CN119341746B

CN119341746B - Quantum key-based communication method and related equipment

Info

Publication number: CN119341746B
Application number: CN202411908011.XA
Authority: CN
Inventors: 薛伟佳; 谢杨; 王靖然; 王聪丽
Original assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Current assignee: China Telecom Technology Innovation Center; China Telecom Corp Ltd
Priority date: 2024-12-23
Filing date: 2024-12-23
Publication date: 2025-03-28
Anticipated expiration: 2044-12-23
Also published as: CN119341746A

Abstract

The present disclosure provides a communication method and related equipment based on quantum key, which relates to the field of network technology and security. The method includes: a first device determines whether its key quantity supports the one-time one-pad method. If it supports, the one-time one-pad method is used as the target encryption method, and then based on the target encryption method, the communication information is encrypted using the quantum key of the first device to obtain a communication message, which includes the identification information of the key block and the information of the target encryption method. The identification information of the key block is used to locate the starting position of the quantum key used for encryption processing; the first device sends a communication message to the second device, and receives the message decryption result returned by the second device after decrypting the communication message according to the identification information. The method performs encryption processing based on the one-time one-pad method when the key quantity of the first device is sufficient, which is suitable for communication scenarios with high security levels and effectively improves the security of communication.

Description

Quantum key-based communication method and related equipment

Technical Field

The present disclosure relates to the field of network technology and security, and more particularly, to a quantum key based communication method, a quantum key based communication apparatus, an electronic device, a computer readable storage medium, and a computer program product.

Background

Quantum information technology is transitioning from scientific research to industrialization, mainly covering quantum computing, quantum communication, and quantum measurement. Among them, quantum communication, in particular, quantum key distribution (Quantum Key Distribution, QKD) technology has entered a large-scale industrial stage. The QKD technology encodes information based on quantum states, the security is based on quantum physics principles rather than the requirement and assumption of mathematical computation complexity, and the QKD technology is high in security and is not affected by quantum computation.

It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.

Disclosure of Invention

The present disclosure provides a quantum key based communication method, a quantum key based communication apparatus, an electronic device, a computer readable storage medium, and a computer program product.

Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.

According to one aspect of the disclosure, a communication method based on a quantum key is provided, the method is executed by a first device, the method comprises the steps of determining whether a one-time encryption mode is supported by key quantity of the first device, if the one-time encryption mode is supported by the key quantity of the first device, taking the one-time encryption mode as a target encryption mode, conducting encryption processing on communication information by using the quantum key of the first device based on the target encryption mode to obtain a communication message, wherein the communication message comprises identification information of a key block and information of the target encryption mode, the identification information of the key block is used for locating a starting position of the quantum key used for conducting encryption processing, sending the communication message to a second device, and receiving a message decryption result sent by the second device, wherein the message decryption result is obtained by decrypting the communication message according to the identification information of the key block and the information of the target encryption mode.

According to another aspect of the disclosure, a communication method based on a quantum key is further provided, the method is executed by a second device, the method comprises the steps of receiving a communication message sent by a first device, wherein the communication message is obtained by the first device through encryption processing of the communication message by using the quantum key of the first device based on a target encryption mode, the target encryption mode is a one-time-pad mode under the condition that the key quantity of the first device supports the one-time-pad mode, the communication message comprises identification information of a key block and information of the target encryption mode, the identification information of the key block is used for locating a starting position of the quantum key used for encryption processing, decrypting the communication message according to the identification information of the key block and the information of the target encryption mode, obtaining a message decryption result, and sending the message decryption result to the first device.

According to another aspect of the disclosure, a communication device based on a quantum key is further provided, and the device is applied to a first device, and comprises an encryption module configured to determine whether a one-time encryption mode is supported by a key amount of the first device, if the one-time encryption mode is supported by the key amount of the first device, the one-time encryption mode is used as a target encryption mode, communication information is encrypted by using the quantum key of the first device based on the target encryption mode to obtain a communication message, the communication message comprises identification information of a key block and information of the target encryption mode, the identification information of the key block is used for locating a starting position of the quantum key used for encryption, the first communication module is configured to send the communication message to a second device, receive a message decryption result sent by the second device, and the message decryption result is obtained by the second device according to the identification information of the key block and the information of the target encryption mode.

According to another aspect of the disclosure, a communication device based on a quantum key is further provided, and the device is applied to a second device, and the device comprises a second communication module configured to receive a communication message sent by a first device, wherein the communication message is obtained by encrypting communication information by using the quantum key of the first device based on a target encryption mode by the first device, the target encryption mode is a one-time-pad mode if the key quantity of the first device supports the one-time-pad mode, the communication message comprises identification information of a key block and information of the target encryption mode, the identification information of the key block is used for locating a starting position of the quantum key used for encryption, a decryption module is configured to decrypt the communication message according to the identification information of the key block and the information of the target encryption mode, and obtain a message decryption result, and the second communication module is further configured to send the message decryption result to the first device.

According to another aspect of the disclosure, there is also provided an electronic device comprising a processor, and a memory for storing executable instructions of the processor, wherein the processor is configured to perform any one of the quantum key based communication methods described above via execution of the executable instructions.

According to another aspect of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the quantum key based communication method of any one of the above.

According to another aspect of the present disclosure there is also provided a computer program product comprising a computer program or instructions which when executed by a processor implement the quantum key based communication method of any of the above.

According to the communication method based on the quantum key, a first device determines whether a one-time-pad mode is supported by the key quantity of the first device, and under the condition that the one-time-pad mode is supported, the one-time-pad mode is used as a target encryption mode, and further based on the target encryption mode, the stored quantum key is used for carrying out encryption processing on communication information to obtain a communication message; after the first device obtains the communication message, the first device sends the communication message to the second device, and the second device can decrypt the communication message according to the identification information of the key block and the information of the target encryption mode in the communication message, so as to obtain a message decryption result and send the message to the first device. Therefore, under the condition that the first equipment supports the one-time-pad mode, encryption processing can be carried out based on the one-time-pad mode, and the method is not dependent on a cryptographic algorithm, is suitable for high-security-level communication scenes, such as scenes of voice communication, video communication and the like, and effectively improves the safety of communication.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.

FIG. 1 illustrates an exemplary application system architecture schematic to which a quantum key based communication method in embodiments of the present disclosure may be applied;

FIG. 2 illustrates a flow chart of a quantum key based communication method in an embodiment of the present disclosure;

FIG. 3 is a flow chart illustrating a method for encrypting a communication message based on a one-time pad in an embodiment of the disclosure;

FIG. 4 illustrates a flow chart of another quantum key based communication method in an embodiment of the present disclosure;

FIG. 5 is a flowchart illustrating a decryption process performed to obtain a message decryption result in a one-time pad manner in an embodiment of the present disclosure;

FIG. 6 is a schematic diagram of a scenario in which two parties interact in an embodiment of the disclosure;

FIG. 7 is a schematic diagram of another scenario in which two parties interact in an embodiment of the disclosure;

FIG. 8 illustrates a flow chart of encrypted communications between two parties in an embodiment of the disclosure;

FIG. 9 illustrates a flow chart of another embodiment of the present disclosure in which two parties communicate cryptographically;

fig. 10 shows a block diagram of a quantum key based communication device in an embodiment of the present disclosure;

FIG. 11 shows a block diagram of another quantum key-based communication device in an embodiment of the present disclosure, and

Fig. 12 shows a block diagram of an electronic device in an embodiment of the disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein, but rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the exemplary embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.

It should be noted that, in the technical solution of the present disclosure, the acquiring, storing, using, processing, etc. of data all conform to relevant regulations of national laws and regulations, and various types of data such as personal identity data, operation data, behavior data, etc. relevant to individuals, clients, crowds, etc. acquired in the embodiments of the present disclosure have been authorized.

For ease of understanding, before describing embodiments of the present disclosure, several terms referred to in the embodiments of the present disclosure are first explained as follows:

The quantum key distribution (Quantum Key Distribution, QKD) is characterized in that the two communication parties realize a symmetric key generation method by a quantum state transmission method, and the information theory security is provided at the theoretical protocol level.

One-Time Pad (OTP), which is an encryption method, is One of the theoretically safest encryption modes. The basic principle is that the secret key which has the same length as the plaintext and is randomly generated is used for encrypting the plaintext, and the same secret key is not reused after each use, so the name 'one-time pad' is obtained.

Stream cipher STREAM CIPHER is a symmetric encryption algorithm that encrypts each bit (or byte) in plaintext to generate a corresponding ciphertext bit (or byte). The main feature of stream cipher is that it uses a pseudo-random number generator (PRNG) to generate a key stream, which is then bitwise exclusive-or (XOR) operated with the plaintext to obtain the ciphertext. Similarly, the decryption process recovers the plaintext by bitwise xoring the keystream with the ciphertext.

Block ciphers (Block ciphers) are one type of symmetric Cipher that divide plaintext into a plurality of equal-length blocks (blocks), such blocks of data being called blocks, each of which is encrypted and decrypted with the same processing and the same key.

Key derivation functions (Key Derivation Function, KDF) are functions that convert a password (variable length) or key to one or more keys.

The following detailed description of embodiments of the present disclosure refers to the accompanying drawings.

Fig. 1 shows a schematic diagram of an exemplary application system architecture to which the quantum key based communication method of the embodiments of the present disclosure may be applied. As shown in fig. 1, the system architecture may include a first device 101, a network 102, and a second device 103.

The medium used by the network 102 to provide a communication link between the first device 101 and the second device 103 may be a wired network or a wireless network.

Alternatively, the wireless network or wired network described above uses standard communication techniques and/or protocols. The network is typically the Internet, but may be any network including, but not limited to, a local area network (Local Area Network, LAN), metropolitan area network (Metropolitan Area Network, MAN), wide area network (Wide Area Network, WAN), mobile, wired or wireless network, private network, or any combination of virtual private networks. In some embodiments, data exchanged over the network is represented using techniques and/or formats including HyperText Mark-up Language (HTML), extensible markup Language (Extensible Markup Language, XML), and the like. All or some of the links may also be encrypted using conventional encryption techniques such as secure sockets layer (Secure Socket Layer, SSL), transport layer security (Transport Layer Security, TLS), virtual private network (Virtual Private Network, VPN), internet security protocol (Internet Protocol Security, IP Sec), etc. In other embodiments, custom and/or dedicated data communication techniques may also be used in place of or in addition to the data communication techniques described above.

The first device 101 and the second device 103 are based on a secret-passing integrated device having a quantum key distribution function, i.e. a device integrating the quantum key distribution function with a communication device, including but not limited to a server, a router, a switch, a network security device, an internet of things device, a vehicle-mounted communication device, a smart phone, a tablet computer, a laptop portable computer, a desktop computer, etc. It should be noted that, in the embodiment of the present invention, the specific type of the integrated device is not limited.

Those skilled in the art will appreciate that the number of devices and networks in fig. 1 is merely illustrative and that any number of devices and networks may be provided as desired. The embodiments of the present disclosure are not limited in this regard.

Under the system architecture described above, the embodiments of the present disclosure provide a quantum key based communication method that can be performed by any electronic device with computing processing capabilities.

In some embodiments of the present disclosure, the quantum key-based communication method provided in the embodiments of the present disclosure may be performed by a first device of the system architecture, in other embodiments of the present disclosure, the quantum key-based communication method provided in the embodiments of the present disclosure may be performed by a second device of the system architecture, and in other embodiments of the present disclosure, the quantum key-based communication method provided in the embodiments of the present disclosure may be implemented by the first device and the second device of the system architecture in an interactive manner.

Fig. 2 shows a flowchart of a communication method based on a quantum key in an embodiment of the disclosure, where the method provided in the embodiment of fig. 2 is implemented by a first device, which may also be called a sender or a sending device. Referring to fig. 2, a quantum key based communication method provided by an embodiment of the present disclosure includes the following steps.

Step S210 determines whether the key amount of the first device supports one-time pad.

In the embodiment of the disclosure, the first device and the second device are all secret integrated devices with a quantum key distribution function, namely the first device and the second device have a quantum key distribution function and a communication function.

In the embodiment of the disclosure, the key amount of the first device refers to the remaining quantum key amount stored in the first device, that is, the unused quantum key amount stored in the first device, and may also be understood as the quantum key amount currently available in the first device. The principle of the one-time-pad approach is to encrypt the plaintext using a randomly generated key of the same length as the plaintext, the same key not being reused after each use.

In this step, the first device determines whether the amount of quantum key remaining in its storage is sufficient to support one-time pad mode. The method includes the steps of determining whether the remaining quantum key amount stored by the first device is greater than or equal to the length of communication information to be transmitted, if so, determining that the key amount of the first device supports one-time pad, and if not, determining that the key amount of the first device does not support one-time pad.

In step S220, if the key amount of the first device supports the one-time-pad method, the one-time-pad method is used as the target encryption method.

In the embodiment of the present disclosure, the target encryption mode refers to an encryption mode adopted by the first device for encryption processing.

In this step, if the first device determines that the remaining quantum key amount stored in the first device is sufficient to support the one-time-pad manner, that is, the one-time-pad manner is supported by the key amount of the first device, the first device uses the one-time-pad manner as the target encryption manner, and then performs encryption processing based on the one-time-pad manner.

Step S230, based on the target encryption mode, the communication information is encrypted by utilizing the quantum key of the first device to obtain a communication message, wherein the communication message comprises the identification information of the key block and the information of the target encryption mode, and the identification information of the key block is used for positioning the initial position of the quantum key adopted for encryption.

In the embodiment of the disclosure, the quantum key of the first device refers to the remaining quantum key stored in the first device, i.e. the unused quantum key stored in the first device, and may also be understood as the quantum key currently available in the first device. The communication information refers to communication contents that the first device needs to make.

In this step, after determining the target encryption mode, the first device encrypts the communication information based on the determined target encryption mode by using the remaining quantum key stored in the first device, so as to obtain a communication message.

The communication message comprises identification information of a key block, wherein the identification information of the key block is used for locating a starting position of a quantum key adopted for encryption processing.

The identification information of the key block includes, for example, a unique identification of the key block used for encryption, such as an index of the key block, for locating the key block used for encryption, and, for example, a serial number of the key block, for quickly searching the key block used for encryption according to the serial number.

In addition, the identification information of the key block further comprises a unique identification of the quantum key adopted for encryption processing, such as an index of the adopted quantum key, which is used for locating the quantum key adopted for encryption processing, and for example, a serial number of the adopted quantum key, which is used for quickly searching the quantum key adopted for encryption processing according to the serial number.

The communication message further includes information of a target encryption mode, where the information of the target encryption mode is used to instruct the first device to perform encryption processing in an encryption mode.

In the embodiment of the present disclosure, the encryption manner may include other encryption manners besides one-time pad, such as stream cipher encryption, block cipher encryption, and encryption based on a key derivation function, which is not limited in this embodiment of the present disclosure.

Table 1 shows an example of encryption scheme, wherein one-time pad scheme is named OPT with a value of 00x0, STREAM cipher encryption is named STREAM with a value of 0x01, BLOCK key encryption is named BLOCK with a value of 0x02, and encryption based on key derivation function is named KDF with a value of 0x03.

The information of the target encryption scheme in the communication packet is illustratively the name of the target encryption scheme, or the information of the target encryption scheme is a value of the target encryption scheme. Of course, the information of the target encryption mode may also be other information, such as short for the target encryption mode, which is not limited in the embodiments of the present disclosure.

Table 2 is a message structure table of a communication message, and as shown in table 2, the communication message includes a message header and a message content, where the message header includes original message header information, identification information of a key block, and information of an encryption mode.

In the embodiment of the disclosure, the communication message includes the identification information of the key block, so that the second device can accurately find the corresponding quantum key according to the identification information of the key block in decryption processing and perform decryption processing by using the corresponding quantum key, and the communication message includes the information of the target encryption mode, so that the second device performs decryption processing by adopting the same decryption mode.

And step S240, a communication message is sent to the second equipment, and a message decryption result sent by the second equipment is received, wherein the message decryption result is obtained by the second equipment decrypting the communication message according to the identification information of the key block and the information of the target encryption mode.

After the first device encrypts the communication information to obtain a communication message, the first device sends the communication message to the second device. After receiving the communication message, the second device decrypts the communication message according to the identification information of the key block in the communication message and the information of the target encryption mode to obtain a message encryption result, and then sends the message decryption result to the first device. Thus, the first device receives the message decryption result sent by the second device.

According to the communication method based on the quantum key, a first device determines whether a one-time-pad mode is supported by the key quantity of the first device, and under the condition that the one-time-pad mode is supported, the one-time-pad mode is used as a target encryption mode, and further based on the target encryption mode, the stored quantum key is used for carrying out encryption processing on communication information to obtain a communication message; after the first device obtains the communication message, the first device sends the communication message to the second device, and the second device can decrypt the communication message according to the identification information of the key block and the information of the target encryption mode in the communication message, so as to obtain a message decryption result and send the message to the first device. Therefore, encryption processing is performed based on a one-time pad mode under the condition that the key amount stored by the first equipment is sufficient, and the method is not dependent on a cryptographic algorithm, is suitable for high-security-level communication scenes, such as scenes of voice communication, video communication and the like, and effectively improves the security of communication.

In some embodiments of the present disclosure, before the communication message is obtained by encrypting the communication information using the quantum key of the first device based on the target encryption mode, the method further includes determining whether to allow encryption in a non-one-time-pad mode if the key amount of the first device does not support the one-time-pad mode, determining the target encryption mode from a preset encryption mode if encryption in the non-one-time-pad mode is allowed, and the preset encryption mode includes at least one of a stream cipher algorithm, a block cipher algorithm, and a key derivation function.

If the first device determines that the amount of the remaining quantum key stored in the first device is insufficient to support the one-time-pad mode, that is, the amount of the key of the first device does not support the one-time-pad mode, the first device determines whether encryption is allowed to be performed in a non-one-time-pad mode, that is, the first device determines whether the security level requirement is allowed. If the first device judges that the non-one-time encryption mode is allowed to be adopted, the first device selects a target encryption mode from preset encryption modes. If the first device judges that the non-one-time pad mode is not allowed to be adopted, the first device and the second device do not communicate.

In the embodiment of the disclosure, the preset encryption mode includes at least one of a stream cipher algorithm, a block cipher algorithm and a key derivation function. The stream cipher algorithm and the block cipher algorithm use 128bit or 256bit keys, the 128bit or 256bit keys are quantum keys stored in the first device, the key derivation function is to use the quantum keys stored in the first device, such as 128bit, as inputs of the key derivation function, a key string is generated through the key derivation function, and then the key string and the communication message are encrypted.

After a target encryption mode is selected from a stream cipher algorithm, a block cipher algorithm and a key derivative function, the communication information is encrypted by utilizing a quantum key stored in first equipment based on the target encryption mode, so as to obtain a communication message.

According to the communication method based on the quantum key, under the condition that the key quantity stored by the first device is insufficient, the communication information is optionally encrypted by using a stream cipher algorithm, a block cipher algorithm and a key derivative function, so that the flexibility of an encryption process is improved, the consumption of the quantum key is reduced, and the communication method can adapt to communication scenes with different key quantities and security levels.

In some embodiments of the present disclosure, the method further includes performing quantum key distribution with the second device to obtain a quantum key, storing the quantum key, and managing first identification information of the quantum key.

In the disclosed embodiments, the first device and the second device (i.e., both communicating parties) generate and share quantum keys using quantum key distribution techniques and store the quantum keys.

The first device includes a first quantum key distribution module and a first quantum key storage module, and the second device includes a second quantum key distribution module and a second quantum key storage module. The first quantum key distribution module of the first device and the second quantum key distribution module of the second device carry out quantum key distribution, generate and share quantum keys, and then the first quantum key storage module of the first device and the second quantum key storage module of the second device store the quantum keys respectively.

According to the communication method based on the quantum key, the first device and the second device conduct quantum key distribution, generate and share the quantum key, so that the first device and the second device have the functions of quantum key distribution, key storage and communication encryption, the space occupied by the devices in a machine room is reduced, and the number of devices required to be deployed, managed and maintained is reduced.

In some embodiments of the disclosure, quantum key distribution is performed with a second device to obtain a quantum key, and the method comprises the steps of establishing connection between the first device and the second device if the distance between the first device and the second device is smaller than or equal to a preset distance threshold value, performing quantum key distribution based on the connection to obtain the quantum key, and performing quantum key distribution by using a quantum key distribution network if the distance between the first device and the second device is larger than the preset distance threshold value to obtain the quantum key.

In the disclosed embodiment, the preset distance threshold is set according to the performance of the quantum key distribution technology and the physical distance between the two communication parties (i.e., the first device and the second device).

If the distance between the first device and the second device is smaller than or equal to the preset distance threshold, which means that the distance between the first device and the second device is relatively close, connection between the first device and the second device, such as optical fiber connection, is directly established, and quantum key distribution is further performed, so that transmission loss and potential safety risks can be reduced.

If the distance between the first device and the second device is larger than the preset distance threshold value, the distance between the first device and the second device is far, and quantum key distribution is carried out by using the quantum key distribution network. The first device accesses the quantum key distribution network, and the second device accesses the quantum key distribution network, so that quantum key distribution is performed by using the quantum key distribution network, and thus, coverage of quantum key distribution by the first device and the second device can be expanded through the quantum key distribution network, and the first device and the second device can safely share the key.

In the embodiment of the disclosure, the quantum key comprises one or more key blocks, that is, the first device and the second device both store the quantum key in the form of the key blocks, so that the quantum key can be managed more efficiently.

In an embodiment of the disclosure, the first device further manages first identification information of the quantum key. Wherein the first identification information of the quantum key comprises a first key block index and first identification information of each of the one or more key blocks. The first keyblob index is used to indicate the keyblob currently used by the first device. By means of the first key block index, the first device can quickly locate the currently used key block. The first identification information of each key block includes a key block identification of the key block, a key block length of the key block, and a first key index of the key block.

Wherein the key block identity is a unique identifier of the key block for distinguishing between different key blocks. The key block length represents the size of the key block, i.e. the number of key bits that are contained. The first key index of the key block is used to record the length of the key block that has been used in the first device, by which the first device can track the used key portions in the key block, ensuring that unused key portions are used for each communication.

In the embodiment of the disclosure, the first device and the second device perform quantum key distribution to generate a quantum key, and the first device and the second device both store the quantum key and maintain identification information of the quantum key. In order to distinguish, the first device maintains first identification information of the quantum key, namely the use condition of the quantum key in the first device, and the second device maintains second identification information of the quantum key, namely the use condition of the quantum key in the second device.

Table 3 is a stored example table of quantum keys in a first device. As shown in table 3, the first keyblob index is 1, indicating that the first device is currently using keyblob 1. The key block 1 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 1, and the first key index of the key block 1 is 24, which indicates that there are 24 quantum keys in the key block 1 that have been used by the first device. The key block 2 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 2, and the first key index of the key block 2 is 0, which indicates that the quantum keys in the key block 2 are not used. The key block 3 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 3, and the first key index of the key block 3 is 0, which indicates that the quantum keys in the key block 3 are not used.

The communication method based on the quantum key, provided by the embodiment of the disclosure, comprises the steps that the first device stores the quantum key in the form of a key block, can manage the quantum key more efficiently, and further maintains first identification information of the quantum key, wherein the first identification information comprises a first key block index for indicating the key block currently used by the first device, the first identification information of the quantum key comprises first identification information of each key block, comprises each key block identification, length and first key index, and the first key index is used for recording the length of the key block which is used in the first device, so that the use condition of the key block is convenient to track and recognize.

Fig. 3 is a flowchart illustrating an encryption process performed to obtain a communication packet in a one-time pad manner in an embodiment of the present disclosure. Referring to fig. 3, in the case where the target encryption method is the one-time pad method, the encryption processing is performed on the communication information by using the quantum key of the first device based on the target encryption method in step S230 to obtain a communication packet, which includes the following steps.

Step S310, a first key block index is acquired, and an encryption key block of the first device is determined according to the first key block index.

In an embodiment of the disclosure, a first device stores a quantum key and maintains first identification information of the quantum key. Wherein the first identification information includes a first key block index and first identification information of each key block, the first identification information of each key block including an identification, a length, and a first key index of the key block.

The first device acquires a first key block index from the first identification information of the quantum key maintained by the first device, namely, determines a key block which is being used by the first device, takes the key block which is being used as an encryption key block, and subsequently starts to use the encryption key block for encryption processing.

Step S320, locating the first key start position in the encryption key block according to the first key index of the encryption key block.

In the embodiment of the disclosure, the first key start position in the encryption key block refers to a start position of an unused quantum key in the first device.

The first device acquires a first key index of the encryption key block from first identification information of the quantum key maintained by the first device, and the first key index of the encryption key block is used for recording the used key length of the encryption key block, so that the first device is positioned to the initial position of the quantum key which is not used in the first device according to the first key index of the encryption key block. Taking table 3 as an example, the first device determines that the encryption key block is the key 1, and locates the first key starting position as the 25 th key of the key block 1 according to the first key index 24 of the key block 1, that is, performs encryption processing from the 25 th key of the key block 1.

Step S330, starting from the first key start position, encrypts the communication information using the quantum key in the encryption key block based on the one-time pad method.

After locating the first key start position, the communication information is read bit by bit starting from the first key start position, and is encrypted by using the quantum key in the encryption key block.

In step S340, if the unused key length of the encryption key block is sufficient to support the encrypted communication information in the encryption process, a communication message is obtained.

During the encryption process, the first device continuously monitors the unused key length of the encryption key block. If the unused key length is long enough to cover the encryption requirements of the entire communication, the encryption process will be completed, generating a communication message.

In step S350, if the unused key length of the encryption key block is not enough to support the encrypted communication information in the encryption process, the next key block of the encryption key block is used as a new encryption key block, and the encryption process is continued by using the new encryption key block until the encryption process of the communication information is completed, so as to obtain the communication message.

If the unused key length of the encryption key block is insufficient to support the encryption operation, that is, the unused key length of the encryption key block cannot cover the encryption requirement of the whole communication information, after the quantum key in the encryption key block is used, the first device automatically switches to the next key block of the encryption key block and uses the next key block as a new encryption key block, and further uses the new encryption key block to continue the encryption processing from the first position which is not encrypted in the communication information. This process is repeated until the entire communication is encrypted, ultimately generating a communication message.

In some embodiments of the present disclosure, the method further includes determining the first key block index as identification information of the key block, and adding the identification information to a header of the communication message. In the encryption process, the first device uses the first key block index as the identification information of the key block of the message header.

In some embodiments of the present disclosure, the method further includes determining the first key block index and the first key index of the encryption key block as identification information of the key block, and adding the identification information to a header of the communication message. In the encryption process, the first device uses the first key block index as the identification information of the key block of the message header and the first key index of the encryption key block as the identification information of the key block of the message header. The encryption key block herein refers to an encryption key block determined by the first device according to the first key block index before performing encryption processing.

In some embodiments of the present disclosure, the method further includes updating the first key block index and the first key index of the key block employed for the encryption process after the encryption process of the communication information is completed. The first device updates the first keyblob index after encrypting the communication using the quantum key such that the updated first keyblob index indicates the keyblob being used by the first device. And, the first device updates a first key index of a key block employed in the encryption process. In the embodiment of the disclosure, if the quantum key in the encryption key block is used, the encryption key block is deleted.

Continuing with the description in table 3 as an example, the first device performs encryption processing using the quantum key shown in table 3, updates the first key block index after performing the encryption processing, and the first key index of the key block used for the encryption processing, to obtain a stored example table of the quantum key updated by the first device shown in table 4.

In table 4, the first key block index is 2, which indicates that the first device is currently using key block 2, and in table 4, there is no information of key block 1, which indicates that key block 1 has been deleted after use. The key block 2 has a key block length of 1024, which means that there are 1024 quantum keys in the key block 2, and the first key index of the key block 2 is 10, which means that there are 10 quantum keys in the key block 2 to be used. The key block 3 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 3, and the first key index of the key block 3 is 0, which indicates that the quantum keys in the key block 3 are not used.

According to the communication method based on the quantum key, the encryption key block is determined through the first key block index, then the initial position of the quantum key which is not used in the first device can be rapidly located according to the first key index of the encryption key block, and further from the initial position, one-time encryption is carried out on communication information by utilizing the quantum key in the first device, so that the encryption processing speed can be increased, and the communication safety is improved. And when the unused key length of the encryption key block is insufficient to encrypt the whole communication information, the encryption key block can be automatically switched to the next key block to continue to encrypt until the encryption processing of the whole communication information is completed, so that the communication information can be completely encrypted and protected.

And after the encryption processing of the communication information is completed, updating the first key block index and the first key index of the key block adopted by the encryption processing, thereby being beneficial to managing the service condition of the key, preventing the key from being reused or revealed and providing convenience for subsequent communication.

And adding the first key block index or the first key block index and the first key index of the encryption key block as the identification information of the key block to the message header of the communication message, so that the second device can adopt the corresponding quantum key to perform decryption processing.

Fig. 4 shows a flowchart of another quantum key based communication method in an embodiment of the disclosure, where the method provided in the embodiment of fig. 4 is implemented by a second device, which may also be called a receiving device or a receiving device. Referring to fig. 4, a quantum key based communication method provided by an embodiment of the present disclosure includes the following steps.

Step S410, receiving a communication message sent by the first device.

The communication message is obtained by encrypting the communication information by the first device based on the target encryption mode by using the quantum key of the first device. The communication message comprises identification information of the key block and information of a target encryption mode, wherein the identification information of the key block is used for positioning the starting position of a quantum key adopted for encryption processing.

In the embodiment of the disclosure, in the case where the key amount of the first device supports the one-time-pad manner, the target encryption manner is the one-time-pad manner.

In the embodiment of the disclosure, if the first device is permitted to adopt a non-one-time-pad encryption mode under the condition that the key amount of the first device does not support the one-time-pad encryption mode, the target encryption mode is selected from the preset encryption modes. The preset encryption mode comprises at least one of a stream cipher algorithm, a block cipher algorithm and a key derivative function.

In the above embodiment, the process of encrypting the communication information by the first device to obtain the communication message has been described, and will not be described here.

Step S420, the communication message is decrypted according to the identification information of the key block and the information of the target encryption mode, and a message decryption result is obtained.

In the embodiment of the disclosure, the communication message includes identification information of a key block, where the identification information of the key block is used to locate a starting position of a quantum key used for performing encryption processing. The communication message further includes information of a target encryption mode, where the information of the target encryption mode is used to instruct the first device to perform encryption processing in an encryption mode.

The second device can accurately find the corresponding quantum key according to the identification information of the key block, determine the decryption mode to be adopted for decryption according to the information of the target encryption mode, and further decrypt the communication message to obtain a message decryption result.

Step S430, the message decryption result is sent to the first device.

And the second equipment sends the message decryption result to the first equipment after obtaining the message decryption result.

According to the communication method based on the quantum key, the second device receives the communication message sent by the first device, decrypts the communication message according to the identification information of the key block in the communication message and the information of the target encryption mode, obtains a message decryption result, and sends the message decryption result to the first device. And under the condition that the key amount stored by the first equipment is sufficient, the communication message is obtained by encryption processing based on a one-time-pad mode, so that the second equipment can decrypt the communication message based on the one-time-pad mode, and the method is suitable for high-security-level communication scenes, such as scenes of voice communication, video communication and the like, and the communication security is effectively improved.

In some embodiments of the present disclosure, the method further includes performing quantum key distribution with the first device to obtain a quantum key, storing the quantum key, and managing second identification information of the quantum key.

In some embodiments of the disclosure, quantum key distribution is performed with a first device to obtain a quantum key, and the method comprises the steps of establishing connection between the first device and a second device if the distance between the first device and the second device is smaller than or equal to a preset distance threshold value, performing quantum key distribution based on the connection to obtain the quantum key, and performing quantum key distribution by using a quantum key distribution network if the distance between the first device and the second device is larger than the preset distance threshold value to obtain the quantum key.

In an embodiment of the disclosure, the second device further manages second identification information of the quantum key. Wherein the second identification information of the quantum key comprises a second key block index and second identification information of each of the one or more key blocks.

The second keyblob index is used to indicate the keyblob currently used by the second device. By means of the second key block index, the second device can quickly locate the currently used key block, and accurate use of the correct key block in each communication can be ensured.

The second identification information of each key block includes a key block identification of the key block, a key block length of the key block, and a second key index of the key block.

Wherein the key block identity is a unique identifier of the key block for distinguishing between different key blocks. The key block length represents the size of the key block, i.e. the number of key bits that are contained. The second key index of the key block is used to record the length of the key block that has been used in the second device through the second key index, and the second device can track the used key portions in the key block to ensure that unused key portions are used for each communication.

Table 5 is a stored example table of quantum keys in the second device. As shown in table 5, the first keyblob index is 1, indicating that the second device is currently using keyblob 1. The key block 1 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 1, and the second key index of the key block 1 is 24, which indicates that there are 24 quantum keys in the key block 1 that have been used by the second device. The key block length of the key block 2 is 1024, which indicates that there are 1024 quantum keys in the key block 2, and the second key index of the key block 2 is 0, which indicates that the quantum keys in the key block 2 are not used. The key block 3 has a key block length of 1024, which indicates that there are 1024 quantum keys in the key block 3, and the second key index of the key block 3 is 0, which indicates that the quantum keys in the key block 3 are not used.

The second device stores the quantum key in the form of the key block, can manage the quantum key more efficiently, and also maintains second identification information of the quantum key, wherein the second identification information comprises a second key block index for indicating the key block currently used by the second device, the second identification information of the quantum key comprises second identification information of each key block, comprises each key block identification, length and a second key index, and the second key index is used for recording the length of the key block which is used in the second device, so that the use condition of the key block is convenient to track and identify.

Fig. 5 is a flowchart illustrating a decryption process performed on a one-time pad basis to obtain a message decryption result in an embodiment of the present disclosure. Referring to fig. 5, in the case where the target encryption method is a one-time pad method, the step S420 of decrypting the communication message according to the identification information of the key block and the information of the target encryption method to obtain a message decryption result includes the following steps.

Step S510, determining a decryption key block of the second device according to the identification information of the key block, and positioning a second key starting position in the decryption key block.

In the embodiment of the disclosure, the identification information of the key block in the communication packet indicates a starting position of the quantum key adopted when the first setting performs encryption processing. The second device determines a key block, i.e., a decryption key block, which is started to be used when it performs decryption processing, that is, a decryption key block from which use is subsequently started to perform decryption processing, based on the identification information of the key block.

After determining the decryption key block, the second key start position, i.e. the start position of the quantum key used by the second device when performing the decryption process, is further located.

In some embodiments of the present disclosure, the identification information of the key block includes a first key block index. The method comprises the steps of determining a decryption key block of a second device according to identification information of the key block, and locating a second key starting position in the decryption key block.

If the identification information of the key block only comprises a first key block index, the second device determines the decryption key block according to the first key block index. Since the quantum keys in the first device and the second device are used synchronously, that is, before the first device encrypts the communication information, the first identification information of the quantum key maintained by the first device and the second identification information of the quantum key maintained by the second device are identical. Thus, the second device may determine the second key start position from its stored second key index of the decryption key block.

Taking tables 3 and 5 as an example, before the first device encrypts the communication information, the first key block index in table 3 and the second key block index in table 5 are identical, and the first key index in table 3 and the second key index in table 5 are identical. For the communication message generated by the first device, the first key block index in the identification information of the key block is 1. The second device determines that the decryption key block is the key block 1 according to the first key block index, and locates the starting position of the second key as the 25 th key of the key block 1 according to the second key index 24 of the key block 1 stored in the second device, that is, performs decryption processing from the 25 th key of the key block 1.

In some embodiments of the present disclosure, the identification information of the key block includes a first key block index and a first key index of the encryption key block. The method comprises the steps of determining a decryption key block of a second device according to identification information of the key block, and locating a second key starting position in the decryption key block.

If the identification information of the key block includes a first key block index and a first key index of the encryption key block, the second device determines the decryption key block according to the first key block index, and further determines the second key starting position according to the first key index of the encryption key block.

Taking table 3 as an example, in the communication packet generated by the first device, the first key block index in the identification information of the key block is 1, and the first key index of the encryption key block is 24. The second device determines that the decryption key block is the key block 1 according to the first key block index, locates the starting position of the second key as the 25 th key of the key block 1 according to the first key index of the encryption key block as 24, and starts decryption processing from the 25 th key of the key block 1.

Step S520, starting from the second key start position, the communication message is decrypted by using the quantum key in the decryption key block based on the one-time pad mode.

After the second key starting position is located, the communication message is decrypted by using the quantum key in the decryption key block based on a one-time pad mode from the second key starting position.

In step S530, if the unused key length of the decryption key block is sufficient to support decrypting the communication message in the decryption process, a message decryption result is obtained.

During the decryption process, the second device continuously monitors the unused key length of the decryption key block. If the length of the unused secret key is long enough to cover the decryption requirement of the whole communication message, the decryption processing process is completed, and the message decryption result is obtained.

Step S540, if the unused key length of the decryption key block is insufficient to support the decryption of the communication message in the decryption process, the next key block of the decryption key block is used as a new decryption key block, and the decryption process is continued by using the new decryption key block until the decryption process of the communication message is completed, so as to obtain the message decryption result.

If the unused key length of the decryption key block is insufficient to support the decryption operation, that is, the unused key length of the decryption key block cannot cover the decryption requirement of the whole communication message, after the quantum key in the decryption key block is used, the second device automatically switches to the next key block of the decryption key block and uses the next key block as a new decryption key block, and further uses the new decryption key block to continue the decryption process from the first position which is not decrypted in the communication message. This process is repeated until the entire communication message is decrypted, and a message decryption result is obtained.

According to the communication method based on the quantum key, the second device determines the decryption key block of the second device through the identification information of the key block in the communication message, positions the second key initial position in the decryption key block, namely positions the initial position of the quantum key used when the second device performs decryption processing, and further performs one-time decryption on the communication message by using the quantum key in the second device from the initial position, so that the second device can be ensured to perform decryption processing by using the key opposite to the key adopted when the first device performs encryption processing, the decryption processing speed is accelerated, and the communication safety is improved. And when the unused key length of the decryption key block is insufficient to decrypt the whole communication message, the next key block can be automatically switched to continue decryption until the decryption processing of the whole communication message is completed, thereby ensuring that the completed message decryption result is obtained.

In some embodiments of the present disclosure, the method further includes updating the second key block index and the second key index of the key block employed for the decryption process after the decryption process of the communication message is completed.

The second device updates the second keyblob index after decrypting the communication message using the quantum key, such that the updated second keyblob index indicates the keyblob being used by the second device. And, the second device updates a second key index of the key block employed during the decryption process.

In the embodiment of the disclosure, if the quantum key in the decryption key block is used, the decryption key block is deleted.

According to the communication method based on the quantum key, after decryption processing of the communication message is completed, the second key block index and the second key index of the key block adopted in decryption processing are updated, so that the use condition of the key is managed, the key is prevented from being reused or leaked, and convenience is provided for subsequent communication.

In some embodiments of the present disclosure, the method further comprises synchronizing the key block index and the key index with the first device if the second device fails to decrypt the communication message.

In the embodiment of the disclosure, when the second device attempts to decrypt the received communication message, but fails to decrypt, for example, due to unmatched keys, wrong key block indexes or other technical problems encountered in the decryption process, the second device synchronizes the key block indexes and the key indexes with the first device so as to ensure that both sides use the same key and key block to encrypt and decrypt.

Illustratively, the second device considers decryption failed when detecting an error in the decryption process or failing to correctly recover the original information. The second device sends a synchronization request to the first device, which may contain the key block index and the key index currently used by the second device, and information about the decryption failure. After receiving the synchronization request, the first device verifies the validity of the request and confirms the currently used key block index and key index, and then sends a response to the second device, wherein the response contains the correct key block index and key index. After receiving the response from the first device, the second device updates its stored key block index and key index to match the settings of the first device.

According to the communication method based on the quantum key, through synchronizing the key block index and the key index, the second device can ensure that the second device uses the same key to conduct encryption and decryption operations so as to maintain communication safety, and when the key or the key block needs to be updated, the synchronization mechanism can ensure that the devices of the two parties can acquire the latest key information in time, and support a dynamic key updating strategy.

Fig. 6 illustrates a schematic view of a scenario in which two communication parties interact in an embodiment of the disclosure. Fig. 7 is a schematic diagram of another scenario in which two communication parties interact in an embodiment of the disclosure. As shown in fig. 6 and 7, both the communication device 1 and the communication device 2 have a quantum key distribution function and a communication function.

In the scenario shown in fig. 6, if the distance between the integrated device 1 and the integrated device 2 is smaller than or equal to the preset distance threshold, it is indicated that the distance between the integrated device 1 and the integrated device 2 is close, the optical fibers of the integrated device can be directly connected, the two ends directly perform quantum key distribution, and the generation of the key is continued until the quantum key amounts in the integrated device 1 and the integrated device 2 reach the set maximum storage amount.

In the scenario shown in fig. 7, if the distance between the integrated device 1 and the integrated device 2 is greater than the preset distance threshold, it is indicated that the distance between the integrated device 1 and the integrated device 2 is far, the integrated device 1 and the integrated device 2 are respectively connected to the quantum key distribution network, and the quantum key distribution is performed by using the quantum key distribution network, so that the key is continuously generated until the quantum key amounts in the integrated device 1 and the integrated device 2 reach the set maximum storage amount.

Fig. 8 shows a flowchart of encrypted communication by two parties in an embodiment of the disclosure. As shown in fig. 8, the encryption communication is performed between the encryption integrated apparatus 1 and the encryption integrated apparatus 2 in accordance with the following steps.

In step S801, the encryption integrated device 1 and the encryption integrated device 2 perform quantum key distribution to obtain a quantum key.

In step S802, the cryptographic integrated device 1 stores the quantum key and maintains first identification information of the quantum key.

The quantum key is stored in the form of a key block, the quantum key comprising one or more key blocks, the first identification information of the quantum key comprising a first key block index and a key block identification, a key block length, a first key index of each key block. Wherein the first key block index is used to locate the key block that the cryptographic integrated device 1 is using, and the first key index of each key block is used to record the length that the key block has been used in the cryptographic integrated device 1.

In step S803, the cryptographic integrated device 2 stores the quantum key and maintains second identification information of the quantum key.

The quantum key is stored in the form of a key block, the quantum key comprising one or more key blocks, the second identification information of the quantum key comprising a second key block index and a key block identification, a key block length, a second key index of each key block. Wherein the second key block index is used to locate the key block that the cryptographic integrated device 2 is using, and the second key index of each key block is used to record the length that the key block has been used in the cryptographic integrated device 2.

In step S804, the encryption integrated device 1 obtains the first key block index, determines the encryption key block according to the first key block index, and locates the first key start position according to the first key index of the encryption key block.

In step S805, the encryption integrated device 1 starts from the first key start position, adds the first key block index as the key block identifier to the header, and encrypts the communication information based on the one-time-pad manner by using the quantum key in the encryption integrated device 1 to obtain the communication message.

Specifically, from the initial position of the first key, one-time pad encryption processing is performed by using the quantum key in the encryption key block. If the unused key length of the encryption key block is enough to support the encryption of the communication information in the encryption process, a communication message is obtained. If the unused key length of the encryption key block is insufficient to support the encryption of the communication information in the encryption process, the next key block of the encryption key block is used as a new encryption key block, and the one-time encryption process is continued by using the new encryption key block until the encryption process of the communication information is completed, so that a communication message is obtained.

In addition, the message header of the communication message also comprises information in a one-time pad mode.

In step S806, the integrated device 1 sends the communication message to the integrated device 2.

In step S807, the encryption integrated device 2 obtains the key block identifier in the communication message, locates the decryption key block according to the first cipher block index in the key block identifier, and locates the second key start position according to the second key index of the decryption key block.

In step S808, the integrated device 2 decrypts the communication message based on the one-time-pad manner by using the quantum key in the integrated device 2 from the second key start position, and obtains the message decryption result.

Specifically, from the beginning position of the second key, the one-time pad decryption process is performed by using the quantum key in the decryption key block. If the unused key length of the decryption key block is enough to support decryption of the communication message in the decryption process, the communication message is obtained. If the unused key length of the decryption key block is insufficient to support the decryption of the communication message in the decryption process, taking the next key block of the decryption key block as a new decryption key block, and continuing one-time decryption by using the new decryption key block until the decryption of the communication message is completed, so as to obtain a message decryption result.

Step S809, the encryption integrated device 2 returns the decryption result of the encryption integrated device message.

If the encryption integrated device 2 fails to decrypt the communication message, the encryption integrated device 1 and the encryption integrated device 2 operate the key block index and the key index synchronously. Specifically, the first key block index in the integrated encryption device 1 and the second key block index in the integrated encryption device 2 are synchronized, and the first key block index in the integrated encryption device 1 and the second key block index in the integrated encryption device 2 are synchronized.

Fig. 9 shows a flowchart of another communication both parties performing encrypted communication in an embodiment of the disclosure. As shown in fig. 9, the encryption communication is performed between the encryption integrated apparatus 1 and the encryption integrated apparatus 2 in accordance with the following steps.

In step S901, the encryption integrated device 1 and the encryption integrated device 2 perform quantum key distribution, and obtain a quantum key.

In step S902, the cryptographic integrated device 1 stores the quantum key and maintains first identification information of the quantum key.

In step S903, the cryptographic integrated device 2 stores the quantum key and maintains second identification information of the quantum key.

In step S904, the encryption integrated device 1 obtains the first key block index, determines the encryption key block according to the first key block index, and locates the first key start position according to the first key index of the encryption key block.

Steps S901 to S904 are the same as steps S801 to S804 described above, and will not be described here.

In step S905, the encryption integrated device 1 starts from the first key start position, adds the first key block index and the first key index of the key block indicated by the first key block index as the key block identifier to the header, and encrypts the communication information based on the one-time encryption mode by using the quantum key in the encryption integrated device 1 to obtain the communication message.

In step S906, the integrated device 1 sends the communication message to the integrated device 2.

In step S907, the encryption integrated device 2 obtains the key block identifier in the communication message, locates the decryption key block according to the first cipher block index in the key block identifier, and locates the second key starting position according to the first key index in the key block identifier.

In step S908, the integrated device 2 decrypts the communication message based on the one-time-pad manner by using the quantum key in the integrated device 2 from the second key starting position, and obtains the message decryption result.

In step S909, the encryption integrated device 2 returns the decryption result of the encryption integrated device message.

In the interaction shown in the embodiment of fig. 8and the implementation of fig. 9, the one-time pad mode is determined by the one-time pad device 1 and the one-time pad device 2. Then, if the amount of the key in the integrated device 1 is insufficient to support the one-time pad method, the integrated device 1 and the integrated device 2 do not communicate.

In contrast to the embodiment of fig. 9, when the encryption processing is performed, the encryption integrated apparatus 1 adds the first key block index to the header as the key block identifier in addition to the first key block index as the key block identifier, and also adds the first key index of the key block indicated by the first key block index to the header as the key block identifier. Based on the above, if the communication message fails to be sent, the key block index and the key index synchronization operation are not needed.

According to the communication method based on the quantum key, encryption processing can be carried out based on the one-time-pad mode under the condition of supporting the one-time-pad mode, a cryptographic algorithm is not relied on, the communication method is suitable for high-security-level communication scenes, such as scenes of voice communication, video communication and the like, and the safety of communication is effectively improved.

Based on the same inventive concept, a communication device based on quantum key is also provided in the embodiments of the present disclosure, as described in the following embodiments. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

Fig. 10 shows a block diagram of a communication apparatus based on quantum keys in an embodiment of the disclosure, where the apparatus 1000 provided in the embodiment of fig. 10 is applied to a first device. Referring to fig. 10, the apparatus 1000 includes an encryption module 1010 and a first communication module 1020.

The encryption module 1010 is configured to determine whether the key amount of the first device supports a one-time-pad manner, if the key amount of the first device supports the one-time-pad manner, use the one-time-pad manner as a target encryption manner, encrypt communication information by using a quantum key of the first device based on the target encryption manner to obtain a communication message, where the communication message includes identification information of a key block and information of the target encryption manner, and the identification information of the key block is used to locate a starting position of the quantum key used for encryption.

The first communication module 1020 is configured to send a communication message to the second device, and receive a message decryption result sent by the second device, where the message decryption result is obtained by decrypting the communication message by the second device according to the identification information of the key block and the information of the target encryption mode.

In some embodiments of the present disclosure, as shown in fig. 10, the apparatus 1000 further includes a first quantum key distribution module 1030 and a first quantum key storage module 1040.

Wherein the first quantum key distribution module 1030 is configured to perform quantum key distribution with the second device to obtain a quantum key. The first quantum key storage module 1040 is configured to store a quantum key, and manage first identification information of the quantum key.

The quantum key comprises one or more key blocks, first identification information of the quantum key comprises a first key block index and first identification information of each key block, the first key block index is used for indicating a key block currently used by the first device, the first identification information of the key block comprises a key block identification of the key block, a key block length of the key block and a first key index of the key block, and the first key index of the key block is used for recording the length of the key block which is used in the first device.

In some embodiments of the present disclosure, the first quantum key distribution module 1030 is further configured to establish a connection between the first device and the second device, perform quantum key distribution based on the connection, and obtain a quantum key if a distance between the first device and the second device is less than or equal to a preset distance threshold, and perform quantum key distribution using a quantum key distribution network, and obtain the quantum key if the distance between the first device and the second device is greater than the preset distance threshold.

In some embodiments of the present disclosure, the encryption module 1010 is further configured to obtain a first key block index, determine an encryption key block of the first device according to the first key block index, locate a first key start position in the encryption key block according to the first key index of the encryption key block, encrypt the communication information in a one-time-pad manner using a quantum key in the encryption key block from the first key start position, obtain the communication message if an unused key length of the encryption key block is sufficient to support encryption of the communication information during encryption, and use a next key block of the encryption key block as a new encryption key block if the unused key length of the encryption key block is insufficient to support encryption of the communication information during encryption, and continue encryption with the new encryption key block until encryption of the communication information is completed, thereby obtaining the communication message.

In some embodiments of the present disclosure, the first quantum key storage module 1040 is further configured to update the first key block index and the first key index of the key block employed for the encryption process after the encryption process of the communication information is completed.

In some embodiments of the present disclosure, the encryption module 1010 is further configured to determine the first key block index as identification information of the key block, and add the identification information to a header of the communication message.

In some embodiments of the present disclosure, the encryption module 1010 is further configured to determine the first key block index and the first key index of the encryption key block as identification information of the key block, and add the identification information to a header of the communication message.

In some embodiments of the present disclosure, the encryption module 1010 is further configured to determine whether to allow encryption in a non-one-time-pad manner if the key amount of the first device does not support the one-time-pad manner, determine a target encryption manner from a preset encryption manner if encryption in the non-one-time-pad manner is allowed, and the preset encryption manner includes at least one of a stream cipher algorithm, a block cipher algorithm, and a key derivation function.

Fig. 11 shows a block diagram of another quantum key based communication device in an embodiment of the disclosure, where the device 1100 provided in the embodiment of fig. 11 is applied to a second apparatus. Referring to fig. 11, the apparatus 1100 includes a second communication module 1110 and a decryption module 1120.

The second communication module 1110 is configured to receive a communication message sent by a first device, where the communication message is obtained by encrypting communication information by using a quantum key of the first device based on a target encryption mode, and where the target encryption mode is a one-time-one-encryption mode if a key amount of the first device supports the one-time-one-encryption mode, and the communication message includes identification information of a key block and information of the target encryption mode, where the identification information of the key block is used to locate a starting position of the quantum key used for performing the encryption process.

The decryption module 1120 is configured to decrypt the communication message according to the identification information of the key block and the information of the target encryption mode, so as to obtain a message decryption result.

The second communication module 1110 is also configured to send the message decryption results to the first device.

In some embodiments of the present disclosure, as shown in fig. 11, the apparatus 1100 further includes a second quantum key distribution module 1130 and a second quantum key storage module 1140.

Wherein the second quantum key distribution module 1130 is configured to perform quantum key distribution with the first device to obtain a quantum key. The second quantum key storage module 1140 is configured to store a quantum key, manage second identification information of the quantum key.

The quantum key comprises one or more key blocks, second identification information of the quantum key comprises a second key block index and second identification information of each key block, the second key block index is used for indicating a key block currently used by second equipment, the second identification information of the key block comprises a key block identification of the key block, a key block length of the key block and a second key index of the key block, and the second key index of the key block is used for recording the length of the key block which is used in the second equipment.

In some embodiments of the present disclosure, the second quantum key distribution module 1130 is further configured to establish a connection between the first device and the second device if the distance between the first device and the second device is less than or equal to a preset distance threshold, perform quantum key distribution based on the connection, and obtain a quantum key, and perform quantum key distribution using the quantum key distribution network if the distance between the first device and the second device is greater than the preset distance threshold, and obtain the quantum key.

In some embodiments of the present disclosure, the decryption module 1120 is further configured to determine a decryption key block of the second device according to the identification information of the key block, locate a second key start position in the decryption key block, perform decryption processing on the communication message based on a one-time pad manner by using a quantum key in the decryption key block from the second key start position, obtain a message decryption result if an unused key length of the decryption key block is sufficient to support decrypting the communication message during the decryption processing, and use a next key block of the decryption key block as a new decryption key block if the unused key length of the decryption key block is insufficient to support decrypting the communication message during the decryption processing, and continue the decryption processing by using the new decryption key block until the decryption processing of the communication message is completed, thereby obtaining the message decryption result.

In some embodiments of the present disclosure, the second quantum key storage module 1140 is further configured to update the second key block index and the second key index of the key block employed for the decryption process after the decryption process of the communication message is completed.

In some embodiments of the present disclosure, the identification information of the key block includes a first key block index. Wherein the decryption module 1120 is further configured to determine a decryption key block from the first key block index and to locate a second key start position from the second key index of the decryption key block.

In some embodiments of the present disclosure, the second quantum key storage module 1140 is further configured to synchronize the key block index and the key index with the first device if the second device fails to decrypt the communication message.

In some embodiments of the present disclosure, the identification information of the key block includes a first key block index and a first key index of the encryption key block. Wherein the decryption module 1120 is further configured to determine a decryption key block based on the first key block index and to locate the second key start position based on the first key index of the encryption key block.

It should be noted that, each module in the above embodiment of the apparatus is the same as examples and application scenarios implemented by corresponding steps in the method embodiment, but is not limited to what is disclosed in the above method embodiment. It should be noted that the modules described above may be implemented as part of an apparatus in a computer system, such as a set of computer-executable instructions.

Those skilled in the art will appreciate that the various aspects of the present disclosure may be embodied in the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.), or an embodiment combining hardware and software aspects that may be referred to herein as a "circuit," module "or" system.

Based on the same inventive concept, an electronic device is further provided in an embodiment of the present disclosure, and the electronic device includes a processor, and a memory for storing executable instructions of the processor, wherein the processor is configured to perform any one of the above quantum key based communication methods via execution of the executable instructions. Since the principle of solving the problem of the embodiment of the electronic device is similar to that of the embodiment of the method, the implementation of the embodiment of the electronic device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

An electronic device 1200 according to such an embodiment of the present disclosure is described below with reference to fig. 12. The electronic device 1200 shown in fig. 12 is merely an example, and should not be construed as limiting the functionality and scope of use of the disclosed embodiments.

As shown in fig. 12, the electronic device 1200 is in the form of a general purpose computing device. The components of the electronic device 1200 may include, but are not limited to, the at least one processing unit 1210, the at least one memory unit 1220, and a bus 1230 connecting the different system components (including the memory unit 1220 and the processing unit 1210).

Wherein the storage unit stores program code that is executable by the processing unit 1210 such that the processing unit 1210 performs steps according to various exemplary embodiments of the present disclosure described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 1210 may perform the steps of the embodiment of fig. 2 described above.

The storage unit 1220 may include a readable medium in the form of a volatile storage unit, such as a Random Access Memory (RAM) 12201 and/or a cache memory 12202, and may further include a Read Only Memory (ROM) 12203.

Storage unit 1220 may also include a program/utility 12204 having a set (at least one) of program modules 12205, such program modules 12205 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.

Bus 1230 may be a local bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or using any of a variety of bus architectures.

The electronic device 1200 may also communicate with one or more external devices 1240 (e.g., keyboard, pointing device, bluetooth device, etc.), one or more devices that enable a user to interact with the electronic device 1200, and/or any devices (e.g., routers, modems, etc.) that enable the electronic device 1200 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1250. Also, the electronic device 1200 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet through the network adapter 1260. As shown, the network adapter 1260 communicates with other modules of the electronic device 1200 over bus 1230. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with the electronic device 1200, including, but not limited to, microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.

From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

Based on the same inventive concept, there is also provided in an embodiment of the present disclosure a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the quantum key based communication method of any one of the above. Since the principle of the solution of the problem of the embodiment of the computer readable storage medium is similar to that of the embodiment of the method, the implementation of the embodiment of the computer readable storage medium can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

More specific examples of a computer-readable storage medium in the disclosure can include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

In this disclosure, a computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Alternatively, the program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

In particular implementations, the program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

Based on the same inventive concept, there is also provided in embodiments of the present disclosure a computer program product, including a computer program or instructions, which when executed by a processor, implement a quantum key based communication method of any of the above method embodiments. Since the principle of the solution of the problem of the embodiment of the computer program product is similar to that of the embodiment of the method, the implementation of the embodiment of the computer program product can be referred to the implementation of the embodiment of the method, and the repetition is omitted.

It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.

Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order, or that all illustrated steps be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.

From the description of the above embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A communication method based on quantum key, characterized in that the method is performed by a first device, and the method comprises:

Determining whether the key quantity of the first device supports a one-time pad method;

If the key quantity of the first device supports the one-time pad method, use the one-time pad method as the target encryption method;

Based on the target encryption method, encrypt the communication information using the quantum key of the first device to obtain a communication message; the communication message includes identification information of the key block and information of the target encryption method, and the identification information of the key block is used to locate the starting position of the quantum key used for encryption processing;

Sending the communication message to the second device, and receiving the message decryption result sent by the second device; the message decryption result is obtained by the second device decrypting the communication message according to the identification information of the key block and the information of the target encryption method;

And, the method further comprises:

Performing quantum key distribution with the second device to obtain a quantum key;

Storing the quantum key and managing the first identification information of the quantum key;

The quantum key includes one or more key blocks, and the first identification information of the quantum key includes a first key block index and first identification information of each of the key blocks;

The first key block index is used to indicate the key block currently used by the first device; the first identification information of the key block includes the key block identification of the key block, the key block length of the key block and the first key index of the key block, and the first key index of the key block is used to record the length of the key block that has been used in the first device.

2. The communication method according to claim 1, wherein the performing quantum key distribution with the second device to obtain the quantum key comprises:

If the distance between the first device and the second device is less than or equal to a preset distance threshold, establishing a connection between the first device and the second device, performing quantum key distribution based on the connection, and obtaining the quantum key;

If the distance between the first device and the second device is greater than the preset distance threshold, quantum key distribution is performed using a quantum key distribution network to obtain the quantum key.

3. The communication method according to claim 1, characterized in that the step of encrypting the communication information based on the target encryption mode using the quantum key of the first device to obtain the communication message comprises:

Obtaining the first key block index, and determining the encryption key block of the first device according to the first key block index;

Locating a first key start position in the encryption key block according to a first key index of the encryption key block;

Starting from the starting position of the first key, using the quantum key in the encryption key block, encrypting the communication information based on the one-time pad method;

If the unused key length of the encryption key block during the encryption process is sufficient to support encryption of the communication information, obtaining the communication message;

If during the encryption process the unused key length of the encryption key block is insufficient to support the encryption of the communication information, the next key block of the encryption key block is used as a new encryption key block, and the encryption process is continued using the new encryption key block until the encryption process of the communication information is completed and the communication message is obtained.

4. The communication method according to claim 3, characterized in that the method further comprises:

After completing the encryption process of the communication information, the first key block index and the first key index of the key block used for the encryption process are updated.

5. The communication method according to claim 3, characterized in that the method further comprises:

The first key block index is determined as identification information of the key block, and is added to a message header of the communication message.

6. The communication method according to claim 3, characterized in that the method further comprises:

The first key block index and the first key index of the encryption key block are determined as identification information of the key block, and added to the message header of the communication message.

7. The communication method according to any one of claims 1 to 6, characterized in that before encrypting the communication information using the quantum key of the first device based on the target encryption mode to obtain the communication message, the method further comprises:

If the key quantity of the first device does not support the one-time pad method, determining whether to allow encryption using a non-one-time pad method;

If the non-one-time pad encryption method is allowed, the target encryption method is determined from a preset encryption method; the preset encryption method includes at least one of a stream cipher algorithm, a block cipher algorithm, and a key derivation function.

8. A communication method based on quantum key, characterized in that the method is performed by a second device, and the method comprises:

receiving a communication message sent by a first device; the communication message is obtained by the first device encrypting the communication information based on a target encryption method by using the quantum key of the first device; in the case where the key amount of the first device supports a one-time pad method, the target encryption method is the one-time pad method; the communication message includes identification information of a key block and information of the target encryption method, and the identification information of the key block is used to locate the starting position of the quantum key used for encryption processing;

Decrypting the communication message according to the identification information of the key block and the information of the target encryption mode to obtain a message decryption result;

Sending the message decryption result to the first device;

And, the method further comprises:

Performing quantum key distribution with the first device to obtain a quantum key;

Storing the quantum key and managing the second identification information of the quantum key;

The quantum key includes one or more key blocks, and the second identification information of the quantum key includes a second key block index and second identification information of each of the key blocks;

The second key block index is used to indicate the key block currently used by the second device; the second identification information of the key block includes the key block identification of the key block, the key block length of the key block and the second key index of the key block, and the second key index of the key block is used to record the length of the key block that has been used in the second device.

9. The communication method according to claim 8, characterized in that the step of performing quantum key distribution with the first device to obtain a quantum key comprises:

10. The communication method according to claim 8, characterized in that the decrypting the communication message according to the identification information of the key block and the information of the target encryption mode to obtain the message decryption result comprises:

Determine the decryption key block of the second device according to the identification information of the key block, and locate the starting position of the second key in the decryption key block;

Starting from the starting position of the second key, using the quantum key in the decryption key block, decrypting the communication message based on the one-time pad method;

If the unused key length of the decryption key block is sufficient to support decryption of the communication message during the decryption process, obtaining the message decryption result;

If during the decryption process the unused key length of the decryption key block is insufficient to support decryption of the communication message, the next key block of the decryption key block is used as a new decryption key block, and the decryption process is continued using the new decryption key block until the decryption process of the communication message is completed and the message decryption result is obtained.

11. The communication method according to claim 10, characterized in that the method further comprises:

After completing the decryption process of the communication message, the second key block index and the second key index of the key block used for the decryption process are updated.

12. The communication method according to claim 10, characterized in that the identification information of the key block includes a first key block index;

The step of determining the decryption key block of the second device according to the identification information of the key block and locating the starting position of the second key in the decryption key block includes:

Determining the decryption key block according to the first key block index;

The second key starting position is located according to the second key index of the decryption key block.

13. The communication method according to claim 12, characterized in that the method further comprises:

If the second device fails to decrypt the communication message, it synchronizes the key block index and the key index with the first device.

14. The communication method according to claim 10, characterized in that the identification information of the key block includes a first key block index and a first key index of the encrypted key block;

Determining the decryption key block according to the first key block index;

The second key starting position is located according to the first key index of the encryption key block.

15. A communication device based on quantum key, characterized in that the device is applied to a first device, and the device comprises:

an encryption module, configured to determine whether the key amount of the first device supports a one-time pad method; if the key amount of the first device supports the one-time pad method, use the one-time pad method as a target encryption method; based on the target encryption method, encrypt the communication information using the quantum key of the first device to obtain a communication message; the communication message includes identification information of the key block and information of the target encryption method, and the identification information of the key block is used to locate the starting position of the quantum key used for encryption processing;

A first communication module is configured to send the communication message to the second device and receive a message decryption result sent by the second device; the message decryption result is obtained by the second device decrypting the communication message according to the identification information of the key block and the information of the target encryption method;

A first quantum key distribution module is configured to perform quantum key distribution with a second device to obtain a quantum key;

A first quantum key storage module is configured to store the quantum key and manage first identification information of the quantum key;

16. A communication device based on quantum key, characterized in that the device is applied to a second device, and the device comprises:

a second communication module configured to receive a communication message sent by a first device; the communication message is obtained by the first device encrypting the communication information based on a target encryption method using the quantum key of the first device; in the case where the key amount of the first device supports a one-time pad method, the target encryption method is the one-time pad method; the communication message includes identification information of a key block and information of the target encryption method, and the identification information of the key block is used to locate the starting position of the quantum key used for encryption processing;

A decryption module, configured to decrypt the communication message according to the identification information of the key block and the information of the target encryption mode to obtain a message decryption result;

The second communication module is further configured to send the message decryption result to the first device;

A second quantum key distribution module is configured to perform quantum key distribution with the first device to obtain a quantum key;

A second quantum key storage module is configured to store the quantum key and manage second identification information of the quantum key;

17. An electronic device, comprising:

Processor; and

A memory, configured to store executable instructions of the processor;

The processor is configured to execute the quantum key-based communication method described in any one of claims 1 to 7, or execute the quantum key-based communication method described in any one of claims 8 to 14, by executing the executable instructions.

18. A computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, the computer program implements the quantum key-based communication method described in any one of claims 1 to 7, or implements the quantum key-based communication method described in any one of claims 8 to 14.

19. A computer program product, comprising: a computer program or an instruction, characterized in that when the computer program or the instruction is executed by a processor, it implements the communication method based on quantum key described in any one of claims 1 to 7, or implements the communication method based on quantum key described in any one of claims 8 to 14.