CN107579813A - information encryption and decryption method and device - Google Patents

information encryption and decryption method and device Download PDF

Info

Publication number
CN107579813A
CN107579813A CN201710819794.8A CN201710819794A CN107579813A CN 107579813 A CN107579813 A CN 107579813A CN 201710819794 A CN201710819794 A CN 201710819794A CN 107579813 A CN107579813 A CN 107579813A
Authority
CN
China
Prior art keywords
information
encryption
key
row
wheel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710819794.8A
Other languages
Chinese (zh)
Inventor
林峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Gust Technology Co Ltd
Original Assignee
Sichuan Gust Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Gust Technology Co Ltd filed Critical Sichuan Gust Technology Co Ltd
Priority to CN201710819794.8A priority Critical patent/CN107579813A/en
Publication of CN107579813A publication Critical patent/CN107579813A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

A kind of information encryption and decryption method and device provided in an embodiment of the present invention, belongs to field of information security technology.Described information encryption method includes obtaining confidential information to be added;Based on the confidential information to be added, search that default row obscure map table and AES encryption algorithm loop iteration calculates, obtain the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations;The wheel encryption in aes algorithm is carried out to first encryption key, obtains the second encryption key;According to PEAX certification modes in the AES encryption algorithm, certification is encrypted to second encryption key and the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.By way of tabling look-up, simplify the flow of aes algorithm, improve the speed of aes algorithm.

Description

Information encryption and decryption method and device
Technical field
The present invention relates to field of information security technology, in particular to a kind of information encryption and decryption method and device.
Background technology
In existing aes algorithm the rank transformation of decrypting process multiply again exponent number it is higher when, can be very time-consuming;AES encryption and decryption Process is asymmetric, and decryption speed has data transfer disequilibrium well below enciphering rate;It can generally make data standby Part process is time-consuming and efficiency is low.
The content of the invention
In view of this, the purpose of the embodiment of the present invention is to provide a kind of information encryption and decryption method and device, to improve Above mentioned problem.
In a first aspect, the embodiments of the invention provide a kind of information ciphering method, methods described includes:Obtain secret letter to be added Breath;Based on the confidential information to be added, search that default row obscure map table and AES encryption algorithm loop iteration calculates, Obtain the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations;AES calculations are carried out to first encryption key A wheel encryption in method, obtains the second encryption key;According to PEAX certification modes in the AES encryption algorithm, to described second Certification is encrypted in encryption key and the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.
Second aspect, the embodiments of the invention provide a kind of information encryption device, described device obtains including confidential information to be added Unit is taken, for obtaining confidential information to be added;Encryption iteration unit, it is default for based on the confidential information to be added, carrying out searching Row obscure map table and AES encryption algorithm loop iteration calculates, and acquisition meets the wheel second from the bottom of preset loop number of iterations First encryption key;One wheel ciphering unit, the wheel for being carried out to first encryption key in aes algorithm are encrypted, obtained Second encryption key;Ciphertext obtaining unit, for according to PEAX certification modes in the AES encryption algorithm, adding to described second Certification is encrypted in key and the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.
The third aspect, the embodiments of the invention provide a kind of information decryption method, methods described includes:Obtain letter to be decrypted Breath;Based on the information to be decrypted, search that default row obscure map table and AES decipherment algorithms loop iteration calculates, Obtain the first decruption key of the wheel second from the bottom for meeting default number of iterations;First decruption key is carried out in aes algorithm One wheel decryption, obtains the second decruption key;Conversion is decrypted to second decruption key and the information to be decrypted, obtained Corresponding to the information to be decrypted in plain text.
Fourth aspect, the embodiments of the invention provide a kind of information to decrypt device, and described device includes:Information to be decrypted obtains Unit is taken, for obtaining information to be decrypted;Iteration unit is decrypted, it is default for based on the information to be decrypted, carrying out searching Row obscure map table and AES decipherment algorithms loop iteration calculates, and obtain the first of the wheel second from the bottom for meeting default number of iterations Decruption key;One wheel decryption unit, for decrypting according to carrying out a wheel in aes algorithm to first decruption key, obtain the Two decruption keys;Plaintext obtaining unit, for conversion to be decrypted to second decruption key and the information to be decrypted, obtain Obtain corresponding to the information to be decrypted in plain text.
A kind of information encryption and decryption method and device provided in an embodiment of the present invention, by obtaining confidential information to be added;It is based on The confidential information to be added, search that default row obscure map table and AES encryption algorithm loop iteration calculates, and is met First encryption key of the wheel second from the bottom of preset loop number of iterations;One in aes algorithm is carried out to first encryption key Wheel encryption, obtains the second encryption key;According to PEAX certification modes in the AES encryption algorithm, to second encryption key Certification is encrypted with the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.By way of tabling look-up, simplify The flow of aes algorithm, improve the speed of aes algorithm.
Other features and advantages of the present invention will illustrate in subsequent specification, also, partly become from specification It is clear that or by implementing understanding of the embodiment of the present invention.The purpose of the present invention and other advantages can be by saying what is write Specifically noted structure is realized and obtained in bright book, claims and accompanying drawing.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is a kind of structured flowchart for the electronic equipment that can be applied in the embodiment of the present application;
Fig. 2 is the flow chart for the information ciphering method that first embodiment of the invention provides;
Fig. 3 is that the PEAX for the information ciphering method that first embodiment of the invention provides encrypts the signal of certification mode process description Figure;
Fig. 4 is the structured flowchart for the information encryption device that second embodiment of the invention provides;
Fig. 5 is the flow chart for the information decryption method that third embodiment of the invention provides;
Fig. 6 is the flow chart that the information that fourth embodiment of the invention provides decrypts device.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Generally exist The component of the embodiment of the present invention described and illustrated in accompanying drawing can be configured to arrange and design with a variety of herein.Cause This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.Meanwhile the present invention's In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
Referring to Fig. 1, Fig. 1 shows a kind of structured flowchart for the electronic equipment 100 that can be applied in the embodiment of the present application. As shown in figure 1, electronic equipment 100 can include memory 110, storage control 111, processor 112 and information encryption, decryption Device.
Directly or indirectly electrically connected between memory 110, storage control 111,112 each element of processor, to realize The transmission or interaction of data.For example, electricity can be realized by one or more communication bus or signal bus between these elements Connection.Information encryption, decryption device can be stored in including at least one in the form of software or firmware (firmware) respectively Software function module in memory 110, such as the software function module or computer that described information encryption, decryption device include Program.
Memory 110 can store various software programs and module, and the information provided such as the embodiment of the present application is encrypted, solution Programmed instruction/module corresponding to decryption method and device.Processor 112 is by running the software program of storage in the memory 110 And module, so as to perform various function application and data processing, that is, realize information encryption, decryption in the embodiment of the present application Method and device.Memory 110 can include but is not limited to random access memory (Random Access Memory, RAM), Read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only Memory, EPROM), Electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only Memory, EEPROM) etc..
Processor 112 can be a kind of IC chip, have signal handling capacity.Above-mentioned processor can be general Processor, including central processing unit (Central Processing Unit, abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (DSP), application specific integrated circuit (ASIC), ready-made programmable Gate array (FPGA) either other PLDs, discrete gate or transistor logic, discrete hardware components.It can To realize or perform disclosed each method, step and the logic diagram in the embodiment of the present application.General processor can be micro- Processor or the processor can also be any conventional processors etc..
In the present embodiment, the electronic equipment 100 can be used as user terminal or computer or server.With Family terminal can be PC (personal computer) computer, tablet personal computer, mobile phone, notebook computer, intelligent television, machine top The terminal devices such as box, car-mounted terminal.
First embodiment
Referring to Fig. 2, the embodiments of the invention provide a kind of information ciphering method, methods described includes:
Step S200:Obtain confidential information to be added;
Confidential information to be added, which may be, but not limited to, is stored in PC computers, tablet personal computer, mobile phone, notebook computer, intelligence electricity Depending in, set top box and/or car-mounted terminal.
Step S210:Based on the confidential information to be added, carry out searching default row and obscure map table and AES encryption algorithm Loop iteration calculates, and obtains the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations;
Specifically, using random seed algorithm, random seed is obtained;
The confidential information to be added is initialized using the random seed, obtains initial key;
Based on default secret grade, carry out byte replacement operation, row shifting function successively to the initial key, search Default row obscure conversion table handling and round key map function loop iteration calculates, and obtain and meet falling for preset loop number of iterations The first encryption key that number second is taken turns.
It is described search default row and obscure conversion table handling, including:
Based on aes algorithm, calculate to fall out and obscure the numerical result of all column vector products pair in conversion;
Corresponding each column vector, the row for establishing column vector product pair with corresponding numerical result obscure map table;
When row obscure map function, search the column vector product pair and obscure conversion with the row of corresponding numerical result Table, obtain the numerical result for arranging and obscuring map function.
Step S220:The wheel encryption in aes algorithm is carried out to first encryption key, obtains the second encryption key;
Specifically, byte replacement operation, row shifting function, round key map function one are carried out to first encryption key Wheel calculates, and obtains the second encryption key.
In the present embodiment, the Fundamentals of Mathematics based on following aes algorithm, group-commutative group-ring-exchangable ring-domain- Domain, the condition of satisfaction is harsher, and A1 to A5 is 5 addition rules, and M1 to M7 is 7 multiplication rules.
A1:The closure of addition:If a and b belong to S, a+b falls within S.
A2:Associative law of addition:To arbitrary element a, b, c in S, a+ (b+c)=(a+b)+c.
A3:Additive identity:An element 0 in R be present so that for the arbitrary element a in S, there is a+0=0+a=a.
A4:Additive inverse:For certainly existing an element-a in the arbitrary element a, S in S so that a+ (- a)=(- a) + a=0.
A5:Commutative law of addition:For the arbitrary element a and b in S, there is a+b=b+a.
M1:The closure of multiplication:If a and b belong to S, ab falls within S.
M2:Associative law of multiplication:For arbitrary element a, b, c in S, there is a (bc)=(ab) c.
M3:Distributive law:For arbitrary element a, b, c in S, there are a (b+c)=ab+ac and (a+b) c=ac+bc.
M4:Commutative law of multiplication:For the arbitrary element a and b, ab=ba in S.
M5:Multiplicative identity:For the arbitrary element a in S, an element 1 in S be present so that a1=1a=a.
M6:Without null divisor:For element a, b in S, if ab=0, there must be a=0 or b=0.
M7:Multiplicative inverse:If a belongs to S, and a is not 0, then an element a in S be present-1So that aa-1=a-1A=1.
Based on above A1-A5, M1-M7, group will meet A1-A4;Commutative group will meet A1-A5;Ring to meet A1-A5 with And M1-M3;Exchangable ring will meet A1-A5 and M1-M3;The domain will meet A1-A5 and M1-M6;Domain to meet A1-A5 with And M1-M7.Domain will meet 5 addition conditions and 7 multiplication conditions.
Finite field:Finite field plays important role, the element number of finite field in many cryptography algorithms Must be the power p of a prime numbern, n is positive integer.Element number is pnFinite field be typically designated as GF (pn)。
Multiplicative inverse:For finite field gf (pn), to arbitrary w ∈ GF (pn), w ≠ 0, z ∈ GF (p be presentn) cause w × z ≡ 1mod p, then z is multiplicative inverses of the w in the finite field.
If define suitable computing, then each such set S is a finite field.Definition is by following several Bar forms:The computing follows the ordinary polynomials operation rule in basic algebraic rule;Coefficient computing has followed using p as mould Zp operation rule in confinement;If multiplication result is the multinomial that number is more than n-1, then must be by itself divided by some Number is n irreducible polynomial m (x) and remainder formula.
It by byte is that unit is carried out that computing majority in AES passwords, which is, with directly representing finite field gf (28) (similarly hereinafter) In element, also have some be to be defined in the way of 4 bytes.By b7b6b5…b0The byte b of composition can regard coefficient as in GF (28) in multinomial:
b7x7+b6x6+…+b0x0
GF(28) in addition be defined as polynomial binary addition, coefficient for mould 2 plus.Domain addition is exactly simply to press Byte is the bit XORs of unit.GF(28) in multiplication be defined as the multiplication of 8 irreducible polynomials of mould one.Calculated for AES Method, this irreducible polynomial are:
M (x)=x8+x4+x3+x+1
In AES multiplication, it realizes skill based on following equation:
x8Mod m (x)=[m (x)-x8]=x4+x3+x+1 (1)
Therefore, GF (28) on any polynomial f (x)=b7x7+b6x6+…+b0x0X is multiplied by, can be obtained:
X × f (x)=(b7x8+b6x7+…+b0x1)mod m(x)
If b7=0, then result is exactly the multinomial that a number is less than 8, it is not necessary to is further calculated, if b7≠ 0, then b7=1, it can carry out removing m (x) complementations by equation (1).
X × f (x)=(b6x7+…+b0x1)+(x4+x3+x+1)
This shows that the computing for being multiplied by x (such as 00000010) can be by step-by-step XOR 00011011 after moving to left one come real It is existing, i.e.,:
Being multiplied by one can be realized higher than multinomial once by reusing formula (2).So, GF (28) On the method that is added with multiple intermediate results of multiplication can realize.
AES is a kind of Iterative block cipher, using replacement/permutation network (SPN).Clear packets length is fixed as 128, and only support the key length of 128,196 or 256.128 key versions have 10 or so in AES Encryption cycle, 256 bit keys versions then have 14 or so encryption cycles.
AES encryption algorithm is mainly made up of 4 conversion at present:Byte substitution (SubByte), row shift transformation (ShiftRow), row obscure conversion (MixColumn) and InvAddRoundKey (AddRoundKey) conversion.AES is packet-based Enciphering and deciphering algorithm.I.e. per secondary encryption, the data block size of decryption must be 16 bytes.Largely shifting function is used in algorithm. And shifting function belongs to time-consuming instruction, it is impossible to form streamline with other instruction pairings, what this leveraged algorithm performs effect Rate.Wheel encryption uses cyclical-transformation, and circulates blocking and the instruction prefetch that instruction pipeline is likely to result in variable operand Calcellation.In the method for information provided in an embodiment of the present invention encryption using current aes algorithm is optimized, it optimizes main concentrate Round function optimization, byte conversion optimization and decruption key generation optimization.Central idea is to close four operations in round function And get up and realized by the way of tabling look-up.
Assuming that A is the input state of round transformation, E is the output state of round transformation, and K is key array.Use aij、eij、kijPoint Not Biao Shi the i-th row jth arranges in A, E, K element, use aj、ej、kjThe element that jth arranges in A, E, K is represented respectively.Then there is formula (3):
In formula (3), S [a0,j]S[a1,j-1]S[a2,j-2]S[a3,j-3] a is corresponded to respectively0,j、a1,j-1、a2,j-2、a3,j-3S The transformed value of box.Therefore truth table T can be defined0、T1、T2、T3, all it is the input of 8 bits, the function of 32 bits output is as follows:
So as to which round function can be expressed as:
Wherein j=0 ... Nb- 1,NbFor the columns of confidential information to be added.
Formula (4) obscures map table for default row.So, each row of each round only need four table lookup operations and four times Xor operation can be completed, and substantially increase arithmetic speed.Byte conversion optimizes and can realized by the conversion of pointer type, To avoid substantial amounts of shifting function.A large amount of displacement behaviour present in algorithm are optimized on the basis of the AES encryption flow of standard Make.Because shifting function belongs to time-consuming instruction, it is impossible to forms streamline with other instruction pairings.Therefore optimization reduces these displacements Operational order can improve execution efficiency to a certain degree.Improve data backup speed and efficiency.It is provided in an embodiment of the present invention A kind of information ciphering method not only intactly realizes the Core Feature of aes algorithm, and enciphering rate improves greatly than original About 1.33 to 1.75 times.
Step S230:According to PEAX certification modes in the AES encryption algorithm, to second encryption key and described treat Certification is encrypted in encryption information, obtains ciphertext corresponding to the confidential information to be added.
In the present embodiment, as shown in figure 3, PEAX (Parallel-EAX, Encryption with Authentication for Transfer) verification process of pattern is succinctly described as follows:
It is initial value with 0, Nonce is authenticated using POMAC patterns, the result of certification is that N ' is used as RCTRkEncryption The initial vector (IV) of module;It is initial value with 1, header (Header) is authenticated using POMAC patterns, the knot of certification Fruit is H ';It is initial value with N ', message (Message) is encrypted using RCTR patterns, the ciphertext after encryption is C;It is with 2 Initial value, ciphertext C is authenticated using POMAC patterns, the result of certification is C ';Produce Whole certification mark Tag;Low τ positions produce final certification mark T, final ciphertext is C | | T.PEAX adds Close certification mode is more efficient, more saves system resource.
After step S200, methods described also includes:
According to code book pattern, cipher block chaining pattern, calculator mode, cipher feedback pattern or output feedback mode In a kind of pattern piecemeal is carried out to the confidential information to be added, obtain multiple blocking informations to be encrypted;
Correspondingly, it is described that map table is obscured based on the confidential information to be added and the default row of lookup, carry out AES encryption calculation Method loop iteration calculates, and obtains the first encryption key of the wheel second from the bottom for meeting default number of iterations, including:
Obscure map table based on multiple blocking informations to be encrypted and the default row of lookup, carry out AES encryption algorithm circulation Iterative calculation, obtain the first encryption key of the wheel second from the bottom for meeting default number of iterations.
In addition, in the present embodiment, for whether needing the system service file processes encrypted as follows:File writes:Such as Fruit file need not be encrypted, and write direct, and the file encrypted to needs is written to the position specified according to specified cipher mode Put;File is read:File content is directly read out if the file read is not encrypted, if reading file to add Close file, it is necessary to carry out file content reading again after being decrypted according to corresponding manner of decryption;File is deleted:If file does not have Be encrypted and then directly delete file, the file to deletion be the file encrypted, it is necessary to carry out authentication success after File could be deleted.
A kind of information ciphering method provided in an embodiment of the present invention, methods described include obtaining confidential information to be added;Based on institute State confidential information to be added, search that default row obscure map table and AES encryption algorithm loop iteration calculates, obtain meet it is pre- If the first encryption key of the wheel second from the bottom of loop iteration number;A wheel in aes algorithm is carried out to first encryption key Encryption, obtain the second encryption key;According to PEAX certification modes in the AES encryption algorithm, to second encryption key and Certification is encrypted in the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.By way of tabling look-up, simplify The flow of aes algorithm, improve the enciphering rate of aes algorithm.
Second embodiment
Referring to Fig. 4, the embodiments of the invention provide a kind of information encryption device 300, described device 300 includes:
Information acquisition unit 310 to be encrypted, for obtaining confidential information to be added.
Blocking unit 320, for according to code book pattern, cipher block chaining pattern, calculator mode, cipher feedback mould A kind of pattern in formula or output feedback mode carries out piecemeal to the confidential information to be added, obtains multiple blocking informations to be encrypted.
Encryption iteration unit 320, for based on the confidential information to be added, carry out searching default row obscure map table and AES encryption algorithm loop iteration calculates, and obtains the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations.
It is described that map table is obscured based on the confidential information to be added and the default row of lookup, carry out AES encryption algorithm circulation Iterative calculation, the first encryption key of the wheel second from the bottom for meeting default number of iterations is obtained, including:
Obscure map table based on multiple blocking informations to be encrypted and the default row of lookup, carry out AES encryption algorithm circulation Iterative calculation, obtain the first encryption key of the wheel second from the bottom for meeting default number of iterations.
As a kind of embodiment, the encryption iteration unit 330 can include random seed obtain subelement 331, just Beginning key obtains subelement 332 and iterative calculation subelement 333.
Random seed obtains subelement 331, for utilizing random seed algorithm, obtains random seed.
Initial key obtains subelement 332, for being initialized using the random seed to the confidential information to be added, Obtain initial key;
Subelement 333 is iterated to calculate, for based on default secret grade, carrying out byte successively to the initial key and replacing Change operation, row shifting function, the default row of lookup obscure conversion table handling and round key map function loop iteration calculates, acquisition Meet the first encryption key of the wheel second from the bottom of preset loop number of iterations.
One wheel ciphering unit 340, the wheel for being carried out to first encryption key in aes algorithm are encrypted, and obtain the Two encryption keys.
One wheel ciphering unit 340 can include a wheel encryption sub-unit operable 341.
One wheel encryption sub-unit operable 341, for first encryption key is carried out byte replacement operation, row shifting function, The wheel of round key map function one calculates, and obtains the second encryption key.
Ciphertext obtaining unit 350, for according to PEAX certification modes in the AES encryption algorithm, being encrypted to described second Certification is encrypted in key and the confidential information to be added, obtains ciphertext corresponding to the confidential information to be added.
Above each unit can be that now, above-mentioned each unit can be stored in memory 110 by software code realization. Above each unit can equally be realized by hardware such as IC chip.
Information encryption device 300 provided in an embodiment of the present invention, its realization principle and caused technique effect and foregoing side Method embodiment is identical, and to briefly describe, device embodiment part does not refer to part, refers in corresponding in preceding method embodiment Hold.
3rd embodiment
Referring to Fig. 5, the embodiments of the invention provide a kind of information decryption method, methods described includes:
Step S400:Obtain information to be decrypted;
The information to be decrypted, which may be, but not limited to, to be stored in mobile hard disk, flash disk, network storage.
Step S410:Based on the information to be decrypted, carry out searching default row and obscure map table and AES decipherment algorithms Loop iteration calculates, and obtains the first decruption key of the wheel second from the bottom for meeting default number of iterations;
Based on step S410, specifically, using random seed algorithm, random seed is obtained;
The information to be decrypted is initialized using the random seed, obtains initial key;
Carry out the reverse replacement operation of byte, the operation of row return successively to the initial key, search default inverse row and obscure Conversion table handling and round key map function loop iteration calculate, and obtain the wheel second from the bottom for meeting default number of iterations first adds Key.
Search default inverse row and obscure conversion table handling, including:
Enciphering transformation matrix and decryption transformation matrix in the ciphering process being obtained ahead of time, calculate the encryption and become Matrix conversion is changed to the relational matrix of the decryption transformation matrix, resettles the enciphering transformation matrix and the relational matrix phase Corresponding inverse row obscure map table;
Corresponding relation matrix presets XOR, and when carrying out obscuring conversion against row, institute is searched according to enciphering transformation matrix State inverse row and obscure map table, obtain relational matrix corresponding to the enciphering transformation matrix, then by corresponding to the enciphering transformation matrix The XOR of relational matrix, obtain the matrix of consequence that the inverse row obscure conversion.
Step S420:A wheel decryption in aes algorithm is carried out to first decruption key, obtains the second decruption key;
Step S430:Conversion is decrypted to second decruption key and the information to be decrypted, waits to solve described in acquisition Corresponding to confidential information in plain text.
It should be noted that the present embodiment is the inverse process for the information ciphering method that first embodiment provides.
The construction of S boxes in information ciphering process:
S boxes (representing coordinate equivalent to each value) are initialized line by line by the ascending order of byte value first;
Secondly, each byte of S boxes is mapped as it in finite field gf (28) in it is inverse;
Position is formed 8 of each byte in S boxes be designated as (b again7,b6,b5,b4,b3,b2,b1,b0).To S
Make such as down conversion in each position of each byte of box:
Wherein, ciRefer to the i-th bit for the byte c that value is { 63 }.
AES standards describe this conversion with matrix form:
The construction of inverse S boxes:S boxes are initialized line by line by the ascending order of byte value;Using the inverse transformation of formula (5), the inverse transformation is such as Under:
diRefer to the i-th bit for the byte d that value is { 05 }.It can also be described with matrix form:
It is asked again in GF (28) in multiplication it is inverse.
Can negative verification:
It is respectively X and Y to make the matrix in word classifying and inverse word classifying, and constant c and d vector representation divide Wei not C and D.For some vectorial B of 8, formula (6) becomesNeed to prove It is as follows:
More than,Prove to set up.Decruption key generation optimization can by S boxes and T inverse table come Decruption key is generated, improves algorithm speed.
The embodiments of the invention provide a kind of information decryption method, methods described includes:Obtain information to be decrypted;Based on institute State information to be decrypted, search that default row obscure map table and AES decipherment algorithms loop iteration calculates, obtain meet it is pre- If the first decruption key of the wheel second from the bottom of number of iterations;A wheel decryption in aes algorithm is carried out to first decruption key, is obtained Obtain the second decruption key;Conversion is decrypted to second decruption key and the information to be decrypted, obtains described to be decrypted Corresponding to information in plain text.By way of tabling look-up, simplify the flow of aes algorithm, improve the decryption speed of aes algorithm.
Fourth embodiment
Referring to Fig. 6, the embodiments of the invention provide a kind of information to decrypt device 500, described device 500 includes:
Information acquisition unit 510 to be decrypted, for obtaining information to be decrypted.
Decrypt iteration unit 520, for based on the information to be decrypted, carry out searching default row obscure map table and AES decipherment algorithms loop iteration calculates, and obtains the first decruption key of the wheel second from the bottom for meeting default number of iterations.
As a kind of embodiment, the decryption iteration unit 520 can include decryption seed and obtain subelement 521, solution Close initial key obtains subelement 522 and decryption iterative calculation subelement 523.
Decrypt seed and obtain subelement 521, for utilizing random seed algorithm, obtain random seed.
Decrypt initial key obtain subelement 522, for using the random seed to the letter to be decrypted got Breath is initialized, and obtains initial key.
Decryption iterative calculation subelement 523, for carrying out the reverse replacement operation of byte successively to the initial key, going back Bit manipulation, the default inverse row of lookup obscure conversion table handling and round key map function loop iteration calculates, and acquisition meets default First encryption key of the wheel second from the bottom of number of iterations.
Search default inverse row and obscure conversion table handling, including the enciphering transformation square in the ciphering process being obtained ahead of time Battle array and decryption transformation matrix, calculate the enciphering transformation matrix conversion to the relational matrix of the decryption transformation matrix, then build Found the enciphering transformation matrix inverse row corresponding with the relational matrix and obscure map table;
Corresponding relation matrix presets XOR, and when carrying out obscuring conversion against row, institute is searched according to enciphering transformation matrix State inverse row and obscure map table, obtain relational matrix corresponding to the enciphering transformation matrix, then by corresponding to the enciphering transformation matrix The XOR of relational matrix, obtain the matrix of consequence that the inverse row obscure conversion.
One wheel decryption unit 530, for according to a wheel decryption in aes algorithm is carried out to first decruption key, obtaining Second decruption key.
Plaintext obtaining unit 540, for conversion to be decrypted to second decruption key and the information to be decrypted, obtain Obtain corresponding to the information to be decrypted in plain text.
Above each unit can be that now, above-mentioned each unit can be stored in memory 110 by software code realization. Above each unit can equally be realized by hardware such as IC chip.
Information provided in an embodiment of the present invention decrypts device 500, its realization principle and caused technique effect and foregoing side Method embodiment is identical, and to briefly describe, device embodiment part does not refer to part, refers in corresponding in preceding method embodiment Hold.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, can also pass through Other modes are realized.Device embodiment described above is only schematical, for example, flow chart and block diagram in accompanying drawing Show the device of multiple embodiments according to the present invention, method and computer program product architectural framework in the cards, Function and operation.At this point, each square frame in flow chart or block diagram can represent the one of a module, program segment or code Part, a part for the module, program segment or code include one or more and are used to realize holding for defined logic function Row instruction.It should also be noted that at some as in the implementation replaced, the function that is marked in square frame can also with different from The order marked in accompanying drawing occurs.For example, two continuous square frames can essentially perform substantially in parallel, they are sometimes It can perform in the opposite order, this is depending on involved function.It is it is also noted that every in block diagram and/or flow chart The combination of individual square frame and block diagram and/or the square frame in flow chart, function or the special base of action as defined in performing can be used Realize, or can be realized with the combination of specialized hardware and computer instruction in the system of hardware.
In addition, each functional module in each embodiment of the present invention can integrate to form an independent portion Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.Need Illustrate, herein, such as first and second or the like relational terms be used merely to by an entity or operation with Another entity or operation make a distinction, and not necessarily require or imply between these entities or operation any this reality be present The relation or order on border.Moreover, term " comprising ", "comprising" or its any other variant are intended to the bag of nonexcludability Contain, so that process, method, article or equipment including a series of elements not only include those key elements, but also including The other element being not expressly set out, or also include for this process, method, article or the intrinsic key element of equipment. In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including the key element Process, method, other identical element also be present in article or equipment.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.It should be noted that:Similar label and letter exists Similar terms is represented in following accompanying drawing, therefore, once being defined in a certain Xiang Yi accompanying drawing, is then not required in subsequent accompanying drawing It is further defined and explained.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.
It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply and deposited between these entities or operation In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to Nonexcludability includes, so that process, method, article or equipment including a series of elements not only will including those Element, but also the other element including being not expressly set out, or it is this process, method, article or equipment also to include Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Other identical element also be present in process, method, article or equipment including the key element.

Claims (12)

1. a kind of information ciphering method, it is characterised in that methods described includes:
Obtain confidential information to be added;
Based on the confidential information to be added, search that default row obscure map table and AES encryption algorithm loop iteration calculates, Obtain the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations;
The wheel encryption in aes algorithm is carried out to first encryption key, obtains the second encryption key;
According to PEAX certification modes in the AES encryption algorithm, second encryption key and the confidential information to be added are carried out Certification is encrypted, obtains ciphertext corresponding to the confidential information to be added.
2. according to the method for claim 1, it is characterised in that it is described to be based on the confidential information to be added, search and preset Row obscure map table and AES encryption algorithm loop iteration and calculate, obtain the wheel second from the bottom for meeting preset loop number of iterations The first encryption key, obtain meet preset loop number of iterations wheel second from the bottom the first encryption key, including:
Using random seed algorithm, random seed is obtained;
The confidential information to be added is initialized using the random seed, obtains initial key;
Based on default secret grade, carry out byte replacement operation, row shifting function successively to the initial key, search and preset Row obscure conversion table handling and round key map function loop iteration calculates, obtain and meet reciprocal the of preset loop number of iterations First encryption key of two wheels.
3. according to the method for claim 2, it is characterised in that the default row of lookup obscure conversion table handling, including:
Based on aes algorithm, calculate to fall out and obscure the numerical result of all column vector products pair in conversion;
Corresponding each column vector, the row for establishing column vector product pair with corresponding numerical result obscure map table;
When row obscure map function, search the column vector product pair and obscure map table with the row of corresponding numerical result, obtain Obtain the numerical result for arranging and obscuring map function.
4. according to the method for claim 1, it is characterised in that described that first encryption key is carried out in aes algorithm One wheel encryption, obtain the second encryption key, including:
Byte replacement operation, row shifting function, the wheel calculating of round key map function one are carried out to first encryption key, is obtained Second encryption key.
5. according to the method for claim 1, it is characterised in that after the acquisition confidential information to be added, methods described is also Including:
According in code book pattern, cipher block chaining pattern, calculator mode, cipher feedback pattern or output feedback mode A kind of pattern carries out piecemeal to the confidential information to be added, obtains multiple blocking informations to be encrypted;
Correspondingly, it is described that map table is obscured based on the confidential information to be added and the default row of lookup, carry out AES encryption algorithm and follow Ring iterative calculates, and obtains the first encryption key of the wheel second from the bottom for meeting default number of iterations, including:
Obscure map table based on multiple blocking informations to be encrypted and the default row of lookup, carry out AES encryption algorithm loop iteration Calculate, obtain the first encryption key of the wheel second from the bottom for meeting default number of iterations.
6. according to the method for claim 1, it is characterised in that the confidential information to be added be stored in PC computers, tablet personal computer, In mobile phone, notebook computer, intelligent television, set top box and/or car-mounted terminal.
7. a kind of information encryption device, it is characterised in that described device includes:
Information acquisition unit to be encrypted, for obtaining confidential information to be added;
Encryption iteration unit, obscure map table and AES encryption for based on the confidential information to be added, carrying out searching default row Algorithm loop iteration calculates, and obtains the first encryption key of the wheel second from the bottom for meeting preset loop number of iterations;
One wheel ciphering unit, the wheel for being carried out to first encryption key in aes algorithm are encrypted, and it is close to obtain the second encryption Key;
Ciphertext obtaining unit, for according to PEAX certification modes in the AES encryption algorithm, to second encryption key and institute State confidential information to be added and certification is encrypted, obtain ciphertext corresponding to the confidential information to be added.
8. a kind of information decryption method, it is characterised in that methods described includes:
Obtain information to be decrypted;
Based on the information to be decrypted, search that default row obscure map table and AES decipherment algorithms loop iteration calculates, Obtain the first decruption key of the wheel second from the bottom for meeting default number of iterations;
A wheel decryption in aes algorithm is carried out to first decruption key, obtains the second decruption key;
Conversion is decrypted to second decruption key and the information to be decrypted, obtains bright corresponding to the information to be decrypted Text.
9. according to the method for claim 8, it is characterised in that it is described to be based on the information to be decrypted, search and preset Row obscure map table and AES decipherment algorithms loop iteration and calculate, obtain the of the wheel second from the bottom that meets default number of iterations One decruption key, including:
Using random seed algorithm, random seed is obtained;
The information to be decrypted is initialized using the random seed, obtains initial key;
Carry out the reverse replacement operation of byte, the operation of row return successively to the initial key, search default inverse row and obscure conversion Table handling and round key map function loop iteration calculate, and the first encryption for obtaining the wheel second from the bottom for meeting default number of iterations is close Key.
10. according to the method for claim 8, it is characterised in that described search default inverse row and obscure map table behaviour Make, including:
Enciphering transformation matrix and decryption transformation matrix in the ciphering process being obtained ahead of time, calculate the enciphering transformation square It is corresponding with the relational matrix to resettle the enciphering transformation matrix to the relational matrix of the decryption transformation matrix for battle array conversion Inverse row obscure map table;
Corresponding relation matrix presets XOR, when carrying out obscuring conversion against row, is searched according to enciphering transformation matrix described inverse Row obscure map table, obtain relational matrix corresponding to the enciphering transformation matrix, then pass through relation corresponding to the enciphering transformation matrix The XOR of matrix, obtain the matrix of consequence that the inverse row obscure conversion.
11. according to the method for claim 8, it is characterised in that the information to be decrypted be stored in mobile hard disk, flash disk, In network storage.
12. a kind of information decrypts device, it is characterised in that described device includes:
Information acquisition unit to be decrypted, for obtaining information to be decrypted;
Iteration unit is decrypted, obscures map table and AES decryption for based on the information to be decrypted, carrying out searching default row Algorithm loop iteration calculates, and obtains the first decruption key of the wheel second from the bottom for meeting default number of iterations;
One wheel decryption unit, for according to a wheel decryption in aes algorithm is carried out to first decruption key, obtaining the second decryption Key;
Plaintext obtaining unit, for second decruption key and the information to be decrypted being decrypted conversion, described in acquisition Corresponding to information to be decrypted in plain text.
CN201710819794.8A 2017-09-12 2017-09-12 information encryption and decryption method and device Pending CN107579813A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710819794.8A CN107579813A (en) 2017-09-12 2017-09-12 information encryption and decryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710819794.8A CN107579813A (en) 2017-09-12 2017-09-12 information encryption and decryption method and device

Publications (1)

Publication Number Publication Date
CN107579813A true CN107579813A (en) 2018-01-12

Family

ID=61033589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710819794.8A Pending CN107579813A (en) 2017-09-12 2017-09-12 information encryption and decryption method and device

Country Status (1)

Country Link
CN (1) CN107579813A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494546A (en) * 2018-02-13 2018-09-04 北京梆梆安全科技有限公司 A kind of whitepack encryption method, device and storage medium
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box
CN109995506A (en) * 2019-04-09 2019-07-09 司法鉴定科学研究院 Skinny algorithm optimal implementation method, system, terminal, storage medium
CN110336658A (en) * 2019-07-01 2019-10-15 武汉能钠智能装备技术股份有限公司 Encryption method, user equipment, storage medium and device based on aes algorithm
CN111953676A (en) * 2020-08-10 2020-11-17 四川阵风科技有限公司 File encryption method based on hardware equipment grade
CN112990822A (en) * 2021-03-18 2021-06-18 新疆运联创科信息技术有限公司 Internet of things management system based on smart tray
CN113452508A (en) * 2021-08-27 2021-09-28 北京华云安信息技术有限公司 Data encryption method, device, equipment and computer readable storage medium
CN114422209A (en) * 2021-12-30 2022-04-29 中国长城科技集团股份有限公司 Data processing method, device and storage medium
CN116204911A (en) * 2023-04-27 2023-06-02 苏州浪潮智能科技有限公司 Encryption and decryption system, encryption and decryption control method, computer device and storage medium
CN116722970A (en) * 2023-08-09 2023-09-08 中国科学院长春光学精密机械与物理研究所 Anti-attack gateway security system based on hardware implementation
CN117390642A (en) * 2023-10-17 2024-01-12 苏州元脑智能科技有限公司 Data encryption and decryption method, device, equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104410616A (en) * 2014-11-20 2015-03-11 广州日滨科技发展有限公司 Method and system for encrypting, decrypting and transmitting data
US20170085377A1 (en) * 2015-09-21 2017-03-23 Oracle International Corporation Encryption system with key recovery and double aead key wrapping
CN106850221A (en) * 2017-04-10 2017-06-13 四川阵风科技有限公司 Information encryption and decryption method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104410616A (en) * 2014-11-20 2015-03-11 广州日滨科技发展有限公司 Method and system for encrypting, decrypting and transmitting data
US20170085377A1 (en) * 2015-09-21 2017-03-23 Oracle International Corporation Encryption system with key recovery and double aead key wrapping
CN106850221A (en) * 2017-04-10 2017-06-13 四川阵风科技有限公司 Information encryption and decryption method and device

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108494546B (en) * 2018-02-13 2021-10-15 北京梆梆安全科技有限公司 White box encryption method and device and storage medium
CN108494546A (en) * 2018-02-13 2018-09-04 北京梆梆安全科技有限公司 A kind of whitepack encryption method, device and storage medium
CN109274482A (en) * 2018-08-24 2019-01-25 广东工业大学 A kind of aes algorithm hardware circuit implementation method based on the optimization of S box
CN109995506A (en) * 2019-04-09 2019-07-09 司法鉴定科学研究院 Skinny algorithm optimal implementation method, system, terminal, storage medium
CN110336658A (en) * 2019-07-01 2019-10-15 武汉能钠智能装备技术股份有限公司 Encryption method, user equipment, storage medium and device based on aes algorithm
CN111953676B (en) * 2020-08-10 2022-07-15 四川阵风科技有限公司 File encryption method based on hardware equipment grade
CN111953676A (en) * 2020-08-10 2020-11-17 四川阵风科技有限公司 File encryption method based on hardware equipment grade
CN112990822A (en) * 2021-03-18 2021-06-18 新疆运联创科信息技术有限公司 Internet of things management system based on smart tray
CN112990822B (en) * 2021-03-18 2023-12-01 新疆运联创科信息技术有限公司 Internet of things management system based on intelligent tray
CN113452508B (en) * 2021-08-27 2021-12-10 北京华云安信息技术有限公司 Data encryption method, device, equipment and computer readable storage medium
CN113452508A (en) * 2021-08-27 2021-09-28 北京华云安信息技术有限公司 Data encryption method, device, equipment and computer readable storage medium
CN114422209A (en) * 2021-12-30 2022-04-29 中国长城科技集团股份有限公司 Data processing method, device and storage medium
CN114422209B (en) * 2021-12-30 2024-04-19 中国长城科技集团股份有限公司 Data processing method, device and storage medium
CN116204911A (en) * 2023-04-27 2023-06-02 苏州浪潮智能科技有限公司 Encryption and decryption system, encryption and decryption control method, computer device and storage medium
CN116204911B (en) * 2023-04-27 2023-08-04 苏州浪潮智能科技有限公司 Encryption and decryption system, encryption and decryption control method, computer device and storage medium
CN116722970A (en) * 2023-08-09 2023-09-08 中国科学院长春光学精密机械与物理研究所 Anti-attack gateway security system based on hardware implementation
CN116722970B (en) * 2023-08-09 2023-11-14 中国科学院长春光学精密机械与物理研究所 Anti-attack gateway security system based on hardware implementation
CN117390642A (en) * 2023-10-17 2024-01-12 苏州元脑智能科技有限公司 Data encryption and decryption method, device, equipment and computer readable storage medium
CN117390642B (en) * 2023-10-17 2024-03-01 苏州元脑智能科技有限公司 Data encryption and decryption method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN106850221B (en) Information encryption and decryption method and device
CN107579813A (en) information encryption and decryption method and device
CN1993922B (en) Stream cipher combining system and method
CN102546181B (en) Cloud storage encrypting and deciphering method based on secret key pool
CN106571905B (en) A kind of numeric type data homomorphism Order Preserving Encryption Method
CN107038383A (en) A kind of method and apparatus of data processing
Abid et al. RETRACTED ARTICLE: An optimised homomorphic CRT-RSA algorithm for secure and efficient communication
CN105324956A (en) Method and apparatus to encrypt plaintext data
CN103595539A (en) Method for encrypting format-preserved numeric type personally identifiable information
CN109361644A (en) A kind of Fog property base encryption method for supporting fast search and decryption
EP2892175B1 (en) Secure software components anti-reverse-engineering by table interleaving
CN107257279A (en) A kind of clear data encryption method and equipment
CN107291861A (en) A kind of approximate beeline querying method of belt restraining towards encryption figure
CN105184115A (en) Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation
CN108494546A (en) A kind of whitepack encryption method, device and storage medium
WO2021129470A1 (en) Polynomial-based system and method for fully homomorphic encryption of binary data
CN110784306A (en) SM4 algorithm white box implementation method and device, electronic equipment and computer medium
CN105095695A (en) Realizing authorization via incorrect functional behavior of a white-box implementation
CN106656471B (en) A kind of guard method and system of user sensitive information
CN114124359A (en) Method and device for preserving format encrypted data, electronic equipment and storage medium
CN106656500A (en) Encryption device and method
Yin et al. Designing key-dependent chaotic S-box with larger key space
CN114430321B (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device
CN116132065A (en) Key determination method, device, computer equipment and storage medium
Cui et al. A new image encryption algorithm based on DNA dynamic encoding and hyper-chaotic system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180112