基于区块链的量子密钥全生命周期管理

为确保量子密钥从生成、分发、存储、使用、更新到销毁的安全性更高，提出一种基于区块链的量子密钥全生命周期管理方案。首先有保密通信需求的两方机构通过量子密钥分发设备产生真随机对称量子协商密钥，并将其分别存储在两方机构的量子设备管理员处；然后两方量子设备管理员协商量子密钥编号规则生成量子密钥文件；最后两方机构用户分别向各自量子设备管理员申请量子密钥用于通信。在通信过程中，与量子密钥生成、分发、使用、更新、销毁的相关日志信息上传到区块链，由量子设备管理员、通信用户协同区块链管理员完成量子密钥全生命周期的管理与追溯。理论分析表明：该方案能解决量子密钥在通信系统中无法有效追溯和管理的问题，可以实现对量子密钥全生命周期管理和追溯过程的透明可信。

Quantum Key Lifecycle Management Based on Blockchain

In order to ensure a higher security of quantum key from generation, distribution, storage, use, update and destruction, this paper proposes a quantum key lifecycle management scheme based on blockchain. The two-party which has the requirement of confidential communication generates a truly random symmetric quantum negotiation key pool through quantum key distribution devices, and stores it in the quantum device administrator of each party. Then the quantum device administrators of two parties generate quantum key files according to negotiated numbering rules of quantum keys. Users of the two parties respectively apply for quantum keys from their quantum device administrators for communication. In the process of communication, the log information related to the generation, distribution, use, update and destruction of quantum keys is uploaded to a blockchain, and the quantum device administrators and communication users cooperate with the blockchain administrator to complete the management and traceability of the full lifecycle of quantum keys. Theoretical analysis shows that this scheme can solve the problem that quantum key cannot be effectively traced and managed in communication system, and realize the transparency and reliability of management and traceability of quantum key in whole lifecycle.