CN117241267B - Quantum group key distribution method applicable to V2I scene based on blockchain - Google Patents

Abstract

The present invention relates to the technical field of key distribution. Specifically, it is a quantum group key distribution method based on blockchain and suitable for V2I scenarios. It includes the following steps: Registration stage: assign unique identifiers to vehicles and road ends respectively, and assign unique identifiers to vehicles and road ends. Pre-fill the quantum key in the road end and issue a digital certificate to the road end at the same time; Initialization phase: Carry out mutual identity recognition between the vehicle and the cloud, obtain an anonymous certificate for the vehicle, and upload the anonymous certificate to the blockchain ;Group key acquisition phase: Identity authentication is performed between the vehicle and the road end through the key, and the road end issues group key parameters to the vehicle, and the vehicle obtains the group key through calculation of the group key parameters; Group key update phase : Update group members to perform group member update and group key replacement operations; the invention can effectively reduce the computational load of communication transmission between vehicles, thereby improving communication security and communication efficiency between vehicles.

Description

A blockchain-based quantum group key distribution method suitable for V2I scenarios

Technical field

The invention relates to the technical field of key distribution, specifically a quantum group key distribution method based on blockchain suitable for V2I scenarios.

Background technique

In the scenario of vehicle-mounted ad hoc network, communication objects usually refer to communication between vehicles. In order to ensure that communication between vehicles does not leak private information, the information transmitted by the communication is usually encrypted. Common encryption methods include public and private key encryption methods based on large number factorization, key algorithms based on elliptic curves, and so on. However, because the public and private key encryption method based on large number factorization is more complex and has higher computational cost, its scope of application is narrow. The key algorithm based on elliptic curves has greatly improved the calculation accuracy compared to large number factorization. However, with the emergence of quantum computing, the security of public and private key encryption has cracked, and the security of encryption methods based on public and private keys is difficult to guarantee. , the key algorithm based on elliptic curve has also been gradually deprecated.

In order to avoid the above-mentioned problems in the existing technology, some scholars have proposed to use blockchain to replace the cloud to realize the distribution of group keys; the road end needs to form a smart contract for each vehicle, and each time the group members are updated, the road end All smart contracts need to be updated. Although this key distribution method does not require the participation of a trusted server, it effectively solves the key distribution problem when users are widely distributed. However, when the network scale is large, the number of master keys to be saved by each user is also larger, which leads to a significant increase in the computational load of communication between vehicles, which in turn leads to higher communication efficiency and cost. Therefore, there is an urgent need for solve.

Contents of the invention

In order to avoid and overcome the technical problems existing in the existing technology, the present invention provides a quantum group key distribution method based on blockchain suitable for V2I scenarios. The invention can effectively reduce the computational load of communication transmission between vehicles, thereby improving communication security and communication efficiency between vehicles.

In order to achieve the above objects, the present invention provides the following technical solutions:

A blockchain-based quantum group key distribution method suitable for V2I scenarios, including the following steps:

S1. Registration stage: assign unique marks to the vehicle and the road terminal respectively, precharge the corresponding injection subkeys into the vehicle and the road terminal respectively, and issue a digital certificate to the road terminal at the same time;

S2. Initialization stage: Carry out mutual identity recognition between the vehicle and the cloud, obtain an anonymous certificate for the vehicle, and upload the anonymous certificate to the blockchain;

S3. Group key acquisition phase: The vehicle and the road end perform identity authentication through keys, and the road end issues group key parameters to the vehicle. At the same time, the vehicle calculates the group key through the group key parameters;

S4. Group key update stage: Update group members to perform group member update and group key replacement operations.

As a further technical solution of the present invention: the specific operation steps of the registration stage are as follows:

S11. When the vehicle leaves the factory, the unique identification code VIN _i is assigned to the vehicle i, and at the same time, a set number of quantum session keys and quantum integrity corresponding to the unique identification code VIN _i are pre-charged into the secure medium in the vehicle i. Sexuality verification key;

When the road end leaves the factory, a unique identification code RID _r is assigned to the road end r. At the same time, a set number of quantum session keys and quantum keys that correspond one-to-one to the unique identification code RID _r are prefilled into the secure medium in the road end r. Integrity check key;

S12. Then the vehicle i uploads the unique identification code VIN _i to the cloud, and stores the unique identification code VIN _i in the cloud database; at the same time, the road end r uploads the unique identification code RID _r to the cloud, and stores the unique identification code RID _r in In a cloud database;

S13. When the quantum session key in the secure medium of vehicle i or road end r is lower than the preset value, vehicle i or road end r issues a quantum session key supplement application to the key distribution center in the cloud. The key in the cloud The distribution center replenishes the quantum session key to vehicle i or road end r;

S14. Issue a digital certificate _{DC r containing} the public key information of the road end r for the unique identification code RID r of the road end r through a third-party certification center.

As a further technical solution of the present invention: the specific operating steps in the initialization phase are as follows:

S21. The quantum random number generator of vehicle i generates n true random numbers RN _ic . After adding the unique identification code VIN _i of vehicle i and the current timestamp T _si of vehicle i, the quantum session secret prefilled by vehicle i is used. The key PFSK _tag is encrypted to obtain the encrypted message E _PFSK (VIN _i ,{RN _ic } _i=1 ⁿ ,T _si ), where {} _i=1 ⁿ represents a set of n participants; at the same time, vehicle i is used to pre- The filled quantum integrity verification key PFIK _tag calculates the message verification code MAC _PFIK of the encrypted message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ , T _si ); then the message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ ,T _si ) are spliced to form the message body M1 for the identity authentication request of vehicle i, M1={PFSK _tag ,PFIK _tag ,E _PFSK (VIN _i ,{RN _ic } _{i= 1} ⁿ ,T _si ),MAC _PFIK ,T _si }, and finally send the message body M1 to the cloud;

S22. After receiving the message body M1 sent by vehicle i, the identity authentication server in the cloud first performs a timeliness judgment on the current timestamp T _si . If the difference between the current timestamp T _si and the current judgment time is greater than the set time threshold, Then the identity authentication server in the cloud does not perform further processing on the received message body M1; on the contrary, the identity authentication server in the cloud uses the quantum session key PFSK _tag and the quantum integrity verification key PFIK _tag in the received message body M1. , find the corresponding pre-filled quantum session key PFSK _v , quantum integrity verification key PFIK _v , and the unique identification code VIN _i0 of vehicle i pre-stored in the cloud database in the secure medium of the cloud;

Determine the integrity of the message verification code MAC _PFIK . If it is complete, the cloud uses the pre-charged quantum session key PFSK _v to decrypt the message body M1, so that the cloud can obtain the unique identification code VINi of vehicle i and the true randomness of vehicle i. Number {RN _ic } _i=1 ⁿ ;

The identity authentication server in the cloud compares the unique identification code VIN _i obtained after decryption with the unique identification code VIN _i0 queried in the database. If the two are equal, the identity authentication server in the cloud generates n true random numbers to form True random number set {RN _ci } _i=1 ⁿ ;

S23. The cloud adds one to the true random number RN _ic , adds the true random number RN _ci generated by the cloud itself, splices it with the current timestamp T _sc of the cloud, and then uses the quantum session key of vehicle i precharged by the cloud. Encrypt the key PFSK _tag' so that the cloud can obtain the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); at the same time, the quantum integrity of the vehicle i precharged in the cloud is used Verification key PFIK _{tag'Calculate} the message verification code MAC _PFIK' of the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); then verify the message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ) to get the message body M2, M2={PFSK _tag' ,PFIK _tag' , E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ),MAC _PFIK' ,T _sc }, and send the message body M2 to vehicle i;

S24. After receiving the message body M2 returned by the cloud, the vehicle i judges the current timestamp T _sc in the message body M2. If the difference between the current timestamp T _sc and the current judgment time is greater than the set time threshold, the vehicle i i does not perform further processing on the message body. On the contrary, vehicle i finds the corresponding pre-charged quantum session key PFSK _v in the secure medium of vehicle i based on the PFSK _tag' and PFIK _tag' in the received message body M2. _' and integrity verification key PFIK _v' ;

Calculate the message verification code MAC _PFIK' in the message body M2, and determine the integrity of the message verification code MAC _PFIK' ; if it is complete, use the quantum session key PFSK _v' precharged by vehicle i to decrypt the message body M2 to Let vehicle i get the message set {RN _ic +1,RN _ci } _i=1 ⁿ returned by the cloud;

S25. Vehicle i calculates the hash value of n anonymous credentials through the one-way hash function H based on the true random number RN _ci , the true random number RN _ic , and the unique identifier VIN _i . The hash value calculation result of ANC _i is: ：ANC _i =H(VIN _i ,RN _ic,RNc-i );

S26. Vehicle i uploads the anonymous certificate ANC _i to the cloud to assemble the message body M3, M3={PFSK _tag ,PFIK _tag , E _PFSK (VIN _i ,{H(RN _ic ),H(ANC)} _i=1 ⁿ ,T _si ),MAC _PFIK ,T _si }, and send the message body M3 to the cloud;

S27. According to the anonymous certificate ANC _i of vehicle i, query the parameters VIN _i , RN _ci and RN _ic that generate the anonymous certificate ANC _i on the cloud; the cloud performs hash calculation on the queried RN _ci and compares the calculation results with the vehicle Compare the hash value H (VIN _i , RN _ic , RN _ci ) of i. If the two are the same, vehicle i has completed the calculation of n anonymous credentials; otherwise, the calculation of n anonymous credentials has not been completed and needs to be calculated according to Step S21 to step S27 are processed again;

S28. Then the cloud generates n smart contracts for n anonymous certificates of vehicle i, and obtains the unique identification code POS of each smart contract. At the same time, the unique identification code POS and the hash value of each anonymous certificate are used, and the corresponding generation The hash value of the parameters of the anonymous credential jointly generates the message body M4, M4={PFSK _tag ,PFIK _tag , E _PFSK ({H(RN _ci ),H(ANC),POS } _i=1 ⁿ ,T _sc ) ,MAC _PFIK ,T _sc }, and send the message body M4 to the vehicle i to inform the vehicle i that the anonymous certificate has been uploaded to the blockchain, and the vehicle i can perform identity authentication with the road end r.

As a further technical solution of the present invention: the specific steps in the group key acquisition phase are as follows:

S31. The road end r broadcasts the digital certificate DC _r within its communication range;

S32. The vehicle i that enters the communication range of the road end r receives the digital certificate DC _r of the road end r through PC5 broadcast; the vehicle i broadcasts the message {AddReq, POS, ANC _i , H(RN _ci )} to the road end r; Among them, H(RN _ci ) is the hash value of RN _ci ;

S33. The road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract; the smart contract returns H(RN _ci ) and the quantum session key PFSK _tag to the vehicle i; if the H(RN obtained by the vehicle i through the smart contract _ci ) is equal to H(RN ci) received from the message {AddReq, POS, ANC _i , H(RN _{ci )} }, then the identity of vehicle i is legal; otherwise, it is illegal;

When the identity of vehicle i is legal, the random number generator at road end r generates a random number GSP-1, and uses the quantum session key PFSK _tag obtained by triggering the smart contract as a symmetric key to encrypt the random number GSP-1;

S34. After the identity authentication of all vehicles is completed, the road end r calculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-2, combined with the current timestamp T _sr of the road end r and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _i ,PFSK _tag ,E _PFSK (GSP-1)} _i=1 ⁿ ,Signature,T _sr }, and the message is multicast transmitted to all current vehicles;

S35. Vehicle i receives the multicast message and checks whether the anonymous credential of vehicle i exists in the message; if it exists, the identity verification of vehicle i is successful; otherwise, the identity verification of vehicle i is unsuccessful;

For vehicles whose identity verification is successful, first intercept the GSP-2 in the message, and then verify it through the public key Signature based on the public key obtained from the digital certificate of road end r; then calculate based on the obtained GSP-1 and GSP-2 Get the group key GSK, GSK=H(GSP-1,GSP-2).

As a further technical solution of the present invention: the group key update phase includes a new member joining phase and a group member leaving phase; the specific operating steps of the new member joining phase are as follows:

S4A1, the road end r broadcasts the digital certificate DC _r within its communication range;

S4A2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ;

S4A3, road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract. The smart contract returns H(RN _cj ) and the quantum session key PFSK _tag to vehicle j; if vehicle j obtains H(RN through the smart contract _cj ) is equal to H(RN _cj ) received from the message {AddReq, POS, ANC _j , H(RN _cj )}, then the identity of vehicle j is legal; otherwise, it is illegal;

When the identity of vehicle j is legal, the quantum session key PFSK _tag obtained by triggering the smart contract is used as a symmetric key to encrypt the random number GSP-1 that has been generated, so that the random number GSP-1 remains unchanged;

S4A4. After the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-1, combined with the splicing timestamp T _sr and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _j , PFSK _tag , E _PFSK (GSP-1)} _i=1 ¹ ,Signature, T _sr }, and the message is multicast transmitted to all current vehicles;

S4A5. Vehicle j receives the multicast message and checks whether the anonymous credential of vehicle j exists in the message; if it exists, the identity verification of vehicle j is successful; otherwise, the identity verification of vehicle j is unsuccessful;

For vehicles whose identity verification is successful, first intercept the GSP-2 in the message, and then verify it through the public key Signature based on the public key obtained from the digital certificate of road end r; then calculate based on the obtained GSP-1 and GSP-2 Get the group key GSK, GSK=H(GSP-1,GSP-2);

For the original members within the communication range of the road end r, it is only necessary to obtain GSP-2 again according to step S34 and update the corresponding GSK.

As a further technical solution of the present invention: the specific operation steps of the group member leaving stage are as follows:

S4B1, the road end r broadcasts the digital certificate DC _r within its communication range;

S4B2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ;

S4B3. Road end r determines whether the vehicle currently preparing to leave is a member of the current group. If so, road end r regenerates GSP-1 and uses the quantum session key PFSK _tag obtained by triggering the smart contract in step S33 as a symmetric key pair. The generated random number GSP-1 is encrypted so that the random number GSP-1 remains unchanged;

S4B4, road end r recalculates the hash value of the anonymous credentials of all vehicles with legal identities in the current group, and uses the hash value as GSP-1, combines the splicing timestamp T _sr and compares the private key to sign the parameters. Obtain the Signature to form a message and transmit the message to all current vehicles through multicast;

S4B5. The remaining vehicles in the group receive the multicast message and check whether its own anonymous credentials exist. If it exists, the vehicle is still in the current group, otherwise, it is not;

For vehicles still in the current group, first intercept the GSP-2 in the message, and then verify it through the public key based on the public key obtained from the digital certificate of road end r;

Then the message is decrypted through the quantum session key PFSK _tag to obtain GSP-2; finally, the obtained GSP-1 and GSP-2 are used to calculate the group key GSK, GSK=H(GSP-1,GSP-2) . Compared with the prior art, the beneficial effects of the present invention are:

1. In the centralized key distribution method of the present invention, each user does not need to save a large number of keys, but only needs to share the key between each participant and the Key Distribution Center (KDC), and the KDC is responsible for the key distribution. . However, users are easy to use and have high requirements on the cloud, so the cloud is under great pressure. In the centralized key distribution scheme, when the network scale is large, the KDC usually needs to store a large number of keys, and the communication volume between each user and the KDC will also be large, causing the KDC to be overburdened. At the same time, there is the possibility of a single point of attack, that is, the attacker concentrates on attacking the KDC, making the KDC unable to provide services, and the purpose of the anonymous attacker is achieved. Because of the particularity of quantum keys, there must be a quantum key distribution center, but by using a private chain, the pressure is transferred to the blockchain to achieve distribution and reduce computing overhead. Therefore, the present invention does not use the blockchain for the distribution of group keys, but uses the smart contract of the blockchain to realize the rapid identity authentication of the vehicle at the road end. At the same time, because of the use of the blockchain, the KDC function is realized It sinks to the road end, reducing the computing, storage and concurrency pressure on the cloud.

2. In the centralized group key distribution scheme of the present invention, all communications need to be conducted through the central entity. This means that as the number of participants increases, so does the complexity and overhead of communication. A large amount of communication traffic needs to be processed and scheduled on the central entity, resulting in communication delays and bottlenecks. The central entity is usually required to undertake a large number of computing tasks, including key generation, encryption and decryption operations. As the number of participants increases, the central entity needs to handle more key generation and calculation operations, increasing computational complexity and overhead. In the distributed group key distribution scheme, the key generation and distribution process is jointly participated by multiple nodes, and nodes can be flexibly added or reduced as needed to adapt to changes in the system scale. The key generation and distribution process requires the cooperation of multiple nodes, so it is difficult for an attacker to compromise multiple nodes at the same time to obtain the key. Nodes need to communicate with each other to share information and keys, which may increase communication overhead and latency. We combine the two methods to bring the KDC function to the road end to achieve efficient update of group keys.

3. The existing quantum secure key distribution scheme of the present invention may have certain limitations in terms of efficiency and scalability. Since the wired transmission method restricts the application of traditional quantum encryption in vehicle ad hoc networks, in practical applications, it is necessary to design different identity authentication methods and group key distribution schemes according to different scenarios to meet the needs of real-time communication and large-scale network needs. However, there is still a lack of quantum-safe identity authenticator and group key distribution solutions, and this problem needs to be solved to promote the practical application of quantum-safe communication technology in vehicles.

4. The present invention proposes a method for generating multiple vehicle anonymous certificates at one time using vehicle random numbers and cloud random numbers, which reduces the number of communications between cars and clouds. The cloud pre-charges each "anonymous certificate - vehicle's true identity" The mapping relationship between "key information - generated anonymous credential parameters" is published on the private chain in the form of a smart contract, realizing the calculation of vehicle identity at the road end. A two-stage group key generation method is proposed. The road end uses a quantum random number generator to generate the random number GSP-2, and obtains a key for the vehicle through a smart contract. This key is used to encrypt GSP-2. The group key parameter GSP-1 is obtained by calculating the anonymous credentials of all legal members, and the group key is quickly updated through a two-stage group key generation scheme. When a new vehicle joins, only the GSP-1 needs to be updated for the members in the group, which reduces the computational overhead. This strategy achieves forward security and backward security while ensuring one-time padding.

5. On the basis of V2X broadcast communication, the present invention reduces computing overhead and signaling overhead. With the help of blockchain smart contracts, the road end realizes anonymous mutual recognition of vehicle and road identities, achieves privacy protection, and achieves decentralization. The road end no longer needs the cloud to assist in authenticating vehicle identities. At the same time, combined with the existing certificate system, the identity authentication of the vehicle to the road end is realized. KDC has been decentralized and all road terminals can authenticate vehicles. At the same time, the number of anonymous credentials generated by Cheyun is reduced. Since there is no single central server, there is no single point of failure. The group key parameter GSP-1 is obtained by triggering the blockchain smart contract to ensure the security of the group key, and the GSP-2 group key parameter is obtained through roadside broadcasting to achieve high efficiency and real-time distribution. In this process, the one-time padding of the group key is guaranteed, and the forward security and backward security of communication are ensured.

Traceability: The blockchain records the certification information of the vehicle at the road end. Since it is a private chain, the road end has no authority and cannot be changed. When traceability is needed, the certification record can be obtained from the cloud to achieve traceability.

Revocability: Because it is a private chain, the cloud, as the administrator, can revoke the access rights of the road end. The road end cannot access the smart contract, cannot authenticate the vehicle, and the road end node loses its function. The cloud can also revoke smart contracts and cannot authenticate the cloud, so it cannot obtain V2V services.

Description of the drawings

Figure 1 is a schematic structural diagram of the operation flow of the present invention.

Detailed ways

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection of the present invention.

PC5 refers to the physical layer interface used for direct vehicle-to-vehicle communication. PC5 is a specific interface standard in V2X communication, used for direct short-distance communication between vehicles. It utilizes wireless communication modules in on-board equipment to allow vehicles to directly exchange information, such as location, speed, and travel. Intention etc. The use of the PC5 interface makes V2X communication more flexible and efficient, allowing vehicles to communicate directly without relying on infrastructure or network support. It provides low-latency and high-reliability communication, providing better conditions for interaction and collaboration between vehicles. Through the PC5 interface, vehicles can directly communicate point-to-point or between multiple points.

V2X broadcast is a communication method that widely sends messages to all nearby vehicles. In broadcast communication, the sender delivers a message to all nearby vehicles without identifying specific recipients in advance. Broadcast communication can be used for a wide range of information transmission, such as traffic situation warnings, emergency event notifications, etc. Since broadcast messages are received by all vehicles, the message content usually needs to be encrypted and authenticated to ensure security and trustworthiness.

A group key is a key used for secure communication between multiple participants. Unlike keys used in one-to-one communication, group keys are typically shared by all members of the participating group. Group keys are used to support group communication or multi-party communication scenarios where multiple participants require secure messaging. This key is used to encrypt and decrypt messages to ensure that only authorized group members can access and understand the message content. In protocols that use group keys, participants can join or leave the group dynamically, and only authorized group members have access to the key. Typically, the management of group keys is handled by a specific key distribution protocol or key management scheme to ensure security and appropriate key updates. The shared nature of the group key makes it suitable for multi-party collaboration, teamwork, or confidential communication between groups. By using group keys, participants can use the same key to encrypt and decrypt messages, enabling efficient and secure group communication.

In the proposed vehicle-road collaboration scenario, the cloud establishes point-to-point connections with each RSU. The vehicle and the road end, the road end and the cloud, and the vehicle and the cloud do not trust each other. Therefore, both parties need to recognize each other's identities before actual communication. The vehicle needs to authenticate with the cloud every time it is started in order to obtain the anonymous credentials required for vehicle-to-road authentication. The functions of each part are as follows:

Cloud: The cloud server consists of an identity authentication server, a key distribution server and a TSP platform. Mainly responsible for vehicle identity authentication, RSU identity authentication, session key issuance between cars and clouds, and partial group key issuance.

Identity authentication server: Mainly responsible for the identity authentication of the vehicle, issuing anonymous certificates to the vehicle, and the identity authentication of the road-end equipment. It also provides zero-knowledge proof for the road-end equipment, helping the road-end equipment to complete the legal verification of the vehicle identity, and realizing the road-to-vehicle identification. mutual recognition of identities.

Key distribution server: In the present invention, the messages transmitted in point-to-point communication are all encrypted by quantum keys, and pre-filled quantum keys are stored in the security media of the vehicle and the road end for encryption and decryption of messages. When the quantum session key in the secure medium is lower than the preset value, you need to apply for the quantum session key from the key distribution center in the cloud to complete the supplement of the quantum key. At the same time, the key application and key issuance process also uses pre-charged keys for encryption.

Road end: The road end infrastructure is equipped with RSU, which is mainly responsible for providing services to vehicles, such as broadcasting the traffic conditions within the current road end range. In the present invention, the road end is mainly responsible for the distribution of partial group keys. At the same time, the existence of the road end can reduce the parallel pressure on the cloud key distribution server.

Vehicle: Each vehicle is given a true random number generated by a quantum random number generator as the vehicle's unique identification code VIN when it leaves the factory. At the same time, a batch of quantum session key handles and quantum keys have been pre-filled inside the vehicle. The session key and key handle correspond to the quantum key one-to-one, and the quantum key handle is the unique identifier of the quantum key. Equipped with OBU equipment and a quantum random number generator, the vehicle can broadcast communications with the roadside equipment RSU, and can also complete information exchange with other vehicles equipped with OBU equipment. Only vehicles that have passed cloud identity authentication and obtained anonymous credentials can complete mutual identity recognition with the road and enjoy group communication services.

Blockchain is a decentralized distributed ledger technology that links data together in blocks to form an immutable chain of records. Each block contains some transaction data and is cryptographically linked to previous blocks to ensure data security and integrity. An important feature of blockchain is decentralization. It does not rely on a single central agency or server to verify and store data, but instead reaches consensus through multiple nodes in the network. This decentralized nature makes the blockchain resistant to attacks and single points of failure. Smart contracts are one of the important applications of blockchain technology. A smart contract is an automated contract written in the form of computer code that executes and enforces the terms of the contract on the blockchain. Smart contracts take advantage of the decentralization and immutability of blockchain to automatically execute the conditions and operations agreed in the contract through programming code.

As shown in Figure 1, a blockchain-based quantum group key distribution method suitable for V2I scenarios includes the following steps:

S1. Registration stage: Give the vehicle and the road terminal a unique logo respectively, pre-fill the quantum key into the vehicle and the road terminal, and issue a digital certificate to the road terminal.

The specific steps in the registration phase are as follows:

S11. When the vehicle leaves the factory, the unique identification code VIN _i is assigned to the vehicle i, and at the same time, a set number of quantum session keys and quantum integrity corresponding to the unique identification code VIN _i are pre-charged into the secure medium in the vehicle i. Sexuality verification key;

When the road end leaves the factory, a unique identification code RID _r is assigned to the road end r. At the same time, a set number of quantum session keys and quantum keys that correspond one-to-one to the unique identification code RID _r are prefilled into the secure medium in the road end r. Integrity check key;

S12. Then the vehicle i uploads the unique identification code VIN _i to the cloud and stores it in the cloud database; at the same time, the road end r uploads the unique identification code RID _r to the cloud and stores it in the cloud database;

S13. When the quantum session key in the secure medium of vehicle i or road end r is lower than the preset value, vehicle i or road end r issues a quantum session key supplement application to the key distribution center in the cloud. The key in the cloud The distribution center replenishes the quantum session key to vehicle i or road end r;

S14. Then use a third-party certification center to issue a digital certificate _{DC r containing} the public key information of the road end r for the unique identification code RID r of the road end r.

S2. Initialization stage: Carry out mutual identity recognition between the vehicle and the cloud, obtain an anonymous certificate for the vehicle, and upload the anonymous certificate to the blockchain;

The specific steps in the initialization phase are as follows:

S21. The quantum random number generator of vehicle i generates n true random numbers RN _ic . After adding the unique identification code VIN _i of vehicle i and the current timestamp T _si of vehicle i, the quantum session secret prefilled by vehicle i is used. The key PFSK _tag is encrypted to obtain the encrypted message E _PFSK (VIN _i ,{RN _ic } _i=1 ⁿ ,T _si ), where {} _i=1 ⁿ represents a set of n participants; at the same time, vehicle i is used to pre- The filled quantum integrity verification key PFIK _tag calculates the message verification code MAC _PFIK of the encrypted message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ , T _si ); then the message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ ,T _si ) are spliced to form the message body M1 for the identity authentication request of vehicle i, M1={PFSK _tag ,PFIK _tag ,E _PFSK (VIN _i ,{RN _ic } _{i= 1} ⁿ ,T _si ),MAC _PFIK ,T _si }, and finally send the message body M1 to the cloud;

S22. After receiving the message body M1 sent by vehicle i, the identity authentication server in the cloud first performs a timeliness judgment on the current timestamp T _si . If the difference between the current timestamp T _si and the current judgment time is greater than the set time threshold, Then the identity authentication server in the cloud does not perform further processing on the received message body M1; on the contrary, the identity authentication server in the cloud uses the quantum session key PFSK _tag and the quantum integrity verification key PFIK _tag in the received message body M1. , find the corresponding pre-filled quantum session key PFSK _v , quantum integrity verification key PFIK _v , and the unique identification code VIN _i0 of vehicle i pre-stored in the cloud database in the secure medium of the cloud;

Determine the integrity of the message verification code MAC _PFIK . If it is complete, the cloud uses the pre-charged quantum session key PFSK _v to decrypt the message body M1, so that the cloud can obtain the unique identification code VINi of vehicle i and the true randomness of vehicle i. Number {RN _ic } _i=1 ⁿ ;

The identity authentication server in the cloud compares the unique identification code VIN _i obtained after decryption with the unique identification code VIN _i0 queried in the database. If the two are equal, the identity authentication server in the cloud generates n true random numbers to form True random number set {RN _ci } _i=1 ⁿ ;

S23. The cloud adds one to the true random number RN _ic , adds the true random number RN _ci generated by the cloud itself, splices it with the current timestamp T _sc of the cloud, and then uses the quantum session key of vehicle i precharged by the cloud. Encrypt the key PFSK _tag' so that the cloud can obtain the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); at the same time, the quantum integrity of the vehicle i precharged in the cloud is used Verification key PFIK _{tag'Calculate} the message verification code MAC _PFIK' of the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); then verify the message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ) to get the message body M2, M2={PFSK _tag' ,PFIK _tag' , E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ),MAC _PFIK' ,T _sc }, and send the message body M2 to vehicle i;

S24. After receiving the message body M2 returned by the cloud, the vehicle i judges the current timestamp T _sc in the message body M2. If the difference between the current timestamp T _sc and the current judgment time is greater than the set time threshold, the vehicle i i does not perform further processing on the message body. On the contrary, vehicle i finds the corresponding pre-charged quantum session key PFSK _v in the secure medium of vehicle i based on the PFSK _tag' and PFIK _tag' in the received message body M2. _' and integrity verification key PFIK _v' ;

Calculate the message verification code MAC _PFIK' in the message body M2, and determine the integrity of the message verification code MAC _PFIK' ; if it is complete, use the quantum session key PFSK _v' precharged by vehicle i to decrypt the message body M2 to Let vehicle i get the message set {RN _ic +1,RN _ci } _i=1 ⁿ returned by the cloud;

S25. Vehicle i calculates the hash value of n anonymous credentials through the one-way hash function H based on the true random number RN _ci , the true random number RN _ic , and the unique identifier VIN _i . The hash value calculation result of ANC _i is: ：ANC _i =H(VIN _i ,RN _ic,RNc-i );

S26. Vehicle i uploads the anonymous certificate ANC _i to the cloud to assemble the message body M3, M3={PFSK _tag ,PFIK _tag , E _PFSK (VIN _i ,{H(RN _ic ),H(ANC)} _i=1 ⁿ ,T _si ),MAC _PFIK ,T _si }, and send the message body M3 to the cloud;

S27. According to the anonymous certificate ANC _i of vehicle i, query the parameters VIN _i , RN _ci and RN _ic that generate the anonymous certificate ANC _i on the cloud; the cloud performs hash calculation on the queried RN _ci and compares the calculation results with the vehicle Compare the hash value H (VIN _i , RN _ic , RN _ci ) of i. If the two are the same, vehicle i has completed the calculation of n anonymous credentials; otherwise, the calculation of n anonymous credentials has not been completed and needs to be calculated according to Step S21 to step S27 are processed again;

S28. Then the cloud generates n smart contracts for n anonymous certificates of vehicle i, and obtains the unique identification code POS of each smart contract. At the same time, the unique identification code POS and the hash value of each anonymous certificate are used, and the corresponding generation The hash value of the parameters of the anonymous credential jointly generates the message body M4, M4={PFSK _tag ,PFIK _tag , E _PFSK ({H(RN _ci ),H(ANC),POS } _i=1 ⁿ ,T _sc ) ,MAC _PFIK ,T _sc }, and send the message body M4 to the vehicle i to inform the vehicle i that the anonymous certificate has been uploaded to the blockchain, and the vehicle i can perform identity authentication with the road end r.

S3. Group key acquisition stage: The vehicle and the road end perform identity authentication through keys, and the road end issues group key parameters to the vehicle. At the same time, the vehicle calculates the group key through the group key parameters.

The specific steps in the group key acquisition phase are as follows:

S31. The road end r broadcasts the digital certificate DC _r within its communication range;

S32. The vehicle i that enters the communication range of the road end r receives the digital certificate DC _r of the road end r through PC5 broadcast; the vehicle i broadcasts the message {AddReq, POS, ANC _i , H(RN _ci )} to the road end r; Among them, H(RN _ci ) is the hash value of RN _ci ;

S33. The road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract; the smart contract returns H(RN _ci ) and the quantum session key PFSK _tag to the vehicle i; if the H(RN obtained by the vehicle i through the smart contract _ci ) is equal to H(RN ci) received from the message {AddReq, POS, ANC _i , H(RN _{ci )} }, then the identity of vehicle i is legal; otherwise, it is illegal;

When the identity of vehicle i is legal, the random number generator at road end r generates a random number GSP-1, and uses the quantum session key PFSK _tag obtained by triggering the smart contract as a symmetric key to encrypt the random number GSP-1;

S34. After the identity authentication of all vehicles is completed, the road end r calculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-2, combined with the current timestamp T _sr of the road end r and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _i ,PFSK _tag ,E _PFSK (GSP-1)} _i=1 ⁿ ,Signature,T _sr }, and the message is multicast transmitted to all current vehicles;

S35. Vehicle i receives the multicast message and checks whether the anonymous credential of vehicle i exists in the message; if it exists, the identity verification of vehicle i is successful; otherwise, the identity verification of vehicle i is unsuccessful;

For vehicles whose identity verification is successful, first intercept the GSP-2 in the message, and then verify it through the public key Signature based on the public key obtained from the digital certificate of road end r; then calculate based on the obtained GSP-1 and GSP-2 Get the group key GSK, GSK=H(GSP-1,GSP-2).

S4. Group key update stage: Update group members to perform group member update and group key replacement operations.

The group key update phase includes the new member joining phase and the group member leaving phase; the specific operation steps of the new member joining phase are as follows:

S4A1, the road end r broadcasts the digital certificate DC _r within its communication range;

S4A2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ;

S4A3, road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract. The smart contract returns H(RN _cj ) and the quantum session key PFSK _tag to vehicle j; if vehicle j obtains H(RN through the smart contract _cj ) is equal to H(RN _cj ) received from the message {AddReq, POS, ANC _j , H(RN _cj )}, then the identity of vehicle j is legal; otherwise, it is illegal;

When the identity of vehicle j is legal, the quantum session key PFSK _tag obtained by triggering the smart contract is used as a symmetric key to encrypt the random number GSP-1 that has been generated, so that the random number GSP-1 remains unchanged;

S4A4. After the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-1, combined with the splicing timestamp T _sr and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _j , PFSK _tag , E _PFSK (GSP-1)} _i=1 ¹ ,Signature, T _sr }, and the message is multicast transmitted to all current vehicles;

S4A5. Vehicle j receives the multicast message and checks whether the anonymous credential of vehicle j exists in the message; if it exists, the identity verification of vehicle j is successful; otherwise, the identity verification of vehicle j is unsuccessful;

For vehicles whose identity verification is successful, first intercept the GSP-2 in the message, and then verify it through the public key Signature based on the public key obtained from the digital certificate of road end r; then calculate based on the obtained GSP-1 and GSP-2 Get the group key GSK, GSK=H(GSP-1,GSP-2);

For the original members within the communication range of the road end r, it is only necessary to obtain GSP-2 again according to step S34 and update the corresponding GSK.

The specific steps for group members to leave are as follows:

S4B1, the road end r broadcasts the digital certificate DC _r within its communication range;

S4B2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ;

S4B3. Road end r determines whether the vehicle currently preparing to leave is a member of the current group. If so, road end r regenerates GSP-1 and uses the quantum session key PFSK _tag obtained by triggering the smart contract in step S33 as a symmetric key pair. The generated random number GSP-1 is encrypted so that the random number GSP-1 remains unchanged;

S4B4, road end r recalculates the hash value of the anonymous credentials of all vehicles with legal identities in the current group, and uses the hash value as GSP-1, combines the splicing timestamp T _sr and compares the private key to sign the parameters. Obtain the Signature to form a message and transmit the message to all current vehicles through multicast;

S4B5. The remaining vehicles in the group receive the multicast message and check whether its own anonymous credentials exist. If it exists, the vehicle is still in the current group, otherwise, it is not;

For vehicles still in the current group, first intercept the GSP-2 in the message, and then verify it through the public key based on the public key obtained from the digital certificate of road end r;

Then the message is decrypted through the quantum session key PFSK _tag to obtain GSP-2; finally, the obtained GSP-1 and GSP-2 are used to calculate the group key GSK, GSK=H(GSP-1,GSP-2) .

The above are only preferred specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person familiar with the technical field can, within the technical scope disclosed in the present invention, implement the technical solutions of the present invention. Equivalent substitutions or changes of the inventive concept thereof shall be included in the protection scope of the present invention.

Claims (4)

1. A blockchain-based quantum group key distribution method suitable for V2I scenarios, which is characterized by including the following steps: S1. Registration stage: assign unique marks to the vehicle and the road terminal respectively, precharge the corresponding injection subkeys into the vehicle and the road terminal respectively, and issue a digital certificate to the road terminal at the same time; S2. Initialization stage: Carry out mutual identity recognition between the vehicle and the cloud, obtain an anonymous certificate for the vehicle, and upload the anonymous certificate to the blockchain; S3. Group key acquisition phase: The vehicle and the road end perform identity authentication through keys, and the road end issues group key parameters to the vehicle. At the same time, the vehicle calculates the group key through the group key parameters; S4. Group key update stage: Update group members to perform group member update and group key replacement operations; The specific steps in the initialization phase are as follows: S21. The quantum random number generator of vehicle i generates n true random numbers RN _ic . After adding the unique identification code VIN _i of vehicle i and the current timestamp T _si of vehicle i, the quantum session secret prefilled by vehicle i is used. The key PFSK _tag is encrypted to obtain the encrypted message E _PFSK (VIN _i ,{RN _ic } _i=1 ⁿ ,T _si ), where {} _i=1 ⁿ represents a set of n participants; at the same time, vehicle i is used to pre- The filled quantum integrity verification key PFIK _tag calculates the message verification code MAC _PFIK of the encrypted message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ , T _si ); then the message E _PFSK (VIN _i , {RN _ic } _i=1 ⁿ ,T _si ) are spliced to form the message body M1 for the identity authentication request of vehicle i, M1={PFSK _tag ,PFIK _tag ,E _PFSK (VIN _i ,{RN _ic } _{i= 1} ⁿ ,T _si ),MAC _PFIK ,T _si }, and finally send the message body M1 to the cloud; S22. After receiving the message body M1 sent by vehicle i, the identity authentication server in the cloud first performs a timeliness judgment on the current timestamp T _si . If the difference between the current timestamp T _si and the current judgment time is greater than the set time threshold, Then the identity authentication server in the cloud does not perform further processing on the received message body M1; on the contrary, the identity authentication server in the cloud uses the quantum session key PFSK _tag and the quantum integrity verification key PFIK _tag in the received message body M1. , find the corresponding pre-filled quantum session key PFSK _v , quantum integrity verification key PFIK _v , and the unique identification code VIN _i0 of vehicle i pre-stored in the cloud database in the secure medium of the cloud; Determine the integrity of the message verification code MAC _PFIK . If it is complete, the cloud uses the pre-charged quantum session key PFSK _v to decrypt the message body M1, so that the cloud can obtain the unique identification code VINi of vehicle i and the true randomness of vehicle i. Number {RN _ic } _i=1 ⁿ ; The identity authentication server in the cloud compares the unique identification code VIN _i obtained after decryption with the unique identification code VIN _i0 queried in the database. If the two are equal, the identity authentication server in the cloud generates n true random numbers to form True random number set {RN _ci } _i=1 ⁿ ; S23. The cloud adds one to the true random number RN _ic , adds the true random number RN _ci generated by the cloud itself, splices it with the current timestamp T _sc of the cloud, and then uses the quantum session key of vehicle i precharged by the cloud. Encrypt the key PFSK _tag' so that the cloud can obtain the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); at the same time, the quantum integrity of the vehicle i precharged in the cloud is used Verification key PFIK _{tag'Calculate} the message verification code MAC _PFIK' of the encrypted message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ); then verify the message E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ) to get the message body M2, M2={PFSK _tag' ,PFIK _tag' , E _PFSK' ({RN _ic +1,RN _ci } _i=1 ⁿ ,T _sc ),MAC _PFIK' ,T _sc }, and send the message body M2 to vehicle i; S24. After receiving the message body M2 returned by the cloud, the vehicle i judges the current timestamp T _sc in the message body M2. If the difference between the current timestamp T _sc and the current judgment time is greater than the set time threshold, the vehicle i i does not perform further processing on the message body. On the contrary, vehicle i finds the corresponding pre-charged quantum session key PFSK _v in the secure medium of vehicle i based on the PFSK _tag' and PFIK _tag' in the received message body M2. _' and integrity verification key PFIK _v' ; Calculate the message verification code MAC _PFIK' in the message body M2, and determine the integrity of the message verification code MAC _PFIK' ; if it is complete, use the quantum session key PFSK _v' precharged by vehicle i to decrypt the message body M2 to Let vehicle i get the message set {RN _ic +1,RN _ci } _i=1 ⁿ returned by the cloud; S25. Vehicle i calculates the hash value of n anonymous credentials through the one-way hash function H based on the true random number RN _ci , the true random number RN _ic , and the unique identifier VIN _i . The hash value calculation result of ANC _i is: ：ANC _i =H(VIN _i ,RN _ic ,RN _ci ); S26. Vehicle i uploads the anonymous certificate ANC _i to the cloud to assemble the message body M3, M3={PFSK _tag ,PFIK _tag ,E _PFSK (VIN _i ,{H(RN _ic ),H(ANC)} _i=1 ⁿ ,T _si ),MAC _PFIK ,T _si }, and send the message body M3 to the cloud; S27. According to the anonymous certificate ANC _i of vehicle i, query the parameters VIN _i , RN _ci and RN _ic that generate the anonymous certificate ANC _i on the cloud; the cloud performs hash calculation on the queried RN _ci and compares the calculation results with the vehicle Compare the hash value H (VIN _i , RN _ic , RN _ci ) of i. If the two are the same, vehicle i has completed the calculation of n anonymous credentials; otherwise, the calculation of n anonymous credentials has not been completed and needs to be calculated according to Step S21 to step S27 are processed again; S28. Then the cloud generates n smart contracts for n anonymous certificates of vehicle i, and obtains the unique identification code POS of each smart contract. At the same time, the unique identification code POS and the hash value of each anonymous certificate are used, and the corresponding generation The hash value of the parameters of the anonymous credential jointly generates the message body M4, M4={PFSK _tag ,PFIK _tag , E _PFSK ({H(RN _ci ),H(ANC),POS} _i=1 ⁿ ,T _sc ) ,MAC _PFIK ,T _sc }, and sends the message body M4 to the vehicle i to inform the vehicle i that the anonymous certificate has been uploaded to the blockchain, and the vehicle i can perform identity authentication with the road end r; The specific steps in the group key acquisition phase are as follows: S31. The road end r broadcasts the digital certificate DC _r within its communication range; S32. The vehicle i that enters the communication range of the road end r receives the digital certificate DC _r of the road end r through PC5 broadcast; the vehicle i broadcasts the message {AddReq, POS, ANC _i , H(RN _ci )} to the road end r; Among them, H(RN _ci ) is the hash value of RN _ci ; S33. The road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract; the smart contract returns H(RN _ci ) and the quantum session key PFSK _tag to the vehicle i; if the H(RN obtained by the vehicle i through the smart contract _ci ) is equal to H(RN ci) received from the message {AddReq, POS, ANC _i , H(RN _{ci )} }, then the identity of vehicle i is legal; otherwise, it is illegal; When the identity of vehicle i is legal, the random number generator at road end r generates a random number GSP-1, and uses the quantum session key PFSK _tag obtained by triggering the smart contract as a symmetric key to encrypt the random number GSP-1; S34. After the identity authentication of all vehicles is completed, the road end r calculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-2, combined with the current timestamp T _sr of the road end r and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _i ,PFSK _tag ,E _PFSK (GSP-1)} _i=1 ⁿ ,Signature,T _sr }, and the message is multicast transmitted to all current vehicles; S35. Vehicle i receives the multicast message and checks whether the anonymous credential of vehicle i exists in the message; if it exists, the identity verification of vehicle i is successful; otherwise, the identity verification of vehicle i is unsuccessful; For vehicles whose identity verification is successful, the GSP-2 in the message is first intercepted, and the GSP-2 is intercepted based on the number of the road end r. The public key obtained from the certificate is then verified through the public key Signature; then the group key GSK is calculated based on the obtained GSP-1 and GSP-2, GSK=H (GSP-1, GSP-2). 2. A blockchain-based quantum group key distribution method suitable for V2I scenarios according to claim 1, characterized in that the specific operating steps of the registration phase are as follows: S11. When the vehicle leaves the factory, the unique identification code VIN _i is assigned to the vehicle i, and at the same time, a set number of quantum session keys and quantum integrity corresponding to the unique identification code VIN _i are pre-charged into the secure medium in the vehicle i. Sexuality verification key; When the road end leaves the factory, a unique identification code RID _r is assigned to the road end r. At the same time, a set number of quantum session keys and quantum keys that correspond one-to-one to the unique identification code RID _r are prefilled into the secure medium in the road end r. Integrity check key; S12. Then the vehicle i uploads the unique identification code VIN _i to the cloud, and stores the unique identification code VIN _i in the cloud database; at the same time, the road end r uploads the unique identification code RID _r to the cloud, and stores the unique identification code RID _r in In a cloud database; S13. When the quantum session key in the secure medium of vehicle i or road end r is lower than the preset value, vehicle i or road end r issues a quantum session key supplement application to the key distribution center in the cloud. The key in the cloud The distribution center replenishes the quantum session key to vehicle i or road end r; S14. Issue a digital certificate _{DC r containing} the public key information of the road end r for the unique identification code RID r of the road end r through a third-party certification center. 3. A blockchain-based quantum group key distribution method suitable for V2I scenarios according to claim 2, characterized in that the group key update stage includes a new member joining stage and a group member leaving stage; new members join The specific operation steps of the stage are as follows: S4A1, the road end r broadcasts the digital certificate DC _r within its communication range; S4A2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ; S4A3, road end r finds the smart contract through POS, and a transaction occurs to trigger the smart contract. The smart contract returns H(RN _cj ) and the quantum session key PFSK _tag to vehicle j; if vehicle j obtains H(RN through the smart contract _cj ) is equal to H(RN _cj ) received from the message {AddReq, POS, ANC _j , H(RN _cj )}, then the identity of vehicle j is legal; otherwise, it is illegal; When the identity of vehicle j is legal, the quantum session key PFSK _tag obtained by triggering the smart contract is used as a symmetric key to encrypt the random number GSP-1 that has been generated, so that the random number GSP-1 remains unchanged; S4A4. After the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash value of the anonymous credentials of all current legal vehicles, and uses the hash value as GSP-1, combined with the splicing timestamp T _sr and comparison using the private The key is used to sign the parameters to obtain the Signature to form the message {GSP-2,{ANC _j , PFSK _tag , E _PFSK (GSP-1)} _i=1 ¹ , Signature,T _sr }, and the message is multicast transmitted to all current vehicles; S4A5. Vehicle j receives the multicast message and checks whether the anonymous credential of vehicle j exists in the message; if it exists, the identity verification of vehicle j is successful; otherwise, the identity verification of vehicle j is unsuccessful; For vehicles whose identity verification is successful, the GSP-2 in the message is first intercepted, and the GSP-2 is intercepted based on the number of the road end r. The public key obtained from the certificate is then verified through the public key Signature; then the group key GSK is calculated based on the obtained GSP-1 and GSP-2, GSK=H(GSP-1,GSP-2); For the original members within the communication range of the road end r, it is only necessary to obtain GSP-2 again according to step S34 and update the corresponding GSK. 4. A blockchain-based quantum group key distribution method suitable for V2I scenarios according to claim 3, characterized in that the specific operating steps of the group member leaving stage are as follows: S4B1, the road end r broadcasts the digital certificate DC _r within its communication range; S4B2. Vehicle j driving into the communication range of road end r receives the digital certificate DC _r of road end r through PC5 broadcast; vehicle j broadcasts the message {AddReq, POS, ANC _j , H(RN _cj )} to road end r, Among them, H(RN _cj ) is the hash value of RN _cj ; S4B3. Road end r determines whether the vehicle currently preparing to leave is a member of the current group. If so, road end r regenerates GSP-1 and uses the quantum session key PFSK _tag obtained by triggering the smart contract in step S33 as a symmetric key pair. The generated random number GSP-1 is encrypted so that the random number GSP-1 remains unchanged; S4B4, road end r recalculates the hash value of the anonymous credentials of all vehicles with legal identities in the current group, and uses the hash value as GSP-1, combines the splicing timestamp T _sr and compares the private key to sign the parameters. Obtain the Signature to form a message and transmit the message to all current vehicles through multicast; S4B5. The remaining vehicles in the group receive the multicast message and check whether its own anonymous credentials exist. If it exists, the vehicle is still in the current group, otherwise, it is not; For vehicles still in the current group, first intercept the GSP-2 in the message, and use the number of r at the road end to The public key obtained by the certificate is then verified through the public key; Then the message is decrypted through the quantum session key PFSK _tag to obtain GSP-2; finally, the obtained GSP-1 and GSP-2 are used to calculate the group key GSK, GSK=H(GSP-1,GSP-2) .