Encryption methods, devices, and media that combine quantum keys and post-quantum cryptography algorithms

The integration of quantum keys and post-quantum cryptography algorithms addresses the vulnerability of conventional encryption systems by enhancing randomness and security through multiple encryption layers and a verification code, ensuring robust data protection.

JP7885999B1Active Publication Date: 2026-07-07SICHUAN LIANGSHANSHUILUOHE ELECTRICITY DEV CO LTD +1

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
SICHUAN LIANGSHANSHUILUOHE ELECTRICITY DEV CO LTD
Filing Date
2026-06-01
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Conventional public-key cryptography algorithms face the threat of quantum decryption due to the lack of a true random entropy source, leading to insufficient randomness and security redundancy, making them susceptible to decryption and data leakage in remote communication for industrial terminals.

Method used

An encryption method combining a quantum key generated by a BB84 protocol QKD device with post-quantum cryptography algorithms, utilizing hash derivation and lattice-based operations to enhance key generation and encryption, including multiple layers of encryption and a verification code to ensure data integrity.

Benefits of technology

The method significantly improves encryption security by integrating quantum keys with post-quantum cryptography, enhancing randomness and unpredictability, providing multi-layered protection against quantum attacks and ensuring long-term security.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 0007885999000001_ABST
    Figure 0007885999000001_ABST
Patent Text Reader

Abstract

This invention discloses an encryption method that combines quantum keys and post-quantum cryptography algorithms, and belongs to the field of data encryption. This invention generates an original quantum key using a BB84 protocol QKD device, obtains a post-quantum key generation seed, lattice noise scaling coefficients, and a quantum-enhanced session-based key via hash derivation, generates a quantum-derived mask by combining the characteristics of the hydroelectric power terminal's operation data with the original quantum key, obtains quantum mask-protected data by performing an exclusive OR preprocessing on the data to be encrypted, generates two parts of basic ciphertext using the above seed, parameters, and protection data using a post-quantum encryption algorithm, further obtains a quantum-enhanced encrypted value by dividing the original quantum key, performs two disturbance encryptions and exclusive OR operations on each of the two parts of the ciphertext to form an enhanced ciphertext, and finally concatenates the enhanced ciphertext with a verification code before transmitting it to the central control room. This invention significantly improves the security and attack resistance of data transmission in scenarios such as hydroelectric power terminals through multi-stage encryption and key enhancement.
Need to check novelty before this filing date? Find Prior Art

Description

[Technical Field]

[0001] The present invention relates to the technology of data encryption, and more specifically to an encryption method that combines a quantum key and a post-quantum cryptography algorithm. [Background technology]

[0002] With the rapid development of quantum computing technology, conventional public-key cryptography algorithms face the threat of quantum decryption, and remote secure communications for industrial terminals such as power and water resources urgently require an upgrade to post-quantum cryptography systems. Currently, in scenarios of encrypted data transmission between hydropower terminals and central control rooms, some conventional technologies simply use post-quantum cryptography algorithms to achieve post-quantum public-key encryption, generating the necessary encryption keys using specific mathematical algorithms to ensure communication security and complete encrypted data transmission.

[0003] When such a technical approach is used, key generation relies solely on the mathematical algorithm itself, lacking support and enhancement from a true random entropy source in the physical layer, resulting in insufficient randomness in the encryption system. During long-term operation, and when faced with targeted quantum attacks or algorithm decryption, the security redundancy of the encryption system struggles to meet the high security requirements of remote communication in industrial terminals, making it susceptible to security risks such as decryption and data leakage. Therefore, conventional technologies suffer from the problem of low data encryption security. [Overview of the Initiative] [Problems that the invention aims to solve]

[0004] In response to the aforementioned shortcomings of the prior art, the present invention provides an encryption method that combines a quantum key and a post-quantum cryptography algorithm, which is executed by a computer, to solve the problem of low data encryption security that exists in the prior art. [Means for solving the problem]

[0005] To achieve the objective of the above invention, the present invention employs the following technical solution: an encryption method that combines a quantum key and a post-quantum cryptography algorithm, which is executed by a computer. Step S1 involves generating the original quantum key using a BB84 protocol QKD device, performing hash derivation, and obtaining a post-quantum public / private key generation seed, lattice noise scaling coefficient, and quantum-enhanced session-based key. Step S2 involves generating a quantum derived mask based on the characteristics of the hydroelectric power terminal's operation data and the original quantum key, and performing an exclusive OR operation with the data to be encrypted to obtain quantum mask-protected data. Step S3 generates a first part of the ciphertext and a second part of the ciphertext by post-quantum cryptographic operations based on a post-quantum public-key / private-key generation seed, lattice noise scaling coefficient, quantum-enhanced session-based key, and quantum mask protection data. Step S4 involves dividing the original quantum key into multiple parts, obtaining quantum-enhanced encryption values, performing two disturbance encryption operations on the first and second parts of the ciphertext, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the first and second parts. The process includes step S5, which involves concatenating the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the verification code, and transmitting them to the central control room.

[0006] Furthermore, S1 is Substep S11 involves concatenating the original quantum key with the first fixed identification bit and inputting it into the SHA3-256 hash function to obtain a post-quantum public key / private key generation seed. Substep S12 involves concatenating the original quantum key and the second fixed identification bit and inputting them into the SHA3-256 hash function, performing a number base conversion and modulo operation to obtain the lattice noise scaling coefficient. The process includes a substep S13 in which the original quantum key, the unique identifier of the hydroelectric power terminal, and a third fixed identification bit are concatenated and input into the SHA3-256 hash function to obtain a quantum-enhanced session-based key.

[0007] Furthermore, S2 is Substep S21 involves normalizing the operational data collected at the hydroelectric power terminal, converting it into a bit string, and obtaining the data to be encrypted. Substep S22 involves converting the mean, standard deviation, maximum, and minimum values ​​of the operation data into strings, concatenating them, and obtaining a mask identification bit. Substep S23 involves concatenating the mask identification bit with the original quantum key and inputting it into the SHA3-256 hash function to obtain a quantum derived mask. The process includes substep S24, which involves truncating or expanding the quantum derived mask so that its length matches that of the data to be encrypted, and then performing an exclusive OR operation with the data to be encrypted to obtain quantum mask protected data.

[0008] Furthermore, S3 is Substep S31 involves using the CRYSTALS-Kyber key generation function to generate a post-quantum key pair and a lattice-based matrix, taking a post-quantum public / private key generation seed as input. Substep S32 involves cyclically extending the quantum-enhanced session-based key, and then performing a bitwise exclusive OR operation with the binary code corresponding to the public key in the post-quantum key pair to obtain the quantum-enhanced session key. Substep S33 generates the first part of the ciphertext by post-quantum cryptography operation based on the lattice-based matrix and lattice noise scaling coefficient, The process includes a substep S34 in which a post-quantum cryptographic operation generates a second part of the ciphertext based on quantum mask protection data, a quantum-enhanced session key, and a lattice noise scaling coefficient.

[0009] Furthermore, the generation formula for the first part of the ciphertext in S33 is: JPEG0007885999000002.jpg12170 Here, C1 is the first part of the ciphertext, A is the lattice-based matrix, r is the random vector generated at the hydroelectric power terminal, γ is the lattice noise scaling coefficient, e1 is the first lattice noise vector, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber.

[0010] Furthermore, the generation formula of the second part of the ciphertext in S34 is JPEG0007885999000003.jpg14170 where C2 is the ciphertext of the second part, X ’ is quantum mask protected data, pk is the public key, r is a random vector generated by the hydroelectric terminal, γ is the lattice noise scaling coefficient, e2 is the second lattice noise vector, k s is the quantum enhanced session key, G is the numerical vectorization process, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber.

[0011] Furthermore, S4 includes a sub-step S41 of dividing the original quantum key into four to obtain four quantum keys, a sub-step S42 of converting each quantum key into an integer to obtain four quantum enhanced encryption values, a sub-step S43 of performing two rounds of scrambling encryption on the first part of the ciphertext using two quantum enhanced encryption values, performing an exclusive OR operation, and obtaining the enhanced ciphertext of the first part, and a sub-step S44 of performing two rounds of scrambling encryption on the second part of the ciphertext using another two quantum enhanced encryption values, performing an exclusive OR operation, and obtaining the enhanced ciphertext of the second part.

[0012] Furthermore, S43 includes a sub-step S431 of multiplying the quantum enhanced encryption value by the element number in the first part of the ciphertext to obtain the first scrambling bit, a sub-step S432 of encrypting the first part of the ciphertext using the quantum enhanced encryption value, adding the first scrambling bit, and obtaining the candidate ciphertext of the first part, and a sub-step S433 of converting the candidate ciphertext of the first part generated based on the two quantum enhanced encryption values into binary, performing an exclusive OR operation, and obtaining the enhanced ciphertext of the first part.

[0013] Furthermore, S44 A sub-step S441 of multiplying the quantum enhanced encryption value by the element number in the second part of the ciphertext to obtain a second disturbance bit, A sub-step S442 of encrypting the second part of the ciphertext using the quantum enhanced encryption value, adding the second disturbance bit, and obtaining a second candidate ciphertext, It includes a sub-step S443 of converting the second candidate ciphertext generated based on two quantum enhanced encryption values into binary and then performing an exclusive OR operation to obtain the second enhanced ciphertext.

[0014] Furthermore, the formula for obtaining the first candidate ciphertext in S432 is, JPEG0007885999000004.jpg11170JPEG0007885999000005.jpg9170 is the i-th element in the first part of the ciphertext, i is the element number in the first part of the ciphertext, K int is the quantum enhanced encryption value, K int ·i is the first disturbance bit, mod is the modulo operation, q is the modulus in CRYSTALS-Kyber, The formula for obtaining the second candidate ciphertext in S442 is, JPEG0007885999000006.jpg32170

[0015] An electronic device including a memory, a processor, and a computer program stored in the memory and executable by the processor, wherein when the processor executes the computer program, an encryption method that fuses a quantum key and a post-quantum cryptographic algorithm is realized by the computer.

[0016] A computer-readable storage medium storing a computer program, wherein when this program is executed by a processor, an encryption method that fuses a quantum key and a post-quantum cryptographic algorithm is realized by the computer.

Advantages of the Invention

[0017] The beneficial effects of the present invention are as follows: The present invention generates an original quantum key with true random properties at the physical layer using a BB84 protocol QKD device, converts it into key parameters necessary for post-quantum cryptography via hash derivation, achieves a high degree of integration between the quantum key and the post-quantum cryptography algorithm, further enhances the security of the ciphertext through exclusive OR protection of the quantum derivation mask, two-stage disturbance encryption, and exclusive OR processing, and guarantees the integrity of data transmission in combination with a verification code, compensating for the shortcomings of conventional post-quantum cryptography algorithms that lack a true random entropy source, and improving the attack resistance and long-term security of the encryption system.

[0018] This invention significantly improves the randomness and unpredictability of key encryption by combining quantum keys generated by quantum key distribution (QKD) devices with post-quantum cryptography algorithms. Compared to conventional encryption techniques that rely solely on mathematical algorithms, this combination provides higher quantum-proof capabilities. Furthermore, in conjunction with multiple encryption and disturbance handling of ciphertexts, it further enhances the overall security of data encryption, forming a multi-layered security guarantee. [Brief explanation of the drawing]

[0019] [Figure 1] This is a flowchart of an encryption method that combines quantum keys and post-quantum cryptography algorithms. [Modes for carrying out the invention]

[0020] As shown in Figure 1, this is an encryption method that combines quantum keys and post-quantum cryptography algorithms, which is executed by a computer. Step S1 involves generating the original quantum key using a BB84 protocol QKD device, performing hash derivation, and obtaining a post-quantum public / private key generation seed, lattice noise scaling coefficient, and quantum-enhanced session-based key. Step S2 involves generating a quantum derived mask based on the characteristics of the hydroelectric power terminal's operation data and the original quantum key, and performing an exclusive OR operation with the data to be encrypted to obtain quantum mask-protected data. Step S3 generates a first part of the ciphertext and a second part of the ciphertext by post-quantum cryptographic operations based on a post-quantum public-key / private-key generation seed, lattice noise scaling coefficient, quantum-enhanced session-based key, and quantum mask protection data. Step S4 involves dividing the original quantum key into multiple parts, obtaining quantum-enhanced encryption values, performing two disturbance encryption operations on the first and second parts of the ciphertext, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the first and second parts. The process includes step S5, which involves concatenating the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the verification code, and transmitting them to the central control room.

[0021] In this embodiment, S1 is Substep S11 involves concatenating the original quantum key with the first fixed identification bit and inputting it into the SHA3-256 hash function to obtain a post-quantum public key / private key generation seed. JPEG0007885999000007.jpg11170 Here, s is the post-quantum public-key / private-key generation seed, SHA3-256 is the hash function, and K raw The original quantum key is, Seed1 is the first fixed identification bit, and || is concatenated S11, Substep S12 involves concatenating the original quantum key and a second fixed identification bit and inputting them into the SHA3-256 hash function, performing a number base conversion and modulo operation to obtain a lattice noise scaling coefficient. JPEG0007885999000008.jpg10170 Here, γ is the lattice noise scaling coefficient, int is the binary to decimal conversion, q is the modulus in CRYSTALS-Kyber, and Seed2 is the second fixed identification bit S12, Substep S13 involves concatenating the original quantum key, the unique identifier of the hydroelectric power terminal, and a third fixed identification bit and inputting them into the SHA3-256 hash function to obtain a quantum-enhanced session-based key, JPEG0007885999000009.jpg9170 Here, k base S13 includes the quantum-enhanced session-based key, DeviceID being the unique identifier of the hydroelectric power terminal, and Seed3 being the third fixed identification bit.

[0022] The first fixed identification bit Seed1, the second fixed identification bit Seed2, and the third fixed identification bit Seed3 are all pre-set fixed constant strings. The possible values ​​for q are 3329.

[0023] In this embodiment, S2 is Substep S21 involves normalizing the operational data collected at the hydroelectric power terminal, converting it into a bit string, and obtaining the data to be encrypted. Substep S22 involves converting the mean, standard deviation, maximum, and minimum values ​​of the operation data into strings, concatenating them, and obtaining a mask identification bit. Substep S23 involves concatenating the mask identification bit with the original quantum key and inputting it into the SHA3-256 hash function to obtain a quantum derived mask. The process includes substep S24, which involves truncating or expanding the quantum derived mask so that its length matches that of the data to be encrypted, and then performing an exclusive OR operation with the data to be encrypted to obtain quantum mask-protected data.

[0024] In this embodiment, the formula for obtaining quantum mask protection data is: JPEG0007885999000010.jpg27170

[0025] This invention first normalizes the operation data of a hydroelectric power terminal and converts it into a bit sequence. It then extracts features such as the mean and standard deviation of the operation data, concatenates them to form a mask identification bit, and generates a quantum derived mask using the SHA3-256 hash function in combination with the original quantum key. After truncation or expansion, it performs an exclusive OR operation with the data to be encrypted to obtain quantum mask-protected data. The security of the quantum derived mask is improved by dynamically changing mask identification bits, and the randomness of the mask is enhanced by utilizing the properties of the hash function, thereby achieving effective concealment of the data to be encrypted.

[0026] If the length of the quantum derivation mask is smaller than the data to be encrypted, the quantum derivation mask is cyclically extended (repeatedly cyclically concatenated) to match the length of the data to be encrypted. If the length of the quantum derivation mask is larger than the length of the data to be encrypted, the quantum derivation mask is truncated to match the length of the data to be encrypted.

[0027] Otherwise, S3 is, Substep S31 is a substep in which a post-quantum public-key / private-key generation seed is used as input to generate a post-quantum key pair and a lattice-based matrix using the CRYSTALS-Kyber key generation function, JPEG0007885999000011.jpg10170 Here, A is a lattice-based matrix, pk is the public key, sk is the private key, and S31 is the CRYSTALS-Kyber key generation function, Substep S32 involves cyclically extending the quantum-enhanced session-based key, then performing a bitwise exclusive OR operation with the binary code corresponding to the public key in the post-quantum key pair to obtain the quantum-enhanced session key. Substep S33 generates the first part of the ciphertext by post-quantum cryptography operation based on the lattice-based matrix and lattice noise scaling coefficient, The process includes a substep S34 in which a post-quantum cryptographic operation generates a second part of the ciphertext based on quantum mask protection data, a quantum-enhanced session key, and a lattice noise scaling coefficient.

[0028] CRYSTALS-Kyber is a post-quantum cryptographic key encapsulation mechanism based on the module lattice problem, and PQC_KeyGen is the key generation function incorporated into the CRYSTALS-Kyber algorithm.

[0029] The private key in the post-quantum key pair is stored locally, i.e., used during decryption in the central control room.

[0030] In this embodiment, the generation formula of the first part of the ciphertext in S33 is JPEG0007885999000012.jpg12170 Here, C1 is the first part of the ciphertext, A is the lattice-based matrix, r is the random vector generated by the hydroelectric terminal, γ is the lattice noise scaling coefficient, e1 is the first lattice noise vector, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber.

[0031] In this embodiment, the generation formula of the second part of the ciphertext in S34 is JPEG0007885999000013.jpg14170 Here, C2 is the second part of the ciphertext, X ’ is the quantum mask protected data, pk is the public key, r is the random vector generated by the hydroelectric terminal, γ is the lattice noise scaling coefficient, e2 is the second lattice noise vector, k s is the quantum enhanced session key, G is the numerical vectorization process, mod is the modulo operation, q is the modulus in CRYSTALS-Kyber, and pk·r is the bit-by-bit multiplication of pk and r in terms of elements.

[0032] In this embodiment, the lattice-based matrix is an n×n matrix, r is an n×1 column vector, e1 is an n×1 column vector, C1 is an n×1 column vector. pk is an n×1 column vector, e2 is an n×1 column vector, G(X ’ ) and G(k sThe numerical vectorization process for ) is as follows: X ’ and k s Divide the data into n equal parts, convert each binary sequence to a decimal number to construct an n×1 column vector, where C2 is the n×1 column vector and n is the data length.

[0033] In this embodiment, the random vector r generated at the hydroelectric power terminal is generated by a random number generator, and the first lattice noise vector e1 and the second lattice noise vector e2 are generated from a discrete Gaussian noise distribution defined by CRYSTALS-Kyber.

[0034] The first part of the ciphertext generation formula combines a lattice-based matrix with random vectors, and by introducing lattice noise scaling coefficients and lattice noise vectors, it enhances the unpredictability and randomness of the encryption process, effectively improving the security of the encryption system. Next, the second part of the ciphertext generation further combines multiple layers of encryption mechanisms, such as quantum mask-protected data, public keys, and quantum-enhanced session keys, adding another line of security to the encrypted data transmission process.

[0035] In this embodiment, S4 is Substep S41 involves dividing the original quantum key into four parts (i.e., into four segments) to obtain four quantum keys, Substep S42 involves converting each quantum key into an integer to obtain four quantum-enhanced encryption values, Substep S43 involves performing two disturbance encryption operations on the first part of the ciphertext using two quantum-enhanced encryption values, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the first part. The process includes substep S44, which involves performing two disturbance encryption operations on the second part of the ciphertext using two other quantum-enhanced encryption values, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the second part.

[0036] In this embodiment, the expression used to convert to an integer in S42 is: JPEG0007885999000014.jpg10170 Here, K int This is the quantum-enhanced encryption value, and K key This is the quantum key, In other cases, S43 is, Substep S431 involves multiplying the quantum-enhanced encryption value by the element number in the first part of the ciphertext to obtain the first disturbance bit, Substep S432 involves encrypting the first part of the ciphertext using a quantum-enhanced encryption value, adding a first disturbance bit, and obtaining a candidate ciphertext for the first part. The process includes a substep S433 in which a candidate ciphertext for the first part, generated based on two quantum-enhanced encryption values, is converted to binary, and then an exclusive OR operation is performed to obtain the enhanced ciphertext for the first part.

[0037] In this embodiment, the formula for obtaining the first part of the candidate ciphertext in S432 is: JPEG0007885999000015.jpg10170JPEG0007885999000016.jpg9170C 1,i is the i-th element in the first part of the ciphertext, where i is the element number in the first part of the ciphertext, and K int This is the quantum-enhanced encryption value, and K int ·i is the first disturbance bit, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber. In S43, each quantum-enhanced encryption value generates one candidate ciphertext for the first part by S431 and S432, converts the two candidate ciphertexts for the first part into binary to obtain two binary sequences of candidate ciphertexts for the first part, and performs a bitwise exclusive OR operation on the two binary sequences of candidate ciphertexts for the first part to obtain the enhanced ciphertext for the first part.

[0038] In this embodiment, S44 is, Substep S441 involves multiplying the quantum-enhanced encryption value by the element number in the second part of the ciphertext to obtain the second disturbance bit, Substep S442 involves encrypting the second part of the ciphertext using a quantum-enhanced encryption value, adding a second disturbance bit, and obtaining a candidate ciphertext for the second part. The process includes a substep S443 in which a candidate ciphertext for the second part, generated based on two quantum-enhanced encryption values, is converted to binary, and then an exclusive OR operation is performed to obtain the enhanced ciphertext for the second part.

[0039] In S442, the formula for obtaining the candidate ciphertext for the second part is: JPEG0007885999000017.jpg12170JPEG0007885999000018.jpg9170C 2,j k is the j-th element in the second part of the ciphertext, where j is the element number in the second part of the ciphertext, and K int j is the second disturbance bit.

[0040] In S44, each quantum-enhanced encrypted value generates one candidate ciphertext for the second part by S441 and S442, the two candidate ciphertexts for the second part are converted to binary to obtain two binary sequences of candidate ciphertexts for the second part, and a bitwise exclusive OR operation is performed on the two binary sequences of candidate ciphertexts for the second part to obtain the enhanced ciphertext for the second part.

[0041] An electronic device comprising memory, a processor, and a computer program stored in the memory and operable by the processor, wherein when the processor executes the computer program, an encryption method is realized that combines a quantum key and a post-quantum cryptography algorithm, which is executed by the computer.

[0042] A computer-readable storage medium in which a computer program is stored, and when this program is executed by a processor, it realizes an encryption method that combines a quantum key and a post-quantum cryptography algorithm, which is executed by the computer.

[0043] In this embodiment, the process of obtaining a verification code in S5 includes obtaining a verification code by inputting the original quantum key into the SHA3-256 hash function. The verification code is used in the central control room to check the integrity and authenticity of the first part of the enhanced ciphertext and the second part of the enhanced ciphertext received. The central control room compares the verification codes, and if they match, it indicates that the ciphertext has not been tampered with or lost during the transmission process, ensuring the reliability of the data transmission. If they do not match, an anomaly in the transmission can be immediately detected, preventing decryption with a tampered or incomplete ciphertext, and further guaranteeing the security of encrypted data transmission between the hydroelectric power terminal and the central control room.

[0044] This invention involves splitting the original quantum key to obtain quantum-enhanced encryption values, performing double disturbance encryption and exclusive OR operations on each of the two ciphertext parts, and generating disturbance bits by combining element numbers and quantum-enhanced encryption values. This enhances the randomness and unpredictability of the ciphertext, effectively countering targeted attacks, while also achieving hierarchical enhanced protection of the ciphertext and ensuring the independence and security of the two enhanced ciphertext parts. The combination of double disturbance encryption and exclusive OR operations further conceals the characteristics of the ciphertext, reducing the risk of it being deciphered and analyzed.

[0045] This invention generates an original quantum key with true random properties at the physical layer using a BB84 protocol QKD device, converts it into key parameters necessary for post-quantum cryptography via hash derivation, achieves a high degree of integration between the quantum key and the post-quantum cryptography algorithm, further enhances the security of the ciphertext through exclusive OR protection of the quantum derivation mask, double disturbance encryption, and exclusive OR processing, and guarantees the integrity of data transmission in combination with a verification code, thereby compensating for the shortcomings of conventional post-quantum cryptography algorithms that lack a true random entropy source, and improving the attack resistance and long-term security of the encryption system.

[0046] This invention significantly improves the randomness and unpredictability of key encryption by combining quantum keys generated by quantum key distribution (QKD) devices with post-quantum cryptography algorithms. Compared to conventional encryption techniques that rely solely on mathematical algorithms, this combination provides higher quantum-proof capabilities. Furthermore, in conjunction with multiple encryption and disturbance handling of ciphertexts, it further enhances the overall security of data encryption, forming a multi-layered security guarantee.

Claims

1. A computer-based encryption method that combines quantum keys and post-quantum cryptography algorithms, Step S1 involves generating the original quantum key using a BB84 protocol QKD device, performing hash derivation, and obtaining a post-quantum public / private key generation seed, lattice noise scaling coefficient, and quantum-enhanced session-based key. Step S2 involves generating a quantum derived mask based on the characteristics of the hydroelectric power terminal's operation data and the original quantum key, and performing an exclusive OR operation with the data to be encrypted to obtain quantum mask-protected data. Step S3 generates a first part of the ciphertext and a second part of the ciphertext by post-quantum cryptographic operations based on a post-quantum public / private key generation seed, lattice noise scaling coefficient, quantum-enhanced session-based key, and quantum mask protection data. Step S4 involves dividing the original quantum key into multiple parts, obtaining quantum-enhanced encryption values, performing two disturbance encryption operations on the first and second parts of the ciphertext, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the first and second parts. Step S5 involves concatenating the first part of the enhanced ciphertext, the second part of the enhanced ciphertext, and the verification code, and transmitting them to the central control room. Includes, The aforementioned S1 is, Substep S11 involves concatenating the original quantum key and the first fixed identification bit and inputting them into the SHA3-256 hash function to obtain a post-quantum public key / private key generation seed. Substep S12 involves concatenating the original quantum key and a second fixed identification bit and inputting them into the SHA3-256 hash function, performing a number base conversion and modulo operation to obtain the lattice noise scaling coefficient. Substep S13 involves concatenating the original quantum key, the unique identifier of the hydroelectric power terminal, and a third fixed identification bit and inputting them into the SHA3-256 hash function to obtain a quantum-enhanced session-based key. Includes, The aforementioned S2 is, Substep S21 involves normalizing the operational data collected at the hydroelectric power terminal, converting it into a bit string, and obtaining data to be encrypted. Substep S22 involves converting the average value, standard deviation, maximum value, and minimum value of the operation data into strings, concatenating them, and obtaining a mask identification bit. Substep S23 involves concatenating the mask identification bit with the original quantum key and inputting it into the SHA3-256 hash function to obtain a quantum derived mask. Substep S24 involves truncating or expanding the quantum derived mask so that its length matches the data to be encrypted, and then performing an exclusive OR operation with the data to be encrypted to obtain quantum mask protected data. Includes, The aforementioned S3 is, Substep S31 involves using a CRYSTALS-Kyber key generation function to generate a post-quantum key pair and a lattice-based matrix, taking a post-quantum public / private key generation seed as input. Substep S32 involves cyclically extending the quantum-enhanced session-based key, and then performing a bitwise exclusive OR operation with the binary code corresponding to the public key in the post-quantum key pair to obtain the quantum-enhanced session key. Substep S33 generates the first part of the ciphertext by post-quantum cryptography operation based on the lattice-based matrix and lattice noise scaling coefficient, Substep S34 generates the second part of the ciphertext by post-quantum cryptography based on quantum mask protection data, quantum-enhanced session key and lattice noise scaling coefficient. Includes, The aforementioned S4 is, Substep S41 involves dividing the original quantum key into four and obtaining four quantum keys, Substep S42 involves converting each quantum key into an integer to obtain four quantum-enhanced encryption values, Substep S43 involves performing two disturbance encryption operations on the first part of the ciphertext using two quantum-enhanced encryption values, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the first part. Substep S44 involves performing two disturbance encryption operations on the second part of the ciphertext using two other quantum-enhanced encryption values, and then performing an exclusive OR operation to obtain the enhanced ciphertext of the second part. including, An encryption method that combines a quantum key with a post-quantum cryptography algorithm, characterized by the following features.

2. The formula for generating the first part of the ciphertext in S33 is: Here, C 1 is the first part of the ciphertext, A is the lattice-based matrix, r is the random vector generated at the hydroelectric power terminal, γ is the lattice noise scaling coefficient, and e 1 is the first lattice noise vector, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber. An encryption method that combines the quantum key and post-quantum cryptography algorithm described in feature 1.

3. The formula for generating the second part of the ciphertext in S34 is: Here, C 2 This is the second part of the ciphertext, X ’ is the quantum mask protection data, pk is the public key, r is the random vector generated at the hydroelectric power terminal, γ is the lattice noise scaling coefficient, and e 2 This is the second lattice noise vector, and k s G is the quantum reinforcement session key, G is the numerical vectorization process, mod is the modulo operation, and q is the modulus in CRYSTALS-Kyber. An encryption method that combines the quantum key and post-quantum cryptography algorithm described in feature 1.

4. The aforementioned S43 is, Substep S431 involves multiplying the quantum-enhanced encryption value by the element number in the first part of the ciphertext to obtain the first disturbance bit, Substep S432 involves encrypting the first part of the ciphertext using a quantum-enhanced encryption value, adding a first disturbance bit, and obtaining a candidate ciphertext for the first part. The process includes a substep S433 in which a candidate ciphertext for the first part, generated based on two quantum-enhanced encryption values, is converted to binary, and then an exclusive OR operation is performed to obtain the enhanced ciphertext for the first part. An encryption method that combines the quantum key and post-quantum cryptography algorithm described in feature 1.

5. The aforementioned S44 is, Substep S441 involves multiplying the quantum-enhanced encryption value by the element number in the second part of the ciphertext to obtain the second disturbance bit, Substep S442 involves encrypting the second part of the ciphertext using a quantum-enhanced encryption value, adding a second disturbance bit, and obtaining a candidate ciphertext for the second part. Substep S443 involves converting the candidate ciphertext for the second part, generated based on two quantum-enhanced encryption values, into binary, and then performing an exclusive OR operation to obtain the enhanced ciphertext for the second part. including, An encryption method that combines the quantum key and post-quantum cryptography algorithm described in feature 4.

6. The formula for obtaining the first part of the candidate ciphertext in S432 is: C 1,i is the i-th element in the ciphertext of the first part, i is the number of elements in the ciphertext of the first part, K int is a quantum-enhanced encryption value, K int · i is the first disturbance bit, mod is the modulo operation, q is the modulus in CRYSTALS-Kyber, The formula for obtaining the candidate ciphertext for the second part in S442 is: C 2,j k is the j-th element in the second part of the ciphertext, where j is the element number in the second part of the ciphertext, and K int - j is the second disturbance bit. An encryption method that combines the quantum key and post-quantum cryptography algorithm described in feature 5.

7. An electronic device comprising memory, a processor, and a computer program stored in the memory and operable by the processor, wherein when the processor executes the computer program, it realizes an encryption method that combines a quantum key and a post-quantum cryptography algorithm as described in any one of claims 1 to 6.

8. A computer-readable storage medium in which a computer program is stored, characterized in that, when the program is executed by a processor, an encryption method is realized that combines a quantum key and a post-quantum cryptography algorithm as described in any one of claims 1 to 6.