CN114726515A - Quantum encryption communication method and corresponding communication system - Google Patents
Quantum encryption communication method and corresponding communication system Download PDFInfo
- Publication number
- CN114726515A CN114726515A CN202210306229.2A CN202210306229A CN114726515A CN 114726515 A CN114726515 A CN 114726515A CN 202210306229 A CN202210306229 A CN 202210306229A CN 114726515 A CN114726515 A CN 114726515A
- Authority
- CN
- China
- Prior art keywords
- quantum
- random number
- check value
- communication
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 195
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000001360 synchronised effect Effects 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims abstract description 5
- 230000005540 biological transmission Effects 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 7
- 230000006870 function Effects 0.000 abstract description 9
- 238000005516 engineering process Methods 0.000 description 4
- 239000013307 optical fiber Substances 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000005610 quantum mechanics Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000010287 polarization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Optical Communication System (AREA)
Abstract
The invention discloses a simple quantum encryption communication method and a simple quantum encryption communication system. The method of the invention comprises the following steps: generating a quantum random number sequence, and synchronously outputting the quantum random number sequence to two communication devices; the random number is checked between the two communication devices, the quantum key is selected from the quantum random number sequence in the same mode to carry out encryption communication, and the key can be remotely updated through a wired or wireless communication network. The invention adopts a quantum random number generator based on USB and synchronously outputting in two ways, can realize the synchronous and symmetrical distribution of local quantum keys between two communication devices with USB interfaces, uses the quantum keys for quantum encryption communication, and has the functions of calculating the hash value of the quantum keys for identity verification and remotely updating the quantum keys for encrypting and decrypting new keys by using old keys.
Description
Technical Field
The invention relates to a quantum encryption communication technology, in particular to a quantum encryption communication method and a quantum encryption communication system based on a USB plug-and-play type quantum random number generator.
Background
The only practical direction in quantum communication at present is quantum encryption communication based on Quantum Key Distribution (QKD). The quantum key distribution utilizes the quantum mechanics principle that the measurement of the polarization quantum state of photons can produce random results, and completely identical random binary keys are generated at the transmitting end and the receiving end. Meanwhile, the quantum inseparable principle and the unclonable theorem in quantum mechanics ensure that the key cannot be intercepted by any third party without perception in the distribution process, namely even if the key is intercepted or eavesdropped, the key can be found by the transmitting end and the receiving end immediately, only the key of the eavesdropped part needs to be discarded, the remaining key can be known only by the transmitting end and the receiving end, and the ' unknown in the day ' and only know me ' which are not limited by communication distance can be really realized.
Since the quantum key is a set of quantum truly random binary numbers, any length of the quantum key can be selected to be flexibly used for encryption of binary information with different lengths, namely 'quantum encryption'. Due to the true randomness of the quantum key, the ciphertext which cannot be decrypted can be realized by using the simplest algorithm (such as exclusive or) for encryption. According to the information theory, the random key can resist the cracking of any algorithm through the encryption mode of 'one-time pad', including quantum computing algorithm. Therefore, the ciphertext encrypted by the quantum key can be freely transmitted on the network without worrying about the risk of information leakage.
However, the practical quantum key distribution technology must rely on an optical fiber network and a relatively high-cost single photon transceiver, that is, the single photon of the transmitting terminal must travel through an optical fiber channel and be measured at the receiving terminal to generate a truly random quantum key. These limitations make quantum key distribution a "luxury good" that can only be used by high-end user groups, limiting its range of applications.
The invention is inspired by quantum key distribution technology, a low-cost scheme is used for generating a true random quantum key by a quantum random number generator, and the key is sent to two computers, smart phones or other mobile communication equipment terminals through a USB interface, so that local real-time synchronous quantum key distribution is realized. The secret key can be used as a pre-stored secret key, unconditional security encryption of one-time pad can be performed on communication contents when the computers or the intelligent mobile phone terminals are in remote communication, and identity authentication can also be performed by comparing the secret key through a hash function. Meanwhile, one computer or smart phone terminal can generate a new quantum key by using a quantum random number generator, and data encryption transmission is carried out on the new generated quantum key by using the last quantum key, and the new generated quantum key is remotely sent to other computers or smart phone terminals to complete key updating, so that the remote equivalent 'quantum key distribution' effect independent of optical fibers is achieved.
Disclosure of Invention
1. Purpose(s) to
In order to reduce the generation cost of quantum keys and expand the application range of quantum encryption communication, the invention provides a quantum encryption communication method and a communication system, wherein a portable USB dual-interface quantum random number generator and a matched quantum random number user terminal are utilized, the quantum random number generator can synchronously output quantum random numbers to each interface in real time, the user terminal can randomly select one part or all of the output quantum random numbers as quantum keys, can calculate the hash value of the quantum keys to perform identity authentication, uses encryption algorithms such as one-time pad, AES, SM4 and the like to perform data encryption, and uses an old key to perform remote quantum key updating and the like in a new key (KEK) encryption mode. The method of the invention can enable the user to use the quantum key for data encryption communication in a more flexible way with lower cost.
Specifically, the present invention provides a quantum cryptography communication method, comprising:
(1) generating a quantum random number sequence, and locally and synchronously outputting the quantum random number sequence to two communication devices in real time;
(2) the first communication equipment selects a quantum random number with a certain length from the quantum random number sequence, calculates to obtain a first check value, and sends the selection mode and the first check value to the second communication equipment;
(3) the second communication equipment performs random number selection from the quantum random number sequence based on the received quantum random number selection mode and the check value and calculates to obtain a second check value, the second communication equipment compares the first check value with the second check value, and if the first check value and the second check value are matched, quantum random number distribution is completed;
(4) and the first communication equipment and the second communication equipment select quantum keys from the quantum random number sequence in the same way to carry out encryption communication.
Further, the method also comprises a quantum key remote updating step (5), which comprises the following steps: (5.1) the first communication equipment calculates the quantum key check value of the first communication equipment and sends the quantum key check value to the second communication equipment; (5.2) the second communication equipment calculates the quantum key check value of the second communication equipment and compares the quantum key check value with the quantum key check value from the first communication equipment, if the matching is passed, the step (5.3) is carried out, otherwise, the communication is finished; (5.3) connecting the first communication equipment with a quantum random number generator, and selecting a new quantum random number sequence or a quantum key matched with the old quantum random number sequence or the quantum key in length from the quantum random number generator;
(5.4) the first communication device encrypting the new quantum random number sequence or the quantum key with the old quantum key;
(5.5) the first communication equipment sends the encrypted new quantum random number sequence or quantum key and the encryption algorithm to the second communication equipment, and the second communication equipment decrypts the data sent by the first communication equipment by using the old quantum key to obtain the new quantum random number sequence or quantum key;
(5.6) the second communication device calculates the check value of the new quantum random number sequence or the quantum key and sends the check value to the first communication device, the first communication device calculates the check value of the new quantum random number sequence or the quantum key and compares the check value with the check value from the first communication device, if the check value is matched with the check value, the quantum random number sequence or the quantum key is updated, and if not, the step (5.1) is returned. If the updated quantum random number sequence is the quantum random number sequence, the quantum random number sequence can be used as the selection basis of the quantum key, and if the updated quantum key is the quantum key, the quantum random number sequence is directly used as the key.
Further, the step (1) includes: a time synchronization instruction is transmitted to a second communication device by a first communication device, and the second communication device performs random number reception and storage in synchronization with the first communication device based on a received time synchronization signal.
Further, the check value is a hash value.
Further, the method comprises the steps of allowing a user to select an encryption algorithm and selecting quantum random numbers which are as long as target plaintext data or have a certain multiple or fractional relation from quantum random numbers to serve as quantum keys for quantum encryption before each communication.
On the other hand, the invention provides a quantum encryption communication system, which is characterized by comprising a quantum random number generator and at least two communication devices, wherein the quantum random number generator is used for generating a quantum random number sequence and synchronously distributing the quantum random number sequence to the communication devices, the first communication device is used for selecting a quantum random number with a certain length from the quantum random number sequence and calculating to obtain a first check value, and sending the selection mode and the first check value to the other communication devices, the other communication devices perform random number selection from the quantum random number sequence based on the received quantum random number selection mode and the check value and calculate to obtain a second check value, and the other communication devices compare the first check value with the second check value, and complete distribution of the quantum random number if the first check value is matched with the second check value.
Further, each communication device selects a quantum key from the quantum random number sequence in the same manner to perform encrypted communication.
Furthermore, the communication device has a quantum key updating function, when updating, the first communication device calculates a self quantum key check value and sends the check value to the other communication devices, the other communication devices calculate a self quantum key check value and match and confirm the quantum key check value from the first communication device to complete identity verification, the first quantum encryption communication device is connected with a quantum random number generator, selects a new quantum key with the length matching with the length of the old quantum key from the quantum random number generator, encrypts the new quantum key by using the old quantum key, the first communication device sends the encrypted new quantum key and an encryption algorithm to the other communication devices, the other communication devices decrypt data sent by the first communication device by using the old quantum key to obtain the new quantum key, and the other communication devices calculate the check value of the new quantum key and send the check value to the first communication device, the first communication device calculates a check value of the new quantum key and compares the check value with the check value from the first communication device, and if the check value matches the check value, the quantum key is updated.
Further, the quantum random number generator includes a quantum random number chip and a data interface chip, the quantum random number chip is used for generating a quantum true random binary number, the data interface chip is connected to at least two data transmission interfaces, at least one of the quantum random number chip and the data interface chip can send out a synchronous clock, the quantum random number generator is used for synchronously distributing quantum numbers to at least two communication devices, and preferably, the data transmission interfaces are USB interfaces.
Further, the system allows a user to select an encryption algorithm and select a quantum random number which is as long as target plaintext data or has a certain multiple or fractional relation from quantum random numbers as a quantum key for quantum encryption before each communication.
3. Advantages and effects
The invention is the effective supplement and extension of the quantum key distribution technology, and can solve the problem of 'last kilometer' between a quantum key distribution network and an end user. The invention has the following advantages:
(1) the communication method of the present invention does not rely on a fiber or free space quantum key distribution network. The two communication parties can firstly synchronously distribute the quantum random numbers as keys locally through the quantum random number generator with multi-path output. The quantum key can be updated by the remote quantum key updating scheme of the invention, and the quantum encrypted internet data transmission can be realized independently of the quantum key distribution network infrastructure.
(2) The quantum encryption communication method is low in implementation cost and good in commercialization prospect. The USB quantum random number generator does not need an expensive single photon transceiver necessary for a quantum key distribution terminal, and only needs a quantum random number chip with lower price, a main control chip and the like. The quantum random number encryption client software can be copied in batches, and the research and development cost is spread in a large range.
(3) The communication method can be executed on a common computer and a smart phone, is matched with a USB quantum random number generator, can also be independently executed on each network server terminal, is matched with a Quantum Key Distribution (QKD) terminal, and is used for managing the quantum key from the quantum key distribution terminal in the same way.
(4) By adopting the quantum random number updating method, the quantum key for generating the quantum key can be regularly and remotely updated under the condition of effectively ensuring the communication safety, so that the safety of quantum encryption communication is further improved. And the new key generation is not limited by distance and is not in inverse proportion to code rate and distance as the optical fiber quantum key distribution network.
(5) The USB quantum random number generator is used as a random number generation module with a single function, synchronously distributes quantum random numbers to 2 devices, and does not have any key data storage function. Compared with the scheme that the secret key is stored in an SIM card, a U disk and the like and the secret key is asynchronously distributed by using a storage medium, the method and the device can avoid the situation that the secret key is leaked due to the loss of the storage medium, and improve the safety in the use process of the quantum secret key.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a schematic diagram of a system for a USB quantum random number generator.
FIG. 2 is a schematic diagram of a USB quantum random number generator as a function of local synchronous distribution of quantum random numbers.
Fig. 3 is a schematic diagram of a quantum key performing one-time pad exclusive-or (XOR) encryption and decryption functions for binary data.
FIG. 4 is a flow chart of a USB quantum random number generator for quantum key authentication and remote quantum key update.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
The quantum encryption communication system comprises at least two quantum encryption communication devices and a quantum random number generator.
In this embodiment, the quantum random number generator is a USB-based quantum random number generator, and may also be a quantum random number generator based on other transmission interfaces. The core device of the USB quantum random number generator is two chips, one is a quantum random number chip, the other is a data interface chip, and referring to figure 1, the data interface chip is connected with at least two USB interfaces.
The quantum random number chip adopts the quantum optics principle, namely, a semiconductor photoelectric detection chip, a micro light source (such as an LED) and a micro light path are integrated into one chip, the photoelectric detection chip measures the quantum noise of weak light (<1uW) to generate random photocurrent, and the random photocurrent is reflected on the voltage of an output pin of the chip, namely, a high-low voltage random number (the high voltage is 0, and the low voltage is 1 or vice versa). The present invention includes, but is not limited to, chips that use optical methods to generate quantum random numbers.
The main control chip receives the random voltage generated by the quantum random number chip and sends the random voltage to each USB interface through the USB protocol code. The main control chip can use a central processing unit with a singlechip, a programmable gate array (FPGA) or a Reduced Instruction Set (RISC) structure, and is used for matching a quantum random number chip with any random number output rate. When the random number output rate of the quantum random number chip is less than 1Mbps, the singlechip can also be used as a main control chip. No matter the FPGA or the singlechip is used, the data interface function is realized by burning and solidifying programs. The invention includes but is not limited to using FPGA, RISC structure CPU and single chip as main control chip.
The USB port of the USB quantum random number generator can be any USB standard interface, namely, the USB port comprises but is not limited to common USB type-A interfaces of a PC desktop computer, a notebook computer, a vehicle-mounted computer and the like, and common USB type-C interfaces of a smart phone, a tablet computer and various internet of things terminals.
The quantum encryption communication device can adopt an independent communication device or realize a corresponding quantum encryption communication module by installing software capable of executing the method on the existing device through a method of installing software. For example, the implementation may be performed by a computer of a Windows or Linux system, a mobile terminal installed with a hong meng, android, or iOS system.
The quantum encryption communication device comprises a data encryption module, a communication module and a storage module. The quantum encryption communication equipment is used for receiving and storing quantum random numbers from the USB quantum random number generator, and selecting part or all of the quantum random numbers as quantum keys through user active selection or already selected settings.
The quantum encryption communication equipment can realize the following 3 quantum key use and management functions by matching with a USB quantum random number generator:
a) and selecting a quantum key from the quantum random number, and performing one-time pad encryption or quantum encryption of AES and SM4 algorithms on binary information. The encrypted ciphertext may be transmitted over a network via the communication module or used by other software internal to or associated with the communication device.
b) And connecting the USB quantum random number generator with two communication devices to perform local real-time synchronous distribution of the quantum random numbers, and selecting the quantum key from the quantum random numbers to realize local quantum key distribution.
c) And encrypting the new quantum key by using the old quantum key, and sending the new quantum key through the network to realize remote quantum key updating.
In addition, the quantum random number encryption client also has general functions of calculating the hash value of the quantum key, performing identity authentication and the like.
Next, a procedure of communication and a procedure of key update in the quantum cryptography communication system according to the embodiment of the present invention are described in detail.
1. Local real-time synchronous distribution of quantum keys
When the double USB ports of the USB quantum random number generator are connected to two devices simultaneously, the local real-time synchronized symmetric distribution of quantum random numbers can be realized by using the communication method executed on the quantum encryption communication device, as shown in fig. 2. The communication method may be implemented or executed in various ways, such as software, a mobile app, or a programmable device.
The local synchronous symmetric distribution process of the quantum random numbers is as follows:
(1) the user can select the quantum encryption communication device 1 as a master and the quantum encryption communication device 2 as a slave. The master control chip sends time synchronization command to the master control chip of the USB quantum random number generator, and the master control chip sends time synchronization signal to the slave. And when the slave receives the time synchronization signal, starting a random number storage mode and waiting for receiving the quantum random number.
(2) The master control chip sends a time synchronization signal and simultaneously returns a signal of ready state to the host. And after receiving the state ready signal, the host sends a data receiving instruction to the main control chip, and simultaneously starts a random number storage mode to wait for receiving the quantum random number.
(3) After receiving the data receiving instruction, the main control chip sends an instruction to the quantum random number chip to obtain the quantum random numbers, and synchronously sends the quantum random numbers to the two USB ports. And stopping sending the quantum random number when the length of the quantum random number reaches a set value in the data receiving instruction.
(4) The host machine selects a certain length from the received quantum random numbers and calculates the hash value of the quantum random numbers, and the selection mode and the hash value are sent to the slave machine through the master control chip. And the slave machine selects and calculates the hash value from the received quantum random number in the same way. And comparing the hash value with the hash value from the host, and if the comparison is passed, finishing the distribution of the quantum random number.
(5) The quantum encryption communication device 1 (master) and the quantum encryption communication device 2 (slave) select quantum keys from the quantum random numbers in the same manner (for example, the quantum random number of the first byte is used as a number), and thus local quantum key distribution is realized.
2. Quantum encrypted communication
The quantum encryption communication equipment selects a random number sequence with the length equal to that of data to be encrypted from the stored quantum random numbers as a quantum key according to user setting. The user can select an encryption algorithm between the quantum key and the data to be encrypted on the quantum random number encryption client, such as a simple exclusive-or-equal symmetric encryption algorithm, or a complex symmetric encryption algorithm such as AES, SM4 and the like. When the quantum key amount is sufficient, the quantum encryption communication device can select an unconditionally secure one-time pad method to perform XOR (exclusive or) encryption and decryption on plaintext data with the same key length, as shown in fig. 3.
For bit string a and bit string B of equal length, the xor algorithm has the following properties:
A XOR B=C
C XOR B=A
then, a group of quantum random numbers B are used as an encryption key, and exclusive OR calculation is carried out on the encryption key and the plaintext A to generate a ciphertext C. And then B is used as a decryption key, and is subjected to XOR calculation with the ciphertext C to be restored into a plaintext A. Similarly, the "one-time pad" method can also perform XNOR (same or) encryption and decryption on plaintext data with the same length as the key:
A XNOR B=C
C XNOR B=A
the quantum encryption communication equipment stores the encrypted ciphertext into a new data file, the file can be used by other software, can be sent to other quantum encryption communication equipment through a network, and is decrypted through a quantum key to complete quantum encryption communication.
In another preferred implementation manner, after the plaintext data is obtained, three parts of data are added to the plaintext data, which are respectively 1) a secondary encryption algorithm number, 2) a secondary key selection mode number, and 3) a quantum random number sequence change mode number. When data is processed, firstly, selecting and analyzing a secondary encryption mode number, a secondary key selection mode number and a quantum random number change mode number, selecting a secondary key from a quantum random number key pool according to the secondary key selection mode, and selecting a secondary encryption mode from an optional encryption mode algorithm; the quantum random number changing mode is used as a header of the plaintext data or as a hidden suffix of the plaintext data. Then, the secondary encryption mode code and the secondary key selection mode code are encrypted by using an old quantum key agreed by both communication parties to form a first data group, next, plaintext data (containing a quantum random number change mode header) is encrypted by using the secondary key according to a secondary encryption mode to obtain a second data group, the two data groups are combined together, and an interval identifier is arranged in the middle.
After receiving the data, the receiving device extracts the first data group and the second data group according to the interval identifiers, decrypts the first data group by using the old quantum key to obtain a secondary encryption mode code and a secondary key selection mode, obtains the secondary encryption mode according to a mapping table stored by the receiving device, selects the secondary key from the quantum random number sequence according to the secondary key selection mode, and decrypts the plaintext data. At the same time, the quantum random number changing mode is decrypted (if the changing mode is a hidden suffix or intermediate data hidden in the plain text, then the hidden data is extracted according to the convention mode, the changing mode is hidden in the plain text, the hidden position is the preset digit to the preset digit of the old quantum key or the new quantum key), the corresponding quantum random number is changed (for example, number exchange is carried out in a key pool, three digits per interval are added, and the like), the changed quantum random number is verified and a verification value is returned to the data sending end, the quantum random number is changed when the verification of the two is passed, thus, although the generated quantum random number is fixed, the key of the next communication depends on the result of the last communication, namely, the subsequent communication is linked with the previous communication in a chain manner, therefore, even if a certain communication information is intercepted, since it cannot know the change mode of the last change of the key, it cannot continuously perform decryption.
3. Identity authentication and quantum key remote updating based on quantum key
When both communication parties (a terminal a and a terminal B, where the terminal may refer to both the quantum encryption communication device itself and various types of devices and systems in which the quantum encryption communication device of the present invention is installed or connected) already have the same quantum key but need to update the quantum key, authentication and remote update of the quantum key can be performed through a network, and the process is as shown in fig. 4:
(1) the network terminal a sends a request for authentication to the terminal B through its quantum cryptography communication device. And the quantum encryption communication equipment of the terminal B calculates the hash value of the existing quantum key and sends the hash value to the terminal A.
(2) And the quantum encryption communication equipment of the terminal A calculates the hash value of the quantum key of the terminal A and compares the hash value with the hash value sent by the terminal B. If the comparison fails, the terminal B does not pass the identity authentication, and the communication is finished; if the comparison is passed, the terminal B passes the identity authentication, and the next step can be carried out.
(3) After the terminal B passes the identity authentication, the quantum encryption communication equipment of the terminal A acquires a new quantum random number sequence from the USB quantum random number generator, and integrates the quantum random number or selects a new quantum key with the same length as the old quantum key from the quantum random number sequence.
(4) The quantum encryption communication device of the terminal a encrypts a new quantum random number sequence or a new quantum key by using an old quantum key, and the encryption mode can be a simple exclusive-or, homological or equal symmetric encryption algorithm or a complex symmetric encryption algorithm such as AES and SM 4.
(5) And the terminal A sends the encrypted data to the terminal B (if all the quantum random number sequences are encrypted and sent, the selection mode is sent at the same time), and informs the terminal B of an encryption algorithm. And the terminal B decrypts the old quantum key by using the hand to obtain a new quantum random number sequence or a new quantum key.
(6) And the terminal B calculates the hash value of the new quantum key and sends the hash value to the terminal A. And the terminal A calculates the hash value of the new quantum key and compares the hash value with the hash value sent by the terminal B. And if the comparison fails, returning to the step (1) and starting from the step (1). And if the comparison is passed, the remote updating of the quantum key is completed, and the quantum encryption communication equipment on the terminal A and the terminal B update the quantum keys thereof.
In another implementation manner, the terminal a sends the encrypted quantum random number sequence to the terminal B, and when the quantum key needs to be updated, in the step (5), the terminal a sends the encrypted random number selection manner to the terminal B, and the quantum key update is completed only by updating the random number selection manner.
While the principles of the invention have been described in detail in connection with the preferred embodiments thereof, it will be understood by those skilled in the art that the foregoing embodiments are merely illustrative of exemplary implementations of the invention and are not limiting of the scope of the invention. The details of the embodiments are not to be interpreted as limiting the scope of the invention, and any obvious changes, such as equivalent alterations, simple substitutions and the like, based on the technical solution of the invention, can be interpreted without departing from the spirit and scope of the invention.
Claims (10)
1. A quantum cryptography communication method, comprising:
(1) generating a quantum random number sequence, and synchronously outputting the quantum random number sequence to at least two communication devices in real time;
(2) the first communication equipment selects a quantum random number with a certain length from the quantum random number sequence, calculates to obtain a first check value, and sends the selection mode and the first check value to the second communication equipment;
(3) the second communication equipment performs random number selection from the quantum random number sequence based on the received quantum random number selection mode and the check value and calculates to obtain a second check value, the second communication equipment compares the first check value with the second check value, and if the first check value and the second check value are matched, the quantum random number distribution is completed;
(4) and the first communication equipment and the second communication equipment select quantum keys from the quantum random number sequence in the same way to carry out encryption communication.
2. A quantum cryptography communication method according to claim 1, characterized in that it further comprises a quantum key update step (5) comprising:
(5.1) the first communication equipment calculates the quantum key check value of the first communication equipment and sends the quantum key check value to the second communication equipment;
(5.2) the second communication equipment calculates the quantum key check value of the second communication equipment and compares the quantum key check value with the quantum key check value from the first communication equipment, if the matching is passed, the step (5.3) is carried out, otherwise, the communication is ended;
(5.3) connecting the first communication equipment with a quantum random number generator, and selecting a new quantum random number sequence or a quantum key matched with the old quantum random number sequence or the quantum key in length from the quantum random number generator;
(5.4) the first communication device encrypting the new quantum random number sequence or the quantum key with the old quantum key;
(5.5) the first communication equipment sends the encrypted new quantum random number sequence or the encrypted quantum key and the encryption algorithm to the second communication equipment, and the second communication equipment decrypts the data sent by the first communication equipment by using the old quantum key to obtain the new quantum random number sequence as a new quantum key;
(5.6) the second communication device calculates the check value of the new quantum random number sequence or the quantum key and sends the check value to the first communication device, the first communication device calculates the check value of the new quantum random number sequence or the quantum key and compares the check value with the check value from the first communication device, if the check value is matched with the check value, the quantum random number sequence or the quantum key is updated, otherwise, the step (5.1) is returned, and preferably, the check value is a hash value.
3. A quantum cryptography communication method according to claim 1, wherein said step (1) comprises: a time synchronization instruction is transmitted to a second communication device by a first communication device, and the second communication device performs random number reception and storage in synchronization with the first communication device based on a received time synchronization signal.
4. The quantum encryption communication method according to claim 1, further comprising adding three parts of data to the plaintext data after the plaintext data is acquired, wherein the three parts of data are respectively 1) a secondary encryption algorithm number, 2) a secondary key selection mode number, and 3) a quantum random number sequence change mode number.
5. The quantum cryptography communication method according to claim 1, wherein the method comprises, before each communication, allowing a user to select an encryption algorithm and to select a quantum random number which is equal to or in a multiple or fractional relation with target plaintext data from among quantum random numbers as a quantum key for quantum cryptography.
6. A quantum encryption communication system is characterized by comprising a quantum random number generator and at least two communication devices, wherein the quantum random number generator is used for generating a quantum random number sequence and synchronously distributing the quantum random number sequence to the communication devices, a first communication device is used for selecting a quantum random number with a certain length from the quantum random number sequence and calculating to obtain a first check value, and sending the selection mode and the first check value to the other communication devices, the other communication devices perform random number selection from the quantum random number sequence based on the received quantum random number selection mode and the check value and calculate to obtain a second check value, the other communication devices compare the first check value with the second check value, and if the first check value and the second check value are matched, the quantum random number distribution is completed.
7. A quantum cryptography communication system according to claim 5, wherein each of said communication devices selects a quantum key from a sequence of quantum random numbers in the same manner for cryptographic communication.
8. The quantum encryption communication system according to claim 5, wherein the communication device has a function of remote quantum key update, the first communication device calculates its own quantum key check value and sends it to the other communication devices through the communication network during update, the other communication devices calculate its own quantum key check value and match and confirm it with the quantum key check value from the first communication device to complete identity verification, the first quantum encryption communication device is connected with the quantum random number generator, selects a new quantum key matching the old quantum key in length from the quantum random number generator, encrypts the new quantum key with the old quantum key, the first communication device sends the encrypted new quantum key and the encryption algorithm to the other communication devices, and the other communication devices decrypt the data sent by the first communication device with the old quantum key, and obtaining a new quantum key, calculating the check value of the new quantum key by other communication equipment and sending the check value to the first communication equipment, calculating the check value of the new quantum key by the first communication equipment and comparing the check value with the check value from the first communication equipment, and updating the quantum key if the check value is matched with the check value from the first communication equipment.
9. The quantum cryptography communication system of claim 7 wherein the quantum random number generator comprises a quantum random number chip for generating quantum true random binary numbers and a data interface chip connecting at least two data transmission interfaces, at least one of the quantum random number chip and the data interface chip being capable of issuing a synchronous clock, the quantum random number generator being adapted to synchronously distribute quantum numbers to at least two communication devices, preferably the data transmission interfaces being USB interfaces.
10. The quantum cryptography communication system according to claim 8, wherein the system allows a user to select the cryptographic algorithm and select a quantum random number which is equal to or in a multiple or fractional relation with target plaintext data from the quantum random numbers as the quantum key for quantum cryptography before each communication, and preferably, three parts of data are added to the plaintext data, which are respectively 1) a secondary cryptographic algorithm number, 2) a secondary key selection mode number, and 3) a quantum random number sequence change mode number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210306229.2A CN114726515A (en) | 2022-03-25 | 2022-03-25 | Quantum encryption communication method and corresponding communication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210306229.2A CN114726515A (en) | 2022-03-25 | 2022-03-25 | Quantum encryption communication method and corresponding communication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114726515A true CN114726515A (en) | 2022-07-08 |
Family
ID=82239971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210306229.2A Pending CN114726515A (en) | 2022-03-25 | 2022-03-25 | Quantum encryption communication method and corresponding communication system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114726515A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610452A (en) * | 2009-07-15 | 2009-12-23 | 西安西电捷通无线网络通信有限公司 | A kind of sensor network is differentiated the fusion method with key management mechanism |
| CN108683501A (en) * | 2018-03-01 | 2018-10-19 | 如般量子科技有限公司 | Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number |
| CN113468582A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Anti-quantum computing encryption communication method |
| CN214591472U (en) * | 2021-05-13 | 2021-11-02 | 杭州舜时科技有限公司 | Portable quantum random number generating device |
| CN114070579A (en) * | 2021-09-26 | 2022-02-18 | 国网浙江省电力有限公司绍兴供电公司 | Industrial control service authentication method and system based on quantum key |
| CN114124388A (en) * | 2022-01-27 | 2022-03-01 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
-
2022
- 2022-03-25 CN CN202210306229.2A patent/CN114726515A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101610452A (en) * | 2009-07-15 | 2009-12-23 | 西安西电捷通无线网络通信有限公司 | A kind of sensor network is differentiated the fusion method with key management mechanism |
| CN108683501A (en) * | 2018-03-01 | 2018-10-19 | 如般量子科技有限公司 | Based on quantum communication network using timestamp as the multiple identity authorization system and method for random number |
| CN214591472U (en) * | 2021-05-13 | 2021-11-02 | 杭州舜时科技有限公司 | Portable quantum random number generating device |
| CN113468582A (en) * | 2021-07-26 | 2021-10-01 | 永旗(北京)科技有限公司 | Anti-quantum computing encryption communication method |
| CN114070579A (en) * | 2021-09-26 | 2022-02-18 | 国网浙江省电力有限公司绍兴供电公司 | Industrial control service authentication method and system based on quantum key |
| CN114124388A (en) * | 2022-01-27 | 2022-03-01 | 济南量子技术研究院 | Gossip protocol synchronization method based on quantum key |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109495274B (en) | Decentralized intelligent lock electronic key distribution method and system | |
| CN101291224B (en) | Method and system for processing data in communication system | |
| CN108282329B (en) | Bidirectional identity authentication method and device | |
| JP2019533384A (en) | Data transmission method, apparatus and system | |
| US20050154896A1 (en) | Data communication security arrangement and method | |
| CN109525390B (en) | Quantum key wireless distribution method and system for terminal equipment secret communication | |
| CN108989309B (en) | Encryption communication method and encryption communication device based on narrow-band Internet of things | |
| CN103595718A (en) | POS terminal and method, system and service platform for activating same | |
| CN107993073B (en) | Face recognition system and working method thereof | |
| CN108696518B (en) | Block chain user communication encryption method and device, terminal equipment and storage medium | |
| CN113114460B (en) | Quantum encryption-based power distribution network information secure transmission method | |
| GB2585170A (en) | Oblivious pseudorandom function in a key management system | |
| CN101247605A (en) | Short information enciphering and endorsement method, mobile terminal and short information ciphering system | |
| CN104883677A (en) | Equipment communication connection method, apparatus and system | |
| JP5766780B2 (en) | Cryptographic communication method between devices and data communication method using the same | |
| CN107465665A (en) | A kind of file encryption-decryption method based on fingerprint identification technology | |
| CN105208005A (en) | Fingerprint authentication method, connection equipment and terminal equipment | |
| CN104579679A (en) | Wireless public network data forwarding method for rural power distribution network communication equipment | |
| KR102135710B1 (en) | Hardware secure module | |
| CN114070614A (en) | Identity authentication method, device, equipment, storage medium and computer program product | |
| US20220231852A1 (en) | Neighbor awareness networking password authentication | |
| US20070005966A1 (en) | Derivation of a shared keystream from a shared secret | |
| CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
| Wang et al. | Controlled secure direct communication with seven-qubit entangled states | |
| Yin et al. | Two-step efficient quantum dialogue with three-particle entangled W state |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |