CN100586063C - Triple stirring method for Ethernet data - Google Patents
Triple stirring method for Ethernet data Download PDFInfo
- Publication number
- CN100586063C CN100586063C CN200610088757A CN200610088757A CN100586063C CN 100586063 C CN100586063 C CN 100586063C CN 200610088757 A CN200610088757 A CN 200610088757A CN 200610088757 A CN200610088757 A CN 200610088757A CN 100586063 C CN100586063 C CN 100586063C
- Authority
- CN
- China
- Prior art keywords
- byte
- stir
- key
- deciphering
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The method comprises: the scramble encryption in thrice cascade connections is used to encrypt the inputted byte; introducing the previous encrypted byte and the previous output byte made by the thrice scramble in order to enhance the time domain relevance of the scramble-encrypted data.
Description
Technical field
The present invention relates to the data ciphering and deciphering in the communication technology, relate in particular to the encryption method that is used for the Ethernet system data.
Background technology
Developing rapidly with new business such as IPTV, newly use the access band of broadband access network is had higher requirement along with Internet, some new broadband access technologys based on Ethernet are suggested, and are also ripe rapidly by organizational standardizations such as IEEE, ITU-T as Ethernet passive optical network, point-to-point fiber optic Ethernet and point-to-point copper cable Ethernet etc.In these systems, there is the Information Security problem based on Ethernet.Especially in Ethernet passive optical network (EPON), adopt the topological structure of the point of bandwidth sharing to multiple spot, each optical line terminal (OLT) connects a plurality of optical network units (ONU) by Optical Distribution Network, and downlink business sends to all ONU with broadcast mode.Therefore, any ONU can both receive all users' ethernet data frame, and this has just produced the Information Security problem.The possibility that in the point-to-point Ethernet system, also exists data to be stolen.
In order to solve the Information Security problem, can adopt methods such as AES-128, stirring that data are encrypted.Cryptographic algorithm such as AES-128 realize complicated, and difficulty is big.In broadband passive optical network (A/BPON, ITU-T are G.983) system, adopt (Churning) method of stirring to carry out downlink data and encrypt.The principle of agitating method is the position of upsetting bit in each data byte, therefore realize fairly simple, technology maturation.
But, when in Ethernet system (as EPON, point-to-point Ethernet system), adopting stirring to encrypt, because disclosed standard is adopted in the realization of stirring, therefore, can decode out data at an easy rate based on analysis to the stirring pattern of specified byte in the ethernet frame.Malicious user can some fixing byte be easy to decode the stirring enciphered data in the ethernet frame by detecting.These bytes comprise: " 0x8809 " and the subtype " 0x03 " in the OAM frame of " 0x8000 " of expression carrying IP bag, expression VLAN " 0x8100 ", expression OAM frame, MAC Address are (as " 0x01005e of expression multicast address among full region filling for " 0x00 ", ethernet type territory (EtherType)
* * * * *" and " 0x0180C2 of expression Ethernet control address
* * * * *") and some field (all " 0x04 ", frame head length are generally also all fixed as IP version) of IP frame head.This makes malicious user receiving later all data that just can decode thereafter of several typical ethernet frames.According to analysis,, only needed just can decode the stirring enciphered data 1 second if malicious user has enough professional knowledge.Therefore, simple agitation mechanisms can not reach needed fail safe.
Therefore, need a kind of improved stirring encryption method, so that further improve safety of data.
Summary of the invention
The objective of the invention is to overcome above defective of the prior art,, provide a kind of encrypting and decrypting method, to improve the fail safe of Ethernet data at Information Security in the Ethernet system such as Ethernet system of the EPON system of putting multiple spot, point-to-point.
According to the present invention, at prior art ITU-T G.983 on the basis of the agitating method of prescribed by standard, a kind of triple stirring encryption method is proposed, by increasing the time domain relevance of stirring between dateout, eliminated existing substance and stirred the problem that the fail safe that exists in the encryption method is not high, be easy to decode.
According to an aspect of the present invention, a kind of triple stirring encryption method that is used for Ethernet data is provided, described triple stirring encryption method is to the data encryption that word for word saves land, wherein to N byte in the data, the N byte is input encrypted byte D_in[N], carry out following steps: the stir-key K that utilizes 24 bits is to input encrypted byte D_in[N] carry out first order stirring encryption, wherein N is a natural number; Encrypted byte D_in[N after the first order stir to be encrypted] with i byte before the triple stirring encryption after output byte D_out[N-i] and previous input encrypted byte D_in[N-1] carry out nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i, then D_out[N-i]=00000000; The first order after the distance is stirred encrypted byte carry out the bit displacement; With byte of stir-key K cyclic shift, and utilize the stir-key after byte of cyclic shift to carry out the second level and stir and encrypt to stir the output encrypted byte through nonequivalence operation and the first order of having carried out the bit displacement; Encrypted byte D_in[N after stir to encrypt the second level] with i+1 byte before the output byte D_out[N-i-1 of triple stirring after encrypting] and two input encrypted byte D_in[N-2 that byte is preceding] carry out " XOR " computing, if wherein N≤i+1, then D_out[N-i-1]=00000000; Encrypted byte is stirred in the second level after the distance carry out the bit displacement; With stir-key K to two bytes of equidirectional cyclic shift, and utilize the stir-key of two bytes of cyclic shift to encrypt to carrying out third level stirring through the second level stirring output encrypted byte after nonequivalence operation and the bit displacement, obtain the byte D_out[N after triple stirring is encrypted].Wherein, if the encrypted byte D_in[N that current stirring is encrypted] be first encrypted byte, D_in[N-1 then] be the lowest order byte of described stir-key K, D_in[N-2] be second low byte of described stir-key K, if the encrypted byte D_in[N that current stirring is encrypted] be second encrypted byte, then D_in[N-2] be the lowest order byte of described stir-key K.
Preferably, i=4.According to a preferred embodiment of the present invention, the first order after the nonequivalence operation is stirred the regular identical of encrypted byte bit displacement of carrying out and the bit displacement that the stirring encrypted byte of the second level after the distance is carried out.Preferably, the circulative shift operation of stir-key is cyclic shift to the right.
According to a further aspect of the invention, a kind of device that is used for Ethernet data is carried out byte-by-byte encryption is provided, described encryption device comprises: first stirs ciphering unit, is used to utilize the stir-key K of 24 bits to input encrypted byte D_in[N] carry out first order stirring encryption, wherein N is a natural number; The first distance unit, be used for the output byte D_out[N-i after the triple stirring encryption that described first output of stirring ciphering unit and i byte is preceding] and previous input encrypted byte D_in[N-1] carry out nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i, then D_out[N-i]=00000000; First bit shifter unit is used for the bit displacement is carried out in the output of the described first distance unit; Second stirs ciphering unit, is used to utilize second stir-key that the second level is carried out in the output of described first bit shifter unit and stirs encryption, wherein by byte of described stir-key K cyclic shift is obtained described second stir-key; The second distance unit, be used for the output byte D_out[N-i-1 after the triple stirring encryption before described second output of stirring ciphering unit and i+1 the byte] and two input encrypted byte D_in[N-2 that byte is preceding] carry out nonequivalence operation, if wherein N≤i+1, then D_out[N-i-1]=00000000; Second bit shifter unit is used for the bit displacement is carried out in the output of the described second distance unit; The 3rd stirs ciphering unit, be used to utilize the 3rd stir-key that the third level is carried out in the output of described second bit shifter unit and stir encryption, with the byte D_out[N after the encryption of output triple stirring], wherein by on the direction identical with the described second stir-key cyclic shift to two bytes of described stir-key cyclic shift, and obtain described the 3rd stir-key; Wherein, if the encrypted byte D_in[N that current stirring is encrypted] be first encrypted byte, D_in[N-1 then] be the lowest order byte of stir-key, D_in[N-2] be second low byte of described stir-key, if the encrypted byte D_in[N that current stirring is encrypted] be second encrypted byte, then D_in[N-2] be the lowest order byte of described stir-key.
In accordance with a further aspect of the present invention, a kind of triple stirring decryption methods of separating that are used for Ethernet data are provided, described triple separating stirred decryption method to the data deciphering that word for word saves land, wherein to N byte in the triple stirring enciphered data, the N byte is input deciphering byte D_in[N], carry out following steps: 24 bits are separated two bytes of stir-key K cyclic shift; With separating stir-key to input deciphering byte D_in[N after two bytes of cyclic shift] carry out the first order and separate and stir deciphering, wherein N is a natural number; The first order is separated the deciphering byte of stirring after deciphering carry out the bit displacement; The first order after the bit displacement is separated the input deciphering byte D_in[N-i-1 that stirs before deciphering byte and i+1 the byte] and two bytes before triple output byte D_out[N-2 that separate after stirring is deciphered] carry out nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i+1, then D_out[N-i-1]=00000000; To byte of equidirectional cyclic shift, and utilize the stir-key of separating after byte of cyclic shift to separate and stir deciphering the described stir-key K that separates to carry out the second level through the deciphering byte after the nonequivalence operation; The deciphering byte of stirring after deciphering is separated in the second level carry out the bit displacement; The second level after the bit displacement is separated the input deciphering byte D_in[N-i that stirs before deciphering byte and i the byte] and byte before triple output byte D_out[N-1 that separate after stirring is deciphered] carry out nonequivalence operation, if wherein N≤i, then D_out[N-i]=00000000; Utilize the described stir-key K that separates to separate the stirring deciphering, obtain triple output byte D_out[N that stir after deciphering that separate] carry out the third level through the deciphering byte after the nonequivalence operation; Wherein, if the current deciphering byte D_in[N that stirs deciphering that separates] be that first deciphers byte, D_out[N-1 then] be described lowest order byte of separating stir-key K, D_out[N-2] be described second low byte of separating stir-key K, if the current deciphering byte D_in[N that stirs deciphering that separates] be second deciphering byte, then D_out[N-2] be described lowest order byte of separating stir-key K.
According to a further aspect in the invention, a kind of device that the Ethernet data that triple stirring is encrypted is carried out byte-by-byte deciphering of being used for is provided, decryption device comprises: first separates the stirring decrypting device, be used to utilize and first separate stir-key input deciphering byte D_in[N] carry out the first order and separate and stir deciphering, wherein N is a natural number, obtains described first and separates stir-key by two bytes of stir-key K cyclic shift of separating to 24 bits; First bit shifter unit is used for separating the output of stirring decrypting device to described first and carries out the bit displacement; The first distance unit, be used for the input deciphering byte D_in[N-i-1 before the output of described first bit shifter unit and i+1 the byte] and two bytes before triple dateout byte D_out[N-2 that stir after the deciphering that separate] carry out nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i+1, then D_out[N-i-1]=00000000; Second separates the stirring decrypting device, be used to utilize second to separate stir-key and the second level is carried out in the output of the described first distance unit separate and stir deciphering, wherein by separating on the identical direction of stir-key cyclic shift the described byte of stir-key K cyclic shift of separating is obtained described second and separates stir-key with described first; Second bit shifter unit is used for separating the output of stirring decrypting device to described second and carries out the bit displacement; The second distance unit, be used for the input deciphering byte D_in[N-i before the output of described second bit shifter unit and i the byte] and byte before triple output byte D_out[N-1 that stir after the deciphering that separate] carry out nonequivalence operation, if wherein N≤i, then D_out[N-i]=00000000; The 3rd separates the stirring decrypting device, is used to utilize the described stir-key K that separates the third level is carried out in the output of the described second distance unit to separate and stir deciphering, to export triple byte D_out[N that stir after the deciphering that separate]; Wherein, if the current deciphering byte D_in[N that stirs deciphering that separates] be that first deciphers byte, D_out[N-1 then] be described lowest order byte of separating stir-key K, D_out[N-2] be described second low byte of separating stir-key K, if the current deciphering byte D_in[N that stirs deciphering that separates] be second deciphering byte, then D_out[N-2] be described lowest order byte of separating stir-key K.
Description of drawings
Introduce the present invention in detail below in conjunction with accompanying drawing, wherein
Fig. 1 represents a kind of preferred implementation according to triple stirring encryption method of the present invention;
Fig. 2 represents the data input/output relation according to triple stirring encryption method of the present invention;
Fig. 3 represents a kind of preferred implementation of separating the triple stirring decryption method according to of the present invention.
Embodiment
Followingly embodiments of the invention are described in more detail with reference to accompanying drawing.
Fig. 1 has represented a preferred embodiment according to triple stirring encryption method of the present invention.The method according to this invention adopts the mode of stirring cascade for three times, use the agitator of three cascades, wherein the operation that substance stirs in the performed operation of each agitator and the prior art is identical, therefore omits for operating in here of stirring of substance, repeats no more.These three employed stir-keys of agitator are inequality, wherein the employed stir-key of first order agitator is 24 original bit stir-key (X1-X8, P1-P16), the employed stir-key of second level agitator be obtained after byte of first order stir-key cyclic shift (to the right: P9-P16, X1-X8, P1-P8 or left: P1-P16, X1-X8), and that the employed stir-key of third level agitator is a first order stir-key is resulting (to the right: P1-P16 to direction cyclic shift two bytes identical with the displacement of second level key rotation, X1-X8 or left: P9-P16, X1-X8, P1-P8).
As shown in Figure 1, carry out N byte Data_in[N of triple stirring ciphered data] be imported into first order agitator, (X1-X8 P1-P16) stirs encryption to it, and the stirring cryptographic operation that is carried out is that substance of the prior art stirs operation wherein to utilize first order stir-key K.Stirred output after the encryption by first order agitator and nonequivalence operation (XOR) that two 8 bit vectors pursue bit, wherein first vector is previous input encrypted byte Data_in[N-1], if and current byte of encrypting is first input encrypted byte, this first vector lowest byte (P9-P16) that is first order stir-key then; Second vector is the data output Data_out[N-i behind the triple stirring before i the byte], i 〉=3 wherein, and if current byte of encrypting be a preceding i encrypted byte, promptly N≤i then uses " 00000000 " replacement Data_out[N-i].Preferably, i=4.
Output after the nonequivalence operation at first is shifted by bit, is imported into then in the agitator of the second level.In the agitator of the second level, stir-key is by resulting after byte of first order stir-key cyclic shift.As shown in Figure 1, preferably, to first stir-key byte of cyclic shift to the right, promptly second level stir-key K ' be (P9-P16, X1-8, P1-8).In the agitator of the second level, the byte of being imported is stirred encryption.Subsequently, the nonequivalence operation that the output of second level agitator is also pursued bit with two other 8 bit vector, wherein first vector is the input encrypted byte before two bytes, be Data_in[N-2], if and current byte of encrypting is first input encrypted byte, then this vector is second low byte of original stir-key (being first order stir-key), be P1-P8, if and current byte of encrypting is second input encrypted byte, then this vector is the lowest order byte of original stir-key, i.e. P9-P16; Second vector is the triple stirring data encrypted output before i+1 the byte, i.e. Data_out[N-i-1], and if current byte of encrypting be a preceding i+1 encrypted byte, promptly N≤i+1 then uses " 00000000 " replacement Data_out[N-i-1].
Subsequently, resulting byte is shifted by bit.As shown in the figure, preferably, the rule of current bit displacement is identical with previous bit shift rule.According to a preferred embodiment of the present invention, the bit displacement of being carried out is: bit 2,4 exchanges, and bit 3,5 exchanges, bit 0,1,6,7 is constant, as shown in the figure.
The resulting byte in bit displacement back is imported into carries out the third level and stirs and encrypt in the 3rd agitator, wherein the third level to stir the stir-key of encrypting be that original stir-key obtains in two bytes of direction cocycle displacement identical with second level stir-key cyclic shift.Preferably, according to illustrated embodiment, third level stir-key K " be (P1-P16, X1-X8).At last, the output byte Data_out[N after third level agitator output triple stirring is encrypted], the triple stirring encryption finishes.
Fig. 2 has schematically shown according to the data input of triple stirring encipherment scheme of the present invention and the relation between the output.As shown in Figure 3, by triple stirring encryption method according to the present invention, the output byte after being encrypted by N, N-1, N-2 input encrypted byte and N-i, N-i-1 triple stirring is tried to achieve the output byte after the triple stirring encryption of N byte.
According to triple stirring encipherment scheme of the present invention, stir by three substances of cascade, thereby strengthened cryptographic complexity, improved fail safe.Simultaneously, by when N byte encrypted, use input encrypted byte before previous and two bytes (be Data_in[N-1], Data_in[N-2]) and i byte and i+1 byte before the output byte of triple stirring after encrypting (be Data_out[N-i], Data_out[N-i-1]), be associated with previous stirring input and output thereby make current stirring encrypt output, increased the time domain relevance of stirring between dateout.Therefore, triple stirring encryption method according to the present invention has been eliminated existing substance and has been stirred the problem that the existing fail safe of encryption method is not high, be easy to decode, and can increase substantially the fail safe of data encryption, thereby reduces the frequency of cipher key change.The method according to this invention has that agreement is simple, technology is reliable, safe, advantage such as expense is little, extensibility is strong.
Represented among Fig. 3 that it is the simple mirror image of triple stirring encryption method according to triple schematic diagrames of separating a preferred embodiment that stirs decryption method of the present invention.Wherein, byte after the triple stirring of input is encrypted at first is transfused to first and separates in the agitator, its separate stir-key encrypt corresponding to triple stirring in the third level stir the stirring encryption key K of encryption equipment " (it is preferably P1-P16; X1-X8); then the bit displacement is carried out in output, and it is relative that bit shift rule third level when encrypting is stirred the bit shift rule that is carried out before the encryption.Subsequently, two vectors that carry out in the distance second time during with output and encryption carry out nonequivalence operation, resulting output is transfused to the second level and separates to separate in the agitator and stir deciphering, (it is preferably P9-P16 to the stir-key of separating wherein corresponding to second level stirring encryption key K ' in encrypting, X1-X8, P1-P9).Then, to output carry out with ciphering process in the relative bit displacement of bit displacement carried out before the agitator of the second level, and two vectors in the nonequivalence operation for the first time in itself and the ciphering process are carried out nonequivalence operation, resulting output is imported into the third level and separates to separate in the agitator and stir deciphering, the stir-key of separating wherein stirs encryption key K corresponding to the first order in the ciphering process, be original stir-key (X1-X8, P1-P16).The third level is separated the triple output bytes that stir after deciphering of separating of agitator output.
Stir in the decryption method in triple stirring encryption method according to the present invention and triple separating, every grade of agitator or separate the stirring operation that agitator realizes or separate and stir operation fully with of the prior art identical, promptly fully with middle stipulate identical G.983.
For ethernet frame, the scope that triple stirring is encrypted is that present MAC Address (DA) arrives frame check (FCS) field.
The present invention encrypts input and output syllable dependent with previous stirring and joins by making current stirring encrypted byte stir output after encrypting, and pass through the stir-key cyclic shift with stir-key as three grades of agitators, making substance stir some pattern that repeats easily in the encryption can't be detected under triple stirring encryption situation, thereby introduce bigger stirring output randomness, make that decoding difficulty increases greatly.
Employing according to triple stirring encryption method of the present invention after owing to increased the relevance of stirring between the dateout, make the difficulty of decoding based on attribute byte increase greatly.In typical rate is in the EPON system of 1Gbps, the shortest time of decoding the triple stirring enciphered data also needs 10 seconds more than the kind, therefore the replacement cycle of key can extend to 10 seconds (in the prior art, G.983 rule are 1 second), and then reduces key greatly and change the OAM message overhead that is caused.The implementation complexity of encrypting according to triple stirring of the present invention is that substance stirs 3 times that encrypt in the prior art, improves 2 but decode difficulty
24More than, can improve the Information Security of Ethernet significantly.
Claims (20)
1. triple stirring encryption method that is used for Ethernet data, described triple stirring encryption method is to the data encryption that word for word saves land, wherein to N byte in the data, the N byte is input encrypted byte D_in[N], carry out following steps:
The stir-key K that utilizes 24 bits is to input encrypted byte D_in[N] carry out first order stirring encryption, wherein N is a natural number;
Encrypted byte D_in[N after the first order stir to be encrypted] with i byte before the triple stirring encryption after output byte D_out[N-i] and previous input encrypted byte D_in[N-1] pursue the bit nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i, then D_out[N-i]=00000000;
The first order behind the XOR is stirred encrypted byte carry out the bit displacement;
With byte of described stir-key K cyclic shift, and utilize the stir-key after byte of cyclic shift to encrypt to carrying out second level stirring through the first order stirring output encrypted byte after nonequivalence operation and the bit displacement;
Encrypted byte D_in[N after stir to encrypt the second level] with i+1 byte before the output byte D_out[N-i-1 of triple stirring after encrypting] and two input encrypted byte D_in[N-2 that byte is preceding] pursue the bit nonequivalence operation, if wherein N≤i+1, then D_out[N-i-1]=00000000;
Encrypted byte is stirred in the second level behind the XOR carry out the bit displacement;
With described stir-key K to two bytes of equidirectional cyclic shift, and utilize the stir-key of two bytes of cyclic shift to encrypt to carrying out third level stirring through the second level stirring output encrypted byte after nonequivalence operation and the bit displacement, obtain the output byte D_out[N after triple stirring is encrypted];
Wherein, if the encrypted byte D_in[N that current stirring is encrypted] be first encrypted byte, D_in[N-1 then] be the lowest order byte of described stir-key K, D_in[N-2] be second low byte of described stir-key K, if the encrypted byte D_in[N that current stirring is encrypted] be second encrypted byte, then D_in[N-2] be the lowest order byte of described stir-key K.
2. according to the method for claim 1, it is characterized in that i=4.
3. according to the method for claim 1 or 2, wherein the first order after the nonequivalence operation is stirred the regular identical of encrypted byte bit displacement of carrying out and the bit displacement that the stirring encrypted byte of the second level after the nonequivalence operation is carried out.
4. according to the method for claim 3, the rule of wherein said bit displacement is: bit 2,4 exchanges, and bit 3,5 exchanges, bit 0,1,6,7 is constant.
5. according to the method for claim 1 or 2, wherein the performed circulative shift operation of stir-key K is cyclic shift to the right.
6. device that is used for Ethernet data is carried out byte-by-byte encryption, encryption device comprises:
First stirs ciphering unit, is used to utilize the stir-key K of 24 bits to input encrypted byte D_in[N] carry out first order stirring encryption, wherein N is a natural number;
The first distance unit, be used for the output byte D_out[N-i after the triple stirring encryption that described first output of stirring ciphering unit and i byte is preceding] and previous input encrypted byte D_in[N-1] the bit nonequivalence operation pursued, wherein i is a natural number, i 〉=3, if and N≤i, then D_out[N-i]=00000000;
First bit shifter unit is used for the bit displacement is carried out in the output of the described first distance unit;
Second stirs ciphering unit, is used to utilize second stir-key that the second level is carried out in the output of described first bit shifter unit and stirs encryption, wherein by byte of described stir-key K cyclic shift is obtained described second stir-key;
The second distance unit, be used for the output byte D_out[N-i-1 after the triple stirring encryption before described second output of stirring ciphering unit and i+1 the byte] and two input encrypted byte D_in[N-2 that byte is preceding] the bit nonequivalence operation pursued, if wherein N≤i+1, then D_out[N-i-1]=00000000;
Second bit shifter unit is used for the bit displacement is carried out in the output of the described second distance unit;
The 3rd stirs ciphering unit, be used to utilize the 3rd stir-key that the third level is carried out in the output of described second bit shifter unit and stir encryption, with the byte D_out[N after the encryption of output triple stirring], wherein by on the direction identical with the described second stir-key cyclic shift to two bytes of described stir-key K cyclic shift, and obtain described the 3rd stir-key;
Wherein, if the encrypted byte D_in[N that current stirring is encrypted] be first encrypted byte, D_in[N-1 then] be the lowest order byte of described stir-key K, D_in[N-2] be second low byte of described stir-key K, if the encrypted byte D_in[N that current stirring is encrypted] be second encrypted byte, then D_in[N-2] be the lowest order byte of described stir-key K.
7. according to the device of claim 6, it is characterized in that i=4.
8. according to the device of claim 6 or 7, wherein said first bit shifter unit is identical with second bit shifter unit.
9. device according to Claim 8, the shift rule of wherein said first bit shifter unit and second bit shifter unit is: bit 2,4 exchanges, bit 3,5 exchanges, bit 0,1,6,7 is constant.
10. according to the device of claim 6 or 7, wherein by to described stir-key K to the right cyclic shift to obtain described second stir-key and the 3rd stir-key.
11. triple stirring decryption methods of separating that are used for Ethernet data, described triple separating stirred decryption method to the data deciphering that word for word saves land, wherein to N byte in the triple stirring enciphered data, the N byte is input deciphering byte D_in[N], carry out following steps:
24 bits are separated two bytes of stir-key K cyclic shift;
With separating stir-key to input deciphering byte D_in[N after two bytes of cyclic shift] carry out the first order and separate and stir deciphering, wherein N is a natural number;
The first order is separated the deciphering byte of stirring after deciphering carry out the bit displacement;
The first order after the bit displacement is separated the input deciphering byte D_in[N-i-1 that stirs before deciphering byte and i+1 the byte] and two bytes before triple output byte D_out[N-2 that separate after stirring is deciphered] pursue the bit nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i+1, then D_out[N-i-1]=00000000;
To byte of equidirectional cyclic shift, and utilize the stir-key of separating after byte of cyclic shift to separate and stir deciphering the described stir-key K that separates to carry out the second level through the deciphering byte of nonequivalence operation;
The deciphering byte of stirring after deciphering is separated in the second level carry out the bit displacement;
The second level after the bit displacement is separated the input deciphering byte D_in[N-i that stirs before deciphering byte and i the byte] and byte before triple output byte D_out[N-1 that separate after stirring is deciphered] pursue the bit nonequivalence operation, if wherein N≤i, then D_out[N-i]=00000000;
Utilize the described deciphering byte of stir-key K after of separating to carry out the third level and separate and stir deciphering, obtain triple output byte D_out[N that stir after the deciphering that separate] XOR;
Wherein, if the current deciphering byte D_in[N that stirs deciphering that separates] be that first deciphers byte, D_out[N-1 then] be described lowest order byte of separating stir-key K, D_out[N-2] be described second low byte of separating stir-key K, if the current deciphering byte D_in[N that stirs deciphering that separates] be second deciphering byte, then D_out[N-2] be described lowest order byte of separating stir-key K.
12. the method according to claim 11 is characterized in that, i=4.
13., wherein the first order is separated and stirs the bit displacement that the deciphering byte after the deciphering carries out and the second level is separated stir the regular identical of bit displacement that the deciphering byte after the deciphering carries out according to the method for claim 11 or 12.
14. according to the method for claim 13, the rule of wherein said bit displacement is: bit 2,4 exchanges, bit 3,5 exchanges, bit 0,1,6,7 is constant.
15., wherein be cyclic shift to the right to separating the performed circulative shift operation of stir-key K according to the method for claim 11 or 12.
16. one kind is used for device that the Ethernet data that triple stirring is encrypted is carried out byte-by-byte deciphering, decryption device comprises:
First separates the stirring decrypting device, be used to utilize and first separate stir-key input deciphering byte D_in[N] carry out the first order and separate and stir deciphering, wherein N is a natural number, obtains described first and separates stir-key by two bytes of stir-key K cyclic shift of separating to 24 bits;
First bit shifter unit is used for separating the output of stirring decrypting device to described first and carries out the bit displacement;
The first distance unit, be used for the input deciphering byte D_in[N-i-1 before the output of described first bit shifter unit and i+1 the byte] and two bytes before triple output byte D_out[N-2 that stir after the deciphering that separate] pursue the bit nonequivalence operation, wherein i is a natural number, i 〉=3, if and N≤i+1, then D_out[N-i-1]=00000000;
Second separates the stirring decrypting device, be used to utilize second to separate stir-key and the second level is carried out in the output of the described first distance unit separate and stir deciphering, wherein by separating on the identical direction of stir-key cyclic shift the described byte of stir-key K cyclic shift of separating is obtained described second and separates stir-key with described first;
Second bit shifter unit is used for separating the output of stirring decrypting device to described second and carries out the bit displacement;
The second distance unit, be used for the input deciphering byte D_in[N-i before the output of described second bit shifter unit and i the byte] and byte before triple output byte D_out[N-1 that stir after the deciphering that separate] pursue the bit nonequivalence operation, if wherein N≤i, then D_out[N-i]=00000000;
The 3rd separates the stirring decrypting device, is used to utilize the described stir-key K that separates the third level is carried out in the output of the described second distance unit to separate and stir deciphering, to export triple byte D_out[N that stir after the deciphering that separate];
Wherein, if the current deciphering byte D_in[N that stirs deciphering that separates] be that first deciphers byte, D_out[N-1 then] be described lowest order byte of separating stir-key K, D_out[N-2] be described second low byte of separating stir-key K, if the current deciphering byte D_in[N that stirs deciphering that separates] be second deciphering byte, then D_out[N-2] be described lowest order byte of separating stir-key K.
17. the device according to claim 16 is characterized in that, i=4.
18. according to the device of claim 16 or 17, wherein said first bit shifter unit is identical with second bit shifter unit.
19. according to the device of claim 18, the shift rule of wherein said first bit shifter unit and second bit shifter unit is: bit 2,4 exchanges, bit 3,5 exchanges, bit 0,1,6,7 is constant.
20. according to the device of claim 16 or 17, wherein by to described separate stir-key K to the right cyclic shift separate stir-key and second and separate stir-key to obtain described first.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610088757A CN100586063C (en) | 2006-06-05 | 2006-06-05 | Triple stirring method for Ethernet data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610088757A CN100586063C (en) | 2006-06-05 | 2006-06-05 | Triple stirring method for Ethernet data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1897521A CN1897521A (en) | 2007-01-17 |
| CN100586063C true CN100586063C (en) | 2010-01-27 |
Family
ID=37609910
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610088757A Active CN100586063C (en) | 2006-06-05 | 2006-06-05 | Triple stirring method for Ethernet data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100586063C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888293A (en) * | 2010-07-20 | 2010-11-17 | 中国电信股份有限公司 | Agitating method and device for ethernet passive optical network |
| CN102404106A (en) * | 2010-09-10 | 2012-04-04 | 高通创锐讯通讯科技(上海)有限公司 | Multi-input multiple agitator |
| CN102594552B (en) * | 2012-03-19 | 2014-12-03 | 烽火通信科技股份有限公司 | Triple dechurning realization method and device for Ethernet passive optical network (EPON) |
| DE102012209404A1 (en) * | 2012-06-04 | 2013-12-05 | Robert Bosch Gmbh | Apparatus for executing a cryptographic method and method of operation therefor |
| CN110868246B (en) * | 2019-09-02 | 2020-10-27 | 北京邮电大学 | Information transmission method and system |
| CN110650016B (en) * | 2019-09-02 | 2022-09-23 | 南京南瑞继保电气有限公司 | Method for realizing network data security of AC/DC control protection system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510899A (en) * | 2002-12-23 | 2004-07-07 | 郝敏燕 | Mobile communication platform based on dynamic random mobile telephone pin identifying system |
| CN2640134Y (en) * | 2003-09-11 | 2004-09-08 | 北京华控技术有限责任公司 | Live bus network interconnection unit for connecting high-speed Ethernet and PROFIBUS-DP/PA bus |
-
2006
- 2006-06-05 CN CN200610088757A patent/CN100586063C/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510899A (en) * | 2002-12-23 | 2004-07-07 | 郝敏燕 | Mobile communication platform based on dynamic random mobile telephone pin identifying system |
| CN2640134Y (en) * | 2003-09-11 | 2004-09-08 | 北京华控技术有限责任公司 | Live bus network interconnection unit for connecting high-speed Ethernet and PROFIBUS-DP/PA bus |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1897521A (en) | 2007-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109218825B (en) | Video encryption system | |
| US20140331050A1 (en) | Qkd key management system | |
| CN100586063C (en) | Triple stirring method for Ethernet data | |
| CN101448130B (en) | Method, system and device for protecting data encryption in monitoring system | |
| CN109151508B (en) | Video encryption method | |
| CN1938980A (en) | Method and apparatus for cryptographically processing data | |
| CN108989325A (en) | Encryption communication method, apparatus and system | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| US7039190B1 (en) | Wireless LAN WEP initialization vector partitioning scheme | |
| CN104486756B (en) | A kind of encryption and decryption method and system of close writing paper short message | |
| CN110855438A (en) | Quantum key distribution method and system based on annular QKD network | |
| CN110011786A (en) | A kind of IP secret communication method of high safety | |
| CN110071943A (en) | The compound high safety IP secret communication method of the truly random variation of key | |
| CN106209384B (en) | Use the client terminal of security mechanism and the communication authentication method of charging unit | |
| CN107623682A (en) | One kind is based on twin-channel command transmission system | |
| US11909872B2 (en) | Set up and distribution of post-quantum secure pre-shared keys using extendible authentication protocol | |
| WO2023198877A1 (en) | Methods and systems for performing secure transactions | |
| CN103873270B (en) | Intelligent meter infrastructure network system and its message broadcasting method | |
| CN111093193A (en) | MAC layer communication security mechanism suitable for Lora network | |
| CN110213257A (en) | High safety IP secret communication method based on truly random stream exclusive or encryption | |
| CN110650016B (en) | Method for realizing network data security of AC/DC control protection system | |
| Hartl et al. | Subverting Counter Mode Encryption for Hidden Communication in High-Security Infrastructures | |
| TWI571086B (en) | Advanced metering infrastructure network system and message broadcasting method | |
| US11956358B2 (en) | Method for synchronizing a receiver initialization vector with a transmitter initialization vector | |
| Price et al. | Quantum key distribution without sifting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |