Centralized quantum key relay network and key storage method therefor
By managing the transmission and deletion of XOR key feature information in a centralized quantum key relay network, the key management problem is solved, ensuring the accuracy and effectiveness of the key system and improving the security and efficiency of the network.
Patent Information
- Authority / Receiving Office
- WO · WO
- Patent Type
- Applications
- Current Assignee / Owner
- CHINA TELECOM QUANTUM INFORMATION TECH GRP CO LTD
- Filing Date
- 2025-12-10
- Publication Date
- 2026-07-02
AI Technical Summary
In centralized quantum key relay networks, key management is difficult to manage effectively, leading to key fragmentation and uneven consumption, which affects the security and efficiency of the network.
The relay nodes perform pairwise XOR operations on related quantum keys generated at the same time to generate an XOR key, and transmit its characteristic information to the controller for storage. After the shared key is distributed, the controller sends a key usage notification to the relay nodes and deletes the used portion. The relay nodes delete the corresponding key portion according to the notification.
This effectively avoids the reuse and confusion of keys, ensures the accuracy and effectiveness of the key system, and improves network management efficiency.
Smart Images

Figure CN2025141410_02072026_PF_FP_ABST
Abstract
Description
A centralized quantum key relay network and its key storage method
[0001] Cross-references to related applications
[0002] This application claims priority to Chinese Patent Application No. 2024119549989, filed on December 27, 2024, entitled "A Centralized Quantum Key Relay Network and a Key Storage Method Thereof", the entire contents of which are incorporated herein by reference. Technical Field
[0003] This application relates to the field of quantum communication, and more specifically, to a centralized quantum key relay network and its key storage method. Background Technology
[0004] Quantum cryptography, based on the quantum key distribution (QKD) protocol, has developed rapidly in recent years. Unlike traditional cryptography, quantum cryptography is based on quantum mechanics and utilizes quantum physical properties such as the Heisenberg uncertainty principle and the no-cloning theorem to achieve secure negotiation of symmetric keys over long distances.
[0005] Multiple quantum key distribution nodes can form a quantum key distribution network (QKDN). Due to the limited distance between adjacent nodes, quantum key relay distribution is required in long-distance key generation scenarios, leading to the development of centralized quantum key relay networks.
[0006] In centralized quantum key relay networks (QKDNs), the QKDN controller manages all XOR keys reported by relay nodes. As the network operates and is used, the amount of XOR keys stored in the QKDN controller inevitably increases, becoming difficult to manage. Furthermore, a large number of random key requests may lead to uneven key consumption, and XOR keys transmitted through some links may gradually become fragmented and unusable. Therefore, how to achieve key management in centralized quantum key relay networks has become a challenging problem of concern to those skilled in the art. Summary of the Invention
[0007] The purpose of this application is to provide a centralized quantum key relay network and its key storage method to improve the above-mentioned problems.
[0008] To achieve the above objectives, the technical solutions adopted in the embodiments of this application are as follows:
[0009] In a first aspect, embodiments of this application provide a centralized quantum key relay network, the centralized quantum key relay network comprising: a controller and multiple quantum key distribution nodes, the multiple quantum key distribution nodes including at least one relay node, the relay node being a quantum key distribution node connected to at least two quantum links;
[0010] The relay node is used to perform pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmits the first characteristic information of the XOR key to the controller.
[0011] Wherein, the relevant quantum key is a quantum key generated by the quantum link connected to the relay node, and the first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key;
[0012] The relay node is used to store the feature information of the related quantum key corresponding to the XOR key. The feature information of the related quantum key includes the related quantum key, the peer node identifier corresponding to the related quantum key, and the generation time of the related quantum key.
[0013] The controller is used to send a key usage notification to the relay nodes on the relay path after the shared key is distributed, and to delete the used portion of the XOR key used in the process of distributing the shared key.
[0014] The notification that the key has been used includes the second characteristic information of the XOR key used in the process of distributing the shared key. The second characteristic information of the XOR key includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the usage length of the XOR key.
[0015] The relay node is used to delete the used portion of the corresponding quantum key based on the second characteristic information of the XOR key after receiving the notification that the key has been used.
[0016] Secondly, embodiments of this application provide a key storage method for a centralized quantum key relay network. The centralized quantum key relay network includes: a controller and multiple quantum key distribution nodes, wherein the multiple quantum key distribution nodes include at least one relay node, and the relay node is a quantum key distribution node connected to at least two quantum links. The method includes:
[0017] The relay node performs pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmits the first characteristic information of the XOR key to the controller.
[0018] Wherein, the relevant quantum key is a quantum key generated by the quantum link connected to the relay node, and the first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key;
[0019] The relay node stores the feature information of the related quantum key corresponding to the XOR key. The feature information of the related quantum key includes the related quantum key, the peer node identifier corresponding to the related quantum key, and the generation time of the related quantum key.
[0020] After completing the distribution of the shared key, the controller sends a key usage notification to the relay nodes on the relay path and deletes the used portion of the XOR key used in the process of distributing the shared key.
[0021] The notification that the key has been used includes the second characteristic information of the XOR key used in the process of distributing the shared key. The second characteristic information of the XOR key includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the usage length of the XOR key.
[0022] After receiving the notification that the key has been used, the relay node deletes the used portion of the corresponding quantum key based on the second characteristic information of the XOR key.
[0023] Compared to existing technologies, the centralized quantum key relay network and its key storage method provided in this application involve relay nodes performing pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmitting the first characteristic information of the XOR key to the controller. The relay nodes store the characteristic information of the related quantum keys corresponding to the XOR key. After completing the shared key distribution, the controller sends a key usage notification to the relay nodes along the relay path, deleting the used portion of the XOR key used during the shared key distribution process. Upon receiving the key usage notification, the relay nodes delete the used portion of the corresponding quantum key based on the second characteristic information of the XOR key. The controller's deletion of the used portion of the XOR key used during the shared key distribution process, and the relay nodes' deletion of the used portion of the corresponding quantum key based on the second characteristic information of the XOR key, avoids the confusion caused by repeated key use and ensures the accuracy and effectiveness of the key system.
[0024] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description
[0025] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.
[0026] Figure 1 is a schematic diagram of the architecture of a centralized quantum key relay network provided in an embodiment of this application.
[0027] Figure 2 is one of the flowcharts of the key storage method for a centralized quantum key relay network provided in the embodiments of this application.
[0028] Figure 3 is a second schematic flowchart of the key storage method for a centralized quantum key relay network provided in this application embodiment. Detailed Implementation
[0029] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. The components of the embodiments of this application described and shown in the accompanying drawings can generally be arranged and designed in various different configurations.
[0030] Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely to illustrate selected embodiments of the application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.
[0031] It should be noted that similar reference numerals and letters in the following figures indicate similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, in the description of this application, terms such as "first," "second," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0032] It should be noted that, in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0033] In the description of this application, it should be noted that the terms "upper", "lower", "inner", "outer", etc., indicate the orientation or positional relationship based on the orientation or positional relationship shown in the accompanying drawings, or the orientation or positional relationship that the product of this application is usually placed in. They are only for the convenience of describing this application and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation. Therefore, they should not be construed as limitations on this application.
[0034] In the description of this application, it should also be noted that, unless otherwise explicitly specified and limited, the terms "set" and "connection" should be interpreted broadly. For example, they can refer to a fixed connection, a detachable connection, or an integral connection; they can refer to a mechanical connection or an electrical connection; they can refer to a direct connection or an indirect connection through an intermediate medium; and they can refer to the internal connection of two components. Those skilled in the art can understand the specific meaning of the above terms in this application based on the specific circumstances.
[0035] The following detailed description of some embodiments of this application is provided in conjunction with the accompanying drawings. Unless otherwise specified, the following embodiments and features can be combined with each other.
[0036] Please refer to Figure 1, which is a schematic diagram of the architecture of a centralized quantum key relay network provided in an embodiment of this application. The centralized quantum key relay network includes: a controller (also known as QKDNC) and multiple quantum key distribution nodes.
[0037] The quantum key distribution (QKD) nodes are equipped with QKD devices for quantum key distribution and KM devices for key management. All QKD nodes are communicatively connected to the controller, forming the overall network topology. The controller manages the centralized quantum key relay network, enabling routing control and resource scheduling for each node and link. The controller maintains time synchronization with each QKD node.
[0038] It should be noted that Figure 1 shows eight quantum key distribution nodes, but this is not a limitation; the number of quantum key distribution nodes can be greater than or less than eight. All quantum key distribution nodes are communicatively connected to the controller; some connections are omitted in Figure 1 for clarity.
[0039] Multiple quantum key distribution nodes include at least one relay node, which is a quantum key distribution node that connects at least two quantum links.
[0040] Please refer to Figure 1, where quantum key distribution nodes 2, 3, 4, 6, and 7 are all relay nodes. Taking quantum key distribution node 2 as an example, the quantum links it connects to include the link between quantum key distribution node 1 and quantum key distribution node 2, the link between quantum key distribution node 2 and quantum key distribution node 3, and the link between quantum key distribution node 2 and quantum key distribution node 6.
[0041] It should be noted that multiple quantum key distribution nodes also include user nodes. User nodes are quantum key distribution nodes connected to the business system. They can receive communication requests transmitted by the business system and distribute keys to the business system.
[0042] In Figure 1, Ki(K1-K8) represents the quantum key generated by the i-th quantum link at a certain moment. The architecture of the centralized quantum key relay network in this application has been described above. The following section further explains how key storage is implemented in the centralized quantum key relay network; please refer to the following text.
[0043] The relay node is used to perform pairwise XOR operations on related quantum keys generated at the same time to obtain the XOR key, and then transmits the first characteristic information of the XOR key to the controller.
[0044] The relevant quantum key is the quantum key generated by the quantum link connected to the relay node. The first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key. The controller is used to store the XOR key in conjunction with the first characteristic information of the XOR key.
[0045] It should be noted that once a quantum link is formed, it continuously generates quantum keys. Taking the relay node (quantum key distribution node 2) shown in Figure 1 as an example, at a certain moment, the relevant quantum keys corresponding to quantum key distribution node 2 are quantum key K1, quantum key K2, and quantum key K3. The XOR key obtained after pairwise XOR operations includes... as well as The generation time of the XOR key is the same as the generation time of the related quantum key, and the identifier of the quantum key distribution node can be, but is not limited to, a node ID.
[0046] Among them, the XOR key as well as The corresponding relay nodes are all quantum key distribution nodes 2. XOR key. as well as The corresponding generation times are the generation times of quantum keys K1, K2, and K3. (XOR key) The relevant nodes on the quantum link are quantum key distribution node 1 and quantum key distribution node 6, and the XOR key. The relevant nodes on the quantum link are quantum key distribution node 1 and quantum key distribution node 3, and the XOR key. The relevant nodes on the quantum link are quantum key distribution node 6 and quantum key distribution node 3.
[0047] Relay nodes are used to store the characteristic information of the related quantum keys corresponding to the XOR key. The characteristic information of the related quantum key includes the related quantum key, the identifier of the peer node corresponding to the related quantum key, and the generation time of the related quantum key.
[0048] Continuing with the relay node (quantum key distribution node 2) shown in Figure 1 as an example, the relevant quantum keys corresponding to quantum key distribution node 2 are quantum key K1, quantum key K2, and quantum key K3. Among them, the peer node corresponding to quantum key K1 is quantum key distribution node 1, the peer node corresponding to quantum key K2 is quantum key distribution node 6, and the peer node corresponding to quantum key K3 is quantum key distribution node 3.
[0049] It should be noted that when a relay node connects to a business system as a user node, it may need to use the quantum key it stores when distributing the shared key, so it needs to store the quantum key.
[0050] The controller is used to send a key usage notification to the relay nodes on the relay path after the shared key distribution is completed, and to delete the used portion of the XOR key used in the shared key distribution process.
[0051] The key usage notification includes the second characteristic information of the XOR key used during the shared key distribution process. This second characteristic information includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the usage length of the XOR key. The relay path is the path formed by the relay nodes corresponding to the XOR key used during the shared key distribution process.
[0052] The relay node is used to delete the used portion of the corresponding quantum key based on the second characteristic information of the XOR key after receiving a notification that the key has been used.
[0053] In the centralized quantum key relay network provided in this application embodiment, the controller deletes the used portion of the XOR key used in the process of distributing the shared key, and the relay node deletes the used portion of the corresponding quantum key according to the second feature information of the XOR key, thereby avoiding the chaos caused by repeated use of the key and ensuring the accuracy and effectiveness of the key system.
[0054] Building upon the preceding text, this application also provides an optional implementation method for how relay nodes can delete the used portion of the corresponding quantum key, as detailed below.
[0055] The relay node is used to determine the quantum key to be adjusted after receiving a notification that the key has been used, based on the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key in the second feature information of the XOR key.
[0056] The relay node is used to delete content related to the already used part of the XOR key in the quantum key to be adjusted, based on the usage length of the XOR key in the second feature information of the XOR key.
[0057] In some optional scenarios, key distribution may not go through the controller. Regarding this scenario, this application embodiment also provides an optional implementation method, please refer to the following.
[0058] When two adjacent quantum key distribution nodes distribute the quantum key corresponding to the quantum link between them to the corresponding business system, if there is a relay node between the two adjacent quantum key distribution nodes.
[0059] Please continue referring to Figure 1, assuming that quantum key distribution node 2 is also connected to a business system. When the business system connected to quantum key distribution node 1 and the business system connected to quantum key distribution node 2 have communication needs, quantum key distribution node 1 directly sends a portion of the quantum key K1 generated at a certain moment to the corresponding business system, and quantum key distribution node 2 directly sends the same portion of the quantum key K1 generated at the same moment to the corresponding business system, so that the two business systems can interact based on the quantum key. This process does not involve a controller.
[0060] The relay node is used to report the key usage information to the controller. The key usage information includes the relay node's identifier, the identifier of the peer node corresponding to the quantum key, the generation time of the quantum key, and the usage length of the quantum key.
[0061] The controller is used to determine the XOR key to be adjusted based on the relay node's identifier, the peer node's identifier corresponding to the quantum key, and the quantum key's generation time after receiving the key usage information.
[0062] It should be noted that there may be multiple XOR keys to be adjusted, such as the XOR key. AND XOR key
[0063] The controller is used to remove content related to the used portion of the quantum key from the XOR key to be adjusted, based on the length of the quantum key used.
[0064] Relay nodes are also used to remove the used portions of the quantum key.
[0065] Building upon the foregoing, this application also provides an optional implementation method for the process of distributing a long-distance shared key through a controller, as detailed below.
[0066] The request initiating node sends a key allocation request to the controller, which includes the identifier of the request destination node.
[0067] In one alternative implementation, the key distribution request further includes an XOR key of a quantum key and a quantum random number between the request initiating node and the next node in the relay path, wherein the quantum random number is generated by the request initiating node and is the same number as the requested key.
[0068] The controller determines the relay path based on the identifiers of the request initiating node and the request destination node. It then performs layer-by-layer XOR operations on the XOR keys between adjacent quantum links on the relay path to obtain the target XOR key. The target XOR key is then sent to the request destination node. The request destination node uses the target XOR key to perform XOR operations with the quantum key of the last quantum link in the relay path to obtain the shared key, thus completing the distribution of the shared key.
[0069] Optionally, the controller may also send the second characteristic information of the last XOR object in the target XOR key calculation process to the target node.
[0070] In this context, adjacent quantum links are two quantum links that share a single relay node. The target XOR key is the XOR key between the shared key and the quantum key of the last quantum link in the relay path. The last quantum link in the relay path is the quantum link between the target node and the last relay node in the relay path.
[0071] Please continue referring to Figure 1, taking the request initiating node as quantum key distribution node 1 and the request destination node as quantum key distribution node 5 as an example. The corresponding relay paths are path 1 and path 2. Path 1 is: quantum key distribution node 1 – quantum key distribution node 2 – quantum key distribution node 3 – quantum key distribution node 4 – quantum key distribution node 5; path 2 is: quantum key distribution node 1 – quantum key distribution node 2 – quantum key distribution node 6 – quantum key distribution node 7 – quantum key distribution node 4 – quantum key distribution node 5.
[0072] When the key allocation request also includes an XOR key between the request initiating node and the next node in the relay path (a combination of a quantum key and a quantum random number), the controller can perform layer-by-layer XOR operations between the key allocation request and the XOR keys between adjacent quantum links on the relay path to obtain the target XOR key. Taking path 1 as an example, assuming the quantum random number is Kx, the key allocation request includes the XOR key... The XOR key between adjacent quantum links on the relay path includes: XOR key XOR key and XOR key After multiple XOR operations, the target XOR key is obtained. Among them, the XOR key The last XOR object in the target XOR key computation process.
[0073] The last XOR key in the target XOR key calculation process The second set of characteristic information (the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the length of the XOR key) is sent to the requesting destination node. The requesting destination node can determine the corresponding quantum key K8, and then perform an XOR operation to obtain a quantum random number Kx, which serves as the shared key.
[0074] If the request initiating node does not generate a quantum random number, the controller can perform layer-by-layer XOR operations based on the XOR keys between adjacent quantum links on the relay path to obtain the target XOR key. Continuing with path 1 as an example, in this case, the target XOR key is obtained. The final shared key obtained is quantum key K1.
[0075] It should be noted that the request initiating node and the request destination node will distribute the corresponding shared keys to the corresponding business systems to achieve encryption.
[0076] Building upon the foregoing, to avoid key timeouts and prevent a large number of keys from being stored in relay nodes for an extended period, this application also provides an optional implementation method, which is described below.
[0077] The relay node is also used to check whether the time difference between the generation time of the quantum key it stores and the current time exceeds the first validity period.
[0078] If the first validity period is exceeded, the relay node is used to delete the expired quantum key and report the key expiration notification to the controller. The key expiration notification includes the identifier of the relay node, the identifier of the peer node corresponding to the expired quantum key, and the generation time of the expired quantum key.
[0079] Upon receiving a key expiration notification, the controller marks the XOR key corresponding to the expired quantum key as non-distribution. The non-distribution state indicates that the corresponding XOR key is only used for calculation in the distribution of shared keys and cannot be used as the last XOR object in the calculation process of the target XOR key.
[0080] In one alternative implementation, the controller checks whether the time difference between the generation time of its stored XOR key and the current time exceeds a second validity period.
[0081] If the second validity period has expired, the controller deletes the expired XOR key.
[0082] The second validity period is greater than or equal to the first validity period.
[0083] In one alternative implementation, the relay node is further configured to, when the total amount of quantum key data stored in it exceeds a second threshold, sort the quantum keys according to their generation time and clear some of them so that the total amount of quantum key data stored in it is less than a first threshold.
[0084] The second threshold is greater than or equal to the first threshold, and the second threshold can address the capacity of the key storage space set in the relay node. Clearing some quantum keys can be considered as overwriting cleanup. The cleanup is performed sequentially from first to last, according to the quantum key generation time.
[0085] Optionally, the relay node is also used to upload a key clearing notification to the controller when clearing a portion of the quantum key. The key clearing notification includes the identifier of the relay node, the identifier of the peer node corresponding to the cleared quantum key, and the generation time of the cleared quantum key.
[0086] After receiving the key clearing notification, the controller marks the XOR key corresponding to the cleared quantum key as non-distribution state. The non-distribution state means that the corresponding XOR key is only used for calculation in the distribution of shared keys and cannot be used as the last XOR object in the calculation process of the target XOR key.
[0087] In the centralized quantum key relay network provided in this application embodiment, the XOR keys / quantum keys stored in the controller and relay nodes are managed, and keys that have been consumed or timed out are promptly cleared to avoid repeated use. At the same time, considering the different keys and usage methods of the controller and relay nodes, the keys are fully utilized as much as possible while the controller and relay nodes perform key synchronization operations, avoiding key waste. This provides a guiding scheme for key storage in quantum networks with centralized control and key relay architectures.
[0088] This application also provides a key storage method for a centralized quantum key relay network, applied to the aforementioned centralized quantum key relay network. Please refer to Figure 2, which is one of the flowcharts illustrating the key storage method for a centralized quantum key relay network provided in this application. The key storage method for the centralized quantum key relay network includes steps S11, S12, S13, and S14, which are described in detail below.
[0089] S11, the relay node performs pairwise XOR operations on related quantum keys generated at the same time to obtain the XOR key, and transmits the first characteristic information of the XOR key to the controller.
[0090] Among them, the relevant quantum key is the quantum key generated by the quantum link connected to the relay node, and the first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key.
[0091] S12, the relay node stores the characteristic information of the relevant quantum key corresponding to the XOR key.
[0092] The characteristic information of the relevant quantum key includes the relevant quantum key, the identifier of the peer node corresponding to the relevant quantum key, and the generation time of the relevant quantum key.
[0093] S13, after the controller completes the distribution of the shared key, it sends a key usage notification to the relay nodes on the relay path and deletes the used portion of the XOR key used in the process of distributing the shared key.
[0094] The notification of key usage includes the second characteristic information of the XOR key used in the process of distributing the shared key. The second characteristic information of the XOR key includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link related to the XOR key, the generation time of the XOR key, and the usage length of the XOR key.
[0095] S14, after receiving the notification that the key has been used, the relay node deletes the used part of the corresponding quantum key according to the second feature information of the XOR key.
[0096] Please refer to Figure 3, which is a second schematic flowchart of the key storage method for a centralized quantum key relay network provided in this application embodiment. When two adjacent quantum key distribution nodes distribute the quantum key corresponding to the quantum link between them to the corresponding business system, if there is a relay node among the two adjacent quantum key distribution nodes, the key storage method for the centralized quantum key relay network further includes: S21, S22, S23, and S24, which are described in detail below.
[0097] S21, the relay node reports the key usage status to the controller.
[0098] The key usage information includes the relay node identifier, the peer node identifier corresponding to the quantum key, the quantum key generation time, and the length of time the quantum key is used.
[0099] S22, after receiving the key usage information, the controller determines the XOR key to be adjusted based on the relay node identifier, the peer node identifier corresponding to the quantum key, and the quantum key generation time.
[0100] S23, the controller deletes the relevant content of the XOR key to be adjusted that is related to the already used part of the quantum key, based on the length of the quantum key used.
[0101] S24, the relay node deletes the used portion of the quantum key.
[0102] It should be noted that the key storage method for the centralized quantum key relay network provided in this embodiment can perform the functions and uses shown in the above-described centralized quantum key relay network embodiments to achieve the corresponding technical effects. For the sake of brevity, any parts not mentioned in this embodiment can be referred to the corresponding content in the above embodiments.
[0103] In summary, the centralized quantum key relay network and its key storage method provided in this application involve relay nodes performing pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmitting the first characteristic information of the XOR key to the controller. The relay nodes store the characteristic information of the related quantum keys corresponding to the XOR key. After completing the distribution of the shared key, the controller sends a key usage notification to the relay nodes along the relay path, deleting the used portion of the XOR key used during the shared key distribution process. Upon receiving the key usage notification, the relay nodes delete the used portion of the corresponding quantum key based on the second characteristic information of the XOR key. The controller's deletion of the used portion of the XOR key used during the shared key distribution process, and the relay nodes' deletion of the used portion of the corresponding quantum key based on the second characteristic information of the XOR key, avoids the confusion caused by repeated key use and ensures the accuracy and effectiveness of the key system.
[0104] The above description is merely a preferred embodiment of this application and is not intended to limit this application. Various modifications and variations can be made to this application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of this application should be included within the protection scope of this application.
[0105] It will be apparent to those skilled in the art that this application is not limited to the details of the exemplary embodiments described above, and that this application can be implemented in other specific forms without departing from the spirit or essential characteristics of this application. Therefore, the embodiments should be considered illustrative and non-limiting in all respects, and the scope of this application is defined by the appended claims rather than the foregoing description. Thus, all variations falling within the meaning and scope of equivalents of the claims are intended to be included within this application. No reference numerals in the claims should be construed as limiting the scope of the claims. Industrial applicability
[0106] In summary, this application provides a centralized quantum key relay network and its key storage method, which can avoid the chaos caused by repeated use of keys and ensure the accuracy and effectiveness of the key system.
Claims
1. A centralized quantum key relay network, characterized in that, The centralized quantum key relay network includes: a controller and multiple quantum key distribution nodes, wherein the multiple quantum key distribution nodes include at least one relay node, and the relay node is a quantum key distribution node connected to at least two quantum links; The relay node is used to perform pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmits the first characteristic information of the XOR key to the controller. Wherein, the relevant quantum key is a quantum key generated by the quantum link connected to the relay node, and the first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key; The relay node is used to store the feature information of the related quantum key corresponding to the XOR key. The feature information of the related quantum key includes the related quantum key, the peer node identifier corresponding to the related quantum key, and the generation time of the related quantum key. The controller is used to send a key usage notification to the relay nodes on the relay path after the shared key is distributed, and to delete the used portion of the XOR key used in the process of distributing the shared key. The notification that the key has been used includes the second characteristic information of the XOR key used in the process of distributing the shared key. The second characteristic information of the XOR key includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the usage length of the XOR key. The relay node is used to delete the used portion of the corresponding quantum key based on the second characteristic information of the XOR key after receiving the notification that the key has been used.
2. The centralized quantum key relay network as described in claim 1, characterized in that, The relay node is used to determine the quantum key to be adjusted after receiving the notification that the key has been used, based on the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link related to the XOR key, and the generation time of the XOR key in the second feature information of the XOR key. The relay node is used to delete content related to the already used portion of the XOR key in the quantum key to be adjusted, based on the usage length of the XOR key in the second feature information of the XOR key.
3. The centralized quantum key relay network as described in claim 1 or 2, characterized in that, When two adjacent quantum key distribution nodes distribute the quantum key corresponding to the quantum link between them to the corresponding business system, if there is a relay node in the two adjacent quantum key distribution nodes; The relay node is used to report key usage information to the controller. The key usage information includes the identifier of the relay node, the identifier of the peer node corresponding to the quantum key, the generation time of the quantum key, and the usage length of the quantum key. The controller is used to determine the XOR key to be adjusted based on the identifier of the relay node, the identifier of the peer node corresponding to the quantum key, and the generation time of the quantum key after receiving the key usage information; The controller is used to delete content related to the already used portion of the quantum key in the XOR key to be adjusted, based on the usage length of the quantum key. The relay node is also used to delete the used portion of the quantum key.
4. The centralized quantum key relay network as described in any one of claims 1-3, characterized in that, The process of distributing the shared key includes: The request initiating node sends a key allocation request to the controller, the key allocation request including the identifier of the request destination node; The controller determines the relay path based on the identifier of the request initiating node and the identifier of the request destination node. It performs layer-by-layer XOR operations on the XOR keys between adjacent quantum links on the relay path to obtain the target XOR key, and sends the target XOR key to the request destination node. The request destination node performs XOR operations on the target XOR key and the quantum key of the last quantum link in the relay path to obtain the shared key, thus completing the distribution of the shared key. In this context, adjacent quantum links are two quantum links that share a single relay node. The target XOR key is the XOR key between the shared key and the quantum key of the last quantum link in the relay path. The last quantum link in the relay path is the quantum link between the target node and the last relay node in the relay path.
5. The centralized quantum key relay network as described in claim 4, characterized in that, The relay node is also used to check whether the time difference between the generation time of the quantum key it stores and the current time exceeds the first validity period; If the first validity period is exceeded, the relay node is used to delete the expired quantum key and report the key expiration notification to the controller. The key expiration notification includes the identifier of the relay node, the identifier of the peer node corresponding to the expired quantum key, and the generation time of the expired quantum key. Upon receiving the key expiration notification, the controller marks the XOR key corresponding to the expired quantum key as non-distribution state. The non-distribution state indicates that the corresponding XOR key is only used for calculation in the shared key distribution process and cannot be used as the last XOR object in the target XOR key calculation process.
6. The centralized quantum key relay network as described in claim 5, characterized in that, The controller is used to check whether the time difference between the generation time of the XOR key it stores and the current time exceeds the second validity period; If the second validity period is exceeded, the controller is used to delete the expired XOR key; Wherein, the second validity period is greater than or equal to the first validity period.
7. The centralized quantum key relay network as described in claim 4, characterized in that, The relay node is also used to, when the total amount of quantum key data stored in it exceeds the second threshold, sort the quantum keys according to their generation time and clear some of them so that the total amount of quantum key data stored in it is less than the first threshold.
8. The centralized quantum key relay network as described in claim 7, characterized in that, The relay node is also used to upload a key clearing notification to the controller when clearing a portion of the quantum key. The key clearing notification includes the identifier of the relay node, the identifier of the peer node corresponding to the cleared quantum key, and the generation time of the cleared quantum key. After receiving the key clearing notification, the controller marks the XOR key corresponding to the cleared quantum key as non-distribution state. The non-distribution state indicates that the corresponding XOR key is only used for calculation in the shared key distribution and cannot be the last XOR object in the calculation process of the target XOR key.
9. A key storage method for a centralized quantum key relay network, characterized in that, The centralized quantum key relay network includes: a controller and multiple quantum key distribution nodes, wherein the multiple quantum key distribution nodes include at least one relay node, and the relay node is a quantum key distribution node connected to at least two quantum links. The method includes: The relay node performs pairwise XOR operations on related quantum keys generated at the same time to obtain an XOR key, and transmits the first characteristic information of the XOR key to the controller. Wherein, the relevant quantum key is a quantum key generated by the quantum link connected to the relay node, and the first characteristic information of the XOR key includes the XOR key, the identifier of the relay node, the identifier of the node on the quantum link associated with the XOR key, and the generation time of the XOR key; The relay node stores the feature information of the related quantum key corresponding to the XOR key. The feature information of the related quantum key includes the related quantum key, the peer node identifier corresponding to the related quantum key, and the generation time of the related quantum key. After completing the distribution of the shared key, the controller sends a key usage notification to the relay nodes on the relay path and deletes the used portion of the XOR key used in the process of distributing the shared key. The notification that the key has been used includes the second characteristic information of the XOR key used in the process of distributing the shared key. The second characteristic information of the XOR key includes the identifier of the relay node corresponding to the XOR key, the identifier of the node on the quantum link associated with the XOR key, the generation time of the XOR key, and the usage length of the XOR key. After receiving the notification that the key has been used, the relay node deletes the used portion of the corresponding quantum key based on the second characteristic information of the XOR key.
10. The key storage method for a centralized quantum key relay network as described in claim 9, characterized in that, When two adjacent quantum key distribution nodes distribute the quantum key corresponding to the quantum link between them to the corresponding business system, if there is a relay node among the two adjacent quantum key distribution nodes, the method further includes: The relay node reports the key usage information to the controller. The key usage information includes the identifier of the relay node, the identifier of the peer node corresponding to the quantum key, the generation time of the quantum key, and the usage length of the quantum key. After receiving the key usage information, the controller determines the XOR key to be adjusted based on the identifier of the relay node, the identifier of the peer node corresponding to the quantum key, and the generation time of the quantum key. The controller deletes content related to the already used portion of the quantum key from the XOR key to be adjusted, based on the length of time the quantum key has been used. The relay node deletes the used portion of the quantum key.