Embodiment
In order to make the object of the invention, technical scheme and advantage clearer,, a kind of database data encryption system of the present invention and method are further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Database data encryption system of the present invention, as shown in Figure 1, comprise mould Q nonlinear feedback shift register 1, permutation table replacement module 2, substitution list conversion module 3, and computing module 4, library key administration module 5.Wherein:
1) mould Q nonlinear feedback shift register 1:
Mould Q nonlinear feedback shift register 1, being used for given key is initial value, carries out nonlinear feedback, its feedback numerical value generates the derivative key of 18 states continuously through the replacement conversion of preset mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses.
Preferably, block cipher turn round altogether 8 the circle, every circle is with two output states.
2) permutation table replacement module 2:
The permutation table replacement module 2 of the embodiment of the invention comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation; Permutation table disk is divided into two types; The first kind is to encrypt with table, comprises permutation table disk8e, constitutes by 4 pages; Note disk8e [i] (i=0..3) is used for the encryption of 8 unitary codes; And permutation table disi7e, constituting by 4 pages, note disk7e [i] (i=0..3) is used for the encryption of 7 unitary codes.Second type is that table is used in deciphering, corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Permutation table replacement module 2, being used for the byte is unit transformation, the row variable is claimed the displacement wheel, displacement wheel indication replacement series, the row variable claims to replace starting point, and the indication replacement series is launched starting point.
Like table 1,6 take turns, and the displacement that 7 starting points constitute concerns as follows:
Table 16 is taken turns, the displacement relation table that 7 starting points constitute
disk8e[2]
0?1?2?3?4?5?6?7
[0]?5?2?7?3?6?7?6?0
[1]?2?0?5?7?1?3?4?7
[2]?0?7?2?4?3?5?1?6
[3]?7?4?6?0?2?1?5?1
[4]?1?6?3?2?0?4?2?3
[5]?4?1?0?6?5?2?3?4
[6]?3?5?4?1?7?6?0?2
[7]?6?3?1?5?4?0?7?5
byte=8:56?C3?62?FF?25?44?06?6A
byte=8:06?FF?44?C3?62?25?56?6A
As shown in table 1, giving given data 56 C3 62 FF 25 44 06 6A, after displacement, be 06 FF, 44 C362,25 56 6A.
3) the substitution list conversion module 3:
Said substitution list conversion module 3 comprises at least one group of substitution list subst, is used for replacing conversion with byte position unit with subst.The Subst substitution list is divided into two types, and one type is the substitution list of encrypting usefulness, comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.Another kind of is the substitution list of deciphering usefulness; Corresponding with substitution list subst8e and subst7e; Be used for the substitution list of 8 unitary codes deciphering and the substitution list of 7 unitary codes deciphering, represent with subst8d and subst7d respectively, can derive from the substitution list that obtains deciphering according to the substitution list of encrypting.
Replacing conversion module 3 to be used for the byte is that unit replaces, and is illustrated in the 1-bit operation like byte=1:subst8e (09)=FF, and subst8e is the function name that replaces operation, and 09 replaces into FF.
4) computing module 4; Be used for the data of database are expanded by byte or concentrated, laterally add up, under mould Q nonlinear feedback shift register 1 replaces derivative key indication that conversion goes out; Replace and substitution operation, accomplish the database data encryption and decryption.It comprises:
41) the data expansion module 41, are used for when carrying out a byte manipulation, and a given byte data is expanded to 8 bytes by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
42) the data centralization module 42, be used for when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
43) horizontal accumulator module 43,8 byte datas after being used to launch will pass through in each circle computing that left-hand adds up and dextrad adds up.
44) the in-place computation module 44,8 byte datas after being used to launch, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
45) substitution operation module 45 is used for that n the byte (n=1,2,3,4) after concentrating carried out subst with byte position unit and replaces conversion, accomplishes the encryption and decryption of database data.
5) the library key administration module 5:
One concerns the storehouse, is made up of a lot of tables, and table is made up of record, and record is made up of field.There is library key in the storehouse, and catalogue has the catalogue key, and sub-directory has the sub-directory key, and table has table key or the like, forms huge key management net.Library key administration module 5 is used to manage whole cipher key system and confirms a record key, a field key.
Specify mould Q nonlinear feedback shift register 1 of the present invention below:
The mould Q nonlinear feedback shift register 1 of the embodiment of the invention is made up of 8 bytes, is the critical piece of key derivation.The connection polynomial expression of feedback shift register is: f (x)=x
8+ x+1 is with (8,1,0) mark.
The 8th grade of output of said polynomial expression (8,1,0) replaces through preset substitution list mmm, carries out feeding back to the 1st grade after the mould q additive operation with the 1st grade of output again.In embodiments of the present invention, q=256 is expressed from the next:
Its logical relation is as shown in Figure 2.
Said substitution list mmm is the substitution list of 16x16, is used for the feedback logic of shifting memory, and it is non-linear, as shown in table 2 that feedback is become.
Table 2mmm substitution list
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 CC?87?F0?75?BC?1F?F8?52?00?3A?8E?57?AC?6E?F5?23
1 17?2B?89?D5?12?FC?A3?EF?67?94?5C?C7?9E?DF?56?DA
2 C2?FF?47?83?E6?2C?39?02?AD?1E?E4?07?51?1D?A6?0A
3 3B?A8?11?20?62?CB?B3?B5?22?D2?2A?EE?D8?F4?9F?86
4 FB?63?AE?58?FE?10?7E?35?E5?4F?7F?55?5B?8D?4B?7A
5 90?E1?53?E0?95?48?4E?66?31?F6?C8?6D?06?3E?C6?BF
6 46?04?F7?38?01?C0?0B?A1?8F?0F?43?85?AB?F9?68?93
7 A2?AF?73?DB?6F?16?9A?6C?72?A7?D1?1B?65?1C?79?3F
8 21?33?0C?45?B8?5D?76?29?BB?2E?61?DE?99?B6?5F?E3
9 9B?82?7B?E7?27?54?9D?DD?81?E9?E2?78?BD?37?ED?30
A 74?59?D4?32?8B?BA?0D?26?13?7D?05?C5?15?71?B2?CF
B 34?E8?18?C1?F1?40?92?AA?8A?C9?B1?44?A5?EC?24?69
C 88?28?CD?03?6A?64?D7?42?FA?5E?3D?F2?8C?08?D9?B7
D 6B?D6?3C?CA?DC?FD?2D?EA?19?96?CE?14?25?D0?80?4A
E B9?A9?C3?7C?A4?4C?B0?84?C4?77?EB?A0?D3?49?BE?98
F 41?9C?4D?B4?1A?91?70?0E?5A?F3?36?50?2F?97?60?09
In the embodiment of the invention; With the initial value of given key as mould Q nonlinear feedback shift register 1, be first group of derivative key keyb [0] with the state of feedback shift 16 times, feed back again 24 times; Obtain second group of derivative key keyb [1]; Analogize, feed back 16 times and 24 circulations in turn, derive keyb [0] ..keyb [17] totally 18 groups of derivative key successively.
Said derivative key accounts for a grouping, and block length is 8 bytes of 64 bits (bit).
Said derivative key, keyb [0] wherein, keyb [9] is used for indieating variable, keyb [1..8], keyb [10..17] is used for the constant variables of each layer computing.
The effect of indieating variable: keyb [0, i] and keyb [9, i] each byte of key low 4 indicated used permutation table; Each byte of key high 4, indication permutation table starting point;
The effect of constant variables: remove outside keyb [0, i] and the keyb [9, i], other 16 groups of keyb key variables are all done constant variables and packet addition, every when taking turns the iteration variation, and use successively.
Said iterative process is illustrated in fig. 3 shown below.
Iterations position 8 times (circle) in embodiments of the present invention, this iteration is the basic theories problem of password, is the notion of product ciphers, therefore specifies no longer one by one in embodiments of the present invention.
Specify the permutation table conversion module 2 of the embodiment of the invention below:
Permutation table conversion module 2 comprises at least one group of permutation table disk, and permutation table is the table of indication evolution relation; Permutation table disk is divided into two types, and one type is to encrypt with table, comprises permutation table disk8e; Constitute by 4 pages; Note disk8e [i] (i=0..3) is used for the encryption of 8 unitary codes, promptly is used for the encryption of 8 unit binary codes; And permutation table disi7e, constituting by 4 pages, note disk7e [i] (i=0..3) is used for the encryption of 7 unitary codes, is used for the encryption of 7 ask of unit sign indicating numbers.Two types is that table is used in deciphering, corresponding with permutation table disk8e and permutation table disk7e, is used for the deciphering of 8 unitary codes and the deciphering of 7 unitary codes, and with disk8d and disk7d mark, decryption table is the anti-table of black list, derives from according to black list to obtain decryption table.
Totally 4 pages of permutation table disk are with the 0..3 mark.With disk8e [0] is example, and 8 row constitute 8 displacement wheels, and each displacement wheel has 8 starting points, and different wheels constitute different displacement relations with different starting points, and are as shown in table 3.
Table 3, disk8e [0] and disk7e [0] displacement relation table
disk8e[0] disk7e[0]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?7?4?2?3?5?1?6?7 [0]?2?4?8?1?5?5?0
[1]?4?6?4?5?0?7?2?3 [1]?5?2?0?4?3?1?6
[2]?6?0?7?6?4?3?7?5 [2]?1?6?4?0?6?3?2
[3]?1?2?6?1?7?0?5?6 [3]?3?0?6?2?1?4?5
[4]?2?7?0?2?3?5?1?0 [4]?0?3?1?5?4?6?1
[5]?0?1?3?7?6?2?4?4 [5]?6?1?5?3?0?2?4
[6]?5?3?1?0?2?4?3?2 [6]?4?5?2?6?2?0?3
[7]?3?5?5?4?1?6?0?1
disk8e[1] disk7e[1]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?3?4?7?2?1?0?5?6 [0]?6?1?5?2?9?4?3
[1]?5?2?1?6?7?4?0?3 [1]?3?0?2?6?4?5?6
[2]?1?0?4?5?3?6?2?5 [2]?1?3?4?5?1?6?0
[3]?4?6?0?1?5?3?7?2 [3]?0?2?3?4?5?1?2
[4]?0?1?6?3?2?5?1?4 [4]?5?6?0?1?3?2?4
[5]?7?5?2?0?4?1?3?7 [5]?2?4?1?3?6?0?5
[6]?2?3?5?7?6?7?4?0 [6]?4?5?6?0?2?3?1
[7]?6?7?3?4?0?2?6?1
disk8e[2] disk7e[2]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?5?2?7?3?6?7?6?0 [0]?2?5?4?5?1?0?2
[1]?2?0?5?7?1?3?4?7 [1]?0?2?5?1?3?4?6
[2]?0?7?2?4?3?5?1?6 [2]?5?6?1?2?0?3?4
[3]?7?4?6?0?2?1?5?1 [3]?1?3?6?4?6?5?0
[4]?1?6?3?2?0?4?2?3 [4]?3?1?2?0?4?6?3
[5]?4?1?0?6?5?2?3?4 [5]?6?4?0?3?2?1?5
[6]?3?5?4?1?7?6?0?2 [6]?4?0?3?6?5?2?1
[7]?6?3?1?5?4?0?7?5
disk8e[3] disk7e[3]
0?1?2?3?4?5?6?7 0?1?2?3?4?5?6
[0]?7?3?0?7?4?2?5?6 [0]?2?0?3?1?6?4?6
[1]?2?0?7?3?5?7?4?1 [1]?6?2?5?0?3?6?1
[2]?6?7?4?0?3?1?7?2 [2]?0?5?4?5?1?3?2
[3]?3?1?1?4?0?5?2?5 [3]?3?1?0?2?4?5?4
[4]?5?4?6?1?2?3?6?0 [4]?1?3?6?4?2?0?5
[5]?0?6?2?5?7?6?1?3 [5]?4?6?1?3?5?2?0
[6]?4?2?5?6?1?0?3?7 [6]?5?4?2?6?0?1?3
[7]?1?5?3?2?6?4?0?4
Specify the replacement conversion module 3 of the embodiment of the invention below, it comprises at least one group of substitution list subst, and the substitution list of the encryption usefulness in the Subst substitution list comprises substitution list subst8e, is used for the replacement of 8 unitary codes, and size is 16x16; And subst7e, being used for the conversion of 7 unitary codes, size is 16x8.。
Substitution list sub8e is the unit table of 16x16, is used for 8 unit operations, and is as shown in table 4.Substitution list sub7e is the Dan representative of 8x16, is used for 7 unit operations, and is as shown in table 5.
Table 4Subst8e
0 1 2 3 4 5?6 7 8 ?9 A B C D E F
0 0B?9A?43?CD?17?B4?2A?84?77?FF?52?8E?70?03?A7?34
1 D6?3C?93?1D?DD?4B?C6?A6?42?9F?C5?11?B3?83?5C?07
2 82?F4?0A?E3?64?C4?16?8D?D5?25?CC?7C?33?29?9E?4D
3 6D?DE?4A?BE?81?10?A5?6F?3D?B5?6A?1F?5B?BD?12?7B
4 9B?AB?24?2B?D7?B2?41?92?EF?51?00?89?D4?4C?99?38
5 18?FC?53?C3?3B?78?F5?06?5A?CB?44?E2?15?94?2F?6C
6 49?B1?1E?D3?01?E0?57?32?EE?63?9D?28?BC?66?AA?56
7 58?BA?80?9C?F3?37?E7?7D?1C?D2?02?A2?5D?E8?20?DC
8 C8?6E?FE?0F?AF?48?A1?88?50?76?F0?71?B7?0C?ED?62
9 05?2C?91?E6?69?FD?79?13?8F?A9?39?40?95?75?A8?3F
A 8C?F6?59?BB?CA?23?AD?65?D8?08?C7?AE?1B?F9?47?8B
B 36?14?D1?87?26?E1?72?BF?45?B6?6B?CE?7A?2D?DB?67
C DF?60?A0?68?E9?7E?0E?B8?4E?E4?5E?21?F2?54?8A?C1
D 4F?C9?AC?09?D9?5F?EC?97?F7?1A?A3?EA?55?FB?96?30
E 27?C2?73?B9?46?F8?31?E5?3A?CF?F1?2E?DA?85?0D?EB
F 74?B0?19?90?A4?04?D0?35?FA?22?C0?7F?3E?98?61?86
Table 5Subst7e
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 2A?61?10?5A?2F?4C?09?24?67?1B?04?37?33?0A?64?14
1 0F?55?44?18?78?01?29?76?03?6F?3F?13?59?22?49?5E
2 79?1E?6B?43?3C?7E?23?36?74?2E?68?0B?38?28?75?34
3 3D?7F?1F?54?00?45?19?62?12?21?4E?32?51?40?3B?71
4 5B?02?4A?7A?2B?4F?69?1A?42?6C?15?57?70?1D?5D?0C
5 17?72?30?16?60?39?08?66?2C?52?7D?27?35?50?65?58
6 4B?07?6E?26?73?11?53?20?7C?5C?48?05?6D?63?0D?46
7 31?6A?56?06?3A?25?7B?3E?4D?0E?5F?41?1C?47?77?2D
The embodiment of the invention has two kinds of implementations:
A kind of is 8 unitary codes (8-bit) operations, after encrypting, draws the binary data of 8-bit;
Another kind is 7 unitary codes (7-bit) operations, and the sign bit reservation earlier of each byte is got up, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
The block cipher that did not also occur 7 unit operations in the prior art.
The embodiment of the invention realizes 5 kinds of encryption methods such as 1 byte, 2 bytes, 3 bytes, 4 bytes, 8 bytes under the key length rigid condition, the segment length remains unchanged after encrypting.
Short word joint and odd disposal route:
1) 8 byte manipulations are basic arithmetic units, handle (data of 8 byte multiple length) by 8 byte manipulations earlier greater than the part of 8 bytes.
2) treatment principle of short length is below 8 bytes:
7 byte datas=4 byte manipulations+3 byte manipulations;
6 byte datas=4 byte manipulations+2 byte manipulations;
5 byte datas=4 byte manipulations+1 byte manipulation;
4 byte datas=4 byte manipulations;
3 byte datas=3 byte manipulations;
2 byte datas=2 byte manipulations;
1 byte data=1 byte manipulation;
Library key administration module 5 is used for used library key, catalogue key, table key and record key, field key administration-management reason in the storehouse.
Specify the key management procedures of the library key administration module in the data base encryption of the present invention system below.
Database divides two big types: the one, and document databse, the 2nd, concern the storehouse.Document databse encrypt to adopt user terminal to encrypt the mode of (belong to outside the storehouse and encrypt), handles and gets final product by the document form of depositing certainly of internal loopback.Therefore, its key need not to define again, shines with online communication key just.The file of document databse can use personal key (KMTi) or close decipher key (KQi) to encrypt.Can only understand by key definien (terminal or individual) from depositing file.Agreement key (KKRi) but also self-definition and do from the encryption key of depositing file.Depositing file certainly and can be stored in the storage mediums such as hard disk, floppy disk or database after the encryption.
Concern the key management in storehouse, adopt centralized management in the storehouse, key dynamically produces and dynamic assignment in the storehouse.Used key all is arranged in the storehouse, and its definition, life-span, effect etc. need definition again.
Said library key administration module comprises that key sets up submodule 51, is used to set up key file, and said key file comprises the catalogue key file, file key file, and library key file.
Catalogue key: define key MUM of each catalogue.The catalogue key is a secondary key, under the encryption of library key, deposits in automatically in the catalogue key file.The catalogue key has two kinds: produce the catalogue key file when catalogue that system sets up is both when building system, the self-built catalogue of user is set up corresponding catalogue key file simultaneously equally with the foundation of catalogue.The catalogue key produces with the random key production method automatically.The catalogue key calls with directory name.
File key: define key FS of each file.The file key also claims to show key, and the table key occurs with the form of record key by definition sometimes, then occurs with the form of field key sometimes.The table key is three grades of keys, is used for the encryption of data.The level of confidentiality file is set up by the user, when the user sets up file, sets up corresponding file key file simultaneously.The file key produces with the random key production method automatically.The file key calls with filename.
Library key: define a library key KUM.Library key is a catalogue cryptographic key protection key, is the one-level key.The library key file is write by the authorized person when building system, and revises at any time.The library key file calls with library name.
Said library key administration module also comprises key sub module stored 52, is used for the storage of key file.
Key under the password encryption: storehouse (or claiming root directory) key (KUM), authentication of message key (FMA), random key produce key (FMG), digital signature keys (SQM) etc. and all under the encryption of password (PWD), deposit.
Library key file=E
PWD(KUM);
Authentication of message key file=E
PWD(FMA);
Wherein, E is an encryption function, and PWD is a password, and password is encrypted to library key KUM or to authentication of message key FMA as key.
Key under library key is encrypted: the key under library key (KUM) is encrypted is sub-directory keys at different levels.Sub-directory can divide multilayer, claims the one-level sub-directory.The storage mode of sub-directory key is as shown in table 6:
Table 6, the storage mode of sub-directory key
The one-level sub-directory |
The secondary sub-directory |
Three grades of sub-directories |
E
KUM(MUM
1)
|
? |
? |
? |
E
KUM(MUM
11)
|
? |
? |
E
KUM(MUM
12)
|
? |
? |
? |
E
KUM(MUM
121)
|
? |
? |
E
KUM(MUM
122)
|
? |
E
KUM(MUM
13)
|
? |
E
KUM(MUM
2)
|
? |
? |
E
KUM(MUM
3)
|
? |
? |
E
KUM(MUM
4)
|
E
KUM(MUM
41)
|
? |
? |
? |
E
KUM(MUM
411)
|
? |
E
KUM(MUM
42)
|
? |
? |
? |
E
KUM(MUM
421)
|
Key under the catalogue secret key encryption: the file key is deposited under the sub-directory secret key encryption of file place.As; The MUM1 then location mode of file key FS does
E
MUM1(FS
1)
The MUM1 then location mode of file key FS does
E
MUM122(FS
2)
Being encrypted in the storehouse of relation data carried out, and therefore, concerns that storehouse table uses key, all is arranged in the storehouse.Encryption unit is field (minimum to a byte).Encryption method can be complete record or integer field.Because the system overhead of encrypting in the storehouse is very big, uses no or little whole table as far as possible and be encrypted as.
The key list definition: key list is the mapped file of a table (record or field), comprises prompt table, and is as shown in table 7, and argument table.
Table 7, table level prompt table
Table name |
? |
Confidential |
The 1--256 level |
Cipher mode |
Record or field (10 is record, and 01 is field) |
The table key |
8 bytes |
If field encryption is then looked into the field level prompt table, recording of encrypted is then looked into record level prompt table.The field level prompt table, as shown in table 8:
Cipher mode: 01, field encryption then
Table 8, the field level prompt table
Field one |
Field two |
Field three |
? |
Field n |
0 |
1 |
0 |
? |
0 |
Record level prompt table, as shown in table 9:
Cipher mode: 10, then represent recording of encrypted
Table 9, record level prompt table
Record one |
Record two |
Record three |
? |
Record n |
0 |
0 |
1 |
? |
0 |
Key variable: each table has the table key of one 8 byte, and the table key also is not practical key, and real practical key is a packet key, and the key variable of each packet key is by the table key, record name, and the field name be combined into:
Packet key=table key+field name+record name;
File encryption (option): operating unit: the unit of data encryption operation is a grouping, in the computing of each grouping, all will define key variable again.
Encryption method: selected recording of encrypted or field encryption.At first will show key FS obtains:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Wherein, D is a decryption function, and E is an encryption function, and KUM is a library key, and MUM is the catalogue key, and FS is file key (a table key).
There has been FS just can calculate the key of each grouping,
Packet key BLK=shows key+field name+record name;
And can carry out function ECPH:
ECPH[RN,data]→E
BLK(data)
Encryption function ECPH divided for three steps carried out:
1)D
MUM(RN)=FS
2) FS+ record name+field name=BLK
3)E
BLK(data)
Wherein, E, D be add, decryption function, RN is the encryption of file key FS under catalogue key MUM, FS is the deciphering of RN under MUM conversely.BLK is a packet key, i.e. the field key.
File decryption: squeeze into the filename that to decipher, if cryptograph files, then reexamine and encrypt in the storehouse or the outer encryption in storehouse etc.Before file is deciphered, at first file key FS is obtained:
1)D
KUM(E
KUM(MUM))=MUM
2)D
MUM(E
MUM(FS))=FS
Had FS just can calculate the key of each grouping, deciphered, decryption function is called DCPH.
DCPH〔RN,E
BLK(data)〕→data
This function is carried out in two steps:
1)E
MUM(RN)=FS
2) FS+ record name+field name=BLK;
3)D
BLK(E
BLK(data))=data
Wherein, E, D be add, decryption function, file key FS is the encryption of random number R N under catalogue key MUM.BLK is packet key (a field key).
Specify database data encryption procedure of the present invention below:
Step S100, mould Q nonlinear feedback shift register 1 is an initial value with given key, carries out nonlinear feedback, its feedback data generates 18 states continuously through the replacement conversion of preset mmm substitution list, respectively encloses in the encryption and decryption computing at block cipher and uses;
Step S200 expands the data in the database or concentrates by byte, laterally add up, and in said mould Q nonlinear feedback shift register 1 derivative key indication down, replaces and substitution operation completion database data encryption and decryption.
Said step S200 comprises the following steps:
Step S210 when carrying out a byte manipulation, expands to 8 bytes with a given byte data by 1-bit; When carrying out two byte manipulations, given two byte datas are expanded to 8 bytes by 2-bit; When carrying out three byte manipulations, given 3 byte datas are expanded to 8 bytes by 3-bit; When carrying out the nybble operation, given 4 byte datas are expanded to 8 bytes by 4-bit;
Step S220, when carrying out a byte manipulation, with the 1-bit data centralization in 8 bytes in a byte; When carrying out two byte manipulations, with the 2-bit data centralization in 8 bytes in two bytes; When carrying out three byte manipulations, with the 3-bit data centralization in 8 bytes in three bytes; When carrying out nybble when operation, with the 4-bit data centralization in 8 bytes in nybble.
Step S230,8 byte datas after the expansion will pass through at each circle that left-hand adds up and dextrad adds up in computing.
Step S240,8 byte datas after the expansion, selected permutation table disk under the indication of the derivative key of mould Q nonlinear feedback shift register 1
i, the line replacement conversion of going forward side by side.In each circle computing, through twice displacement transformation.
Step S250 carries out subst with n the byte (n=1,2,3,4) after concentrating with byte position unit and replaces conversion, accomplishes the encryption and decryption of database data.
Be operating as example with 8-bit and 7-bit unitary code below, specify of the present invention
Embodiment one: the 8-bit unitary code is operated, and after encrypting, draws the binary data of 8-bit
Given key and data are following:
Byte order [7] [6] [5] [4] [3] [2] [1] [0]
Key variable key:08 07 06 05 04 03 02 01
Give given data:
Data length data variable data
byte=1 01
byte=2 02?01
byte=3 03?02?01
byte=4 04?03?02?01
byte=8 08?07?06?05?04?03?02?01
Wherein
Byte: field length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key variable
Data: the clear data that encrypt
Step S11 by given key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key:08 07 06 05 04 03 02 01
Derivative key keyb [0] then: 4C A4 7F 5D 08 18 94 B7
[1];?92?5F?60?D6?DC?38?95?62
[2]:?6F?E0?38?B7?89?52?F8?6F
[3]:?F8?64?03?7C?DC?6F?C7?CF
[4]:?1E?61?87?48?2F?69?42?85
[5]:?09?E2?D3?0B?CD?B4?B4?A3
[6]:?F7?2D?36?22?BC?BB?49?AB
[7]:?E8?6B?9E?81?BA?48?C2?DC
[8]:?BF?02?74?36?94?B8?9C?57
[9]:?BD?C9?6D?4C?2A?FF?DB?99
[10]:EF?90?6F?5F?0E?48?94?1A
[11]:8F?23?FB?41?2E?97?9E?0C
[12]:F1?CD?13?08?1E?AD?41?66
[13]:15?52?FF?92?67?D4?06?AA
[14];BA?34?D3?80?DF?40?FD?D7
[15]:3D?BD?27?6E?54?00?12?D7
[16]:EA?6A?2E?C3?34?30?A0?F1
[17]:27?7A?AF?82?7E?E6?A0?AC
Step S12 with data data and corresponding derivative key keyb [i+1, j] addition, obtains new data data;
forj:=0?to?byte-1?do
ifbits=8?then?data[j]:=(data[j]+keyb[i+1,j)mod?256
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod?256:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod?256;(96)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod?256; (39)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (97)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod?256; (DD)
data[2]:=(data[2]+keyb[i+1,2])mod?256; (3A)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (98)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod?256; (93)
data[6]:=(data[6]+keyb[i+1,6])mod?256; (61)
data[5]:=(data[5]+keyb[i+1,5])mod?256; (63)
data[4]:=(data[4]+keyb[i+1,4])mod?256; (DA)
data[3]:=(data[3]+keyb[i+1,3])mod?256; (E1)
data[2]:=(data[2]+keyb[i+1,2])mod?256; (3E)
data[1]:=(data[1]+keyb[i+1,1])mod?256; (9C)
data[0]:=(data[0]+keyb[i+1,0])mod?256; (6A)
Step S13, press the byte number with the data among the data encrypted storehouse data [i] and launch, and put into new data cell dd [j]:
1byte:63 presses 1-bit and launches
2byte:96 64 presses 2-bit and launches
3byte:39 97 65 presses 3-bit and launches
001 |
110 |
011 |
001 |
011 |
101 |
100 |
101 |
4byte:DD 3A 18 66 presses 4-bit and launches
1101 |
1101 |
0011 |
1010 |
0001 |
1000 |
0110 |
0110 |
8byte:93 61 63 DA E1 3E 9C 6A press 8-bit and launch
10010011 |
01100001 |
01100011 |
11011010 |
11100001 |
00111110 |
10011100 |
01101010 |
[0321]Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 1 1 0 0 0 1 1 (63)
byte=2:2 1 1 2 1 2 1 0 (96?64)
byte=3:1 6 3 1 3 5 4 5 (39?97?65)
byte=4:D D 3 A 9 8 6 6 (DD?3A?98?66)
byte=8:93?61?63?DA?E1?3E?9C?6A (93?61?63?DA?E1?3E?9C?6A)
Step S14, the data left-hand of encrypting among the new data cell dd in back adds up, and after adding up, is placed among the data cell ee, that is:
ee[0]:=dd[0];
forj:=1to?bits-1do?ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
The variable of each EE [i] after left-hand adds up:
Expansion is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 1 0 0 0 0 1 ?(21)
byte=2:2 0 3 2 0 3 1 0 ?(8E?34)
byte=3:4 3 5 2 1 6 1 5 ?(8E?A3?8D)
byte=4:4 7 A 7 D 4 C ?6 (47?A7?D4?C6)
byte=8:56?C3?62?FF?25?44?06?6A (56?C3?62?FF?25?44?06?6A)
Step S15, the data among the database ee are carried out keyb [0, i] control by derivative key, utilize conversion table disk8e displacement transformation.
By the table number that disk8e is indicated in the 7th, the 6 fen position of keyb [0, i], 5,4,3 fens position indication hand wheels, 2,1,0 indication starting point, as:
C:=(keyb [0, i] and 192) div 64 is counted in the control of [i] circle;
b:=(keyb[0,i]and?56)div?8;
a:=(keyb[0,i]and?7;
Keyb [0,0]=b7 in embodiments of the present invention, c=2, b=6, a=7 then, 2 tables, 6 opinions, 7 starting points:
ee:[7][6][5][4][3][2][1][0]
byte=1:0 0 1 0 0 0 0 1 (21)
byte=2:2 0 3 2 0 3 1 0 (8E?34)
byte=3:4 3 5 2 1 6 1 5 (8E?A3?8D)
byte=4:4 7 A 7 D 4 C 6 (47?A7?D4?C6)
byte=8:56?C3?62?FF?25?44?06?6A (56?C3?62?FF?25?44?06?6A)
Displacement:
byte=8:06?FF?44?C3?62?25?56?6A (06?FF?44?C3?62?25?56?6A)
byte=4:C 7 4 7 A D 4 6 (C7?47?AD?46)
byte=3:1 2 6 3 5 1 4 5 (2B?3A?65)
byte=2:1 2 3 0 3 0 2 0 (6C?C8)
byte=1:0 0 0 0 1 0 0 1 (09)
[7][6][5][4][3][2][1][0]
Step S16 with data cell ee and become byte to constitute new data data, and carries out list for conversion through substitution list subst8e, and is specific as follows:
Subst8e (09)=FF is an example with first row, and subst8e is a function name, replaces being FF. with 09
byte=1:subst8e(09)=FF
byte=2:subst8e(6C)=BC?subst8e(C8)=4E
byte=3:subst8e(2B)=7C?subst8e(3A)=6A?subst8e(65)=E0
byte=4:subst8e(C7)=B8?subst8e(47)=92?subst8e(AD)=F9?subst8e(46)=41
byte=8:subst8e(06)=2A?subst8e(FF)=86?subst8e(44)=D7?subst8e(C3)=68
subst8e(62)=1E?subst8e(25)=C4?subst8e(56)=F5?subst8e(6A)=9D
Step S17, data cell ee also becomes byte to be placed among the data cell data, and with keyb [i+10, j] addition;
forj:=0to?byte-1?do
data[j]:=(data[j]+keyb[i+10,j)mod?256;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod?256:(19)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod?256;(50)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (68)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod?256; ?(C4)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (FE)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (FA)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod?256; ?(C6)
data[2]:=(data[2]+keyb[i+10,2])mod?256; (DA)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (8D)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (5B)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod?256; (19)
data[6]:=(data[6]+keyb[i+10,6])mod?256; (16)
data[5]:=(data[5]+keyb[i+10,5])mod?256; (46)
data[4]:=(data[4]+keyb[i+10,4])mod?256; (C7)
data[3]:=(data[3]+keyb[i+10,3])mod?256; (2C)
data[2]:=(data[2]+keyb[i+10,2])mod?256; (0C)
data[1]:=(data[1]+keyb[i+10,1])mod?256; (89)
data[0]:=(data[0]+keyb[i+10,0])mod?256; (B7)
Step S18, launch data data, and leave among the data cell dd [i], then by given byte office:
ee[7]:=dd[7];
for?j:=6downto?0do?ee[j]:=(ee[j+1]+dd[j])mod?2**byte;
Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 0 1 1 0 0 1 ?(19)
byte=2:1 1 0 0 1 2 2 0 ?(5068)
byte=3:6 1 1 7 7 3 7 2 ?(C4FE?FA)
byte=4:C 6 D A 8 D 5 B ?(C6?DA?8D?5B)
byte=8:19?16?46?C7?2C?0C?89?B7 (19?16?46?C7?2C?0C?89?B7)
The variable of each ee [i] after left-hand adds up:
Expansion is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1:0 0 0 1 0 0 0 1 ?(11)
byte=2:1 2 2 2 3 1 3 3 (6A?DF)
byte=3:6 7 0 7 6 1 0 2 (DC?7C?42)
byte=4:C 2 F 9 1 E 3 E (C2?F9?1E?3E)
byte=8:19?2F?75?3C?68?74?FD?B4 (19?2F?75?3C?68?74?FD?B4)
Step S19, by keyb [9, i] control, data data carries out the disk8e displacement transformation.Keyb [9,0]=99 in the present embodiment, c=2, b=3, a=1, i.e. 2 tables, 3 opinions, 1 starting point:
Expansion is centralized
ee: [7][6][5][4][3][2][1][0]
byte=1:0 0 0 1 0 0 0 1 (11)
byte=2:1 2 2 2 3 1 3 3 (6A?DF)
byte=3:6 7 0 7 6 1 0 2 (DC?7C?42)
byte=4:C 2 F 9 1 E 3 E (C2F91E?3E)
byte=8:19?2F?75?3C?68?74?FD?B4 (19?2F?75?3C?68?74?FD?B4)
byte=8:74?B4?3C?2F?FD?19?68?75 (74?B4?3C?2F?FD?19?68?75)
byte=4:E E 9 2 3 C 1 F (EE?923C?1F)
byte=3:1 2 7 7 0 6 6 0 (2B?F1B0)
byte=2:1 3 2 2 3 1 3 2 (7A?DE)
byte=1:0 1 1 0 0 0 0 0 (60)
[7][6][5][4][3][2][1][0]
Arrive this, the 0th circle computing finishes, and gets into the 1st circle computing, makes 8 circles altogether, and its encrypted result is following:
byte=1 byte=2 byte=3 byte=4
[0]?60 7A?DE 2B?F1?B0 ?EE?92?3C?1F
[1]?09 4A?AB 49?96?EC ?FE?5C?12?A4
[2]?82 CB?EF BD?96?F2 ?E8?E5?EE?4B
[3]?4D F6?90 4C?43?10 ?A8?E0?B0?B0
[4]?98 10?72 45?B6?22 ?BA?A0?10?DE
[5]?7A 90?01 20?3A?C5 ?C0?71?DC?C5
[6]?81 8E?EE 3C?90?64 ?EC?23?0B?10
[7]?47 6E?BA 81?C8?02 ?CB?6A?D3?6A
byte=8
[0] 74?B4?3C?2F?FD?19?68?75
[1] FE?FE?D5?E6?3D?FE?95?DB
[2] A0?09?DB?68?EE?A8?A5?FF
[3] E0?0C?66?E8?58?29?13?DB
[4] 7F?5D?59?F8?8D?C4?E6?8E
[5] E9?55?F2?C8?3D?1E?96?2B
[6] 61?F6?54?E2?06?62?0D?EA
[7] CF?3E?B1?D8?C1?9B?32?20
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CF 3E B1 D8 C1 9B 32 20 through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: CB 6A D3 6A through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 81 C8 02 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 6E BA through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 through 8 circle conversion.
The sign bit reservation earlier of each byte is got up in the operation of two: 7 unitary codes (7-bit) of embodiment, and the binary code of 7-bit still can get the binary code of 7-bit after encrypting, then the sign bit that keeps is reverted to each byte, makes it to become the ASK sign indicating number of 8-bit.
Given key and data are following:
[7][6][5][4][3][2][1][0]
Given key key:08 07 06 05 04 03 02 01
Give given data data:
byte=1 01
byte=2 02?01
byte=3 03?02?01
byte=4 04?03?02?01
byte=8 08?07?06?05?04?03?02?01
Wherein
Byte: block length, byte=1,2,3,4,8 five kinds
I: i encloses computing
Key: given key
Step S21 by primary key key, utilizes mould Q nonlinear feedback shift register 1 to feed back computing, obtains 18 groups of derivative key keyb;
[7][6][5][4][3][2][1][0]
If given key key:08 07 06 05 04 03 02 01
Derivative key keyb [0] then: 4C A4 7F 5D 08 18 94 B7
[1]:92?5F?60?D6?DC?38?95?62
[2]:6F?E0?38?B7?89?52?F8?6F
[3]:F8?64?03?7C?DC?6F?C7?CF
[4]:1E?61?87?48?2F?69?42?85
[5]:09?E2?D3?0B?CD?B4?B4?A3
[6]:F7?2D?36?22?BC?BB?49?AB
[7]:E8?6B?9E?81?BA?48?C2?DC
[8]:BF?02?74?36?94?B8?9C?57
[9]:BD?C9?6D?4C?2A?FF?DB?99
[10]:EF?90?6F?5F?0E?48?94?1A
[11]:8F?23?FB?41?2E?97?9E?0C
[12]:F1?CD?13?08?1E?AD?41?66
[13]:15?52?FF?92?67?D4?06?AA
[14]:BA?34?D3?80?DF?40?FD?D7
[15]:3D?BD?27?6E?54?00?12?D7
[16]:EA?6A?2E?C3?34?30?A0?F1
[17]:27?7A?AF?82?7E?E6?A0?AC
Step S22 with the data data and corresponding derivative key keyb [i+1, the j] addition of relation data unit, carries out encryption.
for?j:=0?to?byte-1?do
data[j]:=(data[j]+keyb[i+1,j)mod?128;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+1,0])mod?128:(63)
byte=2:data[1]:=(data[1]+keyb[i+1,1])mod?128;(16)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (64)
byte=3:data[2]:=(data[2]+keyb[i+1,2])mod?128; (39)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (17)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (65)
byte=4:data[3]:=(data[3]+keyb[i+1,3])mod?128; (5D)
data[2]:=(data[2]+keyb[i+1,2])mod?128; (3A)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (18)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (66)
byte=8:data[7]:=(data[7]+keyb[i+1,7])mod?128; (13)
data[6]:=(data[6]+keyb[i+1,6])mod?128; (61)
data[5]:=(data[5]+keyb[i+1,5])mod?128; (63)
data[4]:=(data[4]+keyb[i+1,4])mod?128; (5A)
data[3]:=(data[3]+keyb[i+1,3])mod?128; (61)
data[2]:=(data[2]+keyb[i+1,2])mod?128; (3E)
data[1]:=(data[1]+keyb[i+1,1])mod?128; (1C)
data[0]:=(data[0]+keyb[i+1,0])mod?128; (6A)
Step S23 presses the byte number with the data among the data encrypted unit data [i] and launches, and puts into new data cell dd [j].
1byte:7 unit 63 presses 1bit and launches
2byte:7 unit 16 64 presses 2bit and launches
3byte:7 unit 39 17 65 presses 3bit and launches
? |
011 |
100 |
100 |
101 |
111 |
100 |
101 |
The 5D 3A of 4byte:7 unit 18 66 presses 4bit and launches
? |
1011 |
1010 |
1110 |
1000 |
1100 |
0110 |
0110 |
[0511]13 61 63 5A, the 61 3E 1C 6A of 8byte:7 unit still press 7bit and launch
?0010011 |
1100001 |
1100011 |
1011010 |
1100001 |
0111110 |
0011100 |
01101010 |
Expansion 7bit is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 1 1 0 0 0 1 1 ?(63)
byte=2: 0 2 3 1 2 1 0 ?(16?64)
byte=3: 3 4 4 5 7 4 5 ?(39?17?65)
byte=4: B A E 8 C 6 6 ?(5D?3A?18?66)
byte=8:13?61?63?5A?61?3E?1C?6A (13?61?63?5A?61?3E?1C?6A)
Step S24, the data left-hand of encrypting among the new data cell dd in back adds up, and after adding up, is placed among the data cell ee [i], then:
ee[0]:=dd[0];
for?j:=1to?bits-1?do?ee[j]:=(ee[j-1]+dd[j])mod(2**byte);
When byte=8
for?j:=1to?bits-1?do?ee[j]:=(ee[j-1]+dd[j])mod(2**(byte-1));
Expansion 7-bit is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 1 0 0 0 0 1 (21)
byte=2: 1 1 3 0 3 1 0 (2E?34)
byte=3: 0 5 1 5 0 1 5 (0A?34?0D)
byte=4: 3 8 E 0 8 C 6 (1C?38?11?46)
byte=8:56?43?62?7F?25?44?06?6A (56?43?62?7F?25?44?06?6A)
Step S25, the data among the data cell ee are carried out keyb [0, i] control by derivative key, utilize conversion table disk7e displacement transformation.
But disk8e identical when when byte=8, then carrying out with bits=8 operates.When byte <>8, by the 6th, 5 the indication di sk7e table number of keyb [0, i], 5,4,3 indication hand wheels, 2,1,0 indication starting point, as:
The control number of [i] circle: c:=(keyb [0, i] and 96) div 32;
b:=(keyb[0,i]and?56)div?8;
a:=(keyb[0,i]and?7;
Keyb [0,0]=b7 in embodiments of the present invention, c=1, b=8, a=7mod 7=0, i.e. 1 table, 6 opinions, 0 starting point:
Expansion 7-bit is centralized
Before: ee: [6] [5] [4] [3] [2] [1] [0]
byte=1:0 1 0 0 0 0 1 (21)
byte=2:1 1 3 ?0 3 1?0 (2E?34)
byte=3:0 5 1 5 0 1 5 (0A?34?0D)
byte=4:3 8 E 0 8 C 6 (1C?38?11?46)
byte=4:C 8 E 6 0 3 8 (64?39?40?38)
byte=3:1 5 1 5 5 0 0 (1A?36?40)
byte=2:1 1 3 0 0 1 3 (2F?07)
byte=1:0 1 0 1 0 0 0 (28)
dd: [6][5][4][3][2][1][0]
When bits=8, c=1, b=6, a=7, through di sk8e conversion, then:
[7][6][5][4][3][2][1][0]
56?43?62?7F?25?44?06?6A
6A?06?56?43?25?62?44?7F
Step S26 with data cell ee and become byte to constitute new data unit data data, and carries out list for conversion through substitution list subst7e.
With first behavior example, sbust7e is 7 encrypted in units tables among the subst7e (28)=74, and 28 replacements are 74.
byte=1:subst7e(28)=74
byte=2:subst7e(2E)=75?subst7e(07)=24
byte=3:subst7e(1A)=3F?subst7e(36)=19?subst7e(40)=5B
byte=4:subst7e(64)=73?subst7e(39)=21?subst7e(40)=5B subst7e(38)=12
byte=8:subst7e(6A)=48?subst7e(06)=09?subst7e(56)=08?subst7e(43)=7A
subst7e(25)=7E?subst7e(62)=6E?subst7e(44)=2B?subst7e(7F)=2D
Step S27, data cell ee also becomes byte to be placed among the data cell data, and with keyb [i+10, j] addition;
for?j:=0to?byte-1do
data[j]:=(data[j]+keyb[i+10,j])mod?128;
The result of data of (i=0) variant field length and key variable addition is following during the 0th circle:
byte=1:data[0]:=(data[0]+keyb[i+10,0])mod?128:(0E)
byte=2:data[1]:=(data[1]+keyb[i+10,1])mod?128;(09)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(31)
byte=3 data[2]:=(data[2]+keyb[i+10,2])mod?128;(07)
data[1]:=(data[1]+keyb[i+10,1])mod?128;(2D)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(75)
byte=4 data[3]:=(data[3]+keyb[i+10,3])mod?128;(01)
data[2]:=(data[2]+keyb[i+10,2])mod?128;(69)
data[1]:=(data[1]+keyb[i+10,1])mod?128;(6F)
data[0]:=(data[0]+keyb[i+10,0])mod?128;(2C)
byte=8:data[7]:=(data[7]+keyb[i+10,7])mod?128;(37)
data[6]:=(data[6]+keyb[i+10,6])mod?128;(19)
data[5]:=(data[5]+keyb[i+10,5])mod?128;(77)
data[4]:=(data[4]+keyb[i+10,4])mod?128;(59)
data[3]:=(data[4]+keyb[i+10,3])mod?128;(0C)
data[2]:=(data[5]+keyb[i+10,2])mod?128;(36)
data[1]:=(data[6]+keyb[i+10,1])mod?128;(3F)
data[0]:=(data[7]+keyb[i+10,0])mod?128;(47)
Step S28, press byte office with data data and launch, and leave among the data cell dd [i], then:
Expansion is centralized
If: dd: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 1 1 0 (0E)
byte=2: 0 1 0 2 3 3 2 (09?3E)
byte=3: 0 3 5 3 3 6 5 (07?2D?75)
byte=4: 0 3 A 7 7 A C (01?69?6F?2C)
byte=8:37?19?77?59?0C?36?3F?47 (37?19?77?59?0C?36?3F?47)
The variable of each ee [i] after dextrad adds up:
ee[7]:=dd[7];
for?j:=6downto?0?do?ee[j]:=(ee[j+1]+dd[j])mod?2**byte;
When byte=8
for?j:=6?downto?0?do?ee[j]:=(ee[j+1]+dd[j])mod?2**(byte-1);
Expansion 7-bit is centralized
Then: ee: [7] [6] [5] [4] [3] [2] [1] [0]
byte=1: 0 0 0 1 0 1 1 ?(0B)
byte=2: 0 1 1 3 2 1 3 ?(0B?67)
byte=3: 0 3 0 3 6 4 1 ?(06?0F?21)
byte=4: 0 3 D 4 B 5 1 ?(01?75?16?51)
byte=8: 37?50?21?68?50?37?2C?62 ?(37?50?21?68?50?37?2C?62)
Step S29, by keyb [9, i] control, data data carries out disk7e and disk8e displacement transformation.Keyb [9,0]=99 in the present embodiment, c=0, b=3, a=1, i.e. 0 table, 3 opinions, 1 starting point:
Expansion 7bit is centralized
[6][5][4][3][2][1][0]
byte=1:0 0 0 1 0 1 1 ?(0B)
byte=2:0 1 1 3 2 1 3 ?(0B?67)
byte=3:0 3 0 3 6 4 1 ?(06?0F?21)
byte=4:0 3 D 4 B 5 1 ?(01?75?16?51)
byte=4:5 3 4 1 D B 0 ?(29?50?3B?30)
byte=3:4 3 3 1 0 6 0 ?(46?64?30)
byte=2:1 1 3 3 1 2 0 (2F?58)
byte=1:1 0 1 1 0 0 0 (58)
[6][5][4][3][2][1][0]
When byte=8, replacement operator is following:
[7][6][5][4][3][2][1][0]
37?50?47?20?2C?62?21?68
47?20?21?68?50?37?2C?62
[7][6][5][4][3][2][1][0]
Finish to this 0th circle computing, get into the 1st circle computing, when bits<8, do 7 circle computings, then do 8 circle computings during bits=8, its encrypted result is following:
byte=1 byte=2 byte=3 byte=4
[0]?58 2F?58 46?64?30 29?50?3B?30
[1]?16 27?79 1B?3E?7D 41?1B?3D?35
[2]?1E 3D?5E 4B?42?66 51?62?72?46
[3]?1E 52?45 17?47?5F 7C?0A?52?1A
[4]?20 25?59 37?75?31 36?30?15?6B
[5]?7B 07?3E 6E?60?07 0F?74?78?38
[6]?65 31?48 5B?1A?74 73?2B?38?7A
[7]?7E 13?2F 78?62?56 47?1E?07?11
byte=8
[0]?47?20?21?68?50?37?2C?62
[1]?18?31?30?52?14?77?34?44
[2]?42?0C?07?09?42?0E?00?02
[3]?16?63?68?03?69?25?7E?32
[4]?7B?60?2D?3C?6F?4F?77?12
[5]?66?04?42?37?7E?4F?2B?50
[6]?43?63?16?79?03?52?30?38
[7]?43?65?48?1C?4D?52?22?1E
Give given data 08 07 06 05 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 43 65 48 1C 4D, 52 22 1E through 8 circle conversion.
Give given data 04 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 47 1E 07 11 through 8 circle conversion.
Give given data 03 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 78 62 56 through 8 circle conversion.
Give given data 02 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password at last: 13 2F through 8 circle conversion.
Give given data 01 under the effect of key 08 07 06 05 04 03 02 01,, obtain password: 7E at last through 8 circle conversion.
Database data encryption system of the present invention and method, the encryption that it is exclusively used in storage data such as database particularly concerns the encryption in storehouse.Generally all there are tight access control mechanisms, the safety in protected data storehouse in the storehouse system.
The safety that concerns storehouse encipherment protection data content of the present invention drops to minimum with the database influence, does not influence database retrieval efficient, does not also destroy database data structure.
7.1 key granularity
Database of the present invention is provided with the structure key.
The structure key is used for cutting apart of database, and a storehouse can be provided with a kind of structure key, or Database Systems are provided with a kind of structure key:
(1) mmm, subst8e, subst7e substitution list;
(2) disk8e, disk7e entanglement table;
And database has library key.
Catalogue has the catalogue key, and different directories has defined different keys.
File has the file key.Each part file (table) has a file key FS, and length is 64bit, when creating file, produces automatically, under the encipherment protection of catalogue key mum, deposits in the file key file.As:
E
mum(FS);
The access right of file key file is identical with the access right of file.The file key is used for the encryption and decryption of data.As:
E
Fs(data);
There has been the file key just to define record key and field key automatically.
Data base encryption system and method for the present invention can be controlled the confusion and the diffusivity of enciphered data well
In each circle conversion, data variable combines with key variable, and is single for changing with once through twice entanglement variation, reaches chaotic preferably effect.
In each circle conversion, the expansion through twice bit collection and concentrating, laterally adding up for twice to change with single generation once changes, and reaches diffusion effect preferably.
Level was provided with for 8 generations one on top of another, and the used key of each layer is all inequality.Key is derived from by non-linear mould q shifting memory, extracts with the interval of 16 circles and 24 circles, has destroyed the continuity of sequence.
Above analysator can find out that the present invention is under the prerequisite that guarantees density, and it is convenient better to have solved database retrieval, keeps the contradiction of data structure.
In conjunction with the drawings to the description of the specific embodiment of the invention, others of the present invention and characteristic are conspicuous to those skilled in the art.
More than specific embodiment of the present invention is described and explains it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.