CN107124273A - A kind of platform data encryption method and device based on dynamic authorization code - Google Patents
A kind of platform data encryption method and device based on dynamic authorization code Download PDFInfo
- Publication number
- CN107124273A CN107124273A CN201710325846.6A CN201710325846A CN107124273A CN 107124273 A CN107124273 A CN 107124273A CN 201710325846 A CN201710325846 A CN 201710325846A CN 107124273 A CN107124273 A CN 107124273A
- Authority
- CN
- China
- Prior art keywords
- plaintext
- encrypted
- encryption
- sequence
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The present invention proposes a kind of platform data encryption method based on dynamic authorization code and device, and methods described includes:Platform data to be encrypted is obtained, plaintext M is used as;Plaintext M generates plaintext DM to be encrypted after pretreatment P;The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the security of platform data.
Description
Technical field
The present invention relates to safety verification field, and in particular to it is a kind of based on dynamic authorization code platform data encryption method and
Device.
Background technology
With the popularization of computer application and developing rapidly for Internet, society's secret and wealth more and more highly collect
In in computer system, the interconnection of all these computers is turned into a global communication network.Due to Internet predecessor
It is the LAN constituted based on the scientific research institutions such as government bodies, research institute and university, the application program above it is in security
From the aspect of seldom, so this Open Network of the foundation on TCP/IP standard agreements secure context exist it is congenital not
Foot.Because being easy to the interception into row information in a network, monitoring and forge, people are unwilling to transmit relevant finance in a network
Or legal sensitive information.With the promotion of the technologies such as WWW, JAVA, Internet is more and more commercially valuable, more
Wish to carry out online ecommerce and electronic banking by Internet come more companies and individual, this peace also to network
Full property proposes higher requirement, so only technically first solve safety issue, be possible to realize home buying,
Without ideals such as paper merchants trades, Internet also could more rapid, healthily develop in itself.Therefore computer system and computer net
Network is into one of main target of the offender's property entered destructive activity.Data are encrypted so that offender is without legal principle
Confidential data is solved and utilized, is to prevent the effective means of destructive activity, therefore, cryptography recent two decades are developed rapidly, into
One important branch of computer science.
The developing history of cryptography can substantially be divided into three phases:
First stage is from ancient times to 1949.This period is considered as the stage in eve of cryptography, this period
Cryptographic technique can be described as a kind of art, rather than a kind of subject, cryptography expert enters often by intuition and conviction
Row password is designed and analyzed, rather than reasoning is proved.
Second stage is from 1949 to 1975." information theory of secrecy system " one that Shannon in 1949 is delivered
Text establishes theoretical foundation for Private Key Cryptosystem, and a subject is turned into from this cryptography, but cryptography still has until today
Artistry, is a subject with artistry.
Phase III is 1976 to so far.The doctor W.Diffie and his tutor of Stanford Univ USA in 1976
The paper " new direction of cryptography " that M.E.Hellman is delivered causes a revolution in cryptography.They demonstrate first
It is possible in the secret communication of transmitting terminal and receiving terminal without cipher key delivery, so as to start new era of public key cryptography.By
The new quantum information science that information science, computer science and quantum mechanics are combined into is set up, and quantum techniques are in letter
Application in terms of breath science result in quantum computer, quantum communications and the rise of quantum cryptography research boom.Quantum cryptography
Basic foundation is the unclonable principle of quantum-mechanical uncertainty principle and quantum state, and it is based on the close of non-mathematical principle
Code.Quantum cryptography has evincible security, while can also easily be detected to eavesdropping behavior.These characteristic amounts of causing
Sub- password has the unexistent advantage of other passwords, thus quantum cryptography causes the height weight of international cryptography educational circles and community of physicists
Depending on.Chaos " chaos " is a kind of complicated non-linear nonequilibrium kinetics process.Due to chaos sequence be it is a kind of have it is good with
The non-linear sequence of machine, it is possible to constitute new stream cipher, therefore cause various countries password scholar to pay much attention to.
With the continuous lifting of computer hardware performance, existing cryptosystem is by by powerful impact.Pair therefore, plus
The research and improvement of close algorithm, with very major and immediate significance.
The content of the invention
At least part of solution problems of the prior art, the present invention proposes a kind of based on the flat of dynamic authorization code
Platform data ciphering method, including:
Platform data to be encrypted is obtained, plaintext M is used as;
Plaintext M generates plaintext DM to be encrypted after pretreatment P;
The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;
DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.
Wherein, plaintext M generates plaintext DM to be encrypted and specifically included after pretreatment P:
P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N random seed is together decided on
Factor includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
P2:S is appended to M;
P3:Plaintext with flag bit is done into XOR with RS, upsets obtained after the rule of plaintext, computing random bright
Literary RS_M;
P4:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted is constituted, preprocessing process terminates;
Wherein, specifically included according to key K by the encrypted instruction generator G command sequence A for generating dynamic encryption algorithm:
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1
In each non-singular matrix size;
G2:Again with key K initialization R_N, random sequence 2 is obtained, the non-singular matrix size initialized according to step G1,
With the one by one structural matrix of random sequence 2;A matrix is often constructed, XOR is first done to it with key K, then to gained knot
Fruit is judged, if not non-singular matrix, is then reconfigured, and this process is repeated, until result of determination is true, by structure
The non-singular matrix made is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues to construct next non-singular matrix;No
It is disconnected to repeat said process, finished until all non-singular matrixs in EM_SET are all constructed;
G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, the random sequence produced by R_N
3rd, EM_SET and plaintext collective effect to be encrypted, generation encrypted instruction sequence A;
Wherein, DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C and specifically wraps
Include:
R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times power operation, according to transformation rule
Power operation is carried out to instruction in A, the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for adding
Close instruction;
R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, it is Head by the first tagging, arranges in plain text
Column direction is labeled as Direction;
R2:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, the original position of piecemeal is labeled as
Start1, Start1 position are since Head, during piecemeal, since Start1 positions, along Direction directions, with
Start1 is target, and DM is carried out into isometric piecemeal according to CL1 size, and the header element of last block plaintext is labeled as End1,
Remain1 is designated as along the plaintext segment mark on Direction directions between End1 and Start1, length is RL1, End1 and Start1
Between plaintext segment mark in the reverse direction be designated as Encrypt1, length is EL1, and EL1 is CL1 integral multiple, and Encrypt1 is first
Take turns the plaintext section for encryption;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;
When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results and is used as Code.1
Transformation rule, specific method be by R1, Remain1 and K by one mapping, be mapped in Code.1 periodic spatial, so
Power operation is carried out to Code.1 with the mapping value afterwards, acquired results are RC1;
R4:A designated value D1 is added behind Remain1;
R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identicals, for
I-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions
L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head edge
The expansion of Direction directions, that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1
Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed
Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N
D1, D1 are that d1 and K carries out the result after XOR.
The invention also provides a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the sequence of instructions for generating dynamic encryption algorithm by encrypted instruction generator G according to key K
Arrange A;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final
Ciphertext C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's
The codeterminants of random seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, computing
The random plaintext RS_M obtained afterwards;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, pretreatment is constituted
Process terminates;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced puppet
Random sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, according at the beginning of step G1
The non-singular matrix size of beginningization, with the one by one structural matrix of random sequence 2;A matrix is often constructed, different first is done to it with key K
Or computing, then acquired results are judged, if not non-singular matrix, then reconfigured, this process are repeated, directly
It is true to result of determination, the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues structure
Make next non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence is obtained
3, random sequence 3, EM_SET and the plaintext collective effect to be encrypted produced by R_N, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is that progress is more
Few power operation, power operation is carried out according to transformation rule to instruction in A, command sequence AJ after computing (code.1,
Code.2 ..., code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, by head
Position mark is Head, and plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, point
The original position of block is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along
Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM
Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is
Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer
Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;
When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, one is randomly choosed from acquired results
Individual element R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to R1, Remain1 and K
In Code.1 periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are
Identical, for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions
L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards will be bright after encryption
Text deploys since Head along Direction directions, and that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1
Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed
Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N
D1, D1 are that d1 and K carries out the result after XOR.
Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the peace of platform data
Quan Xing.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the platform data encryption method based on dynamic authorization code of the present invention;
Fig. 2 is a kind of block diagram of the platform data encryption device based on dynamic authorization code of the present invention.
Embodiment
Below in conjunction with the accompanying drawing of the present invention, technical scheme is clearly and completely described.Here will be detailed
Carefully exemplary embodiment is illustrated, its example is illustrated in the accompanying drawings.In the following description when referring to the accompanying drawings, unless otherwise table
Show, the same numbers in different accompanying drawings represent same or analogous key element.Embodiment party described in following exemplary embodiment
Formula does not represent all embodiments consistent with the present invention.On the contrary, they are only detailed with institute in such as appended claims
The example of the consistent apparatus and method of some aspects state, the present invention.
The present invention uses the encipherment scheme based on non-singular matrix.
The domain of only limited element be referred to as finite field (in order to commemorate it founder, talent mathematician E.Galois and
Name), it is most important algebraic process basis in coding theory.Due to the computing of finite field have no-carry, etc. bit,
The characteristics of without rounding error, thus at error correcting code (ECC), encrypt, the field such as switching theorem and Digital Signal Processing has extensively
General application, GF (pn) is than more typical finite field.There was only limited element in finite field F, its feature can not possibly be 0, no
Then F will include rational field R0, its element will have infinite multiple.For q=pn, it is characterized in the domain Z of prime number pqIt is pnFirst finite field.
Any finite field gf (pn) feature must be prime number p, and it is prime field ZqFinite field extension.And have:
Zq=0,1 ..., p-1 };
If F is finite field, g ∈ F*, F*It is F multiplicative group F*=F- { 0 }.And for any positive integer x, calculate
gxIt is easy;But known g and y seek x so that y=gx, it is computationally substantially impossible.This problem claims
For the discrete logarithm problem in finite group.Elliptic curve cryptosystem (ECC), its foundation is defined on elliptic curve point group
Discrete logarithm problem intractability.
OrderFor finite field FqThe set of upper all n × n matrixes,For FqThe n of upper non-zero ties up the set of row vector,For FqThe set of the n dimensional vectors of upper non-zero, and it is rightDefinition mapping fQ:Make pair
There is fQ(x)=Qx, is to regard x as F hereqOn the matrix of a n × 1.Easily card fQDijection, i.e. fQForOne displacement.
So can be by fQUniquely it is expressed as alternatively product (including the rotation that length is 1) of mutually not miscellaneous wheel:
Formula (1) is referred to as fQBreakdown.Understand:
MakeOne division.Obviously have:
If Q is in groupIn cycle be d, then<Q>={ Q, Q2,…,Qd=I } makeSubgroup.Appoint and take fQDecompose
A rotation in formulaObviously there is nj≤ d, and it is rightPerseverance hasOrder:d
=tnj+ r (0≤r < nj), if r ≠ 0, haveSo as to there is nj≤ r, contradiction!Therefore:
It is rightfQThe length of any rotation must divide exactly Q and exist in breakdownIn cycle.
It is rightIt is apparent from fQForIdentical permutation and if only if Q be unit battle array E.Therefore when Q is not unit matrix E
When, fQThere must be the rotation that length is more than 1 in breakdown, and all rotation length sums are qn-1.If q0=1, q1,q2,…,
qn-1All fall within fQThe same rotation of breakdownIn, then Q existsIn cycle d must be nj.Because allowing x points
Q is not taken0=1, q1,q2,…,qn-1, byUnderstandTherefore have d | nj;N is known againj| d, so must have d=nj。
Therefore work as fQBreakdown only one of which length is (qn- 1) during rotation, Q existsIn cycle must be (qn-1).It is rightPerseverance hasI.e.Just take timeUnderstand that Q is non-to each
Zero n q systems number all has good ergodic, claimsIn have such property n rank full rank square formations Q be " finite field Fq
On n rank full ranks square formation ", abbreviation full rank square formation.
As the above analysis, the non-singular matrix in finite field not only has good ergodic, and large number of, and
Non-singular matrix is all reversible, and decryption can be easily encrypted with it.
Included based on non-singular matrix construction encrypted instruction collection:
(1) appoint and take a m rank non-singular matrix X and a n ranks non-singular matrix Y, (X, Y) is referred to as one of dynamic encryption algorithm
Instruction, m × n is referred to as the size of instruction.
Length can be encrypted for m × n Plaintext block A using instruction (X, Y), A is expressed as m row n column matrix, plus
Result B=XAY after close.Because X and Y are reversible, A is similar to B.
It is that impossible calculate instruction (X, Y) only by one group of A and B, and because X and Y are that dynamic random is chosen
, size, value are all unknown, and the probability very little for instructing (X, Y) to be reused, so cryptanalysis person is difficult
The Plaintext block and corresponding ciphertext blocks of encryption are instructed to multigroup use same, is also impossible to calculate instruction (X, Y).
(2) a series of instruction arranged in certain sequence is referred to as the instruction set IS of dynamic encryption algorithm.
Dynamic encryption is exactly after being pre-processed to plaintext, to randomly select the instruction in IS, according to certain rule to bright
The process that text is encrypted.IS is the vital part of dynamic encryption algorithm, and IS dynamic random is to a certain extent
It ensure that the dynamic of algorithm.
Because the definition of IS and instruction is understood, IS valued space is much larger than the quantity of non-singular matrix, that is to say, that we
A very big instruction selection space can be produced using the non-singular matrix in finite field.This just constructs dynamic for us
State algorithm provides the most important condition.
(3) the full rank square of set, referred to as dynamic encryption algorithm that a number of non-singular matrix is constituted is chosen according to key K
Battle array collection EM_SET.
In order to ensure that it is bright that the dynamic of algorithm can allow decryption person to be recovered by key K in the rational time again
Text, we limit IS scale by EM_SET.EM_SET size is moderate, if too small can make it that IS is too small, influence
Algorithm dynamic, if too big, the time complexity that exploration can again decrypted is excessive.In encryption, when can use with system
Between make the pseudorandom number generator of seed produced by random number carry out the selection instruction from IS.During decryption, first recovered according to K
EM_SET, seeks all inverses of a matrix in EM_SET, obtains the non-singular matrix collection EM_SET of decipherment algorithm-1, copy encryption to calculate afterwards
Method, obtains decryption instructions collection IS-1, then using IS-1In instruction sound out decipherment algorithm.Cryptanalysis person is not knowing K's
In the case of, due to EM_SET can not be deduced, it also just cannot get IS-1, therefore to speculate or feel out decipherment algorithm is very
Difficult.
Therefore, by using the non-singular matrix in finite field, we can construct the current communication needs of satisfaction and possess foot
The dynamic encryption algorithm of enough intensity.
Such as Fig. 1, ciphering process of the invention is briefly as follows:
1st, plaintext M becomes random plaintext RS_M after pretreatment P;
2nd, the instruction set IS of dynamic encryption algorithm is generated as by encrypted instruction generator G according to key K, is selected at random in IS
Select out command sequence A;
3rd, RS_M is encrypted according to the encryption equipment R rules specified using A, has just obtained final ciphertext C.
For the shorter plaintext of length, the present invention proposes following preferred embodiment one.
Preprocessing part (P):
P1:With pseudorandom number generator R_N safe in cryptography meaning, two sections of random sequence RS of generation and S, R_N's
Truly random seed can be together decided on by other enchancement factors such as key K, system time T and plaintext Ms.Wherein RS length is by M
Determine, when the length for requiring plaintext to be encrypted is in the same size with encrypted instruction, RS with encrypted instruction by together deciding in plain text;S
It is random marker position, as boundary mark, helps to separate plaintext M with RS during decryption, can also be used to judge that decryption is
It is no correct.RS is a dynamic authorization code.
P2:S is appended to after M.When souning out decryption, by judging that S correctness can confirm that the correct of decipherment algorithm
Property.
P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, if RS is truly random,
The random plaintext RS_M then obtained after computing is also necessarily truly random.
P4:RS_M, S, RS, S are sequentially connected with, plaintext to be encrypted is constituted, preprocessing process terminates.By finding out during decryption
S, can obtain RS, and the plaintext with flag bit can be recovered by allowing RS and RS_M to do after XOR, at this moment judge S and previous
Whether required S is consistent, if unanimously, can conclude that successful decryption.
AES produces part (G):
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1
In each non-singular matrix size.
G2:Again with key K initialization R_N, the non-singular matrix size initialized according to step G1, with random sequence 2 by
Individual ground structural matrix.A matrix is often constructed, XOR is first done to it with key K, then acquired results are judged, such as
Fruit is not non-singular matrix, then is reconfigured, and this process is repeated, until result of determination is true.At this moment, the matrix is added
Into EM_SET, continue to construct next non-singular matrix.Said process is constantly repeated, until all non-singular matrixs in EM_SET
It is all constructed to finish.Because pseudorandom number generator R_N kind subspace is limited, in order to prevent cryptanalysis person to R_N kinds
The exhaustive attack of son, the sequence allowed produced by K and R_N has done XOR, even if this guarantees cryptanalysis person's exhaustion R_N
Seed, also cannot get non-singular matrix collection.
G3:By key * K initialize R_N, the random sequence 3 produced by R_N, EM_SET and plaintext collective effect to be encrypted,
Generate encrypted instruction sequence A.Specific method is:For first instruction, the random number produced first by R_N is in plaintext to be encrypted
Preceding F (F is pre- sets) individual byte in randomly choose two bytes, determined by the concrete numerical value of the two bytes selection
Which bar instruction in EM_SET.For the n-th (n>1) bar is instructed, then is the random number produced according to R_N, from plaintext to be encrypted
Preceding L (L is determined by preceding n-1 bars are instructed) individual byte in randomly select two bytes to determine.The purpose for the arrangement is that
Exploration during for the ease of decryption to decryption instructions, can first sound out first instruction, then further according to first according to F during decryption
Next instruction is soundd out in bar instruction, and the rest may be inferred, until decryption is completed.
Ciphering process (R):
R0:By the transformation rule (carrying out how many times power operation) of key * K computationses, carried out according to rule to being instructed in A
Power operation, the command sequence after computing is just actually used for the instruction of encryption;
R1:Treat encrypting plaintext and carry out piecemeal according to the size of encrypted instruction;
R2:Plaintext is encrypted using encrypted instruction, encryption method is specifically included:
The plaintext block length that plaintext M can once be encrypted according to instruction is divided into the n blocks not waited, one finger of each piece of correspondence
Order, therefore encryption has used n block instructions altogether.When last block length of the plaintext is less than the size that instruction is required, " 0 " can be used
Polishing.I.e.:I-th instruction Ii(Qi1 s,Qi2 t) correspond to i-th piece of plaintext mi;Plaintext piecemeal:M=m1,m2,m3,…,mn, wherein mi
Size be sizeof (Qi1 s)×sizeof(Qi2 t);Ciphertext after encryption
Wherein Connect represents the connection of character string.
The formula of encryption is described as follows:
Wherein n is block count, (Qn1,Qn2) instructed for nth bar, (sn,tn) it is the transformation rule that nth bar is instructed.
In non-singular matrix Q in finite field FqThere is maximum spanning set under middle matrix multiplication.And with Q all powers
Premultiplication FqUpper any non-zero n dimensional vectors or the right side multiply FqThe result of upper any non-zero n dimensions row vector fully dissipates.OrderWithRespectively FqOn n × n and m × m non-singular matrixs, then to arbitraryIt is known that
Q1 smi(1≤s≤qn- 1) it is that m each row have all been done with corresponding linear transformation, and miQ2 t(1≤t≤qm- 1) then to the every of m
A line has all carried out linear transformation.Therefore Q can upset the position of each element in m, and change the value of each element.We are (Q1 s,
Q2 t) as an instruction, this " upsetting " process is referred to as the one-time pad encryption to M.The main process of dynamic encryption algorithm is
A series of instruction is generated at random, and M is encrypted according to certain method using these instructions.Therefore, we allow G parts
It is responsible for a series of stochastic instruction of generation, R-portion is responsible for that information is encrypted using these instructions.
For the longer plaintext of length, the present invention proposes following preferred embodiment two.
Preprocessing part (P):This part handles be the same as Example one.
P1:With pseudorandom number generator R_N safe in cryptography meaning, two sections of random sequence RS of generation and S, R_N's
Truly random seed can be together decided on by other enchancement factors such as key K, system time T and plaintext Ms.Wherein RS length is by M
Determine, when the length for requiring plaintext to be encrypted is in the same size with encrypted instruction, RS with encrypted instruction by together deciding in plain text;S
It is random marker position, as boundary mark, helps to separate plaintext M with RS during decryption, can also be used to judge that decryption is
It is no correct.RS is a dynamic authorization code.
P2:S is appended to after M.When souning out decryption, by judging that S correctness can confirm that the correct of decipherment algorithm
Property.
P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, if RS is truly random,
The random plaintext RS_M then obtained after computing is also necessarily truly random.
P4:RS_M, S, RS, S are sequentially connected with, plaintext to be encrypted is constituted, preprocessing process terminates.By finding out during decryption
S, can obtain RS, and the plaintext with flag bit can be recovered by allowing RS and RS_M to do after XOR, at this moment judge S and previous
Whether required S is consistent, if unanimously, can conclude that successful decryption.
AES produces part (G):
G1:With key K initializing pseudo random number generator R_N, non-singular matrix collection is determined with produced pseudo-random sequence 1
In each non-singular matrix size.
G2:Again with key K initialization R_N, the non-singular matrix size initialized according to step G1, with random sequence 2 by
Individual ground structural matrix.A matrix is often constructed, XOR is first done to it with key K, then acquired results are judged, such as
Fruit is not non-singular matrix, then is reconfigured, and this process is repeated, until result of determination is true.At this moment, the matrix is added
Into EM_SET, continue to construct next non-singular matrix.Said process is constantly repeated, until all non-singular matrixs in EM_SET
It is all constructed to finish.Because pseudorandom number generator R_N kind subspace is limited, in order to prevent cryptanalysis person to R_N kinds
The exhaustive attack of son, the sequence allowed produced by K and R_N has done XOR, even if this guarantees cryptanalysis person's exhaustion R_N
Seed, also cannot get non-singular matrix collection.
G3:By key * K initialize R_N, the random sequence 3 produced by R_N, EM_SET and plaintext collective effect to be encrypted,
Generate encrypted instruction sequence A.Specific method is:For first instruction, the random number produced first by R_N is in plaintext to be encrypted
Preceding F (F is pre- sets) individual byte in randomly choose two bytes, determined by the concrete numerical value of the two bytes selection
Which bar instruction in EM_SET.For the n-th (n>1) bar is instructed, then is the random number produced according to R_N, from plaintext to be encrypted
Preceding L (L is determined by preceding n-1 bars are instructed) individual byte in randomly select two bytes to determine.The purpose for the arrangement is that
Exploration during for the ease of decryption to decryption instructions, can first sound out first instruction, then further according to first according to F during decryption
Next instruction is soundd out in bar instruction, and the rest may be inferred, until decryption is completed.
Ciphering process (R):
R0:By the transformation rule (carrying out how many times power operation) of key * K computationses, carried out according to rule to being instructed in A
Power operation, the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for the instruction of encryption.
R1:It is Head, plaintext orientation mark by the first tagging by the end to end formation ring-type of pretreated plaintext
It is designated as Direction.
R2:Plaintext M is subjected to piecemeal by instruction Code.1 size CL1.The original position of piecemeal is labeled as Start1,
Start1 position can also can be specified since Head by K.During piecemeal, since Start1 positions, along
Direction directions, using Start1 as target, isometric piecemeal is carried out according to CL1 size by plaintext.The head of last block plaintext
Rubidium marking is End1, is designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is
Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer
Times, Encrypt1 is the plaintext section for being used to the first round encrypt.When length of the plaintext ML is not CL1 integral multiple, Remain1 conducts
Last block of plaintext, length is less than CL1.When ML is CL1 integral multiple, Remain1 length is equal to CL1.Therefore have 0<
RL1≤CL1。
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results and is used as Code.1
Transformation rule, specific method be by R1, Remain1 and K by one mapping, be mapped in Code.1 periodic spatial, so
Power operation is carried out to Code.1 with the mapping value afterwards, acquired results are RC.1.It is to R1 random selection method:Use system time
T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, and N1 is carried out according to RL1 size
Modular arithmetic, is selected R1 according to acquired results.(for Ri selection, R_N first equally is initialized with T, R_N is chosen afterwards
I-th of the random number N i produced, carries out modular arithmetic according to RLi size by Ni, Ri is selected according to acquired results.)
R4:For the ease of decrypting the exploration to algorithm, a designated value D1 is added behind Remain1.D1 calculating
Method is to initialize R_N with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N
D1, D1 are that d1 and K carries out the result after XOR.D1 randomness is determined by R1, as long as R1 is truly random, D1 is
Truly random.According to R1 computational methods, R1 is determined by Remain1 sections of plaintext and K, and R1 selection is truly random
, cryptanalysis person can not calculate R1 value only by ciphertext in the case where not knowing K, also can not just know D1
Value.Cryptanalysis person wants that it is also unworkable that D1 is found by R1 and D1 relation, because it is by K to transform to D1 by R1
Processing, be the relation that can not calculate R1 and D1, still more R1 and D1 value and position in the case where not knowing K
It is that cryptanalysis person does not know.Therefore, addition is easy to the D1 of decryption to be safe behind R1.
R5:The Encrypt1 of piecemeal is encrypted (RC1 size and Code.1 is identical) using RC1.It is right
In i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates.
R6:Start the second wheel encryption, the original position of encryption is Start2.Start2 is determined jointly by Start1 and step-length L
Fixed, method is along Direction directions (reversely also possible) to be moved back by L element since Start1, and the position is exactly
Start2.Determine after Start2, carry out block encryption, method and 1~5 step are identicals.
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head edge
The expansion of Direction directions, that obtain is exactly the ciphertext C after encryption.
Further embodiment of this invention three is as follows.
For many encryption systems, its security depends entirely on some in the key that it uses and agreement
The conditions such as parameter, especially for for the cryptographic system for having used random sequence, either true random number or pseudo random number
The quality of quality directly affects the security performance of the system.
In nature, various random physical processes such as universe noise, the thermal noise of circuit and radioactive decay etc. are
Can be used to produce random physical signalling, and there is also many chance events in computer, if can using these with
Machine event, with reference to by well-designed program, so that it may to generate true random number.Although with the continuous hair of electronic technology
Exhibition, the cost of various integrated circuits is more and more lower, but the price of randomizer on the market still compares at present
Expensive.If can be not only cheap using existing hardware device on computer come if realizing real random number generator,
Also so that the function of computer hardware equipment has obtained bigger performance.
The present invention realizes true random number using the ambient noise of the sound DAQ in computer.
(1) environmental noise data is gathered from sound card first;
Available audio frequency apparatus in a, lookup system;
Used audio format when b, setting collection;
C, if there is audio frequency apparatus, then open audio frequency apparatus;
D, application spatial cache;
E, addition spatial cache data head;
F, start receive voice data;
G, analyze data finish rear pass hull closure;
H, release spatial cache.
Specific implementation is:
A, using waveInGetNumDevs () function judge whether there is available audio frequency apparatus in system, the function is returned
The quantity that value is exactly the workable audio frequency apparatus possessed at present in system is returned, if in the absence of audio in return O expression systems
Equipment;
C, the audio frequency apparatus specified using waveInopen () function opening, need transmission several when using this function
Individual parameter:First parameter is audio frequency apparatus handle, and an audio frequency apparatus must be first defined before using the function;Second
Parameter is audio input device mark, if specifying the value to be that WAVE_MAPPER is exactly that to allow operating system voluntarily to select available
Audio input device;The audio format used when 3rd parameter is by sound DAQ data, therefore before using the function
Need that used audio format has been previously set;The message one that the function is returned has three kinds, and first is WIM_OPEN, such as
Fruit function returns to this message and shows that the function has had already turned on the equipment specified, and we can enter in corresponding call back function
The necessary operation of row or processing;Second is WIN_DATA, and function returns to this message and represents to include sound card in the message returned
The voice data returned from extraneous collection, we can be divided voice data in call back function after receiving this message
Analysis, generates the true random number required for us;3rd is WIN_CLOSE, can be in call back function if receiving this message
Middle closing relevant device and releasing memory;
D, using waveInPrepareHeader functions be audio frequency apparatus prepare spatial cache data head;
E, using waveInAddBuffer () function spatial cache data head is added in audio frequency apparatus;
F, using waveInstart () function control sound card start receive voice data;
G, using waveInstop () function to sound card send instruct, control sound card stop receive data;Utilize
WaveInclose () function closes the audio frequency apparatus specified;
H, the spatial cache applied just now in internal memory is discharged using waveInUnprepareHeader () function.
By these above-mentioned functions, we can be easily realized in the case where not generating any file very much, utilize sound
Card reads the noise in environment, and is translated into data signal.Remaining work is exactly to analyze these data, excellent using one kind
Good method generates true random number using these data signals.
(2) environmental noise data gathered is analyzed and processed;
Method one, the data progress statistical analysis returned to collection, take the average value of multiple audio collection points as threshold values,
The data taken out in turn in buffer area are compared with threshold values, are 1 more than threshold values, are 0 less than or equal to threshold values;
Method two, directly take out and preserve data in the buffer, judge the parity of each amplitude, odd number is 1, even number
For 0;So we only need to take out in turn each voice data in buffer area, directly by its mould 2, the direct chain of acquired results
Enter random sequence end.
(3) it regard analysis processing result as random number.
The random number of the generation is the random sequence of 8 bytes,
System time T is obtained, system time is divided into year, month, day, hour, point five parts;
The first character section of the random number and system time year are made into XOR, XOR result is as index in year cipher key store
In find out corresponding year key;
Second byte of the random number and the system time moon are made into XOR, XOR result is as index in moon cipher key store
In find out corresponding moon key;
3rd byte of the random number and system time day are made into XOR, XOR result is as index in day cipher key store
In find out corresponding day key;
4th byte of the random number and system time hour are made into XOR, XOR result is close in hour as indexing
Corresponding hour key is found out in key storehouse;
5th byte of the random number and system time are allocated as XOR, XOR result is as index in year cipher key store
In find out corresponding point of key;
By the six, the seven of the random number, eight bytes make Hash operation after being added, Hash operation result exists as index
Corresponding random key is found out in random key storehouse;
By calculate obtain year key, moon key, day key, hour key, point key and random key combine, it is raw
Into the character string of 32 bytes;
Using 16 bytes before 32 character strings of generation as encryption key K, rear 16 bytes are close as encrypting
Key * K.
Such as Fig. 2, the invention also provides a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the sequence of instructions for generating dynamic encryption algorithm by encrypted instruction generator G according to key K
Arrange A;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final
Ciphertext C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's
The codeterminants of random seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, computing
The random plaintext RS_M obtained afterwards;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, pretreatment is constituted
Process terminates;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced puppet
Random sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, according at the beginning of step G1
The non-singular matrix size of beginningization, with the one by one structural matrix of random sequence 2;A matrix is often constructed, different first is done to it with key K
Or computing, then acquired results are judged, if not non-singular matrix, then reconfigured, this process are repeated, directly
It is true to result of determination, the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues structure
Make next non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence is obtained
3, random sequence 3, EM_SET and the plaintext collective effect to be encrypted produced by R_N, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is that progress is more
Few power operation, power operation is carried out according to transformation rule to instruction in A, command sequence AJ after computing (code.1,
Code.2 ..., code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, by head
Position mark is Head, and plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, point
The original position of block is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along
Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM
Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is
Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer
Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;
When ML is CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, one is randomly choosed from acquired results
Individual element R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to R1, Remain1 and K
In Code.1 periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are
Identical, for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is to be moved back by since Start1 along Direction directions
L element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards will be bright after encryption
Text deploys since Head along Direction directions, and that obtain is exactly the ciphertext C after encryption.
Wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, first random number N 1 produced by R_N is chosen, by N1
Modular arithmetic is carried out according to RL1 size, R1 is selected according to acquired results;
For Ri selection, R_N first equally is initialized with T, i-th of random number N i that R_N is produced is chosen afterwards, Ni is pressed
Size according to RLi carries out modular arithmetic, and Ri is selected according to acquired results.
Wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element of sequence produced by selection R_N
D1, D1 are that d1 and K carries out the result after XOR.
Platform data encryption method and device proposed by the present invention based on dynamic authorization code, improve the peace of platform data
Quan Xing.
Those skilled in the art will readily occur to its of the present invention after considering specification and putting into practice invention disclosed herein
Its embodiment.The application be intended to the present invention any modification, purposes or adaptations, these modifications, purposes or
Person's adaptations follow the general principle of the present invention and including undocumented common knowledge in the art of the invention
Or conventional techniques.
It should be appreciated that the invention is not limited in the precision architecture for being described above and being shown in the drawings, and
And various modifications and changes can be being carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (6)
1. a kind of platform data encryption method based on dynamic authorization code, including:
Platform data to be encrypted is obtained, plaintext M is used as;
Plaintext M generates plaintext DM to be encrypted after pretreatment P;
The command sequence A of dynamic encryption algorithm is generated by encrypted instruction generator G according to key K;
DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C.
Wherein, plaintext M generates plaintext DM to be encrypted and specifically included after pretreatment P:
P1:Pseudorandom number generator R_N is used, the codeterminants of two sections of random sequence RS and S, R_N random seed is generated
Including:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
P2:S is appended to M;
P3:Plaintext with flag bit is done into XOR with RS, upsets the random plaintext obtained after the rule of plaintext, computing
RS_M;
P4:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted is constituted, preprocessing process terminates;
Wherein, specifically included according to key K by the encrypted instruction generator G command sequence A for generating dynamic encryption algorithm:
G1:With key K initializing pseudo random number generator R_N, determine that non-singular matrix is concentrated with produced pseudo-random sequence 1 every
The size of one non-singular matrix;
G2:Again with key K initialization R_N, obtain random sequence 2, the non-singular matrix size initialized according to step G1, with
The one by one structural matrix of machine sequence 2;A matrix is often constructed, XOR is first done to it with key K, then acquired results are entered
Row judges, if not non-singular matrix, is then reconfigured, and this process is repeated, until result of determination is true, by construction
Non-singular matrix is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, continues to construct next non-singular matrix;It is constantly heavy
Multiple said process, is finished until all non-singular matrixs in EM_SET are all constructed;
G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, the random sequence 3 that is produced by R_N, EM_
SET and plaintext collective effect to be encrypted, generation encrypted instruction sequence A;
Wherein, DM is encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext C and specifically includes:
R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times power operation, according to transformation rule to A
Middle instruction carries out power operation, and the command sequence AJ (code.1, code.2 ..., code.n) after computing is just actually used for encryption
Instruction;
R1:It is Head, plaintext arrangement side by the first tagging by the pretreated end to end formation ring-types of plaintext DM to be encrypted
To labeled as Direction;
R2:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, the original position of piecemeal is labeled as
Start1, Start1 position are since Head, during piecemeal, since Start1 positions, along Direction directions, with
Start1 is target, and DM is carried out into isometric piecemeal according to CL1 size, and the header element of last block plaintext is labeled as End1,
Remain1 is designated as along the plaintext segment mark on Direction directions between End1 and Start1, length is RL1, End1 and Start1
Between plaintext segment mark in the reverse direction be designated as Encrypt1, length is EL1, and EL1 is CL1 integral multiple, and Encrypt1 is first
Take turns the plaintext section for encryption;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;Work as ML
When being CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
R3:XOR is done to Remain1 using K, an element R1 is randomly choosed from acquired results as Code.1 change
Rule is changed, specific method is, by a mapping, to be mapped to R1, Remain1 and K in Code.1 periodic spatial, Ran Houyong
The mapping value carries out power operation to Code.1, and acquired results are RC1;
R4:A designated value D1 is added behind Remain1;
R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identicals, for i-th
Block plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is along Direction directions to be moved back by L since Start1
Element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption since Head along
Direction directions are deployed, and that obtain is exactly the ciphertext C after encryption.
2. the method for claim 1, wherein it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, by N1 according to
RL1 size carries out modular arithmetic, and R1 is selected according to acquired results;
For Ri selection, equally first initialize R_N with T, i-th of random number N i that R_N is produced chosen afterwards, by Ni according to
RLi size carries out modular arithmetic, and Ri is selected according to acquired results.
3. the method for claim 1, wherein D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element d1 of sequence produced by selection R_N,
D1 is that d1 and K carries out the result after XOR.
4. a kind of platform data encryption device based on dynamic authorization code, including:
Plaintext acquiring unit, for obtaining, platform data to be encrypted, is used as plaintext M;
Pretreatment unit, for after pretreatment P, generating plaintext DM to be encrypted to plaintext M;
Command generator unit, the command sequence A for generating dynamic encryption algorithm by encrypted instruction generator G according to key K;
Ciphering unit, for DM to be encrypted according to the encryption equipment R rules specified by command sequence A, obtains final ciphertext
C;
Wherein, pretreatment unit is specifically included:
Random sequence generation subelement P1:Use pseudorandom number generator R_N, two sections of random sequence RS of generation and S, R_N's is random
The codeterminants of seed includes:Key K, system time T and plaintext M;
Wherein RS length is determined by M, is used as dynamic authorization code;S is random marker position, as boundary mark;
Identify subelement P2:S is appended to M;
Random plaintext subelement P3:Plaintext with flag bit is done into XOR with RS, upsets the rule of plaintext, after computing
The random plaintext RS_M arrived;
Plaintext generation subelement P4 to be encrypted:RS_M, S, RS, S are sequentially connected with, plaintext DM to be encrypted, preprocessing process is constituted
Terminate;
Wherein, command generator unit is specifically included:
Non-singular matrix size determines subelement G1:With key K initializing pseudo random number generator R_N, with produced pseudorandom
Sequence 1 determines that non-singular matrix concentrates the size of each non-singular matrix;
Non-singular matrix construction subelement G2:Again with key K initialization R_N, random sequence 2 is obtained, is initialized according to step G1
Non-singular matrix size, with the one by one structural matrix of random sequence 2;A matrix is often constructed, XOR fortune is first done to it with key K
Calculate, then acquired results are judged, if not non-singular matrix, then reconfigured, this process is repeated, until sentencing
It is true to determine result, and the non-singular matrix of construction is added in the non-singular matrix collection EM_SET of dynamic encryption algorithm, is continued under constructing
One non-singular matrix;Said process is constantly repeated, is finished until all non-singular matrixs in EM_SET are all constructed;
Encrypted instruction sequence generation subelement G3:By key * K initializing pseudo random number generator R_N, random sequence 3 is obtained, by
Random sequence 3, EM_SET and plaintext collective effect to be encrypted that R_N is produced, generation encrypted instruction sequence A;
Wherein, ciphering unit is specifically included:
Encrypted instruction sequence generation subelement R0:By the transformation rule of key * K computationses, transformation rule is to carry out how many times
Power operation, according to transformation rule in A instruction carry out power operation, after computing command sequence AJ (code.1, code.2 ...,
Code.n) just it is actually used for the instruction of encryption;
Plaintext ring to be encrypted meets subelement R1:By the pretreated end to end formation ring-types of plaintext DM to be encrypted, first place is put
Labeled as Head, plaintext orientation is labeled as Direction;
Plaintext piecemeal subelement R2 to be encrypted:Plaintext DM to be encrypted is subjected to piecemeal by instruction Code.1 size CL1, piecemeal
Original position is labeled as Start1, and Start1 position is since Head, during piecemeal, since Start1 positions, along
Direction directions, using Start1 as target, carry out isometric piecemeal, the first member of last block plaintext according to CL1 size by DM
Element mark is to be designated as Remain1 along the plaintext segment mark on Direction directions between End1 and Start1, length is
Plaintext segment mark between RL1, End1 and Start1 in the reverse direction is designated as Encrypt1, and length is EL1, and EL1 is CL1 integer
Times, Encrypt1 is the plaintext section for being used to the first round encrypt;
When length of the plaintext ML is not CL1 integral multiple, Remain1 is as last block of plaintext, and length is less than CL1;Work as ML
When being CL1 integral multiple, Remain1 length is equal to CL1, therefore has 0<RL1≤CL1;
Transformation rule generation subelement R3:XOR is done to Remain1 using K, a member is randomly choosed from acquired results
Plain R1 is as Code.1 transformation rule, and specific method is, by a mapping, to be mapped to Code.1's by R1, Remain1 and K
In periodic spatial, power operation is then carried out to Code.1 with the mapping value, acquired results are RC1;
Mantissa processing subelement R4:A designated value D1 is added behind Remain1;
Encryption sub-unit operable R5:The Encrypt1 of piecemeal is encrypted using RC1, RC1 size and Code.1 are identical
, for i-th piece of plaintext miResult after encryption is Q11miQ12(Q11,Q12∈ RC1), first round encryption terminates;
Circulate encryption sub-unit operable R6:Start the second wheel encryption, the original position of encryption is Start2;
Start2 is together decided on by Start1 and step-length L, and method is along Direction directions to be moved back by L since Start1
Element, the position is exactly Start2;Determine after Start2, carry out block encryption, method and 1~5 step are identicals;
Ciphertext generation subelement R7:Said process is constantly repeated, until the n-th wheel encryption is completed.Afterwards by the plaintext after encryption from
Head starts to deploy along Direction directions, and that obtain is exactly the ciphertext C after encryption.
5. device as claimed in claim 4, wherein, it is to R1 random selection method:
With system time T initializing pseudo random number generator R_N, choose first random number N 1 produced by R_N, by N1 according to
RL1 size carries out modular arithmetic, and R1 is selected according to acquired results;
For Ri selection, equally first initialize R_N with T, i-th of random number N i that R_N is produced chosen afterwards, by Ni according to
RLi size carries out modular arithmetic, and Ri is selected according to acquired results.
6. device as claimed in claim 4, wherein, D1 computational methods are:
R_N is initialized with R1, according to position RPs of the R1 in Remain1, the RP element d1 of sequence produced by selection R_N,
D1 is that d1 and K carries out the result after XOR.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710325846.6A CN107124273A (en) | 2017-05-10 | 2017-05-10 | A kind of platform data encryption method and device based on dynamic authorization code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710325846.6A CN107124273A (en) | 2017-05-10 | 2017-05-10 | A kind of platform data encryption method and device based on dynamic authorization code |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107124273A true CN107124273A (en) | 2017-09-01 |
Family
ID=59726809
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710325846.6A Pending CN107124273A (en) | 2017-05-10 | 2017-05-10 | A kind of platform data encryption method and device based on dynamic authorization code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107124273A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109474428A (en) * | 2018-11-28 | 2019-03-15 | 北京杰睿中恒科技有限公司 | Dynamic encrypting method and device based on digital signal data |
CN110401533A (en) * | 2019-08-27 | 2019-11-01 | 腾讯科技(深圳)有限公司 | A kind of private key encryption method and device |
CN116318687A (en) * | 2023-05-19 | 2023-06-23 | 广东广宇科技发展有限公司 | Data dynamic encryption method based on bidirectional mapping matrix |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101383703A (en) * | 2008-09-12 | 2009-03-11 | 华南理工大学 | Dynamic ciphering system and method based on broad sense information field |
CN101741544A (en) * | 2009-12-29 | 2010-06-16 | 电子科技大学 | Time-lag chaos iteration-based digital signature method and device |
CN102135871A (en) * | 2011-03-29 | 2011-07-27 | 深圳职业技术学院 | Device for generating random number by using chaos theory and dynamic password token thereof |
CN104009835A (en) * | 2014-05-16 | 2014-08-27 | 南京邮电大学 | File encrypting and decrypting method allowing parallel computing to be conducted in cloud storage system |
CN104093029A (en) * | 2014-07-22 | 2014-10-08 | 哈尔滨工业大学(威海) | Video encryption algorithm based on new spatiotemporal chaos system |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
CN106100831A (en) * | 2016-06-01 | 2016-11-09 | 兰雨晴 | A kind of method and system transmitted and process data |
CN106612273A (en) * | 2016-08-31 | 2017-05-03 | 四川用联信息技术有限公司 | Improved data transmission privacy protection algorithm in cloud computing |
-
2017
- 2017-05-10 CN CN201710325846.6A patent/CN107124273A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101383703A (en) * | 2008-09-12 | 2009-03-11 | 华南理工大学 | Dynamic ciphering system and method based on broad sense information field |
CN101741544A (en) * | 2009-12-29 | 2010-06-16 | 电子科技大学 | Time-lag chaos iteration-based digital signature method and device |
CN102135871A (en) * | 2011-03-29 | 2011-07-27 | 深圳职业技术学院 | Device for generating random number by using chaos theory and dynamic password token thereof |
CN104009835A (en) * | 2014-05-16 | 2014-08-27 | 南京邮电大学 | File encrypting and decrypting method allowing parallel computing to be conducted in cloud storage system |
CN104093029A (en) * | 2014-07-22 | 2014-10-08 | 哈尔滨工业大学(威海) | Video encryption algorithm based on new spatiotemporal chaos system |
CN104486315A (en) * | 2014-12-08 | 2015-04-01 | 北京航空航天大学 | Revocable key external package decryption method based on content attributes |
CN106100831A (en) * | 2016-06-01 | 2016-11-09 | 兰雨晴 | A kind of method and system transmitted and process data |
CN106612273A (en) * | 2016-08-31 | 2017-05-03 | 四川用联信息技术有限公司 | Improved data transmission privacy protection algorithm in cloud computing |
Non-Patent Citations (8)
Title |
---|
刘婷婷: ""面向云计算的数据安全保护关键技术研究"", 《中国博士学位论文信息科技辑》 * |
吴杨等: ""基于密文随机性度量值分布特征的分组密码算法识别方案"", 《通信学报》 * |
唐有等: ""基于RFID系统的混沌动态扰动算法"", 《计算机应用》 * |
张红等: ""混沌理论在密码学中的应用"", 《重庆大学学报(自然科学版)》 * |
未东锋: "基于遍历矩阵的动态加密算法研究"", 《中国硕士学位论文全文数据库信息科技辑》 * |
李肖璇: ""基于混沌系统的混合加密算法的研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
梅楠: ""基于有限域上遍历矩阵的动态加密器"", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
王传福等: ""基于混沌系统的SM4密钥扩展算法"", 《物理学报》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109474428A (en) * | 2018-11-28 | 2019-03-15 | 北京杰睿中恒科技有限公司 | Dynamic encrypting method and device based on digital signal data |
CN110401533A (en) * | 2019-08-27 | 2019-11-01 | 腾讯科技(深圳)有限公司 | A kind of private key encryption method and device |
CN110401533B (en) * | 2019-08-27 | 2021-07-27 | 腾讯科技(深圳)有限公司 | Private key encryption method and device |
CN116318687A (en) * | 2023-05-19 | 2023-06-23 | 广东广宇科技发展有限公司 | Data dynamic encryption method based on bidirectional mapping matrix |
CN116318687B (en) * | 2023-05-19 | 2023-09-22 | 广东广宇科技发展有限公司 | Data dynamic encryption method based on bidirectional mapping matrix |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106941407A (en) | A kind of method and apparatus of platform data dynamic encryption | |
CN104488218B (en) | Encryption device, decryption device, encryption method, decryption method | |
CN107147486A (en) | A kind of platform data encryption method and device based on dynamic variable length code | |
JPH08505275A (en) | Device and method for generating a cipher stream | |
JP2014017556A5 (en) | ||
JP2008513811A (en) | Calculation conversion method and system | |
CN107124273A (en) | A kind of platform data encryption method and device based on dynamic authorization code | |
Siahaan | Blum Blum Shub in generating key in RC4 | |
CN107078900B (en) | Cryptographic system based on reproducible random sequences | |
Faraoun | Design of fast one-pass authenticated and randomized encryption schema using reversible cellular automata | |
Mahmoud et al. | A Metamorphic-Key-Hopping GOST Cipher and Its FPGA Implementation | |
JP4857230B2 (en) | Pseudorandom number generator and encryption processing device using the same | |
JP3557037B2 (en) | Random number generation device and method, key sequence generation device and method, encryption device and method, and decryption device and method | |
Vijayan et al. | ASCII value based encryption system (AVB) | |
Joshi et al. | A randomized approach for cryptography | |
Gulshan et al. | Chaotic image encryption technique based on IDEA and discrete wavelet transformation | |
KR101076747B1 (en) | Method and apparatus for random accessible encryption and decryption by using a hierarchical tree structure of stream cipher module | |
JP3816558B2 (en) | Cryptosystem | |
Albeer et al. | Key stream cipher based on coloured petri nets | |
Khalid et al. | Encrypting data using the features of memetic algorithm and cryptography | |
Abbas et al. | Audio cryptosystem based on LFSH and Chaotic map with ECC key management | |
Kadum et al. | Developed OTP (one-time pad) key generation method based multi-self generation | |
JP2009288758A (en) | Device and method for encoding process for establishing perfect secrecy of encoding and secret key by making variable in process information-theoretically indefinite using disposable variable | |
Adebayo | A Multilevel Data Encryption Standard Cryptosystem with Residue Number System | |
Suri et al. | A Cipher based on 3D array Block Rotation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170901 |