QUANTUM KEY DISTRIBUTION METHOD AND SYSTEM BASED ON TREE QKD NETWORK
20210367773 · 2021-11-25
Inventors
- Xi Chen (Fuzhou, Fujian, CN)
- Lifan Yang (Fuzhou, Fujian, CN)
- Gonghua Hou (Fuzhou, Fujian, CN)
- Xinyi Lin (Fuzhou, Fujian, CN)
- Wei Lin (Fuzhou, Fujian, CN)
- Yuanzheng Wang (Xiamen, Fujian, CN)
- Baoping Zou (Xiamen, Fujian, CN)
- Xincheng Huang (Fuzhou, Fujian, CN)
- Wei Chen (Fuzhou, Fujian, CN)
- Siyuan Qian (Fuzhou, Fujian, CN)
- Kai Li (Fuzhou, Fujian, CN)
- Changgui Huang (Xiamen, Fujian, CN)
- Yuepian Ye (Xiamen, Fujian, CN)
- Xiao Feng (Xiamen, Fujian, CN)
- Jincheng Li (Xiamen, Fujian, CN)
- Jiefei Lin (Xiamen, Fujian, CN)
- Ruyin Chen (Xiamen, Fujian, CN)
Cpc classification
H04L9/0855
ELECTRICITY
H04L9/085
ELECTRICITY
International classification
Abstract
The present disclosure relates to a quantum key distribution (QKD) method based on a tree QKD network. In a tree network, when parent nodes of a source node and a destination node are the same node, if the parent nodes are untrusted nodes, the source node and the destination node take the parent nodes as an MDI-QKD detector to generate a key, and if the parent nodes are trusted nodes, a shared key is directly transferred through XOR relay; and when the parent nodes of the source node and the destination node are not the same node and there are discontinuous untrusted relay nodes in a transmission path, the untrusted nodes are taken as an MDI-QKD detector to generate a key, and then the shared key is transferred through XOR relay.
Claims
1. A quantum key distribution method based on a tree QKD network, wherein in a tree network, when parent nodes of a source node and a destination node are the same node, if the parent nodes are untrusted nodes, the source node and the destination node take the parent nodes as an MDI-QKD detector to generate a key, and if the parent nodes are trusted nodes, a shared key is directly transferred through XOR relay; and when the parent nodes of the source node and the destination node are not the same node and there are discontinuous untrusted relay nodes in a transmission path, the untrusted nodes are taken as an MDI-QKD detector to generate a key, and then the shared key is transferred through XOR relay.
2. The quantum key distribution method based on a tree QKD network according to claim 1, comprising the following steps: step S1: confirming a source node S.sub.0 and a destination node S.sub.d; step S2: determining a path from the source node S.sub.0 to the destination node S.sub.d; step S3: judging positions of parent nodes of the source node S.sub.0 and the destination node S.sub.d, if the parent nodes of the source node S.sub.0 and the destination node S.sub.d are the same node, performing step S4, and otherwise, performing step S5; step S4: if the parent nodes are trusted relay nodes, directly transferring an initial shared key of the source node S.sub.0 and the parent node to the destination node S.sub.d through XOR relay, and ending the process; and if the parent nodes are untrusted relay nodes, emitting, by the source node S.sub.0 and the destination node S.sub.d, photons to an MDI-QKD receiver of the parent node through a QKD emitter, generating a shared key by an MDI-QKD method, then transmitting the key according to an XOR relay scheme, and ending the process; step S5: if all relay nodes in the path are trusted, directly transferring an initial shared K.sub.1 key to the destination node S.sub.d hop by hop through the XOR relay scheme, and ending the process; if a trusted relay and an untrusted relay coexist in a path, performing step S6; and step S6: if untrusted relay nodes appear continuously, skipping performing quantum key distribution, and ending the process; and if the untrusted relay nodes do not appear continuously, generating a key by taking the untrusted relay nodes as the MDI-QKD detector, and then transferring the shared key through XOR relay.
3. The quantum key distribution method based on a tree QKD network according to claim 2, wherein in step S6, the if the untrusted relay nodes do not appear continuously, generating a key by taking the untrusted relay nodes as the MDI-QKD detector, and then transferring the shared key through XOR relay particularly comprises the following steps: step S61: transferring the shared key through XOR relay before an untrusted relay node appears; and step S62: when the shared key is transferred to a previous trusted relay node S.sub.A of an untrusted relay node S.sub.u, emitting, by the node S.sub.A and another trusted relay node S.sub.B connected to the node S.sub.u, photons to an MDI-QKD receiver of the node S.sub.u through the QKD emitter, and generating a security key K.sub.AB by using an MDI-QKD protocol when a receiver node is untrusted; and then sending the shared key K.sub.1 after K.sub.AB XOR encryption to the node S.sub.B, XOR decrypting, by the node S.sub.B, a received encryption key by using K.sub.AB to obtain the shared key K.sub.1, and then completing key transmission from a trusted node to an untrusted node and then to a trusted node.
4. A quantum key distribution system based on a tree QKD network, comprising more than one node, the nodes forming tree topology, and when key distribution is performed between two nodes, steps of the method according to claim 1 being performed.
5. A quantum key distribution system based on a tree QKD network, comprising more than one node, the nodes forming tree topology, and when key distribution is performed between two nodes, steps of the method according to claim 2 being performed.
6. A quantum key distribution system based on a tree QKD network, comprising more than one node, the nodes forming tree topology, and when key distribution is performed between two nodes, steps of the method according to claim 3 being performed.
Description
BRIEF DESCRIPTION OF THE DRAWINGS
[0025]
[0026]
[0027]
DETAILED DESCRIPTION
[0028] The present disclosure is further described below with reference to the accompanying drawings and embodiments.
[0029] It should be noted that the following detailed descriptions are all illustrative and are intended to provide further clarification of this application. Unless otherwise specified, all technical and scientific terms used herein have the same meanings as normally understood by a person of ordinary skill in the art.
[0030] It is important to note that the terms used herein are intended only to describe specific implementations and are not intended to limit exemplary implementations according to this application. As used herein, the singular forms “a”, “an” and “the” are intended to include the plural forms as well, unless the context clearly indicates otherwise. In addition, it should also be understood that when the terms “include” and/or “comprise” are used in this specification, they indicate the presence of features, steps, operations, devices, components and/or their combinations.
[0031] Tree network topology is similar to bus topology. A tree network includes branches, and each branch may include multiple nodes. The tree network topology extends downward from a root node and has distinct hierarchy. A specific deployment diagram of the tree network is as shown in
[0032] As shown in
[0033] In this embodiment, the method includes the following steps:
[0034] Step S1: Confirm a source node S.sub.0 and a destination node S.sub.d. Each node confirms, according to a broadcast message, whether there is a key generation request. Each node broadcasts a request to check whether the node needs to generate a key with another node.
[0035] Step S2: Determine a path from the source node S.sub.0 to the destination node S.sub.d. A path between a parent node of the source node S.sub.0 and a parent node of the destination node S.sub.d is unique, and thus a path between the two nodes can be determined.
[0036] Step S3: Judge positions of the parent nodes of the source node S.sub.0 and the destination node S.sub.d, if the parent nodes of the source node S.sub.0 and the destination node S.sub.d are the same node, perform step S4, and otherwise, perform step S5.
[0037] Step S4: If the parent nodes are trusted relay nodes, directly transfer an initial shared key of the source node S.sub.0 and the parent node to the destination node S.sub.d through XOR relay, end the process and mark it as successful; and if the parent nodes are untrusted relay nodes, the source node S.sub.0 and the destination node S.sub.d emit photons to an MDI-QKD receiver of the parent node through a QKD emitter, generate a shared key by MDI-QKD, then transmit the key according to an XOR relay scheme, end the process, and mark the request as successful.
[0038] Step S5: If all relay nodes in the path are trusted, directly transfer an initial shared K.sub.1 key to the destination node S.sub.d hop by hop through the XOR relay scheme, end the process and mark the request as successful; if a trusted relay and an untrusted relay coexist in a path, perform step S6.
[0039] Step S6: If untrusted relay nodes appear continuously, skip performing quantum key distribution, end the process and mark the request as failed; and if the untrusted relay nodes do not appear continuously, generate a key by taking the untrusted relay nodes as an MDI-QKD detector, and then transfer the shared key through XOR relay.
[0040] In this embodiment, in step S6, the if the untrusted relay nodes do not appear continuously, generating a key by taking the untrusted relay nodes as an MDI-QKD detector, and then transferring the shared key through XOR relay particularly includes the following steps:
[0041] Step S61: Transfer the shared key through XOR relay before an untrusted relay node appears.
[0042] Step S62: When the shared key is transferred to a previous trusted relay node S.sub.A of an untrusted relay node S.sub.u, the node S.sub.A and another trusted relay node S.sub.B connected to the node S.sub.u emit photons to an MDI-QKD receiver of the node S.sub.u through the QKD emitter, and generate a security key K.sub.AB by using an MDI-QKD protocol when a receiver node is untrusted; and then send the shared key K.sub.1 after K.sub.AB XOR encryption to the node S.sub.B, the node S.sub.B XOR decrypts a received encryption key by using K.sub.AB to obtain the shared key K.sub.1, and then complete key transmission from a trusted node to an untrusted node and then to a trusted node.
[0043] When the node S.sub.A is a source node, the node S.sub.A and the node SB use the node S.sub.u as a third-party detector to generate an initial password K.sub.1 through an MDI-QKD protocol.
[0044] The same method is used when the same situation occurs again, until the initial shared key K.sub.1 is transferred to the destination node S.sub.d and the request is marked as successful.
[0045] This embodiment further provides a quantum key distribution system based on a tree QKD network, including more than one node, the nodes forming tree topology, and when key distribution is performed between two nodes, steps of the method described above being performed.
[0046] Particularly, as shown in
[0047] Next, the request is completed according to the following steps:
[0048] Step 1: Confirm a request to obtain a source node D and a destination node J.
[0049] Step 2: Determine a path D.fwdarw.B.fwdarw.A.fwdarw.C.fwdarw.G.fwdarw.J.
[0050] Step 3: Two untrusted relay nodes, B and G, are known from the path and are not continuous on the path.
[0051] Step 4: The node D and the node A use the node B as a third-party detector to generate an initial key K.sub.0 through an MDI-QKD protocol.
[0052] Step 5: The node A and the node C generate a shared key K.sub.1 through a BB84 protocol.
[0053] Step 6: The node A uses the key K.sub.1 to XOR encrypt K.sub.0 and sends K.sub.0 to the node C.
[0054] Step 7: The node C uses the key K.sub.1 to XOR decrypt a received encryption key to obtain K.sub.0.
[0055] Step 8: The node C and the node J use the node G as a third-party detector to generate an initial key K.sub.2 through the MDI-QKD protocol.
[0056] Step 9: The node C uses the key K.sub.2 to XOR encrypt K.sub.0 and sends K.sub.0 to the node J.
[0057] Step 10: The node J uses the key K.sub.2 to XOR decrypt a received encryption key to obtain K.sub.0, and the source node D and the destination node J share the initial key K.sub.0, to complete the request.
[0058] A person skilled in the art should understand that the embodiments of this application may be provided as a method, a system, or a computer program product. Therefore, this application may be in the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this specification can be in the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, a magnetic disk memory, a CD-ROM, an optical memory, and the like) including computer-usable program code.
[0059] This application is described with reference to flowcharts and/or block diagrams of the method, the device (system), and the computer program product according to the embodiments of this application. It should be understood that computer program instructions may be used to implement each process and/or block in the flowcharts and/or block diagrams and combinations of processes and/or blocks in the flowcharts and/or block diagrams. The computer program instructions may be provided to a general-purpose computer, a special-purpose computer, an embedded processor or a processor of another programmable data processing device to generate a machine, such that the computer or the processor of another programmable data processing device executes instructions to generate an apparatus configured to implement functions designated in one or more processes in a flowchart and/or one or more blocks in a block diagram.
[0060] The computer program instructions may also be stored in a computer-readable memory that can guide the computer or another programmable data processing device to work in a specific manner, such that the instructions stored in the computer-readable memory generates an article of manufacture including an instruction apparatus, and the instruction apparatus implements functions designated by one or more processes in a flowchart and/or one or more blocks in a block diagram.
[0061] The computer program instructions may also be installed in the computer or another programmable data processing device, such that a series of operation steps are executed on the computer or another programmable device to generate a computer implemented processing, and therefore, the instructions executed in the computer or another programmable terminal device provide steps for implementing functions designated in one or more processes in a flowchart and/or one or more blocks in a block diagram.
[0062] The above are merely preferred embodiments of the present disclosure, and are not limitations on other forms of the present disclosure. Any person skilled in the art can change or modify the technical contents disclosed above into equally varying equivalent embodiments. However, any simple alterations, equivalent changes and modifications made to the above embodiments according to the technical essence of the present disclosure without departing from the contents of the technical solutions of the present disclosure still come within the protection scope of the technical solutions of the present disclosure.