CN218336049U - Network architecture based on quantum secret communication - Google Patents
Network architecture based on quantum secret communication Download PDFInfo
- Publication number
- CN218336049U CN218336049U CN202123349406.5U CN202123349406U CN218336049U CN 218336049 U CN218336049 U CN 218336049U CN 202123349406 U CN202123349406 U CN 202123349406U CN 218336049 U CN218336049 U CN 218336049U
- Authority
- CN
- China
- Prior art keywords
- key
- relay
- quantum
- kms
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The utility model relates to a network architecture based on quantum secret communication, including sending end ALICE, receiving end Bob, key management server KMS and a plurality of relay node KM, a plurality of relay node KM pass through classic network connection with KMS respectively, KMS is used for issuing the generation instruction and the route topology information of key for relay node KM; the sending terminal ALICE is used for generating quantum keys, sequentially relaying the generated quantum keys through the relay nodes KM, and finally receiving the quantum keys by the receiving terminal Bob; the KMS is used for respectively transmitting the relay routing table information to each intermediate node KM and realizing the operation of reading the key in parallel in each intermediate node KM; the relay node KM comprises a main control module, a key storage module, a thread pool, a key buffering queue and an analysis processing module, wherein the key storage module, the thread pool, the key buffering queue and the analysis processing module are respectively connected with the main control module. Adopt the utility model discloses a network frame has improved the efficiency that secret key was relayed among the secret communication network of quantum greatly.
Description
Technical Field
The utility model relates to a secret communication field of quantum, concretely relates to network architecture based on secret communication of quantum.
Background
Quantum communication is a novel communication mode for information transmission by using quantum superposition states and entanglement effects, is a novel interdiscipline developed in the last two decades, and belongs to the novel research field of combination of quantum theory and information theory. Due to the high importance of the government of China, the subject of quantum communication is gradually realized from theory in recent years and develops towards engineering. Because it utilizes physical characteristics, the absolute safety of data transmission can be achieved theoretically, and the method is highly concerned by people.
The quantum secret communication network mainly comprises a QKD terminal device, a key management terminal device and a key management server and is used for generating and distributing keys. Due to the limitation of channel deployment cost and quantum communication distance, quantum channel construction based on any node in a network cannot be realized, and in order to realize that any node can realize transmission and sharing of a secret key, a secret key relay mode is mainly adopted to realize secret key distribution. The key principle of the method is that symmetric quantum keys generated by sharing QKD between adjacent nodes are utilized, and encryption and decryption operations are carried out on the keys needing to be relayed by utilizing the symmetric quantum keys, so that the relay keys are transmitted among a plurality of relay nodes one by one and finally reach a target terminal user, and meanwhile, the communication between the nodes at any distance is also met.
The key relay mode is firstly proposed by Elliott of BBN, and the basic idea is to encrypt and decrypt a relay key by using a quantum key shared between adjacent nodes, so as to realize encryption and relay of the relay key among one or more relay nodes, and finally reach a target user.
In the key relay process, each passing node needs to perform key reading operation, and how unreasonable key reading affects the key relay efficiency, so that a method for parallel key reading based on a quantum secret communication network architecture is provided for time consumption caused by frequent key reading operation in the key relay process.
Based on quantum secure communication network architecture, the key reading operation mainly occurs in the key relay process.
When the key is relayed and transmitted, the key reading operation is required to be executed when the relay key reaches one node (the user end node, the access network node and the backbone network node) KM, and obviously, the operation is a completely serial process, so that the time is extremely wasted, and the key relaying efficiency is reduced.
In a single node KM, each time, a corresponding key amount is read according to the need of a relay key, if key relay is continuously performed, KM frequently switches CPU resources to perform database operations (opening a database, reading content operations, circularly parsing content, closing a database), which seriously affects the performance of KM in each node.
Therefore, further improvement of the prior art is needed to improve the effect of key relay and improve the performance of KM.
Disclosure of Invention
In order to solve the technical problem, a quantum secret communication network relay node key storage method with high quantum relay efficiency and low cost is provided.
In order to achieve the purpose, the utility model adopts the following technical scheme: a network architecture based on quantum secure communication comprises a sending end ALICE, a receiving end Bob, a key management server KMS and a plurality of relay nodes KM, wherein the plurality of relay nodes KM are respectively connected with the KMS through a classical network, and the KMS is used for issuing a key generation instruction and routing topology information for the relay nodes KM;
the sending terminal ALICE is used for generating quantum keys, sequentially relaying the generated quantum keys through the relay nodes KM, and finally receiving the quantum keys by the receiving terminal Bob;
the KMs transmit keys through a classical network to realize key forwarding of the relay node;
the KMS is used for respectively transmitting the relay routing table information to each intermediate node KM and realizing the operation of reading the key in parallel in each intermediate node KM;
the relay node KM comprises a main control module, a key storage module, a thread pool, a key buffering queue and an analysis processing module, wherein the key storage module, the thread pool, the key buffering queue and the analysis processing module are respectively connected with the main control module;
after receiving quantum key information generated by a sending terminal ALIC, the relay node KM stores the quantum key information in the key storage module and judges the quantum key information through the main control module, and information larger than a second threshold value thre2 is grouped according to index numbers during key storage; and the grouped information is submitted to a thread pool, a plurality of threads of the thread pool perform key reading operation in parallel, key results returned by the threads of the thread pool are analyzed and processed by an analysis processing module, and the processed results are sorted according to the index number and are sequentially put into a buffer queue for buffering according to the sorting result.
Preferably, the value range of the second threshold thre2 is: 1M Byte < thre2 < 5M Byte.
The utility model discloses profitable technological effect:
the utility model discloses in single relay node KM, carry out grouping in advance to the key index that follow-up is waited to read, then submit grouping information to each thread in the thread pool respectively, carry out parallel processing macroscopically, will obtain the key information buffering of different groups; and respectively transmitting the relay routing table information to each intermediate node by using the KMS, and realizing the operation of reading the key in parallel in each intermediate node KM.
The two points are parallel key reading methods, and the key relay efficiency in the quantum secret communication network is greatly improved.
Drawings
Fig. 1 is a diagram of the quantum secure communication network architecture of the present invention.
Fig. 2 is a schematic block diagram of the quantum secure communication network of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments, but the scope of the present invention is not limited to the following specific embodiments.
As shown in fig. 1, a network architecture based on quantum secure communication includes a sending end ALICE, a receiving end Bob, a key management server KMS, and a plurality of relay nodes KM, where the plurality of relay nodes KM are connected to the KMS through a classical network respectively;
the KMS is used for issuing a key generation instruction and routing topology information for the relay node KM;
the sending terminal ALICE is used for generating the quantum key, sequentially relaying the generated quantum key through each relay node KM, and finally receiving the quantum key by the receiving terminal Bob;
carrying out encryption transmission of keys among the KMs through a classical network to realize key forwarding of the relay node;
the KMS is used for respectively transmitting the relay routing table information to each intermediate node KM and realizing the operation of reading the key in parallel in each intermediate node KM;
the relay node KM comprises a main control module, a key storage module, a thread pool, a key buffering queue and an analysis processing module, wherein the key storage module, the thread pool, the key buffering queue and the analysis processing module are respectively connected with the main control module;
after receiving quantum key information generated by a sending terminal ALICE, the relay node KM stores the quantum key information in the key storage module and judges the quantum key information through the main control module, and groups information which is greater than a second threshold value thre2 (1M < thre2 < 5M, the optimal value 3M, unit: byte) according to an index number during key storage, wherein the index number is pre-stored in the key storage module; and the grouped information is submitted to a thread pool, a plurality of threads of the thread pool perform key reading operation in parallel, key results returned by the threads of the thread pool are analyzed and processed by an analysis processing module, and the processed results are sorted according to the index number and are sequentially put into a buffer queue for buffering according to the sorting result.
Use the utility model discloses a network framework carries out the method that parallels the key reading as follows:
firstly, the key information is processed in parallel in KM, and the steps are as follows:
step S1-1: the method comprises the steps that a main control module reads a key value of a current key buffer queue in key management, wherein the current buffer queue is key information K of an unused part in a memory read from a database;
step S1-2: KM judges whether the current buffering key value is smaller than a first threshold value thre1 (representing the threshold value, 100K < thre1 < 1M, the optimal value is 500K, unit: byte), wherein the first threshold value thre1 represents the maximum value of the buffering queue, and thre1 is modified and set through a configuration file or client software;
step S1-3: if the time is not less than thre1, sleeping for a moment T1 (1 < T1 <5, the optimal value is 3, the unit is second), and jumping to the step S1-1 after the key of the queue to be buffered is used by key relay and other operations;
step S1-4: if the key quantity is less than thre1, the KM acquires the key quantity K1 stored in the local storage module;
step S1-5: the KM judges whether the stored key amount is larger than a second threshold value thre2 (representing a threshold value, 1M < thre2 < 5M, and an optimal value 3M, unit: byte) according to the key amount K1 obtained in the step S1-4, wherein thre2 represents the key amount read in parallel at one time, and modification setting is carried out through a configuration file or client software;
step S1-6: if not, the sleep time is T2 (1 < T2 <5, the optimal value is 3, the unit is second), and then the step 4 is skipped;
step S1-7: if the key quantity is larger than thre2, grouping the key quantity K1 to be read, and grouping according to the index numbers during key storage, wherein every ten index numbers are used as one group and are divided into ten groups;
step S1-8: submitting the grouping information to a plurality of threads of a thread pool in sequence;
step S1-9: a plurality of threads of the thread pool perform key reading operation in parallel, and the plurality of threads perform parallel reading corresponding to different groups;
step S1-10: and analyzing the key results returned by the threads of the thread pool to obtain a key result K2 (representing a set) by a key-value pair mapping mode (keys represent index numbers and represent corresponding keys), wherein the analysis is to obtain the key result by the key-value pair mapping mode (keys represent index numbers and represent corresponding keys).
Step S1-11: sorting the read key result K2 according to the index number of the key quantity to be read, and sorting according to the index number stored by the storage module;
step S1-12: sequentially putting the sequencing results into a buffer queue, wherein the buffer operation aims to read the disk data into the memory and improve the encryption and decryption speed of the secret key;
step S1-13: checking whether KM is abnormal or whether the system needs to exit;
step S1-14: if yes, the method ends the processing flow;
step S1-15: if not, jumping to the step 1 again and restarting the execution.
Under the centralized control of the KMS, the method for reading parallel keys of KM in a plurality of nodes is as follows:
step A: the method comprises the steps that Alice sends instruction information to a KMS, wherein the instruction information comprises a key transmission starting point and a key transmission destination;
and B, step B: after receiving the information, the KMS calculates routing information and generates a routing table;
and C: the KMS sends a key reading command to all relay nodes KM needing to pass through in parallel;
step D: after receiving the instruction issued by the KMS, each relay node KM reads the parallel keys in the plurality of relay nodes KM according to the operation modes from S1-1 to S1-15;
step E: in the key relay process, the relay node KM directly obtains a key through a buffer queue of each node KM, and performs exclusive OR operation on the key;
step F: under the centralized control of the KMS, the relay nodes KM passed by the key relay perform parallel key reading.
The utility model discloses profitable technological effect:
in a single node KM, firstly grouping keys to be read in advance according to index numbers; then, the grouping information is respectively submitted to a plurality of threads of the thread pool for key reading (macroscopically parallel), and finally, the read key is cached;
by using the KMS, in the key relay process, the KMS generates a routing table, then sends the routing table information to each relay node, and finally realizes that each relay node reads the key in parallel.
The two points are parallel secret key reading methods, and the method improves the secret key relay efficiency in the quantum secret communication network.
Variations and modifications to the above-described embodiments may occur to those skilled in the art, in light of the above teachings and teachings. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and modifications and changes to the present invention should fall within the protection scope of the claims of the present invention. In addition, although specific terms are used in the specification, the terms are used for convenience of description and do not limit the utility model in any way.
Claims (1)
1. A network architecture based on quantum secure communications, characterized by: the system comprises a sending end ALICE, a receiving end Bob, a key management server KMS and a plurality of relay nodes KM, wherein the plurality of relay nodes KM are respectively connected with the KMS through a classical network, and the KMS is used for issuing a key generation instruction and routing topology information for the relay nodes KM;
the sending terminal ALICE is used for generating the quantum key, sequentially relaying the generated quantum key through each relay node KM, and finally receiving the quantum key by the receiving terminal Bob;
the relay nodes KM transmit keys through a classical network to realize the key forwarding of the relay nodes;
the KMS is used for respectively transmitting the relay routing table information to each intermediate node KM and realizing the operation of reading the key in parallel in each intermediate node KM;
the relay node KM comprises a main control module, a key storage module, a thread pool, a key buffering queue and an analysis processing module, wherein the key storage module, the thread pool, the key buffering queue and the analysis processing module are respectively connected with the main control module.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011643088 | 2020-12-30 | ||
| CN2020116430880 | 2020-12-30 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN218336049U true CN218336049U (en) | 2023-01-17 |
Family
ID=81105963
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202123349406.5U Active CN218336049U (en) | 2020-12-30 | 2021-12-28 | Network architecture based on quantum secret communication |
| CN202111681325.7A Active CN114362942B (en) | 2020-12-30 | 2021-12-28 | Network system based on quantum secret communication and parallel key reading method thereof |
Family Applications After (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111681325.7A Active CN114362942B (en) | 2020-12-30 | 2021-12-28 | Network system based on quantum secret communication and parallel key reading method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (2) | CN218336049U (en) |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080273706A1 (en) * | 2007-05-04 | 2008-11-06 | Neoscale Systems | System and Method for Controlled Access Key Management |
| CN104579964B (en) * | 2013-01-07 | 2017-10-13 | 山东量子科学技术研究院有限公司 | A kind of quantum cryptography networks dynamic routing architecture system |
| CN107086908B (en) * | 2016-02-15 | 2021-07-06 | 阿里巴巴集团控股有限公司 | Quantum key distribution method and device |
| CN109995515B (en) * | 2017-12-29 | 2020-08-11 | 成都零光量子科技有限公司 | Quantum key relay method |
| US11469888B2 (en) * | 2019-05-03 | 2022-10-11 | Quantumxchange, Inc. | Tamper detection in a quantum communications system |
-
2021
- 2021-12-28 CN CN202123349406.5U patent/CN218336049U/en active Active
- 2021-12-28 CN CN202111681325.7A patent/CN114362942B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114362942A (en) | 2022-04-15 |
| CN114362942B (en) | 2022-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7200226B2 (en) | Cipher block chaining decryption | |
| CN104579646B (en) | Method, device and circuit that the limited monotonic transformation of clobber book and encryption and decryption thereof are applied | |
| CN104486316B (en) | A kind of quantum key graduation offer method for improving electric power data transmission security | |
| CN103365625B (en) | The method and system that random value is produced | |
| Asfia et al. | Energy trading of electric vehicles using blockchain and smart contracts | |
| CN208986966U (en) | A kind of ciphering terminal and corresponding data transmission system | |
| CN113938532A (en) | Multi-protocol fusion networking method and gateway structure for power system | |
| CN112307501B (en) | Big data system based on block chain technology, storage method and using method | |
| CN112039673A (en) | Power distribution Internet of things routing inspection data dynamic encryption method and device based on Feistel structure | |
| CN102045159A (en) | Decryption processing method and device thereof | |
| CN108809642A (en) | A kind of encryption certification high-speed transfer implementation method of multi-channel data 10,000,000,000 based on FPGA | |
| Wu et al. | Encryption of accounting data using DES algorithm in computing environment | |
| JP2013128175A (en) | System for verifying whether character string is accepted by automaton or not | |
| CN218336049U (en) | Network architecture based on quantum secret communication | |
| CN101408756A (en) | Remote monitoring and anglicizing system and method of nuclear power steam turbine regulation system | |
| CN103346878A (en) | Secret communication method based on FPGA high-speed serial IO | |
| CN1455557A (en) | Changeable length/fixed length data conversion method and apparatus | |
| CN109150829B (en) | Software-defined cloud network trusted data distribution method, readable storage medium and terminal | |
| KR101129335B1 (en) | Data distribution storing and restoring methods and apparatuses | |
| CN106341256B (en) | V2G system based on software defined network and safety communication method thereof | |
| CN211293972U (en) | Encryption card | |
| CN101217564A (en) | A parallel communication system and the corresponding realization method of simple object access protocol | |
| CN104601634A (en) | Wechat based lottery system | |
| CN111277594A (en) | Power distribution master station test system and method suitable for network encryption authentication environment | |
| CN114362939B (en) | Dynamic route forwarding method, storage device and intelligent terminal based on trusted relay quantum secret communication network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |