CN113794551A - Equal-length block encryption method and ciphertext decryption method for long message data - Google Patents

Equal-length block encryption method and ciphertext decryption method for long message data Download PDF

Info

Publication number
CN113794551A
CN113794551A CN202111066134.XA CN202111066134A CN113794551A CN 113794551 A CN113794551 A CN 113794551A CN 202111066134 A CN202111066134 A CN 202111066134A CN 113794551 A CN113794551 A CN 113794551A
Authority
CN
China
Prior art keywords
data
length
ciphertext
plaintext
packet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111066134.XA
Other languages
Chinese (zh)
Inventor
闫鸣生
王金贵
李国�
马晓艳
王冠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING JN TASS TECHNOLOGY CO LTD
Original Assignee
BEIJING JN TASS TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING JN TASS TECHNOLOGY CO LTD filed Critical BEIJING JN TASS TECHNOLOGY CO LTD
Priority to CN202111066134.XA priority Critical patent/CN113794551A/en
Publication of CN113794551A publication Critical patent/CN113794551A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to an equal-length block encryption method and a ciphertext decryption method for long message data. The encryption method comprises the following steps: when the data length N of the long message is not an integral multiple of the packet length L, the data of the long message is grouped to obtain a partial packet and a standard packet; carrying out encryption operation on the standard packet to obtain a first ciphertext; performing encryption operation on part of the packets to obtain a second ciphertext; and combining the first ciphertext and the second ciphertext to obtain the ciphertext with the length of N. The encryption and decryption method in the technical scheme provided by the invention has the advantages that the ciphertext and the plaintext are equal in length, the method is free from filling, and the method is suitable for block cipher algorithms with more modes, is suitable for application environments with unchangeable lengths such as E1 content encryption and SDH frame payload encryption and other application scenes with variable lengths but not integral multiples of standard blocks, so that the application of a plurality of block cipher modes is not limited by data length any more.

Description

Equal-length block encryption method and ciphertext decryption method for long message data
Technical Field
The invention belongs to the field of data security, and the technology and the equipment can be used for system design, security architecture design and cryptographic operation application of computer application, in particular to an equal-length block encryption method and a ciphertext decryption method of long message data.
Background
The block encryption is the main cipher algorithm of the symmetric encryption algorithm, including the common national ciphers SM1, SM4, SM6, international AES128 and AES256, etc., and is mainly characterized in that the encryption and decryption process divides the data into groups with fixed length according to the algorithm requirement, and carries out the encryption and decryption operation group by group according to the encryption and decryption mode. Many of the modes (ECB/CBC/CFB, etc.) require the plaintext length to be an integer multiple of the packet length, and if not, Padding (Padding) to an integer multiple of the packet length is required to perform the block encryption. As a result, when the data length is not an integral multiple of the block, the ciphertext is greater in length than the plaintext due to the data padding at the time of encryption, i.e.: at this time, the ciphertext length is not equal to the plaintext length and is greater than the plaintext length.
Similarly, decryption is performed by decrypting the ciphertext of an integral multiple of the length of the packet, and if padding exists, the padding needs to be removed to obtain the plaintext.
The OFB (output feedback) mode and the CTR (counter) mode are streaming media application modes, and equal-length encryption can be realized, and even if the plaintext length is not an integral multiple of the packet length, the ciphertext length can be equal to the plaintext length. However, the OFB and CTR modes are used with the premise that the auxiliary parameters need to be changed, namely: the IV or CTR mode counter value of the OFB algorithm is a variable, rather than a constant, and preferably is not repeated. Such a requirement is not suitable in many applications, especially when both communication parties perform ciphertext communication, the two communication parties need to synchronize auxiliary parameters each time except that the keys are consistent, that is: an additional channel is required to inform the other party of the value of the auxiliary parameter. Such requirements make it impossible for many applications to use OFB or CTR modes for equal length message encryption.
Disclosure of Invention
In order to overcome the problems in the related art, the invention provides an equal-length block encryption method and a ciphertext decryption method for long message data.
According to a first aspect of the embodiments of the present invention, there is provided an equal-length packet encryption method for long packet data, including:
when the data length N of the long message is not an integral multiple of the packet length L, grouping the data of the long message to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than or equal to 1 and less than or equal to k +1, and L' < L;
performing encryption operation on the k standard packets to obtain k first ciphertexts with the length of L;
carrying out encryption operation on the partial packets to obtain 1 second ciphertext with the length of L';
and combining the k first ciphertexts and the 1 second ciphertexts to obtain the ciphertexts with the length of N.
Further, the performing encryption operation on the partial packet to obtain 1 second ciphertext with the length of L' specifically includes:
taking a preset numerical value with the length of L as first plaintext data, and encrypting the first plaintext data to obtain a first key stream;
performing bit-wise XOR operation on the predetermined L' data in the first key stream and the partial grouped data to obtain a third ciphertext;
the predetermined L 'data may be the first L' data, the last L 'data, or the middle L' data agreed in advance.
And extracting preset L' data in the third ciphertext to obtain a second ciphertext.
Further, the performing encryption operation on the partial packet to obtain 1 second ciphertext with the length of L' specifically includes:
encrypting second plaintext data by taking a first ciphertext obtained by encrypting the ith-1 group of data as the second plaintext data to obtain a second key stream;
performing bit-wise XOR operation on the predetermined L' data in the second key stream and the partial grouped data to obtain a fourth ciphertext;
and extracting preset L' data in the fourth ciphertext to obtain a second ciphertext.
Further, the performing encryption operation on the partial packet to obtain 1 second ciphertext with the length of L' specifically includes:
carrying out bit-based XOR operation on a first ciphertext obtained by encrypting the (i-1) th group of data and a preset numerical value with the length of L, and taking an operation result as third plaintext data;
encrypting the third plaintext data to obtain a third key stream;
performing bit-wise XOR operation on the predetermined L' data in the third key stream and the partial grouped data to obtain a fifth ciphertext;
and extracting L' data preset by the fifth ciphertext to obtain a second ciphertext.
Further, the encryption operation is performed on the k standard packets to obtain k first ciphertexts with length of L, and the specific steps are as follows:
carrying out encryption operation on the first i-1 groups of standard packet data to obtain i-1 first ciphertexts with the length of L;
and carrying out encryption operation on the k-i +1 groups of standard packet data to obtain k-i +1 first ciphertexts with the length of L. Wherein, the (i + 1) th group of standard packet data is obtained from the encryption algorithm of the (i) th group of partial packet data according to the feedback parameters (if any) specified by the encryption algorithm mode.
Further, still include:
when the data length N of the long message is an integral multiple of the packet length L, grouping the data of the long message to obtain m standard packets, wherein m is L/N;
performing encryption operation on the m standard packets to obtain m sixth ciphertexts with the length of L;
and combining the m sixth ciphertexts to obtain the ciphertexts with the length of N.
According to a second aspect of the embodiments of the present invention, there is provided a ciphertext decryption method, including:
when the data length N of the ciphertext is not an integral multiple of the packet length L, grouping the data of the ciphertext to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than or equal to 1 and less than L, and L';
carrying out decryption operation on the k standard packets to obtain k first plaintexts with the length of L;
carrying out partial block decryption operation on the partial blocks to obtain 1 second plaintext with the length of L';
and combining the k first plaintexts and the 1 second plaintexts to obtain the plaintexts with the length of N.
Further, the decrypting the partial packet to obtain 1 second plaintext with length L' specifically includes:
taking a preset numerical value with the length of L as fourth plaintext data, and encrypting the fourth plaintext data to obtain a fourth key stream;
performing bit-wise XOR operation on the predetermined L' data in the fourth key stream and the partially grouped data to obtain a third plaintext;
and extracting L' data preset in the third plaintext to obtain a second plaintext.
The predetermined L 'data may be the first L' data, the last L 'data, or the middle L' data agreed in advance.
Further, the decrypting the partial packet to obtain 1 second plaintext with length L' specifically includes:
taking the i-1 th group of ciphertext data as fifth plaintext data, and encrypting the fifth plaintext data to obtain a fifth key stream;
performing bit-wise XOR operation on the predetermined L' data in the fifth key stream and the data of the partial packet to obtain a fourth plaintext;
and extracting L' data preset by the fourth plaintext to obtain a second plaintext.
Further, the decrypting the partial packet to obtain 1 second plaintext with length L' specifically includes:
carrying out bit-based XOR operation on the (i-1) th group of ciphertext data and a preset numerical value with the length of L, and taking an XOR result as sixth plaintext data;
encrypting the sixth plaintext data to obtain a sixth key stream;
performing bit-wise exclusive or operation on the predetermined L' data in the sixth key stream and the data of the partial packet to obtain a fifth plaintext;
and extracting predetermined L' data in the fifth plaintext to obtain a second plaintext.
Further, still include:
when the data length N of the ciphertext is an integral multiple of the packet length L, grouping the data of the ciphertext to obtain m standard packets, wherein m is L/N;
carrying out decryption operation on the m standard packets to obtain m sixth plaintexts with the length of L;
and combining the m sixth plaintexts to obtain the plaintexts with the length of N.
The technical scheme provided by the embodiment of the invention can have the following beneficial effects:
the encryption and decryption method provided by the invention has the advantages that the ciphertext and the plaintext are equal in length, the filling is not needed, the method is suitable for a block cipher algorithm with more modes, and is suitable for application environments with unchangeable length such as E1 content encryption and SDH frame payload encryption and other application scenes with variable length but not integral multiple of standard blocks, so that the application of a plurality of block cipher modes is not limited by the data length any more, and the application scenes are expanded.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
The above and other objects, features and advantages of the present invention will become more apparent by describing in more detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 is a schematic flowchart illustrating an isometric packet encryption method for long message data according to an exemplary embodiment of the present invention;
FIG. 2 is a flow chart of standard packet and partial packet encryption and merging in an embodiment of the present invention;
FIG. 3 is a diagram of standard packet and partial packet encryption in an embodiment of the present invention;
fig. 4 is a flowchart illustrating a ciphertext decryption method according to an example embodiment of the present invention;
FIG. 5 is a flow diagram of SM4-CBC mode encryption of E1 transport data;
FIG. 6 is a flow chart of SDH-VC4 frame payload AES-BC mode encryption.
Detailed Description
Preferred embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present invention are shown in the drawings, it should be understood that the present invention may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that, although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
The patent refers to the encryption and decryption of long messages, and the long message defined in the patent refers to the length of plaintext data greater than the block length L of the block cipher algorithm used. The block length of the SM4 and AES128 cipher algorithms is 128 bits, i.e., L ═ 16 bytes. When data encryption is performed using the SM4 or AES128 block cipher, data larger than 16 bytes (e.g., 17 bytes, 100 bytes, etc.) is defined as a long message in this patent. While the packet length of AES256 is 256 bits, i.e.: 32 bytes, then for the AES256 algorithm, a message larger than 32 bytes (33 bytes, 500 bytes) is a long message.
When using cryptographic algorithms such as ECB, CBC, CFB, etc., if the packet length N is not an integral multiple of the packet length L, then: n ≠ k × L, where k ≠ int (N/L), and int (x) is an integer value of x, e.g., int (4.85) ═ 4, then the conventional packet encryption method needs to fill data into k +1 packets;
such as: n67 bytes of plaintext C, encrypted using a 16 byte block cipher algorithm, requires padding 13 bytes of content, increasing the data length to 67+13 80 bytes, 80 bytes being 5 blocks, and obtaining ciphertext C of length N' 80 bytes by a standard block cipher algorithm. As a result, the length N' of the ciphertext C is 80, and the length N of the plaintext M is 67. It can be seen that, when the data length N is not an integral multiple of the packet length L, the conventional block cipher algorithm cannot obtain the ciphertext C with the same length.
The invention can realize the equal-length block encryption of the long message data without filling data, namely, one long message with the length of N, and after the block encryption operation of the invention, the length of the ciphertext data N' is the same as the length of the plaintext data, namely: n is equal to N'.
The technical solutions of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
Fig. 1 is a flowchart illustrating an isometric packet encryption method for long message data according to an exemplary embodiment of the present invention.
Referring to fig. 1, the method includes:
110. when the data length N of the long message is not an integral multiple of the packet length L, grouping the data of the long message to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than or equal to 1 and less than or equal to k +1, and L' < L.
Specifically, when the data length N of the long message is not an integral multiple of the packet length L, the encryption of the long message is divided into whole packet encryption and partial packet encryption; wherein, the whole block encryption is standard block encryption, and the partial block encryption is used for realizing the message encryption of which the message data is smaller than the block length;
a long packet with a length of N (called plaintext M), k equals int (N/L), and the function int (x) outputs an integer part of x. Before encryption, plaintext data is grouped, specifically, the following two cases are divided into:
if N is k × L, that is, the data length is exactly an integral multiple of the packet, the encryption process conforms to the standard packet encryption rule, that is, k sets of standard packet encryption are performed.
If N ≠ k × L, namely: the length is not an integer multiple of the packet, i.e. the remaining data length, except for k sets of data of length L, is: l ═ N-k × L. And dividing k +1 packets in total, wherein k whole packet data and 1 packet are partial packets with the length smaller than the packet length. As shown in the following table:
M1 M2 M3 …… Mi-1 Mi Mi+1 …… Mk Mk+1
in the figure, the ith packet is a partial packet, the data length is L', other k packets including the 1 st to i-1 st packets and the i +1 th to k +1 th packets are standard packets, and the data length is L, wherein i is a value predetermined in advance by both encryption and decryption parties, and 1< i is not less than k + 1.
120. And carrying out encryption operation on the k standard packets to obtain k first ciphertexts with the length of L.
130. And carrying out encryption operation on the partial packets to obtain 1 second ciphertext with the length of L'.
Specifically, as shown in fig. 2 and fig. 3, the above steps perform packet data encryption on the long message, including standard data encryption of standard packet data and partial packet encryption of partial packet data. The encryption process is as follows:
1. firstly, carrying out block encryption calculation of a designated mode on the 1 st group to the i-1 th group to obtain C1,C2,…,Ci-1
2. Partial block encryption calculation is carried out on the ith group of partial packet data to obtain Ci’。
3. Performing block encryption calculation of a designated mode on the (i + 1) th group to the (k + 1) th group to obtain Ci+1,…,Ck+1
140. And combining the k first ciphertexts and the 1 second ciphertexts to obtain the ciphertexts with the length of N.
Specifically, in this step, each packet is divided into a pair of steps 120 and 130The ciphertext data obtained by encryption is sorted and merged, and the specific process is to extract Ci'predetermined L' data in the ciphertext data are the ith group of ciphertext as CiAnd finally merging the data C ═ C1||C2||,…,||Ci||,…,||Ck||Ck+1The ciphertext length is N '═ k × L + L' ═ N.
The method for encrypting the packets with the same length of the long message data has the advantages that the generated ciphertext is as long as the plaintext of the long message, filling is not needed, the method is suitable for a block cipher algorithm with more modes, and is suitable for application environments with E1 content encryption, SDH frame load encryption and the like, the content length cannot be changed, and application scenes are expanded.
Optionally, in this embodiment, step 120 specifically includes:
1201. carrying out encryption operation on the first i-1 groups of standard packet data to obtain i-1 first ciphertexts with the length of L;
1202. and carrying out encryption operation on the k-i +1 groups of standard packet data to obtain k-i +1 first ciphertexts with the length of L. Wherein, the (i + 1) th group of standard packet data is obtained from the encryption algorithm of the (i) th group of partial packet data according to the feedback parameters (if any) specified by the encryption algorithm mode.
In this embodiment, a part of the packet data is encrypted in blocks, the plaintext of the encryption operation may use the agreed value TAG to perform the encryption operation, and obtain the key stream, or the plaintext of the encryption operation may use the previous group of ciphertexts or perform the exclusive or operation on the previous group of ciphertexts and the agreed value TAG, and perform the encryption operation on the exclusive or result, and obtain the key stream. And carrying out bit XOR on the plaintext by the preset L' data in the key stream to obtain the ciphertext. The ciphertext length is equal to the plaintext length. Each is specifically described below.
Optionally, in this embodiment, the process of performing an encryption operation on the partial packet data in step 130 specifically includes:
1301. taking a preset numerical value with the length of L as first plaintext data, and encrypting the first plaintext data to obtain a first key stream;
1302. performing bit-wise XOR operation on the predetermined L' data in the first key stream and the partial grouped data to obtain a third ciphertext;
1303. and extracting preset L' data in the third ciphertext to obtain a second ciphertext.
The predetermined L 'data may be the first L' data, the last L 'data, or the middle L' data agreed in advance.
Specifically, the first partial packet encryption operation method provided in this embodiment is to set a value TAG with a predetermined length L, where the TAG may be a fixed value predetermined by any two parties, a key check value (key check value: ciphertext value obtained by performing encryption operation on the fixed value) of the two parties, and other contents. Encrypting the determined IV by using TAG as plaintext data M ' and IV (initialization vector) as ith group defined by encryption mode, encrypting M ' by using key k to obtain ciphertext C ', and ciphertext C ' of partial packet data 'iIs C'i=C’⊕MiWherein M isi≧ is bit-wise exclusive-or operation for the data of the ith group of partial packets, the following is the same.
The characteristic of the above mode is that the standard block encryption operation is carried out by partial block through standard block length, the encryption mode can keep the original encryption mode, but the cipher text is output as the key stream, the key stream and the partial block data MiXOR-ing to obtain partial block encrypted ciphertext C'i
In the embodiment, the decryption difficulty of an attacker is further increased by adding the default value TAG, and the security of the ciphertext data is improved.
Optionally, in this embodiment, the process of performing an encryption operation on the partial packet data in step 130 specifically includes:
1304. encrypting second plaintext data by taking a first ciphertext obtained by encrypting the ith-1 group of data as the second plaintext data to obtain a second key stream;
1305. performing bit-wise XOR operation on the predetermined L' data in the second key stream and the predetermined data in the partial packet to obtain a fourth ciphertext;
1306. and extracting preset L' data in the fourth ciphertext to obtain a second ciphertext.
Specifically, the second partial packet encryption operation method provided in this embodiment uses the last group of ciphertext as M', that is: m ═ Ci-1Encrypting M 'by using key k to obtain ciphertext C', and partially grouped data ciphertext CiIs as followsi=C’⊕Mi
The advantage of the above method is that following the last group of ciphertext Ci-1The key stream C' of the partial packets is also different, and thus the security is higher.
Optionally, in this embodiment, the process of performing an encryption operation on the partial packet data in step 130 specifically includes:
1307. carrying out bit-wise XOR operation on a ciphertext obtained by encrypting the (i-1) th group of data and a preset numerical value with the length of L, and taking an operation result as third plaintext data;
1308. encrypting the third plaintext data to obtain a third key stream;
1309. performing bit-wise XOR operation on the predetermined L' data in the third key stream and the partial grouped data to obtain a fifth ciphertext;
1310. and extracting preset L' data in the fifth ciphertext to obtain a second ciphertext.
Specifically, the third partial packet encryption operation method provided in this embodiment sets the value TAG predetermined in advance, and makes M' ═ Ci-1| > TAG, and M 'is encrypted to obtain a ciphertext C', and partial packet data MiCipher text C ofiComprises the following steps: ci=C’⊕Mi
The advantage of this approach is that the keystream C' is associated with the last set of ciphertext Ci-1And the pre-agreed parameter TAG are both related, so that the security of the key stream C' of the last group is further improved.
Optionally, in this embodiment, the method further includes:
150. when the data length N of the long message is an integral multiple of the packet length L, grouping the data of the long message to obtain m standard packets, wherein m is L/N;
160. performing encryption operation on the m standard packets to obtain m sixth ciphertexts with the length of L;
170. and combining the m sixth ciphertexts to obtain the ciphertexts with the length of N.
Specifically, if the data length of the long packet is exactly an integral multiple of the packet, the encryption process conforms to the standard packet encryption rule, i.e., m groups of standard packet encryption are performed.
Corresponding to the above encryption method, an embodiment of the present invention provides a ciphertext decryption method, as shown in fig. 4, the method includes:
410. when the data length N of the ciphertext is not an integral multiple of the packet length L, grouping the data of the ciphertext to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than 1 and less than or equal to k +1, and L' < L;
420. carrying out decryption operation on the k standard packets to obtain k first plaintexts with the length of L;
430. carrying out decryption operation on the partial packets to obtain 1 second plaintext with the length of L';
440. and combining the k first plaintexts and the 1 second plaintexts to obtain the plaintexts with the length of N.
In this embodiment, the ciphertext data encrypted by the standard block is decrypted according to the block decryption method in the standard mode. Carrying out decryption operation on the i-th group of partial block encrypted ciphertexts, wherein the same as the partial block encryption process, the encryption operation plaintext M' uses a convention value TAG to carry out encryption operation to obtain a key stream, or uses the previous group of ciphertexts Ci-1Is M ', or M' is the previous group of ciphertexts Ci-1And carrying out XOR on the result and a preset value TAG, and encrypting M' to obtain a key stream. Carrying out XOR on the ciphertext by the key stream according to bits to obtain a plaintext; the plaintext length is equal to the ciphertext length.
There are three ways to perform the decryption operation on the partial packet in step 430, which are described below.
Optionally, in this embodiment, step 430 specifically includes:
4301. taking a numerical value TAG with a preset length L as fourth plaintext data, and encrypting the fourth plaintext data to obtain a fourth key stream;
4302. performing bit-wise XOR operation on the predetermined L' data in the fourth key stream and the partially grouped data to obtain a third plaintext;
4303. and extracting L' data preset in the third plaintext to obtain a second plaintext.
The predetermined L 'data may be the first L' data, the last L 'data, or the middle L' data agreed in advance.
Optionally, in this embodiment, step 430 specifically includes:
4304. taking the i-1 th group of ciphertext data as fifth plaintext data, and encrypting the fifth plaintext data to obtain a fifth key stream;
4305. performing bit-wise XOR operation on the predetermined L' data in the fifth key stream and the data of the partial packet to obtain a fourth plaintext;
4306. and extracting predetermined L' data in the fourth plaintext to obtain a second plaintext.
Optionally, in this embodiment, step 430 specifically includes:
4307. carrying out bit-based XOR operation on the (i-1) th group of ciphertext data and a preset numerical value with the length of L, and taking an operation result as sixth plaintext data;
4308. encrypting the sixth plaintext data to obtain a sixth key stream;
4309. performing bit-wise exclusive or operation on the predetermined L' data in the sixth key stream and the data of the partial packet to obtain a fifth plaintext;
4310. and extracting predetermined L' data in the fifth plaintext to obtain a second plaintext.
Optionally, in this embodiment, the method further includes:
450. when the data length N of the ciphertext is an integral multiple of the packet length L, grouping the data of the ciphertext to obtain m standard packets, wherein m is L/N;
460. carrying out decryption operation on the m standard packets to obtain m sixth plaintexts with the length of L;
470. and combining the m sixth plaintexts to obtain the plaintexts with the length of N.
Specifically, if the data length of the ciphertext is exactly an integral multiple of the packet, the decryption process conforms to the standard packet decryption rule, i.e., m groups of standard packet decryption are performed.
Two examples are given below to better understand the invention:
example 1E 1 SM4-CBC (cipher Block chaining) mode encryption of transport data
E1 is a time division multiplexing transmission channel with 2.048Mbps transmission bandwidth, 32 slots per frame, 1 byte (8 bits) per slot, and 125uS (8000 frames/sec) frame period. Of the 32 time slots, 0 time slot is a synchronous time slot, and the other 31 time slots are dead loads, i.e., the dead load of the E1 line is 31 bytes per frame. In the embodiment, an equal-length encryption and decryption algorithm of a long message is used, so that 31 bytes of each frame of static load content are encrypted, and 8000 times of encryption are performed per second. The SM4 is a packet cipher algorithm with a packet length of 16 bytes, and since 31 bytes of message data is larger than one packet length (16 bytes), 31 bytes of messages of the dead load of each frame of the E1 line belong to long messages.
The example uses the CBC mode of the SM4 block cipher algorithm to accomplish encryption of the E1 data payload, and the block diagram is shown in fig. 5.
The block Ek in the figure is a standard block cipher operation with a key k.
Dividing each frame of 31-byte static load data ciphertext into M1And M2Wherein M is1Is the first 16 bytes of the payload, M215 bytes after the payload, the total is 31 bytes. The encryption process is as follows:
1. firstly to M1Carrying out SM4-CBC encryption, and obtaining a ciphertext C1
2. C is to be1Exclusive or' ing with the TAG value,and the exclusive-or result is encrypted again by SM4 to output C'. The first 7 bytes of C' are compared with M2Is subjected to exclusive or by bits, and the result is a 7-byte ciphertext C2
The example agrees that the value of TAG is the check value of key k, i.e. the value of the encryption result for data 0, and TAG ═ Ek (0x 00).
Finally obtaining 31 bytes static load ciphertext C ═ C1||C2And 31 bytes in length.
The beneficial effect of the above process is:
1. for the message with the message length of 31 bytes, when data encryption is carried out, equal-length data encryption can be completed;
2. the CBC mode security is kept, namely, the messages and the ciphertexts are in one-to-one correspondence, different messages and different ciphertexts are achieved, the characteristic that the change of the content of the previous message can cause the following ciphertexts to change is achieved, and the anti-cracking strength is good.
This example is an example of an encryption/decryption operation that implements the SM4-CBC mode for L-31-byte data. In fact, the message may be any long message, such as L ═ 97, 1431, and so on, and the equal-length encryption and decryption in SM4-CBC mode can be accomplished using this patent.
Example 2 SDH-VC4 frame payload AES-BC mode encryption
This example is an application to VC4 content/payload encryption in SDH, using the AES256 cipher algorithm, and employing bc (block chaining) mode.
Sdh (synchronous Digital hierarchy) is a synchronous transmission network, which transmits frame by frame, 8000 frames per second. The virtual container VC4 is composed of 2430 bytes fixed to 9 rows x270 columns, and the static load of the virtual container VC4 is 2430-90 bytes 2340 bytes, excluding management data such as SOH, AU-Ptr, POH (total 9x10 bytes is 90 bytes).
AES256 is a block cipher algorithm with a block length of 256 bits (32 bytes), and bc (block chaining) mode is an output feedback encryption/decryption mode.
The static load 2340 of one frame of data is 73x32+4, i.e. using the AES256 algorithm with a packet length of 32 bytes, for a total of 73 whole packets (32 bytes in length) and 14 wordsThe sections are partially grouped. In this example, i is 2, i.e.: partial packet data M2For the second packet, length L' is 4 bytes, 1 st packet M1And the other 72 packets Mi(i-3, 4, …,74) is a whole packet and has a data length of 32 bytes.
The encryption process is shown in fig. 6.
Wherein, TAG is any fixed value agreed by both parties, and the embodiment provides
TAG=0x000102030405060708090A0B0C0D0E0FF0E0D0C0B0A090807060504030201000。
IV is the initial vector agreed by both parties, and in this example, agreed IV is Ek (0x00), i.e., the key dispersion value of data 0;
the content encryption process of VC4 is as follows:
1. using key k and initial vector IV to pair ciphertext data M1Performing 1 BC mode block encryption operation of AES256 to respectively obtain ciphertexts C1
2. Cipher text C1Exclusive OR operation is carried out with IV and TAG, M ═ C1^ IV ^ TAG, and encrypting the result M 'by one packet to obtain a ciphertext C'2. C'25-8 bytes of the 32 bytes, 4 bytes in total and plaintext M2The 4 bytes are subjected to XOR operation to obtain 4-byte ciphertext data C2
3. C'2And C1Taking the exclusive OR value as the IV of the third group, continuing to perform the block cipher algorithm of the BC mode of 3 to 74 groups to obtain a cipher text Ci(i=3,4,…,74)。
Ciphertext Ci(i ═ 1,2, …,74) is the ciphertext data of the VC4 payload. The ciphertext data length is 2340 bytes, which is exactly the payload size of the VC4 container.
The decryption process is similar to the block decryption process of BC mode, except that the decryption of the 2 nd block uses partial encryption method to decrypt and obtain partial block plaintext M2
The beneficial effect of the above process is:
1. for VC4 payload 2340 bytes, BC mode encryption of AES256 block cipher algorithm is performed, so that equal length encryption/decryption operation can be achieved, i.e. the ciphertext length is still 2340 bytes, and full encryption and decryption of VC4 payload is done without content change (e.g. 4-byte content reduction) or VC4 partial content encryption (e.g. last 4 bytes are not encrypted).
2. The security of the BC mode is kept, namely, the ciphertext can be related to the current message and the preceding ciphertext and the IV, the BC mode has the characteristic that the subsequent ciphertext changes along with the change of the content of the preceding message, and the BC mode has good anti-cracking strength.
3. The TAG is added, and because the TAG is a cipher numerical value agreed by both parties and is related to the key k, when the key k is replaced, the TAG value is synchronously changed. The method is used for an attacker to hardly obtain the TAG value, further increases the cracking difficulty, and improves the security and the privacy.
4. In this example, i is selected to be 2, i.e. the second stage is a partial packet with a length of 4 bytes, and the other packets are full packets with a length of 32 bytes. In fact, the partial packet data may be any group other than the 1 st packet, which further improves the security of encryption and decryption.
In summary, the patent can realize the encryption and decryption operation of data with equal length for any long message more than one group, and different from the encryption mode with equal length of OFB and CTR modes, the safe encryption can be realized without changing IV or counter value every time. This is very suitable for many scenarios where the application is limited (e.g. E1 and SDH VC4 content encryption as shown in the examples).
In fact, the equal-length encryption of the present patent is not limited to the length being an integral multiple of a byte (8 bits), and the bit number may be any length, that is, as long as the bit length of the data is greater than the length of 1 packet, the equal-length encryption and decryption operation can be implemented.
The aspects of the invention have been described in detail hereinabove with reference to the drawings. In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments. Those skilled in the art should also appreciate that the acts and modules referred to in the specification are not necessarily required by the invention. In addition, it can be understood that the steps in the method according to the embodiment of the present invention may be sequentially adjusted, combined, and deleted according to actual needs, and the modules in the device according to the embodiment of the present invention may be combined, divided, and deleted according to actual needs.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. An equal-length packet encryption method for long message data is characterized by comprising the following steps:
when the data length N of the long message is not an integral multiple of the packet length L, grouping the data of the long message to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than or equal to 1 and less than or equal to k +1, and L' < L;
performing encryption operation on the k standard packets to obtain k first ciphertexts with the length of L;
carrying out encryption operation on the partial packets to obtain 1 second ciphertext with the length of L';
and combining the k first ciphertexts and the 1 second ciphertexts to obtain the ciphertexts with the length of N.
2. The method according to claim 1, wherein the performing an encryption operation on the partial packet to obtain 1 second ciphertext with a length L' specifically includes:
taking a preset numerical value with the length of L as first plaintext data, and encrypting the first plaintext data to obtain a first key stream;
performing bit-wise XOR operation on the predetermined L' data in the first key stream and the partial grouped data to obtain a third ciphertext;
and extracting preset L' data in the third ciphertext to obtain a second ciphertext.
3. The method according to claim 1, wherein the performing an encryption operation on the partial packet to obtain 1 second ciphertext with a length L' specifically includes:
encrypting second plaintext data by taking a first ciphertext obtained by encrypting the ith-1 group of data as the second plaintext data to obtain a second key stream;
performing bit-wise XOR operation on the predetermined L' data in the second key stream and the partial grouped data to obtain a fourth ciphertext;
and extracting preset L' data in the fourth ciphertext to obtain a second ciphertext.
4. The method according to claim 1, wherein the performing an encryption operation on the partial packet to obtain 1 second ciphertext with a length L' specifically includes:
carrying out bit-based XOR operation on a first ciphertext obtained by encrypting the (i-1) th group of data and a preset numerical value with the length of L, and taking an operation result as third plaintext data;
encrypting the third plaintext data to obtain a third key stream;
performing bit-wise XOR operation on the predetermined L' data in the third key stream and the partial grouped data to obtain a fifth ciphertext;
and extracting preset L' data in the fifth ciphertext to obtain a second ciphertext.
5. The method of any of claims 1 to 4, further comprising:
when the data length N of the long message is an integral multiple of the packet length L, grouping the data of the long message to obtain m standard packets, wherein m is L/N;
performing encryption operation on the m standard packets to obtain m sixth ciphertexts with the length of L;
and combining the m sixth ciphertexts to obtain the ciphertexts with the length of N.
6. A ciphertext decryption method, comprising:
when the data length N of the ciphertext is not an integral multiple of the packet length L, grouping the data of the ciphertext to obtain 1 partial packet with the length of L 'and k standard packets with the length of L, wherein k is a positive integer, the partial packet is ith data, i is more than or equal to 1 and less than L, and L';
carrying out decryption operation on the k standard packets to obtain k first plaintexts with the length of L;
carrying out partial block decryption operation on the partial blocks to obtain 1 second plaintext with the length of L';
and combining the k first plaintexts and the 1 second plaintexts to obtain the plaintexts with the length of N.
7. The method according to claim 6, wherein the decrypting the partial packet to obtain 1 second plaintext with length L' specifically comprises:
taking a preset numerical value with the length of L as fourth plaintext data, and encrypting the fourth plaintext data to obtain a fourth key stream;
performing bit-wise XOR operation on the predetermined L' data in the fourth key stream and the partially grouped data to obtain a third plaintext;
and extracting L' data preset in the third plaintext to obtain a second plaintext.
8. The method according to claim 6, wherein the decrypting the partial packet to obtain 1 second plaintext with length L' specifically comprises:
taking the i-1 th group of ciphertext data as fifth plaintext data, and encrypting the fifth plaintext data to obtain a fifth key stream;
performing bit-wise XOR operation on the predetermined L' data in the fifth key stream and the data of the partial packet to obtain a fourth plaintext;
and extracting predetermined L' data in the fourth plaintext to obtain a second plaintext.
9. The method according to claim 6, wherein the decrypting the partial packet to obtain 1 second plaintext with length L' specifically comprises:
carrying out bit-based XOR operation on the (i-1) th group of ciphertext data and a preset numerical value with the length of L, and taking an XOR result as sixth plaintext data;
encrypting the sixth plaintext data to obtain a sixth key stream;
performing bit-wise exclusive or operation on the predetermined L' data in the sixth key stream and the data of the partial packet to obtain a fifth plaintext;
and extracting predetermined L' data in the fifth plaintext to obtain a second plaintext.
10. The method of any of claims 6 to 9, further comprising:
when the data length N of the ciphertext is an integral multiple of the packet length L, grouping the data of the ciphertext to obtain m standard packets, wherein m is L/N;
carrying out decryption operation on the m standard packets to obtain m sixth plaintexts with the length of L;
and combining the m sixth plaintexts to obtain the plaintexts with the length of N.
CN202111066134.XA 2021-09-13 2021-09-13 Equal-length block encryption method and ciphertext decryption method for long message data Pending CN113794551A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111066134.XA CN113794551A (en) 2021-09-13 2021-09-13 Equal-length block encryption method and ciphertext decryption method for long message data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111066134.XA CN113794551A (en) 2021-09-13 2021-09-13 Equal-length block encryption method and ciphertext decryption method for long message data

Publications (1)

Publication Number Publication Date
CN113794551A true CN113794551A (en) 2021-12-14

Family

ID=79182999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111066134.XA Pending CN113794551A (en) 2021-09-13 2021-09-13 Equal-length block encryption method and ciphertext decryption method for long message data

Country Status (1)

Country Link
CN (1) CN113794551A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978699A (en) * 2022-05-24 2022-08-30 上海思源弘瑞自动化有限公司 Data encryption and data decryption method, device, equipment and storage medium
CN117527351A (en) * 2023-11-08 2024-02-06 青海师范大学 Data integrity verification method and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801693A (en) * 2005-06-28 2006-07-12 华为技术有限公司 Short block processing method in block encryption algorithm
US20060233361A1 (en) * 2003-03-25 2006-10-19 Akio Hasegawa Device, method, and program for encrypton and decryption and recording medium
CN103634113A (en) * 2013-11-26 2014-03-12 成都卫士通信息产业股份有限公司 Encryption and decryption method and device with user/equipment identity authentication
CN104158788A (en) * 2013-05-13 2014-11-19 普天信息技术研究院有限公司 Method of end-to-end data transmission
CN106375081A (en) * 2016-09-18 2017-02-01 四川长虹电器股份有限公司 Method for realizing data encryption processing based on block encryption
CN107070637A (en) * 2017-01-13 2017-08-18 广东技术师范学院天河学院 A kind of data encryption/decryption method of overlapping packet

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060233361A1 (en) * 2003-03-25 2006-10-19 Akio Hasegawa Device, method, and program for encrypton and decryption and recording medium
CN1801693A (en) * 2005-06-28 2006-07-12 华为技术有限公司 Short block processing method in block encryption algorithm
CN104158788A (en) * 2013-05-13 2014-11-19 普天信息技术研究院有限公司 Method of end-to-end data transmission
CN103634113A (en) * 2013-11-26 2014-03-12 成都卫士通信息产业股份有限公司 Encryption and decryption method and device with user/equipment identity authentication
CN106375081A (en) * 2016-09-18 2017-02-01 四川长虹电器股份有限公司 Method for realizing data encryption processing based on block encryption
CN107070637A (en) * 2017-01-13 2017-08-18 广东技术师范学院天河学院 A kind of data encryption/decryption method of overlapping packet

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978699A (en) * 2022-05-24 2022-08-30 上海思源弘瑞自动化有限公司 Data encryption and data decryption method, device, equipment and storage medium
CN117527351A (en) * 2023-11-08 2024-02-06 青海师范大学 Data integrity verification method and device

Similar Documents

Publication Publication Date Title
US6879689B2 (en) Stream-cipher method and apparatus
US8213607B2 (en) Method for securely extending key stream to encrypt high-entropy data
US8605897B2 (en) Symmetric-key encryption method and cryptographic system employing the method
US20010046292A1 (en) Authentication method and schemes for data integrity protection
Xiao et al. Stream-based cipher feedback mode in wireless error channel
CN113794551A (en) Equal-length block encryption method and ciphertext decryption method for long message data
US20220131838A1 (en) End-to-end double-ratchet encryption with epoch key exchange
EP1161811A1 (en) Method and apparatus for encrypting and decrypting data
Pérez-Resa et al. Chaotic encryption for 10-Gb Ethernet optical links
CN103945371A (en) End to end encryption synchronization method
Asif et al. A novel image encryption technique based on cyclic codes over Galois field
CN101710964B (en) Method for enciphering and deciphering MPEG2 transport stream packets
Patil et al. An enhancement in international data encryption algorithm for increasing security
CN116132016A (en) Method for realizing additive expansion of cipher algorithm
EP1456997B1 (en) System and method for symmetrical cryptography
KR102097702B1 (en) Key generation method for low delay block cipher operating mode
KR20030027459A (en) Method for encrypting and decrypting transmmited and received facket in wireless lan
Keliher et al. Modeling linear characteristics of substitution-permutation networks
Huang et al. Real-time mode hopping of block cipher algorithms for mobile streaming
KR100875740B1 (en) Apparatus and method for generating encryption key and integrity key in communication system
Castro et al. Aes and merkle-hellman knapsack hybrid cryptosystem
CN108616351A (en) A kind of full dynamic encryption decryption method and encrypting and decrypting device
DE MEL Cryptography Techniques for Software Security
Padmini et al. Authenticated Encryption for Wireless Sensor Network
Henzen et al. FPGA implementation of a 2G fibre channel link encryptor with authenticated encryption mode GCM

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination