CN116506353A - SoC-based high-bandwidth quantum secret communication router, system and communication method - Google Patents
SoC-based high-bandwidth quantum secret communication router, system and communication method Download PDFInfo
- Publication number
- CN116506353A CN116506353A CN202310347327.5A CN202310347327A CN116506353A CN 116506353 A CN116506353 A CN 116506353A CN 202310347327 A CN202310347327 A CN 202310347327A CN 116506353 A CN116506353 A CN 116506353A
- Authority
- CN
- China
- Prior art keywords
- communication
- quantum
- router
- message
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 377
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000005540 biological transmission Effects 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims description 34
- 238000012790 confirmation Methods 0.000 claims description 22
- 230000004044 response Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 4
- 230000008676 import Effects 0.000 claims description 2
- 238000006467 substitution reaction Methods 0.000 claims description 2
- 239000013307 optical fiber Substances 0.000 claims 1
- 230000010354 integration Effects 0.000 abstract description 5
- 238000005265 energy consumption Methods 0.000 abstract description 3
- 238000012795 verification Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000007726 management method Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 150000001875 compounds Chemical class 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000003337 fertilizer Substances 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000005610 quantum mechanics Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000000153 supplemental effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/60—Router architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Optics & Photonics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a high-bandwidth quantum secret communication router, a system and a communication method based on SoC, wherein the quantum secret communication router comprises an SoC chip, a plaintext communication unit, a secret key communication unit and a network communication unit; the plaintext communication unit is connected with a plurality of external client devices and is used for data transmission between the client devices and the SoC chip; the key communication unit is connected with the QKD systems and used for acquiring quantum keys from the QKD systems and transmitting the quantum keys to the SoC chip; the network communication unit is used for establishing communication based on TCP/IP protocol between the access network and the communication server and is used for data transmission between the communication server and the SoC chip; the SoC chip is used for realizing a non-quantum encryption mode and a quantum encryption mode and realizing data routing. The quantum secret communication router uses the SoC chip, so that the energy consumption is lower and the integration level is higher.
Description
Technical Field
The invention relates to the technical field of quantum communication, in particular to a high-bandwidth quantum secret communication router, a system and a communication method based on SoC.
Background
Currently, security of the internet relies mainly on public key cryptography. Encryption, decryption and signature authentication of public key cryptography protect the communication security of the internet at present. However, in 1994, peter shell invented a brand-new quantum algorithm shell algorithm by utilizing quantum computation established based on quantum mechanics principle, which effectively breaks through the difficulty of prime number decomposition and discrete logarithm and breaks through RSA and elliptic curve public key cryptosystem. With the intensive research of quantum computers, public key cryptography is being threatened in its status and security. In the attack and defense of encryption and cracking, quantum computation corresponds to an attack spear, and a shield corresponding to the attack spear is quantum communication.
Quantum communication is mainly divided into two types of quantum invisible transmission states and quantum key distribution. The currently achievable quantum communication technology is a quantum key distribution technology. Quantum key distribution (QKD for short, english: quantum key distribution) is to ensure communication security by utilizing quantum mechanical properties. It enables both parties to a communication to generate and share a random, secure key, known as a quantum key. We encrypt and decrypt messages with this quantum key, which is the current primary quantum encryption communication means.
Quantum communication is taken as a new technology, and a plurality of policies of China are put forward to the development of quantum communication. The quantum communication backbone network to be built comprises: jinghan, huhe and Hanguang. The already established metropolitan area quantum communication network comprises: the Chinese medicinal composition comprises the following components of a compound fertilizer, wuhan, beijing, jinan, zaozhuang, zhouzhou and Guiyang. In addition, guangzhou, western, chengdu, guiyang, chongqing, nanjing, haikou, wuluji, and the like have initiated local quantum secure communication metropolitan area network planning.
Regarding the use of quantum keys, quantum security encryption routers are currently the main. And the quantum security encryption router is an indispensable ring for realizing quantum encryption communication. The quantum security encryption router can encrypt a traditional communication channel by utilizing a quantum key, thereby realizing quantum encryption communication.
Currently, the main stream of quantum security encryption routers in the market basically uses FPGA as a main chip, and may use a micro control unit MCU or an ARM processor to perform some auxiliary data processing work. The FPGA chips required for such designs typically require higher performance, which also means higher hardware costs. In addition, the combination of the processor and the FPGA is used, so that the space is occupied, the quantum security encryption router is larger, the data processing and the algorithm control are not flexible enough, the key resource coordination is not intelligent enough, and the trend of chip integration at present is not met.
Disclosure of Invention
The technical purpose is that: aiming at the problems in the prior art, the invention discloses a high-bandwidth quantum secret communication router, a system and a communication method based on SoC, wherein the quantum secret communication router uses an SoC chip, so that the energy consumption is lower, and the integration level is higher.
The technical scheme is as follows: in order to achieve the technical purpose, the invention adopts the following technical scheme.
A high-bandwidth quantum secret communication router based on SoC comprises an SoC chip, and a plaintext communication unit, a secret key communication unit and a network communication unit which are connected with the SoC chip;
the plaintext communication unit is connected with a plurality of external client devices and is used for data transmission between the client devices and the SoC chip; the key communication unit is connected with the QKD systems, and is used for acquiring a quantum key from the QKD systems and transmitting the quantum key to the SoC chip; the network communication unit is used for establishing communication based on TCP/IP protocol between the access network and the communication server and is used for data transmission between the communication server and the SoC chip; the SoC chip is used for realizing a non-quantum encryption mode and a quantum encryption mode: in a non-quantum encryption mode, the SoC chip does not encrypt or decrypt the transmitted data, so that the traditional network route switching function is realized; in a quantum encryption mode, the SoC chip performs encryption/decryption processing on transmitted data according to a quantum key acquired from the QKD system; the unencrypted data transmitted by the plaintext communication unit is transmitted through the network communication unit after being encrypted by the SoC chip, and the encrypted data transmitted by the network communication unit is transmitted to the client device through the plaintext communication unit after being decrypted by the SoC chip.
The high-bandwidth quantum secret communication system based on the SoC comprises a communication server, wherein the communication server is in communication connection with a plurality of quantum secret communication routers, each quantum secret communication router is respectively connected with a plurality of QKD systems and a plurality of external client devices, and the quantum secret communication router adopts any one of the high-bandwidth quantum secret communication routers based on the SoC.
According to the communication method of the high-bandwidth quantum secret communication system based on the SoC, the communication method comprises user login, message forwarding and file forwarding; the user login includes: a plurality of external client devices send login requests to corresponding quantum secret communication routers, the quantum secret communication routers and corresponding communication servers perform user confirmation, and the quantum secret communication routers obtain confirmation messages sent by the communication servers and then forward the confirmation messages to the client devices to finish user login;
the message forwarding includes: after the two communication parties respectively realize user login, the client device CA sends a plaintext message to the communication server CS through encryption of the quantum secret communication router A; the communication server CS forwards the encrypted message to the quantum secret communication router B; after decryption, the quantum secret communication router B sends the clear text message to the client device CB;
the file forwarding includes: after the two communication parties respectively realize the user login, the client device CA initiates a file sending request, and the communication server CS returns a confirmation response; the client device CA sends the file to the communication server CS through the encryption of the quantum secret communication router A; the communication server CS initiates a file sending request, and the client device CB returns a confirmation response; the communication server CS sends the local ciphertext file to the client device CB via decryption by the quantum secret communication router B.
The beneficial effects are that:
1. the quantum secret communication router uses the SoC chip, so that the energy consumption is lower, the integration level is higher, and the quantum secret communication router is more in line with the current trend of chip integration;
2. the quantum secret communication router realizes a cryptographic algorithm by using the FPGA part of the SoC chip, and the microprocessor realizes data processing, so that the quantum secret communication router is more reasonable and flexible in algorithm calling and calculation resource allocation, and provides multiple paths of parallel encryption and decryption capability;
3. the quantum security encryption router can be accessed into a plurality of client devices, and the client interface unit has a network switching function, so that the parallel processing of the information of the plurality of client devices can be realized;
4. the quantum security encryption router can be connected with a plurality of sets of QKD systems, and the port units of the QKD systems have network switching functions, so that a larger quantum key generation rate and communication range can be provided for quantum encryption communication;
5. the quantum secret communication router can be switched into a non-quantum encryption mode through setting, namely a traditional router mode, wherein the non-quantum encryption mode can be full-port non-encryption and single client equipment non-encryption, and the mode switching is more flexible.
Drawings
FIG. 1 is a schematic diagram of the internal unit structure of a quantum secret communication router according to the present invention;
FIG. 2 is a schematic diagram of a functional module of a SoC chip of the quantum secret communication router of the present invention;
FIG. 3 is a schematic diagram of encryption and decryption of a quantum secret communication router SoC according to the present invention;
FIG. 4 is a schematic diagram of a quantum secret communication router local area network multi-device topology of the present invention;
fig. 5 is a schematic diagram of quantum cryptography communication of a quantum cryptography communication router of the present invention.
Detailed Description
The invention is further illustrated and described below with reference to the drawings and examples.
The embodiment of the invention provides a high-bandwidth quantum secret communication router based on SoC.
QKD, quantum key distribution, quantum key distribution.
CS, communications Server, communication server.
The embodiment of the invention provides a high-bandwidth quantum secret communication router based on SoC, which at least comprises a plaintext communication unit, a secret key communication unit, a network communication unit and an SoC chip as shown in figure 1.
The SoC chip is respectively and independently and physically connected with the plaintext communication unit, the secret key communication unit and the network communication unit.
The plaintext communication unit is connected to an external client device for transmission of unencrypted data. The plaintext communication unit is a multi-interface unit, and the interface is a gigabit network port. The plaintext communication unit has a network switching function, can be connected with a plurality of external clients simultaneously, and has different configurations of 4, 8, 16, 32 and the like.
The key communication unit is connected with the QKD system and used for acquiring the quantum key. The key communication unit is a multi-interface unit, and the interface is a gigabit network port. The key communication unit has a network switching function, can be connected with a plurality of sets of QKD systems simultaneously, and has different configurations of 4, 8, 16, 32 and the like.
The network communication unit is used for establishing communication based on TCP/IP protocol between the access network and the communication server. The interface may be a gigabit network port, a tera network port or a fiber optic interface.
In the high-bandwidth quantum secret communication router based on the SoC, the high-bandwidth secret communication router supports a plurality of clients to send or receive files at a gigabit rate; supporting a connected multi-channel QKD system provides a higher key acquisition rate and a wider key acquisition range; and a faster speed is supported to be connected with the communication server, so that the integral bandwidth of the quantum secret communication router and the communication server is ensured.
As shown in fig. 2, the SoC chip includes a network control module, a plaintext communication module, a data processing module, an algorithm control module key management module, and an algorithm module.
The network control module provides network driving and communication connection functions based on TCP/IP protocol for the SoC chip and is used for sending and receiving encrypted data.
The plaintext communication module establishes communication connection with the client device for the quantum secret communication router for transmitting and receiving unencrypted data.
The algorithm control module is independently connected with the data processing module, the key management module and the algorithm module, and provides functions of algorithm encryption and decryption management, key import control and the like for the SoC chip.
The key management module establishes communication connection with the QKD system for the quantum secret communication router for obtaining the quantum key to the 1 or more sets of QKD systems. The key management module is connected with the algorithm module, and the obtained quantum key is directly imported into the algorithm module for encryption and decryption calculation.
The algorithm module is realized by an FPGA part of the SoC chip, and can provide various common symmetric encryption algorithms and hash algorithms, such as SM4, AES, one-time pad, SM3 and the like. In the invention, only the algorithm module is realized by the FPGA of the SoC chip, the FPGA can realize the self-defined IP core, and the cryptographic algorithm operation needs strong calculation force, so that the FPGA is the most good and safer than the CPU. The parallel computation of multiple cryptographic algorithms and the parallel computation of a single cryptographic algorithm can be realized under the control of the algorithm control module, and the parallel computation of the multiple cryptographic algorithms mainly comprises the step of calling multiple algorithm IP (Internet protocol) through a CPU (Central processing Unit) of an SoC (System on a chip), namely an IP core customized in an FPGA (field programmable gate array). The parallel computation implemented by a single cryptographic algorithm can be the repeated connection of the algorithm IP at design time or the designed IP can have the function.
The data processing module is independently connected with the network control module, the plaintext communication module and the algorithm control module and is used for processing various data of the three modules. As shown in fig. 3, when the encryption process is performed, plaintext data is changed into ciphertext data through encryption from the plaintext communication module to the data processing module and then to the algorithm processing module. The ciphertext data is sent to the data processing module from the algorithm processing module and then to the network control module; when the decryption process is executed, the ciphertext data is decrypted by the network control module to the data processing module and then reaches the algorithm processing module to become plaintext data. The plaintext data is sent from the algorithm processing module to the data processing module and then to the plaintext communication module.
The SoC-based high-bandwidth quantum secret communication router provided by the embodiment can be set to provide a non-encryption mode for client equipment, namely a network route switching function in a traditional sense. When using the unencrypted mode, the quantum secret communication router no longer requests the quantum key from the QKD system.
The high-bandwidth quantum secret communication router based on the SoC can enable the quantum secret communication router to process data from multiple devices by utilizing the data processing capacity of the SoC chip, the data processing is more flexible, and the calling distribution of an encryption algorithm is more intelligent.
As shown in fig. 4, this embodiment provides a SoC-based high bandwidth quantum secret communications router that can access multiple client devices and connect multiple QKD systems.
The client device accessed by the quantum secret communication router comprises a PC (personal computer), a server or other devices with network communication. The client device is provided with quantum communication software, so that the vector child secret communication router can send data to be encrypted. The quantum secret communication router is provided with a network interface for connecting a plurality of client devices, and can simultaneously connect the plurality of client devices.
The quantum secret communication router is provided with a network interface for connecting a plurality of sets of QKD systems, and can simultaneously connect a plurality of sets of QKD systems. The quantum key rate that can be provided by a single QKD system is very limited, and the quantum secret communication router of this embodiment can connect multiple sets of QKD systems, with multiple, even an order of magnitude increase in the rate of quantum key acquisition. The QKD systems can realize quantum key distribution with the QKD systems in different areas or different cities to obtain quantum keys, and the quantum encryption communication range for the quantum secret communication router is wider.
The invention also provides a high-bandwidth quantum secret communication system based on the SoC, which comprises a communication server, wherein the communication server is in communication connection with a plurality of quantum secret communication routers, each quantum secret communication router is respectively connected with a plurality of QKD systems and a plurality of external client devices, and the quantum secret communication router adopts any one of the high-bandwidth quantum secret communication router based on the SoC.
The invention also provides a communication method of the high-bandwidth quantum secret communication system based on the SoC, wherein the communication method comprises user login, message forwarding and file forwarding; the user login includes: a plurality of external client devices send login requests to corresponding quantum secret communication routers, the quantum secret communication routers and corresponding communication servers perform user confirmation, and the quantum secret communication routers obtain confirmation messages sent by the communication servers and then forward the confirmation messages to the client devices to finish user login;
the message forwarding includes: after the two communication parties respectively realize user login, the client device CA sends a plaintext message to the communication server CS through encryption of the quantum secret communication router A; the communication server CS forwards the encrypted message to the quantum secret communication router B; after decryption, the quantum secret communication router B sends the clear text message to the client device CB;
the file forwarding includes: after the two communication parties respectively realize the user login, the client device CA initiates a file sending request, and the communication server CS returns a confirmation response; the client device CA sends the file to the communication server CS through the encryption of the quantum secret communication router A; the communication server CS initiates a file sending request, and the client device CB returns a confirmation response; the communication server CS sends the local ciphertext file to the client device CB via decryption by the quantum secret communication router B.
In the processes of user login, message forwarding and file forwarding, the message is encrypted or decrypted, the used quantum key is updated according to the key updating frequency, namely, the quantum secret communication router and the communication server request unused quantum keys in the device to the respectively connected QKD systems through the respectively connected QKD systems, in the processes of user login and message forwarding, the general key updating frequency is higher, namely, the key updating is carried out after the encryption and decryption of one message are completed, in the process of file forwarding, the key updating frequency is set according to the size of the file, and the general key updating frequency is lower, namely, the key updating is not carried out in one file transmission time. Further description is provided below in connection with specific embodiments.
The embodiment provides a high-bandwidth quantum secret communication router based on SoC, which has the function of quantum encryption and decryption. This embodiment takes the SM4 algorithm as an example. As shown in fig. 5. The QKD system and the quantum secret communication router of this embodiment are deployed in both places A, B, and the local area networks in both places A, B are local area network a and local area network B. A communication server CS is provided with a quantum secret communication router and a QKD system; inside the local area network a, a QKD system QA, a quantum secret communication router a and a client device CA are arranged; within local area network B is deployed QKD system QB, quantum secret communications router B and client device CB. The QKD systems of local area network a and local area network B can achieve quantum key distribution through optical quantum communications and classical channels.
The embodiment assumes that the client device CA in the local area network a and the client device CB in the local area network B implement mutual messaging, and the message content may be a text, a voice, a picture, or the like. The detailed steps of encrypting the message are as follows:
step 1: the client device CA and the client device CB log in the communication server through a locally connected quantum secret communication router.
1.1, quantum encryption software installed on a client device CA initiates a user login request, wherein the request comprises a user account number and a password hash value of the client device CA (the password is not limited to a digest algorithm for protecting the password). The client device CA sends a login request to the quantum secret communication router A;
1.2, after receiving the request, the quantum secret communication router a encrypts and transmits the request to the communication server CS by using the quantum key QK1 associated with the communication server CS. The quantum key QK1 is obtained by quantum key distribution of a quantum secret communication router A and a communication server CS through QKD systems respectively connected with the quantum secret communication router A and the communication server CS;
1.3, after receiving the user login request, the communication server CS decrypts the user login request by using the quantum key QK1 and compares the user account number and the password hash value in the request with the user account number information in the database. After the verification is passed, the user account information is bound with the information of the quantum secret communication router A. The communication server CS encrypts the confirmation message by the quantum key QK1 and returns the encrypted confirmation message to the quantum secret communication router a. According to different key updating frequencies, the quantum key can be obtained after the quantum key distribution is carried out again;
1.4, the quantum secret communication router A receives the confirmation message of the communication server, and decrypts the confirmation message by using the quantum key QK1 to obtain a plaintext. The quantum secret communication router a forwards the acknowledgement message to the client device CA. The client device CA completes the user login process. The client device CB also completes the user login in the same way.
Step 2: the client device CA sends a message to the client device CB.
2.1, the client device CA sends a plaintext message to the quantum secret communication router A, and the message header contains the user information of the client device CA, the user information (account number) of the client device CB, the message type, the message length and other information;
after receiving the plaintext message, the quantum secret communication router a requests the communication server for the information of the QKD system QB used by the quantum secret communication router B bound by the client device CB. Quantum secret communication router a requests quantum keys with QKD system QB from QKD system QA;
and 2.3, the QKD system QA receives a quantum key request from the quantum secret communication router A, and quantum key distribution is carried out on the QKD system QB and the QKD system QB according to the information of the QKD system QB in the request, so as to obtain a quantum key QK2. The QKD system QA sends the quantum key QK2 to the quantum secret communication router A;
2.4, the quantum secret communication router A receives the quantum key QK2. The quantum secret communication router A encrypts a plaintext message by using a quantum key QK2 to obtain the message content in the ciphertext substitution message, and adds a key ID of the quantum key QK2 to the message header. The quantum secret communication router A forwards the ciphertext message to the communication server CS;
and 2.5, the communication server CS receives the ciphertext message and verifies the ciphertext message according to the user information of the client device CA in the message header and the binding information in the database. After verification is completed, the communication server CS forwards the message to the quantum secret communication router B according to the user information of the client device CB in the message header;
2.6, the quantum secret communication router B receives the encrypted message forwarded by the communication server CS. Requesting a quantum key from QKD system QB using the key ID in the message header;
2.7, QKD system QB receives the request of the quantum secret communication router B, finds the quantum key QK2 according to the key ID in the request and sends it to the quantum secret communication router B;
and 2.8, the quantum secret communication router B receives the quantum key QK2. The quantum secret communication router B decrypts the ciphertext message by using the quantum key QK2 to obtain a plaintext message, and reserves plaintext data according to the message length in the header. The quantum secret communication router B forwards the decrypted plaintext message to the client device CB. To this end, the client device CA completes one message transmission to the client device CB.
The present embodiment assumes that the client device CA in the local area network a needs to send a file to the client device CB in the local area network B, and the detailed working principle of the encrypted communication is as follows:
the foregoing describes how the client device logs in, so the following description is omitted.
Step 1: the client device CA initiates a file transmission request and the communication server CS returns an acknowledgement.
1.1, a client device CA sends a file sending request to a quantum secret communication router A, wherein the request message at least comprises identity information of the client device CA, identity information of the client device CB, a file name, a file size and the like;
1.2, the quantum secret communication router A receives the request message of the client device CA, analyzes the message, identifies the message type and forwards the message to the communication server CS;
1.3, the communication server CS receives the request message from the quantum secret communication router A, and analyzes the message to obtain identity information of the client device CA and the client device CB. The communication server CS verifies the identity information of the client devices CA and CB, and returns the confirmed response message to the quantum secret communication router A after the verification is passed;
1.4, the quantum secret communication router A receives the response message of the communication server CS and forwards the response message to the client device CA. The client device CA receives a response message that the acknowledgement of the file transmission request passed.
Step 2: the client device CA sends the file encrypted via the quantum secret communication router a to the communication server CS.
2.1, the client device CA reads the file to be transmitted, and if the size of the file exceeds the limit size of the data packet, the data with the limit value size is read. The client device CA packages a data message comprising a header and file data. The header contains a message identification code, identity information of the client device CA, identity information of the client device CB, a file name, the total number of data messages required for the file, a data message number, a data length of the data message and a supplementary length. The supplemental length in the header is for the last data message, the number of bytes needed to supplement the file data length to a multiple of 16 bytes. The client device CA sends the data message to the quantum secret communication router A;
2.2, the quantum secret communication router A receives the data message from the client device CA, analyzes the message and identifies the message type. The quantum secret communication router a reads the data length and the file data portion in the data message and encrypts the file data portion according to the data length. The encryption process is as follows: the quantum secret communication router A requests a quantum key from the local QKD system, and after the quantum key is acquired, the quantum secret communication router A encrypts a file data part by an SM4 algorithm to obtain ciphertext data.
And the quantum secret communication router A replaces original file data in the data message with encrypted ciphertext data, and adds a key ID to the header of the message at the same time, so as to finally obtain the ciphertext message. The quantum secret communication router A sends the ciphertext message to the communication server CS;
2.3, the communication server CS receives the ciphertext message from the quantum secret communication router A, analyzes the message, and verifies the header content of the message. After passing the verification, the communication server CS creates a file in the local file storage area according to the file name of the header and adds a uniform suffix name. The communication server CS writes the ciphertext portion of the message into the newly created file. If the file is split into a plurality of data packets, the subsequent ciphertext data is written in the tail part of the file.
The communication server CS returns an acknowledgement message to the quantum secret communication router a, which forwards the acknowledgement message to the client device CA. After all data of the file are encrypted by the quantum secret communication router A and then sent to the communication server CS, the file is encrypted and sent.
Step 3: the communication server CS initiates a file sending request, and the client device CB returns an acknowledgement.
3.1, the communication server CS sends a file sending request to the quantum secret communication router B, wherein the request message at least comprises identity information of the client device CA, identity information of the client device CB, file name, file size and the like;
3.2, the quantum secret communication router B receives the request message of the communication server CS, analyzes the message, identifies the message type and forwards the message to the client device CB;
and 3.3, the client device CB receives the request message from the quantum secret communication router B, and analyzes the message to obtain identity information of the client device CA and the client device CB. The client device CB compares the identity information of the client device CB in the message with the self information, and after verification, the response message passing the verification is returned to the quantum secret communication router B;
and 3.4, the quantum secret communication router B receives the response message of the client device CB and forwards the response message to the communication server CS. The communication server CS receives a response message confirming passage of the file transmission request.
Step 4: the communication server CS sends the local ciphertext file to the client device CB via decryption by the quantum secret communication router B.
And 4.1, the communication server CS reads a ciphertext file which is not transmitted locally, and if the file size exceeds the limit size of the data packet, reads the data with the limit value size. The communication server CS packages a ciphertext message that includes a header and encrypted data. The header is set to be the same as the header of the message sent from the client device CA to the communication server CS, and contains a message identification code, identity information of the client device CA, identity information of the client device CB, a key ID, a file name, the total number of data messages required for the file, a data message number, a data length of the data message, and a complementary length. The communication server CS sends the data message to the quantum secret communication router B;
and 4.2, the quantum secret communication router B receives the data message from the communication server CS, analyzes the message and identifies the message type. The quantum secret communication router B reads the data length and the file data portion in the data message and decrypts the file data portion according to the data length. The decryption process is as follows: the quantum secret communication router B requests a corresponding quantum key from the local QKD system by using the key ID of the header, and after the quantum key is acquired, the quantum secret communication router B carries out SM4 algorithm decryption on the encrypted data part to obtain plaintext data.
And the quantum secret communication router B replaces original encrypted data in the data message with the decrypted plaintext data, and deletes the key ID at the head of the message at the same time, and finally the data message is obtained. The quantum secret communication router B sends the data message to the client device CB;
and 4.3, the client device CB receives the data message from the quantum secret communication router B, analyzes the message and verifies the header content of the message. After passing the verification, the client device CB creates a file in the local file storage area according to the file name of the header. The client device CB writes the message plaintext data portion into the newly created file. If the file is split into a plurality of data packets, the subsequent plaintext data is written at the tail of the file.
The client device CB returns an acknowledgement message to the quantum secret communication router B, which forwards the acknowledgement message to the communication server CS. After all data of the encrypted file are decrypted by the quantum secret communication router B and then sent to the client device CB, the file is finished in the process of decryption and sending.
The foregoing is only a preferred embodiment of the invention, it being noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the invention.
Claims (12)
1. The high-bandwidth quantum secret communication router based on the SoC is characterized by comprising an SoC chip, and a plaintext communication unit, a secret key communication unit and a network communication unit which are connected with the SoC chip;
the plaintext communication unit is connected with a plurality of external client devices and is used for data transmission between the client devices and the SoC chip; the key communication unit is connected with the QKD systems, and is used for acquiring a quantum key from the QKD systems and transmitting the quantum key to the SoC chip; the network communication unit is used for establishing communication based on TCP/IP protocol between the access network and the communication server and is used for data transmission between the communication server and the SoC chip; the SoC chip is used for realizing a non-quantum encryption mode and a quantum encryption mode: in a non-quantum encryption mode, the SoC chip does not encrypt or decrypt the transmitted data, so that the traditional network route switching function is realized; in a quantum encryption mode, the SoC chip performs encryption/decryption processing on transmitted data according to a quantum key acquired from the QKD system; the unencrypted data transmitted by the plaintext communication unit is transmitted through the network communication unit after being encrypted by the SoC chip, and the encrypted data transmitted by the network communication unit is transmitted to the client device through the plaintext communication unit after being decrypted by the SoC chip.
2. The SoC-based high bandwidth quantum secret communication router of claim 1, wherein the SoC chip includes a network control module, a plaintext communication module, a data processing module, an algorithm control module, a key management module and an algorithm module; the network control module is connected with the network communication unit and is used for providing network driving and communication connection functions based on TCP/IP protocol for the SoC chip; the plaintext communication module is connected with the plaintext communication unit and is used for establishing communication connection between the quantum secret communication router and the client device; the key management module is connected with the key communication unit and is used for establishing communication connection between the quantum secret communication router and the QKD system and transmitting the quantum key to the algorithm module; the data processing module is respectively and independently connected with the network control module, the plaintext communication module and the algorithm control module; the algorithm control module is respectively and independently connected with the data processing module, the key management module and the algorithm module; the algorithm module is realized by an FPGA part of the SoC chip and is used for providing a cryptographic calculation function for the algorithm control module, and the algorithm control module is used for providing a cryptographic algorithm for the data processing module and controlling the acquisition and the import of the quantum key;
in a non-quantum encryption mode, the network control module, the data processing module and the plaintext communication module form a data transmission link, and the data processing module does not encrypt or decrypt the transmitted data, so that the traditional network route switching function is realized; in the quantum encryption mode, the data processing module performs encryption/decryption processing on the transmitted data according to an encryption/decryption processing algorithm and a quantum key acquired from the algorithm control module; the network control module, the data processing module and the plaintext communication module form a data transmission link, unencrypted data transmitted by the plaintext communication module are transmitted through the network control module after being encrypted by the data processing module, and encrypted data transmitted by the network control module are transmitted through the plaintext communication module after being decrypted by the data processing module.
3. The SoC-based high bandwidth quantum secret communication router of claim 2, wherein: the cryptographic algorithm in the algorithm module comprises a symmetric encryption algorithm and a hash algorithm; the symmetric encryption algorithm comprises SM4, AES and one-time pad algorithm, and the hash algorithm comprises SM3 algorithm.
4. The SoC-based high bandwidth quantum secret communication router of claim 2, wherein: and the data processing module realizes parallel computation of multiple cryptography algorithms or parallel computation of a single cryptography algorithm.
5. The SoC-based high bandwidth quantum secret communication router of claim 1, wherein the non-quantum encryption mode is a full port non-encryption mode, in which the SoC chip closes a key communication unit port without obtaining a quantum key to the QKD system through the key communication unit.
6. The SoC-based high bandwidth quantum secret communication router of claim 1, wherein the plaintext communication unit is a multi-interface unit and the interface is a gigabit portal; the key communication unit is a multi-interface unit, and the interface is a gigabit network port; the interface of the network communication unit is a gigabit network port, a tera network port or an optical fiber interface.
7. The high-bandwidth quantum secret communication system based on SoC is characterized in that: the system comprises a communication server, wherein the communication server is in communication connection with a plurality of quantum secret communication routers, each quantum secret communication router is respectively connected with a plurality of QKD systems and a plurality of external client devices, and the quantum secret communication router adopts the high-bandwidth quantum secret communication router based on SoC as claimed in any one of claims 1-6.
8. The communication method of the SoC-based high bandwidth quantum secret communication system of claim 7, wherein: the communication method comprises user login, message forwarding and file forwarding; the user login includes: a plurality of external client devices send login requests to corresponding quantum secret communication routers, the quantum secret communication routers and corresponding communication servers perform user confirmation, and the quantum secret communication routers obtain confirmation messages sent by the communication servers and then forward the confirmation messages to the client devices to finish user login;
the message forwarding includes: after the two communication parties respectively realize user login, the client device CA sends a plaintext message to the communication server CS through encryption of the quantum secret communication router A; the communication server CS forwards the encrypted message to the quantum secret communication router B; after decryption, the quantum secret communication router B sends the clear text message to the client device CB;
the file forwarding includes: after the two communication parties respectively realize the user login, the client device CA initiates a file sending request, and the communication server CS returns a confirmation response; the client device CA sends the file to the communication server CS through the encryption of the quantum secret communication router A; the communication server CS initiates a file sending request, and the client device CB returns a confirmation response; the communication server CS sends the local ciphertext file to the client device CB via decryption by the quantum secret communication router B.
9. The communication method of SoC-based high bandwidth quantum secret communication system as claimed in claim 8, wherein the message is encrypted or decrypted during user login, message forwarding and file forwarding, and the used quantum key is updated according to a key update frequency, i.e. the quantum secret communication router and the communication server request the unused quantum key to the respective connected QKD system to replace the quantum key used in the device through the respective connected QKD system.
10. The communication method of the SoC-based high bandwidth quantum secret communication system of claim 8, wherein the user login comprises the steps of:
the client device CA sends a user login request to a corresponding quantum secret communication router A; the quantum secret communication router A encrypts the user login request by using a quantum key QK1 and sends the encrypted user login request to a communication server CS; the quantum key QK1 is obtained by quantum secret communication router A and communication server CS through QKD systems respectively connected to each other; the communication server CS decrypts the quantum key QK1 to obtain a user login request, the quantum key QK1 is used for encrypting and feeding back the confirmation message to the quantum secret communication router A after the user login request is verified to be successful, and the quantum secret communication router A decrypts the confirmation message by using the quantum key QK1 and forwards the confirmation message to the client device CA to realize user login.
11. The communication method of the SoC-based high bandwidth quantum secret communication system according to claim 8, wherein in the message forwarding, after the two communication parties respectively realize user login, the method further comprises the following steps:
the client device CA sends a plaintext message to a corresponding quantum secret communication router A; the quantum secret communication router A encrypts the plaintext message by using a quantum key QK2 and then uses the encrypted message as message content in the ciphertext replacement message, adds a key ID of the quantum key QK2 to the message header of the ciphertext replacement message and then sends the message to the communication server CS; the quantum key QK2 is obtained by carrying out quantum key distribution between a QKD system QA used by a quantum secret communication router A and a QKD system QB used by a quantum secret communication router B;
after the communication server CS verifies the identity information of the client device CA successfully, the ciphertext replacement message is forwarded to the quantum secret communication router B corresponding to the client device CB; the quantum secret communication router B requests the QKD system QB to obtain a quantum key QK2 according to the key ID of the message header, decrypts the ciphertext substitution message according to the quantum key QK2 to obtain a plaintext message, and forwards the plaintext message to the client device CB to realize message forwarding.
12. The communication method of the SoC-based high bandwidth quantum secret communication system as claimed in claim 8, wherein in the file forwarding process, the client device CA sends the file to be sent to the vector secret communication router a; the method comprises the steps that quantum secret communication router A corresponding to client equipment CA uses a QKD system QA and QKD system QB corresponding to client equipment CB to carry out quantum key distribution, quantum secret communication router A requests quantum keys to the QKD system QA, quantum secret communication router B requests corresponding quantum keys to the QKD system QB, and after the quantum keys are obtained, the quantum secret communication router A encrypts file data to be sent to obtain ciphertext data; the method comprises the steps that ciphertext data are sent to a quantum secret communication router B through a communication server CS, and the quantum secret communication router B decrypts the ciphertext data to obtain a file to be sent and sends the file to a client device CB; when the file to be transmitted is oversized, the file to be transmitted is divided into a plurality of file data to be transmitted with the size of a data packet definition value, and the file data to be transmitted are sequentially encrypted/decrypted and transmitted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310347327.5A CN116506353A (en) | 2023-04-03 | 2023-04-03 | SoC-based high-bandwidth quantum secret communication router, system and communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310347327.5A CN116506353A (en) | 2023-04-03 | 2023-04-03 | SoC-based high-bandwidth quantum secret communication router, system and communication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116506353A true CN116506353A (en) | 2023-07-28 |
Family
ID=87315849
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310347327.5A Pending CN116506353A (en) | 2023-04-03 | 2023-04-03 | SoC-based high-bandwidth quantum secret communication router, system and communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116506353A (en) |
-
2023
- 2023-04-03 CN CN202310347327.5A patent/CN116506353A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3432509B1 (en) | Quantum enhanced application security | |
| CN109995513B (en) | Low-delay quantum key mobile service method | |
| EP1169833B1 (en) | Key management between a cable telephony adapter and associated signaling controller | |
| EP1387236B1 (en) | Key management system and method for secure data transmission | |
| US20020184487A1 (en) | System and method for distributing security processing functions for network applications | |
| CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
| JP2016510196A (en) | Secure network communication | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| CN114172745A (en) | Internet of things security protocol system | |
| Cho et al. | Securing ethernet-based optical fronthaul for 5g network | |
| CN110808834A (en) | Quantum key distribution method and quantum key distribution system | |
| CN115567207A (en) | Method and system for realizing multicast data encryption and decryption by quantum key distribution | |
| CN113221146A (en) | Method and device for data transmission between block chain nodes | |
| CN114422256B (en) | High-performance security access method and device based on SSAL/SSL protocol | |
| US20030007645A1 (en) | Method and system for allowing a sender to send an encrypted message to a recipient from any data terminal | |
| CN110417706B (en) | Switch-based secure communication method | |
| CN112532384B (en) | Method for quickly encrypting and decrypting transmission key based on packet key mode | |
| Cho et al. | Secure open fronthaul interface for 5G networks | |
| Takahashi et al. | A high-speed key management method for quantum key distribution network | |
| JP2001177514A (en) | Method and device for communication | |
| US20230269077A1 (en) | On-demand formation of secure user domains | |
| CN218336048U (en) | Secret key management dynamic route generation network architecture for quantum communication | |
| CN115567192A (en) | Method and system for realizing transparent encryption and decryption of multicast data by quantum key distribution | |
| CN116506353A (en) | SoC-based high-bandwidth quantum secret communication router, system and communication method | |
| CN115459913A (en) | Quantum key cloud platform-based link transparent encryption method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |