CN116633530A - Quantum key transmission method, device and system - Google Patents

Quantum key transmission method, device and system Download PDF

Info

Publication number
CN116633530A
CN116633530A CN202210187877.0A CN202210187877A CN116633530A CN 116633530 A CN116633530 A CN 116633530A CN 202210187877 A CN202210187877 A CN 202210187877A CN 116633530 A CN116633530 A CN 116633530A
Authority
CN
China
Prior art keywords
key
quantum
application device
message
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210187877.0A
Other languages
Chinese (zh)
Inventor
谢天元
李民
张慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to PCT/CN2023/070073 priority Critical patent/WO2023151427A1/en
Publication of CN116633530A publication Critical patent/CN116633530A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a quantum key transmission method, device and system, and belongs to the technical field of networks. The application device transmits a key request message to the vector sub-device, wherein the key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application device. If the quantum device verifies the first message authentication code value, the quantum device sends a key response message to the application device, wherein the key response message comprises a first ciphertext and a second message authentication code value. And if the application equipment verifies the second message authentication code value, the application equipment adopts the first private key to decrypt the first ciphertext to obtain quantum key information distributed to the application equipment by the quantum equipment. The first public key and the first private key are from a key pair obtained by a quantum key generation algorithm after the application device runs. The application realizes the bidirectional identity authentication and message integrity verification between the application equipment and the quantum equipment, and simultaneously ensures the transmission confidentiality of the quantum key.

Description

Quantum key transmission method, device and system
The application claims priority from chinese patent application No. 202210132323.0, entitled "method, system and related apparatus for transmission of a key", filed on 14, 02, 2022, the entire contents of which are incorporated herein by reference.
Technical Field
The present application relates to the field of network technologies, and in particular, to a method, an apparatus, and a system for quantum key transmission.
Background
With the development of quantum computers, quantum attacks pose a great threat to the current widely used cryptosystems. Quantum attack is an attack algorithm running on a quantum computer that is capable of breaking the public key cryptographic algorithms that are currently in widespread use, such as RSA (rivest-shamir-adleman) algorithm and elliptic curve cryptography (elliptic curves cryptography, ECC) algorithm. Quantum computers are expected to be available in the coming decades. If the eavesdropper stores the data transmitted through the network after encrypting by using the current encryption algorithm, and then the eavesdropper breaks the encryption algorithm used by the stored data through quantum attack after the realization of the quantum computer, the decrypted plaintext data can be obtained. This is a great threat to confidential information that needs to be kept for a long period of time. It is therefore an unprecedented matter to design cryptographic techniques that are resistant to quantum attacks.
Quantum key distribution (quantum key distribution, QKD) is a secure key distribution technique that enables secure transmission of keys between two remote communication ends. The security of quantum key distribution is ensured by the basic principles of quantum mechanics. In a quantum network, the transmission of quantum keys is therefore theoretically unconditionally secure.
However, in the case where an application device using a quantum key and a quantum device distributing the quantum key are deployed in different security domains, the quantum device needs to transmit the quantum key to the application device through a classical network. Therefore, how to ensure the security and reliability of the transmission of the quantum key in the classical network is a problem to be solved.
Disclosure of Invention
The application provides a quantum key transmission method, a device and a system, which can realize the safe transmission of a quantum key in a classical network.
In a first aspect, a quantum key transfer method is provided. The application device sends a key request message to the sub-device. The key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application equipment. The user identification is used for the quantum device to acquire corresponding storage information. The stored information includes a shared key of the quantum device corresponding to the user identification. The first public key is used by the quantum device to encrypt quantum key information assigned to the application device. The quantum key information includes a quantum key. The first public key is a public key of a key pair obtained by a quantum key generation algorithm after the application device runs. The first message authentication code value is calculated by the application device based on the shared key for the first authentication information. The first authentication information includes a first public key. And the application equipment receives a key response message corresponding to the key request message from the quantum equipment. The key response message includes a first ciphertext and a second message authentication code value. The application device verifies the second message authentication code value based on the shared key and the second authentication information. The second authentication information includes the first ciphertext. And if the application equipment verifies the second message authentication code value, the application equipment adopts the first private key to decrypt the first ciphertext so as to obtain quantum key information. The first private key is the private key in the key pair.
Wherein the user identification is used for indicating the service object. The service object is an application device or a user account logging in the application device. If the key response message received by the application device confirms that the key response message is from the quantum device and is not tampered, the first ciphertext is obtained by encrypting the quantum key information by the quantum device by adopting the first public key. The second message authentication code is calculated by the quantum device for the second authentication information based on the shared key. The second authentication information includes the first ciphertext.
The first public key of the quantum device for encrypting the quantum key information is obtained by a quantum key generation algorithm after the application device operates, so that the quantum device can transmit the quantum key to the application device in a ciphertext mode after encrypting the quantum key by adopting a post-quantum encryption algorithm, and the transmission confidentiality of the quantum key is ensured. In addition, the transmitted ciphertext is encrypted by adopting a post-quantum encryption algorithm, so that quantum attack can be resisted, and leakage of a quantum key caused by cracking of the ciphertext by a quantum computer is avoided. The first message authentication code value can be used for the quantum device to authenticate the identity of the application device (i.e. verify the source reliability of the key request message) and can also be used for the quantum device to verify the message integrity of the key request message. The second message authentication code value can be used for authenticating identity of the quantum device (namely verifying source reliability of the key response message) by the application device, and can also be used for verifying message integrity of the key response message by the application device. Therefore, in the application, the application equipment and the quantum equipment can carry out bidirectional identity authentication, and can respectively carry out message integrity verification on the messages received by the application equipment and the quantum equipment, and meanwhile, the transmission confidentiality of the quantum key is ensured. And further, the safety and reliability of the transmission of the quantum key in the classical network are realized. In addition, the process of acquiring the quantum key by using the device vector sub-device request can complete the transmission of the quantum key and the identity authentication of the two parties only by two rounds of message interaction, and the interaction process is simple.
Optionally, the user identifier corresponding to the application device is a device identifier of the application device, and in this case, the shared key corresponding to the quantum device and the user identifier is a shared key between the quantum device and the application device. Or the user identifier corresponding to the application device is a user account number logging in the application device, and in this case, the shared key corresponding to the quantum device and the user identifier is a shared key between the quantum device and the user account number.
Optionally, the key request message further includes a first statistic value. Before an application device transmits a key request message to a vector child device, the application device obtains the historical transmission times of the key request message including a user identifier. The application device increases a set increment value on the historical transmission times to obtain a first statistic value.
In the application, the first statistic value is carried in the key request message sent by the application equipment, so that the replay attack detection is realized on the auxiliary quantum equipment side.
Optionally, the key response message further includes a second statistic. And the second statistical value is the number of times of sending the key request message including the user identifier, which is recorded by the quantum equipment. After the application device receives the key response message corresponding to the key request message, if the second statistical value is not equal to the first statistical value, the application device stops the quantum key transmission flow.
Because the quantum device updates the stored statistics value based on the received key request message, the number of times of sending the recorded key request message should be equal to the number of times of sending the key request message recorded by the application device. If the statistic value carried in the key response message is not equal to the statistic value recorded by the application equipment, it is indicated that the key response message is possibly repeatedly sent by an attacker, that is, the key response message is possibly a replay attack message, so that replay attack detection of the application equipment side is realized. Optionally, if the statistic value carried in the key response message is not equal to the statistic value recorded by the application device, the application device further outputs an alarm prompt, and the alarm prompt is used for indicating that the key request is abnormal, so that related personnel can process the abnormal situation in time.
Optionally, the first authentication information further comprises one or more of a device identification, a user identification, or a first statistic of the quantum device. The more the authentication information contains, the higher the reliability of authentication theoretically.
Optionally, before the application device sends the key request message to the vector child device, the application device generates a derivative key based on the target password using a key derivation function, and the shared key is derived based on the derivative key.
In the application, the derivative key is used for replacing the target password to obtain the shared key, so that when the application equipment and the quantum equipment synchronize the shared key, the application equipment only needs to transmit the derivative key obtained based on the target password to the vector sub-equipment. Even if the derivative secret key is stolen in the transmission process or when the derivative secret key is stored in the quantum device, the target password used by the service object cannot be restored by the thief, so that the problem that the thief imitates the service object to request the quantum secret key from the quantum device can be avoided.
Optionally, before the application device sends the key request message to the sub-device, the quantum key generation algorithm generates a key pair after the application device runs in response to acquiring an input quantum key acquisition instruction, where the quantum key acquisition instruction includes a target password. The application device calculates a first message authentication code value based on the shared key for the first authentication information.
In the application, each time the application equipment acquires a quantum key acquisition instruction, a quantum key generation algorithm generates a temporary key pair after running, so that the quantum equipment adopts a public key generated temporarily by the application equipment to encrypt and protect quantum key information instead of using a private key of the quantum equipment to encrypt and protect quantum key information when the application equipment requests the quantum key each time. Therefore, even if the private key used by the quantum device for a long time is leaked, the leakage of quantum key information transmitted by the quantum device and the application device in the previous communication process can not be caused. The security of the quantum key obtained by the application equipment in the history is guaranteed, so that the historical communication security of the application equipment is guaranteed.
Optionally, before the application device vector child device sends the key request message, the application device vector child device sends the registration request message. And the application equipment receives a registration response message corresponding to the registration request message from the quantum equipment. The registration response message includes a certificate of the quantum device, the certificate including a second public key. If the application device passes the certificate verification, the application device encrypts registration information by adopting a second public key to obtain a second ciphertext, wherein the registration information comprises a derivative key and a user identifier. The application device sends a registration message to the subset. The registration message includes a second ciphertext.
In the application, in the registration stage, the identity authentication of the quantum device depends on the certificate, the identity authentication of the application device depends on the derivative key obtained based on the password, and the application device and the quantum device realize mutual identity authentication. In addition, the registration information is transmitted in an encrypted manner, so that the confidentiality of the transmission of the registration information is ensured.
Optionally, the registration request message indicates a cryptographic algorithm supported by the application device. The registration response message also indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device. The target cryptographic algorithm includes one or more of a generation algorithm of a first message authentication code value, a generation algorithm of a second message authentication code value, or a generation algorithm of a shared key.
Optionally, the registration response message further includes a key derivation function parameter value. The key derivation function parameter values include random salt values and/or iteration numbers. After receiving the registration response message corresponding to the registration request message, the application device obtains the user identifier and the target password. The application device uses the key derivation function to generate a derivation key based on the target password and the key derivation function parameter value.
Optionally, the registration message further includes a device identification of the application device. The registration information also includes a hash value of the device identification of the application device.
In the application, the registration message sent by the application device carries the device identifier of the application device, and the registration information comprises the hash value of the device identifier of the application device, so that the quantum device side is assisted to realize the message integrity verification of the message sent by the application device to the quantum device.
Optionally, the registration information further comprises a first random number generated by the application device. The application device receives a registration success response message from the quantum device. The registration success response message is used for indicating that the user identification is registered successfully. The registration success response message includes a second random number. If the second random number is the same as the first random number, the application device determines that the user identification registration is successful.
If the message transmitted between the quantum device and the application device is not tampered, the first random number and the second random number should be identical. This enables the application device to verify the message integrity of the message from the quantum device.
Optionally, the implementation manner of verifying the second message authentication code value by the application device based on the shared key and the second authentication information includes: the application device calculates a third message authentication code value based on the shared key for the second authentication information. If the third message authentication code value is the same as the second message authentication code value, the application device determines that the second message authentication code value is verified.
Optionally, the application device communicates with the quantum device via a classical network.
In a second aspect, a quantum key transfer method is provided. The quantum device receives a key request message from the application device. The key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application equipment. The quantum device obtains first authentication information and storage information corresponding to the user identifier based on the key request message. The stored information includes a shared key of the quantum device corresponding to the user identification. The first authentication information includes a first public key. The quantum device verifies the first message authentication code value based on the shared key and the first authentication information. And if the quantum device verifies the first message authentication code value, the quantum device encrypts the quantum key information by adopting the first public key to obtain a first ciphertext. The quantum key information includes a quantum key. The quantum device calculates a second message authentication code value based on the shared key for the second authentication information. The second authentication information includes the first ciphertext. The quantum device sends a key response message corresponding to the key request message to the application device, wherein the key response message comprises a first ciphertext and a second message authentication code value.
Wherein the user identification is used for indicating the service object. The service object is an application device or a user account logging in the application device. If the key request message received by the quantum device confirms that the key request message is from the application device and is not tampered, the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the application device runs. The first message authentication code is calculated by the application device based on the shared key for the first authentication information.
Optionally, the user identifier corresponding to the application device is a device identifier of the application device. Or the user identification corresponding to the application equipment is a user account number for logging in the application equipment.
Optionally, the key request message further includes a first statistic value. The first statistic value is the sending times of the key request message including the user identifier recorded by the application equipment. The stored information corresponding to the user identification includes a second statistic. And the second statistical value is the number of times of sending the key request message including the user identifier, which is recorded by the quantum equipment. After the quantum device obtains the stored information corresponding to the user identifier, if the second statistical value is greater than or equal to the first statistical value, the quantum device stops the quantum key transmission flow. If the second statistical value is smaller than the first statistical value, the quantum device updates the second statistical value to enable the updated second statistical value to be equal to the first statistical value.
Because the quantum device should be smaller than the number of times of sending the key request message recorded by the application device before updating the stored statistic value based on the received key request message. If the first statistic value carried in the key request message is smaller than or equal to the second statistic value stored by the quantum device, it is indicated that the key request message is possibly repeatedly sent by an attacker, that is, the key request message is possibly a replay attack message, so that replay attack detection of the quantum device side is realized. Optionally, if the second statistical value is greater than or equal to the first statistical value, the quantum device further outputs an alarm prompt, and the alarm prompt is used for indicating that the key request is abnormal, so that the related personnel can process the abnormal situation in time.
Optionally, the key response message further includes updated second statistics.
In the application, the updated second statistical value is carried in the key response message sent by the quantum device, so that the replay attack detection is realized by the auxiliary application device side.
Optionally, the second authentication information further comprises one or more of a device identification, a user identification, or an updated second statistic of the quantum device.
Optionally, the quantum device receives a registration request message from the application device. The quantum device sends a registration response message to the application device. The registration response message includes a certificate of the quantum device. The certificate includes a second public key. The second public key is a public key in a key pair obtained by a quantum key generation algorithm after the quantum device operates. And if the quantum device receives the registration message which comprises the second ciphertext from the application device, the quantum device decrypts the second ciphertext by adopting the second private key to obtain registration information. The registration information includes a derivative key and a user identifier corresponding to the application device. The second private key is the private key in the key pair. The quantum device stores the stored information corresponding to the user identification. The stored information includes a shared key derived based on the derived key and a user identification.
In the application, the second public key used for encrypting the registration information by the application equipment is obtained by the quantum key generation algorithm after the quantum equipment operates, so that the application equipment can encrypt the registration information by adopting the post-quantum encryption algorithm and then transmit the registration information to the sub-equipment in the form of ciphertext, thereby ensuring the confidentiality of the transmission of the registration information. In addition, the second ciphertext is obtained by encrypting the post-quantum encryption algorithm, so that quantum attack can be resisted, and registration information leakage caused by the fact that the second ciphertext is cracked by a quantum computer is avoided.
Optionally, the registration request message indicates a cryptographic algorithm supported by the application device. The registration response message also indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device. The target cryptographic algorithm includes one or more of a generation algorithm of a first message authentication code value, a generation algorithm of a second message authentication code value, or a generation algorithm of a shared key.
Optionally, the registration response message further includes a first key derivation function parameter value. The first key derivation function parameter value comprises a random salt value and/or a number of iterations. The registration information also includes second key derivation function parameter values. After the quantum device decrypts the second ciphertext using the second private key to obtain the registration information, the quantum device compares the first key derivation function parameter value with the second key derivation function parameter value. And if the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, the quantum device stores the storage information corresponding to the user identifier.
Since the second key derivation function parameter value carried by the application device in the registration message is from the first key derivation function parameter value in the registration response message received by the application device, the first key derivation function parameter value and the second key derivation function parameter value should be identical. If the quantum device receives the registration message, it finds that the second key derivation function parameter value carried in the registration message from the application device is different from the first key derivation function parameter value carried in the registration response message sent by the quantum device, then it indicates that the registration message and/or the registration response message is tampered in the transmission process. The application can realize the message integrity verification of the bidirectional transmission message between the quantum device and the application device by comparing the parameter value of the first key derivation function with the parameter value of the second key derivation function through the quantum device.
Optionally, the registration message further includes a device identification of the application device. The registration information also includes a first hash value of a device identification of the application device. After the quantum device decrypts the second ciphertext using the second private key to obtain the registration information, the quantum device calculates a second hash value of the device identification of the application device. The quantum device compares the first hash value with the second hash value. And if the first hash value is the same as the second hash value, the quantum equipment stores the storage information corresponding to the user identification.
If the first hash value carried in the registration message received by the quantum device is different from the second hash value calculated by the quantum device, the registration message is tampered in the transmission process. The application can realize the message integrity verification of the message sent by the application device to the quantum device by comparing the first hash value with the second hash value by the quantum device.
Optionally, the registration information further comprises a random number generated by the application device. After the quantum device stores the storage information corresponding to the user identification, the quantum device sends a registration success response message to the application device. The registration success response message is used for indicating that the user identification is registered successfully. The registration success response message includes the random number.
In the application, the random number in the registration information is carried in the registration success response message sent by the quantum device, so that the auxiliary application device can realize the message integrity verification of the message from the quantum device.
Optionally, the implementation manner of verifying the first message authentication code value by the quantum device based on the shared key and the first authentication information includes: the quantum device calculates a fourth message authentication code value based on the shared key for the first authentication information. If the fourth message authentication code value is the same as the first message authentication code value, the quantum device determines that the first message authentication code value is verified.
Optionally, the application device communicates with the quantum device over a classical network.
In a third aspect, an application device is provided. The application device comprises a plurality of functional modules that interact to implement the method of the first aspect and embodiments thereof. The plurality of functional modules may be implemented based on software, hardware, or a combination of software and hardware, and the plurality of functional modules may be arbitrarily combined or divided based on the specific implementation.
In a fourth aspect, a quantum device is provided. The quantum device comprises a plurality of functional modules that interact to implement the method of the second aspect and embodiments thereof described above. The plurality of functional modules may be implemented based on software, hardware, or a combination of software and hardware, and the plurality of functional modules may be arbitrarily combined or divided based on the specific implementation.
In a fifth aspect, there is provided an application device, comprising: a memory, a network interface, and at least one processor. The memory is configured to store program instructions, and after the at least one processor reads the program instructions stored in the memory, the application device executes the method in the first aspect and the embodiments thereof.
In a sixth aspect, there is provided a quantum device comprising: a memory, a network interface, and at least one processor. The memory is configured to store program instructions, and after the at least one processor reads the program instructions stored in the memory, the application device executes the method in the second aspect and the embodiments thereof.
In a seventh aspect, a quantum key transfer system is provided, comprising: application devices and quantum devices. The application device is for performing the method of the first aspect and embodiments thereof. The quantum device is for performing the method of the second aspect described above and embodiments thereof.
In an eighth aspect, there is provided a quantum key transmission system comprising: a first application device and a first quantum device. The first application device is configured to send a key request message to the first quantum device, where the key request message includes a user identifier corresponding to the first application device, a first public key, and a first message authentication code value, the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the first application device operates, the first message authentication code value is obtained by the first application device by calculating first authentication information based on a shared key corresponding to the quantum device and the user identifier, and the first authentication information includes the first public key. The first quantum device is used for acquiring first authentication information and storage information corresponding to the user identifier based on the key request message, wherein the storage information comprises a shared key. The first quantum device is to verify a first message authentication code value based on the shared key and the first authentication information. And if the first quantum device verifies the first message authentication code value, the first quantum device is used for encrypting the quantum key information by adopting the first public key to obtain a first ciphertext, and the quantum key information comprises a quantum key. The first quantum device is used for calculating second authentication information based on the shared secret key to obtain a second message authentication code value, and the second authentication information comprises a first ciphertext. The first quantum device is used for sending a key response message corresponding to the key request message to the first application device, wherein the key response message comprises a first ciphertext and a second message authentication code value. The first application device is used for acquiring second authentication information based on the key response message. The first application device is configured to verify the second message authentication code value based on the shared key and the second authentication information. And if the first application device verifies the second message authentication code value, the first application device is used for decrypting the first ciphertext by adopting a first private key to obtain quantum key information, and the first private key is a private key in the key pair.
Optionally, the quantum key information further comprises a key identification of the quantum key. The system also includes a second application device and a second quantum device. The first quantum device is also configured to send quantum key information to the second quantum device. The first application device is also configured to send the key identification to the second application device. The second application device is configured to send a key acquisition request to the second quantum device, where the key acquisition request includes a key identification. The second quantum device is to send the quantum key to the second application device based on the key identification. The first application device and the second application device are configured to communicate based on the quantum key.
Optionally, the first quantum device communicates with the second quantum device through a quantum network. The first quantum device communicates with the first application device over a classical network. The second quantum device communicates with a second application device over a classical network. The first application device communicates with the second application device over a classical network.
In a ninth aspect, there is provided a computer readable storage medium having instructions stored thereon, which when executed by a processor of an application device, implement the method of the first aspect and embodiments thereof; alternatively, the method of the second aspect and embodiments thereof described above is implemented when the instructions are executed by a processor of a quantum device.
In a tenth aspect, a computer program product is provided, comprising a computer program which, when executed by a processor of an application device, implements the method of the first aspect and embodiments thereof described above; alternatively, the computer program, when executed by a processor of a quantum device, implements the method of the second aspect and embodiments thereof described above.
In an eleventh aspect, a chip is provided, the chip comprising programmable logic circuits and/or program instructions, which when the chip is run, implement the method of the first aspect and embodiments thereof or the method of the second aspect and embodiments thereof.
Drawings
Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present application;
fig. 2 is a schematic implementation flow diagram of a quantum key transmission method according to an embodiment of the present application;
fig. 3 is a schematic implementation flow diagram of another quantum key transmission method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a key manager in an application device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a key manager in a quantum device according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a quantum key transmission system according to an embodiment of the present application;
Fig. 7 is a schematic hardware structure of an application device according to an embodiment of the present application;
fig. 8 is a schematic hardware structure of a quantum device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an application device according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a quantum device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.
To facilitate the reader's understanding of the inventive arrangements, certain terms are first explained below.
1. Classical computer: is a physical device that stores and processes data using binary (0 or 1). The application relates to application equipment, which belongs to classical computers.
2. Quantum computer: is a physical device for processing information based on quantum computing principle according to quantum mechanics law. Quantum computers employ qubits to store and process data. Qubits have more states than binary. Quantum computers have the capabilities of classical computers. Quantum computers can solve more efficiently certain problems that classical computers are difficult to solve. The application relates to quantum equipment, belonging to a quantum computer.
3. Classical network: is a communication network consisting of classical computers.
4. Quantum network: is a novel safe communication network, which brings true safety to the network by utilizing quantum entanglement and quantum invisible transmission state, and is a leap of the quality in the fields of computation and science. Communication nodes communicate with each other through a quantum network, and it is understood that the communication nodes share a quantum key by using a quantum key distribution technology, and communicate with each other based on the quantum key. In the quantum key distribution process, the quantum key is transmitted in the form of a quantum state. Because the quantum communication line can not be intercepted or intercepted by the hooking bypass, the quantum state can be changed as long as the quantum communication line is intercepted, thereby changing the communication content and preventing the original text from being detected, thereby realizing the safe transmission of the quantum key. The quantum computers can communicate with each other through a quantum network.
5. Quantum attack: is an attack algorithm running on a quantum computer, for example, an algorithm including a Shor algorithm (xiu er algorithm), a Grover algorithm, and the like, which can efficiently break certain passwords.
6. Quantum Key Distribution (QKD): the method is a safe key distribution technology realized by utilizing the Haisenberg uncertainty principle of quantum mechanics and the quantum state unclonable theorem. In the quantum key distribution process, a quantum key is generated by one quantum device and is transmitted to the other quantum device through a quantum network, so that a shared quantum key is formed between the two quantum devices.
7. Asymmetric cryptographic algorithm: the algorithm that the sender and the receiver adopt different keys to encrypt and decrypt is also called as public key cryptography algorithm. In asymmetric cryptography, there is a pair of keys, a private key and a public key, respectively. The private key is kept secret by the key to the owner and cannot be published. The public key is published to others by the key pair holder. Data encrypted with the public key can only be decrypted using the corresponding private key. Data signed with the private key can only be signed using the corresponding public key. The currently commonly used asymmetric cryptographic algorithms include RSA algorithm, ECC algorithm and the like.
8. Post quantum cryptography (post quantum cryptography, PQC) regime: is a public key cryptosystem comprising a key generation algorithm, an encryption algorithm and a decryption algorithm. The algorithms contained in the post quantum cryptography are collectively referred to as post quantum cryptography algorithms. Post quantum cryptography algorithms are asymmetric cryptography algorithms that can run on classical computers. The post quantum cryptography algorithm has quantum resistance, namely can resist quantum attack and cannot be cracked by a quantum computer. The quantum resistance of the post quantum cryptography algorithm is not dependent on quantum mechanics, but is realized based on the mathematical problem that the quantum computer cannot be cracked at present. Post quantum cryptography algorithms include algorithms implemented on a lattice-based, code-based, homology-based, or multivariate-based basis, etc. subdivision species.
9. Digital signature (signature for short): is a protection means for sender data. The sender signs the message using the private key. Any third party without a private key cannot forge the signature. Any third party that has the public key corresponding to the private key held by the sender can check the signature to confirm the source and integrity of the message.
10. Signature verification (short for signature verification): after receiving the data, the receiver adopts the public key to check the signature and outputs a Boolean value to indicate that the signature is legal (check pass) or illegal (check fail). If the verification passes, it is indicated that the data has not been tampered with. If the verification signature does not pass, the data is tampered. Signature verification can be used to verify the integrity of the data (without tampering) and the authenticity of the data source (not spurious or counterfeit data).
11. Digital certificate (certificate for short): is an identity card for a device, user or application in the digital world. The certificate contains the applicant information and a signature of the applicant information by a certificate authority (certificate authority, CA). The applicant information includes the public key of the key pair held by the applicant. Optionally, the applicant information further comprises identity information of the applicant. For example, the applicant is a device, and the identity information of the applicant is a device identifier capable of uniquely identifying the device. Optionally, the device identification of a device includes, but is not limited to, one or more of a device serial number, a media access control (Media Access Control, MAC) address of the device, or an internet protocol (Internet Protocol, IP) address of the device. After receiving the certificate from the sender, the receiver uses the public key (also called the CA root certificate) in the 'unified key pair' of the certificate authority to verify the certificate, so as to confirm whether the public key in the certificate is from the sender.
12. Message authentication code (message authentication code, MAC): for verifying message integrity (without tampering) and the authenticity of the source of the message (not spurious or fake data). The authentication principle of the message authentication code is as follows: the sender and the receiver negotiate the shared key in advance, and the sender uses the shared key to generate the MAC value of the message with any length, and then transmits the message and the MAC value to the receiver. The receiving side generates a MAC value of the message using the shared key and compares the MAC value generated by itself with the MAC value received from the transmitting side. If the MAC values agree, the receiver determines that the message did come from the sender and was not tampered with (authenticated). Conversely, if the MAC values are not consistent, the receiver may determine that the message was not from the sender or tampered with during transmission (authentication failed).
Quantum keys are generated and distributed by quantum devices. For the case where the application device and the quantum device are deployed in different security domains, if the application device is to use the quantum key, the quantum key needs to be transmitted from the quantum device to the application device via a classical network. In this case, in order to enable the application device to communicate securely based on the quantum key, it is first necessary to solve the "last kilometer" problem of the quantum key transmission, i.e. to guarantee the security and reliability of the quantum key transmission in the classical network. In order to ensure the safety and reliability of the transmission of the quantum key in the classical network, the following three problems need to be solved.
First, authentication problems. The quantum key needs to be delivered to the correct target user, who needs to confirm the correct source of the quantum key. Therefore, the quantum device and the application device need to be able to mutually authenticate each other to resist counterfeiting attacks during interaction. Counterfeit attacks include, for example, malicious application devices impersonating legitimate application devices interacting with the quantum device, thereby stealing the quantum key.
Second, transport confidentiality issues. Quantum keys need to be transmitted in the classical network in the form of ciphertext. The quantum device therefore needs to employ an encryption algorithm to cryptographically protect the quantum key. And the selected encryption algorithm must have quantum resistance so as to avoid the encryption algorithm from being cracked by a quantum computer and causing the leakage of a quantum key.
Third, message integrity issues. Both the application device and the quantum device need to ensure that the received message is not tampered with. Therefore, both the quantum device and the application device need to be able to verify the integrity of the received message content.
Based on the above, the application provides a technical scheme for transmitting the quantum key. The technical scheme is implemented by matching the application equipment and the quantum equipment. The application device transmits a key request message to the vector sub-device, wherein the key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application device. If the quantum device verifies the first message authentication code value, the quantum device sends a key response message to the application device, wherein the key response message comprises a first ciphertext and a second message authentication code value. And if the application equipment verifies the second message authentication code value, the application equipment adopts the first private key to decrypt the first ciphertext to obtain quantum key information distributed to the application equipment by the quantum equipment.
The first public key and the first private key are from a key pair obtained by a quantum key generation algorithm after the application device runs. The first ciphertext is obtained by encrypting quantum key information distributed to the application device by the quantum device by using the first public key. The quantum key information includes a quantum key. The first public key of the quantum device for encrypting the quantum key information is obtained by a quantum key generation algorithm after the application device operates, so that the quantum device can transmit the quantum key to the application device in a ciphertext mode after encrypting the quantum key by adopting a post-quantum encryption algorithm, and the transmission confidentiality of the quantum key is ensured. In addition, the transmitted ciphertext is encrypted by adopting a post-quantum encryption algorithm, so that quantum attack can be resisted, and leakage of a quantum key caused by cracking of the ciphertext by a quantum computer is avoided.
The first message authentication code value is obtained by calculating first authentication information by the application device based on a shared key corresponding to the quantum device and the user identifier, and the first authentication information comprises a first public key. After receiving a key request message from an application device, the quantum device acquires first authentication information and storage information corresponding to a user identifier in the key request message based on the key request message, wherein the storage information comprises a shared key corresponding to the user identifier by the quantum device. The quantum device then verifies the first message authentication code value based on the obtained shared key and the first authentication information. If the quantum device verifies the first message authentication code value, the fact that the key request message is from the other party holding the shared key is indicated, and content (including the first public key) carried by the key request message in the first authentication information is not tampered in the transmission process. Therefore, the first message authentication code value can be used for the quantum device to carry out identity authentication on the application device (namely, verifying the source reliability of the key request message) and can also be used for the quantum device to carry out message integrity verification on the key request message.
The second message authentication code value is calculated by the quantum device on the basis of the shared key corresponding to the user identifier by the quantum device, and the second authentication information comprises the first ciphertext. And after receiving the key response message from the quantum device, the application device acquires second authentication information based on the key response message. And then the application device verifies the second message authentication code value based on the shared key corresponding to the quantum device and the user identifier and the second authentication information. If the application device verifies the second message authentication code value, the key response message is from the other party holding the shared key, and the content (including the first ciphertext) carried by the key response message in the second authentication information is not tampered in the transmission process. Therefore, the second message authentication code value can be used for the application device to carry out identity authentication on the quantum device (namely, verify the source reliability of the key response message) and can also be used for the application device to carry out message integrity verification on the key response message.
Based on the above discussion, through implementing the technical scheme to transmit the quantum key, the application device and the quantum device can perform bidirectional identity authentication, and can also perform message integrity verification on the respectively received messages, and meanwhile, the transmission confidentiality of the quantum key is ensured. And further, the safety and reliability of the transmission of the quantum key in the classical network are realized.
The quantum key transmission method provided by the embodiment of the application has two implementation scenes. In one implementation scenario, a specific application device is taken as a service object, and a quantum device is used for distributing a quantum key for the application device. In this implementation scenario, the user identifier corresponding to the application device is the device identifier of the application device. The shared key corresponding to the quantum device and the user identifier is a shared key between the quantum device and the specific application device, that is, one party holding the shared key is the quantum device, and the other party is the specific application device. In another implementation scenario, a user account is taken as a service object, and the quantum device is used for distributing a quantum key to an application device registered by the user account. In this implementation scenario, the user identifier corresponding to the application device is a user account for logging in the application device. The shared secret key corresponding to the quantum device and the user identifier is the shared secret key between the quantum device and the user account, one party holding the shared secret key is the quantum device, and the other party is any application device registered by the user account.
The following describes the technical scheme in detail from various angles such as application scene, method flow, functional module, system, hardware device, software device, etc.
The application scenario of the embodiment of the present application is illustrated below.
For example, fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application. As shown in fig. 1, the application scenario mainly relates to two types of devices, namely an application device and a quantum device. Alternatively, one quantum device is used to provide quantum services for one or more application devices, i.e. one quantum device is capable of distributing quantum keys for one or more application devices. Optionally, the quantum device and the application device communicate via a classical network. For example, the quantum device communicates with the application device based on a transmission control protocol/internet protocol (Transmission Control Protocol/Internet Protocol, TCP/IP).
Optionally, the application device includes, but is not limited to, a network device such as a router, switch, or firewall. Or, the application device is a terminal device such as a computer, a mobile phone, or an internet of things (internet of things, ioT) terminal. Or, the application device is a server or other devices with communication requirements such as a cloud platform. Quantum devices are quantum computers capable of generating or storing quantum keys. The quantum device in the embodiments of the present application may also be referred to as a quantum key distribution device.
The following is an illustration of a method flow of an embodiment of the present application.
For example, fig. 2 is a schematic flow chart of an implementation of a quantum key transmission method 200 according to an embodiment of the present application. As shown in fig. 2, the method 200 includes steps 201 to 208. Alternatively, the quantum device in method 200 is the quantum device in fig. 1. The application device in method 200 is any of the application devices in fig. 1.
Step 201, an application device transmits a key request message to a sub-device, where the key request message includes a user identifier, a first public key, and a first message authentication code value corresponding to the application device.
The user identifier corresponding to the application device in the key request message is used for indicating the service object of the quantum device, so that the quantum device can acquire the storage information corresponding to the service object, that is, the user identifier corresponding to the application device is used for the quantum device to acquire the corresponding storage information. The stored information includes a shared key of the quantum device corresponding to the user identification. Optionally, if the user identifier corresponding to the application device is the device identifier of the application device, the shared key corresponding to the quantum device and the user identifier is a shared key between the quantum device and the application device. In this case, the shared key is stored in advance in the application device, and the application device can directly acquire the stored shared key. Or if the user identifier corresponding to the application device is a user account number logging in the application device, the shared key corresponding to the quantum device and the user identifier is a shared key between the quantum device and the user account number. In this case, the shared key is bound to the user account, and after the user account logs in on the application device, the application device can obtain the shared key bound to the user account.
The first public key in the key request message is used for the quantum device to encrypt the quantum key information allocated to the application device that sent the key request message. The quantum key information includes a quantum key. Optionally, the quantum key information further comprises a key identification of the quantum key. In the embodiment of the application, the private key corresponding to the first public key is called a first private key. The first public key and the first private key are respectively a public key and a private key of a key pair obtained by a quantum key generation algorithm after the application device runs.
The first message authentication code value in the key request message is obtained by the application device by calculating the first authentication information based on the shared key corresponding to the quantum device and the user identifier. The first authentication information includes a first public key. Optionally, the first authentication information further includes a device identifier of the quantum device and/or a user identifier carried in the key request message. The first message authentication code value is used for carrying out identity authentication on the application equipment by the quantum equipment and carrying out message integrity authentication on the key request message by the quantum equipment.
Optionally, a quantum device is used to distribute the quantum key to one or more service objects. Different service objects use different passwords for identity authentication by the quantum device. Optionally, the shared key corresponding to the quantum device and the user identifier is obtained based on a target password, where the target password is a password used by the service object indicated by the user identifier.
Optionally, before executing step 201, in response to acquiring the input quantum key acquisition instruction, the application device runs a post-run quantum key generation algorithm to generate a key pair. The quantum key acquisition instruction includes a target password. The application device then calculates a first message authentication code value based on the shared key for the first authentication information including the first public key. For example, when a user enters a target password on an application device, the application device determines that a quantum key acquisition instruction was acquired. Optionally, when the number of password input errors on the application device reaches a preset number threshold, the application device locks the password input interface. The embodiment of the application limits the trial-and-error times of an attacker by limiting the error input times of the password, and can resist the online dictionary attack.
Optionally, the first message authentication code value is a Hashed Message Authentication Code (HMAC) value.
In the embodiment of the application, each time the application equipment acquires the quantum key acquisition instruction, the quantum key generation algorithm generates the temporary key pair after running, so that the quantum equipment adopts the public key generated temporarily by the application equipment to encrypt and protect the quantum key information instead of using the private key of the quantum equipment to encrypt and protect the quantum key information when the application equipment requests the quantum key each time. Therefore, even if the private key used by the quantum device for a long time is leaked, the leakage of quantum key information transmitted by the quantum device and the application device in the previous communication process can not be caused. The security of the quantum key obtained by the application equipment in the history is guaranteed, so that the historical communication security of the application equipment is guaranteed.
Or when the application device requests the quantum key, a fixed key pair is used, so that the application device does not need to generate the key pair after acquiring the quantum key acquisition instruction, and the efficiency of the application device for acquiring the quantum key can be improved. For example, when the service object is an application device, the application device generates and stores a key pair in advance, and in response to acquiring the quantum key acquisition instruction, the application device directly acquires the public key from the stored key pair and calculates a message authentication code value. When the service object is a user account, the user account is pre-bound with a key pair, and in response to obtaining a quantum key obtaining instruction, the application equipment logging in the user account directly obtains a public key from the key pair bound with the user account and calculates to obtain a message authentication code value.
Optionally, before performing step 201, the application device generates a derivative key based on the target password using a key derivation function (key derivation function, KDF). The key derivation function is used to derive one or more keys from the secret value using a pseudo-random function. The secret value is the original key, and the derived key is the derivative key. For example, the use of a key derivation function is expressed as: dk=kdf (Key, salt, cations). Where DK is the derivative key. The KDF is a key derivation function. Key is the original Key. Salt is a random number (hereinafter simply referred to as a random Salt value) as a Salt of a password. Iteration number refers to the number of Iterations. The random salt value and the number of iterations may be collectively referred to as a key derivation function parameter value. In the embodiment of the application, the target password is used as part or all of the original key used by the key derivation function. The shared key corresponding to the quantum device and the user identifier is obtained based on the derivative key. Optionally, the shared key is derived based on the derivative key, including: the shared key is a derivative key or, alternatively, the shared key is a hash value of the derivative key.
In the embodiment of the application, the shared secret key is obtained by using the derived secret key to replace the target password, so that when the application equipment and the quantum equipment synchronize the shared secret key, the application equipment only needs to transmit the derived secret key obtained based on the target password to the vector sub-equipment. Even if the derivative secret key is stolen in the transmission process or when the derivative secret key is stored in the quantum device, the target password used by the service object cannot be restored by the thief, so that the problem that the thief imitates the service object to request the quantum secret key from the quantum device can be avoided.
Optionally, the key derivation function employed by the application device includes, but is not limited to, a hash function or a password-based key derivation function (password-based key derivation function, pbkdf 2). For example, the application device adopts PBKDF2 as a key derivation function, the target password is pwd, the random salt value is salt, the iteration number is i, and the derived key UK obtained based on the target password satisfies the following conditions: uk=pbkdf 2 (pwd||secret, salt, i). Where "secret" is a secret that the application device generates and maintains itself. The symbol "||" in the embodiments of the present application means "sum" or "union". The application equipment uses the pwd and secret together as the original key to generate the derivative key, so that the possibility of obtaining the target password based on cracking and restoring the derivative key can be reduced, and the offline dictionary attack can be resisted to a certain extent, thereby further improving the confidentiality and the use security of the target password.
Step 202, after receiving a key request message from an application device, a quantum device obtains first authentication information and storage information corresponding to a user identifier based on the key request message, where the storage information includes a shared key corresponding to the user identifier by the quantum device.
The quantum device obtains first authentication information based on the key request message, including the quantum device obtaining a first public key from the key request message. Optionally, the quantum device stores storage information corresponding to one or more user identifiers. The storage information corresponding to each user identifier comprises a shared key corresponding to the quantum device and the user identifier. The quantum device obtains the storage information corresponding to the user identifier based on the key request message, that is, the quantum device obtains the storage information corresponding to the user identifier carried by the key request message.
Step 203, the quantum device verifies the first message authentication code value based on the shared key and the first authentication information.
The first authentication information in step 203 is the authentication information acquired by the quantum device based on the received key request message in step 202. If the key request message sent by the application device in step 201 is not tampered in the transmission process, the first authentication information acquired by the quantum device in step 202 is consistent with the content of the first authentication information used by the application device in step 201 to calculate the first message authentication code value. Optionally, the implementation manner of step 203 is: the quantum device calculates a fourth message authentication code value based on the shared key for the first authentication information. If the fourth message authentication code value is the same as the first message authentication code value, the quantum device determines that the first message authentication code value is verified. Otherwise, if the fourth message authentication code value is different from the first message authentication code value, the quantum device determines that the first message authentication code value is not verified.
If the quantum device verifies the first message authentication code value, the quantum device indicates that the key request message received by the quantum device is from the other party holding the shared key, and content (at least including the first public key) carried by the key request message in the first authentication information is not tampered in the transmission process, and in this case, the quantum device provides the quantum key to the requester. If the quantum device verifies the first message authentication code value, the quantum device indicates that the key request message received by the quantum device is not from the other party holding the shared key, or the content carried by the key request message in the first authentication information is tampered in the transmission process, and in this case, the quantum device does not provide the quantum key to the requester. In the embodiment of the application, the first message authentication code value is carried in the key request message sent by the application device, so that the quantum device can carry out identity authentication (namely, verify the source reliability of the key request message) on the application device and carry out message integrity verification on the key request message.
And 204, if the quantum device verifies the first message authentication code value, the quantum device encrypts the quantum key information by adopting the first public key to obtain a first ciphertext.
The quantum key information includes a quantum key. Optionally, the quantum key information further comprises a key identification of the quantum key.
The first public key of the quantum device for encrypting the quantum key information is obtained by a quantum key generation algorithm after the application device operates, so that the quantum device can transmit the quantum key to the application device in a ciphertext mode after encrypting the quantum key by adopting a post-quantum encryption algorithm, and the transmission confidentiality of the quantum key is ensured. In addition, the first ciphertext is obtained by encrypting the post-quantum encryption algorithm, so that quantum attack can be resisted, and leakage of a quantum key caused by the fact that the first ciphertext is cracked by a quantum computer is avoided.
Optionally, after determining the quantum key information allocated to the application device, the quantum device adds the quantum key information to the storage information corresponding to the user identifier corresponding to the application device, so that when other application devices need to communicate with the application device based on the quantum key, the quantum device can directly or indirectly provide the quantum key used by the application device to other application devices, thereby realizing secure communication between the application devices.
Step 205, the quantum device calculates a second message authentication code value based on the shared key for the second authentication information, where the second authentication information includes the first ciphertext.
Optionally, the second authentication information further includes a device identifier of the quantum device and/or a user identifier carried in the key request message. Optionally, the second message authentication code value is a Hashed Message Authentication Code (HMAC) value.
In step 206, the quantum device sends a key response message corresponding to the key request message to the application device, where the key response message includes a first ciphertext and a second message authentication code value.
Step 207, after receiving the key response message from the quantum device, the application device verifies the second message authentication code value based on the shared key and the second authentication information.
The second authentication information in step 207 is authentication information acquired by the application device based on the received key response message. If the key response message sent by the quantum device in step 206 is not tampered in the transmission process, the authentication information acquired by the application device based on the key response message is consistent with the content of the second authentication information used by the application device to calculate the second message authentication code value in step 205. Optionally, the implementation manner of step 207 is: the application device calculates a third message authentication code value based on the shared key for the second authentication information. If the third message authentication code value is the same as the second message authentication code value, the application device determines that the second message authentication code value is verified. Otherwise, if the third message authentication code value is different from the second message authentication code value, the application device determines that the second message authentication code value is not verified.
If the application device verifies the second message authentication code value, the fact that the key response message received by the application device is from the other party with the shared key is indicated, and content (at least including the first ciphertext) carried by the key response message in the second authentication information is not tampered in the transmission process, in this case, it is indicated that quantum key information carried in the key response message is reliable, and the application device further extracts the quantum key information carried in the key response message. If the application device verifies the second message authentication code value, it indicates that the key response message received by the application device is not from another party holding the shared key, or the content carried by the key response message in the second authentication information is tampered in the transmission process, where the quantum key information carried in the key response message is unreliable, and the application device does not process the information in the key response message. In the embodiment of the application, the second message authentication code value is carried in the key response message sent by the quantum device, so that the application device can carry out identity authentication on the quantum device (namely, verify the source reliability of the key response message) and carry out message integrity verification on the key response message.
And step 208, if the application device verifies the second message authentication code value, the application device decrypts the first ciphertext by adopting the first private key to obtain quantum key information.
Optionally, the stored information corresponding to the user identifier in the quantum device includes a second statistical value, where the second statistical value is the number of times of sending the key request message including the user identifier recorded by the quantum device. The key request message further comprises a first statistic value, wherein the first statistic value is the sending times of the key request message including the user identifier recorded by the application equipment. Optionally, the first authentication information further comprises a first statistical value. If the service object is an application device, the first statistics value is the number of times of key request messages including a device identifier (user identifier) of the application device sent by the application device. In specific implementation, the number of times of sending the key request message is recorded by setting a counter in the application device. Every time the application device sends a key request message, the counter is increased by a set increment value. If the service object is a user account, the first statistical value is the number of times of key request messages including the user account (user identifier) sent by all application devices logged in by the user account.
Optionally, before the application device transmits the key request message including the user identifier to the sub-device (i.e., before performing step 201), the application device obtains the historical number of transmissions of the key request message including the user identifier. The application device increases a set increment value on the historical transmission times to obtain a first statistic value. That is, the first statistic value calculated by the application device is calculated by the key request message sent this time. Alternatively, the increment value is set to 1. Correspondingly, after receiving the key request message, the quantum device stops the quantum key transmission flow if the second statistical value in the stored information corresponding to the acquired user identifier is greater than or equal to the first statistical value. If the second statistical value is smaller than the first statistical value, the quantum device updates the second statistical value to enable the updated second statistical value to be equal to the first statistical value. Before the quantum device updates the stored statistic value based on the received key request message, the number of times of sending the recorded key request message should be smaller than the number of times of sending the key request message recorded by the application device. If the first statistic value carried in the key request message is smaller than or equal to the second statistic value stored by the quantum device, it is indicated that the key request message is possibly repeatedly sent by an attacker, that is, the key request message is possibly a replay attack message, so that replay attack detection of the quantum device side is realized. Optionally, if the second statistical value in the stored information corresponding to the obtained user identifier is greater than or equal to the first statistical value, the quantum device further outputs an alarm prompt, where the alarm prompt is used to indicate that the key request is abnormal, and is helpful for related personnel to timely process the abnormal situation.
Optionally, the quantum device verifies the first message authentication code value again (i.e. performs step 203) if it is determined that the second statistic is smaller than the first statistic.
Optionally, the key response message further includes updated second statistics. Optionally, the second authentication information further comprises an updated second statistic. After receiving the key response message, the application device stops the quantum key transmission flow if the statistic value (updated second statistic value) carried in the key response message is not equal to the statistic value (first statistic value) recorded by the application device. After the quantum device updates the stored statistic value based on the received key request message, the number of times of sending the recorded key request message should be equal to the number of times of sending the key request message recorded by the application device. If the statistic value carried in the key response message is not equal to the statistic value recorded by the application equipment, it is indicated that the key response message is possibly repeatedly sent by an attacker, that is, the key response message is possibly a replay attack message, so that replay attack detection of the application equipment side is realized. Optionally, if the statistic value carried in the key response message is not equal to the statistic value recorded by the application device, the application device further outputs an alarm prompt, and the alarm prompt is used for indicating that the key request is abnormal, so that related personnel can process the abnormal situation in time.
Optionally, the application device verifies the second message authentication code value again (i.e. performs step 207) if the updated second statistic is equal to the first statistic.
According to the quantum key transmission method provided by the embodiment of the application, in the process that the application equipment requests to acquire the quantum key to the quantum equipment, the application equipment and the quantum equipment can perform bidirectional identity authentication, and can also respectively perform message integrity verification on the messages received by the application equipment and the quantum equipment, and meanwhile, the transmission confidentiality of the quantum key is ensured. And further, the safety and reliability of the transmission of the quantum key in the classical network are realized. In addition, the process of acquiring the quantum key by using the device vector sub-device can complete the transmission of the quantum key and the identity authentication of both parties only by one round of message (key request message and key response message) interaction, and the interaction process is simple. In addition, in the embodiment of the application, the bidirectional identity authentication between the application equipment and the quantum equipment and the message integrity verification are realized based on the message authentication code. In the existing scheme of authentication key exchange based on certificates of both communication parties, such as bidirectional authentication of transport layer security (transport layer security, TLS), the communication party needs to use a private key to sign a message in a handshake stage, and the other communication party needs to use a corresponding public key to perform signature verification so as to ensure the validity of the source of the message and the integrity of the content. On the one hand, the operation efficiency of the message authentication code is higher than that of the signature, so that compared with the existing authentication key exchange scheme, the scheme of the application has higher key acquisition efficiency by the application device. On the other hand, as the primitives such as the message authentication code can resist quantum attack, and the signature algorithm used by the existing communication party generally does not have quantum resistance, compared with the existing authentication key exchange scheme, the scheme of the application has higher reliability of identity authentication and message integrity verification on the communication party.
Optionally, the technical scheme of the application is divided into two implementation stages, namely a registration stage and a quantum key acquisition stage. The service object completes registration on the quantum device in a registration stage to establish first mutual trust with the quantum device. The service object completes registration on the quantum device, and the synchronization of the shared secret key is completed between the service object and the quantum device. And the service object completes mutual identity authentication with the quantum equipment in the quantum key acquisition stage and the transmission of the quantum key. For example, the method 200 described above describes the implementation flow of the quantum key acquisition phase. The registration stage and the quantum key acquisition stage are mutually independent, and after the service object finishes one registration, the service object can request the quantum device for acquiring the quantum key for multiple times. For example, the service object is an application device, and after the application device completes registration on the quantum device, the application device can execute the quantum key acquisition procedure multiple times to acquire the quantum key from the quantum device. For another example, the service object is a user account, the user account logs in an application device to complete registration on the quantum device, and then the user account can log in the application device or other application devices multiple times, so that the application device logged in each time executes a quantum key obtaining procedure to obtain a quantum key from the quantum device. It should be noted that, in the case that the service object is an application device, the application device that completes the registration procedure with the quantum device and the application device that requests to obtain the quantum key with the vector child device can only be the same application device. In this case, the application device in the above method 200 is the same application device as the application device in the below method 300. Under the condition that the service object is a user account, the application device which completes the registration process with the quantum device and the application device which requests to acquire the quantum key by the vector child device are the same application device or different application devices which log in the same user account. In this case, the application device in the above method 200 and the application device in the below method 300 are application devices (the same device or different devices) that log in the same user account.
The following embodiments of the present application describe the implementation flow of the registration phase. For example, fig. 3 is a schematic flow chart of an implementation of a quantum key transmission method 300 according to an embodiment of the present application. The method 300 only shows the implementation flow of the registration stage, and after the application device completes registration on the quantum device, the process of requesting to obtain the quantum key by the vector child device may refer to the above-mentioned method 200, and the embodiments of the present application are not described herein again. As shown in fig. 3, the method 300 includes steps 301 to 310.
Step 301, an application device transmits a registration request message to a vector child device.
The registration request message is used for applying for initiating a registration process to the quantum device. Optionally, the registration request message indicates a cryptographic algorithm supported by the application device. For example, the registration request message indicates a message authentication code generation algorithm, a key derivation function algorithm, a post quantum cryptography algorithm, or the like supported by the application device.
Step 302, after receiving a registration request message from an application device, the quantum device sends a registration response message to the application device, where the registration response message includes a certificate of the quantum device, and the certificate includes a second public key.
The second public key is the public key of the key pair held by the quantum device. In the embodiment of the application, the private key corresponding to the second public key is called a second private key. The second public key and the second private key are divided into a public key and a private key in a key pair obtained by a quantum key generation algorithm after the quantum device operates.
Optionally, the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device. The target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value (i.e., an algorithm used by the application device to calculate the first message authentication code value in step 201 described above), a generation algorithm of the second message authentication code value (i.e., an algorithm used by the quantum device to calculate the second message authentication code value in step 205 described above), or a generation algorithm of the shared key (i.e., an algorithm to derive the shared key based on the derivative key in step 201 described above). Optionally, the target key algorithm further comprises a post quantum cryptography algorithm used by the application device to generate the first public key and the first private key (step 201), and/or a post quantum cryptography algorithm used by the quantum device to generate the second public key and the second private key (step 302). So that the application device can encrypt and decrypt the ciphertext by using a matched post quantum encryption algorithm or a post quantum decryption algorithm.
Step 303, after receiving a registration response message corresponding to the registration request message from the quantum device, if the certificate verification of the quantum device by the application device passes, the application device obtains the user identifier and the target password.
The certificate of the quantum device also includes a signature of a third party certification authority (e.g., CA). The application device performs identity authentication on the quantum device based on the certificate of the quantum device. And the certificate verification of the application device on the quantum device is passed, namely the application device uses the public key provided by the third party certification authority to verify and sign the certificate of the quantum device. Thus, the application device can confirm that the public key in the certificate is indeed from the quantum device, and can further avoid counterfeit attacks. The target password acquired by the application equipment is a password corresponding to the user identifier acquired by the application equipment. In the embodiment of the application, the password corresponding to the user identifier is used as the password for requesting the service by the service object vector sub-equipment indicated by the user identifier.
Optionally, if the registration request message is used for requesting the application device that will send the registration request message as a service object, the application device uses its own device identifier as a user identifier. If the registration request message is used for requesting to register a user account as a service object, the application device creates the user account after receiving the registration response message, and takes the created user account as a user identifier.
Optionally, the target password is entered by the user. After receiving the registration response message, the application device displays a password input interface to prompt the user to input a password. The application device then uses the content entered by the user as the target password.
Step 304, the application device generates a derivative key based on the target password by adopting a key derivative function.
Optionally, the registration response message further includes a key derivation function parameter value, the key derivation function parameter value including a random salt value and/or a number of iterations. The quantum device indicates a random salt value and/or iteration number used by the application device when generating the derivative key by using the key derivation function by carrying the key derivation function parameter value in the registration response message. In this case, step 304 is implemented by the application device using the key derivation function to generate the derived key based on the target password and the key derivation function parameter value in the registration response message. The specific implementation of this step 304 may refer to the related description in step 201, and the embodiments of the present application are not described herein.
In step 305, the application device encrypts the registration information by using the second public key to obtain a second ciphertext, where the registration information includes the derivative key and the user identifier.
Optionally, in the case that the registration response message includes the key derivation function parameter value, the application device takes the key derivation function parameter value acquired from the registration response message as part of the registration information, that is, the registration information includes the key derivation function parameter value. For convenience of description, the key derivation function parameter value in the registration response message is referred to as a first key derivation function parameter value, and the key derivation function parameter value in the registration information is referred to as a second key derivation function parameter value.
The second public key used for encrypting the registration information by the application equipment is obtained by a quantum key generation algorithm after the quantum equipment operates, so that the application equipment can encrypt the registration information by adopting a post-quantum encryption algorithm and then transmit the registration information to the sub-equipment in a ciphertext mode, and the transmission confidentiality of the registration information is ensured. In addition, the second ciphertext is obtained by encrypting the post-quantum encryption algorithm, so that quantum attack can be resisted, and registration information leakage caused by the fact that the second ciphertext is cracked by a quantum computer is avoided.
Optionally, the registration information further comprises one or more of a key derivation function parameter value, a device identification of the quantum device, a hash value of a device identification of the application device, or a random number generated by the application device.
Step 306, the application device vector sub-device sends a registration message, where the registration message includes a second ciphertext.
Optionally, the registration message further includes a device identification of the application device. The registration information also includes a first hash value of a device identification of the application device.
And step 307, after the quantum device receives the registration message from the application device, decrypting the second ciphertext by using the second private key to obtain registration information.
Step 308, the quantum device stores the stored information corresponding to the user identifier.
The user identifier in step 308 is the user identifier obtained by the quantum device from the registration information decrypted in step 307. The stored information corresponding to the user identifier includes the user identifier and the shared key corresponding to the user identifier. The shared key is derived based on the derivative key in the registration information. For example, the quantum device uses the derivative key in the registration information as a shared key for the quantum device corresponding to the user identification in the registration information. Alternatively, the quantum device uses the hash value of the derivative key in the registration information as the shared key of the quantum device corresponding to the user identifier in the registration information. The method only needs to ensure that the processing mode of obtaining the shared key based on the derivative key by the application device and the quantum device is the same. Optionally, the storage information corresponding to the user identifier in the registration information further includes part or all of the content except the user identifier in the registration information. For example, the stored information corresponding to the user identifier stored in the quantum device includes the user identifier, the shared key corresponding to the user identifier, the random salt value and the iteration number used by the application device to calculate the derivative key, and the number of times of sending the key request message including the user identifier recorded by the quantum device. The initial value of the number of transmissions is 0.
Optionally, when the registration response message includes a first key derivation function parameter value and the registration information includes a second key derivation function parameter value, the quantum device compares the first key derivation function parameter value with the second key derivation function parameter value. And if the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, the quantum device stores the storage information corresponding to the user identification in the registration information.
Since the second key derivation function parameter value carried by the application device in the registration message is from the first key derivation function parameter value in the registration response message received by the application device, the first key derivation function parameter value and the second key derivation function parameter value should be identical. If the quantum device receives the registration message, it finds that the second key derivation function parameter value carried in the registration message from the application device is different from the first key derivation function parameter value carried in the registration response message sent by the quantum device, then it indicates that the registration message and/or the registration response message is tampered in the transmission process. According to the embodiment of the application, the quantum device is used for comparing the parameter value of the first key derivation function with the parameter value of the second key derivation function, so that the message integrity verification of the bidirectional transmission message between the quantum device and the application device can be realized.
Optionally, when the registration message includes a device identifier of the application device, and the registration information includes a first hash value of the device identifier of the application device, after the quantum device obtains the registration information, a second hash value of the device identifier of the application device in the registration information is calculated. And then the quantum equipment compares the first hash value carried in the registration message with the calculated second hash value. And if the first hash value is the same as the second hash value, the quantum equipment stores the storage information corresponding to the user identification.
If the first hash value carried in the registration message received by the quantum device is different from the second hash value calculated by the quantum device, the registration message is tampered in the transmission process. According to the embodiment of the application, the first hash value and the second hash value are compared through the quantum device, so that the message integrity verification of the message sent by the application device to the quantum device can be realized.
Optionally, the registration information further comprises a first random number generated by the application device. After the quantum device stores the stored information corresponding to the user identification in the registration information, the following steps 309 to 310 are continued.
Step 309, the quantum device sends a registration success response message to the application device, where the registration success response message is used to indicate that the user identifier in the registration information is registered successfully, and the registration success response message includes a second random number, where the second random number is from the registration information.
After the quantum device acquires the first random number from the registration information, the first random number is carried in a registration success response message. For convenience of description, the random number in the registration information is referred to as a first random number, and the random number in the registration success response message is referred to as a second random number. If the message transmitted between the quantum device and the application device is not tampered, the first random number and the second random number should be identical.
Step 310, after receiving the registration success response message from the quantum device, the application device determines that the user identifier is successfully registered if the second random number is the same as the first random number generated by the application device.
The application device determines that the user identification is successfully registered, that is, the application device determines that the service object indicated by the user identification is registered on the quantum device.
In the embodiment of the application, the identity authentication of the application equipment is based on a password mode. The identity authentication of the quantum device in the registration stage depends on the certificate, and the identity authentication in the quantum key acquisition stage depends on the derived key obtained based on the password. The application equipment and the quantum equipment realize mutual identity authentication no matter in a registration stage or a quantum key acquisition stage, so that the safety and reliability of quantum key transmission are ensured. In addition, in the registration stage, the application device encrypts the registration information by using a public key obtained by a quantum encryption algorithm after the quantum device operates, and then transmits the registration information to the sub-device in the form of ciphertext. In the quantum key acquisition stage, the quantum device encrypts the quantum key by adopting a public key obtained by a quantum key generation algorithm after the application device operates, and then transmits the quantum key to the application device in a ciphertext mode. The confidentiality of message transmission between the quantum equipment and the application equipment is realized, and meanwhile, the transmitted ciphertext can resist quantum attack, so that the risk of message leakage is reduced.
The sequence of the steps of the quantum key transmission method provided by the embodiment of the application can be properly adjusted, and the steps can be correspondingly increased or decreased according to the situation. Any method of modification within the scope of the present disclosure will be readily apparent to those skilled in the art, and are intended to be encompassed within the scope of the present disclosure.
The functional blocks of the quantum device and the application device are exemplified below.
The quantum device and the application device provided by the embodiment of the application are both provided with the key manager, and the core functions of the scheme of the application are respectively realized by the key managers of the quantum device and the application device.
For example, fig. 4 is a schematic structural diagram of a key manager in an application device according to an embodiment of the present application. As shown in fig. 4, the key manager in the application device includes a quantum service registration module and a quantum key request module. The quantum service registration module is responsible for applying for registering a service object to the vector child device and providing necessary identity materials to the vector child device, and specifically performs steps 301, 303 to 306 and 310. The quantum key request module comprises an identity authentication module and a quantum key decapsulation module. The identity authentication module is responsible for performing identity authentication on the interacted quantum device in the quantum key obtaining process, and specifically performs step 207 as described above. The quantum key decapsulation module is responsible for decapsulating the quantum key information sent by the quantum device to extract the true quantum key, and specifically performs step 208 as described above.
For example, fig. 5 is a schematic structural diagram of a key manager in a quantum device according to an embodiment of the present application. As shown in fig. 5, the key manager in the quantum device includes a registration request processing module and a quantum key request processing module. The registration request processing module is responsible for processing registration requests from the application device, specifically performing steps 302 and 307 to 309 as described above. The quantum key request processing module comprises an identity authentication module and a quantum key packaging module. The identity authentication module is responsible for authenticating the identity of the interactive application device, and specifically performs step 203 as described above. The quantum key request processing module is responsible for packaging the quantum key information, and specifically performs step 204 described above, so as to ensure the confidentiality of the transmission of the quantum key in the classical network.
The following is a description of a system according to an embodiment of the present application.
The embodiment of the application also provides a quantum key transmission system, which comprises the following steps: application devices and quantum devices. The application device interacts with the quantum device such that the application device is able to obtain the quantum key from the quantum device. For detailed operation of the application device and the quantum device, reference is made to the implementation of the quantum key acquisition phase described in method 200 above. For example, the application device is configured to perform step 201 and steps 207 to 208 in the method 200 described above. The quantum device is used to perform steps 202 through 206 of the method 200 described above.
Optionally, the application device also interacts with the quantum device such that the application device is able to complete registration of the service object on the quantum device. For detailed operation of the application device and quantum device, reference is made to the implementation of the registration phase described in method 300 above. For example, the application device is configured to perform step 301, step 303 to step 306, and step 310 in the method 300 described above. The quantum device is used to perform step 302 and steps 307 to 309 in the method 300 described above.
For example, fig. 6 is a schematic structural diagram of a quantum key transmission system according to an embodiment of the present application. As shown in fig. 6, the system includes a first application device and a first quantum device. The first application device completes the registration on the first quantum device, or the user account logged into the first application device completes the registration on the first quantum device, and the specific registration process may be described in the method 300 above. The first quantum device is capable of providing quantum services to the first application device. Optionally, when the first application device is a communication initiator, the first application device requests the first quantum device to obtain the quantum key. The process by which the first application device requests the first quantum device to obtain the quantum key may be referred to as described in method 200 above.
For example, the first application device is configured to send a key request message to the first quantum device. The key request message comprises a user identifier corresponding to the first application device, a first public key and a first message authentication code value. The first public key is a public key of a key pair obtained by a quantum key generation algorithm after the first application device operates. The first message authentication code value is obtained by calculating first authentication information by the first application device based on a shared key corresponding to the quantum device and the user identifier. The first authentication information includes a first public key. The first quantum device is used for acquiring first authentication information and storage information corresponding to the user identifier based on the key request message, wherein the storage information comprises a shared key. The first quantum device is to verify a first message authentication code value based on the shared key and the first authentication information. And if the first quantum device verifies the first message authentication code value, the first quantum device is used for encrypting the quantum key information by adopting the first public key to obtain a first ciphertext. The quantum key information includes a quantum key. The first quantum device is used for calculating second authentication information based on the shared secret key to obtain a second message authentication code value. The second authentication information includes the first ciphertext. The first quantum device is used for sending a key response message corresponding to the key request message to the first application device. The key response message includes a first ciphertext and a second message authentication code value. The first application device is used for acquiring second authentication information based on the key response message. The first application device is configured to verify the second message authentication code value based on the shared key and the second authentication information. And if the first application device verifies the second message authentication code value, the first application device is used for decrypting the first ciphertext by adopting the first private key to obtain quantum key information. The first private key is a private key in a key pair obtained by a quantum key generation algorithm after the first application device operates. The first private key is the private key corresponding to the first public key.
Optionally, the quantum key information allocated by the first quantum device to the first application device further includes a key identification of the quantum key.
Optionally, with continued reference to fig. 6, the system further includes a second application device and a second quantum device. The second application device completes the registration on the second quantum device, or the user account logged into the second application device completes the registration on the second quantum device, for a specific registration procedure, reference is made to the description in method 300 above. The second quantum device is capable of providing quantum services to a second application device. Optionally, when the second application device is a communication receiver, the second application device requests to the second quantum device to obtain the quantum key of the communication initiator.
For example, the first quantum device is also used to send quantum key information to the second quantum device. The first application device is also configured to send the key identification to the second application device. The second application device is configured to send a key acquisition request to the second quantum device, the key acquisition request including a key identification. The second quantum device is to send the quantum key to the second application device based on the key identification. The first application device and the second application device are configured to communicate based on the quantum key.
The method of sending the key obtaining request by the second application device to the second quantum device may refer to the method of sending the key request message by the application device to the sub-device in the method 200, and the specific process may refer to step 201 in the method 200. For example, the key acquisition request may include more key identifications than the key request message to instruct the second quantum device to acquire the quantum key indicated by the key identifications. The processing manner of the second quantum device to the key obtaining request may refer to the processing manner of the quantum device to the key request message in the method 200, and the specific process may refer to steps 202 to 206 in the method 200, where the difference is that the encrypted object of the second quantum device is the quantum key indicated by the key identifier. Accordingly, the processing manner of the second application device on the ciphertext obtained by encrypting the quantum key from the second quantum device may refer to the processing manner of the application device on the key response message in the method 200, and the specific process may refer to steps 207 to 208 in the method 200.
Optionally, with continued reference to fig. 6, the first quantum device communicates with the second quantum device over a quantum network. The first quantum device communicates with the first application device over a classical network. The second quantum device communicates with a second application device over a classical network. The first application device communicates with the second application device over a classical network.
The system shown in fig. 6 is illustrated by taking a case where a quantum device (first quantum device) that provides a quantum service to a first application device is different from a quantum device (second quantum device) that provides a quantum service to a second application device. If the first application device and the second application device are provided with quantum service by the same quantum device, the step of synchronizing quantum key information between the two quantum devices is omitted when the technical scheme is realized.
The quantum key transmission system provided by the embodiment of the application realizes the safe and reliable transmission of the quantum key from the quantum device to the application device across the security domain. When two application devices communicating through a classical network need to communicate using a quantum key, a communication initiator obtains the quantum key and a key identification from the corresponding quantum device. The communication initiator then synchronizes the key identification to the communication receiver over the classical network. If the communication initiator and the communication receiver provide quantum services by different quantum devices, the quantum device corresponding to the communication initiator synchronizes the quantum key and the key identification with the quantum device corresponding to the communication receiver. Thus, the communication receiver can request the quantum key corresponding to the key identification from the corresponding quantum device, and further the communication parties can communicate based on the quantum key. Because the process of the quantum key transmitted from the quantum device to the application device is safe and reliable, the quantum key is always transmitted through the quantum network, and the key identification of the quantum key is transmitted between the two application devices and is not the quantum key, so that a stealer cannot steal the quantum key from the communication process of the two application devices, the whole process of the two communication parties for obtaining the quantum key is safe and reliable, and the communication safety and reliability can be further improved.
The basic hardware structure of the quantum device is illustrated below.
For example, fig. 7 is a schematic hardware structure of an application device according to an embodiment of the present application. As shown in fig. 7, the application device 700 includes a processor 701 and a memory 702, and the memory 701 and the memory 702 are connected through a bus 703. Fig. 7 illustrates the processor 701 and the memory 702 independently of each other. Optionally, the processor 701 and the memory 702 are integrated. Alternatively, as seen in connection with FIG. 1, the application device 700 in FIG. 7 is any of the application devices shown in FIG. 1.
The memory 702 is used to store a computer program, including an operating system and program code. The memory 702 is a variety of types of storage media, such as read-only memory (ROM), random access memory (random access memory, RAM), electrically erasable programmable read-only memory (EEPROM), compact disk read-only memory (compact disc read-only memory), flash memory, optical memory, registers, optical disk storage, magnetic disk, or other magnetic storage device.
Wherein the processor 701 is a general-purpose processor or a special-purpose processor. Processor 701 may be a single-core processor or a multi-core processor. The processor 701 includes at least one circuit to perform the actions performed by the application device in the method 200 or the method 300 described above provided by the embodiments of the present application.
Optionally, the application device 700 further comprises a network interface 704, the network interface 704 being connected to the processor 701 and the memory 702 by a bus 703. The network interface 704 enables the application device 700 to communicate with quantum devices or other application devices. The processor 701 is capable of registering service objects and obtaining quantum keys, etc., and communicating with other application devices, etc., by interacting with the quantum devices through the network interface 704.
Optionally, the application device 700 further comprises an input/output (I/O) interface 705, the I/O interface 705 being connected to the processor 701 and the memory 702 via a bus 703. The processor 701 can receive input commands or data, etc., through the I/O interface 705. The I/O interface 705 is for the application device 700 to connect input devices such as a keyboard, mouse, etc. Alternatively, in some possible scenarios, the above-described network interface 704 and I/O interface 705 are collectively referred to as a communication interface.
Optionally, the application device 700 further comprises a display 706, the display 706 being connected to the processor 701 and the memory 702 by a bus 703. The display 706 can be used to display intermediate and/or final results, etc., generated by the processor 701 performing the methods described above, such as displaying an alert prompt. In one possible implementation, the display 706 is a touch screen to provide a human-machine interaction interface.
The bus 703 is of any type, among others, a communication bus for interconnecting the internal devices of the application device 700. Such as a system bus. The embodiment of the present application is described by taking the interconnection of the devices inside the application apparatus 700 through the bus 703 as an example, alternatively, the devices inside the application apparatus 700 may be communicatively connected to each other by a connection means other than the bus 703, for example, the devices inside the application apparatus 700 are interconnected through a logic interface inside the application apparatus 700.
The above devices may be provided on separate chips, or may be provided at least partially or entirely on the same chip. Whether the individual devices are independently disposed on different chips or integrally disposed on one or more chips is often dependent on the needs of the product design. The embodiment of the application does not limit the specific implementation form of the device.
The application device 700 shown in fig. 7 is merely exemplary, and in implementation, the application device 700 includes other components, which are not listed here. The application device 700 shown in fig. 7 may implement the transmission of the quantum key by performing all or part of the steps of the method provided by the above-described embodiments.
The basic hardware structure of the application device is exemplified below.
For example, fig. 8 is a schematic hardware structure of a quantum device according to an embodiment of the present application. As shown in fig. 8, the quantum device 800 includes a processor 801 and a memory 802, and the memory 801 and the memory 802 are connected through a bus 803. Fig. 8 illustrates the processor 801 and the memory 802 independently of each other. Optionally, the processor 801 and the memory 802 are integrated. Alternatively, as seen in connection with fig. 1, quantum device 800 in fig. 8 is the quantum device shown in fig. 1.
The memory 802 is used to store, among other things, a computer program that includes an operating system and program code. Memory 802 is a variety of types of storage media such as ROM, RAM, EEPROM, CD-ROM, flash memory, optical memory, registers, optical disk storage, magnetic disk, or other magnetic storage devices.
Wherein the processor 801 is a general purpose processor or a special purpose processor. Processor 801 may be a single-core processor or a multi-core processor. The processor 801 includes at least one circuit to perform the actions performed by the quantum devices in the above-described method 200 or method 300 provided by embodiments of the present application.
Optionally, quantum device 800 further comprises a network interface 804, network interface 804 being connected to processor 801 and memory 802 by bus 803. The network interface 804 enables the quantum device 800 to communicate with an application device or other quantum device. The processor 801 is capable of registering service objects and providing quantum keys and the like by interacting with application devices through the network interface 804, and synchronizing quantum key information and the like with other quantum devices.
Optionally, quantum device 800 further comprises an I/O interface 805, I/O interface 805 being connected to processor 801 and memory 802 by bus 803. The processor 801 can receive input commands or data, etc., through the I/O interface 805. The I/O interface 805 is used for the quantum device 800 to connect input devices such as a keyboard, mouse, etc. Optionally, in some possible scenarios, the above-described network interface 804 and I/O interface 805 are collectively referred to as a communication interface.
Optionally, quantum device 800 further comprises a display 806, display 806 being connected to processor 801 and memory 802 via bus 803. The display 806 can be used to display intermediate and/or final results, etc., generated by the processor 801 performing the methods described above, such as displaying an alert prompt. In one possible implementation, the display 806 is a touch-sensitive display screen to provide a human-machine interaction interface.
Bus 803 is any type of communication bus used to interconnect the internal devices of quantum device 800. Such as a system bus. The embodiments of the present application are illustrated with the devices inside the quantum device 800 being interconnected by the bus 803, alternatively, the devices inside the quantum device 800 may be communicatively connected to each other by other connection means besides the bus 803, for example, the devices inside the quantum device 800 may be interconnected by a logic interface inside the quantum device 800.
The above devices may be provided on separate chips, or may be provided at least partially or entirely on the same chip. Whether the individual devices are independently disposed on different chips or integrally disposed on one or more chips is often dependent on the needs of the product design. The embodiment of the application does not limit the specific implementation form of the device.
The quantum device 800 shown in fig. 8 is merely exemplary, and in implementation, the quantum device 800 includes other components, which are not listed here. The quantum device 800 shown in fig. 8 may enable the transmission of quantum keys by performing all or part of the steps of the methods provided by the embodiments described above.
The virtual device according to the embodiment of the present application is illustrated below.
Fig. 9 is a schematic structural diagram of an application device according to an embodiment of the present application. The application device having the structure shown in fig. 9 realizes the functions of the application device in the scheme described in the above embodiment. Alternatively, the application device shown in fig. 9 is any one of the application devices in the application scenario shown in fig. 1 or 6, the application device shown in fig. 4, or the application device shown in fig. 7, and functions of the application devices described in the embodiments shown in fig. 2 or 3 are performed. As shown in fig. 9, the application device 900 includes a transmission module 901, a reception module 902, and a processing module 903.
The sending module 901 is configured to send a key request packet to a quantum device, where the key request packet includes a user identifier corresponding to an application device, a first public key, and a first message authentication code value, the user identifier is used by the quantum device to obtain corresponding storage information, the storage information includes a shared key corresponding to the quantum device and the user identifier, the first public key is used by the quantum device to encrypt quantum key information allocated to the application device, the quantum key information includes a quantum key, the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the application device operates, the first message authentication code value is obtained by the application device based on the shared key to first authentication information, and the first authentication information includes the first public key.
The receiving module 902 is configured to receive a key response message corresponding to a key request message from a quantum device, where the key response message includes a first ciphertext and a second message authentication code value.
The processing module 903 is configured to verify the second message authentication code value based on the shared key and second authentication information, where the second authentication information includes the first ciphertext.
The processing module 903 is further configured to decrypt the first ciphertext with a first private key to obtain quantum key information if the application device verifies the second message authentication code value, where the first private key is a private key in the key pair.
Here, the detailed operation of the transmitting module 901, the receiving module 902 and the processing module 903 is described in the foregoing method embodiments. For example, the sending module 901 sends a key request message to the vector child device using step 201 of the method 200. The receiving module 902 receives a key response message from the quantum device using step 206 in the method 200. The processing module 903 processes the key response message from the quantum device using steps 207 and 208 of the method 200. Embodiments of the present application are not repeated here.
Optionally, the user identifier corresponding to the application device is a device identifier of the application device, or the user identifier corresponding to the application device is a user account for logging in the application device.
Optionally, the key request message further includes a first statistic value. The processing module 903 is further configured to obtain a historical number of times of sending the key request packet including the user identifier before the vector child device sends the key request packet. And adding a set increment value to the historical transmission times to obtain a first statistic value. The detailed operation of the processing module 903 may be described herein with reference to the relevant description of the method 200.
Optionally, the key response message further includes a second statistic. And the second statistical value is the number of times of sending the key request message including the user identifier, which is recorded by the quantum equipment. The processing module 903 is further configured to stop the quantum key transmission process if the second statistic value is not equal to the first statistic value after receiving the key response message. The detailed operation of the processing module 903 may be described herein with reference to the relevant description of the method 200.
Optionally, the first authentication information further comprises one or more of a device identification, a user identification, or a first statistic of the quantum device.
Optionally, the processing module 903 is further configured to generate, by using a key derivation function, a derived key based on the target password before the sending module 901 sends the key request message to the vector child device, where the shared key is obtained based on the derived key. The detailed operation of the processing module 903 may be described herein with reference to step 201 of the method 200.
Optionally, the processing module 903 is further configured to, before the sending module 901 sends the key request message to the sub-device, respond to obtaining an input quantum key obtaining instruction, and generate a key pair by using the post-operation quantum key generating algorithm, where the quantum key obtaining instruction includes a target password. And calculating the first authentication information based on the shared key to obtain a first message authentication code value. The detailed operation of the processing module 903 may be described herein with reference to step 201 of the method 200.
Optionally, the sending module 901 is further configured to send a registration request packet by the vector child device before the vector child device sends the key request packet. The receiving module 902 is further configured to receive a registration response message corresponding to the registration request message from the quantum device, where the registration response message includes a certificate of the quantum device, and the certificate includes the second public key. The processing module 903 is further configured to encrypt the registration information with the second public key to obtain a second ciphertext if the certificate is verified by the application device, where the registration information includes the derivative key and the user identifier. The sending module 901 is further configured to send a registration packet to the quantum device, where the registration packet includes a second ciphertext. The detailed operation of the sending module 901 may be referred to herein in the method 300 with respect to the description of steps 301 and 306. The detailed operation of the receiving module 902 may be described with reference to step 302 of the method 300. The detailed operation of the processing module 903 may be described with reference to step 305 of the method 300.
Optionally, the registration request message indicates a cryptographic algorithm supported by the application device, and the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, where the target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
Optionally, the registration response message further includes a key derivation function parameter value, the key derivation function parameter value including a random salt value and/or a number of iterations. The processing module 903 is further configured to obtain the user identifier and the target password after the receiving module 902 receives the registration response message, and generate a derivative key based on the target password and the parameter value of the key derivative function by using the key derivative function. The detailed operation of the processing module 903 may be described herein with reference to the steps 303 and 304 of the method 300.
Optionally, the registration message further includes a device identification of the application device. The registration information also includes a hash value of the device identification of the application device.
Optionally, the registration information further comprises a first random number generated by the application device. The receiving module 902 is further configured to receive a registration success response message from the quantum device, where the registration success response message is used to indicate that the user identifier is registered successfully, and the registration success response message includes a second random number. The processing module 903 is further configured to determine that the user identifier registration is successful if the second random number is the same as the first random number. The detailed operation of the receiving module 902 may be described herein with reference to step 309 of the method 300. The detailed operation of the processing module 903 may be described with reference to step 310 of the method 300.
Optionally, the processing module 903 is configured to calculate a third message authentication code value based on the shared key for the second authentication information. And if the third message authentication code value is the same as the second message authentication code value, determining that the second message authentication code value is verified. The detailed operation of the processing module 903 may be described herein with reference to step 207 of the method 200.
Optionally, the application device communicates with the quantum device over a classical network.
Fig. 10 is a schematic structural diagram of a quantum device according to an embodiment of the present application. The quantum device having the structure shown in fig. 10 realizes the functions of the quantum device in the scheme described in the above embodiment. Alternatively, the quantum device shown in fig. 10 is a quantum device in the application scenario shown in fig. 1 or fig. 6, a quantum device shown in fig. 5, or a quantum device shown in fig. 8, performing the functions of the quantum device described in the embodiment shown in fig. 2 or fig. 3. As shown in fig. 10, the quantum device 1000 includes a receiving module 1001, a processing module 1002, and a transmitting module 1003.
The receiving module 1001 is configured to receive a key request packet from an application device, where the key request packet includes a user identifier, a first public key, and a first message authentication code value corresponding to the application device.
The processing module 1002 is configured to obtain, based on the key request message, first authentication information and storage information corresponding to the user identifier, where the storage information includes a shared key corresponding to the quantum device and the user identifier, and the first authentication information includes a first public key.
The processing module 1002 is further configured to verify the first message authentication code value based on the shared key and the first authentication information.
The processing module 1002 is further configured to encrypt the quantum key information with the first public key to obtain a first ciphertext if the quantum device verifies the first message authentication code value, where the quantum key information includes a quantum key.
The processing module 1002 is further configured to calculate, based on the shared key, a second message authentication code value for second authentication information, where the second authentication information includes the first ciphertext.
And the sending module 1003 is configured to send a key response message corresponding to the key request message to the application device, where the key response message includes the first ciphertext and the second message authentication code value.
Here, the detailed operation of the receiving module 1001, the processing module 1002, and the transmitting module 1003 is described in the foregoing method embodiment. For example, the receiving module 1001 receives a key request message from an application device using step 201 in the method 200. The processing module 1002 processes the key request message from the application device using steps 202 to 205 in the method 200. The sending module 1003 sends a key response message to the application device in step 206 of the method 200. Embodiments of the present application are not repeated here.
Optionally, the user identifier corresponding to the application device is a device identifier of the application device, or the user identifier corresponding to the application device is a user account for logging in the application device.
Optionally, the key request message further includes a first statistic value, where the first statistic value is the number of times of sending the key request message including the user identifier recorded by the application device, the stored information includes a second statistic value, and the second statistic value is the number of times of sending the key request message including the user identifier recorded by the quantum device. The processing module 1002 is further configured to stop the quantum key transmission process if the second statistical value is greater than or equal to the first statistical value after the stored information corresponding to the user identifier is acquired. If the second statistical value is smaller than the first statistical value, the second statistical value is updated, and the updated second statistical value is equal to the first statistical value. The detailed operation of the processing module 1002 may be described herein with reference to the relevant description of the method 200.
Optionally, the key response message further includes updated second statistics.
Optionally, the second authentication information further comprises one or more of a device identification, a user identification, or an updated second statistic of the quantum device.
Optionally, the receiving module 1001 is further configured to receive a registration request packet from the application device. The sending module 1003 is further configured to send a registration response message to the application device, where the registration response message includes a certificate of the quantum device, and the certificate includes a second public key, where the second public key is a public key in a key pair obtained by a quantum key generation algorithm after the quantum device is operated. The processing module 1002 is further configured to decrypt, if the receiving module 1001 receives a registration message including a second ciphertext from the application device, the second ciphertext with a second private key to obtain registration information, where the registration information includes a derivative key and a user identifier corresponding to the application device, the second private key is a private key in a key pair, and store storage information corresponding to the user identifier, where the storage information includes a shared key and the user identifier obtained based on the derivative key. The detailed operation of the receiving module 1001 may be described herein with reference to steps 301 and 306 of the method 300. For detailed operation of the processing module 1002, reference is made to the relevant descriptions of steps 307 and 308 of the method 300. The detailed operation of the transmission module 1003 may refer to the description associated with step 302 in the method 300.
Optionally, the registration request message indicates a cryptographic algorithm supported by the application device, and the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, where the target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
Optionally, the registration response message further includes a first key derivation function parameter value, the first key derivation function parameter value including a random salt value and/or a number of iterations, and the registration information further includes a second key derivation function parameter value. The processing module 1002 is further configured to compare the first key derivation function parameter value with the second key derivation function parameter value after obtaining the registration information, and store the storage information corresponding to the user identifier if the first key derivation function parameter value is the same as the second key derivation function parameter value. The detailed operation of the processing module 1002 may be described herein with reference to step 308 of the method 300.
Optionally, the registration message further includes a device identifier of the application device, and the registration information further includes a first hash value of the device identifier of the application device. The processing module 1002 is further configured to calculate a second hash value of the device identifier of the application device after obtaining the registration information, compare the first hash value with the second hash value, and store the storage information corresponding to the user identifier if the first hash value is the same as the second hash value. The detailed operation of the processing module 1002 may be described herein with reference to step 308 of the method 300.
Optionally, the registration information further comprises a random number generated by the application device. The sending module 1003 is further configured to send a registration success response message to the application device after the processing module 1002 stores the storage information corresponding to the user identifier, where the registration success response message is used to indicate that the user identifier is registered successfully, and the registration success response message includes a random number. The detailed operation of the transmit module 1003 may be described herein with reference to step 309 of method 300.
Optionally, the processing module 1002 is configured to calculate a fourth message authentication code value for the first authentication information based on the shared key. If the fourth message authentication code value is the same as the first message authentication code value, determining that the first message authentication code value is verified. The detailed operation of the processing module 1002 may be described herein with reference to step 203 of the method 200.
Optionally, the application device communicates with the quantum device over a classical network.
Embodiments of the present application also provide a computer-readable storage medium having instructions stored thereon, which when executed by a processor of an application device, implement the steps performed by the application device in the above-described method 200 or method 300. Alternatively, the steps performed by the quantum device in method 200 or method 300 described above are implemented when the instructions are executed by a processor of the quantum device.
The embodiments of the present application also provide a computer program product, which includes a computer program, where the computer program is executed by a processor of an application device to implement the steps executed by the application device in the method 200 or the method 300. Alternatively, the computer program, when executed by a processor of a quantum device, implements the steps performed by the quantum device in method 200 or method 300 described above.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
In embodiments of the present application, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The term "and/or" in the present application is merely an association relation describing the association object, and indicates that three kinds of relations may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
It should be noted that, the information (including but not limited to user equipment information, user personal information, etc.), data (including but not limited to data for analysis, stored data, presented data, etc.), and signals related to the present application are all authorized by the user or are fully authorized by the parties, and the collection, use, and processing of the related data is required to comply with the relevant laws and regulations and standards of the relevant countries and regions. For example, quantum key information, registration information, and the like, which are referred to in the present application, are acquired with sufficient authorization.
The foregoing description of the preferred embodiments of the present application is not intended to limit the application, but is intended to cover any modifications, equivalents, alternatives, and improvements within the spirit and principles of the application.

Claims (56)

1. A method of quantum key transmission, the method comprising:
an application device transmits a key request message to a sub-device, wherein the key request message comprises a user identifier corresponding to the application device, a first public key and a first message authentication code value, the user identifier is used for the quantum device to acquire corresponding storage information, the storage information comprises a shared key corresponding to the quantum device and the user identifier, the first public key is used for the quantum device to encrypt quantum key information allocated to the application device, the quantum key information comprises a quantum key, the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the application device operates, the first message authentication code value is calculated by the application device based on the shared key to first authentication information, and the first authentication information comprises the first public key;
The application equipment receives a key response message corresponding to the key request message from the quantum equipment, wherein the key response message comprises a first ciphertext and a second message authentication code value;
the application device verifies the second message authentication code value based on the shared key and second authentication information, wherein the second authentication information comprises the first ciphertext;
and if the application equipment verifies the second message authentication code value, the application equipment adopts a first private key to decrypt the first ciphertext so as to obtain quantum key information, wherein the first private key is a private key in the key pair.
2. The method of claim 1, wherein the user identifier corresponding to the application device is a device identifier of the application device, or wherein the user identifier corresponding to the application device is a user account for logging into the application device.
3. The method according to claim 1 or 2, wherein the key request message further comprises a first statistic, the method further comprising, before the application device vector child device sends the key request message:
the application equipment obtains the historical sending times of the key request message comprising the user identifier;
And the application equipment increases a set increment value on the historical sending times to obtain the first statistic value.
4. The method of claim 3, wherein the key response message further includes a second statistic value, the second statistic value is a number of times the key request message including the user identifier is sent, which is recorded by the quantum device, and after the application device receives the key response message corresponding to the key request message, the method further includes:
and if the second statistical value is not equal to the first statistical value, stopping the quantum key transmission flow by the application equipment.
5. The method of claim 3 or 4, wherein the first authentication information further comprises one or more of a device identification of the quantum device, the user identification, or the first statistic.
6. The method according to any one of claims 1 to 5, wherein before the application device transmits the key request message to the vector child device, the method further comprises:
the application device generates a derivative key based on a target password by adopting a key derivative function, and the shared key is obtained based on the derivative key.
7. The method of claim 6, wherein prior to the application device sending the key request message to the vector kid device, the method further comprises:
in response to obtaining an input quantum key obtaining instruction, the application device runs the post-quantum key generation algorithm to generate the key pair, and the quantum key obtaining instruction comprises the target password;
the application device calculates the first message authentication code value based on the shared key to the first authentication information.
8. The method according to claim 6 or 7, wherein before the application device vector child device sends a key request message, the method further comprises:
the application device sends a registration request message to the quantum device;
the application equipment receives a registration response message corresponding to the registration request message from the quantum equipment, wherein the registration response message comprises a certificate of the quantum equipment, and the certificate comprises a second public key;
if the application equipment passes the certificate verification, the application equipment encrypts registration information by adopting the second public key to obtain a second ciphertext, wherein the registration information comprises the derivative key and the user identifier;
And the application equipment sends a registration message to the quantum equipment, wherein the registration message comprises the second ciphertext.
9. The method of claim 8, wherein the registration request message indicates a cryptographic algorithm supported by the application device, wherein the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, wherein the target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
10. The method according to claim 8 or 9, wherein the registration response message further comprises a key derivation function parameter value, the key derivation function parameter value comprises a random salt value and/or a number of iterations, and after the application device receives the registration response message corresponding to the registration request message, the method further comprises:
the application equipment acquires the user identification and the target password;
the application device generates a derivative key based on a target password by adopting a key derivative function, and the method comprises the following steps:
The application device generates the derivative key based on the target password and the key derivative function parameter value by adopting the key derivative function.
11. The method according to any one of claims 8 to 10, wherein the registration message further comprises a device identifier of the application device, and the registration information further comprises a hash value of the device identifier of the application device.
12. The method according to any of the claims 8 to 11, wherein the registration information further comprises a first random number generated by the application device, the method further comprising:
the application equipment receives a registration success response message from the quantum equipment, wherein the registration success response message is used for indicating that the user identification is registered successfully, and the registration success response message comprises a second random number;
and if the second random number is the same as the first random number, the application equipment determines that the user identification registration is successful.
13. The method according to any of claims 1 to 12, wherein the application device verifying the second message authentication code value based on the shared key and second authentication information, comprises:
The application equipment calculates a third message authentication code value based on the shared secret key for the second authentication information;
if the third message authentication code value is the same as the second message authentication code value, the application device determines that the second message authentication code value is verified.
14. The method of any one of claims 1 to 13, wherein the application device communicates with the quantum device via a classical network.
15. A method of quantum key transmission, the method comprising:
the quantum device receives a key request message from an application device, wherein the key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application device;
the quantum equipment acquires first authentication information and storage information corresponding to the user identifier based on the key request message, wherein the storage information comprises a shared key corresponding to the quantum equipment and the user identifier, and the first authentication information comprises the first public key;
the quantum device verifies the first message authentication code value based on the shared key and the first authentication information;
If the quantum device verifies the first message authentication code value, the quantum device encrypts quantum key information by adopting the first public key to obtain a first ciphertext, wherein the quantum key information comprises a quantum key;
the quantum device calculates second authentication information based on the shared secret key to obtain a second message authentication code value, wherein the second authentication information comprises the first ciphertext;
and the quantum device sends a key response message corresponding to the key request message to the application device, wherein the key response message comprises the first ciphertext and the second message authentication code value.
16. The method of claim 15, wherein the user identifier corresponding to the application device is a device identifier of the application device, or wherein the user identifier corresponding to the application device is a user account logged into the application device.
17. The method according to claim 15 or 16, wherein the key request message further includes a first statistic value, the first statistic value is a number of times the key request message including the user identifier is sent, which is recorded by the application device, the stored information includes a second statistic value, the second statistic value is a number of times the key request message including the user identifier is sent, which is recorded by the quantum device, and after the quantum device obtains the stored information corresponding to the user identifier, the method further includes:
If the second statistical value is greater than or equal to the first statistical value, the quantum device stops the quantum key transmission flow;
and if the second statistical value is smaller than the first statistical value, the quantum device updates the second statistical value so that the updated second statistical value is equal to the first statistical value.
18. The method of claim 17, wherein the key response message further comprises the updated second statistics.
19. The method of claim 17 or 18, wherein the second authentication information further comprises one or more of a device identification of the quantum device, the user identification, or the updated second statistics.
20. The method according to any one of claims 15 to 19, further comprising:
the quantum equipment receives a registration request message from the application equipment;
the quantum equipment sends a registration response message to the application equipment, wherein the registration response message comprises a certificate of the quantum equipment, and the certificate comprises a second public key which is a public key of a key pair obtained by a quantum key generation algorithm after the quantum equipment operates;
If the quantum device receives a registration message which is from the application device and comprises a second ciphertext, the quantum device adopts a second private key to decrypt the second ciphertext to obtain registration information, the registration information comprises a derivative key and a user identifier corresponding to the application device, and the second private key is a private key in the key pair;
the quantum device stores storage information corresponding to the user identifier, wherein the storage information comprises the shared key obtained based on the derivative key and the user identifier.
21. The method of claim 20, wherein the registration request message indicates a cryptographic algorithm supported by the application device, wherein the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, wherein the target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
22. The method of claim 20 or 21, wherein the enrollment response message further includes a first key derivation function parameter value, the first key derivation function parameter value including a random salt value and/or a number of iterations, the enrollment information further includes a second key derivation function parameter value, and after the quantum device decrypts the second ciphertext with a second private key to obtain the enrollment information, the method further comprises:
The quantum device compares the first key derivation function parameter value with the second key derivation function parameter value;
the quantum device stores storage information corresponding to the user identifier, and the method comprises the following steps:
and if the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, the quantum device stores the storage information corresponding to the user identifier.
23. The method of any of claims 20 to 22, wherein the registration message further comprises a device identifier of the application device, the registration information further comprises a first hash value of the device identifier of the application device, and after the quantum device decrypts the second ciphertext using a second private key to obtain the registration information, the method further comprises:
the quantum device calculates a second hash value of the device identifier of the application device;
the quantum device compares the first hash value with the second hash value;
the quantum device stores storage information corresponding to the user identifier, and the method comprises the following steps:
and if the first hash value is the same as the second hash value, the quantum device stores the storage information corresponding to the user identifier.
24. The method according to any one of claims 20 to 23, wherein the registration information further comprises a random number generated by the application device, and after the quantum device stores the stored information corresponding to the user identifier, the method further comprises:
the quantum device sends a registration success response message to the application device, wherein the registration success response message is used for indicating that the user identifier is registered successfully, and the registration success response message comprises the random number.
25. The method of any of claims 15 to 24, wherein the quantum device verifying the first message authentication code value based on the shared key and the first authentication information comprises:
the quantum device calculates a fourth message authentication code value based on the shared secret key for the first authentication information;
if the fourth message authentication code value is the same as the first message authentication code value, the quantum device determines that the first message authentication code value is verified.
26. A method according to any of claims 15 to 25, wherein the application device communicates with the quantum device via a classical network.
27. An application device, comprising: a memory, a network interface and at least one processor,
the memory is used to store program instructions that,
after the at least one processor reads the program instructions stored in the memory, the application device is caused to perform the following operations:
a vector child device sends a key request message, wherein the key request message comprises a user identifier corresponding to the application device, a first public key and a first message authentication code value, the user identifier is used for the quantum device to acquire corresponding storage information, the storage information comprises a shared key corresponding to the quantum device and the user identifier, the first public key is used for the quantum device to encrypt quantum key information distributed to the application device, the quantum key information comprises a quantum key, the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the application device operates, the first message authentication code value is calculated by the application device based on the shared key on first authentication information, and the first authentication information comprises the first public key;
receiving a key response message corresponding to the key request message from the quantum device, wherein the key response message comprises a first ciphertext and a second message authentication code value;
Verifying the second message authentication code value based on the shared key and second authentication information, the second authentication information including the first ciphertext;
and if the application equipment verifies the second message authentication code value, decrypting the first ciphertext by adopting a first private key to obtain quantum key information, wherein the first private key is a private key in the key pair.
28. The application device of claim 27, wherein the user identifier corresponding to the application device is a device identifier of the application device, or wherein the user identifier corresponding to the application device is a user account logged into the application device.
29. The application device of claim 27 or 28, wherein the key request message further comprises a first statistic, and wherein the program instructions, when read by the at least one processor, cause the application device to further:
before sending a key request message to the quantum equipment, acquiring historical sending times of the key request message comprising the user identification;
and adding a set increment value to the historical transmission times to obtain the first statistic value.
30. The application device of claim 29, wherein the key response message further includes a second statistic, the second statistic being a number of times the quantum device records sending the key request message including the user identifier, and the program instructions, when read by the at least one processor, cause the application device to further perform the following operations:
and after receiving the key response message, stopping the quantum key transmission flow if the second statistical value is not equal to the first statistical value.
31. The application device of claim 29 or 30, wherein the first authentication information further comprises one or more of a device identification of the quantum device, the user identification, or the first statistic.
32. The application device of any of claims 27 to 31, wherein the program instructions, when read by the at least one processor, cause the application device to further:
and generating a derivative key based on a target password by adopting a key derivation function before sending a key request message to the quantum equipment, wherein the shared key is obtained based on the derivative key.
33. The application device of claim 32, wherein the program instructions, when read by the at least one processor, cause the application device to further:
before sending a key request message to the quantum equipment, responding to an input quantum key acquisition instruction, and running the post-quantum key generation algorithm to generate the key pair, wherein the quantum key acquisition instruction comprises the target password;
and calculating the first message authentication code value based on the shared key to the first authentication information.
34. The application device of claim 32 or 33, wherein the program instructions, when read by the at least one processor, cause the application device to further:
before sending a key request message to the quantum equipment, sending a registration request message to the quantum equipment;
receiving a registration response message corresponding to the registration request message from the quantum device, wherein the registration response message comprises a certificate of the quantum device, and the certificate comprises a second public key;
if the application equipment passes the certificate verification, encrypting registration information by adopting the second public key to obtain a second ciphertext, wherein the registration information comprises the derivative key and the user identifier;
And sending a registration message to the quantum equipment, wherein the registration message comprises the second ciphertext.
35. The application device of claim 34, wherein the registration request message indicates a cryptographic algorithm supported by the application device, wherein the registration response message further indicates a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, wherein the target cryptographic algorithm includes one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
36. The application device according to claim 34 or 35, wherein the registration response message further comprises key derivation function parameter values, the key derivation function parameter values comprising random salt values and/or iteration numbers, the program instructions, when read by the at least one processor, cause the application device to further perform the following operations:
after receiving the registration response message, acquiring the user identification and the target password;
and generating the derivative key based on the target password and the key derivative function parameter value by adopting the key derivative function.
37. An application device according to any one of claims 34 to 36, wherein the registration message further comprises a device identifier of the application device, and the registration information further comprises a hash value of the device identifier of the application device.
38. The application device of any of claims 34 to 37, wherein the registration information further comprises a first random number generated by the application device, the program instructions, when read by the at least one processor, cause the application device to further:
receiving a registration success response message from the quantum device, wherein the registration success response message is used for indicating that the user identifier is registered successfully, and the registration success response message comprises a second random number;
and if the second random number is the same as the first random number, determining that the user identification registration is successful.
39. The application device of any of claims 27 to 38, wherein the program instructions, when read by the at least one processor, cause the application device to:
calculating a third message authentication code value based on the shared key for the second authentication information;
And if the third message authentication code value is the same as the second message authentication code value, determining that the second message authentication code value is verified.
40. The application device of any one of claims 27 to 39, wherein the application device communicates with the quantum device via a classical network.
41. A quantum device, comprising: a memory, a network interface and at least one processor,
the memory is used to store program instructions that,
after the at least one processor reads the program instructions stored in the memory, the quantum device is caused to:
receiving a key request message from an application device, wherein the key request message comprises a user identifier, a first public key and a first message authentication code value corresponding to the application device;
acquiring first authentication information and storage information corresponding to the user identifier based on the key request message, wherein the storage information comprises a shared key corresponding to the quantum device and the user identifier, and the first authentication information comprises the first public key;
verifying the first message authentication code value based on the shared key and the first authentication information;
If the quantum equipment verifies the first message authentication code value, encrypting quantum key information by adopting the first public key to obtain a first ciphertext, wherein the quantum key information comprises a quantum key;
calculating second authentication information based on the shared secret key to obtain a second message authentication code value, wherein the second authentication information comprises the first ciphertext;
and sending a key response message corresponding to the key request message to the application equipment, wherein the key response message comprises the first ciphertext and the second message authentication code value.
42. The quantum device of claim 41, wherein the user identifier corresponding to the application device is a device identifier of the application device, or wherein the user identifier corresponding to the application device is a user account logged into the application device.
43. The quantum device of claim 41 or 42, wherein the key request message further comprises a first statistic, the first statistic being a number of times the key request message including the user identifier was sent by the application device, the stored information comprises a second statistic, the second statistic being a number of times the key request message including the user identifier was sent by the quantum device, the program instructions, when read by the at least one processor, cause the quantum device to further perform the following operations:
After the stored information corresponding to the user identifier is acquired, if the second statistical value is greater than or equal to the first statistical value, stopping the quantum key transmission flow;
and if the second statistical value is smaller than the first statistical value, updating the second statistical value to enable the updated second statistical value to be equal to the first statistical value.
44. The quantum device of claim 43, wherein the key response message further comprises the updated second statistic.
45. The quantum device of claim 43 or 44, wherein the second authentication information further comprises one or more of a device identification of the quantum device, the user identification, or the updated second statistics.
46. The quantum device of any one of claims 41-45, wherein the program instructions, when read by the at least one processor, cause the quantum device to further:
receiving a registration request message from the application equipment;
sending a registration response message to the application device, wherein the registration response message comprises a certificate of the quantum device, and the certificate comprises a second public key which is a public key of a key pair obtained by a quantum key generation algorithm after the quantum device operates;
If a registration message comprising a second ciphertext from the application equipment is received, decrypting the second ciphertext by using a second private key to obtain registration information, wherein the registration information comprises a derivative key and a user identifier corresponding to the application equipment, and the second private key is a private key in the key pair;
and storing storage information corresponding to the user identifier, wherein the storage information comprises the shared key obtained based on the derivative key and the user identifier.
47. The quantum device of claim 46, wherein the registration request message indicates a cryptographic algorithm supported by the application device, the registration response message further indicating a target cryptographic algorithm selected by the quantum device from the cryptographic algorithms supported by the application device, the target cryptographic algorithm including one or more of a generation algorithm of the first message authentication code value, a generation algorithm of the second message authentication code value, or a generation algorithm of the shared key.
48. The quantum device of claim 46 or 47, wherein the enrollment response message further includes a first key derivation function parameter value, the first key derivation function parameter value including a random salt value and/or a number of iterations, the enrollment information further includes a second key derivation function parameter value, the program instructions, when read by the at least one processor, cause the quantum device to further:
After the registration information is obtained, comparing the first key derivation function parameter value with the second key derivation function parameter value;
and if the parameter value of the first key derivation function is the same as the parameter value of the second key derivation function, storing the storage information corresponding to the user identifier.
49. The quantum device of any one of claims 46-48, wherein the registration message further comprises a device identification of the application device, wherein the registration information further comprises a first hash value of the device identification of the application device, and wherein the program instructions, when read by the at least one processor, cause the quantum device to further perform the following:
after the registration information is obtained, calculating a second hash value of the equipment identifier of the application equipment;
comparing the first hash value with the second hash value;
and if the first hash value is the same as the second hash value, storing the storage information corresponding to the user identifier.
50. The quantum device of any one of claims 46-49, wherein the registration information further comprises a random number generated by the application device, the program instructions, when read by the at least one processor, cause the quantum device to further:
After storing the storage information corresponding to the user identifier, sending a registration success response message to the application device, wherein the registration success response message is used for indicating that the user identifier is registered successfully, and the registration success response message comprises the random number.
51. The quantum device of any one of claims 41-50, wherein the program instructions, when read by the at least one processor, cause the quantum device to:
calculating a fourth message authentication code value based on the shared key for the first authentication information;
and if the fourth message authentication code value is the same as the first message authentication code value, determining that the first message authentication code value is verified.
52. The quantum device of any one of claims 41-51, wherein the application device communicates with the quantum device over a classical network.
53. A quantum key transfer system comprising: a first application device and a first quantum device;
the first application device is configured to send a key request packet to the first quantum device, where the key request packet includes a user identifier corresponding to the first application device, a first public key, and a first message authentication code value, where the first public key is a public key in a key pair obtained by a quantum key generation algorithm after the first application device operates, the first message authentication code value is obtained by the first application device by calculating first authentication information based on a shared key corresponding to the quantum device and the user identifier, and the first authentication information includes the first public key;
The first quantum device is configured to obtain, based on the key request packet, the first authentication information and storage information corresponding to the user identifier, where the storage information includes the shared key;
the first quantum device is configured to verify the first message authentication code value based on the shared key and the first authentication information;
if the first quantum device verifies the first message authentication code value, the first quantum device is used for encrypting quantum key information by adopting the first public key to obtain a first ciphertext, and the quantum key information comprises a quantum key;
the first quantum device is used for calculating second authentication information based on the shared secret key to obtain a second message authentication code value, and the second authentication information comprises the first ciphertext;
the first quantum device is configured to send a key response message corresponding to the key request message to the first application device, where the key response message includes the first ciphertext and the second message authentication code value;
the first application device is used for acquiring the second authentication information based on the key response message;
the first application device is configured to verify the second message authentication code value based on the shared key and the second authentication information;
And if the first application device verifies the second message authentication code value, the first application device is used for decrypting the first ciphertext by adopting a first private key to obtain quantum key information, and the first private key is a private key in the key pair.
54. The system of claim 53, wherein the quantum key information further comprises a key identification of the quantum key, the system further comprising a second application device and a second quantum device;
the first quantum device is further configured to send the quantum key information to the second quantum device;
the first application device is further configured to send the key identifier to the second application device;
the second application device is configured to send a key acquisition request to the second quantum device, where the key acquisition request includes the key identifier;
the second quantum device is configured to send the quantum key to the second application device based on the key identification;
the first application device and the second application device are used for communication based on the quantum key.
55. The system of claim 54, wherein the first quantum device communicates with the second quantum device over a quantum network, the first quantum device communicates with the first application device over a classical network, the second quantum device communicates with the second application device over a classical network, and the first application device communicates with the second application device over a classical network.
56. A computer readable storage medium having instructions stored thereon which, when executed by a processor of an application device, implement the method of any of claims 1 to 14; alternatively, the instructions, when executed by a processor of a quantum device, implement the method of any of claims 15 to 26.
CN202210187877.0A 2022-02-14 2022-02-28 Quantum key transmission method, device and system Pending CN116633530A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2023/070073 WO2023151427A1 (en) 2022-02-14 2023-01-03 Quantum key transmission method, device and system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210132323 2022-02-14
CN2022101323230 2022-02-14

Publications (1)

Publication Number Publication Date
CN116633530A true CN116633530A (en) 2023-08-22

Family

ID=87596094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210187877.0A Pending CN116633530A (en) 2022-02-14 2022-02-28 Quantum key transmission method, device and system

Country Status (1)

Country Link
CN (1) CN116633530A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117353916A (en) * 2023-11-01 2024-01-05 北京中宏立达科技发展有限公司 Key distribution acquisition method and system based on encrypted two-dimensional code
CN117650883A (en) * 2024-01-30 2024-03-05 中国科学技术大学 Continuous secure key derivation method and system based on dynamic key sampling
CN118300789A (en) * 2024-06-05 2024-07-05 中国电信股份有限公司 Quantum key-based communication method and device, storage medium and electronic equipment

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117353916A (en) * 2023-11-01 2024-01-05 北京中宏立达科技发展有限公司 Key distribution acquisition method and system based on encrypted two-dimensional code
CN117650883A (en) * 2024-01-30 2024-03-05 中国科学技术大学 Continuous secure key derivation method and system based on dynamic key sampling
CN117650883B (en) * 2024-01-30 2024-04-12 中国科学技术大学 Continuous secure key derivation method and system based on dynamic key sampling
CN118300789A (en) * 2024-06-05 2024-07-05 中国电信股份有限公司 Quantum key-based communication method and device, storage medium and electronic equipment
CN118300789B (en) * 2024-06-05 2024-09-13 中国电信股份有限公司 Quantum key-based communication method and device, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
US11757662B2 (en) Confidential authentication and provisioning
CN109309565B (en) Security authentication method and device
CN109728909B (en) Identity authentication method and system based on USBKey
CN110069918B (en) Efficient double-factor cross-domain authentication method based on block chain technology
US7958362B2 (en) User authentication based on asymmetric cryptography utilizing RSA with personalized secret
CN102026195B (en) One-time password (OTP) based mobile terminal identity authentication method and system
CN111147225A (en) Credible measurement and control network authentication method based on double secret values and chaotic encryption
US9531540B2 (en) Secure token-based signature schemes using look-up tables
WO2007103906A2 (en) Secure data transmission using undiscoverable or black data
WO2023151427A1 (en) Quantum key transmission method, device and system
CN110020524B (en) Bidirectional authentication method based on smart card
CN112351037B (en) Information processing method and device for secure communication
CN116633530A (en) Quantum key transmission method, device and system
CN111030814A (en) Key negotiation method and device
CN111614621B (en) Internet of things communication method and system
CN101588245A (en) A kind of method of authentication, system and memory device
CN101241528A (en) Terminal access trusted PDA method and access system
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
US8806216B2 (en) Implementation process for the use of cryptographic data of a user stored in a data base
CN110572257B (en) Identity-based data source identification method and system
WO2023284691A1 (en) Account opening method, system, and apparatus
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN111327415A (en) Alliance link data protection method and device
EP3361670B1 (en) Multi-ttp-based method and device for verifying validity of identity of entity
CN117938363A (en) Key generation method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication