A two-channel authentication method and system based on one-way QKD

By pre-setting shared consistency information in the QKD system to determine quantum basis selection and encoding reference information, and combining quantum channel authentication with classical channel authentication messages, collaborative dual authentication of the QKD system in multi-node scenarios is realized. This solves the authentication dependency problem in existing technologies, improves security, and reduces costs.

CN122372228APending Publication Date: 2026-07-10北京长擎量子技术有限公司

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
北京长擎量子技术有限公司
Filing Date
2026-06-10
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing QKD systems suffer from several drawbacks in classical channel authentication, including difficulties in initial key distribution due to reliance on pre-shared key authentication, high management costs, and poor scalability. Classical public-key cryptography is also vulnerable to being cracked with the development of quantum computing capabilities. Post-quantum cryptography relies on classical cryptographic algorithms, resulting in high implementation complexity and deployment costs.

Method used

By pre-setting shared consistency information to determine quantum basis selection and encoding reference information, the quantum channel is used to first complete the authentication of communication nodes, and then the authentication message is constructed based on temporary random information in the classical channel to achieve collaborative dual authentication between the quantum channel and the classical channel. After authentication, the quantum key generated by QKD is used to update the shared consistency information.

Benefits of technology

Without relying on the pre-reliability assumptions of existing classical channels, the QKD system improves authentication security, reduces networking and deployment costs, and enhances forward security and resistance to quantum attacks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372228A_ABST
    Figure CN122372228A_ABST
Patent Text Reader

Abstract

The disclosure provides a two-channel authentication method and system based on one-way QKD, which determines quantum basis selection and encoding reference information by presetting shared consistency information, first completes the authentication of communication nodes in the quantum path by using the quantum channel, then realizes the two-way authentication of communication nodes in the classical path by combining the authentication message constructed based on temporary random information in the classical channel, and updates the shared consistency information by using the quantum key generated by QKD after the authentication is completed, so as to realize the cooperative double authentication of the quantum channel and the classical channel without relying on the prior trusted assumption of the existing classical channel. Not only can the problem of the QKD system depending on the prior authentication of the classical channel be solved, but also in the multi-to-multi communication scene where the QKD module is separated from the communication node and multiple nodes share the QKD device, the authentication security can be improved, the networking and deployment cost can be reduced, and the forward security and quantum attack resistance of the system can be enhanced.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of secure communication technology, and more specifically, to a dual-channel authentication method and system based on one-way QKD. Background Technology

[0002] Quantum key distribution (QKD) is a technique that utilizes quantum physical properties such as the no-cloning property of quantum states and the perturbation property of measurements to achieve secure key distribution. It can complete key negotiation between communicating parties in an information-theoretic sense, and is therefore considered one of the important technological paths to address information security threats in the post-quantum era. For QKD systems, security depends not only on the quantum channel itself but also on the trustworthiness of the classical channel. This is because after quantum state transmission, QKD typically requires post-processing through a classical channel, including basis selection comparison, parameter estimation, information coordination, and privacy amplification. If the classical channel is not effectively authenticated, attackers could use man-in-the-middle attacks to impersonate the communicating parties and establish independent sessions with both ends, thereby undermining the overall security premise of the QKD system.

[0003] In existing technologies, methods such as pre-shared key authentication, classical public-key cryptography, post-quantum cryptography, and hybrid authentication are commonly used to address the classical channel authentication problem in QKD. While pre-shared key authentication offers high security, it suffers from challenges such as difficulty in initial key distribution, high management costs, and poor scalability in scenarios with a large number of communication nodes and complex network relationships. Classical public-key cryptography, while facilitating network expansion, relies on traditional mathematical problems for security, which are vulnerable to being cracked with the continuous development of quantum computing capabilities. Post-quantum cryptography enhances resistance to quantum attacks to some extent, but it still fundamentally depends on classical cryptographic algorithms. Hybrid authentication, while improving system redundancy, suffers from high implementation complexity and deployment costs. Summary of the Invention

[0004] This disclosure provides at least one dual-channel authentication method and system based on unidirectional QKD. It determines quantum basis selection and encoding reference information by pre-setting shared consistency information, first authenticating the communication node under the quantum path using a quantum channel, and then achieving bidirectional authentication of the communication node under the classical path by combining an authentication message constructed based on temporary random information in the classical channel. After authentication, the shared consistency information is updated using a quantum key generated by QKD. Thus, collaborative dual authentication between the quantum and classical channels is achieved without relying on the pre-established trust assumptions of the classical channel. This not only solves the prerequisite dependency problem of QKD systems on classical channel authentication, but also improves authentication security, reduces networking and deployment costs, and enhances the system's forward security and resistance to quantum attacks in many-to-many communication scenarios where the QKD module and communication nodes are separated and multiple nodes share the QKD device.

[0005] This disclosure provides a dual-channel authentication method based on unidirectional QKD, applied to a first communication node and a second communication node located in different local area networks, wherein the first communication node and the second communication node are respectively communicatively connected to a local quantum key distribution (QKD) device. The method includes: The shared consistency information pre-stored by the first communication node and the second communication node is obtained. Based on the shared consistency information, the basis selection information and coding reference information for quantum channel authentication are determined. The first communication node generates first random information and constructs authentication information to be sent based on the coding reference information and the first random information. The first communication node is controlled to send the authentication information to be sent via a local QKD device, a remote QKD device, and the quantum channel between the two, so that the second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information, and completes the authentication of the first communication node in the quantum channel path according to the consistency between the measurement result and the locally stored encoding reference information. After the second communication node completes the authentication of the first communication node in the quantum channel path, the second communication node generates a first classical authentication message based on the first random information obtained from quantum measurement, and sends it to the first communication node through the classical channel between the first and second communication nodes, so that the first communication node completes the authentication of the second communication node in the classical channel path according to the first classical authentication message. After the first communication node completes the authentication of the second communication node in the classical channel path, the first communication node generates a second classical authentication message and sends it to the second communication node so that the second communication node completes the authentication of the first communication node in the classical channel path. After the first communication node and the second communication node complete the bidirectional authentication of the quantum channel and the classical channel, the target part of the quantum key generated by QKD is extracted and the shared consistency information is updated.

[0006] In one optional implementation, the shared consistency information is binary information pre-stored consistently in the first communication node and the second communication node. Based on the shared consistency information, basis selection information and encoding reference information for quantum channel authentication are determined. Based on the encoding reference information and the first random information, authentication information to be sent is constructed, specifically including: The shared consistency information is grouped according to a preset allocation rule; Extract the first part of bits from each set of shared consistency information as basis selection information, and extract the second part of bits as encoding reference information. The basis selection information is used to determine the quantum state encoding basis and the quantum state measurement basis, and the encoding reference information is used to construct the authentication information to be sent and to perform quantum measurement result consistency verification. The first random information is concatenated or combined with the encoded reference information to obtain the target encoded sequence; Based on the basis selection information, the target encoding sequence is quantum-state encoded according to the quantum state mapping relationship corresponding to different basis selections; The encoded quantum state is sent to the remote QKD device via the local QKD device.

[0007] In one optional implementation, the second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information, and completes the authentication of the first communication node in the quantum channel path according to the consistency between the measurement result and the locally stored encoding reference information, specifically including: The measurement basis selection information is determined based on the locally stored shared consistency information; The remote QKD device is controlled to perform measurements on the received quantum state according to the measurement basis selection information to obtain the measurement results; Extract reference measurement information and random measurement information from the measurement results; The reference measurement information is compared with the locally stored coded reference information; If the comparison results meet the consistency condition, the first communication node in the quantum channel path is determined to be successfully authenticated.

[0008] In one optional implementation, after the second communication node completes the authentication of the first communication node in the quantum channel path, the second communication node generates a first classical authentication message based on the first random information obtained from quantum measurement, specifically including: Perform hash processing on the first random information obtained from quantum measurement to obtain the first check value; Generate a second random message; The first random information is used as a key to encrypt the second random information to obtain encrypted random information; The first verification value and the encrypted random information are combined to obtain the first classic authentication message.

[0009] In one optional implementation, the first communication node authenticates the second communication node in the classic channel path based on the first classic authentication message, specifically including: The first classic authentication message is parsed to obtain the first verification value and the encrypted random information; The encrypted random information is decrypted based on the first random information stored locally to obtain the decrypted second random information; Perform hash processing on the first random information stored locally to obtain the local verification value; When the local verification value matches the first verification value, the identity of the second communication node in the classical channel path is determined to be trustworthy, and the authentication information previously sent via the quantum channel is confirmed to have reached the second communication node trustworthy.

[0010] In one optional implementation, the first communication node generates a second classic authentication message and sends it to the second communication node, so that the second communication node completes the authentication of the first communication node in the classic channel path, specifically including: The first communication node performs hash processing on the decrypted second random information to obtain a second verification value; Send the second verification value to the second communication node; The second communication node performs hash processing on the locally generated second random information to obtain the local second check value; When the second verification value matches the local second verification value, the identity of the first communication node in the classic channel path is determined to be trustworthy.

[0011] In one optional implementation, during the quantum channel authentication process, the information used to determine the quantum state coding basis and the quantum state measurement basis is not exchanged through the classical channel between QKD devices. Instead, it is determined independently by the first communication node and the second communication node based on pre-stored shared consistency information, and then sent to the corresponding QKD device through their respective interfaces with the local QKD device.

[0012] In one optional implementation, both the first communication node and the second communication node are equipped with: A pre-shared information management module is used to store and update the shared consistency information; The comparison and verification module is used to perform consistency verification of quantum measurement results and verification of classical authentication messages; The QKD application interface module is used to send base selection control information, encoding control information, or measurement control information to the local QKD device and receive the corresponding authentication results.

[0013] In one optional implementation, the QKD device is provided with: The QKD service module is used to respond to authentication service requests initiated by the corresponding communication node; The basis mapping module is used to perform quantum state encoding, transmission, or measurement based on the basis selection control information and encoding control information sent by the communication node; The QKD control module is used to schedule QKD components, control interfaces, or device drivers to complete quantum signal transmission and reception and authentication coordination.

[0014] This disclosure also provides a dual-channel authentication system based on one-way QKD, including a first communication node, a second communication node, a first QKD device, and a second QKD device. The first communication node and the second communication node are configured to perform the dual-channel authentication method based on one-way QKD as described in any of the above embodiments. The first communication node is communicatively connected to the first QKD device; The second communication node is communicatively connected to the second QKD device; A quantum channel is established between the first QKD device and the second QKD device, and a classical channel is established between the first communication node and the second communication node.

[0015] This disclosure also provides an electronic device, including: a processor, a memory, and a bus. The memory stores machine-readable instructions executable by the processor. When the electronic device is running, the processor communicates with the memory via the bus. When the machine-readable instructions are executed by the processor, they perform the steps of the above-described dual-channel authentication method based on one-way QKD, or any possible implementation of the above-described dual-channel authentication method based on one-way QKD.

[0016] This disclosure also provides a computer-readable storage medium storing a computer program that, when executed by a processor, performs the steps of the above-described dual-channel authentication method based on one-way QKD, or any possible implementation of the above-described dual-channel authentication method based on one-way QKD.

[0017] This disclosure also provides a computer program product, including a computer program / instructions, which, when executed by a processor, implement the steps of the above-described dual-channel authentication method based on one-way QKD, or any possible implementation of the above-described dual-channel authentication method based on one-way QKD.

[0018] This disclosure provides a dual-channel authentication method and system based on unidirectional QKD. It determines quantum basis selection and encoding reference information by pre-setting shared consistency information. The quantum channel is used to first authenticate the communication node under the quantum path. Then, an authentication message constructed based on temporary random information in the classical channel is used to achieve bidirectional authentication of the communication node under the classical path. After authentication, the shared consistency information is updated using a quantum key generated by QKD. Thus, collaborative dual authentication between the quantum and classical channels is achieved without relying on the pre-established trust assumptions of the classical channel. This not only solves the prerequisite dependency problem of QKD systems on classical channel authentication but also improves authentication security, reduces networking and deployment costs, and enhances the system's forward security and resistance to quantum attacks in many-to-many communication scenarios where the QKD module and communication nodes are separated and multiple nodes share the QKD device.

[0019] To make the above-mentioned objects, features and advantages of this disclosure more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description

[0020] To more clearly illustrate the technical solutions of the embodiments of this disclosure, the accompanying drawings used in the embodiments will be briefly described below. These drawings are incorporated in and constitute a part of this specification. They illustrate embodiments conforming to this disclosure and, together with the specification, serve to explain the technical solutions of this disclosure. It should be understood that the following drawings only show some embodiments of this disclosure and should not be considered as limiting the scope. Those skilled in the art can obtain other related drawings based on these drawings without creative effort.

[0021] Figure 1 A flowchart of a dual-channel authentication method based on unidirectional QKD provided in an embodiment of this disclosure is shown; Figure 2 This illustration shows a schematic diagram of a quantum classical path dual authentication process provided in an embodiment of the present disclosure; Figure 3 A schematic diagram of a quantum coding scheme provided by an embodiment of this disclosure is shown; Figure 4 A schematic diagram of a dual-channel authentication system based on one-way QKD provided in an embodiment of this disclosure is shown. Detailed Implementation

[0022] To make the objectives, technical solutions, and advantages of the embodiments of this disclosure clearer, the technical solutions of the embodiments of this disclosure will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this disclosure, and not all of them. The components of the embodiments of this disclosure described and shown in the accompanying drawings can generally be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of this disclosure provided in the accompanying drawings is not intended to limit the scope of the claimed disclosure, but merely represents selected embodiments of this disclosure. All other embodiments obtained by those skilled in the art based on the embodiments of this disclosure without inventive effort are within the scope of protection of this disclosure.

[0023] It should be noted that similar labels and letters in the following figures indicate similar items. Therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures.

[0024] In this document, the term "and / or" merely describes a relationship, indicating that three relationships can exist. For example, A and / or B can represent three cases: A alone, A and B simultaneously, and B alone. Furthermore, the term "at least one" in this document means any combination of at least two of any one or more elements. For example, including at least one of A, B, and C can mean including any one or more elements selected from the set consisting of A, B, and C.

[0025] Research has revealed that existing technologies for QKD classical channel authentication typically employ methods such as pre-shared key authentication, classical public-key cryptography, post-quantum cryptography, and hybrid authentication. While pre-shared key authentication offers high security, it faces challenges in scenarios with a large number of communication nodes and complex network structures, including difficulties in initial key distribution, high management costs, and poor scalability. Classical public-key cryptography, while facilitating network expansion, relies on traditional mathematical problems for security, making it vulnerable to cracking in the context of advancing quantum computing capabilities. Post-quantum cryptography enhances resistance to quantum attacks to some extent but still fundamentally depends on classical cryptographic algorithms. Hybrid authentication, while improving system redundancy, suffers from high implementation complexity and deployment costs.

[0026] Based on the above research, this disclosure provides a dual-channel authentication method and system based on unidirectional QKD. By pre-setting shared consistency information to determine quantum basis selection and encoding reference information, the quantum channel is used to first complete the authentication of communication nodes under the quantum path. Then, combined with the authentication message constructed based on temporary random information in the classical channel, bidirectional authentication of communication nodes under the classical path is achieved. After authentication, the shared consistency information is updated using the quantum key generated by QKD. Thus, collaborative dual authentication between the quantum channel and the classical channel is achieved without relying on the pre-assured reliability of the existing classical channel. This not only solves the prerequisite dependency problem of QKD systems on the classical channel's authentication, but also improves authentication security, reduces networking and deployment costs, and enhances the system's forward security and resistance to quantum attacks in many-to-many communication scenarios where the QKD module and communication nodes are separated and multiple nodes share the QKD device.

[0027] To facilitate understanding of this embodiment, a detailed description of a dual-channel authentication method based on unidirectional QKD disclosed in this disclosure embodiment will be provided first. The dual-channel authentication based on unidirectional QKD provided in this disclosure embodiment is applied to a first communication node and a second communication node located in different local area networks, and the first communication node and the second communication node are respectively connected to a local quantum key distribution (QKD) device.

[0028] See Figure 1The diagram shows a flowchart of a dual-channel authentication method based on unidirectional QKD provided in an embodiment of this disclosure. The method includes steps S101 to S104, wherein: S101. Obtain the shared consistency information pre-stored by the first communication node and the second communication node, determine the basis selection information and coding reference information for quantum channel authentication based on the shared consistency information, generate the first random information by the first communication node, and construct the authentication information to be sent based on the coding reference information and the first random information.

[0029] In practice, the first and second communication nodes pre-store the same shared consistency information before performing quantum channel authentication. This shared consistency information can be a preset binary information sequence written into the first and second communication nodes respectively through a secure import method during system deployment, device initialization, or initial network configuration. This shared consistency information serves as the foundation for subsequent quantum channel authentication, providing both parties with a consistent source of basis selection and encoding reference, eliminating the need for them to interact with the basis selection content via a classical channel at the start of authentication.

[0030] Specifically, the first communication node first reads the pre-stored shared consistency information from its local storage unit, and the second communication node similarly reads the same shared consistency information from its local storage unit. In one specific implementation, the shared consistency information can be represented as a binary sequence K0 of length k. Since the first and second communication nodes pre-store the same content, they can independently determine the authentication parameters based on the same shared consistency information, without needing to establish a classical synchronization process for basis selection before the start of quantum channel authentication.

[0031] Here, after acquiring the shared consistency information, the first and second communication nodes parse the shared consistency information according to a preset splitting rule to determine the basis selection information and encoding reference information used for quantum channel authentication. The preset splitting rule can be pre-set according to actual security requirements. Its core lies in dividing the shared consistency information into two types of sequences with different purposes: one type is used to determine the basis used when transmitting and measuring quantum states, and the other type is used as reference content that needs to be compared during the authentication process.

[0032] In a preferred embodiment, the shared consistency information can be grouped according to a preset number of bits, and a portion of bits from each group can be selected to form radix selection information, while the remaining bits can be selected to form encoding reference information. For example, the shared consistency information can be divided into groups of three bits each, where two bits in each group are used to form the radix selection sequence, and the other bit is used to form the encoding reference sequence.

[0033] After the above processing, the basis selection sequence M and the encoding reference sequence N can be obtained respectively. The basis selection sequence M is used to indicate the target basis to be used when encoding and measuring quantum states, and the encoding reference sequence N is used as a reference for the receiver to perform subsequent authentication and determination.

[0034] Furthermore, the first communication node generates corresponding quantum coding basis control parameters based on the basis selection information, and the second communication node generates corresponding quantum measurement basis control parameters based on the same basis selection information. Since both nodes start from the same shared consistency information and use the same splitting rules, even without transmitting the basis selection content through a classical channel, the first and second communication nodes can still determine consistent basis selection results. Thus, during subsequent quantum state transmission and measurement, the second communication node can measure the received quantum state according to the pre-determined measurement basis, providing conditions for subsequent authentication based on the consistency between the measurement results and the coding reference information.

[0035] It should be noted that in this embodiment, the shared consistency information is not used as a long-term authentication key in classical channels for direct participation in classical encryption and decryption, but rather is primarily used as a source of basic parameters for the quantum channel authentication phase. In other words, the basis selection information formed after the shared consistency information is split is mainly used for basis selection control during the quantum signal transmission and reception process, while the encoded reference information is mainly used for reference verification of the quantum authentication results.

[0036] In some implementations, shared consistency information can be managed by a pre-shared information management module. This module can be configured to perform operations such as reading shared consistency information, integrity verification, splitting mapping, and update preparation. When authentication begins, the pre-shared information management module first calls the locally stored shared consistency information, then outputs base selection information and encoding reference information according to preset splitting rules, and provides them to the subsequent QKD application interface module and comparison verification module, respectively.

[0037] The QKD application interface module can send base selection control parameters to the local QKD device based on the base selection information, while the comparison and verification module can cache or record the encoding reference information for subsequent authentication judgment.

[0038] In this embodiment, after the first communication node and the second communication node have determined the encoding reference information based on the pre-stored shared consistency information, the first communication node generates the first random information. The first random information is preferably a random binary sequence temporarily generated by the first communication node at the start of the current authentication session. This random binary sequence does not depend on the pre-stored information, but is generated in real time for the current authentication round, thereby making the authentication process session-unique and dynamic.

[0039] Specifically, the first communication node can invoke a local random number generation module, a cryptographic random number generation module, or a random source in trusted hardware to generate first random information of a length that meets the authentication requirements. In one specific embodiment, the length of the first random information can be the same as the length of the aforementioned encoded reference information, so that subsequent splicing and quantum state mapping can be performed according to preset rules; of course, in other embodiments, the length of the first random information can also be adaptively configured according to the quantum channel authentication strength, the length constraint of the authentication information to be sent, or the interface capability of the QKD device. As long as the first random information can meet the requirements of constructing the authentication payload and providing dynamic authentication material for the subsequent classical channel authentication stage, it should fall within the protection scope of this invention.

[0040] Furthermore, the first random information is generated once per authentication process and is bound to the current authentication session. In this embodiment, the first random information is used both to construct the authentication information to be sent in the quantum channel authentication phase and as a dynamic authentication basis in the classical channel authentication phase in subsequent authentication processes. That is to say, the first random information not only undertakes the role of quantum-side payload extension but also serves as a data bridge connecting the quantum channel authentication process and the classical channel authentication process.

[0041] Here, after generating the first random information, the first communication node constructs the authentication information to be sent based on the encoded reference information and the first random information. The authentication information to be sent can be understood as the original authentication payload to be transmitted via the quantum channel, carrying both static reference content and dynamic random content, so that the receiving side simultaneously obtains a reference portion for identity verification and a random portion for subsequent interactive authentication after the quantum measurement is completed. To this end, the first communication node combines the encoded reference information and the first random information according to a preset construction rule to obtain the authentication information to be sent.

[0042] In a preferred embodiment, the first communication node constructs the authentication information to be sent by sequentially concatenating the encoded reference information and the first random information. Specifically, the encoded reference information can be used as the first sequence and the first random information as the second sequence, concatenating them to form a complete authentication information sequence.

[0043] For example, the first communication node combines the encoded reference sequence N with the random number R1 to obtain the authentication information to be sent, C=(N||R1). The encoded reference information part at the front end is used to provide a known reference comparison basis at the receiving end, and the first random information part at the back end is used to provide dynamic authentication content specific to the current session.

[0044] It should be noted that the combination of the encoded reference information and the first random information is not limited to simple direct concatenation. In other implementations, segmented encapsulation, position mapping, interleaving, or combinations with format fields can also be used to form the authentication information to be sent. As long as the formed authentication information to be sent can be restored or parsed at the receiving end to extract the corresponding reference content and random content, enabling the receiving end to perform quantum path authentication using the reference part and support subsequent classical path authentication using the random part, it is acceptable.

[0045] Furthermore, during the construction of the authentication information to be transmitted, the first communication node can also perform preprocessing operations such as length adaptation, format encapsulation, field identification, or integrity checks on the encoded reference information and the first random information. For example, the length of the first random information can be padded to ensure that it meets the predetermined quantum encoding length requirement when mapping the sequence with the encoded reference information; or field boundary information can be reserved in the combined authentication information to be transmitted so that the receiving end can more accurately distinguish the corresponding reference content part and the random content part after the measurement is completed.

[0046] S102. Control the first communication node to send the authentication information to be sent through the local QKD device, the remote QKD device, and the quantum channel between them, so that the second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information, and completes the authentication of the first communication node in the quantum channel path according to the consistency between the measurement result and the locally stored encoding reference information.

[0047] In practical implementation, after the first communication node completes the construction of the authentication information to be sent, it controls the first communication node to send the authentication information through the local QKD device, the remote QKD device, and the quantum channel between them. Here, the first communication node itself does not directly perform quantum state transmission and reception, but sends an authentication initiation request, basis selection control parameters, and the encoded data corresponding to the authentication information to be sent to the local QKD device through its locally configured QKD application interface module. The local QKD device then calls its internal QKD service module, basis mapping module, and QKD control module to complete the subsequent quantum state encoding and transmission operations.

[0048] Specifically, the first communication node first transmits the aforementioned authentication information to be sent and the corresponding basis selection information to the local QKD device. After receiving the authentication information to be sent, the local QKD device determines the quantum coding basis corresponding to each bit according to the basis selection information, and maps each bit value in the authentication information to be sent to the corresponding quantum state.

[0049] Among them, the basis selection information is used to determine which quantum basis should be used to encode each authentication information, and the authentication information to be sent is the original bit content to be carried in the quantum state.

[0050] Subsequently, the local QKD device generates a corresponding quantum state sequence according to the determined encoding basis and authentication information, and transmits it to the remote QKD device through the quantum channel established between the two devices. The quantum channel can be a dedicated quantum transmission link pre-deployed between QKD devices, such as a fiber optic quantum channel or other channel forms suitable for quantum state transmission.

[0051] In one specific implementation, the local QKD device can perform bit-by-bit quantum state encoding on the authentication information to be sent based on the values ​​of each bit in the basis selection information. For example, when a certain bit of the basis selection information corresponds to a first type of basis, the local QKD device encodes the corresponding bit of the authentication information to be sent according to the quantum state mapping rules under the first type of basis; when a certain bit of the basis selection information corresponds to a second type of basis, the local QKD device encodes the corresponding bit according to the quantum state mapping rules under the second type of basis.

[0052] In this way, different positions in the same authentication information to be sent can be represented by quantum states under different quantum bases, so that the subsequent receiver can recover the corresponding authentication information content under the basis matching condition.

[0053] Here, after the remote QKD device receives the quantum state sequence, the second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information. Specifically, since the second communication node has pre-stored the same shared consistency information as the first communication node, the second communication node can determine the basis selection information consistent with the sending end from the shared consistency information according to the same splitting rules as the first communication node.

[0054] Subsequently, the second communication node can send measurement control parameters to the remote QKD device through its QKD application interface module, so that the remote QKD device can perform bit-by-bit measurements on the received quantum state sequence according to the measurement basis corresponding to the basis selection information, thereby obtaining the quantum measurement result corresponding to the authentication information to be sent.

[0055] It should be noted that since the quantum state's transmission basis and reception measurement basis originate from shared consistency information pre-stored by both parties, under normal circumstances without eavesdropping or man-in-the-middle tampering, the second communication node can recover the measurement results consistent with the original authentication information of the sending end with high reliability.

[0056] Furthermore, after obtaining the quantum measurement results, the second communication node authenticates the first communication node in the quantum channel path based on the consistency between the measurement results and the locally stored coded reference information. In other words, the second communication node does not directly use all measurement results as the final authentication basis, but extracts a reference measurement portion corresponding to the coded reference information from the measurement results and compares this reference measurement portion with the locally pre-stored coded reference information. If the comparison result meets a preset consistency condition, it indicates that the authentication information received through the quantum channel is consistent with the locally known reference content in the reference portion, thus demonstrating that the sending end has the same shared consistency information as the second communication node, and that no abnormal eavesdropping, tampering, or replay behavior sufficient to compromise the authentication result occurred during quantum channel transmission.

[0057] Based on this, the second communication node can determine that the first communication node in the quantum channel path has been authenticated.

[0058] In one specific implementation, if the authentication information to be sent by the first communication node is formed by a combination of coded reference information and first random information, then the second communication node can split the measurement result into two parts after measurement: reference measurement information and random measurement information. The reference measurement information corresponds to the coded reference information part used by the sending end when constructing the authentication information to be sent, and the random measurement information corresponds to the first random information part generated by the sending end.

[0059] Here, the second communication node compares the reference measurement information bit-by-bit, segment-by-segment, or bit error rate threshold-based comparisons with the locally stored encoded reference information. When the comparison results show that the two are consistent or the difference between them is below a preset tolerance range, the first communication node's identity on the quantum path can be determined to be trustworthy. Simultaneously, the second communication node can also retain random measurement information for use in generating authentication messages during the subsequent classical channel authentication phase.

[0060] It should be noted that this embodiment is not limited to a strict, complete bit-by-bit consistency determination. In practical applications, considering that the quantum channel itself may have physical noise, device errors, or environmental disturbances, the second communication node can also judge the degree of matching between the reference measurement portion of the measurement result and the locally encoded reference information based on the system's preset error threshold, reliability threshold, or statistical judgment rules. When the matching degree meets the authentication pass condition, the authentication of the first communication node on the quantum channel path can be considered successful; conversely, when the matching degree is lower than the preset threshold, it can be determined that there is an abnormal risk in the current quantum path, thereby terminating the current authentication process or triggering a retry mechanism.

[0061] Furthermore, since the base selection information in this authentication process is not publicly exchanged through the classic channel between QKD devices, but is independently determined by the first communication node and the second communication node based on the pre-stored shared consistency information, additional security risks can be avoided due to the classic channel not being authenticated before QKD post-processing.

[0062] Therefore, by controlling the first communication node to send the authentication information to be sent through the local QKD device, the remote QKD device, and the quantum channel between the two, and the second communication node to perform quantum measurement based on the basis selection information corresponding to the shared consistency information, and then completing the authentication based on the consistency between the measurement result and the locally stored encoded reference information, the identity of the first communication node and the trustworthiness of the transmission path in the quantum channel path can be confirmed without relying on the pre-trustworthiness of the classical channel.

[0063] S103. After the second communication node completes the authentication of the first communication node in the quantum channel path, the second communication node generates a first classical authentication message based on the first random information obtained by quantum measurement, and sends it to the first communication node through the classical channel between the first communication node and the second communication node, so that the first communication node completes the authentication of the second communication node in the classical channel path according to the first classical authentication message.

[0064] In practice, after the second communication node completes the authentication of the first communication node in the quantum channel path, it indicates that the second communication node has confirmed that the authentication information transmitted via the local QKD device, the remote QKD device, and the quantum channel between them is reliable, and that the second communication node has recovered the first random information corresponding to the sender through quantum measurement results. Based on this, the second communication node generates a first classical authentication message based on the first random information obtained from quantum measurement, and sends it to the first communication node via the classical channel between the first and second communication nodes, so that the first communication node can confirm the credibility of the second communication node's identity in the classical channel path.

[0065] Specifically, in the aforementioned quantum channel authentication process, the second communication node performs measurements on the received quantum state. In addition to obtaining reference measurement information for comparison with locally encoded reference information, it also obtains random measurement information corresponding to the first random information from the transmitting end. Since the second communication node has already authenticated the first communication node based on the consistency between the measurement results and the locally stored encoded reference information, the random measurement information can be considered as the first random information obtained through trusted transmission via the quantum path.

[0066] In other words, the first random information is not pre-held by the second communication node, but is dynamically generated by the first communication node in the current authentication round and transmitted through the quantum channel, and then obtained by the second communication node through matching measurements. Based on this, the first classical authentication message subsequently generated by the second communication node can be built on the dynamic random information specific to the current authentication session, thereby enhancing the timeliness and replay resistance of classical channel authentication.

[0067] In one specific implementation, the second communication node first performs hash processing on the first random information obtained from quantum measurement to obtain a first check value. This first check value is used to prove to the first communication node that the second communication node has indeed obtained the first random information generated and sent by the first communication node through the quantum channel.

[0068] Here, since the first communication node locally stores the originally generated first random information, upon receiving the first verification value, it can perform the same hash operation based on its own first random information and compare the calculation result with the received first verification value. If they match, it indicates that the second communication node does indeed possess the first random information originating from the quantum channel and consistent with the content stored locally by the first communication node, thus proving that the quantum path authentication information previously received by the second communication node is authentic and reliable.

[0069] Furthermore, in order to not only enable the second communication node to provide feedback on the quantum path authentication result, but also to provide a basis for the subsequent feedback of the authentication result by the first communication node, in this embodiment, the second communication node also generates second random information, and uses the first random information obtained by quantum measurement as the encryption basis to encrypt the second random information to obtain encrypted random information.

[0070] Here, the second random information is preferably a random sequence generated in real time by the second communication node in the current authentication round, which forms the dynamic basis for the first communication node to return authentication confirmation information to the second communication node in the next stage.

[0071] Since the key used to encrypt the second random information comes from the first random information obtained by quantum measurement, and the first random information corresponds to the content dynamically generated and reliably transmitted through the quantum channel in the current session of the first communication node, only the first communication node that truly holds the original first random information can correctly recover the second random information after receiving the first classical authentication message.

[0072] Thus, the second communication node can use encrypted random information to transmit a dynamic authentication message to the first communication node in the classic channel, which only the legitimate first communication node can correctly parse.

[0073] Based on the above processing, the second communication node combines the first verification value and the encrypted random information to generate a first classic authentication message. In one specific embodiment, the second communication node can concatenate the first verification value and the encrypted random information in a preset order to form a first classic authentication message.

[0074] For example, the second communication node performs a hash operation on the first random information R1′ obtained from quantum measurement to obtain H(R1′), and generates a random number R2. Then, it uses R1′ as the encryption key to encrypt R2 to obtain ER1(R2). Finally, the two are combined to form the first classical authentication message C1=[H(R1′)∥ER1(R2)].

[0075] Of course, in other embodiments, the first classic authentication message can also be constructed by field encapsulation, segmentation and framing, or by adding an identifier header. As long as it contains at least verification content that can indicate that the second communication node has mastered the first random information, and encrypted content that can be used by the first communication node to recover the second random information, it will fall within the protection scope of this invention.

[0076] Furthermore, after generating the first classic authentication message, the second communication node sends it to the first communication node via the classic channel between the first and second communication nodes. The classic channel can be an existing cross-domain data communication link between the two parties, such as a conventional data transmission path established via their respective local area network gateways, routing devices, and the Internet.

[0077] It should be noted that although the first communication node has not yet completed the final authentication of the second communication node in the classical channel path, since the core verification basis carried in the first classical authentication message comes from the aforementioned quantum path that has been authenticated, the first communication node can use the confirmed and reliable dynamic information in the quantum path to verify the credibility of the first classical authentication message received in the current classical channel.

[0078] Here, after the first communication node receives the first classic authentication message, it completes the authentication of the second communication node in the classic channel path based on the first classic authentication message. Specifically, the first communication node can first parse the first classic authentication message to extract the first check value and encrypted random information; then, the first communication node decrypts the encrypted random information based on the locally stored original first random information to obtain the decrypted second random information; at the same time, the first communication node can also perform hash processing based on the locally stored first random information to obtain the local check value; finally, the local check value is compared with the first check value.

[0079] If the two are consistent, it means that the second communication node has indeed obtained the first random information consistent with the first communication node through the quantum channel, and has generated the first classical authentication message in the current classical channel based on the first random information. Thus, it can be determined that the identity of the second communication node that is currently sending the first classical authentication message through the classical channel is trustworthy.

[0080] In other words, the second communication node can only construct the first classical authentication message that meets the verification requirements after it has actually received and correctly recovered the first random information in the quantum path. Therefore, the first communication node can use this message to complete the authentication of the second communication node in the classical channel path.

[0081] Furthermore, after the first communication node completes the above authentication process, the parsed second random information can be temporarily stored as the basis for returning authentication confirmation information to the second communication node in the next stage. In other words, the first classical authentication message is not only used to authenticate the second communication node in the classical channel path by the first communication node, but also to securely transmit the second random information temporarily generated by the second communication node to the first communication node. This allows the first communication node to use the second random information to construct a return authentication message in subsequent steps, enabling the second communication node to further authenticate the first communication node in the classical channel path.

[0082] Therefore, after the second communication node completes the quantum path authentication, it generates a first classical authentication message based on the first random information obtained from quantum measurement and sends it to the first communication node through the classical channel. This allows the first communication node to use the original first random information it possesses to verify the classical authentication message, thereby confirming that the second communication node not only truly participated in the aforementioned quantum authentication process but also provides an authentication response consistent with the quantum authentication result in the current classical channel.

[0083] S104. After the first communication node completes the authentication of the second communication node in the classical channel path, the first communication node generates a second classical authentication message and sends it to the second communication node so that the second communication node completes the authentication of the first communication node in the classical channel path. After the first communication node and the second communication node complete the bidirectional authentication of the quantum channel and the classical channel, the target part of the quantum key generated by QKD is extracted and the shared consistency information is updated.

[0084] In practice, after the first communication node completes the authentication of the second communication node in the classical channel path, it means that the first communication node has confirmed that the second communication node truly participated in the aforementioned quantum channel authentication process, and that the source of the first classical authentication message currently sent to the first communication node via the classical channel is trustworthy. Based on this, the first communication node generates a second classical authentication message and sends it to the second communication node, so that the second communication node can further complete the authentication of the first communication node in the classical channel path.

[0085] Specifically, during the process of the first communication node receiving and verifying the first classical authentication message, the first communication node has decrypted the encrypted content in the first classical authentication message based on the first random information stored locally, thereby obtaining the second random information dynamically generated by the second communication node in the current authentication session. Since this second random information is generated by the second communication node immediately after completing the quantum path authentication and transmitted to the first communication node via an encryption method based on the aforementioned first random information, the first communication node can confirm that the second random information corresponds to this round of authentication process, and the second random information has become the dynamic authentication content introduced by the second communication node in the current session.

[0086] Based on this, the first communication node can further use the second random information to construct a second classic authentication message to be returned to the second communication node, so as to prove to the second communication node that the first communication node has correctly received and parsed the authentication message sent by the second communication node through the classic channel, and that the message transmission process from the second communication node to the first communication node in the classic channel was reliable.

[0087] In one specific implementation, the process of the first communication node generating the second classic authentication message includes: performing hash processing on the decrypted second random information to obtain a second verification value; using the second verification value as the second classic authentication message, or combining the second verification value with at least one of session identifier, length information, and message type identifier to form the second classic authentication message; and then sending the second classic authentication message to the second communication node via the classic channel between the first and second communication nodes.

[0088] For example, the first communication node performs a hash operation on the decrypted random number R2′ to obtain H(R2′), and sends the hash result to the second communication node.

[0089] In this way, after receiving the second classic authentication message, the second communication node can compare the second check value in it with the check result corresponding to the second random information stored locally, so as to determine whether the first communication node has actually received the authentication content sent by the second communication node through the classic channel.

[0090] Furthermore, after the second communication node receives the second classic authentication message, it completes the authentication of the first communication node in the classic channel path based on the second classic authentication message. Specifically, the second communication node can perform the same hashing process as the first communication node based on the second random information stored locally to obtain a local second verification value; subsequently, it compares the local second verification value with the second verification value in the received second classic authentication message.

[0091] If the comparison results match, it indicates that the first communication node has correctly obtained and parsed the dynamic authentication content previously sent by the second communication node through the classic channel. This means that the classic channel transmission process from the second communication node to the first communication node was not forged, tampered with, or forwarded incorrectly, and the first communication node currently sending the second classic authentication message has the correct understanding of this second random information. Therefore, the second communication node can determine that the identity of the first communication node in the classic channel path is trustworthy, thereby completing the authentication of the first communication node in the classic channel path.

[0092] In other words, in this embodiment, the authentication of the first communication node in the classic channel path by the second communication node is not simply based on whether the first communication node has sent a fixed message, but rather on whether the first communication node can correctly respond to the second random information temporarily generated and encrypted by the second communication node in this round of the session. Only when the first communication node actually receives the first classic authentication message, correctly decrypts the encrypted content therein using its local first random information, and generates a correct second classic authentication message based on the obtained second random information, will the second communication node determine that the first communication node has passed authentication.

[0093] In some implementations, the second classic authentication message may further include, in addition to the second checksum, at least one of a timestamp, message sequence number, authentication round identifier, or node identity identifier, so that the second communication node can simultaneously verify the freshness of the message and session matching when making authentication decisions. Alternatively, before sending the second classic authentication message, the second checksum may be subjected to format encapsulation, message framing, or lightweight protection processing to enhance its transmission adaptability in existing classic network environments.

[0094] It should be noted that when the first communication node and the second communication node complete the bidirectional authentication of the quantum channel and the classical channel, it means that the two parties have completed the following authentication objectives in the current session: First, the second communication node has completed the authentication of the first communication node in the quantum channel path; second, the first communication node has completed the authentication of the second communication node in the classical channel path; third, the second communication node has completed the authentication of the first communication node in the classical channel path.

[0095] At this point, the bidirectional authentication process between the quantum path and the classical path in the current session is complete, and the security prerequisites for subsequent QKD key distribution and secure communication are met. Based on this, the target portion of the quantum key generated by QKD is extracted, and the shared consistency information is updated so that subsequent authentication processes no longer use the initially preset consistency information, but instead switch to new consistency information formed by the newly generated quantum key fragment after the current authentication is completed.

[0096] Specifically, in this embodiment, after the first communication node and the second communication node complete the bidirectional authentication and continue to execute the subsequent QKD process, and the QKD device generates the quantum key corresponding to the current session, a target portion of a preset length can be extracted from the quantum key as new shared consistency information.

[0097] For example, the first k bits can be extracted from the generated quantum key Kq to obtain new shared consistency information K1, and the currently stored shared consistency information K0 can be replaced with K1. Thus, at the start of the next round of authentication, the first and second communication nodes will no longer use the initially preset consistency information, but rather the new consistency information derived from the quantum key fragment actually generated after the previous round of authentication.

[0098] Furthermore, after the shared consistency information replacement is completed, the first and second communication nodes can also delete, clear, or invalidate the old shared consistency information before the flag update to prevent the old information from being called again in subsequent authentication.

[0099] It should be noted that the method of extracting the target portion from the quantum key is not limited to truncating a continuous bit sequence at fixed positions. In other embodiments, discretely distributed target bits can also be extracted from the quantum key according to preset mapping rules, indexing rules, or negotiation rules, or the quantum key can be first derivation processed before obtaining the consistency information for updating. As long as the first communication node and the second communication node can obtain consistent new shared information from the quantum key generated in the same round of QKD based on the same rules, and use it for subsequent authentication processes.

[0100] Furthermore, in some implementations, the update of shared consistency information can be performed by the pre-shared information management module. Specifically, after detecting that the current authentication round is completed and the QKD quantum key is successfully generated, the pre-shared information management module can call the key extraction logic to obtain an update fragment of a predetermined length from the target quantum key, write the update fragment into the local shared consistency information storage area, and simultaneously trigger the deletion or overwriting operation of the old consistency information.

[0101] Therefore, by having the first communication node authenticate the second communication node in the classical channel path, and then having the first communication node generate a second classical authentication message and send it to the second communication node, enabling the second communication node to authenticate the first communication node in the classical channel path, two-way identity verification on the classical channel can be achieved. Furthermore, after both parties complete the two-way authentication of the quantum channel and the classical channel, the target part of the quantum key generated by QKD is further extracted to update the shared consistency information, which allows the authentication base information to be dynamically updated with the session, thereby improving the forward security of the system and reducing the security risks caused by the long-term static use of pre-shared information.

[0102] The above scheme will now be described in conjunction with specific implementation methods.

[0103] See Figure 2 The diagram shown is a schematic representation of a quantum classical path dual authentication process provided in an embodiment of this disclosure.

[0104] Communication nodes A1 and B1 have pre-set shared consistency information: K0∈{0,1}^k. B1 authenticates A1 in the quantum channel. Since A1 is the sender, after receiving the quantum state and obtaining the measurement value using the same basis M, B1 can complete the authentication of A1 by comparing the consistency of N' in the measurement value with the pre-stored sequence N. The specific process is as follows.

[0105] The shared consistency information shows that the binary code corresponding to K0 has K bits. Two out of every three bits are selected for radix selection, and the third bit is used for encoding. These two sets of bits form sequences M and N, where M is the encoding sequence. Clearly, the length ratio of the two sequences is L(M):L(N) = 2:1. Terminal A1 generates a random number R1 of length L(N) and combines it with sequence N to obtain C = (N||R1) as the encoding sequence.

[0106] Define the encoding function: "Base_i=M_i", which is the encoding basis to be used to encode the quantum state based on the binary bits of M mentioned above. This is the "basis selection" process in quantum encoding: if M_i=0 → Z basis, i.e., linear polarization basis or 0° / 90° polarization basis (in optical implementation); if M_i=1 → X basis, i.e. diagonal polarization basis or 45° / 135° polarization basis (in optical implementation).

[0107] See Figure 3 The diagram shown is a schematic representation of quantum encoding provided in an embodiment of this disclosure. For example, when choosing the Z-basis: if C_i=0, then send |0 _Base_i; if C_i=1, then send |1 _Base_i. When choosing the X base: if C_i=0, then send |+ _Base_i; if C_i=0, then send |- _Base_i.

[0108] At this point, B1 has pre-stored the shared consistency information K0 and, like A1 at the sending end, separates the binary bits of K0 to obtain M and N. Similarly, the binary sequence of M is converted into a measurement basis for measuring the received quantum state, which is the "basis selection" process in decoding. Measurement basis: Base_i = M_i. Measurement result: C', where C' = (N'||R1'). The logic of this process is exactly the reverse of the encoding process.

[0109] According to the quantum state transmission and reception principle of QKD, the N' that B1 can measure should be consistent with its pre-stored N. This determines whether there has been eavesdropping, and the result serves as an indicator of whether the authentication is successful, thus completing B1's authentication of the A1 end in the quantum channel.

[0110] In the previous authentication process between B1 and A1 in the quantum channel, B1 needed to know the original content of the quantum state encoding, so the pre-set information for both parties included the encoded sequence content N. Similarly, when A1 authenticates B1 in the classical channel, both parties need to know the pre-set information and encrypt it for verification via symmetric encryption. However, since B1 has already sent A1's randomly generated random number R1' from the quantum channel, the hash value of R1' can be used as the authentication information for A1 to authenticate B1, and the random number R1' can be used as the key for symmetric encryption. B1's randomly generated random number R2 can be used as the encryption information and sent together, thus completing A1's authentication process with B1 in the classical channel and preparing for A1's subsequent return of the authentication message. The specific process is as follows: Hash R1' at B1 to obtain H(R1') and generate an L(N)-bit random number R2. Use the measured R1' as the encryption key to obtain ER1(R2).

[0111] The combination of B1 yields C1=[H(R1')||ER1(R2)], and C1 is sent to the A1 end through the classical channel.

[0112] After receiving C1 through the classical channel, terminal A1 extracts bits to obtain H(R1') and ER1(R2), and decrypts its existing R1 to obtain R2'. By comparing the consistency of its stored H(R1) and H(R1'), terminal A1 completes the authentication of the classical channel B1 and learns that the previous process of sending information to terminal B1 through the quantum channel was also reliable.

[0113] Through the preceding steps, from A1's perspective, B1's own identity, the quantum channel between A1 and B1, and the classical channel between A1 and B1 are all authenticated and trusted. However, B1 only knows the identity of A1 who sent the information via the quantum channel, and that the quantum channel between A1 and B1 is trusted; it does not know whether its previous information transmission via the classical channel between A1 and B1 was reliable. Therefore, A1 needs to retransmit the hash value of R2', corresponding to the random sequence R2 previously generated by B1, to B1 via the already authenticated classical channel, so that B1 knows that the previous classical channel was trusted. The specific process is as follows: A1 hashes the decrypted R2' to obtain H(R2') and sends it to B1 via the quantum channel.

[0114] If the information H(R2') obtained by B1 at this time is consistent with H(R2) obtained from its own stored random number, it proves that the classical channel used by B1 to send C1 to A1 was credible, thus completing the authentication of A1 in the classical channel.

[0115] Thus, the bidirectional authentication of the quantum and classical channels at both ends of A1 and B1 is completed, the assumption of QKD key security is satisfied, and subsequent communication can be carried out in accordance with the conventional QKD key distribution and encrypted communication methods.

[0116] When subsequent communication occurs, the original pre-stored consistency information k0 is no longer valid. Instead, the first k bits are extracted from the final key K_q generated by QKD: K1 = K_q[0:k]. Update: K0 ← K1, that is, the new consistency information k1 replaces k0, and the old consistency information is deleted.

[0117] This disclosure provides a dual-channel authentication method based on unidirectional QKD. It determines quantum basis selection and encoding reference information by pre-setting shared consistency information. The quantum channel is used to first authenticate the communication node under the quantum path. Then, an authentication message constructed based on temporary random information in the classical channel is used to achieve bidirectional authentication of the communication node under the classical path. After authentication, the shared consistency information is updated using a quantum key generated by QKD. Thus, collaborative dual authentication between the quantum and classical channels is achieved without relying on the pre-established trust assumptions of the classical channel. This not only solves the prerequisite dependency problem of QKD systems on classical channel authentication but also improves authentication security, reduces networking and deployment costs, and enhances the system's forward security and resistance to quantum attacks in many-to-many communication scenarios where the QKD module and communication nodes are separated and multiple nodes share the QKD device.

[0118] Those skilled in the art will understand that, in the above-described method of the specific implementation, the order in which each step is written does not imply a strict execution order and does not constitute any limitation on the implementation process. The specific execution order of each step should be determined by its function and possible internal logic.

[0119] Based on the same inventive concept, this disclosure also provides a dual-channel authentication system based on unidirectional QKD, corresponding to the dual-channel authentication method based on unidirectional QKD.

[0120] Please see Figure 4 , Figure 4 This diagram illustrates a dual-channel authentication system based on unidirectional QKD, as provided in an embodiment of this disclosure. Figure 4 As shown in the figure, the dual-channel authentication system based on unidirectional QKD provided in this embodiment includes: a first communication node (node ​​A1 device), a second communication node (node ​​B1 device), a first QKD device (QKD device-Qa), and a second QKD device (QKD device-Qb). The first and second communication nodes are configured to perform the following... Figure 1 The dual-channel authentication method based on unidirectional QKD is described in the article.

[0121] Specifically, the first communication node is connected to the first QKD device; the second communication node is connected to the second QKD device; a quantum channel is established between the first QKD device and the second QKD device, and a classical channel is established between the first communication node and the second communication node.

[0122] The processing flow of each module in the device and the interaction flow between each module can be referred to the relevant descriptions in the above method embodiments, and will not be detailed here.

[0123] This disclosure provides a dual-channel authentication system based on unidirectional QKD. It determines quantum basis selection and encoding reference information by pre-setting shared consistency information. The system first completes authentication of communication nodes under the quantum path using a quantum channel, and then achieves bidirectional authentication of communication nodes under the classical path by combining an authentication message constructed based on temporary random information in the classical channel. After authentication, the shared consistency information is updated using a quantum key generated by QKD. This achieves collaborative dual authentication between the quantum and classical channels without relying on pre-established trust assumptions about the classical channel. This not only solves the prerequisite dependency problem of QKD systems on classical channel authentication, but also improves authentication security, reduces networking and deployment costs, and enhances the system's forward security and resistance to quantum attacks in many-to-many communication scenarios where the QKD module and communication nodes are separated and multiple nodes share the QKD device.

[0124] Finally, it should be noted that the above-described embodiments are merely specific implementations of this disclosure, used to illustrate the technical solutions of this disclosure, and not to limit it. The protection scope of this disclosure is not limited thereto. Although this disclosure has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that any person skilled in the art can still modify or easily conceive of changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features, within the scope of the technology disclosed in this disclosure. Such modifications, changes, or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this disclosure, and should all be covered within the protection scope of this disclosure. Therefore, the protection scope of this disclosure should be determined by the protection scope of the claims.

Claims

1. A dual-channel authentication method based on unidirectional QKD, characterized in that, The method, applied to a first communication node and a second communication node located in different local area networks, wherein the first communication node and the second communication node are respectively communicatively connected to a local quantum key distribution (QKD) device, includes: The shared consistency information pre-stored by the first communication node and the second communication node is obtained. Based on the shared consistency information, the basis selection information and coding reference information for quantum channel authentication are determined. The first communication node generates first random information and constructs authentication information to be sent based on the coding reference information and the first random information. The first communication node is controlled to send the authentication information to be sent via a local QKD device, a remote QKD device, and the quantum channel between the two, so that the second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information, and completes the authentication of the first communication node in the quantum channel path according to the consistency between the measurement result and the locally stored encoding reference information. After the second communication node completes the authentication of the first communication node in the quantum channel path, the second communication node generates a first classical authentication message based on the first random information obtained from quantum measurement, and sends it to the first communication node through the classical channel between the first and second communication nodes, so that the first communication node completes the authentication of the second communication node in the classical channel path according to the first classical authentication message. After the first communication node completes the authentication of the second communication node in the classical channel path, the first communication node generates a second classical authentication message and sends it to the second communication node so that the second communication node completes the authentication of the first communication node in the classical channel path. After the first communication node and the second communication node complete the bidirectional authentication of the quantum channel and the classical channel, the target part of the quantum key generated by QKD is extracted and the shared consistency information is updated.

2. The method according to claim 1, characterized in that, The shared consistency information is binary information pre-stored consistently in the first and second communication nodes. Based on the shared consistency information, basis selection information and encoding reference information for quantum channel authentication are determined. Based on the encoding reference information and the first random information, authentication information to be sent is constructed, specifically including: The shared consistency information is grouped according to a preset allocation rule; Extract the first part of bits from each set of shared consistency information as basis selection information, and extract the second part of bits as encoding reference information. The basis selection information is used to determine the quantum state encoding basis and the quantum state measurement basis, and the encoding reference information is used to construct the authentication information to be sent and to perform quantum measurement result consistency verification. The first random information is concatenated or combined with the encoded reference information to obtain the target encoded sequence; Based on the basis selection information, the target encoding sequence is quantum-state encoded according to the quantum state mapping relationship corresponding to different basis selections; The encoded quantum state is sent to the remote QKD device via the local QKD device.

3. The method according to claim 1, characterized in that, The second communication node performs quantum measurement on the authentication information to be sent based on the basis selection information corresponding to the shared consistency information, and completes the authentication of the first communication node in the quantum channel path according to the consistency between the measurement result and the locally stored encoded reference information, specifically including: The measurement basis selection information is determined based on the locally stored shared consistency information; The remote QKD device is controlled to perform measurements on the received quantum state according to the measurement basis selection information to obtain the measurement results; Extract reference measurement information and random measurement information from the measurement results; The reference measurement information is compared with the locally stored coded reference information; If the comparison results meet the consistency condition, the first communication node in the quantum channel path is determined to be successfully authenticated.

4. The method according to claim 1, characterized in that, After the second communication node completes the authentication of the first communication node in the quantum channel path, the second communication node generates a first classical authentication message based on the first random information obtained from quantum measurement, specifically including: Perform hash processing on the first random information obtained from quantum measurement to obtain the first check value; Generate a second random message; The first random information is used as a key to encrypt the second random information to obtain encrypted random information; The first verification value and the encrypted random information are combined to obtain the first classic authentication message.

5. The method according to claim 4, characterized in that, The first communication node authenticates the second communication node in the classic channel path based on the first classic authentication message, specifically including: The first classic authentication message is parsed to obtain the first verification value and the encrypted random information; The encrypted random information is decrypted based on the first random information stored locally to obtain the decrypted second random information; Perform hash processing on the first random information stored locally to obtain the local verification value; When the local verification value matches the first verification value, the identity of the second communication node in the classical channel path is determined to be trustworthy, and the authentication information previously sent via the quantum channel is confirmed to have reached the second communication node trustworthy.

6. The method according to claim 5, characterized in that, The first communication node generates a second classic authentication message and sends it to the second communication node, so that the second communication node completes the authentication of the first communication node in the classic channel path, specifically including: The first communication node performs hash processing on the decrypted second random information to obtain a second verification value; Send the second verification value to the second communication node; The second communication node performs hash processing on the locally generated second random information to obtain the local second check value; When the second verification value matches the local second verification value, the identity of the first communication node in the classic channel path is determined to be trustworthy.

7. The method according to claim 1, characterized in that: During the quantum channel authentication process, the information used to determine the quantum state encoding basis and the quantum state measurement basis is not exchanged through the classical channel between QKD devices. Instead, it is determined independently by the first communication node and the second communication node based on pre-stored shared consistency information, and then sent to the corresponding QKD device through their respective interfaces with the local QKD device.

8. The method according to claim 1, characterized in that, Both the first communication node and the second communication node are equipped with: A pre-shared information management module is used to store and update the shared consistency information; The comparison and verification module is used to perform consistency verification of quantum measurement results and verification of classical authentication messages; The QKD application interface module is used to send base selection control information, encoding control information, or measurement control information to the local QKD device and receive the corresponding authentication results.

9. The method according to claim 8, characterized in that, The QKD device is equipped with: The QKD service module is used to respond to authentication service requests initiated by the corresponding communication node; The basis mapping module is used to perform quantum state encoding, transmission, or measurement based on the basis selection control information and encoding control information sent by the communication node; The QKD control module is used to schedule QKD components, control interfaces, or device drivers to complete quantum signal transmission and reception and authentication coordination.

10. A dual-channel authentication system based on unidirectional QKD, characterized in that, It includes a first communication node, a second communication node, a first QKD device, and a second QKD device, wherein the first communication node and the second communication node are configured to perform the dual-channel authentication method based on one-way QKD as described in any one of claims 1-9; The first communication node is communicatively connected to the first QKD device; The second communication node is communicatively connected to the second QKD device; A quantum channel is established between the first QKD device and the second QKD device, and a classical channel is established between the first communication node and the second communication node.