CN109510703B - Data encryption and decryption method and device - Google Patents
Data encryption and decryption method and device Download PDFInfo
- Publication number
- CN109510703B CN109510703B CN201811405801.0A CN201811405801A CN109510703B CN 109510703 B CN109510703 B CN 109510703B CN 201811405801 A CN201811405801 A CN 201811405801A CN 109510703 B CN109510703 B CN 109510703B
- Authority
- CN
- China
- Prior art keywords
- encryption key
- encryption
- random number
- key
- priority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a data encryption and decryption method and device, which are used for solving the problem that active attack on a plaintext is easily caused by encrypting the plaintext data by adopting an OFB mode in the prior art. The data encryption method comprises the following steps: the encryption party generates a first encryption key by adopting a first encryption mode, an initial key and an initial vector; generating at least one random number, and determining a second encryption key according to the at least one random number and the first encryption key; encrypting plaintext data to be encrypted by adopting a second encryption key to obtain a first ciphertext; encrypting each random number by adopting a second encryption mode and an initial key to respectively obtain each second ciphertext; and sending the first ciphertext and each second ciphertext to a decryptor. Since the attacker does not know the initial key and cannot decrypt the correct random number every time, the attacker cannot accurately obtain the second encryption key, and further cannot decrypt the plaintext data every time, so that the attacker can be prevented from attacking the plaintext data to a certain extent.
Description
Technical Field
The present invention relates to the field of information protection technologies, and in particular, to a data encryption and decryption method and apparatus.
Background
With the rapid development of information technology, the value of information becomes higher and higher, and accordingly, the protection of information becomes more and more important, and the information is generally protected by encrypting plaintext information.
The encryptor may encrypt the plaintext data in an Output Feedback (OFB) mode. When the OFB mode is adopted for encryption, the length L of plaintext data D to be encrypted needs to be known first, an initial key K and an initial vector IV of preset bits are adopted to generate an encryption key K1, and the length of the encryption key K1 is the length L of the plaintext data D; and then carrying out exclusive OR on the plaintext data D to be encrypted and the encryption key K1 to obtain ciphertext data ED, wherein the length of the ciphertext data ED is L.
When a decryption party decrypts ciphertext data, the length L of plaintext data ED to be decrypted needs to be known first, a decryption key K1 is generated by adopting an initial vector IV and an initial key K, and the length of the decryption key K1 is the length L of the ciphertext data ED; and then carrying out exclusive or on the ciphertext data to be decrypted and the decryption key K1 to obtain plaintext data D.
Aiming at the application scenes that a plurality of plaintexts have the same length, after an attacker successfully decrypts the plaintexts once, the encryption key K1 is already deduced, and if the attackers subsequently use the same initial vector and initial key to determine the encryption key and encrypt a section of plaintexts with the same length, the subsequently generated encryption key and the previously generated encryption key are possibly the same, so that the attackers can easily decrypt the plaintexts according to the encryption key, and can easily create active attack on the plaintexts.
Disclosure of Invention
The embodiment of the invention discloses a data encryption and decryption method and device, which are used for solving the problem that active attack on a plaintext is easily caused by encrypting the plaintext data by adopting an OFB mode in the prior art.
In order to achieve the above object, an embodiment of the present invention discloses a data encryption method, where the method includes:
the encryption method comprises the steps that an encryption party generates a first encryption key by adopting a preset first encryption mode and a pre-stored initial key and initial vector;
generating at least one random number, and determining a second encryption key according to the at least one random number and the first encryption key;
encrypting plaintext data to be encrypted by adopting the second encryption key to obtain a first ciphertext;
encrypting each random number by adopting a preset second encryption mode and the initial key to respectively obtain each second ciphertext;
and sending the first ciphertext and each second ciphertext to a decryptor.
Further, the determining a second encryption key based on the at least one random number and the first encryption key comprises:
and cutting and recombining the first encryption key by using the at least one random number in a pre-stored cutting combination mode to obtain a second encryption key.
Further, the method for cutting and recombining the first encryption key by using at least two random numbers in a pre-stored cutting and combining manner to obtain a second encryption key includes:
according to the sequence of each character in the first encryption key and the priority of each random number, sequentially determining sub-character strings consisting of characters of the number corresponding to each random number according to the sequence of the priority from high to low, wherein the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
Further, the length of the second encryption key is the length of the plaintext data to be encrypted.
Further, the length of the first encryption key is the length of plaintext data to be encrypted.
Further, the first encryption scheme is an encryption scheme of an output feedback OFB mode.
Further, the second encryption mode is an encryption mode of a codebook ECB mode.
The embodiment of the invention discloses a data decryption method based on any one of the data encryption methods, which comprises the following steps:
the decryptor decrypts the second ciphertexts obtained by respectively encrypting the at least one random number by adopting a preset decryption mode to obtain at least one random number;
generating a first encryption key by adopting a preset encryption mode and a pre-stored initial key and initial vector;
determining a second encryption key based on the at least one random number and the first encryption key;
and decrypting the first ciphertext obtained by encrypting the plaintext data by using the second encryption key to obtain the plaintext data.
Further, the determining a second encryption key based on the at least one random number and the first encryption key comprises:
and cutting and recombining the first encryption key by using the at least one random number in a pre-stored cutting combination mode to obtain a second encryption key.
Further, the method for cutting and recombining the first encryption key by using at least two random numbers in a pre-stored cutting and combining manner to obtain a second encryption key includes:
according to the sequence of each character in the first encryption key and the priority of each random number, sequentially determining sub-character strings consisting of characters of the number corresponding to each random number according to the sequence of the priority from high to low, wherein the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
The embodiment of the invention discloses a data encryption device, which comprises:
the key generation module is used for generating a first encryption key by adopting a preset first encryption mode and a pre-stored initial key and initial vector;
the random number generating module is used for generating at least one random number;
a key updating module, configured to determine a second encryption key according to the at least one random number and the first encryption key;
the plaintext encryption module is used for encrypting plaintext data to be encrypted by adopting the second encryption key to obtain a first ciphertext;
the random number encryption module is used for encrypting each random number by adopting a preset second encryption mode and the initial key to respectively obtain each second ciphertext;
and the sending module is used for sending the first ciphertext and each second ciphertext to a decryptor.
Further, the key updating module is specifically configured to use the at least one random number to cut and recombine the first encryption key by using a pre-stored cutting combination manner, so as to obtain a second encryption key.
Further, the key updating module is specifically configured to determine sub-character strings composed of characters corresponding to each random number in sequence according to the sequence of each character in the first encryption key and the priority of each random number, and according to the sequence of priorities from high to low, where the priority of each sub-character string is the same as the priority of the corresponding random number; and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
The embodiment of the invention discloses a data decryption device based on any one of the data encryption devices, which comprises:
the random number decryption module is used for decrypting second ciphertexts obtained by respectively encrypting at least one random number by adopting a preset decryption mode to obtain at least one random number;
the key generation module is used for generating a first encryption key by adopting a preset encryption mode and a pre-stored initial key and initial vector;
a key updating module, configured to determine a second encryption key according to the at least one random number and the first encryption key;
and the plaintext decryption module is used for decrypting the first ciphertext obtained by encrypting the plaintext data by adopting the second encryption key to obtain the plaintext data.
Further, the key updating module is specifically configured to use the at least one random number to cut and recombine the first encryption key by using a pre-stored cutting combination manner, so as to obtain a second encryption key.
Further, the key updating module is specifically configured to determine sub-character strings composed of characters corresponding to each random number in sequence according to the sequence of each character in the first encryption key and the priority of each random number, and according to the sequence of priorities from high to low, where the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
In the embodiment of the invention, the random number and the first encryption key are adopted to determine the new second encryption key, even if the same initial vector and initial key are used for encrypting the plaintext data with the same length, an attacker does not know the initial key and cannot decrypt the correct random number every time, so that the second encryption key cannot be accurately obtained, the plaintext data cannot be decrypted every time, and the attack on the plaintext data is avoided to a certain extent.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic diagram of a data encryption process according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a data decryption process according to an embodiment of the present invention;
fig. 3 is a structural diagram of a data encryption device according to an embodiment of the present invention;
fig. 4 is a structural diagram of a data decryption apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1:
fig. 1 is a schematic diagram of a data encryption process provided in an embodiment of the present invention, where the process includes the following steps:
s101: the encryption party generates a first encryption key by adopting a preset first encryption mode, and a pre-stored initial key and an initial vector.
The data encryption method provided by the embodiment of the invention is applied to an encryption party, wherein the encryption party can be electronic equipment such as a terminal, a server and the like, and the encryption party can be a chip, a device with an encryption function and the like.
The encryption party may generate an encryption key according to the initial key and the initial vector and the first encryption method, and an encryption key generated according to the first encryption method, the initial vector and the initial key is referred to as a first encryption key. The first encryption key is typically a string of characters. The first encryption scheme includes, but is not limited to, an OFB mode encryption scheme.
S102: at least one random number is generated.
The sequence of S101 and S102 may not be limited, S101 may be executed first, and then S102 may be executed, S102 may be executed first, and then S101 may be executed, or S101 and S102 may be executed simultaneously.
S103: and determining a second encryption key according to the at least one random number and the first encryption key, and encrypting plaintext data to be encrypted by adopting the second encryption key to obtain a first ciphertext.
In order to make the encryption key for encrypting the plaintext data not easy to crack, the encryption party can also generate at least one random number, determine a second encryption key by adopting the at least one random number and the generated first encryption key, and encrypt the plaintext data by adopting the second encryption key. The second encryption key is different from the first encryption key.
The encryption key is typically a string of characters, and the encryptor, when determining the second encryption key based on at least one random number and the first encryption key, may place the generated random number at a position after or before the first encryption key, and the first encryption key and the random number are recombined into the second encryption key. If there are at least two random numbers, the substring of random numbers can be determined according to the priority of random numbers, and the substring of random numbers is placed at the position after or before the first encryption key to obtain the second encryption key.
The priority of the random number may be determined according to the generation time of the random number, for example, the priority of the random number is higher when the generation time is earlier, and the priority of the random number is lower when the generation time is later, or vice versa. The priority of the random number may also be determined according to the size of the random number, for example, a high priority with a large value and a low priority with a small value, or vice versa.
Taking the example that the priority of the large value of the random number is higher than that of the small value, and the substring of the random number is placed after the first encryption key, and the second encryption key is determined, assuming that three random numbers are generated, 3, and 5 respectively, the substring of the three random numbers is 533, and the first encryption key is acds, the second encryption key is acds 533. The length of the first encryption key is different from the length of the second encryption key.
The encryption party stores the plaintext data to be encrypted, and after determining the second encryption key, the encryption party can encrypt the plaintext data to be encrypted by using the second encryption key to obtain a ciphertext, which is called as a first ciphertext.
S104: and encrypting each random number by adopting a preset second encryption mode and the initial key to respectively obtain each second ciphertext.
The encryptor holds a second encryption method, and the encryptor can encrypt the random number by using the second encryption method. Specifically, the second encryption method and the pre-stored initial key may be used to encrypt each random number to obtain a ciphertext of the random number, which may be referred to as a second ciphertext. I.e. there are several random numbers, there are several second ciphertexts. The second encryption scheme includes, but is not limited to, a codebook ECB mode encryption scheme.
The sequence of S103 and S104 may not be limited, S103 may be executed first, S104 may be executed next, S104 may be executed first, S103 may be executed next, or S103 and S104 may be executed simultaneously.
S105: and sending the first ciphertext and each second ciphertext to a decryptor.
After the encryption party determines the first ciphertext and the second ciphertext, the encryption party can send the first ciphertext and the second ciphertext to the decryption party, so that the decryption party decrypts the encrypted ciphertext corresponding to the plaintext data when using the plaintext.
Fig. 2 is a schematic diagram of a data decryption process provided in an embodiment of the present invention, where the process includes the following steps:
s201: and the decryptor decrypts the second ciphertext obtained by encrypting the at least one random number respectively by adopting a preset decryption mode to obtain at least one random number.
The data decryption method provided by the embodiment of the invention is applied to a decryption party, wherein the decryption party can be electronic equipment, such as a terminal, a server and the like, and the decryption party can be a chip, a device with a decryption function and the like.
And the encryption party encrypts the plaintext data by adopting a second encryption key to obtain a first ciphertext and sends the first ciphertext to the decryption party, and sends a second ciphertext obtained by encrypting the random number to the decryption party, so that the decryption party receives the second ciphertext obtained by encrypting the random number and the first ciphertext obtained by encrypting the plaintext data, which are sent by the encryption party.
The decryption side stores a decryption mode for decrypting the random number in advance, and if the decryption side is a legal decryption side, the decryption mode for decrypting the random number stored in the decryption side is the same as the encryption mode for encrypting the random number stored in the legal encryption side.
The decryptor may decrypt the second ciphertext obtained by encrypting the random number by using a pre-stored decryption manner to obtain the random number.
The number of the second ciphertext may be one or more, and correspondingly, the number of the random number may be one or more.
The pre-stored decryption method includes, but is not limited to, a decryption method in the codebook ECB mode.
S202: and generating a first encryption key by adopting a preset encryption mode and a pre-stored initial key and initial vector.
The decryption side may generate an encryption key based on the initial key and the initial vector and the encryption method, and an encryption key generated based on the encryption method, the initial vector and the initial key is referred to as a first encryption key. If the decryption party is a legal decryption party, the initial key, the initial vector and the encryption mode stored in the decryption party are the same as those stored in a legal encryption party. The encryption method includes, but is not limited to, an encryption method in the OFB mode.
The sequence of S201 and S202 may not be limited, S201 may be executed first, and then S202 may be executed, S202 may be executed first, and then S201 may be executed, or S201 and S202 may be executed simultaneously.
S203: determining a second encryption key based on the at least one random number and the first encryption key.
The decryption party stores the same encryption key determining mode as the encryption party, and after decrypting at least one random number and generating the first encryption key, the decryption party can determine the second encryption key by using at least one random number and the first encryption key, and the specific determining process is the same as that of the encryption party, and is not described herein again.
S204: and decrypting the first ciphertext obtained by encrypting the plaintext data by using the second encryption key to obtain the plaintext data.
After determining the second encryption key, the decryptor may decrypt the first ciphertext obtained by encrypting the plaintext data according to the second encryption key to obtain the plaintext data, where the decryption process is the reverse process of the encryption, and is not described in detail herein.
In the embodiment of the invention, the random number and the first encryption key are adopted to determine the new second encryption key, even if the same initial vector and initial key are used for encrypting the plaintext data with the same length, an attacker does not know the initial key and cannot decrypt the correct random number every time, so that the second encryption key cannot be accurately obtained, the plaintext data cannot be decrypted every time, and the attack on the plaintext data is avoided to a certain extent.
Example 2:
when determining the second encryption key according to the at least one random number and the first encryption key, whether the encryption party or the decryption party is the encryption party or the decryption party, the first encryption key may be cut and recombined by using the at least one random number in a cutting and combining manner stored in advance to obtain the second encryption key.
Taking an encryptor as an example for explanation, a string cutting and combining manner is pre-stored in the encryptor, the encryptor may generate one or multiple random numbers, and the first encryption key is cut and recombined according to at least one generated random number and the pre-stored cutting and combining manner, the encryption key is generally a string of strings, and the first encryption key may be referred to as a first string, that is, the encryptor cuts and recombines the first string corresponding to the first encryption key to obtain a second encryption key.
For example, the encryption party generates a random number, which is smaller than the length of the first encryption key, and the length of the first encryption key can be understood as the number of characters contained in the first encryption key. The encryption party sequentially determines a first sub-character string composed of characters with the number corresponding to the random number according to the sequence of each character in the first encryption key, and the characters except the first sub-character string in the first encryption key are composed into a second sub-character string according to the original sequence, and the second sub-character string is arranged in front of the first sub-character string and then determined as a second encryption key after the first sub-character string.
For example, the first encryption key is abcde, the length of the first encryption key is 5, the random number is 3, the determined first substring is abc, the second substring is de, and the second encryption key is abac.
If the decryption party is a legal decryption party, the cutting combination mode pre-stored in the decryption party is the same as the cutting combination mode pre-stored in the legal encryption party, and the process of cutting and recombining the first encryption key by using the random number to obtain the second encryption key is the same as the process executed by the encryption party, and detailed description is omitted here.
Example 3:
whether the encryption party or the decryption party is used, when a pre-stored cutting combination mode is adopted, the first encryption key is cut and recombined by using the random numbers to obtain a second encryption key, sub-character strings formed by characters of the number corresponding to each random number are sequentially determined according to the sequence of each character in the first encryption key and the priority of each random number and the sequence of the priority from high to low, and the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
Taking the encryptor as an example, the encryptor may generate at least two random numbers, the sum of the at least two random numbers is smaller than the number of characters included in the first encryption key, and the encryptor may set a determination rule for determining priorities of the plurality of random numbers in advance, for example, the priorities may be determined in order of generation time or may be determined in accordance with the size. The encryption method comprises the steps that the priorities of at least two generated random numbers are determined by an encryption party, after the priority of each random number is determined, one random number can be selected in sequence according to the sequence from high to low in priority, then characters corresponding to the random number are extracted according to the sequence of the characters in a first encryption key, the extracted characters serve as sub-character strings corresponding to the random numbers, and the priorities of the sub-character strings are the same as the priorities of the random numbers. And repeating the steps until the last random number determines the corresponding substring, wherein the rest characters may exist, and the priority of the substring formed by the rest characters can be determined to be lower than that of the substring corresponding to any random number.
It is assumed that there are three random numbers 2, and 3, the three random numbers 3, 2, and 2 in order from high to low in priority, the first encryption key abcdefghi, and the substrings obtained by dividing the three random numbers abc, de, fg, and hi in order from high to low in priority.
After determining each substring and the priority of each substring, the encryption may perform rearrangement and combination on the substrings to obtain a second encryption key, where a substring with a low priority is placed in front of a substring with a high priority, and then a second encryption key is obtained. According to the above example, the second encryption key is hifgdeabc. The length of the first encryption key is the same as the length of the second encryption key.
If the encryption party is a legal decryption party, the cutting combination mode pre-stored in the decryption party is the same as the cutting combination mode pre-stored in the legal encryption party, and the process of cutting and recombining the first encryption key by using the random number to obtain the second encryption key is the same as the process executed by the encryption party, and detailed description is omitted here.
Example 4:
when the second encryption key is used for encrypting the plaintext data, the second encryption key can be placed in the plaintext data to obtain a first ciphertext, the length of the second encryption key can be not limited at all, when the second encryption key is used for encrypting the plaintext data, the second encryption key and the plaintext data can be subjected to XOR to obtain the first ciphertext, and the length of the second encryption key is the length of the plaintext data to be encrypted. The length referred to herein may be understood as the number of characters, that is, the number of characters contained in the second encryption key is the same as the number of characters contained in the plaintext data. If the length of the first encryption key is the same as that of the second encryption key, the length of the first encryption key is the length of the plaintext data to be encrypted.
Any evolution in the claimed solution may belong to the claimed solution, according to the description of the above embodiments.
Example 5:
fig. 3 is a structural diagram of a data encryption device according to an embodiment of the present invention, where the device includes:
a key generation module 31, configured to generate a first encryption key by using a preset first encryption manner and a pre-stored initial key and initial vector;
a random number generation module 32 for generating at least one random number;
a key updating module 33, configured to determine a second encryption key according to the at least one random number and the first encryption key;
the plaintext encryption module 34 is configured to encrypt plaintext data to be encrypted by using the second encryption key to obtain a first ciphertext;
the random number encryption module 35 is configured to encrypt each random number by using a preset second encryption method and the initial key to obtain each second ciphertext;
and a sending module 36, configured to send the first ciphertext and each of the second ciphertexts to a decrypter.
Further, the key updating module 35 is specifically configured to use a pre-stored cutting combination manner to cut and recombine the first encryption key by using the at least one random number to obtain a second encryption key.
Further, the key updating module 35 is specifically configured to determine, according to the sequence of each character in the first encryption key and the priority of each random number, a sub-string composed of a number of characters corresponding to each random number in sequence from high to low, where the priority of each sub-string is the same as the priority of the corresponding random number; and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
Example 6:
fig. 4 is a structural diagram of a data decryption apparatus according to an embodiment of the present invention, where the apparatus includes:
a receiving module 41, configured to receive a first ciphertext and at least one second ciphertext sent by an encryptor;
the random number decryption module 42 is configured to decrypt, in a preset decryption manner, second ciphertexts obtained by encrypting the at least one random number respectively to obtain at least one random number;
a key generation module 43, configured to generate a first encryption key by using a preset encryption manner and a pre-stored initial key and initial vector;
a key update module 44, configured to determine a second encryption key according to the at least one random number and the first encryption key;
and the plaintext decryption module 45 is configured to decrypt the first ciphertext obtained by encrypting the plaintext data with the second encryption key to obtain plaintext data.
Further, the key updating module 44 is specifically configured to use a pre-stored cutting combination manner to cut and recombine the first encryption key by using the at least one random number to obtain a second encryption key.
Further, the key updating module 44 is specifically configured to determine, according to the sequence of each character in the first encryption key and the priority of each random number, a sub-string composed of a number of characters corresponding to each random number in sequence from high to low, where the priority of each sub-string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
Example 7:
based on the same inventive concept as the data encryption method, an embodiment of the present application further provides a data encryption apparatus for performing an operation performed by an encryptor in the data encryption method, where the data encryption apparatus includes: the processor and transceiver, optionally, also include memory. The processor is configured to invoke a set of programs, which when executed, cause the processor to perform the operations performed by the encryptor in the data encryption method described above. The memory is used for storing programs executed by the processor.
Based on the same inventive concept as the data decryption method, an embodiment of the present application further provides a data decryption apparatus, where the data decryption apparatus is configured to perform an operation performed by a decryption party in the data decryption method, and the data decryption apparatus includes: the processor and transceiver, optionally, also include memory. The processor is used for calling a group of programs, and when the programs are executed, the programs enable the processor to execute the operation executed by the decryption party in the data decryption method. The memory is used for storing programs executed by the processor.
The processor may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP.
The processor may further include a hardware chip or other general purpose processor. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The aforementioned PLDs may be Complex Programmable Logic Devices (CPLDs), field-programmable gate arrays (FPGAs), General Array Logic (GAL) and other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., or any combination thereof. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will also be appreciated that the memory referred to in the embodiments of the application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of example, but not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double data rate Synchronous Dynamic random access memory (DDR SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchronous link SDRAM (SLDRAM), and Direct Rambus RAM (DR RAM). It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The embodiment of the application provides a computer storage medium, which stores a computer program, wherein the computer program comprises a program for executing the data encryption method and/or the data decryption method.
Embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the above-described data encryption method and/or data decryption method.
Any kind of data encryption device that this application embodiment provided can also be a chip.
Any kind of data decryption device that this application embodiment provided can also be a chip.
For the system/apparatus embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
It is to be noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or operation from another entity or operation without necessarily requiring or implying any actual such relationship or order between such entities or operations.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely application embodiment, or an embodiment combining application and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.
Claims (11)
1. A method for data encryption, the method comprising:
the encryption method comprises the steps that an encryption party generates a first encryption key by adopting a preset first encryption mode and a pre-stored initial key and initial vector;
generating at least one random number, and determining a second encryption key according to the at least one random number and the first encryption key;
encrypting plaintext data to be encrypted by adopting the second encryption key to obtain a first ciphertext;
encrypting each random number by adopting a preset second encryption mode and the initial key to respectively obtain each second ciphertext;
sending the first ciphertext and each second ciphertext to a decrypter;
wherein said determining a second encryption key based on the at least one random number and the first encryption key comprises:
cutting and recombining the first encryption key by using the at least one random number in a pre-stored cutting combination mode to obtain a second encryption key;
the method for cutting and recombining the first encryption key by using at least two random numbers in a pre-stored cutting combination mode to obtain a second encryption key comprises the following steps:
according to the sequence of each character in the first encryption key and the priority of each random number, sequentially determining sub-character strings consisting of characters of the number corresponding to each random number according to the sequence of the priority from high to low, wherein the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with low priority and the substring with high priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
2. The method of claim 1, wherein the length of the second encryption key is the length of plaintext data to be encrypted.
3. The method of claim 1, wherein the length of the first encryption key is the length of plaintext data to be encrypted.
4. The method according to claim 1, wherein the first encryption scheme is an encryption scheme of an output feedback OFB mode.
5. The method of claim 1, wherein the second encryption scheme is a codebook ECB mode encryption scheme.
6. A data decryption method based on the data encryption method according to any one of claims 1 to 5, characterized in that the method comprises:
the decryptor decrypts the second ciphertexts obtained by respectively encrypting the at least one random number by adopting a preset decryption mode to obtain at least one random number;
generating a first encryption key by adopting a preset encryption mode and a pre-stored initial key and initial vector;
determining a second encryption key based on the at least one random number and the first encryption key;
decrypting a first ciphertext obtained by encrypting the plaintext data by using the second encryption key to obtain plaintext data;
wherein determining a second encryption key based on the at least one random number and the first encryption key comprises:
cutting and recombining the first encryption key by using the at least one random number in a pre-stored cutting combination mode to obtain a second encryption key;
the method for cutting and recombining the first encryption key by using at least two random numbers in a pre-stored cutting combination mode to obtain a second encryption key comprises the following steps:
according to the sequence of each character in the first encryption key and the priority of each random number, sequentially determining sub-character strings consisting of characters of the number corresponding to each random number according to the sequence of the priority from high to low, wherein the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with the low priority and the substring with the low priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
7. An apparatus for encrypting data, the apparatus comprising:
the key generation module is used for generating a first encryption key by adopting a preset first encryption mode and a pre-stored initial key and initial vector;
the random number generating module is used for generating at least one random number;
a key updating module, configured to determine a second encryption key according to the at least one random number and the first encryption key;
the plaintext encryption module is used for encrypting plaintext data to be encrypted by adopting the second encryption key to obtain a first ciphertext;
the random number encryption module is used for encrypting each random number by adopting a preset second encryption mode and the initial key to respectively obtain each second ciphertext;
the sending module is used for sending the first ciphertext and each second ciphertext to a decrypter;
the key updating module is specifically configured to use the at least one random number to cut and recombine the first encryption key in a pre-stored cutting and combining manner to obtain a second encryption key;
the key updating module is specifically configured to determine sub-character strings composed of characters of a number corresponding to each random number in sequence according to the sequence of each character in the first encryption key and the priority of each random number, and the priority of each sub-character string is the same as the priority of the corresponding random number; and leading the substring with the low priority and the substring with the low priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
8. A data decrypting apparatus based on the data encrypting apparatus according to claim 7, characterized in that the apparatus comprises:
the random number decryption module is used for decrypting second ciphertexts obtained by respectively encrypting at least one random number by adopting a preset decryption mode to obtain at least one random number;
the key generation module is used for generating a first encryption key by adopting a preset encryption mode and a pre-stored initial key and initial vector;
a key updating module, configured to determine a second encryption key according to the at least one random number and the first encryption key;
the plaintext decryption module is used for decrypting a first ciphertext obtained by encrypting plaintext data by adopting the second encryption key to obtain plaintext data;
the key updating module is specifically configured to use the at least one random number to cut and recombine the first encryption key in a pre-stored cutting and combining manner to obtain a second encryption key;
the key updating module is specifically configured to determine sub-character strings composed of characters of a number corresponding to each random number in sequence according to the sequence of each character in the first encryption key and the priority of each random number, and the priority of each sub-character string is the same as the priority of the corresponding random number;
and leading the substring with the low priority and the substring with the low priority to obtain a second encryption key, wherein the sum of at least two random numbers is less than the length of the first encryption key.
9. An apparatus for encrypting data, the apparatus comprising: a processor and a memory;
the processor is configured to call a program stored in the memory, and when the program is executed, the processor is configured to execute the steps of the data encryption method according to any one of claims 1 to 5.
10. An apparatus for decrypting data, the apparatus comprising: a processor and a memory;
the processor is configured to call a program stored in the memory, and when the program is executed, the processor is enabled to execute the steps of the data decryption method of claim 6.
11. A computer storage medium, characterized in that a computer program is stored, the computer program comprising instructions for carrying out the steps of the data encryption method according to any one of the preceding claims 1 to 5 and/or the steps of the data decryption method according to claim 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811405801.0A CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811405801.0A CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109510703A CN109510703A (en) | 2019-03-22 |
| CN109510703B true CN109510703B (en) | 2020-02-11 |
Family
ID=65750296
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811405801.0A Active CN109510703B (en) | 2018-11-23 | 2018-11-23 | Data encryption and decryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109510703B (en) |
Families Citing this family (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111431846B (en) * | 2019-05-30 | 2022-12-02 | 杭州海康威视数字技术股份有限公司 | Data transmission method, device and system |
| CN110995411B (en) * | 2019-11-13 | 2022-04-26 | 京东科技控股股份有限公司 | Encryption and decryption method and device, electronic equipment and storage medium |
| CN111464564B (en) * | 2020-05-08 | 2022-12-23 | 郑州信大捷安信息技术股份有限公司 | Data high-speed encryption and decryption method and device based on symmetric cryptographic algorithm |
| CN111740954B (en) * | 2020-05-18 | 2021-05-11 | 北京索德电气工业有限公司 | Elevator main controller and elevator board card communication encryption method |
| CN112685756B (en) * | 2020-12-30 | 2021-09-21 | 北京海泰方圆科技股份有限公司 | Data writing and reading method, device, medium and equipment |
| CN113094731B (en) * | 2021-04-15 | 2023-04-07 | 西南大学 | Block chain privacy protection method based on different distribution recombination scheme |
| CN114390317B (en) * | 2022-01-18 | 2024-03-19 | 山东点盾云网络科技有限公司 | Encryption method and system for streaming video |
| CN114553491A (en) * | 2022-01-24 | 2022-05-27 | 大唐互联科技(武汉)有限公司 | Data grading encryption method, system and storage medium |
| CN114513302A (en) * | 2022-01-24 | 2022-05-17 | 上海焜耀网络科技有限公司 | Data encryption and decryption method and equipment |
| CN114465720A (en) * | 2022-01-25 | 2022-05-10 | 中国工商银行股份有限公司 | Key migration method and device, storage medium and electronic equipment |
| CN114465804B (en) * | 2022-02-16 | 2024-03-26 | 贵州福润德文化产业发展有限公司 | Instruction encryption and decryption method capable of resisting replay attack |
| CN114710359B (en) * | 2022-04-15 | 2024-02-06 | 沈阳邦粹科技有限公司 | Industrial network dynamic key management method and industrial network encryption communication method |
| CN114884716B (en) * | 2022-04-28 | 2024-02-27 | 世融能量科技有限公司 | Encryption and decryption method, device and medium |
| CN115801321B (en) * | 2022-10-20 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Data combination encryption method and device |
| CN116055039B (en) * | 2022-12-29 | 2023-11-14 | 北京海泰方圆科技股份有限公司 | Random number generation method and device based on block cipher algorithm |
| CN117459233A (en) * | 2023-12-21 | 2024-01-26 | 法琛堂(昆明)医疗科技有限公司 | Medical information multilayer encryption method, device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242265A (en) * | 2008-03-07 | 2008-08-13 | 四川虹微技术有限公司 | Stream password and pseudorandom number generation method in secure system |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| CN103716157A (en) * | 2013-12-13 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Grouped multiple-key encryption method and grouped multiple-key encryption device |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101782956B (en) * | 2010-02-09 | 2012-06-13 | 杭州晟元芯片技术有限公司 | Method and device for protecting data on basis of AES real-time encryption |
| CN103458296B (en) * | 2013-09-10 | 2016-08-10 | 江苏银河电子股份有限公司 | Intelligent set top box safe key generates method |
| CN104253684B (en) * | 2014-09-23 | 2018-02-02 | 深圳市汇顶科技股份有限公司 | Encryption method and encryption device |
| CN107038383B (en) * | 2016-02-03 | 2020-08-25 | 华为技术有限公司 | Data processing method and device |
-
2018
- 2018-11-23 CN CN201811405801.0A patent/CN109510703B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242265A (en) * | 2008-03-07 | 2008-08-13 | 四川虹微技术有限公司 | Stream password and pseudorandom number generation method in secure system |
| CN103095696A (en) * | 2013-01-09 | 2013-05-08 | 中国电力科学研究院 | Identity authentication and key agreement method suitable for electricity consumption information collection system |
| CN103716157A (en) * | 2013-12-13 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Grouped multiple-key encryption method and grouped multiple-key encryption device |
| CN105245505A (en) * | 2015-09-14 | 2016-01-13 | 深圳市优友互联有限公司 | Data transmitting method and device, data receiving method and device, and receiving-transmitting system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109510703A (en) | 2019-03-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109510703B (en) | Data encryption and decryption method and device | |
| US9553722B2 (en) | Generating a key based on a combination of keys | |
| EP3363142B1 (en) | A cryptographic device and an encoding device | |
| KR102397579B1 (en) | Method and apparatus for white-box cryptography for protecting against side channel analysis | |
| US9565018B2 (en) | Protecting cryptographic operations using conjugacy class functions | |
| US10050964B2 (en) | Method and system for securing data communicated in a network | |
| CN110505054B (en) | Data processing method, device and equipment based on dynamic white box | |
| CN111404952B (en) | Transformer substation data encryption transmission method and device, computer equipment and storage medium | |
| WO2017006118A1 (en) | Secure distributed encryption system and method | |
| CN111404892B (en) | Data supervision method and device and server | |
| US8804953B2 (en) | Extensive ciphertext feedback | |
| CN112100144A (en) | Block chain file sharing method and device, storage medium and electronic equipment | |
| US10110373B2 (en) | System and method for manipulating both the plaintext and ciphertext of an encryption process prior to dissemination to an intended recipient | |
| CN112948867A (en) | Method and device for generating and decrypting encrypted message and electronic equipment | |
| EP3298720B1 (en) | Computing with encrypted values | |
| KR102315632B1 (en) | System and method for generating scalable group key based on homomorphic encryption with trust server | |
| JPWO2015166701A1 (en) | ENCRYPTION METHOD, PROGRAM, AND SYSTEM | |
| CN107968793B (en) | Method, device and storage medium for downloading white box key | |
| EP3996321A1 (en) | Method for processing encrypted data | |
| US11533162B2 (en) | Method for verification of integrity and decryption of an encrypted message, associated cryptomodule and terminal | |
| CN114401148A (en) | Communication data encryption and decryption optimization method | |
| US11070356B2 (en) | Text encryption | |
| CN116070250B (en) | Password algorithm evaluation method and device for android system application program | |
| CN114691759B (en) | Data query statistical method, device, computer equipment and storage medium | |
| WO2022237440A1 (en) | Authenticated encryption apparatus with initialization-vector misuse resistance and method therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |