Large code length private key amplification data access method suitable for quantum key distribution system

By segmenting the Toeplitz matrix and the error-corrected key, and combining DDR and BRAM, the data access process for large code-length private key amplification in the quantum key distribution system is optimized, solving the problems of high storage requirements and long computation time, and improving system performance.

CN116418504BActive Publication Date: 2026-06-26NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
NO 30 INST OF CHINA ELECTRONIC TECH GRP CORP
Filing Date
2023-05-22
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Under limited resource conditions, large-code-length private key amplification in quantum key distribution systems suffers from high storage requirements and long computation time, which affects system performance.

Method used

By dividing the Toeplitz matrix into sub-matrices of size i×i and dividing the error-corrected key into key blocks of length i, and combining the use of DDR and BRAM, the data access process is optimized, enabling simultaneous multi-path computation and reducing the number of external memory reads and computation time.

Benefits of technology

It reduces the usage of external storage, decreases the number of data reads, improves the utilization of computing resources and computing efficiency, and shortens the time required for the private key amplification process.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116418504B_ABST
    Figure CN116418504B_ABST
Patent Text Reader

Abstract

The application discloses a large code length private key amplification data access method suitable for a quantum key distribution system. Through the combination of DDR and on-chip memory BRAM, the reading of the error-corrected key and the random seed is no longer required to be synchronous, so that the requirement for the external memory can be reduced, the subsequent hardware integration processing is facilitated, the influence of the limitation of the IO speed of the external memory on the PA processing speed is reduced, and under the condition of resource permission, multi-path synchronous calculation can be performed, and the implementation performance of the PA is effectively improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of quantum key distribution technology, and specifically to a method for amplifying and accessing large-code-length private keys suitable for quantum key distribution systems. Background Technology

[0002] With the development of quantum physics and quantum information theory, quantum secure communication—a communication method with provable security based on information theory—has become a research hotspot both domestically and internationally. Among these technologies, quantum key distribution (QKD) can generate and distribute a set of keys with provable security in real time between communicating parties in different locations. Combined with symmetric encryption methods such as one-time pad or AES, the security of the communication can be guaranteed. QKD mainly includes two technical approaches: discrete variable and continuous variable. Continuous variable quantum key distribution (CV-QKD) uses orthogonal components of the optical field as the information carrier, offering high security rates over short to medium transmission distances and being compatible with the algorithms of traditional optical communication devices, thus showing promising development prospects.

[0003] The workflow of a QKD system includes quantum state generation, transmission, detection, and data post-processing, and its overall block diagram is as follows: Figure 1 As shown, end A (the sender) first transmits a quantum signal to end B (the receiver) through a quantum channel, and end B detects and receives the signal. Through data post-processing on a classical channel, A and B obtain a consistent security key, and finally output it to their respective key application service modules for subsequent key storage, information encryption, etc.

[0004] Data post-processing is a crucial step in obtaining the security key, significantly impacting the overall system security and key generation rate. The data post-processing flowchart is shown below. Figure 2As shown, the main steps include base comparison (optional, depending on the protocol type), parameter estimation, error correction, and privacy amplification (PA): First, B sends the measurement base data used when probing the signal to A through a classical channel. After receiving the data, A selects consistent orthogonal component encoding information, and both parties perform base comparison. After completing the base comparison, A and B randomly select a portion of data from the obtained key to perform parameter estimation, thereby calculating the key system parameters in the key distribution process and determining whether to continue the communication. After removing the data used for parameter estimation, error correction is performed on the remaining data. After completing the error correction process, A and B obtain consistent original random numbers, usually called the corrected key. However, this key cannot be directly used for information transmission encryption because it may contain parts that can be obtained by eavesdroppers. The role of privacy amplification is to compress the consistent but insecure key obtained after error correction to remove the parts that can be obtained by eavesdroppers, thereby obtaining the final secure key.

[0005] General-purpose hash functions are an effective means of achieving privacy amplification by shortening the key length to ensure security. As a member of the general-purpose hash function family, the Toeplitz matrix has a simple structure with equal diagonal elements, meaning the entire matrix can be constructed using the first row and first column elements, and is currently widely used. The principle of PA implementation based on the Toeplitz matrix is ​​shown in the following formula.

[0006]

[0007] To mitigate the effects of finite code length, the input code length N of the PA (Power Amplifier) ​​must be at least on the order of hundreds of megabytes, and the corresponding Toeplitz matrix must also be on the order of hundreds of megabytes. For FPGAs, storing and processing such a large amount of data is a significant challenge. Furthermore, as the system repetition frequency increases, the throughput requirements for the PA also increase. Therefore, storing and computing such a large amount of data under limited resource conditions is currently a bottleneck problem in achieving high-performance PAs.

[0008] To mitigate the impact of finite code length effects on QKD system performance, the input code length of the PA (Programmable Gate Array) must be at least in the hundreds of megabytes. Storing such a large amount of data necessitates the use of external memory. Based on the PA implementation principle described above, at least two 100-megabyte DDR (each capable of reading / writing only one address at a time) are required to simultaneously access the error-corrected key and the random seed constituting the Toeplitz matrix. This increases the hardware storage requirements. Furthermore, due to the DDR I / O speed limitations (currently, the maximum read bit width of DDR is 64 × 8 = 512 bits, and the maximum user frequency is 200 MHz), combined with existing data access methods, the PA computation time is high, impacting the implementation of high-performance PAs. Summary of the Invention

[0009] To address the aforementioned shortcomings in existing technologies, this invention provides a method for amplifying data access using a large code length private key in quantum key distribution systems, which solves the problems of low implementation efficiency and high resource consumption of large code length PAs under limited resources.

[0010] To achieve the aforementioned objectives, the present invention employs the following technical solution: a method for storing and retrieving large-code-length private keys in a quantum key distribution system, comprising the following steps:

[0011] S1, the first i rows that form the Toeplitz matrix The random seed is read from DDR and stored in BRAM; M is the number of columns in the Toeplitz matrix;

[0012] S2. Decompose the error-corrected key into key block A1 = [a0 a1 … a i-1 ] respectively with the submatrices in T1 Perform submatrix multiplication from right to left, starting with the first submatrix of T1. After the calculation of A1 is completed, it constitutes The random seed can be discarded;

[0013] S3. During the calculation of the 2nd, 3rd... T1 submatrix, the components of T are read synchronously. 21 The random seed, based on the property that the diagonal elements of the Toeplitz matrix are equal, only requires reading T. 21 The first element is sufficient, and it is stored in the original... The placement location, combined with the data already stored in BRAM Then A2 = [a i a i+1 … a 2i-1 ]and Similarly, for multiplication calculations, A2 and... The calculation is completed. The random seed can be discarded;

[0014] S4, Read T sequentially 31 …T N / i1 The first element of A is stored in the position of the previously discarded random seed. Furthermore, A is reasonably controlled. i The read time of (i≥2) is reduced, thereby enabling multi-channel A i With T i Synchronous computation improves computational efficiency while increasing the utilization of computing resources; N is the number of rows in the Toeplitz matrix.

[0015] Furthermore: The N×M Toeplitz matrix is ​​divided into blocks, and based on computational resources, it is divided into submatrices of size i×i. and T ij As a computational unit, the error-corrected key A of length N is divided into key blocks A = [a0 … a] of length i. i-1 a i … a 2i-1 … a j … a N-1 ] = [A1 A2 … A N / i ].

[0016] Further: In step S1, the amount of random seed data is M+i-1, and the number of reads is (M+i) / 512.

[0017] Further: In step S3, T 21 The number of times the first column element is read is i / 512. This reading process can be combined with the reading of other submatrices (T1, T2, T3, T4, T5, T6, T7, T8, T9, T1 ...2, T3, T1, T2, T3, T 11 …T 1(M / i-1) The calculations are performed simultaneously.

[0018] Furthermore, in step S4, the number of reads for each submatrix is ​​i / 512, and the read time can be hidden within the calculation time between the subkey and the submatrix.

[0019] Furthermore: The key is read sequentially from the corresponding positions in the DDR, A1…A ... N / 512 The number of reads is N / 512, and the read time can be hidden within the computation time between the subkey and the submatrix.

[0020] The beneficial effects of this invention are as follows:

[0021] (1) This invention reduces the utilization rate of external memory;

[0022] (2) This invention significantly reduces the number of times data is read from external memory;

[0023] (3) By controlling the subkey reading time, the present invention can perform multi-path calculations simultaneously, thereby improving the utilization of computing resources and effectively improving computing efficiency.

[0024] (4) By combining DDR and BRAM, this invention can reduce the impact of external memory I / O limitations on PA processing speed. When the submatrix dimension i is greater than the data read bit width of DDR, the PA calculation time can be effectively shortened and its processing speed improved. Attached Figure Description

[0025] Figure 1 Here is the flowchart for the QKD system;

[0026] Figure 2 This is a flowchart of the QKD system data post-processing process;

[0027] Figure 3 This is a block diagram illustrating the Toeplitz matrix and the block-based principle of the error-corrected key.

[0028] Figure 4 This is a schematic diagram illustrating the access principle of the Toeplitz matrix.

[0029] Figure 5 This is a schematic diagram of the PA implementation based on this storage method. Detailed Implementation

[0030] The specific embodiments of the present invention are described below to enable those skilled in the art to understand the present invention. However, it should be understood that the present invention is not limited to the scope of the specific embodiments. For those skilled in the art, various changes are obvious as long as they are within the spirit and scope of the present invention as defined and determined by the appended claims. All inventions utilizing the concept of the present invention are protected.

[0031] In FPGA-based PA implementations, the Toeplitz matrix is ​​typically partitioned into i×i submatrices based on available computing resources, and these submatrices are used as computational units. Similarly, the error-corrected key is partitioned into blocks according to the same proportion, such as... Figure 3 As shown. When the input code length of the error-corrected key is N, and the size of the corresponding Toeplitz matrix is ​​N×M, according to the existing common data access methods and calculation methods, the key reading requires at least N / 512 times (the maximum read bit width of DDR is 64×8=512 bits), and the random seed reading of the Toeplitz matrix requires (N / 512)×(M / 512) times, which is as high as hundreds of megabytes, seriously affecting the processing speed of PA.

[0032] This invention proposes a method for amplifying data access using a long private key in a QKD system, and its implementation. Figure 4 The data access principle of the Toeplitz matrix is ​​implemented as follows:

[0033] The first i rows that make up the Toeplitz matrix (i.e. The random seed is read from DDR and stored in BRAM. The data size is M+i-1, and the number of reads is (M+i) / 512.

[0034] According to the principle of matrix multiplication, A1 = [a0 a1 … a i-1 [This will be compared with the submatrices in T1 respectively] Perform the calculations. Let the calculation order be from right to left, then A1 and... The calculation is completed. The random seed can then be discarded. The resulting T can then be read. 21 The random seed, based on the property that the diagonal elements of the Toeplitz matrix are equal, only requires reading T. 21 The first column element is sufficient, meaning the number of reads is i / 512. This reading process can be combined with the other submatrices (T1, T2, T1, T1, T2, T1) in A1. 11 …T 1(M / i-1) The calculations are performed simultaneously;

[0035] And so on, we only need to read T sequentially. 31 …T N / i1 The first column element is stored in the corresponding position of the BRAM. The number of reads for each submatrix is ​​i / 512, and the read time can be hidden within the calculation time between the subkey and the submatrix.

[0036] In summary, the number of reads of the entire Toeplitz matrix is ​​reduced from the existing (N / 512)×(M / 512) to (M+N) / 512, effectively reducing the number of reads from external memory and reducing time consumption.

[0037] Reading the corrected key is relatively simple; it involves sequentially reading A1…A from the corresponding positions in the DDR. N / 512 The number of reads is N / 512, and its read time can be hidden within the computation time between the subkey and the submatrix, avoiding additional time loss. Furthermore, reasonable control of A... i The read time for (i≥2) can achieve multi-channel A i With T i Synchronous computation. For example, in A1 and The components can be discarded after the calculation is completed. A random seed, then read the components that make up T 21 The random seed (the calculation of other submatrices in A1 and T1 is still performed synchronously), combined with [T] already stored in BRAM 11 T 12 … T 1(M / i-1) Then A2 = [a] can be performed. i a i+1 … a 2i-1 ]and The calculations can be performed simultaneously using multiple A-channels, and so on. i With T i This improves computational efficiency while increasing the utilization of computing resources.

[0038] like Figure 5 As shown, this illustrates the implementation principle of PA based on the above access method. It can be seen that A...i Will be with multiple T ij Since the calculations are performed simultaneously, the error-corrected key and the Toeplitz matrix no longer need to be read synchronously; both can be stored in the same DDR, saving external storage resources. Furthermore, due to the combined use of DDR and BRAM, the data read time (except for A1 and T1) can be hidden within the calculation time, and the calculation time can be reduced by adjusting the matrix size of the calculation unit. Therefore, the impact of DDR's I / O speed limitations on PA processing speed can be reduced.

[0039] Example 1:

[0040] The PA implementation principle based on the Toeplitz matrix involves multiplying a set of error-corrected keys of length N with a Toeplitz matrix of size N×M to obtain a final key of length M. When N = 100 Mbits, M = 1 Mbits, and the DDR read bit width is 64 × 8 = 512 bits, according to current common data access methods, two DDRs of at least 100 Mbits each are needed to store the error-corrected keys [a0 … a i … a N-1 ] and the random seed [t0 … t] that constitutes the Toeplitz matrix N-1 … t N+M-2 Furthermore, the number of reads from external memory to the on-chip memory is as high as (N / 512)×(M / 512)=400M times. After adopting the large-code-length private key amplification data access and implementation method proposed in this invention, only one DDR memory is needed to simultaneously store the error-corrected key and the random seed, and the number of data reads can be reduced to (M+N) / 512=206848 times, which is 1 / 2048 of the original number of reads. Simultaneously, when the dimension i=1024 of the Toeplitz submatrix, the computation time of PA can be reduced to 1 / 4 of the original time, meaning the processing speed of PA can be increased by 4 times.

Claims

1. A method for amplifying and accessing large-code-length private keys in quantum key distribution systems, characterized in that, Includes the following steps: S1, change the size to The Toeplitz matrix is ​​divided into blocks based on computational resources, into portions of size [size missing]. Submatrix: And As a calculation unit, the length is The corrected key A is divided into key blocks of length i: Submatrices of the Toeplitz matrix The random seed is read from DDR and stored in BRAM; M is the number of columns in the Toeplitz matrix; S2. The key block obtained by splitting the error-corrected key. respectively with submatrix in Perform submatrix multiplication from right to left. The first submatrix is and The calculation is completed. The random seed can be discarded; S3, during steps 2 and 3... indivual Synchronously read the structure during the submatrix calculation process The random seed, based on the property that the diagonal elements of the Toeplitz matrix are equal, only requires reading... The first element is sufficient, and it is stored in the original... The placement location, combined with the data already stored in BRAM It can be done and Similarly, for multiplication calculations, and The calculation is completed. The random seed can be discarded; S4, Read sequentially The first element is stored in the first column of the Toeplitz matrix, and the position of the previously discarded random seed is also stored therein, where N is the number of rows in the Toeplitz matrix; additionally, control... to The read time enables synchronous computation of multiple key blocks and submatrices.

2. The method for amplifying and accessing large code-length private keys for quantum key distribution systems according to claim 1, characterized in that, The amount of data for the random seed in step S1 is The number of reads is .

3. The method for amplifying and accessing large code-length private keys for quantum key distribution systems according to claim 1, characterized in that, In step S3 The number of times the first column element is read is This reading process can be combined with and Other submatrices The calculations are performed simultaneously.

4. The method for amplifying and accessing large code-length private keys for quantum key distribution systems according to claim 1, characterized in that, The number of reads for each submatrix in step S4 is 1. Furthermore, the reading time can be hidden within the computation time between the subkey and the submatrix.

5. The method for amplifying and accessing large code-length private keys for quantum key distribution systems according to claim 1, characterized in that, The key is read sequentially from the corresponding positions in the DDR. The number of reads is The reading time can be hidden within the computation time between the subkey and the submatrix.