CN218336048U - Secret key management dynamic route generation network architecture for quantum communication - Google Patents

Secret key management dynamic route generation network architecture for quantum communication Download PDF

Info

Publication number
CN218336048U
CN218336048U CN202123349381.9U CN202123349381U CN218336048U CN 218336048 U CN218336048 U CN 218336048U CN 202123349381 U CN202123349381 U CN 202123349381U CN 218336048 U CN218336048 U CN 218336048U
Authority
CN
China
Prior art keywords
quantum
information
key
alice
kms
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202123349381.9U
Other languages
Chinese (zh)
Inventor
郭邦红
胡敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National Quantum Communication Guangdong Co Ltd
Original Assignee
National Quantum Communication Guangdong Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Quantum Communication Guangdong Co Ltd filed Critical National Quantum Communication Guangdong Co Ltd
Application granted granted Critical
Publication of CN218336048U publication Critical patent/CN218336048U/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The utility model discloses a quantum communication key management dynamic routing generation network architecture, which comprises Alice, bob, KM, KMS and QKD; the Alice, the KM and the Bob are respectively communicated with the KMS through a classical network and report information, and after receiving the reported information, the KMS establishes a network topology relation and generates a dynamic routing table; the Alice, bob and KM are all provided with one or more QKD (quantum channels), the Alice, bob and KM communicate with each other through a classical network, and the QKD in communication with each other communicates through quantum channels; any two of Alice, bob and KM which are communicated with each other generate a quantum key K by one party, and the quantum key K is received by the other party to form key sharing between the two parties. The utility model discloses KMS couples together the network topology information of all nodes and forms the topology information of whole network, generates the routing table for the transmission rate of information on the network.

Description

Secret key management dynamic route generation network architecture for quantum communication
Technical Field
The utility model relates to a quantum communication and collar key management field, concretely relates to quantum communication's key management dynamic routing generates network architecture.
Background
With the rapid development of information technology and the rise and popularization of the internet, information plays an increasingly important role in daily life and work, and mass information is transmitted in a communication network at all times. Due to the openness of the internet and the great advantage of western developed countries in the field of information counting, eavesdroppers can intercept communication data by technical means.
In order to ensure the security of information during transmission, a sender usually uses an encryption algorithm and an encryption key to perform encryption operation on information to be transmitted, converts a plaintext with definite meaning into a meaningless ciphertext, then sends the ciphertext to a receiver through a communication network, the receiver receives the ciphertext and restores the ciphertext into the plaintext through a decryption algorithm and a decryption key, and the process is secret communication, such as a secret communication system model shown in fig. 4.
The security of the secure communication depends on the security of the cryptographic algorithm and the key. Key algorithms are generally classified into two broad categories, public key cryptography and private key cryptography.
Recently developed quantum computers utilize the superposition characteristics of quantum states and the parallelism of quantum operations. The powerful parallel computing power of quantum computers poses a serious threat to public key cryptography algorithms. This means that once a quantum computer is physically implemented, technical support is provided for cracking the RSA cipher.
Quantum communication is a novel interdisciplinary subject developed in recent years, and is a new field combining quantum theory and information theory. Fig. 3 is a quantum communication system model.
Quantum communication takes photons or entangled photon pairs as a physical carrier of communication, takes the polarization, phase and other quantum attributes of the photons as information encoding objects, realizes safe Quantum Key Distribution (QKD) between two communication parties, and utilizes a one-time pad password to realize safe secret communication on the basis.
The quantum communication process can be divided into quantum key distribution and secret communication.
The security of quantum key distribution comes from the basic principles of quantum mechanics, including Heisenberg uncertainty principle, quantum unclonable law, measurement collapse theory, and the like.
The quantum key distribution solves the problem of real-time key distribution, and lays a good foundation for the application of one-time pad passwords. The quantum communication taking quantum key distribution and 'one-time pad' as the core not only meets the demands of today, but also can ensure the secret communication of the quantum computer era in the future.
Due to the importance of secret communication in national security and national economy, once the concept of quantum communication is put forward, the quantum communication is widely concerned. Under the subsidy of governments of various countries, global scientific research institutions vigorously develop theories and experimental researches of quantum communication, and greatly promote the vigorous development of the quantum communication industry.
The quantum relay can realize relay transmission of quantum signals, and can effectively prolong the transmission distance of quantum communication.
The trusted relay scheme is a scheme for extending the transmission distance of quantum communication.
The trusted relay means that a secret key is firstly established between two communication parties and an intermediate node which is considered to be safe, and then the secret key is shared between the two communication parties through a secret key encryption transmission mode. Therefore, a user can divide a long-distance quantum communication link into a plurality of small segments, the end point of each segment is a credible relay, a secret key is generated between two adjacent end points through a quantum secret key distribution technology, the secret key is transmitted segment by utilizing one-time pad and safety identity authentication, and finally the transmission of the secret key from one end of the link to the other end is realized. Alice firstly performs quantum key distribution before the trusted relay 1, shares a group of keys K1, the trusted relay 1 performs quantum key distribution with the trusted relay 2, shares a group of keys K2, the trusted relay 2 performs quantum key distribution with Bob, and shares a group of keys K3, where K1, K2, and K3 have the same length, so if Alice wants to send a group of keys K1 or information M to Bob, K or M can be encrypted with K1, and it is safe and trusted to transmit to the trusted relay 2 first, which can ensure the safety of the whole transmission process. On the basis of the method, a communication link consisting of N credible relays can be easily expanded. Trusted relaying requires that the relay point must be secure and trusted.
The trusted relay node is a base station which can perform classical communication and quantum communication with peripheral users, namely Alice or Bob, and the base station comprises classical network communication equipment and quantum communication equipment, can perform key distribution, key sharing and key management with users, and can perform classical network communication with a KMS (KMS). The processing of computer networks, which has a great influence on the interconnection quality of the networks, is mainly determined by routers in terms of technical processing. In terms of routing technology, there are two basic activities, one is how to select the optimal path, and the other is how to transmit the data packet.
The processing of computer networks, which has a great influence on the interconnection quality of the networks, is mainly determined by routers in terms of technical processing. In terms of routing technology, there are two basic activities, one is how to select the optimal path, and the other is how to transmit the data packet.
In computer networks, a routing table or routing domain information base (RIB) is a spreadsheet (file) or class database stored in a router or networked computer. The routing table stores the path (and in some cases, the route metric value of the path) that points to a particular network address. The routing table contains topology information of the network periphery. The main goal of routing table establishment is to implement routing protocols and static routing.
Routing refers to the network-wide process of determining an end-to-end path as a packet travels from a source to a destination. And the routing is a data packet forwarding device working at the third layer of the OSI reference model, namely the network layer. Routers implement network interconnections by forwarding packets. The router determines an output port and a next address according to the network layer address in the received data packet and a routing table maintained in the router, and rewrites a link layer data packet header to realize forwarding of the data packet. Routers reflect the current network topology by dynamically maintaining routing tables, which are maintained by other routers on the network exchanging routing and link information. Routing refers to the process in which a router receives a data packet from one interface, directs the data packet according to the destination address of the data packet, and forwards the data packet to another interface.
Routing involves determining the best path and transmitting the information through the network.
The optimal path is determined, so that time and network resources can be saved, and information transmission is smoother.
The routing table has a static routing table and a dynamic routing table.
The fixed routing table preset by the system administrator is called as a static routing table, and is generally preset according to the configuration condition of the network when the system is installed, and cannot be changed along with the change of the network structure in the future.
The dynamic routing table is a routing table automatically adjusted by the router according to the operation condition of the network system.
The classical network routing node is generally a router or a switch, only forwards data but does not process the data, and information between users is routed through the router.
In the prior art:
KM is a credible relay node, stores and manages keys, collects state information, and carries out classical network communication with KMS;
2, A, B, C, D, E, F and G are classical network communication, and are used for transmitting the information collected by the KM and transmitting instructions;
a1, A2, A3, A4, A5 and A6 are quantum communication link layers;
QKD1, QKD01, QKD2, QKD02, QKD3, QKD03, QKD4, QKD04, QKD5, QKD05, QKD6, QKD06, generating the key.
RR is classical router, QR quantum encryption router, and information of QKD equipment is transmitted to classical router through quantum encryption router.
The routing table is established by a routing server, the routing server periodically collects network topology information reported by each KM node, determines whether the network topology information of the node is reserved according to the relationship between the key amount of each KM node and the minimum key amount (the minimum key amount required by one-time communication), and then the routing server connects all the reserved network topology information to form the routing table.
Disclosure of Invention
In order to solve the technical problem, a key management dynamic routing generation framework and a method of a quantum secure communication network are provided, wherein the information interaction between KM and KM is reduced, the transmission rate of a key is accelerated, and the cost of network layout equipment is saved.
In order to achieve the purpose, the utility model adopts the following technical scheme:
a key management dynamic route generation network architecture comprises Alice, bob, KM, KMS and QKD;
the Alice is a sender user and the Bob is a receiver user;
the KMS is an information routing server;
KM is a credible relay node and is used for storing and managing secret key information of Alice and QKD and collecting state information of Alice and QKD;
the Alice, the KM and the Bob are respectively communicated with the KMS through a classical network and report information, and after receiving the reported information, the KMS establishes a network topology relation and generates a dynamic routing table;
wherein, a plurality of KM are arranged, and are KM1, KM2, KM3, 8230, KMn and KMn +1;
the KM1, KM2, KM3 \8230 \ 8230;, KMn and KMn +1 are sequentially connected through a classical network;
the Alice, bob and KM are all provided with one or more QKD (quantum channels), the Alice, bob and KM communicate with each other through a classical network, and the QKD in communication with each other communicates through quantum channels;
any two mutually communicated Alice, bob and KM have one party generating the quantum key K and the other party receiving the quantum key K to form the key sharing between the two parties.
Preferably, the Alice side is provided with an information source module and a modulation module, the information source module generates plaintext key information M, and the modulation is used for modulating the key information M and a quantum key K generated by a QKD corresponding to the key information M and performing exclusive or operation to obtain the quantum key information M × K.
Preferably, the Bob end is provided with a demodulation module and a detection module, the demodulation module performs a decryption operation on the received key information M ≧ K by using the shared quantum key K, and waits until the plaintext key M ' arrives, and the detection module receives the plaintext key M ' to detect whether the plaintext key M ' is consistent with the key information M or not.
The utility model discloses profitable technological effect: the utility model discloses a secret communication network's of quantum key management developments route generates network architecture based on quantum, this network architecture collects the change of quantum key volume between KM node or the adjacent connection relation of user and the KM node according to the secret communication network KMS of quantum, form single node and adjacent connection KM or user's network topology information, KMS couples together the network topology information of all nodes and forms the topology information of whole network, generate the routing table, accelerate the transmission rate of information on the network.
Drawings
FIG. 1 is a quantum communication system model;
FIG. 2 is a secure communication system model;
FIG. 3 is a general structure of quantum secure communications;
fig. 4 is a block diagram of the architecture implemented by the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments, but the scope of the present invention is not limited to the following specific embodiments.
Fig. 1 is a model of a quantum communication system, the source being the physical carrier used to generate the quantum states. The channel of quantum communication is composed of two parts, quantum channel and classical channel. The modulation and demodulation of the quantum state mainly comprises polarization state modulation and detection, phase modulation and detection and light intensity modulation. Quantum channels are used for the transmission of quantum states, and carriers of quantum states are generally particles such as molecules, atoms, photons and the like. The classical channel is used for data exchange, synchronization and other operations between two communication parties, and the internet, the local area network or the point-to-point direct connection data communication link can be used as the classical channel. Quantum communication mostly adopts single photons or entangled photon pairs as physical carriers of information, and the intensity of the carriers is single photon magnitude.
Fig. 2 is a secure communication system model. The secret communication process mainly relates to a sender, a receiver and an eavesdropper; the sender is Alice, the receiver is Bob, the eavesdropper is Eve, the information sent by the sender is plaintext M, the key source generates a key, the key is used for encrypting the key to become ciphertext C, the ciphertext C is transmitted, the receiver acquires the encryption key through the private channel, the received ciphertext is decrypted, the plaintext is sent to the receiver, and the communication process is completed.
Fig. 3 is a general structure of quantum secure communication. The sender is Alice, the receiver is Bob, the QKD generates a secret key, the secret key is provided for Alice to encrypt communication information and is transmitted to Bob through a classical network, the secret key synchronization is realized through the QKD network sender and the receiver, bob decrypts the information by using the same secret key, and the information is encrypted and decrypted by using one set of secret key at one time of communication, so that safe and reliable communication is realized.
As shown in fig. 4, a key management dynamic routing generation network architecture includes Alice, bob, KM, KMs, and QKD;
the Alice is a sender user and the Bob is a receiver user;
the KMS is an information routing server;
KM is a credible relay node and is used for storing and managing secret key information of Alice and QKD and collecting state information of Alice and QKD;
the Alice, the KM and the Bob are respectively communicated with the KMS through a classical network and report information, and after the KMS receives the reported information, a network topology relation is established to generate a dynamic routing table;
wherein, a plurality of KM are respectively KM1, KM2, KM3 \8230, KMn and KMn +1;
the KM1, KM2, KM3 \8230 \ 8230;, KMn and KMn +1 are sequentially connected through a classical network;
the Alice, bob and KM are all provided with one or more QKD (quantum channels), the Alice, bob and KM communicate with each other through a classical network, and the QKD in communication with each other communicates through quantum channels;
any two mutually communicated Alice, bob and KM have one party generating the quantum key K and the other party receiving the quantum key K to form the key sharing between the two parties.
Specifically, the Alice end and the Bob end are both provided with an information source module and a modulation module, the information source module generates plaintext key information M, and the modulation is used for modulating the key information M and a quantum key K generated by a QKD corresponding to the key information M and performing exclusive or operation to obtain new key information M ≧ K.
Preferably, the Alice end and the Bob end are further provided with a demodulation module and a detection module, the demodulation module performs decryption operation on the received key information by using the shared quantum key K until the received key information reaches the plaintext key M ', and the detection module receives the plaintext key M ' to detect and compare whether the plaintext key M ' is consistent with the key information M. The modulation and demodulation of the modulation module and the demodulation module mainly comprises polarization state modulation and detection, phase modulation and detection and light intensity modulation and detection.
The Alice end and the Bob end can be used as a sending end and a receiving end.
The above devices form a framework of key management dynamic routing, and the steps of the method for generating the key management dynamic routing by using the framework are as follows:
step 1-1: the KMS sets a minimum key amount Kmin, wherein the Kmin is the minimum key amount required by two KMs and one-time communication between a user and the KM, and the user is Alice or Bob;
step 1-2: creating a thread X1 for processing a KM node or a user request connection function to generate single KM node network topology information;
step 1-3: creating a thread X2 to monitor all KM nodes or users;
step 1-4: and the KMS performs sequencing connection on the network topology information of all KM nodes to generate a routing table.
Preferably, after generating the routing table, a KMS collects information sent by a KM node as follows:
step 2-1: the KMS sets a minimum key amount Kmin;
step 2-2: the KM sends a connection request to the KMS, and the KMS agrees to connect and establishes a session;
step 2-3: the KM sends a local ID to the KMS, and the KMS binds the received ID with the established session;
step 2-4: the KM sends ID information of the adjacent link KM to the KMS;
step 2-5: the KMS receives ID information of an adjacent KM, and the ID information of the adjacent KM is bound with the established session;
step 2-6: KM sends the existing key amount K1 to KMS.
The above steps can also replace KM with Alice or Bob at the user end.
Preferably, the step of the KMS creation thread X1 processing the KM node request connection is as follows:
step 3-1: the KMS waits for receiving a KM node connection request and establishes a session according to the request;
step 3-2: the KMS judges whether the system has an exception or not, exits the thread if the system has the exception, and continues to execute the step 3-1 if the system does not have the exception.
Preferably, the KMS creation thread X2 is also included to monitor all KM nodes or user flows as follows:
step 4-1: the KMS receives a local ID of a KM node, and binds the session established in the step 3-1 with the ID of KM;
step 4-2: the KMS receives all IDs of KM nodes adjacent to a KM link KM, and step 3-1 establishes all ID bindings between a session and the KM adjacent to the KM link KM;
step 4-3: the KMS collects the existing secret key amount K reported by the KM and judges whether the K is more than or equal to Kmin;
if the KM node is larger than or equal to Kmin, the KMS adds network topology information of one node according to the information collected from one KM node;
otherwise, the node does not establish the network topology information and cancels the previously established network topology information;
step 4-4: the KMS judges whether the system has an exception or not, exits the thread if the system has the exception, and jumps to the step 4-1 if the system does not have the exception.
The above steps can also replace KM with Alice or Bob at the user end.
Variations and modifications to the above-described embodiments may occur to those skilled in the art, in light of the above teachings and teachings. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and some modifications and changes to the present invention should fall within the protection scope of the claims of the present invention. In addition, although specific terms are used in the specification, the terms are used for convenience of description and do not limit the utility model in any way.

Claims (3)

1. A key management dynamic routing generation network architecture for quantum communication is characterized by comprising Alice, bob, KM, KMS and QKD;
the Alice is a sender user and the Bob is a receiver user;
the KMS is an information routing server;
KM is a trusted relay node and is used for storing and managing secret key information of Alice and QKD and collecting Alice and QKD state information;
the Alice, the KM and the Bob are respectively communicated with the KMS through a classical network and report information, and after receiving the reported information, the KMS establishes a network topology relation and generates a dynamic routing table;
the KM network comprises a plurality of KMs, a plurality of KM terminals and a plurality of KM terminals, wherein the plurality of KMs are sequentially connected through a classical network;
the Alice, bob and KM are all provided with one or more QKD, and the Alice, bob and KM communicate with each other through a classical network, and the mutually communicated QKD communicates with each other through a quantum channel.
2. The quantum communication key management dynamic routing generation network architecture of claim 1,
the Alice side is provided with an information source module and a modulation module, the information source module generates plaintext secret key information M, and the modulation is used for modulating the secret key information M and a quantum secret key K generated by a corresponding QKD (quantum key distribution) and carrying out XOR operation to obtain the quantum secret key information M ^ K.
3. The key management dynamic routing generation network architecture for quantum communication according to claim 1, wherein the Bob end is provided with a demodulation module and a detection module, the demodulation module decrypts the received quantum key information M by using the shared quantum key K to obtain a plaintext key M ', and the detection module receives the plaintext key M ' to detect and compare whether the plaintext key M ' is consistent with the key information M.
CN202123349381.9U 2020-12-31 2021-12-28 Secret key management dynamic route generation network architecture for quantum communication Active CN218336048U (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2020116430645 2020-12-31
CN202011643064 2020-12-31

Publications (1)

Publication Number Publication Date
CN218336048U true CN218336048U (en) 2023-01-17

Family

ID=81103125

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202123349381.9U Active CN218336048U (en) 2020-12-31 2021-12-28 Secret key management dynamic route generation network architecture for quantum communication
CN202111630087.7A Active CN114362938B (en) 2020-12-31 2021-12-28 Quantum communication key management dynamic route generation network architecture and method

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202111630087.7A Active CN114362938B (en) 2020-12-31 2021-12-28 Quantum communication key management dynamic route generation network architecture and method

Country Status (1)

Country Link
CN (2) CN218336048U (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116192281B (en) * 2023-04-26 2024-02-23 军事科学院系统工程研究院网络信息研究所 Quantum communication-based network topology control method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0917060D0 (en) * 2009-09-29 2009-11-11 Qinetiq Ltd Methods and apparatus for use in quantum key distribution
CN103001875B (en) * 2013-01-07 2015-03-11 山东量子科学技术研究院有限公司 Quantum cryptography network dynamic routing method
CN109995510B (en) * 2017-12-29 2022-07-15 成都零光量子科技有限公司 Quantum key relay service method
CN108111305B (en) * 2017-12-29 2023-02-28 广东国腾量子科技有限公司 Multi-type quantum terminal compatible converged network access system and method

Also Published As

Publication number Publication date
CN114362938A (en) 2022-04-15
CN114362938B (en) 2024-01-30

Similar Documents

Publication Publication Date Title
CN110581763B (en) Quantum key service block chain network system
CN109995513B (en) Low-delay quantum key mobile service method
CN106330434B (en) First quantum node, second quantum node, secure communication architecture system and method
US8340298B2 (en) Key management and user authentication for quantum cryptography networks
US8964989B2 (en) Method for adding nodes to a quantum key distribution system
Sasaki Quantum key distribution and its applications
TW201633742A (en) Quantum key distribution system, method and apparatus based on trusted relay
CN108540436B (en) Communication system and communication method for realizing information encryption and decryption transmission based on quantum network
CN208986966U (en) A kind of ciphering terminal and corresponding data transmission system
CN108847928B (en) Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card
CN107147492A (en) A kind of cipher key service System and method for communicated based on multiple terminals
CN102088352B (en) Data encryption transmission method and system for message-oriented middleware
CN113489586B (en) VPN network system compatible with quantum key negotiation
CN110401530A (en) A kind of safety communicating method of gas meter, flow meter, system, equipment and storage medium
Mehic et al. Quantum cryptography in 5g networks: A comprehensive overview
CN218336048U (en) Secret key management dynamic route generation network architecture for quantum communication
Cao et al. Experimental demonstration of end-to-end key on demand service provisioning over quantum key distribution networks with software defined networking
Li et al. Information-theoretic secure key sharing for wide-area mobile applications
CN111953487B (en) Key management system
Takahashi et al. A high-speed key management method for quantum key distribution network
Zou et al. Collaborative routing in partially-trusted relay based quantum key distribution optical networks
CN114362939B (en) Dynamic route forwarding method, storage device and intelligent terminal based on trusted relay quantum secret communication network
Wang et al. A segment-based multipath distribution method in partially-trusted relay quantum networks
CN112235318B (en) Metropolitan area network system for realizing quantum security encryption
Brauer et al. Linking QKD testbeds across Europe

Legal Events

Date Code Title Description
GR01 Patent grant
GR01 Patent grant