Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, a kind of database data encryption system of the present invention and method are further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Database data encryption system of the present invention as shown in Figure 1, comprises mould Q nonlinear feedback shift register 1, permutation table replacement module 2, substitution list conversion module 3, and computing module 4, library key administration module 5.Wherein:
1) mould Q nonlinear feedback shift register 1:
Mould Q nonlinear feedback shift register 1, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of default mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses.
Preferably, block cipher 8 circles that turn round altogether, every circle is with two output states.
2) permutation table replacement module 2:
The permutation table replacement module 2 of the embodiment of the invention, comprise at least one group of permutation table disk, permutation table is the table of indication evolution relation, permutation table disk is divided into two classes, the first kind is to encrypt with table, comprises permutation table disk8e, constitutes by 4 pages, note disk8e[i] (i=0..3), be used for the encryption of 8 unitary codes; And permutation table disi7e, constitute note disk7e[i by 4 pages] (i=0..3), be used for the encryption of 7 unitary codes.Second class is the deciphering table, and is corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Permutation table replacement module 2, being used for the byte is unit transformation, the row variable claims the displacement wheel, displacement wheel indication replacement series, the row variable claims to replace starting point, and the indication replacement series is enabled starting point.
As table 1,6 take turns, and the displacement relation that 7 starting points constitute is as follows:
Table 16 is taken turns, the displacement relation table that 7 starting points constitute
disk8e[2]
0 1 2 3 4 5 6 7
[0]5 2 7 3 6 7 6 0
[1]2 0 5 7 1 3 4 7
[2]0 7 2 4 3 5 1 6
[3]7 4 6 0 2 1 5 1
[4]1 6 3 2 0 4 2 3
[5]4 1 0 6 5 2 3 4
[6]3 5 4 1 7 6 0 2
[7]6 3 1 5 4 0 7 5
byte=8:56 C3 62 FF 25 44 06 6A
Displacement:
byte=8:06 FF 44 C3 62 25 56 6A
As shown in table 1, giving given data 56 C3 62 FF 25 44 06 6A, after displacement, be 06 FF, 44 C362,25 56 6A.
3) the substitution list conversion module 3:
Described substitution list conversion module 3 comprises at least one group of substitution list subst, is used for replacing conversion with byte position unit with subst.The Subst substitution list is divided into two classes, and a class is to encrypt the substitution list of usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.Another kind of is the substitution list of deciphering usefulness, corresponding with substitution list subst8e and subst7e, be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
Replacing conversion module 3 to be used for the byte is that unit replaces, and is illustrated in the 1-bit operation as byte=1:subst8e (09)=FF, and subst8e is the function name that replaces operation, and 09 replaces into FF.
4) computing module 4, be used for the data of database being expanded by byte or being concentrated, laterally add up, under the derivative key that mould Q nonlinear feedback shift register 1 replaces conversion to go out is indicated, replace and substitution operation, finish the database data encryption and decryption.It comprises:
41) the data expansion module 41, are used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
42) the data centralization module 42, be used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
43) horizontal accumulator module 43,8 byte datas after being used to launch will add up and dextrad adds up through left-hand in each circle computing.
44) the in- place computation module 44,8 byte datas after being used to launch, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
45) substitution operation module 45 is used for that n the byte (n=1,2,3,4) after concentrating carried out subst with byte position unit and replaces conversion, finishes the encryption and decryption of database data.
5) the library key administration module 5:
One concerns the storehouse, is made up of a lot of tables, and table is made up of record, and record is made up of field.There is library key in the storehouse, and catalogue has the catalogue key, and sub-directory has the sub-directory key, and table has table key or the like, forms huge key management net.Library key administration module 5 is used to manage whole cipher key system and determines a record key, a field key.
Describe mould Q nonlinear feedback shift register 1 of the present invention below in detail:
The mould Q nonlinear feedback shift register 1 of the embodiment of the invention is made of 8 bytes, is the critical piece of key derivation.The connection polynomial expression of feedback shift register is: f (x)=x
8+ x+1 is with (8,1,0) mark.
The 8th grade of output of described polynomial expression (8,1,0) replaces through default substitution list mmm, carries out feeding back to the 1st grade after the mould q additive operation with the 1st grade of output again.In embodiments of the present invention, q=256 is expressed from the next:
Mmm (8 grades)+(1 grade) mod 256
(1 grade)
Its logical relation as shown in Figure 2.
Described substitution list mmm is the substitution list of 16x16, is used for the feedback logic of shifting memory, and it is non-linear, as shown in table 2 that feedback is become.
Table 2 mmm substitution list
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 CC 87 F0 75 BC 1F F8 52 00 3A 8E 57 AC 6E F5 23
1 17 2B 89 D5 12 FC A3 EF 67 94 5C C7 9E DF 56 DA
2 C2 FF 47 83 E6 2C 39 02 AD 1E E4 07 51 1D A6 0A
3 3B A8 11 20 62 CB B3 B5 22 D2 2A EE D8 F4 9F 86
4 FB 63 AE 58 FE 10 7E 35 E5 4F 7F 55 5B 8D 4B 7A
5 90 E1 53 E0 95 48 4E 66 31 F6 C8 6D 06 3E C6 BF
6 46 04 F7 38 01 C0 0B A1 8F 0F 43 85 AB F9 68 93
7 A2 AF 73 DB 6F 16 9A 6C 72 A7 D1 1B 65 1C 79 3F
8 21 33 0C 45 B8 5D 76 29 BB 2E 61 DE 99 B6 5F E3
9 9B 82 7B E7 27 54 9D DD 81 E9 E2 78 BD 37 ED 30
A 74 59 D4 32 8B BA 0D 26 13 7D 05 C5 15 71 B2 CF
B 34 E8 18 C1 F1 40 92 AA 8A C9 B1 44 A5 EC 24 69
C 88 28 CD 03 6A 64 D7 42 FA 5E 3D F2 8C 08 D9 B7
D 6B D6 3C CA DC FD 2D EA 19 96 CE 14 25 D0 80 4A
E B9 A9 C3 7C A4 4C B0 84 C4 77 EB A0 D3 49 BE 98
F 41 9C 4D B4 1A 91 70 0E 5A F3 36 50 2F 97 60 09
In the embodiment of the invention, with the initial value of given key as mould Q nonlinear feedback shift register 1, with the state of feedback shift 16 times is first group of derivative key keyb[0], feed back again 24 times, obtain second group of derivative key keyb[1], analogize, feed back 16 times and 24 times circulation in turn, derive keyb[0 successively] ..keyb[17] totally 18 groups of derivative key.
Described derivative key accounts for a grouping, and block length is 8 bytes of 64 bits (bit).
Described derivative key, wherein keyb[0], keyb[9] be used for indieating variable, keyb[1..8], keyb[10..17] be used for the constant variables of each layer computing.
The effect of indieating variable: keyb[0, i] and keyb[9, i] low 4 of each byte of key, indicate used permutation table; Each byte of key high 4, indication permutation table starting point;
The effect of constant variables: remove keyb[0, i] and keyb[9, i] outside, other 16 groups of keyb key variables are all done constant variables and packet addition, in every iteration of taking turns when changing, and use successively.
Described iterative process is illustrated in fig. 3 shown below.
Iterations position 8 times (circle) in embodiments of the present invention, this iteration is the basic theories problem of password, is the notion of product ciphers, therefore describes in detail no longer one by one in embodiments of the present invention.
Describe the permutation table conversion module 2 of the embodiment of the invention below in detail:
Permutation table conversion module 2, comprise at least one group of permutation table disk, permutation table is the table of indication evolution relation, permutation table disk is divided into two classes, and a class is to encrypt with table, comprises permutation table disk8e, constitute by 4 pages, note disk8e[i] (i=0..3), be used for the encryption of 8 unitary codes, promptly be used for the encryption of 8 unit binary codes; And permutation table disi7e, constitute note disk7e[i by 4 pages] (i=0..3), be used for the encryption of 7 unitary codes, be used for the encryption of 7 ask of unit sign indicating numbers.Two classes are the deciphering table, and are corresponding with permutation table disk8e and permutation table disk7e, are used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Totally 4 pages of permutation table disk are with the 0..3 mark.With disk8e[0] be example, 8 row constitute 8 displacement wheels, and each displacement wheel has 8 starting points, and different wheels constitute different displacement relations with different starting points, and are as shown in table 3.
Table 3, disk8e[0] and disk7e[0] the displacement relation table
disk8e[0] disk7e[0]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 7 4 2 3 5 1 6 7 [0] 2 4 8 1 5 5 0
[1] 4 6 4 5 0 7 2 3 [1] 5 2 0 4 3 1 6
[2] 6 0 7 6 4 3 7 5 [2] 1 6 4 0 6 3 2
[3] 1 2 6 1 7 0 5 6 [3] 3 0 6 2 1 4 5
[4] 2 7 0 2 3 5 1 0 [4] 0 3 1 5 4 6 1
[5] 0 1 3 7 6 2 4 4 [5] 6 1 5 3 0 2 4
[6] 5 3 1 0 2 4 3 2 [6] 4 5 2 6 2 0 3
[7] 3 5 5 4 1 6 0 1
disk8e[1] disk7e[1]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 3 4 7 2 1 0 5 6 [0] 6 1 5 2 9 4 3
[1] 5 2 1 6 7 4 0 3 [1] 3 0 2 6 4 5 6
[2] 1 0 4 5 3 6 2 5 [2] 1 3 4 5 1 6 0
[3] 4 6 0 1 5 3 7 2 [3] 0 2 3 4 5 1 2
[4] 0 1 6 3 2 5 1 4 [4] 5 6 0 1 3 2 4
[5] 7 5 2 0 4 1 3 7 [5] 2 4 1 3 6 0 5
[6] 2 3 5 7 6 7 4 0 [6] 4 5 6 0 2 3 1
[7] 6 7 3 4 0 2 6 1
disk8e[2] disk7e[2]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 5 2 7 3 6 7 6 0 [0] 2 5 4 5 1 0 2
[1] 2 0 5 7 1 3 4 7 [1] 0 2 5 1 3 4 6
[2] 0 7 2 4 3 5 1 6 [2] 5 6 1 2 0 3 4
[3] 7 4 6 0 2 1 5 1 [3] 1 3 6 4 6 5 0
[4] 1 6 3 2 0 4 2 3 [4] 3 1 2 0 4 6 3
[5] 4 1 0 6 5 2 3 4 [5] 6 4 0 3 2 1 5
[6] 3 5 4 1 7 6 0 2 [6] 4 0 3 6 5 2 1
[7] 6 3 1 5 4 0 7 5
disk8e[3] disk7e[3]
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6
[0] 7 3 0 7 4 2 5 6 [0] 2 0 3 1 6 4 6
[1] 2 0 7 3 5 7 4 1 [1] 6 2 5 0 3 6 1
[2] 6 7 4 0 3 1 7 2 [2] 0 5 4 5 1 3 2
[3] 3 1 1 4 0 5 2 5 [3] 3 1 0 2 4 5 4
[4] 5 4 6 1 2 3 6 0 [4] 1 3 6 4 2 0 5
[5] 0 6 2 5 7 6 1 3 [5] 4 6 1 3 5 2 0
[6] 4 2 5 6 1 0 3 7 [6] 5 4 2 6 0 1 3
[7] 1 5 3 2 6 4 0 4
Describe the replacement conversion module 3 of the embodiment of the invention below in detail, it comprises at least one group of substitution list subst, and the substitution list of the encryption usefulness in the Subst substitution list comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.。
Substitution list sub8e is the unit table of 16x16, is used for 8 unit operations, and is as shown in table 4.Substitution list sub7e is the Dan representative of 8x16, is used for 7 unit operations, and is as shown in table 5.
Table 4Subst8e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 0B 9A 43 CD 17 B4 2A 84 77 FF 52 8E 70 03 A7 34
1 D6 3C 93 1D DD 4B C6 A6 42 9F C5 11 B3 83 5C 07
2 82 F4 0A E3 64 C4 16 8D D5 25 CC 7C 33 29 9E 4D
3 6D DE 4A BE 81 10 A5 6F 3D B5 6A 1F 5B BD 12 7B
4 9B AB 24 2B D7 B2 41 92 EF 51 00 89 D4 4C 99 38
5 18 FC 53 C3 3B 78 F5 06 5A CB 44 E2 15 94 2F 6C
6 49 B1 1E D3 01 E0 57 32 EE 63 9D 28 BC 66 AA 56
7 58 BA 80 9C F3 37 E7 7D 1C D2 02 A2 5D E8 20 DC
8 C8 6E FE 0F AF 48 A1 88 50 76 F0 71 B7 0C ED 62
9 05 2C 91 E6 69 FD 79 13 8F A9 39 40 95 75 A8 3F
A 8C F6 59 BB CA 23 AD 65 D8 08 C7 AE 1B F9 47 8B
B 36 14 D1 87 26 E1 72 BF 45 B6 6B CE 7A 2D DB 67
C DF 60 A0 68 E9 7E 0E B8 4E E4 5E 21 F2 54 8A C1
D 4F C9 AC 09 D9 5F EC 97 F7 1A A3 EA 55 FB 96 30
E 27 C2 73 B9 46 F8 31 E5 3A CF F1 2E DA 85 0D EB
F 74 B0 19 90 A4 04 D0 35 FA 22 C0 7F 3E 98 61 86
Table 5Subst7e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 2A 61 10 5A 2F 4C 09 24 67 1B 04 37 33 0A 64 14
1 0F 55 44 18 78 01 29 76 03 6F 3F 13 59 22 49 5E
2 79 1E 6B 43 3C 7E 23 36 74 2E 68 0B 38 28 75 34
3 3D 7F 1F 54 00 45 19 62 12 21 4E 32 51 40 3B 71
4 5B 02 4A 7A 2B 4F 69 1A 42 6C 15 57 70 1D 5D 0C
5 17 72 30 16 60 39 08 66 2C 52 7D 27 35 50 65 58
6 4B 07 6E 26 73 11 53 20 7C 5C 48 05 6D 63 0D 46
7 31 6A 56 06 3A 25 7B 3E 4D 0E 5F 41 1C 47 77 2D
The embodiment of the invention has two kinds of implementations:
A kind of is 8 unitary codes (8-bit) operations, draws the binary data of 8-bit after encrypting;
Another kind is 7 unitary codes (7-bit) operations, and the sign bit reservation earlier of each byte is got up, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
The block cipher that did not also occur 7 unit operations in the prior art.
The embodiment of the invention realizes 5 kinds of encryption methods such as 1 byte, 2 bytes, 3 bytes, 4 bytes, 8 bytes under the key length rigid condition, the segment length remains unchanged after encrypting.
Short word joint and odd disposal route:
1) 8 byte manipulations are basic arithmetic units, handle (data of 8 byte multiple length) by 8 byte manipulations earlier greater than the part of 8 bytes.
2) treatment principle of the following short length of 8 bytes is:
7 byte datas=4 byte manipulations+3 byte manipulations;
6 byte datas=4 byte manipulations+2 byte manipulations;
5 byte datas=4 byte manipulations+1 byte manipulation;
4 byte datas=4 byte manipulations;
3 byte datas=3 byte manipulations;
2 byte datas=2 byte manipulations;
1 byte data=1 byte manipulation;
Library key administration module 5 is used for used library key, catalogue key, table key and record key, field key line pipe reason in the storehouse.
Describe the cipher key management procedures of the library key administration module in the data base encryption of the present invention system below in detail.
Database divides two big classes: the one, and document databse, the 2nd, concern the storehouse.Document databse encrypt to adopt user terminal to encrypt the mode of (belong to outside the storehouse and encrypt), handles and gets final product by the document form of depositing certainly of internal loopback.Therefore, its key need not to redefine, and shines with online communication key just.The file of document databse can be encrypted with personal key (KMTi) or close decipher key (KQi).Can only understand by key definien (terminal or individual) from depositing file.Agreement key (KKRi) but also self-definition and do from the encryption key of depositing file.Depositing file certainly and can be stored in the storage mediums such as hard disk, floppy disk or database after the encryption.
Concern the key management in storehouse, adopt centralized management in the storehouse, key dynamically produces and dynamic assignment in the storehouse.Used key all is arranged in the storehouse, and its definition, life-span, effect etc. need redefine.
Described library key administration module comprises that key sets up submodule 51, is used to set up key file, and described key file comprises the catalogue key file, file key file, and library key file.
Catalogue key: define key MUM of each catalogue.The catalogue key is a secondary key, deposits in automatically in the catalogue key file under the encryption of library key.The catalogue key has two kinds: produce the catalogue key file when catalogue that system sets up is both when building system, the self-built catalogue of user is set up corresponding catalogue key file simultaneously equally with the foundation of catalogue.The catalogue key produces automatically with the random key production method.The catalogue key calls with directory name.
File key: define key FS of each file.The file key also claims to show key, and the table key occurs with the form of record key sometimes by definition, then occurs with the form of field key sometimes.The table key is three grades of keys, is used for the encryption of data.The level of confidentiality file is set up by the user, sets up corresponding file key file when the user sets up file simultaneously.The file key produces automatically with the random key production method.The file key calls with filename.
Library key: define a library key KUM.Library key is a catalogue cryptographic key protection key, is the one-level key.The library key file is write by the authorized person when building system, and revises at any time.The library key file calls with library name.
Described library key administration module also comprises key sub module stored 52, is used for the storage of key file.
Key under the password encryption: storehouse (or claiming root directory) key (KUM), authentication of message key (FMA), random key produce key (FMG), digital signature keys (SQM) etc. and all deposit under the encryption of password (PWD).
Library key file=E
PWD(KUM);
Authentication of message key file=E
PWD(FMA);
Wherein, E is an encryption function, and PWD is a password, and password is encrypted to library key KUM or to authentication of message key FMA as key.
Key under library key is encrypted: the key under library key (KUM) is encrypted is sub-directory keys at different levels.Sub-directory can divide multilayer, claims the one-level sub-directory.The storage mode of sub-directory key is as shown in table 6:
Table 6, the storage mode of sub-directory key
The one-level sub-directory |
The secondary sub-directory |
Three grades of sub-directories |
E
KUM(MUM
1)
|
|
|
|
E
KUM(MUM
11)
|
|
|
E
KUM(MUM
12)
|
|
|
|
E
KUM(MUM
121)
|
|
|
E
KUM(MUM
122)
|
|
E
KUM(MUM
13)
|
|
E
KUM(MUM
2)
|
|
|
E
KUM(MUM
3)
|
|
|
E
KUM(MUM
4)
|
E
KUM(MUM
41)
|
|
|
|
E
KUM(MUM
411)
|
|
E
KUM(MUM
42)
|
|
|
|
E
KUM(MUM
421)
|
Key under the catalogue secret key encryption: the file key is deposited under the sub-directory secret key encryption of file place.As; The MUM1 then location mode of file key FS is
E
MUM1(FS
1)
The MUM1 then location mode of file key FS is
E
MUM122(FS
2)
Being encrypted in the storehouse of relation data carried out, and therefore, concerns that storehouse table uses key, all is arranged in the storehouse.Encryption unit is field (minimum to a byte).Encryption method can be complete record or integer field.Because the system overhead of encrypting in the storehouse is very big, uses no or little whole table as far as possible and be encrypted as.
The key list definition: key list is the mapped file of a table (record or field), comprises prompt table, and is as shown in table 7, and argument table.
Table 7, table level prompt table
Table name |
|
Confidential |
The 1--256 level |
Cipher mode |
Record or field (10 is record, and 01 is field) |
The table key |
8 bytes |
If field encryption is then looked into the field level prompt table, recording of encrypted is then looked into record level prompt table.The field level prompt table, as shown in table 8:
Cipher mode: 01, field encryption then
Table 8, the field level prompt table
Field one |
Field two |
Field three |
|
Field n |
0 |
1 |
0 |
|
0 |
Record level prompt table, as shown in table 9:
Cipher mode: 10, then represent recording of encrypted
Table 9, record level prompt table
Record one |
Record two |
Record three |
|
Record n |
0 |
0 |
1 |
|
0 |
Key variable: each table has the table key of one 8 byte, and the table key also is not practical key, and real practical key is a packet key, and the key variable of each packet key is by the table key, record name, and the field name be combined into:
Packet key=table key+field name+record name;
File encryption (option): operating unit: the unit of data encryption operation is a grouping, in the computing of each grouping, all will redefine key variable.
Encryption method: selected recording of encrypted or field encryption.At first will show key FS obtains:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Wherein, D is a decryption function, and E is an encryption function, and KUM is a library key, and MUM is the catalogue key, and FS is file key (a table key).
There has been FS just can calculate the key of each grouping,
Packet key BLK=shows key+field name+record name;
And can carry out function ECPH:
ECPH[RN,data]→E
BLK(data)
Encryption function ECPH divided for three steps carried out:
1)D
MUM(RN)=FS
2) FS+ record name+field name=BLK
3)E
BLK(data)
Wherein, E, D be add, decryption function, RN is the encryption of file key FS under catalogue key MUM, FS is the deciphering of RN under MUM conversely.BLK is a packet key, i.e. the field key.
File decryption: squeeze into the filename that to decipher, if cryptograph files, then reexamine and encrypt in the storehouse or the outer encryption in storehouse etc.Before file is decrypted, at first file key FS is obtained:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Had FS just can calculate the key of each grouping, be decrypted, decryption function is called DCPH.
DCPH(RN,E
BLK(data))→data
This function is carried out in two steps:
1)E
MUM(RN)=FS
2) FS+ record name+field name=BLK;
3)D
BLK(E
BLK(data))=data
Wherein, E, D be add, decryption function, file key FS is the encryption of random number R N under catalogue key MUM.BLK is packet key (a field key).
Describe database data encryption procedure of the present invention below in detail:
Step S100, mould Q nonlinear feedback shift register 1 is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of default mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step S200 expands the data in the database or concentrates by byte, laterally add up, and under described mould Q nonlinear feedback shift register 1 derivative key indication, replaces and substitution operation, finishes the database data encryption and decryption.
Described step S200 comprises the following steps:
Step S210 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step S220, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
Step S230,8 byte datas after the expansion, each the circle computing in will through left-hand add up and dextrad add up.
Step S240,8 byte datas after the expansion, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register 1
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
Step S250 carries out subst with n the byte (n=1,2,3,4) after concentrating with byte position unit and replaces conversion, finishes the encryption and decryption of database data.
Be operating as example with 8-bit and 7-bit unitary code below, describe in detail of the present invention
Embodiment one: the 8-bit unitary code is operated, and draws the binary data of 8-bit after encrypting
Given key and data are as follows:
Byte order [7] [6] [5] [4] [3] [2] [1] [0]
Key variable key:08 07 06 05 04 03 02 01
Give given data:
Data length data variable data
byte=1 01
byte=2 02 01
byte=3 03 02 01
byte=4 04 03 02 01
byte=8 08 07 06 05 04 03 02 01
Wherein
Byte: field length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key variable
Data: the clear data that encrypt
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7] [6] [5] [4] [3] [2] [1] [0]
If given key key: 08 07 06 05 04 03 02 01
Derivative key keyb[0 then]: 4C A4 7F 5D 08 18 94 B7
[1]:92 5F 60D6DC 389562
[2]:6F E0 38 B7 89 52 F8 6F
[3]:F8 64 03 7C DC 6F C7 CF
[4]:1E 61 87 48 2F 69 42 85
[5]:09 E2 D3 0B CD B4 B4 A3
[6]:F7 2D 36 22 BC BB 49 AB
[7]:E8 6B 9E 81 BA 48 C2 DC
[8]:BF 02 74 36 94 B8 9C 57
[9]:BD C9 6D 4C 2A FF DB 99
[10]:EF 90 6F 5F 0E 48 94 1A
[11]:8F 23 FB 41 2E 97 9E 0C
[12]:F1 CD 13 08 1E AD 41 66
[13]:15 52 FF 92 67 D4 06 AA
[14]:BA 34 D3 80 DF 40 FD D7
[15]:3D BD 27 6E 54 00 12 D7
[16]:EA 6A 2E C3 34 30 A0 F1
[17]:27 7A AF 82 7E E6 A0 AC
Step S12 is with data data and corresponding derivative key keyb[i+1, j] addition, obtain new data data;
forj:=0to byte-1 do
ifbits=8then data[j]:=(data[j]+keyb[i+1,j)mod 256
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod 256:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod 256;(96)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod 256;(39)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(97)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod 256;(DD)
data[2]:=(data[2]+keyb[i+1,2])mod 256;(3A)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(98)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod 256;(93)
data[6]:=(data[6]+keyb[i+1,6])mod 256;(61)
data[5]:=(data[5]+keyb[i+1,5])mod 256;(63)
data[4]:=(data[4]+keyb[i+1,4])mod 256;(DA)
data[3]:=(data[3]+keyb[i+1,3])mod 256;(E1)
data[2]:=(data[2]+keyb[i+1,2])mod 256;(3E)
data[1]:=(data[1]+keyb[i+1,1])mod 256;(9C)
data[0]:=(data[0]+keyb[i+1,0])mod 256;(6A)
Step S13 is with data encrypted storehouse data[i] in data press the byte number and launch, and put into new data cell dd[j]:
1byte:63 presses 1-bit and launches
2byte:96 64 presses 2-bit and launches
3byte:399765 presses 3-bit and launches
001 |
110 |
011 |
001 |
011 |
101 |
100 |
101 |
4byte:DD 3A 18 66 presses 4-bit and launches
1101 |
1101 |
0011 |
1010 |
0001 |
1000 |
0110 |
0110 |
8byte:93 61 63 DA E1 3E 9C 6A press 8-bit and launch
10010011 |
01100001 |
01100011 |
11011010 |
11100001 |
00111110 |
10011100 |
01101010 |
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 1 0 0 0 1 1 (63)
byte=2: 2 1 1 2 1 2 1 0 (96 64)
byte=3: 1 6 3 1 3 5 4 5 (39 97 65)
byte=4: D D 3 A 9 8 6 6 (DD 3A 98 66)
byte=8:93 61 63 DA E1 3E 9C 6A (93 61 63 DA E1 3E 9C 6A)
Step S14, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on after adding up among the data cell ee, that is:
ee[0]:=dd[0];
forj:=1 to bits-1 do ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
Each EE[i after left-hand adds up] variable:
Expansion is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 1 0 0 0 0 1 (21)
byte=2: 2 0 3 2 0 3 1 0 (8E 34)
byte=3: 4 3 5 2 1 6 1 5 (8E A38D)
byte=4: 4 7 A 7 D 4 C 6 (47A7D4C6)
byte=8:56 C3 62 FF 25 44 06 6A (56C362FF 2544066A)
Step S15, the data among the database ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk8e displacement transformation.
By keyb[0, i] the table number of the 7th, 6 fen position indication disk8e, 5,4,3 fens position indication hand wheels, 2,1,0 indication starting point, as:
C:=(keyb[0, i] and 192) div 64 is counted in the control of [i] circle;
b:=(keyb[0,i]and 56)div 8;
a:=(keyb[0,i]and 7;
Keyb[0 in embodiments of the present invention, 0]=b7, c=2, b=6, a=7 then, 2 tables, 6 opinions, 7 starting points:
ee:[7][6][5][4][3][2][1][0]
byte=1: 0 0 1 0 0 0 0 1 (21)
byte=2: 2 0 3 2 0 3 1 0 (8E 34)
byte=3: 4 3 5 2 1 6 1 5 (8E A3 8D)
byte=4: 4 7 A 7 D 4 C 6 (47 A7 D4 C6)
byte=8:56 C3 62 FF 25 44 06 6A (56 C3 62 FF 25 44 06 6A)
byte=8:06 FF 44 C3 62 25 56 6A (06 FF 44 C3 62 25 56 6A)
byte=4: C 7 4 7 A D 4 6 (C7 47 AD 46)
byte=3: 1 2 6 3 5 1 4 5 (2B 3A 65)
byte=2: 1 2 3 0 3 0 2 0 (6C C8)
byte=1: 0 0 0 0 1 0 0 1 (09)
[7][6][5][4][3][2][1][0]
Step S16 with data cell ee and become byte to constitute new data data, and carries out list for conversion by substitution list subst8e, and is specific as follows:
With first the row subst8e (09)=FF is an example, subst8e is a function name, with 09 instead of FF.
byte=1:subst8e(09)=FF
byte=2:subst8e(6C)=BC subst8e(C8)=4E
byte=3:subst8e(2B)=7C subst8e(3A)=6A subst8e(65)=E0
byte=4:subst8e(C7)=B8 subst8e(47)=92 subst8e(AD)=F9 subst8e(46)=41
byte=8:subst8e(06)=2A subst8e(FF)=86 subst8e(44)=D7 subst8e(C3)=68
subst8e(62)=1E subst8e(25)=C4 subst8e(56)=F5 subst8e(6A)=9D
Step S17, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
for j:=0to byte-1do
data[j]:=(data[j]+keyb[i+10,j])mod 256;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod 256: (19)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod 256; (50)
data[0]:=(data[0]+keyb[i+10,0])mod 256; (68)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod 256;(C4)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(FE)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(FA)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod 256;(C6)
data[2]:=(data[2]+keyb[i+10,2])mod 256;(DA)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(8D)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(5B)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod 256;(19)
data[6]:=(data[6]+keyb[i+10,6])mod 256;(16)
data[5]:=(data[5]+keyb[i+10,5])mod 256;(46)
data[4]:=(data[4]+keyb[i+10,4])mod 256;(C7)
data[3]:=(data[3]+keyb[i+10,3])mod 256;(2C)
data[2]:=(data[2]+keyb[i+10,2])mod 256;(0C)
data[1]:=(data[1]+keyb[i+10,1])mod 256;(89)
data[0]:=(data[0]+keyb[i+10,0])mod 256;(B7)
Step S18 launches data data, and leaves data cell dd[i in by given byte office] in, then:
ee[7]:=dd[7];
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**byte;
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 0 0 1 (19)
byte=2: 1 1 0 0 1 2 2 0 (50 68)
byte=3: 6 1 1 7 7 3 7 2 (C4 FE FA)
byte=4: C 6 D A 8 D 5 B (C6 DA 8D 5B)
byte=8:19 16 46 C7 2C 0C 89 B7 (19 16 46 C7 2C 0C 89 B7)
Each ee[i after left-hand adds up] variable:
Expansion is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 0 0 1 (11)
byte=2: 1 2 2 2 3 1 3 3 (6A DF)
byte=3: 6 7 0 7 6 1 0 2 (DC 7C 42)
byte=4: C 2 F 9 1 E 3 E (C2 F9 1E 3E)
byte=8:19 2F 75 3C 68 74 FD B4 (19 2F 75 3C 68 74 FD B4)
Step S19, by keyb[9, i] control, data data carries out the disk8e displacement transformation.
Keyb[9 in the present embodiment, 0]=99, c=2, b=3, a=1, i.e. 2 tables, 3 opinions, 1 starting point:
Expansion is centralized
ee:[7][6][5][4][3][2][1][0]
byte=1: 0 0 0 1 0 0 0 1 (11)
byte=2: 1 2 2 2 3 1 3 3 (6A DF)
byte=3: 6 7 0 7 6 1 0 2 (DC 7C 42)
byte=4: C 2 F 9 1 E 3 E (C2 F9 1E 3E)
byte=8:19 2F 75 3C 68 74 FD B4 (19 2F 75 3C 68 74 FD B4)
byte=8:74 B4 3C 2F FD 19 68 75 (74B43C 2F FD 196875)
byte=4: E E 9 2 3 C 1 F (EE 923C 1F)
byte=3: 1 2 7 7 0 6 6 0 (2B F1B0)
byte=2: 1 3 2 2 3 1 3 2 (7A DE)
byte=1: 0 1 1 0 0 0 0 0 (60)
[7][6][5][4][3][2][1][0]
Arrive this, the 0th circle computing finishes, and enters the 1st circle computing, makes 8 circles altogether, and its encrypted result is as follows:
byte=1 byte=2 byte=3 byte=4
[0] 60 7A DE 2B F1 B0 EE 92 3C 1F
[1] 09 4A AB 49 96 EC FE 5C 12 A4
[2] 82 CB EF BD 96 F2 E8 E5 EE 4B
[3] 4D F6 90 4C 43 10 A8 E0 B0 B0
[4] 98 10 72 45 B6 22 BA A0 10 DE
[5] 7A 90 01 20 3A C5 C0 71 DC C5
[6] 81 8E EE 3C 90 64 EC 23 0B 10
[7] 47 6E BA 81 C8 02 CB 6A D3 6A
byte=8
[0] 74 B4 3C 2F FD 19 68 75
[1] FE FE D5 E6 3D FE 95 DB
[2] A0 09 DB 68 EE A8 A5 FF
[3] E0 0C 66 E8 58 29 13 DB
[4] 7F 5D 59 F8 8D C4 E6 8E
[5] E9 55 F2 C8 3D 1E 96 2B
[6] 61 F6 54 E2 06 62 0D EA
[7] CF 3E B1 D8 C1 9B 32 20
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CF 3E B1 D8 C1 9B 32 20 through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CB 6A D3 6A through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 81 C8 02 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 6E BA through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 through 8 circle conversion.
The sign bit reservation earlier of each byte is got up in the operation of two: 7 unitary codes (7-bit) of embodiment, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
Given key and data are as follows:
[7][6][5][4][3][2][1][0]
Given key key: 08 07 06 05 04 03 02 01
Give given data data:
byte=1 01
byte=2 02 01
byte=3 03 02 01
byte=4 04 03 02 01
byte=8 08 07 06 05 04 03 02 01
Wherein
Byte: block length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key: 08 07 06 05 04 03 02 01
Derivative key keyb[0 then]: 4C A4 7F 5D 08 18 94 B7
[1]:92 5F 60 D6 DC 38 95 62
[2]:6F E0 38 B7 89 52 F8 6F
[3]:F8 64 03 7C DC 6F C7 CF
[4]:1E 61 87 48 2F 69 42 85
[5]:09 E2 D3 0B CD B4 B4 A3
[6]:F7 2D 36 22 BC BB 49 AB
[7]:E8 6B 9E 81 BA 48 C2 DC
[8]:BF 02 74 36 94 B8 9C 57
[9]:BD C9 6D 4C 2A FF DB 99
[10]:EF 90 6F 5F 0E 48 94 1A
[11]:8F 23 FB 41 2E 97 9E 0C
[12]:F1 CD 13 08 1E AD 41 66
[13]:15 52 FF 92 67 D4 06 AA
[14]:BA 34 D3 80 DF 40 FD D7
[15]:3D BD 27 6E 54 00 12 D7
[16]:EA 6A 2E C3 34 30 A0 F1
[17]:27 7A AF 82 7E E6 A0 AC
Step S22 is with data data and corresponding derivative key keyb[i+1, the j of relation data unit] addition, carry out encryption.
for j:=0to byte-1do
data[j]:=(data[j]+keyb[i+1,j)mod 128;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod 128:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod 128;(16)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod 128;(39)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(17)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod 128;(5D)
data[2]:=(data[2]+keyb[i+1,2])mod 128;(3A)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(18)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod 128;(13)
data[6]:=(data[6]+keyb[i+1,6])mod 128;(61)
data[5]:=(data[5]+keyb[i+1,5])mod 128;(63)
data[4]:=(data[4]+keyb[i+1,4])mod 128;(5A)
data[3]:=(data[3]+keyb[i+1,3])mod 128;(61)
data[2]:=(data[2]+keyb[i+1,2])mod 128;(3E)
data[1]:=(data[1]+keyb[i+1,1])mod 128;(1C)
data[0]:=(data[0]+keyb[i+1,0])mod 128;(6A)
Step S23 is with data encrypted unit data[i] in data press the byte number and launch, and put into new data cell dd[j].
1byte:7 unit 63 presses 1bit and launches
2byte:7 unit 1664 presses 2bit and launches
3byte:7 unit 391765 presses 3bit and launches
|
011 |
100 |
100 |
101 |
111 |
100 |
101 |
The 5D 3A of 4byte:7 unit 1866 presses 4bit and launches
|
1011 |
1010 |
1110 |
1000 |
1100 |
0110 |
0110 |
The 1361635A 613E 1C 6A of 8byte:7 unit still presses 7bit and launches
0010011 |
1100001 |
1100011 |
1011010 |
1100001 |
0111110 |
0011100 |
01101010 |
Expansion 7bit is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 1 1 0 0 0 1 1 (63)
byte=2: 0 2 3 1 2 1 0 (16 64)
byte=3: 3 4 4 5 7 4 5 (39 17 65)
byte=4: B A E 8 C 6 6 (5D 3A 18 66)
byte=8:13 61 63 5A 61 3E 1C 6A (13 61 63 5A 61 3E 1C 6A)
Step S24, the data left-hand of encrypting among the new data cell dd in back adds up, and is placed on data cell ee[i after adding up] in, then:
ee[0]:=dd[0];
for j:=1to bits-1do ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
When byte=8
for j:=1to bits-1do ee[j]:=(ee[j-1]+dd[j])mod(2**(byte-1));
Expansion 7-bit is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E 34)
byte=3: 0 5 1 5 0 1 5 (0A 34 0D)
byte=4: 3 8 E 0 8 C 6 (1C 38 11 46)
byte=8:56 43 62 7F 25 44 06 6A (56 43 62 7F 25 44 06 6A)
Step S25, the data among the data cell ee are carried out keyb[0, i by derivative key] control, utilize conversion table disk7e displacement transformation.
But disk8e identical when then carrying out with bits=8 when byte=8 operates.When byte<8 the time, by keyb[0, i] the 6th, 5 indication di sk7e table number, 5,4,3 indication hand wheels, 2,1,0 indication starting point, as:
The control number of [i] circle: c:=(keyb[0, i] and 96) div 32;
b:=(keyb[0,i]and 56)div 8;
a:=(keyb[0,i]and 7;
Keyb[0 in embodiments of the present invention, 0]=and b7, c=1, b=8, a=7mod 7=0, i.e. 1 table, 6 opinions, 0 starting point:
Expansion 7-bit is centralized
Before: ee:[6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E 34)
byte=3: 0 5 1 5 0 1 5 (0A 34 0D)
byte=4: 3 8 E 0 8 C 6 (1C 38 11 46)
byte=4:C 8 E 6 0 3 8 (64 39 40 38)
byte=3:1 5 1 5 5 0 0 (1A 36 40)
byte=2:1 1 3 0 0 1 3 (2E 07)
byte=1:0 1 0 1 0 0 0 (28)
dd:[6][5][4][3][2][1][0]
When bits=8, c=1, b=6, a=7, by di sk8e conversion, then:
[7][6][5][4][3][2][1][0]
56 43 62 7F 25 44 06 6A
Displacement:
6A 06 56 43 25 62 44 7F
Step S26 with data cell ee and become byte to constitute new data unit data data, and carries out list for conversion by substitution list subst7e.
With the first behavior example, sbust7e is 7 encrypted in units tables among the subst7e (28)=74, and 28 instead of 74.
byte=1:subst7e(28)=74
byte=2:subst7e(2E)=75 subst7e(07)=24
byte=3:subst7e(1A)=3F subst7e(36)=19 subst7e(40)=5B
byte=4:subst7e(64)=73 subst7e(39)=21 subst7e(40)=5B subst7e(38)=12
byte=8:subst7e(6A)=48 subst7e(06)=09 subst7e(56)=08 subst7e(43)=7A
subst7e(25)=7E subst7e(62)=6E subst7e(44)=2B subst7e(7F)=2D
Step S27, data cell ee also becomes byte to be placed among the data cell data, and and keyb[i+10, j] addition;
for j:=0to byte-1 do
data[j]:=(data[j]+keyb[i+10,j])mod 128;
The result of data of (i=0) variant field length and key variable addition is as follows during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod 128:(0E)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod 128;(09)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(31)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod 128;(07)
data[1]:=(data[1]+keyb[i+10,1])mod 128;(2D)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(75)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod 128;(01)
data[2]:=(data[2]+keyb[i+10,2])mod 128;(69)
data[1]:=(data[1]+keyb[i+10,1])mod 128;(6F)
data[0]:=(data[0]+keyb[i+10,0])mod 128;(2C)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod 128;(37)
data[6]:=(data[6]+keyb[i+10,6])mod 128;(19)
data[5]:=(data[5]+keyb[i+10,5])mod 128;(77)
data[4]:=(data[4]+keyb[i+10,4])mod 128;(59)
data[3]:=(data[4]+keyb[i+10,3])mod 128;(0C)
data[2]:=(data[5]+keyb[i+10,2])mod 128;(36)
data[1]:=(data[6]+keyb[i+10,1])mod 128;(3F)
data[0]:=(data[7]+keyb[i+10,0])mod 128;(47)
Step S28 presses byte office with data data and launches, and leaves data cell dd[i in] in, then:
Expansion is centralized
If: dd:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 1 0 (0E)
byte=2: 0 1 0 2 3 3 2 (09 3E)
byte=3: 0 3 5 3 3 6 5 (07 2D 75)
byte=4: 0 3 A 7 7 A C (01 69 6F 2C)
byte=8:37 19 77 59 0C 36 3F 47(37 19 77 59 0C 36 3F 47)
Each ee[i after dextrad adds up] variable:
ee[7]:=dd[7];
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**byte;
When byte=8
for j:=6downto 0do ee[j]:=(ee[j+1]+dd[j])mod 2**(byte-1);
Expansion 7-bit is centralized
Then: ee:[7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 1 1 (0B)
byte=2: 0 1 1 3 2 1 3 (0B 67)
byte=3: 0 3 0 3 6 4 1 (06 0F 21)
byte=4: 0 3 D 4 B 5 i (01 75 16 51)
byte=8:37 50 21 68 50 37 2C 62 (37 50 21 68 50 37 2C 62)
Step S29, by keyb[9, i] control, data data carries out disk7e and disk8e displacement transformation.Keyb[9 in the present embodiment, 0]=99, c=0, b=3, a=1, i.e. 0 table, 3 opinions, 1 starting point:
Expansion 7bit is centralized
[6][5][4][3][2][1][0]
byte=1: 0 0 0 1 0 1 1 (0B)
byte=2: 0 1 1 3 2 1 3 (0B 67)
byte=3: 0 3 0 3 6 4 1 (06 0F 21)
byte=4: 0 3 D 4 B 5 1 (01 75 16 51)
byte=4: 5 3 4 1 D B 0 (29 50 3B 30)
byte=3: 4 3 3 1 0 6 0 (46 64 30)
byte=2: 1 1 3 3 1 2 0 (2F 58)
byte=1: 1 0 1 1 0 0 0 (58)
[6][5][4][3][2][1][0]
When byte=8, replacement operator is as follows:
[7][6][5][4][3][2][1][0]
37 50 47 20 2C 62 21 68
47 20 21 68 50 37 2C 62
[7][6][5][4][3][2][1][0]
Finish to this 0th circle computing, enter the 1st circle computing, when bits<8, do 7 circle computings, then do 8 circle computings during bits=8, its encrypted result is as follows:
byte=1 byte=2 byte=3 byte=4
[0] 58 2F 58 46 64 30 29 50 3B 30
[1] 16 27 79 1B 3E 7D 41 1B 3D 35
[2] 1E 3D 5E 4B 42 66 51 62 72 46
[3] 1E 52 45 17 47 5F 7C 0A 52 1A
[4] 20 25 59 37 75 31 36 30 15 6B
[5] 7B 07 3E 6E 60 07 0F 74 78 38
[6] 65 31 48 5B 1A 74 73 2B 38 7A
[7] 7E 13 2F 78 62 56 47 1E 07 11
byte=8
[0] 47 20 21 68 50 37 2C 62
[1] 18 31 30 52 14 77 34 44
[2] 42 0C 07 09 42 0E 00 02
[3] 16 63 68 03 69 25 7E 32
[4] 7B 60 2D 3C 6F 4F 77 12
[5] 66 04 42 37 7E 4F 2B 50
[6] 43 63 16 79 03 52 30 38
[7] 43 65 48 1C 4D 52 22 1E
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 43 65 48 1C 4D, 52 22 1E through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 1E 07 11 through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 78 62 56 through 8 circle conversion.
Give given data 0201 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 13 2F through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password: 7E at last through 8 circle conversion.
Database data encryption system of the present invention and method, the encryption that it is exclusively used in storage data such as database particularly concerns the encryption in storehouse.Generally all there are tight access control mechanisms, the safety in protected data storehouse in the storehouse system.
The safety that concerns storehouse encipherment protection data content of the present invention drops to minimum with the database influence, does not influence database retrieval efficient, does not also destroy database data structure.
7.1 key granularity
Database of the present invention is provided with the structure key.
The structure key is used for cutting apart of database, and a storehouse can be provided with a kind of structure key, or Database Systems are provided with a kind of structure key:
(1) mmm, subst8e, subst7e substitution list;
(2) disk8e, disk7e entanglement table;
And database has library key.
Catalogue has the catalogue key, and different directories has defined different keys.
File has the file key.Each part file (table) has a file key FS, and length is 64bit, produces automatically when creating file, deposits under the encipherment protection of catalogue key mum in the file key file.As:
E
mum(FS);
The access right of file key file is identical with the access right of file.The file key is used for the encryption and decryption of data.As:
E
Fs(data);
There has been the file key just to define record key and field key automatically.
Data base encryption system and method for the present invention can be controlled the confusion and the diffusivity of enciphered data well
In each circle conversion, data variable combines with key variable, changes with once single for changing by twice entanglement, reaches chaotic preferably effect.
In each circle conversion, the expansion by twice bit collection and concentrating, laterally adding up for twice changes and once single generation changes, and reaches diffusion effect preferably.
Level was provided with for 8 stacking generations, and the used key of each layer is all inequality.Key is derived from by non-linear mould q shifting memory, extracts with the interval of 16 circles and 24 circles, has destroyed the continuity of sequence.
Above analysator can find out that the present invention is under the prerequisite that guarantees density, and it is convenient better to have solved database retrieval, keeps the contradiction of data structure.
In conjunction with the drawings to the description of the specific embodiment of the invention, others of the present invention and feature are conspicuous to those skilled in the art.
More than specific embodiments of the invention are described and illustrate it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.