低数据量环境下物联网密钥管理算法与方案设计

为了提高低数据量环境下物联网密钥的安全性与可靠性,需要对低数据量环境下物联网密钥管理算法以及密钥管理方案进行设计研究。使用当前管理算法对低数据量环境下物联网密钥进行管理时,在物联网网络节点增加到一定数量的情况下,无法保证低数据环境下物联网的安全性与可靠性。为此,提出一种基于LHKE的低数据量环境物联网密钥管理算法与方案设计方法。该算法是由当前算法为基础结合Qoskm算法优点形成的一种新的低数据量环境下物联网密钥算法,此算法将设立两个相同的低数据量密钥树,通过计算组播成员在物联网上的信任度与安全度,将信任度与安全度较高的组播成员放在一棵低数据量密钥树上,其他的组播成员放在另一棵低数据量密钥树上,再通过LHKE算法的初始化、子密钥生成和网络密钥生成三个阶段,对低数据量环境下物联网密钥进行管理。实验仿真证明,所提算法提高了低数据量环境下物联网密钥的安全性与可靠性。     

Decoy state quantum key distribution with finite resources

We apply the finite key analysis to the decoy state quantum key distribution scheme and obtain a practical key rate. By simulating an practical experiment setups and the Vacuum + Weak decoy state method, we show that both the key rate and maximal secure distance are reduced when the finite key analysis is considered.     

New Public-key Quantum Signature Scheme with Quantum One-Way Function

Based on the asymmetric quantum cryptosystem, a new public-key quantum signature scheme is proposed. In our scheme, the signer’s public key is derived from her public identity information, and the corresponding private key is generated by the trusted private key generator (PKG). Both of the public key and the private key are classical bit strings, so they are easily kept. It is very convenient for the key management of the quantum signature system. The signer signs a message with her private key, and the quantum signature can be publicly verified with the signer’s public key and the quantum one-way function. Both of the private key and public key can be reused. On the other hand, in the signing phase, the signer sends the message to PKG via a classical unencrypted channel, which can be used to authenticate the identity of the signer. The proposed scheme has the properties of completeness, information-theoretic security, non-repudiation and unforgeability. Its information-theoretic security is ensured by quantum indistinguishability mechanics. On the other hand, our scheme is more efficient than the similar schemes.

     

Novel Quantum Deterministic Key Distribution Protocols with Entangled States

By utilizing Bell states and GHZ states, two quantum deterministic key distribution (QDKD) protocols are presented to hand over the previously deterministic key to the intended receiver. The proposed QDKD protocols have two-way authentications, and then the eavesdropping and impersonation can be detected easily. The deterministic key itself is not transmitted over the channel and the receiver Bob infers his key in an indirect manner with the relationship between Alice’s messages and his own measurement results, which guarantees the security of the deterministic key. Different from the quantum key distribution protocols yielding random keys, the proposed QDKD protocols can distribute the pre-deterministic keys securely, which are of great significance in the filed of key management.     

基于微弱相干脉冲稳定差分相位量子密钥分发

基于差分相位量子密钥分发协议，对微弱相干光脉冲相位差进行编码，在接收端采用Faraday-Michelson系统进行解码.这种量子密钥分发系统具有密钥生成效率高、接收端干涉稳定性好、极限传输距离长等优点，同时还具有光路结构简单、易于在现有的技术条件下实现等特点，特别适用于远程光纤量子密钥分发.在实验系统中利用嵌入式微处理系统来控制量子密钥分发过程，进行了76 km的稳定光纤量子密钥分发实验，其原始密钥的误码率为5.3%. 关键词： 分相位 量子密钥分发 安全性 稳定性     

A Multi-party Quantum Key Agreement Protocol Based on Shamir’s Secret Sharing

Quantum networks can extend the advantages of quantum key distribution protocols to more than two remote participants. Based on Shamir threshold secret sharing scheme, a new quantum key agreement protocol on a quantum network with any number of participants is proposed. First, each participant and distributor negotiate a sub-secret key using a kind of quantum key distribution protocol, and then each of these participants, as distributor, shares these sub-secret keys with other participants using Shamir threshold secret sharing scheme. Furthermore, each participant combines all these shared sub-secret keys and his own sub-secret key in sequence to form secret key, and sends the hash function values of this secret key to the master distributor to authenticate, finally they obtain the security key. Our scheme is practical and secure, and it can also prevent fraudulent from participants.

     

基于光纤的量子密钥分配系统研究和协议仿真

研究了适合光纤传输的量子密钥分配系统和量子密钥分配协议.通过研究适合光纤传输的量子信号的编码和解码,研究了基于光纤的量子密钥分配系统与协议,给出相位调制量子密钥系统的光路图;在计算机上编制相应的程序,验证了相位调制的量子密钥分配协议的分配过程,并就窃听对量子误码率的影响进行了分析.结果表明,仿真结果与理论分析完全一致.     

A novel image encryption scheme based on improved hyperchaotic sequences

This paper proposes a novel image encryption scheme based on the improved hyperchaotic sequences. Firstly, the hyperchaotic sequences are modified to generate chaotic key stream that is more suitable for image encryption. Secondly, the final encryption key stream is generated by correlating the chaotic key stream and plaintext which result in both key sensitivity and plaintext sensitivity. The scheme can achieve high key sensitivity and high plaintext sensitivity through only two rounds diffusion operation. The performance test and security analysis has been performed using the histograms, correlation coefficients, information entropy, peak signal-to-noise ratio, key sensitivity analysis, differential analysis, key space analysis, decryption quality and speed analysis. Results suggest that the proposed image encryption scheme is secure and reliable, with high potential to be adopted for the secure image communication applications.     

预报单光子源诱骗态量子密钥产生率及数值计算

独立推导预报单光子源诱骗态量子密钥分发的密钥产生率计算公式,讨论密钥产生率和发送端探测效率的关系;进行弱相干光和预报单光子源诱骗态量子密钥分发的最优强度估计和密钥产生率数值计算.结果表明,预报单光子源诱骗态量子密钥分发的密钥产生率随着发送端探测效率的增加而增加,其安全通信距离与完美单光子源的通信距离一致;诱骗态量子密钥分发可提高安全通信距离和密钥产生率;预报单光子源由于减少了暗计数的影响,进一步提高了安全通信距离.     

Lower bound for the security of differential phase shift quantum key distribution against a one-pulse-attack

Quantum key distribution is the art of sharing secret keys between two distant parties, and has attracted a lot of attention due to its unconditional security. Compared with other quantum key distribution protocols, the differential phase shift quantum key distribution protocol has higher efficiency and simpler apparatus. Unfortunately, the unconditional security of differential phase shift quantum key distribution has not been proved. Utilizing the sharp continuity of the von Neuman entropy and some basic inequalities, we estimate the upper bound for the eavesdropper Eve's information. We then prove the lower bound for the security of the differential phase shift quantum key distribution protocol against a one-pulse attack with Devatak-Winter's secret key rate formula.     

Intelligent Reflecting Surface Assisted Multi-User Robust Secret Key Generation for Low-Entropy Environments

Channel secret key generation (CSKG), assisted by the new material intelligent reflecting surface (IRS), has become a new research hotspot recently. In this paper, the key extraction method in the IRS-aided low-entropy communication scenario with adjacent multi-users is investigated. Aiming at the problem of low key generation efficiency due to the high similarity of channels between users, we propose a joint user allocation and IRS reflection parameter adjustment scheme, while the reliability of information exchange during the key generation process is also considered. Specifically, the relevant key capability expressions of the IRS-aided communication system is analyzed. Then, we study how to adjust the IRS reflection matrix and allocate the corresponding users to minimize the similarity of different channels and ensure the robustness of key generation. The simulation results show that the proposed scheme can bring higher gains to the performance of key generation.     

Novel Multi-Party Quantum Key Agreement Protocol with G-Like States and Bell States

A significant aspect of quantum cryptography is quantum key agreement (QKA), which ensures the security of key agreement protocols by quantum information theory. The fairness of an absolute security multi-party quantum key agreement (MQKA) protocol demands that all participants can affect the protocol result equally so as to establish a shared key and that nobody can determine the shared key by himself/herself. We found that it is difficult for the existing multi-party quantum key agreement protocol to withstand the collusion attacks. Put differently, it is possible for several cooperated and untruthful participants to determine the final key without being detected. To address this issue, based on the entanglement swapping between G-like state and Bell states, a new multi-party quantum key agreement protocol is put forward. The proposed protocol makes full use of EPR pairs as quantum resources, and adopts Bell measurement and unitary operation to share a secret key. Besides, the proposed protocol is fair, secure and efficient without involving a third party quantum center. It demonstrates that the protocol is capable of protecting users’ privacy and meeting the requirement of fairness. Moreover, it is feasible to carry out the protocol with existing technologies.     

Semi-Quantum Key Distribution Protocols with GHZ States

With the development of information security, quantum key distribution (QKD) has attracted much attention. Because of the lower requirement on quantum capability, more attention is paid to semi-quantum key distribution (SQKD). Two semi-quantum key distribution protocols based on GHZ states are proposed. The first protocol can achieve quantum key distribution between one classical party and one quantum party by cooperating with a third party with a strong quantum capability. Under the same conditions, the second one can achieve quantum key distribution between two classical parties. And the proposed semi-quantum key distribution protocols are free from some common attacks. It is significant for communication party without enough quantum devices to achieve quantum communication.     

Efficient quantum key distribution with trines of reference-frame-free qubits

We propose a rotationally-invariant quantum key distribution scheme that uses a pair of orthogonal qubit trines, realized as mixed states of three physical qubits. The measurement outcomes do not depend on how Alice and Bob choose their individual reference frames. The efficient key generation by two-way communication produces two independent raw keys, a bit key and a trit key. For a noiseless channel, Alice and Bob get a total of 0.573 key bits per trine state sent (98% of the Shannon limit). This exceeds by a considerable amount the yield of standard trine schemes, which ideally attain half a key bit per trine state. Eavesdropping introduces an ?-fraction of unbiased noise, ensured by twirling if necessary. The security analysis reveals an asymmetry in Eve's conditioned ancillas for Alice and Bob resulting from their inequivalent roles in the key generation. Upon simplifying the analysis by a plausible symmetry assumption, we find that a secret key can be generated if the noise is below the threshold set by ?=0.197.     

A New Secure Quantum Key Expansion Scheme

A new quantum key expansion scheme is proposed. The protocol of quantum key expansion proposed by Hwang is analyzed and the eavesdropping scheme is presented. We found that the using of the basis sequence shared by communicating parties is the weakness of the protocol. Hence we propose a ‘purification attack’ for the eavesdropper to steal partial information of the raw key and the new key between communicating parties. In view of this defect, we propose a new protocol of quantum key expansion, where the shared key is encrypted into a sequence of unitary operators which can be used securely against the presented attack.     

Impossibility of growing quantum bit commitments

Quantum key distribution (QKD) is often, more correctly, called key growing. Given a short key as a seed, QKD enables two parties, connected by an insecure quantum channel, to generate a secret key of arbitrary length. Conversely, no key agreement is possible without access to an initial key. Here, we consider another fundamental cryptographic task, commitments. While, similar to key agreement, commitments cannot be realized from scratch, we ask whether they may be grown. That is, given the ability to commit to a fixed number of bits, is there a way to augment this to commitments to strings of arbitrary length? Using recently developed information-theoretic techniques, we answer this question in the negative.     

Checking key integrity efficiently for high-speed quantum key distribution using combinatorial group testing

With the increasing key generation rate in practical quantum key distribution, checking key integrity efficiently becomes an important problem. Since the original method that utilizes one hash value for a key string has to discard all the key bits even if just one error bit exists, it may eventually limit the practical rate of key generation. In this paper, we propose a new scheme based on combinatorial group testing to identify the rare error bits so as to avoid dropping all the key bits. Experimental results show that the scheme can precisely locate the error bits if the number of error bits is within the maximum guaranteed number set by the scheme while the overhead is insignificant (for a 10⁶-bit key, additional bits: 0.1% of the key; hashing time: 16 ms; checking time: 22 ms) and it can still keep the majority of the correct bits (95%) even if the number of error bits is 10 times of the maximum. The results also indicate that the minimum key size for the CGT-based scheme to gain an advantage over the original method is about 2 × 10⁴ bits.     

奇相干光源的测量设备无关量子密钥分配研究

刻画了奇相干光源的光子数分布特征,研究了奇相干光源下诱骗态测量设备无关量子密钥分配系统的密钥生成率与安全传输距离的关系,推导了奇相干光源下的计数率下界和误码率上界.仿真结果表明,奇相干光源光子数分布中多光子脉冲的比例低于弱相干光,可以有效提高诱骗态测量设备无关密钥分配系统的最大安全通信距离,为实用的量子密钥分配实验提供了重要的理论参数.     

DDKA-QKDN: Dynamic On-Demand Key Allocation Scheme for Quantum Internet of Things Secured by QKD Network

In the era of the interconnection of all things, the security of the Internet of Things (IoT) has become a new challenge. The theoretical basis of unconditional security can be guaranteed by using quantum keys, which can form a QKD network-based security protection system of quantum Internet of Things (Q-IoT). However, due to the low generation rate of the quantum keys, the lack of a reasonable key allocation scheme can reduce the overall service quality. Therefore, this paper proposes a dynamic on-demand key allocation scheme, named DDKA-QKDN, to better meet the requirements of lightweight in the application scenario of Q-IoT and make efficient use of quantum key resources. Taking the two processes of the quantum key pool (QKP) key allocation and the QKP key supplement into account, the scheme dynamically allocates quantum keys and supplements the QKP on demand, which quantitatively weighs the quantum key quantity and security requirements of key requests in proportion. The simulation results show that the system efficiency and the ability of QKP to provide key request services are significantly improved by this scheme.     

基于公匙密匙分配体制的光学加密系统

针对光学变换加密系统的密匙安全管理和分发问题,提出了基于公匙密匙分配体制和光学变换的混合加密系统.首先利用光学加密系统对原始图像进行加密,然后对光学加密系统的工作密匙进行压缩,最后利用公匙密匙分配体制对压缩后的密匙进行分配和管理.解密时,接收方不需要等待,就可以预先利用公匙密匙分配体制获得解密密匙.理论分析和仿真实验表明,该方法不仅充分利用了光学变换加密系统具有多重密匙的特点,解决了密匙的安全分配和管理问题,而且突出了混合加密系统的速度优势.