CN106982115A - The synchronous method and system of a kind of block cipher mode - Google Patents

The synchronous method and system of a kind of block cipher mode Download PDF

Info

Publication number
CN106982115A
CN106982115A CN201710204019.1A CN201710204019A CN106982115A CN 106982115 A CN106982115 A CN 106982115A CN 201710204019 A CN201710204019 A CN 201710204019A CN 106982115 A CN106982115 A CN 106982115A
Authority
CN
China
Prior art keywords
message
ciphertext
communication
recipient
initial vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710204019.1A
Other languages
Chinese (zh)
Other versions
CN106982115B (en
Inventor
李婷
刘强
李若寒
张小亮
朱书杉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue Numerical Control Electronics Co Ltd
Original Assignee
Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue Numerical Control Electronics Co Ltd filed Critical Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority to CN201710204019.1A priority Critical patent/CN106982115B/en
Publication of CN106982115A publication Critical patent/CN106982115A/en
Application granted granted Critical
Publication of CN106982115B publication Critical patent/CN106982115B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The present invention provides a kind of synchronous method of block cipher mode, includes the sender and recipient of communication, and comprise the following steps:Sender judges whether that needs are authenticated communication, if, sender sets the message number NUM that certification communicates, and simultaneously hash calculates to form new initial vector IV and storage by message number NUM and identity splicing, if not, need the message data sent to carry out block encryption sender with initial vector IV and working key, form message ciphertext.Sender sets IV sync bits, and IV sync bits, message number NUM, message ciphertext and message checking value, which are assembled, to be formed needs the ciphertext transmitted written;Transmit ciphertext written, while message number NUM is updated, and one section of initial vector IV as communication next time in interception and stored messages ciphertext.The synchronous method for the block cipher mode that the present invention is provided has advantages below:Substantially reduce the length of encrypted message, it is to avoid the problem of the pressure of the length of increase message and the communication resource.

Description

The synchronous method and system of a kind of block cipher mode
Technical field
The present invention relates to coded communication field, and in particular to the synchronous method and system of a kind of block cipher mode.
Background technology
Block cipher mode generally can be divided into electronic codebook mode (Electronic Code Book, ECB), password packet Link (Cipher Book Chaining, CBC), cipher feedback (Cipher-Feedback, CFB), output feedback (Output- Feedback, OFB) and other patterns such as block chaining (Block Chaining, BC).To reach the different close encryption effects of identical text Really, except ecb mode, other patterns cause message only using initialization vector (Initialization Vector, IV) One changes.After initialization vector IV, identical message can be encrypted to different cipher-text messages, so, can be to prevent Only listener-in is attacked using message-replay.
Under normal conditions, initialization vector IV need not maintain secrecy, and be transmitted with plaintext version together with ciphertext.In communication money Source is in short supply, and communication frequency it is higher when, if the mode for taking initialization vector IV to be transmitted together with cipher-text information can increase greatly Plus the length of message, increase the pressure of the communication resource, and can increase error rate when using artificial transmission means.
The content of the invention
For the above-mentioned length taken initialization vector IV to be transmitted together with cipher-text information in the prior art, add message The problem of pressure of degree and the communication resource, it is an object of the invention to provide a kind of synchronous method of block cipher mode and it is System.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of synchronous method of block cipher mode, includes the sender and recipient of communication, every time sender during communication Or recipient understands in intercept communication information that a part is as initial vector IV, sender comprises the following steps in communication:
S100:Sender judges whether that needs are authenticated communication, if so, representing the initial vector of last communication intercept IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial vector of last communication intercept IV can use, and carry out step S120;
S110:Sender sets the message number NUM that certification communicates, and message number NUM and identity are spliced and hash Calculating forms new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with initial vector IV and working key Into message ciphertext;
S130:Sender sets IV sync bits, and IV sync bits, message number NUM, message ciphertext and message checking value are assembled Being formed needs the ciphertext transmitted written;
S140:Ciphertext is transmitted written, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext It is used as the initial vector IV of communication next time.
Further, recipient comprises the following steps in communication:
S200:It is written that recipient receives the ciphertext that sender sends, and detects IV sync bits, judges whether to need certification to lead to Letter, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:Message number NUM during recipient's reading ciphertext is written, by message number NUM and identity splicing and hash Calculating obtains new initial vector IV0
S220:Message ciphertext of the ciphertext received in written is grouped by recipient with initial vector IV and working key Decryption, obtains message data;
S230:The one piece of data that recipient is updated in message number NUM, and interception and stored messages ciphertext communicates as next time Initial vector IV.
Further, in step S220, recipient is obtained after message data, verifies message checking value.
Further, message checking value is the cryptographic Hash of message data;The step of checking message checking value is first to solve secret report Literary ciphertext obtains message data, calculates the cryptographic Hash of message data, the calculated value is compared with message checking value, if comparing into Work(, is verified.
Further, message number NUM is integer;And/or updating message number NUM is added deduct by the way that message number NUM is increased Few arbitrary integer.
Further, in step S130, the written middle IV sync bits of ciphertext, message number NUM and the message checking value assembled For in plain text.
A kind of synchronization system of block cipher mode, including sending method, device and recipient's device for communication, it is special Levy and be, every time during communication sending method, device or recipient's device can in intercept communication information a part as initial vector IV, Sending method, device is used to perform following steps in communication:
S100:Sending method, device judges whether that needs are authenticated communication, if so, representing the initial of last communication intercept Vectorial IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial of last communication intercept Vectorial IV can use, and carry out step S120;
S110:Sending method, device sets the message number NUM that certification communicates, and message number NUM and identity are spliced simultaneously Hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with initial vector IV and working key Into message ciphertext;
S130:Sending method, device sets IV sync bits, by IV sync bits, message number NUM, message ciphertext and message checking value Assembling, which is formed, needs the ciphertext transmitted written;
S140:Ciphertext is transmitted written, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext It is used as the initial vector IV of communication next time.
Further, recipient's device is used to perform following steps in communication:
S200:It is written that recipient's device receives the ciphertext that sending method, device sends, and detects IV sync bits, judges whether needs Certification communicates, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:Message number NUM during recipient's device reading ciphertext is written, message number NUM and identity are spliced simultaneously Hash calculates and obtains new initial vector IV0
S220:Recipient's device is carried out message ciphertext of the ciphertext received in written with initial vector IV and working key Packet deciphering, obtains message data;
S230:The one piece of data that recipient's device is updated in message number NUM, and interception and stored messages ciphertext is used as next time The initial vector IV of communication.
The present invention is by above technical scheme, and the advantageous effects resulted in are:
(1) replace initial vector IV with message transmissions by using IV sync bits and message number NUM, substantially reduce encryption The length of message, it is to avoid the problem of the pressure of the length of increase message and the communication resource, it is adaptable to which the communication resource is nervous, communication Frequently environment, decreases the error rate of artificial operation transmission;
(2) check value is transmitted while transmitting message, it is ensured that the accuracy of transmission information;
(3) increase or decrease arbitrary integer to be updated NUM by NUM, be more convenient to safeguard.
Certainly, implementing any product of the present invention must be not necessarily required to while reaching all the above technique effect.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the present invention, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 be the embodiment of the present invention described in block cipher mode synchronous method and system sender flow chart;
Fig. 2 is the synchronous method of block cipher mode and the sender of system and recipient described in the embodiment of the present invention Flow chart.
Embodiment
Some vocabulary have such as been used to censure specific components among specification and claim.Those skilled in the art should It is understood that hardware manufacturer may call same component with different nouns.This specification and claims are not with name The difference of title is used as the mode for distinguishing component, but is used as the criterion of differentiation with the difference of component functionally.Such as logical The " comprising " of piece specification and claim mentioned in is an open language, therefore should be construed to " including but do not limit In ".Specification subsequent descriptions for implement the present invention better embodiment, so it is described description be with illustrate the present invention general original For the purpose of then, the scope of the present invention is not limited to.Protection scope of the present invention when regard the appended claims person of defining as It is accurate.
Embodiment 1
As shown in figure 1, the present embodiment provide a kind of block cipher mode synchronous method, including communication sender with Recipient, sender understands in intercept communication information that a part is as initial vector IV during communication every time, and sender includes in communication Following steps:First, sender judges whether that needs are authenticated communication, if so, represent last communication intercept it is initial to Measure IV unavailable, i.e., situations such as decryption failure, message dropping caused by transmission problem, or this communication is communicates for the first time, The message number NUM for first setting certification to communicate, and by message number NUM and identity splice and hash calculate to be formed it is new it is initial to Measure IV0And store, identity here is that sender and recipient's joint consultation are assert and unique, then with initially to Measure IV0Need the message data sent to carry out block encryption sender with working key, form message ciphertext, work here Key is that sender and recipient's joint consultation are assert;Meanwhile, sender sets IV sync bits, and by IV sync bits, message Number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, wherein, during the ciphertext that assembles is written IV sync bits, message number NUM and message checking value is in plain text, and the checking for other information or functional requirement, ciphertext into Other information, such as the identification information of recipient etc. can also be assembled into text;Next, transmission ciphertext is written to reception Side, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext as the initial vector of communication next time IV, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
If sender judges whether that needs are authenticated communication, it is judged as NO, represents the initial of last communication intercept Vectorial IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept, with first Sender is needed the message data sent to carry out block encryption by beginning vector IV and working key, forms message ciphertext, here Working key is that sender and recipient's joint consultation are assert;Meanwhile, sender set IV sync bits, and by IV sync bits, Message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and testing for other information Card or functional requirement, can also be assembled into other information, such as the identification information of recipient etc. during ciphertext is written;Next, Transmit ciphertext it is written give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data under The initial vector IV of secondary communication, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections, Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two Plant the combination of above state.Sender and recipient's independent maintenance are by having consulted the initial vector IV and message number that method is obtained NUM.Initial vector IV is just carried out in first time communication or when decryption failure, message dropping caused by transmission problem Synchronous certification communication.Initial vector IV is used for the encryption of communication data.All communication messages are encrypted state.
A kind of a kind of synchronous method for block cipher mode that the present invention is provided, it is proposed that random life by initial vector IV The mode by data message related to communicating pair message number NUM by conversion generation is substituted for into mode;In communication process In, the method for initial vector IV is replaced using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just The byte number that beginning vector IV is accounted for.Such a method can both save the communication resource, shorten the length of message, again can be in initial vector IV does not influence normal data transfer when synchronous, meanwhile, initial initial vector IV is generated using hash algorithm, it is ensured that it is initial to IV complexity is measured, the requirement of the communication resource and block encryption is met.
Embodiment 2
As shown in Fig. 2 the present embodiment provide a kind of block cipher mode synchronous method, including communication sender with Recipient, sender and recipient understand a part in intercept communication information and, as initial vector IV, sent out in communication when communicating every time The side of sending comprises the following steps:First, sender judges whether that needs are authenticated communication, if so, representing last communication intercept Initial vector IV it is unavailable, i.e., because caused by transmission problem decryption failure, message dropping situations such as, or this communication be first Secondary communication, the message number NUM for first setting certification to communicate, and simultaneously hash calculates to form new by message number NUM and identity splicing Initial vector IV0And store, identity here is that sender and recipient's joint consultation are assert and unique, then Use initial vector IV0Need the message data sent to carry out block encryption sender with working key, form message ciphertext, this In working key be that sender and recipient's joint consultation are assert;Meanwhile, sender sets IV sync bits, and by IV0Together Step, message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, wherein, what is assembled is close The written middle IV sync bits of text, message number NUM and message checking value are plaintext, and the checking for other information or function need Ask, other information, such as the identification information of recipient etc. can also be assembled into during ciphertext is written;Next, transmission ciphertext into Text give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data be used as next time communication just Begin vector IV, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
If sender judges whether that needs are authenticated communication, it is judged as NO, represents the initial of last communication intercept Vectorial IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept, with first Sender is needed the message data sent to carry out block encryption by beginning vector IV and working key, forms message ciphertext, here Working key is that sender and recipient's joint consultation are assert;Meanwhile, sender set IV sync bits, and by IV sync bits, Message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and testing for other information Card or functional requirement, can also be assembled into other information, such as the identification information of recipient etc. during ciphertext is written;Next, Transmit ciphertext it is written give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data under The initial vector IV of secondary communication, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
Recipient comprises the following steps in communication:First, recipient receives that the ciphertext that sender sends is written, and parsing is obtained And IV sync bits are detected, judge whether to need certification to communicate, if so, decryption failure, message dropping i.e. caused by transmission problem Situations such as need synchronous certification communication, or this communication to communicate for the first time, recipient read ciphertext it is written in message number Message number NUM and both sides are known the identity splicing specified and hash calculate and obtains initial vector IV by NUM0, recipient's use Initial vector IV0Message ciphertext progress packet deciphering of the working key of agreement by the ciphertext received in written is cooperateed with both sides, Obtain message data, here recipient receive ciphertext that sender sends it is written after message number NUM and both sides are known what is specified Simultaneously hash calculating obtains initial vector IV for identity splicing0Mode or method and sender by message number NUM and identity mark Know splicing and hash calculates to form new initial vector IV0Mode or method it is consistent so that recipient is with same method energy Generate the initial vector IV of sender's generation0, and specifically generate initial vector IV0Method or mode be sender and reception What square offered was determined;The one piece of data that recipient is updated in message number NUM, and interception and stored messages ciphertext is used as next time The initial vector IV of communication, the position of intercepting message is that sender and recipient's offered are appointed.
If detect IV sync bits, judge not needing certification communication, recipient uses the initial vector of last communication storage Message ciphertext of the ciphertext received in written is carried out packet deciphering by IV and the working key of both sides' collaboration agreement, obtains message number According to;Recipient updates the one piece of data in message number NUM, and interception and stored messages ciphertext as the initial vector of communication next time IV, the position of intercepting message is that sender and recipient's offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections, Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Further, recipient is obtained after message data, verifies message checking value.Message checking value is the Kazakhstan of message data Uncommon value;The step of verifying message checking value obtains message data for first decrypted message ciphertext, calculates the cryptographic Hash of message data, will The calculated value is compared with message checking value, if comparing successfully, is verified.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two Plant the combination of above state.Sender and recipient's independent maintenance are by having consulted the initial vector IV and message number that method is obtained NUM.Sender and recipient need not individually carry out state synchronized certification communication, need to only be determined whether to carry out according to IV sync bits IV is synchronous.Initial vector is just carried out in first time communication or when decryption failure, message dropping caused by transmission problem IV synchronous certification communication.Initial vector IV is used for the encryption of communication data.All communication messages are encrypted state.
A kind of a kind of synchronous method for block cipher mode that the present invention is provided, it is proposed that random life by initial vector IV The mode by data message related to communicating pair message number NUM by conversion generation is substituted for into mode;In communication process In, the method for initial vector IV is replaced using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just The byte number that beginning vector IV is accounted for.Such a method can both save the communication resource, shorten the length of message, again can be in initial vector IV does not influence normal data transfer when synchronous, meanwhile, initial initial vector IV is generated using hash algorithm, it is ensured that it is initial to IV complexity is measured, the requirement of the communication resource and block encryption is met;Message number NUM is updated after communication, it is ensured that identical Sender, recipient per subsynchronous certification communication when, initial vector IV is different;Sender, the unique identity of recipient Mark ensures different senders, recipient when synchronous certification communicates, and initial vector IV is different.
Communication means is described as follows sender first with recipient:
First, sender judges that needs are authenticated communication, first sets the message number NUM of certification communication initial value NUM0, and by message number NUM0Splice with identity and hash calculates the initial value IV to form new initial vector IV0And deposit Storage, then uses initial vector IV0Need the message data sent to carry out block encryption sender with working key, form message Ciphertext;Meanwhile, sender sets IV sync bits to need synchronous certification communications status, and by IV sync bits, message number NUM0, report Literary ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and the checking for other information or function need Ask, other information, such as the identification information of recipient etc. can also be assembled into during ciphertext is written;Next, transmission ciphertext into Text gives recipient, while updating message number NUM0For message number NUM1, and the one piece of data conduct in interception and stored messages ciphertext The initial vector IV of communication next time1
Recipient receives that the ciphertext that sender sends is written, and parsing obtains and simultaneously detects IV sync bits, and judgement needs certification to lead to Letter, the message number NUM during recipient's reading ciphertext is written0, by message number NUM0Know the identity splicing specified simultaneously with both sides Hash calculates and obtains initial vector IV0, recipient's initial vector IV0Cooperate with the working key of agreement close by what is received with both sides Message ciphertext during text is written carries out packet deciphering, obtains message data;Recipient is obtained after message data, verifies message checking Value;Recipient updates message number NUM0For message number NUM1, and the one piece of data in interception and stored messages ciphertext is logical as next time The initial vector IV of letter1
Sender is described as follows with recipient's proper communication method:
Sender judges that communication need not be authenticated, with the initial vector IV of last communication interceptnAnd working key Need the message data sent to carry out block encryption sender, form message ciphertext;Meanwhile, sender's setting IV sync bits are It need not be authenticated communications status, and by IV sync bits, message number NUMm, message ciphertext and message checking value assemble to be formed and need The ciphertext to be transmitted is written, and the checking for other information or functional requirement, and other can also be assembled into during ciphertext is written Information, such as the identification information of recipient etc.;Next, transmission ciphertext is written to give recipient, while updating message number NUMm For message number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector IVn+1
Recipient, which parses to obtain, simultaneously detects that IV sync bits judge not needing certification communication, and recipient uses last communication storage Initial vector IVnMessage ciphertext progress packet solution of the working key of agreement by the ciphertext received in written is cooperateed with both sides It is close, obtain message data;Recipient is obtained after message data, verifies message checking value;Recipient updates message number NUMmFor report Literary number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector IVn+1
Embodiment 3
A kind of synchronization system of block cipher mode provided in an embodiment of the present invention, including the sending method, device for communication With recipient's device, and adopt with the following method:
Every time during communication sending method, device and recipient's device can in intercept communication information a part as initial vector IV, Sending method, device comprises the following steps in communication:First, sending method, device judges whether that needs are authenticated communication, if so, table Show that the initial vector IV of last communication intercept is unavailable, i.e., situations such as decryption failure, message dropping caused by transmission problem, Or this communication sets the message number NUM that certification communicates to communicate for the first time, first, and message number NUM and identity are spliced And hash calculates to form new initial vector IV0And store, identity here is that sending method, device and recipient's device are common Assert with negotiation and unique, then use initial vector IV0The message number for needing to send by sending method, device with working key According to block encryption is carried out, message ciphertext is formed, working key here is that sending method, device and recipient's device joint consultation are recognized Fixed;Meanwhile, sending method, device sets IV sync bits, and by IV sync bits, message number NUM, message ciphertext and message checking value Assembling, which is formed, needs the ciphertext transmitted written, wherein, the written middle IV of ciphertext assembled0Sync bit, message number NUM and message Check value is in plain text, and the checking for other information or functional requirement can also be assembled into other letters during ciphertext is written Breath, such as identification information of recipient's device etc.;Next, transmission ciphertext is written to give recipient's device, while updating message number The initial vector IV that one piece of data in NUM, and interception and stored messages ciphertext communicates as next time, wherein, intercepting message Position is that sending method, device and recipient's device offered are appointed.
If sending method, device judges whether that needs are authenticated communication, it is judged as NO, represents last communication intercept Initial vector IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept, Need the message data sent to carry out block encryption sending method, device with initial vector IV and working key, form message close Text, working key here is that sending method, device and recipient's device joint consultation are assert;Meanwhile, sending method, device sets IV Sync bit, and IV sync bits, message number NUM, message ciphertext and message checking value assembled to be formed need the ciphertext transmitted written, And checking or functional requirement for other information, can also be assembled into other information, such as recipient during ciphertext is written Identification information of device etc.;Next, transmission ciphertext is written to give recipient's device, while updating message number NUM, and intercept and deposit The one piece of data in message ciphertext is stored up as the initial vector IV of communication next time, wherein, the position of intercepting message is sender's dress Put what is appointed with recipient's device offered.
Recipient's device comprises the following steps in communication:First, recipient's device receives the ciphertext that sending method, device is sent Written, parsing obtains and detects IV sync bits, judges whether to need certification to communicate, if so, being decrypted caused by transmission problem Situations such as failure, message dropping, needs synchronous certification communication, or this communication to communicate for the first time, and recipient's device reads ciphertext Message number NUM in written, by message number NUM and both sides know the identity splicing specified and hash calculate obtain it is initial to Measure IV0, recipient's device initial vector IV0Message of the working key of agreement by the ciphertext received in written is cooperateed with both sides Ciphertext carries out packet deciphering, obtains message data, here recipient's device receive ciphertext that sending method, device sends it is written after will Message number NUM and both sides know the identity splicing specified and hash calculates and obtains initial vector IV0Mode or method with Sending method, device splices message number NUM and identity and hash calculates to form new initial vector IV0Mode or method Unanimously so that recipient's device can generate the initial vector IV that sending method, device is generated with same method0, and specifically generate Initial vector IV0Method or mode is sending method, device and recipient's device offered is determined;Recipient's device updates The initial vector IV that one piece of data in message number NUM, and interception and stored messages ciphertext communicates as next time, intercepting message Position is that sending method, device and recipient's device offered are appointed.
If detect IV sync bits, judge not needing certification communication, recipient's device is initial with last communication storage Message ciphertext of the ciphertext received in written is carried out packet deciphering by the working key of vectorial IV and both sides collaboration agreement, is reported Literary data;What the one piece of data that recipient's device updates in message number NUM, and interception and stored messages ciphertext communicated as next time Initial vector IV, the position of intercepting message is that sending method, device and recipient's device offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections, Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Further, recipient is obtained after message data, verifies message checking value.Message checking value is the Kazakhstan of message data Uncommon value;The step of verifying message checking value obtains message data for first decrypted message ciphertext, calculates the cryptographic Hash of message data, will The calculated value is compared with message checking value, if comparing successfully, is verified.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two Plant the combination of above state.Sending method, device and recipient's device independent maintenance are by having consulted the initial vector IV that method is obtained With message number NUM.Sending method, device and recipient's device need not individually carry out state synchronized certification communication, only need to be same according to IV Step determines whether to carry out IV synchronizations.In first time communication or situations such as failure, message dropping are decrypted caused by transmission problem The lower synchronous certification communication for just carrying out initial vector IV.Initial vector IV is used for the encryption of communication data.All communication messages It is encrypted state.
The synchronization system for a kind of block cipher mode that the present invention is provided, system that employs a kind of by initial vector IV Random generating mode is substituted for the mode by data message related to communicating pair message number NUM by conversion generation;Logical During letter, replace initial vector IV using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just The byte number that beginning vector IV is accounted for.Such a method that the system is used can both save the communication resource, shorten the length of message, again may be used Not influence normal data transfer when initial vector IV is synchronous, meanwhile, initial initial vector is generated using hash algorithm IV, it is ensured that the complexity of initial vector IV, meets the requirement of the communication resource and block encryption;Message number NUM is carried out after communication Update, it is ensured that identical sender, recipient are in the communication per subsynchronous certification, and initial vector IV is different;Sender, reception The unique identity in side ensures different senders, recipient when synchronous certification communicates, and initial vector IV is different.
When sending method, device communicates first with recipient's device, it is described as follows:
First, sending method, device judges that needs are authenticated communication, first sets the message number NUM of certification communication initial value NUM0, and by message number NUM0Splice with identity and hash calculates the initial value IV to form new initial vector IV0And deposit Storage, then uses initial vector IV0Need the message data sent to carry out block encryption sending method, device with working key, formed Message ciphertext;Meanwhile, sending method, device sets IV sync bits to need synchronous certification communications status, and by IV sync bits, message Number NUM0, message ciphertext and message checking value assemble to be formed needs the ciphertext transmitted written, and for the checking of other information Or functional requirement, other information, such as identification information of recipient's device etc. can also be assembled into during ciphertext is written;Connect down Come, transmission ciphertext is written to give recipient's device, while updating message number NUM0For message number NUM1, and interception and stored messages are close The initial vector IV that one piece of data in text communicates as next time1
Recipient's device receives that the ciphertext that sending method, device sends is written, and parsing, which is obtained, simultaneously detects IV sync bits, judges to need Authenticate communication, the message number NUM during recipient's device reading ciphertext is written0, by message number NUM0Know the body specified with both sides Simultaneously hash calculating obtains initial vector IV to the splicing of part mark0, recipient's device initial vector IV0The work of agreement is cooperateed with both sides Make key and message ciphertext of the ciphertext received in written is subjected to packet deciphering, obtain message data;Recipient obtains message number According to rear, message checking value is verified;Recipient's device updates message number NUM0For message number NUM1, and intercept and stored messages ciphertext In one piece of data be used as next time communication initial vector IV1
When sending method, device is with recipient's device proper communication, it is described as follows:
Sending method, device judges that communication need not be authenticated, with the initial vector IV of last communication interceptnAnd work Sending method, device is needed the message data sent to carry out block encryption by key, forms message ciphertext;Meanwhile, sending method, device is set IV sync bits are put to be authenticated communications status, and by IV sync bits, message number NUMm, message ciphertext and message checking Value assembling, which is formed, needs the ciphertext transmitted written, and the checking for other information or functional requirement, may be used also during ciphertext is written To be assembled into other information, such as identification information of recipient's device etc.;Next, transmission ciphertext is written to give recipient's dress Put, while updating message number NUMmFor message number NUMm+1, and the one piece of data in interception and stored messages ciphertext is logical as next time The initial vector IV of lettern+1
The parsing of recipient's device obtains and detects that IV sync bits judge not needing certification communication, and recipient's device is last Communicate the initial vector IV storednThe working key for cooperateing with agreement with both sides carries out message ciphertext of the ciphertext received in written Packet deciphering, obtains message data;Recipient is obtained after message data, verifies message checking value;Recipient's device updates message Number NUMmFor message number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector IVn+1
The synchronous method and system for a kind of block cipher mode that the present embodiment is provided, with advantages below:
(1) replace initial vector IV with message transmissions by using IV sync bits and message number NUM, substantially reduce encryption The length of message, it is to avoid the problem of the pressure of the length of increase message and the communication resource, it is adaptable to which the communication resource is nervous, communication Frequently environment, decreases the error rate of artificial operation transmission;
(2) check value is transmitted while transmitting message, it is ensured that the accuracy of transmission information;
(3) increase or decrease arbitrary integer to be updated NUM by NUM, be more convenient to safeguard.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described Also there is other identical element in process, method, commodity or the equipment of element.
Some embodiments of the present invention are the foregoing is only, are not intended to limit the invention.For art technology For personnel, the present invention can have various modifications and variations.All any modifications made within spirit and principles of the present invention, Equivalent substitution, improvement etc., should be included within scope of the presently claimed invention.

Claims (8)

1. a kind of synchronous method of block cipher mode, includes the sender and recipient of communication, it is characterised in that communication every time When described sender or the recipient understand in intercept communication information that a part is as initial vector IV, sender described in communication Comprise the following steps:
S100:Described sender judges whether that needs are authenticated communication, if so, representing the initial vector of last communication intercept IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial vector of last communication intercept IV can use, and carry out step S120;
S110:Described sender sets the message number NUM that certification communicates, and the message number NUM and identity are spliced simultaneously Hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with the initial vector IV and working key Into message ciphertext;
S130:Described sender sets IV sync bits, by the IV sync bits, the message number NUM, the message ciphertext and report Literary check value, which assembles to be formed, needs the ciphertext transmitted written;
S140:Transmit the ciphertext written, while updating the message number NUM, and intercept and store in the message ciphertext The initial vector IV that one piece of data communicates as next time.
2. the synchronous method of block cipher mode according to claim 1, it is characterised in that recipient described in communication wraps Include following steps:
S200:It is written that the recipient receives the ciphertext that described sender sends, and detects the IV sync bits, judges whether Certification is needed to communicate, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:The message number NUM during recipient's reading ciphertext is written, by the message number NUM and the body Simultaneously hash calculating obtains the new initial vector IV to the splicing of part mark0
S220:The recipient with the initial vector IV and the working key by the ciphertext received it is written in described in Message ciphertext carries out packet deciphering, obtains the message data;
S230:The recipient updates the message number NUM, and intercepts and store the one piece of data conduct in the message ciphertext The initial vector IV of communication next time.
3. the synchronous method of block cipher mode according to claim 2, it is characterised in that
In step S220, the recipient is obtained after the message data, verifies the message checking value.
4. the synchronous method of block cipher mode according to claim 3, it is characterised in that
The message checking value is the cryptographic Hash of the message data;
The step of verifying the message checking value obtains the message data first to decrypt the message ciphertext, calculates the message The cryptographic Hash of data, the calculated value is compared with the message checking value, if comparing successfully, is verified.
5. the synchronous method of block cipher mode according to claim 1 or 2, it is characterised in that
The message number NUM is integer;
It is by the way that the message number NUM is increased or decreased into arbitrary integer to update the message number NUM.
6. the synchronous method of block cipher mode according to claim 1, it is characterised in that
In step S130, IV sync bits, the message number NUM and message checking value described in the ciphertext that assembles is written are In plain text.
7. a kind of synchronization system of block cipher mode, including sending method, device and recipient's device, its feature for communication Be, every time during communication described sender device or recipient's device can in intercept communication information a part as it is initial to IV is measured, sending method, device described in communication is used to perform following steps:
S100:Described sender device judges whether to need to carry out the certification communication, if so, representing last communication intercept Initial vector IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing last communication intercept Initial vector IV can use, and carry out step S120;
S110:Described sender device sets the message number NUM that certification communicates, and the message number NUM and identity are spelled Connect and hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with the initial vector IV and working key Into message ciphertext;
S130:Described sender device sets IV sync bits, by the IV sync bits, the message number NUM, the message ciphertext And message checking value assemble to be formed need transmit ciphertext it is written;
S140:Transmit the ciphertext written, while updating the message number NUM, and intercept and store in the message ciphertext The initial vector IV that one piece of data communicates as next time.
8. the synchronization system of block cipher mode according to claim 7, it is characterised in that recipient described in communication fills Put for performing following steps:
S200:It is written that recipient's device receives the ciphertext that described sender device sends, and detects the IV sync bits, Judge whether to need certification to communicate, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:The message number NUM during recipient's device reading ciphertext is written, by message number NUM and the body Simultaneously hash calculating obtains the new initial vector IV to the splicing of part mark0
S220:Recipient's device with the initial vector IV and the working key by the ciphertext received it is written in The message ciphertext carries out packet deciphering, obtains the message data;
S230:Recipient's device updates the message number NUM, and intercepts and store the one piece of data in the message ciphertext It is used as the initial vector IV of communication next time.
CN201710204019.1A 2017-03-30 2017-03-30 Synchronization method and system of block cipher mode Active CN106982115B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710204019.1A CN106982115B (en) 2017-03-30 2017-03-30 Synchronization method and system of block cipher mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710204019.1A CN106982115B (en) 2017-03-30 2017-03-30 Synchronization method and system of block cipher mode

Publications (2)

Publication Number Publication Date
CN106982115A true CN106982115A (en) 2017-07-25
CN106982115B CN106982115B (en) 2020-03-17

Family

ID=59339252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710204019.1A Active CN106982115B (en) 2017-03-30 2017-03-30 Synchronization method and system of block cipher mode

Country Status (1)

Country Link
CN (1) CN106982115B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965302A (en) * 2018-07-24 2018-12-07 苏州科达科技股份有限公司 Media data transmission system, method, apparatus and storage medium
CN113347024A (en) * 2021-05-19 2021-09-03 郑州信大捷安信息技术股份有限公司 Data isolation exchange method and device based on visible light communication
CN110995612B (en) * 2019-11-25 2023-08-29 浙江中控技术股份有限公司 Message processing method, system and communication equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330513A (en) * 2008-06-26 2008-12-24 西安西电捷通无线网络通信有限公司 Method for synchronizing initiation vectors IV in an applied block cipher operation mode
CN101340280A (en) * 2008-08-22 2009-01-07 四川虹微技术有限公司 Stream cipher generator
CN102136904A (en) * 2011-03-30 2011-07-27 中国科学院软件研究所 Message discrimination method based on block cipher
CN102404111A (en) * 2011-12-28 2012-04-04 王勇 Method for encrypting in sections by using uncertain encryption algorithm
US9407437B1 (en) * 2014-03-25 2016-08-02 Amazon Technologies, Inc. Secure initialization vector generation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101330513A (en) * 2008-06-26 2008-12-24 西安西电捷通无线网络通信有限公司 Method for synchronizing initiation vectors IV in an applied block cipher operation mode
CN101340280A (en) * 2008-08-22 2009-01-07 四川虹微技术有限公司 Stream cipher generator
CN102136904A (en) * 2011-03-30 2011-07-27 中国科学院软件研究所 Message discrimination method based on block cipher
CN102404111A (en) * 2011-12-28 2012-04-04 王勇 Method for encrypting in sections by using uncertain encryption algorithm
US9407437B1 (en) * 2014-03-25 2016-08-02 Amazon Technologies, Inc. Secure initialization vector generation

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108965302A (en) * 2018-07-24 2018-12-07 苏州科达科技股份有限公司 Media data transmission system, method, apparatus and storage medium
CN108965302B (en) * 2018-07-24 2021-10-15 苏州科达科技股份有限公司 Media data transmission system, method, device and storage medium
CN110995612B (en) * 2019-11-25 2023-08-29 浙江中控技术股份有限公司 Message processing method, system and communication equipment
CN113347024A (en) * 2021-05-19 2021-09-03 郑州信大捷安信息技术股份有限公司 Data isolation exchange method and device based on visible light communication
CN113347024B (en) * 2021-05-19 2022-03-15 郑州信大捷安信息技术股份有限公司 Data isolation exchange method and device based on visible light communication

Also Published As

Publication number Publication date
CN106982115B (en) 2020-03-17

Similar Documents

Publication Publication Date Title
CN108683688B (en) Method for realizing information transmission safety based on digital envelope technology
US8788802B2 (en) Constrained cryptographic keys
CA2644015C (en) Method and apparatus for providing an adaptable security level in an electronic communication
KR100983050B1 (en) System, method and computer program product for authenticating a data agreement between network entities
CN109672539A (en) SM2 algorithm collaboration signature and decryption method, apparatus and system
US20050154896A1 (en) Data communication security arrangement and method
CN106603485A (en) Secret key negotiation method and device
CN107294937A (en) Data transmission method, client and server based on network service
CN108347419A (en) Data transmission method and device
CN103338215A (en) Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm
CN108173644A (en) Data transfer encryption method, device, storage medium, equipment and server
CA2694500A1 (en) Method and system for secure communication
KR101706117B1 (en) Apparatus and method for other portable terminal authentication in portable terminal
CN111769938B (en) Key management system and data verification system of block chain sensor
CN107094108A (en) The method for being connected to the part of data/address bus and encryption function being realized in the part
CN108141364A (en) Message authentication
CN104917807A (en) Resource transfer method, apparatus and system
CN106982115A (en) The synchronous method and system of a kind of block cipher mode
CN108206739A (en) Key generation method and device
CN100579009C (en) Method for upgrading function of creditable calculation modules
US20210227368A1 (en) Master-Slave System for Communication Over a Bluetooth Low Energy Connection
CN106330862A (en) Secure transmission method and system for dynamic password
CN110365662A (en) Business approval method and device
CN109754503A (en) Intelligent door lock method for unlocking
CN112713995A (en) Dynamic communication key distribution method and device for terminal of Internet of things

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 250104, No. 2877, fairway, Sun Town, Ji'nan hi tech Zone, Shandong

Applicant after: Shandong beyond CNC electronic Limited by Share Ltd

Address before: 250104, No. 2877, fairway, Sun Town, Ji'nan hi tech Zone, Shandong

Applicant before: Chaoyue Digital Controlling Electronic Co., Ltd., Shandong Prov.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant