CN106982115A - The synchronous method and system of a kind of block cipher mode - Google Patents
The synchronous method and system of a kind of block cipher mode Download PDFInfo
- Publication number
- CN106982115A CN106982115A CN201710204019.1A CN201710204019A CN106982115A CN 106982115 A CN106982115 A CN 106982115A CN 201710204019 A CN201710204019 A CN 201710204019A CN 106982115 A CN106982115 A CN 106982115A
- Authority
- CN
- China
- Prior art keywords
- message
- ciphertext
- communication
- recipient
- initial vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0637—Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of synchronous method of block cipher mode, includes the sender and recipient of communication, and comprise the following steps:Sender judges whether that needs are authenticated communication, if, sender sets the message number NUM that certification communicates, and simultaneously hash calculates to form new initial vector IV and storage by message number NUM and identity splicing, if not, need the message data sent to carry out block encryption sender with initial vector IV and working key, form message ciphertext.Sender sets IV sync bits, and IV sync bits, message number NUM, message ciphertext and message checking value, which are assembled, to be formed needs the ciphertext transmitted written;Transmit ciphertext written, while message number NUM is updated, and one section of initial vector IV as communication next time in interception and stored messages ciphertext.The synchronous method for the block cipher mode that the present invention is provided has advantages below:Substantially reduce the length of encrypted message, it is to avoid the problem of the pressure of the length of increase message and the communication resource.
Description
Technical field
The present invention relates to coded communication field, and in particular to the synchronous method and system of a kind of block cipher mode.
Background technology
Block cipher mode generally can be divided into electronic codebook mode (Electronic Code Book, ECB), password packet
Link (Cipher Book Chaining, CBC), cipher feedback (Cipher-Feedback, CFB), output feedback (Output-
Feedback, OFB) and other patterns such as block chaining (Block Chaining, BC).To reach the different close encryption effects of identical text
Really, except ecb mode, other patterns cause message only using initialization vector (Initialization Vector, IV)
One changes.After initialization vector IV, identical message can be encrypted to different cipher-text messages, so, can be to prevent
Only listener-in is attacked using message-replay.
Under normal conditions, initialization vector IV need not maintain secrecy, and be transmitted with plaintext version together with ciphertext.In communication money
Source is in short supply, and communication frequency it is higher when, if the mode for taking initialization vector IV to be transmitted together with cipher-text information can increase greatly
Plus the length of message, increase the pressure of the communication resource, and can increase error rate when using artificial transmission means.
The content of the invention
For the above-mentioned length taken initialization vector IV to be transmitted together with cipher-text information in the prior art, add message
The problem of pressure of degree and the communication resource, it is an object of the invention to provide a kind of synchronous method of block cipher mode and it is
System.
To achieve these goals, the technical solution adopted by the present invention is as follows:
A kind of synchronous method of block cipher mode, includes the sender and recipient of communication, every time sender during communication
Or recipient understands in intercept communication information that a part is as initial vector IV, sender comprises the following steps in communication:
S100:Sender judges whether that needs are authenticated communication, if so, representing the initial vector of last communication intercept
IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial vector of last communication intercept
IV can use, and carry out step S120;
S110:Sender sets the message number NUM that certification communicates, and message number NUM and identity are spliced and hash
Calculating forms new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with initial vector IV and working key
Into message ciphertext;
S130:Sender sets IV sync bits, and IV sync bits, message number NUM, message ciphertext and message checking value are assembled
Being formed needs the ciphertext transmitted written;
S140:Ciphertext is transmitted written, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext
It is used as the initial vector IV of communication next time.
Further, recipient comprises the following steps in communication:
S200:It is written that recipient receives the ciphertext that sender sends, and detects IV sync bits, judges whether to need certification to lead to
Letter, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:Message number NUM during recipient's reading ciphertext is written, by message number NUM and identity splicing and hash
Calculating obtains new initial vector IV0;
S220:Message ciphertext of the ciphertext received in written is grouped by recipient with initial vector IV and working key
Decryption, obtains message data;
S230:The one piece of data that recipient is updated in message number NUM, and interception and stored messages ciphertext communicates as next time
Initial vector IV.
Further, in step S220, recipient is obtained after message data, verifies message checking value.
Further, message checking value is the cryptographic Hash of message data;The step of checking message checking value is first to solve secret report
Literary ciphertext obtains message data, calculates the cryptographic Hash of message data, the calculated value is compared with message checking value, if comparing into
Work(, is verified.
Further, message number NUM is integer;And/or updating message number NUM is added deduct by the way that message number NUM is increased
Few arbitrary integer.
Further, in step S130, the written middle IV sync bits of ciphertext, message number NUM and the message checking value assembled
For in plain text.
A kind of synchronization system of block cipher mode, including sending method, device and recipient's device for communication, it is special
Levy and be, every time during communication sending method, device or recipient's device can in intercept communication information a part as initial vector IV,
Sending method, device is used to perform following steps in communication:
S100:Sending method, device judges whether that needs are authenticated communication, if so, representing the initial of last communication intercept
Vectorial IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial of last communication intercept
Vectorial IV can use, and carry out step S120;
S110:Sending method, device sets the message number NUM that certification communicates, and message number NUM and identity are spliced simultaneously
Hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with initial vector IV and working key
Into message ciphertext;
S130:Sending method, device sets IV sync bits, by IV sync bits, message number NUM, message ciphertext and message checking value
Assembling, which is formed, needs the ciphertext transmitted written;
S140:Ciphertext is transmitted written, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext
It is used as the initial vector IV of communication next time.
Further, recipient's device is used to perform following steps in communication:
S200:It is written that recipient's device receives the ciphertext that sending method, device sends, and detects IV sync bits, judges whether needs
Certification communicates, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:Message number NUM during recipient's device reading ciphertext is written, message number NUM and identity are spliced simultaneously
Hash calculates and obtains new initial vector IV0;
S220:Recipient's device is carried out message ciphertext of the ciphertext received in written with initial vector IV and working key
Packet deciphering, obtains message data;
S230:The one piece of data that recipient's device is updated in message number NUM, and interception and stored messages ciphertext is used as next time
The initial vector IV of communication.
The present invention is by above technical scheme, and the advantageous effects resulted in are:
(1) replace initial vector IV with message transmissions by using IV sync bits and message number NUM, substantially reduce encryption
The length of message, it is to avoid the problem of the pressure of the length of increase message and the communication resource, it is adaptable to which the communication resource is nervous, communication
Frequently environment, decreases the error rate of artificial operation transmission;
(2) check value is transmitted while transmitting message, it is ensured that the accuracy of transmission information;
(3) increase or decrease arbitrary integer to be updated NUM by NUM, be more convenient to safeguard.
Certainly, implementing any product of the present invention must be not necessarily required to while reaching all the above technique effect.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the present invention, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 be the embodiment of the present invention described in block cipher mode synchronous method and system sender flow chart;
Fig. 2 is the synchronous method of block cipher mode and the sender of system and recipient described in the embodiment of the present invention
Flow chart.
Embodiment
Some vocabulary have such as been used to censure specific components among specification and claim.Those skilled in the art should
It is understood that hardware manufacturer may call same component with different nouns.This specification and claims are not with name
The difference of title is used as the mode for distinguishing component, but is used as the criterion of differentiation with the difference of component functionally.Such as logical
The " comprising " of piece specification and claim mentioned in is an open language, therefore should be construed to " including but do not limit
In ".Specification subsequent descriptions for implement the present invention better embodiment, so it is described description be with illustrate the present invention general original
For the purpose of then, the scope of the present invention is not limited to.Protection scope of the present invention when regard the appended claims person of defining as
It is accurate.
Embodiment 1
As shown in figure 1, the present embodiment provide a kind of block cipher mode synchronous method, including communication sender with
Recipient, sender understands in intercept communication information that a part is as initial vector IV during communication every time, and sender includes in communication
Following steps:First, sender judges whether that needs are authenticated communication, if so, represent last communication intercept it is initial to
Measure IV unavailable, i.e., situations such as decryption failure, message dropping caused by transmission problem, or this communication is communicates for the first time,
The message number NUM for first setting certification to communicate, and by message number NUM and identity splice and hash calculate to be formed it is new it is initial to
Measure IV0And store, identity here is that sender and recipient's joint consultation are assert and unique, then with initially to
Measure IV0Need the message data sent to carry out block encryption sender with working key, form message ciphertext, work here
Key is that sender and recipient's joint consultation are assert;Meanwhile, sender sets IV sync bits, and by IV sync bits, message
Number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, wherein, during the ciphertext that assembles is written
IV sync bits, message number NUM and message checking value is in plain text, and the checking for other information or functional requirement, ciphertext into
Other information, such as the identification information of recipient etc. can also be assembled into text;Next, transmission ciphertext is written to reception
Side, while updating the one piece of data in message number NUM, and interception and stored messages ciphertext as the initial vector of communication next time
IV, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
If sender judges whether that needs are authenticated communication, it is judged as NO, represents the initial of last communication intercept
Vectorial IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept, with first
Sender is needed the message data sent to carry out block encryption by beginning vector IV and working key, forms message ciphertext, here
Working key is that sender and recipient's joint consultation are assert;Meanwhile, sender set IV sync bits, and by IV sync bits,
Message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and testing for other information
Card or functional requirement, can also be assembled into other information, such as the identification information of recipient etc. during ciphertext is written;Next,
Transmit ciphertext it is written give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data under
The initial vector IV of secondary communication, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections,
Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM
Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication
The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two
Plant the combination of above state.Sender and recipient's independent maintenance are by having consulted the initial vector IV and message number that method is obtained
NUM.Initial vector IV is just carried out in first time communication or when decryption failure, message dropping caused by transmission problem
Synchronous certification communication.Initial vector IV is used for the encryption of communication data.All communication messages are encrypted state.
A kind of a kind of synchronous method for block cipher mode that the present invention is provided, it is proposed that random life by initial vector IV
The mode by data message related to communicating pair message number NUM by conversion generation is substituted for into mode;In communication process
In, the method for initial vector IV is replaced using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just
The byte number that beginning vector IV is accounted for.Such a method can both save the communication resource, shorten the length of message, again can be in initial vector
IV does not influence normal data transfer when synchronous, meanwhile, initial initial vector IV is generated using hash algorithm, it is ensured that it is initial to
IV complexity is measured, the requirement of the communication resource and block encryption is met.
Embodiment 2
As shown in Fig. 2 the present embodiment provide a kind of block cipher mode synchronous method, including communication sender with
Recipient, sender and recipient understand a part in intercept communication information and, as initial vector IV, sent out in communication when communicating every time
The side of sending comprises the following steps:First, sender judges whether that needs are authenticated communication, if so, representing last communication intercept
Initial vector IV it is unavailable, i.e., because caused by transmission problem decryption failure, message dropping situations such as, or this communication be first
Secondary communication, the message number NUM for first setting certification to communicate, and simultaneously hash calculates to form new by message number NUM and identity splicing
Initial vector IV0And store, identity here is that sender and recipient's joint consultation are assert and unique, then
Use initial vector IV0Need the message data sent to carry out block encryption sender with working key, form message ciphertext, this
In working key be that sender and recipient's joint consultation are assert;Meanwhile, sender sets IV sync bits, and by IV0Together
Step, message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, wherein, what is assembled is close
The written middle IV sync bits of text, message number NUM and message checking value are plaintext, and the checking for other information or function need
Ask, other information, such as the identification information of recipient etc. can also be assembled into during ciphertext is written;Next, transmission ciphertext into
Text give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data be used as next time communication just
Begin vector IV, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
If sender judges whether that needs are authenticated communication, it is judged as NO, represents the initial of last communication intercept
Vectorial IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept, with first
Sender is needed the message data sent to carry out block encryption by beginning vector IV and working key, forms message ciphertext, here
Working key is that sender and recipient's joint consultation are assert;Meanwhile, sender set IV sync bits, and by IV sync bits,
Message number NUM, message ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and testing for other information
Card or functional requirement, can also be assembled into other information, such as the identification information of recipient etc. during ciphertext is written;Next,
Transmit ciphertext it is written give recipient, while update message number NUM, and intercept and stored messages ciphertext in one piece of data under
The initial vector IV of secondary communication, wherein, the position of intercepting message is that sender and recipient's offered are appointed.
Recipient comprises the following steps in communication:First, recipient receives that the ciphertext that sender sends is written, and parsing is obtained
And IV sync bits are detected, judge whether to need certification to communicate, if so, decryption failure, message dropping i.e. caused by transmission problem
Situations such as need synchronous certification communication, or this communication to communicate for the first time, recipient read ciphertext it is written in message number
Message number NUM and both sides are known the identity splicing specified and hash calculate and obtains initial vector IV by NUM0, recipient's use
Initial vector IV0Message ciphertext progress packet deciphering of the working key of agreement by the ciphertext received in written is cooperateed with both sides,
Obtain message data, here recipient receive ciphertext that sender sends it is written after message number NUM and both sides are known what is specified
Simultaneously hash calculating obtains initial vector IV for identity splicing0Mode or method and sender by message number NUM and identity mark
Know splicing and hash calculates to form new initial vector IV0Mode or method it is consistent so that recipient is with same method energy
Generate the initial vector IV of sender's generation0, and specifically generate initial vector IV0Method or mode be sender and reception
What square offered was determined;The one piece of data that recipient is updated in message number NUM, and interception and stored messages ciphertext is used as next time
The initial vector IV of communication, the position of intercepting message is that sender and recipient's offered are appointed.
If detect IV sync bits, judge not needing certification communication, recipient uses the initial vector of last communication storage
Message ciphertext of the ciphertext received in written is carried out packet deciphering by IV and the working key of both sides' collaboration agreement, obtains message number
According to;Recipient updates the one piece of data in message number NUM, and interception and stored messages ciphertext as the initial vector of communication next time
IV, the position of intercepting message is that sender and recipient's offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections,
Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM
Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Further, recipient is obtained after message data, verifies message checking value.Message checking value is the Kazakhstan of message data
Uncommon value;The step of verifying message checking value obtains message data for first decrypted message ciphertext, calculates the cryptographic Hash of message data, will
The calculated value is compared with message checking value, if comparing successfully, is verified.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication
The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two
Plant the combination of above state.Sender and recipient's independent maintenance are by having consulted the initial vector IV and message number that method is obtained
NUM.Sender and recipient need not individually carry out state synchronized certification communication, need to only be determined whether to carry out according to IV sync bits
IV is synchronous.Initial vector is just carried out in first time communication or when decryption failure, message dropping caused by transmission problem
IV synchronous certification communication.Initial vector IV is used for the encryption of communication data.All communication messages are encrypted state.
A kind of a kind of synchronous method for block cipher mode that the present invention is provided, it is proposed that random life by initial vector IV
The mode by data message related to communicating pair message number NUM by conversion generation is substituted for into mode;In communication process
In, the method for initial vector IV is replaced using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just
The byte number that beginning vector IV is accounted for.Such a method can both save the communication resource, shorten the length of message, again can be in initial vector
IV does not influence normal data transfer when synchronous, meanwhile, initial initial vector IV is generated using hash algorithm, it is ensured that it is initial to
IV complexity is measured, the requirement of the communication resource and block encryption is met;Message number NUM is updated after communication, it is ensured that identical
Sender, recipient per subsynchronous certification communication when, initial vector IV is different;Sender, the unique identity of recipient
Mark ensures different senders, recipient when synchronous certification communicates, and initial vector IV is different.
Communication means is described as follows sender first with recipient:
First, sender judges that needs are authenticated communication, first sets the message number NUM of certification communication initial value
NUM0, and by message number NUM0Splice with identity and hash calculates the initial value IV to form new initial vector IV0And deposit
Storage, then uses initial vector IV0Need the message data sent to carry out block encryption sender with working key, form message
Ciphertext;Meanwhile, sender sets IV sync bits to need synchronous certification communications status, and by IV sync bits, message number NUM0, report
Literary ciphertext and message checking value, which assemble to be formed, needs the ciphertext transmitted written, and the checking for other information or function need
Ask, other information, such as the identification information of recipient etc. can also be assembled into during ciphertext is written;Next, transmission ciphertext into
Text gives recipient, while updating message number NUM0For message number NUM1, and the one piece of data conduct in interception and stored messages ciphertext
The initial vector IV of communication next time1。
Recipient receives that the ciphertext that sender sends is written, and parsing obtains and simultaneously detects IV sync bits, and judgement needs certification to lead to
Letter, the message number NUM during recipient's reading ciphertext is written0, by message number NUM0Know the identity splicing specified simultaneously with both sides
Hash calculates and obtains initial vector IV0, recipient's initial vector IV0Cooperate with the working key of agreement close by what is received with both sides
Message ciphertext during text is written carries out packet deciphering, obtains message data;Recipient is obtained after message data, verifies message checking
Value;Recipient updates message number NUM0For message number NUM1, and the one piece of data in interception and stored messages ciphertext is logical as next time
The initial vector IV of letter1。
Sender is described as follows with recipient's proper communication method:
Sender judges that communication need not be authenticated, with the initial vector IV of last communication interceptnAnd working key
Need the message data sent to carry out block encryption sender, form message ciphertext;Meanwhile, sender's setting IV sync bits are
It need not be authenticated communications status, and by IV sync bits, message number NUMm, message ciphertext and message checking value assemble to be formed and need
The ciphertext to be transmitted is written, and the checking for other information or functional requirement, and other can also be assembled into during ciphertext is written
Information, such as the identification information of recipient etc.;Next, transmission ciphertext is written to give recipient, while updating message number NUMm
For message number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector IVn+1。
Recipient, which parses to obtain, simultaneously detects that IV sync bits judge not needing certification communication, and recipient uses last communication storage
Initial vector IVnMessage ciphertext progress packet solution of the working key of agreement by the ciphertext received in written is cooperateed with both sides
It is close, obtain message data;Recipient is obtained after message data, verifies message checking value;Recipient updates message number NUMmFor report
Literary number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector IVn+1。
Embodiment 3
A kind of synchronization system of block cipher mode provided in an embodiment of the present invention, including the sending method, device for communication
With recipient's device, and adopt with the following method:
Every time during communication sending method, device and recipient's device can in intercept communication information a part as initial vector IV,
Sending method, device comprises the following steps in communication:First, sending method, device judges whether that needs are authenticated communication, if so, table
Show that the initial vector IV of last communication intercept is unavailable, i.e., situations such as decryption failure, message dropping caused by transmission problem,
Or this communication sets the message number NUM that certification communicates to communicate for the first time, first, and message number NUM and identity are spliced
And hash calculates to form new initial vector IV0And store, identity here is that sending method, device and recipient's device are common
Assert with negotiation and unique, then use initial vector IV0The message number for needing to send by sending method, device with working key
According to block encryption is carried out, message ciphertext is formed, working key here is that sending method, device and recipient's device joint consultation are recognized
Fixed;Meanwhile, sending method, device sets IV sync bits, and by IV sync bits, message number NUM, message ciphertext and message checking value
Assembling, which is formed, needs the ciphertext transmitted written, wherein, the written middle IV of ciphertext assembled0Sync bit, message number NUM and message
Check value is in plain text, and the checking for other information or functional requirement can also be assembled into other letters during ciphertext is written
Breath, such as identification information of recipient's device etc.;Next, transmission ciphertext is written to give recipient's device, while updating message number
The initial vector IV that one piece of data in NUM, and interception and stored messages ciphertext communicates as next time, wherein, intercepting message
Position is that sending method, device and recipient's device offered are appointed.
If sending method, device judges whether that needs are authenticated communication, it is judged as NO, represents last communication intercept
Initial vector IV can use, that is, in normal communication state, be encrypted using the initial vector IV of last communication intercept,
Need the message data sent to carry out block encryption sending method, device with initial vector IV and working key, form message close
Text, working key here is that sending method, device and recipient's device joint consultation are assert;Meanwhile, sending method, device sets IV
Sync bit, and IV sync bits, message number NUM, message ciphertext and message checking value assembled to be formed need the ciphertext transmitted written,
And checking or functional requirement for other information, can also be assembled into other information, such as recipient during ciphertext is written
Identification information of device etc.;Next, transmission ciphertext is written to give recipient's device, while updating message number NUM, and intercept and deposit
The one piece of data in message ciphertext is stored up as the initial vector IV of communication next time, wherein, the position of intercepting message is sender's dress
Put what is appointed with recipient's device offered.
Recipient's device comprises the following steps in communication:First, recipient's device receives the ciphertext that sending method, device is sent
Written, parsing obtains and detects IV sync bits, judges whether to need certification to communicate, if so, being decrypted caused by transmission problem
Situations such as failure, message dropping, needs synchronous certification communication, or this communication to communicate for the first time, and recipient's device reads ciphertext
Message number NUM in written, by message number NUM and both sides know the identity splicing specified and hash calculate obtain it is initial to
Measure IV0, recipient's device initial vector IV0Message of the working key of agreement by the ciphertext received in written is cooperateed with both sides
Ciphertext carries out packet deciphering, obtains message data, here recipient's device receive ciphertext that sending method, device sends it is written after will
Message number NUM and both sides know the identity splicing specified and hash calculates and obtains initial vector IV0Mode or method with
Sending method, device splices message number NUM and identity and hash calculates to form new initial vector IV0Mode or method
Unanimously so that recipient's device can generate the initial vector IV that sending method, device is generated with same method0, and specifically generate
Initial vector IV0Method or mode is sending method, device and recipient's device offered is determined;Recipient's device updates
The initial vector IV that one piece of data in message number NUM, and interception and stored messages ciphertext communicates as next time, intercepting message
Position is that sending method, device and recipient's device offered are appointed.
If detect IV sync bits, judge not needing certification communication, recipient's device is initial with last communication storage
Message ciphertext of the ciphertext received in written is carried out packet deciphering by the working key of vectorial IV and both sides collaboration agreement, is reported
Literary data;What the one piece of data that recipient's device updates in message number NUM, and interception and stored messages ciphertext communicated as next time
Initial vector IV, the position of intercepting message is that sending method, device and recipient's device offered are appointed.
Further, message number NUM is integer, for ensure IV quality, one larger integer of NUM prioritizing selections,
Arbitrary value can be specified by sender;It is by the way that message number NUM is increased or decreased into arbitrary integer, preferably to update message number NUM
Ground selection Jia one or message number NUM renewal is carried out by a series of functional operation.
Further, recipient is obtained after message data, verifies message checking value.Message checking value is the Kazakhstan of message data
Uncommon value;The step of verifying message checking value obtains message data for first decrypted message ciphertext, calculates the cryptographic Hash of message data, will
The calculated value is compared with message checking value, if comparing successfully, is verified.
Wherein, in proper communication, IV sync bits are set not need certification communications status, such as do not need certification communication
The IV sync bits of state are 00, it is necessary to which the IV sync bits of certification communications status are 01, or other represent and distinguish two kinds or two
Plant the combination of above state.Sending method, device and recipient's device independent maintenance are by having consulted the initial vector IV that method is obtained
With message number NUM.Sending method, device and recipient's device need not individually carry out state synchronized certification communication, only need to be same according to IV
Step determines whether to carry out IV synchronizations.In first time communication or situations such as failure, message dropping are decrypted caused by transmission problem
The lower synchronous certification communication for just carrying out initial vector IV.Initial vector IV is used for the encryption of communication data.All communication messages
It is encrypted state.
The synchronization system for a kind of block cipher mode that the present invention is provided, system that employs a kind of by initial vector IV
Random generating mode is substituted for the mode by data message related to communicating pair message number NUM by conversion generation;Logical
During letter, replace initial vector IV using IV sync bits and message number NUM.Byte number shared by message number NUM is much smaller than just
The byte number that beginning vector IV is accounted for.Such a method that the system is used can both save the communication resource, shorten the length of message, again may be used
Not influence normal data transfer when initial vector IV is synchronous, meanwhile, initial initial vector is generated using hash algorithm
IV, it is ensured that the complexity of initial vector IV, meets the requirement of the communication resource and block encryption;Message number NUM is carried out after communication
Update, it is ensured that identical sender, recipient are in the communication per subsynchronous certification, and initial vector IV is different;Sender, reception
The unique identity in side ensures different senders, recipient when synchronous certification communicates, and initial vector IV is different.
When sending method, device communicates first with recipient's device, it is described as follows:
First, sending method, device judges that needs are authenticated communication, first sets the message number NUM of certification communication initial value
NUM0, and by message number NUM0Splice with identity and hash calculates the initial value IV to form new initial vector IV0And deposit
Storage, then uses initial vector IV0Need the message data sent to carry out block encryption sending method, device with working key, formed
Message ciphertext;Meanwhile, sending method, device sets IV sync bits to need synchronous certification communications status, and by IV sync bits, message
Number NUM0, message ciphertext and message checking value assemble to be formed needs the ciphertext transmitted written, and for the checking of other information
Or functional requirement, other information, such as identification information of recipient's device etc. can also be assembled into during ciphertext is written;Connect down
Come, transmission ciphertext is written to give recipient's device, while updating message number NUM0For message number NUM1, and interception and stored messages are close
The initial vector IV that one piece of data in text communicates as next time1。
Recipient's device receives that the ciphertext that sending method, device sends is written, and parsing, which is obtained, simultaneously detects IV sync bits, judges to need
Authenticate communication, the message number NUM during recipient's device reading ciphertext is written0, by message number NUM0Know the body specified with both sides
Simultaneously hash calculating obtains initial vector IV to the splicing of part mark0, recipient's device initial vector IV0The work of agreement is cooperateed with both sides
Make key and message ciphertext of the ciphertext received in written is subjected to packet deciphering, obtain message data;Recipient obtains message number
According to rear, message checking value is verified;Recipient's device updates message number NUM0For message number NUM1, and intercept and stored messages ciphertext
In one piece of data be used as next time communication initial vector IV1。
When sending method, device is with recipient's device proper communication, it is described as follows:
Sending method, device judges that communication need not be authenticated, with the initial vector IV of last communication interceptnAnd work
Sending method, device is needed the message data sent to carry out block encryption by key, forms message ciphertext;Meanwhile, sending method, device is set
IV sync bits are put to be authenticated communications status, and by IV sync bits, message number NUMm, message ciphertext and message checking
Value assembling, which is formed, needs the ciphertext transmitted written, and the checking for other information or functional requirement, may be used also during ciphertext is written
To be assembled into other information, such as identification information of recipient's device etc.;Next, transmission ciphertext is written to give recipient's dress
Put, while updating message number NUMmFor message number NUMm+1, and the one piece of data in interception and stored messages ciphertext is logical as next time
The initial vector IV of lettern+1。
The parsing of recipient's device obtains and detects that IV sync bits judge not needing certification communication, and recipient's device is last
Communicate the initial vector IV storednThe working key for cooperateing with agreement with both sides carries out message ciphertext of the ciphertext received in written
Packet deciphering, obtains message data;Recipient is obtained after message data, verifies message checking value;Recipient's device updates message
Number NUMmFor message number NUMm+1, and intercept and stored messages ciphertext in one piece of data be used as next time communication initial vector
IVn+1。
The synchronous method and system for a kind of block cipher mode that the present embodiment is provided, with advantages below:
(1) replace initial vector IV with message transmissions by using IV sync bits and message number NUM, substantially reduce encryption
The length of message, it is to avoid the problem of the pressure of the length of increase message and the communication resource, it is adaptable to which the communication resource is nervous, communication
Frequently environment, decreases the error rate of artificial operation transmission;
(2) check value is transmitted while transmitting message, it is ensured that the accuracy of transmission information;
(3) increase or decrease arbitrary integer to be updated NUM by NUM, be more convenient to safeguard.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
Some embodiments of the present invention are the foregoing is only, are not intended to limit the invention.For art technology
For personnel, the present invention can have various modifications and variations.All any modifications made within spirit and principles of the present invention,
Equivalent substitution, improvement etc., should be included within scope of the presently claimed invention.
Claims (8)
1. a kind of synchronous method of block cipher mode, includes the sender and recipient of communication, it is characterised in that communication every time
When described sender or the recipient understand in intercept communication information that a part is as initial vector IV, sender described in communication
Comprise the following steps:
S100:Described sender judges whether that needs are authenticated communication, if so, representing the initial vector of last communication intercept
IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing the initial vector of last communication intercept
IV can use, and carry out step S120;
S110:Described sender sets the message number NUM that certification communicates, and the message number NUM and identity are spliced simultaneously
Hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with the initial vector IV and working key
Into message ciphertext;
S130:Described sender sets IV sync bits, by the IV sync bits, the message number NUM, the message ciphertext and report
Literary check value, which assembles to be formed, needs the ciphertext transmitted written;
S140:Transmit the ciphertext written, while updating the message number NUM, and intercept and store in the message ciphertext
The initial vector IV that one piece of data communicates as next time.
2. the synchronous method of block cipher mode according to claim 1, it is characterised in that recipient described in communication wraps
Include following steps:
S200:It is written that the recipient receives the ciphertext that described sender sends, and detects the IV sync bits, judges whether
Certification is needed to communicate, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:The message number NUM during recipient's reading ciphertext is written, by the message number NUM and the body
Simultaneously hash calculating obtains the new initial vector IV to the splicing of part mark0;
S220:The recipient with the initial vector IV and the working key by the ciphertext received it is written in described in
Message ciphertext carries out packet deciphering, obtains the message data;
S230:The recipient updates the message number NUM, and intercepts and store the one piece of data conduct in the message ciphertext
The initial vector IV of communication next time.
3. the synchronous method of block cipher mode according to claim 2, it is characterised in that
In step S220, the recipient is obtained after the message data, verifies the message checking value.
4. the synchronous method of block cipher mode according to claim 3, it is characterised in that
The message checking value is the cryptographic Hash of the message data;
The step of verifying the message checking value obtains the message data first to decrypt the message ciphertext, calculates the message
The cryptographic Hash of data, the calculated value is compared with the message checking value, if comparing successfully, is verified.
5. the synchronous method of block cipher mode according to claim 1 or 2, it is characterised in that
The message number NUM is integer;
It is by the way that the message number NUM is increased or decreased into arbitrary integer to update the message number NUM.
6. the synchronous method of block cipher mode according to claim 1, it is characterised in that
In step S130, IV sync bits, the message number NUM and message checking value described in the ciphertext that assembles is written are
In plain text.
7. a kind of synchronization system of block cipher mode, including sending method, device and recipient's device, its feature for communication
Be, every time during communication described sender device or recipient's device can in intercept communication information a part as it is initial to
IV is measured, sending method, device described in communication is used to perform following steps:
S100:Described sender device judges whether to need to carry out the certification communication, if so, representing last communication intercept
Initial vector IV is unavailable or this communication is communicates for the first time, carries out step S110, if it is not, representing last communication intercept
Initial vector IV can use, and carry out step S120;
S110:Described sender device sets the message number NUM that certification communicates, and the message number NUM and identity are spelled
Connect and hash calculates to form new initial vector IV0And store;
S120:The message data sent is needed to carry out block encryption, shape sender with the initial vector IV and working key
Into message ciphertext;
S130:Described sender device sets IV sync bits, by the IV sync bits, the message number NUM, the message ciphertext
And message checking value assemble to be formed need transmit ciphertext it is written;
S140:Transmit the ciphertext written, while updating the message number NUM, and intercept and store in the message ciphertext
The initial vector IV that one piece of data communicates as next time.
8. the synchronization system of block cipher mode according to claim 7, it is characterised in that recipient described in communication fills
Put for performing following steps:
S200:It is written that recipient's device receives the ciphertext that described sender device sends, and detects the IV sync bits,
Judge whether to need certification to communicate, if so, proceeding to step S210, if it is not, proceeding to step S220;
S210:The message number NUM during recipient's device reading ciphertext is written, by message number NUM and the body
Simultaneously hash calculating obtains the new initial vector IV to the splicing of part mark0;
S220:Recipient's device with the initial vector IV and the working key by the ciphertext received it is written in
The message ciphertext carries out packet deciphering, obtains the message data;
S230:Recipient's device updates the message number NUM, and intercepts and store the one piece of data in the message ciphertext
It is used as the initial vector IV of communication next time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710204019.1A CN106982115B (en) | 2017-03-30 | 2017-03-30 | Synchronization method and system of block cipher mode |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710204019.1A CN106982115B (en) | 2017-03-30 | 2017-03-30 | Synchronization method and system of block cipher mode |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106982115A true CN106982115A (en) | 2017-07-25 |
CN106982115B CN106982115B (en) | 2020-03-17 |
Family
ID=59339252
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710204019.1A Active CN106982115B (en) | 2017-03-30 | 2017-03-30 | Synchronization method and system of block cipher mode |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106982115B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
CN113347024A (en) * | 2021-05-19 | 2021-09-03 | 郑州信大捷安信息技术股份有限公司 | Data isolation exchange method and device based on visible light communication |
CN110995612B (en) * | 2019-11-25 | 2023-08-29 | 浙江中控技术股份有限公司 | Message processing method, system and communication equipment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101330513A (en) * | 2008-06-26 | 2008-12-24 | 西安西电捷通无线网络通信有限公司 | Method for synchronizing initiation vectors IV in an applied block cipher operation mode |
CN101340280A (en) * | 2008-08-22 | 2009-01-07 | 四川虹微技术有限公司 | Stream cipher generator |
CN102136904A (en) * | 2011-03-30 | 2011-07-27 | 中国科学院软件研究所 | Message discrimination method based on block cipher |
CN102404111A (en) * | 2011-12-28 | 2012-04-04 | 王勇 | Method for encrypting in sections by using uncertain encryption algorithm |
US9407437B1 (en) * | 2014-03-25 | 2016-08-02 | Amazon Technologies, Inc. | Secure initialization vector generation |
-
2017
- 2017-03-30 CN CN201710204019.1A patent/CN106982115B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101330513A (en) * | 2008-06-26 | 2008-12-24 | 西安西电捷通无线网络通信有限公司 | Method for synchronizing initiation vectors IV in an applied block cipher operation mode |
CN101340280A (en) * | 2008-08-22 | 2009-01-07 | 四川虹微技术有限公司 | Stream cipher generator |
CN102136904A (en) * | 2011-03-30 | 2011-07-27 | 中国科学院软件研究所 | Message discrimination method based on block cipher |
CN102404111A (en) * | 2011-12-28 | 2012-04-04 | 王勇 | Method for encrypting in sections by using uncertain encryption algorithm |
US9407437B1 (en) * | 2014-03-25 | 2016-08-02 | Amazon Technologies, Inc. | Secure initialization vector generation |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108965302A (en) * | 2018-07-24 | 2018-12-07 | 苏州科达科技股份有限公司 | Media data transmission system, method, apparatus and storage medium |
CN108965302B (en) * | 2018-07-24 | 2021-10-15 | 苏州科达科技股份有限公司 | Media data transmission system, method, device and storage medium |
CN110995612B (en) * | 2019-11-25 | 2023-08-29 | 浙江中控技术股份有限公司 | Message processing method, system and communication equipment |
CN113347024A (en) * | 2021-05-19 | 2021-09-03 | 郑州信大捷安信息技术股份有限公司 | Data isolation exchange method and device based on visible light communication |
CN113347024B (en) * | 2021-05-19 | 2022-03-15 | 郑州信大捷安信息技术股份有限公司 | Data isolation exchange method and device based on visible light communication |
Also Published As
Publication number | Publication date |
---|---|
CN106982115B (en) | 2020-03-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108683688B (en) | Method for realizing information transmission safety based on digital envelope technology | |
US8788802B2 (en) | Constrained cryptographic keys | |
CA2644015C (en) | Method and apparatus for providing an adaptable security level in an electronic communication | |
KR100983050B1 (en) | System, method and computer program product for authenticating a data agreement between network entities | |
CN109672539A (en) | SM2 algorithm collaboration signature and decryption method, apparatus and system | |
US20050154896A1 (en) | Data communication security arrangement and method | |
CN106603485A (en) | Secret key negotiation method and device | |
CN107294937A (en) | Data transmission method, client and server based on network service | |
CN108347419A (en) | Data transmission method and device | |
CN103338215A (en) | Method for establishing TLS (Transport Layer Security) channel based on state secret algorithm | |
CN108173644A (en) | Data transfer encryption method, device, storage medium, equipment and server | |
CA2694500A1 (en) | Method and system for secure communication | |
KR101706117B1 (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
CN111769938B (en) | Key management system and data verification system of block chain sensor | |
CN107094108A (en) | The method for being connected to the part of data/address bus and encryption function being realized in the part | |
CN108141364A (en) | Message authentication | |
CN104917807A (en) | Resource transfer method, apparatus and system | |
CN106982115A (en) | The synchronous method and system of a kind of block cipher mode | |
CN108206739A (en) | Key generation method and device | |
CN100579009C (en) | Method for upgrading function of creditable calculation modules | |
US20210227368A1 (en) | Master-Slave System for Communication Over a Bluetooth Low Energy Connection | |
CN106330862A (en) | Secure transmission method and system for dynamic password | |
CN110365662A (en) | Business approval method and device | |
CN109754503A (en) | Intelligent door lock method for unlocking | |
CN112713995A (en) | Dynamic communication key distribution method and device for terminal of Internet of things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 250104, No. 2877, fairway, Sun Town, Ji'nan hi tech Zone, Shandong Applicant after: Shandong beyond CNC electronic Limited by Share Ltd Address before: 250104, No. 2877, fairway, Sun Town, Ji'nan hi tech Zone, Shandong Applicant before: Chaoyue Digital Controlling Electronic Co., Ltd., Shandong Prov. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |