A method and apparatus for agile key management suitable for quantum-resistant cryptography

By collecting quantum threats and system operation status, the uninterrupted hot migration of the dual-buffered key pool is dynamically triggered. By using sector-based state indexing and forced timing constraints, the security threats of state-type signature keys in high-frequency switching scenarios are solved, and the smooth transition and high availability of quantum-resistant signature schemes are achieved.

CN122247774APending Publication Date: 2026-06-19数盾信息科技股份有限公司

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
数盾信息科技股份有限公司
Filing Date
2026-05-25
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing high-availability agile key management systems face challenges when dealing with high-frequency algorithm switching and dynamically fluctuating business loads. The strict one-time requirement of state-based post-quantum signatures conflicts with the underlying storage mechanism, leading to state count value forks or unsuccessful persistence writes, thus posing security threats.

Method used

By collecting external quantum threat indicators and internal system operation indicators, threat assessment data and system load data are generated, signature consumption frequency is statistically analyzed, target security level and available computing resources are calculated, target quantum-resistant signature algorithms are matched, and state count values ​​are allocated through sector-based state indexing during hot migration. Combined with mandatory timing constraints and parameter update mechanisms, the security and continuity of signature output are ensured.

Benefits of technology

It effectively overcomes the risks of single-signature reuse and forgery of state-type signature keys in high-frequency algorithm switching scenarios, realizes smooth transition and continuous operation of quantum-resistant signature schemes, and ensures high availability and security baseline of the system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247774A_ABST
    Figure CN122247774A_ABST
Patent Text Reader

Abstract

This invention relates to the field of agile key management technology and discloses an agile key management method and apparatus suitable for quantum-resistant cryptography. The method includes: firstly, synchronously collecting quantum threats and operational status to output threat assessment and load data, calculating the target security level and computing resources required by the system, and matching the target quantum-resistant signature algorithm accordingly to generate an algorithm switching instruction; simultaneously, determining the sector state index capacity by combining the storage latency of the target algorithm, the overlapping window of the double-buffered key pool during hot migration, and the signature consumption frequency, and then constructing a sectorized state index; during uninterrupted hot migration of the double-buffered key pool triggered in response to the switching instruction, allocating state count values ​​according to the index, and executing the timing sequence of first recording and writing to non-volatile storage and then releasing the signature; finally, after the migration is completed, invalidating the old buffer pool and updating the capacity generation parameters according to the actual consumption data.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of agile key management technology, and more specifically, to an agile key management method and apparatus suitable for quantum-resistant cryptography. Background Technology

[0002] With the continuous improvement of quantum computing power, traditional public-key cryptography faces the potential threat of being completely compromised. To address this challenge, quantum-resistant cryptography is being comprehensively standardized and engineered. In vast network systems and infrastructures, agile key management systems are crucial for a smooth transition to quantum-resistant cryptography. These systems must support the coexistence, replacement, and dynamic adaptation of multiple algorithm systems without interrupting business operations. In quantum-resistant cryptography, state-based post-quantum signatures (such as LMS and XMSS algorithms) are preferred for many high-value roots of trust, secure boot, and network authentication processes due to their well-proven security theories. However, state-based post-quantum signatures have extremely stringent one-time signature usage restrictions. Each signature operation must irreversibly advance its internal state count, and the same state count must never be reused multiple times; otherwise, the signature will be forged. In existing highly available agile key management systems, hot migration of dual-buffered key pools is often required to ensure uninterrupted business operations. During the overlapping window of hot migration, both the old and new buffer pools handle high-concurrency business requests simultaneously. At this point, the strict one-time requirement of state-based signature schemes clashes severely with the underlying storage mechanisms of the system (such as storage write cache latency, power failure rollback, etc.). Traditional simple key synchronization or backup replication schemes are highly susceptible to state count value forking when faced with high-frequency algorithm switching and dynamically fluctuating business loads due to synchronization delays or concurrent allocation errors. Once a fork occurs or persistence delays prevent successful writing to non-volatile storage, historical count values ​​will be reused after restarts or migrations, posing a significant security threat. Summary of the Invention

[0003] This invention provides an agile key management method and apparatus suitable for quantum computing-resistant cryptography, solving the technical problems mentioned in the background art.

[0004] Firstly, an agile key management method suitable for quantum-resistant cryptography includes: Collect external quantum threat indicators and internal system operation indicators to generate threat assessment data and system load data; Based on the threat assessment data and the system load data, the signature consumption frequency of the stateful signature key is statistically analyzed. Based on the threat assessment data and the system load data, calculate the target security level and available computing resources required by the system; Based on the target security level and the available computing resources, a target quantum-resistant signature algorithm is matched, and an algorithm switching instruction is generated; The state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration are obtained. The sector state index capacity is determined in combination with the signature consumption frequency. The sector state index is then used to construct a sectorized state index for the state-type signature key. In response to the algorithm switching instruction, the double-buffered key pool is hot-migrated. During the hot-migrating, a state count value is allocated according to the sectorized state index, and the signature output is released after the state record is written to non-volatile storage. After the hot migration is completed, the old buffer pool in the double-buffered key pool is set to an invalid state, and the generation parameters of the sector status index capacity are updated according to the actual consumption data.

[0005] Secondly, an agile key management device suitable for quantum-resistant cryptography includes: The data acquisition module is used to collect external quantum threat indicators and internal system operation indicators, and generate threat assessment data and system load data. The frequency statistics module is used to calculate the signature consumption frequency of the state-based signature key based on the threat assessment data and the system load data. The target calculation module is used to calculate the target security level and available computing resources required by the system based on the threat assessment data and the system load data. The algorithm matching module is used to match the target quantum-resistant signature algorithm based on the target security level and the available computing resources, and generate an algorithm switching instruction; An index building module is used to obtain the state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration, determine the sector state index capacity in combination with the signature consumption frequency, and build a sectorized state index for the state-type signature key based on the sector state index capacity. The migration execution module is used to trigger a hot migration of the double-buffered key pool in response to the algorithm switching instruction, allocate a state count value according to the sectorized state index during the hot migration, and release the signature output after the state record is written to non-volatile storage. The parameter update module is used to set the old buffer pool in the double-buffered key pool to an invalid state after the hot migration is completed, and update the generation parameter of the sector status index capacity according to the actual consumption data.

[0006] The beneficial effects of this invention include: by synchronously collecting quantum threats and system operation status and fusing the output evaluation results, the invention dynamically triggers uninterrupted hot migration of the dual-buffered key pool, effectively overcoming the risk of single-signature reuse and forgery faced by state-type signature keys in high-frequency algorithm switching scenarios; this invention deeply integrates hot migration overlapping and coexisting windows with timing factors such as persistence delay, calculates and generates sector state index capacity, and divides the effective range of key count values ​​by generation based on this, so that each migration naturally enters a completely new independent sector, thereby isolating the fork conflicts and concurrent chaos between the old and new buffers; combined with the mandatory timing constraint of persisting the record before releasing the signature and the closed-loop parameter update mechanism, this invention not only achieves a smooth transition and continuous operation of highly sensitive services when encountering complex quantum attacks, but also ensures the security baseline and extremely high system availability for the long-term application of the quantum-resistant signature scheme. Attached Figure Description

[0007] Figure 1 This is a flowchart of an agile key management method for quantum-resistant cryptography according to the present invention. Detailed Implementation

[0008] The subject matter described herein will now be discussed with reference to exemplary embodiments. It should be understood that these embodiments are discussed only to enable those skilled in the art to better understand and implement the subject matter described herein, and changes may be made to the function and arrangement of the elements discussed without departing from the scope of this specification. Various processes or components may be omitted, substituted, or added as needed in the examples. Furthermore, features described in some examples may be combined in other examples.

[0009] Example 1: As Figure 1 As shown, an agile key management method suitable for quantum-resistant cryptography includes: Collect external quantum threat indicators and internal system operation indicators to generate threat assessment data and system load data; Based on the threat assessment data and the system load data, the signature consumption frequency of the stateful signature key is statistically analyzed. Based on the threat assessment data and the system load data, calculate the target security level and available computing resources required by the system; Based on the target security level and the available computing resources, a target quantum-resistant signature algorithm is matched, and an algorithm switching instruction is generated; The state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration are obtained. The sector state index capacity is determined in combination with the signature consumption frequency. The sector state index is then used to construct a sectorized state index for the state-type signature key. In response to the algorithm switching instruction, the double-buffered key pool is hot-migrated. During the hot-migrating, a state count value is allocated according to the sectorized state index, and the signature output is released after the state record is written to non-volatile storage. After the hot migration is completed, the old buffer pool in the double-buffered key pool is set to an invalid state, and the generation parameters of the sector status index capacity are updated according to the actual consumption data.

[0010] Preferably, external quantum threat indicators and internal system operation indicators are collected to generate threat assessment data and system load data, including: Quantum capability events and suspicious protocol events from external sources are acquired, and the quantum computing power level, attack event arrival rate, and attack quality score are calculated using the following formulas: in, For the aforementioned quantum computing power level, Push the first preset time window forward from time t The set of quantum ability events within the set, where e is an individual event in the set. This is the quantized value for the corresponding event; The arrival rate of the attack event. Push the second preset time window forward from time t The set of suspicious protocol events within, This indicates that the events within the set are being counted; The attack quality is scored. For the proximity of the downgrade path, For replay similarity, For failure verification density; Obtain the business sensitivity category, CPU utilization, and memory utilization of the internal system, and combine the CPU utilization and memory utilization to generate the system load data; Based on the aforementioned business sensitivity category, quantum computing power weight, attack reach rate weight, and attack quality weight are assigned using the following formula: in, The quantum computing power weights, The attack reach rate weight, The attack quality weight is... The numerical value mapped from the aforementioned business sensitivity category; The threat assessment data is generated through fusion calculation using the following formula: in, For the threat assessment data, It is the natural logarithm function.

[0011] The first preset time window is the time range for extracting the highest quantization value of quantum ability events, preferably 24 hours, because changes in quantum computing power have a certain time sensitivity. A 24-hour time window can cover effective quantum ability events and avoid the quantum computing power level from lagging behind due to an excessively long time window.

[0012] Quantum capability events are various events that characterize the development of external quantum computing capabilities and quantum attacks. They can be obtained by connecting with quantum computing intelligence platforms, industry security report publishing channels, and supply chain quantum security early warning systems.

[0013] The quantum ability event quantification value is a numerical value obtained by quantifying the severity and impact of a quantum ability event. It can be obtained by establishing a quantum ability event quantification rule base and assigning values ​​to different types of quantum ability events according to preset standards.

[0014] The second preset time window is the time range used to count the frequency of suspicious protocol events, preferably 60 seconds. Since suspicious protocol events are mostly high-frequency and sudden attacks, the short time window of 60 seconds can accurately reflect the real-time frequency of attack behavior.

[0015] Suspicious protocol events are abnormal behavior events related to cryptographic and authentication protocols that occur in network communication. They can be obtained by monitoring network traffic and protocol interaction processes through network intrusion detection systems (IDS), protocol analyzers, and firewall log collection modules.

[0016] Downgrade path proximity is a measure of how closely an algorithm downgrade attempt in a suspicious protocol event matches the downgrade path allowed by the system. It can be obtained by parsing the protocol negotiation message, matching it with the system's preset downgrade path features, and then calculating the feature matching degree.

[0017] Replay similarity is a measure of the similarity between replay messages and original legitimate messages in a suspicious protocol event. It can be obtained by hashing and comparing key fields of the replay messages and original messages and calculating content similarity.

[0018] Failed authentication density is the proportion of failed authentication behavior of a specific network source in its total authentication-related traffic. It can be obtained by statistically analyzing the number of failed authentications of a single source and the total number of authentication-related traffic within a specified time window, and then calculating the ratio between the two.

[0019] Business sensitivity categories are classifications of business operations within a system based on the importance and security level of the business data. They can be obtained by reading the configuration information and security level classification files of the business system, combined with manually configured business sensitivity tags.

[0020] CPU utilization is the percentage of CPU resources used by processes or containers running password-related services in the system. It can be collected in real time through operating system performance monitoring tools, container orchestration platform monitoring modules, and server hardware monitoring interfaces.

[0021] Memory usage is the proportion of memory resources used by processes or containers running password-related services in the system. It can be collected in real time through operating system performance monitoring tools, container orchestration platform monitoring modules, and server hardware monitoring interfaces.

[0022] The business sensitivity category mapping value is to convert the business sensitivity category into a value that can participate in mathematical calculations. The preferred values ​​are 0, 0.5, and 1, which correspond to ordinary, confidential, and top secret business sensitivity categories, respectively. By dividing business sensitivity into three levels, the security classification requirements of most systems can be met, and the values ​​of 0, 0.5, and 1 can achieve differentiated threat perception in weight calculation.

[0023] In detail, a multi-dimensional heterogeneous index targeting quantum threats has been fused to fit the quantum-resistant cryptography management scenario. The highest quantization value of quantum capability events within a preset time window is taken as the quantum computing power level because quantum threat perception is an upper-bound assessment; the highest quantization value accurately reflects the maximum quantum computing power threat currently faced, avoiding the dilution of the actual threat level by averaging. A parallel enhancement method is used to fuse degradation path proximity, replay similarity, and failure verification density to generate an attack quality score. This is because the features of suspicious protocol events related to quantum attacks are complementary; meeting the criteria for a single feature indicates an actual attack risk. This fusion method avoids the attack risk of a single feature being diluted by averaging. For example, when the degradation path proximity is 0.6, the replay similarity is 0.2, and the failure verification density is 0.5, the attack quality score calculated in this way can fully reflect the actual attack risk of multiple features superimposed. The dynamic allocation of weights for quantum computing power, attack arrival rate, and attack quality based on business sensitivity categories aims to enhance the awareness of quantum threats among high-security businesses. For example, attack quality carries a higher weight for top-secret businesses, enabling more accurate perception of the core security risks posed by attack quality. The natural logarithmic peak reduction processing of quantum computing power level and attack arrival rate is designed to prevent distortion of threat assessment data caused by single abnormal quantum capability events or sudden attack peaks. For instance, when the quantum computing power level suddenly increases from 5 to 10, peak reduction processing can make the change in threat assessment data smoother, avoiding frequent and meaningless algorithm switching triggered by single peaks. The fusion of heterogeneous quantum computing power, attack behavior, and attack quality indicators into a single scalar threat assessment data aims to transform multi-dimensional quantum threats into a unified input that can participate in subsequent dynamic decision-making, thereby enabling the computationalization of quantum threats.

[0024] In detail, the first preset time window is fixed at 24 hours, and the second preset time window is fixed at 60 seconds. The specific sources for collecting quantum capability events include professional quantum computing intelligence platforms, NIST (National Institute of Standards and Technology) quantum cryptography development reports, and enterprise supply chain quantum security early warning systems. The quantization rule for quantum capability events is to classify quantum computing power-related events into quantization levels from 0 to 10 based on the number of error-correcting qubits; the more error-correcting qubits, the higher the corresponding quantization value. Suspicious protocol events are specifically defined as five categories of protocol anomalies: algorithm downgrade attempts, unsupported algorithm detection, handshake message replay, key detection, and authentication-related flooding. Downgrade path proximity, replay similarity, and failed verification density are all quantized using scalars from 0 to 1. Downgrade path proximity is calculated based on protocol feature matching degree; a feature matching degree of 100% is assigned a value of 1. Replay similarity is calculated based on the hash matching degree of key fields in the message; a complete field match is assigned a value of 1. Failed verification density is calculated based on the number of failed authentications and the total authentication-related flow. The ratio of the number of measurements is calculated, and a ratio of 100% is taken as 1. The business sensitivity category is divided into three levels according to the national information security level protection system: ordinary, confidential, and top secret, which correspond to values ​​of 0, 1, and 2 respectively. The fixed mapping relationship between business sensitivity category and mapping value is: ordinary business corresponds to 0, confidential business corresponds to 0.5, and top secret business corresponds to 1. The CPU utilization and memory utilization are both collected from the container-level 1-second average utilization rate of the quantum cryptography-resistant service. In the scenario of multi-instance deployment, the average value of all running instances is taken. The specific method for generating system load data by combining CPU utilization and memory utilization is to take the arithmetic mean of the two, and use this average value as the core value of system load data, while carrying the original collected values ​​of the two as auxiliary references for load data to ensure the integrity of load data.

[0025] Preferably, based on the threat assessment data and the system load data, the signature consumption frequency of the stateful signature key is statistically analyzed, including: The threat assessment data and system load data within the preset specification window are obtained and normalized using the following formula: in, The data is after normalization. The threat assessment data or the system load data at the current moment. The minimum value within the preset specification window. The maximum value within the preset specification window. To prevent extremely small quantities with a denominator of zero; Monitor the signing process of the state-type signature key. When a single signature satisfies the condition that the state record is successfully written to the non-volatile storage and a disk confirmation is obtained, record a state-type persistent commit event. Within the statistical time window, the total number of occurrences of the state-type persistent commit events is calculated using the following formula, and the signature consumption frequency is generated by calculating an exponential moving average: in, The total number of occurrences, For the current moment, The length of the statistical time window. For the state-type persistent commit event, This indicates that events that fall within a given time range are counted. The signature consumption frequency, For smoothing coefficients, The historical arrival rate of the previous sampling period. The sampling period.

[0026] The preset standard window is the time range used to normalize threat assessment data and system load data. It is preferably 300 seconds because a 300-second time window can cover enough system operation data, making the normalized values ​​more representative, while avoiding the data timeliness degradation caused by an excessively long time window.

[0027] The minimum value is a tiny value set to prevent the denominator from being zero in normalization calculations and subsequent related operations. It is preferably 10 to the power of negative 9. This value is small enough that it will not affect the accuracy of the calculation result, and at the same time, it can effectively avoid the calculation error of the denominator being zero, which is in line with the conventional value selection habits of engineering calculations.

[0028] A state-based persistent commit event refers to an event recorded during the signing process of a state-based signature key after the state record has been successfully written to non-volatile storage and a disk write confirmation has been obtained. It can be automatically generated by the system after monitoring the operation result of writing the state record to non-volatile storage and receiving the disk write confirmation signal returned by the storage system.

[0029] The statistical time window is the time range used to accumulate the total number of state-based persistent commit events. It is preferably 10 seconds because a short time window of 10 seconds can accurately reflect the real-time frequency of signature consumption, while avoiding excessive fluctuations in statistical results due to a time window that is too short, and lag in frequency reflection due to a time window that is too long.

[0030] The sampling period refers to the time interval at which the system calculates and updates the signature consumption frequency. It is preferably 1 second because a 1-second sampling period can capture changes in the signature consumption frequency in a timely manner, ensuring the real-time nature of the frequency data. Combined with a statistical time window, it can achieve smooth frequency estimation.

[0031] The smoothing coefficient is a parameter used in the calculation of exponential moving average to balance the weights of the current baseline arrival rate and the historical arrival rate. It is preferably two divided by the ratio of the statistical time window length to the sampling period plus one. This value method enables the moving average calculation to automatically adapt to the matching relationship between the statistical time window and the sampling period, achieve reasonable weight allocation, and avoid sudden changes in frequency data.

[0032] In detail, a statistical mechanism tailored to the hot-migrating security requirements was constructed for the signature consumption frequency of state-based signature keys. Only events after the state record is successfully written to non-volatile storage and a disk write confirmation is obtained are included in the statistics. This is because the core security risk of state-based signatures lies in the reuse of state count values. Signatures that fail to be written to disk do not actually consume OTS resources, and excluding them from the statistics can prevent the frequency from being artificially inflated, leading to errors in sector capacity calculation. For example, if a signature operation is executed but the state record is not written to disk, including it in the statistics would cause the signature consumption frequency to be too high, resulting in over-configuration of sector capacity and wasted resources. Threat assessment data and system load data are normalized to their maximum and minimum values ​​because these two types of data are heterogeneous indicators with different dimensions and cannot be directly correlated. Normalization can improve the accuracy of data analysis. The data is standardized to the same range to lay the foundation for subsequent analysis linking signature consumption frequency. An exponential moving average is used to calculate signature consumption frequency because business load fluctuates. This method smooths out fluctuations in the current base arrival rate through historical arrival rates, making the frequency data more stable. For example, if the number of submissions suddenly increases to three times the usual amount within a 10-second statistical window, the exponential moving average can prevent a sudden spike in signature consumption frequency, thus preventing the system from misjudging the load status. Signature consumption frequency is linked to threat assessment data and system load data, rather than being counted independently, because signature consumption frequency is affected by business sensitivity and system resource pressure. Signature requests increase in high-threat, high-load scenarios, and this linking method makes the frequency data more closely reflect the actual business operation.

[0033] In detail, the preset standard window is fixed at 300 seconds, and the statistical time window is fixed at 10 seconds; the duration of both windows is fixed and cannot be adjusted. The minimum value is fixed at 10 to the power of -9, and this value is used uniformly in all involved calculations. The criterion for successfully writing the status record to non-volatile storage and obtaining disk confirmation is the write operation confirmation signal returned by the storage system. For the file system, a file synchronization (FSYNC) operation returns success; for the hardware security module (HSM), a commit confirmation command returns success. The specific rule for the smoothing coefficient is that when the statistical time window is 10 seconds and the sampling period is 1 second, the ratio of the statistical time window length to the sampling period is 10. The smoothing coefficient is approximately 0.1818 when divided by 11. In other cases, the same formula is used for calculation. The sampling period is fixed at 1 second, consistent with the overall data collection period of the system. The initial value of the historical arrival rate in the exponential moving average is set as the average of the total number of submitted events within the statistical time window divided by the length of the statistical time window. If there is no historical data when calculating for the first time, the current basic arrival rate is used as the initial value. In multi-instance deployment scenarios, the statistical method for state-type persistent submitted events is that each instance counts separately and then summarizes them to the central node. The central node removes duplicate records and accumulates the total number. The criteria for determining duplicate records are that the event signature, timestamp, and instance identifier are completely consistent.

[0034] Preferably, based on the threat assessment data and the system load data, the target security level and available computing resources required by the system are calculated, including: The normalized threat assessment data is obtained, and a quantum threat dimension value is generated by performing a nonlinear logical mapping calculation using the following formula: in, The numerical value of the quantum threat dimension. It is a natural exponential function. These are the preset curve smoothing parameters. The threat assessment data has been normalized. The median of the normalized threat assessment data within the preset specification window; Obtain the mapping value corresponding to the business sensitivity category as the business sensitivity dimension value, and obtain the system load data after normalization as the resource pressure dimension value. Based on the business sensitivity dimension value, the first fusion weight for the quantum threat dimension value and the second fusion weight for the business sensitivity dimension value are calculated using the following formulas: in, The first fusion weight, This is the second fusion weight. The value of the business-sensitive dimension; The target security level is output by performing product and square root operations using the following formulas, and the available computing resources are output by performing a difference operation: in, For the target security level, For the available computing resources, The value represents the resource pressure dimension, with 1 being a preset unit value.

[0035] The curve smoothing parameter is used to adjust the steepness of the curve of the nonlinear logic mapping function. It is preferably 8, because 8 can enable the nonlinear logic mapping function to have sufficient resolution in the preset range of 0 to 1. This can effectively distinguish different levels of quantum threat intensity, and avoid numerical abrupt changes caused by an overly steep curve, thus ensuring a smooth transition of the quantum threat dimension value.

[0036] The median of normalized threat assessment data is the value in the middle position after all normalized threat assessment data within the preset standard window are sorted by size. It is preferably the statistical median of normalized threat assessment data within the preset standard window, because the median can effectively resist the interference of outliers and better reflect the central tendency of quantum threat assessment data, making the benchmark point of nonlinear logic mapping more robust.

[0037] The preset unit value is a baseline value used to calculate available computing resources, preferably 1, because 1 can form a suitable calculation relationship with the resource pressure dimension value (0 to 1), and the resource pressure can be directly converted into available computing resources (0 to 1) by subtraction.

[0038] In detail, a three-dimensional evaluation and fusion mechanism tailored to the needs of quantum-resistant key management is constructed. A nonlinear logical mapping function is used to transform normalized threat assessment data to the 0-1 range because the intensity of quantum threats does not change linearly. This mapping method enables soft quantization of threat intensity, avoiding evaluation distortion caused by hard threshold division. For example, when the normalized threat assessment data increases from 0.3 to 0.5, the nonlinear mapping can more accurately reflect the actual change in threat level. The system's operational status is decomposed into three dimensions: quantum threat, business sensitivity, and resource pressure. This is because these three dimensions have different impacts on the security requirements and resource constraints of key management. Decomposition allows for targeted evaluation, avoiding single-dimensional indicators dominating decision-making. A geometric fusion method is used to calculate the target security level because security assessment has non-additive characteristics. The combination of exponentiation and square root can highlight the influence of high-weight dimensions, while avoiding the excessive dominance of the overall evaluation result by a single dimension value that is too large or too small. For example, the business sensitivity dimension of top-secret business has a higher weight, and geometric fusion can make this dimension play a more core role in the calculation of the target security level. Dynamically setting the fusion weight according to the business sensitivity dimension value is to achieve business differentiation in the evaluation. Highly sensitive businesses pay more attention to their own sensitive attributes and quantum threats. Dynamic weight can make the target security level more in line with the actual security needs of different businesses. The available computing resources are obtained by subtracting the preset unit value from the resource pressure dimension value because resource pressure and available resources are inversely related. This calculation method can directly convert resource pressure into a resource budget that can be used for algorithm scheduling, realizing the coordinated consideration of resource constraints and security requirements.

[0039] In detail, the specific form of the nonlinear logic mapping function is the SIGMOID function, and the function expression is that the output value equals 1 divided by 1 plus a negative k times the natural exponent (normalized threat assessment data minus the median); the curve smoothing parameter k is fixed at 8, which is suitable for the threat assessment needs of most quantum key management-resistant scenarios; the fixed mapping relationship between business sensitivity categories and business sensitivity dimension values ​​is 0 for ordinary business, 0.5 for confidential business, and 1 for top secret business, consistent with the business sensitivity category mapping values ​​in claim 2; the specific resource pressure dimension values ​​are... The calculation method is the arithmetic mean of the normalized CPU utilization and memory utilization as described in claim 3, ensuring a reasonable comprehensive quantification of resource pressure; the preset unit value of 1 is based on the industry-standard resource quantification benchmark, and the available computing resources range of 0 to 1 can be adapted to the algorithm overhead assessment; the validity verification rule for the three-dimensional dimensions is to force the value to be 0 when it is less than 0 and to force the value to be 1 when it is greater than 1, ensuring that the value is within the preset valid range; the update cycle of the target security level and available computing resources is fixed at 1 second, consistent with the sampling cycle, to ensure the real-time and synchronous nature of the assessment data.

[0040] Preferably, based on the target security level and the available computing resources, a target quantum-resistant signature algorithm is matched, and an algorithm switching instruction is generated, including: Obtain the candidate security level, CPU computational overhead, memory computational overhead, and candidate state storage latency of candidate signature algorithms in the algorithm library; The candidate signature algorithms whose candidate security level is not less than the target security level are selected as the screening targets using the following formula: in, For the candidate security level, The target security level; The overall cost of the selected target is calculated using the following formula: in, For the aforementioned comprehensive cost, As the first calculation weight, Calculate the overhead for the central processing unit. For the available computing resources, Extremely small amount For the second calculation weight, The memory computation overhead, The third calculation weight, The candidate state is stored with a delay; The screening target with the minimum overall cost is selected as the target quantum-resistant signature algorithm using the following formula: in, The target quantum-resistant signature algorithm, The operation is to find the screening target corresponding to the minimum overall cost; The algorithm identifier, parameter set identifier, and combination form identifier of the target quantum-resistant signature algorithm are extracted using the following formula, and then combined to generate the algorithm switching instruction: in, This is the algorithm switching instruction. The algorithm identifier, Identify the parameter set. This is the identifier for the combined form.

[0041] Candidate security level is a quantitative value of the security level possessed by each candidate signature algorithm in the algorithm library. It can be obtained by consulting the algorithm's standardized security rating document, official technical manual, and industry-standard security level classification.

[0042] CPU overhead is the amount of CPU resources required for a candidate signature algorithm to perform a single signature operation. It can be obtained by running the algorithm's signature operation in a standard test environment and using performance monitoring tools to record the CPU clock cycles or milliseconds of a single operation.

[0043] Memory computation overhead is the amount of memory resources required for a candidate signature algorithm to perform a single signature operation. It can be obtained by running the algorithm's signature operation in a standard test environment and using memory monitoring tools to record the peak memory usage in bytes per operation.

[0044] Candidate state storage latency is the delay time for the state record of the candidate signature algorithm to be written to non-volatile storage and confirmed to be written to disk. It can be obtained by repeatedly executing the state storage operation of the algorithm in the actual deployment environment, recording the latency time of multiple operations, and taking a specified quantile.

[0045] The first computational weight is a parameter used to adjust the proportion of CPU computational overhead in the overall cost. It is preferably 1 because 1 can keep the weight of CPU overhead at a basic level and form a balanced overall evaluation with other cost items, which is in line with resource priority considerations in most scenarios.

[0046] The second calculation weight is a parameter used to adjust the proportion of memory computing overhead in the overall cost. It is preferably one part per million, thereby normalizing the memory overhead to an order of magnitude comparable to the CPU overhead and state storage latency, and avoiding weight imbalance caused by differences in the range of memory overhead values.

[0047] The third calculation weight is a parameter used to adjust the proportion of candidate state storage delay in the overall cost, preferably 10, because state storage delay is associated with the risk of state bifurcation in hot migration, and increasing its weight can highlight the importance of this risk factor in algorithm selection.

[0048] Algorithm identifiers are strings or enumeration values ​​used to uniquely distinguish different candidate signature algorithms. They can be obtained by reading the predefined algorithm unique identifier information in the algorithm library.

[0049] The parameter set identifier is an identification information used to distinguish different combinations of configuration parameters for the same candidate signature algorithm. It can be obtained by reading the predefined parameter set index or name in the algorithm library.

[0050] Combination morphology identifiers are used to distinguish whether a candidate signature algorithm is a hybrid combination of traditional and quantum-resistant algorithms and the specific combination method. They can be obtained by reading predefined combination morphology tags in the algorithm library.

[0051] In detail, by constructing a quantum-resistant signature algorithm selection mechanism that balances security, performance, and hot migration risk, a hard constraint is imposed that the candidate security level must not be lower than the target security level. This is because security is the primary prerequisite for quantum-resistant key management, and this constraint ensures that the selected algorithm fundamentally meets the system's requirements for resisting quantum threats. Furthermore, resource utilization efficiency is optimized through comprehensive cost calculation. For example, when the target security level is 0.8, algorithms with security levels lower than this value are directly excluded, avoiding sacrificing core security for excessive pursuit of low overhead. The candidate state storage latency is included in the comprehensive cost calculation because traditional algorithm selection only focuses on computational resource overhead, while this invention, considering the characteristics of state-based signatures, pre-quantifies the critical persistence risk in hot migration as a cost term. Algorithms with longer state storage latency are more effective in hot migration. The higher the risk of state forks, the more effectively the algorithm can be avoided during selection through weight adjustment. Dividing the CPU and memory computation overhead by the available computing resources enables dynamic linkage between resource pressure and algorithm overhead. For example, when the available computing resources of the system are 0.5, the penalty for algorithm overhead will be doubled, which can effectively avoid the system performance crash caused by selecting high-overhead algorithms when resources are scarce. Using the minimization of comprehensive cost as the sole selection criterion achieves multi-objective collaborative optimization of security, performance, and risk. Extracting algorithm identifiers, parameter set identifiers, and combination form identifiers to construct switching instructions is because agile key management requires structured execution of algorithm switching. Complete identifier information can ensure that the underlying modules accurately load algorithms and configurations, which meets the agile requirements of multiple coexisting and dynamic switching of quantum computing-resistant cryptography.

[0052] In detail, the algorithm library is constructed by pre-integrating NIST-standardized quantum-resistant signature algorithms, traditional cryptographic signature algorithms, and hybrid combination algorithms. The inclusion criteria require algorithms to pass security verification and possess clearly defined performance parameters. The update rule is to synchronize the latest standardized results of quantum-resistant algorithms quarterly. The candidate security level is categorized into 1 to 5 levels based on the algorithm's ability to resist quantum attacks, corresponding to quantization values ​​of 0.2 to 1.0. Quantum-resistant algorithms have a security level of at least 4, and the security level of hybrid combination algorithms is taken from the corresponding level of the quantum-resistant algorithm. The benchmark for measuring central processing unit (CPU) computational overhead is based on a Xeon Gold 6338 CPU. The server's processor is measured in milliseconds, and the test method is the average of ten runs of a single signature operation. The measurement benchmark for memory computation overhead is consistent with that of the central processing unit (CPU), measured in bytes, and the test method is the peak memory usage of a single signature operation. The quantile selection rule for candidate state storage latency is: P95 quantile for ordinary business, P97 quantile for confidential business, and P99 quantile for top-secret business. The quantile calculation is based on at least one thousand storage operation latency samples. The first calculation weight is fixed at 1, the second calculation weight is fixed at one millionth, and the third calculation weight is fixed at... The value is 10; the value of a very small amount is consistent with claim 3, which is 10 to the power of negative 9; when the comprehensive cost of multiple candidate algorithms is the same, the rule for breaking the deadlock is to prioritize the algorithm with the smaller candidate state storage delay, and if the delays are the same, the algorithm with the smaller central processing unit computational overhead is selected; the underlying execution mapping rule of the algorithm switching instruction is that the system maintains a fixed instruction scheduling dictionary, the key is a combination of algorithm identifier, parameter set identifier, and combination form identifier, and the value is the entry address of the corresponding key generation subroutine, key encapsulation subroutine, handshake configuration file, and certificate configuration file, to ensure that the instruction can directly trigger the accurate execution of the underlying module.

[0053] Preferably, the process involves obtaining the state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration, determining the sector state index capacity based on the signature consumption frequency, and constructing a sectorized state index for the state-type signature key based on the sector state index capacity, including: The duration of the fragile window is generated by calculating the overlapping concurrent windows and the state storage delay using the following formula: in, The duration of the fragile window, For the overlapping concurrent windows, The state storage delay; The sector state index capacity is determined using the following formula in conjunction with the signature consumption frequency: in, The sector state index capacity is [missing information]. The signature consumption frequency, The standard normal distribution quantiles are based on the tail risk threshold. The tail risk threshold is... This is the round-up operator; The sectorized state index is constructed using the sector state index capacity as the basis for the state-type signature key according to the following formula: in, This is the sectorization state index. For migration sequence number, Let the intra-generation offset be the offset, and the intra-generation offset satisfy... The range of values ​​is constrained.

[0054] The target algorithm state storage latency is the delay time for the state record of the target quantum-resistant signature algorithm to be written to non-volatile storage and confirmed to be written to disk. It can be obtained by repeatedly executing the state storage operation of the target algorithm in the actual deployment environment, recording the latency time, and taking the quantile corresponding to the business sensitivity.

[0055] The overlapping window of the dual-buffered key pools is the length of the time interval during which the old and new buffer pools process business requests simultaneously when the dual-buffered key pools perform hot migration. It can be calculated by statistically analyzing the number of active sessions and the session emptying rate of the old buffer pool, combined with historical hot migration data.

[0056] The tail risk threshold is a probability threshold used to control the reserve margin of sector status index capacity. It is preferably 10 to the power of -6, 10 to the power of -8, and 10 to the power of -10, corresponding to ordinary, confidential, and top secret services, respectively. The basis for the value is that this value can control the tail risk of insufficient sector capacity to an extremely low level, while avoiding excessive reservation that leads to resource waste, and meeting the security needs of services with different levels of sensitivity.

[0057] The migration generation number is a monotonically increasing identifier used to distinguish different hot migration generations. It is preferably a 64-bit unsigned integer starting from the beginning. The range of 64 bits is sufficient to cover the needs of long-term and multiple hot migrations. The monotonically increasing characteristic can ensure the uniqueness of each migration generation and avoid sector index conflicts.

[0058] The offset within a generation is the count of one-time signature resources consumed by the state-type signature key within each migration generation. It is a calculation parameter, an integer generated incrementally through atomic operations, and its value is limited to being greater than or equal to zero and less than the sector state index capacity.

[0059] In detail, by constructing a state-based signature key sector indexing mechanism tailored to hot migration scenarios, the vulnerable window duration is generated by summing the double-buffer overlap window and the state storage latency. This is because the risk of state forking during hot migration stems from both the concurrent processing of old and new buffers and the latency of storage writes; the vulnerable window formed by the superposition of these two factors is a high-risk area. This fusion method can accurately quantify the length of the risk window. The sector state index capacity is calculated based on the signature consumption frequency, the vulnerable window duration, and the tail risk threshold. This incorporates probabilistic statistical methods into the key structure design, approximating the signature request arrival pattern using a Poisson distribution and using a normal approximation to calculate the tail risk margin. This ensures that the sector capacity can meet normal signature requirements while also resisting sudden peaks, for example, a signature consumption frequency of twelve times per second and a vulnerable window of 20. With a time of 0.05 seconds, the quantile corresponding to the tail risk threshold is 5.61, and the calculated sector capacity can cover 99.99% of request scenarios. Constructing a sectorized state index by multiplying the migration generation number by the sector capacity plus the intra-generation offset integrates hot migration generation information into the key index structure, so that each hot migration automatically enters a completely new sector. The state index ranges of the old and new buffer pools are naturally isolated, avoiding the reuse of one-time signature resources without additional consistency checks. For example, if the old migration generation number is one and the sector capacity is 328, and the new migration generation number is two, the index range of the new sector starts from 329, which is completely separated from the old sector. Limiting the value range of the intra-generation offset is to strictly limit the signature consumption of each migration generation within the preset sector capacity, avoid cross-generation state chaos, and ensure the isolation effect of the sectorized index.

[0060] In detail, the specific calculation method for the overlapping and coexisting window of the dual-buffered key pool is as follows: The number of active sessions in the current old buffer pool is counted, and the session emptying rate is calculated using an exponential moving average. The number of active sessions divided by the emptying rate, plus twice the sampling period (sampling period is one second), is used as the overlapping and coexisting window. For example, if the number of active sessions is 200 and the emptying rate is 10 times per second, the overlapping and coexisting window is 22 seconds. The initial value rule for the tail risk threshold is 10 to the power of -6 for ordinary business, 10 to the power of -8 for confidential business, and 10 to the power of -10 for top-secret business, strictly corresponding to the business sensitivity category. The standard normal distribution quantile is obtained by calling the standard normal distribution quantile function in the math library, inputting one minus the tail risk threshold value to obtain the corresponding quantile. For example, if the tail risk threshold is 10 to the power of -8, the corresponding quantile is approximately 5.61. The initial value of the migration sequence number is one, and the increment rule is 1 for each hot migration. The migration sequence number is automatically incremented by one upon migration triggering. Persistence is achieved by appending to the log file and performing file synchronization. After a crash, the latest migration sequence number for each key is obtained by scanning the log file. The initial value of the intra-generation offset is zero, automatically reset to zero during migration generation switching, and incremented by one with each signing operation via atomic operations. The sector state index capacity is rounded up to ensure the sector capacity is an integer, satisfying the discretization requirement for state counting. The specific storage format of the sector-based state index is a concatenation of a 64-bit migration sequence number, a 32-bit sector capacity, and a 32-bit intra-generation offset, bound one-to-one with the state-type signature key via a key identifier. In multi-key-pool scenarios, the synchronization rule for the sector-based state index across pools is that each key pool independently maintains the migration sequence number and intra-generation offset, synchronizing the sector capacity parameter through a central node to ensure consistent sector structure for the same key across different pools.

[0061] Preferably, in response to the algorithm switching instruction triggering a hot migration of the double-buffered key pool, during the hot migration, a state count value is allocated according to the sectorized state index, and the signature output is released after the state record is written to non-volatile storage, including: The migration ratio of the thermal migration is calculated using the following formula: in, The migration ratio, For the current moment, The switching time of the algorithm switching instruction is the effective time. For the overlapping concurrent windows, This is a function that clips values ​​to the range of zero and one. The hash-normalized value of the session identifier is calculated using the following formula: in, The hash normalized value, The hash mapping result for the session identifier, For modulo operation, This is a normalization constant; Determine whether the hash normalization value is less than the migration ratio. If so, route the session to the new buffer pool in the dual-buffered key pool; otherwise, route it to the old buffer pool in the dual-buffered key pool. For the signed request after routing, the intra-generation offset is obtained by atomically incrementing as the state count value, and the sectorized state index is generated by the following formula: Where q is the sectorization state index. Here, M is the migration generation number, M is the sector status index capacity, and i is the generation offset; The state record containing the intra-generation offset and the migration generation number is appended to the state log, and the state record is forcibly synchronized to the non-volatile storage; After confirming that the state record has been successfully synchronized to the non-volatile storage, a signature operation is performed based on the sectorized state index and the signature output is released.

[0062] The effective time of the algorithm switching instruction is the specific point in time when the algorithm switching instruction is generated and successfully sent to the double-buffered key pool, triggering the hot migration. This can be obtained by recording the timestamp of the instruction's internal sending completion within the system.

[0063] The current moment is the real-time point in time when the system performs operations such as migration ratio calculation and session routing. It can be obtained by reading the system's monotonic clock to ensure that the time is accurate and does not roll back.

[0064] A session identifier is a string or numeric identifier used to uniquely distinguish different business sessions. It can be obtained through a unique identifier generated by the business system when a session is established, ensuring that the identifier for each session is unique.

[0065] In detail, by constructing a non-disruptive and secure hot migration execution mechanism, the migration ratio is calculated by dividing the difference between the current time and the time the switch takes effect by the overlapping window, and then pruning it to the range of zero and one. This is to achieve a linear and smooth migration between the old and new buffer pools, avoiding service interruptions caused by sudden changes in session routing. For example, if the overlapping window is 20 seconds, and the migration ratio is 0.25 five seconds after the switch takes effect, only 25% of new sessions are routed to the new buffer pool, ensuring a smooth service transition. Routing decisions are based on the hash normalized value of the session identifier and the migration ratio because hash operations ensure a uniform distribution of sessions without random interference, ensuring that the same session is always bound to the same buffer pool, avoiding state confusion caused by crossing buffer pools. For example, if the hash normalized value of a session identifier is 0.3, it is routed to the new buffer pool when the migration ratio is 0.5, and to the old buffer pool when the migration ratio is 0.2. Maintaining consistency between session and buffer pool binding; using atomic operations to increment the offset within a generation as the state count value is to address count allocation conflicts in high-concurrency scenarios, ensuring that each signature request corresponds to a unique state count value and avoiding the risk of OTS reuse due to duplicate count values; forcibly requiring state records to be appended to the log and synchronized to non-volatile storage before releasing the signature output follows the safe sequence of persistence before signing, avoiding state loss caused by storage cache delays or system crashes from an engineering perspective. For example, if the state record of a certain signature operation fails to be written to disk, no result will be output even if the signature operation is completed; generating sectorized state indexes in real time for each signature, making the signature and index strongly bound, ensuring that each signature corresponds to a unique state index; using sectorized indexes of different migration generations for the old and new buffer pools respectively, achieving natural isolation of the index range, and simplifying the security management logic of hot migration.

[0066] In detail, the `clip` function is implemented such that it takes the value 0 when the calculation result is less than 0, takes the value 1 when it is greater than 1, and retains the original calculation result when it is between 0 and 1. The unique identifier for the session is a 32-byte random string generated by the business system using an encrypted random number generator when the session is established, ensuring global uniqueness. The hash mapping function uses the SHA256 algorithm to convert the session identifier into a fixed-length hash value, and then normalizes it to the 0-1 range through modulo and division operations. The atomic operation for incrementing the generation offset is implemented using hardware-provided atomic instructions (such as the LOCK instruction prefix in the x86 architecture) to ensure the atomicity of the counting operation in high-concurrency scenarios and avoid conflicts. The specific storage format of the status log is to store the migration generation number, generation offset, operation timestamp, session identifier, and log checksum sequentially, with the storage location being the system's... The system specifies a non-volatile storage partition; the specific implementation of mandatory synchronization of state records to non-volatile storage is to use file synchronization operation (FSYNC) to ensure that data is actually written from the system cache to the storage medium, rather than just remaining in the cache; the criterion for successful synchronization of state records to non-volatile storage is that the file synchronization operation returns successfully and the data integrity is verified by the log checksum; the specific format of the signature output is the signature data itself plus the digest information of the sectorized state index, and the digest information is used by the receiver to verify the legality of the state index corresponding to the signature; the queuing and rate limiting rules for signature requests in high-concurrency scenarios are as follows: when the offset within a migration generation is close to 90% of the sector state index capacity, a queuing mechanism is started, and new signature requests enter the queue to wait; when the offset reaches the capacity limit, new requests are directly rejected and a busy signal is returned to avoid security risks caused by sector overflow.

[0067] Preferably, after the hot migration is completed, the old buffer pool in the double-buffered key pool is set to an invalid state, and the generation parameters of the sector status index capacity are updated according to the actual consumption data, including: When the migration ratio And the number of active sessions in the old buffer pool When the thermal migration is complete, it is determined that the thermal migration is finished. The old buffer pool is marked as read-only retired, and the corresponding sector range of the sectorization status index is marked as obsolete inventory, and allocation requests for the old buffer pool are rejected. Obtain the actual consumption offset during the thermal migration, and calculate the margin utilization rate using the following formula: in, The margin utilization rate, This refers to the actual consumption offset. The sector state index capacity; When the margin utilization rate At that time, the tail risk threshold is reduced proportionally using the following formula: When the margin utilization rate At that time, the tail risk threshold is amplified proportionally without exceeding the basic safety threshold using the following formula: in, The tail risk threshold is... To find the minimum value function, The mapping value corresponding to the business sensitivity category. The aforementioned basic security threshold; Obtain the actual overlapping window of the thermal migration, and update the overlapping window using the following exponential moving average formula: in, For the overlapping concurrent windows, This refers to the actual overlapping and coexisting windows; Obtain the actual state storage delay sample of the hot migration, and update the state storage delay using the following formula: in, The state storage delay, This is an online quantile estimation algorithm. Store delayed samples for the actual state.

[0068] The upper limit of the migration ratio setting is the maximum proportion of sessions that are routed to the new buffer pool during hot migration. It is preferably 1, because 1 means that all new sessions are routed to the new buffer pool, which marks the completion of the routing phase of hot migration and meets the ultimate goal of double-buffered hot migration.

[0069] The number of active sessions in the old buffer pool is the number of unfinished sessions that are still processing business in the old buffer pool during the hot migration. It can be obtained in real time through the system's session management module by statistically analyzing the session connection status of the old buffer pool.

[0070] The actual offset consumed during hot migration is the maximum offset consumed within a generation of the state-type signature key in the new buffer pool during the hot migration. It can be obtained by scanning the state log during the hot migration and extracting the maximum offset within a generation corresponding to the new migration generation.

[0071] The first utilization rate determination threshold is the margin utilization critical value that triggers the reduction of the tail risk threshold. It is preferably 0.8, because 0.8 is a critical value that takes into account both safety margin and resource utilization. Exceeding this value indicates that the sector capacity reservation is insufficient and the safety conservatism needs to be increased.

[0072] The second utilization rate judgment threshold is the margin utilization critical value that triggers the amplification of the tail risk threshold. It is preferably 0.3, because below 0.3 indicates that the sector capacity is over-reserved and there is a waste of resources, so the security constraints can be appropriately relaxed.

[0073] The actual overlap window of hot migration is the actual time taken from the moment the hot migration takes effect until the number of active sessions in the old buffer pool drops to zero. It can be obtained by recording the moment the switch takes effect and the moment the last session in the old buffer pool ends, and calculating the time difference between the two.

[0074] The actual state storage delay sample is the delay time data of the state record of the target quantum-resistant signature algorithm being written to non-volatile storage and confirmed to be written to disk during the hot migration. It can be obtained by recording the delay time in real time each time the state storage operation is performed during the hot migration.

[0075] In detail, by constructing a closed-loop optimization mechanism for hot migration and a secure retirement mechanism for the old buffer pool, the dual criteria for determining the completion of hot migration are that the migration ratio reaches the upper limit and the number of active sessions in the old buffer pool drops to zero. This is because a migration ratio of 1 alone may result in residual active sessions in the old buffer pool, while a zero number of active sessions alone may mean that the migration ratio has not reached the target. The combination of these two criteria ensures that hot migration is thorough and leaves no residue. For example, if the migration ratio reaches 1 but the old buffer pool still has 5 active sessions, the migration must wait for the sessions to end before it is considered complete. Marking the old buffer pool as read-only and retiring it, and invalidating the corresponding sector range, effectively prohibits key allocation to the old buffer pool from both the permission and index levels. This prevents the one-time signature resources of the old sectors from being misused, thus solving the problem of... Traditional retirement mechanisms, which only disable logic, are easily bypassed. Dynamically adjusting the tail risk threshold using margin utilization allows the generation parameters of the sector state index capacity to adapt to the actual operating conditions. For example, when the margin utilization is 0.9, it indicates that the sector capacity is nearing exhaustion; reducing the tail risk threshold allows for more conservative calculations of subsequent sector capacity. When the margin utilization is 0.2, increasing the tail risk threshold reduces resource waste. Using exponential moving averages to update overlapping windows smooths the deviation between historical and actual values, making window parameters more closely match the system's actual migration capabilities. Using online quantile estimation algorithms to update state storage latency allows for real-time adaptation to storage system performance fluctuations, ensuring accurate calculation of vulnerable window durations.

[0076] In detail, the statistics for active sessions in the old buffer pool are performed once per second. The statistics cover sessions in the old buffer pool that are connected but have not yet completed their business processing. The termination criteria for a session are completion of the business request processing or session timeout. The actual offset consumption is calculated from the moment the hot migration switch takes effect until the number of active sessions in the old buffer pool drops to zero, only counting the offset within the generation corresponding to the new migration generation. The first utilization threshold of 0.8 and the second utilization threshold of 0.3 are based on extensive hot migration test data verification. This range balances security margin and resource utilization; exceeding 0.8 significantly increases security risk, while falling below 0.3 results in resource waste exceeding 70%. The specific calculation method for the security base threshold is to substitute the mapping value corresponding to the business sensitivity category into the formula 10^-6 + 2^c. For example, when the threshold for ordinary business is 0, the security base threshold is 10^-6; when the threshold for confidential business is 1, it is 10^-8. (Exponential moving average) The weights for updating the overlapping windows are based on an actual value weight of 0.2 and a historical value weight of 0.8, which allows the parameters to respond to actual changes while avoiding abrupt changes. The online quantile estimation algorithm specifically adopts the P-square algorithm, maintains five marker points, and adjusts the quantile estimates through parabolic interpolation, eliminating the need to store all samples. The actual state storage delayed sample collection method is to record immediately after each state storage operation, with a sample size of no less than one thousand. The validity verification rule is to remove abnormal samples that exceed three times the standard deviation of the mean. The parameter update takes effect when the next algorithm switching command triggers a hot migration, and the current hot migration still uses the original parameters. When the margin utilization rate is between 0.3 and 0.8, the parameters remain unchanged. When the hot migration fails, the actual consumption data of this time does not participate in the parameter update, and the parameters retain the values ​​before the migration. After the old buffer pool is retired from read-only mode, the key material is automatically archived seven days after the hot migration is completed, with an archiving period of one year, and is automatically deleted after one year.

[0077] Example 2: An agile key management device suitable for quantum-resistant cryptography, comprising: The data acquisition module is used to collect external quantum threat indicators and internal system operation indicators, and generate threat assessment data and system load data. The frequency statistics module is used to calculate the signature consumption frequency of the state-based signature key based on the threat assessment data and the system load data. The target calculation module is used to calculate the target security level and available computing resources required by the system based on the threat assessment data and the system load data. The algorithm matching module is used to match the target quantum-resistant signature algorithm based on the target security level and the available computing resources, and generate an algorithm switching instruction; An index building module is used to obtain the state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration, determine the sector state index capacity in combination with the signature consumption frequency, and build a sectorized state index for the state-type signature key based on the sector state index capacity. The migration execution module is used to trigger a hot migration of the double-buffered key pool in response to the algorithm switching instruction, allocate a state count value according to the sectorized state index during the hot migration, and release the signature output after the state record is written to non-volatile storage. The parameter update module is used to set the old buffer pool in the double-buffered key pool to an invalid state after the hot migration is completed, and update the generation parameter of the sector status index capacity according to the actual consumption data.

[0078] The embodiments of this example have been described above. However, this example is not limited to the specific implementation methods described above. The specific implementation methods described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms based on the guidance of this example, and all of them are within the protection scope of this example.

Claims

1. An agile key management method suitable for quantum-resistant cryptography, characterized in that, include: Collect external quantum threat indicators and internal system operation indicators to generate threat assessment data and system load data; Based on the threat assessment data and the system load data, the signature consumption frequency of the stateful signature key is statistically analyzed. Based on the threat assessment data and the system load data, calculate the target security level and available computing resources required by the system; Based on the target security level and the available computing resources, a target quantum-resistant signature algorithm is matched, and an algorithm switching instruction is generated; The state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration are obtained. The sector state index capacity is determined in combination with the signature consumption frequency. The sector state index is then used to construct a sectorized state index for the state-type signature key. In response to the algorithm switching instruction, the double-buffered key pool is hot-migrated. During the hot-migrating, a state count value is allocated according to the sectorized state index, and the signature output is released after the state record is written to non-volatile storage. After the hot migration is completed, the old buffer pool in the double-buffered key pool is set to an invalid state, and the generation parameters of the sector status index capacity are updated according to the actual consumption data.

2. The agile key management method for quantum-resistant cryptography according to claim 1, characterized in that, Collect external quantum threat indicators and internal system operation indicators to generate threat assessment data and system load data, including: The highest quantization value of quantum capability events within a preset time window is extracted as the quantum computing power level, and the frequency of occurrence of suspicious protocol events is counted as the attack event arrival rate. By combining the proximity of the degradation path, replay similarity, and failure verification density of the suspicious protocol events, an attack quality score is generated. Obtain the business sensitivity categories, CPU utilization, and memory utilization of the internal system; Quantum computing power weight, attack reach rate weight, and attack quality weight are assigned according to the aforementioned business sensitivity categories. The threat assessment data is generated by summing the products of the quantum computing power weight and the natural logarithm of the quantum computing power level plus one, the attack arrival rate weight and the natural logarithm of the attack event arrival rate plus one, and the attack quality weight and the attack quality score. The system load data is generated by combining the CPU utilization rate and the memory utilization rate.

3. The agile key management method for quantum-resistant cryptography according to claim 2, characterized in that, Based on the threat assessment data and the system load data, the signature consumption frequency of stateful signature keys is statistically analyzed, including: The maximum and minimum values ​​of the threat assessment data and the system load data are extracted within a preset standard window and then normalized. Monitor the signing process of the state-type signature key. When a single signature satisfies the condition that the state record is successfully written to the non-volatile storage and a disk confirmation is obtained, record a state-type persistent commit event. Within the statistical time window, the total number of occurrences of the aforementioned state-type persistent commit events is accumulated; The current base arrival rate is obtained by dividing the total number of occurrences by the length of the statistical time window. Extract the historical arrival rate from the previous sampling period, and perform an exponentially weighted summation of the current base arrival rate and the historical arrival rate based on the smoothing coefficient to calculate and generate the signature consumption frequency.

4. The agile key management method for quantum-resistant cryptography according to claim 3, characterized in that, Based on the threat assessment data and the system load data, the target security level and available computing resources required by the system are calculated, including: The threat assessment data after normalization is obtained, and it is transformed to a preset range through a nonlinear logic mapping function to generate a quantum threat dimension value. Obtain the mapping value corresponding to the business sensitivity category as the business sensitivity dimension value; Obtain the normalized system load data and use it as the resource pressure dimension value; Based on the business sensitivity dimension value, a first fusion weight and a second fusion weight are respectively set for the quantum threat dimension value; The first fusion weight power of the quantum threat dimension value and the second fusion weight power of the business sensitivity dimension value are multiplied, and the result of the multiplication is square rooted based on the sum of the first fusion weight and the second fusion weight to output the target security level. The available computing resources are output by subtracting the preset unit value from the resource pressure dimension value.

5. A fast key management method for quantum-resistant cryptography according to claim 4, characterized in that, Based on the target security level and the available computing resources, a target quantum-resistant signature algorithm is matched, and an algorithm switching instruction is generated, including: Obtain the candidate security level, CPU computational overhead, memory computational overhead, and candidate state storage latency of candidate signature algorithms in the algorithm library; The candidate signature algorithms whose candidate security level is not less than the target security level are selected as the screening targets; The first quotient is obtained by dividing the computational overhead of the central processing unit by the sum of the available computing resources and a very small amount. Divide the memory computation overhead by the sum of the available computing resources and the minimum amount to obtain the second quotient; The product of the first calculated weight and the first quotient, the product of the second calculated weight and the second quotient, and the product of the third calculated weight and the candidate state storage delay are summed to output the comprehensive cost of the screening target. The screening target with the lowest overall cost is selected as the target quantum-resistant signature algorithm; Extract the algorithm identifier, parameter set identifier, and combination form identifier of the target quantum-resistant signature algorithm, and combine them to generate the algorithm switching instruction.

6. The agile key management method for quantum-resistant cryptography according to claim 5, characterized in that, The process involves obtaining the state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration, determining the sector state index capacity based on the signature consumption frequency, and constructing a sectorized state index for the state-type signature key based on the sector state index capacity, including: The overlapping concurrent windows are summed with the state storage delay to generate the fragile window duration. The first product is generated by multiplying the signature consumption frequency with the vulnerable window duration, and the second product is generated by multiplying the first product by the square root of the first product and then multiplying it by the standard normal distribution quantile based on the tail risk threshold. The first product and the second product are summed and rounded up to determine the sector state index capacity; The migration sequence number is multiplied by the sector state index capacity, and the result of the multiplication is summed with the intra-generation offset to construct the sectorized state index for the state-type signature key, wherein the intra-generation offset is an integer greater than or equal to zero and less than the sector state index capacity.

7. A fast key management method for quantum-resistant cryptography according to claim 6, characterized in that, In response to the algorithm switching instruction triggering a hot migration of the double-buffered key pool, during the hot migration, a state count value is allocated according to the sectorized state index, and the signature output is released after the state record is written to non-volatile storage, including: Obtain the difference between the current time and the effective time of the algorithm switching instruction; Divide the difference by the overlapping window and crop the result of the division operation to the range of zero and one to generate the migration ratio; Obtain the hash normalized value of the session identifier. If the hash normalized value is less than the migration ratio, the session is routed to the new buffer pool in the dual-buffered key pool; otherwise, it is routed to the old buffer pool in the dual-buffered key pool. For the signed request after routing, the offset within the generation is obtained by atomically incrementing the offset as the state count value; The sectorization state index is generated by multiplying the migration generation number by the sector state index capacity and then summing the result with the generation offset. The state record containing the intra-generation offset and the migration generation number is appended to the state log, and the state record is forcibly synchronized to the non-volatile storage; After confirming that the state record has been successfully synchronized to the non-volatile storage, a signature operation is performed based on the sectorized state index and the signature output is released.

8. A fast key management method for quantum-resistant cryptography according to claim 7, characterized in that, After the hot migration is completed, the old buffer pool in the double-buffered key pool is set to an invalid state, and the generation parameters of the sector status index capacity are updated according to the actual consumption data, including: When the migration ratio reaches the set upper limit and the number of active sessions in the old buffer pool drops to zero, the hot migration is considered complete. The old buffer pool is marked as read-only retired, and the corresponding sector range of the sectorization status index is marked as obsolete inventory, and allocation requests for the old buffer pool are rejected. Obtain the actual consumption offset during the hot migration, and divide the actual consumption offset by the sector status index capacity to calculate the margin utilization rate; When the margin utilization rate is greater than the first utilization rate determination threshold, the tail risk threshold is reduced proportionally. When the margin utilization rate is less than the second utilization rate determination threshold, the tail risk threshold is increased proportionally without exceeding the safety base threshold. Obtain the actual overlapping window of the hot migration, and perform a weighted summation of the actual overlapping window and the overlapping window using an exponential moving average algorithm to update the overlapping window; Obtain the actual state storage delay sample of the hot migration, and update the state storage delay by combining the actual state storage delay sample with the online quantile estimation algorithm.

9. An agile key management device suitable for quantum-resistant cryptography, characterized in that, include: The data acquisition module is used to collect external quantum threat indicators and internal system operation indicators, and generate threat assessment data and system load data. The frequency statistics module is used to calculate the signature consumption frequency of the state-based signature key based on the threat assessment data and the system load data. The target calculation module is used to calculate the target security level and available computing resources required by the system based on the threat assessment data and the system load data. The algorithm matching module is used to match the target quantum-resistant signature algorithm based on the target security level and the available computing resources, and generate an algorithm switching instruction; An index building module is used to obtain the state storage delay of the target quantum-resistant signature algorithm and the overlapping window of the double-buffered key pool during hot migration, determine the sector state index capacity in combination with the signature consumption frequency, and build a sectorized state index for the state-type signature key based on the sector state index capacity. The migration execution module is used to trigger a hot migration of the double-buffered key pool in response to the algorithm switching instruction, allocate a state count value according to the sectorized state index during the hot migration, and release the signature output after the state record is written to non-volatile storage. The parameter update module is used to set the old buffer pool in the double-buffered key pool to an invalid state after the hot migration is completed, and update the generation parameter of the sector status index capacity according to the actual consumption data.