CN108848073B - Method and system for encrypting and decrypting data of real-time data acquisition system - Google Patents

Method and system for encrypting and decrypting data of real-time data acquisition system Download PDF

Info

Publication number
CN108848073B
CN108848073B CN201810548763.8A CN201810548763A CN108848073B CN 108848073 B CN108848073 B CN 108848073B CN 201810548763 A CN201810548763 A CN 201810548763A CN 108848073 B CN108848073 B CN 108848073B
Authority
CN
China
Prior art keywords
bit
data
key
real
bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810548763.8A
Other languages
Chinese (zh)
Other versions
CN108848073A (en
Inventor
朱相环
张广福
甘洪成
窦建广
赵筱波
马劲松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tangshan Zhineng Electronic Co ltd
Original Assignee
Tangshan Zhineng Electronic Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tangshan Zhineng Electronic Co ltd filed Critical Tangshan Zhineng Electronic Co ltd
Priority to CN201810548763.8A priority Critical patent/CN108848073B/en
Publication of CN108848073A publication Critical patent/CN108848073A/en
Application granted granted Critical
Publication of CN108848073B publication Critical patent/CN108848073B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves

Abstract

The invention provides a method and a system for encrypting and decrypting data of a real-time data acquisition system, wherein the method divides the data of the real-time data acquisition system into blocks with the size of 64 bits by a DES algorithm, and uses 16-bit keys to form 64-bit keys in an overlapping way to encrypt each 64-bit data block, but only re-encrypts the 16-bit keys during data packaging and transmission and packages and transmits the 16-bit keys and the encrypted data together, thereby greatly improving the speed of encryption operation, not only meeting the real-time requirement of the data of the real-time data acquisition system, but also meeting the requirements on the speed, power consumption and stability of a processor, and effectively saving the memory and processing time of the system. The method and the system are used for encrypting and protecting data acquired in real time based on the wireless Internet of things and can also be used in other data encryption and protection occasions with real-time requirements.

Description

Method and system for encrypting and decrypting data of real-time data acquisition system
Technical Field
The present invention relates to the field of data acquisition and information security, and more particularly, to a method and system for encrypting and decrypting data of a real-time data acquisition system.
Background
Data acquisition of an industrial field is realized based on a field bus technology all the time, and the technology of the internet of things cannot be applied based on safety considerations. At present, a plurality of encryption algorithms exist, but algorithms which can be used for data encryption, such as ECC, RC, AES, IDEA, DES, 3DES, RSA, SHA and the like, cannot meet the requirements of real-time acquisition and encryption due to the limitation of the operation speed of an embedded processor.
Therefore, a method and system for quickly encrypting and decrypting the acquired data in the real-time data acquisition process are needed.
Disclosure of Invention
In order to solve the technical problem that the prior art cannot meet the requirements of acquiring data in real time on an industrial field and quickly encrypting and decrypting the data, the invention provides a method for encrypting data of a real-time data acquisition system, which comprises the following steps:
selecting a 14-bit random number, and adding 1 parity bit after the 7 th bit and the 14 th bit of the 14-bit random number respectively in the order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEForming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right;
removing parity bits from the 64-bit DES key, transposing according to a first transformation table to generate a 56-bit DES key, and decomposing the 56-bit DES key into two 28-bit DES keys, wherein the first transformation table is a table with 8 rows and 7 columns;
performing m iterations on the C0 and the D0, connecting the C I and the D I generated by the I iteration in series to generate a new 56-bit C I D [ I ], performing transposition on the C I D [ I ] according to a second transformation table to generate 1 48-bit sub-keys K [ I ], wherein the second transformation table is a table with 6 rows and 8 columns, and I is more than or equal to 1 and less than or equal to m;
dividing data of a real-time data acquisition system into a plurality of 64-bit blocks, and transforming each block according to a third transformation table to generate a new 64-bit data block, wherein the third transformation table is a table with 8 rows and 8 columns;
for each new 64-bit data block, decomposing the data block into two 32-bit L [0] and R [0 ];
the L [0] and R [0] are encrypted with m subkeys to generate encrypted data.
Further, the step of transposing the 64-bit DES key according to the first transformation table to generate the 56-bit key means that the parity bits in the 64-bit DES key are discarded, and then the remaining 56-bit keys are filled into the first transformation table according to the number of bits indicated in the first transformation table, as the original 64-bit DES key.
Further, the decomposition of the 56-bit key into two 28-bit C [0] and D [0] means that 1 to 28 bits of the 56-bit key are taken as C [0] and 29 to 56 bits are taken as D [0 ].
Further, the value of m is 16.
Further, m iterations of C [0] and D [0], concatenating the C [ I ] and D [ I ] generated in the I iteration to generate a new 56-bit C [ I ] D [ I ], and transposing the C [ I ] D [ I ] according to a second transformation table to generate 1 sub-key K [ I ] with 48 bits include:
c [ I-1] and D [ I-1] are moved leftwards according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
and concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
Further, dividing the data of the real-time data acquisition system into a plurality of 64-bit blocks, and transforming each block according to a third transformation table to generate a new 64-bit data block comprises:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the data length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
Further, for each new 64-bit data block, decomposing the data block into two 32-bit L [0] and R [0] refers to taking 1 to 32 bits of the 64-bit data block as L [0] and 33 to 64 bits as R [0 ].
Further, encrypting the L [0] and R [0] with the m subkeys to generate encrypted data comprises:
according to the digit number marked by the fourth conversion table, filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table to generate new 48-digit data E [ I-1], wherein the initial value of I is 1, I is more than or equal to 1 and less than or equal to m, and the fourth conversion table is a table with 6 rows and 8 columns;
exclusive OR E [ I-1] and K [ I ], and dividing the exclusive OR result into 8 data B [ J ] with 6 bits according to the sequence from left to right, wherein the initial value of J is 1, and J is more than or equal to 1 and less than or equal to 8;
combining the 1 st bit and the 6 th bit of B [ J ] into a variable M with the length of 2 bits, and taking the variable M as a line number in a set S [ J ] table;
combining bits 2 to 5 of B [ J ] into a variable N with the length of 4 bits, and taking the variable N as a column number in a set S [ J ] table;
selecting corresponding numerical values according to the row number and the column number of the SJ table, converting decimal numerical values corresponding to the selected row number and the column number into binary numbers with four-bit length, and replacing the SJ with the SJ M N;
combining the data into 32-bit data according to the sequence from B [1] to B [8], filling the number of the corresponding digit number in the 32-bit data into a fifth conversion table according to the digit number marked by the fifth conversion table, and generating new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
exclusive-OR's P [ I ] and L [ I-1], and taking the result of exclusive-OR as R [ I ], and taking R [ I-1] as L [ I ];
combining R [ m ] and L [ m ] into a whole R [ m ] L [ m ] according to the sequence from R [ m ] to L [ m ], filling the number corresponding to the digit number in R [ m ] L [ m ] into a sixth conversion table according to the digit number marked by the sixth conversion table, and obtaining the encryption result of the 64-bit data block, wherein the sixth conversion table is a table with 8 rows and 8 columns.
Further, the method further comprises using 4 short keys kEThe composed 64-bit DES key is encrypted, and the encrypted DES key and the real-time data acquisition system are added through a DES algorithmTransmitting the encrypted data to a server, wherein:
the real-time safety data acquisition system determines the length of a secret key according to the processing capacity of the real-time safety data acquisition system, applies for encryption parameters to a server, and stores the encryption parameters transmitted by the server, wherein the transmitted encryption parameters comprise parameters p, a and b of an elliptic curve Ep (a, b) determined according to the length requested by the real-time safety data acquisition system, a base point G on the elliptic curve Ep (a, b), an order n of the base point G, and a public key K determined according to a private key K of the real-time safety data acquisition system and the base point G, and K is kG;
16-bit DES short key k to be generatedEA point M encoded onto the elliptic curve Ep (a, b)EAnd according to point MEComputing point C of public key K and generated random number r1And C2
Real-time data acquisition system will point C1And C2And the encrypted data is packaged and transmitted to the server.
Further, determining the parameters of the elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number larger than 3 according to the key length applied by the real-time safety data acquisition system, assigning the prime number to p, and then selecting a non-negative integer a smaller than p-1;
according to the satisfied formula (4 a)3+27b2) The condition of modp ≠ 0 identifies b.
Further, the determined values of a and b are integers in [0, p-1 ].
Further, a base point G (x, y) on the determined elliptic curve is (x)G,yG) Wherein, the xGAnd yGIs a non-negative integer less than p-1 and the infinity point O ∞ cannot be chosen as the base point, as shown in the following equation:
(xG,yG)∈E(Fp),G≠O∞。
further, the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O∞
wherein n is a base point G ═ xG,yG) E (Fp), n must be prime and p is satisfiedtNot equal to 1(modn), where 1 ≦ t < 30, and p not equal to nh, where h is cofactor h ≦ E (Fp)/n.
Further, the root point MEComputing point C of public key K and generated random number r1And C2The formula of (1) is:
C1=ME+rK
C2=rG
in the formula, ME=(xE,yE) With X coordinate DES short key kEConverted to decimal or hexadecimal values with the Y coordinate being the equation Y from the parameters of the elliptic curve2=x3Positive integer obtained by + ax + b calculation, r is random number and belongs to [1, n-1 ]]And n is the order of the base point G on the elliptic curve.
According to another aspect of the present invention, there is provided a method of decrypting encrypted data of a real-time data acquisition system, the method comprising:
a server receives a data packet sent by a real-time data acquisition system, wherein the data packet comprises a point C1And C2And data encrypted by the DES algorithm;
the server follows the formula MECalculation of the 16-bit short key M encoded onto the elliptic curve Ep (a, b) results from C1-kC2EWherein k is a private key, k is an element [1, n-2 ]]N is the order of a base point G on the elliptic curve;
the short secret key M is usedEReversely decoding according to the method when coding to obtain 16-bit DES short key kE
Overlapping use of 4 short keys kEForming 64-bit DES key, performing decryption operation by the same operation as encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]]K[2]…K[16]When decrypting, the sequence of sub-keys is changed to K [16]]K[15]…K[2]K[1]。
According to another aspect of the present invention, there is provided a system for encrypting data for a real-time data acquisition system, the system comprising:
a first key generation unit for selecting a 14-bit random number and adding 1 parity bit after the 7 th bit and the 14 th bit of the 14-bit random number in order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEForming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right;
a second key generation unit for removing parity bits from the 64-bit DES key, transposing according to a first transformation table to generate a 56-bit key, and decomposing the 56-bit key into two 28-bit C [0] and D [0], wherein the first transformation table is a table with 8 rows and 7 columns;
a sub-key generating unit, which is used for performing m iterations on the C0 and the D0, connecting the C [ I ] and the D [ I ] generated by the I iteration in series to generate a new 56-bit C [ I ] D [ I ], and transposing the C [ I ] D [ I ] according to a second transformation table to generate 1 sub-key K [ I ] with 48 bits, wherein the second transformation table is a table with 6 rows and 8 columns, and I is more than or equal to 1 and less than or equal to m;
the data block generating unit is used for dividing data of the real-time data acquisition system into a plurality of 64-bit blocks and converting each block according to a third conversion table to generate a new 64-bit data block, wherein the third conversion table is a table with 8 rows and 8 columns;
a data block decomposition unit for decomposing the data block into two 32-bit L [0] and R [0] for each new 64-bit data block;
an encrypted data generating unit for encrypting the L [0] and R [0] with m subkeys to generate encrypted data.
Further, the second key unit is configured to discard parity bits in the 64-bit DES key, and then fill the remaining 56-bit keys into the first conversion table according to the number of bits indicated in the first conversion table, according to the number of bits originally used in the 64-bit DES key.
Further, the second key unit is also configured to use bits 1 to 28 of the 56-bit key as C [0] and bits 29 to 56 as D [0 ].
Further, the value assigned to the iteration number m by the subkey generation unit is 16.
Further, the sub-key generating unit performs m iterations on the C [0] and the D [0], concatenates the C [ I ] and the D [ I ] generated in the ith iteration to generate a new 56-bit C [ I ] D [ I ], and transposes the C [ I ] D [ I ] according to a second transformation table to generate 1 sub-key ki [ I ] having 48 bits, including:
c [ I-1] and D [ I-1] are moved leftwards according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
and concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
Further, the data block generating unit divides the data of the real-time data acquisition system into a plurality of 64-bit blocks, and transforms each block according to a third transformation table to generate a new 64-bit data block, including:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
Further, the data block decomposition unit decomposes the data block into two 32-bit L [0] and R [0] for each new 64-bit data block, which means that 1 to 32 bits of the 64-bit data block are taken as L [0] and 33 to 64 bits are taken as R [0 ].
Further, the encrypted data generation unit includes:
a first data generating unit, which is used for filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table according to the digit number marked by the fourth conversion table, and generating new 48-digit data E [ I-1], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
a second data generation unit for exclusive-oring E [ I-1] and K [ I ], and dividing the result of exclusive-or into 8 data B [ J ] of 6 bits in order from left to right, wherein the initial value of J is 1, and J is not less than 1 and not more than 8;
a line number determination unit for combining the 1 st bit and the 6 th bit of B [ J ] into a variable M of 2-bit length as a line number in the set S [ J ] table;
a column number determination unit for combining bits 2 to 5 of B [ J ] into a variable N of 4-bit length as a column number in the set S [ J ] table;
a third data generating unit for selecting a corresponding numerical value according to the row number and column number of the sj table, converting the selected decimal numerical value into a binary number of four-digit length, and replacing bj with sj M N;
a fourth data generation unit for combining the data into a 32-bit data in the order of B [1] to B [8], and filling the corresponding number of the 32-bit data into a fifth conversion table according to the number of bits marked by the fifth conversion table, thereby generating a new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
a fifth data generation unit for exclusive-OR-ing P [ I ] and L [ I-1], and taking the result of exclusive-OR as R [ I ], and R [ I-1] as L [ I ];
and a sixth data generation unit for combining R [ m ] and L [ m ] into a whole R [ m ] L [ m ] in the order from R [ m ] to L [ m ], filling the number of the corresponding digit number in R [ m ] L [ m ] into a sixth conversion table according to the digit number marked by the sixth conversion table, and obtaining the encryption result of the 64-digit data block, wherein the sixth conversion table is a table with 8 rows and 8 columns.
Further, the system further comprises a key parameter generating unit, a key encoding unit and a transmitting unit, wherein:
the system comprises a key parameter generating unit, a processing unit and a processing unit, wherein the key parameter generating unit is used for determining the length of a key according to the processing capacity of the real-time safety data acquisition system, applying for encryption parameters to a server and storing the encryption parameters transmitted by the server, and the transmitted encryption parameters comprise parameters p, a and b of an elliptic curve Ep (a and b) determined according to the length requested by the real-time safety data acquisition system, a base point G on the elliptic curve Ep (a and b), an order n of the base point G, and a private key K determined by the server according to the key length applied by the real-time safety data acquisition system and a public key K, K being kG, determined by the base point G and the base point G;
a key encoding unit for generating a 16-bit DES short key kEA point M encoded onto the elliptic curve Ep (a, b)EAnd according to point MEComputing point C of public key K and generated random number r1And C2
A transmission unit for transmitting the point C1And C2And the encrypted data is packaged and transmitted to the server.
Further, determining the parameters of the elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number larger than 3 according to the key length applied by the real-time safety data acquisition system, assigning the prime number to p, and then selecting a non-negative integer a smaller than p-1;
according to the satisfied formula (4 a)3+27b2) The condition of modp ≠ 0 identifies b.
Further, the determined values of a and b are integers in [0, p-1 ].
Further, a base point G (x, y) on the determined elliptic curve is (x)G,yG) Wherein, the xGAnd yGIs a non-negative integer less than p-1 and the infinity point O ∞ cannot be chosen as the base point, as shown in the following equation:
G(x,y)=(xG,yG)∈E(Fp),G≠O∞。
further, the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O∞
wherein n is a base point G ═ xG,yG) E (Fp), n must be prime and p is satisfiedtNot equal to 1(modn), where 1 ≦ t < 30, and p not equal to nh, where h is cofactor h ≦ E (Fp)/n.
Further, the method can be used for preparing a novel materialGround, said root point MEComputing point C of public key K and generated random number r1And C2The formula of (1) is:
C1=ME+rK
C2=rG
in the formula, ME=(xE,yE) With X coordinate DES short key kEConverted to decimal or hexadecimal values with the Y coordinate being the equation Y from the parameters of the elliptic curve2=x3Positive integer obtained by + ax + b calculation, r is random number and belongs to [1, n-1 ]]And n is the order of the base point G on the elliptic curve.
According to another aspect of the present invention, there is also provided a system for decrypting encrypted data of a real-time data acquisition system, the system comprising:
a data receiving unit for receiving a data packet sent by a real-time data acquisition system, wherein the data packet comprises a point C1And C2And data encrypted by the DES algorithm;
a first short key determination unit for determining a first short key according to formula METhe 16-bit first short key M encoded onto the elliptic curve Ep (a, b) is calculated as C1-kC2EWherein k is a private key, k is an element [1, n-2 ]]N is the order of a base point G on the elliptic curve;
a second short key determination unit for determining the first short key METhe second short secret key k with 16 bits is obtained by reverse decoding according to the method when codingE
A decryption unit for overlapping use of 4 short keys kEForming 64-bit DES key, performing decryption operation by the same operation as the encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]]K[2]…K[16]When decrypting, the sequence of sub-keys is changed to K [16]]K[15]…K[2]K[1]。
The technical scheme provided by the invention divides the data of the real-time data acquisition system into 64-bit blocks by a DES algorithm, encrypts each 64-bit data block by using a 64-bit key formed by overlapping 16-bit keys, only re-encrypts the 16-bit keys during data packaging and transmission, packs and transmits the 16-bit keys, greatly improves the speed of encryption operation, meets the requirements of the real-time encryption of the data of the real-time data acquisition system, meets the requirements of the speed, the power consumption and the stability of a processor, and effectively saves the internal memory and the processing time of the system. The method and the system are used for encrypting and protecting the data acquired in real time based on the wireless Internet of things and can also be used in other data encryption and protection occasions with real-time requirements.
Drawings
A more complete understanding of exemplary embodiments of the present invention may be had by reference to the following drawings in which:
FIG. 1 is a flow chart of a method of encrypting data for a real-time data acquisition system in accordance with a preferred embodiment of the present invention;
FIG. 2 is a flow chart of a method of decrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention;
FIG. 3 is a block diagram of a system for encrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention;
fig. 4 is a block diagram of a system for decrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention.
Detailed Description
The exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, however, the present invention may be embodied in many different forms and is not limited to the embodiments described herein, which are provided for complete and complete disclosure of the present invention and to fully convey the scope of the present invention to those skilled in the art. The terminology used in the exemplary embodiments illustrated in the accompanying drawings is not intended to be limiting of the invention. In the drawings, the same units/elements are denoted by the same reference numerals.
Unless otherwise defined, terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Further, it will be understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the relevant art and will not be interpreted in an idealized or overly formal sense.
Fig. 1 is a flow chart of a method of encrypting data of a real-time data acquisition system according to a preferred embodiment of the present invention. As shown in fig. 1, a method 100 for encrypting data of a real-time data acquisition system according to the preferred embodiment begins at step 101.
In step 101, a 14-bit random number is selected and 1 parity bit is added after the 7 th bit and the 14 th bit of the 14-bit random number in order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEAnd forming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right.
In the preferred embodiment, assuming that the 14-bit random number is K1K2K3K4 … K14, one parity bit is generated every 7 bits and placed at the positions of K8 and K16 to form a 16-bit short key kE ═ K1K2K3K4 … K15K 16. The 64-bit DES key is formed by overlapping 4 short keys kE.
At step 102, the parity bits in the 64-bit DES key are removed, the key is transposed according to a first transformation table to generate a 56-bit key, and the 56-bit key is decomposed into two 28-bit C [0] and D [0], where the first transformation table is a table with 8 rows and 7 columns.
Preferably, the step of transposing the 64-bit DES key according to the first transformation table to generate the 56-bit key means that parity bits in the 64-bit DES key are discarded, and then the remaining 56-bit keys are filled into the first transformation table according to the number of bits indicated in the first transformation table, as they were, in the 64-bit DES key.
Preferably, the decomposition of the 56-bit key into two 28-bit C [0] and D [0] means that 1 to 28 bits of the 56-bit key are C [0] and 29 to 56 bits are D [0 ].
In the preferred embodiment, the first conversion table is shown in table 1.
TABLE 1
57 49 41 33 25 17 9
1 58 50 42 34 26 18
10 2 59 51 43 35 27
19 11 3 60 52 44 36
63 55 47 39 31 23 15
7 62 54 46 38 30 22
14 6 61 53 45 37 29
21 13 5 28 20 12 4
As can be seen from table 1, there are no parity bits, i.e., bits 8, 16, 24, 32, 40, 48, 56, and 64, in the 64-bit DES key in the table, so that the transformed 56-bit key can be obtained by filling the remaining 56-bit key into table 1 according to the original number of bits when the 64-bit DES key is used. Decomposing the transformed key to obtain C0 of 1-28 bits and D0 of 29-56 bits
In step 103, iterate m times for C0 and D0, concatenate the generated C I and D I of I iteration to generate new 56-bit C I D I, transpose the C I D I according to a second transformation table to generate 1 48-bit sub-key K I, where the second transformation table is a 6-row and 8-column table, and I is greater than or equal to 1 and less than or equal to m.
Preferably, the value of m is 16.
Preferably, m iterations of C [0] and D [0], concatenating the C [ I ] and D [ I ] generated in the I-th iteration to generate a new 56-bit C [ I ] D [ I ], and transposing the C [ I ] D [ I ] according to the second transformation table to generate 1 48-bit sub-key K [ I ] includes:
and moving C [ I-1] and D [ I-1] to the left according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m.
And concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
In the preferred embodiment, the iterative displacement table is shown in table 2, and the second conversion table is shown in table 3.
TABLE 2
Figure BDA0001680606010000121
TABLE 3
Figure BDA0001680606010000122
Figure BDA0001680606010000131
Let I equal 1, then shift C [0] and D [0] 1 to the left at iteration 1 to generate C [1] and D [1], as shown in table 2. The C1 and D1 are combined into a whole C1D 1.
Filling the number of 56 bit key composed of C1D 1 into table 3 according to its correspondent digit number to make conversion to obtain 48 bit sub-key K1, circularly executing the above-mentioned steps to obtain 16 48 bit sub-keys.
In step 104, the data of the real-time data acquisition system is divided into 64-bit blocks, and each block is transformed according to a third transformation table to generate a new 64-bit data block, wherein the third transformation table is a table with 8 rows and 8 columns.
Preferably, the dividing the data of the real-time data acquisition system into 64-bit blocks, and transforming each block according to the third transformation table to generate a new 64-bit data block comprises:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the data length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
In the present preferred embodiment, the third conversion table is shown in table 4. The data of the real-time data acquisition system is divided into a plurality of 64-bit blocks, and when the data length of the last data block is less than 64 bits, the data is expanded into 64 bits in a zero padding mode. And the number of the corresponding digit number in each 64-bit data block is filled in table 4 according to the digit number noted in table 4.
At step 105, for each new 64-bit data block, the data block is decomposed into two 32-bit L [0] and R [0 ].
Preferably, for each new 64-bit data block, the decomposition of the data block into two 32-bit L [0] and R [0] means that 1 to 32 bits of the 64-bit data block are taken as L [0] and 33 to 64 bits are taken as R [0 ].
At step 106, the L [0] and R [0] are encrypted with m subkeys to generate encrypted data.
Preferably, encrypting the L [0] and R [0] with m subkeys to generate encrypted data comprises:
according to the digit number marked by the fourth conversion table, filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table to generate new 48-digit data E [ I-1], wherein the initial value of I is 1, I is more than or equal to 1 and less than or equal to m, and the fourth conversion table is a table with 6 rows and 8 columns;
exclusive OR E [ I-1] and K [ I ], and dividing the exclusive OR result into 8 data B [ J ] with 6 bits according to the sequence from left to right, wherein the initial value of J is 1, and J is more than or equal to 1 and less than or equal to 8;
combining the 1 st bit and the 6 th bit of B [ J ] into a variable M with the length of 2 bits, and taking the variable M as a line number in a set S [ J ] table;
combining bits 2 to 5 of B [ J ] into a variable N with the length of 4 bits, and taking the variable N as a column number in a set S [ J ] table;
selecting corresponding numerical values according to the row number and the column number of the SJ table, converting decimal numerical values corresponding to the selected row number and the column number into binary numbers with four-bit length, and replacing the SJ with the SJ M N;
combining the data into 32-bit data according to the sequence from B [1] to B [8], filling the number of the corresponding digit number in the 32-bit data into a fifth conversion table according to the digit number marked by the fifth conversion table, and generating new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
exclusive-OR's P [ I ] and L [ I-1], and taking the result of exclusive-OR as R [ I ], and taking R [ I-1] as L [ I ];
combining R [ m ] and L [ m ] into a whole R [ m ] L [ m ] according to the sequence from R [ m ] to L [ m ], filling the number corresponding to the digit number in R [ m ] L [ m ] into a sixth conversion table according to the digit number marked by the sixth conversion table, and obtaining the encryption result of the 64-bit data block, wherein the sixth conversion table is a table with 8 rows and 8 columns.
In the present preferred embodiment, the fourth conversion table is shown in table 5.
TABLE 5
Figure BDA0001680606010000141
Figure BDA0001680606010000151
Let I equal to 1, and fill the number corresponding to the digit number in R [0] into table 5 according to the digit number indicated in table 5, to generate new 48-bit data E [0 ];
exclusive OR of E0 and K1, and dividing the exclusive OR result into 8 data B [ J ] with 6 bits according to the sequence from left to right, wherein J is more than or equal to 1 and less than or equal to 8, namely the 1 st bit to the 6 th bit are called B [1], the 7 th bit to the 12 th bit are called B [2], and the like, the 43 th bit to the 48 th bit are called B [8 ];
let tables SJ corresponding to BJ be shown in tables 6 to 13, respectively;
TABLE 6
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13
TABLE 7
15 1 8 14 6 11 3 4 9 7 2 13 12 0 5 10
3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5
0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15
13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9
TABLE 8
10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8
13 7 0 9 3 4 6 10 2 8 5 14 12 11 15 1
13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7
1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12
TABLE 9
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15
13 8 11 5 6 15 0 3 4 7 2 12 1 10 14 9
10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
3 15 0 6 10 1 13 8 9 4 5 11 12 7 2 14
Watch 10
2 12 4 1 7 10 11 6 8 5 3 15 13 0 14 9
14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6
4 2 1 11 10 13 7 8 15 9 12 5 6 3 0 14
11 8 12 7 1 14 2 13 6 15 0 9 10 4 5 3
TABLE 11
12 1 10 15 9 2 6 8 0 13 3 4 14 7 5 11
10 15 4 2 7 12 9 5 6 1 13 14 0 11 3 8
9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6
4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13
TABLE 12
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1
13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6
1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2
6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12
Watch 13
13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7
1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2
7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
Combining the 1 st bit and the 6 th bit of B [ J ] into a variable M with the length of 2 bits, and taking the variable M as a line number in a set S [ J ] table;
combining bits 2 to 5 of B [ J ] into a variable N with the length of 4 bits, and taking the variable N as a column number in a set S [ J ] table;
and selecting corresponding numerical values according to the row number and the column number of the S [ J ] table, converting decimal numerical values corresponding to the selected row number and the column number into binary numbers with four-bit length, and replacing B [ J ] by S [ J ] [ M ] [ N ].
In the present preferred embodiment, the fifth conversion table is shown in table 14.
TABLE 14
Figure BDA0001680606010000161
Figure BDA0001680606010000171
After B1 to B8 are obtained, combining them into a 32-bit data in the order of B1 to B8, and filling the corresponding number of the 32-bit numbers into the table 14 according to the number of the number marked in the table 14 to generate a new 32-bit data P1, wherein the fifth conversion table is a table with 4 rows and 8 columns;
exclusive OR between P1 and L0, and using the result of exclusive OR as R1 and R0 as L1;
the steps of obtaining R1 and L1 are repeated to obtain R16 and L16, and R16 and L16 are combined into a whole R16L 16 according to the sequence from R16 to L16.
In the preferred embodiment, the sixth conversion table is shown in table 15.
Watch 15
40 8 48 16 56 24 64 32
39 7 47 15 55 23 63 31
38 6 46 14 54 22 62 30
37 5 45 13 53 21 61 29
36 4 44 12 52 20 60 28
35 3 43 11 51 19 59 27
34 2 42 10 50 18 58 26
33 1 41 9 49 17 57 25
And filling the R16L 16 into the table 15 according to the digit numbers marked in the table 15, and obtaining the encryption result of the 64-bit data block.
In step 107, 4 short keys k are usedEAnd the composed 64-bit DES key is encrypted, and the encrypted DES key and data encrypted by the real-time data acquisition system through the DES algorithm are transmitted to the server.
Preferably, the pair uses 4 short keys kEThe composed 64-bit DES key is encrypted andthe data transmission method for the encrypted DES key and the data encrypted by the real-time data acquisition system through the DES algorithm comprises the following steps:
the real-time safety data acquisition system determines the length of a secret key according to the processing capacity of the real-time safety data acquisition system, applies for encryption parameters to a server, and stores the encryption parameters transmitted by the server, wherein the transmitted encryption parameters comprise parameters p, a and b of an elliptic curve Ep (a, b) determined according to the length requested by the real-time safety data acquisition system, a base point G on the elliptic curve Ep (a, b), an order n of the base point G, and a public key K determined according to a private key K of the real-time safety data acquisition system and the base point G, and K is kG;
16-bit DES short key k to be generatedEA point M encoded onto the elliptic curve Ep (a, b)EAnd according to point MEComputing point C of public key K and generated random number r1And C2
Real-time data acquisition system will point C1And C2And the encrypted data is packaged and transmitted to the server.
Preferably, determining the parameters of the elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number larger than 3 according to the key length applied by the real-time safety data acquisition system, assigning the prime number to p, and then selecting a non-negative integer a smaller than p-1;
according to the satisfied formula (4 a)3+27b2) The condition of modp ≠ 0 identifies b.
Preferably, the determined values of a and b are integers in [0, p-1 ].
Preferably, a base point G (x, y) on the determined elliptic curve is (x)G,yG) Wherein, the xGAnd yGIs a non-negative integer less than p-1 and the infinity point O ∞ cannot be chosen as the base point, as shown in the following equation:
(xG,yG)∈E(Fp),G≠O∞。
preferably, the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O∞
wherein n is a base point G ═ xG,yG) E (Fp), n must be prime and p is satisfiedtNot equal to 1(modn), where 1 ≦ t < 30, and p not equal to nh, where h is cofactor h ≦ E (Fp)/n.
Preferably, said root point MEComputing point C of public key K and generated random number r1And C2The formula of (1) is:
C1=ME+rK
C2=rG
in the formula, ME=(xE,yE) With X coordinate DES short key kEConverted to decimal or hexadecimal values with the Y coordinate being the equation Y from the parameters of the elliptic curve2=x3Positive integer obtained by + ax + b calculation, r is random number and belongs to [1, n-1 ]]And n is the order of the base point G on the elliptic curve.
Fig. 2 is a flow chart of a method of decrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention. As shown in fig. 2, a method 200 of decrypting encrypted data of a real-time data acquisition system according to the present invention begins at step 201.
In step 201, a server receives a data packet sent by a real-time data acquisition system, wherein the data packet includes a point C1And C2And data encrypted by the DES algorithm;
in step 202, the server follows the formula MECalculation of the 16-bit short key M encoded onto the elliptic curve Ep (a, b) results from C1-kC2EWherein k is a private key, k is an element [1, n-2 ]]N is the order of a base point G on the elliptic curve;
in step 203, the short key M is usedEReversely decoding according to the method when coding to obtain 16-bit DES short key kE
In step 204, 4 short keys k are used in an overlapping mannerEForming 64-bit DES key, performing decryption operation by the same operation as encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]]K[2]…K[16]When decryptingSequence of subkeys is changed to K [16]]K[15]…K[2]K[1]。
Fig. 3 is a block diagram of a system for encrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention. As shown in fig. 3, the system 300 for encrypting data of a real-time data acquisition system according to the present invention includes:
a first key generation unit 301 for selecting a 14-bit random number and adding 1 parity bit after the 7 th bit and the 14 th bit of the 14-bit random number, respectively, in order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEForming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right;
a second key generation unit 302 for removing parity bits from the 64-bit DES key, transposing according to a first transformation table to generate a 56-bit key, and decomposing the 56-bit key into two 28-bit C [0] and D [0], wherein the first transformation table is a table with 8 rows and 7 columns;
a sub-key generating unit 303, configured to perform m iterations on the C [0] and the D [0], concatenate the C [ I ] and the D [ I ] generated in the ith iteration to generate a new 56-bit C [ I ] D [ I ], and transpose the C [ I ] D [ I ] according to a second transformation table to generate 1 48-bit sub-keys ki [ I ], where the second transformation table is a table with 6 rows and 8 columns, and I is greater than or equal to 1 and less than or equal to m;
a data block generating unit 304, configured to divide data of the real-time data acquisition system into 64-bit blocks, and transform each block according to a third transformation table to generate a new 64-bit data block, where the third transformation table is a table with 8 rows and 8 columns;
a data block decomposition unit 305 for decomposing the data block into two 32-bit L [0] and R [0] for each new 64-bit data block;
an encrypted data generating unit 306 for encrypting the L [0] and R [0] with m sub-keys to generate encrypted data;
a key parameter generating unit 307, configured to determine a length of a key according to the processing capability of the real-time security data acquisition system itself, apply an encryption parameter to the server, and store the encryption parameter transmitted by the server, where the transmitted encryption parameter includes parameters p, a, b of an elliptic curve Ep (a, b) determined according to the length requested by the real-time security data acquisition system, a base point G on the elliptic curve Ep (a, b), an order n of the base point G, and a private key K determined by the server according to the key length applied by the real-time security data acquisition system and a public key K determined by the base point G, where K is kG;
a key encoding unit 308 for generating a 16-bit DES short key kEA point M encoded onto the elliptic curve Ep (a, b)EAnd according to point MEComputing point C of public key K and generated random number r1And C2
A transmission unit 309 for transmitting the point C1And C2And the encrypted data is packaged and transmitted to the server.
Preferably, the second key unit 301 is configured to discard parity bits in the 64-bit DES key, and then fill the remaining 56-bit key into the first conversion table according to the number of bits indicated in the first conversion table, according to the number of bits originally used in the 64-bit DES key.
Preferably, the second key unit 302 is further configured to use bits 1 to 28 of the 56-bit key as C [0] and bits 29 to 56 as D [0 ].
Preferably, the subkey generating unit 303 assigns a value of 16 to the iteration number m.
Preferably, the sub-key generating unit 303 performs m iterations on C [0] and D [0], concatenates C [ I ] and D [ I ] generated in the ith iteration to generate a new 56-bit C [ I ] D [ I ], and transposes the C [ I ] D [ I ] according to the second transformation table to generate 1 sub-key K [ I ] with 48 bits, including:
c [ I-1] and D [ I-1] are moved leftwards according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
and concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
Preferably, the data block generating unit divides the data of the real-time data acquisition system into 64-bit blocks, and transforms each block according to a third transformation table to generate a new 64-bit data block, including:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
Preferably, the data block decomposition unit 305 decomposes the data block into two 32-bit L [0] and R [0] for each new 64-bit data block, which means that 1 to 32 bits of the 64-bit data block are taken as L [0] and 33 to 64 bits are taken as R [0 ].
Preferably, the encrypted data generating unit 306 includes:
a first data generating unit 361 for filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table according to the digit number labeled by the fourth conversion table to generate a new 48-digit data E [ I-1], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
a second data generation unit 362 for xoring E [ I-1] and ki, and dividing the result of the xoring into 8 data B [ J ] of 6 bits in order from left to right, where J has an initial value of 1, and J is 1 ≦ J ≦ 8;
a line number determination unit 363 for combining the 1 st and 6 th bits of B [ J ] into a variable M of 2-bit length as the line number in the set S [ J ] table;
a column number determination unit 364 for combining bits 2 to 5 of B [ J ] into a variable N of 4-bit length as a column number in the set S [ J ] table;
a third data generating unit 365 for selecting a corresponding numerical value according to the row number and the column number of the sj table, converting the selected decimal numerical value into a binary number of four-digit length, and replacing bj with sj M N;
a fourth data generating unit 366 for combining the data into a 32-bit data in the order of B [1] to B [8], and filling the corresponding number of the 32-bit data into a fifth conversion table according to the number of bits indicated by the fifth conversion table, thereby generating a new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
a fifth data generation unit 367 for xoring P [ I ] and L [ I-1], and taking the result of the xoring as R [ I ], and R [ I-1] as L [ I ];
a sixth data generating unit 368, configured to combine R [ m ] and L [ m ] into an entire R [ m ] L [ m ] in order from R [ m ] to L [ m ], fill a sixth transformation table with the number of the corresponding digit number in R [ m ] L [ m ] according to the digit number labeled by the sixth transformation table, and obtain the encryption result of the 64-bit data block, where the sixth transformation table is a table with 8 rows and 8 columns.
Preferably, determining the parameters of the elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number larger than 3 according to the key length applied by the real-time safety data acquisition system, assigning the prime number to p, and then selecting a non-negative integer a smaller than p-1;
according to the satisfied formula (4 a)3+27b2) The condition of modp ≠ 0 identifies b.
Preferably, the determined values of a and b are integers in [0, p-1 ].
Preferably, a base point G (x, y) on the determined elliptic curve is (x)G,yG) Wherein, the xGAnd yGIs a non-negative integer less than p-1 and the infinity point O ∞ cannot be chosen as the base point, as shown in the following equation:
G(x,y)=(xG,yG)∈E(Fp),G≠O∞。
preferably, the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O∞
wherein n is a base point G ═ xG,yG) E (Fp), n must be a prime number,and satisfy ptNot equal to 1(modn), where 1 ≦ t < 30, and p not equal to nh, where h is cofactor h ≦ E (Fp)/n.
Preferably, said root point MEComputing point C of public key K and generated random number r1And C2The formula of (1) is:
C1=ME+rK
C2=rG
in the formula, ME=(xE,yE) With X coordinate DES short key kEConverted to decimal or hexadecimal values with the Y coordinate being the equation Y from the parameters of the elliptic curve2=x3Positive integer obtained by + ax + b calculation, r is random number and belongs to [1, n-1 ]]And n is the order of the base point G on the elliptic curve.
Fig. 4 is a block diagram of a system for decrypting data of a real-time data acquisition system in accordance with a preferred embodiment of the present invention. As shown in fig. 4, the system 400 for decrypting encrypted data of a real-time data acquisition system according to the preferred embodiment includes:
a data receiving unit 401, configured to receive a data packet sent by a real-time data acquisition system, where the data packet includes a point C1And C2And data encrypted by the DES algorithm;
a first short key determination unit 402 for determining a short key according to formula METhe 16-bit first short key M encoded onto the elliptic curve Ep (a, b) is calculated as C1-kC2EWherein k is a private key, k is an element [1, n-2 ]]N is the order of a base point G on the elliptic curve;
a second short key determination unit 403 for determining the first short key METhe second short secret key k with 16 bits is obtained by reverse decoding according to the method when codingE
A decryption unit 404 for overlapping use of 4 short keys kEForming 64-bit DES key, performing decryption operation by the same operation as the encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]]K[2]…K[16]When decrypting, the sequence of sub-keys is changed to K [16]]K[15]…K[2]K[1]。
The invention has been described with reference to a few embodiments. However, other embodiments of the invention than the one disclosed above are equally possible within the scope of the invention, as would be apparent to a person skilled in the art from the appended patent claims.
Generally, all terms used in the claims are to be interpreted according to their ordinary meaning in the technical field, unless explicitly defined otherwise herein. All references to "a/an/the [ device, component, etc ]" are to be interpreted openly as referring to at least one instance of said device, component, etc., unless explicitly stated otherwise. The steps of any method disclosed herein do not have to be performed in the exact order disclosed, unless explicitly stated.

Claims (26)

1. A method of encrypting data for a real-time data acquisition system, the method comprising:
selecting a 14-bit random number, and adding 1 parity bit after the 7 th bit and the 14 th bit of the 14-bit random number respectively in the order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEForming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right;
removing parity bits from the 64-bit DES key, transposing according to a first transformation table to generate a 56-bit DES key, and decomposing the 56-bit DES key into two 28-bit DES keys, wherein the first transformation table is a table with 8 rows and 7 columns;
performing m iterations on the C0 and the D0, connecting the C I and the D I generated by the I iteration in series to generate a new 56-bit C I D [ I ], performing transposition on the C I D [ I ] according to a second transformation table to generate 1 48-bit sub-keys K [ I ], wherein the second transformation table is a table with 6 rows and 8 columns, and I is more than or equal to 1 and less than or equal to m;
dividing data of a real-time data acquisition system into a plurality of 64-bit blocks, and transforming each block according to a third transformation table to generate a new 64-bit data block, wherein the third transformation table is a table with 8 rows and 8 columns;
for each new 64-bit data block, decomposing the data block into two 32-bit L [0] and R [0 ];
encrypting the L [0] and R [0] with m sub-keys to generate encrypted data;
for using 4 short secret keys kEThe composed 64-bit DES key is encrypted, and the encrypted DES key and data encrypted by a real-time data acquisition system through a DES algorithm are transmitted to a server, wherein:
the real-time safety data acquisition system determines the length of a secret key according to the processing capacity of the real-time safety data acquisition system, applies for encryption parameters to a server and stores the encryption parameters transmitted by the server, wherein the transmitted encryption parameters comprise elliptic curves determined according to the length requested by the real-time safety data acquisition systemEp(a,b)Parameter (d) ofp、a、bElliptic curveEp(a,b)Base point ofGBase pointGStep (2)nAnd acquiring the private key of the system according to the real-time safety datakAnd a base pointGDetermined public keyKWherein, in the step (A),K=kG
the 16-bit DES short key k is usedEEncoding to elliptic curvesEp(a,b)A point M onEAnd according to point MEComputing point C of public key K and generated random number r1And C2Said calculation point C1And C2The formula of (1) is:
C1 =M E +rK
C2 =rG
in the formula (I), the compound is shown in the specification,M E =(xE,yE) Which isxCoordinate is DES short keyk E The converted decimal or hexadecimal value,yequation y with coordinates defined by the parameters of an elliptic curve2=x3The positive integer calculated as + ax + b,ris a random number and r is ∈ [1, n-1 ]]N is the order of a base point G on the elliptic curve;
real-time data acquisition system will point C1And C2And said encrypted data packet transmissionTo the server.
2. The method of claim 1, wherein transposing the 64-bit DES key according to the first transformation table to generate a 56-bit key involves discarding parity bits of the 64-bit DES key and then populating the first transformation table with the remaining 56-bit keys according to the number of bits noted in the first transformation table as they were when the 64-bit DES key was originally generated.
3. The method of claim 1, wherein the splitting of the 56-bit key into two 28-bit C [0] and D [0] means that bits 1 to 28 of the 56-bit key are C [0] and bits 29 to 56 are D [0 ].
4. The method of claim 1, wherein the value of m is 16.
5. The method of claim 1, wherein m iterations of C [0] and D [0] are performed, and the C [ I ] and D [ I ] generated in the I-th iteration are concatenated to generate a new 56-bit C [ I ] D [ I ], and the C [ I ] D [ I ] is transposed according to the second transformation table to generate 1 48-bit sub-key K [ I ], and wherein:
c [ I-1] and D [ I-1] are moved leftwards according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
and concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
6. The method of claim 1, wherein partitioning data of the real-time data acquisition system into 64-bit blocks, each block being transformed according to a third transformation table to generate a new 64-bit data block comprises:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the data length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
7. The method of claim 1, wherein for each new 64-bit data block, the decomposition of the data block into two 32-bit L [0] and R [0] means that 1 to 32 bits of the 64-bit data block are taken as L [0] and 33 to 64 bits are taken as R [0 ].
8. The method of claim 5, wherein encrypting the L [0] and R [0] with the m subkeys to generate encrypted data comprises:
according to the digit number marked by the fourth conversion table, filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table to generate new 48-digit data E [ I-1], wherein the initial value of I is 1, I is more than or equal to 1 and less than or equal to m, and the fourth conversion table is a table with 6 rows and 8 columns;
exclusive OR E [ I-1] and K [ I ], and dividing the exclusive OR result into 8 data B [ J ] with 6 bits according to the sequence from left to right, wherein the initial value of J is 1, and J is more than or equal to 1 and less than or equal to 8;
combining the 1 st bit and the 6 th bit of B [ J ] into a variable M with the length of 2 bits, and taking the variable M as a line number in a set S [ J ] table;
combining bits 2 to 5 of B [ J ] into a variable N with the length of 4 bits, and taking the variable N as a column number in a set S [ J ] table;
selecting corresponding numerical values according to the row number and the column number of the SJ table, converting decimal numerical values corresponding to the selected row number and the column number into binary numbers with four-bit length, and replacing the SJ with the SJ M N;
combining the data into 32-bit data according to the sequence from B [1] to B [8], filling the number of the corresponding digit number in the 32-bit data into a fifth conversion table according to the digit number marked by the fifth conversion table, and generating new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
exclusive-OR's P [ I ] and L [ I-1], and taking the result of exclusive-OR as R [ I ], and taking R [ I-1] as L [ I ];
combining R [ m ] and L [ m ] into a whole R [ m ] L [ m ] according to the sequence from R [ m ] to L [ m ], filling the number corresponding to the digit number in R [ m ] L [ m ] into a sixth conversion table according to the digit number marked by the sixth conversion table, and obtaining the encryption result of the 64-bit data block, wherein the sixth conversion table is a table with 8 rows and 8 columns.
9. The method of claim 1, wherein determining parameters of an elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number more than 3 according to the key length applied by the real-time safety data acquisition system, and assigning to the prime numberpThen choose to be less thanp-1 a non-negative integer;
according to the satisfied formula (4 a)3+27b2) modpThe condition of not equal to 0 determines b.
10. The method of claim 1, wherein the determined value of a, b is [0, p-1]is an integer of (1).
11. The method according to claim 1, wherein a base point G (x, y) ═ x on the determined elliptic curveG,yG) Wherein, the xGAnd yGIs less thanp-1, and the point at infinity, O ∞, cannot be chosen as the base point, as shown in the following equation:
(xG,yG)∈E(Fp), GO∞。
12. the method according to claim 1, wherein the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O
wherein n is a base point G ═ xG,yG)∈E(Fp) N must be prime and satisfyp t≠1(mod n) Wherein 1. ltoreq. t < 30, andpnot equal to nh, whereinhIs the remaining factor of the process,h=#E(Fp)/n。
13. a method of decrypting data of a real-time data acquisition system encrypted by the method of any one of claims 1 to 12, the method comprising:
a server receives a data packet sent by a real-time data acquisition system, wherein the data packet comprises a pointC 1 AndC 2 and data encrypted by the DES algorithm;
the server follows the formula ME= C1-kC2 calculates a 16-bit short key M encoded on an elliptic curve Ep (a, b)EWherein k is a private key, k is an element [1, n-2 ]]N is the base point on the elliptic curveGThe order of (1);
the short secret key M is usedEReversely decoding according to the method when coding to obtain 16-bit DES short key kE
Overlapping use of 4 short keys kEForming 64-bit DES key, performing decryption operation by the same operation as encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]] K[2] …K[16]When decrypting, the sequence of sub-keys is changed to K [16]] K[15]… K[2] K[1]。
14. A system for encrypting data for a real-time data acquisition system, the system comprising:
a first key generation unit for selecting a 14-bit random number and adding 1 parity bit after the 7 th bit and the 14 th bit of the 14-bit random number in order from left to right to generate a 16-bit short key kEOverlapping 4 short keys kEForming a 64-bit DES key, wherein the number of digits in the 64-bit DES key is 1 to 64 in sequence from left to right;
a second key generation unit for removing parity bits from the 64-bit DES key, transposing according to a first transformation table to generate a 56-bit key, and decomposing the 56-bit key into two 28-bit C [0] and D [0], wherein the first transformation table is a table with 8 rows and 7 columns;
a sub-key generating unit, which is used for performing m iterations on the C0 and the D0, connecting the C [ I ] and the D [ I ] generated by the I iteration in series to generate a new 56-bit C [ I ] D [ I ], and transposing the C [ I ] D [ I ] according to a second transformation table to generate 1 sub-key K [ I ] with 48 bits, wherein the second transformation table is a table with 6 rows and 8 columns, and I is more than or equal to 1 and less than or equal to m;
the data block generating unit is used for dividing data of the real-time data acquisition system into a plurality of 64-bit blocks and converting each block according to a third conversion table to generate a new 64-bit data block, wherein the third conversion table is a table with 8 rows and 8 columns;
a data block decomposition unit for decomposing the data block into two 32-bit L [0] and R [0] for each new 64-bit data block;
an encrypted data generation unit for encrypting the L [0] and R [0] with m subkeys to generate encrypted data;
a key parameter generating unit for determining the length of the key and applying for the encryption parameter to the server according to the processing capacity of the real-time security data acquisition system, and storing the encryption parameter transmitted by the server, wherein the transmitted encryption parameter comprises an elliptic curve determined according to the length requested by the real-time security data acquisition systemEp(a,b)Parameter (d) ofp、a、bElliptic curveEp(a,b)Base point ofGBase pointGStep (2)nAnd the server determines the private key according to the key length applied by the real-time security data acquisition systemkAnd a base pointGDetermined public keyK K=kG
A key encoding unit for generating a 16-bit DES short key kEEncoding to elliptic curvesEp(a,b)A point M onEAnd according to point MEComputing point C of public key K and generated random number r1And C2Said calculation point C1And C2The formula of (1) is:
C1 =M E +rK
C2 =rG
in the formula (I), the compound is shown in the specification,M E =(xE,yE) Which isxCoordinate is DES short keyk E The converted decimal or hexadecimal value,yequation y with coordinates defined by the parameters of an elliptic curve2=x3The positive integer calculated as + ax + b,ris a random number and r is ∈ [1, n-1 ]]N is the order of a base point G on the elliptic curve;
a transmission unit for transmitting the point C1And C2And the value of (2) and the encrypted data are packaged and transmitted to a server.
15. The system of claim 14, wherein the second key unit is configured to discard parity bits of the 64-bit DES key and then fill the remaining 56-bit DES key into the first conversion table according to the number of bits noted in the first conversion table as it was originally the 64-bit DES key.
16. The system of claim 14, wherein the second key unit is further configured to use bits 1 to 28 of a 56-bit key as C [0] and bits 29 to 56 as D [0 ].
17. The system according to claim 14, wherein the subkey generating unit assigns a value of 16 to the number of iterations m.
18. The system of claim 14, wherein the sub-key generating unit performs m iterations on C [0] and D [0] and concatenates C [ I ] and D [ I ] generated in the ith iteration to generate a new 56-bit C [ I ] D [ I ], and transposes the C [ I ] D [ I ] according to the second transformation table to generate 1 sub-key K [ I ] with 48 bits, comprising:
c [ I-1] and D [ I-1] are moved leftwards according to a left shift number corresponding to the iteration number in the iteration shift table to generate C [ I ] and D [ I ], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
and concatenating the generated C [ I ] and D [ I ] after each iteration to generate a new 56-bit C [ I ] D [ I ], and filling the number of the corresponding digit number in the 56-digit number consisting of the C [ I ] D [ I ] into a second conversion table according to the digit number marked by the second conversion table to obtain 48-bit data, namely the sub-key K [ I ].
19. The system of claim 14, wherein the data block generating unit divides the real-time data acquisition system data into 64-bit blocks, and transforms each block according to the third transform table to generate a new 64-bit data block comprising:
dividing data of a real-time data acquisition system into a plurality of 64-bit data blocks, and expanding the data into 64 bits when the length of the last data block is less than 64 bits;
and filling the number corresponding to the digit number in each 64-bit data block into the third conversion table according to the digit number marked by the third conversion table.
20. The system of claim 14, wherein the data block decomposition unit decomposes the data block into two 32-bit L [0] and R [0] for each new 64-bit data block, meaning that 1 to 32 bits of the 64-bit data block are L [0] and 33 to 64 bits are R [0 ].
21. The system according to claim 14, wherein the encrypted data generating unit includes:
a first data generating unit, which is used for filling the number corresponding to the digit number in R [ I-1] into the fourth conversion table according to the digit number marked by the fourth conversion table, and generating new 48-digit data E [ I-1], wherein the initial value of I is 1, and I is more than or equal to 1 and less than or equal to m;
a second data generation unit for exclusive-oring E [ I-1] and K [ I ], and dividing the result of exclusive-or into 8 data B [ J ] of 6 bits in order from left to right, wherein the initial value of J is 1, and J is not less than 1 and not more than 8;
a line number determination unit for combining the 1 st bit and the 6 th bit of B [ J ] into a variable M of 2-bit length as a line number in the set S [ J ] table;
a column number determination unit for combining bits 2 to 5 of B [ J ] into a variable N of 4-bit length as a column number in the set S [ J ] table;
a third data generating unit for selecting a corresponding numerical value according to the row number and column number of the sj table, converting the selected decimal numerical value into a binary number of four-digit length, and replacing bj with sj M N;
a fourth data generation unit for combining the data into a 32-bit data in the order of B [1] to B [8], and filling the corresponding number of the 32-bit data into a fifth conversion table according to the number of bits marked by the fifth conversion table, thereby generating a new 32-bit data P [ I ], wherein the fifth conversion table is a table with 4 rows and 8 columns;
a fifth data generation unit for exclusive-OR-ing P [ I ] and L [ I-1], and taking the result of exclusive-OR as R [ I ], and R [ I-1] as L [ I ];
and a sixth data generation unit for combining R [ m ] and L [ m ] into a whole R [ m ] L [ m ] in the order from R [ m ] to L [ m ], filling the number of the corresponding digit number in R [ m ] L [ m ] into a sixth conversion table according to the digit number marked by the sixth conversion table, and obtaining the encryption result of the 64-digit data block, wherein the sixth conversion table is a table with 8 rows and 8 columns.
22. The system of claim 14, wherein determining parameters of an elliptic curve comprises:
selecting an equation y for determining parameters of an elliptic curve2=x3+ax+b;
Selecting a prime number more than 3 according to the key length applied by the real-time safety data acquisition system, and assigning to the prime numberpThen choose to be less thanp-1 a non-negative integer;
according to the satisfied formula (4 a)3+27b2) modpThe condition of not equal to 0 determines b.
23. According to the rightThe system of claim 14, wherein the determined values of a, b are [0, p-1]is an integer of (1).
24. The system of claim 14, wherein a base point G (x, y) ═ x on the determined elliptic curveG,yG) Wherein, the xGAnd yGIs less thanp-1, and the point at infinity, O ∞, cannot be chosen as the base point, as shown in the following equation:
(xG,yG)∈E(Fp), GO∞。
25. the system of claim 14, wherein the formula for calculating the order n of the base point G of the elliptic curve is:
nG=O
wherein n is a base point G ═ xG,yG)∈E(Fp) N must be prime and satisfyp t≠1(mod n) Wherein 1. ltoreq. t < 30, andpnot equal to nh, whereinhIs the remaining factor of the process,h=#E(Fp)/n。
26. a system for decrypting data from a real-time data acquisition system encrypted using the system of any one of claims 14 to 25, the system comprising:
a data receiving unit for receiving a data packet sent by a real-time data acquisition system, wherein the data packet comprises a point C1And C2And data encrypted by the DES algorithm;
a first short key determination unit for determining a first short key according to formula ME= C1-kC2 calculates a 16-bit first short key M encoded on an elliptic curve Ep (a, b)EWherein k is a private key, k is an element [1, n-2 ]]N is the order of a base point G on the elliptic curve;
a second short key determination unit for determining the first short key METhe 16 bits of the second bit are obtained by reverse decoding according to the method when codingTwo short keys kE
A decryption unit for overlapping use of 4 short keys kEForming 64-bit DES key, performing decryption operation by the same operation as encryption process, and performing subkey K [ I ] in the operation process]In the opposite order to that in encryption, i.e. the sequence of subkeys in encryption is K [1]] K[2] …K[16]When decrypting, the sequence of sub-keys is changed to K [16]] K[15]… K[2] K[1]。
CN201810548763.8A 2018-05-31 2018-05-31 Method and system for encrypting and decrypting data of real-time data acquisition system Active CN108848073B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810548763.8A CN108848073B (en) 2018-05-31 2018-05-31 Method and system for encrypting and decrypting data of real-time data acquisition system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810548763.8A CN108848073B (en) 2018-05-31 2018-05-31 Method and system for encrypting and decrypting data of real-time data acquisition system

Publications (2)

Publication Number Publication Date
CN108848073A CN108848073A (en) 2018-11-20
CN108848073B true CN108848073B (en) 2021-04-13

Family

ID=64210208

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810548763.8A Active CN108848073B (en) 2018-05-31 2018-05-31 Method and system for encrypting and decrypting data of real-time data acquisition system

Country Status (1)

Country Link
CN (1) CN108848073B (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4016203A1 (en) * 1990-05-19 1991-11-21 Rolf Prof Dr Trautner METHOD FOR BLOCK-ENCRYPTING DIGITAL DATA
CN1431588A (en) * 2002-01-08 2003-07-23 北京南思达科技发展有限公司 Logic reorganizable circuit
CN101371480A (en) * 2005-11-21 2009-02-18 爱特梅尔公司 Encryption protection method
CN101707521A (en) * 2009-12-01 2010-05-12 福州星网视易信息系统有限公司 Encryption method based on DES
CN102185692A (en) * 2011-04-25 2011-09-14 北京航空航天大学 Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm
CN103731257A (en) * 2014-01-17 2014-04-16 衡阳师范学院 Piccolo encryption algorithm hardware achieving method
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN105790930A (en) * 2016-04-29 2016-07-20 南京酷派软件技术有限公司 Information encryption method and information encryption device used for mobile terminal and mobile terminal
CN106529352A (en) * 2016-10-15 2017-03-22 北海益生源农贸有限责任公司 Computer client information safe input method
CN107637010A (en) * 2015-05-19 2018-01-26 三星Sds株式会社 Data encryption device and method and data deciphering device and method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4016203A1 (en) * 1990-05-19 1991-11-21 Rolf Prof Dr Trautner METHOD FOR BLOCK-ENCRYPTING DIGITAL DATA
CN1431588A (en) * 2002-01-08 2003-07-23 北京南思达科技发展有限公司 Logic reorganizable circuit
CN101371480A (en) * 2005-11-21 2009-02-18 爱特梅尔公司 Encryption protection method
CN101707521A (en) * 2009-12-01 2010-05-12 福州星网视易信息系统有限公司 Encryption method based on DES
CN102185692A (en) * 2011-04-25 2011-09-14 北京航空航天大学 Multimode reconfigurable encryption method based on advanced encryption standard (AES) encryption algorithm
CN103731257A (en) * 2014-01-17 2014-04-16 衡阳师范学院 Piccolo encryption algorithm hardware achieving method
CN107637010A (en) * 2015-05-19 2018-01-26 三星Sds株式会社 Data encryption device and method and data deciphering device and method
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN105790930A (en) * 2016-04-29 2016-07-20 南京酷派软件技术有限公司 Information encryption method and information encryption device used for mobile terminal and mobile terminal
CN106529352A (en) * 2016-10-15 2017-03-22 北海益生源农贸有限责任公司 Computer client information safe input method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DES的分析与改进;印晶;《信息与电脑》;20120730;全文 *

Also Published As

Publication number Publication date
CN108848073A (en) 2018-11-20

Similar Documents

Publication Publication Date Title
JP3992742B2 (en) Encryption method and apparatus for nonlinearly combining data blocks and keys
US8391476B2 (en) Masking method of defending differential power analysis attack in seed encryption algorithm
WO2006121149A1 (en) Pseudo random number generation system, encryption system, and decryption system
CN1993922A (en) Stream cipher combining system and method
JP2000066585A (en) Encryption and decryption apparatus, encryption and decryption method and their program memory medium
US7499542B2 (en) Device and method for encrypting and decrypting a block of data
US20070189518A1 (en) 3-D quaternion quantum fractal encryption
CN111245598B (en) Method for realizing lightweight AEROGEL block cipher
US8712040B2 (en) Data-conditioned encryption method
Hoobi Efficient hybrid cryptography algorithm
JP4317593B2 (en) Data decorrelation method
CN108848073B (en) Method and system for encrypting and decrypting data of real-time data acquisition system
CN107493164B (en) DES encryption method and system based on chaotic system
RU2141729C1 (en) Method for encrypting of binary data units
CN115811398A (en) Dynamic S-box-based block cipher algorithm, device, system and storage medium
EP3286869B1 (en) High-speed aes with transformed keys
JP5113833B2 (en) ENCRYPTION METHOD AND ENCRYPTION APPARATUS FOR IMPROVING OPERATION PERFORMANCE OF A CENTRAL PROCESSOR
CN114826558A (en) Mass data rapid encryption method and system
JP7383985B2 (en) Information processing device, information processing method and program
JP2019504343A (en) Computing device and method
RU2188513C2 (en) Method for cryptographic conversion of l-bit digital-data input blocks into l-bit output blocks
CN112311527A (en) Encryption method for converting master key into polynomial table lattice key lookup
EP0605047A1 (en) Method for blockwise encryption/decryption using linear algebraic codes
Ferguson et al. Cryptanalysis of Akelarre
JP2003195749A (en) Data converter, data conversion program, recording medium and data conversion method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant