CN-122027142-A - Ultra-high-speed safe storage and post quantum key management method of space-based computing platform

Abstract

The invention discloses a super-high-speed safe storage and post quantum key management method of a space-based computing platform, and relates to the technical field of space-based information security. Aiming at the problems of weak quantum resistance, unmatched encryption and storage rate, low key management reliability, poor space environment adaptability and the like of the existing space-based storage, a three-layer decoupling architecture of a satellite-borne safe storage layer, a space-ground cooperative key management layer and a space-based computing application layer is constructed, high-speed encryption storage is realized by adopting the special ASIC hardware acceleration of PQC, key distribution and self-healing are carried out by fusing QKD and PQC, and the stable operation on the track is ensured by adopting the anti-radiation reinforcement design. The method can effectively resist quantum attack, meet the GB/s-level high-speed storage requirement, realize key low-delay negotiation and second-level self-healing, remarkably improve the safety, efficiency and reliability of the system, and is suitable for space-based computing scenes such as remote sensing, navigation and satellite communication.

Inventors

• SHI TIANXIANG
• LI JIANGLONG

Assignees

• 上海伊世智能科技有限公司

Dates

Publication Date

20260512

Application Date

20260324

Claims (8)

1. 1. The ultra-high-speed safe storage and post quantum key management method of the space-based computing platform is characterized by comprising the following steps of: S1, constructing a space environment constraint, ultra-high speed storage and low delay requirement based on a space environment constraint and ultra-high speed storage of a space-based computing platform, wherein the three-layer decoupling architecture comprises a space-borne safe storage layer, a space-based collaborative key management layer and a space-based computing application layer; S2, the space-borne safe storage layer adopts an anti-irradiation high-speed storage medium, integrates a special ASIC chip of the PQC, and realizes real-time encryption storage of data through a super-high-speed encryption engine; s3, generating a key by combining a Quantum Random Number Generator (QRNG) by adopting a QKD and PQC double-chain fusion distribution strategy by a heaven-earth cooperative key management layer; S4, enabling the space-based computing application layer to realize seamless access of the application through the PQC secure SDK, and adopting a zero trust architecture, wherein all accesses are subjected to PQC identity authentication and ML-DSA signature verification; S5, guaranteeing stable operation of the satellite-borne equipment in the space environment through an anti-radiation reinforcement design and an on-orbit secret key self-healing mechanism, and completing ultra-high-speed safe storage and management of a post quantum secret key; And S6, debugging the cooperative operation effect of the three-layer decoupling architecture, and verifying the matching property of storage and encryption through a storage and encryption cooperative efficiency calculation formula.
2. 2. The method for ultra-high-speed safe storage and post quantum key management of a space-based computing platform according to claim 1, wherein in S1, a core parameter threshold of the space-based computing platform is first defined, and a space-borne storage read-write bandwidth is first defined PQC encryption or decryption throughput Inter-satellite key agreement delay Based on the threshold value, the function boundary of the three-layer decoupling architecture is divided, the space-borne security storage layer is responsible for data encryption and storage, the space-ground cooperative key management layer is responsible for key full life cycle management and control, the space-based computing application layer is responsible for application access and identity verification, the three-layer decoupling is communicated through a customized interface, and the decoupling independently operates.
3. 3. The ultra-high-speed secure storage and post quantum key management method of a space-based computing platform according to claim 2, wherein the step S2 specifically comprises the following steps: S21, setting a storage medium as a 5D crystal U disk or an anti-radiation high-speed flash memory array, and configuring ; S22, integrating the special ASIC chip of the PQC and setting the working frequency of the chip Parallelism of encryption The encryption capability is calculated by a PQC encryption throughput calculation formula, whether the threshold value of the PQC encryption or decryption throughput is met is judged, and the calculation formula is as follows: ; In the formula, The value range is set at 1024-8192bit; The value range is set at 1-2 GHz; Representing the PQC key length, wherein the ML-KEM key length is 2048 bits, and the ML-DSA key length is 256 bits; Representing encryption parallelism, wherein the value range is set to 8-16; S23, debugging the encryption engine to ensure encryption/decryption delay <1 s。
4. 4. The ultra-high-speed secure storage and post quantum key management method of a space-based computing platform according to claim 2, wherein the step S3 specifically comprises the following steps: s31, key generation, wherein a satellite-borne terminal generates a true random PQC key seed through a QRNG, a ground terminal generates a root key through a QKD and PQC mixed mode, and the generation rate of the satellite-ground QKD key is ensured ; S32, key distribution, namely distributing a root key by adopting a double-link strategy and distributing a session key by adopting a QKD link, and when the inter-satellite session key is negotiated, delaying the verification efficiency of a calculation formula by the inter-satellite key negotiation: ; In the formula, The value range is set to be 100-1000 km; Is the propagation speed of the signal between the satellites, takes the value of m/s; The execution time of the PQC key negotiation algorithm is 1-3 ms; The transmission error delay of the inter-satellite link is calculated to obtain the inter-satellite key negotiation delay, wherein the value of the transmission error delay is 0.5-1.5 ms Meets a threshold; S33, key rotation, and configuring rotation period according to task priority The value range is set to be 1 s-24 h.
5. 5. The method for ultra-high-speed secure storage and post quantum key management of a space-based computing platform according to claim 2, wherein in S4, the following operations are specifically performed: s41, calculating various application-integrated PQC (secure digital data Key) secure SDKs for the space base, and finishing seamless butt joint of the application and the three-layer architecture; S42, configuring a zero trust authentication mechanism, wherein all access requests carry ML-DSA signatures, verifying signature legality through a PQC algorithm, and simultaneously verifying a PQC identity credential of access equipment to ensure that only authorized equipment accesses stored data and keys; s43, monitoring the access request in real time, and rejecting the access which does not pass through the authentication equipment.
6. 6. The ultra-high-speed secure storage and post quantum key management method of a space-based computing platform according to claim 2, wherein the following operations are specifically executed in S5: S51, performing irradiation-resistant reinforcement on the storage medium, the PQC encryption engine and the safety element, and resisting irradiation redundancy coefficient Ensuring on-board storage Hours; S52, deploying a key self-healing mechanism, redistributing a root key through a ground QKD when a key pool is damaged, combining inter-satellite PQC key synchronization, and verifying a self-healing effect through a key self-healing success rate calculation formula: ; In the formula, The number of times the key pool is damaged; the total operation times of the key pool are; the value of the anti-radiation redundancy coefficient is 3; The judging standard of the key self-healing success rate is set as And finishing the self-healing of the smart key.
7. 7. The method for ultra-high-speed secure storage and post quantum key management of a space-based computing platform according to claim 2, wherein in S6, the following steps are specifically executed: S61, simulating a space-based calculation mass data processing scene, and calculating and testing the synergistic effect of the space-borne storage read-write bandwidth and the PQC encryption throughput through a synergistic efficiency formula: ; When the method is used, the cooperative requirement of the ultra-high-speed storage and encryption of the space-based calculation is judged to be met; S62, comprehensively testing the safety and reliability of the system, ensuring that the data safety validity period is more than or equal to 15 years, the usability of the key management system is more than or equal to 99.999%, and putting into actual operation after debugging is finished.
8. 8. The ultra-high-speed safe storage and post quantum key management method of a space-based computing platform as claimed in claim 2, wherein the space-based collaborative key management layer is responsible for managing and controlling the whole life cycle of the medium key, and specifically comprises a set key pool on a satellite, a pre-stored PQC key pair, and a support for millisecond key switching And configuring according to the task priority.

Description

Ultra-high-speed safe storage and post quantum key management method of space-based computing platform Technical Field The invention relates to the field of space-based computing platforms, in particular to a super-high-speed safe storage and post quantum key management method of a space-based computing platform. Background The space-based computing platform is an on-orbit computing and data processing system composed of satellites, constellations, satellite-ground links and a ground management and control center, is widely applied to the fields of remote sensing mapping, satellite navigation, space communication, edge computing and the like, and has the core requirement of realizing ultra-high-speed storage and safety protection of massive task data. With the rapid development of quantum computing technology, the traditional key management scheme based on public key cryptosystems such as RSA and ECC is easy to crack by quantum algorithms such as Shor algorithm and Grover algorithm, so that data stored by a space-based platform and keys transmitted between the space and the earth face serious quantum security threats. Meanwhile, the space-based computing platform is constrained by space environment, the space-based device needs to meet the characteristics of light weight, low power consumption and radiation resistance, data processing has the requirements of high concurrency, high bandwidth and low delay, the traditional ground safe storage and key management technology cannot adapt to the special requirements of the space-based scene, the conventional software encryption throughput is insufficient and cannot meet the requirement of ultra-high speed storage, the centralized key management depends on ground real-time management and control, and key failure can be caused when a satellite-ground link is interrupted, so that the normal operation of the platform is influenced. Under the existing conditions, the defects of missing quantum security resistance, mismatching of storage and encryption efficiency, poor adaptability of key management and insufficient adaptability to space environment exist. Therefore, there is a need to provide a method for ultra-high speed secure storage and post quantum key management of a space-based computing platform to solve the above-mentioned problems. Disclosure of Invention The invention aims to provide an ultra-high-speed safe storage and post quantum key management method of a space-based computing platform, which solves the defects of the prior art, meets the requirements of space-based GB/s level ultra-high-speed storage through the acceleration and storage cooperation of PQC hardware, realizes low-delay distribution and second level self-healing through space-based cooperative key management, ensures the long-term stable operation of space-borne equipment through anti-irradiation reinforcement design, improves the availability of a system, adapts to space-based scenes, and has the advantages of safety, efficiency, reliability and strong practicability. In order to achieve the above purpose, the invention provides a super-high-speed safe storage and post quantum key management method of a space-based computing platform, which comprises the following steps: S1, constructing a space environment constraint, ultra-high speed storage and low delay requirement based on a space environment constraint and ultra-high speed storage of a space-based computing platform, wherein the three-layer decoupling architecture comprises a space-borne safe storage layer, a space-based collaborative key management layer and a space-based computing application layer; S2, the space-borne safe storage layer adopts an anti-irradiation high-speed storage medium, integrates a special ASIC chip of the PQC, and realizes real-time encryption storage of data through a super-high-speed encryption engine; s3, generating a key by combining a Quantum Random Number Generator (QRNG) by adopting a QKD and PQC double-chain fusion distribution strategy by a heaven-earth cooperative key management layer; S4, enabling the space-based computing application layer to realize seamless access of the application through the PQC secure SDK, and adopting a zero trust architecture, wherein all accesses are subjected to PQC identity authentication and ML-DSA signature verification; S5, guaranteeing stable operation of the satellite-borne equipment in the space environment through an anti-radiation reinforcement design and an on-orbit secret key self-healing mechanism, and completing ultra-high-speed safe storage and management of a post quantum secret key; And S6, debugging the cooperative operation effect of the three-layer decoupling architecture, and verifying the matching property of storage and encryption through a storage and encryption cooperative efficiency calculation formula. Preferably, in S1, firstly, the core parameter threshold value of the space-based computing platform is defined, and the space-borne storage re