CN115085919B - Vulnerability detection method and device for quantum secret communication system calibration process - Google Patents
Vulnerability detection method and device for quantum secret communication system calibration process Download PDFInfo
- Publication number
- CN115085919B CN115085919B CN202210767407.1A CN202210767407A CN115085919B CN 115085919 B CN115085919 B CN 115085919B CN 202210767407 A CN202210767407 A CN 202210767407A CN 115085919 B CN115085919 B CN 115085919B
- Authority
- CN
- China
- Prior art keywords
- signal
- signal light
- light
- synchronous
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000001514 detection method Methods 0.000 title claims abstract description 39
- 238000004891 communication Methods 0.000 title claims abstract description 17
- 230000001360 synchronised effect Effects 0.000 claims abstract description 70
- 238000012545 processing Methods 0.000 claims abstract description 69
- 238000002360 preparation method Methods 0.000 claims abstract description 4
- 230000003287 optical effect Effects 0.000 claims description 18
- 238000004458 analytical method Methods 0.000 claims description 16
- 230000010287 polarization Effects 0.000 claims description 8
- 230000006641 stabilisation Effects 0.000 claims description 3
- 238000011105 stabilization Methods 0.000 claims description 3
- 230000001934 delay Effects 0.000 claims description 2
- 230000003111 delayed effect Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 7
- 238000005259 measurement Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000005610 quantum mechanics Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 239000010985 leather Substances 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Photometry And Measurement Of Optical Pulse Characteristics (AREA)
- Optical Communication System (AREA)
Abstract
A vulnerability detection method for a quantum secret communication system calibration process introduces an attack device for a delay scanning step into quantum channels of legal communication parties by simulating the behavior of an attacker, and the process is as follows: a) Before the QKD system is started, cutting off a quantum channel at the Alice end of a key information transmitter, accessing an attack device into the quantum channel, and then starting the QKD system; b) Separating synchronous light and signal light output by a quantum channel interface of an Alice terminal; c) Triggering preparation of a specific signal light processing signal by using 50% of synchronous light by using a synchronous light triggering module; d) Adjusting the separated signal light by utilizing the level change of the signal light processing signal; e) The adjusted signal light and the other part of synchronous light are converged and input to a quantum channel port of the Bob end together; f) The gate signal selection case for each detector of the QKD system is compared.
Description
Technical Field
The invention belongs to the technical field of quantum secret communication, and particularly relates to a vulnerability detection method and device for a quantum secret communication system calibration process.
Background
Nowadays, public key cryptography in cryptography is widely used because of the easy generation and distribution of key pairs. However, it should be noted that the security of public key cryptography algorithms is based on non-provable computational assumptions, which merely consider that under the current computing power, it is highly likely that it cannot be broken. However, the computational complexity assumption is not a solid security foundation that can be relied upon permanently. Several cryptosystems known in the prior public key cryptosystem such as RSA, rabin, ELGamal are based on two more difficult mathematical problems, a large prime number decomposition problem and a solution to discrete logarithm problem. However, after the Shor algorithm in 1996, these difficult-to-crack problems may be cracked by quantum computers in the future. Therefore, the classical cryptographic system based on mathematical calculation assumption is replaced by the quantum cryptographic technology based on the basic physical principle of quantum mechanics, and becomes an important strategic measure.
The most typical quantum cryptography is quantum key distribution (Quantum Key Distribution, QKD), which is a "quantum key distribution" BB84 protocol based on quantum mechanics measurement principles, which fundamentally ensures the security of the key. QKD protocols in optical systems transport information through four quantum states. It solves an important problem that is difficult to solve in classical cryptography: the symmetric key pair is securely distributed over an unsecure channel to both legitimate communication parties. The QKD utilizes the unclonable principle of quantum physics to ensure that a key taking a quantum state as a carrier is unconditionally and safely distributed to legal users on an unsafe channel, and combines an unconditionally and safely one-time pad encryption algorithm to ensure unconditionally and safely transmission of information. QKD has been rapidly developed in its full scale because of its remarkable advantages in terms of security over classical cryptography, making it attractive for quantum information technology leather. With the continuous development of quantum cryptography, researchers find that many differences exist between theory and practice in the experimental and practical processes. In particular, this is due to the inclusion in the security certificate of a series of assumptions that the quantum cryptography system needs to meet and an abstract mathematical model of the actual device, however these assumptions and models are likely to be mismatched with the actual device. For example, some security assumptions are not met in practice; or the model may not fully describe a true QKD device. In the standard preparation-measurement QKD system architecture, it is assumed that an eavesdropper (Eve) is able to access the quantum channel only with permission, but cannot enter the preparation and emission party (Alice) and the quantum state receiving and detection party (Bob) of the quantum state. In practice Eve can steal keys through quantum channels and exploiting security holes of the system.
Since the advent of prototype systems developed according to QKD protocols, quantum hackers began to exploit possible vulnerabilities at both the quantum information sender and receiver. For these prototype systems, there are several relatively well-known attack patterns: photon number splitting attack (Photon-number splitting attack), time-shift attack (Time-shift attack), blind attack (imaging attack), etc. Meanwhile, due to the significant advantages of QKD over classical cryptography in terms of security, commercial QKD systems based on various QKD protocols and coding schemes are also continually being developed. Commercial QKD systems are also being shielded against the aforementioned attacks. Nevertheless, quantum hackers can still mine some unknown security vulnerabilities in these commercial QKD systems. Holes in the QKD system calibration phase have been continuously discovered in recent years. In the commercialization of QKD systems, a series of calibration steps are typically performed prior to the actual key distribution in order to ensure the stability of the overall key distribution process. The calibration stage can enable all instruments of the system to reach proper working states, and system parameters are set to reasonable values. In general, the calibration phase of a commercial QKD system typically includes steps such as time-lapse scanning, polarization feedback, synchronization correction, and the like. The existence of a commercial QKD system calibration process plays a critical role, but also provides some discoverable vulnerability for an attacker. An attacker can use the irrational principle of operation of certain stages in the calibration process, and by changing the intensity, the phase, the polarization state and the like of the signal light transmitted to Bob, the error of instrument and various parameter settings is possible, thereby influencing the security in the follow-up formal key distribution process.
Disclosure of Invention
Aiming at the possible security holes in the calibration step, the invention provides a hole detection method and a device for the calibration process of a quantum secret communication system, which introduce an attack device for the delay scanning step into quantum channels of legal communication parties by simulating the behavior of an attacker, delay half of signal light, and judge whether the QKD system has holes in the calibration stage according to the gate signal selection result of an instrument after the delay scanning step is finished.
The technical scheme provided by the invention is a vulnerability detection method for a quantum secret communication system calibration process, an attack device is implemented by simulating the attack behavior of an attacker, and the process is as follows:
a) And cutting off a quantum channel at the Alice end of the key information transmitter.
B) And separating synchronous light and signal light output by the quantum channel interface at the Alice end.
C) A portion of the synchronized light trigger is used to prepare a particular signal light processing signal.
D) And adjusting the separated signal light by utilizing the signal light processing signal.
E) And collecting the adjusted signal light and the other part of synchronous light, and inputting the signal light and the other part of synchronous light into a quantum channel port of the Bob end.
F) And comparing the gate signal selection conditions of each detector of the QKD system after the delay scanning steps under the normal and attack of the calibration stage are finished.
The connection and parameter adjustment of the leak detection apparatus are generally performed before the QKD system is operated, and before the QKD system is operated.
In the above, B) and E), the two types of light are generally separated or collected by utilizing the wavelength characteristics of the synchronization light and the signal light.
In the above, C), the specific signal light processing signal is generally generated by using the frequency characteristic of the synchronous light signal.
In the above step C), the signal light processing signal is generally a square wave signal, and the frequency of the signal light processing signal should consider whether the QKD system has dead time and the influence of the synchronous light and the signal light frequency of the system on the signal light processing signal, and the parameter determining process of different quantum states in the calibration process should be covered in one period of the signal light processing signal.
In the above step C), the duty ratio of the prepared signal light processing signal should be adjusted according to the actual error of the attack device, and is ideally 50%.
In the above step C), the high and low levels of the prepared signal light processing signals should be modulated according to the signal light processing mode.
In the above-mentioned D), about half of the signal light after the processing should be delayed.
In the above-mentioned step D), if there is an error in the polarization state of the processed signal light, the signal light should be corrected.
In the above, F), if any one of the detectors selects a different gate signal loading position than in the normal operation, it is considered that a leak exists in the delay scanning step in the calibration process of the QKD system, and if the leak does not exist, the whole steps a) to F) are repeated. If the vulnerability is still not present after X repetitions, then the delay scanning step in the QKD system calibration phase is deemed to be vulnerability free.
A vulnerability detection device for a quantum secret communication system calibration process, wherein the operation stability of a commercial QKD system depends on the existence of the calibration process, and the vulnerability detection device comprises a vulnerability detection device which comprises a plurality of modules. And judging whether the commercial QKD system has a leak in the calibration process or not according to the function of each module and the result of the delay scanning step of the calibration stage.
The vulnerability detection device comprises: the device comprises a frequency division and combination module, a synchronous light triggering module, a signal light processing module and a result analysis module.
And the frequency division and combination module is used for: the device is used for connecting the Alice end quantum channel port, the synchronous light triggering module, the signal light processing module and the Bob end quantum channel port, separating synchronous light and signal light output by the Alice end, and collecting the synchronous light output by the synchronous light triggering module and the processed signal light output by the signal light processing module. The frequency division and combination module is generally composed of two DWDM, each DWDM is generally composed of a COM port and two ports with corresponding wavelengths, the COM ports of the two DWDM are responsible for being connected with quantum channel interfaces of an Alice end and a Bob end, the ports with the corresponding wavelengths in each DWDM are respectively corresponding to the wavelengths of synchronous light and signal light of the system, the ports with corresponding synchronous light wavelengths are responsible for being connected with input and output ports of the synchronous light triggering module, and the ports with corresponding signal light wavelengths are responsible for being connected with input and output ports of the signal light processing module.
And the synchronous light triggering module is used for: and the separated synchronous light is utilized to trigger and generate a signal light processing signal of the signal light processing module through one part of the synchronous light, and the other part of the synchronous light can still ensure the synchronous work of the whole QKD system to be tested. The signal light processing signal is generally generated by an arbitrary wavelength generator using a frequency characteristic of synchronous light stabilization. The waveform, frequency and duty ratio of the signal are adjusted according to the specific characteristics of the system, and the parameter determination process of different quantum states in the calibration process is covered in one period.
And the signal light processing module is used for: and processing signals by utilizing the separated signal light through the signal light output by the synchronous light triggering module, and delaying half of the signal light. The specific value of the applied delay is determined by the movable time resolution of the gate signal of the system under test. The particular method of applying the delay depends on the particular device employed. The use of different devices may involve different errors.
And a result analysis module: the result analysis module can be implemented by a computer, and needs to obtain the gate signal loading position condition selected by each detector in the QKD system in real time after the delay scanning step of the QKD system calibration process is completed. Judging whether a loophole exists in the delay scanning step in the calibration process of the QKD system according to the selection condition of the door signal loading positions of all the detectors, and if the door signal loading position of any one detector is different from the door signal loading position in the normal operation, judging that the loophole exists in the delay scanning step in the calibration process. If the vulnerability is not detected in one operation, an instruction for repeatedly executing the whole detection process needs to be sent. So that the QKD system and the vulnerability detection apparatus repeatedly perform the vulnerability detection process once. If the loophole is still not detected after repeating for a certain number of times, the system to be tested is considered to have no loophole of the delay scanning step in the calibration process.
The beneficial effects are that: since all the operation flows of commercial QKD systems employing BB84 protocol based on polarization encoding basically include a calibration step such as delay scanning, some existing security assumptions cannot be satisfied in practice; an eavesdropper (Eve) cannot enter the preparation and emission party (Alice) of the quantum state and the quantum state receiving and detection party (Bob) as long as it can have authority to contact the quantum channel. The invention provides a vulnerability detection method and a vulnerability detection device for a quantum secret communication system calibration process, which are characterized in that an attack device for a delay scanning step is introduced into quantum channels of legal communication parties through simulating the behavior of an attacker, half of signal light is subjected to delay processing, and whether the QKD system has a vulnerability in a calibration stage is judged according to a gate signal selection result after the delay scanning step is finished.
Description of the drawings:
FIG. 1 is a schematic diagram of a frequency division and combination module;
FIG. 2 is a schematic diagram of a synchronous light processing module;
fig. 3 is a schematic diagram of a signal light processing module 1;
fig. 4 is a schematic diagram of the signal light processing module 2;
fig. 5 is an overall schematic diagram of the leak detection apparatus.
The specific embodiment is as follows:
in order to facilitate the user to better use the attack detection device, the whole schematic diagram of the leak detection device is combined with the specific structural diagram of each module: the actual use process is described with reference to fig. 1, 2, 3, 4 and 5. Two different signal light processing modules are shown in fig. 3 and 4, and both modules can be applied in fig. 5.
A) Firstly, connecting a computer of a result analysis module with Alice and Bob, normally operating a calibration process of a system to be tested once, obtaining the door signal loading position of each detector, recording the door signal loading position in a control computer of the result analysis module, obtaining quantum channel interfaces of Alice ends and Bob ends of both communication parties through the explanation of equipment manufacturers, and cutting off the connection of the quantum channel interfaces. And meanwhile, setting the detection repetition number in the result analysis module as X.
B) The modules are connected in an integral connection according to fig. 5, wherein,
the COM port 1 of a frequency division and combination module of the leak detection device is connected with a quantum channel interface of an Alice end, and the synchronous optical interface 2 and the signal optical interface 3 of the frequency division and combination module are respectively connected with the 1 port of the synchronous optical trigger module shown in fig. 2 and the 1 port of the signal optical processing module shown in fig. 3 and 4.
And then the COM port 1 of the other frequency division and combination module is connected with the quantum channel interface of the Bob end, and the synchronous optical interface 2 and the signal optical interface 3 of the frequency division and combination module are respectively connected with the synchronous optical trigger module 2 shown in the second figure and the signal optical processing module 3 shown in the third figure and the fourth figure.
Finally, the 3 ports of the synchronous optical processing module shown in fig. 2 are connected with the 2 ports of the signal optical processing module shown in fig. 3 and 4.
C) After all the modules are connected, the time resolution of the door signal movement of the system to be tested is delta t according to the description of the equipment manufacturer. Setting each instrument parameter in the signal light processing module, wherein,
if a signal light processing module as shown in fig. 3 is used, the length of the optical fiber added on the CH1 line is adjusted to be Δt×3×10 8 . The polarization control value of the electric polarization controller is set by the control computer to counteract the influence of the added optical fiber on the polarization state of the signal light. And (3) inputting laser from the 1 port of the signal light processing module shown in fig. 3 by using a laser, and respectively detecting by using a light intensity detector to obtain the output light intensities of the CH1 port and the CH2 port, so as to obtain the ratio of the CH2 output light intensity to the CH1 output light intensity as CH2:CH1=eta.
If a signal light processing module as shown in fig. 4 is used, the delay of the optical switch is set to Δt by controlling the computer.
D) After the instrument parameters of the signal light processing module are set, the instrument parameters of any waveform generator in the synchronous light triggering module are set, wherein,
and obtaining parameters such as dead time of a system to be tested, frequency of synchronous optical signal light and the like according to the instructions of equipment manufacturers, and determining a period value according to the parameters, wherein the period value needs to meet the parameter determination process capable of covering different quantum states in the calibration process, and setting cycle to be 1, namely generating a square wave signal by triggering each time.
The high-low level requirements for adding different delays to the signal light are known according to the optical switch and the instrument parameters of the electric control delay device shown in fig. 3 and 4, in this example, when the input voltage of the 2-port of the signal light processing module shown in fig. 3 is at a low level, the signal light is output from CH1, and when the input voltage is at a high level, the signal light is output from CH 2. When the input voltage of the 2-port of the signal light processing module shown in fig. 4 is at a low level, the delay of the signal light is Δt, and when the input voltage is at a high level, the delay of the signal light is 0. The high and low levels of the arbitrary waveform generator are set to the high and low levels required in the corresponding instrument parameters.
If the signal light processing module shown in fig. 3 is used, the duty ratio of the output signal of the arbitrary waveform generator is set to η. If a signal light processing module as shown in fig. 4 is used, the duty ratio of the output signal of the arbitrary waveform generator is set to 0.5.
E) After the instrument parameters in the above steps C) and D) are set, all instruments of all modules of the leak detection device except for the arbitrary waveform generator of the synchronous light trigger module shown in fig. 2 are started, the system to be tested is started again, the system to be tested enters a calibration process according to a normal operation flow, after the calibration process is finished, the result analysis module records the door signal loading positions of each detector of the system to be tested, and the recorded result is the door signal loading position of the system to be tested in the normal operation state.
F) After the recording of the measurement results of the normal door signal loading positions in the E) is completed, starting all instruments of all modules of the leak detection device, restarting the system to be tested, enabling the system to be tested to enter a calibration process according to a normal operation flow, and recording the door signal loading positions of all detectors of the system to be tested by a result analysis module after the calibration process is finished.
G) The door signal loading position of each detector as recorded by the result analysis module in the F), wherein,
if the door signal loading position of any one detector is different from the door signal loading position under normal operation recorded in the result analysis module, the system to be tested is considered to have a loophole of a delay scanning step of the calibration process. The vulnerability detection device stops detecting and the QKD system stops running.
If the door signal loading positions of all the detectors are the same as the door signal loading positions under normal operation recorded in the result analysis module and the times of repeating the steps F) and G) are less than X, the result analysis module gives an instruction and repeats the steps F) and G). If the times of repeating the steps F) and G) are greater than or equal to X, the system to be tested is considered to have no loopholes of the delay scanning step in the calibration process, the detection of the loophole detection device is stopped, and the QKD system stops running.
The detection repetition number X in the A) can be flexibly adjusted according to the test scene, and the hardness requirement is avoided.
The control computer in the signal light processing module shown in fig. 3 and 4 may be theoretically the same as the control computer in the result analysis module. The invention may be properly understood with reference to the drawings.
Claims (4)
1. A leak detection method for a quantum secret communication system calibration process is characterized in that an attack device for a delay scanning step is introduced into quantum channels of legal communication parties by simulating the behavior of an attacker, and the process is as follows:
a) Before a quantum key distribution QKD system is started, cutting off a quantum channel at the Alice end of a key information transmitting party, accessing an attack device into the quantum channel, and then starting the QKD system;
b) Separating synchronous light and signal light output by a quantum channel interface of an Alice terminal;
c) Triggering preparation of a specific signal light processing signal by using 50% of synchronous light by using a synchronous light triggering module; c) Triggering and generating a specific signal light processing signal by utilizing the frequency characteristic of the synchronous light signal; the signal light processing signals processed by the signal light processing module are square wave signals, the frequency of the signal light processing signals is considered whether dead time exists in the QKD system or not, the influence of synchronous light and signal light frequency of the system on the QKD system is considered, and the parameter determining process of different quantum states in the calibration process is covered in one period; and the synchronous light triggering module is used for: generating a signal light processing signal of the signal light processing module by using the separated synchronous light through 50% of synchronous light triggering, wherein the synchronous light of 50% still can ensure the synchronous work of the whole QKD system to be detected; the signal light processing signal is generated by an arbitrary wavelength generator by utilizing the frequency characteristic of synchronous light stabilization; the waveform, frequency, duty ratio and high and low levels of the signals are adjusted according to the specific characteristics of the QKD system, and the parameter determination process of different quantum states in the calibration process is covered in one period of the signals;
the signal light processing module processes signals by utilizing the separated signal light and through the signal light output by the synchronous light triggering module, and delays half of the signal light; the specific value of the applied delay is determined by the movable time resolution of the gate signal of the system to be tested;
c) The duty ratio of the prepared signal light processing signal is adjusted according to the actual error of the attack device, and is 50% in an ideal state; c) The high and low levels of the prepared signal light processing signals are modulated according to the signal light processing mode;
d) The time delay change of the separated signal light after being output from the signal light processing module is adjusted by utilizing the level change of the signal light processing signal; d) Half of the processed signal light is delayed; if the processed signal light has the error of polarization state, the processed signal light should be corrected;
the method comprises the steps that a frequency division and combination module is used for connecting an Alice end quantum channel port, a synchronous light triggering module, a signal light processing module and a Bob end quantum channel port, separating synchronous light and signal light output by the Alice end, and collecting the synchronous light output by the synchronous light triggering module and the signal light output by the signal light processing module after processing; the frequency division and combination module consists of two dense optical wave multiplexing DWDM, each DWDM consists of a COM port and two ports with corresponding wavelengths, the COM ports of the two DWDM are responsible for being connected with quantum channel interfaces of an Alice end and a Bob end, the ports with the corresponding wavelengths in each DWDM are respectively corresponding to the wavelengths of synchronous light and signal light, the ports with the corresponding synchronous light wavelengths are responsible for being connected with an input/output port of the synchronous light triggering module, and the ports with the corresponding signal light wavelengths are responsible for being connected with an input/output port of the signal light processing module;
e) The adjusted signal light and the other part of synchronous light are converged and input to a quantum channel port of the Bob end together;
f) After the delay scanning steps under the normal and attack of the calibration stage are finished, comparing the gate signal selection conditions of each detector of the QKD system; f) If any detector selects a gate signal loading time different from that of normal operation, a loophole exists in a delay scanning step in the calibration process of the QKD system, and if the loophole does not exist, the whole steps A) to F) are repeated; if the vulnerability still does not exist after the X times of repetition, the vulnerability is considered to exist in the delay scanning step in the QKD system calibration stage; acquiring the gate signal loading position condition selected by each detector in the QKD system in real time after the delay scanning step of the QKD system calibration process is finished; judging whether a loophole exists in the delay scanning step in the calibration process of the QKD system according to the selection condition of the door signal loading positions of all the detectors, and if the door signal loading position of any one detector is different from the door signal loading position in the normal operation, considering that the loophole exists in the delay scanning step in the calibration process; if the vulnerability is not detected in one operation, an instruction for repeatedly executing the whole detection process is required to be sent out; so that the QKD system and the vulnerability detection apparatus repeatedly perform the vulnerability detection process once.
2. The method of claim 1, wherein the step of a) is performed before the QKD system is operated, and the connection and parameter adjustment of the leak detection apparatus are performed before the QKD system is operated.
3. The method of detecting a leak according to claim 1, wherein the two types of light are separated or collected by using wavelength characteristics of the synchronization light and the signal light.
4. A leak detection apparatus for performing a quantum secret communication system calibration procedure in accordance with the method of claim 1, comprising a plurality of modules; judging whether the QKD system has a loophole in the calibration process according to the action of each module and the result of the delay scanning step in the calibration stage;
the leak detection apparatus includes: the device comprises a frequency division and combination module, a synchronous light triggering module, a signal light processing module and a result analysis module;
and the frequency division and combination module is used for: the device is used for connecting an Alice end quantum channel port, a synchronous light triggering module, a signal light processing module and a Bob end quantum channel port, separating synchronous light and signal light output by the Alice end, and collecting the synchronous light output by the synchronous light triggering module and the processed signal light output by the signal light processing module; the frequency division and combination module consists of two dense optical wave multiplexing DWDM, each DWDM consists of a COM port and two ports with corresponding wavelengths, the COM ports of the two DWDM are responsible for being connected with quantum channel interfaces of an Alice end and a Bob end, the ports with the corresponding wavelengths in each DWDM are respectively corresponding to the wavelengths of synchronous light and signal light of the system, the ports with the corresponding synchronous light wavelengths are responsible for being connected with the input and output ports of the synchronous light triggering module, and the ports with the corresponding signal light wavelengths are responsible for being connected with the input and output ports of the signal light processing module; a synchronous optical triggering module and a signal optical processing module are connected in parallel between the two DWDM;
and the synchronous light triggering module is used for: by utilizing the separated synchronous light, a part of synchronous light triggers to generate a signal light processing signal of the signal light processing module, and the other part of synchronous light can still ensure the synchronous work of the whole QKD system to be tested; the signal light processing signal is generated by an arbitrary wavelength generator by utilizing the frequency characteristic of synchronous light stabilization; the waveform, frequency and duty ratio of the signal are adjusted according to the specific characteristics of the system, and the parameter determination process of different quantum states in the calibration process is covered in one period of the signal;
and the signal light processing module is used for: processing signals by utilizing the separated signal light through the signal light output by the synchronous light triggering module, and applying time delay to half of the signal light; the specific value of the applied delay is determined by the movable time resolution of the gate signal of the system to be tested; the particular method of applying the delay depends on the particular device employed; the use of different devices may involve different errors;
the gate signal detector is connected with the result analysis module in the QKD system: the result analysis module is completed by a computer, and the situation of the loading position of the gate signal selected by each detector in the QKD system is required to be obtained in real time after the delay scanning step of the QKD system calibration process is finished; judging whether a loophole exists in the delay scanning step in the calibration process of the QKD system according to the selection condition of the door signal loading positions of all the detectors, and if the door signal loading position of any one detector is different from the door signal loading position in the normal operation, considering that the loophole exists in the delay scanning step in the calibration process; if the vulnerability is not detected in one operation, an instruction for repeatedly executing the whole detection process is required to be sent out; enabling the QKD system and the vulnerability detection device to repeatedly execute the vulnerability detection process once; if the loophole is still not detected after repeating for a certain number of times, the system to be tested is considered to have no loophole of the delay scanning step in the calibration process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210767407.1A CN115085919B (en) | 2022-06-30 | 2022-06-30 | Vulnerability detection method and device for quantum secret communication system calibration process |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210767407.1A CN115085919B (en) | 2022-06-30 | 2022-06-30 | Vulnerability detection method and device for quantum secret communication system calibration process |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115085919A CN115085919A (en) | 2022-09-20 |
| CN115085919B true CN115085919B (en) | 2024-04-09 |
Family
ID=83258680
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210767407.1A Active CN115085919B (en) | 2022-06-30 | 2022-06-30 | Vulnerability detection method and device for quantum secret communication system calibration process |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115085919B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116614230B (en) * | 2023-07-20 | 2023-09-19 | 合肥量芯科技有限公司 | Pseudo-state attack demonstration system for introducing detection efficiency mismatch loopholes |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104518867A (en) * | 2013-09-28 | 2015-04-15 | 安徽量子通信技术有限公司 | Method for resisting wavelength attack in quantum key distribution system |
| CN110830108A (en) * | 2019-10-31 | 2020-02-21 | 中国人民解放军国防科技大学 | Anti-attack detection method and device for laser transmitter of quantum secret communication system |
| CN111756527A (en) * | 2019-03-27 | 2020-10-09 | 科大国盾量子技术股份有限公司 | Method for resisting equipment calibration attack in quantum key distribution system |
| CN214152170U (en) * | 2020-12-08 | 2021-09-07 | 科大国盾量子技术股份有限公司 | Anti-modified PNS attack demonstration device of optical fiber QKD system |
| CN113411183A (en) * | 2021-05-31 | 2021-09-17 | 中国人民解放军国防科技大学 | Synchronous correction vulnerability detection method and device in quantum key distribution system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2430123B (en) * | 2005-09-09 | 2008-01-23 | Toshiba Res Europ Ltd | A quantum communication system |
-
2022
- 2022-06-30 CN CN202210767407.1A patent/CN115085919B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104518867A (en) * | 2013-09-28 | 2015-04-15 | 安徽量子通信技术有限公司 | Method for resisting wavelength attack in quantum key distribution system |
| CN111756527A (en) * | 2019-03-27 | 2020-10-09 | 科大国盾量子技术股份有限公司 | Method for resisting equipment calibration attack in quantum key distribution system |
| CN110830108A (en) * | 2019-10-31 | 2020-02-21 | 中国人民解放军国防科技大学 | Anti-attack detection method and device for laser transmitter of quantum secret communication system |
| CN214152170U (en) * | 2020-12-08 | 2021-09-07 | 科大国盾量子技术股份有限公司 | Anti-modified PNS attack demonstration device of optical fiber QKD system |
| CN113411183A (en) * | 2021-05-31 | 2021-09-17 | 中国人民解放军国防科技大学 | Synchronous correction vulnerability detection method and device in quantum key distribution system |
Non-Patent Citations (5)
| Title |
|---|
| A Review of Security Evaluation of Practical Quantum Key Distribution System;Shihai Sun;《Entropy》;20220210;全文 * |
| Security Analysis of QKD Protocols: Simulation & Comparison;Ehtesham Khan;《2020 17th International Bhurban Conference on Applied Sciences and Technology (IBCAST)》;20200326;全文 * |
| 一次量子通信量子密钥分发和认证协议的安全性分析;周南润, 曾贵华, 朱甫臣;上海交通大学学报;20050930(09);全文 * |
| 测量设备无关量子密钥分配研究;黄安琪;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160315;全文 * |
| 相位漂移对相位编码QKD系统及截获-重发攻击的影响研究;焦海松;王衍波;何敏;朱勇;张志永;;激光与光电子学进展;20150410(04);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115085919A (en) | 2022-09-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Laser-seeding attack in quantum key distribution | |
| Qin et al. | Quantum hacking: Saturation attack on practical continuous-variable quantum key distribution | |
| US7934132B2 (en) | Communication system and method for controlling the same | |
| Makarov et al. | Effects of detector efficiency mismatch on security of quantum cryptosystems | |
| CN106788706B (en) | Continuous variable quantum key distribution method capable of resisting actual attack | |
| CN113794573B (en) | Digital signature system and method based on discrete modulation CV-QKD | |
| WO2020177848A1 (en) | Calibrating trusted noise in quantum key distribution | |
| CN109388374B (en) | Random number generation method based on chaos amplification quantum noise | |
| CN110830108B (en) | Anti-attack detection method and device for laser transmitter of quantum secret communication system | |
| KR20180035223A (en) | Quantum random number generators | |
| Pljonkin | Vulnerability of the synchronization process in the quantum key distribution system | |
| Qi et al. | Passive state preparation in the Gaussian-modulated coherent-states quantum key distribution | |
| Fang et al. | Multichannel parallel continuous-variable quantum key distribution with Gaussian modulation | |
| Hajomer et al. | 284.8-Mb/s physical-layer cryptographic key generation and distribution in fiber networks | |
| Lodewyck et al. | Experimental Implementation of Non-Gaussian Attacks<? format?> on a Continuous-Variable Quantum-Key-Distribution System | |
| Xu et al. | Quantum cryptography with realistic devices | |
| Zhang et al. | One-time shot-noise unit calibration method for continuous-variable quantum key distribution | |
| Bogris et al. | Feedback phase in optically generated chaos: A secret key for cryptographic applications | |
| Bosworth et al. | Unclonable photonic keys hardened against machine learning attacks | |
| Lorenz et al. | Witnessing effective entanglement in a continuous variable prepare-and-measure setup and application to a quantum key distribution scheme using postselection | |
| CN115085919B (en) | Vulnerability detection method and device for quantum secret communication system calibration process | |
| Garcia-Escartin et al. | Hidden probe attacks on ultralong fiber laser key distribution systems | |
| Lin et al. | Certified randomness from untrusted sources and uncharacterized measurements | |
| Biswas et al. | Experimental side channel analysis of BB84 QKD source | |
| CN115021896A (en) | Long distance quantum key distribution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |