CN110727956A - Double-authentication test question backup disguising method combining codebook expansion and question stem hashing - Google Patents

Abstract

The invention provides a double-authentication test question backup camouflage method combining codebook expansion and question stem hashing. First, GF (2) is constructed⁸) The domain Lagrange separate storage polynomial backs up the secret byte sequence into a backup byte sequence, and the backup byte sequence is coded into a backup index sequence according to a codebook expansion strategy; secondly, generating a multi-channel test question library, mapping the value of the question stem MD5 into a question stem hash value by using a channel index, and expressing a backup index sequence by using the arrangement sequence of the test question options and the question stem hash value of the test question. When recovering, the extracted information is authenticated by the attribute and separate storage reconstruction coefficient of the legal interval, then candidate recovery values are generated, and the candidate recovery value with the highest reliability is selected to reconstruct the secret information. Compared with the prior art, the method completely depends on the secret key, has self-repairing capability, can fully utilize the question stem hash and the option arrangement sequence to express information, has high embedding capacity of single test questions, and contains the secret test questions and non-secret test questionsCannot be distinguished, and has high safety.

Description

Double-authentication test question backup disguising method combining codebook expansion and question stem hashing

Technical Field

The invention belongs to the crossing field of information safety and text information hiding, relates to a disguising method, and particularly relates to a double-authentication test question backup disguising method combining codebook expansion and question stem hashing.

Background

With the continuous deepening of deep learning and the continuous development of artificial intelligence, machine learning based on big data and quantum computer are in the first sight, so that the situation of multimedia information safety taking image and audio as main transmission media in the prior art becomes more severe. Meanwhile, with the continuous development of compression technology, the available redundant space of the traditional information hiding based on modified embedding is smaller and smaller, and on the other hand, the dimension of the steganographic classifier based on machine learning is continuously improved, even a spatial domain rich feature model with 34761 dimension appears, so that the possibility that the hidden information hidden by the traditional information is not found is smaller and smaller, and all of the hidden information hidden by the traditional information hiding technology falls into the bottleneck.

How to effectively carry out the next-generation information hiding technology research, the national information hiding and multimedia security expert workshop called by experts from Beijing and Shanghai in 5 months 2014 firstly proposes 'carrier-free information hiding'. On the 12 th national information hiding conference called in Wuhan in 3 months in 2015, the university researchers of Beijing electronics application research institute, Guyunbao, reported in the conference special invitation: the information hiding method is a method for hiding information, and a carrier-free information hiding technology is listed as a front position of information hiding in the future. In the 13 th national information hiding conference in the joint fertilization in 2016, carrier-free information hiding is formally positioned as a 2 nd generation information hiding technology, and 2 conference subject reports are directly related to carrier-free information hiding. The 14 th national information hiding conference called 2018 organizes a special field discussion for carrier-free information hiding.

Compared with the traditional method for modifying the embedded information hiding, the carrier-free information hiding emphasizes that a secret carrier is directly generated and obtained by secret information driving without an additional embedded carrier. Aiming at the carrier-free information hiding of the text, respectively providing: chen X Y,2017 (Chen X Y, Chen S, Wu, Y L. conversion formatting method on the Chinese character encoding [ J ]. Journal of Internet Technology,2017,18(2):313-, (Chen X Y, Sun H Y, Tobe Y, Zhou Z L, Sun X M. conversion information writing method based on the Chinese textual expression [ C ]// International Conference on Cloud Computing and Security International Publishing,2015: 133. 143.) the mathematical expression and Zhou Z L, 2016.(Zhou Z L, Mu Y, Yang, C N, ZHao, N S.conversion multi-key-word conversion writing method based on text [ J ]. International Journal of security Applications, 309, 10(9): 320. non-embedded keyword information); for the carrier-free information hiding of images, the following methods are provided: ZHou Z L, 2015.(ZHou Z L, Sun H Y, Harit R H, Chen XY, Sun X M. conversion image robustness with out embedding [ C ]// International conference on Cloud Computing and Security. spring International Publishing,2015: 123. sup. 132.) based on block mean comparisons, yuan C S, 2017.(Yuan C S, Xia Z H, Sun XM. reciprocal image based on SIFT and BOF [ J ]. Journal of Internet technology,2017,18(2): 435) 442.) based on SIFT (Scale Invariant Feature transform) and BOF (Bag of features) robust hash features and peripheral, 2016 (peripheral, Cao, Star.) based on image Bag-of-Words model carrierless information hiding [ J ]. applied science reports, 2016,34(5): 527) 536.) based on image vision vocabulary BOW (Bag of Words) local participle matching and globally ordered non-embedded carrierless image information hiding. The basic idea of the methods is to divide the secret information into small segments, attach specific user identification information to the small segments after transformation, then search a matched text or image set in a massive large text or image database by means of a pre-established inverted index, and since the whole secret information hiding process does not involve any modification of distributed texts or images, but only searches exhaustively by means of the massive database, for any distributed text or image, an abnormal natural text or natural image cannot be detected normally, so steganography analysis can be resisted, and at the same time, only a legal user who grasps correct user identification information can acquire the hidden secret information.

However, such methods have problems that:

① the expression ability of normal text and image to the secret information irrelevant to it is very limited, if it is necessary that the text and image in the database have sufficient expression ability, then enough samples are collected, for example, the average embedding capacity of the method for hiding text without embedded carrierless information is only 2.07, 1 and 1.57 chinese characters/text, for Chen X Y,2017, Chen X Y, 2015 and Zhou Z L, 2016, the size of the text database constructed by Chen X Y,2017 is about 10 GB, the average size of each document is about 2KB, the size of the text database constructed by Zhou Z L, 2016 is about 1 GB, for hiding image without carrierless information, the size of Zhou Z L, 2015 and Yuan C S, 2017 is 8 bit/image, Zhou shijiu, there is no visual stereo image, 2016 has a relationship with the keywords, but the local dictionary corresponding relation between image 2016 and image is only 1KB, so that the method for hiding text and image by carrierless text, the method for hiding text and image has an average embedding capacity of chinese characters/text, thus, if the method for hiding text and image has an average embedding capacity of chinese characters/text, 1, then the method only has an average embedding capacity of chinese character, 1 chinese character, if the method for embedding capacity of chinese character, the text database is only 1 chinese character embedding method for text and 2016, the method for text and text database has an average embedding capacity of chinese character, thus, the method for text embedding capacity of chinese character embedding a single Chinese character, the text.

② As the expression ability of database text and image information increases, the amount of data to be searched increases in geometric progression, even with the help of inverted index, the search, storage and maintenance for large amount of data will be a heavy burden, for example, Chen X Y,2017 constructs a text database containing 2ⁿAnd extracting identifiers, wherein all keywords should appear after each identifier, and even if an inverted index of a document access path where all the keywords of the identifier are located is established for each identifier, when n is 4,5, …,10, the inverted index file corresponding to each identifier of the method is about 8.4 MB-9.5 MB. Though the number of extracted identifiers is reduced to 50 by selecting 50 most frequently-occurring radicals in Chinese characters, the search speed is still improved by means of an inverted index, wherein the inverted index established by the Chen X Y2015 and the Zhou Z L2016 comprises the first 50 identifiers with the highest occurrence frequency, all keywords corresponding to each identifier, and a document set where the identifier and the keyword combination appear. For images, Zhou Z L, 2015 and Yuan C S, 2017 score each image in the databaseRespectively mapping 8-bit information as an expression of 1 byte of secret information, except that Zhou Z L, 2015 generates 8-bit information by a method of mean comparison of 9 partitioned blocks divided by an image, Yuan C S, 2017 generates a 100-dimensional feature vector according to SIFT features of the image and by combining K mean clustering and BOF features of an image data set and maps the 100-dimensional feature vector into 8-bit information, since 8-bit information corresponds to 256 combinations, the two methods actually divide the image set into 256 classes by the finally mapped 8-bit information, while the same bits inevitably exist in the secret information, in order to prevent 1 fixed picture from corresponding to 1 specific secret bit, there are multiple images available for random selection in each image category, and both methods involve a large collection of images to manage. In Zhou shit, 2016 is more huge than a database constructed by Zhou Z L, 2015 and YuanC S, 2017, the method needs to establish a corresponding relationship between image local blocks and 10000 visual words, and the appearance position of the local block on each image is used as an extraction identifier of a specific user, so that in order to have sufficient expression capacity, the possible appearance position of each local block can be matched with 10000 visual words, and simultaneously, each corresponding position needs to have a plurality of distribution images for random selection so as to deal with the repeated information which may appear in secret information. In order to avoid the disorder of the sequence of a large number of images in the channel transmission, the whole process, 2016, establishes a strict ascending correspondence between the distribution sequence of the images and the highest-frequency visual vocabulary, so that more images need to be added to the constructed database to improve the full representation capability. The inverted index constructed by the book 2016 includes 3 levels, all possible visual words, and the possible local positions of each visual word, and the highest frequency visual words and their alternative image sets corresponding to each local position, so that the management and maintenance of such an inverted index is still very expensive. Meanwhile, if the Zhou Z L, 2015, Yuan C S, 2017 and the peripheral aspiration, 2016 are further expanded, for example, a plurality of local blocks are selected or the number of bits mapped by a single image is increased, the management and maintenance are more hugeThe database of (2) establishes a more complex inverted index, and therefore, greater management, search and maintenance costs are paid.

③ Chen X Y,2017, Chen X Y, 2015 and Zhou Z L, 2016 have an average embedding capacity of only 2.07, 1 and 1.57 Chinese characters/texts, and Zhou Z L, 2015 and Yuan C S, 2017 have an embedding capacity of only 8 bits/image, while with a specific segmentation algorithm, the objective, 2016 have an average Chinese character length of 2 and 3, an embedding capacity of only 1.57 and 1.86 Chinese characters/images, and a very small hidden capacity.

To solve the above problems, shore liping, 2017 (shore liping, land sea, a dense graph non-carrier test question camouflage method for indirect transmission and random codebooks [ P ]. intellectual property offices of the people's republic of china, invention patent, 201711297799.5) avoids high database retrieval cost, low embedding density capacity and dense transmission of massive carrier channels by expressing secret information by using the arrangement sequence of option selection questions and the relative random offset of answer to space filling questions.

Shaoliping, 2018 (Shaoliping, land sea, a legal interval double-authentication full-key-dependence carrier-free test question camouflage method [ P ]. intellectual property bureau of the people's republic of China, invention patent 201810242784.7.) through establishing a 24-channel database, further utilizing a channel index to express secret information to overcome the problem of Shaoliping, the 2017 application scene is limited, and introducing double-authentication interval expansion to ensure Shaoliping, 2018 has good authentication capability for extracting information.

However, the test questions shouliping, 2017 and shouliping, 2018 are used for expressing secret information and have no self-repairing capability, so that the secret information is easy to damage when the test questions are attacked; shore liping, 2017 and shore liping, 2018 although the embedding density capacity is significantly improved compared with the traditional search type hiding method, the embedding density capacity has low utilization rate on the test question redundancy property and needs to be further improved; shaoliping, 2018 accurately authenticates the extracted information through double authentication interval extension, but the reliability of the extracted information cannot be marked for measurement.

Disclosure of Invention

The invention aims to overcome the defects of the prior art and provides a double-authentication test question backup camouflage scheme combining codebook expansion and question stem hashing. Compared with the existing method, the method completely depends on the secret key, has self-repairing capability, can fully utilize the question stem hash and the option arrangement sequence to express the secret information, has high single-test question embedding capacity, cannot distinguish between a secret test question and a non-secret test question, and has high safety.

In order to achieve the purpose, the invention adopts the following technical scheme:

the invention provides a double-authentication test question backup disguising method combining codebook expansion and question stem hashing, which comprises the following steps of:

step 1: inputting a secret byte sequence P with length l_S＝(p_i)_l,p_iE {0,1, …,255}, user key, sparsity ratio, e ∈ (c) (m:)0,1) and GF (2)⁸) Field primitive polynomial integer

Step 2: combining user keys and

will P_SBy GF (2)⁸) Field interpolation backup, generating backup byte sequences

And 3, step 3: in combination with user key and codebook extension

Encoding into a coded index sequence

Wherein l_chmIs the number of characters mapped by the test question channel, l_shIs the number of permutations that the choice question option can use;

and 4, step 4: constructing multi-channel question stem sequence

And stem expression value sequence

Wherein l_chNumber of channels divided for question, n_kCorrespondingly, the number of the test questions of the kth channel is the number of the test questions of the kth channel;

and 5, step 5: in combination with a user key, F_kAnd E_kBy

Generating test questions containing secret

Wherein T is_iIs a test question st_iStem of (a)_i,b_i,c_i,d_iIs a test question st _i4 options of l₁The number of the test questions containing the secret number;

and 6, step 6: add No dense test question in L in combination with sparse ratio rate ∈ (0,1), combine F_kGenerating test questions added with test questions without secretWherein l₃＝l₁+l₂，l₂Is the number of test questions without secret, l₃Is L^*The number of test questions;

step 7, combining the user key

And outputting the L' as a final test question.

Further, step 2, backup byte sequence

Has a length of l₁＝4l；

The specific method in the step 2 comprises the following steps:

step 2.1: initialization P_BPhi is an empty set; inputting a user key as an iteration starting value;

step 2.2: to pairGenerating x, y epsilon (0,1) by pseudorandom iteration, and mapping x and y into an interpolation polynomial parameter sequence R (R) according to the formula (1)₀,r₁),r₀,r₁∈{0,1,…,255}；

Step 2.3: pseudo-random iterative generation of participant sequence O ═ (O)_i)₄,o_iIs belonged to {0,1, …,255} and any element in O is unequal two by two;

step 2.4: will r is₀,r₁,o₀,o₁,o₂,o₃As GF (2)⁸) Finite field polynomial integers

According to equation (2) as

Will be (o'₀,o′₁,o′₂,o′₃) Is added to P_BPerforming the following steps;

step 2.5: repeatedly executing the step 2.2 to the step 2.4 until P_SAll elements p in (1)_iAfter the processing is finished, obtaining backup bytes

l₁＝4l。

Further, the specific method in the step 3 comprises the following steps:

step 3.1: initialization P_IDPhi, the codebook sequence M is (0,1, …, l)_chm·l_sh-1); inputting a user key as an iteration starting value;

step 3.2: to P_BEach element in (1)

Pseudo-random iterative generation of length l_chm·l_shArranging X into X 'according to formula (3), scrambling M into a random codebook M' according to the position mapping relation between X and X ', and then generating random codebook M' according to formula (4)

Is mapped asAnd will be

Is added to P_IDPerforming the following steps;

X′＝dec(X) (3)

in the formula (3), the function dec () is used for the descending order arrangement;

in equation (4), function index () is used to find

Indexing in M

Step 3.3: updating X to phi and M to M';

step 3.4: repeatedly executing the 3.2 rd step to the 3.3 rd step until P_BAll the elements are treated to obtain

Further, the specific method in the step 4 comprises the following steps:

step 4.1: initialization F_k＝φ,k＝0,1,…,l_ch-1，E_k＝φ,k＝0,1,…,l_ch-1；

Step 4.2: for positive integer op in specified range₀,op₁If k is (op)₀+op₁)modl_chThen at F_kIn which f is "op₀+op₁"the expression value e is extracted as in equation (5), where if f is the ith test question added for the kth channel, then

e＝GetValue(Hash(f),k) (5)

In the formula (5), hash (f) is used for obtaining a question stem hash value formed by xi system numbers corresponding to f, and GetValue (hash (f), k) is used for obtaining a kth xi system number corresponding to hash (f);

and 4.3, step: and repeatedly executing the step 4.2 until all positive integers op in the specified range₀,op₁After the treatment, obtain

And

further, the specific method in the step 5 comprises the following steps:

step 5.1: initializing a secret test question sequence L ═ phi, and initializingInputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)

Generating u, v according to equation (6); generating a random number x, y belonging to (0,1) by pseudorandom iteration, and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7):

step 5.3: if it isOr

Order to

Step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step until

And is

Obtaining

Answer ans to

Step 5.5: generating index id according to equation (8), selecting corresponding id-th arrangement of 4 answer options ans-1, ans, ans +1, ans +2 according to id, using the id-th arrangement as actual output 4 options a, b, c, d, adding (T, a, b, c, d) to L, wherein if (T, a, b, c, d) is the ith test question added to L, st is present_i(T, a, b, c, d) is denoted as st_i＝(T_i,a_i,b_i,c_i,d_i) Wherein l is_shIs the arrangement sequence of all the options of a, b, c and d;

step 5.6: repeatedly executing the 5.2 th step to the 5.5 th step until P_IDAfter all the elements in the test question are processed, the test question with the secret can be obtained

Further, the specific method in the step 6 comprises the following steps:

step 6.1: the number l of the test questions without secret is calculated according to the formula (9)₂；

Step 6.2: generating a random number x, y belonging to (0,1), and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7);

6.3, step: if it is

Order to

6.4, step: repeatedly executing the step 6.3 until

Obtaining

Answer ans to

6.5, step: calculating id according to the formula (10), rearranging the id of the 4 answer options ans-1, ans, ans +1, ans +2 according to the id and arranging the id corresponding to the lexicographical order as the actual output 4 options a, b, c, d, adding (T, a, b, c, d) into L, wherein if the (T, a, b, c, d) is that the ith track added into the L does not contain secret test questions, st is_i' (T, a, b, c, d) wherein l_shIs the arrangement sequence of all the options of a, b, c and d;

6.6, step: repeatedly executing the 6.2 th step to the 6.5 th step until l is generated₂If the test question does not contain the secret test question, the test question added with the test question without the secret test question is marked as

Wherein l₃＝l₁+l₂。

The recovery method of the double-authentication test question backup camouflage method combining codebook expansion and question stem hashing comprises the following steps:

step 1: input length of l₃Test question L', user Key, sparse ratiorate e (0,1) and GF (2)⁸) Field primitive polynomial integer

Step 2: calculating the number l of the test questions without the dense test questions according to the sparse ratio rate epsilon (0,1)₂；

And 3, step 3: inverse scrambling L' to L in conjunction with a user key^*From L^*Tail removal₂Test questions, will reject l₂L of individual test question^*As questions requiring extraction of secret information

And 4, step 4: in combination with a user key

Is prepared by

And 5, step 5: the recovery strategy is combined with the key and the codebook extensionDecoding into backup byte sequence

And 6, step 6: combining user keys and

will be provided withReverting to the secret byte sequence P_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_l。

Further, the 2 nd step calculates the number l of the test questions without the dense test question by the sparse ratio rate epsilon (0,1)₂The specific method comprises the following steps: push buttonEquation (11) calculates the number of test questions l without secret₂；

Step 3 l₁The constraint satisfied is equation (12);

l₁＝l₃-l₂(12)

the specific method in the step 4 comprises the following steps:

step 4.1: initialization P_IDPhi is defined as; inputting a user key as an iteration starting value;

step 4.2: to L_sEach test question st in_iObtaining T_iAnswer ans_iCalculating a channel k according to the formula (13), acquiring a kth xi scale number corresponding to the hash value of the test question stem according to the formula (5) as an expression value e, and making u be equal to e;

k＝ans_imodl_ch(13)

and 4.3, step: generating a random number x, y belonging to (0,1) by pseudorandom iteration, and acquiring a_i,b_i,c_i,d_iIndex id ∈ {0,1, …, l in lexicographical ordering_sh-1}, calculating v according to equation (14), and calculating according to equation (15)

And will be

Is added to P_IDPerforming the following steps;

step 4.4: repeatedly executing the 4.2 th step to the 4.3 th step until L_sAll st in_iAfter the treatment is finished, thereby obtaining

Further, the specific method in the step 5 comprises the following steps:

step 5.1: initialization P_BPhi, the codebook sequence M is (0,1, …, l)_chm·l_sh-1); inputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)

Pseudo-random iterative generation of length l_chm·l_shArranging X in X ' according to equation (3), scrambling M into a random codebook M ' according to the position mapping relation between X and X ', and decoding the random codebook according to equation (16)

Is mapped as

If it is

Order toWill be provided with

Is added to P_BPerforming the following steps;

in equation (16), the get () function is used to index M' as

As an element of

Step 5.3: updating X to phi and M to M';

step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step until P_IDAll the elements are treated to obtain

The concrete method in the step 6 comprises the following steps:

step 6.1: participant sequence O ═ phi, a ═ phi, secret byte sequence P_sThe index i is 0; inputting a user key as an iteration starting value;

step 6.2: will P _B4 consecutive elements of (1)Are respectively taken as o'₀,o′₁,o′₂,o′₃Thus, a backup value sequence of O '═ O'₀,o′₁,o′₂,o′₃)；

6.3, step: generating a random number (x, y) by pseudo-random iteration, and generating a random disturbance quantity disturb according to an equation (17);

6.4, step: pseudo-randomly generating a participant sequence O ═ (O)_j)₄,o_jIs belonged to {0,1, …,255} and any element in O is unequal two by two;

6.5, step: combining disturb with o₀,o₁,o₂,o₃,o′₀,o′₁,o′₂,o′₃As GF (2)⁸) Field polynomial integer

By O ═ O (O)_j)₄,o_jConstructing a candidate recovery value sequence B by pairwise combination of participants in the epsilon {0,1, …,255 };

6.6, step: the elements in the range of {0,1, …,255} with the largest number of occurrences in B are used as the recovery information p_iIf not, then p is added_iCarrying out random assignment to p_iThe number of occurrences in B is assigned to aa, and a reliability value aa is calculated from aa_i；

Step 6.7: repeatedly executing the 6.2 th step to the 6.6 th step until P_BAll the elements in the sequence are processed to obtain a secret byte sequence P_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_l。

Further, the specific method of step 6.5 consists in comprising the following steps:

6.5.1: initializing a candidate recovery information sequence B ═ phi;

6.5.2, step: for the

① o'_m-1 or o'_nIf the candidate recovery information B is-1, adding the candidate recovery information B to B;

②o′_mnot equal to-1 and o'_nNot equal to-1, willTwo separate storage parameters are recovered in formula (18)

Let n be n +1, will

As r₀,r₁If r is₁＝(r₀+ disturb) mod256, then change b to r₀To B, otherwise B ═ -1 to B;

6.5.3: repeatedly executing the 6.5.2 th step until { (o'₀,o′₁),(o′₀,o′₂),(o′₀,o′₃),(o′₁,o′₂),(o′₁,o′₃),(o′₂,o′₃) Obtaining a candidate recovery information sequence B after the processing is finished;

6.6 step of calculating the reliability aa from aa_iThe specific method of (3) is formula (19):

compared with the prior art, the invention has the beneficial effects that:

1) by the structure GF (2)⁸) The domain interpolation divides the deposit polynomial, carry on the backup to the secret information, further utilize the random codebook strategy to encode the backup information, while recovering, withdraw and recover a plurality of candidate recovery values through reconstructing the deposit polynomial, even if some test questions are destroyed, still can choose the remaining reliable candidate recovery value to reconstruct the secret information; meanwhile, non-density blank test questions which cannot be distinguished from density test questions are introduced to carry out sparse processing on the density test questions, and the robustness of the method is further improved.

2) The method constructs a multi-channel test question library, maps the hash value of the test question stem into a carry number through channel indexes, and further expresses 8-bit secret information by combining the option arrangement sequence and the hash value of the test question stem, thereby improving the single test question encryption capacity.

3) In the recovery stage, the method filters out the influence of the error extraction information on the quality of the recovered information by the authentication strategy based on the codebook expansion and the storage division coefficient, further compares a plurality of candidate recovery values of the same secret value, selects the most reliable candidate recovery value as the final recovery value, and calculates the reliable value. The reliability of the recovered information can be marked while ensuring the quality of the recovered information.

Drawings

Fig. 1 is a secret information disguising flowchart;

FIG. 2 is a flow diagram of secret information recovery;

FIG. 3 is an example: secret information 1, ancient poem "bamboo library" containing 20 Chinese characters;

FIG. 4 is an example: fig. 3 shows some of the secret-information-containing test questions 1 generated through the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2 and the initial codebook M is (0,1, …, 383);

FIG. 5 is an example: secret information 1 recovered from the secret test question 1 corresponding to fig. 4 according to the correct key and the secret information recovery process of fig. 2, where the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 6 is an example: a reliability value sequence (organized into a 4 × 10 array for convenient display) calculated by the secret test question 1 corresponding to fig. 4 according to the correct key and the reliability of the secret information recovery process of fig. 2, wherein the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 7 is an example: secret information 2, ancient poetry "deer firewood" containing 20 Chinese characters;

FIG. 8 is an example: fig. 7 shows some of the secret-information-containing test questions 2 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 9 is an example: attacking the secret test question 2 corresponding to fig. 8, and recovering the secret information 2 according to the secret information recovery flow of fig. 2, wherein the attack mode is the order of the options of tampering part of the test questions in the test paper, the attack proportion is 0.2, the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 10 is an example: fig. 9 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is an option arrangement sequence of some test questions in a falsified test paper, the attack proportion is 0.2, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 11 is an example: secret information 1, ancient poem "bamboo library" containing 20 Chinese characters;

FIG. 12 is an example: fig. 11 shows some of the secret-information-containing test questions 3 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 13 is an example: attacking the corresponding secret test question 3 in fig. 12, and recovering the secret information 3 according to the secret information recovery flow in fig. 2, wherein the attack mode is to tamper with the question stem of part of the test questions in the test paper,

attack ratio is 0.5, sparsity ratio rate is 0.2, initial codebook sequence M is (0,1, …, 383);

FIG. 14 is an example: fig. 13 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is to tamper with the stem of a part of the test questions in the test paper, the attack proportion is 0.5, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 15 is an example: secret information 2, ancient poetry "deer firewood" containing 20 Chinese characters;

FIG. 16 is an example: fig. 15 shows some of the secret-information-containing test questions 4 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2 and the initial codebook sequence M is (0,1, …, 383);

FIG. 17 is an example: attacking the secret test questions 4 corresponding to fig. 16, and recovering the secret information 4 according to the secret information recovery flow of fig. 2, wherein the attack mode is to delete part of the test questions in the test paper, add the test questions at corresponding positions, the attack proportion is 0.2, the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383);

FIG. 18: fig. 17 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is to delete part of the test questions in the test paper and add the test questions at corresponding positions, the attack ratio is 0.2, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383).

Detailed Description

The embodiments of the present invention are described in detail below with JAVA jdk1.8.0_65 as a case implementation environment, but not limited to the case implementation environment, in which fig. 1 is a sorting flow chart, and fig. 2 is a reconstruction flow chart.

The embedding method comprises the following specific implementation steps:

step 1: inputting a secret byte sequence P with length l_S＝(p_i)_l,p_iE {0,1, …,255}, user key, sparsity ratio, e (0,1) and GF (2)⁸) Field primitive polynomial integer

For example, input P_S(1,22,134,246), sparsity ratio rate of 0.2 e (0,1), GF (2)⁸) Field primitive polynomial integerInputting a random user key set by a user, wherein the user key can be obtained by a random parameter dynamically generated by a random process or a mapping value of the random parameter, or can be obtained by mapping a special article and biological characteristics of the user and is used as an initial parameter of a subsequent random process₁,K₂…,K₄Here K₁,K₂…,K₄May be the same or different.

Step 2: combining user keys and

will P_SBy GF (2)⁸) Interpolation backup of the field, resulting in a length of l₁Backup byte sequence of

l₁The specific method is as follows:

step 2.1: initialization P_BIf phi is equal to phi, phi is an empty set, and a user key is input as an iteration starting value;

step 2.2: to pair

Generating x, y epsilon (0,1) in a pseudo-random mode, and mapping the x, y into an interpolation polynomial parameter sequence R (R) according to the formula (1)₀,r₁),r₀,r₁∈{0,1,…,255}；

Step 2.3: pseudo-randomGenerating a participant sequence O ═ (O)_i)₄,o_iIs belonged to {0,1, …,255} and any element in O is unequal two by two;

step 2.4: will r is₀,r₁,o₀,o₁,o₂,o₃As GF (2)⁸) Finite field polynomial integers

According to equation (2) asWill be (o'₀,o′₁,o′₂,o′₃) Is added to P_BPerforming the following steps;

step 2.5: repeatedly executing the step 2.2 to the step 2.4 until P_SAll elements p in (1)_iAfter the processing, an interpolation backup sequence can be obtained

l₁＝4l；

For example: suppose K in the user key is chosen₁As an initial value, K is shown from step 2.1 to step 2.5₁For generating a random number x, y ∈ (0,1) as a 2.2-step pseudorandom iteration and for generating a participant sequence O ═ (O) at 2.3-step pseudorandom_i)₄Is used to uniquely determine all random numbers x, y e (0,1) generated in steps 2.2 and 2.3 and all participant sequences O ═ (O, 1) during the cycle corresponding to step 2_i)₄。

With P _S0 th element p in (1,22,134,246)₀For example, assume 1 is K₁As an initial value, the pseudo random number x generated in the iteration of step 2.2 is 0.7241373772752059, y is 0.8409441603553602, and p is added₀X, y are calculated in formula (1) to obtain r₀＝1,

Let r be₀＝1,r₁Assuming that 2.3 steps of pseudo-randomly generated O (239,162,139,86), the substitution into formula (2) has:

wherein

Andare all polynomial integers, i.e. 2-value polynomials stored in an integer, thusO 'therefore'₀O 'can be obtained according to formula (2) similarly to 22'₁＝129,o′₂＝39,o′₃144, so from step 2.4, (o ') may be converted'₀,o′₁,o′₂,o′₃) Is added to P_BPerforming the following steps; repeatedly executing the step 2.2 to the step 2.4 until P_SAll elements p in (1)_iAfter the processing, an interpolation backup sequence P can be obtained_B(22,129,39,144,93,110,246,179,99,76,164,97,196,9,132,59), where l₁＝4l＝4·4＝16。

And 3, step 3: in combination with user key and codebook extension

Encoding into a coded index sequence

Wherein l_chmIs the number of characters mapped by the test question channel, l_shIs the number of permutations available for selecting the question option;

step 3.1: initialization P_IDPhi, the codebook sequence M is (0,1, …, l)_chm·l_sh-1); inputting a user key as an iteration starting value;

step 3.2: to P_BEach element in (1)

Pseudo-random iterative generation of length l_chm·l_shIs arranged as X 'according to equation (3) and is scrambled into a random codebook M' according to the positional mapping relationship between X and X ', and is scrambled into a random codebook M' according to equation (4)

Is mapped as

And will be

Is added to P_IDPerforming the following steps;

X′＝dec(X) (3)

in the formula (3), the function dec () is used for the descending order arrangement;

in equation (4), function index () is used to findIndexing in M

Step 3.3: updating X to phi and M to M';

step 3.4: repeatedly executing the 3.2 rd step to the 3.3 rd step until P_BAll the elements are processed to obtain

For example, assume that K in the user key is chosen₂As an initial value, K is shown from step 3.1 to step 3.4₂For generating length l as a 3.2 step iteration_chm·l_shFor uniquely determining the first random number sequence XIn the 3-step corresponding cycle process, the total length generated by the 3.2-step iteration is l_chm·l_shX.

Get l_chm＝16,l_sh24, the method comprises the following steps of 3.1: p_IDIf phi is empty, i.e. P_IDThe initial codebook sequence is M ═ (0,1, …, 383); to be provided with

For example, assume step 3.2 is followed by K₂The 0 th generated by iteration of the initial value has length l_chm·l_shThe random number sequence X of (0.7718907567600861,0.6423456283192762, …,0.3013837369659013) can be arranged in a descending order of X 'according to formula (3), each element in X has a new mapping position in X', so that a mapping rule can be established, a mapping relation from X element index to X 'element index is established according to the position of each element in X', and the elements in M are scrambled according to the mapping relation from X to X 'index, so as to obtain a scrambled random codebook M', wherein M 'after scrambling is assumed to be (24,126, …,155), and M' after scrambling is assumed to be (24,126, …,155)

The index position in M' is 176, then equation (4) is followed

Thereby will beIs added to P_IDIn, then P_ID(176); from step 3.3, X ═ Φ, all elements in X are removed, so X ═ M', knowing: m ═ (24,126, …, 155);

repeatedly executing the 3.2 rd step to the 3.3 rd step to obtain the code index sequence P_ID＝(176,106,369,179,54,91,89,305,104,219,154,218,160,234,7,164)。

And 4, step 4: constructing multi-channel question stem sequence

And stem expression value sequence

Wherein l_chNumber of channels divided for question, n_kCorrespondingly, the number of the test questions of the kth channel is the number of the test questions of the kth channel;

step 4.1: initialization F_k＝φ,k＝0,1,…,l_ch-1，E_k＝φ,k＝0,1,…,l_ch-1；

Step 4.2: for positive integer op in a specified range₀,op₁If k is (op)₀+op₁)modl_chThen at F_kIn which f is "op₀+op₁"the expression value e is extracted as in equation (5), where if f is the ith test question added for the kth channel, then

e＝GetValue(Hash(f),k) (5)

In the formula (5), hash (f) is used for obtaining a question stem hash value formed by xi system numbers corresponding to f, and GetValue (hash (f), k) is used for obtaining a kth xi system number corresponding to hash (f);

and 4.3, step: and repeatedly executing the step 4.2 until all positive integers op in the specified range₀,op₁After the treatment, can obtain

And

k＝0,1,…,l_ch-1；

for example, assume l_chWhen the result is 8, the step 4.1 comprises: f_k＝φ,k＝0,1,…,7，E_k＝φ,k＝0,1,…,7

Assuming the specified range of step 4.2 is 1,2, …,100, the range is defined by the positive integer op₀,op₁Known as op₀, op ₁1,2, …,100 in op₀＝1,op ₁1, k ═ 2 (1+1) mod8,then at F₂Wherein F is "1+1 ═ i", i.e. F₂The element "1+1 ═ is the 0 th test question stem of the k ═ 2 channel

If the hash value (f) is used, the question stem hash value formed by the xi-scale number corresponding to the f can be obtained, the message digest 5 algorithm MD5 is used as the hash (), and xi-16 is taken, 32 16-scale numbers can be obtained by the hash (f), and if the k-2-th 16-scale number is 11, E-11 can be obtained by the formula (5), that is, E₂Where 11 corresponds to the 0 th expression value of the k 2 channel

Step 4.2 is executed repeatedly until the op in the specified range₀,op₁After the treatment of 1,2, … and 100, the product is obtained

And

and 5, step 5: in combination with a user key, F_kAnd E_kBy

Generating test questions containing secret

Wherein T is_iIs a test question st_iStem of (a)_i,b_i,c_i,d_iIs a test question st _i4 options of l₁The number of the test questions containing the secret number;

step 5.1: initializing a secret test question sequence L ═ phi, and initializingInputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)

Generating u, v according to equation (6); generating a random number x, y belonging to (0,1) in a pseudo-random manner, and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7);

step 5.3: if it is

Or

Order to

Step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step until

And isObtaining

Answer ans to

Step 5.5: generating index id according to equation (8), selecting the id-th arrangement corresponding to 4 answer options ans-1, ans, ans +1, ans +2 according to the dictionary order according to the id, taking the id-th arrangement as the actual output 4 options a, b, c, d, adding (T, a, b, c, d) into L, wherein if (T, a, b, c, d) is the ith test question added into L, st is present_i(T, a, b, c, d) inIs st_i＝(T_i,a_i,b_i,c_i,d_i) Wherein l is_shIs the arrangement sequence of all the options of a, b, c and d;

step 5.6: repeatedly executing the 5.2 th step to the 5.5 th step until P_IDAfter all the elements in the test question are processed, the test question with the secret can be obtained

For example, assume that K in the user key is chosen₃As an initial value, K is shown from step 5.1 to step 5.6₃The method is used for generating a random number x, y epsilon (0,1) as a 5.2-step pseudo-random, and is used for uniquely determining all the random numbers x, y epsilon (0,1) generated by the 5.2-step iteration in the circulation process corresponding to the 5-step.

Get l_ch＝8,l_chm16, then step 5.1 has: the reason why L is initialized is that L is initialized as an empty setThe input key is K₃(ii) a To be provided with

For example, from step 5.2, u 176mod 160 can be calculated according to equation (6),

wherein the symbols

Represents rounding down; assume with K₃As an initial value, the generated current random number x is 0.8747539403455799, y is 0.4855412452750096, and then the following formula (7) is given:

let k be 7, total number of questions n of 7 th channel₇When 1250, j can be calculated from equation (7), i.e.

Suppose that calculated j is 1032 and

then step 5.3 is repeated until selected

And isStep 5.4 is executed to

And obtain answer ans ═ 127 to T;

from step 5.5, take_shThe formula (8) is substituted with x-0.8747539403455799 and y-0.4855412452750096 for 24, and the calculation can be carried outAssumed to be calculated_id-13, selecting ans-1-126, ans-127, ans + 1-128, ans + 2-129 and 13 arrangement options (a-128, b-126, c-129, d-127) corresponding to the dictionary sequence as the candidate answer arrangement sequence of T; finally, add ("84+43 ═ 128,126,129,127) to L, where st is found if ("84+43 ═ 128,126,129,127) is the i-th test question added in L, then₀128,126,129,127, denoted st₀＝(T₀＝"84+43＝",a₀＝128,b₀＝126,c₀＝129,d₀＝127)；

Similarly, the secret choice question st generated according to the steps_iI 1,2 …,15, constituting a closed choice question sequence L, for example:

L＝(("84+43＝",128,126,129,127),("1+46＝",46,49,48,47),("80+62＝",141,142,143,144),

("95+71＝",167,166,165,168),("19+12＝",32,31,30,33),("35+87＝",123,121,122,124),

("83+44＝",128,129,126,127),("8+63＝",70,71,72,73),("36+3＝",38,41,40,39),

("27+52＝",80,79,81,78),("70+68＝",139137,140,138),("12+44＝",57,55,56,58),

("98+21＝",120,121,118,119),("52+19＝",70,72,73,71),("93+98＝",191,192,190,193),

("89+14＝",102,104,105,103))

and 6, step 6: add No dense test question in L in combination with sparse ratio rate ∈ (0,1), combine F_kGenerating test questions added with test questions without secret

Wherein l₃＝l₁+l₂，l₂Is the number of test questions without secret, l₃Is L^*The specific method comprises the following steps:

step 6.1: the number l of the test questions without secret is calculated according to the formula (9)₂；

Step 6.2: generating a random number x, y belonging to (0,1), and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7);

6.3, step: if it is

Order to

6.4, step: repeatedly executing the step 6.3 until

Obtaining

Answer ans to

6.5, step: calculating id according to equation (10), rearranging the id of the 4 answer options ans-1, ans, ans +1, ans +2 according to the id and the id arrangement corresponding to the dictionary order as the actual output 4 options a, b, c, d, adding (T, a, b, c, d) to L^*Wherein if (T, a, b, c, d) is the ith track added in L does not contain the close examination question, there is st_i(T, a, b, c, d) is denoted as st_i＝(T_i,a_i,b_i,c_i,d_i) Wherein l is_shIs the arrangement sequence of all the options of a, b, c and d;

6.6, step: repeatedly executing the 6.2 th step to the 6.5 th step until l is generated₂If the test question does not contain the secret test question, obtaining a test question sequence added with the secret test question and recording the test question sequence as

Wherein l₃＝l₁+l₂；

For example, assuming that the sparsity ratio rate is 0.2, it is calculated from equation (9) in step 6.1Therefore, the number of random test questions to be added is 3;

as known from 6.2, the random number x is 0.9580411200867023, y is 0.4267687908056676, x is 0.9580411200867023, y is 0.4267687908056676, and the formula (7) is substituted with l_ch＝8,l_chmWhen 16, k is calculated from equation (7):

let k be 7, total number of questions n of 7 th channel₇1250, j can be calculated from equation (7):

let j be 138, let

F is obtained from the 6.3 th step and the 6.4 th step₇The 138 th test question stem in

Since 12+11 equals 23, ans equals 23, the order of

From the 6.5 th step: get l_shWhen x is 0.9580411200867023 and y is 0.4267687908056676, the formula (10) has the following formula:

assuming that id 23 is calculated according to equation (10), ans-1-22, ans-23, ans + 1-24, ans + 2-25, and the corresponding id-th permutation a-25, b-24, c-23, and d-22 are selected in a lexicographic order, and "12+ 11", 25,24,23,22 "is added to L, where if" 12+11 ",25,24,23, 22" is the i-th track added to L does not contain a dense test question, then st is present_i25,24,23,22, ("12+11 ═ st"), denoted st_i＝(T_i＝"12+11＝",a_i＝25,b_i＝24,c_i＝23,d_i＝22)；

Repeatedly executing the 6.2 nd step to the 6.5 th step to obtain 3 test questions without secret content, wherein st is₀＝("12+11＝",25,24,23,22),st₁＝("47+72＝",118,119,121,120),st₂(52 +43 ═ 97,95,96,94), which was added to the tail of L as L^*：

L^*＝(("84+43＝",128,126,129,127),("1+46＝",46,49,48,47),("80+62＝",141,142,143,144),

("95+71＝",167,166,165,168),("19+12＝",32,31,30,33),("35+87＝",123,121,122,124),

("83+44＝",128,129,126,127),("8+63＝",70,71,72,73),("36+3＝",38,41,40,39),

("27+52＝",80,79,81,78),("70+68＝",139137,140,138),("12+44＝",57,55,56,58),

("98+21＝",120,121,118,119),("52+19＝",70,72,73,71),("93+98＝",191,192,190,193),

("89+14＝",102,104,105,103),("12+11＝",25,24,23,22)，("47+72＝",118,119,121,120)，

("52+43＝",97,95,96,94))

Step 7, combining the user key

Is scrambled into

And outputting the L' as a final output secret test question sequence L.

For example, assume that K in the user key is chosen₄Is an initial value, by K₄Rearrangement order of elements in the generated random sequence to agree

The position mapping relation of all the elements in the system can be

Is scrambled into

And when the correct user key K is provided₄When the temperature of the water is higher than the set temperature,can be completely recovered into

E.g. in combination with K₄Can be combined with

Scramble to L "and output:

L″＝(("70+68＝",139,137,140,138),("35+87＝",123,121,122,124),("47+72＝",118,119,121,120),

("52+19＝",70,72,73,71),("36+3＝",38,41,40,39),("95+71＝",167,166,165,168),

("8+63＝",70,71,72,73),("84+43＝",128,126,129,127),("93+98＝",191,192,190,193),

("52+43＝",97,95,96,94),("89+14＝",102,104,105,103),("1+46＝",46,49,48,47),

("98+21＝",120,121,118,119),("19+12＝",32,31,30,33),("27+52＝",80,79,81,78),

("83+44＝",128,129,126,127),("12+11＝",25,24,23,22),("80+62＝"141,142,143,144),

("12+44＝",57,55,56,58))

note L^*And L' are distinguished by the order of the test questions, which is determined by the user key K₄Controlled and accessible by a user key K₄Recovery is performed.

The extraction method comprises the following specific implementation steps:

step 1: input length of l₃Test question L', user Key, sparsity ratio, rate ∈ (0,1), and GF (2)⁸) Field primitive polynomial integer

For example, the input sparsity ratio rate is 0.2 ∈ (0,1), GF (2)⁸) Field primitive polynomial integer

Inputting a random user key set by a user, wherein the user key can be obtained by a random parameter dynamically generated by a random process or a mapping value of the random parameter, or can be obtained by mapping a special article and biological characteristics of the user and is used as an initial parameter of a subsequent random process₁,K₂…,K₄Here K₁,K₂…,K₄May be the same or different, and K₁,K₂…,K₄Corresponding to the disguising method one by one. It is assumed here that the input length is l₃Test question L "of 19:

L″＝(("70+68＝",139,137,140,138),("35+87＝",123,121,122,124),("47+72＝",118,119,121,120),

("52+19＝",70,72,73,71),("36+3＝",38,41,40,39),("95+71＝",167,166,165,168),

("8+63＝",70,71,72,73),("84+43＝",128,126,129,127),("93+98＝",191,192,190,193),

("52+43＝",97,95,96,94),("89+14＝",102,104,105,103),("1+46＝",46,49,48,47),

("98+21＝",120,121,118,119),("19+12＝",32,31,30,33),("27+52＝",80,79,81,78),

("83+44＝",128,129,126,127),("12+11＝",25,24,23,22),("80+62＝"141,142,143,144),

("12+44＝",57,55,56,58))

step 2: from the sparse ratio rate ∈ (0,1), the number l of non-dense test questions is calculated as equation (11)₂；

For example, by₃19, rate 0.2, l₃19 in formula (11) to

And 3, step 3: inverse scrambling L' to L in conjunction with a user key^*From L^*Tail removal₂Test questions, will reject l₂L of individual test question^*As questions requiring extraction of secret information

Wherein l₁The constraint satisfied is equation (12);

l₁＝l₃-l₂(12)

for example, suppose that the user key K corresponding to the disguise method is selected₄Is an initial value, then can pass K₄The rearrangement order of the elements in the generated random sequence can be determined according to the mapping relation established in the step 7 of the embedding method

Is inversely scrambled to

L^*＝(("84+43＝",128,126,129,127),("1+46＝",46,49,48,47),("80+62＝",141,142,143,144),

("95+71＝",167,166,165,168),("19+12＝",32,31,30,33),("35+87＝",123,121,122,124),

("83+44＝",128,129,126,127),("8+63＝",70,71,72,73),("36+3＝",38,41,40,39),

("27+52＝",80,79,81,78),("70+68＝",139137,140,138),("12+44＝",57,55,56,58),

("98+21＝",120,121,118,119),("52+19＝",70,72,73,71),("93+98＝",191,192,190,193),

("89+14＝",102,104,105,103),("12+11＝",25,24,23,22)，("47+72＝",118,119,121,120)，

("52+43＝",97,95,96,94))

Then from L^*Tail removal₂Get L as 3 questions_s：

L_s＝(("84+43＝",128,126,129,127),("1+46＝",46,49,48,47),("80+62＝",141,142,143,144),

("95+71＝",167,166,165,168),("19+12＝",32,31,30,33),("35+87＝",123,121,122,124),

("83+44＝",128,129,126,127),("8+63＝",70,71,72,73),("36+3＝",38,41,40,39),

("27+52＝",80,79,81,78),("70+68＝",139137,140,138),("12+44＝",57,55,56,58),

("98+21＝",120,121,118,119),("52+19＝",70,72,73,71),("93+98＝",191,192,190,193),

("89+14＝",102,104,105,103))

And 4, step 4: in combination with a user key

Extracting the code index sequence

The specific method comprises the following steps:

step 4.1: initialization P_IDPhi is defined as; inputting a user key as an iteration starting value;

step 4.2: to L_sEach test question st in_iObtaining T_iAnswer ans_iCalculating a channel k according to the formula (13), acquiring a 16-system number e corresponding to the kth character of the specified character string according to the formula (5), and setting u as e;

k＝ans_imodl_ch(13)

and 4.3, step: generating a random number x, y belonging to (0,1) in a pseudo-random way, and obtaining a_i,b_i,c_i,d_iIndex id ∈ {0,1, …, l in lexicographical ordering_sh-1}, calculating v according to equation (14), and calculating according to equation (15)

And will be

Is added to P_IDPerforming the following steps;

step 4.4: repeatedly executing the 4.2 th step to the 4.3 th step until L_sAll st in_iAfter the treatment is finished, thereby obtaining

For example, assume that K in the user key corresponding to the disguise method selected in step 4.1₃Is an initial value, and K is shown from the 4.1 th step to the 4.4 th step₃The method is used for generating a random number x, y epsilon (0,1) as the 4.3-step pseudo-random, and is used for uniquely determining all the random numbers x, y epsilon (0,1) generated by the 4.3-step iteration in the circulation process corresponding to the 4-step.

From step 4.1: initialization P_IDIf phi is empty set, P is_IDCorresponding to a null sequence, i.e. P_ID＝()；

St by₀For example, step 4.2, st is obtained first (128,126,129,127) ("84+43 ═ g₀T of_i"84+ 43", and obtains its answer ans_i127, the channel index k 127mod 87 is calculated according to equation (13), where l_ch＝8；

If the formula (5) hash (f) is used, the hash value of the question stem consisting of xi scale numbers corresponding to f can be obtained, the message digest 5 algorithm MD5 is used as the hash (), and xi ═ 16 is taken, then 32 16 scale numbers can be obtained by the hash (f), and if the k ═ 7 16 scale numbers are 0, then u ═ e ═ 0 can be obtained by the formula (5);

let st be the pseudo-randomly generated random number x 0.8747539403455799, y 0.4855412452750096 of 4.3₀A may be obtained ("84+43 ═",128,126,129,127)_i＝128,b_i＝126,c_i＝129,d_i127 at ans_i-1＝126,ans_i＝127,ans_i+1＝128,ans_iThe index id of + 2-129 dictionary permutation is 13, id 13 is further substituted into formula (14), and l is taken_shWhen 24, the calculation is performed according to equation (14)

Let v equal to 11, take u equal to 0, l_chmCan be calculated according to equation (15) when the value is 16

And similarly, repeatedly executing the 4.2 th step to the 4.3 th step until L_sAll st in_iAfter the processing is finished, P can be obtained_ID＝(176,106,369,179,54,91,89,305,104,219,154,218,160,234,7,164)。

And 5, step 5: the recovery strategy is combined with the key and the codebook extension

Decoding into backup byte sequence

The specific method comprises the following steps:

step 5.1: initialization P_BPhi, the codebook sequence M is (0,1, …, l)_chm·l_sh-1); inputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)Pseudo-random iterative generation of length l_chm·l_shArranging X in X ' according to equation (3), scrambling M into a random codebook M ' according to the position mapping relation between X and X ', and decoding the random codebook according to equation (16)

Is mapped as

If it is

Order to

Will be provided with

Is added to P_BPerforming the following steps;

in equation (16), get () function is used to get M'The middle index is

As an element of

Step 5.3: updating X to phi and M to M';

step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step until P_IDAll the elements are processed to obtain

For example, suppose that step 5.1 selects K in the user key corresponding to the masquerading method₂As an initial value, K is shown from step 5.1 to step 5.4₂For generating length l as a 5.2 step iteration_chm·l_shIs used to uniquely determine the total length l of the 5.2 iteration generated during the 5 th cycle corresponding to step 5_chm·l_shX.

Suppose to take l_chm＝16,l_shStep 5.1 initializes P24_BIf phi is empty set, P is_BInitializing codebook sequence M ═ (0,1, …, 383);

step 5.2 to

For example, assume that K is used in the masquerading method₂As an initial value, the length generated by the pseudo-random iteration is l_chm·l_shThe random number sequence X of (0.7718907567600861,0.6423456283192762, …,0.3013837369659013) is that X 'can be arranged in descending order as X' according to equation (3), each element in X has a new mapping position in X ', so that a mapping rule can be established, a mapping relation from X element index to X' element index is established according to the position of each element in X ', so that the elements in M are scrambled according to the mapping relation from X to X', and a scrambled random codebook M 'is obtained, wherein the random codebook M' is obtainedAssume that M' after scrambling is (24,126, …,155), assume thatThe element at index position 176 in M' is 22, so that equation (16) yields

Repeatedly executing the 5.2 th step to the 5.3 th step to obtain P_B＝(22,129,39,144,93,110,246,179,99,76,164,97,196,9,132,59)。

And 6, step 6: combining user keys and

will be provided withReverting to the secret byte sequence P_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_lThe specific method comprises the following steps:

step 6.1: participant sequence O ═ phi, a ═ phi, secret byte sequence P_sThe index i is 0; inputting a user key as an iteration starting value;

step 6.2: will P _B4 consecutive elements of (1)Are respectively taken as o'₀,o′₁,o′₂,o′₃Thus, a backup value sequence of O '═ O'₀,o′₁,o′₂,o′₃)；

6.3, step: generating a random number (x, y) by pseudo-random iteration, and generating a random disturbance quantity disturb according to an equation (17);

6.4, step: pseudo-randomly generating a participant sequence O ═ (O)_j)₄,o_j∈{0,1,…255} and any elements in O are unequal pairwise;

6.5, step: combining disturb with o₀,o₁,o₂,o₃,o′₀,o′₁,o′₂,o′₃As GF (2)⁸) Field polynomial integer

By O ═ O (O)_j)₄,o_jThe candidate recovery value sequence B is constructed by pairwise combination of participants in e {0,1, …,255}, and the specific method is as follows:

6.5.1: initializing a candidate recovery information sequence B ═ phi;

6.5.2, step: for the

① o'_m-1 or o'_nIf the candidate recovery information B is-1, adding the candidate recovery information B to B;

②o′_mnot equal to-1 and o'_nNot equal to-1, mixing o'_m,o′_n,

Two separate storage parameters are recovered in formula (18)

Let n be n +1, will

As r₀,r₁If r is₁＝(r₀+ disturb) mod256, then change b to r₀To B, otherwise B ═ -1 to B;

6.5.3: repeatedly executing the 6.5.2 th step until { (o'₀,o′₁),(o′₀,o′₂),(o′₀,o′₃),(o′₁,o′₂),(o′₁,o′₃),(o′₂,o′₃) Obtaining a candidate recovery information sequence B after the processing is finished;

6.6, step: taking the non-1 element with the most occurrence times in B as recovery information p_jIf not, p_jCarrying out random assignment to p_jThe number of occurrences in B is assigned to aa, and a reliability value aa is calculated as equation (19)_j：

Step 6.7: repeatedly executing the 6.2 th step to the 6.6 th step until P_BAfter all the elements in the sequence are processed, a secret byte sequence P can be obtained_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_l。

For example: suppose that the step 6.1 selects K in the user key corresponding to the disguise method₁As an initial value, K is shown from step 6.1 to step 6.7₁For generating a random number x, y ∈ (0,1) as an iteration of step 6.3 and for generating a pseudorandom participant sequence O ═ (O) at step 6.4_j)₄Is used to uniquely determine all random numbers x, y e (0,1) generated at steps 6.3 and 6.4 and all participant sequences O ═ (O, 1) throughout the cycle corresponding to step 6_i)₄。

From step 6.1: participant sequence O ═ phi, a ═ phi, secret byte sequence P_sPhi is empty set, then O () is (), a () is P_s() the initialization index i is 0;

from step 6.2: since i is 0, P is truncated_B4 consecutive elements of (22,129,39,144,93,110,246,179,99,76,164,97,196,9,132,59)

Are respectively taken as o'₀,o′₁,o′₂,o′₃Thereby obtaining O '═ O'₀,o′₁,o′₂,o′₃)＝(22,129,39,144)，

From step 6.3: assume with K₁The pseudo random number x, y, 0.8409441603553602 generated as an initial value is 0.7241373772752059, and the random disturbance amount is generated by equation (17)

Let the resulting disturb be 42;

then from step 6.4, it can be assumed that K is used₁Pseudo-randomly generating 4 mutually unequal O-values (239,162,139,86) for the initial value;

then from step 6.5, o can be converted₀＝239,o₁＝162,o₂＝139,o₃＝86,o′₀＝22,o′₁＝129,o′₂＝39,o′₃144 as GF (2)⁸) Field polynomial integer

The candidate recovery information sequence B is initialized in step 6.5.1 as Φ, and: b ═ (); from step 6.5.2: by applying a backup vector (o)_i,o′_i) Combining two by two, i-0, 1,2,3, we can get { (o'₀,o′₁),(o′₀,o′₂),(o′₀,o′₃),(o′₁,o′₂),(o′₁,o′₃),(o′₂,o′₃) H is of (o'₀,o′₁) By way of example, due to o'₀Not equal to-1 and o'₁Not equal to-1, then from ②, (o)₀＝239,o′₀22) and (o)₁＝162,o′₁129) may be substituted into formula (18)

And r is₀＝1,r₁43 since r₁＝(r₀+ disturb) mod256, with b ═ r₀Adding into B, and mixing the mixture in the 6.5.3 step: repeatedly executing the 6.5.2 th step until { (o'₀,o′₁),(o′₀,o′₂),(o′₀,o′₃),(o′₁,o′₂),(o′₁,o′₃),(o′₂,′₃) After the processing is finished, the candidate recovery information sequence B is obtained as (1,1,1,1,1, 1);

from step 6.6, the non-1 element with the largest occurrence number of B can be used as the recovery information p₀The reliability value aa is calculated in formula (19) by substituting the number of occurrences aa of 1 into 6_jWhen the result is 3, p is₀1 to P_SIn (b) to obtain P_SWhen (1), aa _j3 to a, then a ═ 3;

from step 6.7: repeatedly executing the 6.2 th step to the 6.6 th step until P_BWhen all the elements in the formula are processed, P is present_S＝(1,22,134,246)，A＝(3,3,3,3)。

FIG. 3 is an example: secret information 1, ancient poem "bamboo library" containing 20 Chinese characters; FIG. 4 is an example: fig. 3 shows some of the secret-information-containing test questions 1 generated through the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2 and the initial codebook M is (0,1, …, 383); FIG. 5 is an example: secret information 1 recovered from the secret test question 1 corresponding to fig. 4 according to the correct key and the secret information recovery process of fig. 2, where the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 6 is an example: a reliability value sequence (organized into a 4 × 10 array for convenient display) calculated by the secret test question 1 corresponding to fig. 4 according to the correct key and the reliability of the secret information recovery process of fig. 2, wherein the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 7 is an example: secret information 2, ancient poetry "deer firewood" containing 20 Chinese characters; FIG. 8 is an example: fig. 7 shows some of the secret-information-containing test questions 2 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 9 is an example: attacking the secret test question 2 corresponding to fig. 8, and recovering the secret information 2 according to the secret information recovery flow of fig. 2, wherein the attack mode is the order of the options of tampering part of the test questions in the test paper, the attack proportion is 0.2, the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 10 is an example: fig. 9 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is an option arrangement sequence of some test questions in a falsified test paper, the attack proportion is 0.2, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 11 is an example: secret information 1, ancient poem "bamboo library" containing 20 Chinese characters; FIG. 12 is an example: fig. 11 shows some of the secret-information-containing test questions 3 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 13 is an example: attacking the secret test question 3 corresponding to fig. 12, and recovering the secret information 3 according to the secret information recovery flow of fig. 2, wherein the attack mode is to tamper with the question stem of part of the test questions in the test paper, the attack proportion is 0.5, the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 14 is an example: fig. 13 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is to tamper with the stem of a part of the test questions in the test paper, the attack proportion is 0.5, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 15 is an example: secret information 2, ancient poetry "deer firewood" containing 20 Chinese characters; FIG. 16 is an example: fig. 15 shows some of the secret-information-containing test questions 4 generated by the secret information disguising process in fig. 1, where the sparse ratio rate is 0.2 and the initial codebook sequence M is (0,1, …, 383); FIG. 17 is an example: attacking the secret test questions 4 corresponding to fig. 16, and recovering the secret information 4 according to the secret information recovery flow of fig. 2, wherein the attack mode is to delete part of the test questions in the test paper, add the test questions at corresponding positions, the attack proportion is 0.2, the sparse ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383); FIG. 18: fig. 17 illustrates a reliability value sequence (organized into a 4 × 10 array for convenient display) corresponding to the embodiment, where the attack mode is to delete part of the test questions in the test paper and add the test questions at corresponding positions, the attack ratio is 0.2, the sparsity ratio rate is 0.2, and the initial codebook sequence M is (0,1, …, 383).

Claims (10)

1. The double-authentication test question backup disguising method combining codebook expansion and question stem hashing is characterized by comprising the following steps of:

step 1: inputting a secret byte sequence P with length l_S＝(p_i)_l,p_iE {0,1, …,255}, user key, sparsity ratio, e (0,1) and GF (2)⁸) Field primitive polynomial integer

Step 2: combining user keys andwill P_SBy GF (2)⁸) Field interpolation backup, generating backup byte sequences

And 3, step 3: in combination with user key and codebook extensionEncoding into a coded index sequence

Wherein l_chmIs the number of characters mapped by the test question channel, l_shIs the number of permutations that the choice question option can use;

and 4, step 4: constructing multi-channel question stem sequence

And stem expression value sequenceWherein l_chNumber of channels divided for question, n_kCorrespondingly, the number of the test questions of the kth channel is the number of the test questions of the kth channel;

and 5, step 5: in combination with a user key, F_kAnd E_kBy

Generating test questions containing secret

Wherein T is_iIs a test question st_iStem of (a)_i,b_i,c_i,d_iIs a test question st_i4 options of l₁The number of the test questions containing the secret number;

and 6, step 6: add No dense test question in L in combination with sparse ratio rate ∈ (0,1), combine F_kGenerating test questions added with test questions without secret

Wherein l₃＝l₁+l₂，l₂Is the number of test questions without secret, l₃Is L^*The number of test questions;

step 7, combining the user key

Is scrambled into

And outputting the L' as a final test question.

2. The method of claim 1, wherein in step 2, the backup byte sequence is backed up

Has a length of l₁＝4l；

The specific method in the step 2 comprises the following steps:

step 2.1: initialization P_BPhi is an empty set; inputting a user key as an iteration starting value;

step 2.2: to pair

Generating x, y epsilon (0,1) by pseudorandom iteration, and mapping x and y into an interpolation polynomial parameter sequence R (R) according to the formula (1)₀,r₁),r₀,r₁∈{0,1,…,255}；

Step 2.3: pseudo-random iterative generation of participant sequence O ═ (O)_i)₄,o_iIs belonged to {0,1, …,255} and any element in O is unequal two by two;

step 2.4: will r is₀,r₁,o₀,o₁,o₂,o₃As GF (2)⁸) Finite field polynomial integers

According to equation (2) as

Will be (o'₀,o′₁,o′₂,o′₃) Is added to P_BPerforming the following steps;

step 2.5: repeatedly executing the step 2.2 to the step 2.4 until P_SAll elements p in (1)_iAfter the processing is finished, obtaining a backup byte sequence

3. The method for disguising the backup of the double-authentication test questions by combining the expansion of the codebook and the hash of the question stem as claimed in claim 1, wherein the specific method in the 3 rd step comprises the following steps:

step 3.1: initialization P_ID＝φCode book sequence M ═ 0,1, …, l_chm·l_sh-1); inputting a user key as an iteration starting value;

step 3.2: to P_BEach element in (1)

Pseudo-random iterative generation of length l_chm·l_shArranging X into X 'according to formula (3), scrambling M into a random codebook M' according to the position mapping relation between X and X ', and then generating random codebook M' according to formula (4)

Is mapped as

And will be

Is added to P_IDPerforming the following steps;

X′＝dec(X) (3)

in the formula (3), the function dec () is used for the descending order arrangement;

in equation (4), function index () is used to find

Indexing in M

Step 3.3: updating X to phi and M to M';

step 3.4: repeatedly executing the 3.2 rd step to the 3.3 rd step until P_BAll the elements are treated to obtain

4. The method for disguising the backup of the double-authentication test questions by combining the expansion of the codebook and the hash of the question stem as claimed in claim 1, wherein the specific method in the 4 th step comprises the following steps:

step 4.1: initialization F_k＝φ,k＝0,1,…,l_ch-1，E_k＝φ,k＝0,1,…,l_ch-1；

Step 4.2: for positive integer op in specified range₀,op₁If k is (op)₀+op₁)mod l_chThen at F_kIn which f is "op₀+op₁"the expression value e is extracted as in equation (5), where if f is the ith test question added for the kth channel, f is_i ^k＝f,

e＝GetValue(Hash(f),k) (5)

In the formula (5), hash (f) is used for obtaining a question stem hash value formed by xi system numbers corresponding to f, and GetValue (hash (f), k) is used for obtaining a kth xi system number corresponding to hash (f);

and 4.3, step: and repeatedly executing the step 4.2 until all positive integers op in the specified range₀,op₁After the treatment, obtain

And

5. the method for disguising the backup of the double-authentication test questions by combining the expansion of the codebook and the hash of the question stem as claimed in claim 1, wherein the specific method in the 5 th step comprises the following steps:

step 5.1: initializing a secret test question sequence L ═ phi, and initializing

Inputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)

Generating u, v according to equation (6); generating a random number x, y belonging to (0,1) by pseudorandom iteration, and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7):

step 5.3: if it isOr

Let j be (j +1) modn_k；

Step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step untilAnd is

Obtaining

Answer ans to

Step 5.5: generating index id according to formula (8), selecting corresponding id arrangement of 4 answer options ans-1, ans, ans +1, ans +2 according to id in a dictionary order,adding (T, a, b, c, d) to L by taking the id-th arrangement as the actual output 4 options a, b, c, d, wherein if (T, a, b, c, d) is the ith test question added to L, st is_i(T, a, b, c, d) is denoted as st_i＝(T_i,a_i,b_i,c_i,d_i) Wherein l is_shIs the arrangement sequence of all the options of a, b, c and d;

step 5.6: repeatedly executing the 5.2 th step to the 5.5 th step until P_IDAfter all the elements in the test question are processed, the test question with the secret can be obtained

6. The method for disguising the backup of the double-authentication test questions combining the codebook expansion and the question stem hashing as claimed in claim 5, wherein the specific method in the 6 th step comprises the following steps:

step 6.1: the number l of the test questions without secret is calculated according to the formula (9)₂；

Step 6.2: generating a random number x, y belonging to (0,1), and calculating a channel k and a test question index j corresponding to the channel k according to a formula (7);

6.3, step: if it is

Let j be (j +1) mod n_k；

6.4, step: repeatedly executing the step 6.3 until

Obtaining

Answer ans to

6.5, step: calculating id according to equation (10), rearranging the id of the 4 answer options ans-1, ans, ans +1, ans +2 according to the id and arranging the id in a corresponding id sequence of a dictionary order to be used as actual output 4 options a, b, c and d, and adding (T, a, b, c and d) into the L, wherein if the (T, a, b, c and d) is that the ith channel added into the L does not contain secret test questions, the ith channel has st 'according to the id'_i(T, a, b, c, d) wherein l_shIs the arrangement sequence of all the options of a, b, c and d;

6.6, step: repeatedly executing the 6.2 th step to the 6.5 th step until l is generated₂If the test question does not contain the secret test question, the test question added with the test question without the secret test question is marked as

Wherein l₃＝l₁+l₂。

7. The recovery method of the double-authentication test question backup camouflage method based on any one of claims 1 to 6, which combines the expansion of the codebook and the hash of the question stem, is characterized by comprising the following steps:

step 1: input length of l₃Test question L', user Key, sparsity ratio, rate ∈ (0,1), and GF (2)⁸) Field primitive polynomial integer

Step 2: calculating the number l of the test questions without the dense test questions according to the sparse ratio rate epsilon (0,1)₂；

And 3, step 3: inverse scrambling L' to L in conjunction with a user key^*From L^*Tail removal₂Test questions, will reject l₂L of individual test question^*As questions requiring extraction of secret information

And 4, step 4: in combination with a user keyIs prepared by

And 5, step 5: the recovery strategy is combined with the key and the codebook extension

Decoding into backup byte sequence

And 6, step 6: combining user keys and

will be provided with

Reverting to the secret byte sequence P_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_l。

8. The method for recovering double-certification test questions backup combining codebook expansion and question stem hashing as claimed in claim 7, wherein the 2 nd step calculates the number l of test questions without density from the sparse ratio rate e (0,1)₂The specific method comprises the following steps: the number l of the test questions without secret keys is calculated according to the formula (11)₂；

Step 3 l₁The constraint satisfied is the formula (12)；

l₁＝l₃-l₂(12)

The specific method in the step 4 comprises the following steps:

step 4.1: initialization P_IDPhi is defined as; inputting a user key as an iteration starting value;

step 4.2: to L_sEach test question st in_iObtaining T_iAnswer ans_iCalculating a channel k according to the formula (13), acquiring a kth xi scale number corresponding to the hash value of the test question stem according to the formula (5) as an expression value e, and making u be equal to e;

k＝ans_imod l_ch(13)

and 4.3, step: generating a random number x, y belonging to (0,1) by pseudorandom iteration, and acquiring a_i,b_i,c_i,d_iIndex id ∈ {0,1, …, l in lexicographical ordering_sh-1}, calculating v according to equation (14), and calculating according to equation (15)

And will be

Is added to P_IDPerforming the following steps;

step 4.4: repeatedly executing the 4.2 th step to the 4.3 th step until L_sAll st in_iAfter the treatment is finished, thereby obtaining

9. The method for recovering a double-certification question backup in combination with codebook expansion and question stem hashing as claimed in claim 7, wherein the specific method in the step 5 comprises the following steps:

step 5.1: initialization P_BPhi, the codebook sequence M is (0,1, …, l)_chm·l_sh-1); inputting a user key as an iteration starting value;

step 5.2: to P_IDEach element in (1)

Pseudo-random iterative generation of length l_chm·l_shArranging X in X ' according to equation (3), scrambling M into a random codebook M ' according to the position mapping relation between X and X ', and decoding the random codebook according to equation (16)

Is mapped as

If it is

Order to

Will be provided with

Is added to P_BPerforming the following steps;

in equation (16), the get () function is used to index M' asAs an element of

Step 5.3: updating X to phi and M to M';

step 5.4: repeatedly executing the 5.2 th step to the 5.3 th step until P_IDAll the elements are treated to obtain

The concrete method in the step 6 comprises the following steps:

step 6.1: participant sequence O ═ phi, a ═ phi, secret byte sequence P_sThe index i is 0; inputting a user key as an iteration starting value;

step 6.2: will P_B4 consecutive elements of (1)

Respectively as o₀′,o₁′,o₂′,o₃', to obtain a backup value sequence O ' ═ (O '₀，o′₁,o′₂,o′₃)；

6.3, step: generating a random number (x, y) by pseudo-random iteration, and generating a random disturbance quantity disturb according to an equation (17);

6.4, step: pseudo-randomly generating a participant sequence O ═ (O)_j)₄,o_jIs belonged to {0,1, …,255} and any element in O is unequal two by two;

6.5, step: combining disturb with o₀,o₁,o₂,o₃,o′₀,o′₁,o′₂,o′₃As GF (2)⁸) Field polynomial integerBy O ═ O (O)_j)₄,o_jConstructing a candidate recovery value sequence B by pairwise combination of participants in the epsilon {0,1, …,255 };

6.6, step: the elements in the range of {0,1, …,255} with the largest number of occurrences in B are used as the recovery information p_iIf not, then p is added_iCarrying out random assignment to p_iThe number of occurrences in B is assigned to aa, and a reliability value aa is calculated from aa_i；

Step 6.7: repeatedly executing the 6.2 th step to the 6.6 th step until P_BAll the elements in the sequence are processed to obtain a secret byte sequence P_S＝(p_i)_l,p_iE {0,1, …,255}, and generates P_SThe reliability value sequence of (a) ═ aa_i)_l。

10. The method for recovering a double-certification question backup in combination with codebook expansion and question stem hashing as claimed in claim 9, wherein the specific method in step 6.5 is characterized by comprising the following steps:

6.5.1: initializing a candidate recovery information sequence B ═ phi;

6.5.2, step: for the

① o'_m-1 or o'_nIf the candidate recovery information B is-1, adding the candidate recovery information B to B;

②o′_mnot equal to-1 and o'_nNot equal to-1, mixing o'_m,o′_n,

Two separate storage parameters are recovered in formula (18)

Let n be n +1, will

As r₀,r₁If r is₁＝(r₀+ disturb) mod256, then change b to r₀To B, otherwise B ═ -1 to B;

6.5.3: repeatedly executing the 6.5.2 th step until { (o'₀,o′₁),(o′₀,o′₂),(o′₀,o′₃),(o′₁,o′₂),(o′₁,o′₃),(o′₂,o′₃) Obtaining a candidate recovery information sequence B after the processing is finished;

6.6 step of calculating the reliability aa from aa_iThe specific method of (3) is formula (19):

Images