RU2820558C1 - Method of controlling strength criterion of quantum distribution of keys described by connected graphs of arbitrary configurations - Google Patents

Abstract

FIELD: cryptography.

SUBSTANCE: invention relates to secure information networks with quantum distribution of cryptographic keys. In this method unidirectional key transport is used with total number of N nodes in the network, where each node has c links; if probability of successful attack p _s is less than required value of key transport resistance, then reducing requirements for quantum key distribution protocols p of each connection between nodes, leaving p _s less than the required value of key transport resistance, controlling the key transport parameter c.

EFFECT: providing the possibility of controlling the stability criterion of quantum key distribution protocols to ensure the use of the minimum possible amount of resources, required for a given level of network infrastructure resistance.

1 cl, 6 dwg

Description

The invention relates to the field of secure information networks with quantum distribution of cryptographic keys.

An analogue of the method is known - a method for managing resources in quantum key distribution networks - RU 2621605, 10/02/2015, in which key synchronization between clients includes the process of quantum distribution of a shared secret key between the first client and the first server, which are located in the first local network with the formation of a shared key K ₁ , the process of quantum distribution of the shared secret key between the second client and the second server with the formation of a shared key K ₃ , which are located in the second local network, the process of quantum distribution of the shared secret key between the first server and the auxiliary client of the second server with the formation of K ₂ , viewed first the server of key positions and sending to the first client the number of positions in the key K ₁ , the values of which do not match the values in the key K ₂ .

The disadvantage of this analogue is that when distributing keys, it becomes necessary to repeatedly process the same sequence of bits, which determines the quantum key on all trusted intermediate nodes of the network, which makes it possible to carry out attacks that involve an attacker in the middle.

The closest analogue is known - a method for reducing resource consumption in quantum key distribution networks - CN108173649, 01/10/2018, adopted as a prototype, including authentication resource management, in which service stations of a quantum network configured on the network side and two clients configured on the network side are used. user side and participating in message authentication, each client is configured with a quantum key card, and when two clients authenticate a message, the initial values of the shared key are directly or indirectly obtained through the quantum network service station on the network side; the two clients respectively generate message authentication codes in their respective quantum key fobs using their shared key seeds, and respectively implement message authentication on the user side. When two clients perform message authentication, common initial keys are obtained through the quantum network service station on the network side, and generation and comparative authentication of message authentication codes is performed on the user side.

The disadvantage of the prototype is the inability to control the strength criterion of quantum key distribution protocols to ensure the use of the minimum possible amount of resources required for a given level of network infrastructure strength.

The technical result of the proposed invention is to provide the ability to control the strength criterion of quantum key distribution protocols to ensure the use of the minimum possible amount of resources required for a given level of network infrastructure strength.

The technical result is achieved in a method for managing the stability criterion of quantum key distribution, described by connected graphs of arbitrary configurations, in which measures are taken to reduce resource consumption in quantum key distribution networks, and unidirectional key transport is used with a total number of N nodes in the network, where each node has With connections, and the unidirectional key transport protocol connects two nodes between which nodes and the shortest route goes through nodes, where - rounding down, and all nodes participating in the session from the first to Nc inclusively have the same number of outgoing connections c, all nodes starting from N-c+a, where 1 ≤ a ≤ With, have ca outgoing connections, all nodes with c+1 to N nodes inclusively participating in the session have the same number of incoming connections c, and all a-th nodes, where 1 ≤ a ≤ With, have a-1 incoming connections; encryption using the specified protocol is carried out as follows: each route is assigned a bit string K _b and from node i to the node j, Wherei - number of the first node of the pair, j - number of the second node of the pair, transmit the concatenation of those K _b bit strings whose route passes between these nodes and is encrypted using k _ij keys obtained using quantum key distribution systems between nodes i And j; the final key obtained by the last node is obtained by bitwise exclusive OR operation of the bit strings K _b ; the probability of a successful attack on quantum key distribution protocols when implementing key transport is determined by the formula:

ps _≈ 2pc ^,

where p is the strength of the quantum key distribution protocols for each connection between the nodes on which the quantum key distribution protocols are organized, and the approximation described by the largest term is used, where it is necessary that p<(1/2) ^{1/ c} ; if the probability of a successful attack p _s is less than the required strength value of the key transport, then the requirements for the strength of the quantum key distribution protocols for each connection between nodes p are reduced, leaving p _s less than the required strength value of the key transport.

In fig. Figure 1 shows the routing diagram of the key transport protocol of a quantum network segment with N = 6 and c = 2.

In fig. Figure 2 shows the first example of an attack on connections between nodes using quantum key distribution protocols, in which the connection between the first and last nodes is broken.

In fig. Figure 3 shows a second example of an attack on connections between nodes using quantum key distribution protocols, in which the connection between the first and last nodes is broken.

In fig. Figure 4 shows the third example of an attack on connections between nodes using quantum key distribution protocols, in which the connection between the first and last nodes is broken.

In fig. Figure 5 shows a fourth example of an attack on connections between nodes using quantum key distribution protocols, in which the connection between the first and last nodes is broken.

In fig. Figure 6 shows the fifth example of an attack on connections between nodes using quantum key distribution protocols, in which the connection between the first and last nodes is broken.

Let's consider an example of implementing a method for controlling the stability criterion of a quantum distribution of keys described by connected graphs of arbitrary configurations. We will consider the implementation of the method using a unidirectional key transport protocol for a network with N = 6 nodes and one additional connection, that is, with c = 2, shown in Fig.1. Unidirectional key transport is a method of transmitting a key from the first node to the last in one direction through a network of trusted nodes. The task is to securely transmit a message M from the first trusted node to the last, between which there is no direct connection via a quantum channel, according to the algorithm described below.

Each trusted node is authenticated on the network.

Between each pair of connected trusted nodes, a quantum key distribution is performed, the key is shared between the first and second nodes, the key is common between the first and third nodes and so on. So the key is common between the i -th and j -th nodes if there is a quantum channel between them.

The total number of routes for key transport F(c) is determined in the network; in our case it is F (2) = 8, as shown in Fig. 1.

For each route at the first node, random bit strings are generated with 1 ≤ b ≤ 8. Then, a routing scheme R is developed at the first node and sent from the first node to other nodes. The routing scheme can be designed in the network using SDN principles.

Encrypted messages are sent from the first node And to the second and third nodes in accordance with the routing scheme R over any communication channel where recorded in a row are concatenated bit strings, and - bitwise exclusive OR.

In the second node, the received message is decrypted using a known quantum key of the form , and split it according to the routing scheme R into And .

From the second node send And to the third and fourth nodes, respectively, through communication channels.

The following nine messages are sent over communication channels during a session: , , , , , , , , .

The last node receives all bit strings , and the first and last nodes receive an encryption key known only to them

At the first node, the message M is encrypted as and transmit it over the communication channel to the last node, where the message is decrypted using the formula .

In the formula for calculating p _s the probability of a successful attack, the interception of either c links leaving the first node or c links entering the last one is taken into account, that is, the most probable case is considered.

The final key obtained by the last node is formed by a bitwise exclusive OR operation of bit strings of the same length K _b , in place of each set (pair, triple, quadruple, and so on) of corresponding bits (the first from the first row + the first from the second row + the first from the third rows + the first of the fourth row and so on) record the result of the exclusive OR operation.

K _b - bit string passing through the b -route. Several routes pass through each specific edge connecting two nodes. An expression describing the number of routes passing through a specific edge cannot be written explicitly. But this number is calculated for each specific implementation using a well-known algorithm. Each edge connecting two nodes conveys the concatenation of all K _b that pass through it.

Therefore, in Fig. 1, routes 3 and 8 pass through the edge connecting nodes 3-5, and accordingly, the concatenation K ₃ and K ₈ is transmitted through this edge. And through the edge connecting nodes 4-6, three routes pass: 2, 5 and 6, and accordingly from the 4th node to the 6th they transmit the concatenation K ₂ K ₅ K ₆ .

The length of K _b is known in advance, all lengths of K _b are the same and equal to K. The number of K _b that will pass through a given edge, that is, which will be concatenated into one total bit string length, is determined in advance based on the key transport protocol. The length of the concatenated bit strings K _b , as well as the bits spent on their further routing, must correspond to the length .

The technical result in the proposed method is achieved due to the fact that the method allows one to estimate the overall probability of a successful attack on the quantum key distribution protocol between an arbitrary number of trusted nodes, depending on the configuration of connections between trusted nodes of the quantum key distribution network. To do this, determine the minimum number of connections that can be attacked. A successful attack on a quantum network means a set of successful attacks on connections between trusted nodes, including the desired configuration pattern, which means that it is impossible to route from the first to the last node not through the attacked nodes. In the approximation used, only the leading term of the sum is retained. This approximation is valid if the following condition is met:

p < (1/2) ^1/s .

In Figures 2-6, dotted lines represent potential graph cuts in which there is no path from the first node to the last through uncompromised connections. The links in black that correspond to a successful attack show the combination of edges required for a successful interception. Obviously, the smallest number of successful edge interceptions required to break the route are presented in Fig. 2 and Fig. 6. These examples determine the leading term of the sum. The number of such successful configurations is fixed and is calculated using the formula:

ps _≈ 2pc ^,

Quantum key distribution precedes encryption. The amount of resources spent on ensuring the strength of the quantum key distribution protocol affects the final strength of encryption in the key transport protocol. The nature of the influence in the proposed method is expressed by the given formula for calculating p _s . Thus, the proposed method allows, with a fixed encryption quality, to weaken the requirements for the strength of the quantum key distribution protocol by changing the network parameters and thereby reduce the resources spent on ensuring key strength. By setting up the network by setting the parameters of the key transport ( c and N ), they manage the strength resources of the quantum key distribution protocol, maintaining the specified encryption quality.

Claims (8)

A method for managing key transport parameters to ensure the use of the minimum possible amount of resources to ensure the stability of quantum key distribution protocols, described by connected graphs of arbitrary configurations, in which measures are taken to reduce resource consumption in quantum key distribution networks, characterized in that use unidirectional key transport with a total number of N nodes in the network, where each node has c connections, and the unidirectional key transport protocol connects two nodes, between which N-2 nodes are located and the shortest route passes through [( N - 2 + c )/ c ], where [⋅] is rounding down, and all nodes participating in the session from first to N - c inclusive have the same number of outgoing connections c , all nodes starting from N - c + a , where 1 ≤ a ≤ c , have ca outgoing connections, all nodes from c+1 to N node inclusive, participating in the session, have the same number of incoming connections c , and all a -th nodes, where 1 ≤ a ≤ c , have a-1 incoming connections; encryption using the specified protocol is carried out as follows: each route is assigned a bit string K _b and from node i to node j , where i is the number of the first node of the pair, j is the number of the second node of the pair, transmit the concatenation of those K _b bit strings whose route passes between these nodes, and encrypt with K _ij keys obtained using quantum key distribution protocols between nodes i and j ; the final key obtained by the last node is obtained by bitwise exclusive OR operation of the bit strings K _b ; the probability of a successful attack on quantum key distribution protocols when implementing key transport is determined by the formula: ps _≈ 2pc ^, where p is the strength of the quantum key distribution protocols for each connection between the nodes on which the quantum key distribution protocols are organized, and the approximation described by the largest term is used, where it is necessary that p<(1/2) ^1/c ; if the probability of a successful attack p _s is less than the required value of the strength of the key transport, then the requirements for the strength of the quantum key distribution protocols p of each connection between nodes are reduced, leaving p _s less than the required value of the strength of the key transport, controlling the key transport parameter c .