[go: up one dir, main page]

CN111404674A - Method and equipment for generating and receiving session key - Google Patents

Method and equipment for generating and receiving session key Download PDF

Info

Publication number
CN111404674A
CN111404674A CN201910002534.0A CN201910002534A CN111404674A CN 111404674 A CN111404674 A CN 111404674A CN 201910002534 A CN201910002534 A CN 201910002534A CN 111404674 A CN111404674 A CN 111404674A
Authority
CN
China
Prior art keywords
random number
quantum
key
session key
receiving
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910002534.0A
Other languages
Chinese (zh)
Other versions
CN111404674B (en
Inventor
刘福文
马冰柯
阎军智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
Research Institute of China Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, Research Institute of China Mobile Communication Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201910002534.0A priority Critical patent/CN111404674B/en
Publication of CN111404674A publication Critical patent/CN111404674A/en
Application granted granted Critical
Publication of CN111404674B publication Critical patent/CN111404674B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本发明公开了一种会话密钥的生成和接收方法及设备,用于解决量子通信易受干扰的问题。该方法包括:生成至少一个随机数S;通过与每个随机数S对应的量子通道传输对应的随机数S,以使接收方利用哈希函数对接收的随机数S与预设密钥进行哈希运算生成会话密钥Ks;接收量子密钥分发端通过至少两个量子通道传输的对应随机数S;利用哈希函数对接收的随机数S和预设密钥进行哈希运算,生成会话密钥Ks。用于在量子通信中长距离传输量子密钥以及量子密钥的抗干扰传输。

Figure 201910002534

The invention discloses a method and device for generating and receiving a session key, which are used to solve the problem that quantum communication is susceptible to interference. The method includes: generating at least one random number S; transmitting the corresponding random number S through a quantum channel corresponding to each random number S, so that the receiver uses a hash function to hash the received random number S with a preset key. The hash operation generates the session key Ks; receives the corresponding random number S transmitted by the quantum key distribution end through at least two quantum channels; uses the hash function to perform the hash operation on the received random number S and the preset key to generate the session key. key Ks. For the transmission of quantum keys over long distances in quantum communication and the anti-jamming transmission of quantum keys.

Figure 201910002534

Description

一种会话密钥的生成和接收方法及设备A method and device for generating and receiving a session key

技术领域technical field

本发明涉及量子密钥分发,尤其涉及一种会话密钥的生成和接收方法及设备。The present invention relates to quantum key distribution, in particular to a method and device for generating and receiving session keys.

背景技术Background technique

由于量子计算技术的快速发展,许多经典密码算法的安全性面临日益严峻的挑战。量子计算技术对非对称密码算法和对称密码算法有不同影响。现有的对称密码算法,只要其密钥长度增加一倍,就可以保证其在量子计算条件下的安全。而量子计算技术将使现在普遍使用的基于计算复杂性的非对称算法,如RSA、DH全都失效。因为大多数系统的数据保护使用对称密钥算法,但其使用的密钥依赖于非对称算法来生成,所以量子计算技术对现在的安全系统将造成严重威胁。Due to the rapid development of quantum computing technology, the security of many classical cryptographic algorithms faces increasingly severe challenges. Quantum computing technology has different effects on asymmetric cryptographic algorithms and symmetric cryptographic algorithms. Existing symmetric cryptographic algorithms can be guaranteed to be secure under quantum computing conditions as long as their key length is doubled. Quantum computing technology will invalidate the asymmetric algorithms based on computational complexity, such as RSA and DH, which are commonly used now. Because the data protection of most systems uses symmetric key algorithms, but the keys used depend on asymmetric algorithms to generate, so quantum computing technology will pose a serious threat to today's security systems.

基于量子力学定律的不可再分、测不准、不可复制以及理想随机等特性,并不依赖于任何对计算复杂性的要求和假设,量子密钥分发(Quantum Key Distribution)是一种在量子时代能保证密钥安全分发的关键技术。它替代现有的非对称算法实现密钥协商,可以使现在的安全系统在量子时代仍能继续使用。虽然它有广阔的应用前景,但有以下缺点:Based on the non-divisible, inaccurate, non-reproducible and ideal random characteristics of the laws of quantum mechanics, and does not depend on any requirements and assumptions on computational complexity, Quantum Key Distribution (Quantum Key Distribution) is a method in the quantum era. The key technology to ensure the safe distribution of keys. It replaces the existing asymmetric algorithm to achieve key agreement, which can enable the current security system to continue to be used in the quantum era. Although it has broad application prospects, it has the following disadvantages:

在量子通信过程中,量子被测量时会发生状态的突变,通信双方一旦发现状态有变就会停止通信。因此敌方任何形式的入侵行为,不管是窃听、复制还是干扰,都会阻挠通信。In the process of quantum communication, a sudden change of state occurs when the quantum is measured. Once the two communicating parties find that the state has changed, they will stop communicating. So any form of intrusion by the adversary, be it eavesdropping, copying, or jamming, will obstruct communications.

发明内容SUMMARY OF THE INVENTION

本发明提供一种会话密钥的生成和接收方法及设备,可以解决量子通信易受干扰的问题。The invention provides a method and device for generating and receiving a session key, which can solve the problem that quantum communication is susceptible to interference.

第一方面,本发明提供一种会话密钥的生成方法,该方法包括:In a first aspect, the present invention provides a method for generating a session key, the method comprising:

生成至少一个随机数;generate at least one random number;

通过与所述随机数对应的量子通道传输对应的随机数,以使接收方利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥。The corresponding random number is transmitted through the quantum channel corresponding to the random number, so that the receiver uses a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

第二方面,本发明提供一种会话密钥的接收方法,该方法包括:In a second aspect, the present invention provides a method for receiving a session key, the method comprising:

接收量子密钥分发端通过至少两个量子通道传输的对应随机数;Receive the corresponding random number transmitted by the quantum key distributor through at least two quantum channels;

利用哈希函数对接收的随机数和预设密钥进行哈希运算,生成会话密钥。The received random number and preset key are hashed with a hash function to generate a session key.

第三方面,本发明提供一种会话密钥的生成设备,该设备包括:处理器以及存储器,其中,所述存储器存储有程序代码,当所述程序代码被所述处理器执行时,使得所述处理器执行以下步骤:In a third aspect, the present invention provides a device for generating a session key, the device comprising: a processor and a memory, wherein the memory stores program codes, and when the program codes are executed by the processor, all The described processor performs the following steps:

生成至少一个随机数;generate at least one random number;

通过与所述随机数对应的量子通道传输对应的随机数,以使接收方利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥。The corresponding random number is transmitted through the quantum channel corresponding to the random number, so that the receiver uses a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

第四方面,本发明提供一种会话密钥的接收设备,该设备包括:处理器以及存储器,其中,所述存储器存储有程序代码,当所述程序代码被所述处理器执行时,使得所述处理器执行以下步骤:In a fourth aspect, the present invention provides a device for receiving a session key, the device comprising: a processor and a memory, wherein the memory stores program codes, and when the program codes are executed by the processor, all The described processor performs the following steps:

接收量子密钥分发端通过至少两个量子通道传输的对应随机数;Receive the corresponding random number transmitted by the quantum key distributor through at least two quantum channels;

利用哈希函数对接收的随机数和预设密钥进行哈希运算,生成会话密钥。The received random number and preset key are hashed with a hash function to generate a session key.

本发明提供的一种会话密钥的生成和接收方法及设备,具有以下有益效果:A method and device for generating and receiving a session key provided by the present invention have the following beneficial effects:

根据预置密钥和随机数基于哈希函数生成会话密钥,能够保证会话密钥的安全性不依赖于量子网络的中继站是否可信,从而能够在利用中继站远距离传输量子密钥时,量子通信不易受阻挠,能够满足用户对会话密钥安全性的要求;According to the preset key and random number, the session key is generated based on the hash function, which can ensure that the security of the session key does not depend on whether the relay station of the quantum network is trustworthy, so that when the relay station is used to transmit the quantum key over a long distance, the quantum Communication is not easily obstructed and can meet the user's requirements for session key security;

并且,采用多量子通道密钥分发时,能够保证在一个量子通道受到干扰时,整个量子通信系统仍然不受影响,提高了量子通信的抗干扰能力。In addition, when a multi-quantum channel key distribution is adopted, it can be ensured that when one quantum channel is disturbed, the entire quantum communication system is still unaffected, which improves the anti-interference ability of quantum communication.

附图说明Description of drawings

为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the technical solutions in the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings used in the description of the embodiments. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without any creative effort.

图1为一种会话密钥的生成和接收系统图;1 is a system diagram for generating and receiving a session key;

图2为单量子通道密钥生成系统图;Figure 2 is a diagram of a single quantum channel key generation system;

图3为两个量子通道密钥生成系统图;Figure 3 is a diagram of two quantum channel key generation systems;

图4为多个量子通道密钥生成系统图;Fig. 4 is a system diagram of multiple quantum channel key generation;

图5为一种会话密钥的生成方法图;Fig. 5 is a kind of generation method diagram of session key;

图6为一种会话密钥的接收方法图。FIG. 6 is a diagram of a method for receiving a session key.

具体实施方式Detailed ways

为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

实施例一Example 1

本发明实施例提供一种会话密钥的生成和接收系统,如图1所示,该系统包括量子密钥分发端、至少一个量子密钥接收端、至少两个量子通道,其中:An embodiment of the present invention provides a system for generating and receiving session keys. As shown in FIG. 1 , the system includes a quantum key distribution terminal, at least one quantum key receiving terminal, and at least two quantum channels, wherein:

量子密钥分发端,用于生成至少一个随机数S,通过至少两个量子通道将生成的上述随机数S发送给至少一个量子密钥接收端;The quantum key distribution terminal is used to generate at least one random number S, and sends the generated random number S to at least one quantum key receiving terminal through at least two quantum channels;

量子密钥接收端,接收量子密钥分发端通过至少两个量子通道传输的对应随机数S,利用哈希函数将接收到的随机数S与预设密钥K进行哈希运算后生成会话密钥Ks。The quantum key receiving end receives the corresponding random number S transmitted by the quantum key distributing end through at least two quantum channels, and uses a hash function to perform a hash operation on the received random number S and the preset key K to generate a session key. key Ks.

因为哈希函数是一种把任意长度的数据通过散列算法压缩到某一个固定长度的单向散列函数,因此,即使攻击者获取了量子通道传输的随机数S,因不知道通信用户双方预设的密钥,也无法获取上述会话密钥Ks,保证了量子通信的可靠性,保障了生成会话密钥的安全性。Because the hash function is a one-way hash function that compresses data of any length to a certain fixed length through a hash algorithm, even if the attacker obtains the random number S transmitted by the quantum channel, because the two parties of the communication do not know The above-mentioned session key Ks cannot be obtained even with the preset key, which ensures the reliability of quantum communication and the security of generating the session key.

另外,在量子通信过程中,基于量子通道的特性,能够保证发送的消息和接收消息的一致性,攻击者无法修改随机数S,而且,量子被测量时会发生状态的突变,通信双方一旦发现状态有变就会停止通信,而本实施例提供的使用多个量子通道传输随机数S,能够保证即使一个量子通道受到干扰时,通信双方也不会停止通信,依然可以利用未被干扰的量子通道中传输的随机数S生成会话密钥。In addition, in the process of quantum communication, based on the characteristics of the quantum channel, the consistency of the sent message and the received message can be guaranteed, the attacker cannot modify the random number S, and the state mutation will occur when the quantum is measured. If the state changes, the communication will be stopped, and the use of multiple quantum channels to transmit the random number S provided in this embodiment can ensure that even if one quantum channel is disturbed, the two communicating parties will not stop the communication, and the undisturbed quantum channel can still be used. The random number S transmitted in the channel generates the session key.

作为一种可选的实施方式,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。As an optional implementation manner, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

作为一种可选的实施方式,上述随机数S表示单个随机数值,也可以表示一个随机数流。As an optional implementation manner, the above random number S represents a single random number value, and may also represent a random number stream.

根据随机数S和量子通道的个数不同,上述通过至少两个量子通道将生成的上述随机数S发送给至少一个量子密钥接收端有以下几种情况:Depending on the number of random numbers S and quantum channels, the above-mentioned random number S is sent to at least one quantum key receiver through at least two quantum channels in the following situations:

情况一:随机数S表示单个随机数值时,单个随机数S对应使用一个量子通道A传输上述单个随机数S;Case 1: When the random number S represents a single random value, the single random number S uses a quantum channel A to transmit the above-mentioned single random number S correspondingly;

情况二:随机数S表示一个随机数流时,一个随机数流S对应使用一个量子通道A传输上述一个随机数流S;Case 2: When the random number S represents a random number stream, a random number stream S correspondingly uses a quantum channel A to transmit the above-mentioned random number stream S;

情况三:n(n为正整数且大于等于2)个随机数值S表示n个随机数值S1S2…Sn时,每个随机数值对应使用一个量子通道A传输上述单个随机数值S,共需使用n个量子通道传输,如,通过量子通道A1传输随机数值S1,通过量子通道A2传输随机数值S2,同理,通过量子通道An传输随机数Sn。Case 3: When n (n is a positive integer and greater than or equal to 2) random values S represent n random values S 1 S 2 ...S n , each random value uses a quantum channel A to transmit the above single random value S, a total of It needs to use n quantum channels for transmission, for example, the random value S 1 is transmitted through the quantum channel A 1 , the random value S 2 is transmitted through the quantum channel A 2 , and similarly, the random number Sn is transmitted through the quantum channel An.

情况四:n(n为正整数且大于等于2)个随机数流S表示n个随机数流S1S2…Sn时,每个随机数流对应使用一个量子通道A传输上述单个随机数流S,共需使用n个量子通道传输,如,通过量子通道A1传输随机数流S1,通过量子通道A2传输随机数流S2,同理,通过量子通道An传输随机数流SnCase 4: When n (n is a positive integer and greater than or equal to 2) random number streams S represent n random number streams S 1 S 2 ...S n , each random number stream uses a quantum channel A to transmit the above single random number The stream S needs to be transmitted using n quantum channels in total. For example, the random number stream S 1 is transmitted through the quantum channel A 1 , and the random number stream S 2 is transmitted through the quantum channel A 2 . Similarly, the random number stream is transmitted through the quantum channel A n . Sn .

作为一种可选的实施方式,通过与每个随机数S对应的量子通道传输对应的随机数S,包括:As an optional implementation manner, the corresponding random number S is transmitted through the quantum channel corresponding to each random number S, including:

通过量子通信中继网络中与每个随机数S对应的量子通道传输对应的随机数S。The corresponding random number S is transmitted through the quantum channel corresponding to each random number S in the quantum communication relay network.

因为量子通信使用单光子为载体,考虑到单光子在光纤信道的衰减和探测器的灵敏度,量子通信距离一般不会超过200公里,限制了量子密钥分发的使用范围,而中继网络中有多个中继站进行量子密钥的中继转发,可以实现量子通信的远距离传输。Because quantum communication uses a single photon as a carrier, considering the attenuation of a single photon in the fiber channel and the sensitivity of the detector, the quantum communication distance generally does not exceed 200 kilometers, which limits the use range of quantum key distribution. Multiple relay stations relay and forward quantum keys, which can realize long-distance transmission of quantum communication.

现有技术中,两个远距离通信用户之间至少有一个以上的中继站,每相邻两个中继站之间利用量子通道获取共享的量子密钥,并逐段利用共享的量子密钥对要传输的会话密钥进行“加密-解密-加密…解密”的中继转发操作,最终接受方获取会话密钥,实现远距离量子通信。而且现有技术中上述量子密钥传输依赖于中继站是可信中继站。In the prior art, there are at least one relay station between two long-distance communication users, and each adjacent two relay stations use a quantum channel to obtain a shared quantum key, and use the shared quantum key pair to transmit segment by segment. The relay and forwarding operation of "encryption-decryption-encryption...decryption" is carried out with the session key of the receiver, and finally the receiver obtains the session key and realizes long-distance quantum communication. Moreover, in the prior art, the above quantum key transmission depends on the relay station being a trusted relay station.

本实施例中利用量子通信中继网络能够实现量子通信远距离传输,具体的,量子通信中继网络是由至少一个中继站组成的中继网络架构,由中继站作为中继转发,将分发端用户传输的信息转发到接收端接收。两个通信用户之间至少有一个以上的中继站,每相邻两个中继站之间通过至少一个量子通道传输对应的随机数S,经过多个中继站将上述随机数S转发操作,最终接收方获取会话密钥,实现远距离量子通信。In this embodiment, the quantum communication relay network can be used to realize long-distance transmission of quantum communication. Specifically, the quantum communication relay network is a relay network architecture composed of at least one relay station. The information is forwarded to the receiving end to receive. There are at least one relay station between two communication users, and the corresponding random number S is transmitted between each adjacent two relay stations through at least one quantum channel. After multiple relay stations forward the above random number S, the receiver finally obtains the session key to realize long-distance quantum communication.

因为上述中继站是对上述随机数S的中继转发操作,因此不需要求中继站是可信中继站,即使中继站不可信,攻击者获取了上述随机数,因为上述接收端利用哈希函数对接收的随机数S与预设密钥进行哈希运算生成会话密钥Ks,基于上述哈希函数的特性,攻击者在不知道通信双方预设密钥的情况下,无法根据S获取上述会话密钥Ks,确保了利用中继网络中的量子通道传输随机数S基于哈希函数生成的会话密钥Ks的安全性。Because the above relay station is a relay forwarding operation for the above random number S, there is no need to ask the relay station to be a trusted relay station. Even if the relay station is not credible, the attacker obtains the above random number, because the above receiving end uses a hash function to receive random numbers. The number S and the preset key are hashed to generate the session key Ks. Based on the characteristics of the above-mentioned hash function, the attacker cannot obtain the above-mentioned session key Ks according to S without knowing the preset keys of both parties. The security of the session key Ks generated based on the hash function is ensured by using the quantum channel in the relay network to transmit the random number S.

综上,分发端利用上述量子通信中继网络中与每个随机数S对应的量子通道传输对应的随机数S,接收方利用哈希函数对接收的随机数S与预设密钥进行哈希运算生成会话密钥Ks,不仅可以实现量子通道的远距离传输,而且可以解决量子通信易受阻挠的问题。To sum up, the distribution end uses the quantum channel corresponding to each random number S in the above quantum communication relay network to transmit the corresponding random number S, and the receiver uses a hash function to hash the received random number S and the preset key. The operation to generate the session key Ks can not only realize the long-distance transmission of the quantum channel, but also solve the problem that quantum communication is easily obstructed.

作为一种可选的实施方式,分发端可以给一个接收端发送至少一个随机数S,也可以给多个接收端发送至少一个随机数S。分发端也可以利用预设密钥K和生成的随机数S基于哈希函数生成会话密钥Ks,以使分发端和一个或多个接收端之间利用会话密钥Ks进行通信。As an optional implementation manner, the distributing end may send at least one random number S to one receiving end, and may also send at least one random number S to multiple receiving ends. The distributor can also generate the session key Ks based on the hash function by using the preset key K and the generated random number S, so that the distributor and one or more receivers communicate using the session key Ks.

作为一种可选的实施方式,分发端和一个或多个接收端之间利用会话密钥Ks进行通信,包括:As an optional implementation manner, the communication between the distributing end and one or more receiving ends uses the session key Ks, including:

分发端收到接收方反馈的确认消息,确定被接收方成功接收的随机数S;The distributor receives the confirmation message fed back by the receiver, and determines the random number S successfully received by the receiver;

利用哈希函数对上述被接收方成功接收的随机数S和预设密钥进行哈希运算,生成会话密钥Ks。A hash function is used to perform a hash operation on the random number S successfully received by the recipient and the preset key to generate a session key Ks.

此时,分发端收到接收端反馈的确认消息,知道接收端都有哪些随机数S被接收,分发端和接收端可以利用哈希函数将预设的密钥K和被成功接收的随机数S进行哈希运算,生成相同的会话密钥Ks,利用会话密钥Ks对分发端要传递的消息进行加密,保证分发端和接收端用户双方通信的安全。At this point, the distributing end receives the confirmation message fed back by the receiving end, and knows which random numbers S have been received by the receiving end. S performs a hash operation to generate the same session key Ks, and uses the session key Ks to encrypt the message to be transmitted by the distributor to ensure the security of the communication between the user at the distributor and the receiver.

作为另一种可选的实施方式,分发端作为分发量子密钥的分发方,可以给多个接收端发送至少一个随机数S。其中,各个接收端都接收到同一个随机数S,或者都接收到相同的多个随机数S,各个接收端分别利用接收的随机数S和预设密钥K基于哈希函数生成会话密钥Ks。因为各接收端接收的随机数S和预设密钥K都相同,所以基于哈希函数生成相同的会话密钥Ks,会话密钥Ks可作为共享会话密钥对多个接收端中任意两个接收端之间传递的消息进行加密,保证通信双方传递消息的安全。As another optional implementation manner, the distributing end, as the distributing party for distributing the quantum key, can send at least one random number S to multiple receiving ends. Among them, each receiving end receives the same random number S, or all receive the same multiple random numbers S, and each receiving end uses the received random number S and the preset key K to generate the session key based on the hash function. Ks. Because the random number S and the preset key K received by each receiver are the same, the same session key Ks is generated based on the hash function. The session key Ks can be used as a shared session key for any two of the multiple receivers. The messages transmitted between the receivers are encrypted to ensure the security of the messages transmitted by both parties.

综上,本实施例中利用中继网络解决了量子通信距离短的问题,利用中继网络中的多量子通道解决了量子通信易受干扰的问题。To sum up, in this embodiment, the problem of short quantum communication distance is solved by using the relay network, and the problem that quantum communication is susceptible to interference is solved by using multiple quantum channels in the relay network.

为了清楚描述本发明实施例提供的一种量子密钥安全分发系统,以两个量子通道密钥分发系统为例,将该系统限定为包括:一个量子密钥分发端、一个量子密钥接收端、量子中继网络、一个量子通道。如图2所示,系统中量子密钥分发端和量子密钥接收端的交互流程如下:In order to clearly describe a quantum key security distribution system provided by the embodiment of the present invention, two quantum channel key distribution systems are taken as an example, and the systems are limited to include: a quantum key distribution end and a quantum key receiving end , a quantum relay network, a quantum channel. As shown in Figure 2, the interaction process between the quantum key distributor and the quantum key receiver in the system is as follows:

步骤201:分发端生成一个随机数S,此随机数S表示单个随机数值;Step 201: the distribution end generates a random number S, where the random number S represents a single random value;

步骤202:通过量子中继网络中的一个量子通道向接收端传输对应的随机数S;Step 202: transmit the corresponding random number S to the receiving end through a quantum channel in the quantum relay network;

中继网络中有多个中继站,量子通道经过各个中继站的中继转发操作,将分发端发送的随机数S进行中继转发,最终将上述随机数S传输到接收端进行接收。There are multiple relay stations in the relay network. After the relay and forwarding operation of each relay station, the quantum channel relays and forwards the random number S sent by the distribution terminal, and finally transmits the random number S to the receiving terminal for reception.

步骤203:接收端接收单个量子通道传输的对应随机数S,利用哈希函数对接收的随机数S和预设密钥K进行哈希运算,生成会话密钥Ks。Step 203: The receiving end receives the corresponding random number S transmitted by the single quantum channel, and uses a hash function to perform a hash operation on the received random number S and the preset key K, to generate a session key Ks.

上述预设密钥K是分发方和接收方事先约定的相同的预设密钥K。The above-mentioned preset key K is the same preset key K agreed in advance by the distributor and the receiver.

步骤204:接收端成功接收到随机数S后,向分发端反馈确认消息。Step 204: After the receiving end successfully receives the random number S, it feeds back a confirmation message to the distributing end.

接收端未接收到随机数S后,分发端无法收到接受端发送的反馈确认消息。After the receiving end does not receive the random number S, the distributing end cannot receive the feedback confirmation message sent by the receiving end.

步骤205:分发端接收到接收端发送的反馈的确认消息,确定被接收方成功接收的随机数S,利用哈希函数对上述被接收方成功接收的随机数S和预设密钥进行哈希运算,生成会话密钥Ks。Step 205: The distributor receives the feedback confirmation message sent by the receiver, determines the random number S successfully received by the receiver, and uses a hash function to hash the random number S and the preset key successfully received by the receiver. operation to generate the session key Ks.

分发端和接收端使用同样的随机数S和预设密钥利用哈希函数生成相同的会话密钥Ks,利用会话密钥Ks对分发端和接收端之间传递信息进行加密,保证通信双方传输信息的安全。The distributing end and the receiving end use the same random number S and preset key to generate the same session key Ks by using the hash function, and use the session key Ks to encrypt the information transmitted between the distributing end and the receiving end to ensure the transmission of both parties. Information security.

以两个量子通道密钥分发系统为例,将该系统限定为包括:一个量子密钥分发端、一个量子密钥接收端、量子中继网络、两个量子通道。如图3所示,系统中量子密钥分发端和量子密钥接收端的交互流程如下:Taking two quantum channel key distribution systems as an example, the system is limited to include: a quantum key distribution terminal, a quantum key receiving terminal, a quantum relay network, and two quantum channels. As shown in Figure 3, the interaction process between the quantum key distributor and the quantum key receiver in the system is as follows:

步骤301:分发端生成两个随机数S1、S2,随机数S1、S2均表示单个随机数值;Step 301: the distribution end generates two random numbers S 1 and S 2 , and the random numbers S 1 and S 2 both represent a single random value;

步骤302:通过量子中继网络中的两个量子通道A1、A2分别向接收端传输对应的随机数S1、S2Step 302 : transmit corresponding random numbers S 1 and S 2 to the receiving end respectively through the two quantum channels A 1 and A 2 in the quantum relay network;

中继网络中有多个中继站,量子通道A1、A2经过各个中继站的中继转发操作,将分发端发送的两个随机数S1、S2进行中继转发,最终将上述随机数S1、S2传输到接收端进行接收。There are multiple relay stations in the relay network, and the quantum channels A 1 and A 2 relay and forward the two random numbers S 1 and S 2 sent by the distribution terminal through the relay and forwarding operation of each relay station, and finally the above random number S is forwarded. 1. S2 is transmitted to the receiving end for reception.

步骤303:接收端接收两个量子通道A1、A2传输的对应随机数S1、S2,利用哈希函数对接收的随机数S1、S2和预设密钥K进行哈希运算,生成会话密钥Ks。Step 303: The receiving end receives the corresponding random numbers S 1 and S 2 transmitted by the two quantum channels A 1 and A 2 , and uses a hash function to perform a hash operation on the received random numbers S 1 , S 2 and the preset key K , and generate the session key Ks.

上述预设密钥K是分发方和接收方事先约定的相同的预设密钥K。The above-mentioned preset key K is the same preset key K agreed in advance by the distributor and the receiver.

步骤304:接收端成功接收到随机数S1、S2后,向分发端反馈确认消息。Step 304: After successfully receiving the random numbers S 1 and S 2 , the receiving end feeds back a confirmation message to the distributing end.

步骤305:分发端接收到接收端发送的反馈的确认消息,确定被接收方成功接收的随机数S1、S2,利用哈希函数对上述被接收方成功接收的随机数S1、S2和预设密钥进行哈希运算,生成会话密钥Ks。Step 305: The distributing end receives the feedback confirmation message sent by the receiving end, determines the random numbers S 1 and S 2 successfully received by the receiving party, and uses a hash function to perform a hash function on the random numbers S 1 and S 2 successfully received by the receiving party. Perform a hash operation with the preset key to generate the session key Ks.

若接收端只接收到随机数S1,向分发端发送接收到随机数S1的反馈确认消息,则分发端确认只有随机数S1被接收端成功接收,分发端和接收端仍可利用哈希函数对预设密钥K和随机数S1进行哈希运算生成会话密钥Ks。If the receiving end only receives the random number S 1 and sends a feedback confirmation message of receiving the random number S 1 to the distributing end, the distributing end confirms that only the random number S 1 has been successfully received by the receiving end, and the distributing end and the receiving end can still use the hash. The hash function performs hash operation on the preset key K and the random number S 1 to generate the session key Ks.

分发端和接收端使用同样的随机数S和预设密钥利用哈希函数生成相同的会话密钥Ks,利用会话密钥Ks对分发端和接收端之间传递信息进行加密,保证通信双方传输信息的安全。The distributing end and the receiving end use the same random number S and preset key to generate the same session key Ks by using the hash function, and use the session key Ks to encrypt the information transmitted between the distributing end and the receiving end to ensure the transmission of both parties. Information security.

以多量子通道密钥分发系统为例,将该系统限定为包括:一个量子密钥分发端、一个量子密钥接收端、量子中继网络、多个量子通道。如图4所示,系统中量子密钥分发端和量子密钥接收端的交互流程如下:Taking the multi-quantum channel key distribution system as an example, the system is limited to include: a quantum key distribution terminal, a quantum key receiving terminal, a quantum relay network, and multiple quantum channels. As shown in Figure 4, the interaction process between the quantum key distributor and the quantum key receiver in the system is as follows:

步骤401:分发端生成n(n为正整数且大于等于2)个随机数S,此随机数S表示n个随机数值S1S2…SnStep 401: The distribution end generates n (n is a positive integer and greater than or equal to 2) random numbers S, where the random numbers S represent n random numbers S 1 S 2 ···S n ;

步骤402:通过量子中继网络中的n(n为正整数且大于等于2)个量子通道A向接收端传输对应的随机数S。Step 402: Transmit the corresponding random number S to the receiving end through n (n is a positive integer and greater than or equal to 2) quantum channels A in the quantum relay network.

其中,每个量子通道传输一个对应的随机数S,即量子通道A1传输随机数值S1,通过量子通道A2传输随机数值S2,同理,通过量子通道An传输随机数Sn;Wherein, each quantum channel transmits a corresponding random number S, that is, quantum channel A 1 transmits random number S 1 , and quantum channel A 2 transmits random number S 2 , and similarly, transmits random number Sn through quantum channel An;

中继网络中有多个中继站,每个量子通道中的各个中继站可以对分发端发送的量子通道中传输的随机数S进行中继转发,最终将上述随机数S传输到接收端进行接收。There are multiple relay stations in the relay network, and each relay station in each quantum channel can relay and forward the random number S transmitted in the quantum channel sent by the distributing end, and finally transmit the above random number S to the receiving end for reception.

步骤403:接收端接收各个量子通道传输的对应随机数S,利用哈希函数对接收的随机数S和预设密钥K进行哈希运算,生成会话密钥Ks。Step 403: The receiving end receives the corresponding random number S transmitted by each quantum channel, and uses a hash function to perform a hash operation on the received random number S and the preset key K to generate a session key Ks.

接收端接收各个量子通道传输的随机数S,即接收端接收到的随机数为:S1S2…Sn,上述预设密钥K是分发方和接收方事先约定的相同的预设密钥K,基于哈希函数利用预设密钥K和随机数S1S2…Sn进行哈希运算,生成会话密钥Ks。The receiving end receives the random number S transmitted by each quantum channel, that is, the random number received by the receiving end is: S 1 S 2 ...S n , and the above-mentioned preset key K is the same preset key agreed by the distributor and the receiver in advance. The key K, based on the hash function, uses the preset key K and random numbers S 1 S 2 . . . S n to perform a hash operation to generate a session key Ks.

步骤404:接收端成功接收到随机数S后,向分发端反馈确认消息。Step 404: After the receiving end successfully receives the random number S, it feeds back a confirmation message to the distributing end.

接收端未接收到随机数S,分发端无法收到接受端发送的反馈确认消息。The receiving end does not receive the random number S, and the distributing end cannot receive the feedback confirmation message sent by the receiving end.

步骤405:分发端接收到接收端发送的反馈的确认消息,确定被接收方成功接收的随机数S,利用哈希函数对上述被接收方成功接收的随机数S和预设密钥进行哈希运算,生成会话密钥Ks。Step 405: The distributor receives the feedback confirmation message sent by the receiver, determines the random number S successfully received by the receiver, and uses a hash function to hash the random number S and the preset key successfully received by the receiver. operation to generate the session key Ks.

例如,接收端成功接收到随机数S1、S2、S3、S4向分发端发送反馈确认消息,未接收到分发端发送的S4,则向分发端发送反馈确认消息为S1、S2、S3;分发端接收到反馈确认消息后,确定接收端接收到了随机数S1、S2、S3For example, if the receiving end successfully receives the random numbers S 1 , S 2 , S 3 , and S 4 and sends a feedback confirmation message to the distributing end, but does not receive S 4 sent by the distributing end, it sends a feedback confirmation message to the distributing end as S 1 , S 2 , S 3 , and S 4 . S 2 , S 3 ; after receiving the feedback confirmation message, the distributing end determines that the receiving end has received the random numbers S 1 , S 2 , and S 3 .

分发端和接收端使用同样的随机数S1、S2、S3和预设密钥K利用哈希函数生成相同的会话密钥Ks,利用会话密钥Ks对分发端和接收端之间传递信息进行加密,保证通信双方传输信息的安全。The distributing end and the receiving end use the same random numbers S 1 , S 2 , S 3 and the preset key K to generate the same session key Ks by using the hash function, and use the session key Ks to transmit the data between the distributing end and the receiving end. The information is encrypted to ensure the security of the information transmitted by both parties.

综上,根据上述中继网络中量子通道的不同数量,以单量子通道和多量子通道为例,本发明的有益效果总结如下:To sum up, according to the different numbers of quantum channels in the above-mentioned relay network, taking single quantum channel and multiple quantum channels as examples, the beneficial effects of the present invention are summarized as follows:

以单量子通道、分发端发送一个随机数S为例,利用中继网络中的单量子通道将随机数S发送给接收端,接收端利用哈希函数生成会话密钥。Taking a single quantum channel and the distribution end sending a random number S as an example, the single quantum channel in the relay network is used to send the random number S to the receiving end, and the receiving end uses a hash function to generate a session key.

基于哈希函数的单向特点,即使上述中继网络中的中继站不可信,攻击者获取了随机数S,但攻击者不知道通信用户间预设的密钥K,因此仍不能获取会话密钥。会话密钥的安全性不依赖与量子网络的中继站是否可信,保证通信用户对会话密钥安全性的要求。Based on the one-way feature of the hash function, even if the relay station in the above relay network is untrustworthy, the attacker obtains the random number S, but the attacker does not know the preset key K between the communication users, so he still cannot obtain the session key. . The security of the session key does not depend on whether the relay station of the quantum network is trustworthy, so as to ensure the security requirements of the communication user for the session key.

以多量子通道、分发端发送n个随机数S1S2…Sn或n个随机数流S1S2…Sn,(n为正整数且大于等于2)为例,利用与每个随机数对应的量子通道将随机数或随机数流发送给接收端,接收端利用哈希函数生成会话密钥。Taking multiple quantum channels, the distributing end sends n random numbers S 1 S 2 ...S n or n random number streams S 1 S 2 ...S n , (n is a positive integer and greater than or equal to 2) as an example. The quantum channel corresponding to the random number sends the random number or random number stream to the receiver, and the receiver uses the hash function to generate the session key.

基于哈希函数的单向特点及多量子通道传输,即使所有量子通道都不可信,攻击者也无法获取会话密钥,而且采用多量子通道密钥分发,即使一个量子通道受干扰,整个量子通信系统的通信也不受影响。Based on the one-way feature of the hash function and multi-quantum channel transmission, even if all quantum channels are untrustworthy, the attacker cannot obtain the session key. Moreover, using multi-quantum channel key distribution, even if one quantum channel is disturbed, the entire quantum communication The communication of the system is also not affected.

实施例二Embodiment 2

基于同一发明构思,本发明实施例中提供了一种量子密钥安全分发接收的设备,该设备的具体实施可参见系统实施例部分的描述,重复之处不再赘述。Based on the same inventive concept, an embodiment of the present invention provides a device for securely distributing and receiving quantum keys. For the specific implementation of the device, reference may be made to the description of the system embodiment section, and repeated details will not be repeated.

该设备包括处理器、存储器和收发机。The device includes a processor, memory and a transceiver.

处理器负责管理总线架构和通常的处理,存储器可以存储处理器在执行操作时所使用的数据。收发机用于在处理器的控制下接收和发送数据。The processor is responsible for managing the bus architecture and general processing, and the memory can store data that the processor uses when performing operations. The transceiver is used to receive and transmit data under the control of the processor.

总线架构可以包括任意数量的互联的总线和桥,具体由处理器代表的一个或多个处理器和存储器代表的存储器的各种电路链接在一起。总线架构还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口提供接口。处理器负责管理总线架构和通常的处理,存储器可以存储处理器在执行操作时所使用的数据。The bus architecture may include any number of interconnected buses and bridges, in particular one or more processors represented by processors and various circuits of memory represented by memories linked together. The bus architecture may also link together various other circuits, such as peripherals, voltage regulators, and power management circuits, which are well known in the art and, therefore, will not be described further herein. The bus interface provides the interface. The processor is responsible for managing the bus architecture and general processing, and the memory can store data that the processor uses when performing operations.

本发明实施例揭示的流程,可以应用于处理器中,或者由处理器实现。在实现过程中,信号处理流程的各步骤可以通过处理器中的硬件的集成逻辑电路或者软件形式的指令完成。处理器可以是通用处理器、数字信号处理器、专用集成电路、现场可编程门阵列或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件,可以实现或者执行本发明实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者任何常规的处理器等。结合本发明实施例所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器,处理器读取存储器中的信息,结合其硬件完成信号处理流程的步骤。The processes disclosed in the embodiments of the present invention may be applied to a processor or implemented by a processor. In the implementation process, each step of the signal processing flow can be completed by hardware integrated logic circuits in the processor or instructions in the form of software. The processor may be a general-purpose processor, a digital signal processor, an application-specific integrated circuit, a field programmable gate array or other programmable logic device, a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the functions in the embodiments of the present invention. The disclosed methods, steps and logical block diagrams. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in conjunction with the embodiments of the present invention may be directly embodied as executed by a hardware processor, or executed by a combination of hardware and software modules in the processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory, and the processor reads the information in the memory and completes the steps of the signal processing flow in combination with its hardware.

第一设备,一种会话密钥的生成设备。The first device is a device for generating session keys.

其中,处理器用于读取存储器中的程序并执行下列过程:Among them, the processor is used to read the program in the memory and perform the following processes:

生成至少一个随机数;generate at least one random number;

通过与所述随机数对应的量子通道传输对应的随机数,以使接收方利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥。The corresponding random number is transmitted through the quantum channel corresponding to the random number, so that the receiver uses a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

作为一种可选的实施方式,生成至少一个随机数,包括:As an optional implementation manner, generating at least one random number includes:

生成一个随机数;generate a random number;

通过与所述随机数对应的量子通道传输对应的随机数,包括:The corresponding random number is transmitted through the quantum channel corresponding to the random number, including:

通过与一个随机数对应的一个量子通道传输所述随机数。The random number is transmitted through a quantum channel corresponding to a random number.

作为一种可选的实施方式,生成至少一个随机数,包括:As an optional implementation manner, generating at least one random number includes:

生成至少两个随机数;generate at least two random numbers;

通过与所述随机数对应的量子通道传输对应的随机数,包括:The corresponding random number is transmitted through the quantum channel corresponding to the random number, including:

通过与每个随机数对应的一个量子通道传输对应的随机数,其中一个随机数对应一个量子通道。The corresponding random numbers are transmitted through a quantum channel corresponding to each random number, where one random number corresponds to one quantum channel.

作为一种可选的实施方式,处理器还用于:As an optional implementation manner, the processor is further configured to:

通过量子通信中继网络中与每个随机数对应的量子通道传输对应的随机数。The corresponding random number is transmitted through the quantum channel corresponding to each random number in the quantum communication relay network.

作为一种可选的实施方式,处理器还用于:As an optional implementation manner, the processor is further configured to:

收到接收方反馈的确认消息,确定被接收方成功接收的随机数;After receiving the confirmation message fed back by the receiver, determine the random number successfully received by the receiver;

利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥,包括:Use a hash function to perform hash operation on the received random number and a preset key to generate a session key, including:

利用哈希函数对上述被接收方成功接收的随机数和预设密钥进行哈希运算,生成会话密钥。A hash function is used to perform a hash operation on the random number successfully received by the recipient and the preset key to generate a session key.

可选的,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。Optionally, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

第二设备,一种会话密钥的接收设备。The second device is a receiving device of a session key.

其中,处理器用于读取存储器中的程序并执行下列过程:Among them, the processor is used to read the program in the memory and perform the following processes:

接收量子密钥分发端通过至少两个量子通道传输的对应随机数;Receive the corresponding random number transmitted by the quantum key distributor through at least two quantum channels;

利用哈希函数对接收的随机数和预设密钥进行哈希运算,生成会话密钥。The received random number and preset key are hashed with a hash function to generate a session key.

作为一种可选的实施方式,处理器还用于:As an optional implementation manner, the processor is further configured to:

接收量子通信中继网络中至少两个量子通道传输的对应随机数。A corresponding random number transmitted by at least two quantum channels in the quantum communication relay network is received.

作为一种可选的实施方式,处理器还用于:As an optional implementation manner, the processor is further configured to:

成功接收到随机数后,向分发端反馈确认消息。After successfully receiving the random number, a confirmation message is sent back to the distributor.

可选的,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。Optionally, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

实施例三Embodiment 3

基于同一发明构思,本发明实施例提供了一种量子密钥安全分发接收装置,该装置,该装置的具体实施可参见系统实施例部分的描述,重复之处不再赘述。Based on the same inventive concept, an embodiment of the present invention provides an apparatus for securely distributing and receiving quantum keys. For the specific implementation of the apparatus, reference may be made to the description of the system embodiment section, and repeated details will not be repeated.

第一装置,一种会话密钥的生成装置。The first device is a device for generating a session key.

该装置包括:The device includes:

随机数生成单元,用于生成至少一个随机数;a random number generating unit, used to generate at least one random number;

会话密钥单元,用于通过与所述随机数对应的量子通道传输对应的随机数,以使接收方利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥。The session key unit is configured to transmit the corresponding random number through the quantum channel corresponding to the random number, so that the receiver uses a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

作为一种可选的实施方式,生成至少一个随机数,包括:As an optional implementation manner, generating at least one random number includes:

生成一个随机数;generate a random number;

通过与所述随机数对应的量子通道传输对应的随机数,包括:The corresponding random number is transmitted through the quantum channel corresponding to the random number, including:

通过与一个随机数对应的一个量子通道传输所述随机数。The random number is transmitted through a quantum channel corresponding to a random number.

作为一种可选的实施方式,生成至少一个随机数,包括:As an optional implementation manner, generating at least one random number includes:

生成至少两个随机数;generate at least two random numbers;

通过与所述随机数对应的量子通道传输对应的随机数,包括:The corresponding random number is transmitted through the quantum channel corresponding to the random number, including:

通过与每个随机数对应的一个量子通道传输对应的随机数,其中一个随机数对应一个量子通道。The corresponding random numbers are transmitted through a quantum channel corresponding to each random number, where one random number corresponds to one quantum channel.

作为一种可选的实施方式,会话密钥单元,还用于通过量子通信中继网络中与每个随机数对应的量子通道传输对应的随机数。As an optional implementation manner, the session key unit is further configured to transmit the corresponding random number through the quantum channel corresponding to each random number in the quantum communication relay network.

作为一种可选的实施方式,还用于:As an optional implementation, it is also used for:

收到接收方反馈的确认消息,确定被接收方成功接收的随机数;After receiving the confirmation message fed back by the receiver, determine the random number successfully received by the receiver;

利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥,用于:Use a hash function to perform hash operation on the received random number and the preset key to generate a session key, which is used for:

利用哈希函数对上述被接收方成功接收的随机数和预设密钥进行哈希运算,生成会话密钥。A hash function is used to perform a hash operation on the random number successfully received by the recipient and the preset key to generate a session key.

作为一种可选的实施方式,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。As an optional implementation manner, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

第二装置,一种会话密钥的接收装置。The second device is a device for receiving a session key.

该装置包括:The device includes:

接收密钥单元,用于接收量子密钥分发端通过至少两个量子通道传输的对应随机数;a key receiving unit for receiving the corresponding random numbers transmitted by the quantum key distribution terminal through at least two quantum channels;

会话密钥单元,用于利用哈希函数对接收的随机数和预设密钥进行哈希运算,生成会话密钥。The session key unit is configured to perform a hash operation on the received random number and the preset key by using a hash function to generate a session key.

作为一种可选的实施方式,接收密钥单元还用于:As an optional implementation manner, the receiving key unit is also used for:

接收量子通信中继网络中至少两个量子通道传输的对应随机数。A corresponding random number transmitted by at least two quantum channels in the quantum communication relay network is received.

作为一种可选的实施方式,上述装置还用于:As an optional implementation manner, the above-mentioned device is also used for:

成功接收到随机数后,向分发端反馈确认消息。After successfully receiving the random number, a confirmation message is sent back to the distributor.

作为一种可选的实施方式,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。As an optional implementation manner, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

实施例四Embodiment 4

方法一、本发明实施例在分发端,提供了一种会话密钥的生成方法,如图5所示,该方法包括:Method 1. The embodiment of the present invention provides a method for generating a session key at the distribution end. As shown in FIG. 5 , the method includes:

步骤501:生成至少一个随机数。Step 501: Generate at least one random number.

实施中,根据量子通道不同分为以下几种情况:In the implementation, according to different quantum channels, it can be divided into the following situations:

情况一:分发端生成一个随机数,通过一个量子通道将随机数发送给接收端;Case 1: The distributor generates a random number and sends the random number to the receiver through a quantum channel;

情况二:分发端生成至少两个随机数,通过与上述随机数对应的至少两个量子通道将随机数发送给接收端。Case 2: The distribution end generates at least two random numbers, and sends the random numbers to the receiving end through at least two quantum channels corresponding to the above random numbers.

步骤502:通过与所述随机数对应的量子通道传输对应的随机数,以使接收方利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥。Step 502: Transmit the corresponding random number through the quantum channel corresponding to the random number, so that the receiver uses a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

作为一种可选的实施方式,通过与每个随机数对应的量子通道传输对应的随机数,包括:As an optional implementation manner, the corresponding random numbers are transmitted through the quantum channel corresponding to each random number, including:

通过量子通信中继网络中与每个随机数对应的量子通道传输对应的随机数。The corresponding random number is transmitted through the quantum channel corresponding to each random number in the quantum communication relay network.

作为一种可选的实施方式,还包括:As an optional implementation, it also includes:

收到接收方反馈的确认消息,确定被接收方成功接收的随机数;After receiving the confirmation message fed back by the receiver, determine the random number successfully received by the receiver;

利用哈希函数对接收的随机数与预设密钥进行哈希运算生成会话密钥,包括:Use a hash function to perform hash operation on the received random number and a preset key to generate a session key, including:

利用哈希函数对上述被接收方成功接收的随机数和预设密钥进行哈希运算,生成会话密钥。A hash function is used to perform a hash operation on the random number successfully received by the recipient and the preset key to generate a session key.

作为一种可选的实施方式,上述哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。As an optional implementation manner, the above-mentioned hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

方法二、本发明实施例在接收端,提供了一种会话密钥的接收方法,如图6所示,该方法包括:Method 2. The embodiment of the present invention provides a method for receiving a session key at the receiving end. As shown in FIG. 6 , the method includes:

步骤601:接收量子密钥分发端通过至少两个量子通道传输的对应随机数;Step 601: Receive the corresponding random number transmitted by the quantum key distributor through at least two quantum channels;

实施中,发送方发送至少两个随机数,接收方接收至少一个随机数,因为如果发送方发送两个随机数,一旦有一条量子链路受到干扰,接受方只能接收到一个随机数。In the implementation, the sender sends at least two random numbers, and the receiver receives at least one random number, because if the sender sends two random numbers, once a quantum link is disturbed, the receiver can only receive one random number.

步骤602:利用哈希函数对接收的随机数和预设密钥进行哈希运算,生成会话密钥。Step 602: Use a hash function to perform a hash operation on the received random number and a preset key to generate a session key.

作为一种可选的实施方式,接收量子密钥分发端通过至少两个量子通道传输的对应随机数,包括:As an optional implementation manner, receiving corresponding random numbers transmitted by the quantum key distributor through at least two quantum channels, including:

接收量子通信中继网络中至少两个量子通道传输的对应随机数。A corresponding random number transmitted by at least two quantum channels in the quantum communication relay network is received.

作为一种可选的实施方式,还包括:As an optional implementation, it also includes:

成功接收到随机数后,向分发端反馈确认消息。After successfully receiving the random number, a confirmation message is sent back to the distributor.

作为一种可选的实施方式,哈希函数为安全散列算法SHA-256或者安全散列算法SHA-512或者安全散列算法SHA-3。As an optional implementation manner, the hash function is a secure hash algorithm SHA-256, a secure hash algorithm SHA-512, or a secure hash algorithm SHA-3.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器和光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including but not limited to disk storage, optical storage, and the like.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的设备。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce A device that implements the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令设备的制造品,该指令设备实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer readable memory result in an article of manufacture comprising the instruction apparatus, the instructions The device implements the functions specified in the flow or flows of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。It will be apparent to those skilled in the art that various modifications and variations can be made in the present invention without departing from the spirit and scope of the invention. Thus, provided that these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims (12)

1. A method for generating a session key, the method comprising:
generating at least one random number;
and transmitting the corresponding random number through a quantum channel corresponding to the random number, so that the receiver performs hash operation on the received random number and a preset key by using a hash function to generate a session key.
2. The method of claim 1, wherein generating at least one random number comprises:
generating a random number;
transmitting a corresponding random number through a quantum channel corresponding to the random number, comprising:
transmitting the random number through a quantum channel corresponding to a random number.
3. The method of claim 1, wherein generating at least one random number comprises:
generating at least two random numbers;
transmitting a corresponding random number through a quantum channel corresponding to the random number, comprising:
and transmitting the corresponding random number through one quantum channel corresponding to each random number, wherein one random number corresponds to one quantum channel.
4. The method according to any one of claims 1 to 3, wherein transmitting the corresponding random number through the quantum channel corresponding to the random number comprises:
and transmitting the corresponding random number through the quantum channel corresponding to each random number in the quantum communication relay network.
5. The method of claim 1, further comprising:
receiving a confirmation message fed back by a receiver, and determining a random number successfully received by the receiver;
carrying out hash operation on the received random number and a preset key by utilizing a hash function to generate a session key, wherein the hash operation comprises the following steps:
and carrying out hash operation on the random number S successfully received by the receiver and the preset key by utilizing a hash function to generate a session key.
6. The method of claim 1, wherein the hash function is secure hash algorithm SHA-256 or secure hash algorithm SHA-512 or secure hash algorithm SHA-3.
7. A method for receiving a session key, the method comprising:
receiving corresponding random numbers transmitted by the quantum key distribution terminal through at least two quantum channels;
and carrying out hash operation on the received random number and the preset key by using a hash function to generate a session key Ks.
8. The method of claim 7, wherein receiving the corresponding random numbers transmitted by the quantum key distribution end through the at least two quantum channels comprises:
and receiving corresponding random numbers transmitted by at least two quantum channels in the quantum communication relay network.
9. The method of claim 7, further comprising:
after the random number is successfully received, a confirmation message is fed back to the distributing terminal.
10. The method of claim 7, wherein the hash function is secure hash algorithm SHA-256 or secure hash algorithm SHA-512 or secure hash algorithm SHA-3.
11. A session key generation device, characterized by comprising: a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1 to 6.
12. A receiving apparatus of a session key, characterized in that the apparatus comprises: a processor and a memory, wherein the memory stores program code that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 7 to 10.
CN201910002534.0A 2019-01-02 2019-01-02 Method and equipment for generating and receiving session key Active CN111404674B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910002534.0A CN111404674B (en) 2019-01-02 2019-01-02 Method and equipment for generating and receiving session key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910002534.0A CN111404674B (en) 2019-01-02 2019-01-02 Method and equipment for generating and receiving session key

Publications (2)

Publication Number Publication Date
CN111404674A true CN111404674A (en) 2020-07-10
CN111404674B CN111404674B (en) 2023-06-27

Family

ID=71430221

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910002534.0A Active CN111404674B (en) 2019-01-02 2019-01-02 Method and equipment for generating and receiving session key

Country Status (1)

Country Link
CN (1) CN111404674B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165443A (en) * 2020-08-01 2021-01-01 广东电网有限责任公司广州供电局 Multi-key information encryption and decryption method and device and storage medium
CN112512038A (en) * 2020-11-19 2021-03-16 建信金融科技有限责任公司 Method and device for generating session key, electronic equipment and readable storage medium
CN116996212A (en) * 2023-08-11 2023-11-03 国开启科量子技术(北京)有限公司 Method, device, medium and equipment for realizing password conversion key based on quantum random number
CN119092152A (en) * 2024-08-29 2024-12-06 重庆至道科技股份有限公司 A method, system and medium for screening doctor-patient experience data based on the Internet of Things

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101204034A (en) * 2005-09-19 2008-06-18 香港中文大学 Systems and methods for distributing quantum keys over WDM links
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
US20160337032A1 (en) * 2015-05-12 2016-11-17 Id Quantique Sa Apparatus and Method for Providing Eavesdropping Detection of an Optical Fiber Communication
CN106612176A (en) * 2016-12-16 2017-05-03 中国电子科技集团公司第三十研究所 Negotiation system and negotiation method based on quantum truly random number negotiation secret key
CN108064436A (en) * 2017-11-21 2018-05-22 深圳市汇顶科技股份有限公司 Biometric information transmission method for building up, device, system and storage medium
CN108365953A (en) * 2018-02-06 2018-08-03 中南大学 Adaptive differential phase shift quantum key dissemination system based on deep neural network and its implementation

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101204034A (en) * 2005-09-19 2008-06-18 香港中文大学 Systems and methods for distributing quantum keys over WDM links
US20160337032A1 (en) * 2015-05-12 2016-11-17 Id Quantique Sa Apparatus and Method for Providing Eavesdropping Detection of an Optical Fiber Communication
CN105471576A (en) * 2015-12-28 2016-04-06 科大国盾量子技术股份有限公司 Quantum key relaying method, quantum terminal nodes and quantum key relaying system
CN106612176A (en) * 2016-12-16 2017-05-03 中国电子科技集团公司第三十研究所 Negotiation system and negotiation method based on quantum truly random number negotiation secret key
CN108064436A (en) * 2017-11-21 2018-05-22 深圳市汇顶科技股份有限公司 Biometric information transmission method for building up, device, system and storage medium
CN108365953A (en) * 2018-02-06 2018-08-03 中南大学 Adaptive differential phase shift quantum key dissemination system based on deep neural network and its implementation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
伍典策: "基于量子中继器的量子信息网络体系结构及路由技术研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165443A (en) * 2020-08-01 2021-01-01 广东电网有限责任公司广州供电局 Multi-key information encryption and decryption method and device and storage medium
CN112512038A (en) * 2020-11-19 2021-03-16 建信金融科技有限责任公司 Method and device for generating session key, electronic equipment and readable storage medium
CN116996212A (en) * 2023-08-11 2023-11-03 国开启科量子技术(北京)有限公司 Method, device, medium and equipment for realizing password conversion key based on quantum random number
CN119092152A (en) * 2024-08-29 2024-12-06 重庆至道科技股份有限公司 A method, system and medium for screening doctor-patient experience data based on the Internet of Things

Also Published As

Publication number Publication date
CN111404674B (en) 2023-06-27

Similar Documents

Publication Publication Date Title
US9755826B2 (en) Quantum key distribution device, quantum key distribution system, and quantum key distribution method
CN111404674B (en) Method and equipment for generating and receiving session key
CN104918243B (en) Mobile terminal secrecy system and method based on quantum true random number
CN115277219A (en) Message encryption method, message decryption method, message encryption device, message decryption device, and storage medium
US9712519B2 (en) Efficient encryption, escrow and digital signatures
US11936635B2 (en) Method, electronic device, and program product implemented at an edge switch for data encryption
US7894608B2 (en) Secure approach to send data from one system to another
CN115828310B (en) Data query method and device based on privacy calculation and storage medium
CN116644442A (en) File verification method, device and system based on compound encryption and storage medium
WO2024187999A1 (en) Communication method for quantum direct communication, and quantum direct communication system
CN106973040A (en) A kind of smart mobile phone secret short message security system and secret short message transmission method
Takahashi et al. A high-speed key management method for quantum key distribution network
Hadi et al. Quantum key distribution (QKD) for wireless networks with software‐defined networking
KR102767250B1 (en) Method and apparatus for quantum key distribution
CN102739660B (en) Key exchange method for single sign on system
CN118827292B (en) Adaptive transmission method, device, equipment and storage medium based on dynamic scrambling
CN111404673B (en) Quantum key distribution method and device
CN113517980A (en) Key processing method, device and storage medium
CN116915424A (en) Data processing method
CN118509227A (en) Data transmission method, device and system
CN113422681B (en) Block chain digital signature method, device and system based on quantum cryptography
CN114186990A (en) Remote control method, device and system for digital currency wallet
CN119254518B (en) A secure access control method for IoT devices based on segmentation idea
CN118764195B (en) Path selection method of heterogeneous quantum network
CN118713835A (en) Encryption communication method and related device based on fusion encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant