WO2019128785A1 - Quantum key relay method - Google Patents

Quantum key relay method Download PDF

Info

Publication number
WO2019128785A1
WO2019128785A1 PCT/CN2018/121874 CN2018121874W WO2019128785A1 WO 2019128785 A1 WO2019128785 A1 WO 2019128785A1 CN 2018121874 W CN2018121874 W CN 2018121874W WO 2019128785 A1 WO2019128785 A1 WO 2019128785A1
Authority
WO
WIPO (PCT)
Prior art keywords
node
relay
quantum
key
service
Prior art date
Application number
PCT/CN2018/121874
Other languages
French (fr)
Chinese (zh)
Inventor
熊英
陈娟
Original Assignee
成都零光量子科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 成都零光量子科技有限公司 filed Critical 成都零光量子科技有限公司
Publication of WO2019128785A1 publication Critical patent/WO2019128785A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • H04L9/0855Quantum cryptography involving additional nodes, e.g. quantum relays, repeaters, intermediate nodes or remote nodes

Definitions

  • the present invention relates to the field of communication relay technologies in a quantum communication network, and in particular, to a quantum key relay method.
  • quantum communication network due to the lack of concurrent quantum communication relay technology, it is impossible to construct quantum channels between any nodes in the network and direct quantum key distribution (QKD).
  • QKD direct quantum key distribution
  • quantum key distribution is required by means of key relay between two nodes that cannot directly perform quantum key distribution.
  • the currently disclosed single-hop forwarding trusted relay scheme has obvious security diffusion problems and scale application bottlenecks, that is, all quantum nodes participating in trusted relay can obtain the relayed key, It facilitates the secure management of the key and the information it encrypts; the trusted relay mode adopting "single-hop forwarding" has a large delay and is inefficient; in the case of scale response, there is a bottleneck problem of concurrent collision of quantum links.
  • the scale quantum communication network networking overcoming the above shortcomings is very important for the security and communication efficiency of network applications.
  • the present invention discloses a method for quantum key relay, and the present invention solves the problem of security diffusion of a relay process by a novel quantum key processing method.
  • the method for improving the key relay efficiency by the concurrent response; the present invention provides a method for quantum key relay, which comprises the following steps: (1-1) any one of the quantum service nodes in the quantum key distribution network ( Referred to as a node or a relay node, if there is a point-to-point quantum channel connection between two nodes and quantum key distribution is possible, it is called a neighboring node; the quantum key can be cached in advance between adjacent nodes or Real-time negotiation of a quantum key) pre-caches a certain amount of quantum keys with any other quantum service node connected to a point-to-point quantum channel or negotiates a certain amount of quantum keys in real time; the quantum service node pairs
  • the quantum key is grouped and randomized for each packet, the packets passed the randomness test are cached, and
  • the quantum network management server receives the request to relay a key R from the source node to the target node, and the quantum network management server according to the stored relay routing table and the current state indicator of the associated quantum service node Obtaining the number of relay nodes that are relayed from the source node to the target node, the address of each relay node, and the current state indicator, and determining that the one-way concurrent relay is used according to the number of the relay nodes and the current state indicator a method or a bidirectional concurrent relay method for relaying a key R from a source node to a target node;
  • the source node and the target node perform integrity check on the relay key R, and if it fails to pass the check, re-relay; after passing the integrity check, complete the key relay The process; the nodes participating in the relay service respectively delete the used relay quantum key.
  • the quantum network management server causes the node Ci to calculate an exclusive OR operation between the two shared quantum keys between the two adjacent nodes (denoted as Value, ie node Ci calculation And respectively send the calculation result Ri and its corresponding node ID to the node B (where i is a natural number and 0 ⁇ i ⁇ n+1); if the node B does not receive the calculation result of some nodes within a limited time Then, the node B requests the corresponding node to resend the corresponding calculation result until the n exclusive OR operation results are received; the node B performs an exclusive OR operation on the n exclusive OR operation results together with K(n+1).
  • K1 is securely relayed from node A to node B, node B uses K1 as relay key R, or node A generates a key R and sends it to node B using K1 encryption, and node B uses K1 decryption to relay Key R.
  • the quantum network management server selects and specifies the optimal relay node that provides the relay service according to the current state indicator of all the relay nodes (here assumed that node Cx, x is a certain natural number greater than 1 and less than n) Relay key R, let node Ci calculate (i is a natural number, and 0 ⁇ i ⁇ x), let node Cx calculate And respectively, the calculation result Ri (i is a natural number, and 0 ⁇ i ⁇ x), Rx_1 and the ID of the corresponding node are sent to the node A together; if the node A does not receive the calculation result of some nodes within a limited time, Then, the node A requests the corresponding node to resend the corresponding calculation result until the x XOR operation calculation result is received; the node A performs the exclusive OR operation on the x XOR operation result together with K1, that is, the node A calculation (i is a natural number, and 0 ⁇ i ⁇ x) and gets R;
  • Node Cx Calculate Let node Ci calculate (i is a natural number and x ⁇ i ⁇ n+1), and respectively send the calculation results Rx_2, Ri (i is a natural number and x ⁇ i ⁇ n+1) and the ID of the corresponding node to the node B; if it is limited The Node B does not receive the calculation result of some nodes in the time, and the Node B requests the corresponding node to resend the corresponding calculation result until the (n-x+1) XOR operation calculation result is received; The (n-x+1) XOR operation result is XORed with K(n+1), that is, Node B calculation (i is a natural number and x ⁇ i ⁇ n + 1) and obtains a relay key R;
  • the content included in the foregoing key identifier includes, but is not limited to, a current node ID, a neighbor node ID, a key number, and a key data length.
  • the method for obtaining, by the quantum network management server, the address of the relay node participating in the relay service is: the quantum network management server queries the stored relay according to the address of the source node and the target node of the relay service.
  • the routing table obtains the address of each relay quantum service node between the source node and the target node of the relay service.
  • the foregoing relay routing table includes, but is not limited to:
  • Each quantum service node of the quantum key distribution network stores its own relay routing table
  • an indicator reflecting a heavy state of a relay task currently burdened by the quantum service node the indicator being a quantized indicator, including but not limited to a nominal quantum key distribution rate of the quantum service node How many relay tasks are currently participating and the quantum key consumption rate of each relay task;
  • (7-2) reflecting an indicator of the current position state of the quantum service node in the quantum key distribution network, wherein the indicator is a quantitative indicator, including but not limited to: the quantum service node and other There are effective quantum channels between the quantum service nodes and the ability to perform quantum key negotiation and hop counts between the quantum service nodes and other quantum service nodes.
  • the quantum service node includes, but is not limited to, a quantum key relay server formed based on a single quantum key distribution terminal and a quantum key relay server formed based on a plurality of quantum key distribution terminals, wherein the quantum key distribution The terminal includes a transceiver unit of a quantum key distribution system and a transmitting end or a receiving end of the quantum key distribution system; wherein the quantum key relay server includes but is not limited to a protocol interaction module and a data encryption and decryption module, wherein the protocol The interaction module is configured to respond to the service instruction of the quantum network management server, receive relay key data sent by other nodes, or send related relay key data to other nodes according to the service instruction, and interact with the corresponding node.
  • a data encryption/decryption module is configured to receive encrypted relay key data sent by other relay nodes, and decrypt the same using the corresponding quantum key, or encrypt the relay key sent to other relay nodes. data.
  • the method for the XOR concurrent relay method and the bidirectional concurrent relay method in which the relay node transmits the XOR operation value of the two shared quantum keys between the relay node and the adjacent relay node includes direct transmission and encryption.
  • AES data encryption standard algorithm
  • the quantum network management server sends an instruction to the relay node participating in the relay service, so that the relay node uploads each current state indicator to the quantum network management server;
  • the quantum network management server collects the current state indicator of the relay node, and accordingly determines the trusted relay node that provides the relay service optimally in the current communication.
  • the above quantum network management server is used for management and management of the quantum key distribution network.
  • the invention has the following innovations:
  • Embodiment 3 is a schematic diagram of the principle of Embodiment 1 of the bidirectional concurrent relay method 2 of the method of the present invention
  • FIG. 4 is a schematic diagram showing the principle of confirming a key identifier of a used quantum key and using a quantum key identified by the same key between adjacent nodes according to an embodiment of the present invention
  • Embodiment 2 is a schematic diagram of the principle of Embodiment 2 of the bidirectional concurrent relay method 1 of the method of the present invention
  • FIG. 6 is a schematic diagram of the principle of Embodiment 2 of the bidirectional concurrent relay method 2 of the method of the present invention.
  • the communication channel involved in the solution of the present invention includes: a quantum density between adjacent quantum service nodes (or quantum relay nodes, or nodes, which are used as quantum relay nodes when the equivalent sub-service nodes are used for relay nodes)
  • the key distribution process requires the use of a quantum channel, and other communication processes use traditional network communication channels, including wired and wireless channels.
  • the principle of the unidirectional concurrent relay method embodiment shown in FIG. 1 and the identification symbols in FIG. 1 are the same as the corresponding descriptions in the above-mentioned "[0006] further, the method further includes a unidirectional concurrent relay method", No longer introduced.
  • the principle of the embodiment of the bidirectional concurrent relay method shown in FIG. 2 and the identification symbols in FIG. 2 are the same as the corresponding descriptions in the above-mentioned "(3-1) bidirectional concurrent relay method one in the paragraph [0007], No longer introduced.
  • the principle of the two-way concurrent relay method shown in FIG. 3 and the identifiers in FIG. 3 are the same as the above (3-2) bidirectional concurrent relay method (shown in FIG. 3) in the paragraph [0007].
  • the corresponding descriptions in the same are the same and will not be introduced here.
  • FIG. 4 is a method embodiment of a method for confirming a key identifier of a used quantum key between adjacent nodes and using a quantum key identified by the same key, wherein the node C(i-1) is a node Ci sends the key identifier of one of the shared keys Ki between the selected two of them (process 1 in FIG. 4), and the node Ci sends a confirmation of the selection Ki to the node C(i-1) Information (Process 3 in Figure 4); Ci sends a key identification of a shared key K(i+1) in the shared key between the two selected by C(i+1) (Fig. Process 2) in 4, node C(i+1) sends confirmation information for selecting K(i+1) to node Ci (process 4 in Fig.
  • node Ci calculates (in the one-way concurrent relay method), and send Ri to the target node through the conventional network communication channel (process 5 in Fig. 4).
  • a similar processing method is used to confirm the shared key selected between adjacent nodes.
  • FIG. 5 is a schematic diagram of Embodiment 2 of a bidirectional concurrent relay method according to the method of the present invention, including three relay nodes C1, C2, and C3, and C1 calculation C2 produces R and calculates C1 and C2 send R1 and R2_1 to A, respectively.
  • C2 calculation C3 calculation C2 and C3 send R2_2 and R3 to B, B respectively That is, it is achieved that the key R is relayed from A to B.
  • Embodiment 2 is a schematic diagram of Embodiment 2 of a bidirectional concurrent relay method 2 of the present invention, including three relay nodes C1, C2, and C3, and C1 calculation C1 sends R1 to A, A calculates
  • the data encryption standard algorithm may also be used to encrypt the data sent to the target node, for example, the node C2 uses the prior and the target.
  • the work key encryption shared by the Node B (using the data encryption standard algorithm AES) R2 obtains the ciphertext R2_C and sends R2_C to B; B decrypts R2_C with the same work key and obtains R2.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed by the present invention is a quantum key relay method, which mainly solves the problems of security diffusion, concurrency conflict, low efficiency and large delay of a quantum key trusted relay process in a quantum communication network; The steps of the method of the invention comprise: pre-caching quantum keys or negotiating quantum keys in real time between adjacent quantum nodes, carrying out grouping tests, and creating key identifiers; and a quantum network management server selecting a one-way concurrent relay method or a bidirectional concurrent relay method according to a relay routing table and a current state index of related quantum nodes, and securely relaying a key from a source node to a target node. The present invention may reduce the credibility requirements for a relay node, improve the efficiency of key relaying by means of a concurrent response and an optimal relay mode, and reduce the relay delay; the method and system of the present invention may be widely applied in quantum communication networks of various topological structures and have a good application prospects.

Description

一种量子密钥中继方法A quantum key relay method 技术领域Technical field
本发明涉及量子通信网络中的通信中继技术领域,尤其涉及一种量子密钥中继方法。The present invention relates to the field of communication relay technologies in a quantum communication network, and in particular, to a quantum key relay method.
背景技术Background technique
在量子通信网络中,由于还缺少并发不落地量子通信中继技术,无法实现网络内任意节点间量子信道的搭建以及直接的量子密钥分发(quantum key distribution,QKD)。为了实现网络内任意节点间的量子密钥共享,在无法直接进行量子密钥分发的两节点间,需要采用密钥中继的方式来实现量子密钥分发。In the quantum communication network, due to the lack of concurrent quantum communication relay technology, it is impossible to construct quantum channels between any nodes in the network and direct quantum key distribution (QKD). In order to realize quantum key sharing between any nodes in the network, quantum key distribution is required by means of key relay between two nodes that cannot directly perform quantum key distribution.
在已公开的量子密钥中继方案中,因为被中继的密钥在中继量子节点以明文的形式存在,任何参与量子密钥中继的节点都知道该中继密钥,因此安全性的前提是所有参与中继的量子节点必须是可信任的,这种中继量子节点被叫做可信中继量子节点。在一条量子密钥中继链路上,链路两端的节点分别被称为源节点和目标节点;链路中间的节点称为可信中继量子节点(或称可信中继节点)。在一条量子密钥中继链路上,包括两个终端量子节点和至少一个可信中继量子节点,各个量子节点都配置QKD设备;相邻节点间搭建有量子信道,能够直接进行量子密钥分发并共享量子密钥。可信中继量子节点是一种容易实现的技术,依靠可信中继量子节点,可以容易地扩展量子密钥分发网络的服务范围。基于可信中继的QKD网络能够很好的兼容各种QKD技术,无论是光纤量子密钥分发系统还是自由空间量子密钥分发系统,相位编码系统还是偏振编码系统都能方便的整合进去,因此是现阶段组建量子网络的首选方案。In the disclosed quantum key relay scheme, since the relayed key exists in the plaintext form at the relay quantum node, any node participating in the quantum key relay knows the relay key, so security The premise is that all quantum nodes participating in the relay must be trusted. This relay quantum node is called a trusted relay quantum node. On a quantum key relay link, the nodes at both ends of the link are respectively referred to as the source node and the target node; the nodes in the middle of the link are called trusted relay quantum nodes (or trusted relay nodes). On a quantum key relay link, including two terminal quantum nodes and at least one trusted relay quantum node, each quantum node is configured with a QKD device; a quantum channel is built between adjacent nodes, and the quantum key can be directly used. Distribute and share quantum keys. Trusted relay quantum nodes are an easy-to-implement technology that relies on trusted relay quantum nodes to easily extend the service range of quantum key distribution networks. The QKD network based on trusted relay can be well compatible with various QKD technologies. Whether it is a fiber quantum key distribution system or a free space quantum key distribution system, the phase encoding system or the polarization encoding system can be easily integrated. It is the preferred solution for building quantum networks at this stage.
但是,目前公开的单跳转发可信中继方案都存在明显的安全性扩散问题和规模应用瓶颈问题,即,所有参与可信中继的量子节点都可以获取所中继的密钥,不便于密钥及其所加密信息的安全管理;采用“单跳转发”的可信中继方式存在较大的延迟,效率低下;在规模响应情况下,存在量子链路并发冲突瓶颈问题。对于规模量子通信网络组网,克服上述缺点对网络应用的安全性和通信效率都非常重要。However, the currently disclosed single-hop forwarding trusted relay scheme has obvious security diffusion problems and scale application bottlenecks, that is, all quantum nodes participating in trusted relay can obtain the relayed key, It facilitates the secure management of the key and the information it encrypts; the trusted relay mode adopting "single-hop forwarding" has a large delay and is inefficient; in the case of scale response, there is a bottleneck problem of concurrent collision of quantum links. For the scale quantum communication network networking, overcoming the above shortcomings is very important for the security and communication efficiency of network applications.
发明内容Summary of the invention
针对背景技术中量子密钥可信中继过程中的缺陷,本发明公开一种量子密钥中继的方法,本发明通过一种新型的量子密钥处理方法解决中继过程的安全性扩散问题,通过并发响应提高密钥中继效率;本发明提供一种量子密钥中继的方法,其特征在于,包括如下步骤:(1-1)量子密钥分发网络中的任意一个量子服务节点(简称节点或中继节点,如果两个节 点之间存在点到点的量子信道连接并能够进行量子密钥分发,就称之为是相邻节点;相邻节点之间可以事先缓存量子密钥或实时协商量子密钥)与其它任意一个存在点到点的量子信道连接的相邻量子服务节点之间预先缓存一定量的量子密钥或者实时协商一定量的量子密钥;量子服务节点对所述量子密钥进行分组并对每一个分组进行随机性测试,把通过随机性测试的分组进行缓存,并创建相应的密钥标识;In view of the defects in the process of trusted relay of quantum keys in the background art, the present invention discloses a method for quantum key relay, and the present invention solves the problem of security diffusion of a relay process by a novel quantum key processing method. The method for improving the key relay efficiency by the concurrent response; the present invention provides a method for quantum key relay, which comprises the following steps: (1-1) any one of the quantum service nodes in the quantum key distribution network ( Referred to as a node or a relay node, if there is a point-to-point quantum channel connection between two nodes and quantum key distribution is possible, it is called a neighboring node; the quantum key can be cached in advance between adjacent nodes or Real-time negotiation of a quantum key) pre-caches a certain amount of quantum keys with any other quantum service node connected to a point-to-point quantum channel or negotiates a certain amount of quantum keys in real time; the quantum service node pairs The quantum key is grouped and randomized for each packet, the packets passed the randomness test are cached, and a corresponding key identifier is created;
(1-2)量子网络管理服务器在接收到把一个密钥R从源节点中继到目标节点的请求后,量子网络管理服务器根据所存储的中继路由表和相关量子服务节点的当前状态指标,得到从源节点中继到目标节点所经过的中继节点的数量、各个中继节点的地址和当前状态指标,并根据所述中继节点的数量和当前状态指标确定采用单向并发中继方法或双向并发中继方法,把密钥R从源节点中继到目标节点;(1-2) The quantum network management server receives the request to relay a key R from the source node to the target node, and the quantum network management server according to the stored relay routing table and the current state indicator of the associated quantum service node Obtaining the number of relay nodes that are relayed from the source node to the target node, the address of each relay node, and the current state indicator, and determining that the one-way concurrent relay is used according to the number of the relay nodes and the current state indicator a method or a bidirectional concurrent relay method for relaying a key R from a source node to a target node;
(1-3)源节点和目标节点对所述中继密钥R进行完整性校验,如果不能通过校验,则重新中继;在通过完整性校验后,完成该次密钥中继过程;参与该次中继服务的节点分别把使用过的中继量子密钥删除。(1-3) The source node and the target node perform integrity check on the relay key R, and if it fails to pass the check, re-relay; after passing the integrity check, complete the key relay The process; the nodes participating in the relay service respectively delete the used relay quantum key.
进一步地,上述单向并发中继方法,其特征在于:Further, the above unidirectional concurrent relay method is characterized by:
假定某次量子密钥中继服务是把一个密钥R从量子服务节点A(源节点)通过n(n是大于0的自然数)个中继节点并中继到量子服务节点B(目标节点),假定参与该次中继的全部量子服务节点依次记为A、…、Ci、…、B(其中,i是自然数,且0<i<n+1,当有一个中继节点时,n=1,i=1;当有两个中继节点时,n=2,i=1、2,以此类推),其中任意两个相邻节点之间已共享量子密钥(假定所述相邻节点之间依次选择K1、…、Ki、…、K(n+1)作为该次中继服务的量子密钥,其中,K1是节点A与节点C1的共享量子密钥,Ki是节点C(i-1)与节点Ci的共享量子密钥(其中,i是自然数,且1<i<n+1),K(n+1)是节点Cn与节点B的共享量子密钥,相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥);Assume that a quantum key relay service is to pass a key R from the quantum service node A (source node) through n (n is a natural number greater than 0) relay nodes and relay to the quantum service node B (target node). It is assumed that all quantum service nodes participating in the relay are sequentially recorded as A, ..., Ci, ..., B (where i is a natural number and 0 < i < n + 1, when there is a relay node, n = 1, i = 1; when there are two relay nodes, n = 2, i = 1, 2, and so on), where quantum keys are shared between any two adjacent nodes (assuming the neighbors K1, ..., Ki, ..., K(n+1) are sequentially selected as the quantum key of the relay service, wherein K1 is the shared quantum key of node A and node C1, and Ki is node C ( I-1) shared quantum key with node Ci (where i is a natural number and 1<i<n+1), K(n+1) is a shared quantum key of node Cn and node B, adjacent node a quantum key that identifies the key identifier of the used quantum key and uses the same key identifier);
量子网络管理服务器分别令节点Ci计算其与所述两个相邻节点之间的两个共享量子密钥的异或运算(记为
Figure PCTCN2018121874-appb-000001
)值,即节点Ci计算
Figure PCTCN2018121874-appb-000002
并分别把计算结果Ri及其相应节点ID一起发给节点B(其中,i是自然数,且0<i<n+1);如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述n个异或运算结果;节点B把所述n个异或运算结果与K(n+1)一起进行异或运算,即,计算
Figure PCTCN2018121874-appb-000003
从而把K1从节点A安全中继到节点B,节点B把K1作为中继密钥R,或者,节点A产生一个密钥R并利用K1加密发给节点B,节点B利用K1解密 得到中继密钥R。 The quantum network management server causes the node Ci to calculate an exclusive OR operation between the two shared quantum keys between the two adjacent nodes (denoted as
Figure PCTCN2018121874-appb-000001
Value, ie node Ci calculation
Figure PCTCN2018121874-appb-000002
And respectively send the calculation result Ri and its corresponding node ID to the node B (where i is a natural number and 0<i<n+1); if the node B does not receive the calculation result of some nodes within a limited time Then, the node B requests the corresponding node to resend the corresponding calculation result until the n exclusive OR operation results are received; the node B performs an exclusive OR operation on the n exclusive OR operation results together with K(n+1). That is, calculation
Figure PCTCN2018121874-appb-000003
Thus, K1 is securely relayed from node A to node B, node B uses K1 as relay key R, or node A generates a key R and sends it to node B using K1 encryption, and node B uses K1 decryption to relay Key R.
进一步地,上述双向并发中继方法包括双向并发中继方法一和双向并发中继方法二,其特征在于:Further, the bidirectional concurrent relay method includes a bidirectional concurrent relay method 1 and a bidirectional concurrent relay method 2, wherein:
假定某次量子密钥中继服务是把一个密钥R从量子服务节点A(源节点)通过n(n是大于3的自然数)个中继节点并中继到量子服务节点B(目标节点),假定参与该次中继的全部量子服务节点依次记为A、…、Ci、…、B(其中,i是自然数,且0<i<n+1,当有一个中继节点时,n=1,i=1;当有两个中继节点时,n=2,i=1、2,以此类推),其中任意两个相邻节点之间已共享量子密钥(假定所述相邻节点之间依次选择K1、…、Ki、…、K(n+1)作为该次中继服务的量子密钥,其中,K1是节点A与节点C1的共享量子密钥,Ki是节点C(i-1)与节点Ci的共享量子密钥(其中,i是自然数,且1<i<n+1),K(n+1)是节点Cn与节点B的共享量子密钥,相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥);Assume that a quantum key relay service is to pass a key R from the quantum service node A (source node) through n (n is a natural number greater than 3) relay nodes and relay to the quantum service node B (target node). It is assumed that all quantum service nodes participating in the relay are sequentially recorded as A, ..., Ci, ..., B (where i is a natural number and 0 < i < n + 1, when there is a relay node, n = 1, i = 1; when there are two relay nodes, n = 2, i = 1, 2, and so on), where quantum keys are shared between any two adjacent nodes (assuming the neighbors K1, ..., Ki, ..., K(n+1) are sequentially selected as the quantum key of the relay service, wherein K1 is the shared quantum key of node A and node C1, and Ki is node C ( I-1) shared quantum key with node Ci (where i is a natural number and 1<i<n+1), K(n+1) is a shared quantum key of node Cn and node B, adjacent node a quantum key that identifies the key identifier of the used quantum key and uses the same key identifier);
(3-1)双向并发中继方法一,其特征在于:(3-1) Two-way concurrent relay method one, which is characterized by:
量子网络管理服务器根据所有中继节点的当前状态指标选择并指定最优的提供该次中继服务的中继节点(此处假定为节点Cx,x是大于1且小于n的某个自然数)产生中继密钥R,令节点Ci计算
Figure PCTCN2018121874-appb-000004
(i是自然数,且0<i<x),令节点Cx计算
Figure PCTCN2018121874-appb-000005
并分别把计算结果Ri(i是自然数,且0<i<x)、Rx_1及其相应节点的ID一起发给节点A;如果在限定的时间内节点A没有接收到某些节点的计算结果,则节点A请求相应节点重发相应的计算结果,直到接收到所述x个异或运算计算结果;节点A把所述x个异或运算结果与K1一起进行异或运算,即,节点A计算
Figure PCTCN2018121874-appb-000006
(i是自然数,且0<i<x)并得到R; The quantum network management server selects and specifies the optimal relay node that provides the relay service according to the current state indicator of all the relay nodes (here assumed that node Cx, x is a certain natural number greater than 1 and less than n) Relay key R, let node Ci calculate
Figure PCTCN2018121874-appb-000004
(i is a natural number, and 0<i<x), let node Cx calculate
Figure PCTCN2018121874-appb-000005
And respectively, the calculation result Ri (i is a natural number, and 0 < i < x), Rx_1 and the ID of the corresponding node are sent to the node A together; if the node A does not receive the calculation result of some nodes within a limited time, Then, the node A requests the corresponding node to resend the corresponding calculation result until the x XOR operation calculation result is received; the node A performs the exclusive OR operation on the x XOR operation result together with K1, that is, the node A calculation
Figure PCTCN2018121874-appb-000006
(i is a natural number, and 0 < i < x) and gets R;
量子网络管理服务器再令节点Cx计算
Figure PCTCN2018121874-appb-000007
令节点Ci计算
Figure PCTCN2018121874-appb-000008
(i是自然数且x<i<n+1),并分别把计算结果Rx_2、Ri(i是自然数且x<i<n+1)及其相应节点的ID一起发给节点B;如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述(n-x+1)个异或运算计算结果;节点B把所述(n-x+1)个异或运算结果与K(n+1)一起进行异或运算,即,节点B计算
Figure PCTCN2018121874-appb-000009
Figure PCTCN2018121874-appb-000010
(i是自然数且x<i<n+1)并得到中继密钥R; Quantum Network Management Server Let Node Cx Calculate
Figure PCTCN2018121874-appb-000007
Let node Ci calculate
Figure PCTCN2018121874-appb-000008
(i is a natural number and x<i<n+1), and respectively send the calculation results Rx_2, Ri (i is a natural number and x<i<n+1) and the ID of the corresponding node to the node B; if it is limited The Node B does not receive the calculation result of some nodes in the time, and the Node B requests the corresponding node to resend the corresponding calculation result until the (n-x+1) XOR operation calculation result is received; The (n-x+1) XOR operation result is XORed with K(n+1), that is, Node B calculation
Figure PCTCN2018121874-appb-000009
Figure PCTCN2018121874-appb-000010
(i is a natural number and x < i < n + 1) and obtains a relay key R;
(3-2)双向并发中继方法二,其特征在于:(3-2) Two-way concurrent relay method two, which is characterized by:
量子网络管理服务器根据所有中继节点的当前状态指标选择并指定最优的提供该次中继服务的中继节点(此处假定为节点Cx,x是大于1且小于n的某个自然数),令节点Ci计算
Figure PCTCN2018121874-appb-000011
(i是自然数,且0<i<x),并分别把计算结果Ri(i是自然数,且0<i<x)及其相应节点ID一起发给节点A(此处,如果x=2,则,只需要发送R1);如果在限定的时间内A没有接收到某些节点的计算结果,则节点A请求相应节点重发相应的计算结果,直到接收到所述(x-1)个异或运算计算结果;节点A把所述(x-1)个异或运算结果与K1一起进行异或运算,即,如果x=2,则,A计算
Figure PCTCN2018121874-appb-000012
如果x=3,则,节点A计算
Figure PCTCN2018121874-appb-000013
Figure PCTCN2018121874-appb-000014
如果x>3,则节点A计算
Figure PCTCN2018121874-appb-000015
(i是自然数,且0<i<x-1)并得到Kx; The quantum network management server selects and specifies an optimal relay node that provides the relay service according to the current state indicator of all the relay nodes (here assumed to be node Cx, where x is a natural number greater than 1 and less than n), Let node Ci calculate
Figure PCTCN2018121874-appb-000011
(i is a natural number, and 0<i<x), and respectively sends the calculation result Ri (i is a natural number, and 0<i<x) and its corresponding node ID to node A (here, if x=2, Then, only need to send R1); if A does not receive the calculation result of some nodes within a limited time, node A requests the corresponding node to resend the corresponding calculation result until the (x-1) different Or calculate the calculation result; node A performs an exclusive OR operation on the (x-1) XOR operation result together with K1, that is, if x=2, then A calculation
Figure PCTCN2018121874-appb-000012
If x=3, then node A calculates
Figure PCTCN2018121874-appb-000013
Figure PCTCN2018121874-appb-000014
If x>3, node A calculates
Figure PCTCN2018121874-appb-000015
(i is a natural number, and 0 < i < x-1) and gets Kx;
量子网络管理服务器再令节点Cx计算
Figure PCTCN2018121874-appb-000016
令节点Ci计算
Figure PCTCN2018121874-appb-000017
(i是自然数且x<i<n+1),并分别把计算结果Rx、Ri(i是自然数且x<i<n+1)及其相应节点的ID一起发给节点B;如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述(n-x+1)个异或运算计算结果;节点B把所述(n-x+1)个异或运算结果与K(n+1)一起进行异或运算,即,节点B计算
Figure PCTCN2018121874-appb-000018
Figure PCTCN2018121874-appb-000019
(i是自然数且x<i<n+1)并得到中继密钥Kx;从而把Kx从节点A安全中继到节点B,节点B把Kx作为中继密钥R,或者节点A产生一个密钥R并利用Kx加密发给节点B,节点B利用Kx解密得到中继密钥R。 Quantum Network Management Server Let Node Cx Calculate
Figure PCTCN2018121874-appb-000016
Let node Ci calculate
Figure PCTCN2018121874-appb-000017
(i is a natural number and x<i<n+1), and respectively send the calculation result Rx, Ri (i is a natural number and x<i<n+1) and the ID of the corresponding node to the node B; if it is limited The Node B does not receive the calculation result of some nodes in the time, and the Node B requests the corresponding node to resend the corresponding calculation result until the (n-x+1) XOR operation calculation result is received; The (n-x+1) XOR operation result is XORed with K(n+1), that is, Node B calculation
Figure PCTCN2018121874-appb-000018
Figure PCTCN2018121874-appb-000019
(i is a natural number and x<i<n+1) and obtains the relay key Kx; thus, Kx is securely relayed from node A to node B, node B uses Kx as relay key R, or node A generates one The key R is sent to the Node B by Kx encryption, and the Node B decrypts it by Kx to obtain the relay key R.
进一步地,上述密钥标识所包含的内容包括但不限于:当前节点ID、相邻节点ID、密钥编号和密钥数据长度。Further, the content included in the foregoing key identifier includes, but is not limited to, a current node ID, a neighbor node ID, a key number, and a key data length.
进一步地,上述量子网络管理服务器得到参与该次中继服务的中继节点的地址的方法为:量子网络管理服务器根据该次中继服务的源节点和目标节点的地址,查询所存储的中继路由表,得到该次中继服务的源节点和目标节点间各个中继量子服务节点的地址。Further, the method for obtaining, by the quantum network management server, the address of the relay node participating in the relay service is: the quantum network management server queries the stored relay according to the address of the source node and the target node of the relay service. The routing table obtains the address of each relay quantum service node between the source node and the target node of the relay service.
进一步地,上述中继路由表,其特征包括但不限于:Further, the foregoing relay routing table includes, but is not limited to:
(6-1)中继路由表由若干条记录组成,每一条记录的内容包括但不限于:本机地址、目标地址和下一跳地址;(6-1) The relay routing table is composed of several records, and the contents of each record include but are not limited to: a local address, a destination address, and a next hop address;
(6-2)量子密钥分配网络的各个量子服务节点中都保存有自己的中继路由表;(6-2) Each quantum service node of the quantum key distribution network stores its own relay routing table;
(6-3)量子网络管理服务器中存储有每个量子服务节点的当前中继路由表;(6-3) a current relay routing table of each quantum service node is stored in the quantum network management server;
(6-4)量子密钥分配网络的拓扑结构变化后,中继路由表也随之更新。(6-4) After the topology of the quantum key distribution network changes, the relay routing table is also updated.
需要说明的是,中继路由表需要考虑相邻节点(如果两个节点之间存在点到点的量子信道连接并能够进行量子密钥分发,就称之为是相邻节点)之间是否存在事先缓存的量子密钥,是否可以实时协商量子密钥,如果相邻节点之间存在事先缓存的量子密钥或能够实时协商量子密钥,则所述相邻节点之间的路由才是通达的;否则,就是不通。It should be noted that the relay routing table needs to consider whether adjacent nodes (if there is a point-to-point quantum channel connection between two nodes and can perform quantum key distribution, it is called adjacent nodes) Whether the quantum key is cached in advance, whether the quantum key can be negotiated in real time, and if there is a pre-cached quantum key between adjacent nodes or a quantum key can be negotiated in real time, the route between the adjacent nodes is accessible. Otherwise, it is nowhere.
进一步地,上述量子服务节点的当前状态指标,其特征包括但不限于:Further, the current state indicator of the quantum service node described above includes, but is not limited to:
(7-1)反映所述量子服务节点当前负担的中继任务的繁重状态的指标,所述指标是一个量化的指标,其中,包括但不限于所述量子服务节点的额定量子密钥分发速率、当前正在参与多少个中继任务和各个中继任务的量子密钥消耗速率;(7-1) an indicator reflecting a heavy state of a relay task currently burdened by the quantum service node, the indicator being a quantized indicator, including but not limited to a nominal quantum key distribution rate of the quantum service node How many relay tasks are currently participating and the quantum key consumption rate of each relay task;
(7-2)反映所述量子服务节点在量子密钥分配网络中当前所处的位置状态的指标,所述指标是一个量化的指标,其中,包括但不限于:所述量子服务节点与其他多少个量子服务节点之间存在有效的量子信道并能够进行量子密钥协商以及所述量子服务节点与其他量子服务节点间的跳数。(7-2) reflecting an indicator of the current position state of the quantum service node in the quantum key distribution network, wherein the indicator is a quantitative indicator, including but not limited to: the quantum service node and other There are effective quantum channels between the quantum service nodes and the ability to perform quantum key negotiation and hop counts between the quantum service nodes and other quantum service nodes.
进一步地,上述量子服务节点包括但不限于:基于单个量子密钥分发终端形成的量子密钥中继服务器和基于多个量子密钥分发终端形成的量子密钥中继服务器,其中量子密钥分发终端包括量子密钥分发系统的收发一体机和量子密钥分发系统的发送端或接收端;其中,所述量子密钥中继服务器包括但不限于协议交互模块和数据加解密模块,其中,协议交互模块用于响应量子网络管理服务器的服务指令,用于接收其它节点发送的中继密钥数据或根据服务指令向其它节点发送相关的中继密钥数据,并与相应节点对所述交互数据进行确认;数据加解密模块,用于接收其它中继节点发送的加密的中继密钥数据,并利用相应的量子密钥对其进行解密,或加密发送给其它中继节点的中继密钥数据。Further, the quantum service node includes, but is not limited to, a quantum key relay server formed based on a single quantum key distribution terminal and a quantum key relay server formed based on a plurality of quantum key distribution terminals, wherein the quantum key distribution The terminal includes a transceiver unit of a quantum key distribution system and a transmitting end or a receiving end of the quantum key distribution system; wherein the quantum key relay server includes but is not limited to a protocol interaction module and a data encryption and decryption module, wherein the protocol The interaction module is configured to respond to the service instruction of the quantum network management server, receive relay key data sent by other nodes, or send related relay key data to other nodes according to the service instruction, and interact with the corresponding node. A data encryption/decryption module is configured to receive encrypted relay key data sent by other relay nodes, and decrypt the same using the corresponding quantum key, or encrypt the relay key sent to other relay nodes. data.
进一步地,上述单向并发中继方法和双向并发中继方法中的中继节点发送其与相邻中继节点之间的两个共享量子密钥的异或运算值的方法包括直接发送和加密发送,其中,加密发送是采用所述中继节点与目标节点之间的共享密钥加密后再发送,目标节点采用相应的共享密钥进行解密(比如采用数据加密标准算法AES进行加密和解密,采用加密发送的前提是通信双方有共享密钥)。Further, the method for the XOR concurrent relay method and the bidirectional concurrent relay method in which the relay node transmits the XOR operation value of the two shared quantum keys between the relay node and the adjacent relay node includes direct transmission and encryption. Sending, wherein the encrypted transmission is encrypted by using the shared key between the relay node and the target node, and the target node decrypts by using the corresponding shared key (for example, using the data encryption standard algorithm AES for encryption and decryption, The premise of using encrypted transmission is that the communicating parties have a shared key).
进一步地,上述量子网络管理服务器选择并指定最优的提供该次中继服务的中继节点的方法,其特征在于:Further, the foregoing quantum network management server selects and specifies an optimal method for providing a relay node of the relay service, and is characterized by:
(10-1)量子网络管理服务器向参与该次中继服务的中继节点发送指令,令所述中继节点将各自当前的状态指标上传到量子网络管理服务器;(10-1) the quantum network management server sends an instruction to the relay node participating in the relay service, so that the relay node uploads each current state indicator to the quantum network management server;
(10-2)量子网络管理服务器收集所述中继节点的当前状态指标,据此判断得到本次通信中最优的提供该次中继服务的可信中继节点。(10-2) The quantum network management server collects the current state indicator of the relay node, and accordingly determines the trusted relay node that provides the relay service optimally in the current communication.
进一步地,上述量子网络管理服务器用于量子密钥分发网络的管控和中继服务管控。Further, the above quantum network management server is used for management and management of the quantum key distribution network.
与现有技术相比,本发明具有以下几方面的创新性:Compared with the prior art, the invention has the following innovations:
(1)本发明通过一种新型的量子密钥处理方法解决中继过程的安全性扩散问题;(1) The present invention solves the problem of security diffusion of a relay process by a novel quantum key processing method;
(2)通过并发响应和优选并发中继方式提高密钥中继效率,降低中继延迟,消除并发冲突问题;与公开的同类技术方案相比,本发明方案的安全性更高、效率更高、中继延迟更小;本发明方法与系统可以广泛应用于各种拓扑结构的量子通信网络,具有良好的应用前景。(2) Improve the key relay efficiency by the concurrent response and the preferred concurrent relay mode, reduce the relay delay, and eliminate the concurrency conflict problem; the solution of the present invention is more secure and more efficient than the disclosed similar technical solutions. The relay delay is smaller; the method and system of the invention can be widely applied to quantum communication networks of various topologies, and has a good application prospect.
附图说明DRAWINGS
图1为本发明方法的单向并发中继方法实施例原理示意图;1 is a schematic diagram of an embodiment of a method for unidirectional concurrent relaying according to a method of the present invention;
图2为本发明方法的双向并发中继方法一的实施例1的原理示意图;2 is a schematic diagram of the principle of Embodiment 1 of the method for bidirectional concurrent relaying according to the method of the present invention;
图3为本发明方法的双向并发中继方法二的实施例1的原理示意图;3 is a schematic diagram of the principle of Embodiment 1 of the bidirectional concurrent relay method 2 of the method of the present invention;
图4为本发明实施例的相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥的原理示意图;4 is a schematic diagram showing the principle of confirming a key identifier of a used quantum key and using a quantum key identified by the same key between adjacent nodes according to an embodiment of the present invention;
图5为本发明方法的双向并发中继方法一的实施例2的原理示意图;5 is a schematic diagram of the principle of Embodiment 2 of the bidirectional concurrent relay method 1 of the method of the present invention;
图6为本发明方法的双向并发中继方法二的实施例2的原理示意图。FIG. 6 is a schematic diagram of the principle of Embodiment 2 of the bidirectional concurrent relay method 2 of the method of the present invention.
具体实施方式Detailed ways
为使本发明的技术方案及优点更加清楚,作为本发明的一部分,以下结合附图及具体实施例,对本发明作进一步详细的说明。The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.
本发明方案中所涉及的通信信道包括:除了相邻量子服务节点(或量子中继节点,或节点,当量子服务节点用于中继节点时被当作量子中继节点)之间的量子密钥分发过程需要占用量子信道以外,其它通信过程都采用传统网络通信信道,包括有线和无线信道。The communication channel involved in the solution of the present invention includes: a quantum density between adjacent quantum service nodes (or quantum relay nodes, or nodes, which are used as quantum relay nodes when the equivalent sub-service nodes are used for relay nodes) The key distribution process requires the use of a quantum channel, and other communication processes use traditional network communication channels, including wired and wireless channels.
图1所示的单向并发中继方法实施例原理以及图1中的标识符号都与上述“[0006]进一步地,所述方法还包括单向并发中继方法”中的相应描述相同,此处不再介绍。图2所示的双向并发中继方法一实施例原理以及图2中的标识符号都与上述“[0007]段中的(3-1)双向并发中继方法一”中的相应描述相同,此处不再介绍。图3所示的双向并发中继方法二实施例原理以及图3中的标识符号都与上述“[0007]段中的(3-2)双向并发中继方法二(如图3所示)”中的相应描述相同,此处不再介绍。The principle of the unidirectional concurrent relay method embodiment shown in FIG. 1 and the identification symbols in FIG. 1 are the same as the corresponding descriptions in the above-mentioned "[0006] further, the method further includes a unidirectional concurrent relay method", No longer introduced. The principle of the embodiment of the bidirectional concurrent relay method shown in FIG. 2 and the identification symbols in FIG. 2 are the same as the corresponding descriptions in the above-mentioned "(3-1) bidirectional concurrent relay method one in the paragraph [0007], No longer introduced. The principle of the two-way concurrent relay method shown in FIG. 3 and the identifiers in FIG. 3 are the same as the above (3-2) bidirectional concurrent relay method (shown in FIG. 3) in the paragraph [0007]. The corresponding descriptions in the same are the same and will not be introduced here.
图4为本发明的相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥的方法实施例,其中,节点C(i-1)向节点Ci发送其所选择的二者之间的共享密钥中的某个共享密钥Ki的密钥标识(图4中的过程1),节点Ci向节点C(i-1)发送选择Ki的确认信息(图4中的过程3);Ci向C(i+1)发送其所选择的二者之间的共享密钥中的某个共享密钥K(i+1)的密钥标识(图4中的过程2),节点C(i+1)向节点Ci发送选择K(i+1)的确认信息(图4中的过程4);在完成以上过程后,节点Ci计算
Figure PCTCN2018121874-appb-000020
(在单向并发中继方法中),并通过传统网络通信信道把Ri发给目标节点(图4中的过程5)。 在双向并发中继方法中,采用类似的处理方法对相邻节点之间所选用的共享密钥进行确认。 4 is a method embodiment of a method for confirming a key identifier of a used quantum key between adjacent nodes and using a quantum key identified by the same key, wherein the node C(i-1) is a node Ci sends the key identifier of one of the shared keys Ki between the selected two of them (process 1 in FIG. 4), and the node Ci sends a confirmation of the selection Ki to the node C(i-1) Information (Process 3 in Figure 4); Ci sends a key identification of a shared key K(i+1) in the shared key between the two selected by C(i+1) (Fig. Process 2) in 4, node C(i+1) sends confirmation information for selecting K(i+1) to node Ci (process 4 in Fig. 4); after completing the above process, node Ci calculates
Figure PCTCN2018121874-appb-000020
(in the one-way concurrent relay method), and send Ri to the target node through the conventional network communication channel (process 5 in Fig. 4). In the two-way concurrent relay method, a similar processing method is used to confirm the shared key selected between adjacent nodes.
图5为本发明方法的双向并发中继方法一的实施例2示意图,其中包括3个中继节点C1、C2和C3,C1计算
Figure PCTCN2018121874-appb-000021
C2产生R并计算
Figure PCTCN2018121874-appb-000022
C1和C2分别把R1和R2_1发给A,A计算
Figure PCTCN2018121874-appb-000023
FIG. 5 is a schematic diagram of Embodiment 2 of a bidirectional concurrent relay method according to the method of the present invention, including three relay nodes C1, C2, and C3, and C1 calculation
Figure PCTCN2018121874-appb-000021
C2 produces R and calculates
Figure PCTCN2018121874-appb-000022
C1 and C2 send R1 and R2_1 to A, respectively.
Figure PCTCN2018121874-appb-000023
C2计算
Figure PCTCN2018121874-appb-000024
C3计算
Figure PCTCN2018121874-appb-000025
C2和C3分别把R2_2和R3发给B,B计算
Figure PCTCN2018121874-appb-000026
即,实现了把密钥R从A中继到B。 C2 calculation
Figure PCTCN2018121874-appb-000024
C3 calculation
Figure PCTCN2018121874-appb-000025
C2 and C3 send R2_2 and R3 to B, B respectively
Figure PCTCN2018121874-appb-000026
That is, it is achieved that the key R is relayed from A to B.
图6为本发明的双向并发中继方法二的实施例2示意图,其中包括3个中继节点C1、C2和C3,C1计算
Figure PCTCN2018121874-appb-000027
C1把R1发给A,A计算
Figure PCTCN2018121874-appb-000028
6 is a schematic diagram of Embodiment 2 of a bidirectional concurrent relay method 2 of the present invention, including three relay nodes C1, C2, and C3, and C1 calculation
Figure PCTCN2018121874-appb-000027
C1 sends R1 to A, A calculates
Figure PCTCN2018121874-appb-000028
C2计算
Figure PCTCN2018121874-appb-000029
C3计算
Figure PCTCN2018121874-appb-000030
C2和C3分别把R2和R3发给B,B计算
Figure PCTCN2018121874-appb-000031
Figure PCTCN2018121874-appb-000032
即,实现了把密钥K2从A中继到B,可以把K2作为中继密钥R使用,也可以,A(或B)再产生一个密钥R并把
Figure PCTCN2018121874-appb-000033
发给B(或A),B(或A)计算
Figure PCTCN2018121874-appb-000034
即,实现把密钥R从A中继到B。 C2 calculation
Figure PCTCN2018121874-appb-000029
C3 calculation
Figure PCTCN2018121874-appb-000030
C2 and C3 send R2 and R3 to B, B respectively
Figure PCTCN2018121874-appb-000031
Figure PCTCN2018121874-appb-000032
That is, it is realized that the key K2 is relayed from A to B, and K2 can be used as the relay key R, or A (or B) can generate another key R and
Figure PCTCN2018121874-appb-000033
Issue to B (or A), B (or A) calculation
Figure PCTCN2018121874-appb-000034
That is, it is implemented to relay the key R from A to B.
为了降低对中继节点的可信性要求,并降低第三方节点得到中继密钥的风险,也可以采用数据加密标准算法对发给目标节点的数据进行加密,比如,节点C2利用事先与目标节点B共享的工作密钥加密(采用数据加密标准算法AES)R2得到密文R2_C,并把R2_C发给B;B利用相同的工作密钥解密R2_C并得到R2。In order to reduce the credibility requirement for the relay node and reduce the risk of the third-party node obtaining the relay key, the data encryption standard algorithm may also be used to encrypt the data sent to the target node, for example, the node C2 uses the prior and the target. The work key encryption shared by the Node B (using the data encryption standard algorithm AES) R2 obtains the ciphertext R2_C and sends R2_C to B; B decrypts R2_C with the same work key and obtains R2.
以上所描述的实施例仅是本发明的一部分实施例,而不是全部的实施例。基于本发明中实施例的各种变形和组合可以得到更多的实施例,本领域普通技术人员在未做出创造性劳动前提下所获得的其他直接采用本发明方法的实施例,都属于本发明保护的范围。The embodiments described above are only a part of the embodiments of the invention, and not all of the embodiments. Further embodiments can be obtained based on various modifications and combinations of the embodiments of the present invention, and other embodiments directly employed by those skilled in the art without the inventive work are all of the present invention. The scope of protection.

Claims (10)

  1. 一种量子密钥中继方法,其特征在于,包括如下步骤:A quantum key relay method, comprising the following steps:
    (1-1)量子密钥分发网络中的任意一个量子服务节点(简称节点)与其它任意一个存在点到点的量子信道连接的相邻量子服务节点之间预先缓存一定量的量子密钥或者实时协商一定量的量子密钥,量子服务节点对所述量子密钥进行分组并对每一个分组进行随机性测试,把通过随机性测试的分组进行缓存,并创建相应的密钥标识;(1-1) Any quantum service node (referred to as a node) in a quantum key distribution network pre-caches a certain amount of quantum keys or between any adjacent quantum service nodes connected to a point-to-point quantum channel or Realizing a certain amount of quantum keys in real time, the quantum service node groups the quantum keys and performs randomness test on each packet, caches the packets through the randomness test, and creates a corresponding key identifier;
    (1-2)量子网络管理服务器在接收到把一个密钥R从源节点中继到目标节点的请求后,量子网络管理服务器根据所存储的中继路由表和相关量子服务节点的当前状态指标,得到从源节点中继到目标节点所经过的中继节点的数量、各个中继节点的地址和当前状态指标,并根据所述中继节点的数量和当前状态指标确定采用单向并发中继方法或双向并发中继方法,把密钥R从源节点中继到目标节点;(1-2) The quantum network management server receives the request to relay a key R from the source node to the target node, and the quantum network management server according to the stored relay routing table and the current state indicator of the associated quantum service node Obtaining the number of relay nodes that are relayed from the source node to the target node, the address of each relay node, and the current state indicator, and determining that the one-way concurrent relay is used according to the number of the relay nodes and the current state indicator a method or a bidirectional concurrent relay method for relaying a key R from a source node to a target node;
    (1-3)源节点和目标节点对所述中继密钥R进行完整性校验,如果不能通过校验,则重新中继;在通过完整性校验后,完成该次密钥中继过程;参与该次中继服务的节点分别把使用过的中继量子密钥删除。(1-3) The source node and the target node perform integrity check on the relay key R, and if it fails to pass the check, re-relay; after passing the integrity check, complete the key relay The process; the nodes participating in the relay service respectively delete the used relay quantum key.
  2. 根据权利要求1所述的方法,所述单向并发中继方法,其特征在于:The method according to claim 1, wherein the one-way concurrent relay method is characterized by:
    假定某次量子密钥中继服务是把一个密钥R从量子服务节点A(源节点)通过n(n是大于0的自然数)个中继节点并中继到量子服务节点B(目标节点),假定参与该次中继的全部量子服务节点依次记为A、…、Ci、…、B(其中,i是自然数,且0<i<n+1,当有一个中继节点时,n=1,i=1;当有两个中继节点时,n=2,i=1、2,以此类推),其中任意两个相邻节点之间已共享量子密钥(假定所述相邻节点之间依次选择K1、…、Ki、…、K(n+1)作为该次中继服务的量子密钥,其中,K1是节点A与节点C1的共享量子密钥,Ki是节点C(i-1)与节点Ci的共享量子密钥(其中,i是自然数,且1<i<n+1),K(n+1)是节点Cn与节点B的共享量子密钥,相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥);Assume that a quantum key relay service is to pass a key R from the quantum service node A (source node) through n (n is a natural number greater than 0) relay nodes and relay to the quantum service node B (target node). It is assumed that all quantum service nodes participating in the relay are sequentially recorded as A, ..., Ci, ..., B (where i is a natural number and 0 < i < n + 1, when there is a relay node, n = 1, i = 1; when there are two relay nodes, n = 2, i = 1, 2, and so on), where quantum keys are shared between any two adjacent nodes (assuming the neighbors K1, ..., Ki, ..., K(n+1) are sequentially selected as the quantum key of the relay service, wherein K1 is the shared quantum key of node A and node C1, and Ki is node C ( I-1) shared quantum key with node Ci (where i is a natural number and 1<i<n+1), K(n+1) is a shared quantum key of node Cn and node B, adjacent node a quantum key that identifies the key identifier of the used quantum key and uses the same key identifier);
    量子网络管理服务器分别令节点Ci计算其与所述两个相邻节点之间的两个共享量子密钥的异或运算(记为
    Figure PCTCN2018121874-appb-100001
    )值,即节点Ci计算
    Figure PCTCN2018121874-appb-100002
    并分别把计算结果Ri及其相应节点ID一起发给节点B(其中,i是自然数,且0<i<n+1);如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述n个异或运算结果;节点B把所述n个异或运算结果与K(n+1)一起进行异或运算,即,计算
    Figure PCTCN2018121874-appb-100003
    从而把K1从节点A安全中继到节点B,节点B把K1作为中继密钥R,或者节点A产生一个密钥R并利用K1加密发给节点B,节点B利用K1解密得 到中继密钥R。     The quantum network management server causes the node Ci to calculate an exclusive OR operation between the two shared quantum keys between the two adjacent nodes (denoted as
    Figure PCTCN2018121874-appb-100001
    Value, ie node Ci calculation
    Figure PCTCN2018121874-appb-100002
    And respectively send the calculation result Ri and its corresponding node ID to the node B (where i is a natural number and 0<i<n+1); if the node B does not receive the calculation result of some nodes within a limited time Then, the node B requests the corresponding node to resend the corresponding calculation result until the n exclusive OR operation results are received; the node B performs an exclusive OR operation on the n exclusive OR operation results together with K(n+1). That is, calculation
    Figure PCTCN2018121874-appb-100003
    Thus, K1 is securely relayed from node A to node B, node B uses K1 as relay key R, or node A generates a key R and sends it to node B by K1 encryption, and node B decrypts it by K1. Key R.
  3. 根据权利要求1所述的方法,所述双向并发中继方法包括双向并发中继方法一和双向并发中继方法二,其特征在于:The method according to claim 1, wherein the bidirectional concurrent relay method comprises a bidirectional concurrent relay method 1 and a bidirectional concurrent relay method 2, characterized in that:
    假定某次量子密钥中继服务是把一个密钥R从量子服务节点A(源节点)通过n(n是大于3的自然数)个中继节点并中继到量子服务节点B(目标节点),假定参与该次中继的全部量子服务节点依次记为A、…、Ci、…、B(其中,i是自然数,且0<i<n+1,当有一个中继节点时,n=1,i=1;当有两个中继节点时,n=2,i=1、2,以此类推),其中任意两个相邻节点之间已共享量子密钥(假定所述相邻节点之间依次选择K1、…、Ki、…、K(n+1)作为该次中继服务的量子密钥,其中,K1是节点A与节点C1的共享量子密钥,Ki是节点C(i-1)与节点Ci的共享量子密钥(其中,i是自然数,且1<i<n+1),K(n+1)是节点Cn与节点B的共享量子密钥,相邻节点之间对所使用的量子密钥的密钥标识进行确认并使用相同密钥标识的量子密钥);Assume that a quantum key relay service is to pass a key R from the quantum service node A (source node) through n (n is a natural number greater than 3) relay nodes and relay to the quantum service node B (target node). It is assumed that all quantum service nodes participating in the relay are sequentially recorded as A, ..., Ci, ..., B (where i is a natural number and 0 < i < n + 1, when there is a relay node, n = 1, i = 1; when there are two relay nodes, n = 2, i = 1, 2, and so on), where quantum keys are shared between any two adjacent nodes (assuming the neighbors K1, ..., Ki, ..., K(n+1) are sequentially selected as the quantum key of the relay service, wherein K1 is the shared quantum key of node A and node C1, and Ki is node C ( I-1) shared quantum key with node Ci (where i is a natural number and 1<i<n+1), K(n+1) is a shared quantum key of node Cn and node B, adjacent node a quantum key that identifies the key identifier of the used quantum key and uses the same key identifier);
    (3-1)双向并发中继方法一,其特征在于:(3-1) Two-way concurrent relay method one, which is characterized by:
    量子网络管理服务器根据所有中继节点的当前状态指标选择并指定最优的提供该次中继服务的中继节点(此处假定为节点Cx,x是大于1且小于n的某个自然数)产生中继密钥R,令节点Ci计算
    Figure PCTCN2018121874-appb-100004
    (i是自然数,且0<i<x),令节点Cx计算
    Figure PCTCN2018121874-appb-100005
    并分别把计算结果Ri(i是自然数,且0<i<x)、Rx_1及其相应节点的ID一起发给节点A;如果在限定的时间内节点A没有接收到某些节点的计算结果,则节点A请求相应节点重发相应的计算结果,直到接收到所述x个异或运算计算结果;节点A把所述x个异或运算结果与K1一起进行异或运算,即,节点A计算
    Figure PCTCN2018121874-appb-100006
    (i是自然数,且0<i<x)并得到R;     The quantum network management server selects and specifies the optimal relay node that provides the relay service according to the current state indicator of all the relay nodes (here assumed that node Cx, x is a certain natural number greater than 1 and less than n) Relay key R, let node Ci calculate
    Figure PCTCN2018121874-appb-100004
    (i is a natural number, and 0<i<x), let node Cx calculate
    Figure PCTCN2018121874-appb-100005
    And respectively, the calculation result Ri (i is a natural number, and 0 < i < x), Rx_1 and the ID of the corresponding node are sent to the node A together; if the node A does not receive the calculation result of some nodes within a limited time, Then, the node A requests the corresponding node to resend the corresponding calculation result until the x XOR operation calculation result is received; the node A performs the exclusive OR operation on the x XOR operation result together with K1, that is, the node A calculation
    Figure PCTCN2018121874-appb-100006
    (i is a natural number, and 0 < i < x) and gets R;
    量子网络管理服务器再令节点Cx计算
    Figure PCTCN2018121874-appb-100007
    令节点Ci计算
    Figure PCTCN2018121874-appb-100008
    (i是自然数且x<i<n+1),并分别把计算结果Rx_2、Ri(i是自然数且x<i<n+1)及其相应节点的ID一起发给节点B;如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述(n-x+1)个异或运算计算结果;节点B把所述(n-x+1)个异或运算结果与K(n+1)一起进行异或运算,即,节点B计算
    Figure PCTCN2018121874-appb-100009
    Figure PCTCN2018121874-appb-100010
    (i是自然数且x<i<n+1)并得到中继密钥R;     Quantum Network Management Server Let Node Cx Calculate
    Figure PCTCN2018121874-appb-100007
    Let node Ci calculate
    Figure PCTCN2018121874-appb-100008
    (i is a natural number and x<i<n+1), and respectively send the calculation results Rx_2, Ri (i is a natural number and x<i<n+1) and the ID of the corresponding node to the node B; if it is limited The Node B does not receive the calculation result of some nodes in the time, and the Node B requests the corresponding node to resend the corresponding calculation result until the (n-x+1) XOR operation calculation result is received; The (n-x+1) XOR operation result is XORed with K(n+1), that is, Node B calculation
    Figure PCTCN2018121874-appb-100009
    Figure PCTCN2018121874-appb-100010
    (i is a natural number and x < i < n + 1) and obtains a relay key R;
    (3-2)双向并发中继方法二,其特征在于:(3-2) Two-way concurrent relay method two, which is characterized by:
    量子网络管理服务器根据所有中继节点的当前状态指标选择并指定最优的提供该次中继服务的中继节点(此处假定为节点Cx,x是大于1且小于n的某个自然数),令节点Ci计算
    Figure PCTCN2018121874-appb-100011
    (i是自然数,且0<i<x),并分别把计算结果Ri(i是自然数,且0<i<x)及其相应节点ID一起发给节点A(此处,如果x=2,则,只需要发送R1);如果在限定的时间内A没有接收到某些节点的计算结果,则节点A请求相应节点重发相应的计算结果,直到接收到所述(x-1)个异或运算计算结果;节点A把所述(x-1)个异或运算结果与K1一起进行异或运算,即,如果x=2,则,A计算
    Figure PCTCN2018121874-appb-100012
    如果x=3,则,节点A计算
    Figure PCTCN2018121874-appb-100013
    Figure PCTCN2018121874-appb-100014
    如果x>3,则节点A计算
    Figure PCTCN2018121874-appb-100015
    (i是自然数,且0<i<x-1)并得到Kx;     The quantum network management server selects and specifies an optimal relay node that provides the relay service according to the current state indicator of all the relay nodes (here assumed to be node Cx, where x is a natural number greater than 1 and less than n), Let node Ci calculate
    Figure PCTCN2018121874-appb-100011
    (i is a natural number, and 0<i<x), and respectively sends the calculation result Ri (i is a natural number, and 0<i<x) and its corresponding node ID to node A (here, if x=2, Then, only need to send R1); if A does not receive the calculation result of some nodes within a limited time, node A requests the corresponding node to resend the corresponding calculation result until the (x-1) different Or calculate the calculation result; node A performs an exclusive OR operation on the (x-1) XOR operation result together with K1, that is, if x=2, then A calculation
    Figure PCTCN2018121874-appb-100012
    If x=3, then node A calculates
    Figure PCTCN2018121874-appb-100013
    Figure PCTCN2018121874-appb-100014
    If x>3, node A calculates
    Figure PCTCN2018121874-appb-100015
    (i is a natural number, and 0 < i < x-1) and gets Kx;
    量子网络管理服务器再令节点Cx计算
    Figure PCTCN2018121874-appb-100016
    令节点Ci计算
    Figure PCTCN2018121874-appb-100017
    (i是自然数且x<i<n+1),并分别把计算结果Rx、Ri(i是自然数且x<i<n+1)及其相应节点的ID一起发给节点B;如果在限定的时间内节点B没有接收到某些节点的计算结果,则节点B请求相应节点重发相应的计算结果,直到接收到所述(n-x+1)个异或运算计算结果;节点B把所述(n-x+1)个异或运算结果与K(n+1)一起进行异或运算,即,节点B计算
    Figure PCTCN2018121874-appb-100018
    Figure PCTCN2018121874-appb-100019
    (i是自然数且x<i<n+1)并得到中继密钥Kx;从而把Kx从节点A安全中继到节点B,节点B把Kx作为中继密钥R,或者节点A产生一个密钥R并利用Kx加密发给节点B,节点B利用Kx解密得到中继密钥R。     Quantum Network Management Server Let Node Cx Calculate
    Figure PCTCN2018121874-appb-100016
    Let node Ci calculate
    Figure PCTCN2018121874-appb-100017
    (i is a natural number and x<i<n+1), and respectively send the calculation result Rx, Ri (i is a natural number and x<i<n+1) and the ID of the corresponding node to the node B; if it is limited The Node B does not receive the calculation result of some nodes in the time, and the Node B requests the corresponding node to resend the corresponding calculation result until the (n-x+1) XOR operation calculation result is received; The (n-x+1) XOR operation result is XORed with K(n+1), that is, Node B calculation
    Figure PCTCN2018121874-appb-100018
    Figure PCTCN2018121874-appb-100019
    (i is a natural number and x<i<n+1) and obtains the relay key Kx; thus, Kx is securely relayed from node A to node B, node B uses Kx as relay key R, or node A generates one The key R is sent to the Node B by Kx encryption, and the Node B decrypts it by Kx to obtain the relay key R.
  4. 根据权利要求1或权利要求2或权利要求3中的所述的方法,其特征在于:所述密钥标识所包含的内容包括当前节点ID、相邻节点ID、密钥编号和密钥数据长度。The method according to claim 1 or claim 2 or claim 3, wherein the content of the key identifier comprises a current node ID, a neighbor node ID, a key number, and a key data length. .
  5. 根据权利要求1所述的方法,其特征在于,量子网络管理服务器得到参与该次中继服务的中继节点的地址的方法为:量子网络管理服务器根据该次中继服务的源节点和目标节点的地址,查询所存储的中继路由表,得到该次中继服务的源节点和目标节点间各个中继量子服务节点的地址。The method according to claim 1, wherein the method for the quantum network management server to obtain the address of the relay node participating in the relay service is: the quantum network management server according to the source node and the target node of the relay service The address, query the stored relay routing table, and obtain the address of each relay quantum service node between the source node and the target node of the relay service.
  6. 根据权利要求1所述的方法,所述中继路由表,其特征在于:The method according to claim 1, wherein said relay routing table is characterized by:
    (6-1)中继路由表由若干条记录组成,每一条记录的内容包括:本机地址、目标地址和下一跳地址;(6-1) The relay routing table consists of several records, each of which includes: local address, destination address, and next hop address;
    (6-2)量子密钥分配网络的各个量子服务节点中都保存有自己的中继路由表;(6-2) Each quantum service node of the quantum key distribution network stores its own relay routing table;
    (6-3)量子网络管理服务器中存储有每个量子服务节点的当前中继路由表;(6-3) a current relay routing table of each quantum service node is stored in the quantum network management server;
    (6-4)量子密钥分配网络的拓扑结构变化后,中继路由表也随之更新。(6-4) After the topology of the quantum key distribution network changes, the relay routing table is also updated.
  7. 根据权利要求1所述的方法,所述量子服务节点的当前状态指标,其特征在于:The method of claim 1, the current state indicator of the quantum service node, characterized by:
    (7-1)反映所述量子服务节点当前负担的中继任务的繁重状态的指标,所述指标是一个量化的指标,其中,包括所述量子服务节点的额定量子密钥分发速率、当前正在参与的中继任务数 量和各个中继任务的量子密钥消耗速率;(7-1) an indicator reflecting a heavy state of a relay task currently burdened by the quantum service node, the indicator being a quantized indicator, wherein the quantum service key distribution rate of the quantum service node is included, currently The number of participating relay tasks and the quantum key consumption rate of each relay task;
    (7-2)反映所述量子服务节点在量子密钥分配网络中当前所处的位置状态的指标是一个量化的指标,包括:所述量子服务节点与其他量子服务节点之间存在有效的量子信道并能够进行量子密钥协商的数量以及所述量子服务节点与其他量子服务节点间的跳数。(7-2) an indicator reflecting the current position state of the quantum service node in the quantum key distribution network is a quantitative indicator, comprising: an effective quantum exists between the quantum service node and other quantum service nodes The number of channels and the number of quantum key negotiations and the number of hops between the quantum service node and other quantum service nodes.
  8. 根据权利要求1所述的方法,其特征在于,所述量子服务节点包括:基于单个量子密钥分发终端形成的量子密钥中继服务器、基于多个量子密钥分发终端形成的量子密钥中继服务器,其中量子密钥分发终端包括量子密钥分发系统的收发一体机和量子密钥分发系统的发送端或接收端。The method according to claim 1, wherein said quantum service node comprises: a quantum key relay server formed based on a single quantum key distribution terminal, and a quantum key formed based on a plurality of quantum key distribution terminals Following the server, wherein the quantum key distribution terminal includes a transceiver unit of the quantum key distribution system and a transmitting end or receiving end of the quantum key distribution system.
  9. 根据权利要求1所述的方法,其特征在于,所述中继节点发送其与相邻中继节点之间的两个共享量子密钥的异或运算值的方法包括直接发送和加密发送,其中,加密发送是采用所述中继节点与目标节点之间的共享密钥加密后再发送,目标节点采用相应的共享密钥进行解密。The method according to claim 1, wherein the method for the relay node to transmit an exclusive OR operation value of two shared quantum keys between the relay node and the adjacent relay node comprises direct transmission and encrypted transmission, wherein The encrypted transmission is encrypted by using the shared key between the relay node and the target node, and the target node decrypts by using the corresponding shared key.
  10. 根据权利要求3所述的方法,其特征在于,所述量子网络管理服务器选择并指定最优的提供该次中继服务的中继节点的方法为:The method according to claim 3, wherein the method for the quantum network management server to select and specify the optimal relay node providing the relay service is:
    (10-1)量子网络管理服务器向参与该次中继服务的中继节点发送指令,令所述中继节点将各自当前的状态指标上传到量子网络管理服务器;(10-1) the quantum network management server sends an instruction to the relay node participating in the relay service, so that the relay node uploads each current state indicator to the quantum network management server;
    (10-2)量子网络管理服务器收集所述中继节点的当前状态指标,据此判断得到本次通信中最优的提供该次中继服务的可信中继节点。(10-2) The quantum network management server collects the current state indicator of the relay node, and accordingly determines the trusted relay node that provides the relay service optimally in the current communication.
PCT/CN2018/121874 2017-12-29 2018-12-19 Quantum key relay method WO2019128785A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711470571.1 2017-12-29
CN201711470571.1A CN109995515B (en) 2017-12-29 2017-12-29 Quantum key relay method

Publications (1)

Publication Number Publication Date
WO2019128785A1 true WO2019128785A1 (en) 2019-07-04

Family

ID=67063128

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/121874 WO2019128785A1 (en) 2017-12-29 2018-12-19 Quantum key relay method

Country Status (2)

Country Link
CN (1) CN109995515B (en)
WO (1) WO2019128785A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112994883A (en) * 2021-04-22 2021-06-18 浙江九州量子信息技术股份有限公司 Symmetric key negotiation system and method based on quantum key and true random number source
WO2021161386A1 (en) * 2020-02-10 2021-08-19 日本電信電話株式会社 Information sharing system, information sharing method, information sharing device, relay device, and program
EP3905094A1 (en) * 2020-04-30 2021-11-03 Deutsche Telekom AG System and method for distributing quantum-safe keys over longer distances
CN114362942A (en) * 2020-12-30 2022-04-15 广东国腾量子科技有限公司 Network architecture based on quantum secret communication and parallel key reading method
GB2604666A (en) * 2021-01-29 2022-09-14 Arqit Ltd Key exchange protocol chaining

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110677241B (en) * 2019-09-01 2022-04-15 成都量安区块链科技有限公司 Quantum network virtualization architecture method and device
CN110690928B (en) * 2019-09-01 2020-10-16 成都量安区块链科技有限公司 Quantum relay link virtualization method and device
CN112367163B (en) * 2019-09-01 2023-09-26 成都量安区块链科技有限公司 Quantum network virtualization method and device
CN112367124B (en) * 2019-09-01 2022-07-15 成都量安区块链科技有限公司 Quantum relay node virtualization method and device
CN110557253B (en) * 2019-10-14 2023-06-06 成都量安区块链科技有限公司 Relay route acquisition method, device and application system
CN110808835B (en) * 2019-11-19 2021-06-29 北京邮电大学 Quantum key distribution network and quantum key distribution method and device
CN111555864B (en) * 2020-04-02 2023-03-17 广东国科量子通信网络有限公司 Satellite-ground integrated quantum key distribution network and networking method thereof
CN112019331B (en) * 2020-08-11 2023-09-26 如般量子科技有限公司 Encryption and decryption method and system for quantum secret communication
CN112688909B (en) * 2020-09-29 2021-09-21 北京海泰方圆科技股份有限公司 Data transmission system, method, device, medium and equipment
CN112422286B (en) * 2020-11-30 2024-03-05 中通服咨询设计研究院有限公司 Quantum key distribution method based on trust center
CN114401085B (en) * 2020-12-30 2023-11-28 广东国腾量子科技有限公司 Network architecture and key storage method of quantum secret communication network
CN114362936A (en) * 2020-12-30 2022-04-15 广东国腾量子科技有限公司 Secret key relay method in communication network based on quantum secrecy
CN114362947B (en) * 2022-03-17 2022-12-02 成都量安区块链科技有限公司 Wide-area quantum key service method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011127A2 (en) * 2008-07-23 2010-01-28 Mimos Berhad Quantum network relay
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN107094078A (en) * 2017-06-01 2017-08-25 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and synchronous method based on multilevel relay
CN107147492A (en) * 2017-06-01 2017-09-08 浙江九州量子信息技术股份有限公司 A kind of cipher key service System and method for communicated based on multiple terminals
CN107248913A (en) * 2017-07-28 2017-10-13 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and method based on dynamic group net fault detect

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103338448A (en) * 2013-06-07 2013-10-02 国家电网公司 Wireless local area network security communication method based on quantum key distribution
CN107493168B (en) * 2017-09-07 2019-10-22 中国电子科技集团公司第三十研究所 Quanta identity authentication method and its application method during quantum key distribution

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010011127A2 (en) * 2008-07-23 2010-01-28 Mimos Berhad Quantum network relay
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN107094078A (en) * 2017-06-01 2017-08-25 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and synchronous method based on multilevel relay
CN107147492A (en) * 2017-06-01 2017-09-08 浙江九州量子信息技术股份有限公司 A kind of cipher key service System and method for communicated based on multiple terminals
CN107248913A (en) * 2017-07-28 2017-10-13 浙江九州量子信息技术股份有限公司 A kind of quantum key synchronization system and method based on dynamic group net fault detect

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021161386A1 (en) * 2020-02-10 2021-08-19 日本電信電話株式会社 Information sharing system, information sharing method, information sharing device, relay device, and program
JPWO2021161386A1 (en) * 2020-02-10 2021-08-19
EP3905094A1 (en) * 2020-04-30 2021-11-03 Deutsche Telekom AG System and method for distributing quantum-safe keys over longer distances
CN114362942A (en) * 2020-12-30 2022-04-15 广东国腾量子科技有限公司 Network architecture based on quantum secret communication and parallel key reading method
GB2604666A (en) * 2021-01-29 2022-09-14 Arqit Ltd Key exchange protocol chaining
GB2604666B (en) * 2021-01-29 2023-05-17 Arqit Ltd Key exchange protocol chaining
CN112994883A (en) * 2021-04-22 2021-06-18 浙江九州量子信息技术股份有限公司 Symmetric key negotiation system and method based on quantum key and true random number source
CN112994883B (en) * 2021-04-22 2021-08-13 浙江九州量子信息技术股份有限公司 Symmetric key negotiation system and method based on quantum key and true random number source

Also Published As

Publication number Publication date
CN109995515B (en) 2020-08-11
CN109995515A (en) 2019-07-09

Similar Documents

Publication Publication Date Title
WO2019128785A1 (en) Quantum key relay method
CN109995510B (en) Quantum key relay service method
CN110581763B (en) Quantum key service block chain network system
WO2019128753A1 (en) Quantum key mobile service method with low delay
WO2016206498A1 (en) First quantum node, second quantum node, secure communications architecture system, and method
WO2018082345A1 (en) Quantum key relay method and device based on centralized management and control network
JP6223884B2 (en) COMMUNICATION DEVICE, COMMUNICATION METHOD, AND PROGRAM
CN108510270B (en) Mobile transfer method with safe quantum
US20060200678A1 (en) Wireless access point apparatus and method of establishing secure wireless links
CN111277404B (en) Method for realizing quantum communication service block chain
CN105471576A (en) Quantum key relaying method, quantum terminal nodes and quantum key relaying system
KR101485279B1 (en) Switch equipment and data processing method for supporting link layer security transmission
KR20120106830A (en) Method and system for secret communication between nodes
CN109995511A (en) A kind of mobile secret communication method based on quantum key distribution network
CN109995514A (en) A kind of safe and efficient quantum key Information Mobile Service method
US10148654B2 (en) Encryption for a synchronous wireless link
CN111342952B (en) Safe and efficient quantum key service method and system
CN111669270A (en) Quantum encryption transmission method and device based on label switching
CN109995512A (en) A kind of mobile security application method based on quantum key distribution network
US20210058312A1 (en) Discovery for token secured routing
Kong Challenges of routing in quantum key distribution networks with trusted nodes for key relaying
CN115277200B (en) Multi-node key auto-negotiation management method for link layer transparent encryption system
US20120216036A1 (en) Encryption methods and systems
CN114362938B (en) Quantum communication key management dynamic route generation network architecture and method
CN114401085B (en) Network architecture and key storage method of quantum secret communication network

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18896209

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18896209

Country of ref document: EP

Kind code of ref document: A1