{"title":"针对恶意节点的量子密钥分发网络分布式信息理论安全协议","authors":"Yi Luo;Qiong Li;Hao-Kun Mao","doi":"10.1364/JOCN.530575","DOIUrl":null,"url":null,"abstract":"Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most research on relay-based QKD networks assumes all relays or nodes are completely trustworthy. However, this assumption is unreasonable because the malicious behavior of even a single node can undermine the security of the entire network. Currently, there is no method to directly distinguish between honest nodes and malicious nodes. Moreover, the status of nodes as honest or malicious can be dynamic. Therefore, a solution is needed that can withstand a certain proportion of malicious nodes in QKD networks. We propose a novel paradigm, inspired by distributed systems, to address the active and passive attacks by collaborating with malicious nodes in QKD networks. First, regarding security, we propose the ITS distributed authentication scheme, which additionally ensures two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Second, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency. This enables participating nodes to collaborate correctly and complete end-to-end key distribution within a constant number of communication rounds. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original end-to-end pre-shared keys scheme. For instance, in larger networks, such as when the number of nodes is 80, our scheme’s key consumption is only 13.1% of the pre-shared keys scheme.","PeriodicalId":50103,"journal":{"name":"Journal of Optical Communications and Networking","volume":"16 10","pages":"956-968"},"PeriodicalIF":4.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Distributed information-theoretical secure protocols for quantum key distribution networks against malicious nodes\",\"authors\":\"Yi Luo;Qiong Li;Hao-Kun Mao\",\"doi\":\"10.1364/JOCN.530575\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most research on relay-based QKD networks assumes all relays or nodes are completely trustworthy. However, this assumption is unreasonable because the malicious behavior of even a single node can undermine the security of the entire network. Currently, there is no method to directly distinguish between honest nodes and malicious nodes. Moreover, the status of nodes as honest or malicious can be dynamic. Therefore, a solution is needed that can withstand a certain proportion of malicious nodes in QKD networks. We propose a novel paradigm, inspired by distributed systems, to address the active and passive attacks by collaborating with malicious nodes in QKD networks. First, regarding security, we propose the ITS distributed authentication scheme, which additionally ensures two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Second, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency. This enables participating nodes to collaborate correctly and complete end-to-end key distribution within a constant number of communication rounds. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original end-to-end pre-shared keys scheme. For instance, in larger networks, such as when the number of nodes is 80, our scheme’s key consumption is only 13.1% of the pre-shared keys scheme.\",\"PeriodicalId\":50103,\"journal\":{\"name\":\"Journal of Optical Communications and Networking\",\"volume\":\"16 10\",\"pages\":\"956-968\"},\"PeriodicalIF\":4.0000,\"publicationDate\":\"2024-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Optical Communications and Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10682116/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Optical Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10682116/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
摘要
量子密钥分发(QKD)网络有望在大规模网络上实现信息理论安全(ITS)通信。关于基于中继的 QKD 网络的大多数研究都假设所有中继或节点都是完全可信的。然而,这种假设是不合理的,因为即使是单个节点的恶意行为也会破坏整个网络的安全性。目前,还没有直接区分诚实节点和恶意节点的方法。此外,节点的诚实或恶意状态可能是动态的。因此,我们需要一种能承受 QKD 网络中一定比例恶意节点的解决方案。受分布式系统的启发,我们提出了一种新的范例,通过与 QKD 网络中的恶意节点合作来解决主动和被动攻击问题。首先,在安全性方面,我们提出了 ITS 分布式验证方案,该方案还能确保 QKD 网络的两个关键安全属性:身份不可伪造性和不可抵赖性。其次,在正确性方面,我们提出了基于 ITS 分布式验证的 ITS 容错共识方案,以确保全局一致性。这使得参与节点能够正确协作,并在一定的通信轮数内完成端到端的密钥分发。通过仿真,我们发现与原始的端到端预共享密钥方案相比,我们的方案在密钥消耗方面的增长趋势要低得多。例如,在节点数为 80 个的大型网络中,我们方案的密钥消耗量仅为预共享密钥方案的 13.1%。
Distributed information-theoretical secure protocols for quantum key distribution networks against malicious nodes
Quantum key distribution (QKD) networks are expected to enable information-theoretical secure (ITS) communication over a large-scale network. Most research on relay-based QKD networks assumes all relays or nodes are completely trustworthy. However, this assumption is unreasonable because the malicious behavior of even a single node can undermine the security of the entire network. Currently, there is no method to directly distinguish between honest nodes and malicious nodes. Moreover, the status of nodes as honest or malicious can be dynamic. Therefore, a solution is needed that can withstand a certain proportion of malicious nodes in QKD networks. We propose a novel paradigm, inspired by distributed systems, to address the active and passive attacks by collaborating with malicious nodes in QKD networks. First, regarding security, we propose the ITS distributed authentication scheme, which additionally ensures two crucial security properties to QKD networks: identity unforgeability and non-repudiation. Second, concerning correctness, we propose an ITS fault-tolerant consensus scheme based on our ITS distributed authentication to ensure global consistency. This enables participating nodes to collaborate correctly and complete end-to-end key distribution within a constant number of communication rounds. Through our simulation, we have shown that our scheme exhibits a significantly lower growth trend in key consumption compared to the original end-to-end pre-shared keys scheme. For instance, in larger networks, such as when the number of nodes is 80, our scheme’s key consumption is only 13.1% of the pre-shared keys scheme.
期刊介绍:
The scope of the Journal includes advances in the state-of-the-art of optical networking science, technology, and engineering. Both theoretical contributions (including new techniques, concepts, analyses, and economic studies) and practical contributions (including optical networking experiments, prototypes, and new applications) are encouraged. Subareas of interest include the architecture and design of optical networks, optical network survivability and security, software-defined optical networking, elastic optical networks, data and control plane advances, network management related innovation, and optical access networks. Enabling technologies and their applications are suitable topics only if the results are shown to directly impact optical networking beyond simple point-to-point networks.