QDS-based mail system and transceiving method

What is claimed is: 1. A transceiving method, applicable for a Quantum Digital Signature (QDS)-based mail system, wherein the mail system is a three-layer structure foamed by a physical layer, a key layer, and an application layer; the physical layer is a key generation terminal and is used to generate a key string for signature in real time; the key layer is used to store the key string generated by the physical layer and provide a required key to the upper layer, namely, the application layer when required; and the application layer is a transceiving software part in the mail system, and is used to extract keys generated by the physical layer from the key layer so as to encrypt information to be sent; wherein a user terminal corresponding to the application layer comprises clients A and B and a server S; the client A serves as a transmitting end and the client B servers as a receiving end; wherein the transceiving method comprises: a quantum key distribution (QKD) phase, a mail signature phase, and a signature verification phase; wherein in the QKD phase, the transmitting end A needs to acquire two sets of keys respectively for the server S and the receiving end B, which are used to encrypt bits 1 and 0 respectively, wherein the keys are generated by the physical layer and stored in the key layer; and when required, the application layer takes the corresponding keys out of the key layer at any time; wherein in the mail signature phase, the client is in charge of signing a message with the possessed keys; and wherein the signature verification phase comprises two verification procedures: in a first procedure, the server verifies a message signature, and in a second procedure, the receiving end B verifies the message signature wherein the distribution phase comprises the following steps: step 1-1: when that the client A needs to send a message to the client B, generating, by the clients A and B, corresponding keys A B 1 , and A B 0 each having a length of L according to a key generation protocol (KGP), wherein A B 1 is used to sign the bit 1 and A B 0 is used to sign the bit 0 ; and in this case, the client B also possesses two keys K B 0 and K B 1 each having a length of L bits, the superscripts indicating that the keys are possessed by the client B and the subscripts indicating a specific message to be verified in the future; step 1-2: generating, by the client A and the server S, two corresponding keys A S 1 and A S 0 each having a length of L according to the KGP, wherein A S 1 is used to encrypt the bit 1 and A 1 S is used to encrypt the bit 0 ; and in this case, the server S also possesses two keys K S 0 and K S 1 each having a length of L, the superscripts indicating that the keys are possessed by the server S and the subscripts indicating a specific message to be verified in the future; and step 1-3: in the case where the client A possesses four keys A B 0 , A B 1 , A S 0 , and A S 1 each having a length of L bits after the foregoing procedure, selecting, separately by the client B and the server S, half of the possessed keys randomly, exchanging the selected keys with each other, and informing each other of positions of the exchanged keys in all the keys; after completion of symmetric exchange, combining, by the server S, the possessed key K S 0,keep and the key K B 0,forward sent by B into M 0 S =(K S 0,keep , K B 0,forward ) used to verify the message bit 0 and M 1 S =(K S 0,keep , K B 0,forward ) used to verify the message bit 1 ; and likewise, performing, by B, the same operations, to obtain M 0 B =(K B 0,keep , K S 0,forward ) and M 1 B =(K B 0,keep , K S 0,forward ), wherein a secure classical encryption channel is used during exchange between B and S, so as to prevent the client A from denying signature. 2. The transceiving method according to claim 1 , wherein the mail signature phase comprises the following specific steps: step 2-1: after a message to be sent is inputted, converting, by the client A, the message to be sent into a binary code by means of a specific coding scheme or algorithm, wherein the bit 0 is signed by using A B 0 and A S 0 together, and the bit 1 is signed by using A B 1 and A S 1 together; step 2-2: according to requirements in a QDS protocol, using, by the client A, an initial key of L bits in length to sign each bit of message, for example, with given security parameters, using a key of 3000 bits in length to sign a 1-bit message, including 1500 bits of key generated by agreement with B and 1500 bits of key generated by agreement with S; step 2-3: performing, by the client A, the same signature method for each bit of the message, and sending the signed message to the server S, wherein when the transmitting end sends bit- 0 information, a combination of the sent message and the signature is denoted as (0, A B 0 , A S 0 ); and likewise, when bit- 1 information is sent, a combination of the sent message and the signature may be denoted as (1, A B 1 , A S 1 ); and step 2-4: because a relatively long key bit string is produced during a single key generation, discarding, by the client A, an unused key bit string after completion of the foregoing signature steps for each bit of possessed keys, such that one-time pad encryption is achieved. 3. The transceiving method according to claim 2 , wherein in step 2-2, a longer length L of the initial key means higher security of the signed message, and a specific value of L is selected according to actual requirements. 4. The transceiving method according to claim 1 , wherein the signature verification phase comprises the following specific steps: step 3-1: when the message sent by the client A to the server is (0, A B 0 , A S 0 ), comparing, by the server S, the message with M S 0 =(K S 0,keep , K B 0,forward ) mentioned in step 1-3 after receiving the message, wherein an exclusive or operation is performed on corresponding positions of K S 0,keep and A S 0 , and on corresponding positions of K B 0,forward and A B 0 ; marking a position at which an output result is 1 as a bit error; likewise, when the message sent by the client A is (1, A B 1 , A S 1 ), performing the same operations; and obtaining a bit error rate (BER) after completion of comparison between all the bit keys; step 3-2: when the BER is greater than a BER threshold set by the server, discarding, by the server, a whole message and informing the client A that the message fails to be sent and needs to be resent; otherwise, forwarding the whole message received to the receiving end B, wherein in this case, the server not only performs verification with the corresponding key, but also takes on message forwarding; step 3-3: performing, by the client B, the same operations as the server S after receiving the message, namely, comparing, by the client B, the received message (m, A S m , A B m ) with a key bit string M B m =(K B m,keep , K S m,forward ) possessed by the client B, wherein an exclusive or operation is performed on corresponding positions of K S m,keep and A S m , and on corresponding positions of K B m,forward and A B m ; marking a position at which an output result is 1 as a bit error; and obtaining a BER after completion of comparison between all the bit keys; and step 3-4: when the BER is greater than a minimum BER threshold set by the system, refusing, by the client B, to receive the message and informing the server of a corresponding result; and after receiving the notification from B, notifying, by the server S, the client A that “the message probably has been tampered with and is required to be resent”; or when the BER is less than the minimum BER threshold set by the system, receiving, by the client B, the message and notifying