CN104009835A - File encrypting and decrypting method allowing parallel computing to be conducted in cloud storage system - Google Patents

Abstract

The invention provides a file encrypting and decrypting method allowing parallel computing to be conducted in a cloud storage system. According to the method, through a parallel computing mechanism of a cloud computing environment, such as a MapReduce parallel computing technology, grouped encryption is conducted on plaintext data, and through a partitioned matrix multiplication algorithm, encryption of a whole file is finally achieved and the encrypted file is uploaded to the storage system of the cloud computing environment. The method includes five steps of generating an involutory secret key matrix, calculating a computing secret key, partitioning a data file, encrypting data and decrypting the data. In an encryption system initialization process, a modular arithmetic method is adopted, a random secret key matrix is constructed, and the matrix has the characteristic that the matrix is equal to the inverse matrix of the matrix. In a matrix partitioning process, through a boundary division method, each block of parallel computing is determined. In a data encrypting process, through the partition multiplication of the secret key matrix and a plaintext matrix, encryption of the plaintext data is finally achieved. In a decrypting process, according to the property of an involutory matrix, a ciphertext matrix is multiplied by the secret key matrix, mocking up is conducted, and the final encrypted file is obtained.

Description

File encryption decryption method that can parallel computation in a kind of cloud storage system

Technical field

The present invention is directed to the data file safety problem that needs storage in cloud computing environment, a kind of encrypting and decrypting scheme that is applicable to cloud computing environment has been proposed, its thinking is: the file that the owner of data file will be stored in cloud environment is first encrypted, upload to again in the memory space of renting, for user, realize the confidentiality requirement to data.The present invention relates to matrix computations, parallel computing and cloud computing technology, belong to information security field.

Background technology

Large data security field is the hot issue receiving much concern in recent years.On the one hand, data owner is stored in a large amount of data in cloud computing environment, accesses for user.But in these mass data, there are a lot of sensitive datas need to ensure its confidentiality, as privacy information such as positional information, personal identification etc., how to realize the information encryption to data file in this class memory module, realization safety, effective, simple data access control are that the problem that practical application need to solve is moved towards in cloud computing.On the other hand, because file data quantity is large, need to build a kind of fast encryption scheme for large data, and in cloud computing environment, will solve and how can utilize the feature that cloud computing environment can parallel computation, realize the fast parallel encryption of large data.The present invention is exactly for the confidentiality of file data and can concurrency, has proposed a kind of parallel encryption decryption technology that can be applicable to cloud computing environment, and this scheme can effectively improve the enciphering rate of big data quantity.

Method has comprised key submatrix and has generated, computation key matrix, data file piecemeal, the five steps such as data encryption, data deciphering.In encryption system initialization, method adopts modular arithmetic method, has constructed a random key matrix, and this matrix has matrix and equal the feature of its inverse matrix; In deblocking process, the data that will encrypt are divided into matrix form.In data encryption process, by cipher key matrix and plaintext block multiplication of matrices, finally realize the encryption to clear data.Decrypting process is the feature according to involutory matrix, by the product of ciphertext matrix and cipher key matrix, then carries out modulo operation acquisition.

Owing to adopting the computing such as block encryption, make the method proposing can utilize the concurrent technique in cloud computing environment, that realizes encryption method can parallel computation.

Summary of the invention

Goal of the invention: the object of this invention is to provide the parallel encryption decryption method to storage file in a kind of cloud computing environment, realize a kind of parallel encrypting and decrypting scheme by the concurrent technique in conjunction with cloud computing environment and matrix in block form multiplication encryption technology, to improve the encryption/decryption speed of big data quantity.

Technical scheme: the present invention for achieving the above object, adopts following technical scheme:

Step 1: generate the sub-key matrix in scrambled matrix

The exponent number of note cipher key matrix K is N, the integral number power that N is 2, the total N of cipher key matrix ²individual element, is divided into 4 by this cipher key matrix: K ₁₁, K ₁₂, K ₂₁, K ₂₂, the square formation that wherein each order of matrix number is N/2.

$K={\left[\begin{array}{cc}{K}_{11}& K_{12}\\ K_{21}& K_{22}\end{array}\right]}_{N\×N}---\left(1\right)$

First calculate sub-key matrix K ₂₂in element x _ij, 1≤i, j≤N/2, concrete grammar is in integer range (0,127), to get random number as entry of a matrix element x _ij, have:

$\≤x_{\mathrm{ij}}\≤127(1\≤i,j\≤\frac{N}{2})---\left(2\right)$

Step 2: computation key matrix K

By antithetical phrase cipher key matrix K ₂₂computing can to generate cipher key matrix be K, computational methods are as follows:

$\begin{array}{c}{K}_{11}=-K_{22}\mathrm{mod}127\\ K_{12}=(I+K_{22})\×2\mathrm{mod}127\\ K_{21}=(I+K_{11})\×\frac{1}{2}\mathrm{mod}127\end{array}---\left(3\right)$

Wherein I is that exponent number is the unit matrix of N/2, K ₁₁be that the inverse operation of submatrix process mould obtains, mould inverse operation concrete grammar is as follows:

Y _ij=127-x _ij%127, wherein $x_{\mathrm{ij}}\∈K_{22},y_{\mathrm{ij}}\∈K_{11},1\≤i,j\≤\frac{N}{2}---\left(4\right)$

K ₁₂first to ask unit matrix and K ₂₂and, then to matrix with carry out modulo operation and obtain.

K ₂₁first to ask unit matrix and K ₁₁and, then to matrix with carry out Modulo division and obtain, computing concrete grammar is as follows:

wherein $x_{\mathrm{ij}}\∈K_{11}+I{z}_{\mathrm{ij}}\∈K_{21},1\≤i,j\≤\frac{N}{2}---\left(5\right)$

By calculating the value of each element in each piece submatrix that can calculate respectively cipher key matrix.Four sub-matrix group can be obtained to cipher key matrix K altogether.

Step 3: data file encryption is carried out to piecemeal

The source data file that will encrypt is carried out to the partitioning of matrix, make each piece can be independently and cipher key matrix carry out parallel encryption computing, ensure the concurrency of ciphering process.The matrix P that the data file row that will encrypt is M × N for dimension, if length is not expressly the integral multiple of N, fills with 0 element.Data file to be encrypted is read in to expressly matrix P with corresponding ASCII character.

Step 4: data file is encrypted

To being expressly encrypted.Encryption method is:

C＝PKmodm (6)

Expressly Matrix Multiplication, with cipher key matrix, each element is wherein carried out to m modulo operation, finally obtains ciphertext Matrix C.

Step 5: ciphertext matrix is decrypted

Can be by obtaining expressly matrix with the calculating of cipher key matrix to the ciphertext matrix generating.Due to cipher key matrix be to and matrix, i.e. K=K ^-1, we have:

C＝PK

CK ^-1＝PKK ^-1 (7)

CK ^-1＝P

, expressly matrix P is:

P＝CKmodm (8)

Carry out product by ciphertext matrix and cipher key matrix, then get m modular arithmetic.Because ciphertext is matrix structure, each piece can be independently and cipher key matrix carry out multiplication calculating, to ensure the concurrency of decrypting process.

Beneficial effect: the parallel encryption scheme that the present invention designs has solved two problems that will solve in cloud computing actual application, the one, the confidentiality requirement of data owner to data file, by the block encryption to clear text file, upload and be stored in cloud environment, ensure that data owner's sensitive information is protected; The 2nd, for large data high-speed calculation requirement, employing block encryption etc. is seen parallel computing technique, make the ciphering process of data file can utilize the parallel computing in cloud computing environment, realize the high-speed parallel that large data files is encrypted and calculate, finally meet the secure high-speed access of large data in cloud computing environment.

Brief description of the drawings

Fig. 1 is the flow process of encipherment scheme.

Embodiment

Below the enforcement of technical scheme is described in further detail:

Step 1: generate the sub-key matrix in scrambled matrix

The exponent number of getting cipher key matrix is N=4 (integral number power that N is 2), i.e. the total N of cipher key matrix ²=16 elements, need the accidental enciphering sequence x producing _ifor

$0\≤x_i\≤127(1\≤i\≤\frac{N^2}{4})---\left(1\right)$

Need to produce individual stochastic ordering train value, establishes the accidental enciphering sequence (0,1,2,3) of generation, for the sub-key order of matrix number generating is N/2=2, i.e. and the total N of cipher key matrix ²/ 4=4 element.The sub-key matrix generating is

$K_{22}=\left(\begin{array}{cc}0& 1\\ 3& 2\end{array}\right)---\left(2\right)$

Step 2: generate cipher key matrix

Computing by antithetical phrase cipher key matrix can generate involutory cipher key matrix K, and note cipher key matrix is divided into four and is respectively K ₁₁, K ₁₂, K ₂₁, K ₂₂.We have:

$\begin{array}{c}{K}_{22}=\left(\begin{array}{cc}0& 1\\ 3& 2\end{array}\right)\\ K_{11}=-K_{22}\mathrm{mod}127\\ K_{12}=(I+K_{22})\×2\mathrm{mod}127\\ K_{21}=(I+K_{11})\×\frac{1}{2}\mathrm{mod}127\end{array}---\left(3\right)$

Wherein I is that exponent number is the unit matrix of N/2, K ₁₁be that the inverse operation of submatrix process mould obtains, mould inverse operation concrete grammar is as follows:

$\begin{array}{c}{y}_{\mathrm{ij}}=127-x_{\mathrm{ij}}\%127\\ y_{11}=127-0\%127=127\\ y_{12}=127-1\%127=126\\ y_{21}=127-3\%127=124\\ y_{22}=127-2\%127=125\\ K_{11}=\left(\begin{array}{cc}127& 126\\ 124& 125\end{array}\right)\end{array}---\left(4\right)$

K ₁₂first to ask unit matrix and K ₂₂and, then to matrix with do that modulo operation obtains.

$K_{12}=\left(\begin{array}{cc}2& 2\\ 6& 6\end{array}\right)$

K ₂₁first to ask unit matrix and K ₁₁and, then to matrix with do that Modulo division obtains, computing concrete grammar is as follows:

$K_{12}=\left(\begin{array}{cc}64& 63\\ 62& 63\end{array}\right)$ By calculating the value of each element in each piece submatrix that can calculate respectively cipher key matrix.Four sub-matrix group can be obtained to cipher key matrix K altogether.

$K=\left(\begin{array}{cccc}127& 126& 2& 2\\ 124& 125& 6& 6\\ 64& 63& 0& 1\\ 62& 63& 3& 2\end{array}\right)$

Step 3: the data file that encrypt is carried out to piecemeal

The data file that will encrypt is carried out to piecemeal, to ensure the concurrency of ciphering process.The plaintext sequence that summary is encrypted is (0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31)

Expressly the dimension of matrix is M × N=8 × 4.The ASC II code for the treatment of close file is read in to expressly matrix, with the storage of one-dimension array form.When the element number of matrix stores is greater than file size, not enough position is by 0 polishing.Expressly matrix P is

$P=\left(\begin{array}{cccc}0& 1& 2& 3\\ 4& 5& 6& 7\\ 8& 9& 10& 11\\ 12& 13& 14& 15\\ 16& 17& 18& 19\\ 20& 21& 22& 23\\ 24& 25& 26& 27\\ 28& 29& 30& 31\end{array}\right)$

Step 4: data file is encrypted

After to plaintext matrix and cipher key matrix piecemeal, to being expressly encrypted.Cryptographic algorithm is as follows:

C＝PKmodm (6)

Expressly Matrix Multiplication is with cipher key matrix, and wherein each element finally obtains ciphertext Matrix C to m modulo operation.Have:

$C=\left(\begin{array}{cccc}0& 1& 2& 3\\ 4& 5& 6& 7\\ 8& 9& 10& 11\\ 12& 13& 14& 15\\ 16& 17& 18& 19\\ 20& 21& 22& 23\\ 24& 25& 26& 27\\ 28& 30& 31& 32\end{array}\right)\×\left(\begin{array}{cccc}127& 126& 2& 2\\ 124& 125& 6& 6\\ 64& 63& 0& 1\\ 62& 63& 3& 2\end{array}\right)\mathrm{mod}127=\left(\begin{array}{cccc}57& 59& 15& 14\\ 41& 43& 59& 58\\ 25& 27& 103& 102\\ 9& 11& 20& 19\\ 120& 122& 64& 63\\ 104& 106& 108& 107\\ 88& 90& 25& 24\\ 72& 74& 69& 68\end{array}\right)$

Step 5: ciphertext matrix is decrypted

Obtaining after ciphertext and cipher key matrix, according to Xi Er deciphering principle, to being expressly decrypted.Due to cipher key matrix be to and matrix, i.e. K=K ^-1, can obtain expressly matrix and be

P＝CKmodm (7)

$P=\mathrm{CK}\mathrm{mod}127=\left(\begin{array}{cccc}57& 59& 15& 14\\ 41& 43& 59& 58\\ 25& 27& 103& 102\\ 9& 11& 20& 19\\ 120& 122& 64& 63\\ 104& 106& 108& 107\\ 88& 90& 25& 24\\ 72& 74& 69& 68\end{array}\right)\·\left(\begin{array}{cccc}127& 126& 2& 2\\ 124& 125& 6& 6\\ 64& 63& 0& 1\\ 62& 63& 3& 2\end{array}\right)\mathrm{mod}127=\left(\begin{array}{cccc}0& 1& 2& 3\\ 4& 5& 6& 7\\ 8& 9& 10& 11\\ 12& 13& 14& 15\\ 16& 17& 18& 19\\ 20& 21& 22& 23\\ 24& 25& 26& 27\\ 28& 29& 30& 31\end{array}\right)$

Claims (1)

1. a file encryption decryption method that can parallel computation in cloud storage system, is characterized in that the method comprises the following steps:

Step 1: generate the sub-key matrix in scrambled matrix

The exponent number of note cipher key matrix K is N, the integral number power that N is 2, the total N of cipher key matrix ²individual element, is divided into 4 by this cipher key matrix: K ₁₁, K ₁₂, K ₂₁, K ₂₂, the square formation that wherein each order of matrix number is N/2,

$K={\left[\begin{array}{cc}{K}_{11}& K_{12}\\ K_{21}& K_{22}\end{array}\right]}_{N\×N}---\left(1\right)$

First calculate sub-key matrix K ₂₂in element x _ij, 1≤i, j≤N/2, concrete grammar is in integer range (0,127), to get random number as entry of a matrix element x _ij, have:

$\≤x_{\mathrm{ij}}\≤127(1\≤i,j\≤\frac{N}{2})---\left(2\right)$

Step 2: computation key matrix K

By antithetical phrase cipher key matrix K ₂₂computing can to generate cipher key matrix be K, computational methods are as follows:

$\begin{array}{c}{K}_{11}=-K_{22}\mathrm{mod}127\\ K_{12}=(I+K_{22})\×2\mathrm{mod}127\\ K_{21}=(I+K_{11})\×\frac{1}{2}\mathrm{mod}127\end{array}---\left(3\right)$

Wherein I is that exponent number is the unit matrix of N/2, K ₁₁be that the inverse operation of submatrix process mould obtains, mould inverse operation concrete grammar is as follows:

Y _ij=127-x _ij%127, wherein $x_{\mathrm{ij}}\∈K_{22},y_{\mathrm{ij}}\∈K_{11},1\≤i,j\≤\frac{N}{2}---\left(4\right)$

K ₁₂first to ask unit matrix and K ₂₂and, then to matrix with carry out modulo operation and obtain;

K ₂₁first to ask unit matrix and K ₁₁and, then to matrix with carry out Modulo division and obtain, computing concrete grammar is as follows:

wherein $x_{\mathrm{ij}}\∈K_{11}+I{z}_{\mathrm{ij}}\∈K_{21},1\≤i,j\≤\frac{N}{2}---\left(5\right)$

By calculating the value of each element in each piece submatrix that can calculate respectively cipher key matrix, four sub-matrix group can be obtained to cipher key matrix K altogether;

Step 3: data file encryption is carried out to piecemeal

The source data file that will encrypt is carried out to the partitioning of matrix, make each piece can be independently and cipher key matrix be encrypted computing, ensure the concurrency of ciphering process, the matrix P that the data file row that will encrypt is M × N for dimension, if length is not expressly the integral multiple of N, fill with 0 element, data file to be encrypted is read in to expressly matrix P with corresponding ASCII character;

Step 4: data file is encrypted

To being expressly encrypted, encryption method is:

C＝PKmodm (6)

Expressly Matrix Multiplication, with cipher key matrix, each element is wherein carried out to m modulo operation, finally obtains ciphertext Matrix C;

Step 5: ciphertext matrix is decrypted

Can be by obtaining expressly matrix with the calculating of cipher key matrix to the ciphertext matrix generating, due to cipher key matrix be to and matrix, i.e. K=K ^-1, we have:

C＝PK

CK ^-1＝PKK ^-1 (7)

CK ^-1＝P

, expressly matrix P is:

P＝CKmodm (8)

Carry out product by ciphertext matrix and cipher key matrix, then get m modular arithmetic, because ciphertext is matrix structure, each piece can independently carry out multiplication calculating with cipher key matrix, to ensure the concurrency of decrypting process.