CN117318943B - Quantum distributed data storage and recovery method - Google Patents
Quantum distributed data storage and recovery method Download PDFInfo
- Publication number
- CN117318943B CN117318943B CN202311607536.5A CN202311607536A CN117318943B CN 117318943 B CN117318943 B CN 117318943B CN 202311607536 A CN202311607536 A CN 202311607536A CN 117318943 B CN117318943 B CN 117318943B
- Authority
- CN
- China
- Prior art keywords
- data
- quantum
- data block
- information
- storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000011084 recovery Methods 0.000 title claims abstract description 33
- 238000013500 data storage Methods 0.000 title claims abstract description 21
- 238000007726 management method Methods 0.000 claims abstract description 49
- 230000006854 communication Effects 0.000 claims abstract description 16
- 239000011159 matrix material Substances 0.000 claims description 34
- 238000012795 verification Methods 0.000 claims description 26
- 238000004364 calculation method Methods 0.000 claims description 21
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000000638 solvent extraction Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 13
- 230000005540 biological transmission Effects 0.000 abstract description 10
- 239000012634 fragment Substances 0.000 abstract description 3
- 230000011664 signaling Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002068 genetic effect Effects 0.000 description 1
- 230000007774 longterm Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0852—Quantum cryptography
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B10/00—Transmission systems employing electromagnetic waves other than radio-waves, e.g. infrared, visible or ultraviolet light, or employing corpuscular radiation, e.g. quantum communication
- H04B10/70—Photonic quantum communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/004—Arrangements for detecting or preventing errors in the information received by using forward error control
- H04L1/0056—Systems characterized by the type of code used
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Electromagnetism (AREA)
- Theoretical Computer Science (AREA)
- Optics & Photonics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a quantum distributed data storage and recovery method, which relates to the technical field of data encryption, and a storage node is used for storing received data; the storage management server is used for decrypting the received encrypted information to obtain shared secret information and shared password information; the user end establishes a channel with the storage management server through a quantum channel and a classical channel, and the quantum channel distributes a secret key by adopting QKD; and the quantum random number generator is connected with the storage management server and used for generating quantum random numbers. According to the quantum distributed data storage and recovery method, password authentication and quantum communication are combined, the shared secret fragments of recovered data can be obtained only by having a correct authentication password, the quantum communication can realize the distribution of a quantum key with the safety ensured by quantum physical characteristics, and the quantum key is used for encrypting transmission signaling and data, so that the safety of communication is improved.
Description
Technical Field
The invention relates to the technical field of quantum encryption storage, in particular to a quantum distributed data storage and recovery method.
Background
With the wide application of the internet, the popularization of various digital consumer electronic products and the continuous development of mobile concepts in various fields from business offices to personal entertainment and leisure, the storage requirement of personal data, especially the requirement for mobile storage, is growing faster and faster. In the social situation where information is constantly revealed and confidentiality is constantly stolen, users need more secure mobile storage media. Especially in the important departments such as party, administration, army, enterprise, etc., the safe storage of data is especially important.
However, in the implementation process of the technical scheme, at least the following technical problems are found:
data is easy to leak: today, highly confidential data, such as personal genetic information, is stored in data centers and storage area networks. In these systems, information leakage is the most likely risk to an attacker on the system provider and storage server, which, once it occurs, will cause serious damage to the data owner. The security of such data should be strictly protected not only in long-term storage but also in data transfer between storage servers.
Therefore, how to ensure the security of data transmission and avoid data leakage caused by data transmission to the third person is important, and therefore, we propose a quantum distributed data storage and recovery method.
Disclosure of Invention
(one) solving the technical problems
Aiming at the defects of the prior art, the invention provides a quantum distributed data storage and recovery method, which solves the technical problem that the data is easy to leak in the transmission process of the distributed storage of the existing data.
(II) technical scheme
In order to achieve the above purpose, the invention is realized by the following technical scheme:
a quantum distributed data storage system, the storage method comprising the steps of:
s101: the user side multiplies a preset generating matrix B with a data vector D formed by data to be stored to obtain a data vector D';
partitioning the data block D ', carrying out hash calculation on each data block partitioned by the data block D ' based on a preset hash algorithm to obtain hash verification codes, adding the hash verification codes into each data block to obtain new data blocks, and splicing the new data blocks to form new storage data D ';
based on polynomial f on finite field d (x) N shares of shared secret information are produced, and the shared secret information is encrypted by utilizing a quantum key and then sent to a storage management server; the polynomial f d (x) The highest term number is k, and the constant term is D';
based on authentication password t and polynomial f t (x) N shares of shared password information are produced, and the shared password is generated by utilizing a quantum keyThe information is encrypted and then sent to a storage management server, wherein the polynomial f t (x) The highest number of times is less than f d (x) Polynomial f of the highest degree of (2) t (x) The constant term of (2) is an authentication password t, and the quantum key is obtained by quantum channel distribution in advance;
s102: the storage management server decrypts the received encrypted information by utilizing the quantum key distributed through the quantum channel to obtain shared secret information and shared password information, and distributes the shared secret information and the shared password information to each storage node for storage;
s103: the storage management server obtains the random number R from the quantum random number generator and is based on a polynomial f R (x) Calculating random number sharing information, and distributing the information to each storage node for storage, wherein the polynomial f is R (x) The highest degree of (2) and polynomial f t (x) The sum of the highest numbers of times of (2) is less than f d (x) Polynomial f of the highest degree of (2) d (x) The constant term of (2) is R;
s104: and the storage management server deletes all data in the communication process and completes storage.
Preferably, in the step S101, the generating matrix B is a unit matrix above and a non-unit matrix below.
Preferably, the non-unit matrix is a vandermonde matrix or a cauchy matrix.
Preferably, in the step S101, the step D' is divided into blocks according to rows to obtain a first data block and a second data block; the first data block is data obtained by multiplying the unit matrix above the D and the B, and the second data block is data obtained by multiplying the non-unit matrix below the D and the B;
wherein the calculation in the flow is in prime order q=2 l -1, each data being at most (l-1) bits.
Preferably, the hash calculation is performed on each data block after D' blocking based on a preset hash algorithm, including:
and carrying out hash calculation on each data block after the D' is blocked based on an MD5 hash algorithm.
Preferably, a quantum distributed data recovery method corresponding to the quantum distributed data storage method includes the following steps:
s201: the user side obtains the number of the target storage node, and then uses the authentication password T based on the polynomial f T (x) Calculating corresponding shared authentication information, encrypting by using a quantum key and then sending the encrypted shared authentication information to a storage management server, wherein f T (x) And f R (x) The sum of the highest times is less than f d (x) Highest degree k, polynomial f T (x) The constant term of (2) is T, and the authentication password T is obtained in advance;
s202: the storage management server decrypts the encrypted information sent by the user terminal in the step S201 by using the quantum key, obtains the number information L of the target storage node, the shared secret information, the shared password information and the random number shared information of the target storage node with the corresponding number, calculates a recovery data block, encrypts the recovery data block by using the quantum key and then sends the recovery data block to the user terminal;
s203: the user end decrypts the encryption information received in the step S202 by utilizing a quantum key to obtain a recovered data block F (i), wherein i is a number, and F (0) is obtained by calculation based on a Lagrange interpolation method;
s204: the user side divides the obtained F (0) into a first check data block and a second check data block, splits each first check data block to obtain a corresponding first data block and a hash verification code of the first data block, calculates hash values of all the first data blocks by using a preset hash algorithm, compares the hash values with the hash verification codes of the split first data blocks, if the hash values are the same, the corresponding first data blocks are not damaged, and the data vector D formed by original data to be stored is restored by using all the obtained undamaged first data blocks.
Preferably, in the step S202, the calculating the recovery data block includes:
the recovery data block is calculated based on the shared authentication information, the shared secret information, the shared password information and the random number sharing information, and the calculation formula is as follows:
F(i)=[f T (i)-f t (i)]*f R (i)+f d (i);
wherein f T (i) To share authentication information, f t (i) To share cryptographic information, f d (i) To share secret information, f R (i) Information is shared for random numbers.
Preferably, the recovery method further comprises the steps of:
s205: if the hash verification code in the first data block is different from the calculated hash value, continuing to split each second check data block to obtain a corresponding second data block and the hash verification code of the second data block, determining the second data block without damage based on the hash verification code of the second data block, and recovering the data vector D formed by original data to be stored based on the first data block without damage and the second data block without damage.
(III) beneficial effects
1. The password authentication is combined with the quantum communication, the shared secret fragment of the recovered data can be obtained only by having the correct authentication password, the quantum communication can realize the distribution of the quantum key with the security ensured by the quantum physical characteristics, and the transmission signaling and the data are encrypted by using the quantum key, so that the communication security is improved;
2. due to the adoption of erasure coding technology, the damaged data part can be recovered, and the disaster recovery capability of data storage is improved;
3. the storage management server returns F (i) = [ F) to the user terminal T (i)-f t (i)]*f R (i)+f d (i) By using [ f ] T (i)-f t (i)]*f R (i) For f d (i) Shielding to avoid f d (i) The data is recovered directly after the leak.
Drawings
The foregoing description is only an overview of the present invention, and is intended to provide a better understanding of the present invention, as it is embodied in the following description, with reference to the preferred embodiments of the present invention and the accompanying drawings.
FIG. 1 is a diagram of a distributed storage application scenario in an embodiment of the present invention;
fig. 2 is a schematic diagram of data encoding in an embodiment of the present invention.
Legend description: 121. a storage management server; 122. a quantum random number generator.
Detailed Description
According to the quantum distributed data storage and recovery method, the technical problem that data are easy to leak in the transmission process of existing data is solved, in the process of combining password authentication with quantum communication, a correct authentication password is needed to obtain shared secret fragments of recovered data, quantum communication can achieve distribution of quantum keys with the safety ensured by quantum physical characteristics, transmission signaling and data are encrypted by using the quantum keys, and the communication safety is improved; due to the adoption of erasure coding technology, the damaged data part can be recovered, and the disaster recovery capability of data storage is improved; the storage management server returns F (i) = [ F) to the user terminal T (i)-f t (i)]*f R (i)+f d (i) By using [ f ] T (i)-f t (i)]*f R (i) For f d (i) Shielding to avoid f d (i) The data is recovered directly after the leak.
The invention provides a quantum distributed data storage method, which comprises the following steps:
s101: the user side multiplies a preset generating matrix B with a data vector D formed by data to be stored to obtain a data vector D';
partitioning the data block D ', carrying out hash calculation on each data block partitioned by the data block D ' based on a preset hash algorithm to obtain hash verification codes, adding the hash verification codes into each data block to obtain new data blocks, and splicing the new data blocks to form new storage data D ';
based on polynomial f on finite field d (x) N shares of shared secret information are produced, encrypted by a quantum key and sent to the storage management server 121; the polynomial f d (x) The highest term number is k, and the constant term is D';
based on authentication password t and polynomial f t (x) N shares of shared password information are produced and utilizedEncrypting the shared password information by using a quantum key and then sending the encrypted shared password information to a storage management server, wherein the polynomial f t (x) The highest number of times is less than f d (x) Polynomial f of the highest degree of (2) t (x) The constant term of (2) is an authentication password t, and a quantum key is obtained by quantum channel distribution in advance;
the upper part of the generating matrix B is a unit matrix, the lower part is a non-unit matrix, and the non-unit matrix is a Van der Monte matrix or a Cauchy matrix;
dividing D' into blocks according to rows to obtain a first data block and a second data block; the first data block is data obtained by multiplying the unit matrix above the D and the B, and the second data block is data obtained by multiplying the non-unit matrix below the D and the B;
wherein the calculation in the flow is in prime order q=2 l -1, each data being at most (l-1) bits.
Carrying out hash calculation on each data block after the D' block based on a preset hash algorithm, wherein the method comprises the following steps:
carrying out hash calculation on each data block after D' blocking based on an MD5 hash algorithm;
s102: the storage management server 121 decrypts the received encrypted information by using the quantum key distributed through the quantum channel to obtain shared secret information and shared password information, and distributes the shared secret information and the shared password information to each storage node to store;
s103: the storage management server 121 acquires the random number R from the quantum random number generator 122, and is based on the polynomial f R (x) Calculating random number sharing information, and distributing the information to each storage node for storage, wherein the polynomial f is R (x) The highest degree of (2) and polynomial f t (x) The sum of the highest numbers of times of (2) is less than f d (x) Polynomial f of the highest degree of (2) d (x) The constant term of (2) is R;
s104: the storage management server 121 deletes all data in the communication process and completes storage.
In some examples, a method of quantum distributed data recovery corresponding to a method of quantum distributed data storage, the method of recovery comprising the steps of:
s201: the user side obtains the number of the target storage node, and then uses the authentication password P based on a polynomial f P (x) Calculating corresponding shared authentication information, encrypting by using a quantum key and then sending the encrypted shared authentication information to a storage management server, wherein f T (x) And f R (x) The sum of the highest times is less than f d (x) Highest degree k, polynomial f T (x) The constant term of (2) is T, and the authentication password T is obtained in advance;
s202: the storage management server 121 decrypts the encrypted information sent by the user terminal in step S201 by using the quantum key, obtains the number information L of the target storage node, the shared secret information, the shared password information and the random number shared information of the target storage node corresponding to the number, calculates a recovered data block, encrypts the recovered data block by using the quantum key, and sends the encrypted recovered data block to the user terminal;
calculating the recovery data block includes:
the recovery data block is calculated based on the shared authentication information, the shared secret information, the shared password information and the random number sharing information, and the calculation formula is as follows:
F(i)=[f T (i)-f t (i)]*f R (i)+f d (i);
wherein f T (i) To share authentication information, f t (i) To share cryptographic information, f d (i) To share secret information, f R (i) Sharing information for the random number;
s203: the user end decrypts the encryption information received in the step S202 by utilizing a quantum key to obtain a recovered data block F (i), wherein i is a number, and F (0) is obtained by calculation based on a Lagrange interpolation method;
s204: the user side divides the obtained F (0) into a first check data block and a second check data block, splits each first check data block to obtain a corresponding first data block and a hash verification code of the first data block, calculates hash values of all the first data blocks by using a preset hash algorithm, compares the hash values with the hash verification codes of the split first data blocks, if the hash values are the same, the corresponding first data blocks are not damaged, and the data vector D formed by original data to be stored is restored by using all the obtained undamaged first data blocks.
S205: if the hash verification code in the first data block is different from the calculated hash value, continuing to split each second check data block to obtain a corresponding second data block and the hash verification code of the second data block, determining the second data block without damage based on the hash verification code of the second data block, and recovering the data vector D formed by original data to be stored based on the first data block without damage and the second data block without damage.
Examples
The technical scheme in this application embodiment is for solving the technical problem that current data is easy to reveal in the transmission process, and the overall thinking is as follows:
in order to solve the problems in the prior art, the invention provides a quantum distributed data storage and recovery method, and referring to fig. 1, a distributed storage system comprises a storage management server, a quantum random number generator, a plurality of storage nodes, and the number of the storage nodes is determined according to specific conditions.
The user end establishes channels with the storage management server through quantum channels and classical communication modes, the quantum channels can adopt QKD (Quantum Key Distribution ) for distributing keys so as to realize the distribution of quantum keys with the security ensured by the physical characteristics of quanta among the receiving and transmitting ends, and the classical channels are used for transmitting data and information encrypted by the quantum keys. The user side and the storage management server can be externally connected with quantum key equipment, and quantum key distribution is realized among the quantum key equipment through a quantum channel.
The storage management server is connected with the quantum random number generator to acquire the quantum random number generated by the quantum random number generator, and the storage management server is also connected with the storage node. The storage management server and the storage node can be deployed in the same local network, so that the communication safety between the storage management server and the storage node is improved, and if the storage management server and the storage node are deployed in different local networks, the storage management server and the storage node can establish a quantum channel so as to distribute quantum keys in a QKD communication mode, and the security of information transmission is improved by encrypting the quantum keys used for transmission data.
The flow of distributed storage is as follows:
s1: the user side multiplies the data vector D formed by the data to be stored by a preset generating matrix B to obtain a data vector D'. The generating matrix B may be a unit matrix above, and a vandermonde matrix or a kexi matrix below.
The D' is partitioned to obtain D1, D2, D3 … … C1, C2, and C3 … …, where D1, D2, and D3 … are data obtained by multiplying the unit matrices of D and B, and are the same as the corresponding position data in D, and C1, C2, and C3 … … are data obtained by multiplying the non-unit matrices of D and B below, as shown in fig. 2.
Note that the calculations in this flow, such as polynomial calculations, are all in prime order q=2 l -1, so that each data is at most (l-1) bits.
Carrying out hash calculation, such as MD5 hash algorithm, on each data block after the D 'is segmented to obtain hash verification codes, respectively adding the hash verification codes into each data block to obtain new data blocks D1', D2', D3' … … C1', C2', C3'… …, and then splicing the new data blocks to form new storage data D';
based on polynomial f on finite field d (x) The polynomial having a degree of maximum k and a constant term D ", n shares of shared secret information are produced, e.g. f is calculated d (1),f d (2)……f d (n) then transmitting it to a storage management server in a quantum secure communication manner.
For example: polynomial f d (x)=ax 2 +bx+d ", k=2, n=4, f is calculated d (1),f d (2),f d (3),f d (4) Using quantum keys distributed over quantum channels to distribute f d (1),f d (2),f d (3),f d (4) And after encryption, sending the encrypted data to a storage management server.
The user uses the authentication password t and the polynomial f t (x) Making n shares of shared cryptographic information, e.g. calculating f t (1),f t (2),……,f t And (n) transmitting the data to a storage management server in a quantum encryption mode. For polynomial f t (x) With a maximum number of times less than f d (x) The constant term of the highest order k of (2) is the authentication password t.
For example: calculating f t (1),f t (2),f t (3),f t (4) Acquiring a quantum key distributed through a quantum channel, and using the quantum key to obtain f t (1),f t (2),f t (3),f t (4) And after encryption, sending the encrypted data to a storage management server.
S2: the storage management server receives the encrypted information and decrypts the encrypted information by using the quantum key distributed through the quantum channel to obtain the shared secret information f d (1),f d (2)……,f d (n) and sharing the password information f t (1),f t (2),……,f t (n) and distributes it to the individual storage nodes for storage.
For example: after decryption, f d (1),f t (1) Sending to the storage node 1 for storage, and f d (2),f t (2) Sending to the storage node 2 for storage, and f d (3),f t (3) Sending to the storage node 3 for storage, and f d (4),f t (4) And sent to the storage node 4 for storage.
S3: the storage management server acquires the random number R from the quantum random number generator, calculates random number sharing information, and distributes the random number sharing information to each storage node for storage.
For example: the quantum random number generator responds to the instruction of the storage management server to generate random numbers R, R is not equal to 0 and is sent to the storage management server, and the storage management server is based on a polynomial f R (x) Calculating f R (1),f R (2),f R (3),f R (4) And distributed to storage nodes 1 to 4 correspondingly. Corresponding polynomial f R (x) Its maximum number of times is equal to f p (x) The sum of the highest times is less than f d (x) The constant term of the highest order k of (2) is R.
S4: the storage management server deletes the communicationAll data in the process, including f d (i),f t (i),f R (i) And R, the storage process is completed.
And (3) a data recovery process:
s1': the user terminal uses the authentication password T and is based on a polynomial f T (x) And calculating corresponding shared information, and sending the corresponding shared information to a storage management server after quantum encryption. f (f) T (x) And f R (x) The sum of the highest times is less than f d (x) The highest number k, with a constant term T. The authentication password T may be acquired in advance.
For example: polynomial f d (x) If the highest number of times of (a) is k, at least k+1.ltoreq.n shares of secret information are needed to recover the data, assuming k=2, f t (x),f R (x),f t (x) At least 3 shares of shared secret information are required if the highest number of times is 1. Suppose now that it is desired to recover data using the shared secret information of storage node 1, storage node 2, and storage node 3.
The ue will l= {1,2,3} and f T (1)、f T (2) And f T (3) And after being encrypted by the quantum key, the quantum key is sent to a storage management server.
S2': using the previous example, the storage management server decrypts the information sent by the user terminal in S1' using the quantum key to obtain L and f T (1)、f T (2) And f T (3)。
Acquiring information stored in each of the storage nodes 1,2 and 3 based on L, and calculating information for each storage node:
F(i)=[f T (i)-f t (i)]*f R (i)+f d (i),i=1,2,3
f (1), F (2) and F (3) are calculated, encrypted in a quantum encryption mode and returned to the corresponding user side.
S3': the user terminal decrypts the information received by the S2 'to obtain F (1), F (2) and F (3), and F (0) is calculated based on Lagrangian interpolation, and if the password P=p provided by the user terminal, F (0) =D'.
S4': the user side divides the obtained F (0), namely D ', into blocks according to the previous mode to obtain D1', D2', D3' … … C1', C2', C3' … …, and splits each block to obtain corresponding D1, D2, D3 … … C1, C2, C3 … … and hash verification codes of each block, calculates hash values of all D1, D2, D3 … … by using the same hash function as the previous, compares the hash values with the hash verification codes, and if the hash values are the same, indicates that the corresponding data blocks are original data blocks, and restores a data vector D formed by original data to be stored by using all obtained D1, D2 and D3 … ….
S5': if the hash verification code is different from the calculated hash value in D1, D2 and D3 … …, continuing to verify the data blocks C1, C2 and C3 … … to discard the damaged data blocks, and recovering the data by using the reserved data blocks, specifically as follows:
for example: for D1, D2, D3, D4, D5, C1, C2, C3, wherein D1, D4 and C2 are damaged, the damaged data are discarded, D2, D3, D5, C1, C3 are reserved, corresponding row data in the original generation matrix B are discarded at the same time, a reserved matrix B 'is obtained, D2, D3, D5, C1 and C3 are spliced to obtain a reserved vector S, and then (B') is calculated -1 * S=d, and a data vector D composed of the original data to be stored can be obtained.
Finally, it should be noted that: it is apparent that the above examples are only illustrative of the present invention and are not limiting of the embodiments. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. And obvious variations or modifications thereof are contemplated as falling within the scope of the present invention.
Claims (8)
1. A method of quantum distributed data storage, the method comprising the steps of:
s101: the user side multiplies a data vector D formed by data to be stored with a preset generation matrix B to obtain a data vector D';
partitioning the data block D ', carrying out hash calculation on each data block partitioned by the data block D ' based on a preset hash algorithm to obtain hash verification codes, adding the hash verification codes into each data block to obtain new data blocks, and splicing the new data blocks to form new storage data D ';
based on polynomial f on finite field d (x) N shares of shared secret information are produced, and the shared secret information is encrypted by utilizing a quantum key and then sent to a storage management server (121); the polynomial f d (x) The highest term number is k, and the constant term is D';
based on authentication password t and polynomial f t (x) N shares of shared password information are produced, the shared password information is encrypted by utilizing a quantum key and then sent to a storage management server, wherein the polynomial f t (x) The highest number of times is less than f d (x) Polynomial f of the highest degree of (2) t (x) The constant term of (2) is an authentication password t, and the quantum key is obtained by quantum channel distribution in advance;
s102: the storage management server (121) decrypts the received encrypted information by utilizing the quantum key distributed through the quantum channel to obtain shared secret information and shared password information, and distributes the shared secret information and the shared password information to each storage node for storage;
s103: the storage management server (121) acquires the random number R from the quantum random number generator (122) and based on the polynomial f R (x) Calculating random number sharing information, and distributing the information to each storage node for storage, wherein the polynomial f is R (x) The highest degree of (2) and polynomial f t (x) The sum of the highest numbers of times of (2) is less than f d (x) Polynomial f of the highest degree of (2) d (x) The constant term of (2) is R;
s104: the storage management server (121) deletes all data in the communication process and completes storage.
2. A method of quantum distributed data storage as claimed in claim 1 wherein: in the step S101, the generating matrix B is a unit matrix above and a non-unit matrix below.
3. A method of quantum distributed data storage as claimed in claim 2 wherein: the non-element matrix is a vandermonde matrix or a cauchy matrix.
4. A method of quantum distributed data storage as claimed in claim 2 wherein: in the step S101, dividing the D' into blocks according to the row to obtain a first data block and a second data block; the first data block is data obtained by multiplying the unit matrix above the D and the B, and the second data block is data obtained by multiplying the non-unit matrix below the D and the B;
wherein the calculation in the flow is in prime order q=2 l -1, each data being at most (l-1) bits.
5. The quantum distributed data storage method of claim 1, wherein the hashing calculation of each data block after D' blocking based on a preset hashing algorithm comprises:
and carrying out hash calculation on each data block after the D' is blocked based on an MD5 hash algorithm.
6. A method of quantum distributed data recovery corresponding to the method of quantum distributed data storage of claim 1, the recovery method comprising the steps of:
s201: the user side obtains the number of the target storage node, and then uses the authentication password T based on the polynomial f T (x) Calculating corresponding shared authentication information, encrypting by using a quantum key and then sending the encrypted shared authentication information to a storage management server, wherein f t (x) And f R (x) The sum of the highest times is less than f d (x) Highest degree k, polynomial f T (x) The constant term of (2) is T, and the authentication password T is obtained in advance;
s202: the storage management server (121) decrypts the encryption information sent by the user terminal in the step S201 by utilizing a quantum key, obtains the number information L of the target storage node, the shared secret information, the shared password information and the random number shared information of the target storage node with corresponding numbers, calculates a recovery data block, encrypts the recovery data block by utilizing the quantum key and then sends the recovery data block to the user terminal;
s203: the user end decrypts the encryption information received in the step S202 by utilizing a quantum key to obtain a recovered data block F (i), wherein i is a number, and F (0) is obtained by calculation based on a Lagrange interpolation method;
s204: the user side divides the obtained F (0) into a first check data block and a second check data block, splits each first check data block to obtain a corresponding first data block and a hash verification code of the first data block, calculates hash values of all the first data blocks by using a preset hash algorithm, compares the hash values with the hash verification codes of the split first data blocks, if the hash values are the same, the corresponding first data blocks are not damaged, and the data vector D formed by original data to be stored is restored by using all the obtained undamaged first data blocks.
7. The method for quantum distributed data recovery of claim 6, wherein: in the step S202, the calculating the recovery data block includes:
the recovery data block is calculated based on the shared authentication information, the shared secret information, the shared password information and the random number sharing information, and the calculation formula is as follows:
F(i)=[f T (i)-f t (i)]*f R (i)+f d (i);
wherein f T (i) To share authentication information, f t (i) To share cryptographic information, f d (i) To share secret information, f R (i) Information is shared for random numbers.
8. The method for quantum distributed data recovery of claim 6, wherein: the recovery method further comprises the steps of:
s205: if the hash verification code in the first data block is different from the calculated hash value, continuing to split each second check data block to obtain a corresponding second data block and the hash verification code of the second data block, determining the second data block without damage based on the hash verification code of the second data block, and recovering the data vector D formed by original data to be stored based on the first data block without damage and the second data block without damage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311607536.5A CN117318943B (en) | 2023-11-29 | 2023-11-29 | Quantum distributed data storage and recovery method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311607536.5A CN117318943B (en) | 2023-11-29 | 2023-11-29 | Quantum distributed data storage and recovery method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117318943A CN117318943A (en) | 2023-12-29 |
| CN117318943B true CN117318943B (en) | 2024-03-08 |
Family
ID=89255639
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311607536.5A Active CN117318943B (en) | 2023-11-29 | 2023-11-29 | Quantum distributed data storage and recovery method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117318943B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118550503A (en) * | 2024-07-26 | 2024-08-27 | 之江实验室 | Random number processing method, device, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2736870C1 (en) * | 2019-12-27 | 2020-11-23 | Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Complex for secure data transmission in digital data network using single-pass quantum key distribution system and method of keys adjustment during operation of system |
| US11856092B2 (en) * | 2021-06-02 | 2023-12-26 | International Business Machines Corporation | Limiting data availability on distributed ledger |
-
2023
- 2023-11-29 CN CN202311607536.5A patent/CN117318943B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN117318943A (en) | 2023-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hur et al. | Secure data deduplication with dynamic ownership management in cloud storage | |
| US20170244687A1 (en) | Techniques for confidential delivery of random data over a network | |
| CN117318943B (en) | Quantum distributed data storage and recovery method | |
| CN109274492B (en) | Self-secure tightly coupled secret sharing method | |
| EP2095561A2 (en) | Distributed encryption methods and systems | |
| CN103414682A (en) | Method for cloud storage of data and system | |
| US11177950B2 (en) | Key generation for use in secured communication | |
| Mo et al. | Two-party fine-grained assured deletion of outsourced data in cloud systems | |
| CN118555133A (en) | Quantum-resistant security enhancement method of transport layer security protocol | |
| CN111385090B (en) | Key distribution method and system based on multi-key combination quantum key relay | |
| CN112995215B (en) | Decryption system, method, device, electronic equipment and storage medium | |
| CN116707804B (en) | Method and equipment for enhancing FF1 format reserved encryption security | |
| CN107947923B (en) | Attribute key distribution method without trusted center | |
| EP3883178A1 (en) | Encryption system and method employing permutation group-based encryption technology | |
| Nagamani et al. | Physical Layer Security Using Cross Layer Authentication for AES-ECDSA Algorithm | |
| US11991269B1 (en) | System and method for distribution of key generation data in a secure network | |
| Chaitanya et al. | Implementation of security and bandwidth reduction in multi cloud environment | |
| Jacob et al. | Secured and reliable file sharing system with de-duplication using erasure correction code | |
| CN114285573B (en) | Symmetric key distribution method for resisting quantum attack | |
| CN118337372A (en) | Security traceable group key negotiation method and system based on aggregated broadcast | |
| US20230388105A1 (en) | Encryption communication system, encryption communication apparatus, and encryption communication method | |
| CN118611986A (en) | SM9 encryption algorithm-based cloud encryption file key updating method | |
| Imai et al. | Secret Verification Method Suitable for the Asymmetric Secret Sharing Scheme. | |
| CN116886298A (en) | Method and equipment for enhancing FF3 format reserved encryption security | |
| CN118764199A (en) | Quantum key-based terminal encryption method for Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |