CN116318657A - Relay key transmission method - Google Patents

Relay key transmission method Download PDF

Info

Publication number
CN116318657A
CN116318657A CN202310062258.3A CN202310062258A CN116318657A CN 116318657 A CN116318657 A CN 116318657A CN 202310062258 A CN202310062258 A CN 202310062258A CN 116318657 A CN116318657 A CN 116318657A
Authority
CN
China
Prior art keywords
key
node
relay
quantum
relay node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310062258.3A
Other languages
Chinese (zh)
Inventor
刁一帅
高光辉
王学富
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Institute Of Quantum Science And Technology Co ltd
Original Assignee
Shandong Institute Of Quantum Science And Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Institute Of Quantum Science And Technology Co ltd filed Critical Shandong Institute Of Quantum Science And Technology Co ltd
Priority to CN202310062258.3A priority Critical patent/CN116318657A/en
Publication of CN116318657A publication Critical patent/CN116318657A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B10/00Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
    • H04B10/70Photonic quantum communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Electromagnetism (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Optics & Photonics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a new relay key transmission method to improve the security of relay key transmission generated between adjacent metropolitan area network access nodes in a backbone quantum network, thereby further improving the security of quantum secret communication of the adjacent metropolitan area network.

Description

Relay key transmission method
Technical Field
The invention relates to the field of quantum communication, in particular to a relay key transmission method between adjacent metropolitan area network nodes in a backbone quantum network.
Background
When secret communication is carried out between terminals in different quantity sub communication metropolitan area networks, encryption transfer (i.e. ciphertext relay) can be carried out on data through metropolitan area network access nodes accessed to backbone quantum networks, but in order to ensure smoothness of real-time data communication between metropolitan area networks, a key relay strategy is needed, so a large number of relay keys are generated between metropolitan area network access nodes, and at the moment, whether transmission of the relay keys is safe or not determines safety of communication between metropolitan area networks.
When adjacent metropolitan area network access nodes generate a relay key, at least one trusted relay node needs to encrypt and relay the relay key by using a quantum key shared between adjacent nodes. Fig. 1 illustrates a prior art relay key transmission procedure. As shown in fig. 1, in each trusted relay node R, the relay node R receives an encrypted relay key
Figure BDA0004061393680000011
Firstly, performing decryption operation (for example, exclusive or operation) by using a quantum key KA shared with a previous hop node (access node A in FIG. 1) to obtain a relay key K; then, the quantum key K shared with the next hop node (access node B in FIG. 1) is used B Performing an encryption operation (e.g. an exclusive or operation) to obtain a new encrypted relay key>
Figure BDA0004061393680000012
And sends it to the next hop node B to effect relay key transmission between nodes a and B. Obviously, in the transmission method in the prior art, a relay key K is generated in each trusted relay node, and in practice, the security protection of the trusted relay node is lower than that of the access node of the metropolitan area network, so that in the transmission method, the relay key K has a risk of being monitored in the relay process, thereby threatening the confidentiality of quantum communication.
Disclosure of Invention
Aiming at unsafe factors existing in the prior art, the invention provides a novel relay key transmission method to improve the safety of relay key transmission generated between adjacent metropolitan area network access nodes in a backbone quantum network, thereby further improving the safety of quantum secret communication of the adjacent metropolitan area network.
One aspect of the invention relates to a method for transmitting a relay key from a first metropolitan area network access node to a second metropolitan area network access node, wherein one or more trusted relay nodes are present between the first and second metropolitan area network access nodes, and the relay key is generated at the first metropolitan area network access node;
generating two quantum keys shared with two nodes adjacent to the reliable relay node along the transmission direction respectively in the reliable relay node, and carrying out exclusive OR operation on the shared two quantum keys at regular time to generate the relay node quantum keys, and destroying the shared quantum keys;
performing exclusive-or operation on the quantum key shared with the adjacent trusted relay node and the relay key in the first metropolitan area network access node, and transmitting the exclusive-or operation result to the adjacent trusted relay node;
receiving an exclusive-or operation result sent by a previous node along the transmission direction in the trusted relay node, performing exclusive-or operation on the received exclusive-or operation result and the relay node quantum key generated in the received exclusive-or operation result, and sending the exclusive-or operation result generated at the time to a next node along the transmission direction;
in the second metropolitan area network access node, receiving an exclusive-or operation result sent by an adjacent trusted relay node, and carrying out exclusive-or operation on the received exclusive-or operation result and a quantum key shared with the adjacent trusted relay node, thereby obtaining a relay key, and further completing transmission of the relay key between the two metropolitan area network access nodes; the method comprises the steps that a read pointer of a key file corresponding to a relay node quantum key generated by a trusted relay node is consistent with read pointers of key files corresponding to two related shared quantum keys participating in generating the relay node quantum key on two nodes adjacent to the read pointer along a transmission direction; and when the offset of the read pointer of the key file in the node is larger than the offset of the write pointer of the key file and the difference between the offset of the read pointer and the offset of the write pointer is smaller than a preset interval threshold, modifying the offset of the read pointer to be larger than or equal to the preset interval threshold.
Further, quantum keys generated in the metropolitan area network access node and the trusted relay node may both be stored and managed in the same file format.
Preferably, the absolute physical addresses of the relay node quantum key and the two shared quantum keys associated therewith on the respective storage media may be the same.
Furthermore, when the trusted relay node is restarted due to reasons, a key file synchronization request can be sent to all adjacent nodes, and the adjacent nodes can synchronize the quantum key shared with the trusted relay node or the read-write pointer of the quantum key of the relay node after receiving the synchronization request. Still further, the neighboring node may further determine whether a relay node quantum key exists in the current node after receiving the synchronization request. And if the key file synchronization request exists, sending the key file synchronization request to nodes on other sides adjacent to the current node until the key file synchronization request is sent to a metropolitan area network access node.
Still further, a trusted relay node may have a plurality of neighboring nodes, and may accordingly be generated with a plurality of relay node quantum keys resulting from a quantum key exclusive-or operation shared with one of the plurality of neighboring nodes. If one of the plurality of relay node quantum keys is used for transmission of the relay key, the read pointer of the key file corresponding to the other of the plurality of relay node quantum keys may be modified to be consistent with the read pointer of the corresponding key file of the used one of the plurality of relay node quantum keys. Meanwhile, a key file synchronization request may also be sent to a node located outside the transmission path among the plurality of neighboring nodes so that a read pointer of a key file corresponding to the quantum key therein is consistent with a read pointer of a key file corresponding to the used one of the plurality of relay node quantum keys.
Drawings
Fig. 1 schematically illustrates a prior art relay key transmission method;
fig. 2 and 3 schematically show a data transmission procedure of a first embodiment of the relay key transmission method of the present invention;
fig. 4A to 4E schematically illustrate a key file read-write control process in the first embodiment of the relay key transmission method of the present invention;
fig. 5 schematically shows a data transmission procedure of a second embodiment of the relay key transmission method of the present invention;
fig. 6 schematically illustrates a key file read-write control process in the second embodiment of the relay key transmission method of the present invention; and
fig. 7 schematically shows a data transmission procedure of a third embodiment of the relay key transmission method of the present invention.
Detailed Description
Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings. The following examples are provided by way of illustration to fully convey the spirit of the invention to those skilled in the art to which the invention pertains. Thus, the present invention is not limited to the embodiments disclosed herein.
Example 1
The principle of the relay key transmission method of the present invention is described below with reference to fig. 2 and 3, in which a relay key is transmitted between two metropolitan area network access nodes through a trusted relay node. It should be noted that although fig. 2 and 3 depict examples involving only two access nodes and one trusted relay node, those skilled in the art will recognize that the examples are merely exemplary, and that the relay key transmission method of the present invention may be applied to relay key transmission between any plurality of metropolitan area network access nodes via any number of trusted relay nodes, and is not limited to the number of access nodes and relay nodes in the specific examples given herein by way of example.
The following describes the data encryption and decryption steps in the relay key transmission method of the present invention in detail with reference to fig. 2 and 3.
Fig. 2 shows a procedure for transmitting a relay key K from a first metropolitan area network access node a to a second metropolitan area network access node B. As shown in fig. 2, a relay key K to be transmitted is generated on a first metropolitan area network access node a, and a shared first quantum key KA is generated on the node a and a trusted relay node R adjacent to the node a 1 And generating a shared second quantum key K on the trusted relay node R and a second metropolitan area network access node B adjacent thereto B1
According to the transmission method of the present invention, in the transmission of the relay key K, first a first quantum key KA is used at node a 1 Exclusive-or (xor) of the relay key K to obtain a first encrypted relay key
Figure BDA0004061393680000041
And uses the first encrypted relay key KKA 1 And sent to the next hop node, here the trusted relay node R.
At the trusted relay node R, the quantum key (here the first quantum key KA) shared with the previous hop node (here the first metropolitan area network access node a) is used regularly 1 ) And a quantum key shared with the next hop node (here, a second metropolitan area network access node B) (here, a second quantum key K) B1 ) Performing exclusive-or operation to obtain relay node quantum key
Figure BDA0004061393680000051
K B1 Simultaneously combining the first and second quantum keys KA used in the operation 1 And K B1 Destroying. Wherein, the relay node quantum key K A1B1 Can only be used for key relay by node a to node B. Upon receipt of the first encrypted relay key KK from the previous hop node a A1 When using relay node quantum key K A1B1 For the first encrypted relay key KK A1 Performing exclusive-or encryption operation again to obtain a second encrypted relay key
Figure BDA0004061393680000052
And the second encrypted relay key KK A1 K A1B1 And sent to the next hop node, here a second metropolitan area network access node B.
At node B, when receiving the second encrypted relay key KK from the previous hop node R A1 K A1B1 When using the second quantum key K B1 For the second encrypted relay key KK A1 K A1B1 Performing exclusive OR operation
Figure BDA0004061393680000053
Thereby decrypting the relay key K to be transmitted by node a to node B, thereby enabling transmission of the relay key K between the two metropolitan area network access nodes A, B.
Fig. 3 shows a procedure for transmitting a relay key K from a second metropolitan area network access node B to a first metropolitan area network access node a, which is similar to the transmission procedure shown in fig. 2. As shown in fig. 3, a relay key K to be transmitted is generated at a second metropolitan area network access node B, and a shared second quantum key K is generated at the node B and a trusted relay node R adjacent thereto B2 And generating a shared first quantum key K on the trusted relay node R and the first metropolitan area network access node A adjacent thereto A2
The transmission process shown in fig. 3 is similar to that in fig. 2. First, a second quantum key K is used at node B B2 Exclusive-or (xor) of the relay key K to obtain a first encrypted relay key
Figure BDA0004061393680000054
And uses the first encrypted relay key KK B2 And sending the message to the next hop node, namely a trusted relay node R.
At the trusted relay node R, the quantum key (second quantum key K) shared with the last hop node (here, the second metropolitan area network access node B) is used regularly B2 ) And a quantum key (here, a first quantum key K) shared with a next hop node (here, a first metropolitan area network access node a) A2 ) Performing exclusive-or operation to obtain relay node quantum key
Figure BDA0004061393680000061
Simultaneously combining the second and first quantum keys K used in the operation B2 And K A2 Destroying. Wherein, the relay node quantum key K B2A2 Can only be used in key relay by node B to node a. Upon receipt of the first encrypted relay key KK from the previous hop node B B2 When using the relay node quantitySub-key K B2A2 For the first encrypted relay key KK B2 Performing exclusive-or encryption operation again to obtain a second encrypted relay key +.>
Figure BDA0004061393680000062
Figure BDA0004061393680000063
And the second encrypted relay key KK B2 K B2A2 And sent to the next hop node, here the first metropolitan area network access node a.
At node a, when receiving the second encrypted relay key KK from the previous hop node R B2 K B2A2 When using the first quantum key K A2 For the second encrypted relay key KK B2 K B2A2 Performing exclusive OR operation
Figure BDA0004061393680000064
Thereby decrypting the relay key K to be transmitted by the node B to the node a, thereby enabling transmission of the relay key K between the two metropolitan area network access nodes B, A.
In the invention, the key can be finally stored in the physical medium of each node in the form of a file and managed, and the key file is circularly readable and writable. Wherein the writing and reading of the key in the physical medium can be controlled by managing the write pointer and the read pointer of the key file, and the difference between the offsets of the read and write pointers of the file represents the amount of the available key stored in the physical medium.
Therefore, in the relay key transmission method of the present invention, in order to secure and improve the validity and transmissibility of various keys, a key file read-write control step may be further included. Wherein the quantum keys on each node may be arranged to be stored and managed in the same file format; and, the read pointers of the key files corresponding to the relay node quantum keys on the trusted relay node (e.g. node R in fig. 2 and 3) may be set to coincide with the read pointers of the key files corresponding to the relevant quantum keys of the two shared quantum keys on its neighboring two nodes (e.g. access nodes a and B), i.e. which are to be involved in the exclusive-or operation for generating the relay node quantum keys, so that during transmission of the same relay key, the shared quantum keys involved in the exclusive-or operation for the relay keys on the trusted relay node neighboring two nodes are also used for generating the relay node quantum keys involved in the exclusive-or operation for the relay keys via the exclusive-or operation at the trusted relay node, thereby ensuring the validity of the relay key transmission method according to the invention in a simple manner. In this context, the read pointer remaining consistent may mean that the relative positions of the quantum keys in the respective key files are the same. In other words, the relay node quantum key and the relative positions of the two quantum keys on its associated two neighboring nodes are the same in the respective key file. More preferably, the absolute physical addresses of the relay node quantum key and the two quantum keys on the respective storage media are the same. Through the arrangement, the validity of the quantum key of the relay node can be ensured, and the transmission method can be correctly implemented.
Further, since the key file may be stored in a loop, that is, after the file write pointer reaches the maximum limit of the file, new key data is written from the file start position again, the key data that has not been used may be overwritten. To ensure that the key amount can be calculated correctly, if the offset of the file write pointer is less than the offset of the file read pointer (which in this case generally means that data overwriting is being performed), the read-write-pointer spacing threshold may be set such that during data overwriting, if the spacing of the read-write pointers is less than the spacing threshold, the position of the read pointer is modified such that the read-write-pointer spacing is greater than the spacing threshold.
The key file read-write control steps in the relay key transmission method of the present invention will be described below with reference to fig. 4A to 4E.
Fig. 4A shows a data overwrite initial state, in which a relay key transmission procedure from access node a to access node B is taken as an example. As shown in fig. 4A, node a shares a quantum key K with node R A1 The maximum value to the key file has been generated; quantum key shared by node B and node RK B1 The maximum value to the key file has been generated; relay node quantum key K generated at relay node R for transmission from node A to node B A1B1 The maximum value of the key file is also reached. At this time, the relay node R has the same key file format and size as the related quantum keys on the two neighboring nodes A, B, and the relative positions of the read-write pointers in the key file are also identical, and the read pointers are labeled Rpa.
As shown in fig. 4B, the quantum key is continuously generated at the node B and the key file is overwritten, but the quantum key is not generated at the node a and the node R at the same time, and at this time, since the read-write pointer at the node B is smaller than the preset interval threshold, the read pointer thereof is modified to Rpb. If the data transmission of nodes a to B is performed directly in this case, the following phenomenon occurs: at node A, the shared quantum key K corresponding to the read pointer position Rpa is read A1 The data is encrypted and transmitted, and the encrypted data is sent to the node R; at node R, the relay node quantum key K of nodes A-B corresponding to the read pointer position Rpa is read A1B1 Encrypting the received data again, and transmitting the re-encrypted data to the node B; at node B, the read pointer position of the key file is Rpb, and the quantum key K corresponding to position Rpb is read B1 Whereas relay node quantum key K is used in received encrypted data A1B1 Is to use the quantum key K corresponding to the position Rpa before writing and covering B1 Generated by an exclusive-or operation, thus reading at node B the quantum key K for exclusive-or operation to decrypt B1 Incorrect, the relay key K which is required to be transmitted cannot be obtained through exclusive OR operation, and the data transmission fails. Note that at this time, even if the read pointer position at the node B is Rpa, the read quantum key K is due to the overwriting B1 Nor can it be used to derive the relay key K for the required transmission by an exclusive or operation, as shown in fig. 4C.
Thus, to avoid the above, in the key file read-write control step of the present invention, when an overwrite occurs to a shared quantum key on a certain node (e.g., node B), which is correspondingly written on a trusted relay node adjacent thereto, the read pointer position of the quantum key of the node is modified to ensure that the interval between the read and write pointers is greater than the preset interval threshold, and the relay quantum keys or the read pointers of the shared quantum keys of the other two nodes (e.g., node a and trusted relay node R) associated with the node are also synchronously modified to be consistent with the read pointers on the node, as shown in fig. 4D.
Further, as shown in FIG. 4E, when the quantum key on the sending node (e.g., node A) is overcoated (at which time the quantum key on node A may be denoted as K) A1 ') when the read pointer of the corresponding key file is located at the start position of the key file and the write pointer is located at the end position of the key file, the relevant trusted relay node (e.g. node R) can be informed that the previously generated relay node quantum key (e.g. node R)
Figure BDA0004061393680000081
) Clearing (when the write pointer is at the beginning of the key file) while recovering in the trusted relay node R the generation of the shared quantum key (K) on another node (e.g. node B) adjacent to it B1 ) Timing is achieved by writing an overwrite to a quantum key (K A1 ') and recovering the written quantum key (K) shared with another neighboring node B1 ) Exclusive-or operation is performed to generate a new relay node quantum key (e.g
Figure BDA0004061393680000082
) And the used shared quantum key (K A1 ' and K B1 ) Destroying, at this time, the new relay node quantum key (e.g., K A1,B1 ) Read pointer in corresponding key file and shared quantum key (K) associated in two nodes adjacent to it (e.g. nodes A and B) A1 ' and K B1 ) The read pointers in the respective corresponding key files should be set to remain consistent.
As already mentioned above, a person skilled in the art will readily understand that there may be any number of trusted relay nodes between the metropolitan area network access nodes. During the operation of the quantum communication network, if a certain relay node R needs to be restarted after being restarted due to faults or replacement, a key file synchronization request can be sent to all adjacent nodes by the node R after being restarted, and the read-write pointer synchronization of the quantum key and the quantum key of the relay node is requested. After receiving the request, the adjacent node can synchronize the quantum key shared with the node R with the read-write pointer of the quantum key of the relay node, then judge whether the current node has the quantum key of the relay node (i.e. exclusive or key), if so, send a key file synchronization request to the adjacent node at the other side until synchronizing to the access node of the metropolitan area network.
< example two >
The principle of the encryption and decryption step and the key file read-write control step in the relay key transmission method of the present invention has been described above with reference to the embodiment.
Fig. 5 presents another exemplary embodiment, depicting the process of a relay key on one metropolitan area network access node a reaching another metropolitan area network access node B via two trusted relay nodes R1 and R2 for further understanding of the transmission method of the present invention.
Similarly to embodiment 1, when the relay key K is to be transferred from the first metropolitan area network access node a to the second metropolitan area network access node B, as shown in fig. 5, the relay key K to be transferred is generated on the first metropolitan area network access node a, and the shared first quantum key K is generated on the node a and the trusted relay node R1 adjacent thereto A1 Generating a shared third quantum key K on the trusted relay node R1 and the other trusted relay node R2 adjacent thereto R2 Generating a shared second quantum key K on the relay node R2 and a second metropolitan area network access node B adjacent thereto B1
According to the transmission method of the present invention, in the transmission of the relay key K, first the first quantum key K is used at the node a A1 Exclusive-or (xor) of the relay key K to obtain a first encrypted relay key
Figure BDA0004061393680000091
And uses the first encrypted relay key KK A1 To the next hop node, here the trusted relay node R1.
At the trusted relay node R1, a quantum key (here, a first quantum key K) shared with the last hop node (here, a first metropolitan area network access node a) is used periodically A1 ) And a quantum key (here, a third quantum key K) shared with the next-hop node (here, a trusted relay node R2) R2 ) Performing exclusive-or operation to obtain a first relay node quantum key
Figure BDA0004061393680000102
Simultaneously combining the first and third quantum keys K used in the operation A1 And K R2 Destroying. Wherein, the relay node quantum key K A1R2 Can only be used for key relay by node a to node B. Upon receipt of the first encrypted relay key KK from the previous hop node a A1 When using the first relay node quantum key K A1R2 For the first encrypted relay key KK A1 Performing exclusive-or encryption operation again to obtain a second encrypted relay key
Figure BDA0004061393680000101
And the second encrypted relay key KK A1 K A1R2 And sent to the next hop node, here the trusted relay node R2.
At the trusted relay node R2, the shared two quantum keys (third quantum key K R2 And a second quantum key K B1 ) Performing exclusive-or operation to obtain a second relay node quantum key
Figure BDA0004061393680000103
Simultaneously combining the second and third quantum keys K used in the operation B1 And K R2 Destroying. Upon receipt of the second encrypted relay key KK transmitted by the previous hop node R1 A1 K A1R2 When using the second relay node quantum key K R2B1 For the second encrypted mediumRelay key KK A1 K A1R2 Performing exclusive-or encryption operation again to obtain a third encrypted relay key
Figure BDA0004061393680000104
And the third encrypted relay key KK A1 K A1R2 K R2B1 And sent to the next hop node, here a second metropolitan area network access node B.
At node B, when receiving the third encrypted relay key KK from the previous hop node R2 A1 K A1R2 K R2B1 When using the second quantum key K B1 For the third encrypted relay key KK A1 K A1R2 K R2B1 Performing exclusive OR operation
Figure BDA0004061393680000105
Thereby decrypting the relay key K to be transmitted by node a to node B, thereby enabling transmission of the relay key K between the two metropolitan area network access nodes A, B.
Referring to the foregoing description of embodiments 1 and 2, a process of transferring the relay key K from the second metropolitan area network access node B to the first metropolitan area network access node a in this embodiment two will be easily understood by those skilled in the art, and thus will not be described herein.
In addition, in the second embodiment, the key file read-write control step is also similar to that described in the foregoing regarding the first embodiment. Fig. 6 shows a procedure of synchronizing corresponding read-write pointers in all nodes on the entire relay key transmission path by transmitting a key file synchronization request when the relay node R1 is restarted. That is, the relay node R1 first transmits a key file synchronization request to the neighboring access node a and relay node R2 so that the respective read-write pointers at the nodes A, R1 and R2 remain identical. Then, it is determined whether a relay node quantum key (i.e., exclusive or key) exists at the nodes a and R2, and if so, a key file synchronization request is sent to the other side neighboring node. At this time, since node a is not a relay node, there is no relay node quantum key on it, so node a is no longer required to send a synchronization request to the other side; node R2 is a relay node on which a relay node quantum key exists, thus requiring node R2 to send a synchronization request to another node, node B. The node B performs the synchronization operation after receiving the synchronization request, and thus its corresponding read-write pointer is consistent with the nodes A, R1 and R2. At the node B, a judgment is also made as to whether a relay node quantum key exists on the node B, and because the node B is not a relay node, the relay node quantum key does not exist on the node B, and the sending of the synchronous request is ended, at the moment, the read-write pointers of key files at all nodes on the whole relay key transmission path are synchronous, so that the correct execution of data transmission is ensured.
Example III
In order to improve the security and fault tolerance of backbone quantum network communication, the network environment where the trusted relay node is located is mostly a nonlinear network structure, and the number of nodes adjacent to the trusted relay node may be greater than 2 instead of two nodes on the left side and the right side. As shown in fig. 7, a trusted relay node R may have 3 neighboring access nodes A, B and C. Based on the foregoing description of the relay key transmission method of the present invention, it can be appreciated that different relay node quantum keys generated by exclusive-or operation of different shared quantum keys will be created at node R according to different transmission paths, e.g. create quantum key K A1C1 、K B1C1 、K C2A2 And K C2B2 For data relay transmission for nodes a to C, nodes B to C, nodes C to a, and nodes C to B, respectively, the transmission procedure is similar to that of embodiments 1 and 2, and thus will not be repeated here.
In this embodiment three, the key file read-write control principle in the relay key transmission method of the present invention will be further understood by describing key file read-write control in the multipath transmission process.
In a multi-path transmission network as shown in fig. 7, the same segment of shared quantum key K may be used by the common relay node R C1 Generating relay node quantum key K for node A to C and for node B to C transmissions A1C1 And K B1C1 . When the relay key transmission procedure of the nodes a to C is started,node R receives encrypted data from node a and uses relay node quantum key K A1C1 After re-encrypting the data, it is necessary to check at node R whether there is a relay node quantum key for other neighboring nodes to node C. If in this embodiment it is checked that there is a relay node quantum key K for node B to node C B1C1 The quantum key K is to be used B1C1 Is modified to the quantum key K A1C1 The same location of the read pointer of the key file, i.e. indicating that the segment key has been used. Thereafter, a key file synchronization request is sent to the node B to synchronize the quantum key K in the node B B1 The read pointer of the key file is synchronously modified to the same location. Therefore, the segment key will not be used when the node B transmits the relay key, thereby effectively ensuring the correct transmission of the relay key.
By means of the relay key transmission method, the security of the medium key transmission generated between the adjacent metropolitan area network access nodes in the backbone quantum network can be improved, so that the security of the quantum secret communication of the adjacent metropolitan area network can be further improved, and the transitivity of the quantum key can be effectively ensured.
The foregoing is merely exemplary of the present invention and it should be noted that modifications and variations can be made by those skilled in the art without departing from the technical principles of the present invention, and such modifications and variations should also be regarded as being within the scope of the invention.

Claims (6)

1. A method for transmitting a relay key from a first metropolitan area network access node to a second metropolitan area network access node, one or more trusted relay nodes being present between the first and second metropolitan area network access nodes, and the first metropolitan area network access node generating the relay key, characterized by:
in the trusted relay node, two quantum keys which are respectively shared with two nodes adjacent to the trusted relay node along the transmission direction are generated, and the shared two quantum keys are subjected to exclusive OR operation at fixed time to generate a relay node quantum key, and meanwhile the shared quantum key is destroyed;
in the first metropolitan area network access node, carrying out exclusive-or operation on a quantum key shared with an adjacent trusted relay node and the relay key, and sending the exclusive-or operation result to the adjacent trusted relay node;
in the trusted relay node, receiving an exclusive-or operation result sent by a previous node along the transmission direction, performing exclusive-or operation on the received exclusive-or operation result and the relay node quantum key generated in the received exclusive-or operation result, and sending the exclusive-or operation result generated at the moment to a next node along the transmission direction;
in the second metropolitan area network access node, receiving an exclusive-or operation result sent by an adjacent trusted relay node, and carrying out exclusive-or operation on the received exclusive-or operation result and a quantum key shared with the adjacent trusted relay node so as to obtain the relay key;
the method comprises the steps that a read pointer of a key file corresponding to a relay node quantum key generated by a trusted relay node is consistent with read pointers of key files corresponding to two related shared quantum keys participating in generating the relay node quantum key on two nodes adjacent to the read pointer along a transmission direction; and, in addition, the processing unit,
when the offset of the read pointer of the key file in a node is greater than the offset of the write pointer of the key file and the difference between the offset of the read pointer and the offset of the write pointer is less than a preset interval threshold, modifying the offset of the read pointer to be greater than or equal to the preset interval threshold.
2. The method of claim 1, wherein quantum keys generated in the metropolitan area network access node and the trusted relay node are both stored and managed in the same file format.
3. The method of claim 1, wherein absolute physical addresses of the relay node quantum key and the two shared quantum keys on respective storage media are the same.
4. The method of claim 1, wherein the trusted relay node sends a key file synchronization request to all neighboring nodes after restarting, the neighboring nodes synchronizing a quantum key shared with the trusted relay node or a read-write pointer of a relay node quantum key after receiving the synchronization request.
5. The method of claim 4, wherein the neighboring node further determines whether a relay node quantum key exists at the current node after receiving the synchronization request, and if so, transmits the key file synchronization request to nodes at other sides neighboring the current node until the key file synchronization request is transmitted to a metropolitan area network access node.
6. The method of claim 1, wherein when the trusted relay node has a plurality of neighboring nodes and generates a plurality of relay node quantum keys that result from an exclusive-or operation with one of the plurality of neighboring nodes, if one of the plurality of relay node quantum keys is used for transmission of a relay key, read pointers of key files corresponding to other relay node quantum keys of the plurality of relay node quantum keys are modified to be consistent with read pointers of key files corresponding to the used one of the plurality of relay node quantum keys, while also sending a key file synchronization request to nodes of the plurality of neighboring nodes that are located outside of a transmission path such that read pointers of key files corresponding to the quantum keys therein are consistent with read pointers of key files corresponding to the used one of the plurality of relay node quantum keys.
CN202310062258.3A 2016-12-30 2016-12-30 Relay key transmission method Pending CN116318657A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310062258.3A CN116318657A (en) 2016-12-30 2016-12-30 Relay key transmission method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202310062258.3A CN116318657A (en) 2016-12-30 2016-12-30 Relay key transmission method
CN201611261295.3A CN108270555A (en) 2016-12-30 2016-12-30 A kind of relaying cipher key transmission methods

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201611261295.3A Division CN108270555A (en) 2016-12-30 2016-12-30 A kind of relaying cipher key transmission methods

Publications (1)

Publication Number Publication Date
CN116318657A true CN116318657A (en) 2023-06-23

Family

ID=62754902

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202310062258.3A Pending CN116318657A (en) 2016-12-30 2016-12-30 Relay key transmission method
CN201611261295.3A Pending CN108270555A (en) 2016-12-30 2016-12-30 A kind of relaying cipher key transmission methods

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201611261295.3A Pending CN108270555A (en) 2016-12-30 2016-12-30 A kind of relaying cipher key transmission methods

Country Status (1)

Country Link
CN (2) CN116318657A (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768629B (en) * 2018-05-24 2021-03-30 中国科学院信息工程研究所 Credible relay quantum communication method and system
CN111277549B (en) * 2018-12-05 2022-05-03 杭州希戈科技有限公司 Security service method and system adopting block chain
CN110266473A (en) * 2019-04-22 2019-09-20 北京邮电大学 Method, relay node and the distribution method of relay node distribution quantum key
CN111865567B (en) * 2019-04-29 2021-11-30 科大国盾量子技术股份有限公司 Relay method, device, system, equipment and storage medium of quantum key
CN112367161A (en) * 2019-09-01 2021-02-12 成都量安区块链科技有限公司 Relay node function virtualization method and device
CN110690960B (en) * 2019-09-01 2022-02-22 成都量安区块链科技有限公司 Routing service method and device of relay node
CN112367124B (en) * 2019-09-01 2022-07-15 成都量安区块链科技有限公司 Quantum relay node virtualization method and device
CN112367162A (en) * 2019-09-01 2021-02-12 成都量安区块链科技有限公司 Application method and device of quantum relay node
CN110557253B (en) * 2019-10-14 2023-06-06 成都量安区块链科技有限公司 Relay route acquisition method, device and application system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238005A (en) * 2011-08-17 2011-11-09 上海朗研光电科技有限公司 Relaying method for remote secure quantum communication
CN105915337A (en) * 2016-05-27 2016-08-31 安徽问天量子科技股份有限公司 Quantum encryption microwave relay communication system and quantum encryption microwave relay communication method

Also Published As

Publication number Publication date
CN108270555A (en) 2018-07-10

Similar Documents

Publication Publication Date Title
CN116318657A (en) Relay key transmission method
US9338150B2 (en) Content-centric networking
US10313114B2 (en) Authentication method, device and system for quantum key distribution process
US9698979B2 (en) QKD key management system
US7860254B2 (en) Computer system security via dynamic encryption
KR20190034505A (en) Data conversion system and method
CN107508672A (en) A kind of cipher key synchronization method and key synchronization device based on pool of symmetric keys, key synchronization system
WO2013026086A1 (en) Virtual zeroisation system and method
WO2000041357A9 (en) Exchanging a secret over an unreliable network
CN105681031A (en) Storage encryption gateway key management system and method
CN106209356A (en) The privacy control method remotely controlled for Internet of Things and system
US8879739B2 (en) Method, system and device for securely transferring digital content between electronic devices within a communication network managed by a management center
JP2019195116A (en) Data transfer system and transfer method
CN104901968A (en) Method for managing and distributing secret keys in secure cloud storage system
US7376232B2 (en) Computer system security via dynamic encryption
JP5102701B2 (en) Secret key distribution method and secret key distribution system
JP5118499B2 (en) Data comparison device
KR101690093B1 (en) Controlled security domains
CN205812031U (en) The secrecy remotely controlled for Internet of Things controls device
CN115396190A (en) Data encryption method, decryption method and device
KR102282788B1 (en) Blockchain system for supporting change of plain text data included in transaction
JP2023522752A (en) Restoring distributed keys from backup storage
KR20170029259A (en) Method of providing secure odometer management by changing secret key and appratus for implementing the same
US7327845B1 (en) Transmission of encrypted messages between a transmitter and a receiver utilizing a one-time cryptographic pad
CN115549910B (en) Data transmission method, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination