Search

CN-122001578-A - Quantum cryptography system, terminal and method based on dynamic public key and synchronous dynamic private key library of quantum random number

CN122001578ACN 122001578 ACN122001578 ACN 122001578ACN-122001578-A

Abstract

The invention discloses a quantum cryptography system, a terminal and a method based on a dynamic public key of a quantum random number and a synchronous dynamic private key library, comprising at least one terminal and at least one server, wherein each terminal is associated with a terminal exclusive entropy library partition, initial copies of the partition are respectively stored in the terminal local and the server, the terminal comprises a quantum random number generator which is used for outputting the quantum random number in one measurement event and deriving a homologous parameter set which at least comprises a positioning seed and an evolution operation code from the quantum random number, the homology means that each parameter in the parameter set is determined by entropy generated by the same quantum random event, and the system realizes that two communication parties independently calculate a session key based on a shared entropy library, and the session key is never transmitted, thereby achieving one-time and one-time anti-quantum computation safety.

Inventors

  • TONG YINGWEI

Assignees

  • 安徽云玺量子科技有限公司
  • 童迎伟

Dates

Publication Date
20260508
Application Date
20260306

Claims (20)

  1. 1. A quantum cryptography system based on a dynamic public key and a synchronous dynamic private key library of a quantum random number, comprising: At least one terminal and at least one server; Each terminal is associated with a terminal exclusive entropy library partition, and initial copies of the partition are respectively stored in a terminal local area and the server; the terminal comprises a quantum random number generator, a positioning seed and an evolution operation code, wherein the quantum random number generator is used for outputting a quantum random number in one measurement event, and deriving a homologous parameter set at least comprising the positioning seed and the evolution operation code from the quantum random number, wherein the homology means that each parameter in the parameter set is determined by entropy generated by the same quantum random event; The system is configured to: the terminal calculates a quantum dynamic public key of the session and integrally transmits the quantum dynamic public key to the server through a secure channel, wherein the quantum dynamic public key at least comprises the positioning seed and the evolution operation code; After the server receives and decrypts the quantum dynamic public key, determining a target entropy section from the exclusive entropy library partition corresponding to the terminal based on the positioning seed; the server carries out first cryptographic transformation on the target entropy section based on the evolution operation code, and independently calculates a session key of the current session; The terminal performs first cryptographic transformation identical to the server based on the target entropy section and the evolution operation code which are stored locally, and independently calculates the identical session key; The terminal and the server perform encrypted communication using the same session key calculated independently of each other.
  2. 2. The system of claim 1, wherein the quantum dynamic public key further comprises a public key verification value calculated based on the positioning seed and an evolving opcode; And after receiving and decrypting the quantum dynamic public key, the server verifies the integrity of the positioning seed and the evolution operation code based on a public key verification value.
  3. 3. The system of claim 2, wherein the public key verification value is a hash value of the location seed and the evolved opcode, or, The public key verification value is a message authentication code based on the location seed and the evolved opcode, or, The public key verification value is a digital signature based on the location seed and the evolved opcode, or, The public key verification value is an authentication tag generated by an authentication encryption algorithm, and the authentication tag is used for verifying the integrity of ciphertext comprising the positioning seed and the evolution operation code.
  4. 4. The system of claim 1, wherein the quantum dynamic public key further comprises a second evolving opcode, the system further configured to perform a second cryptographic transformation on the target entropy segment based on the second evolving opcode, obtain a new entropy segment, and update its stored corresponding portion in the terminal-specific entropy library partition.
  5. 5. The system of claim 4, wherein the second cryptographic transformation uses the same evolutionary opcode as the first cryptographic transformation.
  6. 6. The system of claim 4, wherein the second cryptographic transformation is configured such that the target entropy segment cannot be computationally feasible recovered from the new entropy segment, and the second cryptographic transformation is expandable to transform the entirety of the terminal-specific entropy library partition such that the entire partition is updated synchronously after one communication.
  7. 7. The system of claim 6, wherein the second cryptographic transformation is a cryptographic hash function or is an encryption operation with the evolving opcode as a key and the key of the encryption operation is not disclosed.
  8. 8. The system of claim 1, wherein the positioning seed and the evolutionary operation code are derived from different, non-overlapping portions of a single random number output from the one measurement event or from successive random number sequences output from the one measurement event, respectively, the successive random number sequences originating from the same measurement event or calculated from the random number by a key derivation function.
  9. 9. The system of claim 1, wherein the terminal further comprises a physical unclonable function, the access to the terminal-specific entropy library partition being bound to a fingerprint output by the physical unclonable function.
  10. 10. The system of claim 1, wherein the terminal further comprises a biometric processing module for acquiring a living organism biometric and generating an authorization token, the activation of the quantum random number generator being dependent on the authorization token.
  11. 11. The system of claim 3, wherein the system is further configured to perform a state consistency check and recovery protocol comprising: When detecting that the partition states of the entropy library stored by the terminal and the server are inconsistent, the terminal provides Merkle root hash values of the latest N evolution logs for the server as a proof, the server locates a bifurcation point and sends an evolution instruction, and the terminal recalculates and updates to the latest state.
  12. 12. A system according to claim 3, wherein the terminal sends an acknowledgement message to the server after updating its local store.
  13. 13. The system of claim 2, wherein the secure channel comprises pre-shared key encryption, post quantum cryptography encapsulation, physical isolation channels, or a combination thereof, the secure channel providing confidentiality and integrity protection of the location seed and evolved opcode to replace or supplement an integrity verification function of the public key verification value.
  14. 14. A terminal for use in the system of any of claims 1-13, comprising: a quantum random number generator for outputting a quantum random number in one measurement event; the terminal processing module is configured to derive at least a positioning seed and an evolution operation code from the quantum random number, construct a quantum dynamic public key at least comprising the positioning seed and the evolution operation code, send the quantum dynamic public key to a server through a secure channel, independently calculate a session key based on a locally stored target entropy segment and the evolution operation code, and receive state update information to update a local entropy library partition; the terminal safety storage module is used for storing local copies of the terminal exclusive entropy library partitions; And the terminal communication module is used for carrying out data interaction with the server.
  15. 15. The terminal of claim 14, wherein the quantum dynamic public key further comprises a public key verification value calculated based on the positioning seed and an evolved opcode.
  16. 16. The terminal of claim 15, wherein the terminal processing module is further configured to calculate the respective verification value according to different implementations of the public key verification value, the public key verification value comprising a hash value, a message authentication code, a digital signature, or an authentication encryption tag.
  17. 17. The terminal of claim 15, further comprising a hardware isolation chip, the chip comprising: a quantum entropy source domain comprising the quantum random number generator; A physical identity domain comprising a physical unclonable function; The secure storage computing domain comprises the terminal secure storage module and the terminal processing module; A biological feature processing domain for collecting biological features of a living body and generating an authorization token; Wherein the domains are isolated by a hardware firewall, and the data flow is defined as one-way transmission of authorization tokens from the biometric processing domain to the sub-entropy source domain, one-way transmission of quantum random numbers from the quantum entropy source domain to the secure storage computing domain, and one-way transmission of PUF responses from the physical identity domain to the secure storage computing domain.
  18. 18. The key negotiation method of the dynamic public key and the synchronous dynamic private key library based on the quantum random numbers is characterized by being cooperatively executed by a terminal and a server and comprises the following steps of: The terminal outputs a random number in a measuring event of a primary quantum random number generator, and derives at least a positioning seed and an evolution operation code from the random number; the terminal calculates a quantum dynamic public key of the session and integrally transmits the quantum dynamic public key to the server through a secure channel, wherein the quantum dynamic public key at least comprises the positioning seed and the evolution operation code; After receiving and decrypting the quantum dynamic public key, the server determines a target entropy section from the exclusive entropy library partition corresponding to the terminal based on the positioning seed; The server carries out first cryptographic transformation on the target entropy section based on the evolution operation code, and independently calculates a session key of the current session; the terminal performs first cryptographic transformation identical to the server based on the target entropy section and the evolution operation code which are stored locally, and independently calculates the same session key; The terminal and the server perform encrypted communication using the same session key calculated independently of each other.
  19. 19. The method of claim 18, wherein the quantum dynamic public key further comprises a public key verification value calculated based on the positioning seed and an evolved opcode; And after receiving and decrypting the quantum dynamic public key, the server verifies the integrity of the positioning seed and the evolution operation code based on a public key verification value.
  20. 20. The method of claim 18, wherein the public key verification value is a hash value, a message authentication code, a digital signature, or an authentication encryption tag of the location seed and the evolved opcode.

Description

Quantum cryptography system, terminal and method based on dynamic public key and synchronous dynamic private key library of quantum random number Technical Field The invention relates to the fields of quantum information technology, cryptography and information security, in particular to a quantum cryptography system, a terminal and a method based on a dynamic public key of a quantum random number and a synchronous dynamic private key library. Background The existing public key cryptosystem (such as RSA and ECC) is based on mathematical problems and faces the fundamental threat of quantum computing (Shor algorithm). Although post quantum cryptography schemes are proposed, their security is still based on new mathematical assumptions and there are performance and standardization uncertainties. Quantum Key Distribution (QKD) can provide information-based security, but requires dedicated channels and devices, which are difficult to fuse with existing internet architectures. Traditional pre-shared key schemes are efficient but have a risk of leakage of static key material and lack forward security. Existing dynamic key agreement protocols (e.g., diffie-Hellman) require multiple rounds of interaction, are vulnerable to man-in-the-middle attacks, and the public key itself is static. All key negotiation schemes in the prior art need to transmit key materials or negotiation parameters on a channel, and risk of interception or cracking exists. Therefore, a new cryptographic paradigm is needed to dynamically evolve public keys and private keys, and the session keys themselves never transmit, so that each communication uses a unique key based on quantum physical events, and a one-time security level is achieved. Disclosure of Invention Based on the technical problems existing in the background technology, the invention provides a quantum cryptography system, a terminal and a method based on a dynamic public key and a synchronous dynamic private key library of a quantum random number, and the entropy generated by the same quantum physical event is simultaneously used for dynamic public key generation and private key state evolution (namely evolution operation code), so that the session key is independently calculated by both communication parties based on a shared entropy library, and the session key is never transmitted, thereby achieving one-time and one-time quantum computation security. The invention provides a quantum cryptography system based on a dynamic public key and a synchronous dynamic private key library of a quantum random number, which comprises: At least one terminal and at least one server; Each terminal is associated with a terminal exclusive entropy library partition, and initial copies of the partition are respectively stored in a terminal local area and the server; the terminal comprises a quantum random number generator, a positioning seed and an evolution operation code, wherein the quantum random number generator is used for outputting a quantum random number in one measurement event, and deriving a homologous parameter set at least comprising the positioning seed and the evolution operation code from the quantum random number, wherein the homology means that each parameter in the parameter set is determined by entropy generated by the same quantum random event; The system is configured to: the terminal calculates a quantum dynamic public key of the session and integrally transmits the quantum dynamic public key to the server through a secure channel, wherein the quantum dynamic public key at least comprises the positioning seed and the evolution operation code; After the server receives and decrypts the quantum dynamic public key, determining a target entropy section from the exclusive entropy library partition corresponding to the terminal based on the positioning seed; the server carries out first cryptographic transformation on the target entropy section based on the evolution operation code, and independently calculates a session key of the current session; The terminal performs first cryptographic transformation identical to the server based on the target entropy section and the evolution operation code which are stored locally, and independently calculates the identical session key; The terminal and the server perform encrypted communication using the same session key calculated independently of each other. Further, the quantum dynamic public key further comprises a public key verification value calculated based on the positioning seed and an evolution operation code; And after receiving and decrypting the quantum dynamic public key, the server verifies the integrity of the positioning seed and the evolution operation code based on a public key verification value. Further, the public key verification value is a hash value of the positioning seed and the evolution operation code, or, The public key verification value is a message authentication code based on the location seed and the evolv