CN116846508A - Quantum terminal fusion network access system and method - Google Patents
Quantum terminal fusion network access system and method Download PDFInfo
- Publication number
- CN116846508A CN116846508A CN202310853687.2A CN202310853687A CN116846508A CN 116846508 A CN116846508 A CN 116846508A CN 202310853687 A CN202310853687 A CN 202310853687A CN 116846508 A CN116846508 A CN 116846508A
- Authority
- CN
- China
- Prior art keywords
- quantum
- user
- alice
- bob
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000004927 fusion Effects 0.000 title claims abstract description 35
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004891 communication Methods 0.000 claims abstract description 65
- 230000003287 optical effect Effects 0.000 claims abstract description 37
- 230000010287 polarization Effects 0.000 claims description 44
- 230000004044 response Effects 0.000 claims description 14
- 238000005259 measurement Methods 0.000 claims description 12
- 238000012805 post-processing Methods 0.000 claims description 12
- 239000003999 initiator Substances 0.000 claims description 10
- 229940125730 polarisation modulator Drugs 0.000 claims description 10
- 230000008569 process Effects 0.000 claims description 10
- 230000009191 jumping Effects 0.000 claims description 9
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000001427 coherent effect Effects 0.000 claims description 8
- 239000013598 vector Substances 0.000 claims description 8
- 238000000354 decomposition reaction Methods 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 4
- 230000003321 amplification Effects 0.000 claims description 3
- 238000012937 correction Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000003199 nucleic acid amplification method Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 239000013307 optical fiber Substances 0.000 abstract description 7
- 238000010276 construction Methods 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 101100028789 Arabidopsis thaliana PBS1 gene Proteins 0.000 description 3
- 230000002708 enhancing effect Effects 0.000 description 3
- 101100139907 Arabidopsis thaliana RAR1 gene Proteins 0.000 description 2
- 101100028790 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) PBS2 gene Proteins 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000003745 diagnosis Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J14/00—Optical multiplex systems
- H04J14/02—Wavelength-division multiplex systems
- H04J14/0278—WDM optical network architectures
- H04J14/0282—WDM tree architectures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J14/00—Optical multiplex systems
- H04J14/02—Wavelength-division multiplex systems
- H04J14/0201—Add-and-drop multiplexing
- H04J14/0202—Arrangements therefor
- H04J14/021—Reconfigurable arrangements, e.g. reconfigurable optical add/drop multiplexers [ROADM] or tunable optical add/drop multiplexers [TOADM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
- H04L9/0858—Details about key distillation or coding, e.g. reconciliation, error correction, privacy amplification, polarisation coding or phase coding
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Optics & Photonics (AREA)
- Optical Communication System (AREA)
Abstract
The invention discloses a quantum terminal fusion network access system and a method, wherein the system comprises a network controller, a reconfigurable optical branching multiplexer ROADM, an MDI-QKD receiver, a plurality of wavelength division multiplexing devices WDM, a plurality of users Alice and a plurality of users Bob; the reconfiguration optical branching multiplexer ROADM is respectively connected with a network controller, an MDI-QKD receiver and a plurality of WDM devices to form a star network topology structure, and any WDM device is respectively connected with one or a plurality of user Alice or user Bob; the user Alice generates quantum signals or classical signals and sends the quantum signals or classical signals to a reconstruction optical branching multiplexer ROADM through a WDM device; the reconstructed optical add drop multiplexer ROADM forwards the quantum signal or classical signal to the user Bob, MDI-QKD receiver, or network controller. According to the invention, one or more reconfigurable optical branching multiplexer ROADMs are arranged at the central node to form a star network topology, and the communication network and the control network share one optical fiber link, so that the network construction cost is reduced.
Description
Technical Field
The invention relates to the technical field of quantum information and optical communication, in particular to a quantum terminal fusion network access system and a method.
Background
With the development of quantum computing technology, conventional key systems based on computational complexity are impacted. Quantum key distribution (quantum key distribution, QKD) is based on the Hassenberg's inaccuracy principle and the quantum unclonable law, and is theoretically guaranteed to be unconditionally safe. In recent years, quantum key distribution technology is rapidly developed, and point-to-point quantum key distribution technology is mature, and is about to enter a large-scale commercial stage.
In the current quantum communication field, the quantum signal and the classical signal are often transmitted through different optical fibers, and the technology of simultaneously transmitting the quantum signal and the classical signal in the same optical fiber is still immature.
In the prior art, a quantum classical fusion network for transmitting quantum and classical signals with different wavelengths in the same optical fiber is proposed, so that the networking cost of the quantum network can be reduced. However, the communication network of the technical scheme adopts a ring bus structure, the requirement on the reliability of the user nodes is higher, the transmission performance of the whole network is affected when one user node fails, and the fault diagnosis is not easy to carry out; the expansion of the network and the upgrading of the network transmission rate are complex, and a plurality of user nodes and links need to be changed; the quantum classical fusion channel is separated from the control network, two networks are required to be maintained simultaneously, and the network complexity and the maintenance cost are increased; in this technical solution, since each user node is a relay node, a ROADM (reconfigurable optical branching multiplexer) needs to be set for each user node, which increases the device cost and the construction cost of the network.
Therefore, to improve the defects of the prior art, a quantum terminal fusion network access system and a quantum terminal fusion network access method are provided.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a quantum terminal fusion network access system and a method thereof for solving the problems of the construction cost and the fault recovery capability of a quantum network.
The invention is realized by the following technical scheme:
a quantum terminal converged network access system, the system comprising a network controller, a reconfigurable optical add drop multiplexer ROADM, an MDI-QKD receiver, a plurality of wavelength division multiplexing devices WDM, a plurality of users Alice and a plurality of users Bob;
the reconfiguration optical branching multiplexer ROADM is respectively connected with a network controller and an MDI-QKD receiver, and is also respectively connected with a plurality of WDM devices to form a star-shaped network topology structure, and any WDM device is respectively connected with one or more user Alice or user Bob;
the network controller is used for acquiring topology information, access user information, wavelength information and protocol information of a user Alice and a user Bob of a communication network;
the user Alice is used for generating a quantum signal or a classical signal and sending the quantum signal or the classical signal to a wavelength division multiplexing device WDM;
the WDM device is used for forwarding the quantum signal or classical signal of user Alice and transmitting the quantum signal or classical signal to the reconstruction optical branching multiplexer ROADM through quantum classical fusion channel
The reconfiguration optical branching multiplexer ROADM is configured to receive a quantum signal or a classical signal from user Alice and forward the quantum signal or the classical signal to the MDI-QKD receiver and the network controller; the network controller judges whether the QKD protocol of the terminal of the user Bob as a receiving end and the terminal of the initiator Alice are compatible according to the stored information of the user Bob; detecting the occupation condition of a wavelength channel in a network, judging whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the terminal, and finally selecting a proper communication wavelength according to the topology information of the communication network;
the MDI-QKD receiver is used for measuring quantum signals and then transmitting the measured results to the reconfigurable optical branching multiplexer ROADM, and the reconfigurable optical branching multiplexer ROADM respectively transmits the measured results to the user Alice and the user Bob according to wavelength information selected by the network controller;
the user Bob is used for establishing communication connection with the user Alice at the transmitting end and receiving quantum signals or classical signals transmitted by the user Alice from the transmitting party.
Preferably, the user Alice includes an Alice user terminal, an Alice key gateway, and a QKD transmitter connected in sequence.
The Alice user terminal is connected with the Alice key gateway and the QKD transmitter through interfaces and protocols;
the Alice user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the Alice user terminal;
the QKD transmitter generates the quantum key and transmits the generated quantum key to the Alice quantum key gateway for storage and management through a classical channel of a user terminal;
the Alice key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Alice user terminal.
Preferably, the QKD transmitter includes a tunable wavelength pulsed laser, a quantum encoder, a polarization modulator, an intensity modulator, and a transmitting-side protocol controller;
the transmitting end protocol controller is respectively connected with the wavelength-adjustable pulse laser, the quantum encoder, the polarization modulator and the intensity modulator;
the transmitting end protocol controller sets the wavelength of the adjustable wavelength pulse laser, the protocol type of the quantum encoder and controls the polarization modulator and the intensity modulator according to the control instruction of the network controller.
Preferably, the user Bob includes a Bob user terminal, a Bob key gateway, and a QKD receiver connected in sequence;
the Bob user terminal is connected with the Bob key gateway and the QKD receiver through interfaces and protocols;
the Bob user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the user terminal;
the QKD receiver generates the quantum key and sends the generated quantum key to the Bob quantum key gateway for storage and management through a classical channel of a user terminal;
the Bob key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Bob user terminal.
Preferably, the QKD receiver includes a channel monitor, a single-photon detector, a quantum decoder, a post-processing device, and a receiver-side protocol controller;
the channel monitor, the single photon detector, the quantum decoder and the post-processing device are sequentially connected; the receiving end protocol controller is respectively connected with the channel monitor, the single photon detector, the quantum decoder and the post-processing device;
the channel monitor is used for receiving signals from a plurality of WDM devices connected with the user Bob and monitoring the intensity of optical signals;
the receiving end protocol controller is used for setting the protocol type of the quantum decoder according to the control instruction of the network controller;
the quantum decoder is used for decoding the received quantum signals;
the single photon detector is used for detecting and responding to the quantum signals and publishing the response condition to generate a quantum key;
the post-processing device is used for carrying out classical error correction and privacy amplification processing on the generated quantum key and sending a final generated key sequence to the Bob key gateway for storage and management.
Preferably, the MDI-QKD receiver includes a beam splitter, a first polarizing beam splitter, a second polarizing beam splitter, a first vertical polarization state detector, a first horizontal polarization state detector, a second vertical polarization state detector, and a second horizontal polarization state detector;
the output port of the beam splitter is respectively connected with the input ports of the first polarization beam splitter and the second polarization beam splitter; the two output ports of the first polarization beam splitter are respectively connected with the first vertical polarization state detector and the first horizontal polarization state detector, and the two output ports of the second polarization beam splitter are respectively connected with the second vertical polarization state detector and the second horizontal polarization state detector.
The quantum terminal converged network access method is characterized by comprising the following steps of:
step 1: the network controller periodically acquires and stores topology information of a communication network, running service information in the network, wavelength information and protocol information of the user Alice and the user Bob;
step 2: the user terminal of the user Alice sends the session request information to the network controller through the ROADM through the quantum classical fusion channel;
step 3: the network controller judges whether the QKD protocol of the user terminal of the receiver Bob of the quantum secret communication and the QKD protocol of the user terminal of the initiator Alice are compatible according to the stored information of the user Bob;
if so, jumping to the step 4;
if the communication is not compatible, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 4: the network controller detects the occupation condition of a wavelength channel in the network and judges whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the user terminal;
if yes, jumping to the step 5;
if the request fails, the communication is terminated, and the network controller sends a response requesting failure to the user Alice;
step 5: the network controller sets a C wave band for the classical channel and an O wave band for the quantum channel according to topology information of the communication network; opening a transmission light path between the user Alice and the user terminal Bob and informing the user Alice that a quantum channel is established;
step 6: the user Alice sends pulse to perform link security test on the quantum channel, and judges whether the error rate is larger than the error rate threshold of the QKD protocol used by the quantum channel;
if not, jumping to the step 7;
if the request is larger than the preset threshold, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 7: according to a collaborative consistent QKD protocol, a QKD transmitter of the user Alice generates a quantum key and stores the key to an Alice key gateway for storage and management through a classical channel;
step 8: the Alice key gateway receives service information sent by Alice user terminals, encrypts the service information by using stored quantum keys and then sends the encrypted service information to a WDM (wavelength division multiplexing) device connected with Alice;
step 9: the WDM connected with the user Alice processes the encrypted service information in a classical signal wavelength division coding mode and transmits the encrypted service information to the reconstruction optical branching multiplexer ROADM through the quantum classical fusion channel, and then the reconstruction optical branching multiplexer ROADM is forwarded to the WDM connected with the user Bob;
step 10: the WDM device connected with the user Bob receives the encryption information, processes the encryption information in a classical signal wave decomposition code mode and sends the encryption information to the Bob key gateway;
step 11: the Bob key gateway uses the stored quantum key to decrypt information and sends the information to the Bob user terminal;
step 12: the network controller closes the quantum channel and the communication ends.
Preferably, the session request information includes an initiator Alice, a receiver Bob, and a QKD protocol of the key distribution request.
Preferably, when the two parties of communication adopt the QKD protocol to be the MDI-QKD protocol, the method comprises the following steps;
step A; respectively preparing weak coherent light pulses by a user Alice and a user Bob, and randomly selecting one polarization state to encode the weak coherent light pulses;
and (B) step (B): the user Alice and the user Bob send the prepared quantum signals to an MDI-QKD receiver through a quantum classical fusion channel for Bell state measurement;
step C: the network controller publishes a successful Bell state measurement result; simultaneously, the user Alice and the user Bob respectively publish the basic vectors of the codes;
step D: and any one of the user Alice and the user Bob obtains a consistent security key string after the bits are turned over according to the part of the same basis vector and the Bell state measurement result used by both sides.
Preferably, the polarization states in step a are |h >, |v >, |++, and|- >.
The beneficial effects of the invention are as follows:
1. the communication network and the control network share one optical fiber link, thereby simplifying network topology and reducing network construction cost, and the centralized transmission control strategy can be executed at a central node, so that the coordination and management of the network are easier.
2. The invention adopts star network topology, only one or more reconfigurable optical branching multiplexer ROADMs are required to be arranged at the central node, the normal operation of the original network is not affected when other users access, and the other users of the whole local area network are not affected when the user node fails.
3. The invention is compatible with the common QKD protocol and the MDI-QKD protocol, thereby enhancing network security and simplifying network structure.
Drawings
FIG. 1 is a system block diagram of the present invention;
FIG. 2 is a block diagram of user Alice and user Bob of the present invention;
fig. 3 is a schematic diagram of a QKD transmitter and receiver of the present invention;
FIG. 4 is a schematic diagram of an MDI-QKD receiver of the present invention;
fig. 5 is a flow chart of the method of the present invention.
Detailed Description
The present invention will be further described in detail with reference to the following examples, for the purpose of making the objects, technical solutions and advantages of the present invention more apparent, but the scope of the present invention is not limited to the following specific examples.
A quantum terminal converged network access system, as shown in fig. 1, the system comprises a network controller, a reconfigurable optical branching multiplexer ROADM, an MDI-QKD receiver, a plurality of wavelength division multiplexing devices WDM, a plurality of users Alice and a plurality of users Bob;
the reconfiguration optical branching multiplexer ROADM is respectively connected with a network controller and an MDI-QKD receiver, and is also respectively connected with a plurality of WDM devices to form a star-shaped network topology structure, and any WDM device is respectively connected with one or more user Alice or user Bob; the invention adopts star network topology, only one or more reconfigurable optical branching multiplexer ROADMs are required to be arranged at the central node, the normal operation of the original network is not affected when other users access, when the main ROADM breaks down, the network controller is immediately switched to the standby ROADM to recover the network, and when the user node breaks down, other users of the whole local area network are not affected.
The network controller is used for acquiring topology information, access user information, wavelength information and protocol information of a user Alice and a user Bob of a communication network;
the user Alice is used for generating a quantum signal or a classical signal and sending the quantum signal or the classical signal to a wavelength division multiplexing device WDM;
the WDM device is used for forwarding the quantum signal or classical signal of the user Alice and transmitting the quantum signal or classical signal to the reconstruction optical branching multiplexer ROADM through a quantum classical fusion channel;
the reconfiguration optical branching multiplexer ROADM is configured to receive a quantum signal or a classical signal from user Alice and forward the quantum signal or the classical signal to the MDI-QKD receiver and the network controller; the network controller judges whether the QKD protocol of the terminal of the user Bob as a receiving end and the terminal of the initiator Alice are compatible according to the stored information of the user Bob; detecting the occupation condition of a wavelength channel in a network, judging whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the terminal, and finally selecting a proper communication wavelength according to the topology information of the communication network;
the MDI-QKD receiver is used for measuring quantum signals and then transmitting the measured results to the reconfigurable optical branching multiplexer ROADM, and the reconfigurable optical branching multiplexer ROADM respectively transmits the measured results to the user Alice and the user Bob according to wavelength information selected by the network controller;
the user Bob is configured to receive a quantum signal or classical message sent by the user Alice from the sender.
The communication network and the control network share one optical fiber link, the invention simplifies the network topology and reduces the network construction cost, and the centralized transmission control strategy can be executed at the central node, so that the coordination and management of the network are easier.
As shown in fig. 2-3, the user Alice includes an Alice user terminal, an Alice key gateway, and a QKD transmitter, which are sequentially connected.
The Alice user terminal is connected with the Alice key gateway and the QKD transmitter through interfaces and protocols;
the Alice user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the Alice user terminal;
the QKD transmitter generates the quantum key and transmits the generated quantum key to the Alice quantum key gateway for storage and management through a classical channel of a user terminal;
the Alice key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Alice user terminal.
Specifically, the QKD transmitter includes a tunable wavelength pulsed laser, a quantum encoder, a polarization modulator, an intensity modulator, and a transmitting-side protocol controller;
the transmitting end protocol controller is respectively connected with the wavelength-adjustable pulse laser, the quantum encoder, the polarization modulator and the intensity modulator;
the transmitting end protocol controller controls the adjustable wavelength pulse laser, the quantum encoder, the polarization modulator and the intensity modulator through a unified interface. The transmitting end protocol controller can also set the wavelength of the adjustable wavelength pulse laser, the protocol type of the quantum encoder and control the polarization modulator and the intensity modulator according to the control instruction of the network controller.
As shown in fig. 2-3, the user Bob includes a Bob user terminal, a Bob key gateway, and a QKD receiver that are connected in sequence;
the Bob user terminal is connected with the Bob key gateway and the QKD receiver through interfaces and protocols;
the Bob user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the user terminal;
the QKD receiver generates the quantum key and sends the generated quantum key to the Bob quantum key gateway for storage and management through a classical channel of a user terminal;
the Bob key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Bob user terminal.
Specifically, the QKD receiver includes a channel monitor, a single-photon detector, a quantum decoder, a post-processing device, and a receiver-side protocol controller;
the channel monitor, the single photon detector, the quantum decoder and the post-processing device are sequentially connected; the receiving end protocol controller is respectively connected with the channel monitor, the single photon detector, the quantum decoder and the post-processing device;
the channel monitor is used for receiving signals from a plurality of WDM devices connected with the user Bob and monitoring the intensity of optical signals;
the receiving end protocol controller is used for setting the protocol type of the quantum decoder according to the control instruction of the network controller;
the quantum decoder is used for decoding the received quantum signals;
the single photon detector is used for detecting and responding to the quantum signals and publishing the response condition to generate a quantum key;
the post-processing device is used for carrying out classical error correction and privacy amplification processing on the generated quantum key and sending a final generated key sequence to the Bob key gateway for storage and management.
As shown in fig. 4, the MDI-QKD receiver includes a beam splitter BS, a first polarizing beam splitter PBS1, a second polarizing beam splitter PBS2, a first vertical polarization detector D 1V First horizontal polarization detector D 1H Second vertical polarization detector D 2V And a second horizontal polarization detector D 2H ;
The output ports of the beam splitters BS are respectively connected with the input ports of the first polarization beam splitter PBS1 and the second polarization beam splitter PBS 2; the two output ports of the first polarization beam splitter PBS1 are respectively connected with a first vertical polarization state detector D 1V First horizontal polarization detector D 1H Respectively connected with two output ports of the second polarization beam splitter PBS2 and a second vertical polarization state detector D 2V Second horizontal polarization detector D 2H Are respectively connected.
The principle and process of the quantum terminal fusion network access system are as follows:
the network controller periodically acquires and stores topology information of a communication network, running service information in the network, wavelength information and protocol information of the user Alice and the user Bob;
the user terminal of the user Alice sends the session request information to the network controller through the ROADM through the quantum classical fusion channel; the session request information comprises an initiator Alice, a receiver Bob and a QKD protocol of a key distribution request;
the network controller judges whether the QKD protocol of the user terminal of the receiver Bob of the quantum secret communication and the QKD protocol of the user terminal of the initiator Alice are compatible according to the stored information of the user Bob; the network controller detects the occupation condition of a wavelength channel in the network and judges whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the user terminal;
if the protocols are incompatible or no wavelength resources exist and the error rate is smaller than the error rate threshold value of the QKD protocol used by the quantum channel, the network controller sends a response requesting failure to the user Alice;
if the protocol is compatible and wavelength resources exist, the network controller sets a C wave band for the classical channel and sets an O wave band for the quantum channel according to topology information of the communication network; opening a transmission light path between the user Alice and the user terminal Bob and informing the user Alice that a quantum channel is established;
the user Alice sends pulse to perform link security test on the quantum channel, and judges whether the error rate is larger than the error rate threshold of the QKD protocol used by the quantum channel;
if the request is larger than the preset threshold, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
if not, according to the cooperative and consistent QKD protocol, the QKD transmitter of the user Alice generates a quantum key and stores the key to the Alice key gateway for storage and management through a classical channel;
the Alice key gateway receives service information sent by Alice user terminals, encrypts the service information by using stored quantum keys and then sends the encrypted service information to a WDM (wavelength division multiplexing) device connected with Alice;
the WDM connected with the user Alice processes the encrypted service information in a classical signal wavelength division coding mode and transmits the encrypted service information to the ROADM through the quantum classical fusion channel, and then the encrypted service information is forwarded to the WDM connected with the user Bob;
the WDM device connected with the user Bob receives the encryption information, processes the encryption information in a classical signal wave decomposition code mode and sends the encryption information to the Bob key gateway; the Bob key gateway uses the stored quantum key to decrypt information and sends the information to the Bob user terminal; the network controller closes the quantum channel and the communication ends.
When the two communication parties adopt the QKD protocol as the MDI-QKD protocol, the communication principle and the process of the two communication parties are as follows:
respectively preparing weak coherent light pulses by a user Alice and a user Bob, and randomly selecting one polarization state to encode the weak coherent light pulses; the polarization states are |H >, |V >, |++, and|-;
the user Alice and the user Bob send the prepared quantum signals to an MDI-QKD receiver through a quantum classical fusion channel for Bell state measurement;
the network controller publishes a successful Bell state measurement result; simultaneously, the user Alice and the user Bob respectively publish the basic vectors of the codes;
and any one of the user Alice and the user Bob obtains a consistent security key string after the bits are turned over according to the part of the same basis vector and the Bell state measurement result used by both sides.
The invention is compatible with the common QKD protocol and the MDI-QKD protocol, thereby enhancing network security and simplifying network structure.
The quantum terminal converged network access method is applied to the quantum terminal converged network access system, as shown in fig. 5, and comprises the following steps:
step 1: the network controller periodically acquires and stores topology information of a communication network, running service information in the network, wavelength information and protocol information of the user Alice and the user Bob;
step 2: the user terminal of the user Alice sends the session request information to the network controller through the ROADM through the quantum classical fusion channel; the session request information comprises an initiator Alice, a receiver Bob and a QKD protocol of a key distribution request;
step 3: the network controller judges whether the QKD protocol of the user terminal of the receiver Bob of the quantum secret communication and the QKD protocol of the user terminal of the initiator Alice are compatible according to the stored information of the user Bob;
if so, jumping to the step 4;
if the communication is not compatible, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 4: the network controller detects the occupation condition of a wavelength channel in the network and judges whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the user terminal;
if yes, jumping to the step 5;
if the request fails, the communication is terminated, and the network controller sends a response requesting failure to the user Alice;
step 5: the network controller sets a C wave band for the classical channel and an O wave band for the quantum channel according to topology information of the communication network; opening a transmission light path between the user Alice and the user terminal Bob and informing the user Alice that a quantum channel is established;
step 6: the user Alice sends pulse to perform link security test on the quantum channel, and judges whether the error rate is larger than the error rate threshold of the QKD protocol used by the quantum channel;
if not, jumping to the step 7;
if the request is larger than the preset threshold, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 7: according to a collaborative consistent QKD protocol, a QKD transmitter of the user Alice generates a quantum key and stores the key to an Alice key gateway for storage and management through a classical channel;
step 8: the Alice key gateway receives service information sent by Alice user terminals, encrypts the service information by using stored quantum keys and then sends the encrypted service information to a WDM (wavelength division multiplexing) device connected with Alice;
step 9: the WDM connected with the user Alice processes the encrypted service information in a classical signal wavelength division coding mode and transmits the encrypted service information to the reconstruction optical branching multiplexer ROADM through the quantum classical fusion channel, and then the reconstruction optical branching multiplexer ROADM is forwarded to the WDM connected with the user Bob;
step 10: the WDM device connected with the user Bob receives the encryption information, processes the encryption information in a classical signal wave decomposition code mode and sends the encryption information to the Bob key gateway;
step 11: the Bob key gateway uses the stored quantum key to decrypt information and sends the information to the Bob user terminal;
step 12: the network controller closes the quantum channel and the communication ends.
When the two communication parties adopt the QKD protocol to be the MDI-QKD protocol, the method comprises the following steps;
step A; respectively preparing weak coherent light pulses by a user Alice and a user Bob, and randomly selecting one polarization state to encode the weak coherent light pulses; the polarization states are |H >, |V >, |++, and|-;
and (B) step (B): the user Alice and the user Bob send the prepared quantum signals to an MDI-QKD receiver through a quantum classical fusion channel for Bell state measurement;
step C: the network controller publishes a successful Bell state measurement result; simultaneously, the user Alice and the user Bob respectively publish the basic vectors of the codes;
step D: and any one of the user Alice and the user Bob obtains a consistent security key string after the bits are turned over according to the part of the same basis vector and the Bell state measurement result used by both sides.
The invention simplifies network topology and reduces network construction cost, and makes communication network and control network share one optical fiber link so as to make coordination and management of network easier.
According to the invention, only one or more reconfigurable optical branching multiplexer ROADMs are required to be arranged at the central node to form a star network topology, so that the normal operation of the original network is not affected when other users access, and the other users of the whole local area network are not affected when the user node fails.
The invention is compatible with the common QKD protocol and the MDI-QKD protocol, thereby enhancing network security and simplifying network structure.
Variations and modifications to the above would be obvious to persons skilled in the art to which the invention pertains from the foregoing description and teachings. Therefore, the invention is not limited to the specific embodiments disclosed and described above, but some modifications and changes of the invention should be also included in the scope of the claims of the invention. In addition, although specific terms are used in the present specification, these terms are for convenience of description only and do not constitute any limitation on the invention.
Claims (10)
1. The quantum terminal converged network access system is characterized by comprising a network controller, a reconfigurable optical branching multiplexer ROADM, an MDI-QKD receiver, a plurality of wavelength division multiplexing devices WDM, a plurality of users Alice and a plurality of users Bob;
the reconfiguration optical branching multiplexer ROADM is respectively connected with a network controller and an MDI-QKD receiver, and is also respectively connected with a plurality of WDM devices to form a star-shaped network topology structure, and any WDM device is respectively connected with one or more user Alice or user Bob;
the network controller is used for acquiring topology information, access user information, wavelength information and protocol information of a user Alice and a user Bob of a communication network;
the user Alice is used for generating a quantum signal or a classical signal and sending the quantum signal or the classical signal to a wavelength division multiplexing device WDM;
the WDM device is used for forwarding the quantum signal or classical signal of user Alice and transmitting the quantum signal or classical signal to the reconstruction optical branching multiplexer ROADM through quantum classical fusion channel
The reconfiguration optical branching multiplexer ROADM is configured to receive a quantum signal or a classical signal from user Alice and forward the quantum signal or the classical signal to the MDI-QKD receiver and the network controller; the network controller judges whether the QKD protocol of the terminal of the user Bob as a receiving end and the terminal of the initiator Alice are compatible according to the stored information of the user Bob; detecting the occupation condition of a wavelength channel in a network, judging whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the terminal, and finally selecting a proper communication wavelength according to the topology information of the communication network;
the MDI-QKD receiver is used for measuring quantum signals and then transmitting the measured results to the reconfigurable optical branching multiplexer ROADM, and the reconfigurable optical branching multiplexer ROADM respectively transmits the measured results to the user Alice and the user Bob according to wavelength information selected by the network controller;
the user Bob is used for establishing communication connection with the user Alice at the transmitting end and receiving quantum signals or classical signals transmitted by the user Alice from the transmitting party.
2. The quantum-terminal-converged network access system of claim 1, wherein the user Alice comprises an Alice user terminal, an Alice key gateway, and a QKD transmitter, which are sequentially connected;
the Alice user terminal is connected with the Alice key gateway and the QKD transmitter through interfaces and protocols;
the Alice user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the Alice user terminal;
the QKD transmitter generates the quantum key and transmits the generated quantum key to the Alice quantum key gateway for storage and management through a classical channel of a user terminal;
the Alice key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Alice user terminal.
3. The quantum-terminated converged network access system of claim 2, wherein the QKD transmitter includes a tunable wavelength pulsed laser, a quantum encoder, a polarization modulator, an intensity modulator, and a sender protocol controller;
the transmitting end protocol controller is respectively connected with the wavelength-adjustable pulse laser, the quantum encoder, the polarization modulator and the intensity modulator;
the transmitting end protocol controller sets the wavelength of the adjustable wavelength pulse laser, the protocol type of the quantum encoder and controls the polarization modulator and the intensity modulator according to the control instruction of the network controller.
4. The quantum-terminal-converged network access system of claim 1, wherein the user Bob comprises a Bob user terminal, a Bob key gateway, and a QKD receiver, which are connected in sequence;
the Bob user terminal is connected with the Bob key gateway and the QKD receiver through interfaces and protocols;
the Bob user terminal is used for receiving control information from the network controller and is responsible for selecting a communication wavelength channel and a communication time slot of the user terminal;
the QKD receiver generates the quantum key and sends the generated quantum key to the Bob quantum key gateway for storage and management through a classical channel of a user terminal;
the Bob key gateway is used for storing and managing the quantum key, and encrypts information sent by the user terminal by adopting the stored quantum key and sends the information to the quantum classical fusion channel or decrypts received encrypted information by adopting the stored quantum key and sends the information to the Bob user terminal.
5. The quantum-terminal fusion network access system of claim 4, wherein the QKD receiver includes a channel monitor, a single-photon detector, a quantum decoder, a post-processing device, and a receiver-side protocol controller;
the channel monitor, the single photon detector, the quantum decoder and the post-processing device are sequentially connected; the receiving end protocol controller is respectively connected with the channel monitor, the single photon detector, the quantum decoder and the post-processing device;
the channel monitor is used for receiving signals from a plurality of WDM devices connected with the user Bob and monitoring the intensity of optical signals;
the receiving end protocol controller is used for setting the protocol type of the quantum decoder according to the control instruction of the network controller;
the quantum decoder is used for decoding the received quantum signals;
the single photon detector is used for detecting and responding to the quantum signals and publishing the response condition to generate a quantum key;
the post-processing device is used for carrying out classical error correction and privacy amplification processing on the generated quantum key and sending a final generated key sequence to the Bob key gateway for storage and management.
6. The quantum-terminated converged network access system of claim 1, wherein the MDI-QKD receiver includes a beam splitter, a first polarizing beam splitter, a second polarizing beam splitter, a first vertical polarization state detector, a first horizontal polarization state detector, a second vertical polarization state detector, and a second horizontal polarization state detector;
the output port of the beam splitter is respectively connected with the input ports of the first polarization beam splitter and the second polarization beam splitter; the two output ports of the first polarization beam splitter are respectively connected with the first vertical polarization state detector and the first horizontal polarization state detector, and the two output ports of the second polarization beam splitter are respectively connected with the second vertical polarization state detector and the second horizontal polarization state detector.
7. A quantum terminal fusion network access method, to which the quantum terminal fusion network access system according to any one of claims 1 to 6 is applied, characterized in that the method comprises the following steps:
step 1: the network controller periodically acquires and stores topology information of a communication network, running service information in the network, wavelength information and protocol information of the user Alice and the user Bob;
step 2: the user terminal of the user Alice sends the session request information to the network controller through the ROADM through the quantum classical fusion channel;
step 3: the network controller judges whether the QKD protocol of the user terminal of the receiver Bob of the quantum secret communication and the QKD protocol of the user terminal of the initiator Alice are compatible according to the stored information of the user Bob;
if so, jumping to the step 4;
if the communication is not compatible, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 4: the network controller detects the occupation condition of a wavelength channel in the network and judges whether available wavelength resources exist between the user Alice and the user Bob according to the wavelength information used by the user terminal;
if yes, jumping to the step 5;
if the request fails, the communication is terminated, and the network controller sends a response requesting failure to the user Alice;
step 5: the network controller sets a C wave band for the classical channel and an O wave band for the quantum channel according to topology information of the communication network; opening a transmission light path between the user Alice and the user terminal Bob and informing the user Alice that a quantum channel is established;
step 6: the user Alice sends pulse to perform link security test on the quantum channel, and judges whether the error rate is larger than the error rate threshold of the QKD protocol used by the quantum channel;
if not, jumping to the step 7;
if the request is larger than the preset threshold, the communication is terminated, and the network controller sends a response of requesting failure to the user Alice;
step 7: according to a collaborative consistent QKD protocol, a QKD transmitter of the user Alice generates a quantum key and stores the key to an Alice key gateway for storage and management through a classical channel;
step 8: the Alice key gateway receives service information sent by Alice user terminals, encrypts the service information by using stored quantum keys and then sends the encrypted service information to a WDM (wavelength division multiplexing) device connected with Alice;
step 9: the WDM connected with the user Alice processes the encrypted service information in a classical signal wavelength division coding mode and transmits the encrypted service information to the reconstruction optical branching multiplexer ROADM through the quantum classical fusion channel, and then the reconstruction optical branching multiplexer ROADM is forwarded to the WDM connected with the user Bob;
step 10: the WDM device connected with the user Bob receives the encryption information, processes the encryption information in a classical signal wave decomposition code mode and sends the encryption information to the Bob key gateway;
step 11: the Bob key gateway uses the stored quantum key to decrypt information and sends the information to the Bob user terminal;
step 12: the network controller closes the quantum channel and the communication ends.
8. The quantum terminal converged network access method of claim 7, wherein the session request information includes an originator Alice of the key distribution request, a recipient Bob, and a QKD protocol.
9. The quantum terminal converged network access method of claim 7, wherein when both communication parties adopt a QKD protocol as MDI-QKD protocol, the method comprises the steps of;
step A; respectively preparing weak coherent light pulses by a user Alice and a user Bob, and randomly selecting one polarization state to encode the weak coherent light pulses;
and (B) step (B): the user Alice and the user Bob send the prepared quantum signals to an MDI-QKD receiver through a quantum classical fusion channel for Bell state measurement;
step C: the network controller publishes a successful Bell state measurement result; simultaneously, the user Alice and the user Bob respectively publish the basic vectors of the codes;
step D: and any one of the user Alice and the user Bob obtains a consistent security key string after the bits are turned over according to the part of the same basis vector and the Bell state measurement result used by both sides.
10. The quantum terminal fusion network access method of claim 9, wherein the polarization states in step a are |h >, |v >, |++, and| - >.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310853687.2A CN116846508A (en) | 2023-07-12 | 2023-07-12 | Quantum terminal fusion network access system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310853687.2A CN116846508A (en) | 2023-07-12 | 2023-07-12 | Quantum terminal fusion network access system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116846508A true CN116846508A (en) | 2023-10-03 |
Family
ID=88166886
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310853687.2A Pending CN116846508A (en) | 2023-07-12 | 2023-07-12 | Quantum terminal fusion network access system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116846508A (en) |
-
2023
- 2023-07-12 CN CN202310853687.2A patent/CN116846508A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108111305B (en) | Multi-type quantum terminal compatible converged network access system and method | |
| US10348493B2 (en) | Quantum key distribution system, method and apparatus based on trusted relay | |
| US8204231B2 (en) | Method and device for managing cryptographic keys in secret communications network | |
| Cao et al. | KaaS: Key as a service over quantum key distribution integrated optical networks | |
| Chen et al. | Metropolitan all-pass and inter-city quantum communication network | |
| EP1848142B1 (en) | Secret communications system and channel control method | |
| CA2883444C (en) | System and method for quantum key distribution | |
| CN109428665B (en) | Wavelength division multiplexing transmission device, reception device, relay device, and transmission system | |
| CN107579820B (en) | Synchronization device and synchronization method for multi-channel quantum key distribution system | |
| DiAdamo et al. | Packet switching in quantum networks: A path to the quantum internet | |
| WO2016031194A1 (en) | Information communication system, information communication method, and device | |
| Futami et al. | Dynamic routing of Y-00 quantum stream cipher in field-deployed dynamic optical path network | |
| CN115987514B (en) | Quantum and classical password fusion encryption transmission equipment | |
| Huang et al. | Realizing a downstream-access network using continuous-variable quantum key distribution | |
| CN113454944A (en) | Efficient quantum key security in point-to-multipoint passive optical networks | |
| CN207442862U (en) | For the sychronisation of multichannel quantum key distribution system | |
| CN220798291U (en) | Quantum terminal integration network access system | |
| CN116846508A (en) | Quantum terminal fusion network access system and method | |
| CN207625571U (en) | The converged network access system of polymorphic type quantum terminal compatibility | |
| CN213879845U (en) | Three-user TF-QKD network system | |
| CN220798284U (en) | Multi-multiplexing quantum classical fusion network system | |
| CN113545003B (en) | System and method for transmitting light pulses | |
| Tang et al. | Demonstration of an active quantum key distribution network | |
| Lord et al. | London quantum-secured metro network | |
| CN220554015U (en) | Bus type structure system of multi-user QKD metropolitan area network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |