CN109067517B - Encryption and decryption device, encryption and decryption method and communication method of hidden key - Google Patents

Encryption and decryption device, encryption and decryption method and communication method of hidden key Download PDF

Info

Publication number
CN109067517B
CN109067517B CN201810649367.4A CN201810649367A CN109067517B CN 109067517 B CN109067517 B CN 109067517B CN 201810649367 A CN201810649367 A CN 201810649367A CN 109067517 B CN109067517 B CN 109067517B
Authority
CN
China
Prior art keywords
random number
key
module
decryption
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810649367.4A
Other languages
Chinese (zh)
Other versions
CN109067517A (en
Inventor
张立廷
潘文伦
王现方
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Electronics Technology Network Security Technology Co ltd
Original Assignee
Chengdu Westone Information Industry Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Westone Information Industry Inc filed Critical Chengdu Westone Information Industry Inc
Priority to CN201810649367.4A priority Critical patent/CN109067517B/en
Publication of CN109067517A publication Critical patent/CN109067517A/en
Application granted granted Critical
Publication of CN109067517B publication Critical patent/CN109067517B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention relates to the technical field of information security, in particular to a method for processing a fileAn encryption apparatus, a decryption apparatus, an encryption method, a decryption method, and a communication method of a hidden key. The invention discloses an encryption and decryption process, which comprises the following steps: plaintext P → secret key K to obtain ciphertext C → random number deltatThe key decryption after the coding obtains the ciphertext C '→ coding obtains the plaintext P' → random number delta0Decoding obtains the plaintext P. The present invention encrypts the plaintext using the key K, but does not decrypt using the key K, but instead decrypts using a random number encoded key. Thereby achieving the purpose of hiding and protecting the key. On the premise of ensuring the safety of a decoding unit, the algorithm is superior to the white-box implementation of a cryptographic algorithm in the aspects of white-box attack resistance and computing efficiency.

Description

Encryption and decryption device, encryption and decryption method and communication method of hidden key
Technical Field
The invention relates to the technical field of information security, in particular to an encryption and decryption device, an encryption and decryption method and a communication method for hiding a secret key.
Background
In the application of digital copyright protection and the like, a server encrypts digital resources and then transmits the encrypted digital resources to a client, and the client decrypts the encrypted digital resources locally and consumes the digital resources. Traditional cryptography is built under a black box model, i.e., it is assumed that a decryption algorithm is run on a trusted terminal, and the running process is not viewable, modifiable, and the like. But the actual client can be held in the hands of any attacker, even some legal end users can be the attackers, and the operating environment of the client is completely uncontrollable. An attacker may directly monitor the running process of the decryption algorithm and obtain some intermediate operation results of the decryption algorithm, and under such a condition, the standard implementation of the black box secure cryptographic algorithm will not be secure any more. For such application scenarios, people construct some white-box implementation schemes of cryptographic algorithms, which are used to protect the key security of the cryptographic algorithms running on the untrusted terminal. However, at present, people adopt a lookup table to realize a white-box password scheme constructed by a standard algorithm, a safe and efficient white-box scheme is not constructed yet, and the white-box schemes require a large storage space and cannot be really applied to weak terminals with relatively limited hardware resources such as computation, storage, network and the like. Therefore, a method is needed to protect the key on the resource-limited weak terminal.
Disclosure of Invention
In view of the above, an object of the present invention is to provide an encryption apparatus, a decryption apparatus, an encryption method, a decryption method, and a communication method of hiding a key, which can protect the key on a weak terminal with limited resources.
The application provides an encryption apparatus, including: a first receiving module, a data encryption module, a first obtaining module, a random number generating module, a data coding module, a key coding module and a sending module, wherein,
the first receiving module is used for receiving a secret key K and a plaintext P to be encrypted;
the data encryption module is used for encrypting a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable function g, h that, for an arbitrary random number Δ, satisfies F (X ≦ Δ, K ≦ g (Δ)) -F (X, K ≦ h (Δ), where X is an intermediate value of the round shift;
the first obtaining module is used for obtaining the random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0
The random number generation module is used for generating a random number delta12…,Δt-1Where t represents the number of rounds of cryptographic operations;
the data encoding module is used for using a random number deltatCoding the ciphertext C to obtain a ciphertext C';
the key coding module is used for calculating a round key K by using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt(ii) a Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtCoding is carried out to obtain K'1,K′2,…,K′t(ii) a And using a random number delta0Random number delta12,…,Δt-1And a random number ΔtCalculating random number Λ01,…,Λt-1
The transmitting module is used for transmitting the ciphertext C 'and the wheel key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
Preferably, the encryption apparatus further includes a deleting module, and the deleting module is configured to delete the plaintext P after the data encryption module obtains the ciphertext C.
Preferably, the encryption device further includes a ciphertext storage module between the data encoding module and the sending module, the data encoding module transmits a ciphertext C 'to the ciphertext storage module, and the ciphertext storage module transmits the ciphertext C' to the sending module.
In particular, the data encoding module uses a random number ΔtEncoding the ciphertext C to obtain the ciphertext C' comprises: calculating C ═ C ≦ Δt
In particular, the key encoding module uses a random number Δ01,…,ΔtPair wheel secret key K1,K2,…,KtThe encoding includes: calculating K'r=Kr⊕g(Δr),r=1,2,…,t。
In particular, the key encoding module uses a random number Δ0Random number delta12,…,Δt-1And a random number ΔtCalculating random number Λ01,…,Λt-1The method comprises the following steps: calculating Lambdar-1=h(Δr)⊕Δr-1,r=1,2,…,t。
Further, the present invention also provides a decryption apparatus corresponding to the aforementioned encryption apparatus, comprising: a second receiving module, a data decryption module, a second obtaining module and a data decoding module, wherein,
the second receiving module is used for receiving ciphertext C 'and a wheel key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
The data decryption module is used for decrypting the data according to the dataThe encryption device uses a round key K 'corresponding to a decryption algorithm used in the encryption device'1,K′2,…,K′tAnd random number Λ01,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
the second obtaining module is used for obtaining the random number delta uniquely corresponding to the identity information of the decryption party0
The data decoding module is used for using a random number delta0And decoding the plaintext P' to obtain the plaintext P.
Specifically, the data decryption module uses a wheel key K'1,K′2,…,K′tAnd random number Λ12,…,ΛtCarrying out decryption operation on the ciphertext C 'to obtain a plaintext P', wherein the operation comprises the following steps: calculating X'r-1=F(X′r,K′)⊕Λr-1And r is t, t-1, …,1, where t represents the number of wheels to be decrypted, X't=C′,P′=X′0
In particular, the data decoding module uses a random number Δ0Decoding the plaintext P', and obtaining the plaintext P comprises: calculating P ═ P'. The ^ Delta ^ P ^ is calculated0
Preferably, the decryption apparatus further comprises a display module, and the display module is configured to display the plaintext P.
Preferably, the decryption apparatus further includes a secure area, and the second obtaining means obtains the random number Δ in the secure area0(ii) a The data decoding module uses a random number delta in the security zone0And decoding the plaintext P' to obtain the plaintext P, and transmitting the plaintext P to the display module in the safety area.
Further, the present invention also provides an encryption method, including:
receiving a secret key K and a plaintext P to be encrypted; encrypting a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable function g, h that, for an arbitrary random number Δ, satisfies F (X ≦ Δ, K ≦ g (Δ)) -F (X, K ≦ h (Δ), where X is an intermediate value of the round shift;
obtaining a random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0
Randomly generating a random number Δ12,…,Δt-1Where t represents the number of rounds of cryptographic operations;
using a random number ΔtCoding the ciphertext C to obtain a ciphertext C';
calculating a round key K using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt
Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtEncoding is carried out to obtain a wheel secret key K'1,K′2,…,K′t
Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtCalculating random number Λ01,…,Λt-1
Transmitting ciphertext C ', wheel Key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
Preferably, after the plaintext P is encrypted by using the key K according to the encryption algorithm to obtain the ciphertext C, the encryption method further includes deleting the plaintext P.
Further, the present invention also provides a decryption method corresponding to the aforementioned encryption method, including:
receive ciphertext C ', round Key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
Using a round key K 'according to a decryption algorithm corresponding to the encryption algorithm used by the encryption method'1,K′2,…,K′tAnd randomNumber Λ01,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
obtaining a random number delta uniquely corresponding to the identity information of the decrypting party0
Using a random number Δ0And decoding the plaintext P' to obtain the plaintext P.
Preferably, after the obtaining of the plaintext P, the decryption method further includes displaying the plaintext P in a secure area.
Further, the present invention also provides a communication method for hiding a key, where the communication is performed between a first communication party and a second communication party, and the communication method for hiding a key includes:
the first communication party executes the encryption method to obtain the ciphertext C 'and the wheel key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1Sending the information to the second communication party;
the second party performs the decryption method as described above.
Compared with the prior art, the invention uses the key K to encrypt the plaintext, but does not use the key K to decrypt, but uses the key coded by the random number to decrypt, thereby achieving the purpose of hiding the key. Therefore, compared with the implementation of the black box secure cryptographic algorithm standard, the method and the system can protect the key more effectively. Compared with the white-box implementation of the standard algorithm, the method only needs to additionally store the random numbers with the same grouping length and the number of bits, and greatly reduces the storage space, so that the method can better adapt to the weak terminal environment. In addition, on the premise of ensuring the security of the data decoder module, the algorithm is superior to the existing white-box implementation mode of the cryptographic algorithm in the aspects of white-box attack resistance and calculation efficiency.
Drawings
FIG. 1 is a diagram of an embodiment of a communication method for hiding a secret key according to the present invention;
FIG. 2 is a schematic diagram of an encryption apparatus according to the present invention;
fig. 3 is a schematic structural diagram of a decryption device according to the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood by those skilled in the art, the present invention will be further described in detail with reference to the accompanying drawings and specific embodiments.
The encryption and decryption process of the block cipher is generally as follows:
(a) expanding a key K into a round key K using a key expansion algorithm1,K2,…,Kt}=Key_Expanded(K)
(b) Encrypting the plaintext P to obtain a ciphertext C ═ Enc (P, K), where the encryption process may be expressed as: xr=G(Xr-1,Kr),r=1,2,…,t,X0=P,C=XtT is called the round number of encryption operations, and G is called the encryption round function.
(c) Decrypting the ciphertext C to obtain a plaintext P ═ Dec (C, K), wherein the decryption process can be represented as Xr-1=F(Xr,Kr),r=t,t-1,…,1,Xt=C,P=X0And F is called a decryption round function.
In the scheme, a novel secret key hiding scheme is constructed for a cryptographic function of which the decryption round function has the following properties:
there is a publicly computable function g, h, for any Δ, the decryption round function F satisfies:
F(X⊕Δ,Y⊕g(Δ))=F(X,Y)⊕h(Δ)
the cryptographic functions satisfying the above conditions are commonly DES, SM4, and the like.
As shown in fig. 1, the present invention provides an encryption and decryption method, including:
(1) and receiving the key K and the plaintext P to be encrypted, and encrypting the plaintext P by using the key K according to an encryption algorithm to obtain a ciphertext C.
(2) Obtaining a random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0And randomly generating a random number delta12…,Δt-1. For convenience, the random number Δ will also be referred to hereinafter0Random number delta12,…,Δt-1And a random number ΔtIs recorded as a random number Δ01,…,Δt
(3) Using a random number ΔtAnd coding the ciphertext C to obtain a ciphertext C'.
(4) Calculating a round key K using a key K according to a key expansion algorithm of an encryption algorithm1,K2,…,Kt
(5) Using a random number Δ01,…,ΔtPair wheel secret key K1,K2,…,KtEncoding is carried out to obtain a wheel secret key K'1,K′2,…,K′t
(6) Using a random number Δ01,…,ΔtCalculating random number Λ01,…,Λt-1. The random number Λ01,…,Λt-1For assisting in decryption.
(7) Using a round key K 'according to a decryption algorithm corresponding to the encryption algorithm'1,K′2,…,K′tAnd random number
Λ01,…,Λt-1And carrying out decryption operation on the ciphertext C 'to obtain a plaintext P'.
(8) Using a random number Δ0And decoding the plaintext P' to obtain the plaintext P.
It should be noted that, the representation manners of the steps (1) - (8) are merely examples, and are not used to limit the execution order of each step, in practical applications, the execution order of each step may be set according to actual needs as long as a desired result can be finally obtained, and the following steps are also the same, and are not described again.
The above encryption and decryption process can also be expressed by the following formula:
(1) c ═ Enc (P, K) where Enc () is the encryption algorithm
(2) Obtaining a random number Δ0tRandomly generating Delta12,…,Δt-1
(3)C′=C⊕Δt
(4){K1,K2,…,KtKey _ expanded (k); wherein, Key _ Kxpanded () is a Key expansion function.
(5)K′r=Kr⊕g(Δr),r=1,2,…,t。
(6)Λr-1=h(Δr)⊕Δr-1,r=t,t-1,…,1。
(7)X′r-1=F(X′r,K′r)⊕Λr-1R is 1,2, …, t, wherein X't=C′,P′=X′0
(8)P=P′⊕Δ0
Specifically, the derivation procedure with respect to the above equation (8) is as follows:
from the coded ciphertext C ═ X't=C⊕ΔtTo obtain
X′t-1=F(X′t,K′t)⊕Λt-1
=F(Xt⊕Δt,Kt⊕g(Δt))⊕Λt-1
=F(Xt,Kt)⊕h(Δt)⊕Λt-1
=Xt-1⊕Δt-1
By analogy, P ' ═ X ' can be known '0=X0⊕Δ0=P⊕Δ0So that the plaintext P ═ P'. DELTA.0
As can be derived from the above, only the transformed round key K 'is used in the decryption process of the present invention'rAnd random number ΛrThen using a random number delta for the decrypted data0The original plaintext is obtained by decoding.
In other words, the general encryption and decryption process is: plaintext P → secret key K for encryption to obtain ciphertext C → secret key K for decryption to obtain plaintext P.
The encryption and decryption process of the invention is as follows: plaintext P → secret key K to obtain ciphertext C → random number deltatThe key decryption after the coding obtains the ciphertext C '→ coding obtains the plaintext P' → random number delta0Decoding obtains the plaintext P.
It follows that the present invention encrypts the plaintext using the key K, but does not decrypt using the key K, but instead decrypts using a random number encoded key. Thereby achieving the purpose of hiding the key. Furthermore, in the decryption process of the present invention, only the round key K 'is used'1,K′2,…,K′tAnd random number Λ01,…,Λt-1Decryption is performed but only by the round key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1The true wheel key cannot be recovered, so even if an attacker extracts the wheel key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1It is also impossible to obtain the true round key K by only these two parameters1,K2,…,Kt. Therefore, the invention has the beneficial effect of hiding and protecting the key.
Compared with the white-box implementation of the standard algorithm, the method only needs to additionally store the random numbers with the same packet length and the number of bits, and greatly reduces the storage space. In addition, the round key is transformed, and the random number is used for hiding the key, so that the computing resource required for generating the lookup table in the white box scheme is saved. And thus can better adapt to a weak terminal environment.
Preferably, the plaintext P is deleted after step (1), i.e. after the ciphertext C is obtained. By the arrangement, the time for the plaintext P to exist in the plaintext can be reduced, and the security of the plaintext can be improved.
Accordingly, the present invention proposes a communication method of hiding a secret key, the communication being performed between a first communication party and a second communication party. The first communication partner is used to encrypt data to be communicated and the second communication partner is used to decrypt received data. Preferably, the first communication party is a server and the second communication party is a client, but the invention is not limited thereto, and the first communication party and the second communication party may be any two parties needing to communicate.
In this embodiment, the first communication partner has a random number Δ uniquely corresponding to its identity informationtThe second party has a random number delta uniquely corresponding to its identity information0. Random number deltatOnly by the first party and not shared with the second party. Random number delta0Shared by the first party and the second party. Here, it should be noted that the random number ΔtAnd a random number Δ0The random number is that the number is random when generated, but is fixed and does not change after being assigned to the first or second party.
The communication method between the first communication party and the second communication party comprises the following steps:
the first communication party performs the above steps (1) - (6) and then encrypts the ciphertext C 'and the wheel key K'rAnd random number ΛrAnd sending the data to the second communication party.
The second communication party receives the ciphertext C ' and the wheel key K ' transmitted by the first communication party 'rAnd random number ΛrThen, the above-described steps (7) to (8) are performed.
Similarly, the communication method for hiding the secret key has the beneficial effects of hiding and protecting the secret key.
Correspondingly, the invention also provides an encryption device and a decryption device.
As shown in fig. 2, the encryption apparatus includes a first receiving module 11, a data encryption module 12, a first obtaining module 13, a random number generation module 14, a data encoding module 15, a key encoding module 16, and a transmitting module 17, wherein,
the first receiving module 11 is configured to receive a secret key K and a plaintext P to be encrypted;
the data encryption module 12 is configured to encrypt a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the encryption algorithm has the features: the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable function g, h that, for an arbitrary random number Δ, satisfies F (X ≦ Δ, K ≦ g (Δ)) -F (X, K ≦ h (Δ), where X is an intermediate value of the round shift;
the first obtaining module 13 is configured to obtain a random uniquely corresponding to the encrypted party identity informationNumber deltatAnd a random number delta uniquely corresponding to the decryption party identity information0
The random number generation module 14 is configured to generate a random number Δ12…,Δt-1Where t represents the number of rounds of cryptographic operations;
the data encoding module 15 is used for using a random number deltatCoding the ciphertext C to obtain a ciphertext C';
the key encoding module 16 is configured to calculate a round key K using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt(ii) a Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtCoding is carried out to obtain K'1,K'2,…,K't(ii) a And using a random number delta0Random number delta12,…,Δt-1And a random number ΔtCalculating random number Λ01,…,Λt-1
The transmitting module 17 is configured to transmit the ciphertext C 'and the wheel key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
In a preferred embodiment, the random number Δ uniquely corresponds to the encrypted party identity informationtAnd a random number delta uniquely corresponding to the decryption party identity information0Is stored in advance in a memory of an encryption device, and the encryption device of the present invention acquires a random number delta by reading its own memorytAnd a random number Δ0. Of course, the present invention is not limited thereto, and the encryption apparatus of the present invention may acquire the random number Δ by way of data input when necessarytAnd a random number Δ0
In a preferred embodiment, the encryption apparatus further comprises a deletion module (not shown). The deleting module is configured to delete the plaintext P after the data encrypting module 12 obtains the ciphertext C.
In a preferred embodiment, a ciphertext storage module (not shown) is further included between the data encoding module 15 and the sending module 17. The data encoding module 15 transmits the ciphertext C 'to the ciphertext storage module, and the ciphertext storage module transmits the ciphertext C' to the sending module 17. With this arrangement, the encryption apparatus can put all the data encrypted and encoded in the ciphertext memory first, and transmit all the data once again when receiving a data request. The ciphertext storage does not need to be physically present in the encryption device, and may be located on a server of an encryption party or a cloud server of another service provider.
As shown in fig. 3, the decryption apparatus corresponding to the encryption apparatus includes: comprises a second receiving module 21, a data decryption module 22, a second obtaining module 23 and a data decoding module 24, wherein,
the second receiving module 21 is configured to receive the ciphertext C ' and the round key K ' transmitted by the encryption apparatus '1,K′2,…,K′tAnd random number Λ01,…,Λt-1
The data decryption module 22 is configured to use the round key K 'according to a decryption algorithm corresponding to the encryption algorithm used by the encryption device'1,K′2,…,K′tAnd random number Λ01,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
the second obtaining module 23 is configured to obtain a random number Δ uniquely corresponding to the identity information of the decryption party0
The data decoding module 24 is used for using the random number delta0And decoding the plaintext P' to obtain the plaintext P.
In a preferred embodiment, the random number Δ uniquely corresponds to the decryption party identity information0Stored in advance in a memory of a decryption apparatus, the decryption apparatus of the present invention acquires a random number Δ by reading its own memory0. Of course, the present invention is not limited thereto, and the decryption apparatus of the present invention may input or generate the random number Δ in a secure manner as needed0
In a preferred embodiment, the decryption device further comprises a display module 25 comprising a display for displaying the digital resource including the plaintext P for use by the user.
In a preferred embodiment, the second communication party comprises a secure area in which the second obtaining module 23 obtains the random number Δ0. The data decoding module 24 uses a random number Δ in the security zone0The plaintext P' is decoded to obtain the plaintext P, and the plaintext P is transmitted to the display module 25 in the secure area. The purpose of passing the plaintext P to the display module 25 in a secure area is to ensure that an attacker cannot obtain the original plaintext information of the electronic resource. For example, in an online video service, a user can watch a high-definition video through a mobile phone, a television and the like, but the user cannot acquire original plaintext information corresponding to the high-definition video, and a high-definition format resource corresponding to the original plaintext of the video is the main value of the video, so that the electronic resource can be protected through the method and the device.
Even an untrusted terminal may have a part of the secure area. But generally because of the limited resources and computational inefficiency, it is impractical to place the entire decryption process entirely in a secure area. In the above embodiment, the random number Δ corresponding to the user identification information is used only in the security area0And decoding the plaintext P' to obtain the plaintext P. Since the decoding process is simple, it does not cause significant delay even if it is performed in a secure area. On the premise of ensuring the safety of the decoding process, the following table is a comparison of standard implementation and white-box implementation of the current standard cryptographic algorithm and the white-box attack strength, the calculation efficiency and the storage space required by the invention.
Cryptographic algorithm White box attack strength Efficiency of Storing
Standard implementation 0 100% 1
White box implementation <20.5·blocksize <20% >100
The invention 2blocksize ≈100% ≈1
As can be seen from the above table, in the standard implementation of the cryptographic algorithm in the white-box attack environment, the security of the key is 0, that is, an attacker can directly extract the key according to the algorithm operation process, where blockszie represents the packet length.
At present, most of white box implementation schemes related to standard algorithms have less than half of the security strength of a key, the required storage space is expanded to the scale of dozens of even hundreds of MB from several KB achieved by the original standard, the operation efficiency is less than 20% achieved by the standard, and the white box implementation schemes cannot be put into practical application at all. Security for white-box implementation of DES like Chow is less than 230The security achieved by SM4 white boxes such as Xiaoyaying is less than 248
The safety intensity of the embodiment reaches the safety of the same length of the packet length, and compared with the realization of the algorithm standard, the expansion of the storage space required by the scheme is almost 0 (only a plurality of random numbers are added), the operation efficiency of the embodiment is close to the realization of the algorithm standard, and the practical application can be completely met.
Correspondingly, the invention also provides an encryption method, which comprises the following steps:
receiving a plaintext P to be encrypted;
generating a secret key K;
encrypting a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable function g, h that, for an arbitrary random number Δ, satisfies F (X ≦ Δ, K ≦ g (Δ)) -F (X, K ≦ h (Δ), where X is an intermediate value of the round shift;
obtaining a random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0
Randomly generating a random number Δ12,…,Δt-1Where t represents the number of rounds of cryptographic operations;
using a random number ΔtCoding the ciphertext C to obtain a ciphertext C';
calculating a round key K using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt
Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtEncoding is carried out to obtain a wheel secret key K'1,K′2,…,K′t
Using a random number Δ0Random number delta12,…,Δt-1And a random number ΔtCalculating random number Λ01,…,Λt-1
Transmitting ciphertext C and wheel Key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
Correspondingly, the invention also provides a decryption method corresponding to the encryption method, which comprises the following steps:
receive ciphertext C ', round Key K'1,K′2,…,K′tAnd random number Λ01,…,Λt-1
The round key K 'is used according to a decryption algorithm corresponding to the encryption algorithm used by the encryption method'1,K′2,…,K′tAnd random number Λ01,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
obtaining a random number delta uniquely corresponding to the identity information of the decrypting party0
Using a random number Δ0And decoding the plaintext P' to obtain the plaintext P.
The above is only a preferred embodiment of the present invention, and it should be noted that the above preferred embodiment should not be considered as limiting the present invention, and the protection scope of the present invention should be subject to the scope defined by the claims. It will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the spirit and scope of the invention, and these modifications and adaptations should be considered within the scope of the invention.

Claims (16)

1. An encryption apparatus, comprising: a first receiving module, a data encryption module, a first obtaining module, a random number generating module, a data coding module, a key coding module and a sending module, wherein,
the first receiving module is used for receiving a secret key K and a plaintext P to be encrypted;
the data encryption module is used for encrypting a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the encryption algorithm has the features: the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable cryptographic function g (delta), h (delta), which, for an arbitrary random number delta, satisfies
Figure FDA0002947573150000011
Wherein X is the median of the round shift;
the first obtaining module is used for obtaining the random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0
The random number generation module is used for generating a random number delta1,Δ2…,Δt-1Where t represents the number of rounds of cryptographic operations;
the data encoding module is used for using a random number deltatCoding the ciphertext C to obtain a ciphertext C';
the key coding module is used for calculating a round key K by using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt(ii) a Using a random number delta according to a cryptographic function g (delta)0Random number delta1,Δ2,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtCoding is carried out to obtain K'1,K′2,…,K′t(ii) a And using a random number delta in accordance with the cryptographic function h (delta)0Random number delta1,Δ2,…,Δt-1And a random number ΔtCalculating random number Λ0,Λ1,…,Λt-1
The transmitting module is used for transmitting the ciphertext C 'and the wheel key K'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1
2. The encryption device according to claim 1, further comprising a deletion module configured to delete the plaintext P after the data encryption module obtains the ciphertext C.
3. The encryption device of claim 1, further comprising a ciphertext storage module between the data encoding module and the sending module, the data encoding module passing a ciphertext C 'to the ciphertext storage module, the ciphertext storage module passing a ciphertext C' to the sending module.
4. The encryption device of claim 1, wherein the data encoding module uses a random number ΔtEncoding the ciphertext C to obtain the ciphertext C' comprises: computing
Figure FDA0002947573150000021
5. The encryption apparatus according to claim 1, wherein the key encoding module uses a random number Δ0,Δ1,…,ΔtPair wheel secret key K1,K2,…,KtThe encoding includes: computing
Figure FDA0002947573150000022
r=1,2,…,t。
6. The encryption apparatus according to claim 1, wherein the key encoding module uses a random number Δ0Random number delta1,Δ2,…,Δt-1And a random number ΔtCalculating random number Λ0,Λ1,…,Λt-1The method comprises the following steps: computing
Figure FDA0002947573150000023
Figure FDA0002947573150000024
r=1,2,…,t。
7. A decryption apparatus corresponding to the encryption apparatus of claim 1, comprising: a second receiving module, a data decryption module, a second obtaining module and a data decoding module, wherein,
the second receiving module is used for receiving ciphertext C 'and a wheel key K'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1
The data decryption module is used for using a round key K 'according to a decryption algorithm corresponding to the encryption algorithm used by the encryption device'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
the second obtaining module is used for obtaining the random number delta uniquely corresponding to the identity information of the decryption party0
The data decoding module is used for using a random number delta0And decoding the plaintext P' to obtain the plaintext P.
8. The decryption device of claim 7, wherein the data decryption module uses a round key K'1,K′2,…,K′tAnd random number Λ1,Λ2,…,ΛtCarrying out decryption operation on the ciphertext C 'to obtain a plaintext P', wherein the operation comprises the following steps: computing
Figure FDA0002947573150000031
r ═ t, t-1, …,1, where t denotes the number of wheels for decryption calculation, X't=C′,P′=X′0
9. The decryption apparatus according to claim 7, wherein the data decoding module uses a random number Δ0Decoding the plaintext P', and obtaining the plaintext P comprises: computing
Figure FDA0002947573150000032
10. The decryption apparatus according to claim 7, further comprising a display module for displaying the plaintext P.
11. The decryption apparatus according to claim 10, wherein the decryption apparatus further comprises a secure area, and the second obtaining means obtains the random number Δ in the secure area0(ii) a The data decoding module uses a random number delta in the security zone0And decoding the plaintext P' to obtain the plaintext P, and transmitting the plaintext P to the display module in the safety area.
12. An encryption method, comprising:
receiving a secret key K and a plaintext P to be encrypted; encrypting a plaintext P by using a key K according to an encryption algorithm to obtain a ciphertext C; wherein the round function F of the decryption algorithm corresponding to the encryption algorithm satisfies the following condition: there is a publicly computable cryptographic function g (delta), h (delta), which, for an arbitrary random number delta, satisfies
Figure FDA0002947573150000033
Figure FDA0002947573150000041
Wherein X is the median of the round shift;
obtaining a random number delta uniquely corresponding to the identity information of the encryption partytAnd a random number delta uniquely corresponding to the decryption party identity information0
Randomly generating a random number Δ1,Δ2,…,Δt-1Where t represents the number of rounds of cryptographic operations;
using a random number ΔtCoding the ciphertext C to obtain a ciphertext C';
calculating a round key K using a key K according to a key expansion algorithm of the encryption algorithm1,K2,…,Kt
Using a random number delta according to a cryptographic function g (delta)0Random number delta1,Δ2,…,Δt-1And a random number ΔtPair wheel secret key K1,K2,…,KtEncoding is carried out to obtain a wheel secret key K'1,K′2,…,K′t
Using a random number delta according to a cryptographic function h (delta)0Random number delta1,Δ2,…,Δt-1And a random number ΔtCalculating random number Λ0,Λ1,…,Λt-1
Transmitting ciphertext C ', wheel Key K'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1
13. The encryption method according to claim 12, wherein after said encrypting plaintext P with a key K according to an encryption algorithm to obtain ciphertext C, the encryption method further comprises deleting plaintext P.
14. A decryption method corresponding to the encryption method of claim 12, comprising:
receive ciphertext C ', round Key K'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1
Using a round key K 'according to a decryption algorithm corresponding to the encryption algorithm used by the encryption method'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1Carrying out decryption operation on the ciphertext C 'to obtain a plaintext P';
obtaining a random number delta uniquely corresponding to the identity information of the decrypting party0
Using a random number Δ0And decoding the plaintext P' to obtain the plaintext P.
15. The decryption method of claim 14, wherein after the obtaining of the plaintext P, the decryption method further comprises displaying the plaintext P in a secure area.
16. A hidden-key communication method, wherein the communication is performed between a first communication party and a second communication party, the hidden-key communication method comprising:
the first communication party performing the encryption method of claim 12 to encrypt the ciphertext C ', the round key K'1,K′2,…,K′tAnd random number Λ0,Λ1,…,Λt-1Sending the information to the second communication party;
the second party performs the decryption method of claim 14.
CN201810649367.4A 2018-06-22 2018-06-22 Encryption and decryption device, encryption and decryption method and communication method of hidden key Active CN109067517B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810649367.4A CN109067517B (en) 2018-06-22 2018-06-22 Encryption and decryption device, encryption and decryption method and communication method of hidden key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810649367.4A CN109067517B (en) 2018-06-22 2018-06-22 Encryption and decryption device, encryption and decryption method and communication method of hidden key

Publications (2)

Publication Number Publication Date
CN109067517A CN109067517A (en) 2018-12-21
CN109067517B true CN109067517B (en) 2021-07-09

Family

ID=64820724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810649367.4A Active CN109067517B (en) 2018-06-22 2018-06-22 Encryption and decryption device, encryption and decryption method and communication method of hidden key

Country Status (1)

Country Link
CN (1) CN109067517B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109714154B (en) * 2019-03-05 2021-10-29 同济大学 Implementation method of white-box cryptographic algorithm under white-box security model with difficult code volume
CN110519038B (en) * 2019-07-29 2022-10-21 北京多思安全芯片科技有限公司 Homomorphic processing device and system for data
CN111314287A (en) * 2019-12-20 2020-06-19 淮北师范大学 Public key encryption communication mode and device
CN112287375A (en) * 2020-11-21 2021-01-29 上海同态信息科技有限责任公司 Method for calculating dense state Euclidean distance
CN113572604B (en) * 2021-07-22 2023-05-23 航天信息股份有限公司 Method, device and system for sending secret key and electronic equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579646A (en) * 2015-01-30 2015-04-29 南京法威克信息科技有限公司 Limited gibberish text one-way conversion method and encryption/decryption application thereof
CN105357218A (en) * 2015-12-03 2016-02-24 上海斐讯数据通信技术有限公司 Router with hardware encryption and decryption function and encryption and decryption method of router
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100531027C (en) * 2005-07-28 2009-08-19 深圳兆日技术有限公司 Key transplanting method based on safety environment
US20090245510A1 (en) * 2008-03-25 2009-10-01 Mathieu Ciet Block cipher with security intrinsic aspects
US8948376B2 (en) * 2010-05-11 2015-02-03 Ca, Inc. Format-preserving encryption via rotating block encryption
EP2829010B1 (en) * 2012-03-20 2020-11-04 Irdeto B.V. Updating key information
US9641321B1 (en) * 2014-11-05 2017-05-02 Dark Signal Research, Llc Method and apparatus for the virtualization of cryptographic resources
EP4242957A3 (en) * 2014-12-15 2023-11-22 Royal Bank Of Canada Verification of data processes in a network of computing resources
CN105847238B (en) * 2016-03-16 2018-07-17 杭州狮说教育科技有限公司 A kind of data safe transmission method based on RTMP connections
CN106936822B (en) * 2017-03-08 2020-03-17 上海观源信息科技有限公司 Mask implementation method and system for resisting high-order bypass analysis aiming at SMS4
CN107968705B (en) * 2017-11-28 2021-02-02 深圳大学 Encryption/decryption method, encryption/decryption end and double-random-phase encryption/decryption system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104579646A (en) * 2015-01-30 2015-04-29 南京法威克信息科技有限公司 Limited gibberish text one-way conversion method and encryption/decryption application thereof
CN105490802A (en) * 2015-11-27 2016-04-13 桂林电子科技大学 Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit)
CN105515758A (en) * 2015-11-27 2016-04-20 桂林电子科技大学 Data parallel cryptographic communication method and system based on Modbus protocol
CN105357218A (en) * 2015-12-03 2016-02-24 上海斐讯数据通信技术有限公司 Router with hardware encryption and decryption function and encryption and decryption method of router

Also Published As

Publication number Publication date
CN109067517A (en) 2018-12-21

Similar Documents

Publication Publication Date Title
CN109067517B (en) Encryption and decryption device, encryption and decryption method and communication method of hidden key
US9379891B2 (en) Method and system for ID-based encryption and decryption
US9172529B2 (en) Hybrid encryption schemes
EP2060056B1 (en) Method and apparatus for transmitting data using authentication
CN103283177B (en) The cryptography module used together with segment key and using method thereof
US8687800B2 (en) Encryption method for message authentication
CN108270550B (en) Safe and efficient white box implementation method and device based on SM4 algorithm
CN103283178A (en) Elliptic curve cryptograhy with fragmented key processing and methods for use therewith
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
US20190268145A1 (en) Systems and Methods for Authenticating Communications Using a Single Message Exchange and Symmetric Key
CN110535626B (en) Secret communication method and system for identity-based quantum communication service station
Guo et al. A Secure and Efficient Mutual Authentication and Key Agreement Protocol with Smart Cards for Wireless Communications.
CN110519226B (en) Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
Reshma et al. Pairing-free CP-ABE based cryptography combined with steganography for multimedia applications
CN112702582B (en) Secure transmission method and device for monitoring video based on SM2
US20160148002A1 (en) Key storage apparatus, key storage method and program therefor
CN111277605B (en) Data sharing method and device, computer equipment and storage medium
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
Gobi et al. A comparative study on the performance and the security of RSA and ECC algorithm
CN113784342B (en) Encryption communication method and system based on Internet of things terminal
CN113312654B (en) Homomorphic ciphertext coding and calculating method based on CSP problem
CN107872312B (en) Method, device, equipment and system for dynamically generating symmetric key
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
Hussein et al. An enhanced ElGamal cryptosystem for image encryption and decryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee after: China Electronics Technology Network Security Technology Co.,Ltd.

Address before: No. 333, Yunhua Road, high tech Zone, Chengdu, Sichuan 610041

Patentee before: CHENGDU WESTONE INFORMATION INDUSTRY Inc.