CN106603224A - Safety operation method and system based on white box encryption - Google Patents

Abstract

The invention provides a safety operation method and system based on white box encryption. The corresponding encryption algorithm and the decryption algorithm are matched by employing a series of static data as fixed input, lightweight safety operation can be realized, the volume of the static data is small, the operation efficiency is high, and relatively high encryption security can be obtained in a white box attack environment with limited calculating resources.

Description

The method for safe operation encrypted based on whitepack and system

Technical field

The present invention relates to network safety filed, more particularly to a kind of method for safe operation encrypted based on whitepack and it is System.

Background technology

With the development of the technologies such as Internet of Things and mobile computing, program may operate in scene in unsafe conditions also day Benefit increases, such as by attacker's pickup or the smart mobile phone stolen and panel computer, the sensor network nodes being captured etc., Among running environment in being absolutely unsafe.The safety of the cryptographic algorithm and agreement safety overall to guarantee information system is to pass It is important.The attack model of traditional cryptographic system, chosen -plain attact and chosen ciphertext attacks etc., are all based on one jointly It is assumed that i.e. cryptographic algorithm is operated on safe terminal.Side-channel attack allows attacker to obtain certain leakage information, But still constraining for function is leaked by what is given.And aforesaid some unsafe conditions, attacker is to program and its running Unrestricted and observation can be carried out and intervened.Now, among white-box attack context, attacker can be using reverse for program The strong attack method such as engineering and trace debug, is analyzed to crypto module and cracks.

Known whitepack encryption method, needs mostly large volume of static lookup table (MB of hundreds of KB to tens), and counts Calculate cost larger, the embedded device not being suitable in mobile terminal and Internet of Things.In consideration of it, how to find safety preferably, And while the lightweight whitepack encryption method with less static data volume and higher operational efficiency, just into this area Technical staff's problem demanding prompt solution.

The content of the invention

The shortcoming of prior art in view of the above, it is an object of the invention to provide a kind of safety encrypted based on whitepack Operation method and system, for solving to realize in prior art while having less static data volume and higher fortune The problem of the encryption and decryption of line efficiency.

For achieving the above object and other related purposes, the present invention provides a kind of safe operation side encrypted based on whitepack Method, including：Main frame of the order in security context is generated quiet for the encryption of encryption respectively according to default data genaration algorithm State data acquisition system and the decryption static data set for decryption；The encryption static data set is stored in a terminal to set It is standby, and the decryption static data set is stored in into a security terminal in security context；When the terminal unit pair When the plaintext of one input is encrypted, the encryption static data collection merga pass is called to default in the encryption of the terminal unit Algorithm, is encrypted to obtain the ciphertext of corresponding output to the plaintext of the input；When the terminal unit is to an input When ciphertext is decrypted, the decryption static data collection merga pass is called to default in the security terminal from the security terminal Decipherment algorithm, the ciphertext of the input is decrypted to obtain the plaintext of corresponding output.

In a specific embodiment of the invention, the data genaration algorithm is to generate the encryption static number for encryption respectively Calculated using the data genaration according to set and the probabilistic algorithm of the decryption static data set for decryption, and the main frame During method generates the encryption static data set and the decryption static data set, multiple random squares can be produced Battle array.

In a specific embodiment of the invention, calculate in the data genaration algorithm, the AES and the decryption Also include in the running of method：Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For The set of entirety (xy) × (xy) binary matrixs,For the set of all x positions to x positions dijection,It is all x positions to x positions The set of dijection；And r ∈ { 0, L, N-1 } are made, wherein N is wheel number, and has i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r= (X_r,y,L,X_r,0), Y_r=(Y_r,y,L,Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i has H_i, And haveWherein, ∈_$Represent the uniform element chosen from set；For each i,J=0, L, 2y-1, and Λ ' i are dijection of the 2xy position to 2xy positions so that Λ_i′_,=Λ '_{I, 2y-1}PL PΛ′_{I, 0}, wherein P represents two Mapping is abreast acted on.

In a specific embodiment of the invention, orderWherein L_iIt it is i-th piece from right to left, L is a random matrix, and is closed In the formula expression of L it is：

L=[L_y-1 L L₀]； (11)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (12)

I-th T-box, i.e. T for making r take turns_i, the T_iFor a look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2 )^2·x·y, T_iDefinition expressed by equation below：

Wherein, the f in formula (3)_iExpressed by below equation：

And for each pair<j,i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF (2)^x×GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

Wherein, x₀,x₁∈GF(2)^xAnd

In a specific embodiment of the invention, the security terminal is a back-end server, work station or is the place Main frame in security context.

For achieving the above object and other related purposes, the present invention also provides a kind of safe operation system encrypted based on whitepack System, including：Static data generation module, is arranged in the main frame in security context, to make the main frame according to default Data genaration algorithm, generate respectively for encryption encryption static data set and for decryption decryption static data collection Close；Static data memory module, is arranged in the main frame, sets the encryption static data set is stored in a terminal It is standby, and the decryption static data set is stored in into a security terminal in security context；Encrypting module, is arranged at institute State in terminal unit, when the terminal unit is encrypted to the plaintext of an input, to call the encryption static data Collection merga pass defaults in the AES of the terminal unit, the plaintext of the input is encrypted corresponding defeated to obtain The ciphertext for going out；Deciphering module, is arranged in the terminal unit, to solve to the ciphertext of an input when the terminal unit When close, the decryption that the decryption static data collection merga pass defaults in the security terminal is called to calculate from the security terminal Method, is decrypted to obtain the plaintext of corresponding output to the ciphertext of the input.

In a specific embodiment of the invention, the data genaration algorithm is to generate the encryption static number for encryption respectively Calculated using the data genaration according to set and the probabilistic algorithm of the decryption static data set for decryption, and the main frame During method generates the encryption static data set and the decryption static data set, multiple random squares can be produced Battle array.

In a specific embodiment of the invention, calculate in the data genaration algorithm, the AES and the decryption Also include in the running of method：

Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For all (xy) × (xy) set of binary matrix,For the set of all x positions to x positions dijection,For the set of all x positions to x positions dijection； And r ∈ { 0, L, N-1 } are made, wherein N is wheel number, and has i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r=(X_r,y, L, X_r,0), Y_r=(Y_r,y, L, Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i has H_i,And haveWherein, ∈_$Represent the uniform element chosen from set；For each i,J=0, L, 2y-1, and Λ ' i It is dijection of the 2xy position to 2xy positions so that Λ_i′_,=Λ_i′_,2y-1PL PΛ_i′_,0, wherein P represents two mappings Abreast act on.

In a specific embodiment of the invention, orderWherein L_iIt it is i-th piece from right to left, L is a random matrix, and is closed In the formula expression of L it is：

L=[L_y-1 L L₀]； (16)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (17)

I-th T-box, i.e. T for making r take turns_i, the T_iFor a look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2 )^2·x·y, T_iDefinition expressed by equation below：

Wherein, the f in formula (3)_iExpressed by below equation：

And for each pair<j,i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF (2)^x×GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

Wherein, x₀,x₁∈GF(2)^xAnd

In a specific embodiment of the invention, the security terminal is a back-end server, work station or is the place Main frame in security context.

As described above, the method for safe operation encrypted based on whitepack and system of the present invention, using a series of static datas Corresponding AES and decipherment algorithm are matched as fixed input, the present invention can realize the safe operation of lightweight, and The present invention has less static data volume and higher operational efficiency, and can cause in the limited white-box attack of computing resource Of a relatively high cryptographic security is obtained in environment.

Description of the drawings

Fig. 1 is shown as illustrating based on the method for safe operation flow process in one embodiment that whitepack is encrypted for the present invention Figure.

Fig. 2 is shown as the T in a specific embodiment of the present invention_iStructural representation.

Fig. 3 is shown as the T in a specific embodiment of the present invention_iStructural representation.

Fig. 4 is shown as the internal structure of the hidden adder in a specific embodiment of the present invention and which is encrypted in whitepack Contact schematic diagram in journey.

Fig. 5 is shown as the algorithm flow schematic diagram of r wheel encryptions in a specific embodiment of the present invention.

Fig. 6 is shown as illustrating based on the safe operation system module in one embodiment that whitepack is encrypted for the present invention Figure.

Component label instructions

10 method for safe operation encrypted based on whitepack

11～13 method and steps

20 safe operation systems encrypted based on whitepack

21 static data generation modules

22 static data memory modules

23 encrypting modules

24 deciphering modules

Specific embodiment

Embodiments of the present invention are illustrated below by way of specific instantiation, those skilled in the art can be by this specification Disclosed content understands other advantages and effect of the present invention easily.The present invention can also pass through concrete realities different in addition The mode of applying is carried out or applies, the every details in this specification can also based on different viewpoints with application, without departing from Various modifications and changes are carried out under the spirit of the present invention.It should be noted that, in the case where not conflicting, following examples and enforcement Feature in example can be mutually combined.

It should be noted that the diagram provided in following examples only illustrates the basic structure of the present invention in a schematic way Think, the component relevant with the present invention is only shown in illustrating then rather than according to component count during actual enforcement, shape and size Draw, which is actual when the implementing kenel of each component, quantity and ratio can be a kind of random change, and its assembly layout kenel It is likely more complexity.

In order that the narration of the present invention it is more detailed with it is complete, can refer to the various embodiments of accompanying drawing and described below.But There is provided embodiment simultaneously is not used to limit the scope covered by the present invention；The description of step is also not used to limit the suitable of its execution Sequence, it is any by reconfiguring, it is produced with it is equal the effects such as device, be all the scope covered by the present invention.

In embodiment and claim, unless for article has been particularly limited in interior text, otherwise " one " with " Should " single or a plurality of can be referred to.It will be further appreciated that, "comprising" used herein, " including ", " having " and Similar vocabulary, indicates feature described in which, region, integer, step, operation and/or component, but is not excluded for extra one Or multiple further features, region, integer, step, operation, component, and/or group wherein.

Fig. 1 is referred to, the method for safe operation encrypted based on whitepack of the present invention is shown as in one embodiment Schematic flow sheet.Methods described 10 includes：

11：Main frame of the order in security context generates adding for encryption respectively according to default data genaration algorithm Close static data set and the decryption static data set for decryption；

12：The encryption static data set is stored in into a terminal unit, and the decryption static data set is deposited It is stored in a security terminal in security context；

13：When the terminal unit is encrypted to the plaintext of an input, the encryption static data collection is called to merge By the AES for defaulting in the terminal unit, the plaintext of the input is encrypted to obtain the close of corresponding output Text；When the terminal unit is decrypted to the ciphertext of an input, the decryption static data is called from the security terminal Collection merga pass defaults in the decipherment algorithm of the security terminal, the ciphertext of the input is decrypted corresponding defeated to obtain The plaintext for going out.

In a specific embodiment of the invention, the data genaration algorithm is to generate the encryption static number for encryption respectively Calculated using the data genaration according to set and the probabilistic algorithm of the decryption static data set for decryption, and the main frame During method generates the encryption static data set and the decryption static data set, multiple random squares can be produced Battle array.

Preferably, the encryption static data set includes a look-up table, to carry out corresponding looking into according to the plaintext of input Look for, obtain corresponding ciphertext.

In a specific embodiment of the invention, calculate in the data genaration algorithm, the AES and the decryption Also include in the running of method：Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For The set of entirety (xy) × (xy) binary matrixs,For the set of all x positions to x positions dijection,It is all x positions to x positions The set of dijection；And r ∈ { 0, L, N-1 } are made, wherein N is wheel number, and has i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r= (X_r,y, L, X_r,0), Y_r=(Y_r,y, L, Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i has H_i, And haveWherein, ∈_$Represent the uniform element chosen from set；For each i,J=0, L, 2y-1, and Λ ' i are dijection of the 2xy position to 2xy positions so that Λ_i' ,=Λ_i′_,2y-1PL PΛ_i′_,0, wherein P represents two Individual mapping is abreast acted on.

In a specific embodiment of the invention, orderWherein L_iIt it is i-th piece from right to left, L is a random matrix, and is closed In the formula expression of L it is：

L=[L_y-1 L L₀]； (21)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (22)

I-th T-box, i.e. T for making r take turns_i, the T_iFor the look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2 )^2·x·y, T_iDefinition expressed by equation below：

The T is applied wherein_iStructure it is as shown in Figure 2.And when x takes 4, y and takes 8, using the T_iStructure such as Fig. 3 institutes Show.

Wherein, the f in formula (3)_iExpressed by below equation：

And for each pair<j,i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF (2)^x×GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

Wherein, x₀,x₁∈GF(2)^xAnd

Also, for each j ∈ { 0, L, 2y-1 }, F_0,jIt is relied in the hidden addition of wheelSubstitute, referring particularly to following Formula：

WhereinAnd the internal structure of hidden adder and their contact in whitepack ciphering process are in Fig. 4 Middle displaying.

In a specific embodiment of the invention, the security terminal is a back-end server, work station or is the place Main frame in security context.The terminal unit for example includes that smart mobile phone, panel computer, desktop computer or intelligence can be worn Wear equipment etc..Specifically, in actual applications, the flow process of the algorithm 1 is specially：

Note in the algorithm, TBox_iIt is one and realizes T_iLook-up table, " FBox_i,j" andIt is to realize F_i,j WithHidden adder.

(it is quiet that ciphering process needs the clear packets and data_enc of AES Enc (algorithm 2) receptions one 128 State data) as being input into and export corresponding 128 ciphertexts.

The flow process of algorithm 2 is specially：

Wherein, the component of tabular and its association, and the data flow of r wheel encryptions is referring particularly to shown in Fig. 5.

And the wheel number in the present invention can according to user need voluntarily arrange, also, the output of the first round is used as second The input of wheel continues executing with the calculating process shown in Fig. 5, with when the output of the second wheel is obtained, by the output of second wheel As the input of third round, and the wheel number of setting is performed successively, and the calculating output result of last wheel, it is this calculating Output.

, and the flow process of algorithm 3 is specially：

Decipherment algorithm (algorithm 3) is assumed to be deployed in safety (black box attack) environment, such as back-end server or work Stand.The measured block cipher (such as AES and DES) of traditional white-box attack decipherment algorithm simply uses key and extra coding Carry out decrypting ciphertext.By contrast, set forth herein decipherment algorithm it is right to match as fixed input using a series of static datas The AES answered.This is that our scheme obtains of a relatively high encryption peace in the limited white-box attack context of computing resource The key of full property.

In one embodiment, the application principle of the of the invention method for safe operation 10 encrypted based on whitepack is：

During system initialization, generated using DataGen (algorithm 1) on the main frame of safety and be respectively used to encrypt and decrypt two Individual static data set data_enc and data_dec (replacing the key in conventional symmetrical encryption system)；The static state that decryption is used Data acquisition system data_dec is stored in safe decrypting end, and encrypting that the static data set data_enc for using is stored in may be On terminal unit used in white-box attack context；During encryption, Enc (algorithm 2) is called on the terminal device, using data_enc As parameter, plaintext is encrypted and obtains ciphertext；During decryption, Dec (algorithm 3) is called on main frame, using data_dec As parameter, ciphertext is decrypted and is recovered in plain text.

Fig. 6 is further regarded to, the safe operation system 20 encrypted based on whitepack of the present invention is shown as, including：

Static data generation module 21, is arranged in the main frame in security context, to make the main frame according to pre- If data genaration algorithm, generate respectively for encryption encryption static data set and for decryption decryption static data Set；

Static data memory module 22, is arranged in the main frame, the encryption static data set to be stored in One terminal unit, and the decryption static data set is stored in into a security terminal in security context；

Encrypting module 23, is arranged in the terminal unit, to carry out to the plaintext of an input when the terminal unit During encryption, the encryption static data collection merga pass is called to default in the AES of the terminal unit, to the input Plaintext be encrypted to obtain the ciphertext of corresponding output；

Deciphering module 24, is arranged in the terminal unit, to carry out to the ciphertext of an input when the terminal unit During decryption, the decryption that the decryption static data collection merga pass defaults in the security terminal is called to calculate from the security terminal Method, is decrypted to obtain the plaintext of corresponding output to the ciphertext of the input.

In a specific embodiment of the invention, the data genaration algorithm is to generate the encryption static number for encryption respectively Calculated using the data genaration according to set and the probabilistic algorithm of the decryption static data set for decryption, and the main frame During method generates the encryption static data set and the decryption static data set, multiple random squares can be produced Battle array.

In a specific embodiment of the invention, calculate in the data genaration algorithm, the AES and the decryption Also include in the running of method：

Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For all (xy) × (xy) set of binary matrix,For the set of all x positions to x positions dijection,For the set of all x positions to x positions dijection； And r ∈ { 0, L, N-1 } are made, wherein N is wheel number, and has i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r=(X_r,y,L, X_r,0), Y_r=(Y_r,y, L, Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i has H_i,And haveWherein, ∈_$Represent the uniform element chosen from set；For each i,J=0, L, 2y-1, and Λ ' i It is dijection of the 2xy position to 2xy positions so that Λ_i′_,=Λ_i′_,2y-1PL PΛ′_i,0, wherein P represents two mappings Abreast act on.

In a specific embodiment of the invention, orderWherein L_iIt it is i-th piece from right to left, L is a random matrix, and is closed In the formula expression of L it is：

L=[L_y-1 L L₀]； (27)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (28)

I-th T-box, i.e. T for making r take turns_i, the T_iFor the look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2 )^2·x·y, T_iDefinition expressed by equation below：

Wherein, the f in formula (3)_iExpressed by below equation：

And for each pair ＜ j, i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF (2)^x×GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

Wherein, x₀,x₁∈GF(2)^xAnd

In a specific embodiment of the invention, the security terminal is a back-end server, work station or is the place Main frame in security context.

It is described based on whitepack encrypt safe operation system 20 be and it is described based on whitepack encrypt method for safe operation 10 Corresponding system entries, the description of all about method for safe operation 10 encrypted based on whitepack can be applicable to the present embodiment In, here is not added with repeating.

In sum, the of the invention method for safe operation encrypted based on whitepack and system, using a series of static datas Corresponding AES and decipherment algorithm are matched as fixed input, the present invention can realize the safe operation of lightweight, and The present invention has less static data volume and higher operational efficiency, and can cause in the limited white-box attack of computing resource Of a relatively high cryptographic security is obtained in environment.So, the present invention effectively overcomes various shortcoming of the prior art and has High industrial utilization.

The principle and its effect of above-described embodiment only illustrative present invention, it is of the invention not for limiting.It is any ripe The personage for knowing this technology all can carry out modifications and changes to above-described embodiment under the spirit and the scope without prejudice to the present invention.Cause This, those of ordinary skill in the art is complete with institute under technological thought without departing from disclosed spirit such as Into all equivalent modifications or change, should by the present invention claim be covered.

Claims (10)

1. it is a kind of based on whitepack encrypt method for safe operation, it is characterised in that include：

Main frame of the order in security context generates the encryption static number for encryption respectively according to default data genaration algorithm According to set and the decryption static data set for decryption；

The encryption static data set is stored in into a terminal unit, and the decryption static data set is stored at one Security terminal in security context；

When the terminal unit is encrypted to the plaintext of an input, the encryption static data collection merga pass is called to preset In the AES of the terminal unit, the plaintext of the input is encrypted to obtain the ciphertext of corresponding output；

When the terminal unit is decrypted to the ciphertext of an input, the decryption static data is called from the security terminal Collection merga pass defaults in the decipherment algorithm of the security terminal, the ciphertext of the input is decrypted corresponding defeated to obtain The plaintext for going out.

2. it is according to claim 1 based on whitepack encrypt method for safe operation, it is characterised in that：The data genaration is calculated Method is to generate the probability calculation of the encryption static data set for encryption and the decryption static data set for decryption respectively Method, and the main frame is generating the encryption static data set and the decryption static number using the data genaration algorithm During according to set, multiple random matrixes can be produced.

3. it is according to claim 1 based on whitepack encrypt method for safe operation, it is characterised in that：In the data genaration Also include in the running of algorithm, the AES and the decipherment algorithm：

Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For entirety (xy) × (xy) The set of binary matrix,For the set of all x positions to x positions dijection,For the set of all x positions to x positions dijection；And make r ∈ { 0, L, N-1 }, wherein N are wheel number, and have i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r=(X_r,y,L,X_r,0), Y_r= (Y_r,y,L,Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i hasAnd haveWherein, ∈_$Represent the uniform element chosen from set；For each i,And Λ '_iIt is a 2xy Dijection of the position to 2xy positions so that Λ '_i,=Λ '_i,2y-1PL PΛ′_i,0, wherein P represents that two mappings are abreast acted on.

4. it is according to claim 3 based on whitepack encrypt method for safe operation, it is characterised in that：OrderWherein L_iIt is I-th piece from right to left, L is a random matrix, and the formula expression with regard to L is：

L=[L_y-1 L L₀]； (1)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (2)

I-th T-box, i.e. T for making r take turns_i, the T_iFor a look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2)^2·x·y, T_i Definition expressed by equation below：

$T_i(X_{r,i},Y_{r,i})={\mathrm{\&Lambda;}}_i^{\&prime;}\left(\begin{array}{c}(\left(L_i\&CenterDot;H_i\left(X_{r,i}\right)\right)\&CirclePlus;f_i\left(X_{r,i},Y_{r,i}\right))\\ P(\left(L_i\&CenterDot;G_i\left(Y_{r,i}\right)\right)\&CirclePlus;f_i\left(X_{r,i},Y_{r,i}\right))\end{array}\right),---\left(3\right)$

Wherein, the f in formula (3)_iExpressed by below equation：

$f_i(X_{r,i},Y_{r,i})={\mathrm{\&Delta;}}_i\&CenterDot;{\mathrm{\&theta;}}_i\left(H_i\right(X_{r,i})\&CirclePlus;G_i(Y_{r,i}\left)\right);---\left(4\right)$

And for each pair<j,i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF(2)^x× GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

$F_{i,j}(x_0,x_1)=\left\{\begin{array}{ccc}{\mathrm{\&Lambda;}}_{y-1,j}\left({\left({\mathrm{\&Lambda;}}_{y,j}^{\&prime;}\right)}^{-1}\right(x_0)\&CirclePlus;{\left({\mathrm{\&Lambda;}}_{y-1,j}^{\&prime;}\right)}^{-1}(x_1\left)\right),& if& i=y-2,\\ {\mathrm{\&Lambda;}}_{i,j}\left({\left({\mathrm{\&Lambda;}}_{i+1,j}\right)}^{-1}\right(x_0)\&CirclePlus;{\left({\mathrm{\&Lambda;}}_{i,j}^{\&prime;}\right)}^{-1}(x_1\left)\right),& if& i<y-2,\end{array}\right.---\left(5\right)$

Wherein, x₀,x₁∈GF(2)^xAnd

5. it is according to claim 1 based on whitepack encrypt method for safe operation, it is characterised in that：The security terminal is One back-end server, work station or for the main frame in security context.

6. it is a kind of based on whitepack encrypt safe operation system, it is characterised in that include：

Static data generation module, is arranged in the main frame in security context, to make the main frame according to default number According to generating algorithm, the encryption static data set and the decryption static data set for decryption for encryption is generated respectively；

Static data memory module, is arranged in the main frame, the encryption static data set is stored in a terminal Equipment, and the decryption static data set is stored in into a security terminal in security context；

Encrypting module, is arranged in the terminal unit, to when the terminal unit to one input plaintext be encrypted when, Call the encryption static data collection merga pass to default in the AES of the terminal unit, the plaintext of the input is entered Row is encrypted to obtain the ciphertext of corresponding output；

Deciphering module, is arranged in the terminal unit, to when the terminal unit to one input ciphertext be decrypted when, The decryption static data collection merga pass is called to default in the decipherment algorithm of the security terminal from the security terminal, to institute The ciphertext for stating input is decrypted to obtain the plaintext of corresponding output.

7. it is according to claim 6 based on whitepack encrypt safe operation system, it is characterised in that：The data genaration is calculated Method is to generate the probability calculation of the encryption static data set for encryption and the decryption static data set for decryption respectively Method, and the main frame is generating the encryption static data set and the decryption static number using the data genaration algorithm During according to set, multiple random matrixes can be produced.

8. it is according to claim 6 based on whitepack encrypt safe operation system, it is characterised in that：In the data genaration Also include in the running of algorithm, the AES and the decipherment algorithm：

Make x, y ∈ Z⁺,For the set of entirety (xy) × (xy) reversible binary matrixes,For entirety (xy) × (xy) The set of binary matrix,For the set of all x positions to x positions dijection,For the set of all x positions to x positions dijection；And make r ∈ { 0, L, N-1 }, wherein N are wheel number, and have i ∈ { 0, L, y-1 }；Make X_r,Y_r∈GF(2)^x·y, X_r=(X_r,y,L,X_r,0), Y_r= (Y_r,y,L,Y_r,0), wherein for each i, X_r,i,Y_r,i∈GF(2)^x；For each i hasAnd haveWherein, ∈_$Represent the uniform element chosen from set；For each i,And Λ '_iIt is a 2xy Dijection of the position to 2xy positions so that Λ '_i,=Λ '_i,2y-1PL PΛ′_i,0, wherein P represents that two mappings are abreast acted on.

9. it is according to claim 8 based on whitepack encrypt safe operation system, it is characterised in that：OrderWherein L_iIt is I-th piece from right to left, L is a random matrix, and the formula expression with regard to L is：

L=[L_y-1 L L₀]； (6)

And makeWherein Δ_iIt it is i-th piece from right to left, Δ is a random matrix, and the formula of Δ is expressed as：

Δ=[Δ_y-1 L Δ₀]； (7)

I-th T-box, i.e. T for making r take turns_i, the T_iFor a look-up table, and T_i:GF(2)^x×GF(2)^x→GF(2)^2·x·y, T_i Definition expressed by equation below：

$T_i(X_{r,i},Y_{r,i})={\mathrm{\&Lambda;}}_i^{\&prime;}\left(\begin{array}{c}(\left(L_i\&CenterDot;H_i\left(X_{r,i}\right)\right)\&CirclePlus;f_i\left(X_{r,i},Y_{r,i}\right))\\ P(\left(L_i\&CenterDot;G_i\left(Y_{r,i}\right)\right)\&CirclePlus;f_i\left(X_{r,i},Y_{r,i}\right))\end{array}\right),---\left(8\right)$

Wherein, the f in formula (3)_iExpressed by below equation：

$f_i(X_{r,i},Y_{r,i})={\mathrm{\&Delta;}}_i\&CenterDot;{\mathrm{\&theta;}}_i\left(H_i\right(X_{r,i})\&CirclePlus;G_i(Y_{r,i}\left)\right);---\left(9\right)$

And for each pair<j,i>, wherein j ∈ { 0, K, 2y-1 }, i ∈ { 1, L, y-2 } make F by below equation_i,j:GF(2)^x× GF(2)^x→GF(2)^xFor hidden safe adder masked secure adder：

$F_{i,j}(x_0,x_1)=\left\{\begin{array}{ccc}{\mathrm{\&Lambda;}}_{y-1,j}\left({\left({\mathrm{\&Lambda;}}_{y,j}^{\&prime;}\right)}^{-1}\right(x_0)\&CirclePlus;{\left({\mathrm{\&Lambda;}}_{y-1,j}^{\&prime;}\right)}^{-1}(x_1\left)\right),& if& i=y-2,\\ {\mathrm{\&Lambda;}}_{i,j}\left({\left({\mathrm{\&Lambda;}}_{i+1,j}\right)}^{-1}\right(x_0)\&CirclePlus;{\left({\mathrm{\&Lambda;}}_{i,j}^{\&prime;}\right)}^{-1}(x_1\left)\right),& if& i<y-2,\end{array}\right.---\left(10\right)$

Wherein, x₀,x₁∈GF(2)^xAnd

10. it is according to claim 6 based on whitepack encrypt safe operation system, it is characterised in that：The security terminal For a back-end server, work station or for the main frame in security context.