GM/T 0114-2021 PDF English
Search result: GM/T 0114-2021
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
| GM/T 0114-2021 | English | 590 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Decoy-state BB84 quantum key distribution product test specification
| Valid |
GM/T 0114-2021: PDF in English (GMT 0114-2021) GM/T 0114-2021
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.030
L 80
Decoy-state BB84 quantum key distribution product test
specification
ISSUED ON: OCTOBER 18, 2021
IMPLEMENTED ON: MAY 01, 2022
Issued by: State Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 5
4 Symbols and abbreviations ... 8
4.1 Symbols ... 8
4.2 Abbreviations ... 9
5 Detection environment ... 9
5.1 Test reference point ... 9
5.2 Detection environment ... 10
6 Detection content ... 19
6.1 Detection of protocol implementation requirements ... 19
6.2 Detection of quantum key distribution product ... 25
7 Detection method ... 29
7.1 Protocol implementation requirements detection... 29
7.2 Anti-attack detection ... 46
7.3 Detection of quantum key distribution product ... 52
8 Qualification judgment ... 57
Appendix A (Informative) Detection instruments ... 58
References ... 59
Decoy-state BB84 quantum key distribution product test
specification
1 Scope
This document specifies the detection content and methods of the protocol
implementation requirements and basic product requirements of the decoy-state BB84
quantum key distribution product, based on the use of weak coherent state light source.
This document is applicable to the detection of decoy-state BB84 quantum key
distribution products, which are developed in accordance with GM/T 0108-2021; it can
also be used to guide the development. The system security based on quantum key
distribution products and the security of their classical channel networks are not within
the scope of this document.
2 Normative references
The contents of the following documents constitute the essential provisions of this
document through normative references in the text. Among them, for referenced
documents with dates, only the version corresponding to that date applies to this
document; for referenced documents without dates, the latest version (including all
amendments) applies to this document.
GB/T 2423.1 Environmental testing for electric and electronic products - Part 2: Test
methods - Tests A: Cold
GB/T 2423.2 Environmental testing for electric and electronic products - Part 2: Test
methods - Tests B: Dry heat
GB/T 5080.7 Equipment reliability testing - Compliance test plans for failure rate
and mean time between failures assuming constant failure rate
GB/T 15843.2 Information technology - Security techniques - Entity authentication
- Part 2: Mechanisms using symmetric encipherment algorithms
GB/T 15843.4 Information technology - Security techniques - Entity authentication
- Part 4: Mechanisms using a cryptographic check function
GB/T 15852.1 Information technology - Security techniques - Message
authentication codes - Part 1: Mechanisms using a block cipher
GB/T 15852.2 Information technology - Security techniques - Message
Authentication Codes (MACs) - Part 2: Mechanisms using a dedicated hash-
function
GB/T 15852.3 Information technology - Security techniques - Message
authentication codes (MACs) - Part 3: Mechanisms using a universal hash-function
GB/T 32915 Information security technology - Randomness test methods for binary
sequence
GB/T 37092 Information security technology - Security requirements for
cryptographic modules
GB/T 38625 Information security technology - Security test requirements for
cryptographic modules
GM/T 0062 Random number test requirements for cryptographic modules
GM/T 0108-2021 Technical specification for decoy state BB84 quantum key
distribution product
GM/Z 4001 Cryptographic terminology
3 Terms and definitions
The terms and definitions defined in GB/T 37092, GM/T 0050, GM/Z 4001 apply to
this document.
3.1
Privacy amplification
The process in which the transmitter and the receiver perform mathematical
processing on the error-corrected key to extract the shared key from it.
3.2
BB84 protocol
A quantum key distribution protocol proposed by Charles Henry Bennett and Gilles
Brassard in 1984.
3.3
Basis sifting
Also called sifting, it refers to the process in which the transmitter and receiver
the quantum state transmission process meets the requirements of the decoy-state BB84
protocol.
The transmitter sends the light pulse of the quantum state loaded with information that
meets the requirements of 6.2.1 of GM/T 0108-2021 to the receiver, through the
quantum channel; records the light intensity preparation information and encoding
information of the emitted pulse.
6.1.3 Detection of quantum state measurement process
6.1.3.1 Decoding process
The purpose of the decoding process detection is to detect whether the decoding process
of the receiver meets the requirements of the decoy-state BB84 protocol.
The decoding process is that the receiver randomly selects a measurement basis to
demodulate the quantum state loaded with information sent by the transmitter. It shall
meet the decoding requirements of GM/T 0108-2021.
During the decoding process, if the receiver is an active basis selection scheme, it shall
at least have the ability to resist Trojan horse attacks.
During the decoding process, if the receiver is an active basis selection scheme (no state
selection), it shall at least have the ability to resist fluorescence attacks; if the receiver
is an active basis selection scheme (no state selection) and uses multiple detectors, it
shall at least have the ability to resist forged state attacks, time displacement attacks,
device calibration attacks.
During the decoding process, if the receiver is a passive basis selection scheme, it shall
at least have the ability to resist wavelength-related attacks and fluorescence attacks; if
the receiver is a passive basis selection scheme and uses multiple detectors, it shall at
least have the ability to resist forged state attacks, time displacement attacks, device
calibration attacks.
For recommended measures to resist related attacks during the decoding process, see
b), c), d), e), f) in Appendix C of GM/T 0108-2021.
6.1.3.2 Detection process
The detection process includes interface detection, key attribute detection, anti-
detection process attack detection. The detection purposes are to detect whether the
interface attributes and key attributes of the detector meet the requirements of the BB84
protocol in the decoy-state, whether measures to resist related attacks during the
detection process are taken.
The detection process is the detection of a single photon as an information carrier,
converting the quantum state information of the detected light pulse into classical bit
information to obtain the original key. The current implementation method is mainly
based on single-photon detectors.
The detection process shall comply with the interface requirements, key attribute
requirements, anti-attack measures requirements of 6.2.3.2 of GM/T 0108-2021. For
recommended measures to resist related attacks during the detection process, see g), h),
i), j), k) in Appendix C of GM/T 0108-2021.
6.1.4 Detection of basis sifting process
The basis sifting process is that the transmitter and the receiver compare the coding
basis used in the preparation of the quantum state with the measurement basis used by
the receiver. Both parties only retain the data of the same basis vector, to generate the
post-screening key. The purpose of the basis sifting process detection is to detect
whether the basis sifting process of the transmitter and the receiver meets the
requirements of the decoy-state BB84 protocol.
The basis sifting process shall meet the requirements of the basis sifting process of
GM/T 0108-2021.
6.1.5 Detection of error correction process
The error correction process is that the transmitter and the receiver correct the quantum
error bits in the post-screening key at both ends, to obtain a consistent key, that is, the
error-corrected key. The purpose of the error correction process detection is to detect
whether the error correction process of the transmitter and the receiver meets the
requirements of the decoy-state BB84 protocol.
The error correction process shall meet the requirements of the error correction process
of GM/T 0108-2021.
6.1.6 Detection of security enhancement process
The security enhancement process refers to the process in which the transmitter and the
receiver use the hash function class to hash the error-corrected key and extract the
shared key. The purpose of the security enhancement process detection is to detect
whether the security enhancement process of the transmitter and receiver meets the
requirements of the BB84 protocol in a decoy-state.
The security enhancement process shall meet the requirements of the security
enhancement process of GM/T 0108-2021.
6.2 Detection of quantum key distribution product
6.2.1 Basic testing
6.2.1.1 Functional testing
Quantum key distribution product functional testing includes protocol implementation
requirements testing, shared key randomness testing, shared key consistency testing.
The purpose of the protocol implementation requirements testing is to detect whether
the process of quantum key distribution product key generation follows the decoy BB84
protocol. The purpose of the shared key randomness testing is to detect whether the
randomness of the key generated by the quantum key distribution product meets the
performance requirements of the quantum key distribution product. The purpose of the
shared key consistency testing is to detect whether the shared keys generated by the
transmitter and receiver of the quantum key distribution product are consistent.
Quantum key distribution products shall follow the decoy BB84 protocol and shall
comply with the requirements of 6.1 and 6.2 in GM/T 0108-2021. The randomness of
the shared key generated by the quantum key distribution product shall comply with the
requirements of GB/T 32915. The shared keys generated by the transmitter and receiver
of the quantum key distribution product shall be consistent.
6.2.1.2 Performance testing
6.2.1.2.1 Shared key generation rate
The purpose of the shared key generation rate testing is to detect whether the amount
of shared keys generated by the quantum key distribution product per unit time meets
the requirements of the inspection document.
The quantum key distribution product shall meet the requirements of the shared key
generation rate specified in the product inspection document.
6.2.1.2.2 Maximum distance
The purpose of the maximum distance testing of the quantum key distribution product
is to detect the maximum length of the quantum channel between the transmitter and
the receiver of the quantum key distribution product, under the premise of meeting the
performance and security requirements.
The quantum key distribution product shall meet the requirements of the maximum
distance specified in the product inspection document.
6.2.1.2.3 Environmental adaptability and reliability
The purpose of the environmental adaptability testing is to detect the adaptability of the
quantum key distribution product to the working environment; the purpose of the
reliability test is to detect the mean time between failures of the quantum key
distribution product.
The working environment of the quantum key distribution product shall meet the
have the ability to replay attacks.
6.2.3 Interface detection
The purpose of interface detection is to detect whether the type and function of the
interface of the quantum key distribution product meet the requirements of the quantum
key distribution product.
The interface of the quantum key distribution product shall meet the interface
requirements of GM/T 0108-2021.
6.2.4 Detection of random number generator
The purpose of random number generator detection is to detect whether the random
number generator used in the quantum key distribution product meets the requirements
of the quantum key distribution product.
The random number generator used in the quantum key distribution product shall be
approved by the national cryptography management department.
The random number generator used in the quantum key distribution product shall use a
random number generator based on physical processes; it can pass the random number
detection in four different application stages of sample delivery detection, exit-factory
detection, power-on detection, use detection; it shall meet the requirements of Class D
products in GM/T 0062.
6.2.5 Log management detection
The purpose of log management detection is to detect whether the management of logs
by quantum key distribution products meets the requirements of quantum key
distribution products.
The quantum key distribution product shall provide a log function; the log can be
viewed and exported.
The log content includes:
a) Operational behavior, including login authentication, system configuration, key
management and other operations;
b) Security events, including connection with the management platform, key
generation, key update, key destruction and other events;
c) Abnormal events, including authentication failure, illegal access, integrity check
failure and other abnormal events.
6.2.6 Remote management detection
The purpose of remote management detection is to detect whether the remote
management function of quantum key distribution products meets the requirements of
quantum key distribution products.
The remote management of quantum key distribution products shall comply with the
requirements of 7.6 in GM/T 0108-2021.
7 Detection method
7.1 Protocol implementation requirements detection
7.1.1 Base preparation detection
7.1.1.1 Relative error of coding base conjugation
Take the detection of relative error of coding base conjugation of phase-coded quantum
key distribution products as an example:
- Detection conditions:
a) The dotted box part shall select the transmitter base/state preparation module
(including phase modulator);
b) The synchronous clock signal of the light source shall make the single photon
detector work normally;
c) It shall obtain the phase modulation voltages φ0, φ1, φ2, φ3 of the four phases of
0, π/2, π, 3π/2 modulated by the base/state preparation module;
d) Adjust the light source optical power to an appropriate level, so that the average
photon number level of the light pulse reaching the single photon detector is
consistent with the average photon number level of the signal state light pulse,
meanwhile at least ensure that the detection count of the single photon detector
shall be more than twice the dark count of the single photon detector.
- Detection method:
a) Connect the device to be tested and the accompanying device to be tested
according to Figure 2 in 5.2.1.1; set the laser trigger frequency to n MHz and the
phase modulation frequency to 2n MHz. Use optical and electronic delay
technology to make the quantum light loaded with phase for the first time after
entering the ground/state preparation module interfere with the quantum light
loaded with phase reflected from the end reflector before entering the circulator;
the interference peak position required for measurement shall be within the
detection gate width range of the single photon detector.
is consistent with the average number of photons of the signal state light pulse,
meanwhile at least ensure that the detection count of the single photon detector
shall be more than twice the dark count of the single photon detector.
- Detection method: Connect the device to be tested and the accompanying test
device according to Figure 4 in 5.2.1.1; the operation steps are the same as steps a)
~ g) of the detection method in 7.1.1.1, to obtain the relative error Σ/E of
conjugation.
- Pass criteria: The relative error of the conjugation of the measurement base shall
meet the requirements of 6.1.1.2.
Take the measurement basis relative error detection of polarization-encoded quantum
key distribution products as an example:
- Detection method:
a) Connect the device to be tested and the accompanying test device according to
Figure 5 in 5.2.1.1;
b) Connect two optical power meters to the polarization state output ends of |H >
and |V >, respectively; adjust the base/state preparation module of the transmitter,
so that the reading ratio -- of the optical power meter connected to the
polarization state output end of |H > to the optical power meter connected to the
polarization state output end of |V > -- is the largest; connect the polarization
analyzer to the polarization state output end of |H >; record the current
polarization position a; set ϕ0 = 0;
c) Connect two optical power meters to the polarization state output ends of |H >
and |V >, respectively. Adjust the base/state preparation module of the transmitter,
so that the reading ratio -- of the optical power meter connected to the
polarization state output end of |H > to the optical power meter connected to the
polarization state output end of |V > -- is the smallest. Connect the polarization
analyzer to the polarization state output end of |V >. Record the current
polarization position b. Record the angle ϕ2 between the polarization position b
and a;
d) Connect two optical power meters to the polarization state output ends of |P >
and |N >, respectively. Adjust the base/state preparation module of the transmitter,
so that the reading ratio -- of the optical power meter connected to the |P >
polarization state output end to the optical power meter connected to the |N >
polarization state output end -- is the largest. Connect the polarization analyzer
to the |P > polarization state output end. Record the current polarization position
c. Record the angle ϕ1 between the polarization position c and a;
e) Connect the two optical power meters to the |P > and |N > polarization state output
the internal attenuation value of the transmitter can be reduced to the range that
the optical power meter can normally detect; the reduced attenuation value is
deducted in the final calculation.
- Detection method:
a) Connect the device to be tested and the accompanying test device according to
Figure 7 in 5.2.1.2; set the intensity of the transmitter in the standard working
mode in turn; output the light pulse of the signal state, the light pulse of the
decoy-state 1, the light pulse of the decoy-state 2;
b) Use an optical power meter to measure the output optical power of the
transmitter. The time interval of the light intensity statistics shall not be less than
1 s. The number of sampling points shall not be less than 100. Take the root mean
square of the collected optical power measurement value as the actual light pulse
intensity p';
c) Calculate the theoretical light pulse intensity, taking the signal state as an
example: the measured signal state light pulse repetition frequency is f, the signal
state light pulse center wavelength is λ, the theoretical average photon number
is μ, the single photon energy is , then it can obtain the theoretical
light pulse intensity p = μ·Ep, where h is Planck's constant and c is the speed of
light.
- Pass criteria:
The light intensity preparation meets the requirements of 6.1.1.4.
7.1.4 Detection of preparation of other properties
7.1.4.1 Amplitudes of various quantum states in signal state
- Detection conditions: Quantum key distribution products shall have a mode for
preparing signal state separately.
- Detection method:
a) Connect the device to be tested and the accompanying test device according to
Figure 8 in 5.2.1.3; set the transmitter to output the light pulse in the signal state
according to the intensity of the standard working mode;
b) Use the pulse amplitude measurement tool provided by the oscilloscope, to
measure the light pulse amplitude and calculate the root mean square value of
the light pulse amplitude;
c) Set the output of light pulses in different quantum states; measure the light pulse
amplitude of each quantum state in turn; calculate the root mean square value of
the light pulse amplitude of each quantum state;
d) When the light intensity output by the transmitter is lower than the measurement
range of the measuring device, the internal optical path attenuation of the
transmitter can be reduced, so that the light intensity output by the transmitter
meets the measurement requirements.
- Pass criteria: The test results shall meet the requirements of 6.1.1.5.
7.1.4.2 Amplitudes of various quantum states in the decoy-state
- Detection conditions: Quantum key distribution products shall have a mode for
preparing decoy-states separately.
- Detection method:
a) Connect the device to be tested and the accompanying test device according to
Figure 8 in 5.2.1.3; set the transmitter to output the light pulse in the decoy-state
according to the intensity of the standard working mode;
b) Use the pulse amplitude measurement tool provided by the oscilloscope, to
measure the light pulse amplitude and calculate the root mean square value of
the light pulse amplitude;
c) Set the output of light pulses in different quantum states; measure the light pulse
amplitude of each quantum state in turn; calculate the root mean square value of
the light pulse amplitude of each quantum state;
d) When the light intensity output by the transmitter is lower than the measurement
range of the measuring device, the internal optical path attenuation of the
transmitter can be reduced, so that the light intensity output by the transmitter
meets the measurement requirements.
- Pass criteria: The test results shall meet the requirements of 6.1.1.5.
7.1.4.3 Pulse width of various quantum states in signal state and decoy-state
- Detection method:
a) Connect the device to be tested and the accompanying test device according to
Figure 8 in 5.2.1.3;
b) Use the pulse width measurement tool provided by the oscilloscope, to measure
the optical pulse width and calculate the root mean square value of the optical
pulse width;
c) Set the light source to output optical pulses of different quantum states; measure
......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
PDF Preview: GM/T 0114-2021
|