1
/
of
12
www.ChineseStandard.us -- Field Test Asia Pte. Ltd.
GM/T 0108-2021 English PDF (GM/T0108-2021)
GM/T 0108-2021 English PDF (GM/T0108-2021)
Regular price
$410.00
Regular price
Sale price
$410.00
Unit price
/
per
Shipping calculated at checkout.
Couldn't load pickup availability
GM/T 0108-2021: Decoy-state BB84 quantum key distribution product technology specification
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0108-2021 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0108-2021
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0108-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Decoy-state BB84 quantum key distribution product
technology specification
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: National Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 9
4.1 Symbols ... 9
4.2 Abbreviations ... 9
5 Overview ... 10
5.1 Position of quantum key distribution products in quantum secure communication system
... 10
5.2 Network deployment of quantum key distribution products ... 11
6 Requirements for implementing the decoy-state BB84 protocol ... 13
6.1 Overview and protocol flow ... 13
6.2 Protocol implementation ... 14
7 Product requirements for quantum key distribution ... 24
7.1 Basic requirements ... 24
7.2 Identification requirements ... 25
7.3 Interface requirements ... 25
7.4 Random number generator ... 26
7.5 Log management ... 26
7.6 Remote management ... 26
Annex A (informative) Introduction to the decoy-state BB84 protocol ... 27
Annex B (informative) Composition structure of quantum key distribution products 28
Annex C (informative) Requirements for defense against attacks and protective
measures ... 30
Annex D (informative) Error correction methods ... 32
Annex E (informative) Methods for privacy amplification ... 34
Annex F (informative) Calculation formula of compression ratio during privacy
amplification process ... 37
Bibliography ... 40
Decoy-state BB84 quantum key distribution product
technology specification
1 Scope
Based on the BB84 protocol using weak coherent state light sources, this document
specifies the technical implementation of each stage of the protocol and puts forward
basic requirements for the design of products using this protocol.
This document is applicable to the development and testing of quantum key distribution
products based on the decoy-state BB84 protocol.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 2423.1, Environmental testing for electric and electronic products -- Part 2:
Test methods -- Tests A: Cold
GB/T 2423.2, Environmental testing for electric and electronic products -- Part 2:
Test methods -- Tests B: Dry heat
GB/T 15843.2, Information technology -- Security techniques -- Entity
authentication -- Part 2: Mechanisms using symmetric encipherment algorithms
GB/T 15843.4, Information technology -- Security techniques -- Entity
authentication -- Part 4: Mechanisms using a cryptographic check function
GB/T 15852.1, Information technology. Security techniques -- Message
authentication codes -- Part 1: Mechanisms using a block cipher
GB/T 15852.2, Information technology -- Security techniques -- Message
Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-
function
GB/T 15852.3, Information technology -- Security techniques -- Message
authentication codes (MACs) -- Part 3: Mechanisms using a universal hash-function
GB/T 32915, Information security technology -- Randomness test methods for binary
sequence
A complete description of the motion state of a physical system in quantum mechanics.
It can be represented by a vector in Hilbert space.
3.18 quantum channel
A channel for transmitting quantum states.
3.19 quantum information
The information contained in the quantum system. Its characteristics must be described
and explained using quantum mechanics.
3.20 sifted key
The data obtained after the original key is based (screened).
3.21 signal state
Quantum states used to load classical bit information.
3.22 phase randomization
The process in which the sending end randomly modulates the phase of weak coherent
light.
3.23 phase error rate
The rate at which a quantum bit undergoes phase-flip errors. This value is used to
estimate the amount of key information that an eavesdropper might know.
3.24 decoy state
A quantum state that differs from the signal state only in intensity and modulation
information, but has the same other physical quantities such as frequency domain and
time domain characteristics.
3.25 decoy-state BB84 protocol
Based on the BB84 protocol, it uses a variety of random light intensities to monitor the
channel and estimate the single-photon state characteristics, thereby solving the security
problem based on non-ideal single-photon sources. For an introduction to the decoy-
state BB84 protocol, see Annex A.
3.26 raw key
The original data obtained after the quantum signal is measured by the receiving end.
3.27 maximal distance
a) Quantum state preparation: the sending end prepares quantum states as
information carriers. The quantum states used to load information are randomly
loaded onto the corresponding light pulses. Quantum states can be characterized
by physical quantities such as polarization, phase, time, spin, and momentum.
b) Quantum state transmission: the sending end sends the quantum state loaded with
information to the receiving end.
c) Quantum state measurement: the receiving end randomly selects a measurement
basis to measure the quantum state loaded with information sent by the sending
end to generate a raw key.
d) Basis sifting: the sending end and receiving end compare the coding basis used in
the preparation of the quantum state with the measurement basis used by the
receiving end for detection. Both parties only retain the data using the same basis
vector to generate a sifted key.
e) Error correction: the sending end and receiving end correct the quantum bit errors
in the sifted key at both ends to generate an error-corrected key.
f) Privacy amplification: the sending end and receiving end compress the error-
corrected key by calculating the compression ratio to generate a shared key.
6.2 Protocol implementation
6.2.1 Quantum state preparation
6.2.1.1 Description of basis and state
Description of states: the four quantum states defining the two-dimensional Hilbert
space are denoted as |ϕ1 >, |ϕ2 >, |ψ1 >, and |ψ2 >.
Description of basis: define two sets of basis of the two-dimensional Hilbert space,
denoted by Φ and Ψ, with Φ = {|φ1 >, |φ2 >}, Ψ = {|ψ1 >, |ψ2 >}.
Information convention: when selecting a basis, define the basis Φ to correspond to the
classical bit "0"; the basis Ψ to correspond to the classical bit "1".
When the basis is Φ, the quantum state |ϕ1 > is defined to correspond to the classical
bit "0", and the quantum state |ϕ2 > corresponds to the classical bit "1".
When the basis is chosen as Ψ, the quantum state |ψ1 > is defined to correspond to
the classical bit "0", and the quantum state |ψ2 > corresponds to the classical bit
"1".
6.2.1.2 Selection of basis and state
through the quantum channel in accordance with the requirements of 6.2.1 of this
standard. It records the light intensity of the emitted pulse to prepare information and
code information.
6.2.3 Quantum state measurement
6.2.3.1 Decoding
The decoding process is that the receiving end randomly selects a measurement basis
to demodulate the quantum state loaded with information sent by the sending end.
The decoding process shall meet the following requirements:
According to the physical random sequence output by the random number generator,
through the correspondence between binary bits 0, 1 and the basis agreed in 6.2.1.1,
select the measurement basis used to measure the quantum state and demodulate the
quantum state. The preparation of the measurement basis shall comply with the
requirements of 6.2.1.3. The ratio of the number of preparations of the two groups of
basis shall be in accordance with the preset requirements of the product.
During the decoding process, if the receiving end uses an active basis selection scheme,
it shall at least have the ability to resist Trojan horse attacks.
During the decoding process, if the receiving end is actively selecting a basis (not
selecting a state), it shall at least be able to resist fluorescence attacks. If the receiving
end is actively selecting a basis (not selecting a state) and using multiple detectors, it
shall at least be able to resist forged state attacks, time displacement attacks, and device
calibration attacks.
During the decoding process, if the receiving end adopts a passive basis selection
scheme, it shall at least be able to resist wavelength-related attacks and fluorescence
attacks. If the receiving end adopts a passive basis selection scheme and uses multiple
detectors, it shall at least be able to resist forged state attacks, time displacement attacks,
and device calibration attacks.
Recommended measures to defend against related attacks during the decoding process
are shown in Annex C b), c), d), e), and f).
6.2.3.2 Detection
The detection process is to detect a single photon as an information carrier, convert the
detected quantum state information into classical bit information, and obtain the raw
key. The current implementation method is mainly based on single-photon detectors.
The detection process shall meet the following basic requirements, interface
requirements and key attribute requirements:
a) Basic requirements:
During the detection process of quantum key distribution products, if the receiving
end passes through multiple detectors, it shall at least be able to resist double
counting attacks.
During the detection process of quantum key distribution products, if the receiving
end uses a single-photon detector based on APD, it shall at least have the ability
to resist strong light attacks, dead time attacks, behind-the-gate attacks and
avalanche transition zone attacks.
Recommended measures to defend against related attacks during the detection
process are shown in Annex C g), h), i), j), and k).
b) Interface requirements:
1) The single-photon detector interface shall include a quantum signal interface,
an electrical pulse output interface after photoelectric conversion, and a power
supply interface;
2) If the single-photon detector is integrated inside a quantum key distribution
product, it may have an internal interface connected to other modules (such as
a serial port, network port, I2C, custom bus, etc.) for reporting the operating
status of the single-photon detector (such as reporting of temperature, voltage,
detection count statistics, anomalies, attack detection, etc.) and issuing specific
operating process control commands (only receiving a few specific operating
process control commands, such as starting a delayed scan of a gated detector
and efficiency balancing self-calibration of multiple single-photon detectors
(using an internal light source)).
c) Key attribute requirements:
The gated mode single photon detector shall meet the following requirements a) and
b). The free-running mode detector shall meet the following requirement b); when
the receiving end adopts an active basis vector selection scheme for quantum state
decoding, the detection result of each detector randomly represents the
information of 0 or 1, and the following requirements a) and b) may not be met.
1) The detection efficiency half-width between channels of a multi-channel
detector shall satisfy:
Where,
wmax - maximum half-height width;
wmin - minimum half-height width;
sending end through the classical channel includes the measurement basis
information and the measured optical pulse position information;
2) The publicly available information transmitted from the sending end to the
receiving end through the classical channel includes the transmitted optical
pulse position information, optical pulse intensity information, and basis
comparison results;
3) The authentication process shall be performed on all information exchanged
during the basis sifting process. The process shall comply with GB/T 15852.1
or GB/T 15852.2 or GB/T 15852.3. The keys required for its implementation
shall be preset in advance.
6.2.4.2 Parameter estimation
The basis sifting process shall simultaneously perform statistics on Qμ and Qv1. The
results are used to calculate the compression ratio in the privacy amplification phase.
6.2.5 Error correction
6.2.5.1 Parameter estimation
Before the error correction method is executed, the sending end and receiving end
analyze the sifted key to estimate the quantum bit error rate, which is used to optimize
the algorithm, improve efficiency, and confirm whether to terminate the protocol
process based on the judgment conditions.
The parameter estimation process shall meet the following requirements:
a) Estimation of the bit error rate of the key qubit after sifting.
b) The estimated value E'μ of the quantum bit error rate can be used to set and adjust
the operating parameters of the error correction method. The estimation methods
include: estimating the quantum bit error rate based on the operating environment
and other performance parameters; or estimating the quantum bit error rate of the
sifted key in real time through random sampling; or estimating the quantum bit
error rate of the sieve key based on the actual quantum bit error rate of the last
sifted key.
c) Ideally, the security key generation rate of the BB84 protocol does not exceed 1-
2H(σ). Where H is the binary Shannon entropy. When the bit error rate σ =11%,
the security key generation rate is 0. If E'μ ≥ρ , ρ∈[0,11% ], the system is judged
to be unsafe and the remaining steps are terminated. If E'μ < ρ , ρ∈[0,11% ], the
system is judged to be safe and the execution continues.
NOTE: When the error correction method does not require the quantum bit error rate as an operating
parameter, the parameter estimation in 6.2.5.1 can be omitted. The determination of s...
Delivery: 9 seconds. Download (& Email) true-PDF + Invoice.
Get Quotation: Click GM/T 0108-2021 (Self-service in 1-minute)
Historical versions (Master-website): GM/T 0108-2021
Preview True-PDF (Reload/Scroll-down if blank)
GM/T 0108-2021
GM
CRYPTOGRAPHY INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
CCS L 80
Decoy-state BB84 quantum key distribution product
technology specification
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: National Cryptography Administration
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 6
4 Symbols and abbreviations ... 9
4.1 Symbols ... 9
4.2 Abbreviations ... 9
5 Overview ... 10
5.1 Position of quantum key distribution products in quantum secure communication system
... 10
5.2 Network deployment of quantum key distribution products ... 11
6 Requirements for implementing the decoy-state BB84 protocol ... 13
6.1 Overview and protocol flow ... 13
6.2 Protocol implementation ... 14
7 Product requirements for quantum key distribution ... 24
7.1 Basic requirements ... 24
7.2 Identification requirements ... 25
7.3 Interface requirements ... 25
7.4 Random number generator ... 26
7.5 Log management ... 26
7.6 Remote management ... 26
Annex A (informative) Introduction to the decoy-state BB84 protocol ... 27
Annex B (informative) Composition structure of quantum key distribution products 28
Annex C (informative) Requirements for defense against attacks and protective
measures ... 30
Annex D (informative) Error correction methods ... 32
Annex E (informative) Methods for privacy amplification ... 34
Annex F (informative) Calculation formula of compression ratio during privacy
amplification process ... 37
Bibliography ... 40
Decoy-state BB84 quantum key distribution product
technology specification
1 Scope
Based on the BB84 protocol using weak coherent state light sources, this document
specifies the technical implementation of each stage of the protocol and puts forward
basic requirements for the design of products using this protocol.
This document is applicable to the development and testing of quantum key distribution
products based on the decoy-state BB84 protocol.
2 Normative references
The following referenced documents are indispensable for the application of this
document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
GB/T 2423.1, Environmental testing for electric and electronic products -- Part 2:
Test methods -- Tests A: Cold
GB/T 2423.2, Environmental testing for electric and electronic products -- Part 2:
Test methods -- Tests B: Dry heat
GB/T 15843.2, Information technology -- Security techniques -- Entity
authentication -- Part 2: Mechanisms using symmetric encipherment algorithms
GB/T 15843.4, Information technology -- Security techniques -- Entity
authentication -- Part 4: Mechanisms using a cryptographic check function
GB/T 15852.1, Information technology. Security techniques -- Message
authentication codes -- Part 1: Mechanisms using a block cipher
GB/T 15852.2, Information technology -- Security techniques -- Message
Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-
function
GB/T 15852.3, Information technology -- Security techniques -- Message
authentication codes (MACs) -- Part 3: Mechanisms using a universal hash-function
GB/T 32915, Information security technology -- Randomness test methods for binary
sequence
A complete description of the motion state of a physical system in quantum mechanics.
It can be represented by a vector in Hilbert space.
3.18 quantum channel
A channel for transmitting quantum states.
3.19 quantum information
The information contained in the quantum system. Its characteristics must be described
and explained using quantum mechanics.
3.20 sifted key
The data obtained after the original key is based (screened).
3.21 signal state
Quantum states used to load classical bit information.
3.22 phase randomization
The process in which the sending end randomly modulates the phase of weak coherent
light.
3.23 phase error rate
The rate at which a quantum bit undergoes phase-flip errors. This value is used to
estimate the amount of key information that an eavesdropper might know.
3.24 decoy state
A quantum state that differs from the signal state only in intensity and modulation
information, but has the same other physical quantities such as frequency domain and
time domain characteristics.
3.25 decoy-state BB84 protocol
Based on the BB84 protocol, it uses a variety of random light intensities to monitor the
channel and estimate the single-photon state characteristics, thereby solving the security
problem based on non-ideal single-photon sources. For an introduction to the decoy-
state BB84 protocol, see Annex A.
3.26 raw key
The original data obtained after the quantum signal is measured by the receiving end.
3.27 maximal distance
a) Quantum state preparation: the sending end prepares quantum states as
information carriers. The quantum states used to load information are randomly
loaded onto the corresponding light pulses. Quantum states can be characterized
by physical quantities such as polarization, phase, time, spin, and momentum.
b) Quantum state transmission: the sending end sends the quantum state loaded with
information to the receiving end.
c) Quantum state measurement: the receiving end randomly selects a measurement
basis to measure the quantum state loaded with information sent by the sending
end to generate a raw key.
d) Basis sifting: the sending end and receiving end compare the coding basis used in
the preparation of the quantum state with the measurement basis used by the
receiving end for detection. Both parties only retain the data using the same basis
vector to generate a sifted key.
e) Error correction: the sending end and receiving end correct the quantum bit errors
in the sifted key at both ends to generate an error-corrected key.
f) Privacy amplification: the sending end and receiving end compress the error-
corrected key by calculating the compression ratio to generate a shared key.
6.2 Protocol implementation
6.2.1 Quantum state preparation
6.2.1.1 Description of basis and state
Description of states: the four quantum states defining the two-dimensional Hilbert
space are denoted as |ϕ1 >, |ϕ2 >, |ψ1 >, and |ψ2 >.
Description of basis: define two sets of basis of the two-dimensional Hilbert space,
denoted by Φ and Ψ, with Φ = {|φ1 >, |φ2 >}, Ψ = {|ψ1 >, |ψ2 >}.
Information convention: when selecting a basis, define the basis Φ to correspond to the
classical bit "0"; the basis Ψ to correspond to the classical bit "1".
When the basis is Φ, the quantum state |ϕ1 > is defined to correspond to the classical
bit "0", and the quantum state |ϕ2 > corresponds to the classical bit "1".
When the basis is chosen as Ψ, the quantum state |ψ1 > is defined to correspond to
the classical bit "0", and the quantum state |ψ2 > corresponds to the classical bit
"1".
6.2.1.2 Selection of basis and state
through the quantum channel in accordance with the requirements of 6.2.1 of this
standard. It records the light intensity of the emitted pulse to prepare information and
code information.
6.2.3 Quantum state measurement
6.2.3.1 Decoding
The decoding process is that the receiving end randomly selects a measurement basis
to demodulate the quantum state loaded with information sent by the sending end.
The decoding process shall meet the following requirements:
According to the physical random sequence output by the random number generator,
through the correspondence between binary bits 0, 1 and the basis agreed in 6.2.1.1,
select the measurement basis used to measure the quantum state and demodulate the
quantum state. The preparation of the measurement basis shall comply with the
requirements of 6.2.1.3. The ratio of the number of preparations of the two groups of
basis shall be in accordance with the preset requirements of the product.
During the decoding process, if the receiving end uses an active basis selection scheme,
it shall at least have the ability to resist Trojan horse attacks.
During the decoding process, if the receiving end is actively selecting a basis (not
selecting a state), it shall at least be able to resist fluorescence attacks. If the receiving
end is actively selecting a basis (not selecting a state) and using multiple detectors, it
shall at least be able to resist forged state attacks, time displacement attacks, and device
calibration attacks.
During the decoding process, if the receiving end adopts a passive basis selection
scheme, it shall at least be able to resist wavelength-related attacks and fluorescence
attacks. If the receiving end adopts a passive basis selection scheme and uses multiple
detectors, it shall at least be able to resist forged state attacks, time displacement attacks,
and device calibration attacks.
Recommended measures to defend against related attacks during the decoding process
are shown in Annex C b), c), d), e), and f).
6.2.3.2 Detection
The detection process is to detect a single photon as an information carrier, convert the
detected quantum state information into classical bit information, and obtain the raw
key. The current implementation method is mainly based on single-photon detectors.
The detection process shall meet the following basic requirements, interface
requirements and key attribute requirements:
a) Basic requirements:
During the detection process of quantum key distribution products, if the receiving
end passes through multiple detectors, it shall at least be able to resist double
counting attacks.
During the detection process of quantum key distribution products, if the receiving
end uses a single-photon detector based on APD, it shall at least have the ability
to resist strong light attacks, dead time attacks, behind-the-gate attacks and
avalanche transition zone attacks.
Recommended measures to defend against related attacks during the detection
process are shown in Annex C g), h), i), j), and k).
b) Interface requirements:
1) The single-photon detector interface shall include a quantum signal interface,
an electrical pulse output interface after photoelectric conversion, and a power
supply interface;
2) If the single-photon detector is integrated inside a quantum key distribution
product, it may have an internal interface connected to other modules (such as
a serial port, network port, I2C, custom bus, etc.) for reporting the operating
status of the single-photon detector (such as reporting of temperature, voltage,
detection count statistics, anomalies, attack detection, etc.) and issuing specific
operating process control commands (only receiving a few specific operating
process control commands, such as starting a delayed scan of a gated detector
and efficiency balancing self-calibration of multiple single-photon detectors
(using an internal light source)).
c) Key attribute requirements:
The gated mode single photon detector shall meet the following requirements a) and
b). The free-running mode detector shall meet the following requirement b); when
the receiving end adopts an active basis vector selection scheme for quantum state
decoding, the detection result of each detector randomly represents the
information of 0 or 1, and the following requirements a) and b) may not be met.
1) The detection efficiency half-width between channels of a multi-channel
detector shall satisfy:
Where,
wmax - maximum half-height width;
wmin - minimum half-height width;
sending end through the classical channel includes the measurement basis
information and the measured optical pulse position information;
2) The publicly available information transmitted from the sending end to the
receiving end through the classical channel includes the transmitted optical
pulse position information, optical pulse intensity information, and basis
comparison results;
3) The authentication process shall be performed on all information exchanged
during the basis sifting process. The process shall comply with GB/T 15852.1
or GB/T 15852.2 or GB/T 15852.3. The keys required for its implementation
shall be preset in advance.
6.2.4.2 Parameter estimation
The basis sifting process shall simultaneously perform statistics on Qμ and Qv1. The
results are used to calculate the compression ratio in the privacy amplification phase.
6.2.5 Error correction
6.2.5.1 Parameter estimation
Before the error correction method is executed, the sending end and receiving end
analyze the sifted key to estimate the quantum bit error rate, which is used to optimize
the algorithm, improve efficiency, and confirm whether to terminate the protocol
process based on the judgment conditions.
The parameter estimation process shall meet the following requirements:
a) Estimation of the bit error rate of the key qubit after sifting.
b) The estimated value E'μ of the quantum bit error rate can be used to set and adjust
the operating parameters of the error correction method. The estimation methods
include: estimating the quantum bit error rate based on the operating environment
and other performance parameters; or estimating the quantum bit error rate of the
sifted key in real time through random sampling; or estimating the quantum bit
error rate of the sieve key based on the actual quantum bit error rate of the last
sifted key.
c) Ideally, the security key generation rate of the BB84 protocol does not exceed 1-
2H(σ). Where H is the binary Shannon entropy. When the bit error rate σ =11%,
the security key generation rate is 0. If E'μ ≥ρ , ρ∈[0,11% ], the system is judged
to be unsafe and the remaining steps are terminated. If E'μ < ρ , ρ∈[0,11% ], the
system is judged to be safe and the execution continues.
NOTE: When the error correction method does not require the quantum bit error rate as an operating
parameter, the parameter estimation in 6.2.5.1 can be omitted. The determination of s...
Share
