CN111737689B

CN111737689B - Data processing method, processor, electronic device and storage medium

Info

Publication number: CN111737689B
Application number: CN202010525931.9A
Authority: CN
Inventors: 刘姗
Original assignee: Beijing QIYI Century Science and Technology Co Ltd
Current assignee: Beijing QIYI Century Science and Technology Co Ltd
Priority date: 2020-06-10
Filing date: 2020-06-10
Publication date: 2023-07-14
Anticipated expiration: 2040-06-10
Also published as: CN111737689A

Abstract

The invention provides a data processing method, a processor, electronic equipment and a storage medium, wherein the method comprises the following steps: responding to a processing request aiming at target data, and processing the target data by each processing unit according to a preset sequence to obtain processing result data; processing input data by adopting a first confusion matrix and a first preset white-box lookup table in a first processing unit to obtain first output data; if the first processing unit is the first processing unit, the input data is the target data; processing the first output data by adopting a second confusion matrix and a second preset white-box lookup table in a second processing unit to obtain second output data; if the second processing unit is the last processing unit, the second output data is the processing result data; different processing requests use different first confusion matrices. The invention can ensure the safety of the first preset white-box lookup table and the second preset white-box lookup table and effectively prevent side channel attack.

Description

Data processing method, processor, electronic device and storage medium

Technical Field

The present invention relates to the field of data processing technologies, and in particular, to a data processing method, a processor, an electronic device, and a storage medium.

Background

In the field of data processing technology, in order to ensure the security of data, it is generally required to encrypt the data by an encryptor and decrypt the data by a decryptor, and an attack on the encryptor or the decryptor can obtain a key used by the encryptor or the decryptor, so that the key has a security problem. The side channel attack is used as an attack behavior for the encryptor or the decryptor, the side channel attack does not need to acquire code logic of the encryptor, and an attacker can acquire input data and corresponding output data of each encryption unit in the encryptor through a large number of encryption requests, so that a white box lookup table used by the encryption unit can be determined according to the corresponding relation between the input data and the output data; similarly, the side channel attack does not need to acquire the code logic of the decryptor, and an attacker can acquire the input data and the corresponding output data of each decryption unit in the decryptor through a large number of decryption requests, so that the white box lookup table used by the decryption unit can be presumed according to the corresponding relation between the input data and the output data.

It can be seen that the security problem of the white box lookup table exists in the current encryptor and decryptor, and the side channel attack cannot be effectively prevented.

Disclosure of Invention

The embodiment of the invention aims to provide a data processing method, a processor, electronic equipment and a storage medium, so as to ensure the security of a white-box lookup table and prevent side channel attacks. The specific technical scheme is as follows:

in a first aspect of the present invention, there is provided a data processing method applied to a processor including at least two processing units including at least a first processing unit and a second processing unit;

the method comprises the following steps:

responding to a processing request aiming at target data, and processing the target data by each processing unit according to a preset sequence to obtain processing result data;

in the first processing unit, a first confusion matrix and a first preset white-box lookup table are adopted to process input data, so that first output data are obtained; if the first processing unit is the first processing unit according to a preset sequence, the input data is the target data;

in the second processing unit, a second confusion matrix and a second preset white-box lookup table are adopted to process the first output data, so as to obtain second output data; if the second processing unit is the last processing unit in a preset sequence, the second output data is the processing result data;

Wherein the first processing unit uses different ones of the first confusion matrices for different ones of the processing requests, and the second confusion matrix and the first confusion matrix are reciprocal matrices, respectively.

Optionally, the first confusion matrix is randomly generated, and the second confusion matrix is an inverse matrix generated according to the first confusion matrix after the first confusion matrix is randomly generated.

Optionally, the first confusion matrix is randomly generated according to the following steps:

randomly generating a preset number of data, and constructing a matrix according to the preset number of data;

if the matrix is a reversible matrix, the matrix is determined to be a first confusion matrix.

Optionally, the first confusion matrix includes a preset number of data generated according to a preset rule, and the preset rule is different when different processing requests are processed.

Optionally, the preset rule is randomly selected from a preset rule base.

Optionally, the processing the input data with the first confusion matrix and the first preset white-box lookup table to obtain first output data includes:

processing a first preset white-box lookup table by adopting a first confusion matrix to obtain a first dynamic white-box lookup table, and processing input data by adopting the first dynamic white-box lookup table to obtain first output data;

The processing the first output data by adopting a second confusion matrix and a second preset white-box lookup table to obtain second output data comprises the following steps:

and processing a second preset white-box lookup table by adopting a second confusion matrix to obtain a second dynamic white-box lookup table, and processing the first output data by adopting the second dynamic white-box lookup table to obtain second output data.

Optionally, the processing the first preset white-box lookup table with the first confusion matrix to obtain a first dynamic white-box lookup table includes:

converting first preset data in a first preset white-box lookup table into a first preset matrix;

obtaining the product of the first preset matrix and the first confusion matrix to obtain a first dynamic matrix;

converting the first dynamic matrix into first dynamic data;

and generating a first dynamic white-box lookup table according to the first dynamic data.

Optionally, the processing the second preset white-box lookup table with the second confusion matrix to obtain a second dynamic white-box lookup table includes:

converting second preset data in a second preset white-box lookup table into a second preset matrix;

Obtaining the product of the second preset matrix and a second confusion matrix to obtain a second dynamic matrix;

converting the second dynamic matrix into second dynamic data;

and generating a second dynamic white-box lookup table according to the second dynamic data.

processing input data by adopting a first preset white box lookup table to obtain first intermediate data, and processing the first intermediate data by adopting a first confusion matrix to obtain first output data;

and processing the first output data by adopting a second confusion matrix to obtain second intermediate data, and processing the second intermediate data by adopting a second preset white-box lookup table to obtain second output data.

Optionally, the processing the first intermediate data by using a first confusion matrix to obtain first output data includes:

converting the first intermediate data into a first data matrix;

Obtaining the product of the first data matrix and the first confusion matrix to obtain a second data matrix;

the second data matrix is converted into first output data.

Optionally, the processing the first output data with the second confusion matrix to obtain second intermediate data includes:

converting the first output data into a third data matrix;

obtaining the product of the second confusion matrix and the third data matrix to obtain a fourth data matrix;

and converting the fourth data matrix into second intermediate data.

Optionally, the processor is a decryptor, the processing unit is a decryption unit, and each processing unit processes the target data according to a preset sequence, including: each decryption unit carries out decryption processing on the target data according to a preset sequence; or alternatively, the process may be performed,

the processor is an encryptor, the processing unit is an encryption unit, and each processing unit processes the target data according to a preset sequence, including: and each encryption unit carries out encryption processing on the target data according to a preset sequence.

In a second aspect of the present invention, there is also provided a processor including at least two processing units including at least a first processing unit and a second processing unit;

Each processing unit is used for responding to a processing request aiming at target data and processing the target data according to a preset sequence to obtain a processing result;

the first processing unit is used for processing input data by adopting a first confusion matrix and a first preset white-box lookup table to obtain first output data; if the first processing unit is the first processing unit according to a preset sequence, the input data is the target data;

the second processing unit is configured to process the first output data by using a second confusion matrix and a second preset white-box lookup table to obtain second output data; if the second processing unit is the last processing unit in a preset sequence, the second output data is the processing result data;

Optionally, the first processing unit is further configured to:

Optionally, the preset rule is randomly selected from a preset rule base.

Optionally, the first processing unit is further configured to:

the second processing unit is further configured to:

Optionally, the first processing unit is further configured to:

converting the first dynamic matrix into first dynamic data;

Optionally, the second processing unit is further configured to:

converting the second dynamic matrix into second dynamic data;

Optionally, the first processing unit is further configured to:

the second processing unit is further configured to:

Optionally, the first processing unit is further configured to:

converting the first intermediate data into a first data matrix;

the second data matrix is converted into first output data.

Optionally, the second processing unit is further configured to:

converting the first output data into a third data matrix;

obtaining the product of the third data matrix and the second confusion matrix to obtain a fourth data matrix;

and converting the fourth data matrix into second intermediate data.

Optionally, the processor is a decryptor, the processing unit is a decryption unit, and each decryption unit is configured to: decrypting the target data according to a preset sequence; or alternatively, the process may be performed,

the processor is an encryptor, the processing unit is an encrypting unit, and each encrypting unit is used for: and encrypting the target data according to a preset sequence.

In a third aspect of the present invention, there is also provided an electronic device, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;

A memory for storing a computer program;

and a processor for implementing any of the above-described method steps when executing a program stored on the memory.

In a fourth aspect of the invention, there is also provided a computer readable storage medium having stored thereon a computer program which when executed by a processor performs a method as described in any of the above.

In a fifth aspect the invention provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any of the embodiments described above.

The data processing method, the processor, the electronic device and the storage medium provided by the embodiment of the invention, wherein the processor comprises at least two processing units, and the first processing unit adopts different first confusion matrixes to change the input-output relationship of the first processing unit under the condition of processing different input data, so that the corresponding relationship between the input data and the first output data of the first processing unit is not fixed, an attacker cannot determine a fixed input-output relationship through a large amount of input data and corresponding first output data of the first processing unit, and further cannot determine a first preset white-box lookup table, thereby realizing the purpose of protecting the first preset white-box lookup table used by the first processing unit, ensuring the safety of the first preset white-box lookup table, and effectively preventing side channel attacks on the first processing unit. Similarly, the security of the second preset white-box lookup table of the second processing unit can be ensured, and the side channel attack on the second processing unit can be effectively prevented.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.

FIG. 1 is a schematic diagram of a processor according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating steps of a data processing method according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of a data processing flow of a processor according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of another data processing flow of the processor according to an embodiment of the present invention;

FIG. 5 is a block diagram of a processor in accordance with an embodiment of the present invention;

fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

The present invention may be applied to a processor including at least two processing units including at least a first processing unit and a second processing unit, and the first processing unit and the second processing unit may be one or more, and the first processing unit and the second processing unit are alternately arranged. For the first processing unit, the input data thereof may be target data input to the processor; for the rest first processing units, the input data of the rest first processing units can be the second output data of the previous second processing unit, and the output data of each first processing unit is called first output data; for each second processing unit, the input data may be the first output data of the previous first processing unit, the output data of each second processing unit is called second output data, and for the last second processing unit, the second output data may be the processing result data of the processor. As shown in fig. 1, for example, 4 processing units are illustrated, the first processing unit includes two PU1 and PU3, the second processing unit includes two PU2 and PU4, the first processing unit PU1 is a first processing unit, input data of the first processing unit PU1 is target data, first output data of the first processing unit PU1 may be input data of the second processing unit PU2, second output data of the second processing unit PU2 may be input data of the first processing unit PU3, first output data of the first processing unit PU3 may be input data of the second processing unit PU4, and second output data of the last second processing unit PU4 may be processing result data.

The first processing unit PU1 and the second processing unit PU3 may process the input data by using a first confusion matrix and a first preset white-box lookup table to obtain first output data, and the second processing unit PU2 and PU4 may process the input data by using a second confusion matrix and a second preset white-box lookup table to obtain second output data, as shown in fig. 1. It will be appreciated that the first confusion matrix is the confusion matrix employed by the first processing unit and the second confusion matrix is the confusion matrix employed by the second processing unit, and the first confusion matrices of different first processing units may be the same or different, and the second confusion matrices of different second processing units may be the same or different. In one example, upon receiving a processing request, a first confusion matrix and a second confusion matrix may be generated for the processing request such that each first processing unit uses the same first confusion matrix and each second processing unit uses the same second confusion matrix; in another example, upon receiving a processing request, each first processing unit generates a first confusion matrix, and each second processing unit generates a second confusion matrix that is reciprocal to the first confusion matrix according to the corresponding first confusion matrix, such that a different first processing unit employs a different first confusion matrix, and a different second processing unit employs a different second confusion matrix. In addition, the first preset white-box lookup table is a white-box lookup table adopted by the first processing unit, and the second preset white-box lookup table is a white-box lookup table adopted by the second processing unit.

The first preset white-box lookup table is used for realizing the encryption or decryption process of the first processing unit, and the first processing unit adopts the first confusion matrix to protect the first preset white-box lookup table. Specifically, under the condition that the first processing unit encrypts or decrypts different input data, different first confusion matrixes are adopted to change the input-output relation of the first processing unit, so that the corresponding relation between the input data of the first processing unit and the first output data is unfixed, an attacker cannot determine a fixed input-output relation through a large amount of input data of the first processing unit and the corresponding first output data, and further cannot determine a first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table is guaranteed, and side channel attacks on the first processing unit are effectively prevented.

Similarly, the second preset white-box lookup table is used for realizing the encryption or decryption process of the second processing unit, and the second processing unit adopts the second confusion matrix to protect the second preset white-box lookup table. Specifically, the second confusion matrix is an inverse matrix of the first confusion matrix, and the first confusion matrix is different for different input data, so that the second processing unit adopts different second confusion matrices to change the input-output relationship of the second processing unit under the condition of encrypting or decrypting different input data, and the corresponding relationship between the input data and the second output data of the second processing unit is unfixed, so that an attacker cannot determine a fixed input-output relationship through a large amount of input data and corresponding second output data of the second processing unit, and further cannot determine a second preset white-box lookup table, the purpose of protecting the second preset white-box lookup table used by the second processing unit is achieved, the safety of the second preset white-box lookup table is ensured, and side channel attacks on the second processing unit are effectively prevented.

It should be noted that, in the above process, the process of determining the first preset white-box lookup table by the corresponding relationship between the input data and the first output data of the first processing unit, and the process of determining the second preset white-box lookup table by the corresponding relationship between the input data and the second output data of the second processing unit are both side channel attack processes. The invention can effectively avoid side channel attack.

The present application may be applied to an encryption process or a decryption process. When the type of the processing request carried in the processing request is an encryption type, the processing request is an encryption request, the processor is an encryptor, each processing unit is an encryption unit, and each encryption unit encrypts the target data according to a preset sequence, so that an attacker cannot acquire a first preset white-box lookup table and a second preset white-box lookup table through an encryption process, the security of the first preset white-box lookup table and the second preset white-box lookup table in the encryption process is ensured, and side channel attacks on the first processing unit and the second processing unit in the encryption process are effectively avoided; when the type of the processing request carried in the processing request is a decryption type, the processing request is a decryption request, the processor is a decryptor, each processing unit is a decryption unit, and each decryption unit carries out decryption processing on the target data according to a preset sequence, so that an attacker cannot determine a first preset white-box lookup table and a second preset white-box lookup table through a decryption process, the security of the first preset white-box lookup table and the second preset white-box lookup table in the decryption process is ensured, and side channel attacks on the first processing unit and the second processing unit in the decryption process are effectively avoided.

Based on the above description, embodiments of the present invention will be described in detail.

Referring to fig. 2, a flowchart of steps of a data processing method according to an embodiment of the present invention is shown, and the flowchart is applied to a processor including at least two processing units, where the at least two processing units include at least a first processing unit and a second processing unit; the method comprises the following steps:

step 101, in response to a processing request for target data, each processing unit processes the target data according to a preset sequence to obtain processing result data.

Wherein processing the request includes, but is not limited to: encryption request and decryption request. When the processing request is an encryption request, the target data is any data to be encrypted, and the processing result data is the data after the target data is encrypted; when the processing request is a decryption request, the target data is any data to be decrypted, and the processing result data is data after decrypting the target data. It will be appreciated that the target data may be any type of data, e.g. video data, voice data, text data, etc., and the target data may be any source of data, e.g. data downloaded from a network, user-made data, data received from the remaining terminals.

It is understood that the predetermined order of the respective processing units may be such that the first processing units and the second processing units are alternately arranged as shown in fig. 1, so that the respective units are sequentially processed in the arrangement order when the target data is processed. Specifically, the target data is used as input data of a first processing unit to start processing, each processing unit processes the input data to obtain output data of each processing unit, and the output data is used as input data of a next processing unit, so that the next processing unit processes, the processing is continuously performed until the processing of a last processing unit is finished, the output data of the last processing unit is used as processing result data, and when the last processing unit is a second processing unit, the second output data of the last second processing unit can be used as processing result data.

The processing units in the above process may include a first processing unit that may perform processing according to sub-step 1011 and a second processing unit that may perform processing according to sub-step 1012.

Sub-step 1011, in the first processing unit, processing the input data by using a first confusion matrix and a first preset white-box lookup table to obtain first output data; and if the first processing unit is the first processing unit according to a preset sequence, the input data is the target data.

As can be seen from the foregoing description, the first processing unit may be an encryption unit or a decryption unit.

In the case where the first processing unit is an encryption unit, the processing request is an encryption request. In one example, first, the input data of the first processing unit may be encrypted using a first preset white-box look-up table to obtain first intermediate data; and then, the first intermediate data is mixed by adopting a first mixing matrix to obtain first output data, wherein the first output data and the first intermediate data are different. After an attacker encrypts a large amount of input data and corresponding first output data through a large amount of encryption requests, but because different first confusion matrixes are adopted for different encryption requests, the corresponding relation between the first intermediate data and the first output data is not fixed, and further the corresponding relation between the input data of the first processing unit and the first output data is also not fixed, so that the attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further cannot determine the first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table in the encryption process is ensured, and the side channel attack of the first processing unit is effectively prevented.

In the case where the first processing unit is an encryption unit, the processing request is an encryption request. In another example, the first confusion matrix may be further used to confuse the data in the first preset white-box lookup table to obtain a first dynamic white-box lookup table, and the first dynamic white-box lookup table is used to encrypt the input data of the first processing unit to obtain the first output data. After an attacker encrypts a large amount of input data and corresponding first output data through a large amount of encryption requests, but different first confusion matrixes are adopted for different encryption requests, so that the adopted first dynamic white-box lookup table is not fixed, and further, the corresponding relation between the input data of the first processing unit and the first output data is also not fixed, therefore, the attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further, cannot determine the first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table in the encryption process is ensured, and side channel attacks on the first processing unit are effectively prevented.

Similarly, in the case where the first processing unit is a decryption unit, the processing request is a decryption request. In one example, first, the input data of the first processing unit may be decrypted using a first preset white-box look-up table to obtain first intermediate data; and then, the first intermediate data is mixed by adopting a first mixing matrix to obtain first output data, wherein the first output data and the first intermediate data are different. After an attacker decrypts the first output data through a large number of decryption requests, a large number of input data and corresponding first output data can be obtained, but as different first confusion matrixes are adopted for different decryption requests, the corresponding relation between the first intermediate data and the first output data is not fixed, and further the corresponding relation between the input data of the first processing unit and the first output data is also not fixed, so that the attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further cannot determine the first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table in the decryption process is ensured, and the side channel attack of the first processing unit in the encryption process is effectively prevented.

In the case where the first processing unit is a decryption unit, the processing request is a decryption request. In another example, the first confusion matrix may be further used to confusion the data in the first preset white-box lookup table, so as to obtain a first dynamic white-box lookup table, and the first dynamic white-box lookup table is used to decrypt the input data of the first processing unit, so as to obtain the first output data. After an attacker decrypts the first output data through a large number of decryption requests, a large number of input data and corresponding first output data can be obtained, but as different first confusion matrixes are adopted for different decryption requests, the adopted first dynamic white-box lookup table is not fixed, and further the corresponding relation between the input data of the first processing unit and the first output data is also not fixed, so that the attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further cannot determine the first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table in the decryption process is ensured, and the side channel attack of the first processing unit in the decryption process is effectively prevented.

In summary, the first processing unit may not only ensure the security of the first preset white-box lookup table in the encryption process, but also ensure the security of the first preset white-box lookup table in the decryption process.

Sub-step 1012, in the second processing unit, processing the first output data by using a second confusion matrix and a second preset white-box lookup table to obtain second output data; if the second processing unit is the last processing unit in a preset sequence, the second output data is the processing result data; wherein the first processing unit uses different ones of the first confusion matrices for different ones of the processing requests, and the second confusion matrix and the first confusion matrix are reciprocal matrices, respectively.

It can be understood that, the principle of the second processing unit protecting the second preset white-box lookup table is similar to that of the first processing unit protecting the first preset white-box lookup table, and the second processing unit not only can ensure the security of the second preset white-box lookup table in the encryption process, but also can ensure the security of the second preset white-box lookup table in the decryption process, and the detailed description of the sub-step 1011 can be referred to, which is not repeated herein.

In one example, an interface that generates an inverse matrix may be directly invoked to generate the inverse matrix, in another example, the generation of the inverse matrix may also be accomplished by writing a code according to the definition of the inverse matrix, e.g., a determinant of a first confusion matrix may be first calculated, and then, for the data of the ith row and jth column in the first confusion matrix, the algebraic remainder may be calculated; finally, the ratio of algebra Yu Zishi of the ith row and the jth column to determinant of the first confusion matrix is used as the data of the ith row and the jth column of the inverse matrix.

When a processing request for target data is received, the method can randomly generate an confusion matrix as a first confusion matrix of the first processing unit, and the inverse matrix of the first confusion matrix is regenerated as a second confusion matrix of the second processing unit, so that the data in the first confusion matrix is a random number, and the data in the second confusion matrix is also a random number. Therefore, the input-output relationship of the first processing unit and the input-output relationship of the second processing unit are irregular when different processing requests are processed, so that an attacker cannot determine the fixed input-output relationship of the first processing unit and the second processing unit, and the safety of the first preset white-box lookup table and the second preset white-box lookup table is ensured.

Optionally, the first confusion matrix is randomly generated according to the following steps A1 to A2:

and A1, randomly generating a preset number of data, and constructing a matrix according to the preset number of data.

The preset number is the number of data included in the first confusion matrix, and may be set according to an actual application scenario, for example, if data processing is performed in units of bytes, the preset number may be determined according to the number of bits corresponding to one byte, and if the number of rows and the number of columns of the first confusion matrix are both the number of bits, the preset number may be 8×8=64.

It will be appreciated that the location of the data in the matrix need not be considered in constructing the matrix and that any data may be placed at any location in the matrix.

And step A2, if the matrix is a reversible matrix, determining the matrix as a first confusion matrix.

The invention can generate the inverse matrix as the second confusion matrix according to the first confusion matrix, thereby judging whether the matrix is the reversible matrix, specifically, can calculate the determinant of the matrix, determine the matrix with determinant of 0 as the irreversible matrix, and determine the matrix with determinant of not 0 as the reversible matrix. When it is a reversible matrix, it can be used as a first confusion matrix; when it is not a reversible matrix, step A1 may be repeated until a reversible matrix is obtained.

The method and the device can randomly generate the data, and generate the first confusion matrix according to the randomly generated data, so that the process of generating the random data is simpler, and development difficulty is reduced.

Wherein the preset rule is a constraint on the data in the first confusion matrix, for example, the preset rule may define that the data must be greater than a certain value, or the preset rule may define that the type of the data is decimal. It will be appreciated that the foregoing randomly generating the predetermined number of data is one way of randomly generating the first confusion matrix, the data in the generated first confusion matrix is random, and the generating the predetermined number of data according to the predetermined rule is another way of generating the first confusion matrix, the data in the generated first confusion matrix is in accordance with the predetermined rule. In practical application, the invention is not limited by any way of choosing any way.

When processing different processing requests, the generated first confusion matrix is different due to the adoption of different preset rules, and the second confusion matrix is the inverse of the first confusion matrix, so that the second confusion matrix is also different, thereby ensuring the safety of the first preset white-box lookup table and the second preset white-box lookup table.

The method and the device can generate different first confusion matrixes through the preset rules, so that the mode of generating the first confusion matrixes is diversified.

Optionally, the preset rule is randomly selected from a preset rule base.

The preset rule library comprises a plurality of rules for selection, the preset rules in the preset rule library can be preconfigured, and the preset rules can be flexibly configured according to application scenes and specific requirements, and the method is not limited. In the invention, the preset rule can be randomly selected, so that the first confusion matrix has randomness, the corresponding relation between the input data of the first processing unit and the first output data has randomness, and the security of the first preset white box lookup table is ensured; in addition, as the preset first confusion matrix has randomness, the second confusion matrix is an inverse matrix of the first confusion matrix, so that the second confusion matrix also has randomness, the corresponding relation between the input data and the second output data of the second processing unit has randomness, and the safety of the second preset white-box lookup table is guaranteed.

Optionally, the sub-step 1011 may include a sub-step B:

and B, processing a first preset white-box lookup table by adopting a first confusion matrix to obtain a first dynamic white-box lookup table, and processing input data by adopting the first dynamic white-box lookup table to obtain first output data.

The first preset white-box lookup table is provided with a plurality of data, and each data can be processed through the first confusion matrix to obtain corresponding first dynamic data, so that the plurality of first dynamic data form the first dynamic white-box lookup table. The first dynamic white-box look-up tables obtained for different processing requests are also different, since different first confusion matrices are employed for different processing requests.

The input data is processed based on the first dynamic white-box lookup table, specifically, a target position in the first dynamic white-box lookup table may be determined according to the input data, so that data corresponding to the target position is used as first output data. For example, if there are M data arranged in sequence in the first dynamic white-box lookup table, if the input data is N, the nth data in the first dynamic white-box lookup table may be used as the first output data, where 1< =n < =m.

The invention can generate different first dynamic white-box lookup tables aiming at different processing requests, and can obtain a large amount of input data and corresponding first output data after an attacker processes a large amount of processing requests, but because different first confusion matrixes are adopted for different processing requests, the adopted first dynamic white-box lookup tables are not fixed, and further the corresponding relation between the input data and the first output data of the first processing unit is also not fixed, so that the attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further cannot determine the first preset white-box lookup table, thereby realizing the purpose of protecting the first preset white-box lookup table used by the first processing unit, ensuring the safety of the first preset white-box lookup table and effectively preventing side channel attacks on the first processing unit.

Optionally, the substep 1012 may include substep C:

and C, processing a second preset white-box lookup table by adopting a second confusion matrix to obtain a second dynamic white-box lookup table, and processing the first output data by adopting the second dynamic white-box lookup table to obtain second output data.

It can be understood that the principle of the second processing unit protecting the second preset white-box lookup table is similar to that of the first processing unit protecting the first preset white-box lookup table, and the detailed description of the sub-step B may be referred to herein, and will not be repeated.

Optionally, the substep B comprises substeps B1 to B4:

and B1, converting the first preset data into a first preset matrix for the first preset data in the first preset white-box lookup table.

The first preset data is data in a first preset white-box lookup table, and the first preset data can be multiple. Specifically, the first preset data may be split into M data according to a certain rule, so that the M data may form a first preset matrix of 1*M. For example, since the first preset data is stored in bytes, it is possible to convert bytes into binary data in units of bytes and take binary values of each bit in the binary data as data in the first preset matrix. For example, the decimal data 9 may be converted into binary data 00001001, and each binary value therein is used as data in the first preset matrix, so that the first preset matrix [ 00001001 ] may be obtained.

And B2, obtaining the product of the first preset matrix and the first confusion matrix to obtain a first dynamic matrix.

The number of columns of the first preset matrix is the same as the number of rows of the first confusion matrix, for example, for the first preset matrix of 1*M, since the number of columns is M, the number of rows of the first confusion matrix is M, for example, the first confusion matrix may be a m×m matrix, so that the product of the first preset matrix of 1*M and the first confusion matrix of m×m is the first dynamic matrix of 1*M.

And a sub-step B3 of converting the first dynamic matrix into first dynamic data.

Specifically, each data in the first dynamic matrix may be calculated according to a preset algorithm to obtain first dynamic data, and it should be noted that the algorithm for converting the matrix into data and converting the data into the matrix needs to be reciprocal, so as to obtain a matrix M1 after converting the matrix M1 into the data M2, and then converting the matrix M2 into the matrix M1. For example, the preset algorithm may take each data in the first dynamic matrix as a value of each bit of binary data in sequence, and then convert the binary data into decimal data as the first dynamic data.

And a sub-step B4 of generating a first dynamic white box lookup table according to the first dynamic data.

It will be appreciated that the first preset data in the first preset whitebox look-up table is sequential, and each first preset data generates a corresponding first dynamic data, so that the first dynamic data in the first dynamic whitebox look-up table is sequential, and the sequence of the first dynamic data and the sequence of the first preset data are identical.

The invention can convert the first preset data in the first preset white-box lookup table into the first preset matrix so as to realize the confusion of the first preset data by the product of the first preset matrix and the first confusion matrix, and finally realize the confusion of the first preset white-box lookup table.

Optionally, the substep C comprises substeps C1 to C4:

and C1, converting second preset data in a second preset white box lookup table into a second preset matrix.

It can be appreciated that the process of converting the second preset data into the second preset matrix is similar to the process of converting the first preset data into the first preset matrix in the sub-step B1, and the detailed description of the sub-step B1 may be referred to herein, and will not be repeated.

And C2, obtaining the product of the second preset matrix and the second confusion matrix to obtain a second dynamic matrix.

It will be appreciated that the process of obtaining the product of the second confusion matrix and the second preset matrix is similar to the process of obtaining the product of the first preset matrix and the first confusion matrix, and specific reference may be made to the detailed description of the sub-step B2, which is not repeated here.

And a substep C3, converting the second dynamic matrix into second dynamic data.

It can be appreciated that the process of converting the second dynamic matrix into the second dynamic data is similar to the process of converting the first dynamic matrix into the second dynamic data, and the detailed description of the sub-step B3 may be referred to herein, and will not be repeated.

And C4, generating a second dynamic white box lookup table according to the second dynamic data.

It will be appreciated that the process of generating the second dynamic white-box look-up table according to the second dynamic data is similar to the process of generating the first dynamic white-box look-up table according to the first dynamic data, and the detailed description of the sub-step B4 may be referred to, and will not be repeated here.

The invention can convert the second preset data in the second preset white-box lookup table into the second preset matrix so as to realize the confusion of the second preset data by the product of the second confusion matrix and the second preset matrix, and finally realize the confusion of the second preset white-box lookup table.

The process of generating the first dynamic white-box lookup table based on the substeps B1 to B4 and the process of generating the second dynamic white-box lookup table in the substeps C1 to C4 may not change the input-output relationship of the processor on the premise of ensuring the security of the first preset white-box lookup table and the second preset white-box lookup table. As shown in fig. 3, the processing units PU1 and PU3 are first processing units, PU2 and PU4 are second processing units, the input-output relationship of the first preset white-box lookup tables of the first processing units PU1 and PU3 may be identified by Func1 and Func3, the first confusion matrices of the first processing units PU1 and PU3 are respectively conducix 1 and conducix 3, and the second confusion matrices of the second processing units PU2 and PU4 are respectively conducix 2 and conducix 4, where conducix 1 and conducix 2 are inverse matrices, and conducix 3 and conducix 4 are inverse matrices.

In fig. 3, the input data of the first processing unit PU1 is the target data VAU1, the first processing unit PU1 first converts the first preset white-box lookup table Func1 into a first dynamic white-box lookup table T1 (Func 1) by using the first confusion matrix ConMatrix1, T1 is a conversion function corresponding to the first confusion matrix ConMatrix1, and then obtains the first output data T1 (Func 1 (VAU 1)) corresponding to the target data VAU1 by using the first dynamic white-box lookup table T1 (Func 1).

The input data of the second processing unit PU2 is the first output data T1 (Func 1 (VAU 1)), the second processing unit PU2 first converts the second preset white-box lookup table Func2 into the second dynamic white-box lookup table T2 (Func 2) by using the second confusion matrix ConMatrix2, T2 is a conversion function corresponding to the second confusion matrix ConMatrix2, and then obtains the second output data T2 (Func 2 (T1 (VAU 1)) corresponding to the input data T1 (Func 1 (VAU 1)) by using the second dynamic white-box lookup table T2 (Func 2), and since the first confusion matrix ConMatrix1 and the second confusion matrix ConMatrix2 are inverse matrices, the functions T2 and T1 are inverse functions, so that the second output data T2 (Func 1 (VAU 1)) is the second output data T2 (Func 1 (VAU 1)).

The input data of the first processing unit PU3 is the target data Func2 (Func 1 (VAU 1)), the first processing unit PU3 first converts the first preset white-box lookup table Func3 into a first dynamic white-box lookup table T3 (Func 3) by using the first confusion matrix ConMatrix3, T3 is a conversion function corresponding to the first confusion matrix ConMatrix3, and then obtains the first output data T3 (Func 2 (Func 1 (VAU 1)) corresponding to the input data Func2 (Func 1 (VAU 1)) by using the first dynamic white-box lookup table T3 (Func 3).

The input data of the second processing unit PU4 is the first output data T3 (Func 2 (Func 1 (VAU 1)))), the second processing unit PU4 first converts the second preset white-box look-up table Func4 into the second dynamic white-box look-up table T4 (Func 4) using the second confusion matrix ConMatrix4, T4 is a conversion function corresponding to the second confusion matrix ConMatrix4, and then acquires the second output data T4 (Func 4 (T3 (Func 2 (Func 1 (VAU 1))) corresponding to the input data T3 (Func 2 (Func 1 (VAU 1))) using the second dynamic white-box look-up table T4 (T3 (Func 2 (Func 1))) since the first confusion matrix ConMatrix3 and the second confusion matrix ConMatrix4 are inverse matrices, the functions T3 and T4 are inverse functions, and the second output data T4 (T3 (Func 2 (Func 1 (VAU 1))) is the second output data T4 (Func 3 (Func 1 (VAU 1)))) is the second output data T4 (Func 1 (VAU 1))).

It can be seen that, if the first confusion matrix and the second confusion matrix are not added, after the processing of the processing units PU1, PU2, PU3 and PU4, the decrypted data of the target data VAU1 is also Func4 (Func 3 (Func 2 (VAU 1)))), so that the purpose that the confusion matrix does not affect the input-output relationship of the processor is achieved.

As can be seen from the foregoing sub-steps B and C, sub-step B is a specific implementation of sub-step 1011 and correspondingly, sub-step C is a specific implementation of sub-step 1012. In practical applications, sub-step 1011 may have another specific implementation, and correspondingly, sub-step 1012 may have another implementation, where the execution order of sub-step B and sub-step D is different, and correspondingly, the execution order of sub-step C and sub-step E is different. Another implementation of sub-step 1011 is illustrated below in sub-step D and another implementation of sub-step 1012 is illustrated below in sub-step E:

And D, processing the input data by adopting a first preset white box lookup table to obtain first intermediate data, and processing the first intermediate data by adopting a first confusion matrix to obtain first output data.

The first preset white-box lookup table is used for processing input data, and a target position in the first preset white-box lookup table can be determined according to the input data, so that data corresponding to the target position in the first preset white-box lookup table is used as first intermediate data. For example, if there are M data arranged in sequence in the first preset white-box lookup table, if the input data is N, the nth data in the first preset white-box lookup table may be used as the first intermediate data, where 1< =n < =m.

After the first intermediate data is obtained, the first intermediate data may be processed using a first confusion matrix to obtain first output data. Because different first confusion matrixes are adopted for different processing requests, the corresponding relation between the first intermediate data and the first output data is not fixed for the different processing requests, and the corresponding relation between the input data of the first processing unit and the first output data is not fixed, so that an attacker cannot determine a fixed input-output relation through the corresponding relation between the input data and the first output data, and further cannot determine the first preset white-box lookup table, the purpose of protecting the first preset white-box lookup table used by the first processing unit is achieved, the safety of the first preset white-box lookup table is guaranteed, and side channel attacks on the first processing unit are effectively prevented.

And E, processing the first output data by using a second confusion matrix to obtain second intermediate data, and processing the second intermediate data by using a second preset white-box lookup table to obtain second output data.

And processing the second intermediate data by adopting a second preset white-box lookup table, and determining a target position in the second preset white-box lookup table according to the second intermediate data, so that data corresponding to the target position in the second preset white-box lookup table is used as second output data. For example, if there are M data arranged in sequence in the second preset white-box lookup table, if the input data is N, the nth data in the second preset white-box lookup table may be used as the second output data, where 1< =n < =m.

It can be understood that, because the second confusion matrix adopted is different for different processing requests, the corresponding relationship between the first output data and the second intermediate data is not fixed, so that the corresponding relationship between the first output data and the second output data is not fixed, that is, the corresponding relationship between the input data of the second processing unit and the second output data is not fixed, so that an attacker cannot determine a fixed input-output relationship through the corresponding relationship between the input data and the second output data, and further cannot determine the second preset white-box lookup table, thereby realizing the purpose of protecting the second preset white-box lookup table used by the second processing unit, ensuring the security of the second preset white-box lookup table, and effectively preventing side channel attacks on the second processing unit.

Optionally, the substep D comprises substeps D1 to D3:

and D1, converting the first intermediate data into a first data matrix.

It will be appreciated that the process of converting the first intermediate data into the first data matrix is similar to the process of converting the first preset data into the first preset matrix in the sub-step B1, and specific reference may be made to the detailed description of the sub-step B1, which is not repeated herein.

And D2, obtaining the product of the first data matrix and the first confusion matrix to obtain a second data matrix.

It will be appreciated that the process of obtaining the product of the first data matrix and the first confusion matrix is similar to the process of obtaining the product of the first preset matrix and the first confusion matrix, and specific reference may be made to the detailed description of the sub-step B2, which is not repeated here.

And D3, converting the second data matrix into first output data.

It will be appreciated that the process of converting the second data matrix into the first output data is similar to the process of converting the second dynamic matrix into the second dynamic data, and specific reference may be made to the detailed description of the sub-step B3, which is not repeated here.

Optionally, the substep E comprises substeps E1 to E3:

And E1, converting the first output data into a third data matrix.

It will be appreciated that the process of converting the first output data into the third data matrix is similar to the process of converting the first preset data into the first preset matrix in the sub-step B1, and specific reference may be made to the detailed description of the sub-step B1, which is not repeated herein.

And E2, obtaining the product of the third data matrix and the second confusion matrix to obtain a fourth data matrix.

It will be appreciated that the process of obtaining the product of the third data matrix and the second confusion matrix is similar to the process of obtaining the product of the first preset matrix and the first confusion matrix, and specific reference may be made to the detailed description of the sub-step B2, which is not repeated here.

And E3, converting the fourth data matrix into second intermediate data.

It will be appreciated that the process of converting the fourth data matrix into the second intermediate data is similar to the process of converting the second dynamic matrix into the second dynamic data, and the detailed description of the sub-step B3 may be referred to herein, and will not be repeated.

Based on the process of converting the first intermediate data in the substeps D1 to D4 and the process of converting the first output data in the substeps E1 to E4, the input-output relationship of the processor may not be changed on the premise of ensuring the security of the first preset white-box lookup table and the second preset white-box lookup table. As shown in fig. 4, the processing units PU1 and PU3 are first processing units, PU2 and PU4 are second processing units, the input-output relationship of the first preset white-box lookup of the first processing units PU1 and PU3 may be represented by Func1 and Func3, the input-output relationship of the second preset white-box lookup table of the second processing units PU2 and PU4 may be represented by Func2 and Func4, the first confusion matrix of the first processing units PU1 and PU3 is respectively a ConMatrix1 and a ConMatrix3, and the second confusion matrix of the second processing units PU2 and PU4 is respectively a ConMatrix2 and a ConMatrix4, wherein the ConMatrix1 and the ConMatrix2 are inverse matrices, and the ConMatrix3 and the ConMatrix4 are inverse matrices.

In fig. 4, the input data of the first processing unit PU1 is the target data VAU1, the first processing unit PU1 firstly processes the target data VAU1 with a first preset white-box lookup table Func1 to obtain first intermediate data Func1 (VAU 1), then converts the first intermediate data Func1 (VAU 1) into a first data matrix M [ Func1 (VAU 1) ], finally obtains the product of the first data matrix M [ Func1 (VAU 1) ] and the first confusion matrix ConMatrix1 to obtain a second data matrix M [ Func1 (VAU 1) ], and converts the second data matrix M [ Func1 (VAU 1) ].

The input data of the second processing unit PU2 is the first output data V (M [ Func1 (VAU 1) ]. Conmatrix 1) of the first processing unit PU1, the second processing unit PU2 first converts the first output data V (M [ Func1 (VAU 1) ]. Conmatrix 1) into a third data matrix M [ Func1 (VAU 1) ]. Conmatrix1, then obtains the product of the third data matrix M [ Func1 (VAU 1) ]. Conmatrix1 and the second confusion matrix Conmatrix2 to obtain a fourth data matrix M [ Func1 (VAU 1) ]. Conmatrix1 ]. Conmatrix2, since the ConMatrix1 and ConMatrix2 are inverse matrices to each other, the fourth data matrix is M [ Func1 (VAU 1) ], and finally the fourth data matrix M [ Func1 (VAU 1) ] is converted into the second intermediate data Func1 (VAU 1), and the second intermediate data Func1 (VAU 1) is processed by using the second preset white-box lookup table Func2 to obtain the second output data Func2 (Func 1 (VAU 1)).

The input data of the first processing unit PU3 is second output data Func2 (Func 1 (VAU 1)) of the second processing unit PU2, the first processing unit PU3 firstly processes the second output data Func2 (Func 1 (VAU 1)) by using a first preset white box lookup table Func3 to obtain first intermediate data Func3 (Func 2 (Func 1 (VAU 1))), then converts the first intermediate data Func3 (Func 2 (Func 1 (VAU 1))) into a first data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] ], finally obtains a product of the first data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] and the first confusion matrix con matrix3 to obtain a second data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] and converts the second data matrix M [ Func3 (Func 1 (VAU 1))) 1) into first output data matrix V [ 2 (V1)) ] V3.

The input data of the second processing unit PU4 is the first output data V (M [ Func3 (Func 2 (Func 1 (VAU 1))) ] of the first processing unit PU3, the second processing unit PU4 first converts the first output data V (M [ Func3 (Func 2 (Func 1 (VAU 1))) ] to a third data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] of the first output data V (M [ Func3 (Func 2 (Func 1 (VAU 1))))) ] of the first processing unit PU3, then obtains the product of the third data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] of the first data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))))) ] of the second confusion matrix con matrix4 to obtain a fourth data matrix M [ Func3 (Func 1 (VAU 1))) ]. Of the second confusion matrix con matrix4, since the ConMatrix3 and the ConMatrix4 are inverse matrices to each other, the fourth data matrix is M [ Func3 (Func 2 (Func 1 (VAU 1))) ], and finally the fourth data matrix M [ Func3 (Func 2 (Func 1 (VAU 1))) ] is converted into the second intermediate data Func3 (Func 2 (Func 1 (VAU 1))), and the second intermediate data Func3 (Func 2 (Func 1 (VAU 1))) is processed using the second preset white-box look-up table Func4 to obtain the second output data Func4 (Func 3 (Func 2 (Func 1 (VAU 1)))).

In summary, the embodiment of the invention provides a data processing method, which is applied to a processor with at least two processing units, wherein the at least two processors at least comprise a first processing unit and a second processing unit, and the first processing unit adopts different first confusion matrixes to change the input-output relationship of the first processing unit under the condition of processing different input data, so that the corresponding relationship between the input data and the first output data of the first processing unit is not fixed, an attacker cannot determine a fixed input-output relationship through a large amount of input data and corresponding first output data of the first processing unit, and then cannot determine a first preset white-box lookup table, thereby realizing the purpose of protecting the first preset white-box lookup table used by the first processing unit and ensuring the security of the first preset white-box lookup table. Similarly, the security of the second preset white-box lookup table of the second processing unit can be ensured, and the side channel attack on the second processing unit can be effectively prevented.

Referring to fig. 5, a block diagram of a processor provided in an embodiment of the present invention is shown, which specifically includes:

the processor 200 comprises at least two processing units, including at least a first processing unit 201 and a second processing unit 202;

each processing unit is used for responding to a processing request for target data and processing the target data according to a preset sequence to obtain a processing result;

the first processing unit 201 is configured to process input data by using a first confusion matrix and a first preset white-box lookup table to obtain first output data; if the first processing unit 201 is the first processing unit according to a preset sequence, the input data is the target data;

the second processing unit 202 is configured to process the first output data by using a second confusion matrix and a second preset white-box lookup table to obtain second output data; if the second processing unit 202 is the last processing unit in the preset sequence, the second output data is the processing result data;

wherein the first processing unit 201 uses different first confusion matrices for different processing requests, and the second confusion matrix and the first confusion matrix are reciprocal matrices, respectively.

Optionally, the first processing unit 201 is further configured to:

Optionally, the preset rule is randomly selected from a preset rule base.

Optionally, the first processing unit 201 is further configured to:

the second processing unit 202 is further configured to:

Optionally, the first processing unit 201 is further configured to:

converting the first dynamic matrix into first dynamic data;

Optionally, the second processing unit 202 is further configured to:

converting the second dynamic matrix into second dynamic data;

Optionally, the first processing unit 201 is further configured to:

the second processing unit 202 is further configured to:

Optionally, the first processing unit 201 is further configured to:

converting the first intermediate data into a first data matrix;

the second data matrix is converted into first output data.

Optionally, the second processing unit 202 is further configured to:

converting the first output data into a third data matrix;

and converting the fourth data matrix into second intermediate data.

Optionally, the processor 200 is a decryptor, the processing unit is a decryption unit, and each decryption unit is configured to: decrypting the target data according to a preset sequence; or alternatively, the process may be performed,

the processor 200 is an encryptor, the processing unit is an encryption unit, and each encryption unit is configured to: and encrypting the target data according to a preset sequence.

In summary, the embodiment of the present invention provides a processor having at least two processing units, where the at least two processors at least include a first processing unit and a second processing unit, and the first processing unit uses different first confusion matrices to change an input-output relationship of the first processing unit under a condition of processing different input data, so that a correspondence between the input data and the first output data of the first processing unit is not fixed, so that an attacker cannot determine a fixed input-output relationship through a large amount of input data and corresponding first output data of the first processing unit, and further cannot determine a first preset white-box lookup table, thereby achieving the purpose of protecting the first preset white-box lookup table used by the first processing unit, ensuring security of the first preset white-box lookup table, and effectively preventing side channel attacks on the first processing unit. Similarly, the security of the second preset white-box lookup table of the second processing unit can be ensured, and the side channel attack on the second processing unit can be effectively prevented.

The embodiment of the present invention further provides an electronic device, as shown in fig. 6, including a processor 301, a communication interface 302, a memory 303, and a communication bus 304, where the processor 301, the communication interface 302, and the memory 303 perform communication with each other through the communication bus 304, the processor 301 includes at least two processing units, where the at least two processing units include at least a first processing unit and a second processing unit,

A memory 303 for storing a computer program;

the processor 301 is configured to execute the program stored in the memory 303, and implement the following steps:

in the first processing unit, a first confusion matrix and a first preset white-box lookup table are adopted to process input data, so that first output data are obtained; if the first processing unit is the first processing unit according to the preset sequence, the input data is the target data;

The communication bus mentioned by the above terminal may be a peripheral component interconnect standard (Peripheral Component Interconnect, abbreviated as PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, abbreviated as EISA) bus, etc. The communication bus may be classified as an address bus, a data bus, a control bus, or the like. For ease of illustration, the figures are shown with only one bold line, but not with only one bus or one type of bus.

The communication interface is used for communication between the terminal and other devices.

The memory may include random access memory (Random Access Memory, RAM) or non-volatile memory (non-volatile memory), such as at least one disk memory. Optionally, the memory may also be at least one memory device located remotely from the aforementioned processor.

The processor may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a network processor (Network Processor, NP for short), etc.; but also digital signal processors (Digital Signal Processing, DSP for short), application specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), field-programmable gate arrays (Field-Programmable Gate Array, FPGA for short) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.

In yet another embodiment of the present invention, a computer readable storage medium is provided, in which instructions are stored, which when run on a computer, cause the computer to perform the data processing method according to any of the above embodiments.

In a further embodiment of the present invention, a computer program product comprising instructions which, when run on a computer, causes the computer to perform the data processing method according to any of the above embodiments is also provided.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data processing device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.

It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

In this specification, each embodiment is described in a related manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.

The foregoing description is only of the preferred embodiments of the present invention and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims

1. A data processing method, characterized by being applied to a processor comprising at least two processing units, the at least two processing units comprising at least a first processing unit and a second processing unit;

the method comprises the following steps:

2. The method of claim 1, wherein the first confusion matrix is randomly generated and the second confusion matrix is an inverse matrix generated from the first confusion matrix after the first confusion matrix is randomly generated.

3. The method of claim 2, wherein the first confusion matrix is randomly generated according to the steps of:

randomly generating a preset number of data, and constructing a matrix according to the preset number of data; the preset number refers to the number of data contained in the first confusion matrix;

4. The method of claim 1, wherein the first confusion matrix comprises a preset number of data generated according to a preset rule, the preset rule being different when processing for different processing requests; the preset number refers to the number of data contained in the first confusion matrix.

5. The method of claim 4, wherein the predetermined rule is randomly selected from a predetermined rule base.

6. The method of claim 1, wherein processing the input data using the first confusion matrix and the first preset whitebox look-up table to obtain the first output data comprises:

7. The method of claim 6, wherein processing the first predetermined white-box look-up table with the first confusion matrix results in a first dynamic white-box look-up table, comprising:

converting the first dynamic matrix into first dynamic data; the first dynamic data are calculated according to a preset algorithm based on each data in the first dynamic matrix;

8. The method of claim 6, wherein processing the second predetermined white-box look-up table with the second confusion matrix results in a second dynamic white-box look-up table, comprising:

converting the second dynamic matrix into second dynamic data; the second dynamic data are calculated according to a preset algorithm based on each data in the second dynamic matrix;

9. The method of claim 1, wherein processing the input data using the first confusion matrix and the first preset whitebox look-up table to obtain the first output data comprises:

10. The method of claim 9, wherein processing the first intermediate data using a first confusion matrix to obtain first output data comprises:

converting the first intermediate data into a first data matrix;

the second data matrix is converted into first output data.

11. The method of claim 9, wherein processing the first output data using a second confusion matrix to obtain second intermediate data comprises:

converting the first output data into a third data matrix;

and converting the fourth data matrix into second intermediate data.

12. The method according to any one of claims 1 to 11, wherein,

the processor is a decryptor, the processing unit is a decryption unit, and the processing units process the target data according to a preset sequence, including: each decryption unit carries out decryption processing on the target data according to a preset sequence; or alternatively, the process may be performed,

the processor is an encryptor, the processing units are encryption units, and each processing unit processes the target data according to a preset sequence, including: and each encryption unit carries out encryption processing on the target data according to a preset sequence.

13. A processor, comprising at least two processing units, the at least two processing units comprising at least a first processing unit and a second processing unit;

Each processing unit is used for responding to a processing request aiming at target data and processing the target data according to a preset sequence to obtain processing result data;

14. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are communicated with each other through the communication bus;

A memory for storing a computer program;

a processor for implementing the method of any one of claims 1 to 12 when executing a program stored on a memory.

15. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any one of claims 1 to 12.