WO2023284036A1 - Procédé et appareil de chiffrement et de déchiffrement, et système de communication - Google Patents

Procédé et appareil de chiffrement et de déchiffrement, et système de communication Download PDF

Info

Publication number
WO2023284036A1
WO2023284036A1 PCT/CN2021/110681 CN2021110681W WO2023284036A1 WO 2023284036 A1 WO2023284036 A1 WO 2023284036A1 CN 2021110681 W CN2021110681 W CN 2021110681W WO 2023284036 A1 WO2023284036 A1 WO 2023284036A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
code
decryption
key
reconstruction
Prior art date
Application number
PCT/CN2021/110681
Other languages
English (en)
Chinese (zh)
Inventor
金杉
王宏健
金翊
王颖
Original Assignee
金杉
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 金杉 filed Critical 金杉
Publication of WO2023284036A1 publication Critical patent/WO2023284036A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the present invention relates to the field of information encryption and decryption, in particular to an encryption and decryption method, device and application scene constructed with reconfigurable multi-valued logic operation components.
  • the gist of this invention is to disclose a general method for constructing a multi-valued processor, the main technology of which is implemented in the optical processor and does not involve encryption technology; [2], reconfigurable three-valued optical processor, Chinese invention patent : ZL201010584129.3, date of authorization: 2012-05-02, the main patent discloses a technical scheme for constructing a ternary optical processor, which does not involve encryption technology; [3], a multi-digit, groupable, repeatable Structured multi-valued electronic calculator and method, Chinese invention patent application number: 201811567284.7, application date: 2018-12-20, PCT number: PCT/CN2019/070318, mainly discloses a reconfigurable multi-valued logic electronic processing The technical solution of the device does not involve encryption technology.
  • the present invention provides an encryption and decryption method
  • the method includes an encryption process, a decryption process, a process of presetting encryption part reconfiguration code and decryption part reconfiguration code, a presetting key deriving part reconfiguration code process, a presetting presetting key process and a The process of generating a reservation code.
  • the encryption unit, the decryption unit and the key derivation unit all use a reconfigurable multi-valued logical operation unit as a symbol transformation unit, and correspondingly, the encryption unit reconstruction code, the decryption unit reconstruction code and the key derivation unit reconstruction
  • the codes are reconfigurable codes of the reconfigurable multi-valued logical operation unit, and each reconfigured code sets the current operation rule of the corresponding multi-valued logical operation unit.
  • the concrete steps of described encryption process include:
  • Step A1 Set the encryption rule used this time in advance according to the reconstruction code of the encryption component, and according to the encryption rule, use the encryption key corresponding to the current plaintext segment to encrypt the current plaintext segment to obtain the corresponding the ciphertext segment;
  • Step A2 Set the encryption key derivation rule used this time in advance according to the reconfiguration code of the key derivation component, and process the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule , generating an encryption key that encrypts the next said plaintext segment.
  • A1 and A2 are not in particular order, and they can also be executed in parallel.
  • the specific steps of the decryption process include:
  • Step B1 Set the decryption rule used this time in advance according to the decryption component reconstruction code paired with the reconstruction code of the encryption component at the opposite end, and according to the decryption rule, use the current ciphertext segment corresponding The decryption key is used to decrypt the current ciphertext segment to obtain the decrypted plaintext segment;
  • Step B2 Pre-set the decryption key derivation rule used this time with the key derivation component reconstruction code that sets the current encryption key derivation rule, and according to the decryption key derivation rule, decrypt the decrypted plaintext segment and the corresponding decryption key to generate a decryption key for decrypting the next ciphertext segment.
  • B1 and B2 are executed in no particular order, and can also be executed in parallel.
  • the decryption component reconstruction code paired with the encryption component reconstruction code refers to: use one of the encryption rules set by the reconstruction code to generate ciphertext from plaintext, and the ciphertext can use the decryption rule set by another reconstruction code To decrypt, generate plaintext from ciphertext.
  • the process of presetting the reconfiguration code of the encryption part and the reconfiguration code of the decryption part specifically includes:
  • Step C1 Before a specific implementation of the encryption and decryption method is put into use, that is: before the encryptor and decryptor are put into use, the encryption process and the decryption process are executed; and before the encryption unit and the decryption unit are put into use, the encryption process and Before the decryption process, from the reconstruction code sequence, randomly select and save a plurality of reconstruction codes composed of the encryption component reconstruction code and the corresponding decryption component reconstruction code pairing, as a specific implementation of the encryption component and Decryption component reconstruction code pairing group;
  • Step C2 Obtain the first reservation number corresponding to the current encryption and decryption process, and extract and preset this encryption and decryption from the paired group of the encryption component and the decryption component reconstruction code according to the first reservation number Encrypted component reconstruction codes and decrypted component reconstruction codes used by the process.
  • the process of reconstructing the code of the preset key derivation component specifically includes:
  • Step D1 Before a specific implementation of this encryption and decryption method is put into use, that is: before the encryption key derivation device and the decryption key derivation device are put into use, and before the encryption process and decryption process are performed; and before the encryption key derivation unit, The decryption key derivation unit is put into use, and before the encryption process and the decryption process are performed, a plurality of reconstruction codes of the key derivation unit are randomly selected from the reconstruction code sequence as the key used by the specific implementation Derived component reconstruction code group;
  • Step D2 Obtain the second reserved number corresponding to the current encryption and decryption process, and extract and preset the key derivation used this time from the reconfigured code group of the key derivation component according to the second reserved number The refactoring code for the part.
  • the process of presetting the preset key specifically includes:
  • the preset key is used to encrypt the first plaintext segment and decrypt the first ciphertext segment.
  • Step E1 Before a specific realization of this encryption and decryption method is put into use, that is: before the use of the read-only storage component or the configuration file, randomly select a plurality of the preset keys from the preset key sequence, as the preset key set used by the concrete implementation;
  • Step E2 Obtain the third reservation number corresponding to the current encryption and decryption process, and extract and set the preset key used this time from the preset key group according to the third reservation number.
  • Steps C1, D1 and E1 must be performed once before the concrete implementation is put into use, and not performed a second time. However, C2, D2, and E2 must be executed once each time the encryption and decryption operations are executed in the specific implementation.
  • the process of generating the reservation code specifically includes:
  • the present invention provides an electronic device for implementing the encryption and decryption method
  • the electronic device uses hardware equipment as the main body to implement the encryption and decryption method described above.
  • Its characteristic hardware includes: an encryption unit, a decryption unit, a read-only storage unit, a non-volatile read-write memory, a group of cycle counters and a unique supporting writing device unique to the factory.
  • a common form of such an electronic device is an integrated circuit chip, also known as an encryption and decryption chip.
  • the symbol transformation components used by the encryption component and the decryption component are both reconfigurable multi-valued logic operation components.
  • Encryption components include:
  • Encryptor f Before each encryption process starts, use a random encrypted encryption reconstruction code to set the encryption f, so that f has specific encryption rules; Segment p(i) performs multi-valued logic operations to generate the current ciphertext segment p'(i) to complete encryption.
  • Encryption key derivation F before the start of each encryption, set F with a randomly extracted key derivation reconstruction code, so that F has specific key derivation rules; Perform multi-valued logic operations with the current plaintext segment p(i) to generate an encryption key Y(i+1) for encrypting the next plaintext segment.
  • both the encryptor f and the encryption key derivation unit F use a reconfigurable multi-valued logical operation unit as a symbol transformation unit.
  • both the reconfiguration codes of the encryptor and the reconfiguration codes of the encryption key derivation are reconfigurable codes of the multi-valued logical operation unit. Since the reconstruction codes of each encryption device are different from those of each key derivation device, it is determined that f and F must be configured with different reconstruction codes, so the two must be multi-valued logic operators with different operation rules. It is further determined that the current ciphertext segment p'(i) must be different from the derived encryption key Y(i+1).
  • (2)Decryption components include:
  • Decryptor f' Before each decryption starts, use the decryptor reconstruction code paired with the peer's encryption reconstruction code to set the decryptor f', so that f' has specific decryption rules; f' uses the current decryption code The key Y'(i) decrypts the current ciphertext segment p'(i) to obtain the decrypted plaintext segment p(i).
  • Decryption key derivation F' Before starting each decryption, set F' with the key derivation code selected by the peer encryptor, so that F' has the same key derivation rules as F; F' has the same key derivation rules as F; The decrypted current plaintext segment p(i) and the current decryption key Y'(i) are processed to generate the decryption key Y'(i+1) for decrypting the next ciphertext segment.
  • both the decryptor f' and the decryption key derivation device F' use the reconfigurable multi-valued logical operation unit as the symbol transformation unit.
  • both the decryptor reconstruction code and the decryption key derivation reconstruction code are reconstruction codes of the reconfigurable multi-valued logical operation unit.
  • F is the same as F'
  • Y(0) is the same as Y'(0)
  • the encrypted plaintext segment and the decrypted plaintext segment are the same
  • the encryption part comes with a number of working registers, including: Encryptor f comes with: a first encrypted input register (Rfy) for storing the current key; a second encrypted input register (Rfm) for storing the current plaintext segment; an encrypted output register (CRf), used to store and output the current ciphertext segment.
  • the encryption key derivation device F is attached with: the first encryption key derivation input register (RFY), used to store the current key; the second encryption key derivation input register (RFm), used to store the current plaintext segment; the encryption key
  • the derived output register (CRF) is used to store and output the encryption key for the next plaintext segment.
  • the decryption part also has some working registers, including: the decryptor f' is attached with: a first decryption input register (Rf'y), which is used to store the current key; a second decryption input register (Rf'm), which is used to for storing the current ciphertext segment; the decryption output register (CRf') is used to store the current plaintext segment after decryption; the decryption key derivation device F' is attached with: the first decryption derivation input register (RF'Y) is used for storing Current key; the second decryption derived input register (RF'm), used to store the plaintext segment after decryption of the current ciphertext segment; decryption derived output register (CRF'), used to store the key for decrypting the next ciphertext segment .
  • the decryptor f' is attached with: a first decryption input register (Rf'y), which is used to store the current key; a second
  • Each bit of the encryptor f, each bit of the decryptor f', each bit of the key derivation F and F' is equipped with a reconfiguration register, and the reconfiguration registers of their i-th bits are respectively marked as: Cgf (i), Cgf'(i), CgF(i), and CgF'(i).
  • Writing reconfiguration codes to these reconfiguration registers can modify the multi-valued logic operation rules corresponding to the sign converter bits.
  • GYY is a plurality of pairs of encryptor reconfiguration codes and decryptor reconfiguration codes, a plurality of key derivation reconfiguration codes and a plurality of preset keys Y(0) stored in the encryption and decryption electronic device.
  • the read-only storage unit can only write data once with a special device by the manufacturer.
  • the read-only storage unit does not have a channel for reading data from the electronic device, so the program and GYY stored in it can never be read out of the electronic device, but the program and GYY can be used indefinitely inside the electronic device.
  • the read-only storage part contains multiple storage areas, including: control program storage area, encryption device reconstruction code storage area, decryptor reconstruction code storage area, key derivation device reconstruction code storage area and preset key storage area Area.
  • Each encryption and decryption electronic device is written in a set of generalized key source data GYY by the manufacturer with a special writing device before leaving the factory.
  • Each GYY value is a combination of an encryption code and a corresponding decoder reconstruction code pair, a key derivation code and a preset key, so each GYY value determines an encryption The rules and keys used for decryption operations. Since the GYY used by the encryption end and the decryption end must be the same, at least two electronic devices must have the same GYY and their sequence numbers to form an information encrypted communication system. If you write GYY with the same serial number and content to multiple encryption and decryption chips, these chips will decrypt the transmitted ciphertext at the same time, forming a communication system with open information within the group.
  • the special writing device is only installed in the chip factory and is not an accessory of the chip.
  • Each encryption and decryption chip must be written with a special program by the manufacturer using the writing device, and after writing a group of GYY selected from all possible GYY values in a random manner, it can become a usable product.
  • the writing device includes: a first burner, used to write a plurality of randomly selected encryptor reconstruction codes into the encryptor reconstruction code storage area of the read-only storage unit; a second burner, used for Write the decryptor reconfiguration code paired with each encryptor reconfiguration code into the decryptor reconfiguration code storage area of the read-only storage unit; the third burner is used to reconfigure a plurality of randomly selected key derivations The code is written into the derivation reconstruction code storage area of the read-only storage unit; the fourth burner is used to write a plurality of preset keys randomly selected into the preset key storage area of the read-only storage unit.
  • the peer relationship here refers to: the pairing technology and components for encrypting and processing the plaintext to be encrypted and decrypting and processing the ciphertext corresponding to the plaintext.
  • the encryption component here is the component used to encrypt plaintext to generate ciphertext in the encryption and decryption chip at one end, and the decryption component at the opposite end is the encryption and decryption component at the other end.
  • the components in the decryption chip are used to decrypt the ciphertext. Specifically, as shown in FIG.
  • the encryption component a in the encryption and decryption chip A and the decryption component b in the encryption and decryption chip B are peers, and the encryption and decryption component a' in the encryption and decryption chip A and the encryption and decryption chip B Components b' are opposite to each other.
  • Three independent cycle counters are set in the encryption part to count the different symbol arrangements specified in plaintext or ciphertext respectively.
  • the statistical values obtained at the end of this communication are the first reservation number, the second reservation number and the third reservation number , the three reservation numbers are sequentially connected to form a code that is convenient for storage and transmission, called the reservation code. Since the appearance of a certain symbol sequence in plaintext or ciphertext has uniform probability randomness, the three reservation numbers are all random, so the reservation code is also a random number.
  • the role of the reservation number to create conditions for the random selection of the generalized key source data GYY in the next communication process, specifically: after the end of this communication, the encryption unit immediately extracts an encryption key from the read-only storage unit according to the first reservation number code, and use this reconfiguration code to set the multi-valued logical operation function of the encoder f; the decryption part also extracts the decryptor reconfiguration code paired with the encryption device reconfiguration code from the read-only storage part according to the first reserved number , and use this decoder reconstruction code to set the multi-valued logic operation function of the decryptor f'; both the encryption unit and the decryption unit extract the same key derivation reconstruction code from the read-only storage unit according to the second reservation number, and use This reconstruction code sets the multi-valued logical operation function of the encryption key derivation device F and the decryption key derivation device F'; both the encryption part and the decryption part extract the same preset key from the read-only memory according to the third reserved number
  • Reservation process When the encryptor receives the command to complete the communication information, it immediately forms the reservation code with three reservation numbers, and saves the reservation code in the reservation code register and sends it to the decryption terminal; the decryption terminal saves the received reservation code to the The reservation code register at the end, and send it back to the encryption end; the encryption end compares the received reservation code with the saved reservation code, if the two are the same, the reservation is successful, and an instruction to terminate the communication process is issued to complete the communication; If the two are not the same, then re-send the reservation code, wait for the return reservation code to be received again, if the reservation is unsuccessful for many times in a row, then send a line failure alarm.
  • the reservation code can also be generated by the decryptor, and the decryptor initiates the reservation process; the reservation code can also be generated separately by the encryptor and the decryptor, and the order terminal that receives the communication information first initiates the reservation process.
  • the present invention provides a computer software structure for realizing the encryption and decryption method
  • the encryption and decryption computer software structure includes: an encryption software module, a decryption software module, a configuration file, a plurality of cycle counting variables and a special writing program owned by the manufacturer.
  • the symbol transformation rules used in the encryption software module and the decryption software module are reconfigurable multi-valued logic operation rules.
  • Encryption program segment Rf Before each encryption process starts, use a randomly extracted encryptor reconstruction code to set the encryption rule of the encryption program segment Rf, and the encryption program segment uses the current encryption key to The plaintext segment P(i) is encrypted to obtain the corresponding current ciphertext segment P'(i).
  • Encryption key derivation program segment RF Before each encryption process starts, use a randomly extracted key derivation reconstruction code to set the key derivation rules of the encryption key derivation program segment RF, the encryption key derivation program segment The current plaintext segment P(i) and the current encryption key Y(i) are processed to generate the encryption key Y(i+1) for encrypting the next plaintext segment.
  • both the encryption program segment rf and the encryption key derivation program segment rF use reconfigurable multi-valued logic operation rules as symbol transformation rules.
  • both the encryption code and the encryption key derivation code are reconstruction codes that can reconfigure multi-valued logic operation rules.
  • decryption program segment Rf' before each decryption process starts, use the decryptor reconstruction code paired with the encryption device reconstruction code to set the decryption rule of the decryption program segment Rf', Rf' is encrypted with the current decryption code
  • the key Y'(i) decrypts the current ciphertext segment P'(i) to obtain the corresponding decrypted plaintext segment P(i).
  • Decryption key derivation program section RF' Before each decryption process starts, use the selected encryption key derivation reconstruction code to set the current key derivation rule of the decryption key derivation program section RF', RF' is to the current key derivation rule The decrypted plaintext segment P(i) and the current decryption key Y'(i) are processed to generate the decryption key Y'(i+1) for decrypting the next ciphertext segment.
  • both the decryption program segment rf' and the decryption key derivation program segment rF' use reconfigurable multi-valued logic operation rules as symbol transformation rules.
  • both the decryptor reconfiguration code and the decryption key derivation reconfiguration code are reconfigurable multi-valued logic operation rules.
  • the configuration file saves the generalized key source data GYY and reservation code preset by the corresponding encryption and decryption software.
  • Each encryption and decryption software has an exclusive configuration file, and any two different encryption and decryption software have different configuration files.
  • the configuration file is divided into multiple file sections, including: the section of the encryptor reconstruction code file, the section of the decryptor reconstruction code file, the section of the key derivation reconstruction code file, the section of the preset key file and the reservation code storage unit.
  • the reservation code storage unit is read and rewritten by the encryption software module, and the rest of the file paragraphs are assigned by the manufacturer with a special writing device to write the preset GYY to the configuration file, and then the encryption and decryption software There are encryption and decryption functions for various electronic documents.
  • a first writing module used to write a plurality of encrypted reconstruction codes randomly selected into the paragraphs of the encrypted reconstruction code file
  • a second writing module used to write The decryptor reconstruction code is written into the section of the decryptor reconstruction code file
  • the third writing section is used to write the randomly selected multiple key derivation reconstruction codes into the section of the derivation reconstruction code file
  • the fourth writing section used to write multiple randomly selected preset keys into the section of the preset key file.
  • each cycle counting variable takes the corresponding reservation number in the reservation code used this time as the initial value, and each cycle counting variable counts a symbol arrangement in the encrypted plaintext this time, and different cycle counting variables count different Arrangement of symbols; the final result of each cycle counting variable is the corresponding new reservation number, all new reservation numbers form a new reservation code, and the new reservation code is stored in the reservation code storage unit, waiting for the encryption software module to read when it works next time.
  • Encryption software module setting process first read the reservation code used for this encryption from the reservation code storage unit of the configuration file, and separate the first reservation number, the second reservation number and the third reservation number from the reservation code; The reservation code used this time is written into the starting position of the ciphertext file; each reservation number is set as the initial value of the corresponding cycle count variable; then according to the first reservation number, extract the corresponding paragraph from the encryption device reconstruction code file Encryptor reconfiguration code, write the cipher reconfiguration code into the reconfiguration register RCgf(i) of the cipher, thereby setting the current symbol transformation rule of the encrypted program segment Rf; according to the second reservation number used this time, from the Extract the corresponding key derivation reconstruction code from the section of the key derivation reconstruction code file described above, and write the key derivation reconstruction code into the encryption key derivation reconstruction code register RCgF(i), thereby setting the encryption key The current symbol transformation rule of the key derivation program segment RF; according to the third reservation number used this time, extract the
  • the reconfigurable multi-valued logic operation unit can be used to derive a large number of optional keys with obvious random characteristics, no shorter than plaintext, and a large number of optional keys based on the automatic execution of the computer. capacity and fewer storage units, and realizes a practical one-time secret stream cipher technology.
  • reconfigurable multi-valued logic operation components not only enables the preset key to derive many different actual keys, but also expands the dependence of the randomness of the actual key on the randomness of the preset key to simultaneously Relying on the randomness of the preset key and the randomness of the function of the multi-valued logic operator
  • the reconfigurable multi-valued logic operator can also be used to form an encryptor, a decryptor, and a key-derived device, so that the same key pair can be used at the same time.
  • a plaintext can generate many ciphertexts, and its effect is equivalent to further increasing the randomness of the actual key.
  • the application scenario provided by the technology of the present invention may be an encryption system for real-time communication, or an encryption system for storing or transmitting electronic files.
  • the method and application scenario for realizing the technology of the present invention will be described in conjunction with embodiments.
  • Fig. 1 is the schematic flow chart of encryption process
  • Fig. 2 is a schematic flow chart of the decryption process
  • Fig. 3 is the schematic flow diagram of setting the reconfiguration code of the encryptor and the reconfiguration code of the decryptor;
  • Fig. 4 is the schematic flow chart of setting key derivation device reconstruction code
  • FIG. 5 is a schematic diagram of the flow of setting a default key
  • FIG. 6 is a schematic structural diagram of an encryption and decryption device
  • Fig. 7 is a schematic structural diagram of an encrypted communication system.
  • Embodiment 1 An encryption and decryption method provided by the present invention
  • the encryption process includes Step A1 and Step A2 described in the Summary of the Invention.
  • the decryption process includes step B1 and step B2 described in the summary of the invention.
  • the decryption component reconstruction code is used to set the decryption key derivation component F' to form the decryption key derivation rule used in this decryption process, and F' remains unchanged in this decryption process; f' is based on the current decryption key Y'( i), decrypt the current ciphertext segment p'(i) to obtain the decrypted current plaintext segment p(i); F' decrypts the decrypted current plaintext segment p(i) and the current decryption key Y'( i) Process to generate the
  • each encrypted derived key Y(i) and the corresponding decrypted derived key Y'( i) is also the same.
  • the present invention also includes a process of randomly selecting a reconstruction code of an encryption component (f) and a reconstruction code of a corresponding decryption component (f') for an encryption and decryption process, specifically It is divided into two steps: the first step is step C1 described in the summary of the invention, and the second step is step C2 described in the summary of the invention; as shown in Figure 4, it also includes randomly selecting a key for an encryption and decryption process
  • the process of reconstructing the code of the derived components (F and F') is specifically divided into two steps: the first step is step D1 described in the summary of the invention, and the second step is step D2 described in the summary of the invention; As shown in 5, it also includes the process of randomly selecting a preset key Y(0) for an encryption and decryption process, which is specifically divided into two steps: the first step is the step E1 described in the summary of the invention, and the second step is the invention Step E2 as described in the Contents section.
  • step C1, step D1 and step E1 are only executed once by the manufacturer before each specific object (such as: encryption and decryption chip, encryption and decryption computer software) that realizes the encryption and decryption method is put into use, and not Execute the 2nd time.
  • step C2, step D2 and step E2 are automatically executed once by the encryption and decryption object each time an encryption and decryption object is used.
  • step C1 When step C1 is executed, according to the first random number randomly generated, a pair is selected from the massive encryption component reconstruction code and its paired decryption component reconstruction code, and the selected pair is deleted from the massive reconstruction code sequence.
  • the reconfiguration codes of the encrypted components and the reconfigured codes of the decrypted components are repeatedly executed multiple times to obtain multiple pairs of the reconfigured codes of the encrypted components and the reconfigured codes of the decrypted components.
  • step D1 When executing step D1, select a key derivation component reconstruction code from the massive key derivation component reconstruction code sequence according to the randomly generated second random number, and delete the key derivation component reconstruction code sequence from the key derivation component reconstruction code sequence
  • the reconfiguration code of the selected key derivation component is repeatedly executed multiple times to obtain a plurality of reconfiguration codes of the key derivation component.
  • Execute step E1 select a preset key from a large number of key sequences according to the randomly generated third random number, delete the selected preset key from the key sequence, and repeat the execution for many times , you can get multiple preset keys.
  • step C2 When step C2 is executed, according to the first reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the middle digits of the reservation code, and the multiple encryption components selected in step C1 reconstruct the code and decrypt An encryption component reconstruction code and a decryption component reconstruction code pair used this time are extracted from the component reconstruction code pairing; the encryption component is configured with the encryption component reconstruction code in the pair, and the decryption component is configured with the decryption component reconstruction code .
  • step D2 When step D2 is executed, according to the second reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the lower digits of the reservation code, and the code is reconstructed from a plurality of key derivation components selected in step D1 Extract the reconfiguration code of the key derivation component used this time; use the reconfiguration code of the key derivation component to configure the key derivation component.
  • step E2 according to the third reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the upper digits of the reservation code, extracted from the multiple preset keys selected in step E1 The preset key Y(0) used this time.
  • Step C There is no sequence among Step C, Step D and Step E.
  • a process of generating a reservation code which specifically includes: taking the reservation code used this time as the initial value, counting various symbol sequences in the plaintext to be encrypted or decrypted this time , each count value is a reservation number; all reservation numbers are connected into the next reservation code.
  • Embodiment 2 An integrated circuit chip structure for implementing the encryption and decryption method
  • 64-bit binary data is used as the length of the plaintext segment and the ciphertext segment. Since two-bit binary data is exactly one bit of four-value data, 64-bit binary data is also 32-bit four-value data.
  • the plaintext segment and the ciphertext segment shall not prevent this patent from covering the use of other multi-valued logical operators, including the mixed use of multiple multi-valued logical operators, as the exclusive use of the same encryption and decryption technology as the encryptor, decryptor and key derivation device. right.
  • the internal logic structure of the chip in this embodiment is shown in Figure 6, including three parts: an encryption component, a decryption component, and a read-only storage component.
  • the setting process is described as follows.
  • the chip of this embodiment can be provided with 12 pins, and the function and label name are respectively: plaintext serial input pin Xmin, ciphertext serial output pin XMout, ciphertext serial input pin XMin, plaintext serial output pin Pin Xmout, send control pin Ksend, send status pin Ssend, receive control pin Krece, receive status pin Srece, clock input pin Clock, pre-write pin Yin, power supply Vcc and ground level pin.
  • Xmin constitutes the generalized key source data GYY and microprogram serial write port
  • the XMin pin is applied with the 64 frequency division clock of Clock
  • XMin and Clock constitute the chip operation control clock
  • the Ksend and Krece pins constitute The control command input ports for the internal operation of the chip are used to write the preset generalized key source data GYY and microprograms to the read-only memory inside the chip; when Yin is low, each pin resumes the marking function.
  • F Set a 32-bit 4-value logical operator as an encryption key derivation F, with two 64-bit input registers RFY and RFm, and a 64-bit output register CRF. After putting the current key Y(i) into RFY and RFm into the current plaintext segment p(i), F outputs the next derived key Y(i+1) of the encryption component and stores it in its CRF.
  • a 32-bit 4-value logic operator is set as the decryption key derivation F', F' has the same function as F, with two 64-bit input registers RF'Y and RF'm, and a 64-bit output register CRF'. Put the current key Y(i) into RF'Y, put the current decrypted plaintext segment p(i) into RF'm, and F' output the next derived key Y'(i+1) of the decryption component, and deposit it into its CRF'.
  • Each bit of F(i) and F'(i) is assigned a 32-bit reconfiguration register, labeled: Rf(i), Rf'(i), RF(i) and RF'(i) .
  • Writing reconfiguration codes to these 4 registers can modify the 4-valued logic operation rules corresponding to the sign converter bits.
  • Each storage unit hides a 64-bit preset key Y(0).
  • Y(0) can only be input to RfY, Rf’Y, RFY and RF’Y through the internal data bus.
  • Two storage areas are set: f-f' storage area and F-F' storage area, each storage area has 1024 rows, and each row has 32 64-bit storage units.
  • the first 32 bits of the f-f' storage unit store a f(i) reconstruction code
  • the last 32 bits store a f'(i) reconstruction code
  • the 32 64-bit storage units in each row can only pass
  • the first 32 bits of the F-F' storage unit save a heavy value of F(i) Code construction
  • the last 32 bits save a reconstructed code of F'(i)
  • Each pin is provided with a pin data register whose value is the real-time status of the corresponding pin to resist the influence of external high-frequency interference on the pin signal.
  • the Xmin and XMin pins each have a "1-bit input 64-bit output" serial-to-parallel data shift register.
  • the serial input end of the shift register in the encryption part is connected to the Xmin pin, and the parallel output end is connected to the registers Rfm and RFm; the serial input end of the shift register in the decryption part is connected to the XMin pin, and the parallel output end is connected to the register Rf'm.
  • the Xmout and XMout pins each have a "64-bit input 1-bit output" parallel-to-serial data shift register.
  • the parallel input end of the shift register in the encryption part is connected to the register CRf, and the serial output end is connected to the XMout pin;
  • the parallel input end of the shift register in the decryption part is connected to the register CRf', and the serial output end is connected to the Xmout pin.
  • a 64-bit bus buffer is used to control the read and write operations of the internal memory; a 17-bit address decoder is used to control the addressing of the internal 128M memory address.
  • 64-bit micro-instruction decoder 64-bit micro-instruction register and 11-bit micro-program counter PC.
  • the Yin pin of the pair of chips will be connected to a high level, and the chip will be set to write the generalized key source data GYY or the microprogram state.
  • the counters Jm1 and Jm01 are connected to form a 20-bit counter to count the clock signal of the XMin pin.
  • the XMin pin clock is divided by 64 of the Clock pin clock, and the real-time value of the lower 17 bits of the 20-bit counter is output to 17 bits.
  • the special writing device of the encryption and decryption chip is equipped with a uniform probability true random number generator, and the writing device selects the reconstruction codes of f(i), f'(i), and F(i) according to the true random number sent by the generator and Y(0), so that the generalized key source data GYY hidden in each pair of encryption and decryption chips has uniform probability random characteristics.
  • True random number generators have a variety of structures, for example: 64 discs with uniform weight, 1 cm in diameter, 1 mm in thickness, one side is insulated, and the other side is metal, falling freely from a height of 2 meters, passing through the random collision of the nail plate , falling onto a plate with 64 dimples, the plate vibrates slightly, and each dimple falls into a disc.
  • a 64-bit true random number can be obtained in about 5 seconds, and no less than 17,000 64-bit true random numbers can be obtained every day.
  • the 64-bit random number sent by the random number generator is compared with the random number sent in the past one by one.
  • the random numbers are different, and the newly sent 64-bit random number is used as a selected preset key Y(0) to be written into the Y(0) storage area of the GYY storage area of the chip, and the dedicated writing device writes the newly received
  • the 64-bit random number is stored in the first random number memory of itself according to its size order; if the new random number sent is the same as the random number sent in the past, the dedicated writing device abandons the newly sent random number and receives The next 64-bit random number; until 1024 preset keys Y(0) are written to the current chip pair, then the next pair of chips is processed.
  • the reconstruction code of the multi-valued logic operator is determined by the structure of the multi-value logic operator, when using "a kind of multi-valued electronic operator and method with many digits, groupable and reconfigurable" (Chinese invention patent application number: 201811567284.7, PCT No.: PCT/CN2019/070318) for the four-valued logic operator given in the embodiment, the reconstruction code of each four-valued logic operator is 4 sequential 8-bit row reconstruction codes, That is, the reconstruction code of each four-valued logic operator is 32 bits, so a 32-bit encryptor, a 32-bit decryptor, and a 32-bit key derivation device all need 32 32-bit memories to store one of their reconfiguration codes. build code.
  • this embodiment uses a 64-bit storage unit to place the reconfiguration code of the same bit of the paired encryptor and decryptor, and the reconfiguration code of the encryptor Placed in bits 0-31, and the reconstruction code of the paired decryptor is placed in bits 32-63. Therefore, the reconstruction codes of a pair of 32-bit encryptor and decryptor are placed in consecutive 32 64-bit memories.
  • 16 consecutive 64-bit random numbers sent by the random number generator are connected together to form a 1024-bit random number, and the 1024-bit random number is from the highest bit to the lowest in units of 4 bits Bit scanning, replace the reconstruction code that is not suitable for the cipher with a specific reconstruction code suitable for the cipher to form a sorted 1024-bit random number, the replacement rule of the reconstruction code during the sorting process and the four-valued logic used It is related to the structure of the arithmetic unit and does not belong to the scope of discussion of this patent.
  • the new 1024-bit random number after sorting is compared with all the 1024-bit random numbers that have been sent in the past and stored in the second random number memory; Not the same, the newly sent 1024-bit random number can be regarded as the reconstructed code of each bit of a 32-bit encryptor, which is stored in the second random number memory of the dedicated writing device in order of size;
  • the above 1024-bit random number is divided into 32 32-bit random numbers, and each 32-bit random number is temporarily placed in bits 0-31 of a 64-bit register in the first register group of the dedicated writing device, and the first register group has a total of 32 64-bit register; 0-7 bits, 8-15 bits, 16-23 bits and 24-31 bits of each register are a row reconstruction code of the encryptor; respectively decrypt the pairs of these 4 row reconstruction codes
  • the reconfiguration code of the device line is found out, and correspondingly stored in the last 32 bits of the register.
  • the dedicated writing device abandons the newly sent random number.
  • the dedicated writing device continues to receive the next 16 64-bit random numbers, and repeats the above operations until the current chip pair is filled with 1024 paired encryptor/decryptor reconstruction codes.
  • this embodiment also uses a 64-bit storage unit to place the same key of the encryption key derivation and the corresponding decryption key derivation.
  • bit reconstruction code the reconstruction code of the encryption key derivation is placed in 0-31 bits, and the reconstruction code of the corresponding decryption key derivation is placed in 32-63 bits, in view of the reconstruction of the two key derivations
  • the coding is the same, so the contents of the first 32 bits and the last 32 bits of this storage unit are the same.
  • a pair of 32-bit key derivation reconstruction codes are placed in 32 consecutive 64-bit memories.
  • 16 consecutive 64-bit random numbers sent by the random number generator are connected together to form a 1024-bit random number, because all four-valued logic operators are suitable for use as a key derivation device , no need to tidy up said 1024-bit random number.
  • This new 1024-bit random number is compared with all 1024-bit random numbers sent in the past stored in the third random number memory; if the newly sent 1024-bit random number is not the same as the random number sent in the past, the new The 1024-bit random number sent can be regarded as the reconstruction code of each bit of a 32-bit key derivation device, which is stored in the 3rd random number memory of the dedicated writing device in order of size;
  • the bit random number is divided into 32 32-bit random numbers, and each 32-bit random number is temporarily placed in bits 0-31 of a 64-bit register in the second register group of the dedicated writing device, and the second register group has a total of 32 64-bit registers; bits 0-7, bits 8-15, bits 16-23 and bits 24-31 of each register are a row reconstruction code of the key derivation device; copy these 4 row reconstruction codes to the The last 32 bits of the register.
  • the 32 64-bit registers of the 2nd register group retain the reconstruction codes of the same two 32-bit key derivators;
  • the key derivation device/decryption key derivation device is written into the FF' storage area of the GYY storage area of the chip. If the newly sent 1024-bit random number is identical to the 1024-bit random number sent in the past in the 3rd random number memory, the dedicated writing device abandons the newly sent random number.
  • the dedicated writing device continues to receive the next 16 64-bit random numbers, and repeats the above operations until the chip pair is filled with 1024 encryption key derivation/decryption key derivation reconstruction codes.
  • the approximate number of transistors required to construct the encryption and decryption chip given in Embodiment 2 can be estimated.
  • Constructing a reconfigurable 4-value logic operator requires 44 binary logic gates, 8 8-to-1 devices, and 4 8-bit reconfigurable registers (Rf(i) or Rf'(i) or RF(i) or RF'(i)), about 500 transistors are needed; therefore, about 16,000 transistors are needed to construct a 32-bit 4-valued logic operator; so four 32-bit 4-valued logic operators (that is, f , f', F, and F') require approximately 64,000 transistors.
  • f, f', F, and F' each have three 64-bit I/O registers (RfY, Rfm, CRf, Rf'Y, Rf'm, CRf', RFY, RFm, CRF, RF'Y, RF' m and CRF'), constructing the twelve 64-bit registers requires about 2500 transistors.
  • the encryption and decryption chip contains three 10-bit random counters (Jm1, Jm01 and Jm11), a 30-bit reservation code register (Rm), four 64-bit serial-to-parallel conversion registers, a 64-bit bus buffer, and a 17-bit Address decoder, a 64-bit micro-instruction decoder, a 64-bit micro-instruction register, an 11-bit micro-program counter PC and a ten-pin 1-bit data register, the construction of this part requires about 20,000 transistors.
  • the encryption and decryption chip contains a microprogram memory of 2048 ⁇ 64 bits, a Y(0) storage area of 1024 rows ⁇ 64 bits, two two-dimensional storage areas of 1024 rows ⁇ 32 columns ⁇ 64 bits (f-f' and F-F'), about 1.8 ⁇ 10 7 transistors are needed to construct this 67K 64-bit memory.
  • 1.5 ⁇ 10 11 transistors can be produced per square centimeter chip, that is, more than 2,700 encryption and decryption chips can be produced on a 1 parallel centimeter chip.
  • Embodiment 3 A kind of computer software that realizes described encryption and decryption method
  • Embodiment 3 The computer software provided in Embodiment 3 is mainly used to encrypt various binary data files.
  • this embodiment takes 128-bit binary data as the segment length, and the plaintext file to be encrypted or the ciphertext file to be decrypted Segmentation is performed, so the preset key rY(0) and derived key rY(i) in this embodiment are both 128-bit binary data.
  • the software of this embodiment is arranged to include three identical mixed multi-value logic operation units: 2 reusable Construct eight-valued logic operators and 61 reconfigurable four-valued logic operators.
  • the positions of the 2 eight-valued logic operators are in the first 6 positions, namely: the first reconfigurable eight-valued logic operator processes the data of bits 0, 1 and 2, and the second reconfigurable eight-valued logic operator Process the data of No. 3, No. 4 and No. 5 bits; the data sequence on the remaining bits is processed by 61 reconfigurable four-valued logic operators.
  • Three mixed multi-valued logic operation units are respectively used as encryption transformation rf, decryption transformation rf' and key derivation transformation rF.
  • the software of embodiment 3 has three main modules: encryption module, decryption module and configuration file.
  • Encryption module corresponding to the encryption component in Embodiment 2, including an encryption unit f, a key derivation unit F and associated registers.
  • the encryption module uses encryption transformation rf to transform plaintext m into ciphertext M according to software generalized key source data rGYY.
  • rf has two 128-bit input variables rRfY and rRfm, and a 128-bit output variable rCRf. Put the current key rY(i) into rRfY. After rRfm is put into the current plaintext segment, rf outputs the current segment of the ciphertext M to rCRf.
  • the key derivation transformation rF in this module has two 128-bit input variables rRFY and rRFm, and one 128-bit output variable rCRF. After putting the current key rY(i) into rRFY and rRFm into the current plaintext segment, rF outputs the next derived key rY(i+1) to rCRF.
  • Decryption module corresponding to the decryption component in Embodiment 2, including: decryptor f', key derivation device F' and related registers.
  • the decryption module uses the decryption transformation rf' to convert the ciphertext M into plaintext m according to the software generalized key source data rGYY.
  • rf' has two 128-bit input variables rRf'Y and rRf'M, and a 128-bit output variable rCRf', which puts the current key rY(i) into rRf'Y, and rRf'M puts the current ciphertext segment After that, rf' outputs the current segment of the decrypted plaintext m to rCRf'.
  • This module also uses rF to generate a new derived key, but the value placed in rRFm is the plaintext segment obtained by decrypting the current ciphertext.
  • the reconstruction variables rRfj, rRf'j and rRFj, the bit reconstruction variables of the two eight-valued logic operators are rRf0 and rRf1, rRf'0 and rRf'1, rRF0 and rRF1 respectively, and they all have 144 bits, while the rest
  • Write reconstruction codes into rRfj, rRf'j and rRFj, and the corresponding mixed multi-valued logic unit has the operation rules set by this group of reconstruction codes.
  • Configuration file corresponding to the read-only storage unit in Embodiment 2, including: Y(0) storage area, f-f' storage area, FF' storage area and reservation code register for hiding generalized key source data GYY.
  • Circulation counting variable In order to realize the one-time pad, the key has true randomness, and correctly obtain rGYY when decrypting, three 10-bit cyclic counting variables rJm1, rJm01 and rJm11 are set in the encryption module, which respectively count the symbols in the plaintext (such as 001, 010 and 101), so the values of these three counters are random. Correspondingly, there are three 10-bit read-write storage units rRm1, rRm01 and rRm11 in the configuration file. After each encryption operation, the encryption module stores the current values of rJm1, rJm01 and rJm11 into rRm1, rRm01 and rRm11 respectively.
  • the encryption module reads the values of rRm1, rRm01, and rRm11 into the rJm1, rJm01, and rJm11 counters as the initial counting values of each counter, and selects the generalized value used in this encryption operation according to these three random numbers.
  • the key source data rGYY write these three random numbers into the head of the corresponding ciphertext, to ensure that the correct rGYY can be directly obtained when decrypting the ciphertext in the future.
  • rRm1, rRm01 and rRm11 are written into the starting position of the ciphertext file to form a reservation code for selecting rGYY for decryption operation.
  • 4rf generates the current segment of the ciphertext and sends it to the variable rCRf; rF generates a new derived key and sends it to the variable rCRF.
  • the three counters rJm1, rJm01 and rJm11 respectively count the number of specific symbol sequences in the current plaintext segment until the plaintext is encrypted. Then write the last values of rJm1, rJm01 and rJm11 into the rRm1, rRm01 and rRm11 storage units of the configuration file.
  • 3rf' generates the current segment of the plaintext m and sends it to the variable rCRf';
  • the plaintext file is stored in the same folder as the ciphertext, and the name of the plaintext file after decryption: add the JYM- (or jym-) logo in front of the ciphertext file name, and remove the .jym suffix;
  • Embodiment 4 Use a pair of encryption and decryption chips to form an information encryption communication system
  • an information encryption communication system includes two communication devices at the opposite end of communication, and is characterized in that the encryption and decryption chip described in Embodiment 2 is respectively set on each communication device;
  • the transmitted information is encrypted and decrypted in real time, and the ciphertext information is transmitted between communication devices.
  • two identical encryption and decryption chips A and B can be placed between the digital equipment and the communication equipment at both ends of the common channel, so as to construct a pair of encrypted channels with opposite communication directions on the common public channel.
  • Encryption component a in encryption and decryption chip A and decryption component b in encryption and decryption chip B are opposite to each other, forming an encryption channel from A to B; decryption component a' in encryption and decryption chip A and encryption component b in encryption and decryption chip B 'They are peers and form an encrypted channel from B to A.
  • the information encryption communication system also adopts a reservation code mechanism to select the encrypted device reconstruction code, decryptor reconstruction code, key derivation device reconstruction code and preset key used this time;
  • the reservation code mechanism includes:
  • a sending unit used for sending out the reservation code when one of the communication devices ends the communication
  • a receiving unit used for receiving the callback reservation code returned by another communication device
  • a judging unit used to judge whether the reservation code and the callback reservation code are the same, and obtain a corresponding judgment result
  • a first processing unit connected to a judging unit, used to end the communication between the two communication devices when the judging result indicates that the reservation code and the callback reservation code are the same;
  • a second processing unit connected to the judgment unit, used to control the sending unit to send the reservation code again when the judgment result indicates that the reservation code is different from the callback reservation code.
  • the plaintext m sent by the digital device of either party enters the encryption part of the encryption and decryption chip at the sending end, and the current encryptor f and the current key Y(i) replace the symbols of the plaintext m with the corresponding ciphertext
  • the symbol of M the ciphertext is sent to the communication device at the sending end, and then enters the public general channel; after the ciphertext reaches the receiving end, it enters the communication device at the receiving end, and then enters the decryption part of the encryption and decryption chip at the receiving end, the current decryptor f' and the current
  • the key Y(i) replaces the ciphertext symbols with the corresponding plaintext symbols; the plaintext is sent to the digital device at the receiving end, and the communication process is completed.
  • the encryption and decryption chip at this end will connect the current values of Jm1, Jm01, and Jm11 into a reservation code (Rm) and store it in the reservation code register.
  • the encryption and decryption chip at this end will send the session end command After that, continue to send the value of the reservation code (Rm) of the chip to the other party, and the other party receives the value of the reservation code (Rm), stores it in its own reservation code register, and returns a reservation code ( Rm'), the sender receives the callback reservation code (Rm'), if the value of the callback reservation code (Rm') is different from the sent reservation code (Rm), resend the reservation code (Rm) until the two are the same, If the same reservation code value cannot be obtained after 8 repetitions, a system failure will be reported; if the value of the received reservation code (Rm') is the same as the value of the sent reservation code (Rm), the reservation is successful, and both parties
  • the encryption and decryption chips of both parties immediately select the new Y(0) and f(i)/f'(i) and F(i) reconstruction codes according to the Rm value just agreed and send them to the corresponding registers , ready for the next communication.
  • the selected generalized key source data GYY washes out the last derived key Y(i) and the reconstruction codes of f(i)/f'(i) and F(i) in this communication, so this time Even if the ciphertext of the communication is intercepted, no one can find the corresponding preset key and decryptor. Thus, while ensuring the one-time pad, the security of the existing ciphertext is guaranteed.
  • the reservation code only gives the serial number (namely: storage address) of the generalized key source data GYY to be used in the next communication in the read-only memory of the encryption and decryption chip, not the preset key Y(0), the encryptor f(i ) reconstruction code, decryptor f'(i) reconstruction code and derivative F(i) reconstruction code itself, and each pair of hidden preset key Y(0), encryption device f(i) reconstruction code
  • the construction code, the reconstruction code of the decryptor f'(i) and the reconstruction code of the derivative F(i) are all different, so the reservation code is not afraid of being intercepted, and it can be transmitted in ciphertext or plaintext.
  • the process of writing GYY to the encryption and decryption chip is completed by the chip manufacturer with a commercially dedicated writing device.
  • the entire writing process does not allow human intervention, so that no one knows the specific content of GYY hidden in each pair of chips. It is only known which two chips are a pair.
  • the producer when the chips enter the market, the producer will not know which pair of chips is used by which user, so it is impossible to obtain the generalized key source data GYY of a certain information encrypted communication channel through the chip producer.
  • the generalized key source data GYY hidden by each encryption and decryption chip cannot be read out, so the person who gets the encryption and decryption chip cannot know the hidden GYY of the chip.
  • the generalized key source data GYY hidden by each pair of encryption and decryption chips is different. Even if the generalized key source data hidden by one encryption and decryption chip is obtained by a special method, it is also difficult to crack other encryption and decryption chip pairs. The ciphertext doesn't help. Therefore, it is impossible to know the generalized key source data of a certain information encryption communication channel by owning some encryption and decryption chips.
  • the ciphertext does not contain any information about the generalized key.
  • the only way for the communication parties to communicate the characteristics of the next encryption is the reservation code. Therefore, it is impossible to directly obtain any content of the generalized key source data from the ciphertext. It is only possible to obtain reservation code. But the same reservation code corresponds to different generalized key source data in different encryption and decryption chip pairs, so it is impossible to know the generalized key source data of an encrypted channel from the transmitted ciphertext.
  • Embodiment 5 With the assistance of the server, an information encryption communication system composed of an encryption and decryption chip
  • An arbitrary call information encryption communication system realized with the assistance of a server, including a calling end, a server end, and a called end.
  • the server end is arranged between the calling end and the called end, and between the calling end and the server end, between the called end and the server end, information encryption communication methods as described in embodiment 4 are respectively provided;
  • the server includes:
  • a generation unit used to generate a plurality of generalized key source data, including a plurality of reservation keys, encryption device reconstruction codes, decryptor reconstruction codes and key derivation device reconstruction codes;
  • a calling unit used to send a set of selected reservation keys, encryptor reconfiguration codes, decryptor reconfiguration codes and key derivation device reconfiguration codes to the called terminal according to the call request;
  • a ringback unit used to send the selected reservation key, encryptor reconfiguration code, decryptor reconfiguration code and key derivation device reconfiguration code to the calling end;
  • the calling end and the called end use the reservation key, encryption device reconstruction code, decryptor reconstruction code, and key derivation device reconstruction code sent by the server to construct an information encryption channel for encrypted information communication.
  • each phone or mobile phone or network endpoint must communicate with many phones or mobile phones or network endpoints. At this time, it is necessary to use the server-assisted information encryption communication, which corresponds to the information encryption communication system assisted by the server.
  • Each mobile phone or phone or network node has a pair of encryption and decryption chips with the server, and each phone or mobile phone or network node can communicate with the service provider, such as: sending call requests and called party numbers, receiving calls and information, etc. .
  • the server continuously generates multiple preset keys Y(0), key derivation reconstruction code F(i), encryption reconstruction code f(i) and decryption reconstruction code f'(i) (The following may be referred to as session generalized key source data HGYY for short).
  • the calling end sends a call request and the called party number to the serving end in a private (information encryption communication method as described in embodiment 4) information encryption communication channel between him and the serving end;
  • the private information encrypted communication channel between the calling end transmits the telephone number of the calling end and a selected session generalized key source data HGYY to the called end, and causes the called end to ring;
  • the server end communicates with the calling end
  • the private information encryption communication channel sends the same selected HGYY and ringback signal to the calling end; after the communication channel is established, the two communication parties use the selected HGYY given by the server to form an information encryption channel for information encryption communication.
  • the calling end After the calling end establishes communication with the called end, they use the session generalized key source data HGYY sent by the server to encrypt the session information.
  • the session process still maintains the "one-time pad" method.
  • the way the server generates HGYY is exactly the same as the way the encryption and decryption chip manufacturer generates the generalized key source data GYY given in Example 2, and considering the huge amount of generalized key source data, it can be guaranteed that the server only Generalized keys are used once and discarded. Therefore, the encryption of the communication information assisted by the service provider can be done as a one-time pad. That is to say, in the communication system, it is only necessary to ensure that the session generalized key source data HGYY cannot be obtained by others.
  • the server uses the true random number generated by a dedicated machine to automatically generate the dedicated session generalized key source data. This process is not involved in the process, which is the same as the process of writing the preset generalized key source data to the encryption and decryption chip in Embodiment 2;
  • the server uses autonomous communication encryption technology to send the session generalized key source data HGYY to each session participant;
  • the session is encrypted with the one-time session generalized key source data HGYY sent by the server;
  • the server is the only third party that can obtain HGYY, and then obtain the communication content, and it is also the only node that leaks session generalized key source data HGYY.
  • Embodiment 6 "One-to-many" information encryption communication method composed of encryption and decryption chips
  • the encryption and decryption chip described in Embodiment 2 can also be applied to "one-to-many" information encryption channels. Since the GYY written by an encryption and decryption chip does not occupy many storage units, an integrated circuit with an area of one square centimeter can accommodate more than a thousand sets of GYY. Therefore, an encryption center chip that hides thousands of sets of generalized key source data can be constructed. Each set of "generalized key source data" contained in the encryption center chip can form an information encryption private channel with a small encryption and decryption chip, and these chips generally form a "one-to-many" information encryption channel.
  • the encryption center chip is located at the ATM machine management node, and each small encryption and decryption chip is located in each ATM machine, so the communication confidentiality of the ATM machine reaches an unbreakable level. If the encryption center chip is located in the network transaction center, and each small encryption and decryption chip is located in the personal mobile phone, the security of network transaction communication will reach an unbreakable level.
  • Embodiment 7 "Intra-group broadcast” information encryption communication method composed of encryption and decryption chips
  • a group of encryption and decryption chips provided in Embodiment 2 includes a group of identical GYYs in each chip, then the communication in the information encryption channel formed by this group of GYYs is all open information to the group of chips, so in this group of chips
  • the information encryption channel can constitute a broadcast communication for this group of chips, while it is still an information encryption communication for other people outside the group. For example: if all the encryption and decryption chips inside a unit (such as a ship) set an information encryption channel with common generalized key source data, the channel will appear as "information without encryption" in the unit, but it will not be used outside the unit. The eavesdroppers are still in the state of information encryption.
  • Embodiment 8 "User-built” information encryption communication method composed of encryption and decryption chips
  • Embodiment 9 The way of judging the security of the information encryption channel
  • the communication party asks the other party to enter the agreed identification code from time to time, so as to judge whether the information encryption channel is safe or not.
  • the encryption and decryption chip of the other party is stolen, damaged, or the normal user is separated from the encryption and decryption chip, etc., the party seeking the identification code cannot receive the correct identification code on time, thus judging that the channel is not safe.
  • Embodiment 10 An information security local area communication network composed of encryption and decryption chips

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne le domaine du chiffrement et du déchiffrement d'informations, et en particulier un procédé et un appareil de chiffrement et de déchiffrement mis en œuvre à l'aide de composants d'opération en logique plurivalente reconfigurables. Le procédé de chiffrement et de déchiffrement peut comprendre des processus de chiffrement et de déchiffrement, des processus de préréglage d'un code de reconfiguration de composant de chiffrement, d'un code de reconfiguration de composant de déchiffrement et d'un code de reconfiguration de composant de dérivation de clé, un processus de préréglage de clés prédéfinies, et un processus de génération d'un code de réservation. L'appareil de chiffrement et de déchiffrement peut comprendre un composant de chiffrement, un composant de déchiffrement et un composant de stockage en lecture seule constitués de matériel, et peut comprendre en outre un module de chiffrement, un module de déchiffrement et un fichier de configuration constitués de logiciel. Un scénario d'application peut être un système de chiffrement de communication autonome ou un système de chiffrement de communication assisté utilisant des composants de chiffrement et de déchiffrement, ou peut être un système de chiffrement d'informations statique utilisant des modules de chiffrement et de déchiffrement. Les effets bénéfiques de la présente invention sont les suivants : un grand nombre de clés optionnelles à caractéristiques aléatoires évidentes et pas plus courtes que le texte en clair peuvent être dérivées, et selon les clés optionnelles massives, une capacité d'exécution automatique d'un ordinateur et un petit nombre d'unités de stockage, une technologie de masque jetable pratique et faisable est réalisée.
PCT/CN2021/110681 2021-07-15 2021-08-04 Procédé et appareil de chiffrement et de déchiffrement, et système de communication WO2023284036A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110801365.4 2021-07-15
CN202110801365.4A CN113630386B (zh) 2021-07-15 2021-07-15 一种加解密方法、装置及其通信系统

Publications (1)

Publication Number Publication Date
WO2023284036A1 true WO2023284036A1 (fr) 2023-01-19

Family

ID=78379939

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/110681 WO2023284036A1 (fr) 2021-07-15 2021-08-04 Procédé et appareil de chiffrement et de déchiffrement, et système de communication

Country Status (2)

Country Link
CN (1) CN113630386B (fr)
WO (1) WO2023284036A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5365589A (en) * 1992-02-07 1994-11-15 Gutowitz Howard A Method and apparatus for encryption, decryption and authentication using dynamical systems
US5870470A (en) * 1996-02-20 1999-02-09 International Business Machines Corporation Method and apparatus for encrypting long blocks using a short-block encryption procedure
US20010031050A1 (en) * 2000-02-14 2001-10-18 Lateca Computer Inc. N.V. Key generator
CN101394268A (zh) * 2008-09-12 2009-03-25 华南理工大学 基于广义信息域的高级加密系统及方法
CN106953875A (zh) * 2017-04-26 2017-07-14 吉林大学珠海学院 基于多密钥流密码的顺序加密方法
CN110298186A (zh) * 2019-07-02 2019-10-01 北京计算机技术及应用研究所 一种基于动态可重构密码芯片的无密钥数据加解密方法

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3923267B2 (ja) * 1999-04-28 2007-05-30 富士ソフト株式会社 乱数生成装置及び暗号化システム
JP3864675B2 (ja) * 2000-03-09 2007-01-10 株式会社日立製作所 共通鍵暗号装置
CN101436930A (zh) * 2007-11-16 2009-05-20 华为技术有限公司 一种密钥分发的方法、系统和设备
CN101651538A (zh) * 2009-09-04 2010-02-17 瑞达信息安全产业股份有限公司 一种基于可信密码模块的数据安全传输方法
CN101742492B (zh) * 2009-12-11 2015-07-22 中兴通讯股份有限公司 密钥处理方法及系统
CN107196760B (zh) * 2017-04-17 2020-04-14 徐智能 具有可调整性的伴随式随机重构密钥的序列加密方法
CN108573176B (zh) * 2018-03-22 2022-04-12 福建师范大学 一种密钥派生加密的移动终端数据安全删除的方法及系统
CN108599930B (zh) * 2018-04-02 2021-05-14 湖南国科微电子股份有限公司 固件加解密系统与方法
CN111722831B (zh) * 2020-05-07 2024-03-19 中山大学 一种加密系统及其实现方法
CN112615824B (zh) * 2020-12-03 2021-12-24 清华大学 防泄漏一次一密通信方法及装置

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5365589A (en) * 1992-02-07 1994-11-15 Gutowitz Howard A Method and apparatus for encryption, decryption and authentication using dynamical systems
US5870470A (en) * 1996-02-20 1999-02-09 International Business Machines Corporation Method and apparatus for encrypting long blocks using a short-block encryption procedure
US20010031050A1 (en) * 2000-02-14 2001-10-18 Lateca Computer Inc. N.V. Key generator
CN101394268A (zh) * 2008-09-12 2009-03-25 华南理工大学 基于广义信息域的高级加密系统及方法
CN106953875A (zh) * 2017-04-26 2017-07-14 吉林大学珠海学院 基于多密钥流密码的顺序加密方法
US20190207745A1 (en) * 2017-04-26 2019-07-04 Zhuhai College Of Jilin University Sequential Encryption Method Based On Multi-Key Stream Ciphers
CN110298186A (zh) * 2019-07-02 2019-10-01 北京计算机技术及应用研究所 一种基于动态可重构密码芯片的无密钥数据加解密方法

Also Published As

Publication number Publication date
CN113630386A (zh) 2021-11-09
CN113630386B (zh) 2023-05-09

Similar Documents

Publication Publication Date Title
US3796830A (en) Recirculating block cipher cryptographic system
JP6307665B2 (ja) 再生不能通信セッションのためのシステムおよび方法
US4227253A (en) Cryptographic communication security for multiple domain networks
CN109040090B (zh) 一种数据加密方法及装置
EP0002578B1 (fr) Méthode de communication de données
US4386234A (en) Cryptographic communication and file security using terminals
US4255811A (en) Key controlled block cipher cryptographic system
CN104540237B (zh) 智能设备接入网络的方法及系统
US20120134495A1 (en) Cloud Storage Data Access Method, Apparatus and System Based on OTP
EP2100405A2 (fr) Procédé cryptographique mis en oeuvre à l'aide d'un combinateur combinatoire
US9270462B2 (en) Method and system for conducting high speed, symmetric stream cipher encryption
WO2008076776A2 (fr) Procédé et dispositif pour l'exécution sécurisée d'opérations bancaires par téléphone
CN107707347A (zh) 用户密钥的备份方法及装置、用户密钥的导入方法及装置
JP2001522056A (ja) 仮想マトリックス暗号化(vme)および仮想キー暗号法および装置
EP1171971B1 (fr) Procede et dispositif de limitation efficace de la longueur de cle
WO2019214069A1 (fr) Procédé et appareil de communication d'utilisateur chiffrée sur une chaîne de blocs, dispositif terminal et support d'informations
CN109714368B (zh) 报文加解密方法、装置、电子设备及计算机可读存储介质
CN107070896B (zh) 一种安全高效的区块链网络客户化登录方法及安全加固系统
CN108768636A (zh) 一种利用多方协同恢复私钥的方法
CN110636028A (zh) 密钥生成装置、加密装置、密钥生成和分发系统
WO2023284036A1 (fr) Procédé et appareil de chiffrement et de déchiffrement, et système de communication
US6301361B1 (en) Encoding and decoding information using randomization with an alphabet of high dimensionality
CN109428712A (zh) 数据加、解密方法及数据加、解密系统
CN111563980B (zh) 一种蓝牙锁钥匙生成与认证方法
CN116073987A (zh) 一种分组密码模式的可靠性设计方法、密码卡、服务器

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21949814

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE