CN107124273A - A kind of platform data encryption method and device based on dynamic authorization code - Google Patents

A kind of platform data encryption method and device based on dynamic authorization code Download PDF

Info

Publication number
CN107124273A
CN107124273A CN201710325846.6A CN201710325846A CN107124273A CN 107124273 A CN107124273 A CN 107124273A CN 201710325846 A CN201710325846 A CN 201710325846A CN 107124273 A CN107124273 A CN 107124273A
Authority
CN
China
Prior art keywords
plaintext
encrypted
encryption
sequence
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710325846.6A
Other languages
Chinese (zh)
Inventor
张然
高雪花
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Di Technology Co Ltd
Original Assignee
Chengdu Di Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Di Technology Co Ltd filed Critical Chengdu Di Technology Co Ltd
Priority to CN201710325846.6A priority Critical patent/CN107124273A/en
Publication of CN107124273A publication Critical patent/CN107124273A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The present invention proposes a kind of platform data encryption method based on dynamic authorization code and device, and methods described includes:Platform data to be encrypted is obtained, plaintext M is used as;Plaintext M generates plaintext DM to be encrypted after pretreatment P;The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the security of platform data.

Description

A kind of platform data encryption method and device based on dynamic authorization code
Technical field
The present invention relates to safety verification field, and in particular to it is a kind of based on dynamic authorization code platform data encryption method and Device.
Background technology
With the popularization of computer application and developing rapidly for Internet, society's secret and wealth more and more highly collect In in computer system, the interconnection of all these computers is turned into a global communication network.Due to Internet predecessor It is the LAN constituted based on the scientific research institutions such as government bodies, research institute and university, the application program above it is in security From the aspect of seldom, so this Open Network of the foundation on TCP/IP standard agreements secure context exist it is congenital not Foot.Because being easy to the interception into row information in a network, monitoring and forge, people are unwilling to transmit relevant finance in a network Or legal sensitive information.With the promotion of the technologies such as WWW, JAVA, Internet is more and more commercially valuable, more Wish to carry out online ecommerce and electronic banking by Internet come more companies and individual, this peace also to network Full property proposes higher requirement, so only technically first solve safety issue, be possible to realize home buying, Without ideals such as paper merchants trades, Internet also could more rapid, healthily develop in itself.Therefore computer system and computer net Network is into one of main target of the offender's property entered destructive activity.Data are encrypted so that offender is without legal principle Confidential data is solved and utilized, is to prevent the effective means of destructive activity, therefore, cryptography recent two decades are developed rapidly, into One important branch of computer science.
The developing history of cryptography can substantially be divided into three phases:
First stage is from ancient times to 1949.This period is considered as the stage in eve of cryptography, this period Cryptographic technique can be described as a kind of art, rather than a kind of subject, cryptography expert enters often by intuition and conviction Row password is designed and analyzed, rather than reasoning is proved.
Second stage is from 1949 to 1975." information theory of secrecy system " one that Shannon in 1949 is delivered Text establishes theoretical foundation for Private Key Cryptosystem, and a subject is turned into from this cryptography, but cryptography still has until today Artistry, is a subject with artistry.
Phase III is 1976 to so far.The doctor W.Diffie and his tutor of Stanford Univ USA in 1976 The paper " new direction of cryptography " that M.E.Hellman is delivered causes a revolution in cryptography.They demonstrate first It is possible in the secret communication of transmitting terminal and receiving terminal without cipher key delivery, so as to start new era of public key cryptography.By The new quantum information science that information science, computer science and quantum mechanics are combined into is set up, and quantum techniques are in letter Application in terms of breath science result in quantum computer, quantum communications and the rise of quantum cryptography research boom.Quantum cryptography Basic foundation is the unclonable principle of quantum-mechanical uncertainty principle and quantum state, and it is based on the close of non-mathematical principle Code.Quantum cryptography has evincible security, while can also easily be detected to eavesdropping behavior.These characteristic amounts of causing Sub- password has the unexistent advantage of other passwords, thus quantum cryptography causes the height weight of international cryptography educational circles and community of physicists Depending on.Chaos " chaos " is a kind of complicated non-linear nonequilibrium kinetics process.Due to chaos sequence be it is a kind of have it is good with The non-linear sequence of machine, it is possible to constitute new stream cipher, therefore cause various countries password scholar to pay much attention to.
With the continuous lifting of computer hardware performance, existing cryptosystem is by by powerful impact.Pair therefore, plus The research and improvement of close algorithm, with very major and immediate significance.
The content of the invention
At least part of solution problems of the prior art, the present invention proposes a kind of based on the flat of dynamic authorization code Platform data ciphering method, including:
Platform data to be encrypted is obtained, plaintext M is used as;
Plaintext M generates plaintext DM to be encrypted after pretreatment P;
The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;
DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.
Wherein, plaintext M generates plaintext DM to be encrypted and specifically included after pretreatment P:
P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N random seed is together decided on Factor includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
P2:S is appended to M;
P3:Plaintext with flag bit is done into XOR with RS, upsets obtained after the rule of plaintext, computing random bright Literary RS_M;
P4:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted is constituted, preprocessing process terminates;
Wherein, specifically included according to key K by the encrypted instruction generator G command sequence A for generating dynamic encryption algorithm:
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1 In each non-singular matrix size;
G2:Again with key K initialization R_N, random sequence 2 is obtained, the non-singular matrix size initialized according to step G1, With the one by one structural matrix of random sequence 2;A matrix is often constructed, XOR is first done to it with key K, then to gained knot Fruit is judged, if not non-singular matrix, is then reconfigured, and this process is repeated, until result of determination is true, by structure The non-singular matrix made is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues to construct next non-singular matrix;No It is disconnected to repeat said process, finished until all non-singular matrixs in EM_SET are all constructed;
G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, the random sequence produced by R_N 3rd, EM_SET and plaintext collective effect to be encrypted, generation encrypted instruction sequence A;
Wherein, DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C and specifically wraps Include:
R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times power operation, according to transformation rule Power operation is carried out to instruction in A, the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for adding Close instruction;
R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, it is Head by the first tagging, arranges in plain text Column direction is labeled as Direction;
R2:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, the original position of piecemeal is labeled as Start1, Start1 position are since Head, during piecemeal, since Start1 positions, along Direction directions, with Start1 is target, and DM is carried out into isometric piecemeal according to CL1 size, and the header element of last block plaintext is labeled as End1, Remain1 is designated as along the plaintext segment mark on Direction directions between End1 and Start1, length is RL1, End1 and Start1 Between plaintext segment mark in the reverse direction be designated as Encrypt1, length is EL1, and EL1 is CL1 integral multiple, and Encrypt1 is first Take turns the plaintext section for encryption;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1; When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results and is used as Code.1 Transformation rule, specific method be by R1, Remain1 and K by one mapping, be mapped in Code.1 periodic spatial, so Power operation is carried out to Code.1 with the mapping value afterwards, acquired results are RC1;
R4:A designated value D1 is added behind Remain1;
R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identicals, for I-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head edge The expansion of Direction directions, that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1 Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N D1, D1 are that d1 and K carries out the result after XOR.
The invention also provides a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the sequence of instructions for generating dynamic encryption algorithm by encrypted instruction generator G according to key K Arrange A;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final Ciphertext C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's The codeterminants of random seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, computing The random plaintext RS_M obtained afterwards;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, pretreatment is constituted Process terminates;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced puppet Random sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, according at the beginning of step G1 The non-singular matrix size of beginningization, with the one by one structural matrix of random sequence 2;A matrix is often constructed, different first is done to it with key K Or computing, then acquired results are judged, if not non-singular matrix, then reconfigured, this process are repeated, directly It is true to result of determination, the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues structure Make next non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence is obtained 3, random sequence 3, EM_SET and the plaintext collective effect to be encrypted produced by R_N, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is that progress is more Few power operation, power operation is carried out according to transformation rule to instruction in A, command sequence AJ after computing (code.1, Code.2 ..., code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, by head Position mark is Head, and plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, point The original position of block is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1; When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, one is randomly choosed from acquired results Individual element R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to R1, Remain1 and K In Code.1 periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are Identical, for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards will be bright after encryption Text deploys since Head along Direction directions, and that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1 Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N D1, D1 are that d1 and K carries out the result after XOR.
Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the peace of platform data Quan Xing.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the platform data encryption method based on dynamic authorization code of the present invention;
Fig. 2 is a kind of block diagram of the platform data encryption device based on dynamic authorization code of the present invention.
Embodiment
Below in conjunction with the accompanying drawing of the present invention, technical scheme is clearly and completely described.Here will be detailed Carefully exemplary embodiment is illustrated, its example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings, unless otherwise table Show, the same numbers in different accompanying drawings represent same or analogous key element.Embodiment party described in following exemplary embodiment Formula does not represent all embodiments consistent with the present invention.On the contrary, they are only detailed with institute in such as appended claims The example of the consistent apparatus and method of some aspects state, the present invention.
The present invention uses the encipherment scheme based on non-singular matrix.
The domain of only limited element be referred to as finite field (in order to commemorate it founder, talent mathematician E.Galois and Name), it is most important algebraic process basis in coding theory.Due to the computing of finite field have no-carry, etc. bit, The characteristics of without rounding error, thus at error correcting code (ECC), encrypt, the field such as switching theorem and Digital Signal Processing has extensively General application, GF (pn) is than more typical finite field.There was only limited element in finite field F, its feature can not possibly be 0, no Then F will include rational field R0, its element will have infinite multiple.For q=pn, it is characterized in the domain Z of prime number pqIt is pnFirst finite field. Any finite field gf (pn) feature must be prime number p, and it is prime field ZqFinite field extension.And have:
Zq=0,1 ..., p-1 };
If F is finite field, g ∈ F*, F*It is F multiplicative group F*=F- { 0 }.And for any positive integer x, calculate
gxIt is easy;But known g and y seek x so that y=gx, it is computationally substantially impossible.This problem claims For the discrete logarithm problem in finite group.Elliptic curve cryptosystem (ECC), its foundation is defined on elliptic curve point group Discrete logarithm problem intractability.
OrderFor finite field FqThe set of upper all n × n matrixes,For FqThe n of upper non-zero ties up the set of row vector,For FqThe set of the n dimensional vectors of upper non-zero, and it is rightDefinition mapping fQMake pair There is fQ(x)=Qx, is to regard x as F hereqOn the matrix of a n × 1.Easily card fQDijection, i.e. fQForOne displacement. So can be by fQUniquely it is expressed as alternatively product (including the rotation that length is 1) of mutually not miscellaneous wheel:
Formula (1) is referred to as fQBreakdown.Understand:
MakeOne division.Obviously have:
If Q is in groupIn cycle be d, then<Q>={ Q, Q2,…,Qd=I } makeSubgroup.Appoint and take fQDecompose A rotation in formulaObviously there is nj≤ d, and it is rightPerseverance hasOrder:d =tnj+ r (0≤r < nj), if r ≠ 0, haveSo as to there is nj≤ r, contradiction!Therefore:
It is rightfQThe length of any rotation must divide exactly Q and exist in breakdownIn cycle.
It is rightIt is apparent from fQForIdentical permutation and if only if Q be unit battle array E.Therefore when Q is not unit matrix E When, fQThere must be the rotation that length is more than 1 in breakdown, and all rotation length sums are qn-1.If q0=1, q1,q2,…, qn-1All fall within fQThe same rotation of breakdownIn, then Q existsIn cycle d must be nj.Because allowing x points Q is not taken0=1, q1,q2,…,qn-1, byUnderstandTherefore have d | nj;N is known againj| d, so must have d=nj
Therefore work as fQBreakdown only one of which length is (qn- 1) during rotation, Q existsIn cycle must be (qn-1).It is rightPerseverance hasI.e.Just take timeUnderstand that Q is non-to each Zero n q systems number all has good ergodic, claimsIn have such property n rank full rank square formations Q be " finite field Fq On n rank full ranks square formation ", abbreviation full rank square formation.
As the above analysis, the non-singular matrix in finite field not only has good ergodic, and large number of, and Non-singular matrix is all reversible, and decryption can be easily encrypted with it.
Included based on non-singular matrix construction encrypted instruction collection:
(1) appoint and take a m rank non-singular matrix X and a n ranks non-singular matrix Y, (X, Y) is referred to as one of dynamic encryption algorithm Instruction, m × n is referred to as the size of instruction.
Length can be encrypted for m × n Plaintext block A using instruction (X, Y), A is expressed as m row n column matrix, plus Result B=XAY after close.Because X and Y are reversible, A is similar to B.
It is that impossible calculate instruction (X, Y) only by one group of A and B, and because X and Y are that dynamic random is chosen , size, value are all unknown, and the probability very little for instructing (X, Y) to be reused, so cryptanalysis person is difficult The Plaintext block and corresponding ciphertext blocks of encryption are instructed to multigroup use same, is also impossible to calculate instruction (X, Y).
(2) a series of instruction arranged in certain sequence is referred to as the instruction set IS of dynamic encryption algorithm.
Dynamic encryption is exactly after being pre-processed to plaintext, to randomly select the instruction in IS, according to certain rule to bright The process that text is encrypted.IS is the vital part of dynamic encryption algorithm, and IS dynamic random is to a certain extent It ensure that the dynamic of algorithm.
Because the definition of IS and instruction is understood, IS valued space is much larger than the quantity of non-singular matrix, that is to say, that we A very big instruction selection space can be produced using the non-singular matrix in finite field.This just constructs dynamic for us State algorithm provides the most important condition.
(3) the full rank square of set, referred to as dynamic encryption algorithm that a number of non-singular matrix is constituted is chosen according to key K Battle array collection EM_SET.
In order to ensure that it is bright that the dynamic of algorithm can allow decryption person to be recovered by key K in the rational time again Text, we limit IS scale by EM_SET.EM_SET size is moderate, if too small can make it that IS is too small, influence Algorithm dynamic, if too big, the time complexity that exploration can again decrypted is excessive.In encryption, when can use with system Between make the pseudorandom number generator of seed produced by random number carry out the selection instruction from IS.During decryption, first recovered according to K EM_SET, seeks all inverses of a matrix in EM_SET, obtains the non-singular matrix collection EM_SET of decipherment algorithm-1, copy encryption to calculate afterwards Method, obtains decryption instructions collection IS-1, then using IS-1In instruction sound out decipherment algorithm.Cryptanalysis person is not knowing K's In the case of, due to EM_SET can not be deduced, it also just cannot get IS-1, therefore to speculate or feel out decipherment algorithm is very Difficult.
Therefore, by using the non-singular matrix in finite field, we can construct the current communication needs of satisfaction and possess foot The dynamic encryption algorithm of enough intensity.
Such as Fig. 1, ciphering process of the invention is briefly as follows:
1st, plaintext M becomes random plaintext RS_M after pretreatment P;
2nd, the instruction set IS of dynamic encryption algorithm is generated as by encrypted instruction generator G according to key K, is selected at random in IS Select out command sequence A;
3rd, RS_M is encrypted according to the encryption equipment R rules specified using A, has just obtained final ciphertext C.
For the shorter plaintext of length, the present invention proposes following preferred embodiment one.
Preprocessing part (P):
P1:With pseudorandom number generator R_N safe in cryptography meaning, two sections of random sequence RS of generation and S, R_N's Truly random seed can be together decided on by other enchancement factors such as key K, system time T and plaintext Ms.Wherein RS length is by M Determine, when the length for requiring plaintext to be encrypted is in the same size with encrypted instruction, RS with encrypted instruction by together deciding in plain text;S It is random marker position, as boundary mark, helps to separate plaintext M with RS during decryption, can also be used to judge that decryption is It is no correct.RS is a dynamic authorization code.
P2:S is appended to after M.When souning out decryption, by judging that S correctness can confirm that the correct of decipherment algorithm Property.
P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, if RS is truly random, The random plaintext RS_M then obtained after computing is also necessarily truly random.
P4:RS_M, S, RS, S are sequentially connected with, plaintext to be encrypted is constituted, preprocessing process terminates.By finding out during decryption S, can obtain RS, and the plaintext with flag bit can be recovered by allowing RS and RS_M to do after XOR, at this moment judge S and previous Whether required S is consistent, if unanimously, can conclude that successful decryption.
AES produces part (G):
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1 In each non-singular matrix size.
G2:Again with key K initialization R_N, the non-singular matrix size initialized according to step G1, with random sequence 2 by Individual ground structural matrix.A matrix is often constructed, XOR is first done to it with key K, then acquired results are judged, such as Fruit is not non-singular matrix, then is reconfigured, and this process is repeated, until result of determination is true.At this moment, the matrix is added Into EM_SET, continue to construct next non-singular matrix.Said process is constantly repeated, until all non-singular matrixs in EM_SET It is all constructed to finish.Because pseudorandom number generator R_N kind subspace is limited, in order to prevent cryptanalysis person to R_N kinds The exhaustive attack of son, the sequence allowed produced by K and R_N has done XOR, even if this guarantees cryptanalysis person's exhaustion R_N Seed, also cannot get non-singular matrix collection.
G3:By key * K initialize R_N, the random sequence 3 produced by R_N, EM_SET and plaintext collective effect to be encrypted, Generate encrypted instruction sequence A.Specific method is:For first instruction, the random number produced first by R_N is in plaintext to be encrypted Preceding F (F is pre- sets) individual byte in randomly choose two bytes, determined by the concrete numerical value of the two bytes selection Which bar instruction in EM_SET.For the n-th (n>1) bar is instructed, then is the random number produced according to R_N, from plaintext to be encrypted Preceding L (L is determined by preceding n-1 bars are instructed) individual byte in randomly select two bytes to determine.The purpose for the arrangement is that Exploration during for the ease of decryption to decryption instructions, can first sound out first instruction, then further according to first according to F during decryption Next instruction is soundd out in bar instruction, and the rest may be inferred, until decryption is completed.
Ciphering process (R):
R0:By the transformation rule (carrying out how many times power operation) of key * K computationses, carried out according to rule to being instructed in A Power operation, the command sequence after computing is just actually used for the instruction of encryption;
R1:Treat encrypting plaintext and carry out piecemeal according to the size of encrypted instruction;
R2:Plaintext is encrypted using encrypted instruction, encryption method is specifically included:
The plaintext block length that plaintext M can once be encrypted according to instruction is divided into the n blocks not waited, one finger of each piece of correspondence Order, therefore encryption has used n block instructions altogether.When last block length of the plaintext is less than the size that instruction is required, " 0 " can be used Polishing.I.e.:I-th instruction Ii(Qi1 s,Qi2 t) correspond to i-th piece of plaintext mi;Plaintext piecemeal:M=m1,m2,m3,…,mn, wherein mi Size be sizeof (Qi1 s)×sizeof(Qi2 t);Ciphertext after encryption Wherein Connect represents the connection of character string.
The formula of encryption is described as follows:
Wherein n is block count, (Qn1,Qn2) instructed for nth bar, (sn,tn) it is the transformation rule that nth bar is instructed.
In non-singular matrix Q in finite field FqThere is maximum spanning set under middle matrix multiplication.And with Q all powers Premultiplication FqUpper any non-zero n dimensional vectors or the right side multiply FqThe result of upper any non-zero n dimensions row vector fully dissipates.OrderWithRespectively FqOn n × n and m × m non-singular matrixs, then to arbitraryIt is known that Q1 smi(1≤s≤qn- 1) it is that m each row have all been done with corresponding linear transformation, and miQ2 t(1≤t≤qm- 1) then to the every of m A line has all carried out linear transformation.Therefore Q can upset the position of each element in m, and change the value of each element.We are (Q1 s, Q2 t) as an instruction, this " upsetting " process is referred to as the one-time pad encryption to M.The main process of dynamic encryption algorithm is A series of instruction is generated at random, and M is encrypted according to certain method using these instructions.Therefore, we allow G parts It is responsible for a series of stochastic instruction of generation, R-portion is responsible for that information is encrypted using these instructions.
For the longer plaintext of length, the present invention proposes following preferred embodiment two.
Preprocessing part (P):This part handles be the same as Example one.
P1:With pseudorandom number generator R_N safe in cryptography meaning, two sections of random sequence RS of generation and S, R_N's Truly random seed can be together decided on by other enchancement factors such as key K, system time T and plaintext Ms.Wherein RS length is by M Determine, when the length for requiring plaintext to be encrypted is in the same size with encrypted instruction, RS with encrypted instruction by together deciding in plain text;S It is random marker position, as boundary mark, helps to separate plaintext M with RS during decryption, can also be used to judge that decryption is It is no correct.RS is a dynamic authorization code.
P2:S is appended to after M.When souning out decryption, by judging that S correctness can confirm that the correct of decipherment algorithm Property.
P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, if RS is truly random, The random plaintext RS_M then obtained after computing is also necessarily truly random.
P4:RS_M, S, RS, S are sequentially connected with, plaintext to be encrypted is constituted, preprocessing process terminates.By finding out during decryption S, can obtain RS, and the plaintext with flag bit can be recovered by allowing RS and RS_M to do after XOR, at this moment judge S and previous Whether required S is consistent, if unanimously, can conclude that successful decryption.
AES produces part (G):
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1 In each non-singular matrix size.
G2:Again with key K initialization R_N, the non-singular matrix size initialized according to step G1, with random sequence 2 by Individual ground structural matrix.A matrix is often constructed, XOR is first done to it with key K, then acquired results are judged, such as Fruit is not non-singular matrix, then is reconfigured, and this process is repeated, until result of determination is true.At this moment, the matrix is added Into EM_SET, continue to construct next non-singular matrix.Said process is constantly repeated, until all non-singular matrixs in EM_SET It is all constructed to finish.Because pseudorandom number generator R_N kind subspace is limited, in order to prevent cryptanalysis person to R_N kinds The exhaustive attack of son, the sequence allowed produced by K and R_N has done XOR, even if this guarantees cryptanalysis person's exhaustion R_N Seed, also cannot get non-singular matrix collection.
G3:By key * K initialize R_N, the random sequence 3 produced by R_N, EM_SET and plaintext collective effect to be encrypted, Generate encrypted instruction sequence A.Specific method is:For first instruction, the random number produced first by R_N is in plaintext to be encrypted Preceding F (F is pre- sets) individual byte in randomly choose two bytes, determined by the concrete numerical value of the two bytes selection Which bar instruction in EM_SET.For the n-th (n>1) bar is instructed, then is the random number produced according to R_N, from plaintext to be encrypted Preceding L (L is determined by preceding n-1 bars are instructed) individual byte in randomly select two bytes to determine.The purpose for the arrangement is that Exploration during for the ease of decryption to decryption instructions, can first sound out first instruction, then further according to first according to F during decryption Next instruction is soundd out in bar instruction, and the rest may be inferred, until decryption is completed.
Ciphering process (R):
R0:By the transformation rule (carrying out how many times power operation) of key * K computationses, carried out according to rule to being instructed in A Power operation, the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for the instruction of encryption.
R1:It is Head, plaintext orientation mark by the first tagging by the end to end formation ring-type of pretreated plaintext It is designated as Direction.
R2:Plaintext M is subjected to piecemeal by instruction Code.1 size CL1.The original position of piecemeal is labeled as Start1, Start1 position can also can be specified since Head by K.During piecemeal, since Start1 positions, along Direction directions, using Start1 as target, isometric piecemeal is carried out according to CL1 size by plaintext.The head of last block plaintext Rubidium marking is End1, is designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer Times, Encrypt1 is the plaintext section for being used to the first round encrypt.When length of the plaintext ML is not CL1 integral multiple, Remain1 conducts Last block of plaintext, length is less than CL1.When ML is CL1 integral multiple, Remain1 length is equal to CL1.Therefore have 0< RL1≤CL1。
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results and is used as Code.1 Transformation rule, specific method be by R1, Remain1 and K by one mapping, be mapped in Code.1 periodic spatial, so Power operation is carried out to Code.1 with the mapping value afterwards, acquired results are RC.1.It is to R1 random selection method:Use system time T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, and N1 is carried out according to RL1 size Modular arithmetic, is selected R1 according to acquired results.(for Ri selection, R_N first equally is initialized with T, R_N is chosen afterwards I-th of the random number N i produced, carries out modular arithmetic according to RLi size by Ni, Ri is selected according to acquired results.)
R4:For the ease of decrypting the exploration to algorithm, a designated value D1 is added behind Remain1.D1 calculating Method is to initialize R_N with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N D1, D1 are that d1 and K carries out the result after XOR.D1 randomness is determined by R1, as long as R1 is truly random, D1 is Truly random.According to R1 computational methods, R1 is determined by Remain1 sections of plaintext and K, and R1 selection is truly random , cryptanalysis person can not calculate R1 value only by ciphertext in the case where not knowing K, also can not just know D1 Value.Cryptanalysis person wants that it is also unworkable that D1 is found by R1 and D1 relation, because it is by K to transform to D1 by R1 Processing, be the relation that can not calculate R1 and D1, still more R1 and D1 value and position in the case where not knowing K It is that cryptanalysis person does not know.Therefore, addition is easy to the D1 of decryption to be safe behind R1.
R5:The Encrypt1 of piecemeal is encrypted (RC1 size and Code.1 is identical) using RC1.It is right In i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates.
R6:Start the second wheel encryption, the original position of encryption is Start2.Start2 is determined jointly by Start1 and step-length L Fixed, method is along Direction directions (reversely also possible) to be moved back by L element since Start1, and the position is exactly Start2.Determine after Start2, carry out block encryption, method and 1~5 step are identicals.
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head edge The expansion of Direction directions, that obtain is exactly the ciphertext C after encryption.
Further embodiment of this invention three is as follows.
For many encryption systems, its security depends entirely on some in the key that it uses and agreement The conditions such as parameter, especially for for the cryptographic system for having used random sequence, either true random number or pseudo random number The quality of quality directly affects the security performance of the system.
In nature, various random physical processes such as universe noise, the thermal noise of circuit and radioactive decay etc. are Can be used to produce random physical signalling, and there is also many chance events in computer, if can using these with Machine event, with reference to by well-designed program, so that it may to generate true random number.Although with the continuous hair of electronic technology Exhibition, the cost of various integrated circuits is more and more lower, but the price of randomizer on the market still compares at present Expensive.If can be not only cheap using existing hardware device on computer come if realizing real random number generator, Also so that the function of computer hardware equipment has obtained bigger performance.
The present invention realizes true random number using the ambient noise of the sound DAQ in computer.
(1) environmental noise data is gathered from sound card first;
Available audio frequency apparatus in a, lookup system;
Used audio format when b, setting collection;
C, if there is audio frequency apparatus, then open audio frequency apparatus;
D, application spatial cache;
E, addition spatial cache data head;
F, start receive voice data;
G, analyze data finish rear pass hull closure;
H, release spatial cache.
Specific implementation is:
A, using waveInGetNumDevs () function judge whether there is available audio frequency apparatus in system, the function is returned The quantity that value is exactly the workable audio frequency apparatus possessed at present in system is returned, if in the absence of audio in return O expression systems Equipment;
C, the audio frequency apparatus specified using waveInopen () function opening, need transmission several when using this function Individual parameter:First parameter is audio frequency apparatus handle, and an audio frequency apparatus must be first defined before using the function;Second Parameter is audio input device mark, if specifying the value to be that WAVE_MAPPER is exactly that to allow operating system voluntarily to select available Audio input device;The audio format used when 3rd parameter is by sound DAQ data, therefore before using the function Need that used audio format has been previously set;The message one that the function is returned has three kinds, and first is WIM_OPEN, such as Fruit function returns to this message and shows that the function has had already turned on the equipment specified, and we can enter in corresponding call back function The necessary operation of row or processing;Second is WIN_DATA, and function returns to this message and represents to include sound card in the message returned The voice data returned from extraneous collection, we can be divided voice data in call back function after receiving this message Analysis, generates the true random number required for us;3rd is WIN_CLOSE, can be in call back function if receiving this message Middle closing relevant device and releasing memory;
D, using waveInPrepareHeader functions be audio frequency apparatus prepare spatial cache data head;
E, using waveInAddBuffer () function spatial cache data head is added in audio frequency apparatus;
F, using waveInstart () function control sound card start receive voice data;
G, using waveInstop () function to sound card send instruct, control sound card stop receive data;Utilize WaveInclose () function closes the audio frequency apparatus specified;
H, the spatial cache applied just now in internal memory is discharged using waveInUnprepareHeader () function.
By these above-mentioned functions, we can be easily realized in the case where not generating any file very much, utilize sound Card reads the noise in environment, and is translated into data signal.Remaining work is exactly to analyze these data, excellent using one kind Good method generates true random number using these data signals.
(2) environmental noise data gathered is analyzed and processed;
Method one, the data progress statistical analysis returned to collection, take the average value of multiple audio collection points as threshold values, The data taken out in turn in buffer area are compared with threshold values, are 1 more than threshold values, are 0 less than or equal to threshold values;
Method two, directly take out and preserve data in the buffer, judge the parity of each amplitude, odd number is 1, even number For 0;So we only need to take out in turn each voice data in buffer area, directly by its mould 2, the direct chain of acquired results Enter random sequence end.
(3) it regard analysis processing result as random number.
The random number of the generation is the random sequence of 8 bytes,
System time T is obtained, system time is divided into year, month, day, hour, point five parts;
The first character section of the random number and system time year are made into XOR, XOR result is as index in year cipher key store In find out corresponding year key;
Second byte of the random number and the system time moon are made into XOR, XOR result is as index in moon cipher key store In find out corresponding moon key;
3rd byte of the random number and system time day are made into XOR, XOR result is as index in day cipher key store In find out corresponding day key;
4th byte of the random number and system time hour are made into XOR, XOR result is close in hour as indexing Corresponding hour key is found out in key storehouse;
5th byte of the random number and system time are allocated as XOR, XOR result is as index in year cipher key store In find out corresponding point of key;
By the six, the seven of the random number, eight bytes make Hash operation after being added, Hash operation result exists as index Corresponding random key is found out in random key storehouse;
By calculate obtain year key, moon key, day key, hour key, point key and random key combine, it is raw Into the character string of 32 bytes;
Using 16 bytes before 32 character strings of generation as encryption key K, rear 16 bytes are close as encrypting Key * K.
Such as Fig. 2, the invention also provides a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the sequence of instructions for generating dynamic encryption algorithm by encrypted instruction generator G according to key K Arrange A;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final Ciphertext C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's The codeterminants of random seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, computing The random plaintext RS_M obtained afterwards;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, pretreatment is constituted Process terminates;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced puppet Random sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, according at the beginning of step G1 The non-singular matrix size of beginningization, with the one by one structural matrix of random sequence 2;A matrix is often constructed, different first is done to it with key K Or computing, then acquired results are judged, if not non-singular matrix, then reconfigured, this process are repeated, directly It is true to result of determination, the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues structure Make next non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence is obtained 3, random sequence 3, EM_SET and the plaintext collective effect to be encrypted produced by R_N, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is that progress is more Few power operation, power operation is carried out according to transformation rule to instruction in A, command sequence AJ after computing (code.1, Code.2 ..., code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, by head Position mark is Head, and plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, point The original position of block is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1; When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, one is randomly choosed from acquired results Individual element R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to R1, Remain1 and K In Code.1 periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are Identical, for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards will be bright after encryption Text deploys since Head along Direction directions, and that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1 Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N D1, D1 are that d1 and K carries out the result after XOR.
Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the peace of platform data Quan Xing.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or Person's adaptations follow the general principle of the present invention and including undocumented common knowledge in the art of the invention Or conventional techniques.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.

Claims (6)

1. a kind of platform data encryption method based on dynamic authorization code, including:
Platform data to be encrypted is obtained, plaintext M is used as;
Plaintext M generates plaintext DM to be encrypted after pretreatment P;
The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;
DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.
Wherein, plaintext M generates plaintext DM to be encrypted and specifically included after pretreatment P:
P1:Pseudorandom number generator R_N is used, the codeterminants of two sections of random sequence RS and S, R_N random seed is generated Including:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
P2:S is appended to M;
P3:Plaintext with flag bit is done into XOR with RS, upsets the random plaintext obtained after the rule of plaintext, computing RS_M;
P4:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted is constituted, preprocessing process terminates;
Wherein, specifically included according to key K by the encrypted instruction generator G command sequence A for generating dynamic encryption algorithm:
G1:With key K initializing pseudo random number generator R_N, determine that non-singular matrix is concentrated with produced pseudo-random sequence 1 every The size of one non-singular matrix;
G2:Again with key K initialization R_N, obtain random sequence 2, the non-singular matrix size initialized according to step G1, with The one by one structural matrix of machine sequence 2;A matrix is often constructed, XOR is first done to it with key K, then acquired results are entered Row judges, if not non-singular matrix, is then reconfigured, and this process is repeated, until result of determination is true, by construction Non-singular matrix is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues to construct next non-singular matrix;It is constantly heavy Multiple said process, is finished until all non-singular matrixs in EM_SET are all constructed;
G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, the random sequence 3 that is produced by R_N, EM_ SET and plaintext collective effect to be encrypted, generation encrypted instruction sequence A;
Wherein, DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C and specifically includes:
R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times power operation, according to transformation rule to A Middle instruction carries out power operation, and the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for encryption Instruction;
R1:It is Head, plaintext arrangement side by the first tagging by the pretreated end to end formation ring-types of plaintext DM to be encrypted To labeled as Direction;
R2:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, the original position of piecemeal is labeled as Start1, Start1 position are since Head, during piecemeal, since Start1 positions, along Direction directions, with Start1 is target, and DM is carried out into isometric piecemeal according to CL1 size, and the header element of last block plaintext is labeled as End1, Remain1 is designated as along the plaintext segment mark on Direction directions between End1 and Start1, length is RL1, End1 and Start1 Between plaintext segment mark in the reverse direction be designated as Encrypt1, length is EL1, and EL1 is CL1 integral multiple, and Encrypt1 is first Take turns the plaintext section for encryption;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;Work as ML When being CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results as Code.1 change Rule is changed, specific method is, by a mapping, to be mapped to R1, Remain1 and K in Code.1 periodic spatial, Ran Houyong The mapping value carries out power operation to Code.1, and acquired results are RC1;
R4:A designated value D1 is added behind Remain1;
R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identicals, for i-th Block plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is along Direction directions to be moved back by L since Start1 Element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head along Direction directions are deployed, and that obtain is exactly the ciphertext C after encryption.
2. the method for claim 1, wherein it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, by N1 according to RL1 size carries out modular arithmetic, and R1 is selected according to acquired results;
For Ri selection, equally first initialize R_N with T, i-th of random number N i that R_N is produced chosen afterwards, by Ni according to RLi size carries out modular arithmetic, and Ri is selected according to acquired results.
3. the method for claim 1, wherein D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element d1 of sequence produced by selection R_N, D1 is that d1 and K carries out the result after XOR.
4. a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the command sequence A for generating dynamic encryption algorithm by encrypted instruction generator G according to key K;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's is random The codeterminants of seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, after computing The random plaintext RS_M arrived;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, preprocessing process is constituted Terminate;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced pseudorandom Sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, is initialized according to step G1 Non-singular matrix size, with the one by one structural matrix of random sequence 2;A matrix is often constructed, XOR fortune is first done to it with key K Calculate, then acquired results are judged, if not non-singular matrix, then reconfigured, this process is repeated, until sentencing It is true to determine result, and the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, is continued under constructing One non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, by Random sequence 3, EM_SET and plaintext collective effect to be encrypted that R_N is produced, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times Power operation, according to transformation rule in A instruction carry out power operation, after computing command sequence AJ (code.1, code.2 ..., Code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, first place is put Labeled as Head, plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, piecemeal Original position is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;Work as ML When being CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, a member is randomly choosed from acquired results Plain R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to Code.1's by R1, Remain1 and K In periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identical , for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is along Direction directions to be moved back by L since Start1 Element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption from Head starts to deploy along Direction directions, and that obtain is exactly the ciphertext C after encryption.
5. device as claimed in claim 4, wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, by N1 according to RL1 size carries out modular arithmetic, and R1 is selected according to acquired results;
For Ri selection, equally first initialize R_N with T, i-th of random number N i that R_N is produced chosen afterwards, by Ni according to RLi size carries out modular arithmetic, and Ri is selected according to acquired results.
6. device as claimed in claim 4, wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element d1 of sequence produced by selection R_N, D1 is that d1 and K carries out the result after XOR.
CN201710325846.6A 2017-05-10 2017-05-10 A kind of platform data encryption method and device based on dynamic authorization code Pending CN107124273A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710325846.6A CN107124273A (en) 2017-05-10 2017-05-10 A kind of platform data encryption method and device based on dynamic authorization code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710325846.6A CN107124273A (en) 2017-05-10 2017-05-10 A kind of platform data encryption method and device based on dynamic authorization code

Publications (1)

Publication Number Publication Date
CN107124273A true CN107124273A (en) 2017-09-01

Family

ID=59726809

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710325846.6A Pending CN107124273A (en) 2017-05-10 2017-05-10 A kind of platform data encryption method and device based on dynamic authorization code

Country Status (1)

Country Link
CN (1) CN107124273A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474428A (en) * 2018-11-28 2019-03-15 北京杰睿中恒科技有限公司 Dynamic encrypting method and device based on digital signal data
CN110401533A (en) * 2019-08-27 2019-11-01 腾讯科技(深圳)有限公司 A kind of private key encryption method and device
CN116318687A (en) * 2023-05-19 2023-06-23 广东广宇科技发展有限公司 Data dynamic encryption method based on bidirectional mapping matrix

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101383703A (en) * 2008-09-12 2009-03-11 华南理工大学 Dynamic ciphering system and method based on broad sense information field
CN101741544A (en) * 2009-12-29 2010-06-16 电子科技大学 Time-lag chaos iteration-based digital signature method and device
CN102135871A (en) * 2011-03-29 2011-07-27 深圳职业技术学院 Device for generating random number by using chaos theory and dynamic password token thereof
CN104009835A (en) * 2014-05-16 2014-08-27 南京邮电大学 File encrypting and decrypting method allowing parallel computing to be conducted in cloud storage system
CN104093029A (en) * 2014-07-22 2014-10-08 哈尔滨工业大学(威海) Video encryption algorithm based on new spatiotemporal chaos system
CN104486315A (en) * 2014-12-08 2015-04-01 北京航空航天大学 Revocable key external package decryption method based on content attributes
CN106100831A (en) * 2016-06-01 2016-11-09 兰雨晴 A kind of method and system transmitted and process data
CN106612273A (en) * 2016-08-31 2017-05-03 四川用联信息技术有限公司 Improved data transmission privacy protection algorithm in cloud computing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101383703A (en) * 2008-09-12 2009-03-11 华南理工大学 Dynamic ciphering system and method based on broad sense information field
CN101741544A (en) * 2009-12-29 2010-06-16 电子科技大学 Time-lag chaos iteration-based digital signature method and device
CN102135871A (en) * 2011-03-29 2011-07-27 深圳职业技术学院 Device for generating random number by using chaos theory and dynamic password token thereof
CN104009835A (en) * 2014-05-16 2014-08-27 南京邮电大学 File encrypting and decrypting method allowing parallel computing to be conducted in cloud storage system
CN104093029A (en) * 2014-07-22 2014-10-08 哈尔滨工业大学(威海) Video encryption algorithm based on new spatiotemporal chaos system
CN104486315A (en) * 2014-12-08 2015-04-01 北京航空航天大学 Revocable key external package decryption method based on content attributes
CN106100831A (en) * 2016-06-01 2016-11-09 兰雨晴 A kind of method and system transmitted and process data
CN106612273A (en) * 2016-08-31 2017-05-03 四川用联信息技术有限公司 Improved data transmission privacy protection algorithm in cloud computing

Non-Patent Citations (8)

* Cited by examiner, † Cited by third party
Title
刘婷婷: ""面向云计算的数据安全保护关键技术研究"", 《中国博士学位论文信息科技辑》 *
吴杨等: ""基于密文随机性度量值分布特征的分组密码算法识别方案"", 《通信学报》 *
唐有等: ""基于RFID系统的混沌动态扰动算法"", 《计算机应用》 *
张红等: ""混沌理论在密码学中的应用"", 《重庆大学学报(自然科学版)》 *
未东锋: "基于遍历矩阵的动态加密算法研究"", 《中国硕士学位论文全文数据库信息科技辑》 *
李肖璇: ""基于混沌系统的混合加密算法的研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
梅楠: ""基于有限域上遍历矩阵的动态加密器"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *
王传福等: ""基于混沌系统的SM4密钥扩展算法"", 《物理学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109474428A (en) * 2018-11-28 2019-03-15 北京杰睿中恒科技有限公司 Dynamic encrypting method and device based on digital signal data
CN110401533A (en) * 2019-08-27 2019-11-01 腾讯科技(深圳)有限公司 A kind of private key encryption method and device
CN110401533B (en) * 2019-08-27 2021-07-27 腾讯科技(深圳)有限公司 Private key encryption method and device
CN116318687A (en) * 2023-05-19 2023-06-23 广东广宇科技发展有限公司 Data dynamic encryption method based on bidirectional mapping matrix
CN116318687B (en) * 2023-05-19 2023-09-22 广东广宇科技发展有限公司 Data dynamic encryption method based on bidirectional mapping matrix

Similar Documents

Publication Publication Date Title
CN106941407A (en) A kind of method and apparatus of platform data dynamic encryption
CN104488218B (en) Encryption device, decryption device, encryption method, decryption method
CN107147486A (en) A kind of platform data encryption method and device based on dynamic variable length code
JPH08505275A (en) Device and method for generating a cipher stream
JP2014017556A5 (en)
JP2008513811A (en) Calculation conversion method and system
CN107124273A (en) A kind of platform data encryption method and device based on dynamic authorization code
Siahaan Blum Blum Shub in generating key in RC4
CN107078900B (en) Cryptographic system based on reproducible random sequences
Faraoun Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata
Mahmoud et al. A Metamorphic-Key-Hopping GOST Cipher and Its FPGA Implementation
JP4857230B2 (en) Pseudorandom number generator and encryption processing device using the same
JP3557037B2 (en) Random number generation device and method, key sequence generation device and method, encryption device and method, and decryption device and method
Vijayan et al. ASCII value based encryption system (AVB)
Joshi et al. A randomized approach for cryptography
Gulshan et al. Chaotic image encryption technique based on IDEA and discrete wavelet transformation
KR101076747B1 (en) Method and apparatus for random accessible encryption and decryption by using a hierarchical tree structure of stream cipher module
JP3816558B2 (en) Cryptosystem
Albeer et al. Key stream cipher based on coloured petri nets
Khalid et al. Encrypting data using the features of memetic algorithm and cryptography
Abbas et al. Audio cryptosystem based on LFSH and Chaotic map with ECC key management
Kadum et al. Developed OTP (one-time pad) key generation method based multi-self generation
JP2009288758A (en) Device and method for encoding process for establishing perfect secrecy of encoding and secret key by making variable in process information-theoretically indefinite using disposable variable
Adebayo A Multilevel Data Encryption Standard Cryptosystem with Residue Number System
Suri et al. A Cipher based on 3D array Block Rotation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170901