Patent Application
20240430080
The present disclosure relates to the technical field of quantum information, and in particular to a quantum-secured blockchain network and a method for secure data transmission.
Blockchain is an innovative application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm in the Internet era. The blockchain has been widely applied in various fields such as Internet of things, intelligent manufacturing, supply chain management, and digital asset trading.
As described above, the symmetric key is randomly generated by a random number generator at one end, encrypted using the asymmetric key and transmitted to a node at an opposite end nowadays. However, the asymmetric key dependent on computational complexity is prone to decipherment as the computing capability advances, exposing the symmetric key to a risk of leakage. In addition, the symmetric key is generated by a classical random number generator. Based on the certainty principle of the classical physics, the generated data sequence is predictable once all conditions are known. The symmetric key will be leaked if the random number is deciphered, and consequently the entire blockchain network is insecure.
In view of the existing security risks, it is found that the quantum key distribution network which is based on the quantum key distribution technology can distribute a shared quantum key among nodes with optical links in the network. Then, the shared quantum key can be securely relayed to other nodes in the network using trusted relay technology. In this way, any two nodes in the network can share a quantum key. The quantum key distribution network distributing the quantum key between nodes is remarkably similar to transmission of a key across a P2P network in the blockchain. Based on this similarity, a quantum-secured blockchain network and a method for secure data transmission are provided according to the present disclosure. The corresponding quantum key distribution subset is deployed for the blockchain subnet, for providing the quantum key to the blockchain nodes, so as to realize secure data transmission. Therefore, according to the blockchain network and the method for the secure data transmission provided in the present disclosure, the blockchain nodes can be provided with the symmetric key using the quantum key distribution technology with high security. Since the quantum state is not cloneable, uncertain and is prone to collapse, the key is secured from leakage. Further, the quantum random number generator for the quantum key distribution can generate an unpredictable true random number based on the probabilistic nature of quantum mechanics. The true random number is hardly predictable. Therefore, the symmetric key is highly secure and then data can be securely transmitted between blockchain nodes. This is especially applicable to blockchain systems with high security requirements such as the blockchain government affairs system and the blockchain free trade system.
A first aspect of the present disclosure relates to a quantum-secured blockchain network, which includes a blockchain subnet and a quantum key distribution subnet. The blockchain subnet includes multiple blockchain nodes. The quantum key distribution subnet includes multiple quantum key distribution nodes and is configured to distribute a shared quantum key between two of the quantum key distribution nodes. The quantum key distribution nodes are deployed in the respective blockchain nodes, for the blockchain nodes to acquire the shared quantum key from the quantum key distribution nodes. The blockchain nodes are configured to: encrypt data using the shared quantum key, for secure transmission of the data between the blockchain nodes.
Further, the quantum key distribution subnet includes a centralized control node, a trusted relay node and a user terminal node. The user terminal node is configured to provide the shared quantum key to a user device. The trusted relay node is configured to relay the shared quantum key between two quantum key distribution nodes that are not directly connected. The centralized control node is a trusted relay node where a control server is deployed.
Further, the centralized control node and the trusted relay node are configured to provide the shared quantum key to the user device. At least two of the quantum key distribution nodes include a quantum satellite ground station for establishing a free space link with a quantum satellite.
Further, adjacent quantum key distribution nodes are configured to communicate with each other through an optical fiber link or a free space link.
Further, a quantum key distribution node comprising a mobile quantum satellite ground station is deployed in a mobile blockchain node.
Further, the blockchain nodes are further configured to generate a message authentication code based on the shared quantum key and the data, for verifying completeness and authenticity: The blockchain nodes include a terminal device and a server, and are configured to transmit the encrypted data between the terminal device and the server, and generate the message authentication code based on the shared quantum key and the data, for verifying completeness.
In an embodiment, the data is encrypted with one-time pad using an XOR encryption algorithm. The message authentication code is generated using an HMAC algorithm or a CBC MAC algorithm. The data includes one or more of transaction information broadcast data, transaction information verification broadcast data, and shared data.
A second aspect of the present disclosure relates to a method for secure data transmission across a quantum-secured blockchain network. The method includes: a quantum key acquisition step and a data encryption step. The quantum key acquisition step includes: deploying the quantum key distribution nodes in the respective blockchain nodes, distributing the shared quantum key between the quantum key distribution nodes, and acquiring the shared quantum key by the blockchain nodes from the quantum key distribution nodes. The data encryption step includes: encrypting the data by the blockchain nodes using the shared quantum key.
Further, the method includes: deploying a quantum key distribution node including a mobile quantum satellite ground station in a mobile blockchain node.
Preferably; the method for secure data transmission according to the present disclosure may be implemented by the quantum-secured blockchain network described above.
The embodiments of the present disclosure are described in detail below in conjunction with the drawings.
In order to clearly illustrate the technical solutions in the embodiments of the present disclosure or the conventional technology, the drawings used in the description of the embodiments or the conventional technology will be briefly introduced below. Apparently, the drawings in the following description merely show some embodiments of the present disclosure, those skilled in the art may obtain other drawings based on these drawings without creative efforts.
Hereinafter, exemplary embodiments of the present disclosure will be described in detail with reference to the drawings. The following embodiments are provided in a manner of example for fully conveying the spirit of the present disclosure to those skilled in the art to which the present disclosure relates. Therefore, the present disclosure is not limited to the embodiments disclosed herein.
According to the present disclosure, a quantum-secured blockchain network includes a blockchain subnet and a quantum key distribution subnet.
The blockchain subnet includes multiple blockchain nodes that communicate with each other. In some embodiments, the blockchain nodes include a terminal device, for example, a handheld terminal. The handheld terminal communicates with the server in the blockchain nodes, to implement communication services such as shared data transmission, blockchain transaction information broadcasting, and blockchain transaction information verification broadcasting.
The quantum key distribution subnet includes multiple quantum key distribution nodes. A shared quantum key is generated between two quantum key distribution nodes through quantum key distribution.
The quantum key distribution nodes include a centralized control node, a trusted relay node, a user terminal node and the like.
The user terminal node is configured to provide a quantum key to a user device. For example, the user terminal node includes a quantum key injection device, a quantum key management device and a quantum key distribution device. The quantum key distribution device is configured to perform quantum key distribution between two nodes based on quantum mechanics. The quantum key management device is configured to manage the distributed quantum key, for example, storage the quantum key and output the quantum key. The quantum key injection device is configured to acquire, based on a quantum key demand, a quantum key or quantum random number from the quantum key management device, and inject the quantum key or quantum random number to the user device connected to the quantum key injection device.
The trusted relay node is configured to relay the quantum key between quantum key distribution nodes that are not directly connected, and configured to provide the quantum key to the user device generally. For example, the trusted relay node includes a quantum key injection device, a quantum key management device, and a quantum key distribution device.
The centralized control node is a special trusted relay node for which a control server serving the entire quantum key distribution subnet is deployed. For example, the trusted relay node includes a quantum key injection device, a quantum key management device, a quantum key distribution device and a control server.
According to the present disclosure, the quantum key distribution subnet is deployed in different manners by means of the optical fiber link and/or the free space link, depending on the specific architecture of the blockchain subnet.
As shown in
As shown in
As shown in
A shown in
As shown in
According to the present disclosure, the quantum key distribution nodes are deployed in the respective blockchain nodes, for the blockchain nodes to acquire the shared quantum key from the quantum key distribution nodes. The quantum key distribution nodes are adapted to corresponding blockchain nodes.
For example, an ordinary quantum key distribution node is deployed in a fixed node and is connected to the fixed node through the network. Therefore, the blockchain node can securely communicate with the quantum key distribution node (for example, the quantum key management device in the quantum key distribution node) to obtain the quantum key.
For example, a quantum key distribution node including a (mini) mobile quantum satellite ground station is deployed in a mobile node. Therefore, the quantum key distribution node can distribute the quantum key through the ground station and the quantum satellite, and transmit the quantum key to the quantum key management device for storage. Therefore, the blockchain node can securely communicate with the quantum key distribution node (for example, the quantum key management device) to obtain the quantum key.
In an embodiment, a blockchain node is provided with a terminal device, for example, a handheld terminal. The quantum key distribution node is configured to inject the quantum key to the handheld terminal and the blockchain node server, so that the handheld terminal can communicate with the server in an encrypted manner by means of the quantum key.
Corresponding quantum key distribution nodes are deployed in the blockchain nodes to distribute the shared quantum key between the blockchain nodes, secure data transmission can be implemented between the blockchain nodes in the blockchain subnet by means of the shared quantum key.
For example, communication services such as transaction information broadcasting and transaction information verification broadcasting are performed between blockchain nodes, and the broadcast data transmitted from point to point is encrypted using the shared quantum key: Further, completeness of data and authenticity are verified using the shared quantum key.
For example, data shared between blockchain nodes is encrypted using the shared quantum key. Further, completeness of the data and authenticity are verified using the shared quantum key.
For example, data shared between a handheld terminal and a node server in the blockchain node where the handheld terminal is located is encrypted using the shared quantum key: Further, completeness of the data and authenticity are verified using the shared quantum key.
According to the present disclosure, the data can be encrypted using different algorithms, depending on requirements for security. For example, the data is encrypted with one-time pad using an XOR encryption algorithm.
For authenticating the integrity of message, the message authentication code is generated based on the to-be-transmitted data with the shared quantum key serving as an input key using an algorithm, for example, an HMAC algorithm (hash algorithm) or a CBC MAC algorithm (symmetric encryption algorithm). The identity of the sender and the integrity of the transmitted data can be verified based on the message authentication code.
According to the blockchain subnet shown in
The user terminal nodes 1, 4 and 5 each include a quantum key injection device, a quantum key management device and a quantum key distribution device, for outputting, managing and distributing the quantum key.
The trusted relay nodes 2 and 3 each include a quantum key injection device, a quantum key management device and a quantum key distribution device, for outputting, managing and distributing the quantum key.
Quantum key distribution nodes 1 to 4 are connected to each other through optical fiber links, while no optical fiber link is arranged between the quantum key distribution node 5 and each of the quantum key distribution nodes 1 to 4. Instead, a quantum satellite ground station is arranged in each of the quantum key distribution nodes 5 and 3, to establish a free space link between the quantum key distribution nodes 5 and 3.
Therefore, in the quantum key distribution subnet shown in
Therefore, by means of the block chain network according to the present disclosure, secure data transmission can be realized between the blockchain modes. Correspondingly, a method for secure data transmission across a quantum-secured blockchain network is provided according to the present disclosure.
The method for the secure data transmission includes a quantum key acquisition step and a data encryption step.
In the quantum key acquisition step, quantum key distribution nodes are deployed in blockchain nodes respectively, a shared quantum key is distributed between each two of the quantum key distribution nodes, for the blockchain node to acquire the shared quantum key from the corresponding quantum key distribution nodes.
As described above, quantum key distribution nodes with different configurations are deployed is the blockchain nodes. For example, a quantum key distribution node with a mobile quantum satellite ground station is deployed in a mobile node, to distribute the quantum key through the free space link.
In the data encryption step, the blockchain nodes encrypt the data using the shared quantum key: The encrypted data is transmitted between the blockchain nodes.
Further, the message authentication code is generated based on the shared quantum key and the to-be-transmitted data, for verifying completeness.
For the purpose of brevity, reference is made to the foregoing for details about the topology of the quantum key distribution node, the distribution of the shared quantum key, and the encryption of data transmitted between the blockchain nodes.
It can be seen from the foregoing that data can be securely transmitted between blockchain nodes using the quantum key instead of the classical symmetric key by combining the QKD and the blockchain, thereby eliminating the resulting risk of data theft since the computing capability advances or classical random number is predictable. The key for encryption is from the quantum key distribution subnet which allows a key in any length to be encrypted with one-time pad using the XOR encryption algorithm. Therefore, the problem of relatively low efficiency in encryption and decryption using the asymmetric key algorithm, and poor security resulted from the failure to encrypt data with one-time pad using the XOR encryption algorithm because the symmetric key distributed using the asymmetric key algorithm is relatively short and dependent on symmetric encryption algorithms such as 3DES and AES can be solved. In addition, a specific solution using a mini mobile quantum satellite ground station is further provided for a specific application scenario where the conventional blockchain node attempts to access a distant and mobile node (for example, a logistics cargo carrier). Therefore, the quantum key can be transmitted between the satellite and ground by means of a quantum satellite. The mini mobile quantum satellite ground station is movable following the mobile node, for the mobile and distant node to access the blockchain more conveniently for secure data transmission.
Although the present disclosure has been described above through specific embodiments in conjunction with the drawings, those skilled in the art should understand that the above-mentioned embodiments are illustrative only for illustrating the concept of the present disclosure, rather than limiting the scope of the present disclosure. Those skilled in the art may make various combinations, modifications, and equivalent substitutions to the above-mentioned embodiments without departing from the spirit and scope of the present disclosure.
| Number | Date | Country | Kind |
|---|---|---|---|
| 202111323379.6 | Nov 2021 | CN | national |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/CN2022/095088 | 5/25/2022 | WO |
