CN116668007B - Encryption communication method, terminal and system based on white-box SM4 algorithm - Google Patents

Encryption communication method, terminal and system based on white-box SM4 algorithm Download PDF

Info

Publication number
CN116668007B
CN116668007B CN202310954984.6A CN202310954984A CN116668007B CN 116668007 B CN116668007 B CN 116668007B CN 202310954984 A CN202310954984 A CN 202310954984A CN 116668007 B CN116668007 B CN 116668007B
Authority
CN
China
Prior art keywords
white
box
code
algorithm
round function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310954984.6A
Other languages
Chinese (zh)
Other versions
CN116668007A (en
Inventor
罗俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Quantum Technology Co ltd
Original Assignee
China Telecom Quantum Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Quantum Technology Co ltd filed Critical China Telecom Quantum Technology Co ltd
Priority to CN202310954984.6A priority Critical patent/CN116668007B/en
Publication of CN116668007A publication Critical patent/CN116668007A/en
Application granted granted Critical
Publication of CN116668007B publication Critical patent/CN116668007B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Abstract

The invention discloses an encryption communication method based on a white-box SM4 algorithm, wherein a communication sender is pre-filled with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box password program, and the method comprises the steps of calling the white-box protection code to decrypt the encrypted white-box reference algorithm code and running the white-box reference algorithm code; positioning the white-box cipher program based on the randomly selected index value, and calling the white-box protection code to decrypt to obtain a plurality of round of function operation codes in the white-box cipher program; loading round function operation codes to replace round function operation codes with corresponding serial numbers in the white box reference algorithm codes to obtain session encryption white box codes; encrypting the communication data by using the session encryption white box code, and adding an index value to obtain encrypted communication data; and when the key is switched, part of the dynamic link library is randomly reloaded, so that the security is ensured, and the resource consumption of white box code transmission and switching is reduced.

Description

Encryption communication method, terminal and system based on white-box SM4 algorithm
Technical Field
The invention relates to the technical field of password application, in particular to an encryption communication method, a terminal and a system based on a white-box SM4 algorithm.
Background
In the White-box attack environment (White-Box Attack Context), the execution of the software is completely visible to an attacker, and the cryptographic software running in such an environment can easily obtain key information by observing or executing the cryptographic software without special protection of the key. The white-box password is proposed for the situation, and aims to protect a secret key in a white-box attack environment, hide secret key information in the execution process of password software and prevent an attacker from extracting the secret key in the white-box attack environment. For different keys, different algorithm execution codes need to be formed, so that the distribution of the keys is performed in the form of algorithm implemented executable program distribution, and the updating of the keys causes the updating of the whole algorithm implemented executable program. Such an operation mode has the following problems:
(1) The space occupied by the execution code realized by the cryptographic algorithm is far larger than a symmetric key, at least the difference between the K byte level and the byte level, and the update key causes the update and distribution of the executable program realized by the whole algorithm, so that a large amount of network transmission resources or storage resources can be occupied, and the more frequent the key update is, the more the resources are occupied.
(2) In the running process of the executable program realized by the algorithm, the resource and time consumption of the system and the influence on the running state and performance of the system caused by reloading the executable program realized by the whole algorithm are far greater than the cost of reading a symmetric key, and the more frequent the key is updated, the greater the pressure brought to the system is.
(3) Frequent key updates can lead to frequent distribution of executable programs, and after an attacker eavesdrops and acquires the executable programs, certain possibility of acquiring keys by reverse engineering still exists, and the distribution process is at risk.
In the related art, a dynamic encryption/decryption Bai Heku forming a block cipher white box scheme is proposed in the patent application publication CN111800255a, but the scheme dynamically updates the whole algorithm code, and the white box code consumes a large amount of resources during transmission and switching. In the patent application document with publication number of CN115967485A, the comprehensive application of quantum communication technology and white-box algorithm technology is proposed to provide a safe key for an encryption and decryption system, and meanwhile, the key is also messy and hidden in a memory database, so that the security of the key and data is ensured, the use of the encryption and decryption system is simplified, but in the scheme, the white-box code is kept unchanged, only the key is changed, the key and the code are not fused together, the updating of the key does not cause code updating, and the key is not a classical white-box password in essence.
Disclosure of Invention
The technical problem to be solved by the invention is how to reduce the resource consumption of white-box code transmission and switching while guaranteeing the safety.
The invention solves the technical problems by the following technical means:
in a first aspect, the present invention proposes an encrypted communication method based on a white-box SM4 algorithm, applied to a communication sender, the communication sender being pre-charged with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box crypto program, the method comprising:
invoking the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
positioning the white-box cipher program based on the randomly selected index value, and calling the white-box protection code to decrypt to obtain a plurality of round of function operation codes in the white-box cipher program;
loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code;
and encrypting the communication data by using the session encryption white box code, and adding an index value to obtain the encrypted communication data.
Further, the white-box cipher program is generated by encrypting a master key by adopting a white-box SM4 algorithm, the number of the white-box cipher programs is the same as the number of the master keys, round function operation codes in the white-box cipher program are respectively stored into each dynamic link library in a corresponding round function dynamic library, the dynamic link library is encrypted by the white-box protection codes, the white-box cipher program is positioned based on an index value selected randomly, and the white-box protection codes are called to decrypt, so that a plurality of round function operation codes in the white-box cipher program are obtained, and the method comprises the following steps:
randomly selecting two integers as index values;
an integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library, and then obtaining the round function operation code.
Further, the communication sender is pre-charged with several master keys, which are distributed by a quantum key distribution network.
Further, the method further comprises:
And randomly reloading part of the dynamic link library when the master key is switched to acquire a plurality of rounds of function operation codes.
Further, the generation process of the white box protection code is as follows:
and acquiring a protection key through a code generation point connected with the communication sender, performing encryption operation on the protection key by adopting an SM4 white box algorithm, generating the white box protection code and filling the communication sender.
Further, the generating process of the white-box reference algorithm code includes:
acquiring a reference key through a code generation point connected with the communication sender, and performing encryption operation on the reference key by adopting an SM4 white-box algorithm to generate a white-box reference algorithm code;
and encrypting the white box reference algorithm code by adopting the white box protection code, generating the encrypted white box reference algorithm code and filling the communication sender with the white box reference algorithm code.
In a second aspect, the present invention further provides a decryption communication method based on a white-box SM4 algorithm, which is applied to a communication receiver, wherein the communication receiver is pre-filled with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box cipher program, and the method includes:
Receiving encrypted communication data sent by a communication sender and extracting an added index value from the encrypted communication data;
positioning the corresponding white box cipher program according to the index value, and calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program;
invoking the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session decryption white box code;
and decrypting the encrypted communication data by using the session decryption white-box code.
Further, the white-box cipher program is generated by encrypting a master key by adopting a white-box SM4 algorithm, the number of the white-box cipher programs is the same as that of the master keys, round function operation codes in the white-box cipher program are respectively stored into each dynamic link library in the corresponding round function dynamic libraries, and the dynamic link libraries are encrypted by the white-box protection codes; the index value is two integers, the corresponding white-box cipher program is positioned according to the index value, the white-box protection code is called for decryption, and a plurality of round function operation codes in the white-box cipher program are obtained, and the method comprises the following steps:
An integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library to obtain round function operation codes in the dynamic link library.
Further, the serial numbers of the replaced round function operation codes in the white box reference algorithm codes are in reverse order when decryption and the serial numbers of the replaced round function operation codes in the white box reference algorithm codes are in reverse order when encryption.
Further, the method further comprises:
and randomly reloading part of the dynamic link library when the master key is switched to acquire a plurality of rounds of function operation codes.
Further, the generation process of the white box protection code is as follows:
and acquiring a protection key through a code generation point connected with the communication receiver, performing encryption operation on the protection key by adopting an SM4 white box algorithm, generating the white box protection code and filling the communication receiver.
Further, the generating process of the white-box reference algorithm code includes:
acquiring a reference key through a code generation point connected with the communication receiver, and performing encryption operation on the reference key by adopting an SM4 white-box algorithm to generate a white-box reference algorithm code;
And encrypting the white box reference algorithm code by adopting the white box protection code, generating the encrypted white box reference algorithm code and filling the communication receiver.
In a third aspect, the present invention further provides an encrypted communication terminal, the terminal being pre-filled with a white-box protection code, an encrypted white-box reference algorithm code, and an encrypted white-box cryptographic program, including:
the white box code running container is used for calling the white box protection code;
the program decoder is used for decrypting the encrypted white box reference algorithm code by utilizing the white box protection code and running the white box reference algorithm code;
the round function locator is used for locating the white box cipher program based on the index value selected randomly, and calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program;
and the dynamic library loader is used for loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code, encrypting the communication data by using the session encryption white box code, and adding an index value to obtain the encrypted communication data.
In a fourth aspect, the present invention further provides a decrypted communication terminal, the terminal being pre-charged with a white-box protection code, an encrypted white-box reference algorithm code, and an encrypted white-box cryptographic program, comprising:
the white box code running container is used for calling the white box protection code;
the program decoder is used for decrypting the encrypted white box reference algorithm code by utilizing the white box protection code and running the white box reference algorithm code;
the round function locator is used for extracting an added index value from the encrypted communication data sent by the communication sender, locating the corresponding white-box cipher program according to the index value, and decrypting according to the white-box protection code by using a program decoder to obtain a plurality of round function operation codes in the white-box cipher program;
and the dynamic library loader is used for loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session decryption white box code, and decrypting the encrypted communication data by using the session decryption white box code.
In a fifth aspect, the present invention further provides an encryption and decryption communication system based on a white-box SM4 algorithm, where the system includes: the communication system comprises a communication sender and a communication receiver, wherein the communication sender and the communication receiver are respectively connected with corresponding code generation points, each code generation point is connected with a corresponding quantum network node in a quantum key distribution network, and the communication sender and the communication receiver are respectively connected with the quantum key distribution network, wherein:
The quantum key distribution network is used for filling a plurality of master keys for the communication sender and the communication receiver, and filling a protection key, a reference key and a plurality of master keys for each code generation point;
the code generation point is used for respectively generating a white box protection code, a white box reference algorithm code and a white box cipher program corresponding to each master key based on the protection key, the reference key and the plurality of master keys;
the communication sender is used for generating a session encryption white-box code based on the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key, which are filled by the code generation points connected with the communication sender, and encrypting communication data by using the session encryption white-box code to obtain encrypted communication data;
the communication receiver is used for generating a session decryption white-box code based on the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key, which are filled in the code generation point connected with the communication receiver, and decrypting the encrypted communication data by using the session decryption white-box code.
The invention has the advantages that:
(1) The invention utilizes a plurality of master keys to generate white box cipher programs with the same number as the master keys, utilizes protection codes to encrypt and protect the white box cipher programs, stores round function operation codes in the white box cipher programs into a white box library, utilizes the protection codes to encrypt and protect white box reference algorithm codes and stores the white box reference algorithm codes into Bai Heku; the white-box protection codes, the encrypted white-box reference algorithm codes and the white-box cipher programs are filled into communication participants, the communication participants use key identification to distinguish the white-box cipher programs corresponding to different master keys in the subsequent communication process, and partial round function operation codes in the white-box cipher programs are randomly reloaded when the master keys are switched, so that the safety is ensured, and the resource consumption of the transmission and switching of the white-box codes is reduced.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
Fig. 1 is a schematic flow chart of an encryption communication method based on a white-box SM4 algorithm according to an embodiment of the present invention;
fig. 2 is a flowchart of a decryption communication method based on a white-box SM4 algorithm according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an encryption and decryption communication terminal according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an encryption and decryption communication system based on a white-box SM4 algorithm according to an embodiment of the present invention;
fig. 5 is a schematic workflow diagram of an encryption and decryption communication system based on a white-box SM4 algorithm according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described in the following in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
As shown in fig. 1, a first embodiment of the present invention proposes an encryption communication method based on a white-box SM4 algorithm, which is applied to a communication sender, the communication sender is pre-filled with a white-box protection code, an encrypted white-box reference algorithm code, and an encrypted white-box cipher program, and the method includes the following steps:
s101, calling the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
s102, positioning the white box cipher program based on the randomly selected index value, and calling the white box protection code to decrypt to obtain a plurality of round of function operation codes in the white box cipher program;
s103, loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code;
s104, encrypting the communication data by using the session encryption white box code, and adding an index value to obtain the encrypted communication data.
The communication participant obtains the white-box protection code generated by the code generation point, the encrypted white-box reference algorithm code and the encrypted white-box cipher program by using a secure storage medium such as a secure SIM card, a secure TF card or a secure U shield, and obtains a large number of pre-shared master keys generated and distributed by a quantum key distribution network (Quantum key distribution, QKD).
The communication sender adopts the key identification to distinguish the white box cipher program codes corresponding to different master keys in the communication process, and divides the white box cipher program codes into 32 dynamic link libraries according to 32 round function operation codes, and the 32 round function operation codes are dynamically and randomly loaded according to the change of the master key when the master key is switched, so that the safety is improved; and when the key is replaced, part of 32 round function operation codes of the white box cipher program are randomly updated, so that the resource consumption of white box code transmission and switching is reduced.
In an embodiment, the white-box protection code, the white-box reference algorithm code and the white-box password program code are generated by code generation points correspondingly connected with the communication participants, and are filled into the communication participants through a secure storage medium, and the specific generation process is as follows:
(1) Acquiring a protection key, a reference key and a plurality of master keys;
(2) Based on the protection key and the reference key, respectively adopting an SM4 white box algorithm to generate a white box protection code and a white box reference algorithm code, compressing the white box reference algorithm code, and then carrying out encryption protection by utilizing the white box protection code;
(3) Based on each master key, adopting an SM4 white-box algorithm to generate a white-box cipher program corresponding to the master key;
(4) Storing each round function operation code in each white-box cipher program into each corresponding dynamic link library, compressing, then encrypting and protecting the dynamic link library by using a white-box protection code, and storing the dynamic link library into the corresponding round function dynamic library in the white-box library, wherein each master key corresponds to one round function dynamic library;
(5) And adding an index for a round function dynamic library in the white box library and a dynamic link library in the round function dynamic library.
Specifically, the protection key, the reference key and the plurality of master keys in the embodiment can be understood as being generated and distributed by the quantum key distribution network, the round function operation codes in the white box cipher program are stored in the corresponding dynamic link library in the white box library by utilizing the plurality of master keys to generate the white box cipher program with the same number as the master keys, the protection code is utilized to encrypt and protect the white box reference algorithm code and then stored in Bai Heku, and part of the dynamic link library is randomly reloaded when the keys are switched, so that the security is ensured and the resource consumption of the transmission and switching of the white box codes is reduced.
It should be noted that, the SM4 white-box algorithm may use the national standard GB/T32907-2016 "information security technology SM4 block cipher algorithm".
The embodiment generates a white-box cipher program based on each master key, respectively puts 32 round function operation codes of the white-box cipher program codes into 32 dynamic link libraries, encrypts and protects the white-box cipher program codes by using the white-box protection codes after compression, stores the white-box cipher program codes into the round function dynamic libraries in the white-box libraries of the code generation points, and indexes the white-box cipher program codes by using the master key identification (32 bit integer) plus round identification (taking values of 1-32).
After the program code is generated by the white-box code generation point, a communication party is filled with the white-box protection code, a round function dynamic library generated by each master key and a white-box reference algorithm code by using a secure storage medium such as a secure SIM card, a secure TF card or a secure U shield. The communication participants use the key identification to distinguish the white-box encryption program codes based on different keys in the subsequent communication process, and the 32 round function operation codes of the white-box encryption program are dynamically and randomly loaded according to the key change when the keys are switched, so that the safety is improved, and part of the 32 round functions of the white-box encryption program are randomly updated when the keys are changed, so that the resource consumption of the transmission and switching of the white-box codes is reduced.
In an embodiment, the white-box cryptographic program is generated by encrypting a master key by using a white-box SM4 algorithm, the number of the white-box cryptographic programs is the same as that of the master keys, round function operation codes in the white-box cryptographic program are respectively stored in each dynamic link library in the corresponding round function dynamic library, the dynamic link library is encrypted by the white-box protection codes, and the step S102: positioning the white-box cipher program based on the randomly selected index value, and calling the white-box protection code to decrypt to obtain a plurality of round of function operation codes in the white-box cipher program, comprising the following steps:
Randomly selecting two integers as index values;
an integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library, and then obtaining the round function operation code.
In an embodiment, the communication sender is pre-charged with a number of master keys, which are distributed by a quantum key distribution network.
In an embodiment, the method further comprises:
and randomly reloading a dynamic link library of a part of the round function dynamic library corresponding to the master key when the master key is switched to acquire a plurality of round function operation codes.
Specifically, the communication sender randomly selects two 32-bit integers, one of the two 32-bit integers is used as a round function dynamic library corresponding to a main key identification positioning main key, one of the two 32-bit integer numbers is used as a bitmap positioning round function operation code (the number corresponding to the bit of 1 in the 32-bit bitmap is the selected round function, for example, the bit map 0x000000FF corresponds to the 1 st-8 th round function), calls a white box protection code to decrypt and decompress part of dynamic link libraries in the round function dynamic library corresponding to the main key selected by the two random integers, loads the positioned dynamic link library and replaces the round function corresponding to the 32-bit bitmap in the white box reference algorithm code to generate a session encryption white box code, and then uses the session encryption white box code to encrypt a communication session and appends the two random integers to encrypted communication data to obtain encrypted communication data.
Example 2
As shown in fig. 2, a second embodiment of the present invention proposes a decryption communication method based on a white-box SM4 algorithm, which is applied to a communication receiver, wherein the communication receiver is pre-filled with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box cipher program, and the method includes the following steps:
s201, receiving encrypted communication data sent by a communication sender and extracting an added index value from the encrypted communication data;
s202, positioning the corresponding white box cipher program according to the index value, and calling the white box protection code to decrypt to obtain a plurality of round of function operation codes in the white box cipher program;
s203, calling the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
s204, loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session decryption white box code;
s205, decrypting the encrypted communication data by using the session decryption white-box code.
Specifically, a code generation point corresponding to the communication receiver fills a white box protection code, an encrypted white box reference algorithm code and an encrypted white box password program for the communication receiver by adopting a large-capacity security storage medium. The specific procedure of the code generation point for generating the white-box protection code, the white-box reference algorithm code and the white-box cipher program is described in the above embodiment 1.
In an embodiment, the white-box cipher program is generated by encrypting a master key by adopting a white-box SM4 algorithm, the number of the white-box cipher programs is the same as that of the master key, round function operation codes in the white-box cipher program are respectively stored into each dynamic link library in a corresponding round function dynamic library, and the dynamic link library is encrypted by the white-box protection codes; the index value is two integers, and step S202: positioning the corresponding white box cipher program according to the index value, and calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program, comprising the following steps:
an integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library to obtain round function operation codes in the dynamic link library.
In an embodiment, the sequence number of the replaced round function operation code in the white-box reference algorithm code at decryption time and the sequence number of the replaced round function operation code in the white-box reference algorithm code at encryption time are in reverse order.
In an embodiment, the method further comprises the steps of:
and when the master key is switched, randomly reloading a dynamic link library of a part of the dynamic library of the round function corresponding to the master key to acquire a plurality of round function operation codes.
Specifically, the communication receiver extracts two additional random integers from the encrypted communication data, one of the two random integers is used as a master key to identify and locate a round function dynamic library corresponding to the master key, one of the two random integers is used as a bitmap to locate a round function in a dynamic link library corresponding to 32 round functions (the number corresponding to the bit of 1 in the 32-bit bitmap is the selected round function), calls the white-box protection code to decrypt and decompress the dynamic link library corresponding to the master key selected by the two random integers, loads the located dynamic link library and replaces the round function corresponding to the 32-bit bitmap in the white-box reference algorithm code to generate a session decryption white-box code (because the round keys used by the encryption and decryption round functions are in reverse order, the round function serial number replaced during decryption is the number "+1 corresponding to the 32-" bit map 1 ", for example, the 24-32 round functions corresponding to the 0x000000FF decryption of the bitmap), and then uses the session decryption white-box code to decrypt the communication session.
Example 3
As shown in fig. 3, a third embodiment of the present invention proposes an encrypted communication terminal that is pre-charged with a white-box protection code, an encrypted white-box reference algorithm code, and an encrypted white-box password program, comprising:
a white-box code running container 21 for invoking the white-box protection code;
a program decoder 22 for decrypting the encrypted white-box reference algorithm code using the white-box protection code and running the white-box reference algorithm code;
a round function locator 23, configured to locate the white-box cryptographic program based on the randomly selected index value, and decrypt the white-box cryptographic program according to the white-box protection code by using the program decoder, so as to obtain a plurality of round function operation codes in the white-box cryptographic program;
and the dynamic library loader 24 is used for loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code, and encrypting the communication data by using the session encryption white box code and adding an index value to obtain the encrypted communication data.
In one embodiment, the wheel function locator 23 is specifically configured to:
randomly selecting two integers as index values;
An integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library, and then obtaining the round function operation code.
In an embodiment, a number of master keys in the communication sender are pre-charged by a quantum key distribution network.
In an embodiment, the dynamic library loader is further configured to: and randomly reloading part of the dynamic link library when the master key is switched to acquire a plurality of rounds of function operation codes.
Specifically, the communication sender randomly selects two 32-bit integers, one of the two 32-bit integers is used as a round function dynamic library corresponding to a main key identification positioning main key, one of the two 32-bit integers is used as a round function (the number corresponding to the bit of 1 in the 32-bit bitmap is the selected round function, for example, the bit map 0x000000FF corresponds to the 1 st-8 th round function) in the 32-bit dynamic link library, a white box code running container running program decoder calls a white box protection code to decrypt and decompress the dynamic link library corresponding to the main key selected by the two random integers, calls a dynamic library loader to load and replace the round function corresponding to the 32-bit bitmap in the white box reference algorithm code, generates a session encryption white box code, and then encrypts a communication session by using the white box code and attaches the two random integers to encrypted communication data.
Example 4
As shown in fig. 3, embodiment 4 of the present invention proposes a decryption communication terminal pre-charged with a white-box protection code, an encrypted white-box reference algorithm code, and an encrypted white-box cryptographic program, comprising:
a white-box code running container 21 for invoking the white-box protection code;
a program decoder 22 for decrypting the encrypted white-box reference algorithm code using the white-box protection code and running the white-box reference algorithm code;
the round function locator 23 is configured to extract an added index value from the encrypted communication data sent by the communication sender, locate the corresponding white-box cryptographic program according to the index value, and decrypt the white-box cryptographic program according to the white-box protection code by using the program decoder 22 to obtain a plurality of round function operation codes in the white-box cryptographic program;
and the dynamic library loader 24 is configured to load the round function operation code to replace the round function operation code with the corresponding sequence number in the white-box reference algorithm code, obtain a session decryption white-box code, and decrypt the encrypted communication data by using the session decryption white-box code.
In an embodiment, the round function locator 23 is configured to use an integer as a master key identifier to locate a round function dynamic library corresponding to the master key, use another integer as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library, and perform decryption and decompression to obtain a round function operation code.
In an embodiment, the sequence number of the replaced round function in the white-box reference algorithm code at decryption time and the sequence number of the replaced round function in the white-box reference algorithm code at encryption time are in reverse sequence.
In an embodiment, the dynamic library loader 24 is configured to randomly reload a portion of the dynamically linked library to obtain a number of round functions when the master key is switched.
Specifically, the communication receiver extracts an additional random integer from the encrypted communication data, one of the random integers is used as a dynamic round function library corresponding to a main key identification positioning main key, one of the random integer is used as a dynamic link library corresponding to a bitmap positioning 32 round functions, a plurality of round functions are obtained (the number corresponding to the bit of 1 in the 32-bit bitmap is the selected round function), a white-box code running container running program decoder is called, a white-box SM4 protection code is called to decrypt and decompress the dynamic round function link library corresponding to the main key selected by the two random integers, a dynamic library loader is called to load and replace the round function corresponding to the 32-bit bitmap in the white-box SM4 reference algorithm code (because the round keys used by the encryption and decryption round functions are in reverse order, the round function serial number replaced during decryption is 32- "the number corresponding to the bit map 1" +1 ", for example, the 24 th round function and the white-box code is used during decryption).
Example 5
As shown in fig. 4, a fifth embodiment of the present invention proposes an encryption and decryption communication system based on a white-box SM4 algorithm, the system comprising: a communication sender 1 and a communication receiver 2, wherein the communication sender 1 and the communication receiver 2 are respectively connected with corresponding code generation points 3, each code generation point 3 is connected with a corresponding quantum network node in a quantum key distribution network 4, and the communication sender 1 and the communication receiver 2 are respectively connected with the quantum key distribution network 4, wherein:
the quantum key distribution network 4 is used for filling a plurality of master keys for the communication sender and the communication receiver, and filling a protection key, a reference key and a plurality of master keys for each code generation point 3;
the code generation point 3 is used for generating a white box cipher program corresponding to each master key based on the protection key, the reference key and the plurality of master keys;
the communication sender 1 is configured to generate a session encryption white-box code based on a white-box protection code, a white-box reference algorithm code and a white-box cipher program corresponding to each master key that are filled at a code generation point 3 connected with the communication sender, and encrypt communication data by using the session encryption white-box code to obtain encrypted communication data;
The communication receiver 2 is configured to generate a session decryption white-box code based on the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key, which are filled in the code generation point 3 connected with the communication receiver, and decrypt the encrypted communication data by using the session decryption white-box code.
Specifically, as shown in fig. 5, the workflow of the encryption and decryption communication system is as follows:
(1) For the participants which are distributed in different regions and need to mutually encrypt communication in the same organization, the participants are divided into a security domain, a protection key and a reference key are synchronized in the domain through a quantum key distribution network QKD and are transmitted to a white box code generation point, the white box code generation point generates a white box protection code based on the protection key, and a secure storage medium is used for filling the white box protection code for the communication participants.
(2) The method comprises the steps of generating and distributing a large number of pre-shared master keys in the whole domain for communication participants in a secure domain through a quantum key distribution network QKD, transmitting the pre-shared master keys to a white-box code generation point, generating a white-box cipher program code based on each master key by the white-box code generation point, respectively placing 32 round function operation codes of the code into 32 dynamic link libraries, encrypting and protecting the round function operation codes by using a white-box protection code after compression, storing the round function operation codes into a round function dynamic library in the code generation point white-box library, and indexing by using a master key identification (32 bit integer) plus a round identification (value 1-32).
(3) The code generation point generates a white box reference algorithm code based on the reference key, adopts a white box protection code to encrypt and protect after compression, and stores the white box protection code into a white box library of the code generation point.
(4) The round function dynamic library generated by each master key (32 dynamic link libraries are corresponding to each master key) and white box reference algorithm codes are filled for the communication participants by adopting a large-capacity storage medium at a code generation point.
(5) The communication participant starts a white-box code running container, runs a program decoder, calls a white-box protection code to decrypt and decompress and runs a white-box reference algorithm code.
(6) The communication sender randomly selects two 32-bit integers, one of the 32-bit integers is used as a dynamic link library corresponding to a main key identification positioning main key, the other is used as a dynamic link library corresponding to a bitmap positioning 32-bit round functions, a plurality of round functions (numbers corresponding to bits in the 32-bit bitmap are selected round functions, for example, bit map 0x000000FF corresponds to 1 st-8 th round functions) are obtained, a white box code running container running program decoder calls a white box protection code to decrypt and decompress the dynamic link library corresponding to the main key selected by the two random integers, a dynamic library loader is called to load and replace the round functions corresponding to the 32-bit bitmap in the white box reference algorithm code, and then the white box code is used for encryption of a communication session and two random integers are added in encrypted communication data.
(7) The communication receiver takes out the additional random integer from the encrypted communication data, one of them is used as the round function dynamic link library corresponding to the main key of main key identification and positioning, one is used as the dynamic link library corresponding to 32 round functions of bitmap positioning, several round functions are obtained (the number corresponding to the bit of 1 in the 32 bit bitmap is the selected round function), the white box code running container running program decoder is called to decrypt and decompress the dynamic link library corresponding to the main key selected by the above two random integers, the dynamic library loader is called to load and replace the round function corresponding to the 32 bit bitmap in the white box reference algorithm code (because the round keys used by the encryption and decryption round functions are in reverse order, the round function serial number replaced during decryption is the number corresponding to 32- "the bit map 1" +1, for example, the 24 th round function to 32 round function during bitmap 0x000000FF decryption), and then the white box code is used for decryption of communication session.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present invention, the meaning of "plurality" means at least two, for example, two, three, etc., unless specifically defined otherwise.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.

Claims (13)

1. An encryption communication method based on a white-box SM4 algorithm, which is characterized in that the method is applied to a communication sender, the communication sender is pre-filled with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box cipher program, the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key are generated by using the SM4 algorithm respectively based on a protection key, a reference key and a plurality of master keys, and the method comprises the following steps:
Invoking the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
positioning the white box cipher program based on the randomly selected index value, and calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program, wherein the round function operation codes in the white box cipher program are respectively stored into each dynamic link library in the corresponding round function dynamic libraries, and the dynamic link libraries are encrypted by the white box protection code, wherein when the master key is switched, part of the dynamic link libraries are randomly reloaded to obtain a plurality of round function operation codes;
loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code;
and encrypting the communication data by using the session encryption white box code, and adding an index value to obtain the encrypted communication data.
2. The method for encrypted communication based on the white-box SM4 algorithm according to claim 1, wherein the white-box cipher program is generated by encrypting a master key by using the white-box SM4 algorithm, the number of the white-box cipher programs is the same as the number of the master keys, the white-box cipher program is positioned based on the randomly selected index value, and the white-box protection code is invoked to decrypt, so as to obtain a plurality of round function operation codes in the white-box cipher program, and the method comprises the following steps:
Randomly selecting two integers as index values;
an integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
and calling the white box protection code to decrypt the dynamic link library, and then obtaining the round function operation code.
3. The method of claim 1, wherein the communication sender is pre-charged with master keys distributed by a quantum key distribution network.
4. The encryption communication method based on the white-box SM4 algorithm as recited in claim 1, wherein the generation process of the white-box protection code is as follows:
and acquiring a protection key through a code generation point connected with the communication sender, performing encryption operation on the protection key by adopting an SM4 white box algorithm, generating the white box protection code and filling the communication sender.
5. The method for encrypted communication based on the white-box SM4 algorithm as recited in claim 4, wherein the generation process of the white-box reference algorithm code comprises:
acquiring a reference key through a code generation point connected with the communication sender, and performing encryption operation on the reference key by adopting an SM4 white-box algorithm to generate a white-box reference algorithm code;
And encrypting the white box reference algorithm code by adopting the white box protection code, generating the encrypted white box reference algorithm code and filling the communication sender with the white box reference algorithm code.
6. The utility model provides a decryption communication method based on white box SM4 algorithm, characterized by that is applied to the communication receiver, the communication receiver is filled with white box protection code, encrypted white box reference algorithm code and encrypted white box cipher program in advance, white box protection code, white box reference algorithm code and the white box cipher program that every master key corresponds are based on protection key, reference key and a plurality of master keys, utilize SM4 algorithm to produce respectively, the method includes:
receiving encrypted communication data sent by a communication sender and extracting an added index value from the encrypted communication data;
positioning the corresponding white box cipher program according to the index value, and calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program, wherein the round function operation codes in the white box cipher program are respectively stored into each dynamic link library in the corresponding round function dynamic library, and the dynamic link library is encrypted by the white box protection code, wherein when the master key is switched, part of the dynamic link libraries are randomly reloaded to obtain a plurality of round function operation codes;
Invoking the white box protection code to decrypt the encrypted white box reference algorithm code and running the white box reference algorithm code;
loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session decryption white box code;
and decrypting the encrypted communication data by using the session decryption white-box code.
7. The decryption communication method based on white-box SM4 algorithm as recited in claim 6, wherein the white-box cipher program is generated by encrypting a master key by white-box SM4 algorithm, the number of the white-box cipher programs is the same as the number of the master keys, round function operation codes in the white-box cipher program are respectively stored in each dynamic link library in the corresponding round function dynamic library, and the dynamic link libraries are encrypted by the white-box protection codes; the index value is two integers, the corresponding white-box cipher program is positioned according to the index value, the white-box protection code is called for decryption, and a plurality of round function operation codes in the white-box cipher program are obtained, and the method comprises the following steps:
an integer is used as a main key identifier to locate a round function dynamic library corresponding to the main key, and another integer is used as a round identifier to locate a plurality of dynamic link libraries in the round function dynamic library;
And calling the white box protection code to decrypt the dynamic link library to obtain round function operation codes in the dynamic link library.
8. The decryption communication method according to claim 6, wherein the number of the replaced round function operation code in the white-box reference algorithm code at the time of decryption and the number of the replaced round function operation code in the white-box reference algorithm code at the time of encryption are in reverse order.
9. The decryption communication method based on white-box SM4 algorithm as recited in claim 6, wherein the generation process of the white-box protection code is:
and acquiring a protection key through a code generation point connected with the communication receiver, performing encryption operation on the protection key by adopting an SM4 white box algorithm, generating the white box protection code and filling the communication receiver.
10. The method for decrypting communication based on the white-box SM4 algorithm as recited in claim 9, wherein the generation process of the white-box reference algorithm code includes:
acquiring a reference key through a code generation point connected with the communication receiver, and performing encryption operation on the reference key by adopting an SM4 white-box algorithm to generate a white-box reference algorithm code;
And encrypting the white box reference algorithm code by adopting the white box protection code, generating the encrypted white box reference algorithm code and filling the communication receiver.
11. The utility model provides an encryption communication terminal which characterized in that, terminal fills white box protection code, the white box basic algorithm code after encrypting and the white box cipher program after encrypting in advance, white box protection code, white box basic algorithm code and the white box cipher program that every master key corresponds are based on protection key, basic key and a plurality of master key, utilize SM4 algorithm to generate respectively, include:
the white box code running container is used for calling the white box protection code;
the program decoder is used for decrypting the encrypted white box reference algorithm code by utilizing the white box protection code and running the white box reference algorithm code;
the round function locator is used for locating the white box cipher program based on the index value selected randomly, calling the white box protection code to decrypt to obtain a plurality of round function operation codes in the white box cipher program, wherein the round function operation codes in the white box cipher program are respectively stored into each dynamic link library in the corresponding round function dynamic library, and the dynamic link library is encrypted by the white box protection code, wherein when the master key is switched, part of the dynamic link libraries are reloaded randomly to obtain a plurality of round function operation codes;
And the dynamic library loader is used for loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session encryption white box code, encrypting the communication data by using the session encryption white box code, and adding an index value to obtain the encrypted communication data.
12. The decryption communication terminal is characterized in that the terminal is pre-charged with a white-box protection code, an encrypted white-box reference algorithm code and an encrypted white-box cipher program, the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key are generated by using an SM4 algorithm respectively based on a protection key, a reference key and a plurality of master keys, and the decryption communication terminal comprises:
a white-box code running container for calling the white-box protection code
The program decoder is used for decrypting the encrypted white box reference algorithm code by utilizing the white box protection code and running the white box reference algorithm code;
the round function locator is used for extracting an added index value from encrypted communication data sent by a communication sender, locating the corresponding white box cipher program according to the index value, decrypting according to the white box protection code by using a program decoder to obtain a plurality of round function operation codes in the white box cipher program, wherein the round function operation codes in the white box cipher program are respectively stored into each dynamic link library in the corresponding round function dynamic library, and the dynamic link libraries are encrypted by the white box protection code, wherein when the master key is switched, part of the dynamic link libraries are randomly reloaded to obtain a plurality of round function operation codes;
And the dynamic library loader is used for loading the round function operation code to replace the round function operation code with the corresponding serial number in the white box reference algorithm code to obtain a session decryption white box code, and decrypting the encrypted communication data by using the session decryption white box code.
13. An encryption and decryption communication system based on white-box SM4 algorithm for implementing the encryption communication method based on white-box SM4 algorithm according to any one of claims 1 to 5 or for implementing the decryption communication method based on white-box SM4 algorithm according to any one of claims 6 to 10, characterized in that the system comprises: the communication system comprises a communication sender and a communication receiver, wherein the communication sender and the communication receiver are respectively connected with corresponding code generation points, each code generation point is connected with a corresponding quantum network node in a quantum key distribution network, and the communication sender and the communication receiver are respectively connected with the quantum key distribution network, wherein:
the quantum key distribution network is used for filling a plurality of master keys for the communication sender and the communication receiver, and filling a protection key, a reference key and a plurality of master keys for each code generation point;
The code generation point is used for respectively generating a white box protection code, a white box reference algorithm code and a white box password program corresponding to each master key by using an SM4 algorithm based on the protection key, the reference key and the plurality of master keys;
the communication sender is used for generating a session encryption white-box code based on the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key, which are filled by the code generation points connected with the communication sender, and encrypting communication data by using the session encryption white-box code to obtain encrypted communication data;
the communication receiver is used for generating a session decryption white-box code based on the white-box protection code, the white-box reference algorithm code and the white-box cipher program corresponding to each master key, which are filled in the code generation point connected with the communication receiver, and decrypting the encrypted communication data by using the session decryption white-box code.
CN202310954984.6A 2023-08-01 2023-08-01 Encryption communication method, terminal and system based on white-box SM4 algorithm Active CN116668007B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310954984.6A CN116668007B (en) 2023-08-01 2023-08-01 Encryption communication method, terminal and system based on white-box SM4 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310954984.6A CN116668007B (en) 2023-08-01 2023-08-01 Encryption communication method, terminal and system based on white-box SM4 algorithm

Publications (2)

Publication Number Publication Date
CN116668007A CN116668007A (en) 2023-08-29
CN116668007B true CN116668007B (en) 2023-10-31

Family

ID=87717496

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310954984.6A Active CN116668007B (en) 2023-08-01 2023-08-01 Encryption communication method, terminal and system based on white-box SM4 algorithm

Country Status (1)

Country Link
CN (1) CN116668007B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101623503B1 (en) * 2015-02-04 2016-05-23 국민대학교산학협력단 Apparatus and method for white-box cryptography implementation of LEA block cipher
CN106817216A (en) * 2016-11-29 2017-06-09 北京锐安科技有限公司 A kind of ZIP bag decompressing methods based on Zlib storehouses and aes algorithm
CN107947917A (en) * 2017-12-29 2018-04-20 北京梆梆安全科技有限公司 A kind of method and device for generating whitepack key
CN109257162A (en) * 2018-11-02 2019-01-22 北京京东金融科技控股有限公司 The method and apparatus of Encryption Algorithm whitepack
CN113111317A (en) * 2021-04-20 2021-07-13 西安电子科技大学 Software tampering detection method based on white-box CLEFIA encryption method
CN115567205A (en) * 2022-09-29 2023-01-03 中电信量子科技有限公司 Method and system for realizing encryption and decryption of network session data stream by quantum key distribution
CN115967485A (en) * 2022-09-12 2023-04-14 国科量子通信网络有限公司 Encryption and decryption system based on quantum key

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2252932B1 (en) * 2008-03-05 2011-11-09 Irdeto B.V. White-box implementation
WO2010127438A1 (en) * 2009-05-06 2010-11-11 Irdeto Canada Corporation Interlocked binary protection using whitebox cryptography
US10333702B2 (en) * 2012-03-20 2019-06-25 Irdeto B.V. Updating key information

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101623503B1 (en) * 2015-02-04 2016-05-23 국민대학교산학협력단 Apparatus and method for white-box cryptography implementation of LEA block cipher
CN106817216A (en) * 2016-11-29 2017-06-09 北京锐安科技有限公司 A kind of ZIP bag decompressing methods based on Zlib storehouses and aes algorithm
CN107947917A (en) * 2017-12-29 2018-04-20 北京梆梆安全科技有限公司 A kind of method and device for generating whitepack key
CN109257162A (en) * 2018-11-02 2019-01-22 北京京东金融科技控股有限公司 The method and apparatus of Encryption Algorithm whitepack
CN113111317A (en) * 2021-04-20 2021-07-13 西安电子科技大学 Software tampering detection method based on white-box CLEFIA encryption method
CN115967485A (en) * 2022-09-12 2023-04-14 国科量子通信网络有限公司 Encryption and decryption system based on quantum key
CN115567205A (en) * 2022-09-29 2023-01-03 中电信量子科技有限公司 Method and system for realizing encryption and decryption of network session data stream by quantum key distribution

Also Published As

Publication number Publication date
CN116668007A (en) 2023-08-29

Similar Documents

Publication Publication Date Title
US10911216B2 (en) Data encryption and decryption
CN110597824A (en) Data storage method and device based on block chain network
CN103457932A (en) Data safety storage method and system under cloud computing environment
CN111010266B (en) Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
CN104601681A (en) File fragmentation processing method and device
CN112383522B (en) Function parameter data transmission encryption method, system, device and readable storage medium
CN111639108A (en) Data query method and device, electronic equipment and computer readable storage medium
CN116418481A (en) Text privacy data double encryption protection method, device and equipment
CN116015767A (en) Data processing method, device, equipment and medium
CN116455572B (en) Data encryption method, device and equipment
US9152801B2 (en) Cryptographic system of symmetric-key encryption using large permutation vector keys
CN116668007B (en) Encryption communication method, terminal and system based on white-box SM4 algorithm
CN112948867A (en) Method and device for generating and decrypting encrypted message and electronic equipment
CN101908963A (en) Method for realizing digest engine
CN116361749A (en) Software shelling method based on quantum random number entropy source
US8897440B2 (en) Cryptographic system of symmetric-key encryption using large permutation vector keys
CN115603907A (en) Method, device, equipment and storage medium for encrypting storage data
CN113784342B (en) Encryption communication method and system based on Internet of things terminal
CN115361198A (en) Decryption method, encryption method, device, computer equipment and storage medium
CN113922956A (en) Quantum key based Internet of things data interaction method, system, device and medium
Geihs et al. Propyla: privacy preserving long-term secure storage
KR101105384B1 (en) Side channel attack resistant key management method based on the key encryption and shuffling method
CN117201076A (en) Identity authentication and key distribution method and system based on white-box cryptographic algorithm
CN117544418B (en) Method and system for realizing mutual trust of different terminals based on message encryption and decryption
CN116579005B (en) User data safety storage management method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant