基于椭圆曲线密码学的 QKD 经典信道高效认证协议
An Efficient Authentication Protocol for QKD Classical Channels Based on Elliptic Curve Cryptography
DOI: 10.12677/AAM.2026.151040, PDF,    科研立项经费支持
作者: 金 鑫 , 程 睿 , 张华乐 , 赵 磊 :国网安徽省电力有限公司信息通信分公司,安徽 合肥;吕玉祥 , 王红艳 :安徽继远软件有限公司,安徽 合肥
关键词: 认证协议量子密钥分发经典信道椭圆曲线中间人攻击MTI/A0Authentication Protocol Quantum Key Distribution Classical Channel Elliptic Curves Man-in-the-Middle Attack MTI/A0
摘要: 量子密钥分发 (QKD) 技术依赖于一个公开的经典信道进行后处理协商,但协议本身不提供信道认证,使其极易遭受中间人攻击,这是 QKD 在关键基础设施中实用化部署的核心障碍。鉴于此,本文选用并优化了一种高效认证协议,旨在为 QKD 的经典信道提供初始认证。该协议基于椭圆曲线密码学 (ECC) 的 MTI/A0 方案,通过预置的长期密钥和会话中交换的临时密钥实现隐式认证。我们使用形式化的安全模型和非形式化的分析对协议进行了全面的安全评估。结果表明,该协议能够有效抵御中间人攻击、重放攻击和密钥泄露伪装攻击,并具备弱前向安全性。性能分析表明,该协议在计算开销 (每方 3 次标量乘法) 和通信开销 (66 字节) 方面具有显著优势,在安全性和性能之间取得了理想的平衡点,完全适用于电力系统等对低延迟有严苛要求的关键基础设施。
Abstract: Quantum Key Distribution (QKD) technology relies on a public classical channel for post-processing negotiation, yet the protocol itself does not provide channel authen- tication, making it highly vulnerable to Man-in-the-Middle (MitM) attacks. This vulnerability is a core obstacle to the practical deployment of QKD in critical in- frastructures. In view of this, we select and apply a new efficient authentication protocol to provide initial authentication for the QKD classical channel. The protocol is based on the MTI/A0 scheme using Elliptic Curve Cryptography (ECC), achieving implicit authentication through pre-deployed long-term keys and session-ephemeral keys. We conducted a comprehensive security evaluation of the protocol using formal security models and non-formal analysis. The results show that our protocol effective- ly resists MitM, replay, and key-compromise impersonation attacks, while providing weak forward secrecy. Performance analysis indicates that the protocol has significan- t advantages in terms of computational cost (3 scalar multiplications per party) and communication cost (66 bytes), striking an ideal balance between security and per- formance. It is fully applicable to critical infrastructures with stringent low-latency requirements, such as power grid systems.
文章引用:金鑫, 程睿, 张华乐, 赵磊, 吕玉祥, 王红艳. 基于椭圆曲线密码学的 QKD 经典信道高效认证协议[J]. 应用数学进展, 2026, 15(1): 414-428. https://doi.org/10.12677/AAM.2026.151040

参考文献

[1] Bennett, C.H. and Brassard, G. (1984) Quantum Cryptography: Public Key Distribution and Coin Tossing. Theoretical Computer Science, 560, 7-11. [Google Scholar] [CrossRef
[2] 孙歆, 陈其祥, 吕磅, 等. 融合量子密钥调度的电力业务安全评估方法 [J/OL]. 电信科学, 2025: 1-15. 2026-01-20.[CrossRef
[3] Dutta, A. and Pathak, A. (2022) A Short Review on Quantum Identity Authentication Proto- cols: How Would Bob Know That He Is Talking with Alice? Quantum Information Processing, 21, Article No. 369. [Google Scholar] [CrossRef
[4] Zheng, X. and Zhao, Z. (2021) Quantum Key Distribution with Two-Way Authentication. Opti- cal and Quantum Electronics, 53, Article No. 304. [Google Scholar] [CrossRef
[5] Rivest, R.L., Shamir, A. and Adleman, L. (1978) A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21, 120-126. [Google Scholar] [CrossRef
[6] Lyu, Y., Li, Z., Zhou, H.S., Xue, H., Wang, M., Wang, S. and Liu, M. (2025) Bandwidth- Efficient Robust Threshold ECDSA in Three Rounds. Cryptology ePrint Archive, Paper 2025/828.
[7] Diffie, W. and Hellman, M. (1976) New Directions in Cryptography. IEEE Transactions on Information Theory, 22, 644-654. [Google Scholar] [CrossRef
[8] Xie, Q., Wong, D.S., Wang, G., Tan, X., Chen, K. and Fang, L. (2017) Provably Secure Dy- namic ID-Based Anonymous Two-Factor Authenticated Key Exchange Protocol with Extend- ed Security Model. IEEE Transactions on Information Forensics and Security, 12, 1382-1392. [Google Scholar] [CrossRef
[9] Ying, B. and Nayak, A. (2019) Lightweight Remote User Authentication Protocol for Multi- Server 5G Networks Using Self-Certified Public Key Cryptography. Journal of Network and Computer Applications, 131, 66-74. [Google Scholar] [CrossRef
[10] ul haq, I., Wang, J. and Zhu, Y. (2020) Secure Two-Factor Lightweight Authentication Pro- tocol Using Self-Certified Public Key Cryptography for Multi-Server 5G Networks. Journal of Network and Computer Applications, 161, Article 102660. [Google Scholar] [CrossRef
[11] Matsumoto, T., Takashima, Y. and Imai, H. (1986) On Seeking Smart Public-Key-Distribution Systems. IEICE Transactions, 69, 99-106.
[12] Koblitz, N. (1987) Elliptic Curve Cryptosystems. Mathematics of Computation, 48, 203-209. [Google Scholar] [CrossRef
[13] Miller, V. (1986) Use of Elliptic Curves in Cryptography. In: Williams, H.C., Ed., Advances in Cryptology—CRYPTO’85 Proceedings. Lecture Notes in Computer Science, Vol. 218, Springer, 417-426. [Google Scholar] [CrossRef
[14] Canetti, R. and Krawczyk, H. (2001) Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B., Ed., Advances in Cryptology—EUROCRYPT 2001. Lecture Notes in Computer Science, Vol. 2045, Springer, 453-474. [Google Scholar] [CrossRef
[15] Yu, G., Li, Q., Mao, H., El-Latif, A.A.A. and Rodrigues, J.J.P.C. (2025) A Forward-Secure Symmetric Authenticated Key Exchange Scheme with Privacy Preservation for Internet of Things Applications. IEEE Internet of Things Journal, 12, 45762-45784. [Google Scholar] [CrossRef
[16] 何映伟, 杨竞, 赵中军. 基于 QKD 网络的量子密钥管理系统体系结构研究 [J]. 通信技术, 2023, 56(3): 357-362.
[17] 罗俊. 量子密钥分发和后量子密码融合研究 [J]. 电信科学, 2025, 41(12): 53-62.
[18] 米瑞琪, 江浩东, 张振峰. 基于 Kyber 公钥加密的高效认证密钥交换协议 [J]. 软件学报, 2025, 36(10): 4430-4443.

为你推荐