CN102013980A

CN102013980A - Random encryption method for decrypting by adopting exhaustion method

Info

Publication number: CN102013980A
Application number: CN 200910140802
Authority: CN
Inventors: 刘海云
Original assignee: Individual
Current assignee: Individual
Priority date: 2009-05-06
Filing date: 2009-05-06
Publication date: 2011-04-13
Also published as: WO2010091565A1

Abstract

The invention provides a random encryption method for decrypting by adopting an exhaustion method, which is mainly used for encrypting backup keys, certificates and important documents. The random encryption method comprises the following encryption flow: inputting use identity information and encryption strength; calculating the random length of a random key and generating the random key of the random length according to the relationship among encryption strength and other factors; and encrypting the key and the certificate by using the user identity information and the random key according to the encryption algorithm to obtain backups of the encrypted key and certificate and locking the user identity information and the random key in password identification information by using the encryption algorithm determined by the program. The backups generated by the encryption method are decrypted by using the exhaustion method no matter how to write the decryption program even if the correct user identity is input; in addition, the user and the random key are required to be respectively compared. The method is not only applied to a stand-alone system, but also can be applied to key escrow services in clouds.

Description

Need to adopt the random encrypting method of exhaust algorithm decipher

Technical field

The present invention relates to a kind of random encrypting method, how writing with the ciphertext decrypted program of this encryption method encryption generation all needs to be decrypted with the method for exhaustion.

Background technology

Adopted advanced EFS (Encrypting File System, encrypted file system) among operating system Windows XP that generally uses and the Windows Vista at present.After certificate in this cryptographic system and private key are lost, can't decipher the file of being encrypted by EFS.The Cipher Strength of the private key backup that EFS derives depends on that fully the user derives the password of being inputed in the private key process.In order to guarantee the safety of certificate and private key backup, use the people of EFS often backup to be kept in the movable storage device.When the certificate in the operating system and private key are lost, the user usually needs the searching movable storage device of ransacking boxes and chests, to be kept at the certificate and the private key import operation system that back up in the movable storage device after finding, then the file of being encrypted by EFS with certificate that imports and private key deciphering.Existing EFS derives the method that imports certificate and private key and not only is difficult for using, make many people dare not use EFS, and derive to import certificate and private key, take for twice place movable storage device with twice after institute take time on average more than one minute, also may can't recover certificate and private key, many users are kept someone at a respectful distance to EFS because movable storage device loses.On the other hand, when known encryption method is utilized subscriber identity information to plain text encryption, adopt various algorithms to generate cipher code recognition information, utilize of the checking of this cipher code recognition information to subscriber identity information, provide users with the convenient, but also provide shortcut, and this cipher code recognition information often is unable to undergo to attack to the cracker.Also have; when utilizing subscriber identity information and random data jointly same object of protection to be encrypted; existing random encrypting method is when generating cipher code recognition information; though random data is encrypted; but only subscriber identity information is locked in the cipher code recognition information; random data is not locked in the cipher code recognition information, only need compares during deciphering, do not need random data is compared subscriber identity information.The 4th the current cloud computing high speed development in aspect, the key escrow service in the cloud needs the present invention to increase the fail safe of ciphertext.

Summary of the invention

The present invention is mainly used to the backup of encipherment protection certificate and private key just at the problem of above four aspects and produce.

According to an aspect of the present invention, provide a kind of encryption method, its encryption flow is as follows:

[I] input Cipher Strength and subscriber identity information UserID, according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the random-length Long of random key, producing random-length is the random key Random of Long

[II] utilizes subscriber identity information UserID and random key Random to derive from a code string UR, adopt pre-defined algorithm encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[III] utilizes important plaintext Text and cipher code recognition information PassID to derive from a code string TP,

[IV] adopts pre-defined algorithm encrypted code string TP, to generate the ciphertext ReText of important plaintext Text.

[II] utilizes subscriber identity information UserID, random key Random and important plaintext Text to derive from a code string URT,

[III] adopts pre-defined algorithm encrypted code string URT, to generate the ciphertext ReText of important plaintext Text.

[III] adopts pre-defined algorithm to encrypt important plaintext Text, generating the ciphertext ReText of important plaintext Text,

[IV] inserts cipher code recognition information PassID among the ciphertext ReText, wherein,

Described with among the cipher code recognition information PassID insertion ciphertext ReText, be meant cipher code recognition information PassID as a unit or be split as a plurality of units and add the action that some or a plurality of positions among the ciphertext ReText constitute a fresh code string to, and the insertion position is not limited to the position in the ciphertext ReText, also can be added on the head and the tail two ends of ciphertext ReText.

[II] adopts pre-defined algorithm to encrypt important plaintext Text, generating the ciphertext ReText of important plaintext Text,

[III] utilizes subscriber identity information UserID and random key Random to derive from a code string UR, adopt pre-defined algorithm encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

In four encryption flow in front, wherein,

Described random-length Long, be to constitute: the length of random key by following one or more, the mobility scale of random key, the length of unit in the random key, the mobility scale of unit in the random key, and random-length Long is kept at the associated memory space that is used to preserve ciphertext ReText with the form of plaintext or ciphertext, be used for to the random-length scope of decrypted program appointment with the random key of method of exhaustion detection, the described associated memory space that is used to preserve ciphertext Retext is meant one of following four: the space of 1. preserving ciphertext Retext, 2. preserve the space of this file attribute of ciphertext Retext, 3. database, 4. be used to preserve file or the space of random-length Long

Described ciphertext Retext; It is characterized in that the method searching random key Random that any decrypted program for ciphertext Retext all needs to adopt the method for exhaustion or adopts the method for exhaustion to combine with the cryptanalysis technology; The subscriber identity information that discharges in the subscriber identity information of input and the decrypting process when not only needing deciphering is compared; The random key that also needs to discharge in random key that exhaustive circulation is enumerated and the decrypting process is compared; Only after the comparison of aforementioned two kinds of keys is all consistent; Just can guarantee correct decrypting ciphertext ReText; To discharge important plaintext Text

Described pre-defined algorithm is meant the cryptographic algorithm of utilizing subscriber identity information UserID and random key Random to encrypt, and comprise in the following cryptographic algorithm one or more: substitute, displacement, obscure, diffusion, iteration, the combination Split Method, mathematical relationship is encrypted, displacement is encrypted, logical encrypt, arithmetic is encrypted, block encryption, stream cipher encrypting, linear encryption, non-linear encryption, symmetric encipherment algorithm, rivest, shamir, adelman, statistics is encrypted, pseudorandom is encrypted, utilization increases item number along with crypto process and adjusts the algorithm of the stream cipher encrypting of the inferior multinomial generation of power, the algorithm that the serial number code that utilizes ordering to be produced is encrypted

Described Cipher Strength depends on the cipher code recognition information PassID that is generated behind encrypting user identity information UserID and the random key Random, during deciphering, has only the deciphering of finishing earlier cipher code recognition information PassID, could guarantee the ciphertext ReText of important plaintext Text is correctly deciphered, to discharge important plaintext Text, and during deciphering, after confirming that subscriber identity information UserID and random key Random are correct, the relative the amount of calculation of amount of calculation that solves important plaintext Text from the ciphertext ReText of important plaintext Text is often very little.Therefore, described Cipher Strength also equal the Cipher Strength that important plaintext Text is encrypted and be following one of them: random-length, the average computation amount of deciphering, the max calculation amount of deciphering, the multiplication factor of amount of calculation when the average computation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the max calculation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the relative single of the average computation amount of deciphering is deciphered, the multiplication factor of amount of calculation when the relative single of the max calculation amount of deciphering is deciphered, the average trial deciphering number of times of deciphering, maximum trial deciphering number of times of deciphering, the average deciphering time on the predetermined speed machine, the longest deciphering time on the predetermined speed machine

Described random key is to be made of following wherein one or more information: the pseudo-random information that the random information that system produces, system produce, the information that obtains after utilizing pseudo-random data that subscriber identity information UserID produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, utilize the information that obtains after the pseudo-random data intervention of clock number to system's generation.

[I] input Cipher Strength and subscriber identity information UserID according to the relation between length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the length L ong of random key, and producing length is the random key Random of Long,

[II] utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the algorithm for encryption code string UR that the serial number code that utilizes ordering to be produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[III] utilizes private key KeyText and cipher code recognition information PassID to derive from a code string KP,

The algorithm for encryption code string KP of the serial number code encryption that [IV] utilization ordering is produced utilizes the stream cipher that produces along with the crypto process increase item number multinomial inferior with adjusting power to come encrypted code string KP, with the encrypted backup ReCome of generation private key KeyText,

[V] inserts among the encrypted backup ReCome of private key KeyText more than or equal to the data of random key Random length L ong and the distinguishing mark KeyID of private key KeyText one.

[V] in the top encryption flow can be modified to: one is inserted among the encrypted backup ReCome of private key KeyText less than the data of random key Random length L ong and the distinguishing mark KeyID of private key KeyText.This paper will be greater than or less than random key Random length L ong and be used for indicating the data of random key Random length L ong scope, be used as a kind of ciphertext of random key Random length L ong.

[A] encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF,

[B] seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then finishes; If do not find, then carry out [C],

[C] input Cipher Strength and subscriber identity information UserID, according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the random-length Long of random key, producing random-length is the random key Random of Long

[D] utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the algorithm for encryption code string UR that the serial number code that utilizes ordering to be produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[E] utilizes private key KeyText and cipher code recognition information PassID to derive from a code string KP,

The algorithm for encryption code string KP of the serial number code encryption that [F] utilization ordering is produced utilizes the stream cipher that produces along with the crypto process increase item number multinomial inferior with adjusting power to come encrypted code string KP, with the encrypted backup ReCome of generation private key KeyText,

[G] inserts the random-length Long of random key and the distinguishing mark KeyID of private key KeyText among the encrypted backup ReCome of private key KeyText,

[H] is kept at the associated memory space that is used for preserving ciphertext BeMF with the encrypted backup ReCome of private key KeyText, finishes.

[A] judges whether private key KeyText exists, if exist, then extracts the distinguishing mark KeyID of private key KeyText, carries out then [B]; If do not exist, then produce private key KeyText and distinguishing mark KeyID thereof and preservation, carry out then [C],

[B] seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then carries out [H]; If do not find, then carry out [C],

[H] is kept at the associated memory space that is used for preserving ciphertext BeMF with the encrypted backup ReCome of private key KeyText,

[I] encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF, finishes.

[1] user asks the file encryption among the memory disc Disk,

[2] judge whether private key KeyText exists,, then extract the distinguishing mark KeyID of private key KeyText, carry out then [3] if exist; If do not exist, then produce private key KeyText and distinguishing mark KeyID thereof and preservation, carry out then [5],

[3] in the associated memory space that is used to preserve ciphertext BeMF, seek the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText, if find, then carry out [4]; If do not find, then carry out [5],

[4] encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF, finishes this process then,

[5] the process PKey of an encrypted backup private key KeyText of increase, process PKey carries out [6], and former process is carried out [4],

[6] process PKey is on a graphical interaction interface with order button; The option of selecting the Cipher Strength type is provided; The edit box of input Cipher Strength numerical value is provided and adjusts up and down arrow or other control of numerical value in this frame; The edit box of input subscriber identity information UserID is provided; Prompting user is imported Cipher Strength or is not imported the Cipher Strength that adopts acquiescence; The subscriber identity information UserID that prompting user input encryption key KeyText backs up or the subscriber identity information of not importing active user in the employing system

[7] detect user command,, then carry out [8],, then finish this process if the order of user's input is to withdraw from if the order of user's input is to confirm,

[8] process PKey judges whether the user imports and is used for the subscriber identity information UserID of encryption key KeyText backup, if input is then carried out [9],, carry out then [10] if not input is then extracted subscriber identity information UserID from system,

[9] process PKey judges whether the subscriber identity information UserID of user's input is effective, if effectively then receive the subscriber identity information UserID of user's input, carries out then [10], if it is invalid, the graphical interfaces that then will show in [6] sends the information of makeing mistakes, and execution [6]

[10] process PKey copies to the random data of 384 bytes on preceding 384 bytes of ordered series of numbers ID, it is the random number series P of 384 bytes that process PKey produces length, utilizes private key KeyText to produce the ordered series of numbers IS with 384 integers, with ordered series of numbers IS according to from small to large sequence arrangement, and the position number of the data among the ordered series of numbers IS after ordering recorded by ir[0], ir[1], ir[2], ir[3], ir[4], ..., ir[i] ... among the integer ordered series of numbers IR of formation.With a cycle calculations

d[i]＝d[i]^p[ir[i]] /*...0≤i＜384...*/

/ * ... here random data is handled, be in order to destroy pseudorandom periodicity, so that the back is used as random key with these data, ir[i wherein] expression ordered series of numbers IS Central Plains position number is that the integer of i is after ordering, being placed in sequence number is ir[i] the position, d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers ID, the ordered series of numbers P, this paper is with " ^ ", "/", " % ", expression respectively: XOR, divide exactly, delivery ... */

[11] the byte location sequence number is that 383 position begins from ordered series of numbers ID, forward subscriber identity information UserID is covered among the ordered series of numbers ID, and with preceding 128 byte information of ordered series of numbers ID as a big integer x, be added on ordered series of numbers ID back with a cycle calculations (x/K[i]) %256 and with result of calculation

/ * ... after the interpolation, the data of existing 512 bytes of ordered series of numbers ID, K[i] be prime number greater than 65536,0≤i＜128, this is because the position number code that the back will adopt ordering to produce is encrypted, when handling cipher code recognition information with this encryption method, may there be the situation of mistake by comparing, in order to prevent the appearance of this situation, by calculating (x/K[i]) %256 and the result being kept at ordered series of numbers ID back, write down some features of big integer x, so that by after the checking to subscriber identity information UserID and random key Randomr, some features with big integer x are further verified, to guarantee the reliability of key authentication..........*/

According to the relation between length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the length L ong of random key, position in ordered series of numbers ID before the subscriber identity information UserID, the data that read the Long position forward are as random key Random

/ * ... require subscriber identity information UserID and random key Random total length to be no more than 384 * 8 bits here,, adjust the length of ordered series of numbers ID if surpass ... */

[12] process PKey sequence number from ordered series of numbers ID is that 128 byte begins, and duplicates 128 bytes backward in ordered series of numbers P, and ordered series of numbers P is copied to ordered series of numbers S, according to each byte data among the sequence arrangement ordered series of numbers S from big to small, and the position number of the byte data among the ordered series of numbers S after ordering recorded by r[0], r[1], r[2], r[3], r[4] ..., r[i], ... among the integer ordered series of numbers R of formation

/ * ... r[i wherein] expression ordered series of numbers S Central Plains position number be the integer of i after ordering, being placed in sequence number is r[i] the position ... */

With a circulation, calculate s[i]=p[r[i]] ^r[i]

/ * ... the serial number code that utilizes ordering to produce is reset code position, and makes XOR (0≤i＜128) ... */

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i] /*...0≤i＜64...*/

d[2×i+1]＝((d[2×i+1]+s[2×i+1])％256)/*...0≤i＜64...*/

/ * ... promptly use the data of data encryption ordered series of numbers ID stem among the ordered series of numbers S, s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P ... */

[13] process PKey copies to ordered series of numbers P with ordered series of numbers S, according to each byte data among the sequence arrangement ordered series of numbers S from big to small, and the position number of the byte data among the ordered series of numbers S after ordering is recorded by r[0], r[1], r[2], r[3], r[4], ..., r[i] ... among the integer ordered series of numbers R of formation.

With a circulation, calculate s[i]=p[r[i]] ^r[i]/* ... (0≤i＜128) ... */

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i-256] /*...128≤i＜192...*/

d[2×i+1]＝(d[2×i+1]-s[2×i-255]+256)％256?/*...128≤i＜192...*/

/ * ... promptly use the data of data encryption ordered series of numbers ID postmedian among the ordered series of numbers S, s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P ... */

[14] process PKey copies to last 128 byte information of ordered series of numbers ID among the ordered series of numbers P, ordered series of numbers P is duplicated ordered series of numbers S,, and the position number of the byte data among the ordered series of numbers S after ordering recorded by r[0] according to each byte data among the sequence arrangement ordered series of numbers S from big to small, r[1], r[2], r[3], r[4], ..., r[i] ... among the integer ordered series of numbers R of formation

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]

Calculate d[i]=d[i] ^s[i]

/ * ... promptly use data encryption ordered series of numbers ID header data among the ordered series of numbers S, s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P, 0≤i＜128......*/

[15] process PKey copies to ordered series of numbers P with ordered series of numbers S, according to each byte data among the sequence arrangement ordered series of numbers S from big to small, and the position number of the byte data among the ordered series of numbers S after ordering is recorded by r[0], r[1], r[2], r[3], r[4] and ..., r[i] ... among the integer ordered series of numbers R of formation

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]/* ... 0≤i＜128...*/

Calculate d[i]=d[i] ^s[i-128]/* ... 128≤i＜256...*/

/ * ... promptly use the data of data encryption ordered series of numbers ID middle front part among the ordered series of numbers S, s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P ... */

[16] process PKey with byte sequence number among the ordered series of numbers ID be odd number data all to the reach two, and with the information that the shifts out data trailer that to add previous byte sequence number to be odd number, the information that second byte data shifted out is added on the afterbody of last byte number certificate

With byte sequence number among the ordered series of numbers ID is that the data of even number are all moved one backward, and adds the information that shifts out to a back stem that the byte sequence number is the data of even number, and the information that the penult byte data is shifted out is added on the stem of first byte data,

/ * ... the byte sequence number is since 0 ... */

With a circulation, calculate,

q[4×i+2]＝d[i] /*...0≤i＜128...*/

q[i+(i+1)/3]＝d[ir[i]+128]^(ir[i]％256)/*...0≤i＜384...*/

/ * ... ... ... promptly use the data encryption ordered series of numbers ID middle part of the serial number code ordered series of numbers IR that is produced in the step [10] and the information at rear portion, and the result is kept among the ordered series of numbers Q, aforementioned d[i], q[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers ID, the ordered series of numbers Q, ordered series of numbers ir[i] represent that sequence number is the integer data of i among the ordered series of numbers IR ... */

Preceding 256 byte datas of ordered series of numbers Q are copied to according to the order of sequence the byte sequence number is on the byte of even number among the ordered series of numbers ID, back 256 byte datas among the ordered series of numbers Q are copied to the byte sequence number is on the byte of odd number among the ordered series of numbers ID,

[17] process PKey produces a random number series that is made of 516 bytes, and this ordered series of numbers copied among the ordered series of numbers S, adopt certain algorithm to utilize random key Random and subscriber identity information UserID to derive from an ordered series of numbers that constitutes by 516 bytes, and this ordered series of numbers copied to ordered series of numbers P, according to each byte data among the sequence arrangement ordered series of numbers P from big to small, and the position number of the byte data among the ordered series of numbers P after ordering recorded by r[0], r[1], r[2], r[3], r[4], ..., r[i] ... among the integer ordered series of numbers R of formation

With a cycle calculations,

p[i]＝s[r[i]]^r[i]

/ * ... s[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, the ordered series of numbers P, 0≤i＜516, this step is used to destroy pseudorandom periodicity, wherein r[i] expression ordered series of numbers P Central Plains position number be the data of i after ordering, being placed in sequence number is r[i] the position.......*/

[18] process PKey copies to ordered series of numbers S with preceding 512 bytes of ordered series of numbers P, according to each byte data among the sequence arrangement ordered series of numbers S from big to small, and the position number of the byte data among the ordered series of numbers S after ordering recorded by r[0], r[1], r[2], r[3], r[4] ..., r[i], ... among the integer ordered series of numbers R of formation

/ * ... r[i wherein] expression ordered series of numbers S Central Plains position number be the data of i after ordering, being placed in sequence number is r[i] the position..........*/

With a circulation, with d[r[i]] copy to q[i]/* ... 0≤i＜512...*/

With p[r[i]+4] copy to s[i]/* ... 0≤i＜512...*/

/ * ..., q[i], s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers Q, ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P ... */

[19] process PKey is provided with v=0,

Encrypt ordered series of numbers ID with a circulation:

v＝((i+5)(p[i/2]) ⁽ⁱ⁺⁵⁾+(i+4)(p[i/2+1]) ⁽ⁱ⁺⁴⁾+(i+3)(p[i/2+2]) ⁽ⁱ⁺³⁾+......+(i/2+1)(p[i+4]) ^(i/2+1))％(256 ³)+v/256 /*...0≤i＜512...*/

d[i]＝q[i]^(v％256) /*...0≤i＜512...*/

/ * ... ... wherein v is the variable of definition, and the information in last byte of variable v of getting is given the information encryption among the ordered series of numbers ID, d[i], p[i], q[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers ID, ordered series of numbers P, the ordered series of numbers Q ... */

[20] process PKey produces a random number series that is made of 2048 bytes, and this ordered series of numbers copied in preceding 2048 bytes of ordered series of numbers Q, change private key KeyText into a character string KTs, begin to cover forward from the 2048th byte of ordered series of numbers Q, character string KTs is replicated in preceding 2048 bytes of ordered series of numbers Q, from the 2049th byte of ordered series of numbers Q, backward data in preceding 512 bytes among the ordered series of numbers ID are added on the afterbody of Q

[21] process PKey is from first byte of ordered series of numbers ID, ordered series of numbers P is copied on the ordered series of numbers ID,, and the position number of the byte data among the ordered series of numbers S after ordering recorded by r[0] according to each byte data among the sequence arrangement ordered series of numbers S from big to small, r[1], r[2], r[3], r[4], ..., r[i] ... among the integer ordered series of numbers R of formation

/ * ... r[i wherein] expression ordered series of numbers S Central Plains position number be the data of i after ordering, being placed in sequence number is r[i] the position.......*/

With a cycle calculations:

d[516+i×5]＝q[r[i]×5] /*...0≤i＜512...*/

d[516+i×5+1]＝q[r[i]×5+1] /*...0≤i＜512...*/

d[516+i×5+2]＝q[r[i]×5+2] /*...0≤i＜512...*/

d[516+i×5+3]＝q[r[i]×5+3] /*...0≤i＜512...*/

d[516+i×5+4]＝q[r[i]×5+4] /*...0≤i＜512...*/

/ * ... d[i], q[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers ID, the ordered series of numbers Q ... */

[22] process PKey with random key Random preceding, subscriber identity information UserID after, both link together, constitute one long be the binary system ordered series of numbers RU of n position, the information reproduction of the odd bits in (n/4-11) byte before among the ordered series of numbers ID is added to the afterbody of ordered series of numbers RU

From the individual byte of ordered series of numbers ID (n/4-10), add byte data among the ordered series of numbers ID afterbody of ordered series of numbers RU to, be 3080 * 8 up to the length of ordered series of numbers RU,

V=0 is set

Encrypt ordered series of numbers ID with a circulation:

v?＝((i+5)(u[i/2]) ⁽ⁱ⁺⁵⁾+(i+4)(u[i/2+1]) ⁽ⁱ⁺⁴⁾+(i+3)(u[i/2+2]) ⁽ⁱ⁺³⁾?+...+(i/2+1)(u[i+4]) ^(i/2+1)+i×(u[i％((n+7)/8)]) ^(i％64))％(256 ³)+v/256 /*...0≥i＜3076...*/

d[i]＝d[i]^(v％256) /*...0≤i＜3076...*/

/ * ... ... d[i], u[i] the byte sequence number is the data of i among expression ordered series of numbers ID, the ordered series of numbers RU, n＞8 * 8, n is the bit number sum of random key Random and subscriber identity information UserID, here may cause the computations amount excessive, if so, following formula suitably can be revised ... */

[23] process PKey inserts the distinguishing mark KeyID of length L ong, the private key KeyText of random key Random among the ordered series of numbers ID, then with the encrypted backup ReCome of ordered series of numbers ID as private key KeyText, be kept at the associated memory space that is used to preserve ciphertext BeMF among the memory disc Disk, finish this process.

Wherein, in the process that generates cipher code recognition information PassID, the serial number code that repeatedly having used sorts is produced participates in the method for computing above, and this paper is called this method the algorithm of the serial number code encryption that utilizing sorts is produced.The algorithm that the serial number code that utilizes ordering to be produced is encrypted both can utilize serial number code to reset certain code string and realize encrypting, also availablely utilize serial number code and certain code string to do other computings to realize encrypting, this encryption can prevent existing various cryptanalysis method, [19] and [22] in producing the algorithm of stream cipher, all adopted the item number that increases in the multinomial, the inferior non-linear method of encrypting of the highest power that increases in the multinomial is encrypted, this encryption method can make linear analysis, the difference analysis method lost efficacy, because of the present invention random key is locked in the cipher code recognition information again, need seek with the method for exhaustion during deciphering, make amount of calculation exceed cracker's ability to bear fully, so only ciphertext only attack also lost efficacy.In actual applications, the method that produces stream cipher also can utilize item number along with crypto process increases, and the inferior multinomial that changes along with crypto process of power is realized.The power that promptly produces in the stream cipher multinomial can be adjusted as required.

[1] user asks the file encryption among the memory disc Disk,

[5] increase a process, a process PKey among this process and the former process carries out [6], and another process is carried out [4],

[7] detect user command.If the order of user's input is to confirm, then carry out [8], if the order of user's input is to withdraw from, then finish this process,

[10] process PKey is according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculates the random-length Long of random key, and to produce random-length be the random key Random of Long,

[11] process PKey utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the algorithm for encryption code string UR that the serial number code that utilizes ordering to be produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[12] process PKey extracts private key KeyText, and utilizes the private key KeyText and the cipher code recognition information PassID that extract to derive from a code string KP,

[13] the algorithm for encryption code string KP that encrypts of the process PKey serial number code that utilizes ordering to be produced, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string KP, to generate the encrypted backup ReCome of private key KeyText

[14] process PKey inserts the distinguishing mark KeyID of random-length Long, the private key KeyText of random key Random among the encrypted backup ReCome of private key KeyText,

[15] process PKey is kept at the associated memory space that is used to preserve ciphertext BeMF with the encrypted backup ReCome of private key KeyText, finishes this process.

[1] user asks the file encryption among the memory disc Disk,

[2] encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF,

[3] in the associated memory space that is used to preserve ciphertext BeMF, seek the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText, if find, then finish; If do not find, then carry out [4],

[4] process PKey is on a graphical interaction interface with order button; The option of selecting the Cipher Strength type is provided; The edit box of input Cipher Strength numerical value is provided and adjusts up and down arrow or other control of numerical value in this frame; The edit box of input subscriber identity information UserID is provided; Prompting user is imported Cipher Strength or is not imported the Cipher Strength that adopts acquiescence; The subscriber identity information UserID that prompting user input encryption key KeyText backs up or the subscriber identity information of not importing active user in the employing system

[5] detect user command.If the order of user's input is to confirm, then carry out [6], if the order of user's input is to withdraw from, then finish,

[6] judging whether the user imports is used for the subscriber identity information UserID of encryption key KeyText backup, if input is then carried out [7]; If not input is then extracted subscriber identity information UserID from system, carry out then [8],

[7] judge whether the subscriber identity information UserID of user input is effective, if effectively then receive the subscriber identity information UserID of user's input, carries out then [8], if invalid, the graphical interfaces that then will show sends the information of makeing mistakes in [4], and carry out [4],

[8] according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the random-length Long of random key, and to produce random-length be the random key Random of Long,

[9] utilize subscriber identity information UserID and random key Random to derive from a code string UR, the algorithm for encryption code string UR that the serial number code that utilizes ordering to be produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[10] extract private key KeyText, and private key KeyText and the cipher code recognition information PassID that extracts derived from a code string KP,

[11] the algorithm for encryption code string KP that encrypts of the serial number code that utilizes ordering to be produced utilizes along with crypto process increases item number and adjusts the stream cipher that the multinomial of power time produces and come encrypted code string KP, generating the encrypted backup ReCome of private key KeyText,

[12] the distinguishing mark KeyID with random-length Long, the private key KeyText of random key Random inserts among the encrypted backup ReCome of private key KeyText,

[13] the encrypted backup ReCome with private key KeyText is kept at the associated memory space that is used to preserve ciphertext BeMF, finishes.

[1] user asks the file encryption among the memory disc Disk,

[2] judge whether private key KeyText exists,, then extract the distinguishing mark KeyID of private key KeyText, carry out then [3] if exist; If do not exist, then produce private key KeyText and distinguishing mark KeyID thereof and preservation, carry out then [4],

[3] in the associated memory space that is used to preserve ciphertext BeMF, seek the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText, if find, then carry out [14]; If do not find, then carry out [4],

[5] detect user command.If the order of user's input is to confirm, then carry out [6], if the order of user's input is to withdraw from, then carry out [14],

[6] judging whether the user imports is used for the subscriber identity information UserID of encryption key KeyText backup, if input is then carried out [7],, carry out then [8] if not input is then extracted subscriber identity information UserID from system,

[10] extract private key KeyText, and utilize the private key KeyText and the cipher code recognition information PassID that extract to derive from a code string KP,

[13] the encrypted backup ReCome with private key KeyText is kept at the associated memory space that is used to preserve ciphertext BeMF,

[14] encrypting plaintext MessFile obtaining ciphertext BeMF, and inserts the distinguishing mark KeyID of private key KeyText among the ciphertext BeMF, finishes then.

Herein from the 4th page of the 19th row to the 6th page of the 21st row with from the 12nd page of the 22nd row to the 16th page of the 15th row, this two-part literal has illustrated six encryption flow altogether, any one the described encryption method according in these six encryption flow is characterized in that: wherein,

Described backup ReCome, it is characterized in that the method searching random key that any decrypted program at backup ReCome all needs to adopt the method for exhaustion or adopts the method for exhaustion to combine with the cryptanalysis technology, the subscriber identity information that discharges in the subscriber identity information of input and the decrypting process when not only needing deciphering is compared, the random key that also needs to discharge in random key that exhaustive circulation is enumerated and the decrypting process is compared, only in the comparison of aforementioned two kinds of keys all after the unanimity, could guarantee the encrypted backup ReCome of private key KeyText is correctly deciphered, to discharge private key KeyText

Described Cipher Strength depends on the cipher code recognition information PassID that is generated behind encrypting user identity information UserID and the random key Random, during deciphering, has only the deciphering of finishing earlier cipher code recognition information PassID, could guarantee the encrypted backup ReCome of private key KeyText is correctly deciphered, to discharge private key KeyText, and during deciphering, after confirming that subscriber identity information UserID and random key Random are correct, the relative the amount of calculation of amount of calculation that solves private key KeyText from the encrypted backup ReCome of private key KeyText is often very little.Therefore, described Cipher Strength also equal the Cipher Strength that private key KeyText is encrypted and be following one of them: random-length, the average computation amount of deciphering, the max calculation amount of deciphering, the multiplication factor of amount of calculation when the average computation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the max calculation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the relative single of the average computation amount of deciphering is deciphered, the multiplication factor of amount of calculation when the relative single of the max calculation amount of deciphering is deciphered, the average trial deciphering number of times of deciphering, maximum trial deciphering number of times of deciphering, the average deciphering time on the predetermined speed machine, the longest deciphering time on the predetermined speed machine

Described random key is to be made of following wherein one or more information: the random information that system produces, the pseudo-random information that system produces, the information that obtains after utilizing pseudo-random data that subscriber identity information UserID produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, utilize the information that obtains after the pseudo-random data intervention of clock number to system's generation, and described system is meant cryptographic system or operating system

Described insertion is meant a code string as a unit or be split as a plurality of units and add the action that some or a plurality of positions in another code string constitute a fresh code string to, and the insertion position is not limited to the position in the code string, also can be added on the head and the tail two ends of code string.

The algorithm for encryption code string UR that the serial number code that described utilization ordering is produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, be modified to: adopt pre-defined algorithm encrypted code string UR, and described pre-defined algorithm is made of in the following cryptographic algorithm one or more: substitute, displacement, obscure, diffusion, iteration, the combination Split Method, mathematical relationship is encrypted, displacement is encrypted, logical encrypt, arithmetic is encrypted, block encryption, stream cipher encrypting, linear encryption, non-linear encryption, symmetric cryptography, asymmetric encryption, statistics is encrypted, the pseudorandom cryptographic algorithm, utilization increases item number along with crypto process and adjusts the algorithm of the stream cipher encrypting of the inferior multinomial generation of power, the algorithm that the serial number code that utilizes ordering to be produced is encrypted

The algorithm for encryption code string KP that the serial number code that described utilization ordering is produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string KP, be modified to: adopt pre-defined algorithm encrypted code string KP, and described pre-defined algorithm is made of in the following cryptographic algorithm one or more: substitute, displacement, obscure, diffusion, iteration, the combination Split Method, mathematical relationship is encrypted, displacement is encrypted, logical encrypt, arithmetic is encrypted, block encryption, stream cipher encrypting, linear encryption, non-linear encryption, symmetric cryptography, asymmetric encryption, statistics is encrypted, the pseudorandom cryptographic algorithm, utilization increases item number along with crypto process and adjusts the algorithm of the stream cipher encrypting of the inferior multinomial generation of power, the algorithm that the serial number code that utilizes ordering to be produced is encrypted.

Herein from the 5th page of the 7th row to the 6th page of the 21st row with from the 12nd page of the 22nd row to the 16th page of the 15th row, this two-part literal has illustrated five encryption flow altogether, any one the described encryption method according in these five encryption flow is characterized in that: wherein,

Described with random-length Long, the distinguishing mark KeyID of private key KeyText inserts among the encrypted backup ReCome of private key KeyText, be modified to: random-length Long is kept at the associated memory space that is used to preserve backup ReCome, the distinguishing mark KeyID backup of private key KeyText is being used to preserve the associated memory space that backs up ReCome, and the described associated memory space that is used to preserve backup ReCome that random-length Long is kept at, be meant random-length Long is kept at one of following five: the space of 1. preserving backup ReCome, 2. preserve the space of this file attribute of backup ReCome, 3. database, 4. be used to preserve file or the space of random-length Long, 5. be used to preserve the two file or space of random-length Long and distinguishing mark KeyID; Described distinguishing mark KeyID backup with private key KeyText is being used to preserve the associated memory space that backs up ReCome, be meant the distinguishing mark KeyID of private key KeyText backup one of following five: the space of 1. preserving backup ReCome, 2. preserve the space of this file attribute of backup ReCome, 3. database, 4. be used to preserve file or the space of distinguishing mark KeyID, 5. be used to preserve the two file or space of random-length Long and distinguishing mark KeyID

Described distinguishing mark KeyID with private key KeyText inserts among the ciphertext BeMF; Be modified to: the distinguishing mark KeyID of private key KeyText is backed up in the associated memory space that is used for preserving ciphertext BeMF; And described distinguishing mark KeyID with private key KeyText backs up in the associated memory space that is used for preserving ciphertext BeMF; Refer to the distinguishing mark KeyID of private key KeyText backup one of following four: the space of 1. preserving ciphertext BeMF; 2. preserve the space of ciphertext BeMF file attribute; 3. database; 4. be used for preserving file or the space of distinguishing mark KeyID

Described encrypted backup ReCome with private key KeyText is kept at the associated memory space that is used to preserve ciphertext BeMF, be meant that encrypted backup ReCome with private key KeyText is kept at one of following four: the space of 1. preserving ciphertext BeMF, 2. preserve the space of ciphertext BeMF file attribute, 3. database, 4. be used to preserve file or the space of backup ReCome

Consider complicated user environment, top described encryption method also can have two features: 1. checking user's legitimacy in ciphering process, and have only user by checking just can finish encryption to private key KeyText.Described checking user's legitimacy is meant user's input validation information that requires, and to the input authorization information verify, described authorization information is meant that the subscriber identity information of the active user in the system of being kept at is as landing password etc., 2. the user imports subscriber identity information UserID and Cipher Strength on the graphical interaction interface of band order button.

Even the encryption method among the present invention is utilized identical subscriber identity information, to same information encryption, Cipher Strength also is variable, and the Cipher Strength that the encryption method among the present invention can make this encryption method by the random-length of adjusting random key improves along with the raising of encryption machine speed or user's demand changes.Therefore, the encryption method among the present invention can be tackled the development of the equipment that cracks in the future, guarantees effectively by the encryption method information encrypted safety among the present invention.

Description of drawings

Fig. 1 is the encryption flow figure of first embodiment of the invention,

Fig. 2 is the encryption flow figure of second embodiment of the invention,

Fig. 3 is the encryption flow figure of the present invention the 3rd, the 4th embodiment,

Fig. 4-A and Fig. 4-B are the deciphering flow chart of four embodiment of the invention,

Fig. 5 is the encryption flow figure of fifth embodiment of the invention,

Fig. 6 is the encryption flow figure of sixth embodiment of the invention.

Embodiment

For with the difference of ordinary file and information, this paper will come the information such as private key, certificate, vital document of encipherment protection to be called important plaintext with the encryption method among the present invention.The present invention utilizes subscriber identity information and random key to encrypt jointly, random key and subscriber identity information is locked in the cipher code recognition information, and adopts the measure of anticode analytical method when generating cipher code recognition information.The encrypted ciphertext according to the present invention, no matter how the cracker writes decrypted program, except using the method for exhaustion or adopting the method for exhaustion and the method that the cryptanalysis technology combines, can't effectively utilize other cryptanalysis method that ciphertext is cracked, even under the correct situation of the subscriber identity information that provides, any method searching random key that still needs to adopt the method for exhaustion or adopt the method for exhaustion to combine at decrypted program of the present invention with the cryptanalysis technology, could guarantee successfully with decrypt ciphertext.Encryption method among the present invention is to same information, use identical subscriber identity information, the Cipher Strength that is obtained is variable, and the Cipher Strength that the encryption method among the present invention can make this encryption method by the random-length of adjusting random key improves along with the raising of encryption machine speed or user's demand changes.Therefore, the encryption method among the present invention can be tackled the development of the equipment that cracks in the future, guarantees effectively by the encryption method information encrypted safety among the present invention.

Essential characteristic according to encryption method of the present invention is: input subscriber identity information and Cipher Strength, according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the random-length of random key, and producing the random key of this random-length, this is the random key that can not calculate according to any plaintext, subscriber identity information; Utilize the important plaintext of the common encryption of subscriber identity information and random key; And in ciphering process, random key and subscriber identity information are locked in the cipher code recognition information.Even under the correct situation of the subscriber identity information that provides, any method searching random key that still needs to adopt the method for exhaustion or adopt the method for exhaustion to combine at decrypted program of the present invention with the cryptanalysis technology, could guarantee successfully with decrypt ciphertext.Described herein random-length is to be made of one or more in the following parameters: with length, the mobility scale of unit in length, mobility scale and the random key of random key.

At decrypted program of the present invention, use the method for exhaustion to decipher and do not refer to only decipher with the method for exhaustion, also can adopt other advanced person's cryptanalysis technology to come the impossible random key of exclusive segment, seek the speed of random key to accelerate the method for exhaustion.The described method of exhaustion of preceding sentence is meant under the prerequisite of input subscriber identity information, and in the random key mobility scale, decrypted program is listed the random key that is not excluded as yet one by one with certain algorithm, and with certain algorithm the current random key of listing, subscriber identity information and cipher code recognition information is compared to verify the current random key of listing.Found or attempted all possible random key until correct random key.

This cryptographic system of the present invention is being encrypted, is all being needed user or system that the subscriber identity information of encrypted information is provided when deciphering.Said herein subscriber identity information is meant can be by user's key on top of, all can import during encryption and decryption, comprise the various information that are used to discern also participation encryption of user identity, deciphering by user, software set such as user name, user cipher, user fingerprints, DNA, hobby, social relationships, special experience, ID card No., software sequence number by the user.When the present invention is applied to important plaintext trusteeship service in the cloud system, subscriber identity information not only comprises the terminal user ID information of terminal use or terminal system input, also comprises the trusteeship party key of important plaintext trusteeship service merchant's cloud to terminal use's distribution.Trusteeship party's key is the service end subscriber identity information that important plaintext trusteeship service merchant is provided.The cryptographic system that the present invention produced must use random information to participate in encrypting in ciphering process, and for ease of statement, this paper will produce in encryption system and be used for the random information of enciphered message and be divided into two kinds.First kind of random information belongs to the member in the password identification object, when deciphering, can not guarantee to utilize subscriber identity information and disposable this random information that calculates of other information, and must just can find this random information with the method for exhaustion, this paper is called random key with this random information.Second kind of random information is not the member in the password identification object, can utilize disposable this random information that calculates of subscriber identity information, random key and ciphertext when deciphering, and this paper abbreviates this random information as random number.

For ease of statement, at first under the condition that all cryptanalysis methods all lost efficacy, describe below.For ease of the average computation amount of control deciphering, the random key among the present invention adopts symmetric key.When hypothesis was encrypted here, the subscriber identity information of user's input was the user cipher that contains x character, and each character is any one element that contains in U the element set in the user cipher.Encrypting the used time is T, need be made up of y unit with the random key that the method for exhaustion is sought during deciphering, and each unit is any one element that contains in R the element set, and hypothesis is encrypted, decrypting process is all finished on the computer that speed equates.When subscriber identity information was correct, the encrypted required time of information of decryption computer was t=k * T * S (k is correction factor and k＞0 in the formula, and S is the number of times of attempting with the method for exhaustion).Usually along with the increase of S, k can move closer to a certain constant, therefore k can be considered as a constant below.Under afore-mentioned, the required maximum duration of validated user deciphering is k * T * R ^y, on average decipher time t1=0.5 * k * T * (R ^y+ 1), the cracker is not because of knowing subscriber identity information, thus all to sound out subscriber identity information and random key, so it on average successfully cracks the time:

t2＝0.5×k×T×(U ^x×R ^y+1)

＝0.5×k×T×(R ^y+1)(U ^x+1÷R ^y)÷(1+1÷R ^y)

≈1×(U ^x+0)÷(1+0)

＝t1×U ^x ①

The cracker at the probability that h successfully cracked in the time is:

P＝h÷(k×T×U ^x×R ^y)

＝h(R ^y+1)÷(2×0.5×k×T×(R ^y+1)×U ^x×R ^y)

＝h(1+1÷R ^y)÷(2×t1×U ^x)

≈h÷(2×t1×U ^x) ②

In view of the above, we can release at average deciphering time t1 is 1 minute, is 8 at user cipher length x, and character only is under the situation of numeral and big or small English alphabet in the password, and this moment, U was 62, and the probability that the cracker successfully cracked within a year is 1.20445119 * 10 ^-9Even the speed that cracks computer is 10000 times of computations motor speed, the probability that the cracker successfully cracked within a year also has only 1.20445119 * 10 ^-5This probability safe enough still concerning most users, moreover importing the length x that multiple information makes subscriber identity information by the user in actual applications is easy to greater than 8, the element number U that constitutes subscriber identity information also can increase, need can further increase with the random key length y that the method for exhaustion is sought, promptly be easy to further reduce the probability that the cracker successfully cracks.Information encrypted of the present invention is sought random key because of needs with the method for exhaustion, increased average deciphering amount of calculation, thereby cause that the average deciphering time increases, greatly reduce the probability that successfully cracks in the unit interval, and on average the time of deciphering can be controlled within the scope that validated user can accept, but because of not grasping the right user identity information, this time is further increased to U by subscriber identity information for the cracker ^xDoubly, make the time of cracking exceed cracker's ability to bear, force the cracker to abandon cracking by force, thereby reach the purpose that ensures information security.

Cipher Strength depends on the cipher code recognition information that is generated behind encrypting user identity information and the random key among the present invention, during deciphering, has only the deciphering of finishing earlier cipher code recognition information, could guarantee other ciphertexts are correctly deciphered, to discharge important plaintext, and during deciphering, after confirming that subscriber identity information and random key are all correct, the relative the amount of calculation of amount of calculation that solves important plaintext from ciphertext is often very little.Therefore, described Cipher Strength also can be considered to just to equal Cipher Strength that important plaintext is encrypted.User or system realize being provided with Cipher Strength by regulating random-length.Using software of the present invention or machine can directly import random-length by user or system Cipher Strength is set.During the input random-length, can import one or more of following parameters: the mobility scale of unit in the length of unit, the random key in the length of random key, the mobility scale of random key, the random key, for example, only be provided with the length of random key, not only the length of random key was set but also the mobility scale of unit in the random key is set, only the mobility scale etc. of unit in the random key is set.In the practical application, also can Cipher Strength be set: maximum trials deciphering number of times of the average trial deciphering number of times of the multiplication factor of amount of calculation, deciphering, deciphering when the relative single of the average computation of the multiplication factor of amount of calculation, deciphering or max calculation amount was deciphered when the average computation amount of the average computation amount of deciphering, max calculation amount, deciphering or max calculation amount were encrypted relatively by importing following parameter, the average deciphering time in when deciphering or the longest deciphering time on the predetermined speed machine, by the parameter of program, calculate random-length then according to setting.

Can insert counters count in decrypted program obtains: decrypted program is enumerated a possible random key, and finish once the amount of calculation function f (x that attempts deciphering with this random key, y, z), x is the length of subscriber identity information in the formula, y is the length of random key, and z is the length of ciphertext, and random key length bitwise.Do not considering under the condition that cryptanalysis threatens,

When the Cipher Strength of user or system input is: during the average computation amount j of deciphering, can be by to equation:

j×2＝f(x，y，z)×2 ^y ③

Find the solution, calculate the length y of the random key that should use when encrypting, it should be noted that in order to simplify the calculating of random-length, from formula 3. to formula 10. random key all be the unit with the bit, and the value of each bit is 0 or 1, the length of random key can be adjusted as required, and random-length depends on that fully the length of random key is bit number in this case.Certainly for the random-length computing formula of other types, the user can release according to basic principle of the present invention, for example, with dibit is a unit, and the span of each unit is 00,01,10 these three values, and this moment, 3. formula should be: j * 2=f (x, y, z) * 3 ^yWherein y represents the unit number of random key.

When the Cipher Strength of user or system input is: when predetermined speed is the average deciphering time t1 that deciphers on the computer of v, can by to equation: v * t1 * 2=f (x, y, z) * 2 ^y4. find the solution, calculate the length y of the random key that should use when encrypting.

Can insert counters count in encipheror obtains: (z), wherein x is the length of subscriber identity information to the amount of calculation function g that encipheror is encrypted for x, y, and y is the length of random key, and z is the length of ciphertext, and random key length bitwise.Do not considering under the condition that cryptanalysis threatens,

When the Cipher Strength of user or system input is: when the average computation amount of deciphering is encrypted relatively during the multiplication factor w of amount of calculation, can be by to equation:

g(x，y，z)×w×2＝f(x，y，z)×2 ^y ⑤

Find the solution, calculate the length y of the random key that should use when encrypting.

Below all be to utilize amount of calculation to establish an equation, when the Cipher Strength of user or system input be other type parameter also can by to top similar mode, the length y of the random key that should use when from equation, calculating encryption.

Top equation all is to obtain under the condition that the cryptanalysis method lost efficacy, when encrypting, generate the cryptographic algorithm of the cipher code recognition information that is used to discern subscriber identity information and random key, when can the person of being cracked adopting the cryptanalysis method to analyze, for preventing that the disabled user from cracking, when the present invention calculated random key length before encrypting, the subprogram that is used to calculate acceleration capacity according to the cryptographic system operation, the up-to-date cryptanalysis method that obtains grasping in the system is to the acceleration capacity of decryption process, suitably the length of lengthening random key reaches to stop and utilizes this cryptanalysis method to crack effect of the present invention, can guarantee that like this present invention can catch up with the development of cryptanalysis method, and the encipheror that adopts the present invention to write, can accomplish not upgrade encryption method, the subprogram that is used to calculate acceleration capacity as long as upgrade in time, sometimes this subprogram may not need to upgrade yet, only need to upgrade the parameter relevant with acceleration capacity, behind this subprogram or the parameter update, encipheror just can improve Cipher Strength automatically, and the current up-to-date technology that cracks was lost efficacy immediately.When hereinafter calculating, acceleration capacity with old crack method the average computation amount during at certain length decrypt ciphertext with new crack method the average computation amount ratio during at same length decrypt ciphertext represent, also but other form is represented certainly, certainly in actual applications, available above-mentioned ratio subtracts 1 and represents, also the inverse of available above-mentioned ratio is represented, also subtracting this inverse with 1 represents, for after improving Cipher Strength automatically, the user to average deciphering time of ciphertext within the acceptable scope, implementer of the present invention should in time be applied to the fastest current cryptanalysis method in the decrypted program of the present invention, reduce the cycle-index of exhaustive program as far as possible, promptly to make full use of on the cryptanalytic basis, use exhaustive circulation to be decrypted, for validated user provides convenient.

Suppose the encryption method that produces according to the present invention, adopt certain algorithm that subscriber identity information and random key are encrypted, the cipher code recognition information that is used to discern subscriber identity information and random key with generation, this algorithm that generates cipher code recognition information is before announcing, except cracking with the method for exhaustion, the effective crack method that does not have other, after this algorithm that generates cipher code recognition information is announced, new cryptanalysis method has appearred, energy quickens cracking the ciphertext of this algorithm generation, through statistics or calculating, new cryptanalysis method can be expressed as function: m (x, y to the acceleration capacity of decryption process, z), wherein x is the length of known subscriber identity information, and y is the length of random key, and z is the length of ciphertext, random key length bitwise, function m (x, y, z) expression with old crack method the average computation amount during at certain length decrypt ciphertext and with new crack method the average computation amount ratio during at same length decrypt ciphertext.Implementer of the present invention, after knowing this crack method, immediately this crack method is applied in the decryption method of validated user, to improve the operating efficiency of validated user decrypted program, and will comprise the acceleration capacity function m (x of this method simultaneously, y, z) subprogram of computing function is submitted to encipheror.At this moment:

When the Cipher Strength of user or system input is: when predetermined speed is the average deciphering time t1 that deciphers on the computer of v, validated user known users identity information, the relevant equation in the time of can getting the validated user deciphering:

v×t1×2×m(x，y，z)＝f(x，y，z)×2 ^y ⑥

Find the solution, calculate the length y of the random key that should use when encrypting.When the Cipher Strength of user or system's input was other type parameter, (x, y z) took into account also will to will speed up ability m in the process of the length y of the random key that calculating should be used before encrypting.

When the cracker does not grasp subscriber identity information, can crack the relevant equation when close:

v×t2×2×m(0，xLog ₂U+y，z)＝f(x，y，z)×2 ^y×U ^x ⑦

Wherein x is the length of subscriber identity information, and y is the length of random key, and z is the length of ciphertext, and random key length bitwise.By equation 6., 7. obtain:

v×t2×2×m(0，y+xLog ₂U，z)＝v×t1×2×m(x，y，z)×U ^x ⑧

8. obtaining cracking time t2 by equation is:

t2＝t1×U ^x×m(x，y，z)÷m(0，y+xLog ₂U，z) ⑨

(z) x in is the length of known subscriber identity information for x, y because acceleration capacity function: m, y is unknown random key length, and z is the length of ciphertext, is under the existing non-linear cryptographic algorithm condition in analyzed cryptographic algorithm, constant as z, x diminishes, when y becomes big, (x, y z) reduce acceleration capacity m, in view of the above, as can be known, when x＞0

m(x，y，z)＞m(0，m(0，y+xLog ₂U，z)，z)，

Again because of m (x, y, z)＞0

So m (x, y, z) ÷ m (0, m (0, y+xLog ₂U, z), z)＞1

So, can be by 9. obtaining:

t2＞t1×U ^x ⑩

More 1. formula with 10. will find; when adopting non-linear cryptographic algorithm to come the encipherment protection cipher code recognition information according to the present invention; subprogram in update calculation new password analytical method acceleration capacity; and after utilizing the new password analytical method to upgrade decrypted program; under constant situation of the average deciphering time of validated user; cracker's the time of on average cracking will be longer; cracking probability of successful in unit interval will be lower; the encryption method that the present invention just produced will make encrypted cipher code recognition information become safer, also make the ciphertext that is generated after the important plain text encryption also safer certainly.Therefore, the present invention advocates with non-linear encryption method subscriber identity information and random key to be encrypted, and to generate cipher code recognition information, uses the linear encryption method in the ciphering process but be not precluded within.

If the existing cryptanalysis method of the method encrypting user identity information among the present invention and the algorithm of random key, when writing decrypted program, the cryptanalysis method and the method for exhaustion can be combined, in the time that is provided with the user, handle longer random key with the method for exhaustion.The random key that adopts in order to guarantee among the present invention has the randomness of height, random key is to be made of following wherein one or more information: the random information that system produces, the pseudo-random information that system produces, the information that obtains after utilizing pseudo-random data that subscriber identity information produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that clock number produces system with certain algorithm intervention, and described system is meant cryptographic system or operating system.

The present invention in to the cryptographic calculation of information, can adopt XOR, non-, with or etc. logical operation encrypt; Also can adopt add, subtract, arithmetical operation such as multiplication and division, power, evolution, delivery and function encrypts; Also can adopt the mathematical relationship computing to encrypt.Preceding sentence said " mathematical relationship " has: magnitude relationship, set relations etc., wherein magnitude relationship comprise greater than, more than or equal to, equal, be less than or equal to, less than, be not equal to, set relations comprise that the relation between element and the set (belongs to, do not belong to), comprising between set and the set, mapping relations etc., adopt the mathematical relationship computing to encrypt and be meant the cryptographic algorithm of setting up according to mathematical relationship, for example select password or cryptographic algorithm etc. according to the code of cryptographic object and the magnitude relationship of a certain data, select password or cryptographic algorithm etc. according to element (this paper middle finger cryptographic object or by the code of generations such as cryptographic object) with the relation of certain set, the password table encryption that (mapping or non-mapping one by one one by one) sets up according to mapping relations etc.For for simplicity, this paper will abbreviate logical encrypt as with the encryption that logical operation realizes, will abbreviate arithmetic with the encryption that arithmetical operation realizes as and encrypt, and abbreviate the encryption of adopting the mathematical relationship computing to realize as mathematical relationship and encrypt.The present invention both can adopt in to the encryption of information and move forward (the code filling that the back is moved empty both available front, position or shifted out later of message code position, also available random sign indicating number or nonrandom sign indicating number are filled), can adopt mobile message code position (the code filling that the front is moved empty both available front, position or shifted out later backward again, also available random sign indicating number or nonrandom sign indicating number are filled), also can adopt the exchange message code position, also can adopt and rearrange the message code position by a certain rule, also can adopt and in message code, insert nonrandom code, even random code is inserted in employing in message code (this random code may not need to seek with the method for exhaustion when deciphering, also may need to seek with the method for exhaustion) etc. cause the mode enciphered message of message code change in location, this paper is called displacement with this cryptographic algorithm that can cause the message code change in location and encrypts.The algorithm that the serial number code that the present invention can utilize ordering to produce is encrypted, the algorithm that the so-called serial number code that utilizes ordering to be produced is encrypted is meant that the serial number code that is produced according to ordering rearranges other information (expressly, ciphertext, subscriber identity information, key, random number and derivation information thereof etc.) code position, to realize method of encrypting, or refer to utilize serial number code that ordering produces directly and other information (expressly, ciphertext, subscriber identity information, key, random number and derivation information thereof etc.) code carry out XOR, add, take advantage of, various mathematical operations such as remove, to realize method of encrypting.The present invention both can adopt stream cipher encrypting, linear encryption algorithm, symmetric encipherment algorithm, can adopt block encryption algorithm, non-linear cryptographic algorithm, asymmetrical encryption algorithm again, also can utilize alternative, obscure, diffusion, iteration, statistics encrypt, even use pseudorandom encrypt and the present invention outside the accidental enciphering algorithm.When the present invention encrypts important plaintext, also must encrypt subscriber identity information and random key, and to important ciphertext, in this three's ciphering process of subscriber identity information and random key, a plurality of (containing two) code string to be combined as one or more (containing two) code string in the mode that connects or insert mutually, even certain code string is split as a plurality of (containing two) code string in some way, if the combination to code string utilizes better with fractionation, also can increase Cipher Strength, therefore this paper will to the combination of code string with split also as a kind of cryptographic algorithm, and this cryptographic algorithm is called the combination Split Method.Can encrypt with different cryptographic algorithm respectively with a plurality of (containing two) code string that the combination Split Method produces, also available identical cryptographic algorithm is encrypted.After Split Method merges into a fresh code string with a plurality of (containing two) code string with combination, should encrypt the fresh code string again,, can no longer encrypt the fresh code string if merged code string is encrypted and Cipher Strength is enough certainly.The present invention is in this three's ciphering process of important ciphertext, subscriber identity information and random key, and do not require whose encryption whom to encrypt the back to earlier.

Generalized flowsheet when the present invention is applied to encrypt important plaintext is as follows:

[I] input subscriber identity information UserID and Cipher Strength according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, are calculated random-length Long, and producing random-length is the random key Random of Long,

[II] adopts pre-defined algorithm, utilizes subscriber identity information UserID and random key Random, and the important plaintext Text that encryption will be maintained secrecy to be to obtain ciphertext ReText, wherein,

Described random-length Long is made of following one or more: the length of random key, the mobility scale of random key, the length of unit in the random key, the mobility scale of unit in the random key, and after encryption is finished, random-length Long is kept at the associated memory space that is used to preserve ciphertext Retext with ciphertext or form expressly, and the described associated memory space that is used to preserve ciphertext Retext is meant one of following five: the space of 1. preserving ciphertext Retext, 2. preserve the space of this file attribute of ciphertext Retext, 3. database, 4. be used to preserve file or the space of random-length Long, 5. be used to preserve the two file or space of random-length Long and distinguishing mark TextID

Described random key Random is the part to important plaintext Text encrypted secret key, it is again a part to the key of ciphertext Retext deciphering, it and is to constitute: the random information that system produces by following wherein one or more information, the pseudo-random information that system produces, the information that obtains after utilizing pseudo-random data that subscriber identity information UserID produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that clock number produces system with certain algorithm intervention, and described system is meant cryptographic system or operating system

Described pre-defined algorithm is made of in the following cryptographic algorithm one or more: substitute, displacement, obscure, diffusion, iteration, the combination Split Method, mathematical relationship is encrypted, displacement is encrypted, logical encrypt, arithmetic is encrypted, block encryption, stream cipher encrypting, linear encryption, non-linear encryption, symmetric cryptography, asymmetric encryption, statistics is encrypted, the pseudorandom cryptographic algorithm, utilization increases item number along with crypto process and adjusts the algorithm of the stream cipher encrypting of the inferior multinomial generation of power, the algorithm that the serial number code that utilizes ordering to be produced is encrypted

Described subscriber identity information UserID and the random key Random of utilizing, be meant except utilization comprises subscriber identity information UserID and random key Random the two itself, also comprise and utilize in the following message one or more: the information of deriving by subscriber identity information UserID, the information of deriving by random key Random, random number, the information of deriving by random number, important plaintext Text, the information of deriving by important plaintext Text, by subscriber identity information UserID, random key Random, random number and the important plaintext Text information that both derive jointly among this, by subscriber identity information UserID, random key Random, random number and the important plaintext Text information that the three derives jointly among this, by subscriber identity information UserID, random key Random, random number and this information of deriving jointly of important plaintext Text

Described important plaintext Text is meant one or more in the following message: private key, certificate, individual privacy, trade secret, enterprises and institutions' secret, computer safety information,

The important plaintext Text that described encryption will be maintained secrecy is to obtain ciphertext Retext, be exactly to important plaintext Text, this three's encrypted process of subscriber identity information UserID and random key Random, and this process is varied, listed wherein 13 kinds below: (1) is to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, then with ciphertext Re1, ciphertext Re2, ciphertext Re3 is combined as a ciphertext Retext, (2) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, with ciphertext Re1, among ciphertext Re2 and this three of ciphertext Re3 both are combined as a code string S, and code string S encrypted, to obtain ciphertext Re4, afterwards with ciphertext Re1, this ciphertext and the ciphertext Re4 that participate in formation code string S among ciphertext Re2 and this three of ciphertext Re3 are combined as a ciphertext Retext, (3) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, with ciphertext Re1, among ciphertext Re2 and this three of ciphertext Re3 both are combined as a code string S, and code string S encrypted, to obtain ciphertext Re4, afterwards with ciphertext Re1, this ciphertext and the ciphertext Re4 that participate in formation code string S among ciphertext Re2 and this three of ciphertext Re3 are combined as a code string ReS, then again code string ReS is encrypted, to obtain ciphertext Retext, (4) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, then with ciphertext Re1, ciphertext Re2, ciphertext Re3 is combined as a code string S, and code string S is encrypted, to obtain ciphertext Retext, (5) earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, obtaining ciphertext Re1, after with still do not have among the aforementioned three encrypted other both be combined as a code string S, code string S is encrypted, to obtain ciphertext Re2, then with ciphertext Re1, ciphertext Re2 is combined as a ciphertext, and to obtain ciphertext Retext, (6) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, after with still do not have among the aforementioned three encrypted other both be combined as a code string S, code string S is encrypted, to obtain ciphertext Re2, then with ciphertext Re1, ciphertext Re2 is combined as a code string ReS, code string ReS is encrypted, to obtain ciphertext Retext, (7) are earlier with important plaintext Text again, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, encrypt respectively these data that participate in formation code string S among code string S and the aforementioned three back, to obtain ciphertext Re1, ciphertext Re2 is then with ciphertext Re1, ciphertext Re2 is combined as a ciphertext, to obtain ciphertext Retext, (8) earlier with important plaintext Text, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, encrypt respectively these data that participate in formation code string S among code string S and the aforementioned three back, to obtain ciphertext Re1, ciphertext Re2 is then with ciphertext Re1, ciphertext Re2 is combined as a code string ReS, again code string ReS is encrypted, to obtain ciphertext Retext, (9) are earlier with important plaintext Text, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, then code string S are encrypted to generate ciphertext Re1, these data and the ciphertext Re1 that participate in formation code string S among the aforementioned three are combined as a code string ReS, code string ReS is encrypted, to obtain ciphertext Retext, (10) are earlier with important plaintext Text again, subscriber identity information UserID and this three of random key Random are combined as a code string S, then code string S is encrypted, to obtain ciphertext Retext, (11) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, after will still do not have among the aforementioned three not encrypted other both and ciphertext Re1 be combined as a code string S, then code string S is encrypted, to obtain ciphertext Retext, (12) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, then with still do not have among the aforementioned three encrypted other both one of be combined as a code string S with ciphertext Re1, code string S is encrypted, to obtain ciphertext Re2, to still not have these encrypted data and ciphertext Re2 to be combined as a code string ReS among the aforementioned three then, code string ReS is encrypted, to obtain ciphertext Retext, (13) are with important plaintext Text again, code among subscriber identity information UserID and this three of random key Random inserts mutually, and be divided into a plurality of (containing two) new code string S1, code string S2, ..., use different cryptographic algorithm encrypted code string S1 respectively, code string S2, ..., to obtain ciphertext Re1, ciphertext Re2, ..., with ciphertext Re1, ciphertext Re2, ... be combined as a code string SS, again code string SS is encrypted, to obtain ciphertext Retext.

Described ciphertext Retext; Not only comprise important plaintext Text is encrypted the rear information that generates; The information that also comprises generating after subscriber identity information UserID and the random key Random encryption is cipher code recognition information PassID; In any case and write decrypted program; During deciphering under the condition of input subscriber identity information UserID; All need with the method for exhaustion or adopt cryptanalysis and method that exhaustive attack combines is sought random key Random; Just can guarantee correct decrypting ciphertext ReText; To discharge important plaintext Text

Described Cipher Strength depends on the cipher code recognition information PassID that is generated behind encrypting user identity information UserID and the random key Random, during deciphering, has only the deciphering of finishing earlier cipher code recognition information PassID, could guarantee ciphertext Retext is correctly deciphered, to discharge important plaintext Text, and during deciphering, after confirming that subscriber identity information UserID and random key Random are correct, the relative the amount of calculation of amount of calculation that solves important plaintext Text from ciphertext Retext is often very little.Therefore, described Cipher Strength also equal the Cipher Strength that important plaintext Text is encrypted and be following one of them: random-length, the average computation amount of deciphering, the max calculation amount of deciphering, the multiplication factor of amount of calculation when the average computation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the max calculation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the relative single of the average computation amount of deciphering is deciphered, the multiplication factor of amount of calculation when the relative single of the max calculation amount of deciphering is deciphered, the average trial deciphering number of times of deciphering, maximum trial deciphering number of times of deciphering, the average deciphering time on the predetermined speed machine, the longest deciphering time on the predetermined speed machine

Described input subscriber identity information UserID and Cipher Strength, be meant according to one of following eight kinds of orders and import: 1. import subscriber identity information UserID earlier, back input Cipher Strength, 2. import Cipher Strength earlier, and before producing random key Random, input subscriber identity information UserID, 3. import Cipher Strength earlier, and after producing random key Random, input subscriber identity information UserID, 4. in the process of input subscriber identity information UserID, the input Cipher Strength, and before producing random key Random, finish input subscriber identity information UserID, 5. in the process of input subscriber identity information UserID, the input Cipher Strength, and after producing random key Random, finish input subscriber identity information UserID, 6. by the two priority input sequence of user determination user identity information UserID and Cipher Strength, 7. with two process input subscriber identity information UserID, and with one of them process input Cipher Strength, 8. with two thread input subscriber identity information UserID, and with one of them thread input Cipher Strength

In order to indicate the necessary attributes such as the owner of ciphertext Retext, cryptographic system gives a distinguishing mark TextID often for important plaintext Text, cryptographic system is in the process that generates ciphertext Retext, distinguishing mark TextID is backed up in the associated memory space that is used to preserve ciphertext Retext, and wherein said distinguishing mark TextID is made of in the following message one or more: random data, version number, the foundation of important plaintext Text and modification time, the described associated memory space that is used to preserve ciphertext Retext is meant one of following five: the space of 1. preserving ciphertext Retext, 2. preserve the space of this file attribute of ciphertext Retext, 3. database, 4. be used to preserve file or the space of distinguishing mark TextID, 5. be used to preserve the two file or space of random-length Long and distinguishing mark TextID

When the present invention is applied to important plaintext trusteeship service in the cloud, above described subscriber identity information UserID, the terminal user ID information End-UserID that not only comprises the input of terminal use or terminal system, also comprise the trusteeship party key of important plaintext trusteeship service merchant's cloud to terminal use's distribution, and, encrypt in the process of important plaintext Text, important plaintext trusteeship service merchant's cloud produces trusteeship party's key, after using terminal use's public key encryption trusteeship party key, this trusteeship party's key of having encrypted is sent to terminal use's computer, terminal use's computer utilizes the decrypt ciphertext of private key to receiving, to obtain trusteeship party's key, use the encryption of trusteeship party's key participation then to important plaintext Text and ciphertext thereof, after encryption is finished, terminal use's computer is preserved the cloud that ciphertext Retext sends to important plaintext trusteeship service merchant, during decrypting ciphertext Retext, behind terminal use's input terminal subscriber identity information End-UserID, terminal use's computer utilizes important plaintext trusteeship service merchant's cloud public key encryption terminal user ID information End-UserID, and the terminal user ID information End-UserID that will encrypt sends to important plaintext trusteeship service merchant's cloud, cloud utilizes the decrypt ciphertext of private key to receiving, to obtain terminal user ID information End-UserID, trusteeship party's key that cloud extracts and deciphering has been encrypted, to obtain trusteeship party's key, then, cloud utilizes trusteeship party's key and terminal user ID information End-UserID, adopt exhaust algorithm decipher ciphertext Retext, to obtain important plaintext Text, cloud utilizes the important plaintext Text of terminal use's public key encryption, and the important plaintext Text that will encrypt sends to the terminal use, the terminal use deciphers the important plaintext Text that has encrypted with private key, to obtain important plaintext Text, certainly during decrypting ciphertext Retext, after the request transmission ciphertext Retext information that also can submit to important plaintext trusteeship service merchant's cloud verification terminal user is correct, cloud sends to terminal use's computer with ciphertext Retext and trusteeship party's key, by terminal use input terminal subscriber identity information End-UserID on the computer of oneself, utilize terminal user ID information End-UserID and trusteeship party's key to ciphertext Retext deciphering, to obtain important plaintext Text.In addition, during decrypting ciphertext Retext, also can be chosen on third party's computer and finish deciphering by the terminal use.When the terminal use sends to important plaintext trusteeship service merchant's cloud with ciphertext Retext, can encrypt then ciphertext Retext once more with the cloud PKI and send, also can directly send without the cloud public key encryption, when important plaintext trusteeship service merchant's cloud sends to the terminal use with ciphertext Retext, can encrypt transmission then to ciphertext Retext once more with terminal use's PKI, also can directly send without terminal use's public key encryption.

The present invention also can have some other feature as: 1. the user is on the graphical interaction interface of band order button, input subscriber identity information UserID and Cipher Strength, 2. verify user's legitimacy, have only user just can finish encryption important plaintext Text by checking.

For ease of explanation, the file security system (comprising encryption system and decryption system) that will adopt the present invention to back up crucial password, certificate below abbreviates FKSS as; The private key KeyText that adopts the present invention to back up and recover utilizes the important plaintext that encryption method is protected among the present invention; The encrypted backup that private key KeyText is encrypted back generation private key KeyText with the encryption method among the present invention is called ReCome (after generating ReCome, still keeping private key KeyText among the FKSS); To be called plaintext M essFile except that file or the information that the wait FKSS the private key KeyText encrypts; Plaintext M essFile is called BeMF by the ciphertext that FKSS encrypts the back generation.During FKSS encrypting plaintext MessFile, if adopt symmetric encipherment algorithm, then use private key KeyText encrypting plaintext MessFile, if adopt rivest, shamir, adelman, with with the public key encryption plaintext M essFile of private key KeyText pairing, because it not is emphasis of the present invention that plaintext M essFile is encrypted, so relating to " FKSS encrypting plaintext MessFile obtains ciphertext BeMF " during this step, which kind of secret key encryption of not drawings among the embodiment of back.For quick identification, FKSS produces a distinguishing mark KeyID for private key KeyText, FKSS backuped to KeyID and is used to preserve the distinguishing mark of the correlation space of ciphertext as ReCome when backup private key KeyText generated ReCome, FKSS reads the KeyID of backup from the correlation space that is about to be used to preserve ciphertext during encrypting plaintext MessFile, and whether consistent according to this KeyID with active user's KeyID, judge whether active user's private key KeyText has backup ReCome.Usually, adopt the mode of duplicating to carry out during FKSS backup KeyID, also can adopt certain algorithm to preserve the encryption copy of KeyID certainly.This paper recommends KeyID to be made up of jointly the version number of FKSS, modification time and this three of random data of private key KeyText, does not get rid of KeyID certainly and is made of other data.

Referring to Fig. 1, first embodiment of the invention, its encryption flow is as follows:

[C] input Cipher Strength and subscriber identity information UserID according to the relation between length, Cipher Strength and the predetermined decrypted program speed three of random key, calculate the length L ong of random key, and producing length is the random key Random of Long,

[D] utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the position that the serial number code that utilizes ordering to produce is reset each code among the code string UR, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

The position of each code among the serial number code rearrangement code string KP of [F] utilization ordering generation utilizes the stream cipher that produces along with crypto process increase item number and the inferior multinomial of adjustment power to come encrypted code string KP, with the encrypted backup ReCome of generation private key KeyText,

[G] inserts the length L ong of random key and the distinguishing mark KeyID of private key KeyText among the encrypted backup ReCome of private key KeyText,

Referring to Fig. 2, second embodiment of the invention, its encryption flow is as follows:

Referring to Fig. 3, third embodiment of the invention, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk,

d[i]＝d[i]^p[ir[i]] /*...0≤i＜384...*/

With a circulation, calculate s[i]=p[r[i]] ^r[i]

/ * ... the serial number code that utilizes ordering to produce is reset code position, and makes XOR

(0≤i＜128)......*/

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i] /*...0≤i＜64...*/

d[2×i+1]＝((d[2×i+1]+s[2×i+1])％256) /*...0≤i＜64...*/

With a circulation, calculate s[i]=p[r[i]] ^r[i]/* ... (0≤i＜128) ... */

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i-256] /*...128≤i＜192...*/

d[2×i+1]＝(d[2×i+1]-s[2×i-255]+256)％256 /*...128≤i＜192...*/

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]

Calculate d[i]=d[i] ^s[i]

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]/* ... 0≤i＜128...*/

Calculate d[i]=d[i] ^s[i-128]/* ... 128≤i＜256...*/

/ * ... the byte sequence number is since 0 ... */

With a circulation, calculate,

q[4×i+2]＝d[i] /*...0≤i＜128...*/

q[i+(i+1)/3]＝d[ir[i]+128]^(ir[i]％256)?/*...0≤i＜384...*/

With a cycle calculations,

p[i]＝s[r[i]]^r[i]

With a circulation, with d[r[i]] copy to q[i]/* ... 0≤i＜512...*/

With p[r[i]+4] copy to s[i]/* ... 0≤i＜512...*/

[19] process PKey is provided with v=0,

Encrypt ordered series of numbers ID with a circulation:

d[i]＝q[i]^(v％256) /*...0≤i＜512...*/

With a cycle calculations:

d[516+i×5]＝q[r[i]×5] /*...0≤i＜512...*/

d[516+i×5+1]＝q[r[i]×5+1] /*...0≤i＜512...*/

d[516+i×5+2]＝q[r[i]×5+2] /*...0≤i＜512...*/

d[516+i×5+3]＝q[r[i]×5+3] /*...0≤i＜512...*/

d[516+i×5+4]＝q[r[i]×5+4] /*...0≤i＜512...*/

V=0 is set

Encrypt ordered series of numbers ID with a circulation:

v＝((i+5)(u[i/2]) ⁽ⁱ⁺⁵⁾+(i+4)(u[i/2+1]) ⁽ⁱ⁺⁴⁾+(i+3)(u[i/2+2]) ⁽ⁱ⁺³⁾+...+(i/2+1)(u[i+4]) ^(i/2+1)+i×(u[i％((n+7)/8)]) ^(i％64))％(256 ³)+v/256 /*...0≤i＜3076...*/

d[i]＝d[i]^(v％256) /*...0≤i＜3076...*/

/ * ... ... d[i], u[i] the byte sequence number is the data of i among the expression ordered series of numbers ID, ordered series of numbers, n＞8 * 8, n is the bit number sum of random key Random and subscriber identity information UserID, here may cause the computations amount excessive, if so, following formula suitably can be revised ... */

Referring to Fig. 3, four embodiment of the invention, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk to FKSS,

[2] FKSS judges whether private key KeyText exists, if exist, then extracts the distinguishing mark KeyID of private key KeyText, carries out then [3]; If do not exist, then produce private key KeyText and distinguishing mark KeyID thereof and preservation, carry out then [5],

[3] FKSS seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then carries out [4]; If do not find, then carry out [5],

[4] FKSS encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF, finishes this process then,

[5] FKSS increases a process, and a process PKey among this process and the former process carries out [6], and another process is carried out [4],

[6] process PKey is on a graphical interaction interface with order button; The option of selecting the Cipher Strength type is provided; The edit box of input Cipher Strength numerical value is provided and adjusts up and down arrow or other control of numerical value in this frame; The edit box of input subscriber identity information UserID is provided; Prompting user is imported Cipher Strength or is not imported the Cipher Strength that adopts the FKSS acquiescence; The subscriber identity information UserID that prompting user input encryption key KeyText backs up or the subscriber identity information of not importing active user in the employing system

[11] process PKey utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the position that the serial number code that utilizes ordering to produce is reset each code among the code string UR, utilization comes encrypted code string UR to generate the cipher code recognition information PassID that is used for discerning subscriber identity information UserID and random key Random when deciphering along with crypto process increases item number with the stream cipher that the inferior multinomial of adjustment power produces

[13] process PKey utilizes the position that the serial number code of ordering generation is reset each code among the code string KP, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string KP, to generate the encrypted backup ReCome of private key KeyText

Referring to Fig. 4-A and Fig. 4-B, four embodiment of the invention, its deciphering flow process is as follows:

[1] user deciphers the ciphertext BeMF among the memory disc Disk to the FKSS request,

[2] with active user's private key KeyText decrypting ciphertext BeMF, to obtain plaintext M essFile, if successful decryption, then deciphering finishes; If deciphering failure or active user's private key KeyText does not exist, then carry out next step,

[3] in each memory disc of computer, seek the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with ciphertext BeMF, if find, then carry out [7]; If do not find, then carry out [4],

/ * ... the version number among the distinguishing mark KeyID can be inequality ... ... */

[4] show the graphical interaction interface of a band order button, can not find private key KeyText and the backup thereof of decrypting ciphertext BeMF in the prompting computer on this interface, prompting is selected to withdraw from deciphering or private key is backed up displacement disc and is connected to computer and continues deciphering,

[5] detect displacement disc change situation and user command, if detect the displacement disc of firm connection, then carry out [6], input exits command if system detects the user, then finish,

[6] in the displacement disc that just connects, seek the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with ciphertext BeMF, if find, then carry out [7]; If do not find, then carry out [4],

[7] according to the version number among the distinguishing mark KeyID among the encrypted backup ReCome of private key KeyText, judge that can FKSS give the encrypted backup ReCome deciphering of private key KeyText, if can, then carry out [8], if can not, point out then that user FKSS version is outmoded can not be deciphered, and start refresh routine or end

[8] call the program (following step is referring to Fig. 4-B, and the decrypted program step of the encrypted backup ReCome of the private key KeyText that is produced in encrypting at present embodiment is as follows) of the encrypted backup ReCome of corresponding decrypted private key KeyText,

[9] definition random key variable TryPass from backup ciphertext ReCome, extracts the random-length Long of random key Random

[10] the graphical interaction interface of a band order button of demonstration provides the edit box of importing subscriber identity information, and the prompting user imports subscriber identity information;

[11] detect user command,,, then finish if user's input is withdrawed from if user's input validation is then carried out [12],

[12] judging whether the user imports is used for the subscriber identity information of encrypted backup ReCome of decrypted private key KeyText, if input, then the subscriber identity information with input leaves among the character string ID, carry out then [13], if do not have input, then FKSS then extracts active user's subscriber identity information from system, and this information is left among the character string ID, carry out then [13]

[13] TryPass is returned 0 (be about to the content that TryPass takes up room and all be made as 0),

[14] utilize the stream cipher that produces along with decryption process increase item number and the inferior multinomial of adjustment power to come the encrypted backup ReCome of decrypted private key KeyText, with release code string KP, the serial number code that utilizes ordering to produce restores the position of each code among the code string KP

[15] extract cipher code recognition information PassID from code string KP,

[16] utilize the stream cipher that produces along with decryption process increase item number and the inferior multinomial of adjustment power to come clear crytpographic key identifying information PassID, with release code string UR, the serial number code of utilization ordering generation, with the position recovery of each code among the code string UR,

[17] extract subscriber identity information UserID and random key Random from code string UR,

[18] will compare from subscriber identity information UserID and the character string ID that code string UR extracts, to compare from the random key TryPass that the random key Random and the program of code string UR extraction are enumerated, if the comparison of the comparison of subscriber identity information and random key is all consistent, then carry out [21], otherwise carry out

【19】。

[19] TryPass is added 1,

/ * ... regard the preceding Long bit data of TryPass as a nonnegative integer by specific program here, and TryPass is upgraded with adding 1 this algorithm, thus list a new random key.First of This document assumes that TryPass is front end, and low level a preceding high position after.This exhaustive circulation comprises [14] to [20] this seven step.Certainly make the TryPass method for updating diversified, for example TryPass subtracted 1 or the like ... ... ..*/

[20] whether the Long+1 position of judging TryPass is 1, if the graphical interfaces that then will show in [10] sends the message of subscriber identity information mistake, and carries out [10]; If not, then carry out [14],

[21] extract private key KeyText from code string KP, and with this private key KeyText decrypting ciphertext BeMF, to obtain plaintext M essFile, the deciphering end.

Referring to Fig. 5, fifth embodiment of the invention, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk to FKSS,

[2] FKSS encrypting plaintext MessFile obtains ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF,

[3] FKSS seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then finishes; If do not find, then carry out [4],

[4] process PKey is on a graphical interaction interface with order button; The option of selecting the Cipher Strength type is provided; The edit box of input Cipher Strength numerical value is provided and adjusts up and down arrow or other control of numerical value in this frame; The edit box of input subscriber identity information UserID is provided; Prompting user is imported Cipher Strength or is not imported the Cipher Strength that adopts the FKSS acquiescence; The subscriber identity information UserID that prompting user input encryption key KeyText backs up or the subscriber identity information of not importing active user in the employing system

[6] FKSS judges whether the user imports and is used for the subscriber identity information UserID of encryption key KeyText backup, if input is then carried out [7]; If not input is then extracted subscriber identity information UserID from system, carry out then [8],

[7] FKSS judges whether the subscriber identity information UserID of user's input is effective, if effectively then receive the subscriber identity information UserID of user's input, carries out then [8], if it is invalid, the graphical interfaces that then will show in [4] sends the information of makeing mistakes, and execution [4]

[8] FKSS is according to the relation between random-length, Cipher Strength and the predetermined decrypted program speed three of random key, calculates the random-length Long of random key, and to produce random-length be the random key Random of Long,

[9] FKSS utilizes subscriber identity information UserID and random key Random to derive from a code string UR, the algorithm for encryption code string UR that the serial number code that utilizes ordering to be produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string UR, the cipher code recognition information PassID that is used for when deciphering, discerning subscriber identity information UserID and random key Random with generation

[10] FKSS extracts private key KeyText, and private key KeyText and the cipher code recognition information PassID that extracts derived from a code string KP,

[11] the algorithm for encryption code string KP that encrypts of the FKSS serial number code that utilizes ordering to be produced, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string KP, to generate the encrypted backup ReCome of private key KeyText

[12] FKSS inserts the distinguishing mark KeyID of random-length Long, the private key KeyText of random key Random among the encrypted backup ReCome of private key KeyText,

[13] FKSS is kept at the associated memory space that is used to preserve ciphertext BeMF with the encrypted backup ReCome of private key KeyText, finishes.

Referring to Fig. 6, sixth embodiment of the invention, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk to FKSS,

[3] FKSS seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then carries out [14]; If do not find, then carry out [4],

[6] FKSS judges whether the user imports and is used for the subscriber identity information UserID of encryption key KeyText backup, if input is then carried out [7],, carry out then [8] if not input is then extracted subscriber identity information UserID from system,

[10] FKSS extracts private key KeyText, and utilizes the private key KeyText and the cipher code recognition information PassID that extract to derive from a code string KP,

[13] FKSS is kept at the associated memory space that is used to preserve ciphertext BeMF with the encrypted backup ReCome of private key KeyText,

[14] FKSS encrypting plaintext MessFile obtaining ciphertext BeMF, and inserts the distinguishing mark KeyID of private key KeyText among the ciphertext BeMF, finishes then.

In the various embodiments described above, encrypted the information that generates by the encryption method among the present invention in the ReCome, under normal circumstances do not need deciphering, just need deciphering when only existing private key KeyText can not decipher BeMF in FKSS, be used to save encrypted data.In fact ReCome needs the frequency of all deciphering uses very low, therefore we can be by adjusting random-length, make FKSS under the correct situation of subscriber identity information, the amount of calculation when all the average computation amount of deciphering is encrypted relatively with ReCome is amplified doubly a lot.Certainly FKSS is when being provided with random-length, speed that can encryption machine is foundation, under the correct situation of subscriber identity information, the average deciphering time that ReCome is all deciphered is made as 1 minute, 1 hour, 1 day, 1 week even longer, does not get rid of certainly and uses other set-up modes.

Can realize embodiments of the invention with several different methods, comprise the computer-readable code that writes on the computer readable recording medium storing program for performing.Computer readable recording medium storing program for performing can be the recording equipment of any type, and data are stored with computer-reader form therein.Computer readable recording medium storing program for performing includes, but are not limited to ROM, RAM, CD-ROM, tape, floppy disk, hard disk, mobile storage disc, light storage and the carrier wave transfer of data of internet (for example, by).Computer readable recording medium storing program for performing can be distributed on a plurality of computer systems that are connected to network, so that computer-readable code can be write on it and carries out from it with distribution mode.This encryption method not only can be applicable in the single computer systems, also may be used in important plaintext trusteeship service merchant's the cloud system.In addition, the needed function program of realization embodiments of the invention, code or code segment can be explained by those of ordinary skill in the art.

Although illustrate and described the present invention with reference to given preferred embodiment of the present invention, but those skilled in the art is to be understood that, not breaking away under the condition of the spirit and scope of the present invention as defined by the appended claims, can carry out the various variations on form and the details here.

Utilizability on the industry

Can be automatically or adjust as required Cipher Strength according to encryption method of the present invention. Encryption method according to the present invention can be used for the ciphertext of the backup generation high safety of the vital document information such as encryption key, certificate. The ciphertext that generates according to encryption method of the present invention can tackle the various high performance machines that crack.

Claims

1. encryption method, its encryption flow is as follows:

Described random-length Long is made of following one or more: the mobility scale of unit in the length of unit, the random key in the length of random key, the mobility scale of random key, the random key,

Described random key Random is the part to important plaintext Text encrypted secret key, is again the part to the key of ciphertext Retext deciphering,

The important plaintext Text that described encryption will be maintained secrecy is exactly to important plaintext Text, subscriber identity information UserID and this three's encrypted process of random key Random to obtain ciphertext Retext,

Described Cipher Strength depends on the cipher code recognition information PassID that is generated behind encrypting user identity information UserID and the random key Random, during deciphering, has only the deciphering of finishing earlier cipher code recognition information PassID, could guarantee ciphertext Retext is correctly deciphered, to discharge important plaintext Text, and during deciphering, after confirming that subscriber identity information UserID and random key Random are correct, the relative the amount of calculation of amount of calculation that solves important plaintext Text from ciphertext Retext is often very little.Therefore, described Cipher Strength also equal the Cipher Strength that important plaintext Text is encrypted and be following one of them: random-length, the average computation amount of deciphering, the max calculation amount of deciphering, the multiplication factor of amount of calculation when the average computation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the max calculation amount of deciphering is encrypted relatively, the multiplication factor of amount of calculation when the relative single of the average computation amount of deciphering is deciphered, the multiplication factor of amount of calculation when the relative single of the max calculation amount of deciphering is deciphered, the average trial deciphering number of times of deciphering, maximum trial deciphering number of times of deciphering, the average deciphering time on the predetermined speed machine, the longest deciphering time on the predetermined speed machine.

2. according to the described encryption method of claim 1, wherein,

Described random-length Long, be kept at the associated memory space that is used to preserve ciphertext Retext with ciphertext or form expressly, and the described associated memory space that is used to preserve ciphertext Retext is meant one of following five: the space of 1. preserving ciphertext Retext, 2. preserve the space of this file attribute of ciphertext Retext, 3. database, 4. be used to preserve file or the space of random-length Long, 5. be used to preserve the two file or space of random-length Long and distinguishing mark TextID

Described random key Random is made of following wherein one or more information: the random information that system produces, the pseudo-random information that system produces, the information that obtains after utilizing pseudo-random data that subscriber identity information UserID produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that clock number produces system with certain algorithm intervention, and described system is meant cryptographic system or operating system

Described to important plaintext Text, this three's encrypted process of subscriber identity information UserID and random key Random, be meant one of following 13 kinds of processes: (1) is to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, then with ciphertext Re1, ciphertext Re2, ciphertext Re3 is combined as a ciphertext Retext, (2) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, with ciphertext Re1, among ciphertext Re2 and this three of ciphertext Re3 both are combined as a code string S, and code string S encrypted, to obtain ciphertext Re4, afterwards with ciphertext Re1, this ciphertext and the ciphertext Re4 that participate in formation code string S among ciphertext Re2 and this three of ciphertext Re3 are combined as a ciphertext Retext, (3) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, with ciphertext Re1, among ciphertext Re2 and this three of ciphertext Re3 both are combined as a code string S, and code string S encrypted, to obtain ciphertext Re4, afterwards with ciphertext Re1, this ciphertext and the ciphertext Re4 that participate in formation code string S among ciphertext Re2 and this three of ciphertext Re3 are combined as a code string ReS, then again code string ReS is encrypted, to obtain ciphertext Retext, (4) to important plaintext Text, subscriber identity information UserID and random key Random encrypt respectively, to obtain this three's corresponding ciphertext Re1, ciphertext Re2, ciphertext Re3, then with ciphertext Re1, ciphertext Re2, ciphertext Re3 is combined as a code string S, and code string S encrypted, to obtain ciphertext Retext, (5) earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, obtaining ciphertext Re1, after with still do not have among the aforementioned three encrypted other both be combined as a code string S, code string S is encrypted, to obtain ciphertext Re2, then with ciphertext Re1, ciphertext Re2 is combined as a ciphertext, and to obtain ciphertext Retext, (6) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, after with still do not have among the aforementioned three encrypted other both be combined as a code string S, code string S is encrypted, to obtain ciphertext Re2, then with ciphertext Re1, ciphertext Re2 is combined as a code string ReS, code string ReS is encrypted, to obtain ciphertext Retext, (7) are earlier with important plaintext Text again, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, encrypt respectively these data that participate in formation code string S among code string S and the aforementioned three back, to obtain ciphertext Re1, ciphertext Re2 is then with ciphertext Re1, ciphertext Re2 is combined as a ciphertext, to obtain ciphertext Retext, (8) earlier with important plaintext Text, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, encrypt respectively these data that participate in formation code string S among code string S and the aforementioned three back, to obtain ciphertext Re1, ciphertext Re2 is then with ciphertext Re1, ciphertext Re2 is combined as a code string ReS, again code string ReS is encrypted, to obtain ciphertext Retext, (9) are earlier with important plaintext Text, both are combined as a code string S among subscriber identity information UserID and this three of random key Random, then code string S are encrypted to generate ciphertext Re1, these data and the ciphertext Re1 that participate in formation code string S among the aforementioned three are combined as a code string ReS, code string ReS is encrypted, to obtain ciphertext Retext, (10) are earlier with important plaintext Text again, subscriber identity information UserID and this three of random key Random are combined as a code string S, then code string S is encrypted, to obtain ciphertext Retext, (11) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, after will still do not have among the aforementioned three not encrypted other both and ciphertext Re1 be combined as a code string S, then code string S is encrypted, to obtain ciphertext Retext, (12) are earlier to important plaintext Text, subscriber identity information UserID and this thrin of random key Random are encrypted, to obtain ciphertext Re1, then with still do not have among the aforementioned three encrypted other both one of be combined as a code string S with ciphertext Re1, code string S is encrypted, to obtain ciphertext Re2, to still not have these encrypted data and ciphertext Re2 to be combined as a code string ReS among the aforementioned three then, code string ReS is encrypted, to obtain ciphertext Retext, (13) are with important plaintext Text again, code among subscriber identity information UserID and this three of random key Random inserts mutually, and be divided into a plurality of (containing two) new code string S1, code string S2, ..., use different cryptographic algorithm encrypted code string S1 respectively, code string S2, ..., to obtain ciphertext Re1, ciphertext Re2, ..., with ciphertext Re1, ciphertext Re2, ... be combined as a code string SS, again code string SS is encrypted, to obtain ciphertext Retext.

3. according to the described encryption method of claim 2, it is characterized in that: described subscriber identity information UserID, the terminal user ID information End-UserID that not only comprises the input of terminal use or terminal system, also comprise the trusteeship party key of important plaintext trusteeship service merchant's cloud to terminal use's distribution, and

Before finishing to important plaintext Text encryption, important plaintext trusteeship service merchant's cloud produces trusteeship party's key, after using terminal use's public key encryption trusteeship party key, this trusteeship party's key of having encrypted is sent to terminal use's computer, terminal use's computer utilizes the decrypt ciphertext of private key to receiving, to obtain trusteeship party's key, use the encryption of trusteeship party's key participation then to important plaintext Text and ciphertext thereof, after encryption was finished, terminal use's computer was preserved the cloud that ciphertext Retext sends to important plaintext trusteeship service merchant.

4. according to the described encryption method of claim 3, it is characterized in that: terminal use's computer is encrypted generation ciphertext Retext to important plaintext Text after, utilize important plaintext trusteeship service merchant's cloud public key encryption ciphertext Retext again, will be sent to important plaintext trusteeship service merchant's cloud by the ciphertext Retext of cloud public key encryption then.

5. according to claim 1 or 2 or 3 or 4 described encryption methods, it is characterized in that: the distinguishing mark TextID of important plaintext Text is backed up in the associated memory space that is used for preserving ciphertext Retext, and described distinguishing mark TextID with important plaintext Text backs up in the associated memory space that is used to preserve ciphertext Retext, be meant the distinguishing mark TextID of important plaintext Text backup one of following five: the space of 1. preserving ciphertext Retext, 2. preserve the space of this file attribute of ciphertext Retext, 3. database, 4. be used to preserve file or the space of distinguishing mark TextID, 5. be used to preserve the two file or space of random-length Long and distinguishing mark TextID

Described distinguishing mark TextID is made of in the following message one or more: foundation and the modification time of random data, version number, important plaintext Text.

6. according to claim 1 or 2 or 3 or 4 or 5 described encryption methods, it is characterized in that: checking user's legitimacy, have only user just can finish encryption to important plaintext Text by checking.

7. encryption method, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk,

d[i]＝d[i]^p[ir[i]] /*...0≤i＜384 ...*/

With a circulation, calculate s[i]=p[r[i]] ^r[i]

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i] /*...0≤i＜64 ...*/

d[2×i+1]＝((d[2×i+1]+s[2×i+1])％256) /*...0≤i＜64 ...*/

With a circulation, calculate s[i]=p[r[i]] ^r[i]/* ... (0≤i＜128) ... */

With a circulation, calculate

d[2×i]＝d[2×i]^s[2×i-256] /*...128≤i＜192...*/

d[2×i+1]＝(d[2×i+1]-s[2×i-255]+256)％256/*...128≤i＜192...*/

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]

Calculate d[i]=d[i] ^s[i]

/ * ... promptly use data encryption ordered series of numbers ID header data among the ordered series of numbers S, s[i], d[i], p[i] represent that respectively the byte sequence number is the data of i among ordered series of numbers S, ordered series of numbers ID, the ordered series of numbers P, 0≤i＜128 ... */

With a circulation,

Calculate s[i]=p[r[i]] ^r[i]/* ... 0≤i＜128...*/

Calculate d[i]=d[i] ^s[i-128]/* ... 128≤i＜256...*/

/ * ... the byte sequence number is since 0 ... */

With a circulation, calculate,

q[4×i+2]＝d[i] /*... 0≤i＜128...*/

q[i+(i+1)/3]＝d[ir[i]+128]^(ir[i]％256)/*...0≤i＜384...*/

With a cycle calculations,

p[i]＝s[r[i]]^r[i]

With a circulation, with d[r[i]] copy to q[i]/* ... 0≤i＜512...*/

With p[r[i]+4] copy to s[i]/* ... 0≤i＜512...*/

[19] process PKey is provided with v=0,

Encrypt ordered series of numbers ID with a circulation:

v＝((i+5)(p[i/2]) ⁽ⁱ⁺⁵⁾+(i+4)(p[i/2+1]) ⁽ⁱ⁺⁴⁾+(i+3)(p[i/2+2]) ⁽ⁱ⁺³⁾+......+(i/2+1)(p[i+4]) ^(i/2+1))％(256 ³)+v/256 /*...0≤0＜512...*/d[i]＝q[i]^(v％256) /*...0≤i＜512...*/

With a cycle calculations:

d[516+i×5]＝q[r[i]×5] /*...0≤i＜512...*/

d[516+i×5+1]＝q[r[i]×5+1] /*...0≤i＜512...*/

d[516+i×5+2]＝q[r[i]×5+2] /*...0≤i＜512...*/

d[516+i×5+3]＝q[r[i]×5+3] /*...0≤i＜512...*/

d[516+i×5+4]＝q[r[i]×5+4] /*...0≤i＜512...*/

V=0 is set

Encrypt ordered series of numbers ID with a circulation:

d[i]＝d[i]^(v％256) /*...0≤i＜3076...*/

8. encryption method, its encryption flow is as follows:

[V] inserts the distinguishing mark KeyID of random-length Long, private key KeyText among the encrypted backup ReCome of private key KeyText.

9. encryption method, its encryption flow is as follows:

[G] inserts the distinguishing mark KeyID of random-length Long, private key KeyText among the encrypted backup ReCome of private key KeyText,

[H] is kept at the associated memory space that is used to preserve ciphertext BeMF with the encrypted backup ReCome of private key KeyText, finishes.

10. encryption method, its encryption flow is as follows:

[B] seeks the encrypted backup ReCome that has the private key KeyText of the distinguishing mark KeyID that coincide mutually with active user's private key KeyText in the associated memory space that is used to preserve ciphertext BeMF, if find, then carries out [I]; If do not find, then carry out [C],

[H] is kept at the associated memory space that is used to preserve ciphertext BeMF with the encrypted backup ReCome of private key KeyText,

[I] encrypting plaintext MessFile to be obtaining ciphertext BeMF, and the distinguishing mark KeyID of private key KeyText is inserted among the ciphertext BeMF, finishes.

11. encryption method according to claim 7 is characterized in that: wherein,

Described process PKey is with the length L ong of random key Random, the distinguishing mark KeyID of private key KeyText inserts among the ordered series of numbers ID, be modified to: random-length Long is kept at the associated memory space that is used to preserve backup ReCome, the distinguishing mark KeyID backup of private key KeyText is being used to preserve the associated memory space that backs up ReCome, and, the described associated memory space that is used to preserve backup ReCome that random-length Long is kept at, be meant random-length Long is kept at one of following five: the space of 1. preserving backup ReCome, 2. preserve the space of this file attribute of backup ReCome, 3. database, 4. be used to preserve file or the space of random-length Long, 5. be used to preserve the two file or space of random-length Long and distinguishing mark TextID; Described distinguishing mark KeyID backup with private key KeyText is being used to preserve the associated memory space that backs up ReCome, be meant the distinguishing mark KeyID of private key KeyText backup one of following five: the space of 1. preserving backup ReCome, 2. preserve the space of this file attribute of backup ReCome, 3. database, 4. be used to preserve file or the space of distinguishing mark KeyID, 5. be used to preserve the two file or space of random-length Long and distinguishing mark KeyID

Described encrypting plaintext MessFile obtains ciphertext BeMF, and among the distinguishing mark KeyID insertion ciphertext BeMF with private key KeyText, be modified to: encrypting plaintext MessFile obtains ciphertext BeMF, and with the distinguishing mark KeyID of private key KeyText backup in the associated memory space that is used to preserve ciphertext BeMF, and, the described associated memory space that is used to preserve ciphertext BeMF, be meant one of following four: the space of 1. preserving ciphertext BeMF, 2. preserve the space of ciphertext BeMF file attribute, 3. database, the file or the space that 4. are used to preserve distinguishing mark KeyID.

12. an encryption method, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk,

[14] process PKey inserts the distinguishing mark KeyID of random-length Long, private key KeyText among the encrypted backup ReCome of private key KeyText,

13. an encryption method, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk,

[12] the distinguishing mark KeyID with random-length Long, private key KeyText inserts among the encrypted backup ReCome of private key KeyText,

14. an encryption method, its encryption flow is as follows:

[1] user asks the file encryption among the memory disc Disk,

15. according to Claim 8 or 9 or 10 or 12 or 13 or 14 described encryption methods, wherein,

Described random key is to be made of following wherein one or more information: the pseudo-random information that the random information that system produces, system produce, the information that obtains after utilizing pseudo-random data that subscriber identity information UserID produces system with certain algorithm intervention, the information that obtains after utilizing pseudo-random data that data in internal memory or the external memory produce system with certain algorithm intervention, the information of utilizing clock number that the pseudo-random data of system's generation is obtained after with certain algorithm intervention, and described system is meant cryptographic system or operating system.

16., it is characterized in that according to claim 9 or 10 or 12 or 13 or 14 described encryption methods: wherein,

The algorithm for encryption code string KP that the serial number code that described utilization ordering is produced is encrypted, utilization is along with the stream cipher that crypto process increases the item number multinomial generation inferior with adjusting power comes encrypted code string KP, be modified to: adopt pre-defined algorithm encrypted code string KP, and described pre-defined algorithm is made of in the following cryptographic algorithm one or more: substitute, displacement, obscure, diffusion, iteration, the combination Split Method, mathematical relationship is encrypted, displacement is encrypted, logical encrypt, arithmetic is encrypted, block encryption, stream cipher encrypting, linear encryption, non-linear encryption, symmetric cryptography, asymmetric encryption, statistics is encrypted, the pseudorandom cryptographic algorithm, utilization increases item number along with crypto process and adjusts the algorithm of the stream cipher encrypting of the inferior multinomial generation of power, the algorithm that the serial number code that utilizes ordering to be produced is encrypted

17. encryption method according to claim 8 is characterized in that: wherein,

18., it is characterized in that according to claim 11 or 15 or 16 or 17 described encryption methods: checking user's legitimacy, have only user just can finish encryption to private key KeyText by checking.

19. according to claim 1 or 2 or 3 or 4 or 5 or 6 or 8 or 9 or 10 or 17 described encryption methods, it is characterized in that: the user imports subscriber identity information UserID and Cipher Strength on the graphical interaction interface of band order button.