WO2022142460A1 - Centralized quantum cryptography network group key distribution method and system - Google Patents

Centralized quantum cryptography network group key distribution method and system Download PDF

Info

Publication number
WO2022142460A1
WO2022142460A1 PCT/CN2021/117783 CN2021117783W WO2022142460A1 WO 2022142460 A1 WO2022142460 A1 WO 2022142460A1 CN 2021117783 W CN2021117783 W CN 2021117783W WO 2022142460 A1 WO2022142460 A1 WO 2022142460A1
Authority
WO
WIPO (PCT)
Prior art keywords
group key
routing
node
key distribution
spanning tree
Prior art date
Application number
PCT/CN2021/117783
Other languages
French (fr)
Chinese (zh)
Inventor
原磊
Original Assignee
科大国盾量子技术股份有限公司
山东量子科学技术研究院有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 科大国盾量子技术股份有限公司, 山东量子科学技术研究院有限公司 filed Critical 科大国盾量子技术股份有限公司
Publication of WO2022142460A1 publication Critical patent/WO2022142460A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure

Definitions

  • the present invention requires the priority of the Chinese patent application filed on December 28, 2020 with the application number 202011584517.1 and titled "A method and system for group key distribution in a centralized quantum cryptography network", the entire contents of which are Incorporated herein by reference.
  • the invention belongs to the technical field of encrypted communication of quantum cryptography networks, and in particular relates to a centralized quantum cryptography network group key distribution method and system.
  • Quantum cryptography is developing rapidly. Quantum keys have received extensive attention due to their unique security characteristics, and are gradually becoming commercialized.
  • the research on quantum key services is the key to promoting large-scale services for users of quantum keys. , so there are more and more related researches on quantum key services.
  • the quantum key service mode is generally divided into: single-ended random number key service mode, end-to-end key service mode, and group key service mode.
  • the group key service mode is used to serve the communication between multi-party applications in the quantum key distribution (QKD) networking environment, such as video conferencing, online games, video on demand, stock market trading, billing TV networks, etc.
  • QKD quantum key distribution
  • Class applications can be regarded as applications for group communication in an open network environment.
  • the group key in the current quantum cryptography network is obtained through the key relay between the nodes of the quantum cryptography network.
  • the quantum cryptographic network nodes participating in the group communication in the quantum cryptographic network are obtained through quantum key relay.
  • the process of group key is called quantum cryptography network group key distribution).
  • the group key is relayed between quantum cryptography network nodes. The longer the distance of the relay path, the greater the generation cost of the relay key. How to complete the distribution of all group keys in the shortest or shorter total path is the current group key.
  • a problem not considered by the key application scheme, and this problem is directly related to the cost of group key encrypted communication.
  • the current literature mostly focuses on how to improve the speed of group key distribution, and does not consider the above problems.
  • the patent document with the application number of 201811073923.4 discloses a quantum group key agreement method for a quantum key distribution network.
  • the negotiation method includes: the user layer submits a group key service application to the group key service requirement layer; the group key service requirement layer receives the group key service application proposed by the user layer, and submits the group key to the group key service provider layer Service application; the group key service provider layer selects a quantum key distribution device that meets the conditions to obtain the group key through negotiation, and encrypts the obtained group key and distributes it to the group key service demand layer; The key is distributed to the user layer; the user layer uses the key block to encrypt the communication of the communication group, and distributes the encrypted data to the corresponding users of the user layer.
  • the invention can simply and efficiently complete the negotiation of the group key. However, this invention does not consider the problem of path cost of group key distribution, and does not adopt the best path for group key distribution, which increases the path cost of group key distribution, thereby increasing the cost of group key encrypted communication.
  • the present invention proposes a centralized quantum cryptography network group key distribution method and system.
  • the present invention considers the path cost of group key distribution, adopts the best path for group key distribution, and ensures group encryption On the basis of the key distribution speed, the path cost of group key distribution is effectively reduced, thereby reducing the cost of group key encrypted communication.
  • the present invention adopts the following technical solutions:
  • a centralized quantum cryptography network group key distribution method comprising the following steps:
  • Aiming at the best overall path of group key distribution calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network;
  • the group key distribution starts from the root node of the routing spanning tree, and it is transmitted layer by layer until all nodes on the routing spanning tree obtain the group key.
  • the optimal path is used for group key distribution, which effectively reduces the path cost of group key distribution on the basis of ensuring the speed of group key distribution.
  • the steps of the method are performed cyclically in each routing cycle.
  • the node information is the quantum cryptography network node ID where the group members are located.
  • the specific process of calculating the routing spanning tree for group key distribution in the next routing period according to the routing graph of the quantum cryptographic network includes:
  • the node at the central position is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
  • step (2) includes:
  • the root node of the routing spanning tree starts the group key distribution, and the specific process of layer-by-layer transmission includes: the root node of the routing spanning tree selects a true random number as the group key, saves the group key, and at the same time distributes the group key. The key is relayed to each child node of the root node of the routing spanning tree, and the child node distributes the group key to the next layer of child nodes.
  • each node in the routing spanning tree receives the group key distributed by the upper-level node, and saves the group key. If the node still has child nodes in the routing spanning tree, the group key is relayed to the routing tree. Each child node of the current node of the spanning tree.
  • the group key is distributed in parallel using multiple lines.
  • a centralized quantum cryptography network group key distribution system comprising:
  • the group communication authentication server is configured to obtain the quantum cryptographic network node information of the group members who newly join or leave the group communication, and send it to the group key distribution routing server;
  • the group key distribution routing server is configured to take the best overall path of group key distribution as the goal, calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network, and send the routing spanning tree to each A quantum cryptographic network node where a group member is located;
  • the quantum cryptography network node where the group members are located is configured to distribute the group key from the root node of the routing spanning tree according to the routing spanning tree information, and pass it layer by layer until all nodes on the routing spanning tree obtain the group key.
  • the group key distribution routing server is connected to the group communication authentication server, and communicates with the quantum cryptography network node where each group member is located, providing routing services for group key distribution for each node;
  • the group communication authentication server is configured to provide registration, login authentication and logout management for quantum cryptography network nodes.
  • the invention provides a global optimal path for group key distribution planning by establishing a centralized group key distribution routing server, which saves the path cost of group key distribution, thereby reducing the group key encryption communication cost.
  • the invention selects the node at the central position as the root node of group key distribution, and uses the root node as the initial node of group key distribution, which helps to improve the speed of group key distribution and reduce the key relay of group key distribution. path cost.
  • the routing spanning tree-based group key distribution method provided by the present invention is easy to form multi-line parallel distribution during the group key distribution process, which improves the speed of group key distribution.
  • FIG. 1 is a system structure diagram provided by at least one embodiment of the present invention.
  • a centralized quantum cryptography network group key distribution method comprising the following steps:
  • the node ID of the quantum cryptography network where the group members are located can be selected;
  • Aiming at the best overall path of group key distribution calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network;
  • the root node of the routing spanning tree starts group key distribution and transfers it layer by layer. Specifically, the group key distribution starts from the root node of the routing spanning tree.
  • the node selects a true random number as the group key, saves the group key, and at the same time relays the group key to each child node of the root node of the routing spanning tree, and the child node distributes the group key to the next layer of children. node.
  • each node in the routing spanning tree receives the group key distributed by the upper-level node, and saves the group key. If the node still has child nodes in the routing spanning tree, the group key is relayed to the routing tree. Every child node of this node of the spanning tree; until all nodes on the routing spanning tree have obtained the group key.
  • the optimal path is used for group key distribution, which effectively reduces the path cost of group key distribution on the basis of ensuring the speed of group key distribution.
  • the specific process of calculating the routing spanning tree of group key distribution in the next routing period according to the routing graph of the quantum cryptographic network includes:
  • step (3) Repeat step (3) until the set V is empty.
  • the node at the central position is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
  • the group keys are distributed in parallel using multiple lines.
  • subsequent key distribution is performed from the root node. If there are multiple root nodes, one root node can be selected from these root nodes as the final root node, and then other root nodes are regarded as child nodes of the root node, and subsequent key distribution starts.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1:
  • a centralized quantum cryptography network group key distribution system the entire system includes a group communication authentication server, a routing server for group key distribution, and a quantum cryptography network node where group members participating in group communication are located (referred to as group node).
  • a group key distribution routing server (hereinafter referred to as a routing server) is established in the quantum cryptographic network to provide group nodes with routing services for group key distribution.
  • the routing server is connected with the group communication authentication server, and the group communication authentication server is responsible for the registration, login authentication and exit management of the group members participating in the group communication.
  • the group communication authentication server sends the quantum cryptography network node ID of the group members participating in the group communication to the group key distribution routing server. In each routing cycle, the group communication authentication server will join or exit the group communication group.
  • the quantum cryptography network node ID where the member is located is sent to the group key distribution routing server.
  • the group key distribution routing server calculates the routing spanning tree for the next routing cycle group key distribution according to the routing graph of the quantum cryptography network, and sends the routing spanning tree information. to the quantum cryptographic network node where each group member is located.
  • the routing server does not need to recalculate the routing spanning tree, and each group node does not need to update the routing spanning tree.
  • the group key distribution process for group nodes is as follows:
  • the quantum cryptography network node where each group member is located receives the routing spanning tree information sent by the group key distribution routing server.
  • the root node of the routing spanning tree first starts the group key distribution, and the root node selects a true random number as the group key and saves it.
  • the group key is relayed to each child node of the root node of the routing spanning tree.
  • Each node in the routing spanning tree receives the group key distributed by the upper node, and saves the group key. If the node still has child nodes in the routing spanning tree, it relays the group key to the current node of the routing spanning tree. each child node. Until the routing spanning tree nodes have obtained the group key.
  • the method for the group key distribution routing server to determine the routing spanning tree for group key distribution in the next routing period according to the routing graph of the quantum cryptography network is:
  • (1) first determine the root node of the routing spanning tree of the group node, calculate the path sum of each group node to other nodes, and use the minimum group node S as the root node of the routing spanning tree;
  • step 3 Repeat step 3 until the set V is empty.
  • step (1) the central node among all group nodes is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
  • embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions
  • the apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Provided are a centralized quantum cryptography network group key distribution method and system. The method comprises: acquiring information of a node that newly joins or exits group communication; by taking an optimal total group key distribution path as the target, calculating a routing spanning tree of group key distribution within the next routing period according to a routing map of a quantum cryptography network; and according to information of the routing spanning tree, performing group key distribution starting from a root node of the routing spanning tree, and transmitting a group key layer by layer until all nodes on the routing spanning tree acquire the group key. By means of the present invention, the path cost of group key distribution is reduced, thereby reducing the encryption communication cost of a group key.

Description

一种集中式量子密码网络组密钥分发方法及系统A centralized quantum cryptography network group key distribution method and system
本发明要求于2020年12月28日提交中国专利局、申请号为202011584517.1、发明名称为“一种集中式量子密码网络组密钥分发方法及系统”的中国专利申请的优先权,其全部内容通过引用结合在本发明中。The present invention requires the priority of the Chinese patent application filed on December 28, 2020 with the application number 202011584517.1 and titled "A method and system for group key distribution in a centralized quantum cryptography network", the entire contents of which are Incorporated herein by reference.
技术领域technical field
本发明属于量子密码网络的加密通信技术领域,具体涉及一种集中式量子密码网络组密钥分发方法及系统。The invention belongs to the technical field of encrypted communication of quantum cryptography networks, and in particular relates to a centralized quantum cryptography network group key distribution method and system.
背景技术Background technique
本部分的陈述仅仅是提供了与本发明相关的背景技术信息,不必然构成在先技术。The statements in this section merely provide background information related to the present invention and do not necessarily constitute prior art.
当前,量子密码学发展迅速,量子密钥以其独有的安全特性,得到了广泛的重视,正逐步走向商用,量子密钥服务相关内容的研究是推动量子密钥大规模服务用户的关键所在,因此,对于量子密钥服务的相关研究也越来越多。At present, quantum cryptography is developing rapidly. Quantum keys have received extensive attention due to their unique security characteristics, and are gradually becoming commercialized. The research on quantum key services is the key to promoting large-scale services for users of quantum keys. , so there are more and more related researches on quantum key services.
从目前的研究现状看,根据实际功能需求的不同,一般将量子密钥服务模式划分为:单端随机数密钥服务模式、端端密钥服务模式、组密钥服务模式。其中,组密钥服务模式用于服务量子密钥分发(QKD)组网环境下多方参与的应用之间的通信,如视频会议、网络游戏、视 频点播、股市交易、计费电视网络等,这类应用可以看作是面向开放式网络环境的群组通信的应用。From the current research status, according to the actual functional requirements, the quantum key service mode is generally divided into: single-ended random number key service mode, end-to-end key service mode, and group key service mode. Among them, the group key service mode is used to serve the communication between multi-party applications in the quantum key distribution (QKD) networking environment, such as video conferencing, online games, video on demand, stock market trading, billing TV networks, etc. Class applications can be regarded as applications for group communication in an open network environment.
当前量子密码网络中的组密钥是通过量子密码网络节点之间的密钥中继得到的。人们在应用量子密码网络组密钥时,往往只考虑其应用而没有考虑组密钥分发的路径成本(此处,将量子密码网络中参与组通信的量子密码网络节点通过量子密钥中继获得组密钥的过程,称之为量子密码网络组密钥分发)。组密钥在量子密码网络节点之间中继,中继路径的距离越长,其中继密钥的生成成本越大,如何以最短或较短的总路径完成全部组密钥的分发是当前组密钥应用方案所没有考虑过的问题,而这个问题直接关系到组密钥加密通信的成本。The group key in the current quantum cryptography network is obtained through the key relay between the nodes of the quantum cryptography network. When people apply the quantum cryptographic network group key, they often only consider its application without considering the path cost of group key distribution (here, the quantum cryptographic network nodes participating in the group communication in the quantum cryptographic network are obtained through quantum key relay. The process of group key is called quantum cryptography network group key distribution). The group key is relayed between quantum cryptography network nodes. The longer the distance of the relay path, the greater the generation cost of the relay key. How to complete the distribution of all group keys in the shortest or shorter total path is the current group key. A problem not considered by the key application scheme, and this problem is directly related to the cost of group key encrypted communication.
据发明人了解,目前的文献多集中于如何提高组密钥分发的速度,并未考虑到上述问题。例如,申请号为201811073923.4的专利文献,公开了一种面向量子密钥分发网络的量子组密钥协商方法。该协商方法包括:用户层向组密钥服务需求层提出组密钥服务申请;组密钥服务需求层接收用户层提出的组密钥服务申请,并向组密钥服务提供层提出组密钥服务申请;组密钥服务提供层选择满足条件的量子密钥分发设备协商得到组密钥,并将得到的组密钥加密后分发给组密钥服务需求层;组密钥服务需求层将组密钥分发给用户层;用户层采用所述密钥块对通信群组进行通信加密,并将加密后的数据分发给所述用户层的对应用户。该发明能简单、高效地完成组密钥的协商。但该发明没有考虑组密钥分发的路径成本问题,没有采用最佳路径进行组密钥 分发,增加了组密钥分发的路径成本,从而增加了组密钥加密通信的成本。As far as the inventors know, the current literature mostly focuses on how to improve the speed of group key distribution, and does not consider the above problems. For example, the patent document with the application number of 201811073923.4 discloses a quantum group key agreement method for a quantum key distribution network. The negotiation method includes: the user layer submits a group key service application to the group key service requirement layer; the group key service requirement layer receives the group key service application proposed by the user layer, and submits the group key to the group key service provider layer Service application; the group key service provider layer selects a quantum key distribution device that meets the conditions to obtain the group key through negotiation, and encrypts the obtained group key and distributes it to the group key service demand layer; The key is distributed to the user layer; the user layer uses the key block to encrypt the communication of the communication group, and distributes the encrypted data to the corresponding users of the user layer. The invention can simply and efficiently complete the negotiation of the group key. However, this invention does not consider the problem of path cost of group key distribution, and does not adopt the best path for group key distribution, which increases the path cost of group key distribution, thereby increasing the cost of group key encrypted communication.
发明内容SUMMARY OF THE INVENTION
本发明为了解决上述问题,提出了一种集中式量子密码网络组密钥分发方法及系统,本发明考虑组密钥分发的路径成本问题,采用最佳路径进行组密钥分发,在保证组密钥分发速度的基础上,有效减少了组密钥分发的路径成本,从而降低了组密钥加密通信的成本。In order to solve the above problems, the present invention proposes a centralized quantum cryptography network group key distribution method and system. The present invention considers the path cost of group key distribution, adopts the best path for group key distribution, and ensures group encryption On the basis of the key distribution speed, the path cost of group key distribution is effectively reduced, thereby reducing the cost of group key encrypted communication.
根据一些实施例,本发明采用如下技术方案:According to some embodiments, the present invention adopts the following technical solutions:
一种集中式量子密码网络组密钥分发方法,包括以下步骤:A centralized quantum cryptography network group key distribution method, comprising the following steps:
获取新加入或退出组通信的节点信息;Get the information of nodes newly joining or leaving group communication;
以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树;Aiming at the best overall path of group key distribution, calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network;
根据路由生成树信息,由路由生成树根节点开始组密钥分发,逐层传递,直到路由生成树上所有节点均获得组密钥为止。According to the routing spanning tree information, the group key distribution starts from the root node of the routing spanning tree, and it is transmitted layer by layer until all nodes on the routing spanning tree obtain the group key.
上述方案中,采用最佳路径进行组密钥分发,在保证组密钥分发速度的基础上,有效减少了组密钥分发的路径成本。In the above scheme, the optimal path is used for group key distribution, which effectively reduces the path cost of group key distribution on the basis of ensuring the speed of group key distribution.
作为可选择的实施方式,所述方法的各步骤在每个路由周期循环执行。As an optional embodiment, the steps of the method are performed cyclically in each routing cycle.
作为可选择的实施方式,所述节点信息为组成员所在的量子密码网络节点ID。As an optional implementation manner, the node information is the quantum cryptography network node ID where the group members are located.
作为可选择的实施方式,如果在某一路由周期内无新加入或退出 组通信的节点,则不需要重新计算路由生成树。As an alternative embodiment, if there is no new node joining or leaving the group communication within a certain routing period, it is not necessary to recalculate the routing spanning tree.
作为可选择的实施方式,以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树的具体过程包括:As an optional implementation, aiming at the best overall path of group key distribution, the specific process of calculating the routing spanning tree for group key distribution in the next routing period according to the routing graph of the quantum cryptographic network includes:
(1)确定路由生成树的根节点,计算每一个节点到其它节点的路径和,将和最小的节点S作为路由生成树的根节点;(1) Determine the root node of the routing spanning tree, calculate the path sum from each node to other nodes, and use the node S with the smallest sum as the root node of the routing spanning tree;
(2)查找剩余节点中密钥中继的路径长度最短的节点,将其作为子节点,不断重复,直到无剩余节点。(2) Find the node with the shortest path length of the key relay among the remaining nodes, take it as a child node, and repeat until there are no remaining nodes.
在上述实施方式中,选择中位于中心位置的节点为组密钥分发的根节点,以根节点作为组密钥分发的初始节点,有助于提高组密钥分发的速度。In the above embodiment, the node at the central position is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
作为进一步的限定,所述步骤(2)的具体过程包括:As a further limitation, the specific process of the step (2) includes:
(2-1)所有除节点S以外的节点的集合记为V,将路由生成树的集合记为(U,T),U为生成树的节点集合,T为生成树中的连接节点的边集合,初始时,U只包含一个根节点S,T为空;(2-1) The set of all nodes except node S is denoted as V, the set of route spanning tree is denoted as (U, T), U is the node set of the spanning tree, and T is the edge connecting the nodes in the spanning tree Set, initially, U only contains one root node S, T is empty;
(2-2)查找集合U和V中节点间密钥中继的路径长度最短的两个节点设为u和v,其中u∈U,v∈V,将边(u,v)加入集合T,将v加入集合U,同时从集合V中删除节点v;(2-2) Find the two nodes with the shortest path length of the key relay between nodes in the sets U and V as u and v, where u ∈ U, v ∈ V, add the edge (u, v) to the set T , add v to set U, and delete node v from set V at the same time;
(2-3)重复步骤(2-2),直到集合V为空。(2-3) Repeat step (2-2) until the set V is empty.
作为可选择的实施方式,由路由生成树根节点开始组密钥分发,逐层传递的具体过程包括:路由生成树的根节点选择真随机数作为组 密钥,保存组密钥,同时将组密钥分别中继到路由生成树本根节点的每一个子节点,所述子节点再分发组密钥给下一层子节点。As an optional implementation, the root node of the routing spanning tree starts the group key distribution, and the specific process of layer-by-layer transmission includes: the root node of the routing spanning tree selects a true random number as the group key, saves the group key, and at the same time distributes the group key. The key is relayed to each child node of the root node of the routing spanning tree, and the child node distributes the group key to the next layer of child nodes.
作为进一步的限定,每一个路由生成树中的节点收到上层节点分发的组密钥,保存组密钥,如果本节点在路由生成树上还存在子节点,则将组密钥中继到路由生成树本节点的每一个子节点。As a further limitation, each node in the routing spanning tree receives the group key distributed by the upper-level node, and saves the group key. If the node still has child nodes in the routing spanning tree, the group key is relayed to the routing tree. Each child node of the current node of the spanning tree.
作为可选择的实施方式,如果存在多条最佳组密钥分发总路径,利用多线路并行分发组密钥。As an alternative embodiment, if there are multiple optimal group key distribution paths, the group key is distributed in parallel using multiple lines.
一种集中式量子密码网络组密钥分发系统,包括:A centralized quantum cryptography network group key distribution system, comprising:
组通信认证服务器,被配置为获取新加入或退出组通信的组成员所在的量子密码网络节点信息,并发送给组密钥分发路由服务器;The group communication authentication server is configured to obtain the quantum cryptographic network node information of the group members who newly join or leave the group communication, and send it to the group key distribution routing server;
组密钥分发路由服务器,被配置为以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树,将路由生成树发送给每一个组成员所在的量子密码网络节点;The group key distribution routing server is configured to take the best overall path of group key distribution as the goal, calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network, and send the routing spanning tree to each A quantum cryptographic network node where a group member is located;
组成员所在的量子密码网络节点,被配置为根据路由生成树信息,由路由生成树根节点开始组密钥分发,逐层传递,直到路由生成树上所有节点均获得组密钥为止。The quantum cryptography network node where the group members are located is configured to distribute the group key from the root node of the routing spanning tree according to the routing spanning tree information, and pass it layer by layer until all nodes on the routing spanning tree obtain the group key.
作为可选择的实施方式,组密钥分发路由服务器与组通信认证服务器相连,且与各个组成员所在的量子密码网络节点通信,为各个节点提供组密钥分发的路由服务;As an optional embodiment, the group key distribution routing server is connected to the group communication authentication server, and communicates with the quantum cryptography network node where each group member is located, providing routing services for group key distribution for each node;
所述组通信认证服务器,被配置为对量子密码网络节点提供注册、登陆认证和退出管理。The group communication authentication server is configured to provide registration, login authentication and logout management for quantum cryptography network nodes.
与现有技术相比,本发明的有益效果为:Compared with the prior art, the beneficial effects of the present invention are:
本发明通过建立集中式组密钥分发路由服务器为组密钥分发规划提供全局最优路径,节约了组密钥分发的路径成本,从而降低了组密钥加密通信成本。The invention provides a global optimal path for group key distribution planning by establishing a centralized group key distribution routing server, which saves the path cost of group key distribution, thereby reducing the group key encryption communication cost.
本发明选择位于中心位置的节点为组密钥分发的根节点,以根节点作为组密钥分发的初始节点,有助于提高组密钥分发的速度,降低组密钥分发的密钥中继路径成本。The invention selects the node at the central position as the root node of group key distribution, and uses the root node as the initial node of group key distribution, which helps to improve the speed of group key distribution and reduce the key relay of group key distribution. path cost.
本发明提供的基于路由生成树的组密钥分发方法在组密钥分发过程中容易形成多线路并行分发,这提高了组密钥分发的速度。The routing spanning tree-based group key distribution method provided by the present invention is easy to form multi-line parallel distribution during the group key distribution process, which improves the speed of group key distribution.
为使本发明的上述目的、特征和优点能更明显易懂,下文特举较佳实施例,并配合所附附图,作详细说明如下。In order to make the above-mentioned objects, features and advantages of the present invention more obvious and easy to understand, preferred embodiments are given below, and are described in detail as follows in conjunction with the accompanying drawings.
附图说明Description of drawings
构成本发明的一部分的说明书附图用来提供对本发明的进一步理解,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。The accompanying drawings forming a part of the present invention are used to provide further understanding of the present invention, and the exemplary embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute an improper limitation of the present invention.
图1为本发明至少一个实施例提供的系统结构图。FIG. 1 is a system structure diagram provided by at least one embodiment of the present invention.
具体实施方式:Detailed ways:
下面结合附图与实施例对本发明作进一步说明。The present invention will be further described below with reference to the accompanying drawings and embodiments.
应该指出,以下详细说明都是例示性的,旨在对本发明提供进一步的说明。除非另有指明,本文使用的所有技术和科学术语具有与本发明所属技术领域的普通技术人员通常理解的相同含义。It should be noted that the following detailed description is exemplary and intended to provide further explanation of the invention. Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
需要注意的是,这里所使用的术语仅是为了描述具体实施方式,而非意图限制根据本发明的示例性实施方式。如在这里所使用的,除非上下文另外明确指出,否则单数形式也意图包括复数形式,此外,还应当理解的是,当在本说明书中使用术语“包含”和/或“包括”时,其指明存在特征、步骤、操作、器件、组件和/或它们的组合。It should be noted that the terminology used herein is for the purpose of describing specific embodiments only, and is not intended to limit the exemplary embodiments according to the present invention. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural as well, furthermore, it is to be understood that when the terms "comprising" and/or "including" are used in this specification, it indicates that There are features, steps, operations, devices, components and/or combinations thereof.
实施例一:Example 1:
一种集中式量子密码网络组密钥分发方法,包括以下步骤:A centralized quantum cryptography network group key distribution method, comprising the following steps:
每个路由周期,获取新加入或退出组通信的节点信息,在本实施例中,可以选用组成员所在的量子密码网络节点ID;In each routing period, the information of nodes newly joining or exiting the group communication is obtained. In this embodiment, the node ID of the quantum cryptography network where the group members are located can be selected;
以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树;Aiming at the best overall path of group key distribution, calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network;
根据路由生成树信息,由路由生成树根节点开始组密钥分发,逐层传递,具体为:由路由生成树根节点开始组密钥分发,逐层传递的具体过程包括:路由生成树的根节点选择真随机数作为组密钥,保存组密钥,同时将组密钥分别中继到路由生成树本根节点的每一个子节点,所述子节点再分发组密钥给下一层子节点。According to the routing spanning tree information, the root node of the routing spanning tree starts group key distribution and transfers it layer by layer. Specifically, the group key distribution starts from the root node of the routing spanning tree. The node selects a true random number as the group key, saves the group key, and at the same time relays the group key to each child node of the root node of the routing spanning tree, and the child node distributes the group key to the next layer of children. node.
作为进一步的限定,每一个路由生成树中的节点收到上层节点分发的组密钥,保存组密钥,如果本节点在路由生成树上还存在子节点,则将组密钥中继到路由生成树本节点的每一个子节点;直到路由生成树上所有节点均获得组密钥为止。As a further limitation, each node in the routing spanning tree receives the group key distributed by the upper-level node, and saves the group key. If the node still has child nodes in the routing spanning tree, the group key is relayed to the routing tree. Every child node of this node of the spanning tree; until all nodes on the routing spanning tree have obtained the group key.
上述方案中,采用最佳路径进行组密钥分发,在保证组密钥分发 速度的基础上,有效减少了组密钥分发的路径成本。In the above scheme, the optimal path is used for group key distribution, which effectively reduces the path cost of group key distribution on the basis of ensuring the speed of group key distribution.
作为可选择的实施方式,如果在某一路由周期内无新加入或退出组通信的节点,则不需要重新计算路由生成树。As an optional implementation manner, if there is no new node joining or exiting the group communication within a certain routing period, it is not necessary to recalculate the routing spanning tree.
作为可选择的实施方式,以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树的具体过程包括:As an optional embodiment, aiming at the best overall path of group key distribution, the specific process of calculating the routing spanning tree of group key distribution in the next routing period according to the routing graph of the quantum cryptographic network includes:
(1)确定路由生成树的根节点,计算每一个节点到其它节点的路径和,将和最小的节点S作为路由生成树的根节点;(1) Determine the root node of the routing spanning tree, calculate the path sum from each node to other nodes, and use the node S with the smallest sum as the root node of the routing spanning tree;
(2)查找所有除节点S以外的节点的集合记为V,将路由生成树的集合记为(U,T),U为生成树的节点集合,T为生成树中的连接节点的边集合,初始时,U只包含一个根节点S,T为空;(2) Find the set of all nodes other than node S and denote it as V, denote the set of route spanning trees as (U, T), U is the node set of the spanning tree, and T is the edge set connecting the nodes in the spanning tree , initially, U contains only one root node S, and T is empty;
(3)查找集合U和V中节点间密钥中继的路径长度最短的两个节点设为u和v,其中u∈U,v∈V,将边(u,v)加入集合T,将v加入集合U,同时从集合V中删除节点v;(3) Find the two nodes with the shortest path length of the key relay between nodes in the sets U and V as u and v, where u ∈ U, v ∈ V, add the edge (u, v) to the set T, and set the v joins set U and deletes node v from set V at the same time;
(4)重复步骤(3),直到集合V为空。(4) Repeat step (3) until the set V is empty.
在上述实施方式中,选择中位于中心位置的节点为组密钥分发的根节点,以根节点作为组密钥分发的初始节点,有助于提高组密钥分发的速度。In the above embodiment, the node at the central position is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
当然,某些实施例中,如果存在多条最佳组密钥分发总路径,利用多线路并行分发组密钥。Of course, in some embodiments, if there are multiple optimal group key distribution paths, the group keys are distributed in parallel using multiple lines.
在这些实施例中,如果最终确定有一个根节点,从该根节点开始, 做后续的密钥分发。如果有多个根节点,可以从这些根节点中选一个根节点做最终的根节点,然后其他的根节点视为该根节点的子节点,开始后续的密钥分发。In these embodiments, if it is finally determined that there is a root node, subsequent key distribution is performed from the root node. If there are multiple root nodes, one root node can be selected from these root nodes as the final root node, and then other root nodes are regarded as child nodes of the root node, and subsequent key distribution starts.
实施例二:Embodiment 2:
如图1所示,一种集中式量子密码网络组密钥分发系统,整个系统包括组通信认证服务器、组密钥分发的路由服务器和参与组通信的组成员所在的量子密码网络节点(简称为组节点)。As shown in Figure 1, a centralized quantum cryptography network group key distribution system, the entire system includes a group communication authentication server, a routing server for group key distribution, and a quantum cryptography network node where group members participating in group communication are located (referred to as group node).
在量子密码网络中建立组密钥分发路由服务器(以下简称路由服务器),为组节点提供组密钥分发的路由服务。路由服务器与组通信认证服务器相连,组通信认证服务器负责参与组通信的组成员的注册、登陆认证和退出管理。A group key distribution routing server (hereinafter referred to as a routing server) is established in the quantum cryptographic network to provide group nodes with routing services for group key distribution. The routing server is connected with the group communication authentication server, and the group communication authentication server is responsible for the registration, login authentication and exit management of the group members participating in the group communication.
组通信开始时,组通信认证服务器将参与组通信的组成员所在的量子密码网络节点ID发送给组密钥分发路由服务器,每个路由周期,组通信认证服务器将新加入或退出组通信的组成员所在的量子密码网络节点ID发送给组密钥分发路由服务器,组密钥分发路由服务器根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树,将路由生成树信息发送给每一个组成员所在的量子密码网络节点。When the group communication starts, the group communication authentication server sends the quantum cryptography network node ID of the group members participating in the group communication to the group key distribution routing server. In each routing cycle, the group communication authentication server will join or exit the group communication group. The quantum cryptography network node ID where the member is located is sent to the group key distribution routing server. The group key distribution routing server calculates the routing spanning tree for the next routing cycle group key distribution according to the routing graph of the quantum cryptography network, and sends the routing spanning tree information. to the quantum cryptographic network node where each group member is located.
如果在路由周期内组密钥分发路由服务器收到的量子密码网络节点ID没有变动,则路由服务器不需要重新计算路由生成树,各个组节点也不需要更新路由生成树。If the quantum cryptographic network node ID received by the group key distribution routing server does not change during the routing period, the routing server does not need to recalculate the routing spanning tree, and each group node does not need to update the routing spanning tree.
组节点的组密钥分发过程如下所述:The group key distribution process for group nodes is as follows:
每一个组成员所在的量子密码网络节点收到组密钥分发路由服务器发送的路由生成树信息,路由生成树的根节点首先开始组密钥分发,根节点选择真随机数作为组密钥,保存组密钥,同时将组密钥分别中继到路由生成树本根节点的每一个子节点。每一个路由生成树中的节点收到上层节点分发的组密钥,保存组密钥,如果本节点在路由生成树上还存在子节点,则将组密钥中继到路由生成树本节点的每一个子节点。直到路由生成树节点均获得组密钥为止。The quantum cryptography network node where each group member is located receives the routing spanning tree information sent by the group key distribution routing server. The root node of the routing spanning tree first starts the group key distribution, and the root node selects a true random number as the group key and saves it. At the same time, the group key is relayed to each child node of the root node of the routing spanning tree. Each node in the routing spanning tree receives the group key distributed by the upper node, and saves the group key. If the node still has child nodes in the routing spanning tree, it relays the group key to the current node of the routing spanning tree. each child node. Until the routing spanning tree nodes have obtained the group key.
组密钥分发路由服务器根据量子密码网络的路由图确定下个路由周期组密钥分发的路由生成树的方法为:The method for the group key distribution routing server to determine the routing spanning tree for group key distribution in the next routing period according to the routing graph of the quantum cryptography network is:
(1)首先确定组节点路由生成树的根节点,计算每一个组节点到其它节点的路径和,将和最小的组节点S作为路由生成树的根节点;(1) first determine the root node of the routing spanning tree of the group node, calculate the path sum of each group node to other nodes, and use the minimum group node S as the root node of the routing spanning tree;
(2)将所有除节点S以外的组节点的集合记为V,将路由生成树的集合记为(U,T),U为生成树的节点集合,T为生成树中的连接节点的边集合,初始时,U只包含一个根节点S,T为空;(2) Denote the set of all group nodes except node S as V, and denote the set of route spanning trees as (U, T), where U is the node set of the spanning tree, and T is the edge connecting the nodes in the spanning tree Set, initially, U only contains one root node S, T is empty;
(3)查找U和V中距离最近的两个节点(此处的距离是指节点间密钥中继的最短路径长度),设为u和v,其中u∈U,v∈V,将边(u,v)加入集合T,将v加入集合U,同时从集合V中删除节点v;(3) Find the two closest nodes in U and V (the distance here refers to the shortest path length of the key relay between nodes), set as u and v, where u ∈ U, v ∈ V, the edge (u, v) join set T, add v to set U, and delete node v from set V at the same time;
(4)重复步骤3,直到集合V为空为止。(4) Repeat step 3 until the set V is empty.
步骤(1)中选择所有组节点中位于中心位置的节点为组密钥分发的根节点,以根节点作为组密钥分发的初始节点,这有助于提高组密钥分发的速度。In step (1), the central node among all group nodes is selected as the root node for group key distribution, and the root node is used as the initial node for group key distribution, which helps to improve the speed of group key distribution.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实 现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.
上述虽然结合附图对本发明的具体实施方式进行了描述,但并非对本发明保护范围的限制,所属领域技术人员应该明白,在本发明的技术方案的基础上,本领域技术人员不需要付出创造性劳动即可做出的各种修改或变形仍在本发明的保护范围以内。Although the specific embodiments of the present invention have been described above in conjunction with the accompanying drawings, they do not limit the scope of protection of the present invention. Those skilled in the art should understand that on the basis of the technical solutions of the present invention, those skilled in the art do not need to pay creative work. Various modifications or deformations that can be made are still within the protection scope of the present invention.

Claims (11)

  1. 一种集中式量子密码网络组密钥分发方法,其特征是:包括以下步骤:A centralized quantum cryptography network group key distribution method, characterized by comprising the following steps:
    获取新加入或退出组通信的节点信息;Get the information of nodes newly joining or leaving group communication;
    以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树;Aiming at the best overall path of group key distribution, calculate the routing spanning tree for group key distribution in the next routing cycle according to the routing graph of the quantum cryptography network;
    根据路由生成树信息,由路由生成树根节点开始组密钥分发,逐层传递,直到路由生成树上所有节点均获得组密钥为止。According to the routing spanning tree information, the group key distribution starts from the root node of the routing spanning tree, and it is transmitted layer by layer until all nodes on the routing spanning tree obtain the group key.
  2. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:各步骤在每个路由周期循环执行。A centralized quantum cryptographic network group key distribution method as claimed in claim 1, wherein each step is performed cyclically in each routing cycle.
  3. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:所述节点信息为组成员所在的量子密码网络节点ID。A centralized quantum cryptography network group key distribution method as claimed in claim 1, wherein the node information is the quantum cryptography network node ID where the group members are located.
  4. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:如果在某一路由周期内无新加入或退出组通信的节点,则不需要重新计算路由生成树。A centralized quantum cryptographic network group key distribution method as claimed in claim 1, characterized in that: if there is no new node joining or exiting group communication within a certain routing period, it is not necessary to recalculate the routing spanning tree.
  5. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树的具体过程包括:A centralized quantum cryptographic network group key distribution method as claimed in claim 1, characterized in that: the group key distribution method for the next routing period is calculated according to the routing graph of the quantum cryptographic network with the goal of the best overall path for group key distribution. The specific process of routing spanning tree for key distribution includes:
    (1)确定路由生成树的根节点,计算每一个节点到其它节点的路径和,将和最小的节点S作为路由生成树的根节点;(1) Determine the root node of the routing spanning tree, calculate the path sum from each node to other nodes, and use the node S with the smallest sum as the root node of the routing spanning tree;
    (2)查找剩余节点中密钥中继的路径长度最短的节点,将其作 为子节点,不断重复,直到无剩余节点。(2) Find the node with the shortest path length of the key relay among the remaining nodes, take it as a child node, and repeat until there are no remaining nodes.
  6. 如权利要求5所示的一种集中式量子密码网络组密钥分发方法,其特征是:所述步骤(2)的具体过程包括:A centralized quantum cryptography network group key distribution method as shown in claim 5, wherein the specific process of the step (2) includes:
    (2-1)所有除节点S以外的节点的集合记为V,将路由生成树的集合记为(U,T),U为生成树的节点集合,T为生成树中的连接节点的边集合,初始时,U只包含一个根节点S,T为空;(2-1) The set of all nodes except node S is denoted as V, the set of route spanning tree is denoted as (U, T), U is the node set of the spanning tree, and T is the edge connecting the nodes in the spanning tree Set, initially, U only contains one root node S, T is empty;
    (2-2)查找集合U和V中节点间密钥中继的路径长度最短的两个节点设为u和v,其中u∈U,v∈V,将边(u,v)加入集合T,将v加入集合U,同时从集合V中删除节点v;(2-2) Find the two nodes with the shortest path length of the key relay between nodes in the sets U and V as u and v, where u ∈ U, v ∈ V, add the edge (u, v) to the set T , add v to set U, and delete node v from set V at the same time;
    (2-3)重复步骤(2-2),直到集合V为空。(2-3) Repeat step (2-2) until the set V is empty.
  7. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:由路由生成树根节点开始组密钥分发,逐层传递的具体过程包括:路由生成树的根节点选择真随机数作为组密钥,保存组密钥,同时将组密钥分别中继到路由生成树本根节点的每一个子节点,所述子节点再分发组密钥给下一层子节点。A centralized quantum cryptographic network group key distribution method as claimed in claim 1, characterized in that: the group key distribution is started from the root node of the routing spanning tree, and the specific process of layer-by-layer transmission comprises: the root node of the routing spanning tree. Select a true random number as the group key, save the group key, and at the same time relay the group key to each child node of the root node of the routing spanning tree, and the child node distributes the group key to the next layer of child nodes. .
  8. 如权利要求1所示的一种集中式量子密码网络组密钥分发方法,其特征是:由路由生成树根节点开始组密钥分发,逐层传递的具体过程包括:每一个路由生成树中的节点收到上层节点分发的组密钥,保存组密钥,如果本节点在路由生成树上还存在子节点,则将组密钥中继到路由生成树本节点的每一个子节点。A centralized quantum cryptography network group key distribution method as claimed in claim 1, characterized in that: the group key distribution is started from the root node of the routing spanning tree, and the specific process of layer-by-layer transmission includes: in each routing spanning tree The node of the node receives the group key distributed by the upper node, saves the group key, and if this node still has child nodes in the routing spanning tree, it relays the group key to each child node of the routing spanning tree node.
  9. 如权利要求1所示的一种集中式量子密码网络组密钥分发方 法,其特征是:如果存在多条最佳组密钥分发总路径,利用多线路并行分发组密钥。A centralized quantum cryptographic network group key distribution method as shown in claim 1, characterized in that: if there are multiple optimal group key distribution paths, the group keys are distributed in parallel using multiple lines.
  10. 一种集中式量子密码网络组密钥分发系统,其特征是:包括:A centralized quantum cryptography network group key distribution system is characterized by: comprising:
    组通信认证服务器,被配置为获取新加入或退出组通信的组成员所在的量子密码网络节点信息,并发送给组密钥分发路由服务器;The group communication authentication server is configured to obtain the quantum cryptographic network node information of the group members who newly join or leave the group communication, and send it to the group key distribution routing server;
    组密钥分发路由服务器,被配置为以组密钥分发总路径最佳为目标,根据量子密码网络的路由图计算下个路由周期组密钥分发的路由生成树,将路由生成树发送给每一个组成员所在的量子密码网络节点;The group key distribution routing server is configured to take the best overall path of group key distribution as the goal, calculate the routing spanning tree for group key distribution in the next routing period according to the routing graph of the quantum cryptography network, and send the routing spanning tree to each A quantum cryptographic network node where a group member is located;
    组成员所在的量子密码网络节点,被配置为根据路由生成树信息,由路由生成树根节点开始组密钥分发,逐层传递,直到路由生成树上所有节点均获得组密钥为止。The quantum cryptography network node where the group members are located is configured to distribute the group key from the root node of the routing spanning tree according to the routing spanning tree information, and pass it layer by layer until all nodes on the routing spanning tree obtain the group key.
  11. 如权利要求10所述的一种集中式量子密码网络组密钥分发系统,其特征是:所述组密钥分发路由服务器与组通信认证服务器相连,且与各个组成员所在的量子密码网络节点通信,为各个节点提供组密钥分发的路由服务;A centralized quantum cryptography network group key distribution system according to claim 10, wherein the group key distribution routing server is connected to the group communication authentication server, and is connected to the quantum cryptography network node where each group member is located. Communication, providing routing services for group key distribution for each node;
    所述组通信认证服务器,被配置为对量子密码网络节点提供注册、登陆认证和退出管理。The group communication authentication server is configured to provide registration, login authentication and logout management for quantum cryptography network nodes.
PCT/CN2021/117783 2020-12-28 2021-09-10 Centralized quantum cryptography network group key distribution method and system WO2022142460A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011584517.1 2020-12-28
CN202011584517.1A CN114697003B (en) 2020-12-28 2020-12-28 Centralized type quantum cipher network group key distribution method and system

Publications (1)

Publication Number Publication Date
WO2022142460A1 true WO2022142460A1 (en) 2022-07-07

Family

ID=82130829

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/117783 WO2022142460A1 (en) 2020-12-28 2021-09-10 Centralized quantum cryptography network group key distribution method and system

Country Status (2)

Country Link
CN (1) CN114697003B (en)
WO (1) WO2022142460A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962773A (en) * 2017-12-22 2019-07-02 山东量子科学技术研究院有限公司 Wide area quantum cryptography networks data encryption method for routing
WO2020125967A1 (en) * 2018-12-19 2020-06-25 Telefonaktiebolaget Lm Ericsson (Publ) Quantum key distribution apparatus and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6684331B1 (en) * 1999-12-22 2004-01-27 Cisco Technology, Inc. Method and apparatus for distributing and updating group controllers over a wide area network using a tree structure
CN100596063C (en) * 2007-02-01 2010-03-24 华为技术有限公司 Distributing system, method and device for group key control message
CN104579964B (en) * 2013-01-07 2017-10-13 山东量子科学技术研究院有限公司 A kind of quantum cryptography networks dynamic routing architecture system
US9392525B2 (en) * 2014-05-16 2016-07-12 Qualcomm Incorporated Establishing reliable routes without expensive mesh peering
CN110446239B (en) * 2019-07-25 2022-10-14 汕头大学 Wireless sensor network clustering method and system based on multiple magic squares

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109962773A (en) * 2017-12-22 2019-07-02 山东量子科学技术研究院有限公司 Wide area quantum cryptography networks data encryption method for routing
WO2020125967A1 (en) * 2018-12-19 2020-06-25 Telefonaktiebolaget Lm Ericsson (Publ) Quantum key distribution apparatus and method

Also Published As

Publication number Publication date
CN114697003A (en) 2022-07-01
CN114697003B (en) 2024-06-07

Similar Documents

Publication Publication Date Title
CN103765810B (en) method and apparatus for secure group messaging
TWI744532B (en) Methods and systems to establish trusted peer-to-peer communications between nodes in a blockchain network
US6941457B1 (en) Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key
CN107040378A (en) A kind of key dispatching system and method based on Multi-user Remote Communication
CN109194471B (en) Quantum group key negotiation method oriented to quantum key distribution network
CN103650433A (en) Route distributing method, system and controller
Ometov et al. Securing network-assisted direct communication: The case of unreliable cellular connectivity
TW201722114A (en) Data delivery method and system in software defined network
US20200175505A1 (en) System and method for creating a secure mesh network utilizing the blockchain
CN107204845B (en) It can be across the asymmetric group key agreement method of cluster in wireless sensor network
WO2022142460A1 (en) Centralized quantum cryptography network group key distribution method and system
CN115865334B (en) Quantum key distribution method and device and electronic equipment
WO2022142463A1 (en) Group key distribution method in distributed quantum cryptography network, and system
CN101106470A (en) A multicast method, network device and system
Shi et al. Concurrent Entanglement Routing for Quantum Networks: Model and Designs
WO2022142462A1 (en) Centralized wide area quantum cryptography network group key distribution method and system
Yao et al. Making the key agreement protocol in mobile ad hoc network more efficient
WO2022142461A1 (en) Distributed wide area quantum cryptography network group key distribution method and system
WO2023169187A1 (en) Conference secret key generation method, terminal and device
Jung et al. Multicast tree construction with user-experienced quality for multimedia mobile networks
CN116827528B (en) Authentication and key management method based on blockchain and Chebyshev chaotic mapping
Zou et al. A block-free TGDH key agreement protocol for secure group communications.
Baddi et al. MSDN-GKM: Software Defined Networks Based Solution for Multicast Transmission with Group Key Management
CN111769936B (en) Encrypted multicast data transmission method based on centralized configuration
Eidkhani et al. CRAW: Combination of Re-Keying and Authentication in Wireless Networks for Secure Multicast Increasing Efficiency of Member Join/Leave and Movement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21913207

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21913207

Country of ref document: EP

Kind code of ref document: A1