CN117241267B - Quantum group key distribution method applicable to V2I scene based on blockchain - Google Patents

Quantum group key distribution method applicable to V2I scene based on blockchain Download PDF

Info

Publication number
CN117241267B
CN117241267B CN202311515376.1A CN202311515376A CN117241267B CN 117241267 B CN117241267 B CN 117241267B CN 202311515376 A CN202311515376 A CN 202311515376A CN 117241267 B CN117241267 B CN 117241267B
Authority
CN
China
Prior art keywords
vehicle
key
message
cloud
pfsk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311515376.1A
Other languages
Chinese (zh)
Other versions
CN117241267A (en
Inventor
程腾
刘强
石琴
单榴
高东奇
万森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Keda Qingtian Technology Co ltd
Hefei University of Technology
Original Assignee
Anhui Keda Qingtian Technology Co ltd
Hefei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Keda Qingtian Technology Co ltd, Hefei University of Technology filed Critical Anhui Keda Qingtian Technology Co ltd
Priority to CN202311515376.1A priority Critical patent/CN117241267B/en
Publication of CN117241267A publication Critical patent/CN117241267A/en
Application granted granted Critical
Publication of CN117241267B publication Critical patent/CN117241267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of key distribution, in particular to a quantum group key distribution method applicable to a V2I scene based on a blockchain, which comprises the following operation steps: registration: giving unique marks to the vehicle and the road end respectively, pre-filling quantum keys into the vehicle and the road end, and issuing a digital certificate to the road end; an initialization stage: identity mutual identification between the vehicle and the cloud is carried out, an anonymous credential is obtained for the vehicle, and the anonymous credential is uploaded to a blockchain; group key acquisition phase: the identity authentication is carried out between the vehicle and the road end through the secret key, the road end transmits a group secret key parameter to the vehicle, and the vehicle calculates the group secret key through the group secret key parameter; group key update phase: updating the group members to perform group member updating and group key replacement operations; the invention can effectively reduce the calculation load of communication transmission between vehicles, thereby improving the communication safety and communication efficiency between vehicles.

Description

Quantum group key distribution method applicable to V2I scene based on blockchain
Technical Field
The invention relates to the technical field of key distribution, in particular to a quantum group key distribution method applicable to a V2I scene based on a blockchain.
Background
In an on-board ad hoc network scenario, the communication objects are generally referred to as communicating between vehicles. In order to ensure that the communication between vehicles does not reveal private information, the information transmitted by the communication is generally encrypted. Common encryption methods include public and private key encryption methods based on large-number factorization, key algorithms based on elliptic curves, and the like. However, the public and private key encryption mode based on the large-number factorization is complex, so that the calculation cost is high, and the application range is narrow. Compared with the key algorithm based on the elliptic curve, the key algorithm based on the elliptic curve has greatly improved calculation precision, but with the occurrence of quantum calculation, the public-private key encryption safety is cracked, the public-private key encryption mode safety is difficult to ensure, and the key algorithm based on the elliptic curve is also gradually abandoned.
In order to avoid the problems in the prior art, students propose to replace cloud ends with blockchains to realize the distribution of group keys; the road end needs to form an intelligent contract for each vehicle, and when each group member is updated, the road end needs to update the intelligent contract. However, when the network size is large, the number of master keys to be stored by each user is increased, which results in a significant increase in the computational load of communication between vehicles, and thus results in higher communication efficiency and cost, which is thus needed to be solved.
Disclosure of Invention
In order to avoid and overcome the technical problems in the prior art, the invention provides a quantum group key distribution method applicable to a V2I scene based on a blockchain. The invention can effectively reduce the calculation load of communication transmission between vehicles, thereby improving the communication safety and communication efficiency between vehicles.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a quantum group key distribution method suitable for a V2I scene based on a blockchain comprises the following operation steps:
s1, a registration stage: respectively giving unique marks to the vehicle and the road end, respectively pre-filling corresponding quantum keys into the vehicle and the road end, and simultaneously issuing a digital certificate to the road end;
s2, initializing: identity mutual identification between the vehicle and the cloud is carried out, an anonymous credential is obtained for the vehicle, and the anonymous credential is uploaded to a blockchain;
s3, a group key acquisition stage: the identity authentication is carried out between the vehicle and the road end through the secret key, the road end transmits a group secret key parameter to the vehicle, and the vehicle calculates the group secret key through the group secret key parameter;
s4, updating the group key: the group members are updated to perform group member updating and group key replacement operations.
As a further technical scheme of the invention: the specific operation steps of the registration stage are as follows:
s11, endowing unique identification code VIN for vehicle i when the vehicle leaves the factory i Simultaneously pre-filling a set number and unique identification code VIN into a secure medium within vehicle i i A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
giving unique identification code RID to road end r when road end leaves factory r Simultaneously pre-filling a set number of secure media in the road end r with a unique identification code RID r A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
s12, uploading the unique identification code VIN to the cloud by the vehicle i i And will uniquely identify the code VIN i The method comprises the steps of storing in a database of a cloud; meanwhile, the road end r uploads a unique identification code RID to the cloud r And the unique identification code RID r The method comprises the steps of storing in a database of a cloud;
s13, when a quantum session key in a safety medium of the vehicle i or the road end r is lower than a preset value, the vehicle i or the road end r sends a quantum session key supplementing application to a key distribution center of a cloud, and the key distribution center of the cloud supplements the quantum session key to the vehicle i or the road end r;
s14, using the third party authentication center as the unique identification code RID of the road end r r Issuing a digital certificate DC containing public key information of a road end r r
As a still further technical scheme of the invention: the specific operation steps of the initialization stage are as follows:
s21, generating n true random numbers RN by a quantum random number generator of a vehicle i i-c Adding a vehicle i identity unique identification code VIN i And the current timestamp T of vehicle i si Thereafter, the vehicle i pre-charged quantum session key PFSK is used tag Encrypting to obtain an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) In which { } i=1 n Representing a set of n participants; quantum integrity verification key PFIK simultaneously pre-charged with vehicle i tag Computing an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Message authentication code MAC of (a) PFIK The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Splicing is carried out to form a message body M1, M1= { for the identity authentication request of the vehicle iPFSK tag ,PFIK tag ,E PFSK (VIN i ,{RN i-c } i=1 n ,T si ),MAC PFIK ,T si Finally, the message body M1 is sent to the cloud;
s22, after receiving a message body M1 sent by a vehicle i, an identity authentication server in the cloud firstly stamps in a current time stamp T si Performing timeliness judgment if the current time stamp T is si If the difference value between the current judgment time and the current judgment time is larger than the set time threshold value, the identity authentication server in the cloud does not perform the next processing on the received message body M1; otherwise, the cloud identity authentication server receives the quantum session key PFSK in the message body M1 tag With quantum integrity verification key PFIK tag Finding a corresponding pre-charged quantum session key PFSK in a cloud secure medium v Quantum integrity verification key PFIK v And the unique identification code VIN pre-stored in the cloud database by the vehicle i i0
Judging message authentication code MAC PFIK If complete, the cloud uses the pre-charged quantum session key PFSK v Decrypting the message body M1 to obtain the unique identification code VINi of the vehicle i and the true random number { RN (random number) of the vehicle i from the cloud i-c } i=1 n
The cloud identity authentication server obtains a unique identification code VIN after decryption i With a unique identification code VIN queried in a database i0 Comparing, if the two are equal, the identity authentication server in the cloud generates n true random numbers to form a true random number set { RN } c-i } i=1 n
S23, cloud end pairs true random numbers RN i-c Performing an addition operation, and adding a true random number RN generated by the cloud end c-i And the current timestamp T of the cloud sc Quantum session key PFSK of vehicle i pre-filled by cloud after splicing tag’ Encrypting to enable the cloud to obtain an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) The method comprises the steps of carrying out a first treatment on the surface of the Simultaneously use high in cloudsQuantum integrity verification key PFIK of pre-filled vehicle i tag’ Computing an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Message authentication code MAC of (a) PFIK’ The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Splicing to obtain message bodies M2, M2= { PFSK tag’ ,PFIK tag’ , E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ),MAC PFIK’ ,T sc -and send message body M2 to vehicle i;
s24, after the vehicle i receives the message body M2 returned by the cloud, the vehicle i stamps the current time stamp T in the message body M2 sc Judging if the current time stamp T sc If the difference between the current judgment time and the current judgment time is larger than the set time threshold, the vehicle i does not process the message body in the next step, otherwise, the vehicle i receives the PFSK in the message body M2 tag’ With PFIK tag’ Finding a corresponding pre-charged quantum session key PFSK within the secure medium of vehicle i v’ And an integrity verification key PFIK v’
Computing message authentication code MAC in message body M2 PFIK’ Judging message verification code MAC PFIK’ Is the integrity of (1); if complete, the vehicle i pre-charged quantum session key PFSK is used v’ Decrypting the message body M2 so that the vehicle i obtains a message set { RN (message set) returned by the cloud i-c +1,RN c-i } i=1 n
S25, vehicle i is based on true random number RN c-i True random number RN i-c And uniquely identify VIN i Hash values of n anonymous certificates are obtained through calculation of a one-way hash function H, and ANC is achieved i The hash value calculation result of (a) is: ANC (ANC) i =H(VIN i ,RN i-c,RNc-i );
S26, vehicle i will anonymize the voucher ANC i Uploading to the cloud to assemble a message body M3, M3= { PFSK tag ,PFIK tag , E PFSK (VIN i ,{H(RN i-c ),H(ANC)} i=1 n ,T si ),MAC PFIK ,T si -sending the message body M3 to the cloud;
S27, according to anonymous credentials ANC of the vehicle i i Inquiring the generation of the anonymous credential ANC at the cloud i Parameter VIN of (V) i 、RN c-i And RN (radio network controller) i-c The method comprises the steps of carrying out a first treatment on the surface of the Cloud end pair inquired RN c-i Performs hash calculation, and compares the calculation result with a hash value H (VIN of the vehicle i i ,RN i-c ,RN c-i ) Comparing, if the two types of the anonymous credentials are the same, the vehicle i finishes the calculation of n anonymous credentials; otherwise, the calculation of n anonymous certificates is not completed, and reprocessing is needed according to the steps S21 to S27;
s28, generating n intelligent contracts for n anonymous certificates of the vehicle i by the cloud, obtaining a unique identification code POS of each intelligent contract, and simultaneously generating message bodies M4, M4= { PFSK by using the unique identification code POS, a hash value of each anonymous certificate and a hash value of a corresponding parameter for generating the anonymous certificate tag ,PFIK tag , E PFSK ({H(RN c-i ),H(ANC),POS } i=1 n ,T sc ),MAC PFIK ,T sc And sends a message body M4 to the vehicle i to inform the vehicle i that anonymous credentials of the vehicle i have been uploaded to the blockchain, and the vehicle i can perform identity authentication with the road side r.
As a still further technical scheme of the invention: the specific steps of the group key acquisition phase are as follows:
s31, road end r broadcasts digital certificate DC in communication range r
S32, vehicles i in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle i broadcasts message { AddReq, POS, ANC to road side r i ,H(RN c-i ) -a }; wherein H (RN) c-i ) Is RN c-i Is a hash value of (2);
s33, the road side r finds out the intelligent contract through POS and generates transaction to trigger the intelligent contract; intelligent contract returns H (RN) to vehicle i c-i ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle i passes the smart contractThe obtained H (RN c-i ) And slave message { AddReq, POS, ANC i ,H(RN c-i ) H (RN) received in c-i ) If the identities are equal, the identity of the vehicle i is legal; otherwise, the method is illegal;
when the identity of the vehicle i is legal, the random number generator of the road end r generates a random number GSP-1 and uses the quantum session key PFSK obtained by triggering the intelligent contract tag Encrypting the random number GSP-1 as a symmetric key;
s34, after the identity authentication of all vehicles is finished, calculating hash values of anonymous certificates of all legal vehicles at present by the road end r, taking the hash values as GSP-2, and combining the current timestamp T of the road end r sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC i ,PFSK tag ,E PFSK (GSP-1)} i=1 n ,Signature,T sr -transmitting the message to all vehicles at present by multicast;
s35, the vehicle i receives the multicast message and checks whether an anonymous credential of the vehicle i exists in the message; if the identity verification of the vehicle i is successful, otherwise, the identity verification of the vehicle i is unsuccessful;
For a vehicle with successful identity verification, firstly intercepting GSP-2 in a message, and obtaining a public key according to a digital certificate of a road end r, and further verifying through a public key Signature; then, based on the obtained GSP-1 and GSP-2, a group key GSK is calculated, gsk=h (GSP-1, GSP-2).
As a still further technical scheme of the invention: the group key updating stage comprises a new member joining stage and a group member leaving stage; the specific operation steps of the new member joining stage are as follows:
S4A1, road end r broadcasts digital certificate DC in communication range r
S4A2, vehicles j in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4a3, the road end r finds the intelligent contract through POS and generates transaction to trigger the intelligent contract, and the intelligent contract returns H to the vehicle j (RN c-j ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle j gets H (RN) through intelligent contract c-j ) And slave message { AddReq, POS, ANC j ,H(RN c-j ) H (RN) received in c-j ) If the vehicle j identities are equal, the identity of the vehicles j is legal; otherwise, the method is illegal;
quantum session key PFSK derived using triggering a smart contract when the identity of vehicle j is legitimate tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4A4, after the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash value of the anonymous certificates of all legal vehicles at present, takes the hash value as GSP-1 and combines with a splicing timestamp T sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC j , PFSK tag , E PFSK (GSP-1)} i=1 1 , Signature, T sr -transmitting the message to all vehicles at present by multicast;
S4A5, the vehicle j receives the multicast message and checks whether the anonymous credential of the vehicle j exists in the message; if the vehicle j exists, the identity verification of the vehicle j is successful, otherwise, the identity verification of the vehicle j is unsuccessful;
for a vehicle with successful identity verification, firstly intercepting GSP-2 in a message, and obtaining a public key according to a digital certificate of a road end r, and further verifying through a public key Signature; then, according to the obtained GSP-1 and GSP-2, calculating to obtain a group key GSK, wherein GSK=H (GSP-1, GSP-2);
for the original members in the communication range of the road end r, the GSP-2 is obtained again according to the step S34, and the corresponding GSK is updated.
As a still further technical scheme of the invention: the specific operational steps of the group member away phase are as follows:
S4B1, road end r broadcasts digital certificate DC in communication range r
S4B2、Vehicles j in communication range of entrance end r receive digital certificate DC of entrance end r by PC5 broadcast r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4B3, judging whether the vehicle ready to leave is a current group member or not by the road side r, if so, regenerating GSP-1 by the road side r, and using the quantum session key PFSK obtained by triggering the intelligent contract in the step S33 tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4B4, the road end r recalculates the hash value of the anonymous certificates of all vehicles with legal identities in the current group, takes the hash value as GSP-1 and combines with the splicing timestamp T sr Comparing the parameters signed by the private key to obtain Signature so as to form a message, and transmitting the message to all the current vehicles in a multicast mode;
S4B5, the rest vehicles in the group receive the multicast information and check whether the anonymous credentials of the rest vehicles exist, if so, the rest vehicles are still in the current group, otherwise, the rest vehicles are not;
for vehicles still in the current group, firstly intercepting GSP-2 in the message, and obtaining a public key according to a digital certificate of a road end r, and further verifying by the public key;
Then through quantum session key PFSK tag Decrypting the message to obtain GSP-2; finally, using the obtained GSP-1 and GSP-2, a group key GSK is calculated, and GSK=H (GSP-1, GSP-2). Compared with the prior art, the invention has the beneficial effects that:
1. in the centralized key distribution method, each user does not need to store a large number of keys, only needs to share the keys between each participant and a Key Distribution Center (KDC), and the key distribution is responsible for the KDC. However, the user is simple to use and has high requirements on the cloud, so that the cloud pressure is high. When the scale of the network is large, the KDC usually stores a large number of keys, so that the traffic between each user and the KDC is large, and the problem of overload of the KDC exists. Meanwhile, the possibility of single-point attack exists, namely an attacker intensively attacks the KDC, so that the KDC can not provide services, and the purpose of anonymous attacker is achieved. Because of the specificity of quantum keys, there has to be a quantum key distribution center, but by using a private chain, pressure is transferred to the blockchain to achieve a distributed implementation, reducing computational overhead. Therefore, the invention does not use the blockchain for distributing the group key, but uses the intelligent contract of the blockchain to realize the rapid identity authentication of the road end to the vehicle, and simultaneously, as the blockchain is used, the function of the KDC is sunk to the road end, and the calculation, storage and concurrent pressure of the cloud are reduced.
2. In the centralized group key distribution scheme of the present invention, all communications need to be conducted through a central entity. This means that as the number of participants increases, the complexity and overhead of the communication also increases. The large amount of traffic needs to be handled and scheduled at the central entity, resulting in delays and bottlenecks in the communication, often requiring the central entity to undertake a large number of computational tasks, including key generation, encryption and decryption operations. As the number of participants increases, the central entity needs to handle more key generation and computation operations, increasing computational complexity and overhead. In the distributed group key distribution scheme, the generation and distribution process of the key is jointly participated by a plurality of nodes, and the nodes can be flexibly increased or reduced according to the needs so as to adapt to the change of the system scale. The process of generating and distributing the key requires that multiple nodes cooperate together, so that it is difficult for an attacker to break multiple nodes simultaneously to obtain the key. Mutual communication between nodes is required to share information and keys, which may increase communication overhead and delay. By combining the two modes, the function of the KDC is sunk to the road end, so that the efficient update of the group key is realized.
3. The existing quantum security key distribution scheme of the invention may have certain limitations in terms of efficiency and expandability. Because the wired transmission mode constrains the application of the traditional quantum encryption in the vehicle-mounted ad hoc network, in practical application, different identity authentication modes and group key distribution schemes are designed according to different scenes to meet the requirements of real-time communication and large-scale networks. However, there is still a lack of quantum-secure identity authenticator and group key distribution schemes, and this problem needs to be solved to promote practical application of quantum-secure communication technology on vehicles.
4. The invention provides a mode of generating a plurality of vehicle anonymous certificates by the vehicle random number and the cloud random number at one time, reduces the communication times between vehicle clouds, and realizes the calculation of the road end on the vehicle identity by issuing the mapping relation of each anonymous certificate, the real identity of the vehicle, the pre-charging key information and the anonymous certificate parameter generation on a private chain in the form of intelligent contract by the cloud. The method comprises the steps of providing a two-section type group key generation mode of a group key, generating a random number GSP-2 by a road end through a quantum random number generator, obtaining a key of a vehicle through an intelligent contract, encrypting the GSP-2 through the key, obtaining a group key parameter GSP-1 through calculating anonymous certificates of all legal members, and realizing quick update of the group key through a two-section type group key generation scheme. When a vehicle is newly added, only GSP-1 is updated for members in the group, so that the reduction of calculation cost is realized, and the strategy realizes forward safety and backward safety on the premise of ensuring one-time security.
5. The invention reduces the calculation cost and the signaling cost on the basis of V2X broadcast communication. The road end realizes anonymous mutual identification of the vehicle road identities by means of the blockchain intelligent contract, privacy protection and decentralization, and the road end does not need cloud assistance to realize authentication of the vehicle identities. Meanwhile, the identity authentication of the road end of the vehicle is realized by combining the existing certificate system. The decentralization of KDC is realized, and all road ends can carry out identity authentication on the vehicle. Meanwhile, the number of vehicle cloud anonymous certificates is reduced. There is no single point of failure problem since there is no single central server. The group key parameter GSP-1 is obtained by triggering the blockchain intelligent contract, so that the security of the group key is ensured, and the GSP-2 group key parameter is obtained by a road end broadcasting mode, so that the high efficiency and the real-time performance of distribution are realized. In the process, the one-time pad of the group key is ensured, and the forward security and the backward security of communication are ensured.
Traceability: the block chain records the authentication information of the road end to the vehicle, and the road end has no authority and cannot be changed because of being a private chain; when the tracing is needed, the authentication record can be obtained from the cloud to realize the tracing.
Revocability: the cloud end is a private chain, so that the access authority of the road end can be revoked by the cloud end as a manager, the road end cannot access the intelligent contract, the vehicle cannot be authenticated, and the road end node is out of function. The cloud may also revoke the smart contract, and may not authenticate the cloud, and thus may not obtain V2V services.
Drawings
FIG. 1 is a schematic diagram of the operation flow structure of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The PC5 refers to a physical layer interface for communication between direct vehicles. The PC5 is a specific interface standard in V2X communication for direct short-range communication between vehicles, and it uses a wireless communication module in an in-vehicle apparatus, allowing direct exchange of information such as position, speed, travel intention, etc. between vehicles. The use of the PC5 interface allows for more flexible and efficient V2X communications, and the vehicle can communicate directly without relying on infrastructure or network support. It provides low latency and high reliability communications, providing better conditions for interaction and collaboration between vehicles. Through the PC5 interface, the vehicle can communicate directly between points-to-points or multiple points.
V2X broadcasting is a communication mode in which messages are widely transmitted to all nearby vehicles. In broadcast communications, a sender delivers a message to all vehicles in the vicinity without the need to determine a particular recipient in advance. Broadcast communications may be used for a wide range of information delivery, such as traffic condition warnings, emergency notifications, and the like. Since broadcast messages are received by all vehicles, the message content typically needs to be encrypted and authenticated to ensure security and trustworthiness.
A group key is a key used for secure communication between a plurality of participants. Unlike keys used in one-to-one communications, group keys are typically shared by all members of the participating group. The group key is used to support a group communication or multiparty communication scenario in which multiple participants need secure messaging. The key is used to encrypt and decrypt messages to ensure that only authorized group members can access and understand the message content. In a protocol using a group key, a participant may dynamically join or leave the group and only authorized group members may access the key. Typically, management of group keys is handled by a specific key distribution protocol or key management scheme to ensure security and proper key updating. The shared nature of the group key makes it suitable for multiparty collaboration, team collaboration or inter-group secure communications. By using the group key, the participants can encrypt and decrypt messages using the same key, thereby enabling efficient and secure group communications.
In the proposed vehicle-road cooperative scene, the cloud end establishes point-to-point connection with each RSU. The vehicle and the road end, the road end and the cloud end are mutually not trusted, so that the two parties need to mutually recognize the identity before actually communicating. After each start of the vehicle, the vehicle needs to carry out identity authentication with the cloud end so as to obtain anonymous credentials required by authentication between the vehicles. The function of each part is as follows:
cloud: the cloud server consists of an identity authentication server, a key distribution server and a TSP platform. The method is mainly responsible for identity authentication of vehicles, identity authentication of RSU, issuing of session keys between vehicle clouds and issuing of partial group keys.
Identity authentication server: the method is mainly responsible for identity authentication of vehicles, issuing anonymous certificates for the vehicles and identity authentication of road-end equipment, providing zero knowledge proof for the road-end equipment, helping the road-end equipment to complete legal verification of the vehicle identity, and realizing mutual identity authentication between vehicles and roads.
Key distribution server: in the invention, messages transmitted in point-to-point communication are encrypted by quantum keys, and pre-charged quantum keys are stored in safety media of vehicles and road ends and are used for encrypting and decrypting the messages. When the quantum session key in the secure medium is lower than a preset value, the quantum session key is required to be applied to a key distribution center of the cloud to complete the supplementation of the quantum key. And simultaneously, the key application and the key issuing process are also encrypted by using a pre-filled key.
Road end: the road-side infrastructure is equipped with RSUs and is mainly responsible for providing services for vehicles, such as broadcasting traffic conditions in the current road-side range, etc. In the invention, the road end is mainly responsible for the distribution of part of group keys. Meanwhile, the existence of the road end can relieve the parallel pressure of the cloud key distribution server.
Vehicle: each vehicle is endowed with a section of true random number generated by a quantum random number generator as a unique identification code VIN of the vehicle in a delivery stage, and meanwhile, a batch of sub-session key handles and quantum session keys are pre-filled in the vehicle, the key handles and the quantum keys are in one-to-one correspondence, and the quantum key handles are unique identifications of the quantum keys. The vehicle is provided with the OBU device and the quantum random number generator, can carry out broadcast communication with the road side device RSU, and can also complete information interaction with other vehicles provided with the OBU device. Only vehicles which pass the identity authentication of the cloud and acquire anonymous certificates can complete the mutual identification of the identities between the vehicles and the road, and enjoy group communication service.
Blockchains are a decentralized distributed ledger technique that creates a tamper-proof record chain by linking data together in blocks. Each block contains some transaction data and is linked with the previous block by a cryptographic method to ensure the security and integrity of the data. An important feature of blockchains is decentralization, which does not rely on a single central authority or server to validate and store data, but rather co-agrees with multiple nodes in the network. This decentralization feature provides blockchains with resistance to attack and single point of failure. Intelligent contracts are one of the important applications of blockchain technology. An intelligent contract is an automated contract written in computer code that executes and performs contract terms on a blockchain. Intelligent contracts utilize the decentralization and non-tamper-ability of blockchains to automatically perform conditions and operations agreed upon in the contract through programming code.
As shown in fig. 1, a quantum group key distribution method applicable to a V2I scene based on blockchain includes the following steps:
s1, a registration stage: unique marks are respectively given to the vehicle and the road end, the vehicle and the road end are pre-filled with the quantum key, and meanwhile, a digital certificate is issued for the road end.
The specific operation steps of the registration stage are as follows:
s11, endowing unique identification code VIN for vehicle i when the vehicle leaves the factory i Simultaneously pre-filling a set number and unique identification code VIN into a secure medium within vehicle i i A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
giving unique identification code RID to road end r when road end leaves factory r Simultaneously pre-filling a set number of secure media in the road end r with a unique identification code RID r A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
s12, uploading the unique identification code VIN to the cloud by the vehicle i i And storing in a database of the cloud; meanwhile, the road end r uploads a unique identification code RID to the cloud r And storing in a database of the cloud;
s13, when a quantum session key in a safety medium of the vehicle i or the road end r is lower than a preset value, the vehicle i or the road end r sends a quantum session key supplementing application to a key distribution center of a cloud, and the key distribution center of the cloud supplements the quantum session key to the vehicle i or the road end r;
S14, using the third party authentication center as the unique identification code RID of the road end r r Issuing a digital certificate DC containing road side r public key information r
S2, initializing: identity mutual identification between the vehicle and the cloud is carried out, an anonymous credential is obtained for the vehicle, and the anonymous credential is uploaded to a blockchain;
the specific operation steps of the initialization stage are as follows:
s21, generating n true random numbers RN by a quantum random number generator of a vehicle i i-c Adding a vehicle i identity unique identification code VIN i And the current timestamp T of vehicle i si Thereafter, the vehicle i pre-charged quantum session key PFSK is used tag Encrypting to obtain an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) In which { } i=1 n Representing a set of n participants; quantum integrity verification key PFIK simultaneously pre-charged with vehicle i tag Computing an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Message authentication code MAC of (a) PFIK The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Splicing to form a message body M1, M1= { PFSK for the vehicle i identity authentication request tag ,PFIK tag ,E PFSK (VIN i ,{RN i-c } i=1 n ,T si ),MAC PFIK ,T si Finally, the message body M1 is sent to the cloud;
s22, after receiving a message body M1 sent by a vehicle i, an identity authentication server in the cloud firstly stamps in a current time stamp T si Performing timeliness judgment if the current time stamp T is si If the difference value between the current judgment time and the current judgment time is larger than the set time threshold value, the identity authentication server in the cloud does not perform the next processing on the received message body M1; otherwise, the cloud identity authentication server receives the quantum session key PFSK in the message body M1 tag With quantum integrity verification key PFIK tag Finding a corresponding pre-charged quantum session key PFSK in a cloud secure medium v Quantum integrity verification key PFIK v And the unique identification code VIN pre-stored in the cloud database by the vehicle i i0
Judging message authentication code MAC PFIK If complete, then cloudEnd-use pre-filled quantum session key PFSK v Decrypting the message body M1 to obtain the unique identification code VINi of the vehicle i and the true random number { RN (random number) of the vehicle i from the cloud i-c } i=1 n
The cloud identity authentication server obtains a unique identification code VIN after decryption i With a unique identification code VIN queried in a database i0 Comparing, if the two are equal, the identity authentication server in the cloud generates n true random numbers to form a true random number set { RN } c-i } i=1 n
S23, cloud end pairs true random numbers RN i-c Performing an addition operation, and adding a true random number RN generated by the cloud end c-i And the current timestamp T of the cloud sc Quantum session key PFSK of vehicle i pre-filled by cloud after splicing tag’ Encrypting to enable the cloud to obtain an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) The method comprises the steps of carrying out a first treatment on the surface of the Quantum integrity verification key PFIK of vehicle i concurrently pre-charged using cloud tag’ Computing an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Message authentication code MAC of (a) PFIK’ The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Splicing to obtain message bodies M2, M2= { PFSK tag’ ,PFIK tag’ , E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ),MAC PFIK’ ,T sc -and send message body M2 to vehicle i;
s24, after the vehicle i receives the message body M2 returned by the cloud, the vehicle i stamps the current time stamp T in the message body M2 sc Judging if the current time stamp T sc If the difference between the current judgment time and the current judgment time is larger than the set time threshold, the vehicle i does not process the message body in the next step, otherwise, the vehicle i receives the PFSK in the message body M2 tag’ With PFIK tag’ Finding a corresponding pre-run in the safety medium of vehicle iCharged quantum session key PFSK v’ And an integrity verification key PFIK v’
Computing message authentication code MAC in message body M2 PFIK’ Judging message verification code MAC PFIK’ Is the integrity of (1); if complete, the vehicle i pre-charged quantum session key PFSK is used v’ Decrypting the message body M2 so that the vehicle i obtains a message set { RN (message set) returned by the cloud i-c +1,RN c-i } i=1 n
S25, vehicle i is based on true random number RN c-i True random number RN i-c And uniquely identify VIN i Hash values of n anonymous certificates are obtained through calculation of a one-way hash function H, and ANC is achieved i The hash value calculation result of (a) is: ANC (ANC) i =H(VIN i ,RN i-c,RNc-i );
S26, vehicle i will anonymize the voucher ANC i Uploading to the cloud to assemble a message body M3, M3= { PFSK tag ,PFIK tag , E PFSK (VIN i ,{H(RN i-c ),H(ANC)} i=1 n ,T si ),MAC PFIK ,T si -sending the message body M3 to the cloud;
S27, according to anonymous credentials ANC of the vehicle i i Inquiring the generation of the anonymous credential ANC at the cloud i Parameter VIN of (V) i 、RN c-i And RN (radio network controller) i-c The method comprises the steps of carrying out a first treatment on the surface of the Cloud end pair inquired RN c-i Performs hash calculation, and compares the calculation result with a hash value H (VIN of the vehicle i i ,RN i-c ,RN c-i ) Comparing, if the two types of the anonymous credentials are the same, the vehicle i finishes the calculation of n anonymous credentials; otherwise, the calculation of n anonymous certificates is not completed, and reprocessing is needed according to the steps S21 to S27;
s28, generating n intelligent contracts for n anonymous certificates of the vehicle i by the cloud, obtaining a unique identification code POS of each intelligent contract, and simultaneously generating message bodies M4, M4= { PFSK by using the unique identification code POS, a hash value of each anonymous certificate and a hash value of a corresponding parameter for generating the anonymous certificate tag ,PFIK tag , E PFSK ({H(RN c-i ),H(ANC),POS } i=1 n ,T sc ),MAC PFIK ,T sc And sends a message body M4 to the vehicle i to inform the vehicle i that anonymous credentials of the vehicle i have been uploaded to the blockchain, and the vehicle i can perform identity authentication with the road side r.
S3, a group key acquisition stage: the identity authentication is carried out between the vehicle and the road end through the secret key, the road end transmits group secret key parameters to the vehicle, and the vehicle calculates the group secret key through the group secret key parameters.
The specific steps of the group key acquisition phase are as follows:
S31, road end r broadcasts digital certificate DC in communication range r
S32, vehicles i in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle i broadcasts message { AddReq, POS, ANC to road side r i ,H(RN c-i ) -a }; wherein H (RN) c-i ) Is RN c-i Is a hash value of (2);
s33, the road side r finds out the intelligent contract through POS and generates transaction to trigger the intelligent contract; intelligent contract returns H (RN) to vehicle i c-i ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle i gets H (RN) c-i ) And slave message { AddReq, POS, ANC i ,H(RN c-i ) H (RN) received in c-i ) If the identities are equal, the identity of the vehicle i is legal; otherwise, the method is illegal;
when the identity of the vehicle i is legal, the random number generator of the road end r generates a random number GSP-1 and uses the quantum session key PFSK obtained by triggering the intelligent contract tag Encrypting the random number GSP-1 as a symmetric key;
s34, after the identity authentication of all vehicles is finished, calculating hash values of anonymous certificates of all legal vehicles at present by the road end r, taking the hash values as GSP-2, and combining the current timestamp T of the road end r sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC i ,PFSK tag ,E PFSK (GSP-1)} i=1 n ,Signature,T sr And pass the message through the group The broadcasting mode is transmitted to all the current vehicles;
s35, the vehicle i receives the multicast message and checks whether an anonymous credential of the vehicle i exists in the message; if the identity verification of the vehicle i is successful, otherwise, the identity verification of the vehicle i is unsuccessful;
for a vehicle with successful identity verification, firstly intercepting GSP-2 in a message, and obtaining a public key according to a digital certificate of a road end r, and further verifying through a public key Signature; then, based on the obtained GSP-1 and GSP-2, a group key GSK is calculated, gsk=h (GSP-1, GSP-2).
S4, updating the group key: the group members are updated to perform group member updating and group key replacement operations.
The group key updating stage comprises a new member joining stage and a group member leaving stage; the specific operation steps of the new member joining stage are as follows:
S4A1, road end r broadcasts digital certificate DC in communication range r
S4A2, vehicles j in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4A3, road end r finds the intelligent contract through POS and generates transaction to trigger the intelligent contract, which returns H to vehicle j (RN c-j ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle j gets H (RN) through intelligent contract c-j ) And slave message { AddReq, POS, ANC j ,H(RN c-j ) H (RN) received in c-j ) If the vehicle j identities are equal, the identity of the vehicles j is legal; otherwise, the method is illegal;
quantum session key PFSK derived using triggering a smart contract when the identity of vehicle j is legitimate tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4A4, after the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash of the anonymous certificates of all legal vehicles at presentThe hash value is taken as GSP-1 and combined with a splicing timestamp T sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC j , PFSK tag , E PFSK (GSP-1)} i=1 1 , Signature, T sr -transmitting the message to all vehicles at present by multicast;
S4A5, the vehicle j receives the multicast message and checks whether the anonymous credential of the vehicle j exists in the message; if the vehicle j exists, the identity verification of the vehicle j is successful, otherwise, the identity verification of the vehicle j is unsuccessful;
for a vehicle with successful identity verification, firstly intercepting GSP-2 in a message, and obtaining a public key according to a digital certificate of a road end r, and further verifying through a public key Signature; then, according to the obtained GSP-1 and GSP-2, calculating to obtain a group key GSK, wherein GSK=H (GSP-1, GSP-2);
For the original members in the communication range of the road end r, the GSP-2 is obtained again according to the step S34, and the corresponding GSK is updated.
The specific operational steps of the group member away phase are as follows:
S4B1, road end r broadcasts digital certificate DC in communication range r
S4B2, vehicles j in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4B3, judging whether the vehicle ready to leave is a current group member or not by the road side r, if so, regenerating GSP-1 by the road side r, and using the quantum session key PFSK obtained by triggering the intelligent contract in the step S33 tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4B4, the road end r recalculates the hash value of the anonymous certificates of all vehicles with legal identities in the current group, takes the hash value as GSP-1 and combines with the splicing timestamp T sr And comparing signing parameters using private keysThe Signature is obtained to form a message, and the message is transmitted to all the current vehicles in a multicast mode;
S4B5, the rest vehicles in the group receive the multicast information and check whether the anonymous credentials of the rest vehicles exist, if so, the rest vehicles are still in the current group, otherwise, the rest vehicles are not;
For vehicles still in the current group, firstly intercepting GSP-2 in the message, and obtaining a public key according to a digital certificate of a road end r, and further verifying by the public key;
then through quantum session key PFSK tag Decrypting the message to obtain GSP-2; finally, using the obtained GSP-1 and GSP-2, a group key GSK is calculated, and GSK=H (GSP-1, GSP-2).
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should make equivalent substitutions or modifications according to the technical scheme of the present invention and the inventive concept thereof, and should be covered by the scope of the present invention.

Claims (4)

1. The quantum group key distribution method suitable for the V2I scene based on the blockchain is characterized by comprising the following operation steps:
s1, a registration stage: respectively giving unique marks to the vehicle and the road end, respectively pre-filling corresponding quantum keys into the vehicle and the road end, and simultaneously issuing a digital certificate to the road end;
s2, initializing: identity mutual identification between the vehicle and the cloud is carried out, an anonymous credential is obtained for the vehicle, and the anonymous credential is uploaded to a blockchain;
S3, a group key acquisition stage: the identity authentication is carried out between the vehicle and the road end through the secret key, the road end transmits a group secret key parameter to the vehicle, and the vehicle calculates the group secret key through the group secret key parameter;
s4, updating the group key: updating the group members to perform group member updating and group key replacement operations;
the specific operation steps of the initialization stage are as follows:
s21, generating n true random numbers RN by a quantum random number generator of a vehicle i i-c Adding a vehicle i identity unique identification code VIN i And the current timestamp T of vehicle i si Thereafter, the vehicle i pre-charged quantum session key PFSK is used tag Encrypting to obtain an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) In which { } i=1 n Representing a set of n participants; quantum integrity verification key PFIK simultaneously pre-charged with vehicle i tag Computing an encrypted message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Message authentication code MAC of (a) PFIK The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK (VIN i ,{RN i-c } i=1 n ,T si ) Splicing to form a message body M1, M1= { PFSK for the vehicle i identity authentication request tag ,PFIK tag ,E PFSK (VIN i ,{RN i-c } i=1 n ,T si ),MAC PFIK ,T si Finally, the message body M1 is sent to the cloud;
s22, after receiving a message body M1 sent by a vehicle i, an identity authentication server in the cloud firstly stamps in a current time stamp T si Performing timeliness judgment if the current time stamp T is si If the difference value between the current judgment time and the current judgment time is larger than the set time threshold value, the identity authentication server in the cloud does not perform the next processing on the received message body M1; otherwise, the cloud identity authentication server receives the quantum session key PFSK in the message body M1 tag With quantum integrity verification key PFIK tag Finding a corresponding pre-charged quantum session key PFSK in a cloud secure medium v Quantum integrity verification key PFIK v And the unique identification code VIN pre-stored in the cloud database by the vehicle i i0
Judging message authentication code MAC PFIK If complete, the cloud uses the pre-charged quantum session key PFSK v Decrypting the message body M1 so that the cloud end can obtainUnique identification code VINi to vehicle i and true random number { RN for vehicle i i-c } i=1 n
The cloud identity authentication server obtains a unique identification code VIN after decryption i With a unique identification code VIN queried in a database i0 Comparing, if the two are equal, the identity authentication server in the cloud generates n true random numbers to form a true random number set { RN } c-i } i=1 n
S23, cloud end pairs true random numbers RN i-c Performing an addition operation, and adding a true random number RN generated by the cloud end c-i And the current timestamp T of the cloud sc Quantum session key PFSK of vehicle i pre-filled by cloud after splicing tag’ Encrypting to enable the cloud to obtain an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) The method comprises the steps of carrying out a first treatment on the surface of the Quantum integrity verification key PFIK of vehicle i concurrently pre-charged using cloud tag’ Computing an encrypted message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Message authentication code MAC of (a) PFIK’ The method comprises the steps of carrying out a first treatment on the surface of the Then to message E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ) Splicing to obtain message bodies M2, M2= { PFSK tag’ ,PFIK tag’ , E PFSK’ ({RN i-c +1,RN c-i } i=1 n ,T sc ),MAC PFIK’ ,T sc -and send message body M2 to vehicle i;
s24, after the vehicle i receives the message body M2 returned by the cloud, the vehicle i stamps the current time stamp T in the message body M2 sc Judging if the current time stamp T sc If the difference between the current judgment time and the current judgment time is larger than the set time threshold, the vehicle i does not process the message body in the next step, otherwise, the vehicle i receives the PFSK in the message body M2 tag’ With PFIK tag’ Finding a corresponding pre-charged quantum session key PFSK within the secure medium of vehicle i v’ And an integrity verification key PFIK v’
Computing message authentication code MAC in message body M2 PFIK’ Judging message verification code MAC PFIK’ Is the integrity of (1); if complete, the vehicle i pre-charged quantum session key PFSK is used v’ Decrypting the message body M2 so that the vehicle i obtains a message set { RN (message set) returned by the cloud i-c +1,RN c-i } i=1 n
S25, vehicle i is based on true random number RN c-i True random number RN i-c And uniquely identify VIN i Hash values of n anonymous certificates are obtained through calculation of a one-way hash function H, and ANC is achieved i The hash value calculation result of (a) is: ANC (ANC) i =H(VIN i ,RN i-c ,RN c-i );
S26, vehicle i will anonymize the voucher ANC i Uploading to the cloud to assemble a message body M3, M3= { PFSK tag ,PFIK tag , E PFSK (VIN i ,{H(RN i-c ),H(ANC)} i=1 n ,T si ),MAC PFIK ,T si -sending the message body M3 to the cloud;
S27, according to anonymous credentials ANC of the vehicle i i Inquiring the generation of the anonymous credential ANC at the cloud i Parameter VIN of (V) i 、RN c-i And RN (radio network controller) i-c The method comprises the steps of carrying out a first treatment on the surface of the Cloud end pair inquired RN c-i Performs hash calculation, and compares the calculation result with a hash value H (VIN of the vehicle i i ,RN i-c ,RN c-i ) Comparing, if the two types of the anonymous credentials are the same, the vehicle i finishes the calculation of n anonymous credentials; otherwise, the calculation of n anonymous certificates is not completed, and reprocessing is needed according to the steps S21 to S27;
s28, generating n intelligent contracts for n anonymous certificates of the vehicle i by the cloud, obtaining a unique identification code POS of each intelligent contract, and simultaneously generating message bodies M4, M4= { PFSK by using the unique identification code POS, a hash value of each anonymous certificate and a hash value of a corresponding parameter for generating the anonymous certificate tag ,PFIK tag , E PFSK ({H(RN c-i ),H(ANC),POS } i=1 n ,T sc ),MAC PFIK ,T sc The message body M4 is sent to the vehicle i to inform the anonymous credential of the vehicle i to be uploaded to the blockchain, and the vehicle i can carry out identity authentication with the road end r;
the specific steps of the group key acquisition phase are as follows:
s31, road end r broadcasts digital certificate DC in communication range r
S32, vehicles i in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle i broadcasts message { AddReq, POS, ANC to road side r i ,H(RN c-i ) -a }; wherein H (RN) c-i ) Is RN c-i Is a hash value of (2);
s33, the road side r finds out the intelligent contract through POS and generates transaction to trigger the intelligent contract; intelligent contract returns H (RN) to vehicle i c-i ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle i gets H (RN) c-i ) And slave message { AddReq, POS, ANC i ,H(RN c-i ) H (RN) received in c-i ) If the identities are equal, the identity of the vehicle i is legal; otherwise, the method is illegal;
when the identity of the vehicle i is legal, the random number generator of the road end r generates a random number GSP-1 and uses the quantum session key PFSK obtained by triggering the intelligent contract tag Encrypting the random number GSP-1 as a symmetric key;
s34, after the identity authentication of all vehicles is finished, calculating hash values of anonymous certificates of all legal vehicles at present by the road end r, taking the hash values as GSP-2, and combining the current timestamp T of the road end r sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC i ,PFSK tag ,E PFSK (GSP-1)} i=1 n ,Signature,T sr -transmitting the message to all vehicles at present by multicast;
s35, the vehicle i receives the multicast message and checks whether an anonymous credential of the vehicle i exists in the message; if the identity verification of the vehicle i is successful, otherwise, the identity verification of the vehicle i is unsuccessful;
For a vehicle with successful authentication, firstly intercepting GSP-2 in a message and according to the number of a road end r
The public key obtained by the certificate is verified through the public key Signature; then, based on the obtained GSP-1 and GSP-2, a group key GSK is calculated, gsk=h (GSP-1, GSP-2).
2. The method for distributing quantum group keys in a V2I scene based on blockchain according to claim 1, wherein the specific operation steps of the registration stage are as follows:
s11, endowing unique identification code VIN for vehicle i when the vehicle leaves the factory i Simultaneously pre-filling a set number and unique identification code VIN into a secure medium within vehicle i i A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
giving unique identification code RID to road end r when road end leaves factory r Simultaneously pre-filling a set number of secure media in the road end r with a unique identification code RID r A quantum session key and a quantum integrity check key in one-to-one correspondence with each other;
s12, uploading the unique identification code VIN to the cloud by the vehicle i i And will uniquely identify the code VIN i The method comprises the steps of storing in a database of a cloud; meanwhile, the road end r uploads a unique identification code RID to the cloud r And the unique identification code RID r The method comprises the steps of storing in a database of a cloud;
s13, when a quantum session key in a safety medium of the vehicle i or the road end r is lower than a preset value, the vehicle i or the road end r sends a quantum session key supplementing application to a key distribution center of a cloud, and the key distribution center of the cloud supplements the quantum session key to the vehicle i or the road end r;
s14, using the third party authentication center as the unique identification code RID of the road end r r Issuing a digital certificate DC containing public key information of a road end r r
3. The blockchain-based quantum group key distribution method applicable to a V2I scene as in claim 2, wherein the group key update phase comprises a new member joining phase and a group member leaving phase; the specific operation steps of the new member joining stage are as follows:
S4A1, road end r broadcasts digital certificate DC in communication range r
S4A2, vehicles j in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4A3, road end r finds the intelligent contract through POS and generates transaction to trigger the intelligent contract, which returns H to vehicle j (RN c-j ) With quantum session key PFSK tag The method comprises the steps of carrying out a first treatment on the surface of the If the vehicle j gets H (RN) through intelligent contract c-j ) And slave message { AddReq, POS, ANC j ,H(RN c-j ) H (RN) received in c-j ) If the vehicle j identities are equal, the identity of the vehicles j is legal; otherwise, the method is illegal;
quantum session key PFSK derived using triggering a smart contract when the identity of vehicle j is legitimate tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4A4, after the identity authentication of all newly added vehicles is completed, the road end r recalculates the hash value of the anonymous certificates of all legal vehicles at present, takes the hash value as GSP-1 and combines with a splicing timestamp T sr And comparing signing the parameters using the private key to form a Signature to construct a message { GSP-2, { ANC j , PFSK tag , E PFSK (GSP-1)} i=1 1 , Signature, T sr -transmitting the message to all vehicles at present by multicast;
S4A5, the vehicle j receives the multicast message and checks whether the anonymous credential of the vehicle j exists in the message; if the vehicle j exists, the identity verification of the vehicle j is successful, otherwise, the identity verification of the vehicle j is unsuccessful;
for a vehicle with successful authentication, firstly intercepting GSP-2 in a message and according to the number of a road end r
The public key obtained by the certificate is verified through the public key Signature; then, according to the obtained GSP-1 and GSP-2, calculating to obtain a group key GSK, wherein GSK=H (GSP-1, GSP-2);
For the original members in the communication range of the road end r, the GSP-2 is obtained again according to the step S34, and the corresponding GSK is updated.
4. A blockchain-based quantum group key distribution method suitable for use in a V2I scenario as claimed in claim 3, wherein the specific operation steps of the group member leave phase are as follows:
S4B1, road end r broadcasts digital certificate DC in communication range r
S4B2, vehicles j in the communication range of the entrance end r broadcast and receive the digital certificate DC of the entrance end r through the PC5 r The method comprises the steps of carrying out a first treatment on the surface of the Vehicle j broadcasts message { AddReq, POS, ANC to road side r j ,H(RN c-j ) And, wherein H (RN) c-j ) Is RN c-j Is a hash value of (2);
S4B3, judging whether the vehicle ready to leave is a current group member or not by the road side r, if so, regenerating GSP-1 by the road side r, and using the quantum session key PFSK obtained by triggering the intelligent contract in the step S33 tag Encrypting the generated random number GSP-1 as a symmetric key so that the random number GSP-1 is kept unchanged;
S4B4, the road end r recalculates the hash value of the anonymous certificates of all vehicles with legal identities in the current group, takes the hash value as GSP-1 and combines with the splicing timestamp T sr Comparing the parameters signed by the private key to obtain Signature so as to form a message, and transmitting the message to all the current vehicles in a multicast mode;
S4B5, the rest vehicles in the group receive the multicast information and check whether the anonymous credentials of the rest vehicles exist, if so, the rest vehicles are still in the current group, otherwise, the rest vehicles are not;
for vehicles still in the current group, GSP-2 in the message is intercepted first, and the number of the road side r is used for calculating the number of the road side r
The public key obtained by the certificate is further verified through the public key;
then through quantum session key PFSK tag Decrypting the message to obtain GSP-2; finally, using the obtained GSP-1 and GSP-2, a group key GSK is calculated, and GSK=H (GSP-1, GSP-2).
CN202311515376.1A 2023-11-15 2023-11-15 Quantum group key distribution method applicable to V2I scene based on blockchain Active CN117241267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311515376.1A CN117241267B (en) 2023-11-15 2023-11-15 Quantum group key distribution method applicable to V2I scene based on blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311515376.1A CN117241267B (en) 2023-11-15 2023-11-15 Quantum group key distribution method applicable to V2I scene based on blockchain

Publications (2)

Publication Number Publication Date
CN117241267A CN117241267A (en) 2023-12-15
CN117241267B true CN117241267B (en) 2024-01-12

Family

ID=89093403

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311515376.1A Active CN117241267B (en) 2023-11-15 2023-11-15 Quantum group key distribution method applicable to V2I scene based on blockchain

Country Status (1)

Country Link
CN (1) CN117241267B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2020102068A4 (en) * 2020-09-01 2020-10-15 Seyed-Sajad Ahmadpour LSM- Quantum Computing: LARGE DATABASES STORE INTO A VERY SMALL MEMORY USING QUANTUM COMPUTING AND AI-BASED PROGRAMMING
WO2021083557A1 (en) * 2019-10-31 2021-05-06 Eberle Design, Inc. Method for secure vehicular communications and methods for pedestrian and vehicle location validation
CN113596778A (en) * 2021-07-28 2021-11-02 国家电网有限公司 Vehicle networking node anonymous authentication method based on block chain
WO2022153039A1 (en) * 2021-01-13 2022-07-21 Arqit Limited System and method for group key formation
CN115001722A (en) * 2021-02-20 2022-09-02 南京如般量子科技有限公司 Anti-quantum computing internet-of-vehicle communication method and system based on CA and Guomu algorithm
CN115019901A (en) * 2022-06-14 2022-09-06 浪潮集团有限公司 Drug screening and synthesizing processing method based on block chain and quantum computation
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal
KR20220138648A (en) * 2021-04-06 2022-10-13 주식회사 이와이엘 Device authentication method using the quantum key through QRNG and certificate generated through the quantum key
CN116471128A (en) * 2023-06-20 2023-07-21 合肥工业大学 Secure audio communication method and system for vehicle and external equipment
CN116933886A (en) * 2023-09-12 2023-10-24 苏州浪潮智能科技有限公司 Quantum computing execution method, quantum computing execution system, electronic equipment and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9509506B2 (en) * 2011-09-30 2016-11-29 Los Alamos National Security, Llc Quantum key management
WO2018228952A1 (en) * 2017-06-12 2018-12-20 British Telecommunications Public Limited Company Expendable network access
US11863546B2 (en) * 2018-11-09 2024-01-02 Eberle Design, Inc. Method for secure communications and structure therefor
KR102592873B1 (en) * 2020-07-03 2023-10-25 한국전자통신연구원 Quantum Key Distribution Node Apparatus and Method for Quantum Key Distribution thereof

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021083557A1 (en) * 2019-10-31 2021-05-06 Eberle Design, Inc. Method for secure vehicular communications and methods for pedestrian and vehicle location validation
AU2020102068A4 (en) * 2020-09-01 2020-10-15 Seyed-Sajad Ahmadpour LSM- Quantum Computing: LARGE DATABASES STORE INTO A VERY SMALL MEMORY USING QUANTUM COMPUTING AND AI-BASED PROGRAMMING
WO2022153039A1 (en) * 2021-01-13 2022-07-21 Arqit Limited System and method for group key formation
CN115001722A (en) * 2021-02-20 2022-09-02 南京如般量子科技有限公司 Anti-quantum computing internet-of-vehicle communication method and system based on CA and Guomu algorithm
KR20220138648A (en) * 2021-04-06 2022-10-13 주식회사 이와이엘 Device authentication method using the quantum key through QRNG and certificate generated through the quantum key
WO2022213564A1 (en) * 2021-04-07 2022-10-13 东南大学 Quantum key distribution and negotiation method for internet-of-things wireless terminal
CN113596778A (en) * 2021-07-28 2021-11-02 国家电网有限公司 Vehicle networking node anonymous authentication method based on block chain
CN115019901A (en) * 2022-06-14 2022-09-06 浪潮集团有限公司 Drug screening and synthesizing processing method based on block chain and quantum computation
CN116471128A (en) * 2023-06-20 2023-07-21 合肥工业大学 Secure audio communication method and system for vehicle and external equipment
CN116933886A (en) * 2023-09-12 2023-10-24 苏州浪潮智能科技有限公司 Quantum computing execution method, quantum computing execution system, electronic equipment and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一款基于量子通信技术的新型无人驾驶车载安全通信模块;彭鹏;;江苏通信(01);全文 *
基于身份验证和纠缠交换的量子密钥分发;钟纪锋;;邵阳学院学报(自然科学版)(06);全文 *

Also Published As

Publication number Publication date
CN117241267A (en) 2023-12-15

Similar Documents

Publication Publication Date Title
CN109687976B (en) Motorcade building and managing method and system based on block chain and PKI authentication mechanism
CN112039872B (en) Cross-domain anonymous authentication method and system based on block chain
CN109788482B (en) Method and system for anonymous authentication of messages between vehicles in Internet of vehicles environment
CN110581763B (en) Quantum key service block chain network system
CN109698754B (en) Fleet safety management system and method based on ring signature and vehicle management platform
CN112039870B (en) Privacy protection-oriented vehicle-mounted network authentication method and system based on block chain
CN109936509B (en) Equipment group authentication method and system based on multi-identity
CN110958607B (en) Internet of vehicles certificate management method for preventing privacy disclosure
Priyadharshini et al. A secure hash message authentication code to avoid certificate revocation list checking in vehicular adhoc networks
CN114884698B (en) Kerberos and IBC security domain cross-domain authentication method based on alliance chain
CN113852632B (en) SM9 algorithm-based vehicle identity authentication method, system, device and storage medium
CN111211892A (en) Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof
CN111212400B (en) Anti-quantum computing internet-of-vehicle system based on secret sharing and mobile terminal and authentication method thereof
CN114286332B (en) Dynamic efficient vehicle-mounted cloud management method with privacy protection function
CN108933665B (en) Method for applying lightweight V2I group communication authentication protocol in VANETs
CN115473631A (en) Block chain certificateless aggregation signcryption key negotiation method based on Chinese remainder theorem
CN117254910B (en) Efficient group key distribution method based on quantum random number under vehicle-mounted ad hoc network
CN115102695A (en) Vehicle networking certificate authentication method based on block chain
CN117793670A (en) Internet of vehicles secure communication method under block chain architecture
Feng et al. PBAG: A Privacy-Preserving Blockchain-Based Authentication Protocol With Global-Updated Commitment in IoVs
CN108600240A (en) A kind of communication system and its communication means
CN116828451A (en) Block chain-based network connection motorcade identity authentication method, device and medium
CN117200966A (en) Trusted authorization data sharing method based on distributed identity and alliance chain
CN116760614A (en) Zero-knowledge proof identity authentication scheme for Internet of vehicles based on blockchain and PUF technology
CN117241267B (en) Quantum group key distribution method applicable to V2I scene based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant