes or the adjacent relay nodes adopt a queuing mechanism to obtain the quantum key distribution service of the trusted relay node of the metropolitan area network in turn, namely QKD equipment in the user nodes or the adjacent relay nodes are paired with the QKD equipment in the trusted relay node of the metropolitan area network in turn so as to carry out quantum key distribution and generate a shared key.
In the quantum key management method based on the trusted relay node sharing quantum key, a sharing quantum key (hereinafter referred to as a relay node sharing quantum key) can be generated among the trusted relay nodes of the metropolitan area network, and the relay node sharing quantum key is cached in a relay node sharing key pool, so that when a key application device requests the quantum key from the trusted relay node of the metropolitan area network through a user node, the trusted relay node of the metropolitan area network can timely output the relay node sharing quantum key for the key application device to use.
Fig. 2 shows an example of a quantum key management method according to the present invention. As shown in this example, relay node sharing quantum keys may be continuously generated between metropolitan area network trusted relay nodes by way of key relay, for example.
In order to reduce the complexity of key management and improve the real-time performance of secret communication, the quantum key management method of the invention also provides that a user node shared key pool is established between each metropolitan area network trusted relay node and the user node directly connected with the metropolitan area network trusted relay node and is used for caching the shared quantum key (hereinafter referred to as "user node shared quantum key") between the metropolitan area network trusted relay node and the user node directly connected with the metropolitan area network trusted relay node. For example, metropolitan area network trusted relay node a 0 Under-hanging with user node A 1 、A 2 、...、A n Then it can be at user node a 1 、A 2 、...、A n Respectively establishing a user node shared key pool A 0 A 1 、A 0 A 2 、...、A 0 A n Trusted relay node A in metropolitan area network 0 Establishing user node shared key pool A 0 A 1 、A 0 A 2 、...、A 0 A n . And the user node sharing key pools respectively formed in the trusted relay node and the user nodes of the metropolitan area network are used for caching the same user node sharing quantum keys. For example, in user node A 1 Shared key pool a for user nodes of (a) 0 A 1 The user nodes in the network share the quantum key and are also cached in the trusted relay node A of the metropolitan area network 0 Shared key pool a for user nodes of (a) 0 A 1 Is a kind of medium.
Under this arrangement, when quantum key secret communication is performed between two user nodes, if the metro network trusted relay node to which the two user nodes are directly connected is the same, the metro network trusted relay node may encrypt a second user node shared quantum key cached in a user node shared key pool between the first user node and the second user node by using the first user node shared quantum key cached in the user node shared key pool between the first user node and the first user node, so as to form encrypted data, and transmit the encrypted data to the first user node. The first user node can decrypt the encrypted data by using the first user node shared quantum key cached in the user node shared key pool between the first user node and the trusted relay node of the metropolitan area network, so as to obtain the second user node shared quantum key. Thus, the first user node and the second user node may communicate securely between the two using the second user node shared quantum key.
As an example, the first and second user nodes may be the destination user node and the initial user node, respectively, or vice versa.
As shown in the example of fig. 2, if the two user nodes directly connected metropolitan area network trusted relay nodes are not identical, then the first encrypted data and the second encrypted data may be formed by encrypting the first user node and the second user node using a shared key pool (i.e., "relay node shared key Chi") cached by the first user node and the first metropolitan area network trusted relay node, and the second user node shared quantum key between the second user node and the second metropolitan area network trusted relay node, respectively, and transmitting the first encrypted data and the second encrypted data to the first user node and the second user node, respectively. The first user node decrypts the first encrypted data by using the first user node sharing quantum key cached therein to obtain the relay node sharing quantum key, and the second user node decrypts the second encrypted data by using the second user node sharing quantum key cached therein to obtain the same relay node sharing quantum key. Thus, the first user node and the second user node may utilize the relay node shared quantum key for secure communication therebetween.
As an example, the first and second user nodes may be the destination user node and the initial user node, respectively, or vice versa.
Fig. 3 illustrates one example of a metropolitan area network trusted relay node outputting a relay node shared quantum key to a key application device of a user node.
As shown in fig. 3, a relay node sharing quantum key KAB is cached in a relay node sharing key pool between a first metropolitan area network trusted relay node a and a second metropolitan area network trusted relay node B, a first user node sharing quantum key KAc is cached in a user node sharing key pool between the first metropolitan area network trusted relay node a and a user node c hanging below the first metropolitan area network trusted relay node a, and a second user node sharing quantum key KBd is cached in a user node sharing key pool between the second metropolitan area network trusted relay node B and a user node d hanging below the second metropolitan area network trusted relay node B.
When the key application equipment of the user node c needs to carry out secret communication with the key application equipment of the user node d, the first metropolitan area network trusted relay node A carries out exclusive OR operation on the relay node shared quantum key KAB and the first user node shared quantum key KAc to form first encrypted data; the second metropolitan area network trusted relay node B performs exclusive or operation on the relay node shared quantum key KAB and the second user node shared quantum key KBd to form second encrypted data.
The first user node c obtains the first encrypted data and performs exclusive or operation on the first encrypted data by utilizing the first user node sharing quantum key KAc, so that the relay node sharing quantum key KAB is obtained through decryption, and the relay node sharing quantum key KAB is sent to key application equipment hung below the relay node sharing quantum key KAB.
The second user node d obtains the second encrypted data and performs exclusive or operation on the second encrypted data by using the second user node sharing quantum key KBd, so as to decrypt and obtain the relay node sharing quantum key KAB, and send the relay node sharing quantum key KAB to the key application device hung below.
Thus, the key application device under the first user node can perform secret communication with the key application device under the second user node by using the relay node sharing quantum key KAB.
Based on the above, according to the quantum key management method of the present invention, when the quantum key secret communication is performed between two user nodes, the user nodes do not need to participate in the quantum key relay process, so that the key management server only needs to manage the trusted relay node of the metropolitan area network, thereby greatly reducing the complexity of the key management server in terms of route management.
Because the user node suspended under each metropolitan area network trusted relay node needs to establish a user node shared key pool, the user node shared key pool in each metropolitan area network trusted relay node is also numerous. Therefore, in the quantum key management method of the present invention, management of the shared key pool of the user nodes is also considered.
As a simple management manner, the key storage space can be evenly distributed for each user node sharing the key pool in the trusted relay node of the metropolitan area network. Thus, the key management system connects the metro network trusted relay node and the QKD devices of each user node in turn, generating a user node shared quantum key for the user node shared key pool of both until the key storage space of each user node shared key pool is filled. And, the quantum key consumption of each user node shared key pool in each time interval is counted, for example, so as to generate a new quantum key for the user node shared key pool to supplement when the quantum key consumption is larger than a certain preset value.
However, in such a scheme for equally distributing the key storage space, there may occur a problem that the amount of the quantum key cached in the shared key pool of some user nodes is too large to occupy the key storage space unnecessarily, and at the same time, the amount of the quantum key cached in the shared key pool of some user nodes is insufficient to satisfy the consumption requirement, and needs to wait for the shared key generation.
Therefore, in order to solve the problem, the invention also provides a gray neural network prediction model for predicting the quantum key consumption of the user node shared key pool in the next time interval so as to adjust the shared quantum key amount of the user node shared key pool in advance when necessary.
Fig. 4 shows a process of forming a gray neural network prediction model according to the present invention. As shown in fig. 4, the gray neural network prediction model of the present invention can be formed by the steps of model data construction, model training, prediction accuracy test and actual test, model optimization, etc. to accurately predict the key consumption of the user node shared key pool in the next time interval. Therefore, whether the amount of the user node shared quantum key cached in the user node shared key pool is enough to meet the requirement of secret communication in the next time interval can be judged, and whether the user node shared key pool needs to be subjected to key relay to supplement the quantum key is determined.
The steps of model data construction, model training, prediction accuracy test and actual test and model optimization of the gray neural network prediction model of the present invention will be described below by taking a certain user node shared key pool as an example.
In the model data construction step, a plurality of time intervals i (i is 1., N, N is the number of samples) may be set, and the quantum key consumption X of the user node shared key pool on each time interval i is obtained (0) (i) A. The invention relates to a method for producing a fibre-reinforced plastic composite Thus, the original sequence X of the predictive model of the shared key pool of the user node is built (0) =(x (0) (1),x (0) (2),...,x (0) (N))。
According to the present invention, the plurality of time intervals are preferably set to be continuous in time and cover all the time periods within one day or one week or one month. Further, the duration of each time interval may be set to 1 or 2 hours.
Subsequently, the first N-M samples of the N samples are taken for model training, and the remaining M samples are used for prediction and testing the prediction accuracy of the model. As a preferred example, M may be 1 or 2.
For different time intervals j, different sample data sequences { α (j),., α (N-M) } = { x are constructed (0) (1),x (0) (2),...,x (0) (n 1 ) J=1, (N-M-L), n1=n-m+1-j. For example, M and L may have values of 2 and 4, respectively.
In the model training step, j takes different values, and a one-dimensional gray model is constructed based on the sample data sequence of j to conduct time sequence prediction. Then, taking the predicted values of the key consumption under different one-dimensional gray models as input, taking the actual values of the key consumption in the corresponding time intervals as expected output, constructing a neural network for training, so as to form a predicted model, and obtaining the predicted values output by the gray neural network predicted model.
As an example, the neural network may be a BP neural network. The process of training the BP neural network can be as follows: initializing weight parameters and threshold parameters of the BP neural network, setting learning rate, and generating network structure parameters through preset random numbers; and training the BP neural network by a loop iteration method.
In the prediction accuracy test and the actual test steps, the remaining M sample data x are utilized (0) (N-M+1)、...,x (0) And (N) and a predicted value thereof, and determining the prediction precision Accuracy of the gray neural network prediction model. Therefore, the maximum gray value of the key consumption amount for the next time interval can be determined according to the prediction Accuracy, and the maximum gray value is taken as the predicted value of the key consumption amount for the next time interval. Wherein the maximum gray value x of the key consumption of the next time interval m x/Accuracy, x is the predicted value of the key consumption of the next time interval output by the gray neural network prediction model.
As described above, the process of forming the gray neural network prediction model according to the present invention may further include a model optimization step for continuously optimizing the prediction model, thereby improving the accuracy of predicting the key consumption of the next time interval. For this purpose, the shared key pool of the user nodes can save the actual key consumption in each time interval and continuously optimize the prediction model implemented based on the gray neural network by taking the actual key consumption as a sample. By this point, it is easy for those skilled in the art to understand that each user node shared key pool in each metropolitan area network trusted relay node builds a prediction model based on the gray neural network, so as to be used for predicting the key consumption of the user node shared key pool in the next time interval. With the model optimization step, the prediction of the key consumption in the next time interval is more accurate with the continuous optimization of the prediction model.
In the invention, the similarity and complementarity of the gray system model and the neural network are fully utilized, the defects of the gray model and the neural network application are respectively solved, and a gray neural network prediction model for predicting the key consumption of a user node shared key pool is constructed based on the requirements and characteristics of quantum key management in quantum secret communication, so that the prediction of one-dimensional input samples can be accurately and conveniently realized.
Therefore, each metropolitan area network trusted relay node can calculate the difference between the quantum key quantity cached in the shared key pool of each user node and the predicted value of the key consumption, and quantum key relay is carried out on the key pool with the smallest difference value (the difference value is a negative number and is equivalent to the largest absolute value of the difference value) according to the order from small to large so as to supplement the quantum key to the key pool. And stopping the key relay of the key pool when the difference value between the cached quantum key quantity and the key consumption predicted value is larger than 0.
In the invention, the quantum key is automatically reserved for the underhung user node in the trusted relay node of the metropolitan area network, so that the quantum key output flow of the user node is simplified, and the user node does not participate in the key relay flow any more, thereby simplifying the network structure, reducing the complexity of route management and lowering the overall networking cost; the key management server only needs to calculate routes for the relay nodes, and does not calculate routes for a plurality of user nodes, so that the network performance is improved; in addition, the functions of the user node are simplified, the user node does not have the functions of key relay route receiving, key relay route and communication shared key management with different user nodes, and the user node does not need to store a large number of keys of other user nodes and only needs to store shared keys between the user node and the trusted relay nodes directly connected with the user node, so that the hardware configuration requirement of the user node is reduced, the hardware resource cost is saved, and the overall networking cost is reduced.
In addition, by establishing a gray neural network prediction model, accurate prediction of quantum key consumption of a next time interval of a shared key pool of user nodes is realized, so that the key stock of the key pool is similar to the actual key consumption of the next time interval, delay of quantum key encryption communication among users caused by adoption of real-time generation due to insufficient shared keys is avoided, freshness of keys is not reduced due to residual key stock, safety of the keys is influenced, and waste of the keys is avoided; moreover, the reliable relay node of the metropolitan area network can automatically reserve enough keys for each user node for the key output from the relay node to the user node, so that the congestion caused by the insufficient quantity of QKD devices due to the fact that the number of user nodes hung under the relay node is eliminated.
While the invention has been described in connection with the specific embodiments illustrated in the drawings, it will be readily appreciated by those skilled in the art that the above embodiments are merely illustrative of the principles of the invention, which are not intended to limit the scope of the invention, and various combinations, modifications and equivalents of the above embodiments may be made by those skilled in the art without departing from the spirit and scope of the invention.
Claims (12)
1. A quantum key management method based on a trusted relay node shared key, wherein the relay node shared quantum key is cached between the trusted relay nodes of a metropolitan area network;
establishing a user node shared key pool between the metropolitan area network trusted relay node and the user node directly connected with the metropolitan area network trusted relay node, wherein the user node shared key pool is used for caching the user node shared quantum key;
when secure communications are made between a first user node and a second user node:
if the first and second user nodes are directly connected with the same metropolitan area network trusted relay node, the same metropolitan area network trusted relay node outputs a second user node shared quantum key cached in a user node shared key pool between the first and second user nodes to the first user node, and the second user node shared quantum key is used for encrypting communication between the first and second user nodes;
and if the first user node and the second user node are respectively and directly connected with different first and second metropolitan area network trusted relay nodes, the first and second metropolitan area network trusted relay nodes respectively output a relay node sharing quantum key between the first metropolitan area network trusted relay node and the second metropolitan area network trusted relay node to the first user node and the second user node for encrypting communication between the first user node and the second user node.
2. The quantum key management method of claim 1, wherein:
when the first user node and the second user node are directly connected with the same metropolitan area network trusted relay node, the same metropolitan area network trusted relay node encrypts the second user node shared quantum key by using a first user node shared quantum key cached in a user node shared key pool between the first user node and the first user node to form encrypted data, and sends the encrypted data to the first user node, and the first user node decrypts the encrypted data by using the first user node shared quantum key to obtain the second user node shared quantum key; and/or the number of the groups of groups,
when the first metropolitan area network trusted relay node is different from the second metropolitan area network trusted relay node, the relay node sharing quantum key is used for encrypting a first user node sharing quantum key between the first user node and the first metropolitan area network trusted relay node and a second user node sharing quantum key between the second user node and the second metropolitan area network trusted relay node respectively to form first encrypted data and second encrypted data, the first encrypted data and the second encrypted data are sent to the first user node and the second user node respectively, the first user node decrypts the first encrypted data by using the first user node sharing quantum key to obtain the relay node sharing quantum key, and the second user node decrypts the second encrypted data by using the second user node sharing quantum key to obtain the relay node sharing quantum key.
3. The quantum key management method of claim 1, wherein the relay node sharing quantum key is generated between the metropolitan area network trusted relay nodes by means of key relay; and/or said encryption and decryption is achieved by means of an exclusive-or operation.
4. The quantum key management method of claim 1, further comprising the step of predicting quantum key consumption predictors in the user node shared key pool using a gray neural network predictive model.
5. The quantum key management method of claim 4, wherein the gray neural network predictive model is formed by a model data construction step, a model training step, and a predictive accuracy test and actual test step, wherein:
in the model data construction step, setting N time intervals, wherein N is the number of samples; obtaining the quantum key consumption actual value of the user node shared key pool in each time interval i as a sample x (0) (i) Wherein i is any natural number from 1 to N; construction of the original sequence X (0) ={x (0) (1),x (0) (2),…,x (0) (N); constructing a sample data sequence { a (j), …, a (N-
M)}={x (0) (1),x (0) (2),…,x (0) (n 1 ) (N-M-L), where the parameter j=1, …, (N-M-L), N 1 =n-m+1-j, M and L are preset non-zero natural numbers;
in the model training step, respectively constructing a one-dimensional gray model based on the sample data sequence under different values of the parameter j, and predicting; taking a quantum key consumption predicted value based on the one-dimensional gray model as input, taking an actual quantum key consumption value as expected output, constructing a neural network, and training to form the gray neural network predicted model;
in the prediction precision test and actual test steps, determining the prediction precision Accurcy of the gray neural network prediction model by utilizing quantum key consumption actual values in the last M time intervals in the N time intervals and quantum key consumption predicted values in the last M time intervals predicted by the gray neural network prediction model; based on the prediction precision Accuracy, determining a quantum key consumption maximum gray value x of a time interval next to the last 1 time intervals in the N time intervals m As a quantum key consumption predicted value for the next time interval.
6. The quantum key management method of claim 5, further comprising a model optimization step, wherein a quantum key consumption actual value of the user node shared key pool in each time interval is saved, and the gray neural network predictive model is continuously optimized based on the quantum key consumption actual value.
7. The quantum key management method of claim 5 wherein the quantum key consumption maximum gray value x for the next time interval m =x/Accuracy, x is the quantum key consumption prediction value of the next time interval predicted to be output by the gray neural network prediction model.
8. The quantum key management method of claim 5 wherein the plurality of time intervals are consecutive in time; and/or the number of the groups of groups,
the duration of the time interval is 1 or 2 hours; and/or the number of the groups of groups,
the value of M is 1 or 2; and/or the number of the groups of groups,
the value of L is 4.
9. The quantum key management method of claim 5 wherein the neural network is a BP neural network.
10. The quantum key management method of claim 9 wherein the BP neural network is trained by:
initializing weight parameters and threshold parameters of the BP neural network;
setting a learning rate, and generating network structure parameters through a preset random number; the method comprises the steps of,
and training the BP neural network by a loop iteration method.
11. The quantum key management method of any one of claims 4 to 10, wherein a difference between a user node shared quantum key amount cached in the user node shared key pool and the quantum key consumption predicted value is calculated, and quantum key relay is performed on the user node shared key pool when the difference is less than or equal to a preset value.
12. The quantum key management method of claim 11, wherein quantum key relay is performed on the user node shared key pool with the smallest difference in order from small to large until the difference is greater than the preset value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011628932.2A CN114697013B (en) | 2020-12-30 | 2020-12-30 | Quantum key management method based on trusted relay node shared key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011628932.2A CN114697013B (en) | 2020-12-30 | 2020-12-30 | Quantum key management method based on trusted relay node shared key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697013A CN114697013A (en) | 2022-07-01 |
| CN114697013B true CN114697013B (en) | 2024-03-26 |
Family
ID=82133801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011628932.2A Active CN114697013B (en) | 2020-12-30 | 2020-12-30 | Quantum key management method based on trusted relay node shared key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697013B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114944917B (en) * | 2022-07-21 | 2022-10-14 | 国开启科量子技术(北京)有限公司 | Method, apparatus, medium, and device for migrating virtual machines using quantum keys |
| WO2024164277A1 (en) * | 2023-02-09 | 2024-08-15 | 北京小米移动软件有限公司 | Security processing method and device for relay communication |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110086713A (en) * | 2019-04-17 | 2019-08-02 | 北京邮电大学 | It is a kind of to divide domain method for routing for wide area quantum key distribution network |
-
2020
- 2020-12-30 CN CN202011628932.2A patent/CN114697013B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109962773A (en) * | 2017-12-22 | 2019-07-02 | 山东量子科学技术研究院有限公司 | Wide area quantum cryptography networks data encryption method for routing |
| CN110086713A (en) * | 2019-04-17 | 2019-08-02 | 北京邮电大学 | It is a kind of to divide domain method for routing for wide area quantum key distribution network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697013A (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Feng et al. | Cooperative computation offloading and resource allocation for blockchain-enabled mobile-edge computing: A deep reinforcement learning approach | |
| CN110380844B (en) | Quantum key distribution method, equipment and storage medium | |
| CN108270557B (en) | Backbone network system based on quantum communication and relay method thereof | |
| WO2022073320A1 (en) | Methods and systems for decentralized federated learning | |
| CN114697013B (en) | Quantum key management method based on trusted relay node shared key | |
| CN104579964B (en) | A kind of quantum cryptography networks dynamic routing architecture system | |
| CN110601826B (en) | Self-adaptive channel distribution method in dynamic DWDM-QKD network based on machine learning | |
| WO2022138959A1 (en) | Collaborative learning system and collaborative learning method | |
| Zhao et al. | A novel prediction-based temporal graph routing algorithm for software-defined vehicular networks | |
| CN113515760B (en) | Horizontal federal learning method, apparatus, computer device, and storage medium | |
| CN109962773A (en) | Wide area quantum cryptography networks data encryption method for routing | |
| Zheng et al. | MEC-enabled wireless VR video service: A learning-based mixed strategy for energy-latency tradeoff | |
| Lam et al. | Opportunistic routing for vehicular energy network | |
| CN111491312A (en) | Method and equipment for predicting, allocating, acquiring and training neural network of wireless resources | |
| Xu et al. | Privacy-preserving intelligent resource allocation for federated edge learning in quantum Internet | |
| Liu et al. | Fine-grained offloading for multi-access edge computing with actor-critic federated learning | |
| CN114491616A (en) | Block chain and homomorphic encryption-based federated learning method and application | |
| Chen et al. | A quantum key distribution routing scheme for hybrid-trusted QKD network system | |
| Dervisevic et al. | Large-scale quantum key distribution network simulator | |
| Xu et al. | Stochastic resource allocation in quantum key distribution for secure federated learning | |
| Meng et al. | Intelligent routing orchestration for ultra-low latency transport networks | |
| CN114401085B (en) | Network architecture and key storage method of quantum secret communication network | |
| CN113837397B (en) | Model training method and device based on federal learning and related equipment | |
| CN114362936A (en) | Secret key relay method in communication network based on quantum secrecy | |
| Zheng et al. | Data-driven extreme events modeling for vehicle networks by personalized federated learning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |