[go: up one dir, main page]

CN105959113B - For preventing the quantum key distribution method of detector side channel attack - Google Patents

For preventing the quantum key distribution method of detector side channel attack Download PDF

Info

Publication number
CN105959113B
CN105959113B CN201610528535.5A CN201610528535A CN105959113B CN 105959113 B CN105959113 B CN 105959113B CN 201610528535 A CN201610528535 A CN 201610528535A CN 105959113 B CN105959113 B CN 105959113B
Authority
CN
China
Prior art keywords
receiving end
detector
detector side
information
side channel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610528535.5A
Other languages
Chinese (zh)
Other versions
CN105959113A (en
Inventor
贾磊磊
谭勇刚
王松林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Regular Quantum Beijing Technology Co ltd
Original Assignee
Luoyang Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Luoyang Normal University filed Critical Luoyang Normal University
Priority to CN201610528535.5A priority Critical patent/CN105959113B/en
Publication of CN105959113A publication Critical patent/CN105959113A/en
Application granted granted Critical
Publication of CN105959113B publication Critical patent/CN105959113B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Optical Communication System (AREA)

Abstract

本发明涉及用于防止探测器侧信道攻击的量子密码分配方法,在不需要对现有制备测量量子密码分配方案中使用的探测装置进行改进的条件下,通过对接收端Bob方进行随机的Bell检测来检查Alice和Bob之间的量子关联,从而检测探测器侧信道攻击是否存在。在制备测量量子密码分配过程中,可有效检测存在的探测器侧信道攻击,解决探测器侧信道信息泄露问题。The invention relates to a quantum cipher distribution method for preventing detector side-channel attacks. Under the condition that the detection device used in the existing preparation and measurement quantum cipher distribution scheme does not need to be improved, the Bob at the receiving end performs random Bell detection to check the quantum correlation between Alice and Bob, thereby detecting the existence of detector side-channel attacks. In the process of preparing and measuring quantum cryptography, it can effectively detect the existing detector side channel attack and solve the problem of detector side channel information leakage.

Description

用于防止探测器侧信道攻击的量子密码分配方法A Quantum Cryptography Method for Preventing Detector Side-Channel Attacks

技术领域technical field

本发明涉及量子密码领域,特别是一种用于防止探测器侧信道攻击的量子密码分配方法。The invention relates to the field of quantum cryptography, in particular to a quantum cryptography distribution method for preventing detector side channel attacks.

背景技术Background technique

制备测量量子密码分配方案具有速度快、密码生成率高、易于实现的优点。然而探测器侧信道的攻击极大地破坏了其安全性,窃听者Eve在不违背量子原理的条件下可以利用探测器的缺陷获得其非法信息,这意味着她可以窃听通信而不被发现。探测器侧信道攻击对量子密码分配的安全性造成很大危害。因此必须对探测器进行较大改进,以避免探测器侧通道的攻击。The preparation and measurement quantum cipher distribution scheme has the advantages of fast speed, high cipher generation rate and easy implementation. However, the side-channel attack of the detector greatly undermines its security. The eavesdropper Eve can use the defect of the detector to obtain its illegal information without violating the quantum principle, which means that she can eavesdrop on the communication without being discovered. Detector side-channel attacks do great harm to the security of quantum cryptography. Therefore, the detector must be greatly improved to avoid the attack of the detector side channel.

目前已经有采取一些措施来防止这些攻击,譬如说与测量装置无关的量子密码系统。在这种情况下,测量结果的安全性依赖于纠缠的单配性,实现更为复杂,密码生成率较低。或者采用更加完善的探测器才防止攻击。Some measures have been taken to prevent these attacks, such as quantum cryptography that is independent of the measurement device. In this case, the security of the measurement results relies on the monogamous nature of entanglement, which is more complex to implement and has a lower rate of cryptographic generation. Or use more perfect detectors to prevent attacks.

发明内容Contents of the invention

本发明的目的是提供一种用于防止探测器侧信道攻击的量子密码分配方法,用以解决现有方法依赖纠缠或者探测器的问题。The purpose of the present invention is to provide a quantum cipher distribution method for preventing side-channel attacks on detectors, so as to solve the problem that existing methods rely on entanglement or detectors.

为实现上述目的,本发明的方案包括:To achieve the above object, the solution of the present invention includes:

步骤一、发送端A随机选一个信息嵌入方式,将随机的0或1编入光子的量子态,发给接收端B;Step 1. The sending end A randomly selects an information embedding method, encodes random 0 or 1 into the quantum state of the photon, and sends it to the receiving end B;

步骤二、接收端B设置两种模式:信号模式与测试模式;接收端B依照概率随机选择其中一种模式;在信号模式下,随机选择一个信息读取方式读出光子携带的0或1;当接收端B选择信号模式时,发送端A和接收端B通过公共信道公布他们的信息嵌入和读取方式,将信息嵌入方式和读取方式一致的那些比特作为密码比特;在测试模式,选择特定的信息读取方式进行Bell测试;当接收端B选择测试模式时,发送端A和接收端B通过公共信道计算SCHSH的值来宣布他们的基失选择和测量结果。Step 2. The receiving end B sets two modes: signal mode and test mode; receiving end B randomly selects one of the modes according to the probability; in the signal mode, randomly selects an information reading method to read the 0 or 1 carried by the photon; When the receiving end B selects the signal mode, the sending end A and the receiving end B announce their information embedding and reading methods through the public channel, and those bits whose information embedding method is consistent with the reading method are used as password bits; in the test mode, select A specific information reading method is used to perform the Bell test; when the receiver B selects the test mode, the transmitter A and the receiver B calculate the value of S CHSH through the public channel to announce their base loss selection and measurement results.

步骤三、在密码分配后,发送端A和接收端B对密码比特实行错误纠正和隐私放大,用于生成安全密码;所述SCHSH的值用于进行隐私放大,根据SCHSH的大小和公式(6)判断被标记的信息的量的多少,若被标记信息的量超出预设的阈值,则丢弃;若在预设的阈值以下,则可以通过相关的手段将标记信息进行消除。由于具体的消除手段与本申请探讨内容无关,而且量子密码领域的论文多有涉及,故在此不再赘述。Step 3. After the password is assigned, the sending end A and the receiving end B implement error correction and privacy amplification on the password bits to generate a secure password; the value of the S CHSH is used for privacy amplification, according to the size and formula of S CHSH (6) Determine the amount of marked information, and discard if the amount of marked information exceeds the preset threshold; if it is below the preset threshold, the marked information can be eliminated by relevant means. Since the specific elimination method has nothing to do with the content of this application, and many papers in the field of quantum cryptography are involved, it will not be repeated here.

进一步的,所述发送端A的信息嵌入方式包括斜线基和直线基信号模式下,接收端B基矢在中随机选择。Further, the information embedding method of the sending end A includes a slash base and straight basis In signal mode, the base vector of receiver B is at and randomly selected from.

进一步的,测试模式下,接收端B基矢在中随机选择;SCHSH≡<A1B1+A1B2+A2B1-A2B2>。Furthermore, in the test mode, the base vector of receiving end B is and Randomly selected in ; S CHSH ≡<A 1 B 1 +A 1 B 2 +A 2 B 1 -A 2 B 2 >.

进一步的,被标记的接收端B的信息量的上限通过下式来估计:Further, the upper limit of the amount of information of the marked receiver B is estimated by the following formula:

其中H2(x)=-xlog2x-(1-x)log2(1-x)为二元信息熵。Wherein H 2 (x)=-xlog 2 x-(1-x)log 2 (1-x) is binary information entropy.

进一步的,接收端B除了用来解码0和1的探测器分别标记为D0和D1,还具有一个探测器Dt;各个探测器设置一个时间窗口,在窗口内探测器能够有效地探测进入的信号脉冲,在窗口外探测器不能获得有效的脉冲;D0和D1的探测效率标记为η,而Dt的探测效率为ηt,比较η和ηt,当ηt>η时,判断探测器侧信道攻击。Furthermore, in addition to the detectors used to decode 0 and 1 marked as D 0 and D 1 respectively, the receiving end B also has a detector D t ; each detector sets a time window, and the detector can effectively detect Incoming signal pulses, detectors outside the window cannot obtain effective pulses; the detection efficiency of D 0 and D 1 is marked as η, and the detection efficiency of D t is η t , compare η and η t , when η t > η , to determine the detector side channel attack.

按照本领域的习惯,发送端A为Alice,接收端B为Bob,窃听者Eve。本发明在不需要对现有制备测量量子密码分配方案中使用的探测装置进行改进的条件下,通过对接收端Bob方进行随机的Bell检测来检查Alice和Bob之间的量子关联,从而检测探测器侧信道攻击是否存在。在制备测量量子密码分配过程中,可有效检测存在的探测器侧信道攻击,解决探测器侧信道信息泄露问题。本发明的优点还包括:不需要更改制备测量量子密码分配方案(如改为与测量装置无关的量子密码系统),可保证量子密码的分配速度、密码生成率等不受影响。该方案中不用担心探测器的效率,因为方案中只有被标记的光子可以用来计算CHSH多项式。该方案在制备测量量子密码分配方式中实现,故不需要考虑纠缠。According to the practice in this field, the sending end A is Alice, the receiving end B is Bob, and the eavesdropper Eve. The present invention checks the quantum correlation between Alice and Bob by performing random Bell detection on Bob at the receiving end without improving the detection device used in the existing preparation and measurement quantum cryptography distribution scheme, so as to detect the detection Whether there is a side-channel attack on the server. In the process of preparing and measuring quantum cryptography, it can effectively detect the existing detector side channel attack and solve the problem of detector side channel information leakage. The advantages of the present invention also include: there is no need to change the preparation and measurement quantum cryptography distribution scheme (such as changing to a quantum cryptography system that has nothing to do with the measurement device), which can ensure that the quantum cryptography distribution speed and password generation rate are not affected. In this scheme, there is no need to worry about the efficiency of the detector, because only the labeled photons can be used to calculate the CHSH polynomial. This scheme is implemented in the preparation and measurement quantum cryptography distribution method, so entanglement does not need to be considered.

具体实施方式Detailed ways

下面对本发明做进一步详细的说明。The present invention is described in further detail below.

本发明的基本思路是在量子密码分配中使用制备-测量Bell测试,基本原理是:The basic idea of the present invention is to use the preparation-measurement Bell test in the distribution of quantum ciphers, and the basic principle is:

按照本领域的习惯,发送端A为Alice,接收端B为Bob,窃听者Eve。设Alice拥有一个单光子源(实际实验中可以采用弱相干光源),她随机地选择或者和0或1来制备光子B,在测量光子B之前,光子B的态始终保持Alice所制备的量子态;According to the practice in this field, the sending end A is Alice, the receiving end B is Bob, and the eavesdropper Eve. Assuming that Alice has a single photon source (a weakly coherent light source can be used in practical experiments), she randomly chooses or and 0 or 1 to prepare photon B, before measuring photon B, the state of photon B always maintains the quantum state prepared by Alice;

Bob随机地选择在基上测量进入实验室的光子;Bob randomly chooses the base and measure photons entering the lab;

Alice和Bob用他们的基选择和制备(测量)结果计算CHSH多项式,如果CHSH不等式经典极限被突破,说明量子关联存在,否则量子关联不存在。Alice and Bob use their base selection and preparation (measurement) results to calculate CHSH polynomials. If the classical limit of CHSH inequality is broken, it means that quantum correlation exists, otherwise quantum correlation does not exist.

如果Alice对光子B的基失和取值选择是完全随机的,那么在SCHSH≡<A1B1+A1B2+A2B1-A2B2>中可以得到If Alice’s choice of base loss and value for photon B is completely random, then in S CHSH ≡<A 1 B 1 +A 1 B 2 +A 2 B 1 -A 2 B 2 >, we can get

同样地有,In the same way,

来替代B1、B2,得到因此可以得到 use and to replace B 1 and B 2 , to get so you can get

量子理论与局域隐变量理论是完全不兼容的,无漏洞Bell不等式的冲突意味着局域隐变量理论可以被排除。否则,如果无法获得无漏洞Bell不等式的冲突则意味着量子理论是错误的。最近,无漏洞Bell不等式的冲突得到了三个小组的试验验证。这些重要的结果意味着局域隐变量理论是不正确的。基于这一事实,我们可以通过一个简单而有效的办法防止制备—测量量子密码分配过程当中存在的探测器侧信道的攻击。在不需要对实验装置进行改进的条件下,通过对接收端Bob方进行随机的Bell测试来检查Alice和Bob之间的量子关联,从而检测探测器侧信道攻击是否存在。Quantum theory is completely incompatible with local hidden variable theory, and the conflict of the loophole-free Bell inequality means that local hidden variable theory can be ruled out. Otherwise, failure to obtain a violation of the hole-free Bell's inequality means that quantum theory is wrong. Recently, the violation of the loophole-free Bell inequality has been experimentally verified by three groups. These important results imply that the local hidden variable theory is incorrect. Based on this fact, we can prevent the detector side-channel attack in the preparation-measurement quantum cryptography process through a simple and effective method. Under the condition that the experimental device does not need to be improved, the quantum correlation between Alice and Bob is checked by performing a random Bell test on Bob at the receiving end, so as to detect whether there is a side-channel attack on the detector.

下面以改进的BB84方案为例说明本发明的方法,需要说明的是,本发明的方法不仅可以用于BB84方案,还可以用于其他量子密码分配方案。The method of the present invention is described below by taking the improved BB84 scheme as an example. It should be noted that the method of the present invention can be used not only for the BB84 scheme, but also for other quantum cipher distribution schemes.

基于制备-测量Bell测试的BB84方案:BB84 scheme based on the prep-measurement Bell test:

步骤一、在Alice实验室生成n个单光子,Alice在斜线基直线基和0、1中的任一值随机选择来制备这些光子,然后这些光子发送给了Bob。Step 1. Generate n single photons in Alice’s laboratory, and Alice straight line basis and any value between 0 and 1 are randomly selected to prepare these photons, and then these photons are sent to Bob.

步骤二、Bob有两种模式:他选择信号模式的概率是p,选择测试模式的概率是1-p(优选的,只有Bob自己知道p的值)。在信号模式中测量基矢在中随机选择,在测试模式中测量基矢在中随机选择。Step 2, Bob has two modes: the probability that he selects the signal mode is p, and the probability that he selects the test mode is 1-p (preferably, only Bob himself knows the value of p). In signal mode the base vector is measured at and Randomly selected in , the base vector is measured in test mode at and randomly selected from.

当Bob选择信号模式时,Alice和Bob通过公共信道公布他们的测量基矢,他们把他们的测量结果保存在相同的基矢中作为筛选的密码比特。When Bob selects the signaling mode, Alice and Bob publish their measurement base vectors through a common channel, and they store their measurement results in the same base vector as filtered cipher bits.

当Bob选择测试模式时,Alice和Bob通过公共信道计算SCHSH的值来宣布他们的基失选择和测量结果。When Bob selects the test mode, Alice and Bob calculate the value of S CHSH through the public channel to announce their base loss selection and measurement results.

步骤三、在密码分配后,Alice和Bob对筛选的密码比特实行错误纠正和隐私放大,如果能生成安全密码,那么密码分配任务就完成了,否则任务就失败了。上述错误纠正过程与上述信号模式的结果相关,隐私放大与测试模式的测量结果相关。错误纠正即通过误码率判断是否存在致命窃听的过程。Step 3. After the password is assigned, Alice and Bob perform error correction and privacy amplification on the selected password bits. If a secure password can be generated, the password assignment task is completed, otherwise the task fails. The above error correction process is related to the results of the above signal mode, and the privacy amplification is related to the measurement results of the test mode. Error correction is the process of judging whether there is fatal eavesdropping through the bit error rate.

上述方案的原理是,通过在密码分配过程中增加一个测试模式,通过测试模式的结果进行隐私放大,从而能够生成安全密码。The principle of the above scheme is that by adding a test mode in the password distribution process, the privacy amplification is performed through the result of the test mode, so that a secure password can be generated.

具体理论分析如下:因为Alice随机选择光子B的基矢和值,态在共轭基失的条件下态的制备是一致的,Eve不能找出哪个态是制备的。如果她对光子进行状态识别任务,就必须引入干扰。在没有任何损失的条件下,可以假定Eve用一个探针作用于光子B上。如果视探针和光子之间的相互作用为幺正过程,可以得到The specific theoretical analysis is as follows: Because Alice randomly selects the basis vector and value of photon B, the state The preparation of the states under the condition of loss of the conjugated group is consistent, and Eve cannot find out which state is prepared. If she were to perform a state-recognition task on photons, she would have to introduce interference. Without any loss, it can be assumed that Eve acts on photon B with a probe. If the interaction between the probe and the photon is regarded as a unitary process, we can get

在这里|E>是Eve探针的空白态,f和e分别是光子B极化不变和极化发生翻转的概率,e通常也表明Eve窃听的信息中量子比特错误率。Alice和Bob之间的信息量H2(e)通常用来纠正他们比特串错误,且二元熵为H2(x)=-xlog2x-(1-x)log2x。Here |E> is the blank state of the Eve probe, f and e are the probability that the polarization of photon B remains unchanged and the polarization flips, respectively, and e usually also indicates the qubit error rate in the information Eve eavesdrops. The amount of information H 2 (e) between Alice and Bob is usually used to correct their bit string errors, and the binary entropy is H 2 (x)=-xlog 2 x-(1-x)log 2 x.

在Eve攻击下后,<A2B1>重新计算的结果为After being attacked by Eve, the result of <A 2 B 1 > recalculation is

类似地,可以得到Similarly, one can get

Eve攻击后,得到在制备—测量量子密码分配中,Eve的窃听能够受集体攻击制约。Eve标记Bob的信息量的上限可以通过下式来估计:After Eve attacks, get In preparation-measurement quantum cryptography, Eve's eavesdropping can be subject to collective attack. The upper limit of the amount of information that Eve marks Bob can be estimated by the following formula:

其中H2(x)=-xlog2x-(1-x)log2(1-x)为二元信息熵。Wherein H 2 (x)=-xlog 2 x-(1-x)log 2 (1-x) is binary information entropy.

如果Bob的探测器并不那么完善,那么可能会发生探测器侧信道信息泄露。Eve会利用Bob探测器侧信道的缺点来对探测器侧信道进行攻击。在以上实施例中,Bob并不需要对Bob的探测器进行改进。进一步的,Bob还可以增加对探测器的改进,具体说明如下:If Bob's detector is not so perfect, then detector side-channel information leakage may occur. Eve will use the shortcoming of Bob's detector side channel to attack the detector side channel. In the above example, Bob does not need to modify Bob's detector. Furthermore, Bob can also add improvements to the detector, as detailed below:

设Bob除了用来解码0和1的探测器分别标记为D0和D1,他还拥有一个探测器Dt,为了减少暗记数的影响,密码产生过程当中往往给各个探测器加上一个时间窗口,在窗口内探测器能够有效地探测进入的信号脉冲,在窗口外探测器不能获得有效的脉冲,实验上是通过开、关探测器来实现时间窗口的。假设Dt拥有与D0和D1一样的探测效率但是拥有足够大的时间窗口来保证所有能被D0和D1探测到的信号均能被Dt探测到。D0和D1的探测效率标记为η而Dt的探测效率为ηt,如果没有探测器侧信道攻击的情况下ηt=η。一旦发生探测器侧信道攻击,可以发现ηt>η,因此Eve在探测器侧信道攻击过程当中获取的信息量就能够得到有效地估计:Assume that in addition to the detectors used to decode 0 and 1 marked as D 0 and D 1 respectively, Bob also has a detector D t . In order to reduce the influence of the secret number, a time is often added to each detector during the password generation process. Window, the detector can effectively detect the incoming signal pulses within the window, and the detector cannot obtain effective pulses outside the window. Experimentally, the time window is realized by opening and closing the detector. Suppose D t has the same detection efficiency as D 0 and D 1 but has a time window large enough to ensure that all signals that can be detected by D 0 and D 1 can also be detected by D t . The detection efficiencies of D 0 and D 1 are denoted by η and that of D t is η t , η t =η if there is no detector side-channel attack. Once the detector side channel attack occurs, it can be found that η t > η, Therefore, the amount of information obtained by Eve during the detector side channel attack can be effectively estimated:

理论分析如下:The theoretical analysis is as follows:

定理1:探测器侧信道的攻击可以成功地进行,当且仅当Eve获得的Alice的比特值相对于Bob的测量结果是部分或完全确定。Theorem 1: The detector side-channel attack can be successfully carried out if and only if Alice's bit value obtained by Eve is partially or completely determined relative to Bob's measurement result.

Eve与光子B相互作用以获得Alice给光子B的态,在Bob测量过接收到的光子之后,他和Alice宣布他们的基矢选择。Eve状态的熵减少会使Eve从Alice获得信息被限制。Eve interacts with photon B to obtain the state Alice gave to photon B, and after Bob has measured the received photon, he and Alice announce their basis vector choice. The entropy reduction of Eve's state will limit the information Eve can obtain from Alice.

IE=Ha priori-Ha posteriori (7)I E =H a priori -H a posteriori (7)

在探测器侧信道的攻击下,Eve的任务是消除Alice态的不确定性,虽然Bob的探测器存在各种缺陷,但假设没有多余的信息从他的实验室泄露是必要的。否则,量子密码分配的安全性不能保证,这说明Eve应该是从探测器间接地窃取信息的。如果Alice对光子B的态制备相同,则Ha priori=1。Under the attack of the detector side channel, Eve's task is to eliminate the uncertainty of Alice's state. Although Bob's detector has various flaws, it is necessary to assume that no redundant information leaks from his laboratory. Otherwise, the security of quantum cryptography distribution cannot be guaranteed, which means that Eve should steal information from the detector indirectly. If Alice's state preparation for photon B is the same, H a priori =1.

考虑到Ha posteriori=∑rP(r)H(i|r),用P(r)代表Bob得到测量结果为r的概率,H(i|r)表示测量结果为r时Alice的量子态为i的概率。理想情况下,Bob的测量结果应均匀地分布为0和1。如果Eve不与光子B相互作用,那么在Bob宣布他的基选择之后则Ha posteriori=1,因此IE=0,Eve也不能从Alice那边窃取到任何信息。为了满足IE>0,Ha posterior<1必须满足,又因为必须在任何时候满足∑rP(r)=1,那么Eve就得不到H(i|r)=1,这表示Eve在Bob获取测量结果r的条件下对Alice的量子态i的信息部分或完全确定。Considering H a posteriori = ∑ r P(r)H(i|r), let P(r) represent the probability that Bob obtains the measurement result of r, and H(i|r) represents the quantum state of Alice when the measurement result is r is the probability of i. Ideally, Bob's measurements should be evenly distributed between 0s and 1s. If Eve does not interact with photon B, then H a posteriori = 1 after Bob announces his base choice, so I E = 0, and Eve cannot steal any information from Alice. In order to satisfy I E >0, H a posterior <1 must be satisfied, and because ∑ r P(r)=1 must be satisfied at any time, then Eve cannot get H(i|r)=1, which means that Eve is Under the condition that Bob obtains the measurement result r, the information of Alice's quantum state i is partially or completely determined.

因此如果探测器侧信道攻击能够得到顺利地实施,Eve必须控制探测器D0和D1产生探测效率差,这个效率差是随机的而且从时间平均来看是无法被Bob发现的。但是这个效率差可以通过η/ηt估计出来并体现在上,因此可以用来估计Eve在探测器侧信道攻击中所获取的信息量。Therefore, if the detector side-channel attack can be successfully implemented, Eve must control the detectors D 0 and D 1 to produce a detection efficiency difference, which is random and cannot be discovered by Bob from the time average. But this efficiency difference can be estimated by η/η t and reflected in Therefore, it can be used to estimate the amount of information obtained by Eve in the detector side channel attack.

以上给出了本发明涉及的具体实施方式,但本发明不局限于所描述的实施方式。在本发明给出的思路下,采用对本领域技术人员而言容易想到的方式对上述实施例中的技术手段进行变换、替换、修改,并且起到的作用与本发明中的相应技术手段基本相同、实现的发明目的也基本相同,这样形成的技术方案是对上述实施例进行微调形成的,这种技术方案仍落入本发明的保护范围内。The specific embodiments related to the present invention are given above, but the present invention is not limited to the described embodiments. Under the idea given by the present invention, the technical means in the above-mentioned embodiments are transformed, replaced, and modified in ways that are easy for those skilled in the art, and the functions played are basically the same as those of the corresponding technical means in the present invention. 1. The purpose of the invention realized is also basically the same, and the technical solution formed in this way is formed by fine-tuning the above-mentioned embodiments, and this technical solution still falls within the protection scope of the present invention.

Claims (5)

1. for preventing the quantum key distribution method of detector side channel attack, which is characterized in that steps are as follows:
Step 1: transmitting terminal A selects an information embedded mode at random, random 0 or 1 are incorporated into the quantum state of photon, issues and connects Receiving end B;
Step 2: both of which is arranged in receiving end B:Signal mode and test pattern;Receiving end B is randomly choosed wherein according to probability One mode;In the signal mode, it randomly chooses an information reading manner and reads photon carries 0 or 1;When receiving end B is selected When selecting signal mode, transmitting terminal A and receiving end B announce their information insertion and reading manner by common signal channel, by information Those of consistent with the reading manner bit of embedded mode is as cipher bits;In test pattern, specific information reading side is selected Formula carries out Bell test;When receiving end B selects test pattern, transmitting terminal A and receiving end B calculate S by common signal channelCHSH's Value come announce they base lose selection and measurement result;
Step 3: transmitting terminal A and receiving end B carry out error correcting and privacy amplification to cipher bits after password distribution, it is used for Generate security password;The SCHSHValue for carrying out privacy amplification.
2. according to claim 1 for preventing the quantum key distribution method of detector side channel attack, feature exists In the information embedded mode of the transmitting terminal A includes oblique line baseWith straight line baseUnder signal mode, receiving end B basic vector existsWithMiddle random selection.
3. according to claim 2 for preventing the quantum key distribution method of detector side channel attack, feature exists In under test pattern, receiving end B basic vector existsWithMiddle random selection;SCHSH≡< A1B1+A1B2+A2B1-A2B2>。
4. according to claim 3 for preventing the quantum key distribution method of detector side channel attack, feature exists In the upper limit of the information content of labeled receiving end B is estimated by following formula:
Wherein H2(x)=- xlog2x-(1-x)log2(1-x) is binary information entropy.
5. according to claim 1 for preventing the quantum key distribution side of detector side channel attack described in any one of -4 Method, which is characterized in that receiving end B is respectively labeled as D in addition to being used to decode 0 and 1 detector0And D1, also there is a detector Dt;A time window is arranged in each detector, and detector can effectively detect the signal pulse of entrance in window, in window Mouth external detector cannot obtain effective pulse;D0And D1Detection efficient be labeled as η, and DtDetection efficient be ηt, compare η And ηt, work as ηtWhen > η, detector side channel attack is judged.
CN201610528535.5A 2016-07-06 2016-07-06 For preventing the quantum key distribution method of detector side channel attack Active CN105959113B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610528535.5A CN105959113B (en) 2016-07-06 2016-07-06 For preventing the quantum key distribution method of detector side channel attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610528535.5A CN105959113B (en) 2016-07-06 2016-07-06 For preventing the quantum key distribution method of detector side channel attack

Publications (2)

Publication Number Publication Date
CN105959113A CN105959113A (en) 2016-09-21
CN105959113B true CN105959113B (en) 2018-11-30

Family

ID=56899582

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610528535.5A Active CN105959113B (en) 2016-07-06 2016-07-06 For preventing the quantum key distribution method of detector side channel attack

Country Status (1)

Country Link
CN (1) CN105959113B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11334667B1 (en) 2020-01-17 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US11336462B1 (en) 2019-09-10 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11366897B1 (en) 2020-01-17 2022-06-21 Wells Fargo Bank, N.A. Systems and methods for layered quantum computing detection
US12126713B1 (en) 2020-01-17 2024-10-22 Wells Fargo Bank, N.A. Systems and methods for quantum computing threat detection

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528686B (en) * 2017-08-30 2019-11-22 洛阳师范学院 A method for generating device-independent quantum cryptography based on a practical detection system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1929372A (en) * 2006-09-22 2007-03-14 西南大学 Highly effective quantum key distribution method
GB2430123A (en) * 2005-09-09 2007-03-14 Toshiba Res Europ Ltd A quantum communication system
GB2441364A (en) * 2006-08-31 2008-03-05 Toshiba Res Europ Ltd A quantum communication system which selects different protocols on the basis of security
CN103199994A (en) * 2013-02-19 2013-07-10 华南师范大学 Active phase compensation method and device of joint scan
CN105049200A (en) * 2015-08-14 2015-11-11 清华大学 Data post-processing method of quantum key distribution system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2430123A (en) * 2005-09-09 2007-03-14 Toshiba Res Europ Ltd A quantum communication system
GB2441364A (en) * 2006-08-31 2008-03-05 Toshiba Res Europ Ltd A quantum communication system which selects different protocols on the basis of security
CN1929372A (en) * 2006-09-22 2007-03-14 西南大学 Highly effective quantum key distribution method
CN103199994A (en) * 2013-02-19 2013-07-10 华南师范大学 Active phase compensation method and device of joint scan
CN105049200A (en) * 2015-08-14 2015-11-11 清华大学 Data post-processing method of quantum key distribution system

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
"Biased Random Number Generator Based on Bell’s Theorem";谭勇刚等;《Chinese Physics Letters》;20160315;第33卷(第3期);正文第9-12页 *
"CRYPTOGRAPHY FROM QUANTUM MECHANICAL VIEWPOINT";Minal Lopes等;《International Journal on Cryptography and Information Security (IJCIS)》;20140630;第4卷(第2期);正文第13-23页 *
"Quantum key distribution series network protocol with M-classical Bobs";张现周等;《Chinese Physics B》;20090516;第18卷(第6期);正文第2143-2148页 *
"Side-channel-free quantum key distribution";Samuel L. Braunstein等;《PHYSICAL REVIEW LETTERS》;20120330;正文第1-4页 *
"The Essence of More Nonlocality with Less Entanglement in Bell Tests";谭勇刚等;《Communications in Theoretical Physics》;20140101(第1期);正文第40-44页 *
"一种新型基于完全Bell测量的量子密钥分配协议";李恕海等;《中国密码学会2007年年会》;20071019;正文第257-263页 *
Mario Stipčević."Preventing detector blinding attack and other random number generator attacks on quantum cryptography by use of an explicit random number generator".《ResearchGate》.2014,正文第1-3页. *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11336462B1 (en) 2019-09-10 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11736302B1 (en) 2019-09-10 2023-08-22 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11736303B1 (en) 2019-09-10 2023-08-22 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US12069186B2 (en) 2019-09-10 2024-08-20 Wells Fargo Bank, N.A. Systems and methods for post-quantum cryptography optimization
US11334667B1 (en) 2020-01-17 2022-05-17 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US11366897B1 (en) 2020-01-17 2022-06-21 Wells Fargo Bank, N.A. Systems and methods for layered quantum computing detection
US11914707B1 (en) 2020-01-17 2024-02-27 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection
US12126713B1 (en) 2020-01-17 2024-10-22 Wells Fargo Bank, N.A. Systems and methods for quantum computing threat detection
US12248568B2 (en) 2020-01-17 2025-03-11 Wells Fargo Bank, N.A. Systems and methods for disparate quantum computing threat detection

Also Published As

Publication number Publication date
CN105959113A (en) 2016-09-21

Similar Documents

Publication Publication Date Title
CN105959113B (en) For preventing the quantum key distribution method of detector side channel attack
CN106411521B (en) Identity authentication method, device and system for quantum key distribution process
CN109194479B (en) Measuring equipment-independent quantum key distribution method based on single photon multiple degrees of freedom
US10848303B2 (en) Methods and apparatuses for authentication in quantum key distribution and/or quantum data communication
US9306739B1 (en) Quantum key distribution protocol process
AU2016220364B2 (en) Method, apparatus, and system for identity authentication
KR102063031B1 (en) Apparatus and method for quantum direct communication using single qubits
CN105210314B (en) Method for handling double-tap events in quantum key distribution system to ensure security
US8995650B2 (en) Two non-orthogonal states quantum cryptography method and apparatus with intra- and inter-qubit interference for eavesdropper detection
CN114448621B (en) Multi-party double-field quantum key distribution protocol implementation method and system
KR20170078728A (en) Method, apparatus, and system for quantum key distribution, privacy amplification, and data transmission
CN111092664B (en) Channel capacity increasing method for quantum secure communication irrelevant to measuring equipment
Niemiec et al. The measure of security in quantum cryptography
CN111245608A (en) Device-independent quantum key distribution method based on single photon with three degrees of freedom
JP7440108B2 (en) Method and system for quantum key distribution
US20230370494A1 (en) Quantum secure direct communication with mutual authentication via rotation of an arbitrary basis
RU2730554C1 (en) Method of detecting an attack on quantum states in a quantum communication channel
CN107070643B (en) Quantum key distribution device and method
CN105049200B (en) The data post processing method of quantum key distribution system
Li et al. The improvement of QKD scheme based on BB84 protocol
CN117692068A (en) Quantum key distribution method and device
Lizama et al. Enhancing quantum key distribution (QKD) to address quantum hacking
KR20230030758A (en) Method for Communication Using Quantum Cryptography and Network for the Same
Hassan et al. Improving BB84 Efficiency with Delayed Measurement via Quantum Memory
Kuhn Vulnerabilities in Quantum Key Distribution Protocols

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240201

Address after: 1003, 1st Floor, Building 7, No. 2 Wanhong West Street, West Eight Rooms, Dongzhimenwai, Chaoyang District, Beijing, 100015

Patentee after: Regular Quantum (Beijing) Technology Co.,Ltd.

Country or region after: China

Address before: No. 71 Longmen Road, High tech Development Zone, Luoyang City, Henan Province, 471022

Patentee before: LUOYANG NORMAL University

Country or region before: China

TR01 Transfer of patent right