A physical layer secure communication method and system
By introducing a serial quantum noise stream cryptographic module and synchronization method into the optical communication system, optical domain encryption and decryption are realized, solving the problems of poor optical signal compatibility and synchronization in the existing technology, and providing plug-and-play security hardening function.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- FIBERHOME TELECOMMUNICATION TECHNOLOGIES CO LTD
- Filing Date
- 2023-03-20
- Publication Date
- 2026-06-19
Smart Images

Figure CN116488739B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of secure communication technology, specifically to the security hardening function of optical communication equipment, and particularly to a novel physical layer secure communication method and system. Background Technology
[0002] Current optical network security relies on upper-layer protocols and encryption algorithms such as AES (Advanced Encryption Standard), RSA (RSA algorithm), and SHA (Secure Hash Algorithm). Physical layer security hardening, however, differs from encryption algorithms in that it provides additional security features beyond traditional methods, completely independent of upper-layer applications, and has strong applicability. Furthermore, security hardening implemented at the physical layer results in low processing latency. In addition, the keys involved in physical layer security hardening techniques can be managed by different users, meeting the key management needs of multi-user networks.
[0003] Among current physical layer encryption schemes, quantum noise stream cryptography combines digital cryptography with the randomness of optical quantum noise, making it more secure and stable than other schemes, thus meeting practical application requirements.
[0004] However, existing quantum noise stream cryptography schemes primarily process the data stream at the electrical layer for encryption and decryption. The transmitting end needs to perform encryption operations at the electrical layer to generate ciphertext, which is then modulated onto a DC optical carrier. The receiving end, on the other hand, needs to convert the ciphertext optical signal into an electrical signal via photoelectric conversion before decryption at the electrical layer. These existing schemes all encrypt and decrypt electrical signals and cannot encrypt or decrypt optical signals output from commercial optical transceiver modules, resulting in poor compatibility with existing optical communication equipment.
[0005] Furthermore, since the encrypted signal is an electrical signal, if the cipher is modulated onto the optical signal in the optical domain, there is a synchronization problem between the encrypted and data signals. If the encrypted and data signals are not synchronized, each symbol of the optical signal will be affected by two different encryption levels. In actual encryption, each symbol of the optical signal will be randomly encrypted, making it impossible to encrypt according to the predetermined encryption signal. In addition, there is also a synchronization problem between encryption and decryption. If encryption and decryption are not synchronized, the decryption signal may not be able to align with the corresponding encryption signal, resulting in incorrect decryption.
[0006] In view of this, how to overcome the shortcomings of the existing technology and solve the above-mentioned technical problems is a difficult problem to be solved in this technical field. Summary of the Invention
[0007] To address the deficiencies or improvement needs of existing technologies, this invention provides a novel physical layer secure communication method and system without altering the existing system structure and while maintaining compatibility with existing optical communication equipment. This provides plug-and-play physical layer security hardening capabilities for optical communication devices. It innovatively offers a physical layer secure communication method and system based on serial quantum noise stream ciphers, achieving optical domain encryption and decryption. Furthermore, it provides methods and modules for clock synchronization and frame synchronization to solve the synchronization problems between encrypted and data signals, as well as between decryption and encryption, in serial encryption.
[0008] The embodiments of the present invention adopt the following technical solutions:
[0009] In a first aspect, the present invention provides a novel physical layer secure communication method, comprising: encrypting an optical signal transmitted by an optical transmitting module through an optical physical layer security hardening transmitting module to obtain an encrypted optical signal;
[0010] The encrypted optical signal generated by the optical physical layer security hardening transmitter module is connected to the optical fiber link for optical transmission.
[0011] The encrypted optical signal transmitted through the optical fiber link is decrypted by the optical physical layer security hardening receiver module to obtain the decrypted optical signal;
[0012] The decrypted optical signal is connected to the optical receiving module to complete signal reception and realize secure communication at the physical layer.
[0013] Furthermore, the encryption of the optical signal emitted by the optical transmitting module through the optical physical layer security hardening transmitting module specifically includes:
[0014] The optical physical layer security hardening transmitter module receives optical signals carrying plaintext information emitted by the optical transmitter module;
[0015] The optical physical layer security-hardened transmitter module splits the optical signal emitted by the optical transmitter module;
[0016] A portion of the optical signal is connected to the clock synchronization unit. The clock synchronization unit extracts the clock synchronization information of the optical signal and controls the encryption drive voltage through the clock synchronization information to align the encryption drive voltage with the clock of the optical signal emitted by the optical transmitting module, thereby achieving symbol-based encryption.
[0017] Another portion of the optical signal is sequentially connected to a multi-level random modulation encryption unit and a quantum noise masking unit to achieve double encryption in the optical domain.
[0018] Furthermore, the step of extracting clock synchronization information of the optical signal using a clock synchronization unit and controlling the encryption drive voltage with the clock of the optical signal emitted by the optical transmitting module specifically includes:
[0019] A photodetector is used to perform photoelectric conversion on a portion of the optical signal transmitted from the optical emission module and split into an electrical signal. The electrical signal is then sampled to obtain the first pulse delay as clock synchronization information. This clock synchronization information is used to control the delay of the drive voltage.
[0020] Furthermore, the decryption of the encrypted optical signal transmitted via the fiber optic link by the optical physical layer security-hardened receiving module specifically includes:
[0021] The optical physical layer security-hardened receiver module splits the optical signal after it has been transmitted through the link.
[0022] A portion of the optical signal is input to the frame synchronization unit, which calculates the frame synchronization information and controls the output delay of the decryption driving voltage through the frame synchronization information, aligning the decryption driving voltage with the signal frame of the encryption driving voltage in the optical physical layer security hardening transmitter module.
[0023] Another portion of the optical signal is fed into a multi-level random modulation decryption unit to achieve decryption in the optical domain.
[0024] Furthermore, the step of calculating frame synchronization information using a frame synchronization unit, controlling the output delay of the decryption driving voltage through the frame synchronization information, and aligning the decryption driving voltage with the signal frame of the encryption driving voltage in the opto-physical layer security hardening transmitter module specifically includes:
[0025] For the phase-shift keying format optical signal emitted by the optical emission module, after encryption, the ciphertext is loaded onto the optical phase. The phase information is transferred to the intensity using a phase-intensity conversion mechanism, and then the photodetector performs photoelectric conversion to obtain the detection signal.
[0026] The detection signal is sampled, and the correlation peak position between the stream cipher generated in the optical physical layer security hardening receiver module and the encrypted optical signal transmitted from the optical fiber link is calculated using the cross-correlation function to obtain frame synchronization information. The output delay of the decryption drive voltage generated in the optical physical layer security hardening receiver module is adjusted according to the synchronization information to achieve encryption and decryption frame synchronization.
[0027] Furthermore, the type of optical signal emitted by the optical emitting module includes PSK format optical signals, which carry plaintext information.
[0028] Secondly, the present invention provides a novel physical layer secure communication system, comprising an optical transmitting module, an optical physical layer security-hardened transmitting end module, an optical fiber link, an optical physical layer security-hardened receiving end module, and an optical receiving module, wherein:
[0029] The optical emission module is used to emit optical signals carrying plaintext information;
[0030] The photophysical layer security hardening transmitter module is used to encrypt optical signals;
[0031] The optical fiber link is used for optical transmission of the encrypted optical signal generated by the optical physical layer security hardening transmitter module.
[0032] The optical physical layer security-hardened receiver module is used to decrypt optical signals transmitted through the optical fiber link;
[0033] The optical receiving module is used to receive the decrypted optical signal generated by the optical physical layer security hardening receiving module, complete the signal reception, and realize physical layer secure communication.
[0034] Furthermore, the optical physical layer security hardening transmitting module includes a clock synchronization unit, a multi-level random modulation encryption unit, and a quantum noise masking unit; the optical physical layer security hardening receiving module includes a frame synchronization unit and a multi-level random modulation decryption unit, wherein:
[0035] The clock synchronization unit is used to detect a portion of the optical signal, extract clock synchronization information, and transmit the clock synchronization information to the multi-level random modulation encryption unit.
[0036] The multi-level random modulation encryption unit is used to access another part of the optical signal and use the synchronous key stream to control the driving voltage to perform random high-order modulation encryption on the optical signal.
[0037] The quantum noise masking unit is used to perform secondary encryption on the encrypted optical signal by superimposing quantum noise, and the quantum noise range covers adjacent multi-level signals.
[0038] The frame synchronization unit is used to calculate frame synchronization information by combining a portion of the encrypted optical signal with the stream cipher in the multi-level random modulation decryption unit, and then transmit the frame synchronization information to the multi-level random modulation decryption unit.
[0039] The multi-level random modulation decryption unit is used to access another part of the encrypted optical signal and to perform high-order modulation decryption on the encrypted optical signal using the decryption driving voltage.
[0040] Furthermore, the clock synchronization unit includes a first photoelectric conversion module, a data sampling module, and a clock extraction module, wherein:
[0041] The first photoelectric conversion module is used to convert the optical signal in the clock synchronization unit into an electrical signal through photoelectric conversion;
[0042] The data sampling module is used to sample the electrical signal of the first photoelectric conversion module;
[0043] The clock extraction module is used to extract the clock from the sampled data of the data sampling module.
[0044] Furthermore, the frame synchronization unit includes a phase-amplitude conversion module, a second photoelectric conversion module, and a synchronization delay extraction module, wherein:
[0045] The phase-amplitude conversion module converts the phase information portion of the optical signal in the frame synchronization unit into intensity through phase-amplitude conversion;
[0046] The second photoelectric conversion module is used to convert the optical signal in the frame synchronization unit into an electrical signal through photoelectric conversion;
[0047] The synchronization delay extraction module is used to extract synchronization delay for frame synchronization.
[0048] Compared with the prior art, the beneficial effects of the present invention are as follows:
[0049] (1) This invention uses a series design to insert a photophysical layer security hardening transmitter module between the optical transmitter module and the optical fiber link, and inserts a photophysical layer security hardening receiver module between the optical fiber link and the optical receiver module. Through the series insertion design of the two modules, the security of optical signal transmission in optical fiber is guaranteed, providing a plug-and-play security hardening function for optical communication equipment, and avoiding structural modifications to existing optical communication equipment or optical transceiver modules.
[0050] (2) This invention supports simultaneous encryption and decryption of multiple wavelengths. The optical physical layer security hardening transmitting module can simultaneously encrypt wavelength division multiplexing optical signals emitted by multiple wavelength optical modules, and the corresponding optical physical layer security hardening receiving module can simultaneously decrypt multiple wavelengths, thus sharing the channel cost.
[0051] (3) The optical signal encryption and decryption processes are both completed in the optical domain, using optical modulation, optical amplification, optical attenuation and other processes, resulting in low processing delay.
[0052] (4) The key expansion is completed in the electrical domain and the encryption and decryption signal streams are generated. The optical domain encryption and decryption are controlled by the digital key in the electrical domain, which has high stability.
[0053] (5) The clock synchronization method can ensure that the optical signal and the encryption signal are aligned for each symbol. Each symbol optical signal is only modulated by one encryption level, ensuring that the optical signal is encrypted according to the predetermined encryption signal. The frame synchronization method can ensure that the decryption signal and the encrypted optical signal are aligned synchronously, and decryption is completed. This solves the synchronization problem between the encryption signal and the data signal and between decryption and encryption in serial encryption. Attached Figure Description
[0054] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the embodiments of the present invention will be briefly described below. Obviously, the drawings described below are merely some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without any creative effort.
[0055] Figure 1 A flowchart illustrating a novel physical layer secure communication method provided in Embodiment 1 of the present invention;
[0056] Figure 2 This is an extended flowchart of step 100 provided in Embodiment 1 of the present invention;
[0057] Figure 3 This is an extended flowchart of step 300 provided in Embodiment 1 of the present invention;
[0058] Figure 4 This is a diagram illustrating a novel physical layer secure communication system architecture provided in Embodiment 2 of the present invention.
[0059] Figure 5 This is a detailed module diagram of the clock synchronization unit provided in Embodiment 2 of the present invention;
[0060] Figure 6 This is a detailed module diagram of the multi-level random modulation encryption unit provided in Embodiment 2 of the present invention;
[0061] Figure 7 This is a detailed module diagram of the frame synchronization unit provided in Embodiment 2 of the present invention;
[0062] Figure 8 This is a detailed module diagram of the multi-level random modulation decryption unit provided in Embodiment 2 of the present invention;
[0063] Figure 9 This is a schematic diagram illustrating the encryption principle of the optical physical layer security hardening transmitter module and the decryption principle of the optical physical layer security hardening receiver module provided in Embodiment 2 of the present invention.
[0064] Figure 10 This is a schematic diagram of the clock synchronization principle provided in Embodiment 2 of the present invention;
[0065] Figure 11 This is a schematic diagram of the clock synchronization effect provided in Embodiment 2 of the present invention;
[0066] Figure 12 This is a schematic diagram of the frame synchronization principle provided in Embodiment 2 of the present invention. Detailed Implementation
[0067] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.
[0068] This invention is an architecture of a specific functional system. Therefore, the specific embodiments mainly describe the functional logic relationship of each structural module, and do not limit the specific software and hardware implementation methods.
[0069] Furthermore, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other, and the order of the steps can be changed as long as they are logical and do not conflict. The present invention will now be described in detail with reference to the accompanying drawings and embodiments.
[0070] Example 1:
[0071] like Figure 1 As shown, this embodiment of the invention provides a novel physical layer secure communication method, which uses serial quantum noise stream cryptography to perform optical domain encryption and decryption on the optical signal generated by the optical transceiver module. The method includes the following steps.
[0072] Step 100: Encrypt the optical signal emitted by the optical transmitter module by using the optical physical layer security hardening transmitter module to obtain an encrypted optical signal.
[0073] In this embodiment, the optical signal is encrypted twice by a multi-level random modulation encryption unit and a quantum noise masking unit. At the same time, a clock synchronization method is used to solve the synchronization problem between the encrypted signal and the optical signal to be encrypted in the serial encryption.
[0074] In this step, the optical signal emitted by the optical transmitting module is a PSK format optical signal, which carries plaintext information. The PSK format optical signal includes QPSK format, DPSK format, or other PSK format optical signals. Of course, in other embodiments, the optical signal emitted by the optical transmitting module can also be a QAM format optical signal, but its security is lower than that of the PSK format optical signal.
[0075] Step 200: Connect the encrypted optical signal generated by the optical physical layer security hardening transmitter module to the optical fiber link for optical transmission.
[0076] In this step of the embodiment, the encryption and decryption of the optical signal are both completed in the optical domain and transmitted optically through the optical fiber link.
[0077] Step 300: The encrypted optical signal transmitted through the optical fiber link is decrypted by the optical physical layer security hardening receiver module to obtain the decrypted optical signal.
[0078] Step 400: Connect the decrypted optical signal to the optical receiving module to complete signal reception and realize physical layer secure communication.
[0079] This preferred embodiment, through the above steps, can provide plug-and-play physical layer security hardening functionality for optical communication devices; and it also innovatively provides a physical layer secure communication method based on serial quantum noise stream cryptography, realizing optical domain encryption and optical domain decryption.
[0080] In serial encryption, there is a synchronization problem between the encryption signal and the data signal. If the encryption signal and the data signal are not synchronized, each symbol of the optical signal will be affected by two different encryption levels, making it impossible to encrypt according to the encryption signal. Furthermore, there is also a synchronization problem between encryption and decryption. If encryption and decryption are not synchronized, the decryption signal may not be able to align with the corresponding encryption signal, resulting in incorrect decryption.
[0081] To address the aforementioned problems, in one specific embodiment of this preferred embodiment, such as... Figure 2 As shown, step 100 can be expanded into the following steps:
[0082] Step 101: The optical physical layer security hardening transmitter module receives the optical signal carrying plaintext information emitted by the optical transmitter module.
[0083] In this step, the optical transmitting module transmits an optical signal carrying plaintext information for the optical physical layer security hardening transmitter module to receive.
[0084] Step 102: The optical physical layer security hardening transmitter module splits the optical signal emitted by the optical transmitter module.
[0085] In this step, the optical physical layer security hardening transmitter module splits the light into two parts: one part is used for clock synchronization, and the other part is used for optical signal encryption.
[0086] Step 103: A portion of the optical signal is connected to the clock synchronization unit. The clock synchronization unit extracts the clock synchronization information of the optical signal and controls the encryption drive voltage through the clock synchronization information to synchronize the encryption drive voltage with the clock of the optical signal emitted by the optical transmitter module, thereby achieving symbol-based encryption.
[0087] Specifically, a photodetector is used to perform photoelectric conversion on a portion of the optical signal transmitted from the optical emission module and split into an electrical signal. This electrical signal is then sampled to obtain the delay of the first pulse, which serves as clock synchronization information. This clock synchronization information is used to control the delay of the drive voltage. Since the delay corresponding to the first pulse is the shortest and relatively easy to implement, the delay of the first pulse is generally used as the clock synchronization information.
[0088] Step 104: Another part of the optical signal is sequentially connected to the multi-level random modulation encryption unit and the quantum noise masking unit to achieve two encryptions in the optical domain.
[0089] In one specific embodiment of this preferred embodiment, such as Figure 3 As shown, step 300 specifically includes the following steps:
[0090] Step 301: The optical physical layer security hardening receiver module splits the encrypted optical signal after the link transmission.
[0091] In this step, the optical physical layer security hardening receiver module splits the light into two parts: one part is used for frame synchronization, and the other part is used for optical signal decryption.
[0092] Step 302: A portion of the optical signal is input to the frame synchronization unit. The frame synchronization unit is used to calculate the frame synchronization information. The output delay of the decryption driving voltage is controlled by the frame synchronization information, and the signal frame of the decryption driving voltage is aligned with the signal frame of the encryption driving voltage in the optical physical layer security hardening transmitter module.
[0093] Among them, frame synchronization information reflects the delay information of encryption and decryption signals. The encryption and decryption signals need to be aligned, otherwise decryption cannot be performed correctly.
[0094] Specifically, for the phase-shift keying format optical signal emitted by the optical transmitting module, after encryption, the ciphertext is loaded onto the optical phase. The phase balance is broken by phase intensity conversion mechanisms such as fiber Bragg gratings and Mach-Zehnder interferometry, and then photoelectric conversion is performed by a photodetector to obtain the detection signal. The detection signal is sampled, and the correlation peak position between the stream cipher generated in the optical physical layer security hardening receiver module and the ciphertext signal in the encrypted optical signal transmitted to the receiver is calculated using the cross-correlation function. The time corresponding to the correlation peak can be understood as frame synchronization information. The output delay of the decryption driving voltage generated in the optical physical layer security hardening receiver module is adjusted according to the synchronization information to achieve encryption and decryption frame synchronization.
[0095] Since the stream cipher is the same in both the optical physical layer security hardening transmitting and receiving modules, the ciphertext signals carried in the encryption and decryption driving voltages are identical. The encrypted optical signal transmitted through the optical fiber is correlated with the stream cipher in the receiving module; the point of strongest correlation is the peak point of the correlation curve. Frame synchronization information is obtained from this information and used to adjust the output delay of the decryption driving voltage generated in the optical physical layer security hardening receiving module, thereby achieving encryption and decryption frame synchronization.
[0096] Step 303: Another part of the optical signal is connected to the multi-level random modulation decryption unit to realize the decryption of the optical domain.
[0097] In this embodiment, the optical signal is decrypted by a multi-level random modulation decryption unit, and the synchronization problem between decryption and encryption in serial encryption is solved by a frame synchronization method.
[0098] In summary, the embodiments of the present invention employ a series design, inserting a photophysical layer security-hardened transmitting module between the optical transmitting module and the optical fiber link, and inserting a photophysical layer security-hardened receiving module between the optical fiber link and the optical receiving module. This series insertion design of the two modules ensures the security of optical signal transmission in the optical fiber, provides plug-and-play security hardening functionality for optical communication equipment, and avoids structural modifications to existing optical communication equipment or optical transceiver modules.
[0099] This invention supports simultaneous encryption and decryption of multiple wavelengths. The optical physical layer security hardening transmitting module can simultaneously encrypt wavelength division multiplexed optical signals emitted by multiple wavelength optical modules, and the corresponding optical physical layer security hardening receiving module can simultaneously decrypt multiple wavelengths, thus sharing the channel cost.
[0100] In this invention, both the optical signal encryption and decryption processes are completed in the optical domain, utilizing optical modulation, optical amplification, and optical attenuation, resulting in low processing latency. In this invention, key expansion and the generation of encryption and decryption signal streams are performed in the electrical domain, with the electrical domain digital key controlling the optical domain encryption and decryption, leading to high stability. This invention also solves the synchronization problems between encrypted and data signals, as well as between decryption and encryption, in serial encryption through clock synchronization and frame synchronization methods.
[0101] Example 2:
[0102] Based on the novel physical layer secure communication method provided in Embodiment 1, this Embodiment 2 provides a novel physical layer secure communication system to implement the method of Embodiment 1.
[0103] refer to Figure 4 As shown, the system in this embodiment includes an optical transmitting module, an optical physical layer security hardening transmitting module, an optical fiber link, an optical physical layer security hardening receiving module, and an optical receiving module, wherein: the optical transmitting module is used to transmit optical signals carrying plaintext information; the optical physical layer security hardening transmitting module is used to encrypt the optical signals; the optical fiber link is used to transmit the encrypted optical signals generated by the optical physical layer security hardening transmitting module; the optical physical layer security hardening receiving module is used to decrypt the optical signals transmitted through the optical fiber link; and the optical receiving module is used to receive the decrypted optical signals generated by the optical physical layer security hardening receiving module, thereby completing signal reception and realizing physical layer secure communication.
[0104] Continue to refer to Figure 4In this embodiment, the optical physical layer security hardening transmitting module includes a clock synchronization unit, a multi-level random modulation encryption unit, and a quantum noise masking unit, and the optical physical layer security hardening receiving module includes a frame synchronization unit and a multi-level random modulation decryption unit.
[0105] The clock synchronization unit is used to detect a portion of the optical signal and extract clock synchronization information, and then transmit the clock synchronization information to the multi-level random modulation encryption unit. The multi-level random modulation encryption unit delays the encryption driving voltage using the clock synchronization information to align the encryption signal with the optical signal to be encrypted for each symbol.
[0106] Among them, reference Figure 5 In this embodiment, the clock synchronization unit includes a first photoelectric conversion module, a data sampling module, and a clock extraction module. The first photoelectric conversion module is used to convert the optical signal received by the clock synchronization unit into an electrical signal through photoelectric conversion. The data sampling module is used to sample the electrical signal of the first photoelectric conversion module. The clock extraction module is used to extract the clock from the sampled data of the data sampling module to obtain clock synchronization information.
[0107] The multi-level random modulation encryption unit is used to access another part of the optical signal. It uses the synchronous key stream to control the modulator driving voltage to perform random high-order modulation on the optical signal. The stream cipher carried by the synchronous driving voltage is aligned with each symbol of the plaintext information carried by the optical signal through the clock synchronization information, so that each symbol of the optical signal is encrypted by a different stream cipher.
[0108] Among them, reference Figure 6 The multi-level random modulation encryption unit includes a key generation unit, a stream cipher generation unit, a driving voltage generation unit, a driving voltage amplification unit, and an optical modulator. The key generation unit randomly generates a key. The stream cipher generation unit converts the key into a stream cipher. The driving voltage generation unit generates an encryption driving voltage based on the stream cipher and delays the encryption driving voltage using the clock synchronization information to generate a delayed driving voltage. The driving voltage amplification unit amplifies the delayed driving voltage to obtain an amplified driving voltage. The optical modulator receives an optical signal, encrypts the optical signal based on the amplified driving voltage, and sends the encrypted signal to a quantum noise masking unit for secondary encryption.
[0109] The quantum noise masking unit is used to perform secondary encryption on the encrypted optical signal by superimposing quantum noise, with the quantum noise range covering adjacent multi-level signals. The quantum noise masking unit transmits the secondary encrypted optical signal to the optical physical layer security hardening receiver module via an optical fiber link. The optical physical layer security hardening receiver module divides the encrypted optical signal into two parts: one part is sent to the frame synchronization unit, and the other part is sent to the multi-level random modulation decryption unit.
[0110] The frame synchronization unit is used to calculate frame synchronization information by combining a portion of the encrypted optical signal with the stream cipher in the multi-level random modulation decryption unit, and then transmit the frame synchronization information to the multi-level random modulation decryption unit.
[0111] Among them, reference Figure 7 As shown, in this embodiment, the frame synchronization unit includes a phase-amplitude conversion module, a second photoelectric conversion module, and a synchronization delay extraction module. The phase-amplitude conversion module converts the phase information portion of the optical signal in the frame synchronization unit to intensity through phase-amplitude conversion. The second photoelectric conversion module is used to convert the optical signal in the frame synchronization unit into an electrical signal through photoelectric conversion. The synchronization delay extraction module is used to perform cross-correlation calculation between the encrypted optical signal and the stream cipher in the multi-level random modulation decryption unit to extract frame synchronization information.
[0112] The multi-level random modulation decryption unit is used to access another part of the encrypted optical signal and to perform high-order modulation decryption on the encrypted optical signal using the decryption driving voltage.
[0113] Among them, reference Figure 8 The multi-level random modulation decryption unit includes a key generation unit, a stream cipher generation unit, a driving voltage generation unit, a driving voltage amplification unit, and an optical modulator; the key generation unit is used to generate a key identical to that of the key generation unit in the multi-level random modulation encryption unit; the stream cipher generation unit is used to convert the key into a stream cipher;
[0114] The frame synchronization unit is used to detect a portion of the optical signal and calculate the frame synchronization information Δt with the stream cipher, and then transmit the frame synchronization information Δt to the driving voltage generation unit. The driving voltage generation unit is used to generate a decryption driving voltage according to the stream cipher, and use the frame synchronization information Δt to delay the decryption driving voltage to generate a delayed decryption driving voltage. The driving voltage amplification unit is used to amplify the delayed decryption driving voltage to obtain an amplified decryption driving voltage.
[0115] The optical modulator receives the encrypted optical signal and performs high-order modulation and decryption on the optical signal according to the decryption drive voltage.
[0116] Based on the system architecture provided in this embodiment, this embodiment will next provide a process of physical layer secure communication in QPSK signal format as an example of the system workflow of this embodiment, to further illustrate the system functions of this embodiment.
[0117] refer to Figure 4 The workflow of the system in this embodiment is divided into five steps: step 1 is performed by the optical transmitting module; step 2 is performed by the optical physical layer security hardening transmitting module; step 3 is performed by the optical fiber link; step 4 is performed by the optical physical layer security hardening receiving module; and step 5 is performed by the optical receiving module.
[0118] Specifically, for step 1, the optical transmitting module transmits an optical signal of QPSK format, which carries plaintext information (e.g., 2 bits of plaintext {11}, whose position on the constellation is as follows). Figure 9 (a) is shown.
[0119] For step 2, the optical signal is encrypted using the optical physical layer security hardening transmitter module. In this step, the optical signal sent by the optical transmitter module is split by the optical coupler. One part of the signal is detected by the clock synchronization unit to extract clock synchronization information, which is then passed to the multi-level random modulation encryption unit. The other part of the optical signal is connected to the multi-level random modulation encryption unit, where the optical signal is randomly modulated at a higher order using an amplified driving voltage, such as... Figure 9 As shown in (b), the constellation points on the corresponding constellation diagram are randomly rotated to achieve symbol-based encryption. The encrypted optical signal is then further encrypted in the quantum noise masking unit by superimposing quantum noise. The quantum noise range covers adjacent multi-level signals, such as... Figure 9 As shown in (c), the encrypted signal changes from a multi-level discrete distribution after multi-level random modulation encryption to a continuous random distribution on the 0 to 2π phase.
[0120] For example, for a QPSK signal, each symbol's 2-bit plaintext can be encrypted using an N-bit stream cipher, randomly rotating the constellation points within a 2π range by 2^N angles. Taking plaintext {11} and an 8-bit stream cipher as an example (the stream cipher and plaintext have no direct correspondence), the 8-bit stream cipher {00101011} is 42 in decimal. Therefore, the corresponding amplified encryption drive voltage would be (42+1) / (2^8 / 2) = 43 / 128 times the modulator half-wave voltage. Figure 9 (b) shows that rotating the constellation points by 43π / 128 rad (and so on, with the stream cipher {00000000} corresponding to a rotation of 1 / 128 rad). After quantum noise masking by the quantum noise masking unit, the encrypted constellation diagram is shown. Figure 9 As shown in (c), the random distribution masks the plaintext information.
[0121] In this step, the specific method for extracting the clock from the optical signal and synchronizing the clock of the encrypted signal with the optical signal includes the following sub-steps.
[0122] Sub-step 201 converts the optical signal into an electrical signal via photoelectric conversion. (See reference) Figure 5 Sub-step 201 is completed by the first photoelectric conversion module of the clock synchronization unit. In this step, the optical signal emitted by the optical emission module is split and used for clock synchronization. The QPSK format optical signal can be obtained through intensity detection as shown below. Figure 10 The pulse signal shown in (a) carries information in its phase; as... Figure 10 (b) shows the QPSK phase timing diagram. The pulse position obtained by intensity detection corresponds to the rising and falling edge positions of the QPSK signal phase change.
[0123] Sub-step 202 involves sampling the electrical signal. (See reference...) Figure 5 Sub-step 202 is completed by the data sampling module of the clock synchronization unit. In this step, in order to extract pulse position information, the sampling interval of the data sampling needs to be less than half the width of the pulse optical signal. Since the electrical signal frequencies of the data signal and the randomly modulated encrypted signal are fixed, no real-time measurement is required after one synchronization alignment; only periodic correction of the clock offset is needed.
[0124] Sub-step 203 involves extracting the clock signal from the sampled data. (See reference...) Figure 5 Sub-step 203 is completed by the clock extraction module of the clock synchronization unit. In this step, clock synchronization information is extracted by pulse position detection, and the extracted clock synchronization information is passed to the multi-level random modulation encryption unit for delayed output of the modulation voltage.
[0125] For example, the phase information of a QPSK optical output module is as follows: Figure 11 As shown in (a). When the synchronous clock module is not used, as... Figure 11 (b) shows the timing diagram of the encryption drive voltage. The encryption drive voltage is not aligned with the optical signal clock. The modulated phase timing is as follows: Figure 11 As shown in (c), the signal is misaligned, and each symbol of the optical signal is modulated by two random modulation signal levels, resulting in random encryption. When using a synchronous clock module, as... Figure 11 As shown in (e), the encryption drive voltage is delayed by Tc (the solid line represents the encryption drive voltage after the delay, and the dashed line represents the encryption drive voltage before the delay). The encryption drive voltage is synchronized with the optical signal clock, as follows: Figure 11 (f) shows the phase timing diagram of the modulated optical signal. The optical module signal of each symbol is modulated by a random modulation signal level to realize the synchronization between the encryption signal carried by the encryption driving voltage and the optical module signal, i.e., the data signal, and to realize encryption by symbol.
[0126] For step 3, the encrypted optical signal generated by the optical physical layer security hardening transmitter module is connected to the optical fiber link for transmission.
[0127] In step 4, the optical physical layer security hardening receiving module decrypts the ciphertext optical signal. In this step, the optical signal transmitted from the fiber optic link is split by an optical coupler. One portion of the split signal has its frame synchronization information extracted by the frame synchronization unit and transmitted to the multi-level random modulation decryption unit. The other portion of the split optical signal is input to the multi-level random modulation decryption unit, where the synchronization key controls the modulator drive voltage to perform high-order modulation decryption. In this step, the synchronization key stream controls the modulator drive voltage value in the multi-level random modulation decryption unit of the optical physical layer security hardening transmitting module to be opposite to the modulator drive voltage value in the multi-level random modulation encryption unit of the optical physical layer security hardening receiving module. The frame synchronization information is used to align the modulator drive voltage in the multi-level random modulation decryption unit of the optical physical layer security hardening transmitting module with the modulator drive voltage in the multi-level random modulation encryption unit of the optical physical layer security hardening receiving module. Figure 9 As shown in (d), the implementation effect of the optical physical layer hardened receiver module is to rotate the constellation points in the constellation diagram of the signal carried by the optical carrier in the opposite direction to achieve decryption; the decrypted signal constellation diagram is a QPSK modulation format type with quantum noise.
[0128] For example, for 2-bit plaintext {11}, assuming the 8-bit key in the optical physical layer security hardening transmitting module is {00101011}, then the synchronization key in the optical physical layer security hardening receiving module is also {00101011}, and the corresponding modulation decryption driving voltage is -43 / 128 times the modulator half-wave voltage, such as... Figure 9 (d) shows the rotation of the constellation points by -43π / 128 rad.
[0129] In this step, the specific method for extracting frame synchronization information from the optical signal and synchronizing the decryption and encryption signals includes the following sub-steps.
[0130] Sub-step 401 involves converting the phase information portion of the optical signal into intensity via phase-amplitude conversion. (Reference) Figure 7 Sub-step 401 is completed by the phase-amplitude conversion module of the frame synchronization unit. In this step, after the QPSK signal is encrypted through multi-level random modulation, the information is mainly distributed in the phase. In order to detect the phase information of the encrypted signal, phase-amplitude conversion can be achieved by methods such as unbalanced Mach-Zehnder interferometry structure and fiber dispersion compensation module, so as to convert part of the phase information of the optical signal into intensity for extracting frame synchronization information.
[0131] Sub-step 402 involves photoelectric conversion, converting the optical signal into an electrical signal. (Reference) Figure 7Sub-step 402 is completed by the second photoelectric conversion module of the frame synchronization unit.
[0132] Sub-step 403 involves extracting the synchronization delay for frame synchronization. (See reference...) Figure 7 Sub-step 403 is completed by the synchronization delay extraction module of the frame synchronization unit.
[0133] In this step, the cross-correlation function is used to calculate the cross-correlation relationship between the encrypted optical signal carried on the optical signal sent from the optical fiber link and the stream cipher in the multi-level random modulation encryption unit of the optical physical layer security hardening receiver module, so as to determine the frame delay between the encrypted signal and the decrypted signal.
[0134] like Figure 12 As shown, the peak position coordinate Δt of the correlation function curve represents the delay between the modulator driving voltage in the multi-level random modulation decryption unit of the optical physical layer security hardening transmitter module and the modulator driving voltage in the multi-level random modulation encryption unit of the optical physical layer security hardening receiver module.
[0135] The frame synchronization unit transmits this delay information to the multi-level random modulation decryption unit. In the multi-level random modulation decryption unit, the decryption drive signal is delayed by Δt and then used to drive the decryption modulator. This aligns the random modulation decryption drive voltage in the multi-level random modulation decryption unit of the optical physical layer security hardening receiver module with the random modulation encryption drive voltage in the multi-level random modulation encryption unit of the optical physical layer security hardening transmitter module, thereby achieving frame synchronization between the decryption signal and the encryption signal.
[0136] In summary, this invention employs a cascaded design, inserting an optical physical layer (OPL) security-hardened transmitter module between the optical transmitter module and the optical fiber link, and an OPL security-hardened receiver module between the optical fiber link and the optical receiver module. This cascaded insertion design ensures the security of optical signal transmission in the optical fiber, providing plug-and-play security hardening capabilities for optical communication equipment and avoiding structural modifications to existing optical communication equipment or optical transceiver modules. This invention supports simultaneous encryption and decryption of multiple wavelengths. The OPL security-hardened transmitter module can simultaneously encrypt wavelength division multiplexed optical signals emitted by multiple wavelength optical modules, and the corresponding OPL security-hardened receiver module can simultaneously decrypt multiple wavelengths, sharing channel costs. The optical signal encryption and decryption processes in this invention are both completed in the optical domain, utilizing optical modulation, optical amplification, and optical attenuation, resulting in low processing latency. This invention completes key expansion and generates encryption and decryption signal streams in the electrical domain, controlling optical domain encryption and decryption with an electrical domain digital key, ensuring high stability. The embodiments of the present invention solve the synchronization problem between encryption signals and data signals, as well as between decryption and encryption, in serial encryption by using clock synchronization and frame synchronization methods.
[0137] Those skilled in the art will understand that all or part of the steps in the various methods of the embodiments can be implemented by a program instructing related hardware. The program can be stored in a computer-readable storage medium, which may include: read-only memory (ROM), random access memory (RAM), disk or optical disk, etc.
[0138] The above description is merely a preferred embodiment of the present invention and is not intended to limit the invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the present invention should be included within the scope of protection of the present invention. Contents not described in detail in this specification are prior art known to those skilled in the art.
Claims
1. A physical layer secure communication method, characterized by, include: The optical signal emitted by the optical transmitting module is encrypted using an optical physical layer security hardening transmitter module to obtain an encrypted optical signal. This process includes: the optical physical layer security hardening transmitter module receiving the optical signal carrying plaintext information emitted by the optical transmitting module; the optical physical layer security hardening transmitter module splitting the optical signal emitted by the optical transmitting module; a portion of the optical signal being connected to a clock synchronization unit, which extracts the clock synchronization information of the optical signal and controls the encryption driving voltage to align the encryption driving voltage with the clock of the optical signal emitted by the optical transmitting module, achieving symbol-based encryption; and another portion of the optical signal being sequentially connected to a multi-level random modulation encryption unit and a quantum noise masking unit, achieving double encryption in the optical domain. The encrypted optical signal generated by the optical physical layer security hardening transmitter module is connected to the optical fiber link for optical transmission. The encrypted optical signal transmitted through the optical fiber link is decrypted by the optical physical layer security hardening receiver module to obtain the decrypted optical signal; The decrypted optical signal is connected to the optical receiving module to complete signal reception and realize secure communication at the physical layer.
2. The physical layer secure communication method of claim 1, wherein, The step of extracting clock synchronization information from the optical signal using a clock synchronization unit and controlling the encryption drive voltage with the clock of the optical signal emitted by the optical transmitting module using the clock synchronization information specifically includes: A photodetector is used to perform photoelectric conversion on a portion of the optical signal transmitted from the optical emission module and split into an electrical signal. The electrical signal is then sampled to obtain the first pulse delay as clock synchronization information. This clock synchronization information is used to control the delay of the drive voltage.
3. The physical layer secure communication method of claim 1, wherein, The specific steps of decrypting the encrypted optical signal transmitted via the fiber optic link through the optical physical layer security-hardened receiver module include: The optical physical layer security-hardened receiver module splits the optical signal after it has been transmitted through the link. A portion of the optical signal is input to the frame synchronization unit, which calculates the frame synchronization information and controls the output delay of the decryption driving voltage through the frame synchronization information, aligning the decryption driving voltage with the signal frame of the encryption driving voltage in the optical physical layer security hardening transmitter module. Another portion of the optical signal is fed into a multi-level random modulation decryption unit to achieve decryption in the optical domain.
4. The physical layer secure communication method of claim 3, wherein, The step of calculating frame synchronization information using a frame synchronization unit, controlling the output delay of the decryption driving voltage using the frame synchronization information, and aligning the decryption driving voltage with the signal frame of the encryption driving voltage in the opto-physical layer security hardening transmitter module specifically includes: For the phase-shift keying format optical signal emitted by the optical emission module, after encryption, the ciphertext is loaded onto the optical phase. The phase information is transferred to the intensity using a phase-intensity conversion mechanism, and then the photodetector performs photoelectric conversion to obtain the detection signal. The detection signal is sampled, and the correlation peak position between the stream cipher generated in the optical physical layer security hardening receiver module and the encrypted optical signal transmitted from the optical fiber link is calculated using the cross-correlation function to obtain frame synchronization information. The output delay of the decryption drive voltage generated in the optical physical layer security hardening receiver module is adjusted according to the synchronization information to achieve encryption and decryption frame synchronization.
5. The physical layer secure communication method according to any one of claims 1 to 4, characterized by, The optical signals emitted by the optical emitting module include PSK format optical signals, which carry plaintext information.
6. A physical layer secure communication system, characterized by, It includes an optical transmitting module, an optical physical layer security-hardened transmitting module, an optical fiber link, an optical physical layer security-hardened receiving module, and an optical receiving module, wherein: The optical emission module is used to emit optical signals carrying plaintext information; The photophysical layer security hardening transmitter module is used to encrypt optical signals; The optical fiber link is used for optical transmission of the encrypted optical signal generated by the optical physical layer security hardening transmitter module. The optical physical layer security-hardened receiver module is used to decrypt optical signals transmitted through the optical fiber link; The optical receiving module is used to receive the decrypted optical signal generated by the optical physical layer security hardening receiving module, complete the signal reception, and realize physical layer secure communication. The optical physical layer security hardening transmitting module includes a clock synchronization unit, a multi-level random modulation encryption unit, and a quantum noise masking unit; the optical physical layer security hardening receiving module includes a frame synchronization unit and a multi-level random modulation decryption unit, wherein: The clock synchronization unit is used to detect a portion of the optical signal, extract clock synchronization information, and transmit the clock synchronization information to the multi-level random modulation encryption unit. The multi-level random modulation encryption unit is used to access another part of the optical signal and use the synchronous key stream to control the driving voltage to perform random high-order modulation encryption on the optical signal. The quantum noise masking unit is used to perform secondary encryption on the encrypted optical signal by superimposing quantum noise, and the quantum noise range covers adjacent multi-level signals. The frame synchronization unit is used to calculate frame synchronization information by combining a portion of the encrypted optical signal with the stream cipher in the multi-level random modulation decryption unit, and then transmit the frame synchronization information to the multi-level random modulation decryption unit. The multi-level random modulation decryption unit is used to access another part of the encrypted optical signal and to perform high-order modulation decryption on the encrypted optical signal using the decryption driving voltage.
7. A physical layer secure communication system according to claim 6, characterized in that, The clock synchronization unit includes a first photoelectric conversion module, a data sampling module, and a clock extraction module, wherein: The first photoelectric conversion module is used to convert the optical signal in the clock synchronization unit into an electrical signal through photoelectric conversion; The data sampling module is used to sample the electrical signal of the first photoelectric conversion module; The clock extraction module is used to extract the clock from the sampled data of the data sampling module.
8. The physical layer secure communication system of claim 6, wherein, The frame synchronization unit includes a phase-amplitude conversion module, a second photoelectric conversion module, and a synchronization delay extraction module, wherein: The phase-amplitude conversion module converts the phase information portion of the optical signal in the frame synchronization unit into intensity through phase-amplitude conversion; The second photoelectric conversion module is used to convert the optical signal in the frame synchronization unit into an electrical signal through photoelectric conversion; The synchronization delay extraction module is used to extract synchronization delay for frame synchronization.