Group key agreement method against internal attackers in unmanned aerial ad hoc networks
By broadcasting and receiving messages containing knowledge proofs and implicit key shares in a drone ad hoc network, the authenticity and consistency of key contributions are independently verified, aggregate commitments are generated, and implicit aggregate keys are exchanged. This solves the problem of internal attacks in drone ad hoc networks and ensures the availability and security of communication.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIDIAN UNIV
- Filing Date
- 2026-02-11
- Publication Date
- 2026-06-09
Smart Images

Figure CN122179780A_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of group key technology, specifically relating to a group key negotiation method in a drone self-organizing network that can resist internal attackers. Background Technology
[0002] In recent years, drone technology has developed rapidly and has been widely used in disaster relief and other fields. Compared with individual drones, drone self-organizing network technology, which can efficiently perform complex tasks, requires no pre-deployed infrastructure, and supports dynamic decentralized networking, has become a key networking paradigm for realizing drone collaborative tasks. In drone self-organizing networks, drones need to frequently exchange situational awareness data, collaborative control commands, and other information through public channels. Considering that wireless channels are vulnerable to threats such as eavesdropping, tampering, and replay attacks, the security of group communication directly affects the success or failure of the mission. To reduce risks, establishing a shared group key among self-organizing drones has become standard practice.
[0003] Traditional group key establishment methods mainly fall into two categories: group key distribution and group key negotiation. In group key distribution, a trusted central entity generates the complete group key and securely distributes it to all members, who do not participate in the key generation process. Group key negotiation, on the other hand, allows all members to participate in group key generation in a peer-to-peer manner: each member independently generates temporary key contributions and exchanges them through message interaction, with authentication and digital signatures ensuring the legitimacy and integrity of the key contribution source. Ultimately, each legitimate member receives key contributions from all members and calculates the group key locally. Given that UAV ad hoc networks adopt a distributed architecture and all members are peer nodes, with no continuously online central authority, group key negotiation is more suitable for this scenario.
[0004] However, most traditional group key agreement protocols are based on the assumption that all group members will honestly abide by the protocol and that the attacker comes from outside the group. This assumption does not apply to the relatively vulnerable drone ad hoc network environment. During missions, especially in high-threat scenarios, drones face real risks such as control link hijacking, firmware tampering, and even physical capture. Once an attacker gains control of a drone, the compromised drone becomes an inside attacker, yet it still possesses valid credentials and can be authenticated as a legitimate member. This allows it to disrupt the group key agreement process while remaining difficult to detect. In group key agreement protocols, malicious inside drones can selectively send inconsistent key contributions to different members. Such attacks can cause honest drones within the group to ultimately derive different group keys, thereby compromising the availability of key agreement and paralyzing group communication.
[0005] Therefore, traditional group key negotiation methods do not take into account the illegitimate behavior of group members, resulting in weak security during key generation. Summary of the Invention
[0006] This invention provides a group key negotiation method for unmanned aerial vehicle (UAV) self-organizing networks that can resist internal attackers, thereby solving the aforementioned technical problems.
[0007] In a first aspect, embodiments of the present invention provide a group key negotiation method for unmanned aerial vehicle (UAV) self-organizing networks that can resist internal attackers. The method is applied to any UAV in the UAV network and includes: The system broadcasts the first message of a drone to other drones and receives first messages from other drones to verify whether the key contribution shared by other drones is correct based on the first messages of other drones. The first message of a drone includes at least: the drone's knowledge proof and implicit key share. The drone's knowledge proof and key share are generated based on the drone's key contribution. The implicit key share of the drone is an implicit expression of the drone's key share. Recover the key share of the first secure drone and generate an aggregate commitment for each first secure drone based on the key share of the first secure drone, wherein the key contribution sent by the first secure drone is correct; Broadcast a second message from the drone to the first secure drone and receive a second message from the first secure drone, wherein the second message from the drone includes at least an implicit aggregation key of the drone generated based on the aggregation key of the drone; Based on the aggregation commitment of the first secure drone and the second message of the first secure drone, verify whether the aggregation key of the first secure drone is correct; A group key is generated based on the aggregate key of the second security drone, wherein the aggregate key shared by the second security drone is correct.
[0008] Secondly, embodiments of the present invention provide a drone including a transceiver unit, a verification unit, and a key processing unit; The transceiver unit is used to broadcast the first message of the drone to other drones and receive the first message from other drones. The first message of the drone includes at least: the drone's knowledge proof and implicit key share. The drone's knowledge proof and key share are generated based on the drone's key share. The drone's implicit key share is an implicit expression of the drone's key share. The verification unit is used to verify whether the key contribution shared by other drones is correct based on the first message from other drones; The key processing unit is used to recover the key share of the first secure drone and generate an aggregate commitment for each first secure drone based on the key share of the first secure drone, wherein the key share shared by the first secure drone is correct; The transceiver unit is further configured to broadcast a second message from the drone to the first secure drone and receive a second message from the first secure drone, wherein the second message from the drone includes at least an implicit aggregation key of the drone generated based on the aggregation key of the drone; The verification unit is further configured to verify whether the aggregation key of the first secure drone is correct based on the aggregation commitment of the first secure drone and the second message of the first secure drone; The key processing unit is also used to generate a group key based on the aggregate key of the second secure drone, wherein the aggregate key shared by the second secure drone is correct.
[0009] Thirdly, embodiments of the present invention provide an unmanned aerial vehicle (UAV) communication system, including a ground control station and an UAV network, wherein the UAV network consists of multiple UAVs, and the UAVs are used to negotiate a group key according to the method described in the first aspect.
[0010] The beneficial effects of this invention compared to existing technologies are as follows: By broadcasting and receiving a first message containing knowledge proofs and implicit key shares, this invention enables each drone to independently verify the authenticity and consistency of key contributions shared by other drones based on cryptographic principles. Knowledge proofs ensure the legitimacy of the contribution source, and implicit expressions allow cross-verification without exposing sensitive details, thereby identifying inconsistent contributions that malicious drones may send at an early stage. Recovering the verified secure drone key shares and generating an aggregation commitment aggregates reliable contributions, establishing a trusted foundation for subsequent steps and ensuring that the negotiation process proceeds only based on correct data. Exchanging implicit aggregation keys through a second message and verifying the aggregation key based on the aggregation commitment utilizes the binding attributes and verification mechanism of the commitment to confirm the correctness of the aggregation, further filtering out anomalies and preventing malicious interference. This multi-layered distributed verification system embeds consistency checks at every step of the key negotiation process, effectively isolating destructive behavior from internal attackers. Ultimately, honest and legitimate drones can reach a consensus group key based solely on correct contributions, ensuring the availability of communication and resistance to external and internal attacks in high-threat scenarios for drone ad hoc networks. Attached Figure Description
[0011] Figure 1 This is a schematic diagram of the architecture of an unmanned aerial vehicle (UAV) communication system according to an embodiment of the present invention; Figure 2A flowchart illustrating the implementation of a group key negotiation method for unmanned aerial vehicle (UAV) self-organizing networks that can resist internal attackers, provided in an embodiment of the present invention. Figure 3 This is a schematic diagram illustrating a scenario for a group key negotiation method in an unmanned aerial vehicle (UAV) self-organizing network that can resist internal attackers, provided by an embodiment of the present invention. Figure 4 This is a schematic diagram of the structure of a drone provided in an embodiment of the present invention. Detailed Implementation
[0012] In the following description, specific details such as particular system architectures and techniques are set forth for illustrative purposes and not for limitation, in order to provide a thorough understanding of the embodiments of the invention. However, those skilled in the art will understand that the invention can be implemented in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, apparatuses, circuits, and methods are omitted so as not to obscure the description of the invention with unnecessary detail.
[0013] It should be understood that, when used in this specification and the appended claims, the term "comprising" indicates the presence of the described features, integrals, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or collections thereof.
[0014] It should also be understood that the term “and / or” as used in this specification and the appended claims refers to any combination of one or more of the associated listed items and all possible combinations, and includes such combinations.
[0015] As used in this specification and the appended claims, the term "if" may be interpreted, depending on the context, as "when," "once," "in response to determination," or "in response to detection." Similarly, the phrase "if determined" or "if [described condition or event] is detected" may be interpreted, depending on the context, as meaning "once determined," "in response to determination," "once [described condition or event] is detected," or "in response to detection of [described condition or event]."
[0016] Furthermore, in the description of this invention and the appended claims, the terms "first," "second," "third," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0017] References to "one embodiment" or "some embodiments" as described in this specification mean that one or more embodiments of the invention include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized.
[0018] The present invention will be further described in detail below with reference to specific embodiments, but the implementation of the present invention is not limited thereto.
[0019] Example 1 Figure 1 This is a schematic diagram of the architecture of an unmanned aerial vehicle (UAV) communication system according to an embodiment of the present invention.
[0020] As an example, see Figure 1 A drone communication system can include a drone network and a ground control station. The drone network can be composed of... A swarm of drones forms an ad hoc network. The ground control station assigns each drone public group parameters and confidential values, such as its private key; however, the ground control station does not participate in the subsequent group key negotiation process. This is because in an Unmanned Aerial Vehicle Ad Hoc Network (UANET) scenario, the drone swarm may operate outside the control range of the ground control station (GCS), or obstacles such as mountains or buildings may prevent the GCS from maintaining a stable and continuous connection with the drones. The drones in the ad hoc network communicate via wireless channels. Therefore, to ensure communication security, a group key is established by all drones in the UANET through exchanging key contributions.
[0021] Example 2 Figure 2 The diagram illustrates a flowchart of a group key negotiation method for unmanned aerial vehicle (UAV) ad hoc networks that can resist internal attackers, provided by an embodiment of the present invention. This method is illustrative and not limiting, and can be applied to the aforementioned system. The method may include steps S201-S212, which are described below.
[0022] S201, the ground station performs system initialization and generates common system parameters.
[0023] In one possible implementation, before the drones take off, the ground control station can initialize the system, generate common system parameters, and assign several confidential values to each drone. Simultaneously, it can store the system master key. ,in,, Modulus The set of all non-zero and invertible (multiplicative inverse) elements in the sense of the given.
[0024] For example, the system's common parameters It can be represented as: It can include elliptic curves Its base point is , level ; For the system public key, the first to third one-way hash functions Reconstructing the threshold .
[0025] For example, the reconstruction threshold can determine the order of the polynomial in subsequent key contribution generation.
[0026] In one example, it can be seen from The private key of the drone is randomly selected, and based on the drone's private key, a formula is used... Calculate the drone's public key. Finally, put the drone... The confidential value is the public-private key pair. Send to drone .
[0027] S202, the ground control station sends common system parameters to the UAV.
[0028] Correspondingly, common parameters for UAV receiving systems.
[0029] See Figure 3 Through the key pre-generation stage shown in steps S203-S206 below, any drone in the drone network It can generate its own key contribution and calculate the corresponding commitment and knowledge proof, then broadcast it to other members of the group. Specifically, drones... Key contributions can be split and secretly distributed to each member, while commitments and knowledge proofs are publicly published to the entire group. This content is encapsulated in a single broadcast message. Upon receiving a broadcast message, each drone verifies the validity of the commitment and proof; if verification passes, the contribution is incorporated into its local aggregation for use in subsequent stages; otherwise, the message is rejected and the abnormal behavior can be reported. During this stage, each member can act as both a sender and a receiver.
[0030] S203, the drone generates its own key share.
[0031] In one possible implementation, the drone can first sample the key contribution, and then construct a polynomial to generate its own key share based on the key contribution.
[0032] For example, the key contribution of a drone can satisfy: ,in, For drones Key contribution, This indicates random selection.
[0033] In one example, the drone can... Random sampling coefficients Thus constructing A polynomial of degree n generates its own key share.
[0034] For example, the A polynomial of degree 1 can satisfy the following formula:
[0035] in, .
[0036] For example, the key share of a drone can satisfy the following formula:
[0037] in, For drones Send to drone The key share.
[0038] S204, the drone generates the first message based on its own key contribution and key share.
[0039] In one possible implementation, the drone's first message may include at least the drone's implicit key share.
[0040] For example, the implicit key share of a drone is an implicit expression of the key share of the drone.
[0041] In one example, a drone can construct a Lagrange interpolation polynomial to generate its own implicit key share based on its own key share.
[0042] For example, the implicit key share of a drone can satisfy the following formula:
[0043] in, Let be the independent variable of the polynomial, when hour For drones Send to drone Implicit key share. For drones Send to drone Key share, For a finite field The rank.
[0044] in:
[0045]
[0046]
[0047] in, ,express From Randomly selected from among them.
[0048] This "implicit share" method can significantly reduce the length of broadcast messages.
[0049] In one possible implementation, the drone's first message may also include proof of knowledge, commitment, authentication value, first timestamp, and first public element.
[0050] In one example, the drone's commitment could be a set of coefficient commitment values.
[0051] For example, drones A commitment can be expressed as ,in For drones The Each coefficient promises a value.
[0052] Specifically, the coefficient commitment value of the drone can satisfy the following formula: .
[0053] The commitment set can provide a public reference for subsequent consistency checks. This prevents the sender from changing its key contribution or providing inconsistent information to different members in subsequent stages.
[0054] In one example, a knowledge proof for the drone can be generated based on the system's public parameters and the drone's own key contribution.
[0055] For example, drones Knowledge proof , The two parameters included can satisfy the following formula in sequence:
[0056]
[0057] in:
[0058] in, For the identification of drones, Depend on drones Key contribution generation.
[0059] Any other drone can be used Verify knowledge proofs to determine the drone Know the constant term of its commitment.
[0060] Optionally, the first timestamp can be the time when the drone generated the knowledge proof.
[0061] In one example, authentication values and the first public element can be generated based on the system's public parameters.
[0062] For example, the first disclosed element of the drone satisfies: .
[0063] For example, the certification value of a drone can satisfy the following formula:
[0064] in:
[0065]
[0066]
[0067] in, For drones The first timestamp.
[0068] S205, the drone broadcasts its first message to other drones and receives first messages from other drones.
[0069] For example, drones First news It can be represented as .
[0070] Accordingly, other drones send their own first messages to the drone and receive the drone's first messages.
[0071] S206, the drone verifies the correctness of the key share shared by other drones based on the first message from other drones.
[0072] In one possible implementation, the freshness of the first timestamp of other drones, the legality of the knowledge proof, the integrity of the first message, and the consistency of the share with the commitment can be verified sequentially based on the first message from other drones. If the first messages from other drones all pass verification, it is determined that the key share shared by other drones to this drone is correct, that is, the key shares shared by other drones are consistent, and this other drone is the first secure drone, and the following step S207 is performed. Otherwise, it is determined that the other drone is illegal, and communication with it is stopped.
[0073] In one example, if the first timestamp of other drones meets ,in, The time when the drone receives the first message. If the system allows a time deviation threshold, then other drones are determined to have passed the freshness verification of the first timestamp.
[0074] In one example, the coefficient commitment value can be based on other drones. calculate And check if it satisfies: If the conditions are met, then other drones are determined to have passed the knowledge proof legitimacy verification.
[0075] In one example, the other drones can be recovered using common parameters. , , These parameters are used to recover the key shares of other drones, and then the integrity of the first message is verified based on their key shares.
[0076] For example, parameters , , It can be recovered using the following formula:
[0077]
[0078]
[0079] in, , , After recovery , , .
[0080] For example, drones The key share can be obtained through the formula recover.
[0081] For example, after recovering the key shares of other drones, parameter recovery can continue. and Then verify the parameters. , And key share, whether it meets the requirements If the condition is met, it means that other drones have passed the first message integrity verification.
[0082] Specifically, parameters and It can be recovered using the following formula:
[0083]
[0084] in, , After recovery , .
[0085] In one example, the correctness of the key share can be further checked, if it meets the following conditions: The other drones were verified to be consistent with their commitments.
[0086] See Figure 3 Through the group key negotiation phase shown in steps S207~S212 below, any first secure drone The received key contribution shares can be aggregated into a new "global key contribution" first, and then these reconstructed contributions can be exchanged again to calculate the final group key. Utilizing the additive homomorphic property of secret sharing, each... Aggregate its verified shares to reconstruct a new global contribution locally. .because The initial key contributions from all members collectively determine the structure, thus creating a consistent relational structure at the global level. Members then exchange these keys. And finally calculate the group key.
[0087] S207, the drone generates an aggregate commitment for each of the first secure drones based on the key share of the first secure drone.
[0088] In one example, an aggregate commitment can satisfy the following formula:
[0089] in, For drones Aggregate commitment.
[0090] S208, the drone generates its own aggregate key based on its own key share.
[0091] For example, the aggregation key for a drone can satisfy the following formula:
[0092] in, For drones The aggregate key.
[0093] S209, the drone generates a second message based on its own aggregation key.
[0094] In one possible implementation, the drone's second message may include at least the drone's implicit aggregation key.
[0095] In one example, similarly, a polynomial can be constructed to generate the implicit aggregation key for the drone.
[0096] For example, the implicit aggregation key of a drone can satisfy the following formula:
[0097] in, Let be the independent variable of the polynomial, when hour For drones Send to drone The implicit aggregation key. For drones The aggregate key, For a finite field The rank.
[0098] in:
[0099]
[0100]
[0101] in, ,express From Randomly selected from among them.
[0102] In one possible implementation, the second message from the drone may also include a second public element. Second authentication value Second timestamp .
[0103] In one example, the second public element can be expressed by the formula. calculate.
[0104] In one example, the drone's second authentication value can satisfy the following formula:
[0105] in:
[0106] .
[0107] S210, the drone broadcasts its second message to the first secure drone and receives a second message from the first secure drone.
[0108] For example, drones Second message It can be represented as: .
[0109] S211, the drone verifies whether the aggregation key of the first secure drone is correct based on the aggregation commitment of the first secure drone and the second message of the first secure drone.
[0110] In one possible implementation, the validity of the aggregate key of the first secure drone and the consistency between the local contribution and the global contribution can be verified sequentially. If the aggregate key of the first secure drone passes all verifications, the aggregate key of the first secure drone is determined to be correct, and it is identified as the second secure drone, and step S112 is performed; otherwise, the first secure drone is confirmed to be illegal, and communication with it is stopped.
[0111] In one example, the parameters can be restored first based on the common parameters. , Then verify Does it meet the requirements? If the conditions are met, then the second message from the first drone is confirmed to have passed the validation of the aggregation key.
[0112] For example, the parameter can be recovered using the following formula. , :
[0113]
[0114] in, , After recovery , .
[0115] In one example, the aggregation key of the first UAV can be recovered from its implicit aggregation key, and then its aggregation key can be verified to satisfy the following conditions: If the condition is met, then the second message of the first UAV is confirmed to have passed the consistency verification between the local contribution and the global contribution.
[0116] For example, the aggregation key can be recovered using the following formula:
[0117] in:
[0118]
[0119] .
[0120] S112, the drone generates a group key based on the aggregate key of the second security drone.
[0121] Here, the default drone is also a second-security drone, meaning it is considered secure by default. If a drone is illegal, and the implicit key share it broadcasts to a second-security drone has been tampered with, its first message will fail verification. The attacked second-security drone will report its illegal identity, and the illegal drone will be kicked out of the group. No drone will send it any subsequent second messages, and naturally, it will not be able to collect the aggregate key of any second-security drone, thus failing to generate the correct group key.
[0122] In one possible implementation, one can choose... The global constant term is reconstructed from the aggregate key of the second secure drone; a group key is generated based on the global constant term.
[0123] In one example, any one can be chosen. index set ,exist Calculate the Lagrange coefficients and reconstruct the global constant term.
[0124] For example, the global constant term can satisfy the following formula:
[0125] in, For global constant terms, For drones The aggregate key, For a finite field The rank.
[0126] In one example, the group key can satisfy the following formula:
[0127] in, The group key. This is a function derived from the key.
[0128] This invention enables each drone to independently verify the authenticity and consistency of key contributions shared by other drones based on cryptographic principles by broadcasting and receiving a first message containing knowledge proofs and implicit key shares. Knowledge proofs ensure the legitimacy of the contribution source, while implicit expressions allow cross-verification without exposing sensitive details, thus identifying inconsistent contributions that malicious drones might send at an early stage. Recovering the verified secure drone key shares and generating an aggregation commitment aggregates reliable contributions, establishing a trusted foundation for subsequent steps and ensuring the negotiation process proceeds only based on correct data. Exchanging implicit aggregation keys through a second message and verifying the aggregation key based on the aggregation commitment utilizes the commitment's binding attributes and verification mechanism to confirm the aggregation's correctness, further filtering out anomalies and preventing malicious interference. This multi-layered distributed verification system embeds consistency checks at every step of the key negotiation process, effectively isolating destructive behavior from internal attackers. Ultimately, honest and legitimate drones can reach a consensus group key based solely on correct contributions, ensuring the availability of drone ad hoc networks and their resistance to external and internal attacks in high-threat scenarios.
[0129] Example 3 Figure 4 The diagram shown is a structural schematic of a drone provided in an embodiment of the present invention. As an example and not a limitation, the drone may include a transceiver unit, an authentication unit, and a key processing unit.
[0130] For example, the transceiver unit is used to broadcast a first message from the drone to other drones and receive first messages from other drones, wherein the first message from the drone includes at least: a knowledge proof and an implicit key share of the drone, both of which are generated based on the drone's key share, and the implicit key share of the drone is an implicit expression of the drone's key share; the verification unit is used to verify whether the key contribution shared by other drones is correct based on the first messages from other drones; the key processing unit is used to recover the key share of the first secure drone and generate an aggregate commitment for each of the first secure drones based on the key share of the first secure drones, wherein the key share shared by the first secure drones is correct; the transceiver unit is also used to broadcast a second message from the drone to the first secure drone and receive second messages from the first secure drone, wherein the second message from the drone includes at least an implicit aggregate key of the drone generated based on the drone's aggregate key; the verification unit is also used to verify whether the aggregate key of the first secure drone is correct based on the aggregate commitment and the second message from the first secure drone; the key processing unit is also used to generate a group key based on the aggregate key of the second secure drone, wherein the aggregate key shared by the second secure drone is correct.
[0131] This invention enables each drone to independently verify the authenticity and consistency of key contributions shared by other drones based on cryptographic principles by broadcasting and receiving a first message containing knowledge proofs and implicit key shares. Knowledge proofs ensure the legitimacy of the contribution source, while implicit expressions allow cross-verification without exposing sensitive details, thus identifying inconsistent contributions that malicious drones might send at an early stage. Recovering the verified secure drone key shares and generating an aggregation commitment aggregates reliable contributions, establishing a trusted foundation for subsequent steps and ensuring the negotiation process proceeds only based on correct data. Exchanging implicit aggregation keys through a second message and verifying the aggregation key based on the aggregation commitment utilizes the commitment's binding attributes and verification mechanism to confirm the aggregation's correctness, further filtering out anomalies and preventing malicious interference. This multi-layered distributed verification system embeds consistency checks at every step of the key negotiation process, effectively isolating destructive behavior from internal attackers. Ultimately, honest and legitimate drones can reach a consensus group key based solely on correct contributions, ensuring the availability of drone ad hoc networks and their resistance to external and internal attacks in high-threat scenarios.
[0132] In the above embodiments, the descriptions of each embodiment have different focuses. For parts that are not described in detail or recorded in a certain embodiment, please refer to the relevant descriptions of other embodiments.
Claims
1. A group key negotiation method for unmanned aerial vehicle (UAV) self-organizing networks that can resist internal attackers, characterized in that, The method is applied to any drone in a drone network, and the method includes: The system broadcasts the first message of a drone to other drones and receives first messages from other drones to verify whether the key contribution shared by other drones is correct based on the first messages of other drones. The first message of a drone includes at least: the drone's knowledge proof and implicit key share. The drone's knowledge proof and key share are generated based on the drone's key contribution. The implicit key share of the drone is an implicit expression of the drone's key share. Restore the key share of the first secure drone and generate an aggregate commitment for each first secure drone based on the key share of the first secure drone, wherein the key contribution shared by the first secure drone is correct; Broadcast a second message from the drone to the first secure drone and receive a second message from the first secure drone, wherein the second message from the drone includes at least an implicit aggregation key of the drone generated based on the aggregation key of the drone; Based on the aggregation commitment of the first secure drone and the second message of the first secure drone, verify whether the aggregation key of the first secure drone is correct; A group key is generated based on the aggregate key of the second security drone, wherein the aggregate key shared by the second security drone is correct.
2. The method according to claim 1, characterized in that, The implicit key share of the UAV satisfies the following formula: in, Let be the independent variable of the polynomial, when hour For drones Send to drone Implicit key share. For drones Send to drone Key share, For a finite field The order; The key share of the drone is recovered using the following formula: in, It is determined based on the system's common parameters.
3. The method according to claim 1, characterized in that, The implicit aggregation key of the UAV satisfies the following formula: in, Let be the independent variable of the polynomial, when hour For drones Send to drone The implicit aggregation key. For drones The aggregate key, For a finite field The order; The aggregation key of the drone is recovered using the following formula: in, It is determined based on the system's common parameters.
4. The method according to claim 1, characterized in that, The first message of the drone includes: the drone's knowledge proof, commitment, implicit key share, authentication value, first timestamp, and first public element; the second message of the drone includes: the drone's implicit aggregate key, second public element, third public element, and second timestamp.
5. The method according to claim 4, characterized in that, The step of verifying the correctness of the shared key contribution of other drones based on the first message from other drones includes: The freshness of the first timestamp of other drones, the legality of the knowledge proof, the integrity of the first message, and the consistency between the share and the commitment are verified in turn. If the freshness of the first timestamp, the legality of the knowledge proof, the integrity of the first message, and the consistency between the share and the commitment of the other drones are all verified, then the key share shared by the other drones is determined to be correct. Otherwise, the key share determined by the other drones is incorrect.
6. The method according to claim 4, characterized in that, The step of verifying whether the aggregation key of the first secure drone is correct based on the aggregation commitment of the first secure drone and the second message of the first secure drone includes: The validity of the aggregate key of the first secure drone and the consistency between the local contribution and the global contribution are verified sequentially. If the validity of the aggregate key of the first secure drone and the consistency of the local contribution and the global contribution are all verified, then the aggregate key of the first secure drone is determined to be correct. Otherwise, the aggregation key of the first secure drone is determined to be incorrect.
7. The method according to claim 1, characterized in that, The generation of a group key based on the aggregated key of the UAV and the second secure UAV includes: choose The global constant term is reconstructed from the aggregate key of the second secure drone, where For greater than or equal to the reconstruction threshold Positive integers; The group key is generated based on the global constant term.
8. The method according to claim 7, characterized in that, The group key satisfies the following formula in: in, The group key. Derived function for key. For the global constant term, For drones The aggregate key, For a finite field The rank.
9. A drone, characterized in that, It includes a transceiver unit, a verification unit, and a key processing unit; The transceiver unit is used to broadcast the first message of the drone to other drones and receive the first message from other drones. The first message of the drone includes at least: the drone's knowledge proof and implicit key share. The drone's knowledge proof and key share are generated based on the drone's key share. The drone's implicit key share is an implicit expression of the drone's key share. The verification unit is used to verify whether the key contribution shared by other drones is correct based on the first message from other drones; The key processing unit is used to recover the key share of the first secure drone and generate an aggregate commitment for each first secure drone based on the key share of the first secure drone, wherein the key share shared by the first secure drone is correct; The transceiver unit is further configured to broadcast a second message from the drone to the first secure drone and receive a second message from the first secure drone, wherein the second message from the drone includes at least an implicit aggregation key of the drone generated based on the aggregation key of the drone; The verification unit is further configured to verify whether the aggregation key of the first secure drone is correct based on the aggregation commitment of the first secure drone and the second message of the first secure drone; The key processing unit is also used to generate a group key based on the aggregate key of the second secure drone, wherein the aggregate key shared by the second secure drone is correct.
10. A drone communication system, characterized in that, It includes a ground control station and a drone network, the drone network consisting of multiple drones, the drones being used to negotiate a group key according to any one of claims 1 to 8.