CN113630386A

CN113630386A - Encryption and decryption method, device and communication system thereof

Info

Publication number: CN113630386A
Application number: CN202110801365.4A
Authority: CN
Inventors: 王宏健; 金翊; 金杉; 王颖
Original assignee: Individual
Current assignee: Individual
Priority date: 2021-07-15
Filing date: 2021-07-15
Publication date: 2021-11-09
Anticipated expiration: 2041-07-15
Also published as: WO2023284036A1; CN113630386B

Abstract

The invention relates to the field of information encryption and decryption, in particular to an encryption and decryption method and device realized by a reconfigurable multi-value logic operation component. The encryption and decryption method can comprise an encryption and decryption process, a process of presetting an encryption component reconstruction code, a decryption component reconstruction code and a key derivation component reconstruction code, a process of presetting a key and a process of generating a reservation code; the encryption and decryption device can comprise an encryption component, a decryption component and a read-only storage component which are formed by hardware, and can also comprise an encryption module, a decryption module and a configuration file which are formed by software; the application scene can be an autonomous communication encryption system and an auxiliary communication encryption system which use an encryption and decryption component, and can also be a static information encryption system which uses an encryption and decryption module; the invention has the beneficial effects that: the random feature is obvious, the random feature is not shorter than a plaintext, a plurality of optional keys can be derived, and a practical and feasible one-time pad technology is realized according to the mass optional keys, the automatic execution capacity of a computer and fewer storage units.

Description

Encryption and decryption method, device and communication system thereof

Technical Field

The invention relates to the field of information encryption and decryption, in particular to an encryption and decryption method and device constructed by reconfigurable multi-value logic operation components and an application scene thereof.

Background

With the popularization of technologies such as electronic commerce, online transaction, battlefield data chain, cloud storage and the like, and the frequent occurrence of the actual frequency that large-scale automation, remote control and data dependent facilities are attacked by network hackers, people pay attention to encryption technologies of communication data and storage data; with the continuous improvement of computer capability, the modern encryption method established by the complexity of the algorithm is seriously threatened, and a new encryption technology for various electronic files needs to be developed. Thus, in 1940, it was theoretically proven by shannon that the indecipherable "one-time pad encryption (also called" one-time pad "technology)" became a new target pursued by people.

The prior patent directly related to the invention has 3 items, which are patents of reconfigurable multi-value logic operator technology, and the invention is based on the technology and equipment provided by the 3 items, and constructs a symbol converter for encryption and decryption operations based on the technology and equipment. The 3 patents are respectively: [1] the no-carry no-borrow n value arithmetic device is disclosed in the Chinese patent: ZL200710041144.1, authorization day: 2009-10-28. The key point of the invention is to disclose a general method for constructing a multi-value processor, the main technology of the method is implemented in an optical processor, and encryption technology is not involved; [2] the invention discloses a reconfigurable three-value optical processor, which is invented by Chinese patent: ZL201010584129.3, authorization day: 2012-05-02, the main patent discloses a technical solution for constructing a three-valued optical processor, which does not involve encryption technology; [3] the invention discloses a multi-value electronic arithmetic device with numerous digits and capable of grouping and reconstructing and a method thereof, and the Chinese patent application number is as follows: 201811567284.7, filing date: 2018-12-20, PCT No: PCT/CN2019/070318 mainly discloses a technical scheme for constructing a reconfigurable multi-value logic electronic processor, and does not relate to encryption technology.

Disclosure of Invention

Aiming at the problems in the prior art, an encryption and decryption method and device based on a reconfigurable multi-value logic operation component and an application scenario thereof are provided.

1. The invention provides an encryption and decryption method

The method comprises an encryption process, a decryption process, a preset encryption component reconstruction code and decryption component reconstruction code process, a preset key derivation component reconstruction code process, a preset key presetting process and a reservation code generating process. It is preferable that: the encryption component, the decryption component and the key derivation component all use the reconfigurable multi-value logic operation component as a symbol conversion component, correspondingly, the encryption component reconstruction code, the decryption component reconstruction code and the key derivation component reconstruction code are all reconstruction codes of the reconfigurable multi-value logic operation component, and each reconstruction code sets the current operation rule of the corresponding multi-value logic operation component.

The encryption process comprises the following specific steps:

step A1: setting an encryption rule used at this time in advance according to a reconstruction code of an encryption part, and encrypting the current plaintext segment by using an encryption key corresponding to the current plaintext segment according to the encryption rule to obtain a corresponding ciphertext segment;

step A2: and setting an encryption key derivation rule used at this time in advance according to the reconstruction code of the key derivation part, and processing the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule to generate an encryption key for encrypting the next plaintext segment.

The execution order of A1 and A2 is not sequential, and can be parallel.

The decryption process specifically comprises the following steps:

step B1: setting a decryption rule used this time in advance according to a decryption component reconstruction code matched with the reconstruction code of the encryption component at the opposite end, and decrypting the current encrypted text segment by using a decryption key corresponding to the current encrypted text segment according to the decryption rule to obtain a decrypted plaintext segment;

step B2: and presetting a decryption key derivation rule used this time by using a key derivation part reconstruction code for setting the current encryption key derivation rule, and processing the decrypted plaintext segment and the corresponding decryption key according to the decryption key derivation rule to generate a decryption key for decrypting the next ciphertext segment.

The execution orders of B1 and B2 are not sequential, and can be parallel.

The decryption component reconstruction code paired with the encryption component reconstruction code is as follows: and generating a ciphertext from the plaintext by using the encryption rule set by one of the reconstruction codes, wherein the ciphertext can be decrypted by using the decryption rule set by the other reconstruction code, and generating the plaintext from the ciphertext.

The process of presetting the encryption component reconstruction code and the decryption component reconstruction code specifically comprises the following steps:

step C1: before a specific implementation of the encryption and decryption method is put into use, the following steps are carried out: before the encryptor and the decryptor are put into use and the encryption process and the decryption process are executed; randomly selecting and storing reconstruction code pairs consisting of a plurality of reconstruction codes of the encryption part and corresponding reconstruction codes of the decryption part from the reconstruction code sequence before the encryption unit and the decryption unit are put into use and execute the encryption process and the decryption process, and using the reconstruction code pairs as a reconstruction code pair group of the encryption part and the decryption part used by a specific implementation object;

step C2: and acquiring a first reduced number corresponding to the encryption and decryption processes, and extracting and presetting the encryption component reconstruction code and the decryption component reconstruction code used in the encryption and decryption processes from the encryption component and decryption component reconstruction code pairing group according to the first reduced number.

The process of reconstructing the code by the preset key derivation part specifically includes:

step D1: before a specific implementation of the encryption and decryption method is put into use, the following steps are carried out: before the encryption key derivation device and the decryption key derivation device are put into use and the encryption process and the decryption process are executed; randomly selecting reconstruction codes of a plurality of key derivation parts from the reconstruction code sequence as key derivation part reconstruction code groups used by the specific implementation object before the encryption key derivation unit and the decryption key derivation unit are put into use and the encryption process and the decryption process are executed;

step D2: and acquiring a second reduced number used in the encryption and decryption processes, and extracting and presetting the reconstruction code of the key derivation part used at this time from the key derivation part reconstruction code group according to the second reduced number.

The process of presetting the preset key specifically includes:

the predetermined key is used to encrypt a first of the plaintext segments and to decrypt a first of the ciphertext segments.

Step E1: before a specific implementation of the encryption and decryption method is put into use, the following steps are carried out: randomly selecting a plurality of preset keys from a preset key sequence before the read-only memory part or the configuration file is used as a preset key group used by the specific implementation object;

step E2: and acquiring a third reduced number used in the encryption and decryption process, and extracting and setting the preset key used at this time from the preset key group according to the third reduced number.

Steps C1, D1, and E1 must be performed once, and not a second time, before the particular implementation is put into use. However, C2, D2, and E2 are performed once for each encryption and decryption operation performed by the particular implementation.

The process of generating the reservation code specifically includes:

and taking a plurality of reserved numbers contained in the reserved code used in the encryption and decryption process as initial values, counting a plurality of symbol arrangements in a plaintext to be encrypted in the encryption and decryption process respectively, wherein the counting result is a plurality of new reserved numbers, and connecting all the new reserved numbers in sequence to form the reserved code to be used in the next encryption and decryption process.

2. The invention provides an electronic device for realizing the encryption and decryption method

The electronic device mainly uses hardware equipment to realize the encryption and decryption method. The characteristic hardware comprises: the device comprises an encryption component, a decryption component, a read-only memory component, a nonvolatile read-write memory, a group of cycle counters and a special matched write-in device unique to a production factory. A common form of such an electronic device is an integrated circuit chip, also called an encryption/decryption chip. It is preferable that: the sign conversion component used by the encryption component and the decryption component is a reconfigurable multi-value logic operation component.

The encryption unit includes:

an encryptor f: before the encryption process begins each time, setting an encryptor f by using an encryptor reconstruction code which is randomly extracted, so that the f has a specific encryption rule; f, carrying out multi-value logic operation on the current encryption key Y (i) and the current plaintext segment p (i) to generate a current encrypted segment p' (i), and finishing encryption.

Encryption key derivation device F: before encryption begins, setting F by using a randomly extracted key derivation device reconstruction code, and enabling the F to have a specific key derivation rule; f, carrying out multi-value logic operation on the current encryption key Y (i) and the current plaintext segment p (i) to generate an encryption key Y (i +1) for encrypting the next plaintext segment.

Preferably: both the encryptor F and the encryption key derivation device F use a reconfigurable multivalued logic operation section as a symbol conversion section. Accordingly, the encryptor reconstruction code and the encryption key derivation device reconstruction code are reconstruction codes of the reconfigurable multivalue logic operation part. Since the reconstruction codes of the encryptors are different from the reconstruction codes of the key derivations, it is determined that F and F are configured by different reconstruction codes, so that the two are multivalued logic operators with different operation rules, and further it is determined that the current cryptographic section p' (i) is different from the derived encryption key Y (i + 1).

The decryption component comprises:

a decryptor f': before decryption begins each time, setting a decryptor f 'by using a decryptor reconstruction code matched with an encryptor reconstruction code of an opposite end to enable the f' to have a specific decryption rule; f ' decrypts the current encrypted text segment p ' (i) by using the current decryption key Y ' (i) to obtain a decrypted plaintext segment p (i).

Decryption key derivation device F': before the decryption begins each time, a key derivation device reconstruction code selected by an opposite-end encryptor is used for setting F 'so that the F' has the same key derivation rule as the F; f ' processes the decrypted current plaintext segment p (i) and the current decryption key Y ' (i) to generate a decryption key Y ' (i +1) for decrypting the next ciphertext segment.

Preferably: the decryptor F 'and the decryption key deriver F' both use a reconfigurable multivalued logic operation section as a symbol conversion section. Accordingly, the decryptor reconfiguration code and the decryption key derivation device reconfiguration code are both reconfiguration codes of the reconfigurable multivalue logic operation part. In the paired encryptor and decryptor, F is the same as F ', Y (0) is the same as Y ' (0), and the encrypted plaintext segment and the decrypted plaintext segment are the same, and are both p (i), and the derived keys Y (i +1) and Y ' (i +1) are determined to be the same.

Work registers attached to encryption component and decryption component

The encryption unit is accompanied by a plurality of working registers, including: the encryptor f is attached with: a first encryption input register (Rfy) for storing a current key; a second encryption input register (Rfm) for storing the current plaintext segment; and the encryption output register (CRf) is used for storing and outputting the current encrypted text segment. The encryption key derivation device F is accompanied by: a first encryption key derivation input Register (RFY) for storing a current key; a second encryption key derivation input register (RFm) for storing the current plaintext segment; and an encryption key derivation output register (CRF) for storing and outputting the key for encrypting the next plaintext segment.

Correspondingly, the decryption component is also accompanied with some working registers, including: the decryptor f' is attached with: a first decryption input register (Rf' y) for storing a current key; a second decryption input register (Rf'm) for storing a current cryptographic segment; a decryption output register (CRf') for storing the decrypted current plaintext segment; the decryption key derivation device F' is accompanied by: a first decryption derivation input register (RF' Y) for storing a current key; a second decryption derivative input register (RF'm) for storing the plaintext segment after the current ciphertext segment is decrypted; a decryption derived output register (CRF') for storing a key for decrypting the next encrypted segment.

Reconstruction register of encrypted component and decrypted component

Each bit of the encryptor F, each bit of the decryptor F ', and each bit of the key derivers F and F' are provided with a reconstruction register, and the reconstruction registers of the ith bit of the encryptor F, the decryptor F 'and the key derivers F and F' are respectively marked as: cgf (i), Cgf '(i), cgf (i), and CgF' (i). And writing reconstruction codes into the reconstruction registers, and modifying the multi-value logic operation rule of the corresponding symbol converter bits.

The read-only memory component:

for saving one control program of a few KB and generalized key source data GYY of about 10 MB. GYY is a plurality of encryptor reconstruction code and decryptor reconstruction code pairs, a plurality of key derivation device reconstruction codes, and a plurality of preset keys Y (0) stored in the encryption/decryption electronic device. The read-only memory component can only be written once by a factory with a special device. The read-only memory part has no channel for reading data from the electronic device, so the stored program and GYY can never be read out from the electronic device, but the program and GYY can be used inside the electronic device an unlimited number of times. The read-only memory component includes a plurality of memory areas, including: the device comprises a control program storage area, an encryptor reconstruction code storage area, a decryptor reconstruction code storage area, a key derivation device reconstruction code storage area and a preset key storage area.

Sixthly, generalized key source data GYY:

each encryption/decryption electronic device is written with a set of generalized key source data GYY by a manufacturer using a special writing device before shipment. Each GYY value is a combination of an encryptor reconstruction code and corresponding decoder reconstruction code pair, a key derivation device reconstruction code, and a predetermined key, so that each GYY value determines a rule and key used for an encryption/decryption operation. Because the GYY used by the encryption side and the decryption side must be the same, the information encryption communication system can be formed only when the GYY written by at least two electronic devices and the serial number of the GYY are completely the same. If GYY with identical sequence number and content is written into multiple encryption/decryption chips, the chips will decrypt the transmitted ciphertext at the same time to form a communication system with open group information.

The special writing device is only arranged in a chip product factory and does not belong to accessories of the chip. Each encryption/decryption chip must be written with the writing device by the manufacturer with a dedicated program and a set of GYY values randomly selected from all possible GYY values before becoming a usable product. The writing apparatus includes: a first writer for writing the plurality of encryptor reconstruction codes selected at random into an encryptor reconstruction code storage area of the read-only memory section; the second burner is used for writing the reconstruction codes of the decryptors matched with the reconstruction codes of each encryptor into a reconstruction code storage area of the decryptor of the read-only storage component; the third burner is used for writing the randomly selected plurality of key derivation device reconstruction codes into a derivation device reconstruction code storage area of the read-only storage component; and the fourth burner is used for writing the plurality of preset keys selected randomly into the preset key storage area of the read-only storage component.

Secure component and decryption component are in a peer-to-peer relationship

The opposite-end relationship here means: a matching technology and a component for encrypting a plaintext to be encrypted and decrypting a ciphertext corresponding to the plaintext. When the encryption and decryption chips are applied to two ends of a channel to carry out information encryption and decryption communication, the encryption part is a part which is used for encrypting a plaintext and generating a ciphertext in the encryption and decryption chip at one end, and the decryption part at the other end is a part which is used for decrypting the ciphertext in the encryption and decryption chip at the other end. Specifically, as shown in fig. 7, the encryption component a in the encryption/decryption chip a and the decryption component B in the encryption/decryption chip B are opposite to each other, and the decryption component a 'in the encryption/decryption chip a and the encryption component B' in the encryption/decryption chip B are opposite to each other.

And a reserved number and a reserved code

The encryption component is provided with three independent cycle counters which respectively count different symbol arrangements appointed in a plaintext or a ciphertext, the statistical values obtained when the communication is finished are respectively a first reduced number, a second reduced number and a third reduced number, and the three reduced numbers are sequentially connected to form a code which is convenient to store and transmit and is called a reservation code. Since a certain symbol sequence appears in the plaintext or the ciphertext and has uniform probability randomness, all the three reserved numbers have randomness, and therefore, the reserved codes are also random numbers.

Effect of the expected number: creating conditions for randomly selecting generalized key source data GYY in the next communication process, specifically: after the communication is finished, the encryption component immediately extracts an encryptor reconstruction code from the read-only storage component according to the first reduced number, and sets the multi-value logic operation function of the encryptor f by using the reconstruction code; the decryption component also extracts a decryptor reconstruction code matched with the encryptor reconstruction code from the read-only storage component according to the first reduced number, and sets the multi-valued logic operation function of the decryptor f' by using the decoder reconstruction code; the encryption component and the decryption component extract the same key derivation device reconstruction code from the read-only memory component according to a second reduced number, and set the multi-value logic operation functions of the encryption key derivation device F and the decryption key derivation device F' by using the reconstruction code; the encryption unit and the decryption unit extract the same predetermined key Y (0) from the rom according to the third predetermined number. Therefore, preparation is made for next communication, the GYY used in the communication is flushed, and the possibility of obtaining the generalized key of the communication later is eliminated.

The reservation process comprises the following steps: when the encryptor receives the communication information completion command, immediately forming the three reservation groups into reservation codes, storing the reservation codes in a reservation code register and sending the reservation codes to the decryption end; the decryption end stores the received appointment code into an appointment code register of the local end and sends the appointment code back to the encryption end; the encryption terminal compares the received loopback reservation code with the stored reservation code, if the two are the same, the reservation is successful, and an instruction for terminating the communication process is sent out to complete the communication; if the two are not the same, the reservation code is sent out again, the loopback reservation code is waited to be received again, and if the continuous multiple reservations are unsuccessful, a line fault alarm is sent out.

The reservation code may also be generated by the decryptor and the decryptor initiates the reservation process; the reservation code can also be generated by the encryptor and the decryptor respectively, and the reservation process is initiated by the command end which receives the communication information firstly.

3. The invention provides a computer software structure for realizing the encryption and decryption method

The encryption and decryption computer software structure comprises: the system comprises an encryption software module, a decryption software module, a configuration file, a plurality of cycle count variables and a special writing program owned by a manufacturer. Preferably: the sign conversion rules used in the encryption software module and the decryption software module are reconfigurable multi-value logic operation rules.

The method comprises the following steps of:

the method comprises the following steps: encrypted program segment Rf: before each encryption process is started, an encryption rule of the encryption program segment Rf is set by using a randomly extracted encryptor reconstruction code, and the encryption program segment encrypts the current plaintext segment P (i) by using the current encryption key to obtain the corresponding current ciphertext segment P' (i).

Encryption key derivation procedure segment RF: before each encryption process, a randomly extracted key derivation device reconfiguration code is used to set the key derivation rule of the encryption key derivation program segment RF, and the encryption key derivation program segment processes the current plaintext segment p (i) and the current encryption key Y (i) to generate an encryption key Y (i +1) for encrypting the next plaintext segment.

Preferably: the reconfigurable multi-value logic operation rule is used as a symbol transformation rule in the encryption program section rF and the encryption key derivation program section rF. Accordingly, the encryptor reconstruction code and the encryption key derivation device reconstruction code are reconstruction codes of a reconfigurable multivalued logic operation rule.

Secondly, the software module is decrypted:

the method comprises the following steps: decryption program segment Rf': before each decryption process is started, a decryption rule of the decryption program segment Rf 'is set by a decryptor reconstruction code paired with the encryptor reconstruction code, and the Rf' decrypts the current encrypted segment P '(i) by using the current decryption key Y' (i) to obtain a corresponding decrypted plaintext segment P (i).

Decryption key derivation procedure segment RF': before each decryption process, the current key derivation rule of the decryption key derivation program segment RF 'is set by using the selected encryption key derivation device reconstruction code, and the current decrypted plaintext segment P (i) and the current decryption key Y' (i) are processed by the RF 'to generate a decryption key Y' (i +1) for decrypting the next ciphertext segment.

Preferably: both the decryption program segment rF 'and the decryption key derivation program segment rF' use a reconfigurable multivalued logic operation rule as a symbol conversion rule. Accordingly, the decryptor reconfiguration code and the decryption key derivation reconfiguration code are both reconfiguration codes of a reconfigurable multivalue logic operation rule.

A configuration file:

the configuration file stores generalized key source data GYY and reservation codes preset by corresponding encryption and decryption software, each encryption and decryption software has an exclusive configuration file, and the configuration files of any two different encryption and decryption software are different. The configuration file is divided into a plurality of file paragraphs, including: the device comprises an encryptor reconstruction code file paragraph, a decryptor reconstruction code file paragraph, a key derivation device reconstruction code file paragraph, a preset key file paragraph and a reservation code storage unit. The reservation code storage unit is read and rewritten by an encryption software module, other file sections are subjected to unique one-time assignment by special writing equipment of a product factory and a household, preset GYY is written in the configuration file, and then the encryption and decryption software has the functions of encrypting and decrypting various electronic documents.

Special writing software owned by fourth manufacturer

The method comprises the following steps: the first writing module is used for writing the randomly selected multiple encryptor reconstruction codes into an encryptor reconstruction code file paragraph; the second writing-in module is used for writing the reconstruction codes of the decryptors matched with the reconstruction codes of the encryptors into the reconstruction code file paragraphs of the decryptors; a third writing segment, configured to write a plurality of randomly selected key derivation device reconstruction codes into a derivation device reconstruction code file segment; and a fourth writing section for writing the plurality of preset keys selected at random into the preset key file section.

Fifthly, a plurality of circulation counting variables and reservation code storage units:

before the encryption process is started each time, the encryption software module reads out the reservation code used in the encryption from the reservation code storage unit of the configuration file. Each cycle counting variable respectively takes a corresponding reduced number in the reserved code used at this time as an initial value, each cycle counting variable counts one symbol permutation in the plaintext encrypted at this time, and different cycle counting variables count different symbol permutations; and the final result of each cycle counting variable is a corresponding new reserved number, all the new reserved numbers form a new reserved code, and the new reserved code is stored in a reserved code storage unit and is read when the encryption software module works next time.

Sixthly, setting a process of an encryption software module: reading a reservation code used by encryption at this time from a reservation code storage unit of a configuration file, and separating a first reservation number, a second reservation number and a third reservation number from the reservation code; then writing the reserved code used this time into the starting position of the ciphertext file; setting each reserved number as an initial value of a corresponding cycle counting variable; extracting a corresponding cipher reconstruction code from the cipher reconstruction code file paragraph according to the first reduced number, and writing the cipher reconstruction code into a cipher reconstruction register RCgf (i) so as to set a current symbol transformation rule of the encryption program segment Rf; extracting a corresponding key derivation device reconstruction code from the key derivation device reconstruction code file segment according to a second reduced number used at this time, and writing the key derivation device reconstruction code into an encryption key derivation reconstruction code register rcgf (i), thereby setting a current symbol transformation rule of an encryption key derivation program segment RF; and extracting a corresponding preset key from the preset key file paragraph according to the third reduced number used at this time, and setting the preset key as an encrypted preset key Y (0) used at this time.

Decryption software module setup procedure: reading out a reserved code used for decryption at this time from the starting position of a ciphertext file, and separating a first reserved number, a second reserved number and a third reserved number from the reserved code; extracting a corresponding decryptor reconstruction code from the decryptor reconstruction code file segment according to the first reduced number, and writing the decryptor reconstruction code into a decryptor reconstruction code register RCgf '(i), thereby setting a current symbol transformation rule of a decryption program segment Rf'; extracting a corresponding key derivation device reconstruction code from the key derivation device reconstruction code file segment according to a second reduced number, and writing the key derivation device reconstruction code into a decryption key derivation device reconstruction code register RCgF '(i), thereby setting a current symbol transformation rule of a decryption key derivation program segment RF'; and extracting a corresponding preset key from the preset key file paragraph of the configuration file according to the third preset number, and setting the preset key as a decryption preset key Y' (0) used at this time.

The technical scheme of the invention has the beneficial effects that: the reconfigurable multi-value logic operation component can be used for deriving a plurality of selectable keys with obvious random characteristics, which are not shorter than a plaintext, and the practical and feasible one-time pad stream cipher technology is realized according to the plurality of selectable keys, the automatic execution capacity of a computer and fewer storage units. Specifically, by using the reconfigurable multi-value logic operation part, not only can the preset key be derived to generate a plurality of different actual keys, so that the dependence of the randomness of the actual keys on the randomness of the preset keys is expanded to be simultaneously dependent on the randomness of the preset keys and the randomness of functions of a multi-value logic operator, but also the reconfigurable multi-value logic operator can be adopted to form an encryptor, a decryptor and a derived key device, so that the same key can generate a plurality of ciphertexts for the same plaintext, and the effect is equivalent to further increasing the randomness of the actual keys.

The application scenario provided by the technology of the present invention may be an encryption system for real-time communication, or an encryption system for stored or transmitted electronic files, and the method and the application scenario for implementing the technology of the present invention will be described with reference to the embodiments.

Drawings

FIG. 1 is a schematic flow diagram of an encryption process;

FIG. 2 is a flow chart illustrating a decryption process;

FIG. 3 is a schematic flow chart of setting the cipher reconstruction codes and the decryptor reconstruction codes;

FIG. 4 is a schematic flow chart of setting a key derivation device reconfiguration code;

FIG. 5 is a schematic diagram illustrating a process of setting a default key;

FIG. 6 is a schematic diagram of an encryption/decryption apparatus;

fig. 7 is a schematic diagram of an encrypted communication system.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, but the present invention is not limited thereto. It is obvious that the described embodiments are only some of the embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.

Embodiment 1. the invention provides an encryption and decryption method

A detailed description is given of an encryption and decryption method described in the summary of the invention with reference to fig. 1, fig. 2, fig. 3, fig. 4, and fig. 5:

as shown in fig. 1, the encryption process includes step a1 and step a2 described in the inventive content section. As shown in fig. 2, the decryption process includes step B1 and step B2 described in the inventive content section.

The specific description of the encryption process and the decryption process is as follows: setting the final length of the plaintext as n symbols, wherein the length of the plaintext can be given in advance or can be continuously added; dividing the obtained plaintext into a plurality of plaintext segments in sequence by taking m symbols as units, wherein i is 0, 1,2, 3 … … (n/m-1), and if the last plaintext segment is less than m bits, complementing the plaintext segment by 0; before a plaintext is encrypted, randomly selecting a preset key Y (0) used for encryption from a plurality of preset keys; simultaneously, randomly selecting an encryption part reconstruction code used in the encryption from a plurality of preset encryption part reconstruction codes, setting an encryption part f by using the selected encryption part reconstruction code, forming a specific encryption rule used in the encryption process of the plaintext, wherein f is unchanged when all plaintext segments p (i) are encrypted at this time; randomly selecting a reconstruction code of a key derivation part used in the current encryption from a plurality of preset key derivation part reconstruction codes, setting an encryption key derivation part F by using the selected key derivation part reconstruction code, and forming a specific encryption key derivation rule used in the current encryption process, wherein the F is unchanged in the current encryption process; f, encrypting the current plaintext segment p (i) by using the current encryption key Y (i) to obtain a ciphertext segment p' (i); f, processing the current plaintext segment p (i) and the current encryption key Y (i) to generate an encryption key Y (i +1) for encrypting the next plaintext segment; the next plaintext segment p (i +1) is encrypted with f and Y (i +1) to obtain a ciphertext segment p' (i + 1). Obviously, there are as many ciphertext fragments as there are plaintext fragments.

Accordingly, before the decryption process starts, the encrypted preset key Y (0) is used as the decrypted preset key Y' (0); setting a decryption component f ' by using a decryption component reconstruction code matched with the encryption component reconstruction code, forming a specific decryption rule used in the decryption process, wherein f ' is unchanged when all the encrypted text segments p ' (i) are decrypted at this time; setting a decryption key derivation part F 'by using the selected encryption key derivation part reconstruction code to form a decryption key derivation rule used in the decryption process, wherein the F' is unchanged in the decryption process; f ', using the current decryption key Y ' (i) to decrypt the current encrypted text segment p ' (i) to obtain a decrypted current plaintext segment p (i); f ' processes the decrypted current plaintext segment p (i) and the current decryption key Y ' (i) to generate a decryption key Y ' (i +1) for decrypting the next ciphertext segment; and decrypting the next encrypted text segment p ' (i +1) by using f ' and Y ' (i +1) to obtain the next decrypted text segment p (i + 1).

Since F is the same as F ', Y (0) is the same as Y ' (0), and the plaintext segment is the same as the corresponding decrypted plaintext segment, each encrypted derivative key Y (i) is also the same as the corresponding decrypted derivative key Y ' (i).

That is to say, a complete encryption and decryption process, no matter how long the plaintext is, only one encryption component reconstruction code, one decryption component reconstruction code, one preset key and one key derivation component reconstruction code are selected, and accordingly one encryption rule, one decryption rule and one key derivation rule are adopted, so that encryption of all plaintext segments and decryption of all ciphertext segments can be completed.

In a preferred embodiment of the present invention, as shown in fig. 3, the method further includes a process of randomly selecting a reconstruction code of an encryption component (f) and a reconstruction code of a corresponding decryption component (f') for one encryption and decryption process, specifically including two steps before and after: the first step is step C1 described in the summary of the invention section, and the second step is step C2 described in the summary of the invention section; as shown in fig. 4, the method further includes a process of randomly selecting a reconstruction code of a key derivation component (F and F') for a one-time encryption and decryption process, and specifically includes two steps before and after: the first step is step D1 described in the summary of the invention section, and the second step is step D2 described in the summary of the invention section; as shown in fig. 5, the method further includes a process of randomly selecting a preset key Y (0) for one encryption and decryption process, specifically including two steps: the first step is step E1 described in the summary of the invention section and the second step is step E2 described in the summary of the invention section.

It is to be noted that: step C1, step D1 and step E1 are performed only once by the manufacturer before each specific entity (e.g., encryption/decryption chip, encryption/decryption computer software) implementing the encryption/decryption method is put into use, and no 2 nd time is performed. Step C2, step D2, and step E2 are automatically performed by the encrypted/decrypted physical object once each time the encrypted/decrypted physical object is used.

When step C1 is executed, a pair is selected from the massive number of reconstruction codes of the encryption component and the decryption component that is paired with the massive number of reconstruction codes of the encryption component according to the randomly generated first random number, the selected reconstruction codes of the encryption component and the decryption component are deleted from the massive number of reconstruction code sequences, and the pairing is repeatedly executed for a plurality of times, so that a plurality of pairs of reconstruction codes of the encryption component and the decryption component can be obtained. When step D1 is executed, a key derivation part reconstruction code is selected from the massive key derivation part reconstruction code sequences according to the randomly generated second random number, the selected key derivation part reconstruction code is deleted from the key derivation part reconstruction code sequences, and multiple times of execution are repeated, so that multiple key derivation part reconstruction codes can be obtained. And step E1, selecting a preset key from the key sequence according to the randomly generated third random number, deleting the selected preset key from the key sequence, and repeating the steps to obtain a plurality of preset keys.

When step C2 is executed, one encryption component reconstruction code and decryption component reconstruction code pair used this time are extracted from the plurality of encryption component reconstruction code and decryption component reconstruction code pairs selected in step C1, according to the 1 st reserved number in the reserved code used this time for encryption and decryption, for example, the reserved number may be the middle several digits of the reserved code; and using the reconstruction code of the encryption part in the pairing pair to configure the encryption part, and using the reconstruction code of the decryption part to configure the decryption part. When step D2 is executed, extracting a key-derived part reconstruction code to be used this time from the plurality of key-derived part reconstruction codes selected in step D1, based on the 2 nd reserved number of the reserved codes to be used this time for encryption and decryption, for example, the reserved number may be the lower order of the reserved codes; and using the key derivation part reconstruction code to configure the key derivation part. In step E2, the preset key Y (0) used this time is extracted from the plurality of preset keys selected in step E1 according to the 3 rd reserved number in the reserved code used this time for encryption and decryption, for example, the reserved number may be the upper bits of the reserved code.

And the step C, the step D and the step E are not in sequence.

In a preferred embodiment of the present invention, the method further includes a process of generating a reservation code, specifically including: counting a plurality of symbol sequences in the plaintext to be encrypted or decrypted by taking the reserved code used at this time as an initial value, wherein each counting value is a reserved number; all the reserved numbers are connected into a reserved code used next time.

Embodiment 2. an integrated circuit chip structure for implementing the encryption and decryption method

For convenience of description, in embodiment 2, 64-bit binary data is used as the lengths of the plaintext segment and the ciphertext segment, and since two-bit binary data is one-bit four-value data, 64-bit binary data is also 32-bit four-value data. In example 2, 32-bit four-valued logic operators are used as the encryptor F, the decryptor and the F 'key deriver F and F', but this should not prevent the patent from covering the interception of the plaintext segment and the ciphertext segment with binary data lengths of other bits, and should not prevent the patent from covering the use of other multi-valued logic operators, including the mixed use of multiple multi-valued logic operators as exclusive rights of the same encryption and decryption techniques of the encryptor, the decryptor and the key deriver.

The internal logic structure of the chip of this embodiment is shown in fig. 6, and includes three major parts, namely an encryption unit, a decryption unit, and a read-only memory unit, and the setting process is described as follows.

Pin arrangement for a chip

The chip of this embodiment can establish 12 pins, and function and denotation are respectively: the device comprises a plaintext serial input pin Xmin, a ciphertext serial output pin XMout, a ciphertext serial input pin XMin, a plaintext serial output pin Xmout, a sending control pin Ksend, a sending state pin Ssend, a receiving control pin Krece, a receiving state pin Srece, a Clock input pin Clock, a pre-write pin Yin, a power supply Vcc and a ground level pin.

When Yin is high level, Xmin forms generalized key source data GYY and a microprogram serial write-in port, an XMin pin is applied with a 64-frequency division Clock of Clock, the XMin and the Clock form a chip operation control Clock, and Ksend and Krece pins form a control instruction input port for internal operation of the chip, which are used for writing preset generalized key source data GYY and microprogram into a read-only memory in the chip; when Yin is low, each pin resumes the marking function.

A symbol transducer arrangement

A32-bit 4-valued logic operator is provided as an encryptor f, with two 64-bit input registers RfY and Rfm, and a 64-bit output register CRf. And (f) after a key Y (i) is put into RfY and Rfm is put into the current plaintext segment p (i), the current segment p' (i) of the ciphertext M is output and stored into the CRf.

A32-bit 4-value logic device is set as an operation decryptor f ', f' and f with the sign conversion function opposite to that of f, wherein f 'is provided with two 64-bit input registers Rf' Y and Rf'm and a 64-bit output register CRf'. And a current secret key Y (i) is put into Rf ' Y, after Rf'm is put into a current secret text segment p ' (i), f ' outputs the current segment p (i) of the decrypted plaintext m and stores the current segment p (i) into CRf '.

A 32-bit 4-valued logic operator is provided as encryption key derivation F with two 64-bit input registers RFY and RFm, and a 64-bit output register CRF. After RFY is put in current key Y (i), RFm is put in current text segment p (i), F outputs the next derivative key Y (i +1) of the encryption unit and stores it in its CRF.

A32-bit 4-valued logic operator is provided as decryption key derivation device F ', F ' having the same function as F, with two 64-bit input registers RF ' Y and RF'm, and a 64-bit output register CRF '. After RF ' Y is put in current key Y (i), RF'm is put in current decrypted plaintext segment p (i), F ' outputs the next derivative key Y ' (i +1) of the decryption component and stores it in its CRF '.

Third, reconfiguration register setting

Each bit F (i) and F' (i) of (a) is provided with a 32-bit reconstruction register, respectively labeled: rf (i), Rf '(i), RF (i), and RF' (i). Writing a reconstruction code to these 4 registers may modify the 4-value logic operation rules for the corresponding symbol transformer bits.

Fourth generalized key source data GYY storage area setting

1024Y (0) memory areas of 64 bits are set. Each memory cell hides a 64-bit preset key Y (0). Y (0) can only be input to RfY, Rf 'Y, RFY, and RF' Y through the internal data bus.

Two storage areas are set: F-F 'memory regions and F-F' memory regions, each having 1024 rows of 32 64-bit memory cells. Wherein, the first 32 bits of the f-f ' memory cell store a reconstruction code of f (i), the second 32 bits store a reconstruction code of f ' (i), and 32 64-bit memory cells of each row can only be sequentially transmitted to Rf (i) and Rf ' (i) as a whole through the chip internal data bus, wherein i is 1,2, … …, 32; the first 32 bits of the F-F ' memory cell store a reconstruction code of F (i), the second 32 bits store a reconstruction code of F ' (i), and 32 64-bit memory cells of each row can only be sequentially transmitted to RF (i) and RF ' (i) through the chip internal data bus as a whole, where i is 1,2, … …, 32.

Fifthly reserved number counter and reserved code register setting

Three 10-bit reserved number cycle counters Jm1, Jm01 and Jm11 are provided, and the number of 100 values, 01 values and 101 values in plaintext data input by an Xmin pin are counted respectively to form three reserved numbers.

A30-bit reservation code register Rm is set, and after each encryption operation is finished, the value of Jm1, Jm01 and Jm11 are connected to form a random reservation code to be stored in the Rm.

Sixthly, setting other registers

Each pin is provided with a pin data register with a value of the real-time state of the corresponding pin so as to resist the influence of external high-frequency interference on the pin signals.

The Xmin and Xmin pins each have a "1-bit in 64-bit out" serial to parallel data shift register. The serial input end of a shift register in the encryption component is connected with an Xmin pin, and the parallel output end of the shift register is connected with the registers Rfm and RFm; the serial input end of the shift register in the decryption component is connected with the XMin pin, and the parallel output end of the shift register in the decryption component is connected with the Rf'm.

The Xmout and XMout pins each have a "64-bit input 1-bit output" parallel to serial data shift register. The parallel input end of the shift register in the encryption component is connected with the register CRf, and the serial output end of the shift register in the encryption component is connected with the XMout pin; the parallel input end of the shift register in the decryption component is connected with the register CRf', and the serial output end of the shift register is connected with the Xmout pin.

Chip internal data bus setup:

a 64-bit bus buffer for controlling the read and write operations of the internal memory; a 17-bit address decoder for controlling the addressing of the internal 128M memory addresses.

Micro program run settings:

a 64-bit microinstruction decoder, a 64-bit microinstruction register, and an 11-bit microprogram counter PC.

The self-sustaining pre-written generalized key source data GYY and the micro-instruction program:

and inserting a pair of encryption and decryption chips into a socket of the special writing device, wherein a Yin pin of the pair of chips is connected with a high level, and the chips are set to be in a state of writing generalized key source data GYY or a microprogram. At this time, the counters Jm1 and Jm01 are connected into a 20-bit counter to count the Clock signal of the XMin pin, the XMin pin Clock is the frequency division of 64 of the Clock pin, and the low 17-bit real-time value of the 20-bit counter is output to a 17-bit internal memory address decoder to form an automatic addressing mechanism for the internal memory; the Xmin pin and the serial-to-parallel shift register thereof form a write-in data channel under the control of a Clock; the Ksend and Krece pins form the write target control: when Ksend is Krece equal to 00, the data written into the data channel is given to a 20-bit counter to form a memory write initial address, when Ksend is Krece equal to 11, the data written into the data channel is given to a 64-bit bus buffer, and other codes of Ksend and Krece are reserved; when the initial value of the 20-bit counter is set to 00000H, the micro instruction program should be written from the first micro instruction; when the initial value of the 20-bit counter is 00800H, the Y (0) value should be written; when the initial value of the 20-bit counter is set to 00C00H, 1024 f and f ' reconstructed codes of bits f (i) and f ' (i) are written one by one, the reconstructed code of f (i) is 0-31 bits, and the reconstructed code of f ' (i) is 32-63 bits; the reconstruction codes of consecutive 32 addresses constitute a 32-bit f and a counterpart 32-bit f' reconstruction code. When the initial value of the 20-bit counter is set to 09000H, 1024 reconstruction codes of F and F 'with bits F (i) and F' (i) are written one by one, the reconstruction code of F (i) is 0-31 bits, the reconstruction code of F '(i) is 32-63 bits, the data of 0-31 bits and 32-63 bits are the same, and the reconstruction codes of 32 continuous addresses form a reconstruction code of 32 bits F and 32 bits F'.

Generating example of true random number with uniform probability

The special writing device of the encryption and decryption chips is provided with a uniform probability true random number generator, and the writing device selects the reconstruction codes of f (i), f' (i) and F (i) and the value of Y (0) according to the true random number sent by the generator, so that the generalized key source data GYY hidden in each pair of encryption and decryption chips has uniform probability random characteristics. True random number generators have a variety of configurations, for example: 64 round sheets with uniform weight, 1 cm diameter, 1 mm thickness, one insulated surface and metal on the other surface freely fall from a height of 2 m, fall on a flat plate with 64 round sockets through random collision of a nail plate, the flat plate slightly vibrates, and each round socket falls into one round sheet. When the metal face of the wafer is down, the circuit in the socket is turned on, the socket outputs a low level, and when the insulating face of the wafer is down, the circuit in the socket is not turned on, the socket outputs a high level. Thus, each wafer is thrown to obtain a 64-bit true random number. A64-bit true random is obtained in about 5 seconds, and not less than 17000 64-bit true random numbers are obtained each day.

Random selection and preset-in chip of 1024 preset keys Y (0)

In the special writing device, comparing the 64-bit random number sent by the random number generator with the random number sent from the past one by one, if the newly sent random number is different from the random number stored in the first random number memory, writing the newly sent 64-bit random number as a selected preset key Y (0) into a Y (0) storage area of a chip GYY storage area, and storing the newly received 64-bit random number in the first random number memory of the special writing device according to the size sequence; if the newly sent random number is the same as a random number sent previously, the special writing equipment gives up the newly sent random number and receives the next 64-bit random number; until 1024 preset keys Y (0) are written to the current chip pair, the next pair of chips is processed instead.

Random selection and presetting of 1024 encryptors/decryptors paired reconstruction codes into chip

The reconstruction code of the multi-valued logic operator depends on the structure of the multi-valued logic operator, and when the four-valued logic operator given in the embodiment of multi-valued electronic operator and method (Chinese patent application No. 201811567284.7, PCT No. PCT/CN2019/070318) with a plurality of bits and capable of grouping and reconstructing is used, the reconstruction code of each four-valued logic operator is 4 sequential 8-bit row reconstruction codes, namely the reconstruction code of each four-valued logic operator is 32 bits, so that 32-bit encryptors, 32-bit decryptors and 32-bit key ciphers all need 32-bit memories to store one reconstruction code of the four-valued logic operators.

Considering that the reconstruction code of the encryptor and the reconstruction code of the decryptor are always used in a pair, the present embodiment uses a 64-bit storage unit to place the reconstruction code of the same bit of the pair of encryptor and decryptor, the reconstruction code of the encryptor is placed at bits 0-31, and the reconstruction code of the pair of decryptor is placed at bits 32-63. Thus, 32 consecutive 64-bit memories place the reconstructed code of a pair of 32-bit encryptors and decryptors.

In the special writing device, continuous 16 64-bit random numbers sent by the random number generator are connected together to form a 1024-bit random number, the 1024-bit random number is scanned from the highest bit to the lowest bit by taking 4 bits as a unit, reconstruction codes which are not suitable for the encryptor are replaced by specific reconstruction codes which are suitable for the encryptor to form sorted 1024-bit random numbers, and the reconstruction code replacement rule in the sorting process is related to the structure of the used four-value logic arithmetic unit and does not belong to the discussion range of the patent. Comparing the sorted new 1024-bit random number with all sorted 1024-bit random numbers stored in the 2 nd random number memory one by one; if the newly sent 1024-bit random number is different from the previously sent random number, the newly sent 1024-bit random number can be regarded as a reconstruction code of each bit of a 32-bit encryptor, and is stored into a2 nd random number memory of the special writing device according to the size sequence; simultaneously dividing the 1024-bit random number into 32-bit random numbers, wherein each 32-bit random number is temporarily placed to 0-31 bits of a 64-bit register of a1 st register group of the special writing equipment, and the 1 st register group has 32 64-bit registers; the 0-7 bits, 8-15 bits, 16-23 bits and 24-31 bits of each register are respectively a line reconstruction code of the encryptor; the paired decryptor row reconstruction codes of the 4 row reconstruction codes are respectively found out and correspondingly stored in the last 32 bits of the register. The 32 64-bit registers of the 1 st register set hold the reconstruction code of a 32-bit encryptor and decryptor pair; and taking the contents of the 32 64-bit registers of the 1 st register group as a selected encryptor/decryptor pair, and writing the contents into an f-f' storage area of a GYY storage area of a chip. If the new sent sorted 1024-bit random number is the same as the previous sorted 1024-bit random number in the 2 nd random number memory, the special writing device discards the new sent random number. The dedicated write device continues to receive the next 16 64-bit random numbers and repeats the above operations until the current chip pair is filled with 1024 paired encryptor/decryptor reconstruction codes.

Reference 1024 random selection and pre-loading of encryption/decryption key derivation device reconstruction codes into chip

Considering that the reconstruction code of the encryption key derivation device and the reconstruction code of the decryption key derivation device are always used simultaneously, the present embodiment also uses a 64-bit storage unit to place the reconstruction codes of the same bit of the encryption key derivation device and the corresponding decryption key derivation device, the reconstruction code of the encryption key derivation device is placed at bits 0-31, and the reconstruction code of the corresponding decryption key derivation device is placed at bits 32-63, and considering that the reconstruction codes of the two key derivation devices are the same, the contents of the first 32 bits and the second 32 bits of the storage unit are the same. Thus, 32 consecutive 64-bit memories place a pair of 32-bit key derivation reconstruction codes.

In the special writing device, continuous 16 random numbers with 64 bits sent by the random number generator are connected together to form a random number with 1024 bits, and all four-value logic operators are suitable to be used as key derivation devices, so that the random number with 1024 bits does not need to be sorted. Comparing the new 1024-bit random number with all 1024-bit random numbers stored in the 3 rd random number memory and sent from the previous time one by one; if the newly sent 1024-bit random number is different from the existing random number, the newly sent 1024-bit random number can be regarded as a reconstruction code of each bit of a 32-bit key derivation device, and is stored into a 3 rd random number memory of the special writing device according to the size sequence; simultaneously dividing the 1024-bit random number into 32-bit random numbers, wherein each 32-bit random number is temporarily placed to 0-31 bits of a 64-bit register of a2 nd register group of the special writing equipment, and the 2 nd register group has 32 64-bit registers; bits 0-7, bits 8-15, bits 16-23, and bits 24-31 of each register are each a row reconstruction code of the key derivation device; these 4 line reconstruction codes are copied to the last 32 bits of the register, respectively. The 32 64-bit registers of the 2 nd register set hold the reconstruction codes of the same two 32-bit key derivations; and writing the contents of the 32 64-bit registers of the 2 nd register group into an F-F' storage area of a GYY storage area of a chip as a pair of selected encryption key derivation devices/decryption key derivation devices. If the new 1024-bit random number is the same as the previous 1024-bit random number in the 3 rd random number memory, the special writing device gives up the new random number. The dedicated write device continues to receive the next 16 random numbers, repeating the above operations until the chip pair is full of 1024 encryption key derivation/decryption key derivation reconstruction codes.

Estimation of chip area for encryption and decryption

The approximate number of transistors required to construct the cryptographic chip given in example 2 can be estimated according to existing integrated circuit fabrication techniques.

The construction of a one-bit reconfigurable 4-value logic operator requires 44 binary logic gates, 8 1-out-of-8 devices and 4 8-bit reconfigurable registers (Rf (i) or Rf' (i) or Rf (i)) and requires approximately 500 transistors; so about 16000 transistors are needed to construct a 32-bit 4-valued logic operator; thus, approximately 64000 transistors are required to construct the 4 32-bit 4-value logic operators (i.e., F ', F, and F') contained by the encryption and decryption chip.

f. F ', F and F' each have 3 64-bit input-output registers (RfY, Rfm, CRf, Rf 'Y, Rf'm, CRf ', RFY, RFm, CRF, RF' Y, RF'm and CRF'), which require approximately 2500 transistors to construct the 12 64-bit registers.

The encryption and decryption chip comprises three 10-bit random counters (Jm1, Jm01 and Jm11), a 30-bit reserved code register (Rm), four 64-bit serial-parallel conversion registers, a 64-bit bus buffer, a 17-bit address decoder, a 64-bit micro-instruction register, an 11-bit micro-program counter PC and ten-pin 1-bit data registers, and about 20000 transistors are needed for constructing the component.

The encryption and decryption chip comprises a 2048 × 64 bit microprogram memory, a 1024 row × 64 bit Y (0) storage area, two 1024 row × 32 column × 64 bit two-dimensional storage areas (F-F 'and F-F'), and the 64 bit memory with 67K is about 1.8 × 10⁷A transistor.

It can be estimated that about 1.809 x 10 is required to construct an encryption/decryption chip⁷A transistor. Expanding the margin of 200%, and constructing a 5.5 × 10 chip for encryption and decryption⁷A transistor.

At present, a chip of 1.5 x 10 can be manufactured by using a 16-micron integrated circuit process per square centimeter¹¹More than 2 thousand and 7 hundred encryption and decryption chips can be manufactured on each transistor, namely a chip with 1 parallel centimeter.

Embodiment 3. computer software for implementing said encryption and decryption method

The computer software provided in embodiment 3 is mainly used to encrypt various binary data files, and for convenience of discussion, in this embodiment, 128-bit binary data is used as a segment length to segment a plaintext file to be encrypted or a ciphertext file to be decrypted, so the preset key rY (0) and the derivative key rY (i) in this embodiment are both 128-bit binary data. To embody the mixed use of different multi-valued logic operation rules to construct encryption transformation, decryption transformation and key derivation transformation, and facilitate discussion, the software of the present embodiment is arranged to include three identical mixed multi-valued logic operation units: 2 reconfigurable eight-value logic operators and 61 reconfigurable four-value logic operators. The 2 eight-valued logic operators are located in the first 6 bits, namely: the first reconfigurable eight-value logic operator processes data of No. 0, No. 1 and No. 2 bits, and the second reconfigurable eight-value logic operator processes data of No. 3, No. 4 and No. 5 bits; the data on the remaining bits are processed sequentially by 61 reconfigurable four-valued logic operators. The three mixed multivalued logic operation units are respectively used as an encryption transformation rF, a decryption transformation rF' and a key derivation transformation rF. However, this patent should not prevent the patent from covering the interception of the plaintext segment and the ciphertext segment with binary data lengths of other bits, and from covering the use of other multi-valued logic operation modules, including the mixed use of multiple multi-valued logic operation modules as exclusive rights of the same kind of encryption/decryption computer software for encryption transformation, decryption transformation and key derivation transformation.

The software of example 3 has three main modules: the device comprises an encryption module, a decryption module and a configuration file.

(1) Function of software major modules

An encryption module: corresponding to the encryption means in embodiment 2, includes an encryptor F, a key derivation device F, and associated registers. And the encryption module transforms the plaintext M into the ciphertext M by using encryption transformation rf according to the software generalized key source data rGYY. The rf has two 128-bit input variables rRfY and rRfm, and one 128-bit output variable rCRf, and the current secret key rY (i) is put into the rRfY, and after the rRfm is put into the current plaintext section, the rf outputs the current section of the ciphertext M to the rCRf. The key derivation transformation rF in the module has two 128-bit input variables rRFY and rRFm, and a 128-bit output variable rCRF, and the current key rY (i) is put into the rRFY, and after the rRFm is put into the current plain text section, the rF outputs the next derivation keys rY (i +1) to rCRF.

A decryption module: a decryption section corresponding to that in embodiment 2, comprising: decryptor F ', key deriver F' and associated registers. And the decryption module converts the ciphertext M into a plaintext M by using decryption transformation rf' according to the software generalized key source data rGYY. rf 'has two 128-bit input variables rRf' Y and rRf 'M, a 128-bit output variable rCRf', rRf 'Y is put in the current secret key ry (i), rRf' M is put in the current secret section, rf 'outputs the current section of the decrypted plaintext M to rCRf'. This module also uses rF to generate a new derivative key, but the value put into rfrm is the plaintext segment that the current ciphertext decrypts to.

Reconstructing code variables: each bit (rF (j), rF ' (j) and rF (j), j being 1,2, 3, … …, 63) of rF, rF ' and rF is assigned a bit reconstruction variable rRfj, rrrf ' j and rRfj, wherein the bit reconstruction variables of two eight-valued logical operators are rRf0 and rRf1, rRf ' 0 and rRf ' 1, rRf0 and rRf1, respectively, all of which have 144 bits, and the bit reconstruction variables of the remaining four-valued logical operators are 32 bits, so that there are 6 bits of 144 bit reconstruction variables and 3 × 61 is 183 bits of 32 bit reconstruction variables. And (3) writing reconstruction codes into the rRfj, the rRf' j and the rRFj, wherein the corresponding mixed multi-value logic operation unit has the operation rule set by the set of reconstruction codes.

Configuration files: corresponding to the read-only memory part in embodiment 2, comprising: a Y (0) storage area, an F-F 'storage area, an F-F' storage area and a reservation code register of the hidden generalized key source data GYY. The configuration file stores 1024 128-bit preset keys rY (0) by using a one-dimensional array rY0, and each array element is provided with an rY (0) value; the configuration file has three 1024 rows and 63 columns of two-dimensional arrays: the array comprises rF, rF' and rF arrays, each array comprises 64152 array units with 1024 × 63, the first two array units are 144 bits, the rest array units are 32 bits, the first two array units store software reconstruction codes with 8-value logic operation rules, and the rest array units store software reconstruction codes with 4-value logic operation rules. Then 1024Y (0), 1024 rF/rF' and 1024 rF are saved in the configuration file, corresponding to 1024³1073741824 software generalized key source data rGYY.

Loop count variable: to achieve one-time pad, true randomness of keys, correct derivation of rGYY at decryption, the encryption module has three 10-bit loop count variables rJm1, rJm01, and rJm11, which count the number of symbols in the plaintext (e.g., 001, 010, and 101), respectively, and the values of these three counters are then random. Three 10-bit read-write memory cells rRm1, rRm01, and rRm11 are provided in the configuration file, respectively. After each encryption operation, the encryption module stores current values of rJm1, rJm01, and rJm11 in rRm1, rRm01, and rRm11, respectively. When the encryption operation starts each time, the encryption module reads the values of rRm1, rRm01 and rRm11 into the counters rJm1, rJm01 and rJm11 as the initial counting values of the counters, selects the generalized key source data rGYY used in the encryption operation according to the three random numbers, and writes the three random numbers into the head of the corresponding ciphertext to ensure that the correct rGYY can be directly obtained when the ciphertext is decrypted in the future.

(2) And writing a group of software generalized key source data rGYY with true randomness into the configuration file.

Before the software is produced, 1024 rY (0) reconstructed codes, 1024 rF reconstructed codes, rF' reconstructed codes and 1024 rF reconstructed codes which are selected according to the true random number are written into the configuration file of the encryption and decryption software of each serial number by using special writing equipment. True random numbers are generated by random physical events or devices with uniform probability. An example of the write operation is the same as the method for preparing the generalized key source data for the encryption/decryption chip in embodiment 2, and is not described again.

(3) Encryption operations

And (3) opening an encryption module of the encryption and decryption software, giving the file name of the plaintext according to the prompt (the format of the plaintext is not limited), and immediately operating the encryption module. The current values of rRm1, rRm01, and rRm11 are first read from the configuration file and fed into counters rJm1, rJm01, and rJm11, respectively, as initial count values for the respective counters. The following operations are then carried out:

preparing rGYY: copying a preset key rY (0) stored in the rRm1 th array unit of an rY0 array in a configuration file into two input variables rRfY and rRFY, and preparing the currently used preset key rY (0); taking the value of rRm01 as the row serial number of the rf array, copying the reconstruction codes rRf (ij) (i is the value of rRm 01) of each bit of the encryption transformation stored in each unit in the array row into the bit reconstruction variables rRfj of each bit of the rf, and preparing the current encryption transformation rf; the value rRm11 is used as the row number of the rF array, and the reconstructed codes rrf (ij) (i rRm 11) of the bits of the key derivation transform stored in each cell of the array row are copied to the bit reconstruction variables rRFj of the bits of the rF array, and the key derivation transform rF array is prepared.

rRm1, rRm01 and rRm11 write the starting position of the ciphertext file to form the reservation code of the decryption operation selection rGYY.

And sending the current segment of the plaintext m into variables rRfm and rRFm.

Rf generates the current section of the ciphertext and sends the current section into a variable rCRf; rF generates a new derived key and feeds it into the variable crf.

The rCRf content is connected to the back of the ciphertext; the contents of rCRF are fed into variables rRfY and rRFY.

Sixthly, repeating the third step, the fourth step and the fifth step until the encryption of all the plaintext is completed. If the last segment of the plaintext is less than 128 bits, 0 is padded behind the plaintext to make the segment reach 128 bits.

Seventhly, in the encryption process, three counters rJm1, rJm01 and rJm11 respectively count the number of specific symbol sequences in the current plaintext segment until the plaintext is completely encrypted. The final values of rJm1, rJm01, and rJm11 are then written to the rRm1, rRm01, and rRm11 storage cells of the configuration file.

And storing the ciphertext file into the same folder of the plaintext, wherein the name of the ciphertext file takes JYM (or JYM) as a suffix, and the name of the plaintext file and the suffix thereof as the name of the ciphertext file.

Ninthly, the encryption operation is finished.

(4) Decryption operations

And opening a decryption module of the encryption and decryption software, giving out the file name of the ciphertext according to the prompt, and enabling the decryption module to work immediately. The rRm1, rRm01, and rRm11 values saved when the ciphertext was generated are first read from the beginning of the ciphertext, and then the following operations are performed:

preparing rGYY: copying a preset key rY (0) stored in the rRm1 th array unit of an rY0 array in a configuration file into two input variables rRf' Y and rRFY, and preparing the currently used preset key rY (0); taking the value of rRm01 as the row sequence number of an rf ' array, copying a reconstructed code rRf ' (ij) (i is rRm 01) of each decryption transformation bit stored in each unit in the array row into a bit reconstruction variable rRf ' j of each rf ' bit, and preparing the current decryption transformation rf '; using the value of rRm11 as the row number of the rF array, copying the reconstruction code rrf (ij) (i is rRm 11) of each bit of the key derivation transformation stored in each unit of the array row into the bit reconstruction variable rRFj of each bit of the rF array, and preparing the key derivation transformation rF array;

sending the current segment of the ciphertext M into a variable rRf' M;

thirdly, rf 'generates the current section of the plaintext m and sends the current section into a variable rCRf';

rCRf' content is connected to the end of the decrypted plaintext file and sent to variable rRFm;

fifthly, rF generates a new derived key and sends the new derived key to a variable rCRF;

sixthly, sending the content of rCRF into variables rRf' Y and rRFY;

seventhly, repeating the steps from the step two to the step six in sequence until all the ciphertext is decrypted;

deleting 0 at the tail of the plaintext to form a decrypted plaintext file;

ninthly, storing the plaintext file into the same folder of the ciphertext, wherein the file name of the decrypted plaintext is as follows: JYM- (or JYM-) mark is added in front of the file name of the ciphertext, and the suffix JYM is removed;

the decryption operation in the r is finished.

Embodiment 4. information encryption communication System Using a pair of encryption/decryption chips

As shown in fig. 7, an information encryption communication system provided by the present invention includes two communication devices of opposite communication terminals, and is characterized in that each communication device is respectively provided with an encryption/decryption chip described in embodiment 2; the encryption and decryption chip encrypts and decrypts the transmitted information in real time, and transmits the ciphertext information between the communication devices.

In practice, two identical encryption/decryption chips a and B may be respectively disposed between the digital device and the communication device at two ends of the common channel, so as to construct a pair of encrypted channels with opposite communication directions on the common channel. The encryption component a in the encryption and decryption chip A and the decryption component B of the encryption and decryption chip B are opposite to each other, and an encryption channel from A to B is formed; the decryption component a 'in the encryption and decryption chip A and the encryption component B' of the encryption and decryption chip B are opposite ends, and a B-to-A encryption channel is formed.

The information encryption communication system also adopts a reservation code mechanism to select the encryptor reconstruction code, the decryptor reconstruction code, the key derivation device reconstruction code and the preset key which are used at this time; the reservation code mechanism comprises:

a transmission unit for transmitting a reservation code when one of the communication devices finishes communication;

a receiving unit, which is used for receiving the loopback reservation code returned by another communication device;

the judging unit is used for judging whether the reservation code is the same as the loopback reservation code or not and obtaining a corresponding judgment result;

a first processing unit connected to the judging unit for ending the communication between the two communication devices when the judgment result indicates that the reservation code and the loopback reservation code are the same;

and the second processing unit is connected with the judging unit and used for controlling the transmitting unit to transmit the reservation code again when the judgment result shows that the reservation code is different from the loopback reservation code.

Specifically, after two communication parties call and are communicated, a plaintext M sent by any party of digital equipment enters an encryption part of an encryption and decryption chip of a sending end, a current encryptor f and a current key Y (i) replace a symbol of the plaintext M with a symbol of a corresponding ciphertext M, the ciphertext is sent to communication equipment of the sending end, and then the ciphertext enters a common channel; after the ciphertext reaches the receiving end, the ciphertext enters the receiving end communication equipment, then enters a decryption part of a receiving end encryption and decryption chip, and a current decryptor f' and a current key Y (i) replace the ciphertext symbol with a corresponding plaintext symbol; and sending the plaintext into the digital equipment at the receiving end, and finishing the communication process.

When either side sends out 0 value or 1 value of long string, for example, no speech is spoken for a long time, since the transformation rules of each bit of f (i) are different and the values of each bit of y (i) are different, different ciphertext symbols are generated for 0 or 1 at different positions of plaintext, f (i) and y (i), so f (i) and y (i) still generate ciphertext of non-long string 0 and non-long string 1; similarly, f (i) and y (i) will generate the derivative key y (i +1) of the non-long string 0 and the non-long string 1, and since y (i +1) is different from y (i), the ciphertext and the next derivative key of the non-long string 0 and the non-long string 1 will still be generated for the long string 0 or the long string 1 in the following plain text. When the long string 0 or the long string 1 in the plain text is finished, the encryption is immediately recovered to be normal. Namely, the long string 0 or long string 1 information in plain text is naturally hidden in the ciphertext without influencing the normal work of the encryption process. Even if a certain derived key y (k) is all 0 s or all 1 s, the plaintext segment that happens to be encrypted is all 0 s or all 1 s, and because the transformation functions of f (i) bits are different, the generated ciphertext segment cannot be all 0 s or all 1 s; since F (i) varies the transform function of each bit, the next derived key Y (ki +1) generated will not be all 0's or all 1's.

When one digital equipment sends a communication ending command, the encryption and decryption chip of the end connects the current values of Jm1, Jm01 and Jm11 into a reservation code (Rm) and stores the reservation code into a reservation code register, after the encryption and decryption chip of the end sends the session ending command, the encryption and decryption chip of the end continues to send the value of the reservation code (Rm) of the chip to the other side, the other side receives the value of the reservation code (Rm) and stores the value into the reservation code register of the own side, and returns a reservation code (Rm ') according to the received reservation code, the sender receives a return reservation code (Rm '), if the return reservation code (Rm ') is different from the value of the sent reservation code (Rm), the reservation code (Rm) is retransmitted until the two are the same, and if the same reservation code value cannot be obtained in 8 times of repetition, a system fault is reported; if the received loopback reservation code (Rm') is the same as the value of the transmitted reservation code (Rm), the reservation is successful, both parties are offline and the communication is ended.

After the reservation is successful, the encryption and decryption chips of both sides immediately select new reconstruction codes of Y (0) and f (i)/f' (i) and F (i) according to the just agreed Rm value and send the new reconstruction codes into corresponding registers to prepare for the next communication. Meanwhile, the selected generalized key source data GYY washes out the reconstruction codes of the final derivative key y (i) and f (i)/f' (i) and f (i) of the communication, so that no one can find out the corresponding preset key and the corresponding decryptor even if the ciphertext of the communication is intercepted. Therefore, the security of the existing ciphertext is ensured while the one-time pad is ensured.

The reservation code only gives the sequence number (i.e. storage address) of the generalized key source data GYY to be used in the next communication in the read-only memory of the encryption and decryption chip, but not the preset key Y (0), the reconstruction code of the encryptor f (i), the reconstruction code of the decryptor f '(i) and the reconstruction code of the derivanter f (i), and the preset key Y (0), the reconstruction code of the encryptor f (i), the reconstruction code of the decryptor f' (i) and the reconstruction code of the derivanter f (i) hidden by each pair of chips are different, so the reservation code is not easy to be intercepted, and can be transmitted by using ciphertext or plaintext.

In the information encryption communication system provided by this embodiment, each pair of encryption/decryption chips stores different generalized key source data GYY, and six aspects cooperate to ensure that these generalized key source data GYY cannot be stolen.

In the first aspect, the process of writing GYY into the encryption/decryption chips is performed by a special writing device for the off-chip business, and the whole writing process does not allow human intervention, so that no one knows the specific content of GYY hidden in each pair of chips, and only knows which two chips are a pair.

In the 2 nd aspect, after the chips are introduced into the market, the manufacturer does not know which user uses which pair of chips, and therefore, it is impossible to obtain the generalized key source data GYY of a certain information encryption communication channel by the manufacturer of the chips.

In the 3 rd aspect, the generalized key source data GYY hidden by each encryption/decryption chip cannot be read out, so that a person who has access to the encryption/decryption chip cannot know the GYY hidden by the chip.

In the 4 th aspect, each encryption and decryption chip hides enough generalized key source data, so that meaningful information of the generalized key source data cannot be inferred by using a plaintext-ciphertext pair in a meaningful time.

In the aspect 5, the generalized key source data GYY hidden by each pair of encryption and decryption chips is different, and even if a special method is used to obtain the generalized key source data hidden by one encryption and decryption chip, no help is provided for cracking the ciphertext formed by other encryption and decryption chips. Therefore, it is impossible to know the generalized key source data of a certain information encryption communication channel by possessing some encryption/decryption chips.

In the 6 th aspect, the ciphertext does not contain any information of the generalized key, and the only way for the communication parties to communicate the next encryption feature is the reserved code, so that it is impossible to directly obtain any content of the generalized key source data from the ciphertext, and only the reserved code is possible to obtain. However, the same reserved code corresponds to different generalized key source data in different encryption/decryption chip pairs, so that the generalized key source data of a certain encryption channel cannot be known from the transmitted ciphertext.

Embodiment 5 information encryption communication system composed of encryption/decryption chips with the assistance of server

An arbitrary calling information encryption communication system realized under the assistance of a server comprises a calling end, the server end and a called end. The server is arranged between the calling end and the called end, and the information encryption communication modes as described in embodiment 4 are respectively arranged between the calling end and the server and between the called end and the server;

the server side comprises:

a generating unit, configured to generate a plurality of generalized key source data, including a plurality of reservation keys, an encryptor reconstruction code, a decryptor reconstruction code, and a key derivation device reconstruction code;

a calling unit for transmitting a selected set of subscription key, encryptor reconstruction code, decryptor reconstruction code and key derivation device reconstruction code to the called terminal according to the call request;

a ringback unit for transmitting the selected subscription key, the encryptor reconstruction code, the decryptor reconstruction code, and the key derivation device reconstruction code to the calling end;

the calling terminal and the called terminal use the reservation key, the encryptor reconstruction code, the decryptor reconstruction code and the key derivation device reconstruction code sent by the service terminal to construct an information encryption channel so as to carry out information encryption communication.

Specifically, each phone or cell phone or network endpoint needs to communicate with a plurality of phones or cell phones or network endpoints, and at this time, a service end needs to be used to assist information encryption communication, so as to correspondingly form a service end-assisted information encryption communication system, wherein each phone or network node and the service end maintain a pair of encryption and decryption chips, and each phone or cell phone or network endpoint can communicate with a service provider, for example: sending call requests and called party numbers, receiving calls and information, etc. At this time, the server continuously generates a plurality of preset keys Y (0), key derivation device reconstruction codes f (i), encryptor reconstruction codes f (i), and decryptor reconstruction codes f' (i) (which may be referred to as session generalized key source data HGYY hereinafter). The main operation is as follows: the private (the information encryption communication method described in embodiment 4) information encryption communication channel between the calling terminal and the service terminal sends a call request and a called party number to the service terminal; the private information encryption communication channel between the server side and the called side transmits the telephone number of the calling side and the selected one session generalized key source data HGYY to the called side, and triggers the ringing of the called side; the private information encryption communication channel between the server side and the calling side sends the same selected HGYY and the ring-back signal to the calling side; after the channels of the two communication parties are established, the two communication parties form an information encryption channel by using the selected HGYY given by the server side to carry out information encryption communication.

When the conversation party pauses the speech, a long string 0 signal or a long string 1 signal appears in the plaintext, at this time, F and y (i) still generate the ciphertext of a non-long string 0 and a non-long string 1, and F and y (i) generate y (i +1) of the non-long string 0 and the non-long string 1, so that the feature information which is helpful for breaking the ciphertext and is the pause speech is hidden in the ciphertext.

For the server-side assistance information encryption communication system, after the calling side and the called side establish communication, the calling side and the called side encrypt the session information by using the session generalized key source data HGYY sent by the server side, and as long as the HGYY given by the service provider is used once, the session process still keeps a 'one-time pad' mode. The way of generating the HGYY by the server is completely the same as the way of generating the generalized key source data GYY by the encryption and decryption chip manufacturer in embodiment 2, and considering the huge amount of the generalized key source data, the server can be completely guaranteed to discard the generalized key only once. Therefore, the encryption of the facilitator-assisted communication information can be completely done in one-time pad, that is, the communication system only needs to ensure that the session generalized key source data HGYY cannot be acquired by other people.

The embodiment can rely on the following four aspects to ensure that the generalized key source data cannot be stolen:

firstly, the server side automatically generates special session generalized key source data by using a true random number generated by a special machine, the process is not intervened by people and is the same as the process of writing preset generalized key source data into an encryption and decryption chip in the embodiment 2;

secondly, the server side sends the session generalized key source data HGYY to each session participant by using an autonomous communication encryption technology;

the conversation is encrypted by using one-time conversation generalized key source data HGYY sent by the server;

and fourthly, the session generalized key is continuously changed along with the change of the session plaintext, and the non-acquirability of the session generalized key is the same as that of the information encryption communication technology given in the embodiment 4.

The service end is the only third party capable of obtaining the HGYY and further obtaining the communication content, and is also the only node for revealing the session generalized key source data HGYY.

Embodiment 6 'one-to-many' information encryption communication mode formed by encryption and decryption chips

The encryption and decryption chip described in embodiment 2 can also be applied to a "one-to-many" information encryption channel. Because the GYY written by one encryption and decryption chip occupies few memory cells, each square centimeter of area of the integrated circuit can accommodate more than one thousand groups of GYY. An encryption center chip can then be built that hides thousands of sets of generalized key source data. Each group of generalized key source data contained in the encryption center chip can form an information encryption private channel with a small encryption and decryption chip, and the chips form a one-to-many type information encryption channel as a whole. For example: the encryption center chip is positioned at the management node of the ATM, and each small encryption and decryption chip is positioned at each ATM, so that the communication confidentiality of the ATM reaches the level of being not decipherable. If the encryption center chip is positioned in the network transaction center and each small encryption and decryption chip is positioned at the personal mobile phone end, the security of the network transaction communication reaches the level of being not decipherable.

Example 7 'group broadcast type' information encryption communication mode formed by encryption and decryption chips

If each chip of the encryption and decryption chips given in the group of embodiment 2 includes a same group of GYY, the communication in the information encryption channel formed by the group of GYY is open information to the group of chips, so that the information encryption channel can form broadcast communication for the group of chips, and information encryption communication is still performed for other people outside the group. For example: all encryption and decryption chips inside a unit (such as a naval vessel) are provided with an information encryption channel with common generalized key source data, and the channel can be represented in the unit as an 'information non-encryption' state, but is still in an information encryption state for an eavesdropper outside the unit.

Embodiment 8 'user self-establishing' information encryption communication mode formed by encryption and decryption chip

A storage area X0 allowing a user to write a proper amount of generalized key source data is set for each chip, and a pin ZDY is added to the chip. When ZDY and Yin are both connected with high level, a user can write a plurality of Y (0), a plurality of F-F 'reconstruction codes and a plurality of F-F' reconstruction codes which are formulated by the user into the increased X0 storage area in sequence through the write data channel. When ZDY is high and Yin is low, the micro-program will use the user-specified GYY. When ZDY is low, the chip returns to normal.

If an information encryption private channel Z1 exists between the user A and the user B, and an information encryption private channel Z2 exists between the user B and the user C, the users A, B and C can agree their own preset key source data through the information encryption private channels Z1 and Z2 and write the data into X0, and then a practical approximate one-time pad encryption group channel is established between the three users.

Example 9 manner of determining information encryption channel Security

One party of communication requires the other party to input the agreed identification code at variable time, and whether the information encryption channel is safe can be judged. When the encryption and decryption chip of the opposite side is stolen and damaged, and the normal user is separated from the encryption and decryption chip, and other accidents occur, the side seeking the identification code cannot receive the correct identification code on time, so that the channel is judged to be unsafe.

Example 10 information secure local area communication network formed by encryption/decryption chip

An information encryption center chip is arranged in a gateway or a telephone switch, and the capability of generating random generalized key source data is provided, namely, a server side is used for assisting an information encryption communication mode to establish a secure communication local area network, a telephone and a mobile phone communication network in a unit.

While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims

1. An encryption and decryption method is characterized by comprising an encryption process, a decryption process, a process of presetting an encryption component reconstruction code and a decryption component reconstruction code, a process of presetting a key derivation component reconstruction code, a process of presetting a key and a process of generating a reservation code, wherein the encryption component reconstruction code, the decryption component reconstruction code and the key derivation component reconstruction code are reconstruction codes of a reconfigurable multi-valued logic operation component.

The encryption process specifically includes:

step A1: setting an encryption rule used this time according to an encryption component reconstruction code in advance, and encrypting the current plaintext segment by using an encryption key corresponding to the current plaintext segment according to the encryption rule to obtain a corresponding ciphertext segment;

step A2: setting an encryption key derivation rule used at this time in advance according to a key derivation part reconstruction code, and processing the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule to generate an encryption key for encrypting the next plaintext segment;

the decryption process specifically includes:

step B1: setting a decryption rule used this time in advance according to a decryption component reconstruction code of the encryption component reconstruction code corresponding to the opposite end, and decrypting the current encrypted text segment by using a decryption key corresponding to the current encrypted text segment according to the decryption rule to obtain a decrypted plaintext segment;

step B2: presetting a decryption key derivation rule used this time by a key derivation part reconstruction code for setting a current encryption key derivation rule, and processing the decrypted plaintext segment and the corresponding decryption key according to the decryption key derivation rule to generate a decryption key for decrypting the next ciphertext segment;

the process of presetting the reconstruction code of the encryption component and the reconstruction code of the decryption component specifically comprises the following steps:

step C1: before the encryption process and the decryption process are executed, randomly selecting and storing reconstruction code pairs consisting of a plurality of encryption component reconstruction codes and corresponding decryption component reconstruction codes from reconstruction code sequences as an encryption component and decryption component reconstruction code pair group used in the encryption process and the decryption process;

step C2: acquiring a first reduced number used in the encryption process and the decryption process, and extracting and presetting an encryption reconstruction code and a decryption reconstruction code used in the encryption and decryption processes from the encryption component and decryption component reconstruction code pairing group according to the first reduced number;

the process of presetting the key derivation part reconstruction code specifically includes:

step D1: before the encryption process and the decryption process are executed, randomly selecting reconstruction codes of a plurality of key derivation parts from the reconstruction code sequence to be used as key derivation part reconstruction code groups used in the encryption process and the decryption process;

step D2: acquiring a second reduced number used in the encryption and decryption processes, and extracting and presetting the reconstruction code of the key derivation part used at this time from the key derivation part reconstruction code group according to the second reduced number;

the process of presetting the preset key specifically includes:

Step E1: before the encryption process and the decryption process are executed, randomly selecting a plurality of preset keys from a preset key sequence to serve as preset key groups used in the encryption process and the decryption process;

step E2: acquiring a third reduced number used in the encryption and decryption process, and extracting and setting a preset key used at this time from the preset key group according to the third reduced number;

the process of generating the reservation code specifically includes:

and taking a plurality of reserved numbers contained in the reserved code used at this time as initial values, counting the plurality of symbol arrangements of the plaintext to be encrypted at this time respectively, taking the counting result as a plurality of new reserved numbers, and connecting all the new reserved numbers in sequence to form the reserved code used at the next time.

2. An encryption and decryption apparatus, characterized in that the encryption and decryption apparatus comprises an encryption unit, a decryption unit and a read-only memory unit which are formed by hardware;

the encryption means includes:

an encryptor: presetting an encryption rule of an encryptor by using an encryptor reconstruction code, and encrypting the current plaintext segment by using an encryption key corresponding to the current plaintext segment in the plaintext to be encrypted according to the encryption rule to obtain the corresponding current encrypted segment;

encryption key derivation device: setting an encryption key derivation rule of the encryption key derivation device in advance by using a key derivation device reconstruction code, and processing the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule to generate an encryption key for encrypting the next plaintext segment;

the decryption section includes:

a decryptor: setting a decryption rule of the decryptor in advance by a decryptor reconstruction code matched with the encryptor reconstruction code of the opposite end, and decrypting the current encrypted text segment by a decryption key corresponding to the current encrypted text segment in the ciphertext to be decrypted according to the decryption rule to obtain a decrypted plaintext segment;

decryption key derivation device: and setting a decryption key derivation rule of the decryption key derivation device in advance by setting a key derivation device reconstruction code of the current encryption key derivation device, and processing the decrypted plaintext segment and the corresponding decryption key according to the decryption key derivation rule to generate a decryption key for decrypting the next ciphertext segment.

The read-only storage component is configured to store generalized key source data composed of an encryptor reconstruction code, a decoder reconstruction code, a key derivation device reconstruction code, and a preset key, and specifically includes:

the encryptor reconstructed code storage area stores a plurality of randomly selected encryptor reconstructed codes;

the decryptor reconstruction code storage area stores decryptor reconstruction codes matched with the randomly selected encryptor reconstruction codes;

the key derivation device reconstruction code storage area stores a plurality of randomly selected key derivation device reconstruction codes;

and the preset key storage area is used for storing a plurality of randomly selected preset keys.

3. An encryption/decryption apparatus according to claim 2, wherein: and a write device is also matched, before each encryption and decryption device is put into use, a group of generalized key source data is burnt into a read-only storage component of the encryption and decryption device by the write device, and the write device comprises:

the first burner burns a plurality of the cipher reconstruction codes randomly selected from the reconstruction code sequence into the cipher reconstruction code storage area of the read-only storage component;

a second burner for burning a plurality of the decryptor reconstruction codes corresponding to the encryptor reconstruction codes selected from the reconstruction code sequences into a decryptor reconstruction code storage area of the read-only memory component;

a third burner, burning a plurality of the key derivation device reconstruction codes randomly selected from the reconstruction code sequence into a key derivation device reconstruction code storage area of the read-only storage component;

and the fourth burner randomly selects a plurality of preset keys from the preset key sequence and burns the preset keys into the preset key storage area of the read-only storage component.

4. The encryption and decryption apparatus according to claim 2, wherein the encryption unit includes a plurality of loop counters and a reserved code memory, and the encryption unit reads out a reserved code used for the current encryption and decryption from the reserved code memory before each encryption and decryption process;

each cycle counter takes the corresponding reserved number contained in the reserved code used at this time as an initial value, and counts various symbol arrangements in a plaintext in the encryption process at this time; the final count value of each loop counter is a corresponding new reduced number; the new reserved number is used for selecting generalized key source data to be used in the next encryption and decryption operation from the read-only storage component;

the reservation code memory is connected with the output ends of all the cycle counters and used for storing a new reservation code formed by sequentially connecting the counting results of the plurality of cycle counters, and the new reservation code is used for providing each reserved number for the next encryption and decryption operation;

the encryption component extracts and presets the encryption device reconstruction code used this time from the encryption device reconstruction code storage area of the read-only storage component according to the first reduced number used this time; extracting and presetting the encryption key derivation device reconstruction code used at this time from the key derivation device reconstruction code storage area of the read-only storage component according to the second reduced number used at this time; extracting and presetting the encryption preset key used this time from the preset key storage area of the read-only storage component according to the third reduced number used this time;

the decryption component extracts and presets the decryption device reconstruction code used this time from the decryption device reconstruction code storage area of the read-only storage component according to the first reduced number used this time; extracting and presetting a decryption key derivation device reconstruction code used this time from a key derivation device reconstruction code storage area of the read-only storage component according to a second divisor used this time; and extracting and presetting the decryption preset key used this time from the preset key storage area of the read-only storage component according to the third preset number used this time.

5. An encryption and decryption device is characterized by comprising an encryption module, a decryption module and a configuration file which are formed by software;

the encryption module includes:

an encryption unit: setting an encryption rule of an encryption unit by using an encryption unit reconstruction code in advance, and encrypting the current plaintext segment by using an encryption key corresponding to the current plaintext segment in the plaintext to be encrypted according to the encryption rule to obtain a corresponding current encrypted segment;

encryption key derivation unit: setting an encryption key derivation rule of the encryption key derivation unit by using a key derivation unit reconfiguration code in advance, and processing the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule to generate a key for encrypting the next plaintext segment;

the decryption module includes:

a decryption unit: a decryption rule of the decryption unit is set in advance by a decryption unit reconstruction code matched with the encryption unit reconstruction code of the opposite end, and the current encrypted text segment is decrypted by a decryption key corresponding to the current encrypted text segment in the ciphertext to be decrypted according to the decryption rule to obtain a decrypted plaintext segment;

decryption key derivation unit: setting a decryption key derivation rule of the decryption key derivation unit by the key derivation unit reconstruction code in advance, and processing the decrypted plaintext segment and the corresponding decryption key according to the decryption key derivation rule to generate a decryption key for decrypting the next ciphertext segment;

the configuration file is used for storing generalized key source data composed of an encryption unit reconstruction code, a decoding unit reconstruction code, a key derivation unit reconstruction code and a preset key, and specifically includes:

the encryption unit reconstructs the code file paragraph: saving a plurality of randomly selected encryption unit reconstruction codes;

the decryption unit reconstructs the code file paragraph: storing the reconstruction codes of the decryption units matched with the randomly selected reconstruction codes of the encryption units;

key derivation unit reconstruction code file paragraph: saving a plurality of randomly selected key derivation unit reconstruction codes;

and the preset key file paragraph stores a plurality of randomly selected preset keys.

6. An encryption/decryption apparatus according to claim 5, further comprising a writing device, each encryption/decryption apparatus writing a set of said generalized key source data to the configuration file of the encryption/decryption apparatus before being put into use, with said writing device, said writing device comprising:

a first writing unit: writing a plurality of randomly selected encryption unit reconstruction codes in the reconstruction code sequence into an encryption unit reconstruction code file paragraph of a configuration file;

a second writing unit: writing a plurality of decryption unit reconstruction codes corresponding to the encryption unit reconstruction codes selected from the reconstruction code sequence into a decryption unit reconstruction code file paragraph of the configuration file;

a third writing unit: writing a plurality of the key derivation unit reconstruction codes randomly selected from the reconstruction code sequence into a key derivation unit reconstruction code file paragraph of the configuration file;

a fourth writing unit: and randomly selecting a plurality of preset keys from the preset key sequence, and writing the preset keys into a preset key file paragraph of a configuration file.

7. An encryption and decryption apparatus according to claim 5, wherein the encryption module includes a plurality of loop count variables and the configuration file includes a reservation code variable;

when the encryption module starts to work each time, reading a reservation code variable in a configuration file to obtain a reservation code used in the encryption process, and writing the reservation code used in the encryption process into a specified position of a ciphertext file; each cycle counting variable takes a corresponding reserved number contained in the reserved code used at this time as an initial value, and counts various symbol arrangements in a plaintext in the encryption process at this time; the final count value of each loop count variable is a corresponding new reduced number; the new reserved number is used for selecting generalized key source data to be used in the next encryption operation from the configuration file;

the reservation code variable in the configuration file stores the reservation code formed by connecting the plurality of reservation numbers, and the new reservation code is used for providing each reservation number for the next encryption operation;

the encryption module extracts and presets the encryption unit reconstruction code used this time from the encryption unit reconstruction code file paragraph of the configuration file according to the first reduced number used this time; extracting and presetting an encryption key derivation unit reconstruction code used this time from a key derivation unit reconstruction code file paragraph of the configuration file according to a second reduced number used this time; extracting and presetting the encryption preset key used at this time from a preset key file paragraph of the configuration file according to the third reduced number used at this time;

when the decryption module starts to work each time, the reservation code used in the decryption process is read from the specified position of the ciphertext file. Extracting and presetting the decryption unit reconstruction code used this time from the decryption unit reconstruction code file paragraph of the configuration file according to the first reduced number used this time; extracting and presetting a decryption key derivation unit reconstruction code used this time from a key derivation unit reconstruction code file paragraph of the configuration file according to a second reduced number used this time; and extracting and presetting the decryption preset key used this time from the preset key file paragraph of the configuration file according to the third reduced number used this time.

8. An autonomous communication encryption system includes two communication devices of opposite communication terminals. The method is characterized in that: the encryption and decryption device of any one of the preceding claims 2 to 4 is respectively arranged on each communication device;

a temporary encryption channel is constructed between the communication devices and is used for transmitting the ciphertext;

configuring the encryptor reconstruction code, the decryptor reconstruction code, the derived reconstruction code and the preset key used at this time by using a reservation code;

the autonomous communication encryption system includes:

a sending unit, configured to send a reservation code when one of the communication devices finishes communication;

a receiving unit, configured to receive a loopback reservation code returned by another one of the communication devices;

a judging unit, configured to judge whether the appointment code is the same as the loopback appointment code, and obtain a corresponding judgment result;

the first processing unit is connected with the judging unit and used for finishing the communication between the two communication devices when the judgment result shows that the reservation code is the same as the loopback reservation code;

and a second processing unit, connected to the judging unit, for controlling the transmitting unit to retransmit the reservation code when the judgment result indicates that the reservation code and the loopback reservation code are different.

9. An encryption system for assisting communication, comprising a calling terminal, a service terminal and a called terminal, wherein the calling terminal and the called terminal respectively comprise the encryption and decryption apparatus according to any one of claims 2-4, and the service terminal is disposed between the calling terminal and the called terminal;

the server side comprises:

a generating unit for generating a plurality of reservation keys, encryptor reconstruction codes, decryptor reconstruction codes and key derivation device reconstruction codes;

a ringback unit for transmitting the selected subscription key, encryptor reconstruction code, decryptor reconstruction code, and key derivation device reconstruction code to the calling end;

and the calling terminal and the called terminal construct an encryption channel according to the reservation key, the encryptor reconstruction code, the decryptor reconstruction code and the key derivation device reconstruction code so as to carry out encryption communication.

10. A static information encryption system applied to the encryption and decryption apparatus according to any one of claims 5 to 7, comprising an encryption program, a decryption program and a configuration file.

The encryption program is used for acquiring a plaintext to be encrypted, encrypting the plaintext to generate a ciphertext, and including the reservation code in the ciphertext for transmission and storage;

and the decryption program is used for acquiring the ciphertext and decrypting the ciphertext according to the reserved code.