[0041] The fingerprint authentication method based on continuous variable quantum key distribution provided by the present invention realizes the working principle of the scheme based on continuous variable quantum key distribution; the method of the present invention is mainly divided into two stages, the first stage is the user fingerprint identity In the registration phase, the second phase is the user fingerprint identification phase. Because the method of the present invention does not directly transmit the user's fingerprint identity information, but modulates the fingerprint feature points into coherent state variables, generates the initial key through the correspondingly generated revocable template, and then goes through a series of post-processing procedures (including parameter estimation, The process of reverse error correction negotiation and key strengthening) finally obtains the encryption key, so that the entire system has better security and privacy.
[0042] Such as figure 1 Shown is the method flow diagram of the registration process of the method of the present invention: the registration phase includes the following steps:
[0043] S1. The client obtains the fingerprint registered by the user, extracts the characteristic points of the fingerprint, and modulates the variable {X a } 1≤a≤n , {P a } 1≤a≤n Is a coherent state;
[0044] S2. The client distributes the distribution obtained in step S1 in the coordinate space {(X a ,P a )} 1≤a≤n The coherent state information of is transmitted to the server through the quantum channel;
[0045] S3. The server generates a template T i At the same time, the homodyne detector is used to randomly measure the regular component X or P of the received coherent state information to obtain the first initial key {k' a } 1≤a≤n , And the resulting template T i Store
[0046] The template is randomly generated by the server. As shown in Table 1 below, it is an example template [1 0 1 1 0] (the template in actual application is much longer than this example):
[0047] Table 1 template example
[0048]
[0049] Among them, 1 represents the canonical component X of the coherent state variable measured by the homodyne detector, and 0 represents the regular component P of the coherent state variable measured by the homodyne detector, and in the coherent state variable {(X a ,P a )}中X a And P a It is a set of conjugate quantities; according to the uncertainty principle, the more accurate the measurement of the regular component X will lead to the more inaccurate the measurement result of the regular component P, and vice versa. To get the initial key K' a;
[0050] S4. The server sends the template T through the classic channel i Send to the client, the client according to the received template T i , Only keep the same data as the regular component of the random measurement of the server, that is, 1 keep X a , 0 reserved P a , Thereby generating the corresponding second initial key {k a } 1≤a≤n , At this time, the client and the server share a set of initial key pairs with related variables {k a } 1≤a≤n And {k' a } 1≤a≤n; At the same time, due to eavesdropping or channel noise, this group of initial key pairs are not completely equal, so the following processing procedures are required:
[0051] S5. From the shared initial key pair (k a } 1≤a≤n And {k' a } 1≤a≤n Extract m data for parameter estimation, and decide whether to continue the protocol according to the estimated parameters; m is a natural number; the size of the data m should be calculated based on the finite length security theory, comprehensively considering the transmission distance and the required minimum security key rate And so on; specifically, the following steps can be used to decide whether to continue the agreement:
[0052] (1) Calculate the transmittance T and excess noise ε according to the extracted m data;
[0053] (2) Use the following formula to calculate the amount of information stolen by Eve χ(s:E):
[0054] χ(s:E)=(1-T)/T+ε
[0055] (3) Use the following formula to calculate the amount of mutual information between the client and the server
[0056]
[0057] Where V is the variance of the two-mode squeezed state;
[0058] (4) Use the following rules to determine whether the agreement continues:
[0059] If It is determined that the agreement continues;
[0060] If It is determined that the agreement is terminated;
[0061] Among them, β is the negotiated error correction efficiency;
[0062] S6. The server discretizes the measurement data, and uses the error correction code to pair the initial key pair that has extracted m data {k a } 1≤a≤n-m And {k' a } 1≤a≤n-m Perform reverse data negotiation and store the corresponding error correction code;
[0063] S7. The client uses a random hash function to convert the k whose length is n-m at this time a Compressed into a key k of length j j; Moreover, the m data for parameter estimation are no longer used for key generation;
[0064] S8. The client sends the hash function used in step S7 to the server through the classic channel, and the server extracts the key k j , And the corresponding hash function and key k j Perform storage to complete the registration of user fingerprints.
[0065] Such as figure 2 Shown is the method flow diagram of the authentication process of the method of the present invention: the authentication phase includes the following steps:
[0066] A. The client obtains the fingerprint to be authenticated, extracts the characteristic points of the fingerprint, and modulates the variable {X b } 1≤b≤n , {P b } 1≤b≤n Is a coherent state;
[0067] B. The client distributes the distribution obtained in step S1 in the coordinate space {(X b ,P b )} 1≤b≤n The coherent state information of is transmitted to the server through the quantum channel;
[0068] C. The server uses the template T stored in step S3 i Transform the received coherent state information into the first initial query key {k b '} 1≤b≤n;
[0069] D. The server sends the template T through the classic channel i Send to the client, the client according to the received template T i Generate the corresponding second initial query key {k b } 1≤b≤n , At this time, the client and the server share a set of initial query key pairs containing related variables {k b } 1≤b≤n And {k' b } 1≤b≤n;
[0070] E. The server queries the shared initial key pair {k a } 1≤a≤n And {k' a } 1≤a≤n Extract the same m data as in step S5 for parameter estimation, and decide whether to continue the agreement according to the estimated parameters; m is a natural number;
[0071] Specifically, the following steps can be used to decide whether to continue the agreement:
[0072] (1) Calculate the transmittance T and excess noise ε according to the extracted m data;
[0073] (2) Use the following formula to calculate the amount of information stolen by Eve χ(s:E):
[0074] χ(s:E)=(1-T)/T+ε
[0075] (3) Use the following formula to calculate the amount of mutual information between the client and the server
[0076]
[0077] Where V is the variance of the two-mode squeezed state;
[0078] (4) Use the following rules to determine whether the agreement continues:
[0079] If It is determined that the agreement continues;
[0080] If It is determined that the agreement is terminated;
[0081] Among them, β is the negotiated error correction efficiency;
[0082] F. The server uses the error correction code stored in step S6 to extract the initial query key pair {k b } 1≤b≤n-m And {k' b } 1≤b≤n-m Conduct reverse data negotiation;
[0083] G. The server uses the hash function described in step S7 to calculate the k whose length is n-m at this time b Compressed to query key k of length j q; Moreover, the m data for parameter estimation are no longer used for key generation;
[0084] H. The server matches the query key k from the database q And key k j To verify the user’s identity.