基于BB84的多用户量子密钥分发协议

BB84协议是目前最接近实用化的量子密钥分发(QKD)协议。点对点的量子密钥分发系统已经可以商用,但现有的多用户量子密钥分发协议都是采用量子纠缠、量子存储等技术手段进行密钥分发,在现有的技术条件下只能停留在理论阶段,离工程应用还有较长的距离。该文提出了一种基于BB84的多用户量子密钥分发协议,将计算机通信技术应用到量子保密通信中,实现一对多的量子通信网络的量子密钥分发,并从理论和实验结果两方面分析其可行性。     

基于Shamir算法的多QKD网络密钥共享策略

量子通信是近年来发展的新型交叉学科,是量子论和信息安全论相结合的新研究领域。量子密钥分发(Quantum Key Distribution,QKD)是最先实用化的量子通信技术,其需求主要包括小型化、低成本、应用场景等。当前应用主要局限于传输距离有限,需要专用基础设施。针对目前存在的问题,基于Shamir密钥共享算法设计了一种密钥共享策略,使处于不同QKD网络内的用户可直接通过量子密钥进行加密通信。     

一种量子安全拜占庭容错共识机制

针对经典区块链共识机制面临量子计算机攻击的问题,提出了一种量子安全拜占庭容错共识机制.首先,对于公钥数字签名存在的安全隐患问题,采用QKD网络进行量子密钥分发,通过经典网络传输消息和签名等信息,提出了一种基于量子密钥分发(Quantum Key Distribution,QKD)和多线性哈希函数族的无条件安全签名方案(...     

面向量子密钥分发的自适应LDPC双码并行机制

信息协调是量子密钥分发中的关键步骤,基于LDPC实现量子信息协调是当前国内外研究的焦点。目前QKD系统LDPC译码器普遍采用单码字顺序译码机制设计,且采用的是性能较差的准循环LDPC码,LDPC译码器吞吐量和纠错上限较低,无法满足高速率高误码下量子安全性及性能需求。设计了一种面向量子密钥分发的新型自适应LDPC双码并行机制ADCPM,采用随机型LDPC码,且在译码的同时进行双密钥串并行纠错,较传统方法吞吐量提升了近1倍。真实平台实验结果表明,ADCPM支持高达10%的误码率,吞吐量超过140 Mbps,可有效支撑高误码下高速安全量子信息协调。     

星地量子密钥分发中的数据协调方法

量子密钥分发是基于量子物理基本定律来确保通信双方的安全性。低交互次数的数据协调是星地量子密钥分发数据后处理阶段的关键,依据星地量子密钥分发中数据协调的特性和要求,提出一种基于Turbo码的星地量子密钥分发数据协调模型。该模型重新修改和设计Turbo码的编解码模型及其译码算法,可解决星地量子密钥分发的数据协调过程需多次信息交互的问题。仿真结果表明,经过一定的迭代次数后,Turbo码可完成不同误码率下密钥的数据协调。     

QKD网络中组密钥协商的研究

传统组密钥协商方法很难满足QKD(Quantum Key Distribution)网络的实用需求。针对这种情况,提出一种适用于多种QKD网络结构的复合式量子组密钥协商方案。该方案将不同结构的QKD网络归为统一的形式,充分利用密钥缓存池中的密钥,在经典信道上完成安全协商过程,最终参与组播通信的QKD设备都能获得一致的组密钥,并将这些密钥分发给用户。与几种传统组密钥协商方案对比,该方案具有很好的安全性和可扩展性,并在绝大数应用环境下具有很高的效率。     

基于GHZ态的量子密钥分发协议

摘要：在用户与用户进行量子密钥分发的时候,随着用户数量的增加,用户之间需要建立大量的量子传输信道。基于减少量子传输信道数量问题,本文设计了一种基于GHZ态的量子密钥分发协。该协议由第三方进行粒子分配,利用三粒子GHZ态在Z基和X基下具有不同的表示的特性作为密钥分发的关键点。协议中由第三方向任意两名用户分发密钥,大大减少了量子信道的数量。经过安全性分析,本协议能抵御截获重发攻击,中间人攻击和纠缠攻击,而作为第三方可以是不可信的。     

基于密钥中继的广域量子密钥网络路由方案

针对现有基于密钥中继的 QKD 网络路由方案存在适用范围有限、不能满足广域环境路由需求的问题,分析了广域 QKD 网络路由特点并提出了相应的路由需求,进而设计了基于虚链路的分域量子密钥网络路由方案。将广域 QKD 网络划分为多个小规模的密钥路由域,降低了域内密钥路由的复杂度,通过建立跨越密钥路由域的虚链路缩短了域间路由长度,从而提高了广域环境下密钥路由效率。理论分析表明,该方案具有路由更新收敛快、路由时延小、密钥资源消耗少的优点。     

一种量子密钥分发中的身份认证协议

假设两通信用户共享一初始比特串K,提出一种新的思想,即共享的K不直接用来认证,而是先经过一个简单算法将其转换为一个较长的K′,在对K′作适当处理后再用来认证。在此基础上几乎所有的量子密钥分发协议都可以同时进行身份认证。作为例证,还提出一个新的基于非正交纠缠态的量子身份认证(QKA)协议,该协议能同时进行量子密钥分发(QKD),分析表明此协议比传统的QKD协议更简单、安全。     

基于Bell态与其纠缠性质的量子密钥分发

为了提高量子密钥分发的可行性、安全性和效率,在通信双方间通过构建经典信道和量子信道,提出了一种基于Bell态与其纠缠性质的量子密钥分发协议.该协议可行、安全、简单有效,通过严格的数学推导证明了窃听者不可能获取密钥而不被发现.此外,得出了该协议效率与安全的数学模型,并通过MATLAB仿真分析了协议效率与安全的关系.     

Universally composable and customizable post-processing for practical quantum key distribution

In quantum key distribution (QKD), a secret key is generated between two distant parties by transmitting quantum states. Experimental measurements on the quantum states are then transformed to a secret key by classical post-processing. Here, we propose a construction framework in which QKD classical post-processing can be custom made. Though seemingly obvious, the concept of concatenating classical blocks to form a whole procedure does not automatically apply to the formation of a quantum cryptographic procedure since the security of the entire QKD procedure rests on the laws of quantum mechanics and classical blocks are originally designed and characterized without regard to any properties of these laws. Nevertheless, we justify such concept of concatenating classical blocks in constructing QKD classical post-processing procedures, along with a relation to the universal-composability-security parameter. Consequently, effects arising from an actual QKD experiment, such as those due to the finiteness of the number of signals used, can be dealt with by employing suitable post-processing blocks. Lastly, we use our proposed customizable framework to build a comprehensive generic recipe for classical post-processing that one can follow to derive a secret key from the measurement outcomes in an actual experiment.     

四维Hilbert空间上的量子密钥分配协议

文中抽出了在4维Hibert空间上的量子密钥分配算法,构造了三种测量基来应对能在两个量子比特上出现的所有错误,保证了窃听检测过程的有效性,从而提供了无条件安全性的根本依据,该协议的最大优势在于显著节省上了量子和经典信息的通信量.     

Multiple stochastic paths scheme on partially-trusted relay quantum key distribution network

Quantum key distribution (QKD) technology provides proven unconditional point-to-point security based on fundamental quantum physics. A QKD network also holds promise for secure multi-user communications over long distances at high-speed transmission rates. Although many schemes have been proposed so far, the trusted relay QKD network is still the most practical and flexible scenario. In reality, the insecurity of certain relay sections cannot be ignored, so to solve the fatal security problems of partially-trusted relay networks we suggest a multiple stochastic paths scheme. Its features are: (i) a safe probability model that may be more practical for real applications; (ii) a multi-path scheme with an upper bound for the overall safe probability; (iii) an adaptive stochastic routing algorithm to generate sufficient different paths and hidden routes. Simulation results for a typical partially-trusted relay QKD network show that this generalized scheme is effective. Supported by the National Fundamental Research Program of China (Grant No. 2006CB921900), the National Natural Science Foundation of China (Grant Nos. 60537020 and 60621064), the Knowledge Innovation Project of the Chinese Academy of Sciences, and the Chinese Academy of Sciences International Partnership Project     

BB84量子密钥分配协议在专网中的应用

依据专用网络的特点,对BB84量子密钥分配协议做了改进,提出一种适用于专用网络的BB84-PN协议。该协议通过身份认证和量子物理特性,提高了安全性。同时,在通信过程中通过协商传输量子密钥规则,有效地提高了传输效率。     

新量子技术时代下的信息安全

量子技术将在未来深刻影响密码学以及信息安全行业。可以利用上千个量子比特运行量子算法的通用量子计算机将直接威胁信息安全基础算法,导致当前广泛使用的RSA等公钥密码被破解,也会使分组密码算法的密码强度减半。量子通信中量子密钥分发的实施会改变传统保密通信的物理结构。这些重大 应用价值也是发展量子技术的驱动力。结合当前一些关于量子技术的热点新闻,从量子计算和量子通信两个方面分别综述了量子技术对信息安全技术的影响。同时简要介绍了这些技术的最新发展现状,包括通用型和专用型量子计算机的发展、量子密钥分发技术实验室环境的进展以及天地一体化量子通信网络的发展状况等。最后对信息安全技术的未来形态做了思考和总结。未来量子技术将会与现有各种技术深度融合,共同存在。     

Security of BB84 with weak randomness and imperfect qubit encoding

The main threats for the well-known Bennett–Brassard 1984 (BB84) practical quantum key distribution (QKD) systems are that its encoding is inaccurate and measurement device may be vulnerable to particular attacks. Thus, a general physical model or security proof to tackle these loopholes simultaneously and quantitatively is highly desired. Here we give a framework on the security of BB84 when imperfect qubit encoding and vulnerability of measurement device are both considered. In our analysis, the potential attacks to measurement device are generalized by the recently proposed weak randomness model which assumes the input random numbers are partially biased depending on a hidden variable planted by an eavesdropper. And the inevitable encoding inaccuracy is also introduced here. From a fundamental view, our work reveals the potential information leakage due to encoding inaccuracy and weak randomness input. For applications, our result can be viewed as a useful tool to quantitatively evaluate the security of a practical QKD system.     

Study on the security of the authentication scheme with key recycling in QKD

In quantum key distribution (QKD), the information theoretically secure authentication is necessary to guarantee the integrity and authenticity of the exchanged information over the classical channel. In order to reduce the key consumption, the authentication scheme with key recycling (KR), in which a secret but fixed hash function is used for multiple messages while each tag is encrypted with a one-time pad (OTP), is preferred in QKD. Based on the assumption that the OTP key is perfect, the security of the authentication scheme has be proved. However, the OTP key of authentication in a practical QKD system is not perfect. How the imperfect OTP affects the security of authentication scheme with KR is analyzed thoroughly in this paper. In a practical QKD, the information of the OTP key resulting from QKD is partially leaked to the adversary. Although the information leakage is usually so little to be neglected, it will lead to the increasing degraded security of the authentication scheme as the system runs continuously. Both our theoretical analysis and simulation results demonstrate that the security level of authentication scheme with KR, mainly indicated by its substitution probability, degrades exponentially in the number of rounds and gradually diminishes to zero.     

量子安全通信开发回顾

回顾了量子通信协议的发展历程和各个研究方向,重点是量子直接安全通信(QSDC)问题。量子直接安全通信(QSDC)的安全性要求比量子密钥分配(QKD)要高,能够在密文信息泄漏之前察觉到窃听者。基于认证的量子直接安全通信(QSDC)的提出使得量子通信安全性达到了新的高度。     

Implementation of quantum key distribution network simulation module in the network simulator NS-3

As the research in quantum key distribution (QKD) technology grows larger and becomes more complex, the need for highly accurate and scalable simulation technologies becomes important to assess the practical feasibility and foresee difficulties in the practical implementation of theoretical achievements. Due to the specificity of the QKD link which requires optical and Internet connection between the network nodes, to deploy a complete testbed containing multiple network hosts and links to validate and verify a certain network algorithm or protocol would be very costly. Network simulators in these circumstances save vast amounts of money and time in accomplishing such a task. The simulation environment offers the creation of complex network topologies, a high degree of control and repeatable experiments, which in turn allows researchers to conduct experiments and confirm their results. In this paper, we described the design of the QKD network simulation module which was developed in the network simulator of version 3 (NS-3). The module supports simulation of the QKD network in an overlay mode or in a single TCP/IP mode. Therefore, it can be used to simulate other network technologies regardless of QKD.