CN118138235A

CN118138235A - Communication system for realizing dynamic encryption of data based on quantum key technology

Info

Publication number: CN118138235A
Application number: CN202410412490.XA
Authority: CN
Inventors: 肖贺; 魏明; 王克强
Original assignee: Primeton Information Technology Co ltd
Current assignee: Primeton Information Technology Co ltd
Priority date: 2024-04-08
Filing date: 2024-04-08
Publication date: 2024-06-04

Abstract

The invention relates to a communication system for realizing dynamic encryption of data based on a quantum key technology, wherein the system comprises: the quantum key management platform is used for generating and distributing quantum keys, carrying out data encryption and decryption operation on the quantum keys based on dynamic encryption management, and monitoring system states and external threats; and a plurality of QKD devices connected to the quantum key management platform, each QKD device being communicatively connected to a corresponding user. The communication system for realizing data dynamic encryption based on the quantum key technology, which is disclosed by the invention, provides higher-level security guarantee than that of the traditional method by utilizing the quantum key technology, particularly resists potential threat of a future quantum computer, improves the security of the communication system, and simultaneously, due to the cross-platform design, the system can be widely applied to different industries and equipment, can provide security guarantee for various sensitive data transmission, and has wider application scenes.

Description

Communication system for realizing dynamic encryption of data based on quantum key technology

Technical Field

The invention relates to the technical field of data encryption communication, in particular to the technical field of quantum keys, and specifically relates to a communication system for realizing dynamic data encryption based on a quantum key technology.

Background

In recent years, the Internet technology has been greatly developed, the world has entered the era of Internet +, people have great convenience in daily life, for example, information of surrounding restaurants, stations, tourist attractions and the like can be obtained in real time through location service, and convenience is brought to the travel of people; in the aspect of living at home, people can also remotely control the terminal equipment through a remote control function, such as turning on or off household appliances and the like. In the "internet+" age, users are also faced with data security issues while fully enjoying the convenience of network applications. The mobile user data is transmitted through the Internet and then interacts with the target server to realize corresponding actions, but data leakage easily occurs in the process, so that irreversible loss is caused to the user. Particularly, in the scenes of online payment, funds transfer, financial transaction and the like in the financial industry, the safety and privacy of transaction data are required to be ensured, and in the medical industry, the privacy of patients is also required to be protected from being revealed on health data (such as medical records, research data and other sensitive information). Encryption techniques involving sensitive information such as user privacy and mobile payment account passwords are of great interest.

Data encryption is widely seen that common symmetric encryption or asymmetric encryption uses a fixed key or a timing update key, and whether the fixed key or the timing update key is used, a situation that a large number of data packets use the same key exists. A hacker can obtain the passwords of a large number of data packets by only attacking and cracking one packet of data. In order to increase the data security, the complexity of the encryption algorithm can be continuously improved, and the cracking difficulty is improved.

The current encryption system comprises a symmetric key system and an asymmetric key system. In a symmetric key based cryptosystem, two parties to a communication share a symmetric key. A realization method based on symmetric key is that two communication parties store a shared symmetric key in advance, and each time of encrypted communication of the two parties uses the symmetric key to carry out encrypted communication. In this way, the communication terminal needs to hold all symmetric keys shared with other communication terminals. The asymmetric encryption system requires two keys: public keys and private keys. The public key and the private key are a pair, and if the data is encrypted by the public key, the data can be decrypted only by the corresponding private key; if the data is encrypted with a private key, then decryption is only possible with the corresponding public key. The basic process of realizing the secret information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of keys and discloses one of the keys as a public key to the other party; the party B obtaining the public key uses the key to encrypt the confidential information and then sends the encrypted confidential information to the party A; the first party decrypts the encrypted information with another private key stored by the first party. The confidentiality of the asymmetric encryption algorithm is relatively good, which eliminates the need for end users to exchange keys. Characteristics of asymmetric key system: the algorithm strength is complex, the security depends on the algorithm and the secret key, but the encryption and decryption speeds are not as fast as the symmetric encryption and decryption speeds due to the complex algorithm. There is only one key in the symmetric cryptosystem and it is not public and the other party is made aware of the key if it is to be decrypted. The security is guaranteed by guaranteeing the security of the secret key, and the asymmetric secret key system has two secret keys, one of which is public, so that the secret key of the other party can be transmitted without the need of the secret key of the other party like a secret code.

Disclosure of Invention

The invention aims to overcome the defects of the prior art, combines the quantum encryption technology with dynamic algorithm management by improving the encryption mode of the prior communication system, adopts the unpredictability and the irreproducibility of the quantum encryption technology, and provides a communication system for realizing dynamic data encryption based on the quantum key technology.

In order to achieve the above object, the communication system for realizing dynamic encryption of data based on quantum key technology of the present invention is as follows:

the communication system for realizing data dynamic encryption based on the quantum key technology is mainly characterized in that the system comprises:

The quantum key management platform is used for generating and distributing quantum keys, carrying out data encryption and decryption operation on the quantum keys based on dynamic encryption management, and monitoring system states and external threats; and

And the QKD devices are connected with the quantum key management platform and are in communication connection with corresponding users.

Preferably, the quantum key management platform includes:

The quantum key distribution module is used for carrying out identity verification processing according to the quantum state label of each QKD device; and generating and securely distributing the quantum key based on the QKD protocol;

The dynamic encryption management module is connected with the quantum key distribution module and is used for dynamically selecting and adjusting encryption algorithms and parameters according to the current network environment, the data sensitivity level and the security policy set by a user;

The encryption and decryption engine is connected with the dynamic encryption management module and used for executing actual data encryption and decryption operation and dynamically switching corresponding encryption algorithms according to the instruction of the dynamic encryption management module;

A cross-platform interface for providing a set of APIs and SDKs to enable the system to run on different operating systems and hardware platforms; and

The safety monitoring and self-repairing module is used for monitoring the state of the system and external threat in real time and carrying out multi-level safety verification on the system.

Preferably, the quantum state tag is used for realizing high-security identity authentication, specifically:

according to the unique user ID and the time stamp of each QKD device, the user ID and the time stamp are converted into binary forms, a corresponding number of qubits are selected according to the information length required to be encoded, the selected qubits are initialized to a ground state, and according to the specific binary values of the user ID and the time stamp, the states of the qubits are changed by using a quantum logic gate, so that the security is enhanced.

Preferably, the quantum key distribution module comprises the following steps:

Identity verification processing: adopting a Challenge-Response mechanism to perform identity verification according to the quantum state label of the QKD equipment;

key distribution processing: based on QKD protocol, the two parties share an initial security key by quantum state transmitter and quantum state detector through quantum state transmission and measurement;

Channel allocation processing: each of the QKD devices first determines the user's level of confidentiality of the input information and assigns different transport channels based on the different levels of confidentiality.

Preferably, the dynamic encryption management module adopts a self-adaptive dynamic encryption strategy, and dynamically updates the key after detecting potential security threat at fixed time intervals, the transmitted data volume reaches a preset value or detecting the change of the communication channel.

Preferably, the dynamic updating policy adopted by the dynamic encryption management module includes:

changing the coding: different quantum encodings are used to increase the robustness of the system;

redundancy is added: introducing extra redundant qubits in the coding for ensuring the transmission of effective information;

using a quantum error correction code: selecting an error correction code having a higher error correction capability for error correction; and

The transmission rate of the qubits is adjusted.

Preferably, the safety monitoring and self-repairing module specifically includes:

Real-time monitoring and self-repair mechanisms: the integrated real-time monitoring system is used for timely detecting security threats and system loopholes and automatically taking measures to repair or switch to a security state so as to ensure that communication is not interrupted; and

And a multi-factor authentication mechanism is introduced to carry out multi-level security verification on the system, so that the security of communication is further enhanced.

The communication system for realizing data dynamic encryption based on the quantum key technology combines the quantum encryption technology with dynamic algorithm management, adopts the unpredictability and the irreproducibility of the quantum encryption technology, so that information cannot be stolen or eavesdropped in the transmission process, thereby realizing real indestructibility, automatically adjusting encryption strategies according to environment and requirements, ensuring safety, optimizing performance and greatly improving the safety and randomness of keys. Through the simplified integration mode and automatic safety management, the threshold of using encryption service by a user is reduced, and the user experience is effectively improved.

Drawings

Fig. 1 is a schematic structural diagram of a communication system for implementing dynamic data encryption based on quantum key technology according to the present invention.

Fig. 2 is a flow chart of the communication system for realizing dynamic encryption of data based on the quantum key technology of the present invention.

Detailed Description

In order to more clearly describe the technical contents of the present invention, a further description will be made below in connection with specific embodiments.

Before describing in detail embodiments that are in accordance with the present invention, it should be observed that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Referring to fig. 1, the communication system for implementing dynamic encryption of data based on quantum key technology includes:

Referring to fig. 2, as a preferred embodiment of the present invention, the quantum key management platform includes:

As a preferred embodiment of the present invention, the quantum state tag is used for realizing highly secure authentication, specifically:

As a preferred embodiment of the present invention, the quantum key distribution module includes:

As a preferred embodiment of the invention, the dynamic encryption management module adopts an adaptive dynamic encryption strategy, and dynamically updates the key after detecting potential security threats at fixed time intervals, the transmitted data volume reaches a preset value or detecting a communication channel change.

As a preferred embodiment of the present invention, the dynamic updating policy adopted by the dynamic encryption management module includes:

The transmission rate of the qubits is adjusted.

As a preferred embodiment of the present invention, the safety monitoring and self-repairing module specifically includes:

Referring to fig. 2, the quantum key management platform of the present technical solution specifically includes:

1. Quantum Key Distribution (QKD) module: is responsible for generating and securely distributing quantum keys. The module adopts the latest quantum communication technology to ensure the security and randomness of the secret key.

2. Dynamic Encryption Management (DEM) module: the encryption algorithm and parameters are dynamically selected and adjusted according to the current network environment, the data sensitivity level and the security policy set by the user.

3. Encryption/decryption engine: and performing actual data encryption and decryption operations. The engine supports various encryption standards and protocols, and can dynamically switch encryption algorithms according to instructions of the DEM module.

4. Cross-platform interface: a set of APIs and SDKs are provided that enable the system to run on different operating systems and hardware platforms, including mobile devices, desktop systems, cloud services, and the like.

5. And the safety monitoring and self-repairing module is as follows: the system state and external threats are monitored in real time, and once a security problem or vulnerability is detected, a repair mechanism is automatically started or switched to a safer state.

In practical applications, the Quantum Key Distribution (QKD) module specifically includes the following processing procedures:

1. and (3) key generation: in the process of quantum key distribution, a quantum channel is first established between a sender and a receiver. Through this channel, the sender encodes bit information using one quantum state, and then sends the quantum states to the receiver.

2. Quantum state transmission: the sender will send a series of qubits that contain random information. During transmission, any interception or interference of the qubit can cause the destruction of the quantum state due to the nature of the quantum state.

3. Quantum state measurement: after receiving the quantum bit, the receiver performs corresponding measurement and analyzes random bit information of the sender.

4. Key agreement, the sender and the receiver generate a shared random key based on their respective measurements. This key is quantum state based quantum information with a high degree of security.

Specific encryption algorithms for generating and distributing quantum keys are: a single photon based BB84 algorithm and a B92 algorithm; and Gaussian key distribution algorithm based on continuous variable quantum key distribution: distribution and sharing of keys is achieved by successive variable representations of the quantum states (e.g., amplitude and phase of light).

The following further details the key technical features:

1. Quantum state tag of device:

Each QKD device in the system has a quantum state tag. By utilizing the unclonability of quantum states and quantum entanglement technology, a unique quantum state label (Quantum State Tag, QST) is allocated to each user to realize high-safety identity verification. In order to further improve the security, the scheme can be combined with a classical identity authentication mechanism, such as multi-factor authentication, wherein a quantum state tag is used as one of verification factors. The method comprises the following steps:

Each communication device has a unique user ID and a time stamp, which are converted into binary form, a number of qubits are selected, and the number is determined according to the information length to be encoded. For example, if the binary representation of the user ID and the timestamp requires (n) bits in total, we require at least (n) qubits.

All selected qubits are first initialized to the ground state and then a series of quantum logic gates (e.g., pauli-X gates, hadamard gates, CNOT gates, etc.) are used to change the state of the qubits according to the specific binary values of the user ID and timestamp, which can be used to create entangled states between the qubits for added security. For example, a Hadamard gate may be applied to one qubit and then the CNOT gate used to target the other qubit with the qubit as the control bit, thereby generating entanglement pairs.

Specific examples: assuming that the user ID is "01", the time stamp is "10", and the combined binary string is "0110". Using four qubits, the initial state is (|0000\range). Pauli-X gates are applied to the second and third qubits according to "0110", changing states to (|0110\range). The first qubit is selected to apply a Hadamard gate, and then other qubits are entangled through a CNOT gate, so that the safety is enhanced.

2. Key distribution

(1) Identity authentication: in Quantum Key Distribution (QKD), authentication is performed based on the quantum state tags of the devices. A Challenge-Response mechanism is typically employed. Specifically, the system sends a random challenge bit string to the device, and after the device receives the challenge bit string, the device performs an operation with the quantum state tag of the device, and sends the operation result to the system as a response. The system compares the results of the device responses to verify whether the identity of the device is legitimate. Since quantum state tags are unique and not reproducible, identity counterfeiting can be effectively prevented.

(2) Key distribution: both parties share an initial secure key through Quantum Key Distribution (QKD) techniques. Specific: quantum key distribution (Quantum Key Distribution, QKD) technology sharing refers to the sharing of one secure key by both parties of a communication through the transmission and measurement of quantum states when communicating using the QKD protocol. In conventional encrypted communications, both parties need to agree on a key in advance and transmit the key over a secure channel. However, the conventional key distribution method may be attacked by an eavesdropper, resulting in key leakage and unsafe communication.

Both parties to the communication use devices such as quantum transmitters and quantum detectors to share a random, secure key by transmitting and measuring qubits (quantum states). Specific:

Both parties of the communication (commonly referred to as Alice and Bob) use devices such as quantum transmitters (light sources) and quantum detectors (receivers). Alice generates a random string of bits and converts it into a random string of quantum bits (quantum states). Each qubit may be a quantum state of a photon, such as horizontal/vertical polarization or right/left circular polarization. Each of these qubits represents a random bit value.

Alice sends a series of qubits (quantum states) to Bob via a quantum channel. During transmission, noise interference is handled by error correction and randomization of the QKD protocol.

Bob receives the qubits sent by Alice and uses a quantum state detector to measure the state of each qubit. These measurements may be based on selected quantum state based results, such as horizontal/vertical, right/left, etc.

A public bit value comparison is made between Alice and Bob to determine if they match the basis chosen on the qubit. If the basis matches, the corresponding bit value is stored, otherwise the bit value is discarded.

Alice and Bob perform error correction and randomization protocols to handle errors caused by channel noise and interference. These protocols can correct or reduce errors and increase the confidentiality and security of the final key.

By setting a randomization function, alice and Bob extract a final key from the error corrected and randomized bit sequence. This key is shared, highly confidential, and is known only to Alice and Bob.

Compared with the prior art, the processing procedure is characterized in that:

dynamic adaptation to channel noise and interference is designed, and the robustness and adaptability of error correction are improved by monitoring the channel state in real time and adjusting an error correction strategy to cope with noise of different types and intensities.

Such as: error correction is performed by repetition coding while parameters of an error correction code are dynamically adjusted according to the frequency and pattern in which the error occurs.

It is assumed that in a quantum communication system, a transmitting end transmits a quantum bit (qubit) to a receiving end through a channel, but the quantum bit may be erroneous due to the influence of channel noise. To improve the reliability of transmission, the transmitting end may use repetition coding of three bits to transmit the qubit, i.e., the qubit is repeatedly transmitted twice.

Now, it is assumed that the frequency and pattern of occurrence of errors detected by the receiving end are changed during transmission. If the receiving end finds that most errors are single bit errors (i.e. single bit flip) and that double or triple bit errors occur less frequently, the parameters of the error correction code can be dynamically adjusted based on this finding.

In this case, the system may dynamically adjust the number of repetition codes, e.g., to increase to four bits or decrease to two bits, to better accommodate the frequency and pattern of single bit errors. By monitoring the error condition at the receiving end in real time and adjusting the repetition coding parameters according to the frequency and mode of error occurrence, the efficiency and performance of error correction can be improved, and the robustness and adaptability of the quantum communication system are enhanced.

For another example, a randomization protocol, assume Alice wants to prove to Bob that she knows a password without actually revealing the password itself. They can interact using the Zero-knowledge proof protocol (Zero-Knowledge Proofs). During this process Alice may introduce randomness, such as adding a random number or randomly selecting a different path and policy to construct the proof for each communication. Thus, even if Bob observes Alice's proof multiple times, it is not able to obtain enough information to crack the password.

(3) Channel allocation

There are two data transmission channels between QKD devices, which first determine the user's confidentiality level of the input information and assign different transmission channels according to different confidentiality levels. In fig. 1, the solid line represents a fiber transmission channel, and the broken line represents a free space transmission channel.

Optical fiber is a commonly used quantum information transmission medium. Fiber optic transmission channels are primarily concerned with the propagation characteristics of photons in an optical fiber, such as loss, dispersion, nonlinearity, etc. Different technical means can be adopted to compensate or counteract these effects for the characteristics of the optical fiber transmission channel to improve the fidelity and reliability of the transmission. For transmitting data with a high level of confidentiality.

Free space transport channels refer to the transport of quantum information in air or vacuum. Free space transmission channels often face problems of atmospheric absorption, scattering, atmospheric turbulence, etc., all of which can have an impact on the transmission and fidelity of quantum information. For transmitting data with a low level of confidentiality.

3. Adaptive dynamic encryption policy

The agreement is to dynamically update the key after a fixed time interval, a potential security threat is detected, the amount of data transferred reaches a preset value, or a change is detected in the communication channel.

Dynamic update policy:

Changing the coding: using different quantum encodings: for example, from polarization encoding to phase encoding. Polarization encoding may be affected by long-distance transmission of the fiber, while phase encoding systems may be less sensitive to this type of interference. Changing the coding strategy may increase the robustness of the system.

Redundancy is added: by introducing additional redundant qubits in the encoding, the transmission of effective information can be ensured even if part of the qubits become unreliable due to noise.

Using stronger quantum error correction codes: an error correction code having a higher error correction capability is selected, such as switching from a simple repetition code to a more complex Shor code or Steane code, etc. These advanced error correction codes are able to correct more errors, but at the cost of requiring more quantum resources.

Adjusting the transmission rate of the qubits: reducing the rate of transmission of qubits can reduce the error rate due to channel noise and loss when the link quality is poor. While this slows down the key generation rate, the quality of information transmission per qubit can be improved.

It should be noted that, the state change of the channel may be determined by error rate detection, time delay detection, and frequency offset detection, to determine whether dynamic adjustment is required. The encryption strategy is automatically adjusted according to the environment and the requirements, so that the safety is ensured, and the performance is optimized.

4. Cross-platform interface

Unified encryption platform interface: and a unified programming interface (API) is provided for different operating systems and hardware platforms, so that the integration and development processes of the encryption service are simplified.

5. Safety monitoring:

Real-time monitoring and self-repair mechanisms: the integrated real-time monitoring system can timely detect security threat and system loopholes and automatically take measures to repair or switch to a security state so as to ensure that communication is not interrupted.

Multilevel security verification: besides data encryption by using the quantum key, a multi-factor authentication mechanism such as a one-time password and the like can be introduced, so that the safety of communication is further enhanced.

In practical applications, the safety monitoring process specifically includes:

monitoring content in real time: security events, abnormal login, malware propagation, unauthorized access.

Self-repairing: mainly comprises the effects of improving fault tolerance mechanism and reducing system faults.

Improving fault tolerance includes redundant components or nodes: redundant hardware, software components or nodes, such as hot-standby, redundant storage, dual hot-standby, etc., are introduced to ensure that the system can continue to provide service in the event of a partial failure.

Automated patch deployment: and the system loopholes are scanned regularly, and the security patches are automatically downloaded, tested and deployed, so that human errors and delays are avoided.

One-time passwords such as dynamic passwords and the like can also be added into IP address authentication, security problem authentication and the like.

Compared with the prior art, the technical scheme has the following remarkable technical effects:

1. the invention provides a higher-level security guarantee than the traditional method by utilizing the quantum key technology, particularly resists the potential threat of a future quantum computer, and improves the security of a communication system.

2. The system of the present invention assigns a unique quantum state tag (Quantum State Tag, QST) to each user to achieve highly secure authentication.

3. According to the invention, by dynamically adjusting the encryption strategy, the system can adaptively provide an optimal encryption solution according to actual conditions, the security and the efficiency are considered, and the flexibility and the adaptability of the system encryption are enhanced.

4. The system adopts the cross-platform design, can be widely applied to different industries and equipment, including but not limited to the fields of finance, medical treatment, internet of things and the like, provides safety guarantee for various sensitive data transmission, and can be widely applied to the fields of application.

5. The invention reduces the threshold of using encryption service by the user through a simplified integration mode and automatic safety management, and improves the user experience.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and further implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution device.

Those of ordinary skill in the art will appreciate that all or a portion of the steps carried out in the method of the above-described embodiments may be implemented by a program to instruct related hardware, and the program may be stored in a computer readable storage medium, where the program when executed includes one or a combination of the steps of the method embodiments.

The above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, or the like.

In the description of the present specification, reference to the terms "one embodiment," "some embodiments," "examples," "specific examples," or "embodiments," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

In this specification, the invention has been described with reference to specific embodiments thereof. It will be apparent that various modifications and variations can be made without departing from the spirit and scope of the invention. The specification and drawings are, accordingly, to be regarded in an illustrative rather than a restrictive sense.

Claims

1. A communication system for implementing dynamic encryption of data based on quantum key technology, said system comprising:

2. The communication system for implementing dynamic encryption of data based on quantum key technology according to claim 1, wherein the quantum key management platform comprises:

3. The communication system for realizing dynamic encryption of data based on the quantum key technology according to claim 2, wherein the quantum state tag is used for realizing highly secure identity verification, specifically:

4. A communication system for implementing dynamic encryption of data based on quantum key technology according to claim 3, wherein the quantum key distribution module comprises:

5. The communication system for implementing dynamic encryption of data based on quantum key technology according to claim 2, wherein the dynamic encryption management module employs an adaptive dynamic encryption policy to dynamically update the key after detecting a potential security threat at a fixed time interval, the amount of data transferred reaches a preset value, or a change in the communication channel is detected.

6. The communication system for implementing dynamic encryption of data based on quantum key technology according to claim 5, wherein the dynamic updating strategy adopted by the dynamic encryption management module comprises:

The transmission rate of the qubits is adjusted.

7. The communication system for implementing dynamic encryption of data based on quantum key technology according to claim 5, wherein the security monitoring and self-repairing module specifically comprises: