CN101540760B - Quantum key agreement method - Google Patents

Abstract

A quantum key agreement method in the field of information security technology, the steps are: 1. Two negotiation communication users choose their respective positions in the negotiation: if a user decides to choose forward negotiation, then the user chooses himself as the server end, Another user acts as the client; second, the server starts to monitor the network, and then the client enters the IP address of the server and starts to connect to the server; third, two negotiation communication users exchange the initial bit error rate and negotiation data files, using the The Winnow method of self-adaptive interval selection function carries out negotiation process; Four, after the negotiation finishes, after the length of the bit string that input eavesdropper obtains, any party can decide to start the confidentiality enhancement process, thereby in the text box of negotiation communication user both sides Obtain a secure communication key. The self-adaptive interval selection method proposed by the invention improves the efficiency of the Winnow method, thereby improving the efficiency of the negotiation method.

Description

Quantum key agreement method

technical field

The present invention relates to a method in the technical field of information processing, in particular to a quantum key agreement method.

Background technique

The combination of quantum mechanics and cryptography gave birth to quantum cryptography, which can complete a perfect security system that cannot be completed only by traditional mathematics. Quantum cryptography proposes a brand-new secure communication system based on quantum theory. It fundamentally solves the problem that quantum characteristics cannot be ignored, and measurement action is an integral part of quantum mechanics. Among these laws, the uncertainty principle plays a key role in quantum cryptography, that is, when measuring a quantum system, it will usually cause disturbance to the system and produce incomplete information about the state of the system before measurement, so any Any effort to monitor a channel interferes in some detectable way with the information transmitted on that channel.

In 1969, S. Wiesner first proposed the idea of quantum cryptography. In 1984, C.H.Bennett, a scientist of IBM Corporation in the United States, and G.. Brassard, a Canadian cryptographer, proposed the world's first quantum key distribution protocol - BB84 protocol. In 1989, the world's first Quantum Key Distribution (Quantum KeyDistribution) experiment was successful in IBM's Thomas Laboratory. The experiment used the BB84 protocol. Although the experimental communication distance is only 32cm in free space, it is the future of quantum information. The development of science has played a pivotal role. Since then, quantum cryptography based on quantum optical communication has become one of the most widely concerned topics in the world. Scholars and scientists from various countries have theoretically carried out research on quantum cryptography from different angles, involving quantum key distribution, quantum key verification, Quantum data encryption, quantum secret sharing, quantum identity authentication, quantum signature, qubit commitment, quantum inadvertent transmission, quantum multi-party computing, and information theory of quantum cryptography. In addition, quantum error-correcting codes are getting more and more attention.

As one of the important branches of quantum cryptography, the negotiation and security enhancement in quantum key distribution has aroused more and more interest of scholars from various countries.

After searching the existing technical documents, it was found that Bennett et al. published the article "Experimental Quantum Cryptography" ("Quantum Cryptography Experiment") in 1991, which laid the foundation for data negotiation. Since then, people have begun to study various more Efficient negotiation methods, the Cascade and Winnow methods that appeared later are all based on the above methods for research. The current negotiation method includes three aspects: interval division, bit judgment and error correction process. The theoretical efficiency of the Winnow method is very high, but because the method needs to use the map method to determine the parameters, the engineering efficiency of the whole method is greatly reduced. The efficiency of negotiation methods has always constrained the engineering realization of quantum secure communication.

After searching, it is also found that the article "Generalized privacy amplification" ("Generalized Privacy Enhancement") published by Bennett et al. in "IEEE Transactions on Information Theory" (vol. ) laid the foundational theory of security enhancement. Since then, people have carried out a detailed analysis on various situations of secrecy enhancement under different premise, different conditions, and different restrictions, and have given many important conclusions.

Contents of the invention

The purpose of the present invention is to address the shortcomings of the above-mentioned prior art, and propose a quantum key negotiation method, which uses a new negotiation method and a new communication protocol, improves the work efficiency of the negotiation method, and promotes the construction of information security infrastructure.

The present invention is realized through following technical scheme, comprises the steps:

Step 1. First, the two negotiation communication users choose their respective positions in the negotiation: if a user decides to choose forward negotiation, then the user chooses himself as the server and the other user as the client; if a user decides to use reverse negotiation Negotiation, then the user chooses himself as the client and another user as the server;

Step 2, the server starts to monitor the network, and then the client enters the IP address of the server and starts to connect to the server;

Step 3, when the connection is established between the server and the client, at first the two negotiating communication users exchange the initial bit error rate and the negotiating data file, and then use the Winnow method including the adaptive interval selection function to carry out the negotiating process;

Step 4: After the negotiation is completed, after entering the length of the bit string obtained by the eavesdropper, any party can decide to start the process of security enhancement. After the security enhancement is completed, secure communication in the sense of information theory can be obtained in the text boxes of both negotiating communication users. key.

In step 3, after the connection between the server and the client is established, the data on the server cannot be modified, while the data on the client will be modified according to the negotiation information provided by the server.

In step 3, the use of the Winnow method comprising an adaptive interval selection function to carry out negotiation processing includes the following specific steps:

In the first step, after the negotiating and communicating parties have exchanged qubits and obtained the initial bit error rate and the negotiated data file, the communicating parties divide the obtained bit strings into intervals of length N=2 ^m . For each interval, the communicating parties Exchanging the parity bits of the interval in the authentication channel, where the interval size parameter m is selected by the adaptive interval selection function according to the input initial bit error rate;

In the second step, if the parity bit of one user is the same as the parity bit of another user, the two parties in the communication discard the last bit of the interval, and do not do any other processing for the remaining 2 ^m -1 bits , and then continue to process the next interval;

In the third step, if one user's parity bit is different from another user's parity bit, then they just throw away the last bit first, and then use the Hamming (Hamming) hash function from the remaining 2 ^m - In 1, find the error bit that causes the parity bit to be different and correct it. Since the Hamming (Hamming) hash function is used to correct the error, some information for error correction must be exchanged through the authentication channel. In order to keep the remaining bits For security, m bits must be discarded.

The most important part of the present invention is the automatic selection of the interval size parameter m by the adaptive interval selection function. Once the interval size parameter m is not selected properly, after an error correction process, the number of errors in an interval will not decrease, but may even increase. This means that some more information bits need to be discarded to perform several more rounds of error correction. Although Buttler provides a graphic query method to determine how to select the parameter m, the graphic is only a theoretical solution, which is extremely inconvenient for practical engineering applications. The adaptive interval selection function provided by the present invention can provide an analytical form for selecting the interval size parameter m, so that the improved Winnow method including the adaptive interval selection function can be used in actual projects. Using this adaptive interval selection function, the interval size parameter can be automatically selected each time according to the input initial bit error rate.

Said selection of the interval size parameter m by the adaptive interval selection function according to the input initial bit error rate comprises the following steps:

The first step is to calculate the judgment variable L. L represents the average number of bit errors after negotiation when there are 3 error bits in the interval before the negotiation. The first case is that no error is detected by the Hamming matrix, which means that there is no Error correction will be performed, and there are still 3 bit errors after negotiation, and the probability of this situation is represented by P ₃₁ ; the second case is that the Hamming matrix does detect a bit error, and then the Hamming hash function is used to correct the bit error , after error correction, there are 4 bit errors in the interval, and P ₃₂ is used to represent the probability of this situation. Therefore, after negotiation, when there are 3 error bits in the interval, the average number of bit errors after negotiation is :

L＝ _P31 ×3+ _P32 ×4

in

${\mathrm{<span\; class="notranslate">\; P</span>}}_{\mathrm{<span\; class="notranslate">\; 31</span>}}<span\; class="notranslate">\; =</span>\frac{{\mathrm{<span\; class="notranslate">\; C</span>}}_{{\mathrm{<span\; class="notranslate">\; 2</span>}}^{\mathrm{<span\; class="notranslate">\; m</span>}}<span\; class="notranslate">\; -</span>\mathrm{<span\; class="notranslate">\; 1</span>}}^{\mathrm{<span\; class="notranslate">\; 2</span>}}}{{\mathrm{<span\; class="notranslate">\; C</span>}}_{{\mathrm{<span\; class="notranslate">\; 2</span>}}^{\mathrm{<span\; class="notranslate">\; m</span>}}<span\; class="notranslate">\; -</span>\mathrm{<span\; class="notranslate">\; 1</span>}}^{\mathrm{<span\; class="notranslate">\; 3</span>}}}$

P ₃₂ =1-P ₃₁

The second step is to calculate the interval average bit error rate aver _error

aver _error ＝P ₁ ×0+P ₂ ×2+P ₃ ×L+P ₄ ×4

Among them, P _i represents the probability that there are i bit errors in an interval (because the probability is extremely small, the case of more than 4 bit errors in the interval is ignored)

$P_i=C_{2^m}^i{\left(\frac{m}{N}\right)}^i{(1-\frac{m}{N})}^{2^m-i}$ (N and M are initialization parameters)

的不同取值，对应于

的m值即为所需的区间大小。In the third step, use different m to calculate

Different values of , corresponding to

The value of m is the required interval size.

From the above formula, we can use the adaptive interval selection function To determine the interval size parameter m, this greatly improves the efficiency of information negotiation, thereby solving the biggest obstacle that plagues the practical application of information negotiation in engineering, and has important guiding significance for the theoretical and experimental research of information security communication.

The server and the client can perform network text transmission based on the TCP/IP protocol, so that when the server and the client are not satisfied with the result of this negotiation, they can communicate with each other to obtain more accurate information.

Compared with the prior art, the present invention has the following beneficial effects:

The present invention aims at the data processing of the quantum key distribution protocol after comparing the measurement basis, and proposes an adaptive interval selection method. After this method is used in the famous negotiation method Winnow method, the efficiency of the Winnow method can be greatly improved, thereby The efficiency of the negotiation method is improved, and it has a very important guiding role in the realization of quantum key distribution in engineering.

In addition, the present invention transmits exchange information needed for negotiation and privacy enhancement through TCP/IP. The network is used to simulate the classical channel in QKD (Quantum Key Distribution), so that it can be eavesdropped by Eve but will not be modified or deleted, which provides the basis for the future development of Quantum VPN (Virtual Private Network).

Description of drawings

Fig. 1 is a work flow chart of the present invention.

Detailed ways

The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings: this embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the described embodiment.

Assume that Alice and Bob are in front of terminals in their respective cells, and the two cells are connected by the Internet. As shown in Figure 1, this embodiment includes the following steps:

Step 1. First, Alice and Bob choose their respective positions in the negotiation. If Alice decides to choose forward negotiation, then Alice chooses herself as the server and Bob as the client. If Alice decides to use reverse negotiation, then Alice chooses herself as the server. In the client, Bob acts as the server; without loss of generality, Alice can be selected as the server for forward negotiation. Click the type column at the right end of the software interface to select the server option. Correspondingly Bob selects the client option.

Step 2: Alice server clicks the listen button to start monitoring the network, then Bob enters the IP address of Alice server as the client, and clicks the connect button to request to connect to the server; when the connection between the server and the client is established, the Alice server will It will prompt "someone is connected", and Bob will prompt "connected to the server and can start communication".

Step 3. Firstly, Alice and Bob exchange the initial bit error rate through the network chat system. When either Alice or Bob clicks the reconciliation button, a prompt box will pop up, prompting to input the initial bit error rate and the negotiation data file. After one party completes the input, prompt the other party to request to start the negotiation, and ask the other party to also input the initialization bit error rate and negotiation data. Transmission over the Internet then begins by packetizing the negotiated data. The network plays the role of a classical channel in theoretical research. Then use the Winnow method including the self-adaptive interval selection function to negotiate according to the preset program. The specific process is as follows:

1. Alice and Bob divide the bit strings they need to negotiate into intervals with a length of N=2 ^m . For each interval, the communication parties exchange the parity bits of each interval through the established Internet link channel, where the interval The size parameter m is selected by the adaptive interval selection function according to the input initial bit error rate.

2. Once the interval size parameter m is selected inappropriately, after an error correction process, the number of errors in an interval will not decrease, but may increase. This means that some more information bits need to be discarded to perform several more rounds of error correction. Although Buttler provides a graphic query method to determine how to select the parameter m, the graphic is only a theoretical solution, which is extremely inconvenient for practical engineering applications. The adaptive interval selection function provided by the present invention can provide an analytical form for selecting the interval size parameter m, so that the improved Winnow method including the adaptive interval selection function can be used in actual projects. Using this adaptive interval selection function, the interval size parameter can be automatically selected each time according to the input initial bit error rate. The specific process is as follows:

The first step is to calculate the judgment variable L. L represents the average number of bit errors after negotiation when there are 3 error bits in the interval before the negotiation. The first case is that no errors are detected by the Hamming matrix, and there are still 3 error bits after the negotiation. Bit error, use P ₃₁ to represent the probability of this situation; the second case is that the Hamming matrix does detect a bit error, and then use the Hamming hash function to correct the bit error. After error correction, the interval contains 4 Bit error, use P ₃₂ to represent the probability of this situation, so after negotiation, in the case of 3 error bits in the interval, the average number of bit errors after negotiation is L=P ₃₁ ×3+P ₃₂ ×4 ,in $P_{31}=\frac{C_{2^m-1}^2}{C_{2^m-1}^3},$ P ₃₂ =1-P ₃₁ .

的取值，对应于的m值即为所需的区间大小。The second step is to calculate the interval average bit error rate aver _error =P ₁ ×0+P ₂ ×2+P ₃ ×L+P ₄ ×4. Where P _i represents the probability that there are i bit errors in an interval $P_i=\left(C_{2^m}^i\right){\left(\frac{m}{N}\right)}^i{(1-\frac{m}{N})}^{2^m-i},$ Both N and M are initialization parameters. In the third step, use m to calculate

The value of , corresponding to The value of m is the required interval size.

3. If the parity bit of Bob on the client side is the same as that of Alice on the server side, then both parties discard the last bit of the corresponding interval, and do not do any other processing for the remaining 2 ^m -1 bits. Then continue to process the next interval;

4. If the parity bit of the client Bob is different from the parity bit of the server Alice, then both parties first discard the last bit of the range, and then the client Bob uses the Hamming hash function from the remaining 2 ^m - In 1, find the error bit that causes the parity bit to be different and correct it, and exchange some information for error correction through the Internet channel, and the two parties discard m bits.

Step 4: After the negotiation is completed, any one of the communication parties presses the Privacy Amplification button, and a prompt box will pop up, prompting to enter the bit length that the eavesdropper Eve may obtain. After inputting the length of the obtained bit string, the server and the client start the calculation of privacy enhancement respectively. In this embodiment, the improved BBBSC algorithm is used as an approximation algorithm for privacy enhancement. After the processing is over, the communication keys that are secure in the sense of information theory are output in the chat text boxes of both parties.

In this embodiment, the network text transmission is performed between the server and the client based on the TCP/IP protocol, so that when the server and the client are not satisfied with the result of this negotiation, they communicate with each other to obtain a more accurate information. This embodiment improves the efficiency of the Winnow method, thereby improving the efficiency of the negotiation method.

Claims (3)

1. a quantum key agreement method is characterized in that, comprises the steps:

Step 1, two negotiation communication users select the status in each comfortable negotiation: if a user determines to select forward direction to consult, this user is own to server end with regard to selecting so, and another user is as client; If a user determines to use reverse negotiation, this user just selects oneself as client so, and another user is as server end;

Step 2, server end begins listens for network, the Connection Service device end of the IP address of client input server end, and beginning then;

Step 3, after connecting between server end and the client, at first two negotiation communication users exchange the initial error rate and negotiation data file, use the processing of holding consultation of the Winnow method comprise self adaptation interval selection function then;

The Winnow method that said use the comprises self adaptation interval selection function processing of holding consultation comprises following concrete steps:

The first step, when the negotiation communication both sides exchanged quantum bit and obtain the initial error rate and the negotiation data file after, the Bit String that communicating pair will be obtained separately is divided into length N=2 ^mThe interval, for each interval, communicating pair is the parity check bit between the exchange area in authenticated channel, wherein interval size parameter m by self adaptation interval selection function according to the input the initial error rate select;

In second step, if a user's parity check bit and another user's parity check bit is identical, communicating pair is given up last interval bit so, for be left 2 ^m-1 bit is not done any other processing, continues to handle next interval then;

In the 3rd step, if a user's parity check bit and another user's parity check bit is different, they abandon last bit earlier so, then with the Hamming hash function from be left 2 ^mFind that error bit and the correction that cause parity check bit different in-1, some are used for the information of error correction through the authenticated channel exchange, abandon m bit;

Described self adaptation interval selection function is selected interval size parameter m according to the initial error rate of input, comprises the steps:

1), calculate judgment variable L, the average errored bit number after consulting under the situation of 3 error bits is arranged in L representes to consult between the proparea, the 1st kind of situation is exactly that the Hamming matrix does not detect mistake, consulted still to have 3 error codes, uses P ₃₁The probability of representing this situation; The 2nd kind of situation is exactly that the Hamming matrix has detected error code really, uses the Hamming hash function to correct this error code then, and through after the error correction, the interval contains 4 error codes, uses P ₃₂The probability of representing this situation, so, through after consulting, have the average errored bit number after consulting under the situation of 3 error bits to be in the interval:

L＝P ₃₁×3+P ₃₂×4

Wherein

$P_{31}=\frac{C_{2^m-1}^2}{C_{2^m-1}^3}$

P ₃₂＝1-P ₃₁

2), computation interval average error rate aver _Error

aver _error＝P ₁×0+P ₂×2+P ₃×L+P ₄×4

P wherein _iRepresent to have in the interval probability of i error code

$P_i=C_{2^m}^i{\left(\frac{M}{N}\right)}^i{(1-\frac{M}{N})}^{2^m-i},$ N and M are initiation parameter,

3); Use the value that m calculates

, the m value corresponding to is required interval size;

Step 4, after consulting to finish, after the length of the input Bit String that the listener-in obtained, either party can determine to begin secret enhancing process, after the enhancing of maintaining secrecy is accomplished, safe communication key on the acquired information opinion meaning in negotiation communication user both sides' text box.

2. quantum key agreement method according to claim 1; It is characterized in that, in the step 3, said after connecting between server end and the client; Wherein the data of server end can not be made amendment, and the data of client can be made amendment according to the negotiation information that server end provides.

3. quantum key agreement method according to claim 1 is characterized in that, can carry out the network text transmission based on ICP/IP protocol between said server end and the client.