CN-122027143-A - Post quantum cryptography identity authentication and safety communication method for in-orbit satellite

CN122027143ACN 122027143 ACN122027143 ACN 122027143ACN-122027143-A

Abstract

The invention discloses a post quantum password identity authentication and safety communication method for an in-orbit satellite, which belongs to the technical field of information safety and comprises the steps of generating a post quantum public private key pair by a ground terminal, pre-distributing the post quantum public key to an in-orbit satellite for caching, uniquely holding the post quantum private key by the ground terminal, establishing QUIC connection between the in-orbit satellite and the ground terminal, utilizing the cached post quantum public key to encapsulate a locally generated shared secret to obtain an encapsulated ciphertext, utilizing a satellite identity private key to sign a data packet containing the encapsulated ciphertext to obtain an identity authentication credential, transmitting the identity authentication credential to the ground terminal through a QUIC handshake frame, utilizing the post quantum private key to de-encapsulate the encapsulated ciphertext to obtain the shared secret, utilizing the satellite identity public key to verify the identity authentication credential, and taking the shared secret as a session key after verification.

Inventors

MA XIAONAN
CHEN YONGPEI

Assignees

上海伊世智能科技有限公司

Dates

Publication Date: 20260512
Application Date: 20260324

Claims (9)

1. The method for performing the identity authentication and the secure communication of the post quantum cryptography for the in-orbit satellite is characterized by comprising the following steps of: S1, a ground terminal generates a post quantum public-private key pair based on a post quantum cryptographic algorithm, and pre-distributes the generated post quantum public key to an in-orbit satellite for caching through a secure channel, wherein a post quantum private key in the post quantum public-private key pair is uniquely held by the ground terminal; S2, when the in-orbit satellite needs to establish secure communication with the ground terminal, establishing communication connection based on a QUIC protocol with the ground terminal firstly, and in the process of establishing the communication connection, encapsulating a locally generated shared secret by the in-orbit satellite by using a cached post quantum public key to obtain an encapsulated ciphertext; S3, the ground terminal receives the QUIC handshake frame, decapsulates the encapsulated ciphertext by using the held post-quantum private key to obtain a shared secret, verifies the validity of the identity authentication credentials by using the satellite identity public key, and takes the decapsulated shared secret as a session key after the verification is passed.
2. The method for authenticating and communicating the identity of the post quantum cryptography for the on-orbit satellite according to claim 1, wherein the post quantum cryptography in the step S1 is a lattice-based key encapsulation mechanism, and the post quantum digital signature in the step S2 is a lattice-based digital signature algorithm.
3. The method for post-quantum cryptography identity authentication and security communication for an in-orbit satellite according to claim 1, wherein the specific steps of establishing the QUIC protocol-based communication connection in step S2 are as follows: s21, the ground terminal carries a post quantum public key in an early data packet connected by QUIC and sends the post quantum public key to an in-orbit satellite; S22, the on-orbit satellite receives and caches early data packets connected by the QUIC, extracts the post-quantum public key from the early data packets, caches the data packets, performs post-quantum password packaging and signature operation by using the cached post-quantum public key, and sends the obtained packaging ciphertext and the obtained identity authentication credential back to the ground terminal through a QUIC handshake frame.
4. The method for authenticating and safely communicating the post quantum cryptography identity for the on-orbit satellite according to claim 1 is characterized in that the post quantum cryptography packaging in the step S2 comprises the specific steps that the on-orbit satellite executes a post quantum key packaging algorithm on a locally generated shared password by using a cached post quantum public key to obtain a packaged ciphertext, and the calculation formula is as follows: ; Wherein, the A post quantum public key provided for a ground terminal, For a shared secret generated locally by an in-orbit satellite, For the encapsulation function in the post quantum key encapsulation algorithm, To generate the encapsulated ciphertext.
5. The method for post-quantum cryptography identity authentication and secure communication for an in-orbit satellite according to claim 1, wherein the calculation formula of the identity authentication certificate obtained in step S2 is as follows: ; Wherein, the A satellite identity private key held by an in-orbit satellite; is a data packet at least comprising a package ciphertext; a signature function in a post quantum digital signature algorithm; authentication credentials are generated for the generated identity.
6. The method for authenticating and safely communicating the post quantum cryptography identity for the on-orbit satellite according to claim 1 is characterized in that the specific step of decapsulating in the step S3 is that the ground terminal performs a decapsulation algorithm of a post quantum key encapsulation algorithm on the received encapsulated ciphertext by using the held post quantum private key to obtain a shared secret, and the calculation formula is as follows: ; Wherein, the Is a post quantum private key held by a ground terminal, For the received encapsulated ciphertext to be received, As a decapsulation function in the post quantum key encapsulation algorithm, The resulting shared secret is unpacked.
7. The method for authenticating and communicating the post quantum cryptography identity and security oriented to the on-orbit satellite according to claim 1 is characterized in that the specific step of verifying the identity authentication certificate in the step S3 is that the ground terminal uses the public key of the satellite identity to execute the verification algorithm of the post quantum digital signature algorithm on the data packet and the identity authentication certificate to obtain a verification result, and the calculation formula is as follows: ; Wherein, the An identity public key for an in-orbit satellite; is a data packet at least comprising a package ciphertext; authenticating the received identity credentials; returning when verification passes for verification function in post quantum digital signature algorithm Otherwise return to 。
8. The method for post-quantum cryptography identity authentication and security communication for an in-orbit satellite according to claim 1, wherein the locally generated shared secret in step S2 is generated by the in-orbit satellite through a true random number generator.
9. The method for authenticating and communicating securely the post-quantum cryptography identity for an in-orbit satellite according to claim 1, further comprising step S4, wherein the ground terminal issues a new post-quantum public key to the in-orbit satellite to replace the cached post-quantum public key by updating the control frame with the post-quantum key newly added in the QUIC protocol.

Description

Post quantum cryptography identity authentication and safety communication method for in-orbit satellite Technical Field The invention relates to the technical field of information security, in particular to a post quantum cryptography identity authentication and security communication method oriented to an in-orbit satellite. Background The satellite network is taken as an important component of sixth-generation mobile communication (6G) and provides seamless communication service for nodes which cannot be covered by ground networks such as ocean ships, remote areas and the like. However, unlike the terrestrial network, the satellite network is in an electromagnetic open space environment, and has the characteristics of dynamic time-varying network topology, prolonged transmission time, high bit error rate and the like, and the characteristics of node exposure and wireless link opening enable the satellite network to be extremely vulnerable to network threats such as man-in-the-middle attack, replay attack and the like in the communication process, so that node identity verification plays a vital role in preventing malicious attack. With the rapid development of quantum computing technology, the Shor algorithm has been proved to be capable of solving the discrete logarithm and large integer decomposition problem in polynomial time, and once a practical quantum computer is developed, the existing satellite access authentication scheme based on traditional public key cryptosystems such as Rivest-Shamir-Adleman (RSA) algorithm, elliptic curve cryptography (Elliptic Curve Cryptography, ECC) and the like faces a huge security threat. To address this challenge, the national institute of standards and Technology (National Institute of STANDARDS AND Technology, NIST) has begun to drive the standardization of post-quantum cryptography algorithms, and lattice-based cryptography algorithms (e.g., kyber, dilithium) have been selected as standard algorithms against quantum attacks. However, the direct application of post quantum cryptography algorithms to in-orbit satellites faces special challenges of limited resources. The space-borne computer has limited computational power and small storage space, the key size of the post-quantum cryptographic algorithm (especially the password based on the lattice) is large, the algorithm complexity is high, and when the existing post-quantum authentication scheme is deployed on a satellite, the private key needs to be stored at the satellite side and complex key generation and decapsulation operation is executed, so that the authentication delay reaches the minute level and the real-time requirement of satellite communication cannot be met. In recent years, the rapid UDP network connection (Quick UDP Internet Connections, QUIC) protocol has been gradually applied in satellite communications due to its characteristics of shorter handshake delay, support of multiple flows and connection migration, but the current security guarantee of the QUIC protocol is mainly constructed based on the transport layer security (Transport Layer Security, TLS) protocol, and depending on the conventional encryption algorithm, the lightweight post-quantum identity authentication mechanism applicable to the satellite resource-constrained environment has not been effectively integrated. Disclosure of Invention The invention aims to provide a post quantum cryptography identity authentication and safety communication method for an in-orbit satellite, which aims to solve the technical problems that when the existing post quantum authentication scheme is deployed on the satellite, a private key is required to be stored at the satellite side, complex key generation and decapsulation operation is executed, so that authentication delay is overlong and real-time requirements of satellite communication cannot be met. In order to achieve the above purpose, the invention provides a post quantum cryptography identity authentication and secure communication method facing an in-orbit satellite, which comprises the following steps: S1, a ground terminal generates a post quantum public-private key pair based on a post quantum cryptographic algorithm, and pre-distributes the generated post quantum public key to an in-orbit satellite for caching through a secure channel, wherein a post quantum private key in the post quantum public-private key pair is uniquely held by the ground terminal; S2, when the in-orbit satellite needs to establish secure communication with the ground terminal, establishing communication connection based on a QUIC protocol with the ground terminal firstly, and in the process of establishing the communication connection, encapsulating a locally generated shared secret by the in-orbit satellite by using a cached post quantum public key to obtain an encapsulated ciphertext; S3, the ground terminal receives the QUIC handshake frame, decapsulates the encapsulated ciphertext by using the held post-quant