CN112131596B - Encryption and decryption method, equipment and storage medium - Google Patents

Encryption and decryption method, equipment and storage medium Download PDF

Info

Publication number
CN112131596B
CN112131596B CN202011065850.1A CN202011065850A CN112131596B CN 112131596 B CN112131596 B CN 112131596B CN 202011065850 A CN202011065850 A CN 202011065850A CN 112131596 B CN112131596 B CN 112131596B
Authority
CN
China
Prior art keywords
intermediate value
decryption
encryption
ciphertext
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011065850.1A
Other languages
Chinese (zh)
Other versions
CN112131596A (en
Inventor
李奀林
王学进
胡伯良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN202011065850.1A priority Critical patent/CN112131596B/en
Publication of CN112131596A publication Critical patent/CN112131596A/en
Application granted granted Critical
Publication of CN112131596B publication Critical patent/CN112131596B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/58Random or pseudo-random number generators
    • G06F7/588Random number generators, i.e. based on natural stochastic processes

Abstract

The present disclosure provides an encryption and decryption method, apparatus, and storage medium. In the application, the main encryption device generates a first encryption intermediate value by using a first random number and generates a second encryption intermediate value according to the first random number and a first public key; the encryption device receives the third encrypted intermediate value and the fourth encrypted intermediate value sent by at least one other encryption device; the encryption equipment determines a first part of ciphertext through the first encryption intermediate value and the third encryption intermediate value, and determines a second part of ciphertext and a third part of ciphertext through the second encryption intermediate value, the fourth encryption intermediate value and plaintext; and the encryption equipment generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sends the encrypted ciphertext to the decryption equipment. Therefore, the encrypted ciphertext is generated through the random numbers and the public key of the multiple parties, the random numbers of the parties cannot be leaked in the encryption process, and the plaintext is obtained through decryption through the private keys of the multiple parties in the decryption process, so that the security of data encryption is improved.

Description

Encryption and decryption method, equipment and storage medium
Technical Field
The present disclosure relates to the field of encryption and decryption technologies, and in particular, to an encryption and decryption method, device, and storage medium.
Background
With the development and application of encryption and decryption technologies, the encryption and decryption technologies have an increasingly important position in the digital world. Administrative examination and approval, electronic contracts, electronic invoices, network transaction payment and the like based on network services all adopt encryption and decryption technologies to guarantee the safety of the services.
In the prior art, a user uses the public key of the user in an encryption process, and the user uses the private key of the user in a decryption process. The user encrypts and decrypts data by making up a key pair with the public and private keys. However, the security of data encryption in this method is relatively low, and therefore, the present disclosure urgently needs a new method for improving the security of data encryption.
Disclosure of Invention
The present disclosure provides an encryption and decryption method, apparatus, and storage medium for improving security of data encryption.
In a first aspect, the present disclosure provides an encryption method, the method comprising:
the encryption equipment serving as the main equipment generates a first encryption intermediate value by using a first random number and generates a second encryption intermediate value according to the first random number and a first public key;
the encryption device receives at least one of the third encrypted intermediate value and the fourth encrypted intermediate value transmitted as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption equipment by using the second random number and a second public key;
the encryption device determining a first portion of ciphertext from the first encrypted intermediate value and the third encrypted intermediate value, and determining a second portion of ciphertext and a third portion of ciphertext using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext;
and the encryption equipment generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sends the encrypted ciphertext to decryption equipment.
In the embodiment, the encrypted ciphertext is generated by the random numbers and the public key of multiple parties, the random numbers of the parties cannot be leaked in the encryption process, and any party cannot independently generate the encrypted ciphertext, so that the security of data encryption is improved.
In one embodiment, the encryption device as the master device generates a first encrypted intermediate value using a first random number, including:
the encryption device multiplies the first random number by a base point on an elliptic curve point to obtain the first encrypted intermediate value.
The embodiment generates the first encryption intermediate value through the first random number of the encryption device, so as to improve the security of encryption.
In one embodiment, the encryption device generates a second encrypted intermediate value from the first random number and the first public key, including:
and the encryption equipment multiplies the first random number and the first public key to obtain the second encrypted intermediate value.
In the embodiment, the second encryption intermediate value is determined by the first random number and the first public key, so that the encryption security is improved.
In one embodiment, the determining, by the encryption device, the first portion of the ciphertext from the first encrypted intermediate value and the third encrypted intermediate value includes:
the encryption device adds the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext.
In the embodiment, the first part of ciphertext is obtained by adding the encrypted intermediate values, so that the security of data encryption is further ensured.
In one embodiment, the encryption device determines a second portion of ciphertext and a third portion of ciphertext using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext, comprising:
the encryption equipment performs addition operation on the second encryption intermediate value and the fourth encryption intermediate value to obtain position coordinates of elliptic curve points;
the encryption equipment converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
and the encryption equipment performs exclusive OR operation on the key stream and the plaintext to obtain the second part of ciphertext, and processes the position coordinates of the elliptic curve point and the plaintext through a hash function to obtain the third part of ciphertext.
In this embodiment, after the position coordinates of the elliptic curve point are obtained through the second encrypted intermediate value and the fourth encrypted intermediate value, the position coordinates of the elliptic curve are processed through the key derivation function and the hash function, so as to obtain the second partial ciphertext and the third partial ciphertext.
In one embodiment, before the encryption device as the master device generates the first encrypted intermediate value using the first random number, the method further includes:
the encryption equipment sends the storage space and the performance parameters of the encryption equipment to a server, so that the server can determine the encryption equipment serving as main equipment according to the storage space and the performance parameters of each encryption equipment;
and if the encryption equipment receives an instruction which is sent by the server and is used as the main equipment, determining that the encryption equipment is the main equipment.
In this embodiment, the master device is determined from the encryption devices according to the storage space and the performance parameters of the encryption devices, so as to ensure that the encryption process can be performed smoothly.
In a second aspect, the present disclosure provides an encryption method, the method comprising:
generating a third encrypted intermediate value by using the second random number by other encryption equipment as slave equipment; generating a fourth encrypted intermediate value according to the second random number and the second public key;
and the other encryption equipment sends the third encrypted intermediate value and the fourth encrypted intermediate value to encryption equipment serving as main equipment, so that the encryption equipment generates an encrypted ciphertext according to the first encrypted intermediate value and the second encrypted intermediate value in the encryption equipment, the third encrypted intermediate value, the fourth encrypted intermediate value and plaintext and sends the encrypted ciphertext to decryption equipment.
In one embodiment, the generating, by the other encryption device as the slave device, a third encrypted intermediate value using the second random number includes:
the other encryption device multiplies the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value.
In one embodiment, the other encryption device multiplies the second random number and the second public key to obtain the fourth encrypted intermediate value.
In one embodiment, before the other encryption device sends the third encrypted intermediate value and the fourth encrypted intermediate value to the encryption device serving as the master device, the method includes:
the other encryption equipment sends the storage space and the performance parameters of the other encryption equipment to the server, so that the server can determine the encryption equipment serving as the main equipment according to the storage space and the performance parameters of each encryption equipment;
and if the other encryption equipment receives an instruction of the encryption equipment as the main equipment, which is sent by the server, determining that the encryption equipment is the main equipment.
In a third aspect, the present disclosure provides a decryption method, the method comprising:
after receiving an encrypted ciphertext sent by an encryption device serving as a main device, a decryption device serving as the main device determines a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device;
the decryption device receiving at least one second decrypted intermediate value transmitted as a slave to other decryption devices;
and the decryption device decrypts through the first decryption intermediate value and the second decryption intermediate value to obtain a plaintext.
The embodiment decrypts through the private key of the multi-party decryption device, the private key of the embodiment cannot be leaked in the decryption process, and any party cannot decrypt the private key independently, so that the security of data decryption is improved.
In one embodiment, the determining, by the decryption device, a first decryption intermediate value using a first portion of the ciphertext and a first private key of the decryption device includes:
and the decryption equipment multiplies the first part of ciphertext by the first private key to obtain the first decrypted intermediate value.
In the embodiment, the first decryption intermediate value is obtained by multiplying the first part of ciphertext by the first private key, so that the leakage of the private key of the user is avoided.
In one embodiment, the decrypting device decrypts through the first decrypted intermediate value and the second decrypted intermediate value to obtain the plaintext, and includes:
the decryption device obtains the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
the decryption device converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
the decryption device carries out XOR operation on the key stream and the second part of ciphertext in the encrypted ciphertext to obtain decryption information, and carries out processing on the position coordinates of the elliptic curve point and the decryption information through a hash function to obtain a decryption abstract value;
the decryption device compares the decryption abstract value with a third part of ciphertext in the encrypted ciphertext;
and if so, the decryption equipment determines the decryption message as the plaintext and outputs the plaintext.
In this embodiment, the elliptic curve point is obtained through the first decrypted intermediate value and the second decrypted intermediate value, and then the elliptic curve point is processed by using the preset function, so as to obtain the plaintext.
In one embodiment, the decrypting device obtaining the position coordinates of the elliptic curve point according to the first decrypted intermediate value and the second decrypted intermediate value includes:
and the decryption device adds the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinates of the elliptic curve point.
In the embodiment, the position coordinates of the elliptic curve point are obtained by adding the decryption intermediate values, so that the security of data encryption is further ensured.
In one embodiment, before the decryption device determines the first decryption intermediate value using the first portion of the ciphertext and the first private key of the decryption device, the method further comprises:
the decryption device sends the storage space and the performance parameters of the decryption device to the server, so that the server can determine the decryption device serving as the main device according to the storage space and the performance parameters of each decryption device;
and if the decryption device receives an instruction which is sent by the server and is used as the main device, determining that the decryption device is the main device.
In this embodiment, the storage space and the performance parameter of each decryption device are used to determine the master device from each decryption device, so as to ensure that the decryption device serving as the master device can decrypt to obtain the plaintext.
In a fourth aspect, the present disclosure provides a decryption method, the method comprising:
after other decryption equipment serving as slave equipment receives the encrypted ciphertext sent by the encryption equipment serving as master equipment, determining a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a second private key of the other decryption equipment;
and the other decryption equipment sends the second decryption intermediate value to decryption equipment serving as main equipment, so that the decryption equipment can decrypt according to the first decryption intermediate value and the second decryption intermediate value in the decryption equipment to obtain a plaintext.
In one embodiment, the determining, by the other decryption device, a second decryption intermediate value using the first portion of the ciphertext in the encrypted message and a second private key of the other decryption device includes:
and the other decryption equipment multiplies the first part of ciphertext and the second private key to obtain a second decryption intermediate value.
In one embodiment, before the other decryption device determines the second decryption intermediate value by using the first part of the ciphertext in the encrypted message and the second private key of the other decryption device, the method further includes:
the other decryption devices send the storage space and the performance parameters of the other decryption devices to the server, so that the server can determine the decryption device serving as the main device according to the storage space and the performance parameters of each decryption device;
and if the other decryption equipment receives an instruction of the decryption equipment as the main equipment, which is sent by the server, determining that the decryption equipment is the main equipment.
In a fifth aspect, the present disclosure provides an encryption apparatus as a master apparatus, the encryption apparatus comprising:
a first encrypted intermediate value generation module for generating a first encrypted intermediate value using a first random number;
the second encrypted intermediate value generating module is used for generating a second encrypted intermediate value according to the first random number and the first public key;
a first receiving module, configured to receive at least one of the third encrypted intermediate value and the fourth encrypted intermediate value sent as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption equipment by using the second random number and a second public key;
a first partial ciphertext determination module to determine a first partial ciphertext from the first encrypted intermediate value and the third encrypted intermediate value;
the other part ciphertext determining module is used for determining a second part ciphertext and a third part ciphertext by using the second encrypted intermediate value, the fourth encrypted intermediate value and the plaintext;
and the ciphertext sending module is used for generating an encrypted ciphertext by the encryption equipment according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sending the encrypted ciphertext to the decryption equipment.
In an embodiment, the first encrypted intermediate value generating module is specifically configured to:
and multiplying the first random number by a base point on an elliptic curve point to obtain the first encryption intermediate value.
In an embodiment, the second encrypted intermediate value generating module is specifically configured to:
and multiplying the first random number and the first public key to obtain the second encrypted intermediate value.
In one embodiment, the first partial ciphertext determination module is specifically configured to:
adding the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext.
In an embodiment, the other-part ciphertext determination module is specifically configured to:
performing addition operation on the second encrypted intermediate value and the fourth encrypted intermediate value to obtain position coordinates of elliptic curve points;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
and carrying out XOR operation on the key stream and the plaintext to obtain the second part of ciphertext, and processing the position coordinates of the elliptic curve point and the plaintext through a hash function to obtain the third part of ciphertext.
In one embodiment, the encryption device further comprises:
the first sending module is used for sending the storage space and the performance parameters of the equipment to a server before generating a first encryption intermediate value by using a first random number, so that the server can determine the encryption equipment serving as main equipment according to the storage space and the performance parameters of each encryption equipment;
and the first encryption main equipment determining module is used for determining that the encryption equipment is the main equipment if the encryption equipment receives an instruction which is sent by the server and is used as the main equipment.
In a sixth aspect, the present disclosure provides an encryption device as a slave device, the encryption device comprising:
a third encrypted intermediate value generation module for generating a third encrypted intermediate value using the second random number;
a fourth encrypted intermediate value generating module, configured to generate a fourth encrypted intermediate value according to the second random number and the second public key;
and the second sending module is configured to send the third encrypted intermediate value and the fourth encrypted intermediate value to an encryption device serving as a master device, so that the encryption device generates an encrypted ciphertext according to the first encrypted intermediate value and the second encrypted intermediate value in the encryption device, the third encrypted intermediate value, the fourth encrypted intermediate value, and a plaintext, and sends the encrypted ciphertext to a decryption device.
In an embodiment, the third encrypted intermediate value generating module is specifically configured to:
and multiplying the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value.
In an embodiment, the fourth encrypted intermediate value generating module is specifically configured to:
and multiplying the second random number and the second public key to obtain the fourth encrypted intermediate value.
In one embodiment, the encryption device further comprises:
a third sending module, configured to send a storage space and performance parameters of the third encrypted intermediate value and the fourth encrypted intermediate value to a server before sending the third encrypted intermediate value and the fourth encrypted intermediate value to an encryption device serving as a master device, so that the server determines the encryption device serving as the master device according to the storage space and the performance parameters of each encryption device;
a second encryption master device determining module, configured to determine that the encryption device is the master device if the other encryption devices receive an instruction, sent by the server, that the encryption device is the master device.
In a seventh aspect, the present disclosure provides a decryption device as a master device, the decryption device comprising:
the first decryption intermediate value determining module is used for determining a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device after receiving the encrypted ciphertext sent by the encryption device serving as the main device;
a second receiving module, configured to receive at least one second decrypted intermediate value sent as a slave device from another decryption device;
and the decryption module is used for decrypting through the first decryption intermediate value and the second decryption intermediate value to obtain a plaintext.
In an embodiment, the first decryption intermediate value determining module is specifically configured to:
and multiplying the first part of ciphertext by the first private key to obtain the first decrypted intermediate value.
In one embodiment, the decryption module is specifically configured to:
obtaining the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
performing exclusive-or operation on the key stream and a second part of ciphertext in the encrypted ciphertext to obtain a decrypted message, and processing the position coordinates of the elliptic curve point and the decrypted message through a hash function to obtain a decrypted digest value;
comparing the decryption abstract value with a third part of ciphertext in the encrypted text;
and if so, determining the decryption message as the plaintext and outputting the plaintext.
In one embodiment, the decryption module is specifically configured to:
and adding the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinate of the elliptic curve point.
In one embodiment, the decryption device further comprises:
a fourth sending module, configured to send, by the decryption device, a storage space and performance parameters of the decryption device to the server before determining the first decryption intermediate value by using the first part of the ciphertext in the encrypted text and the first private key of the decryption device, so that the server determines, according to the storage space and the performance parameters of each decryption device, the decryption device serving as the main device;
and the first decryption main device determining module is used for determining that the decryption device is the main device if the decryption device receives an instruction which is sent by the server and is used as the main device.
In an eighth aspect, the present disclosure provides a decryption device as a slave device, the decryption device comprising:
the second decryption intermediate value determining module is used for determining a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and second private keys of other decryption devices after receiving the encrypted ciphertext sent by the encryption device serving as the main device;
and a fifth sending module, configured to send the second decrypted intermediate value to a decryption device serving as a master device, so that the decryption device decrypts according to the first decrypted intermediate value and the second decrypted intermediate value in the decryption device, and obtains a plaintext.
In an embodiment, the second decryption intermediate value determining module is specifically configured to:
and the other decryption equipment multiplies the first part of ciphertext and the second private key to obtain a second decryption intermediate value.
In one embodiment, the decryption device further comprises:
a sixth sending module, configured to send a storage space and performance parameters of the server to the server before determining a second decryption intermediate value by using the first part of the ciphertext in the encrypted ciphertext and the second private key of the other decryption device, so that the server determines, according to the storage space and the performance parameters of each decryption device, the decryption device serving as the main device;
a second decryption master determining module, configured to determine that the decryption device is the master device if the other decryption devices receive an instruction, sent by the server, that the decryption device is the master device.
According to a ninth aspect of embodiments of the present disclosure, there is provided an electronic device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first and/or second and/or third and/or fourth aspects.
According to a tenth aspect provided by embodiments of the present disclosure, there is provided a computer storage medium storing a computer program for executing the method according to the first and/or second and/or third and/or fourth aspect.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.
FIG. 1 is a schematic diagram of a suitable scenario in accordance with an embodiment of the present disclosure;
FIG. 2 is one of the flow diagrams of an encryption method according to an embodiment of the present disclosure;
FIG. 3 is a second flowchart of an encryption method according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram illustrating an application scenario for determining a master device according to an embodiment of the present disclosure;
FIG. 5 is a third exemplary flowchart of an encryption method according to an embodiment of the present disclosure;
FIG. 6 is a fourth flowchart illustration of an encryption method in one embodiment of the present disclosure;
FIG. 7 is one of exemplary diagrams of a flow of a decryption method according to one embodiment of the disclosure;
FIG. 8 is a second exemplary flowchart of a decryption method according to an embodiment of the present disclosure;
FIG. 9 is a third exemplary flowchart of a decryption method according to an embodiment of the present disclosure;
FIG. 10 is a fourth flowchart illustration of a decryption method in one embodiment of the present disclosure;
FIG. 11 is a schematic diagram of an encryption device as a master device in one embodiment of the present disclosure;
FIG. 12 is a schematic diagram of an encryption device as a slave device in one embodiment of the present disclosure;
FIG. 13 is a block diagram of a decryption device as a master device in one embodiment of the present disclosure;
FIG. 14 is a schematic diagram of a decryption device as a slave device in one embodiment of the present disclosure;
fig. 15 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
To further illustrate the technical solutions provided by the embodiments of the present disclosure, the following detailed description is made with reference to the accompanying drawings and the specific embodiments. Although the disclosed embodiments provide method steps as shown in the following embodiments or figures, more or fewer steps may be included in the method based on conventional or non-inventive efforts. In steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by the disclosed embodiments. The method can be executed in the order of the embodiments or the method shown in the drawings or in parallel in the actual process or the control device.
The term "plurality" in the embodiments of the present disclosure means two or more, and other terms are used similarly, it being understood that the preferred embodiments described herein are only for illustrating and explaining the present disclosure, and are not intended to limit the present disclosure, and that the embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
The inventor researches and discovers that the public key and the private key of a single user are only used for data encryption and data decryption in the prior art. This results in less security for data encryption.
Accordingly, the present disclosure provides an encryption and decryption method, apparatus, and storage medium. And generating an encryption ciphertext through the random number and the public key of the multi-party user, thereby realizing the encryption of the data. In addition, random numbers of the users cannot be leaked in the encryption process, and any party cannot independently generate an encryption ciphertext, so that the security of data encryption is improved. The present disclosure will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an application scenario of the present disclosure includes terminal device 110, terminal device 120, terminal device 130, terminal device 140, and terminal device 150. In fig. 1, five terminal devices are taken as an example, and the number of terminal devices is not limited in practice. The terminal equipment can be a mobile phone, a tablet computer, a personal computer and the like.
In one possible application scenario, a terminal device is taken as an example for explanation. The terminal device 110 is an encryption device as a master device. The terminal device 120, the terminal device 130, and the terminal device 140 are encryption devices as slave devices. The terminal device 150 functions as a decryption device. Terminal device 110 generates a first encrypted intermediate value using the first random number and a second encrypted intermediate value based on the first random number and the first public key. Terminal device 120, terminal device 130, and terminal device 140 each send the third encrypted intermediate value and the fourth encrypted intermediate value to terminal device 110. After the terminal device 110 receives the third encrypted intermediate value and the fourth encrypted intermediate value sent by the other terminal device, the terminal device 110 determines a first part of ciphertext according to the first encrypted intermediate value and the third encrypted intermediate value, and determines a second part of ciphertext and a third part of ciphertext by using the second encrypted intermediate value, the fourth encrypted intermediate value and plaintext; then, the terminal device 110 generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext, and the third part of ciphertext, and sends the encrypted ciphertext to the terminal device 150 for decryption.
It should be noted that the decryption device for performing decryption may be any terminal device in the encryption device, or may be another terminal device, and the disclosure is not limited herein.
As shown in fig. 2, a flow diagram of the encryption method of the present disclosure includes the following steps:
step 201: the encryption equipment serving as the main equipment generates a first encryption intermediate value by using a first random number and generates a second encryption intermediate value according to the first random number and a first public key;
in one embodiment, the encryption device multiplies the first random number by a base point on an elliptic curve point to obtain the first random numberThe first encrypted intermediate value. The first encrypted intermediate value Q can be determined by equation (1)1
Q1=k1×G (1);
Wherein k is1Is a first random number, and G is a base point on the elliptic curve point.
Therefore, the first encryption intermediate value is generated by the first random number of the encryption device, so that the encryption security is improved.
In one embodiment, the encryption device multiplies the first random number and the first public key to obtain the second encrypted intermediate value. The second encrypted intermediate value Q can be determined by equation (2)2
Q2=k1×P1 (2);
Wherein, P1Is the first public key.
Therefore, the second encryption intermediate value is determined through the first random number and the first public key, and the encryption safety is improved.
Step 202: the encryption device receives at least one of the third encrypted intermediate value and the fourth encrypted intermediate value transmitted as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption equipment by using the second random number and a second public key;
step 203: the encryption device determining a first portion of ciphertext from the first encrypted intermediate value and the third encrypted intermediate value, and determining a second portion of ciphertext and a third portion of ciphertext using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext;
in one embodiment, the determination of the first portion of ciphertext in step 203 may be embodied as: the encryption device adds the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext C1
C1=Q1+Q3 (1)+Q3 (2)+…+Q3 (i)+…Q3 (n) (3);
Wherein Q is3 (i)A third encrypted intermediate value sent for the ith other device, and i ═ 1,2, … n; n equals the number of other encryption devices.
Therefore, the first part of ciphertext is obtained by adding the encrypted intermediate values, so that the security of data encryption is further ensured.
In one embodiment, the determination of the second portion of ciphertext and the third portion of ciphertext in step 203, as described above, may include the following steps, as shown in fig. 3:
step 301: the encryption equipment performs addition operation on the second encryption intermediate value and the fourth encryption intermediate value to obtain position coordinates of elliptic curve points; the position coordinates of the elliptic curve points can be determined by equation (4):
(x2,y2)=Q2+Q4 (1)+Q4 (2)+…+Q4 (i)+…Q4 (n) (4);
wherein x is2The abscissa which is the position coordinate of the elliptic curve point; y is2Is the ordinate of the position coordinate of the elliptic curve point; q4 (i)A fourth encrypted intermediate value sent for the ith other device, and i ═ 1,2, … n; n equals the number of other encryption devices.
Step 302: the encryption equipment converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream; wherein the keystream t can be derived from equation (5):
t=KDF(x2||y2,klen) (5);
the KDF is a key derivation function.
Step 303: the encryption equipment carries out XOR operation on the key stream and the plaintext to obtain the second part of ciphertext; wherein the second partial ciphertext C may be determined by equation (6)2
Figure BDA0002713738020000151
Wherein M is plaintext.
Step 304: and processing the position coordinates of the elliptic curve points and the plaintext through a hash function to obtain the third part of ciphertext. Wherein the third portion of ciphertext C may be determined by equation (7)3
C3=hash(x2||M||y2) (7);
Wherein the Hash is a Hash function.
Thus, after the position coordinates of the elliptic curve point are obtained by the second encrypted intermediate value and the fourth encrypted intermediate value, the position coordinates of the elliptic curve are processed by the function, so that the second partial ciphertext and the third partial ciphertext are obtained.
Step 204: and the encryption equipment generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sends the encrypted ciphertext to decryption equipment.
Thus, after the position coordinates of the elliptic curve point are obtained by the second encrypted intermediate value and the fourth encrypted intermediate value, the position coordinates of the elliptic curve are processed by the key derivation function and the hash function, so that the second partial ciphertext and the third partial ciphertext are obtained.
In order to ensure that the encryption process can be performed smoothly, before performing step 201, in an embodiment, the encryption device sends its storage space and performance parameters to a server, so that the server determines the encryption device as a main device according to the storage space and performance parameters of each encryption device; and if the encryption equipment receives an instruction which is sent by the server and is used as the main equipment, determining that the encryption equipment is the main equipment.
For example, as shown in fig. 4, the encryption device includes a device 401, a device 402, a device 403, and a device 404. Each of the four devices sends its own storage space and performance parameters to the server 405. The server determines the main device according to the storage spaces and the performance parameters of the four devices, wherein the selected rule can be as follows: firstly, selecting the equipment with the performance parameters meeting the preset conditions according to the performance parameters of each equipment, then selecting the equipment with the largest storage space from the selected equipment, and determining the equipment as the main equipment. If it is determined that the device 402 is the master device, the server 405 sends a control instruction as the master device to the device 402, and the device 402 determines that itself is the master device.
Therefore, the main device is determined from the encryption devices according to the storage space and the performance parameters of the encryption devices, so that the encryption device serving as the main device can ensure that the encryption process can be smoothly carried out.
Based on the same inventive concept, the present disclosure further provides an encryption method, as shown in fig. 5, a flow diagram of the encryption method of the present disclosure may include the following steps:
step 501: generating a third encrypted intermediate value by using the second random number by other encryption equipment as slave equipment; generating a fourth encrypted intermediate value according to the second random number and the second public key;
in one embodiment, the other encryption device multiplies the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value. Determining the third encrypted intermediate value by equation (8):
Q3 (i)=k2 (i)×G (8);
wherein Q is3 (i)For the third encrypted intermediate value, k, of the ith further encryption device2 (i)A second random number generated for the ith other encryption device, and i ═ 1,2, … n; n equals the number of other encryption devices.
Therefore, the third encrypted intermediate value is obtained by multiplying the second random number by the base point on the elliptic curve point, so that the second random number of the user is prevented from being leaked.
In one embodiment, the other encryption device multiplies the second random number and the second public key to obtain the fourth encrypted intermediate value. Determining the fourth encrypted intermediate value by equation (9):
Q4 (i)=k2 (i)×P2 (i) (9);
wherein Q is4 (i)Encrypting the intermediate value, P, for the 4 th encryption device of the ith other encryption device2 (i)Is the second public key of the ith other encryption device, and i is 1,2, … n; n is the number of other encryption devices.
Step 502: and the other encryption equipment sends the third encrypted intermediate value and the fourth encrypted intermediate value to encryption equipment serving as main equipment, so that the encryption equipment generates an encrypted ciphertext according to the first encrypted intermediate value and the second encrypted intermediate value in the encryption equipment, the third encrypted intermediate value, the fourth encrypted intermediate value and plaintext and sends the encrypted ciphertext to decryption equipment.
Therefore, the second encrypted intermediate value and the fourth encrypted intermediate value of other decryption devices are sent to the encryption device serving as the main device, so that the main device can generate the encrypted ciphertext through the random numbers and the public key of multiple parties, the random numbers of all encryption devices cannot be leaked in the encryption process, and any party cannot generate the encrypted ciphertext independently, so that the security of data encryption is improved.
In order to ensure that the encryption process can be smoothly performed, before performing step 501, in an embodiment, the other encryption devices send their own storage spaces and performance parameters to the server, so that the server determines the encryption device serving as the primary device according to the storage spaces and performance parameters of the encryption devices; and if the other encryption equipment receives an instruction of the encryption equipment as the main equipment, which is sent by the server, determining that the encryption equipment is the main equipment.
For example, as shown in fig. 4, when the server 405 determines that 402 is the master device, it sends an instruction to the device 402 as the master device. An instruction that the device 402 is the master device is sent to the other device so that the other encryption device sends the third encrypted intermediate value and the fourth encrypted intermediate value to the encryption device that is the master device.
Therefore, the main device is determined from the encryption devices according to the storage space and the performance parameters of the encryption devices, so that the encryption device serving as the main device can ensure that the encryption process can be smoothly carried out.
For further understanding of the technical solution of the present disclosure, the following detailed description with reference to fig. 6 may include the following steps:
step 601: the encryption equipment sends the storage space and the performance parameters of the encryption equipment to a server, so that the server can determine the encryption equipment serving as main equipment according to the storage space and the performance parameters of each encryption equipment;
step 602: if the encryption equipment receives an instruction which is sent by the server and is used as main equipment, determining that the encryption equipment is the main equipment;
step 603: the encryption equipment serving as the main equipment generates a first encryption intermediate value by using a first random number and generates a second encryption intermediate value according to the first random number and a first public key;
step 604: the encryption device receives at least one of the third encrypted intermediate value and the fourth encrypted intermediate value transmitted as slave devices from other encryption devices;
step 605: the encryption device determining a first portion of ciphertext from the first encrypted intermediate value and the third encrypted intermediate value, and determining a second portion of ciphertext and a third portion of ciphertext using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext;
step 606: and the encryption equipment generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sends the encrypted ciphertext to decryption equipment.
After introducing the encryption method of the present disclosure, the present disclosure further provides a decryption method, as shown in fig. 7, a flowchart of the decryption method of the present disclosure includes the following steps:
step 701: after receiving an encrypted ciphertext sent by an encryption device serving as a main device, a decryption device serving as the main device determines a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device;
in one embodiment, the decryption device multiplies the first portion of the ciphertext by the first private key to obtain the first decrypted intermediate value. For example, the first decrypted intermediate value D may be determined by equation (10)1
D1=C1×d1 (10);
Wherein d is1Is the first private key.
Therefore, the first decryption intermediate value is obtained by multiplying the first part of ciphertext and the first private key, so that the leakage of the private key of the user is avoided.
Step 702: the decryption device receiving at least one second decrypted intermediate value transmitted as a slave to other decryption devices;
step 703: and the decryption device decrypts through the first decryption intermediate value and the second decryption intermediate value to obtain a plaintext.
In one embodiment, step 703 may be implemented as: as shown in fig. 8, the following steps may be included:
step 801: the decryption device obtains the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
in one embodiment, step 801 may be embodied as: the decryption device adds the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinates of the elliptic curve point; determining the position coordinates of the elliptic curve points by the formula (11):
(x2,y2)=D1+D2 (1)+D2 (2)+…+D2 (i)+…+D2 (n) (11);
wherein x is2Is the abscissa, y, of the position coordinate of the point of the elliptic curve2Is the ordinate of the position coordinate of the elliptic curve point; d2 (i)A second decrypted intermediate value sent for the ith other decryption device, and i is 1,2, … n; n is other solutionThe number of secret devices.
Therefore, the position coordinates of the elliptic curve points are obtained by adding the decryption intermediate values, so that the security of data encryption is further ensured.
Step 802: the decryption device converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
step 803: the decryption device carries out XOR operation on the key stream and the second part of ciphertext in the encrypted ciphertext to obtain decryption information, and carries out processing on the position coordinates of the elliptic curve point and the decryption information through a hash function to obtain a decryption abstract value;
step 804: the decryption device judges whether the decryption digest value is equal to a third part of ciphertext in the encrypted ciphertext;
step 805: if the decryption information is equal to the plaintext, the decryption device determines that the decryption information is the plaintext and outputs the plaintext;
step 806: and if not, exiting.
Thus, the elliptic curve points are obtained through the first decryption intermediate value and the second decryption intermediate value, and then the elliptic curve points are processed by using the key derivation function and the hash function to obtain the plaintext.
Before step 701 is executed, in order to ensure that the decryption process can be performed smoothly, in an embodiment, the decryption device sends its storage space and performance parameters to a server, so that the server determines the decryption device serving as a master device according to the storage space and performance parameters of each decryption device; and if the decryption device receives an instruction which is sent by the server and is used as the main device, determining that the decryption device is the main device.
The method for determining the master device in the decryption process is the same as the method for determining the master device in the encryption process, and the details of the disclosure are not repeated herein.
Therefore, the main device is determined from the decryption devices through the storage space and the performance parameters of the decryption devices, so that the decryption device serving as the main device can decrypt and obtain the plaintext.
Based on the same inventive concept as the decryption method, the disclosure also provides a decryption method, which has similar effects to the aforementioned method and is not repeated herein. As shown in fig. 9, a flowchart of the decryption method of the present disclosure may include the following steps:
step 901: after other decryption equipment serving as slave equipment receives the encrypted ciphertext sent by the encryption equipment serving as master equipment, determining a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a second private key of the other decryption equipment;
in one embodiment, step 901 may be embodied as: the other decryption device encrypts the first partial ciphertext C1And multiplying the intermediate value by the second private key to obtain the second decrypted intermediate value. The second decrypted intermediate value D may be determined by equation (12)2 (i)
D2 (i)=C1×d2 (i) (12);
Wherein D is2 (i)For second decrypted intermediate values of the ith other decryption device, d2 (i)The second private key of the ith other decryption device, and i ═ 1,2, … n; n is the number of other decryption devices.
Step 902: and the other decryption equipment sends the second decryption intermediate value to decryption equipment serving as main equipment, so that the decryption equipment can decrypt according to the first decryption intermediate value and the second decryption intermediate value in the decryption equipment to obtain a plaintext.
Before executing step 901, in order to ensure that the decryption process can be performed smoothly, in an embodiment, the other decryption devices send their own storage spaces and performance parameters to the server, so that the server determines the decryption device serving as the main device according to the storage spaces and performance parameters of the decryption devices; and if the other decryption equipment receives an instruction of the decryption equipment as the main equipment, which is sent by the server, determining that the decryption equipment is the main equipment.
For further understanding of the technical solution of the present disclosure, the following detailed description with reference to fig. 10 may include the following steps:
step 1001: the decryption device sends the storage space and the performance parameters of the decryption device to the server, so that the server can determine the decryption device serving as the main device according to the storage space and the performance parameters of each decryption device;
step 1002: if the decryption device receives an instruction which is sent by the server and is used as a main device, determining that the decryption device is the main device;
step 1003: after receiving an encrypted ciphertext sent by an encryption device serving as a main device, a decryption device serving as the main device determines a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device;
step 1004: the decryption device receiving at least one second decrypted intermediate value transmitted as a slave to other decryption devices;
step 1005: and the decryption device decrypts through the first decryption intermediate value and the second decryption intermediate value to obtain a plaintext.
The decryption method of the present disclosure as described above can also be implemented by an encryption device as a master device based on the same inventive concept. The effect of the encryption device is similar to that of the aforementioned method, and is not described herein again.
Fig. 11 is a schematic structural diagram of an encryption device as a master device according to one embodiment of the present disclosure.
As shown in fig. 11, an encryption device 1100 that is a master device of the present disclosure may include a first encryption intermediate value generation module 1110, a second encryption intermediate value generation module 1120, a first reception module 1130, a first partial ciphertext determination module 1140, an other partial ciphertext determination module 1150, and a ciphertext transmission module 1160.
A first encrypted intermediate value generating module 1110 for generating a first encrypted intermediate value using a first random number;
a second encrypted intermediate value generating module 1120, configured to generate a second encrypted intermediate value according to the first random number and the first public key;
a first receiving module 1130, configured to receive at least one of the third encrypted intermediate value and the fourth encrypted intermediate value sent as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption equipment by using the second random number and a second public key;
a first partial ciphertext determination module 1140, configured to determine a first partial ciphertext from the first encrypted intermediate value and the third encrypted intermediate value;
a other-part ciphertext determining module 1150, configured to determine a second part ciphertext and a third part ciphertext by using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext;
a ciphertext sending module 1160, configured to generate an encrypted ciphertext by the encryption device according to the first portion of the ciphertext, the second portion of the ciphertext, and the third portion of the ciphertext, and send the encrypted ciphertext to a decryption device.
In an embodiment, the first encrypted intermediate value generating module 1110 is specifically configured to:
and multiplying the first random number by a base point on an elliptic curve point to obtain the first encryption intermediate value.
In an embodiment, the second encrypted intermediate value generating module 1120 is specifically configured to:
and multiplying the first random number and the first public key to obtain the second encrypted intermediate value.
In an embodiment, the first partial ciphertext determination module 1140 is specifically configured to:
adding the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext.
In an embodiment, the other-part ciphertext determining module 1150 is specifically configured to:
performing addition operation on the second encrypted intermediate value and the fourth encrypted intermediate value to obtain position coordinates of elliptic curve points;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
and carrying out XOR operation on the key stream and the plaintext to obtain the second part of ciphertext, and processing the position coordinates of the elliptic curve point and the plaintext through a hash function to obtain the three parts of ciphertext.
In one embodiment, the encryption device further comprises:
a first sending module 1170, configured to send the storage space and the performance parameter of the device to a server before generating the first encrypted intermediate value using the first random number, so that the server determines, according to the storage space and the performance parameter of each piece of encryption equipment, an encryption equipment serving as a main device;
a first encrypted master device determining module 1180, configured to determine that the encrypted device is the master device itself if the encrypted device receives an instruction, sent by the server, as the master device.
Fig. 12 is a schematic structural diagram of an encryption device as a slave device according to the present disclosure, and an encryption device 1200 as a slave device according to the present disclosure may include a third encrypted intermediate value generation module 1210, a fourth encrypted intermediate value generation module 1220, and a second transmission module 1230.
A third encrypted intermediate value generating module 1210 for generating a third encrypted intermediate value using the second random number;
a fourth encrypted intermediate value generating module 1220, configured to generate a fourth encrypted intermediate value according to the second random number and the second public key;
a second sending module 1230, configured to send the third encrypted intermediate value and the fourth encrypted intermediate value to an encryption device serving as a master device, so that the encryption device generates an encrypted ciphertext according to the first encrypted intermediate value and the second encrypted intermediate value in the encryption device, the third encrypted intermediate value, the fourth encrypted intermediate value, and a plaintext, and sends the encrypted ciphertext to a decryption device.
In an embodiment, the third encrypted intermediate value generating module 1210 is specifically configured to:
and multiplying the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value.
In an embodiment, the fourth encrypted intermediate value generating module 1220 is specifically configured to:
and multiplying the second random number and the second public key to obtain the fourth encrypted intermediate value.
In one embodiment, the encryption device further comprises:
a third sending module 1240, configured to send a storage space and performance parameters of the server before sending the third encrypted intermediate value and the fourth encrypted intermediate value to the encryption device serving as the master device, so that the server determines the encryption device serving as the master device according to the storage space and the performance parameters of each encryption device;
a second encrypted master device determining module 1250, configured to determine that the encrypted device is the master device if the other encrypted devices receive the instruction, sent by the server, that the encrypted device is the master device.
Fig. 13 is a schematic diagram of a configuration of a decryption device as a master device in the present disclosure. The decryption device 1300, which is a master device, includes a first decryption intermediate value determination module 1310, a second reception module 1320, and a decryption module 1330.
A first decryption intermediate value determining module 1310, configured to determine a first decryption intermediate value by using a first part of ciphertext in an encrypted ciphertext and a first private key of a decryption device after receiving an encrypted ciphertext sent by an encryption device serving as a master device;
a second receiving module 1320, configured to receive at least one second decrypted intermediate value sent as a slave device from other decrypting devices;
the decryption module 1330 is configured to decrypt through the first decrypted intermediate value and the second decrypted intermediate value to obtain a plaintext.
In an embodiment, the first decryption intermediate value determining module 1310 is specifically configured to:
and multiplying the first part of ciphertext by the first private key to obtain the first decrypted intermediate value.
In an embodiment, the decryption module 1330 is specifically configured to:
obtaining the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
performing exclusive-or operation on the key stream and a second part of ciphertext in the encrypted ciphertext to obtain a decrypted message, and processing the position coordinates of the elliptic curve point and the decrypted message through a hash function to obtain a decrypted digest value;
comparing the decryption abstract value with a third part of ciphertext in the encrypted text;
and if so, determining the decrypted message as a plaintext and outputting the plaintext.
In an embodiment, the decryption module 1330 is specifically configured to:
and adding the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinate of the elliptic curve point.
In one embodiment, the decryption device further comprises:
a fourth sending module 1340, configured to send, by the decryption device, a storage space and performance parameters of the decryption device to the server before determining the first decryption intermediate value by using the first part of the ciphertext in the encrypted message and the first private key of the decryption device, so that the server determines, according to the storage space and the performance parameters of each decryption device, the decryption device serving as the main device;
the first decryption master determining module 1350 is configured to determine that the decryption device is the master device if the decryption device receives an instruction sent by the server as the master device.
Fig. 14 is a schematic diagram showing the configuration of a decryption device as a slave device, and a decryption device 1400 as a slave device includes a second decrypted intermediate value determination module 1410 and a fifth transmission module 1420.
A second decryption intermediate value determining module 1410, configured to determine a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a second private key of the other decryption device after receiving the encrypted ciphertext sent by the encryption device serving as the master device;
a fifth sending module 1420, configured to send the second decrypted intermediate value to a decryption device serving as a master device, so that the decryption device decrypts according to the first decrypted intermediate value and the second decrypted intermediate value in the decryption device to obtain a plaintext.
In an embodiment, the second decryption intermediate value determining module 1410 is specifically configured to:
and the other decryption equipment multiplies the first part of ciphertext and the second private key to obtain a second decryption intermediate value.
In one embodiment, the decryption device further comprises:
a sixth sending module 1430, configured to send a storage space and performance parameters of the server before determining a second decryption intermediate value by using the first part of the ciphertext in the encrypted text and the second private key of the other decryption device, so that the server determines, according to the storage space and the performance parameters of each decryption device, the decryption device serving as the main device;
a second decryption master determining module 1440, configured to determine that the decryption device is the master device if the other decryption devices receive the instruction, sent by the server, that the decryption device is the master device.
Having described an encryption method and apparatus according to an exemplary embodiment of the present application, a structure of an electronic apparatus according to another exemplary embodiment of the present application, which may be the encryption apparatus and/or the decryption apparatus described above, is described next.
As will be appreciated by one skilled in the art, aspects of the present application may be embodied as a system, method or program product. Accordingly, various aspects of the present application may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
In some possible implementations, an electronic device in accordance with the present application may include at least one processor, and at least one computer storage medium. The computer storage medium stores program code, which, when executed by a processor, causes the processor to perform the steps of the encryption method and/or the decryption method according to various exemplary embodiments of the present application described above in this specification. For example, the processor may perform step 201 of the encryption method as shown in FIG. 2 and/or perform step 701 of the decryption method as described in FIG. 7 and 703.
An electronic device 1500 according to this embodiment of the application is described below with reference to fig. 15. The electronic device 1500 shown in fig. 15 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 15, the electronic apparatus 1500 is represented in the form of a general electronic apparatus. Components of electronic device 1500 may include, but are not limited to: the at least one processor 1501, the at least one computer storage medium 1502, and the bus 1503 that connects the various system components (including the computer storage medium 1502 and the processor 1501).
Bus 1503 represents one or more of several types of bus structures, including a computer storage media bus or computer storage media controller, a peripheral bus, a processor, or a local bus using any of a variety of bus architectures.
The computer storage media 1502 may include readable media in the form of volatile computer storage media, such as random access computer storage media (RAM)1521 and/or cache storage media 1522, and may further include read-only computer storage media (ROM) 1523.
The computer storage media 1502 may also include a program/utility 1525 having a set (at least one) of program modules 1524, such program modules 1524 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 1500 can also communicate with one or more external devices 1504 (e.g., keyboard, pointing device, etc.), one or more devices that enable a user to interact with the electronic device 1500, and/or any devices (e.g., router, modem, etc.) that enable the electronic device 1500 to communicate with one or more other electronic devices. Such communication may occur via input/output (I/O) interface 1505. Also, the electronic device 1500 can communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) through the network adapter 1506. As shown, the network adapter 1506 communicates with other modules for the electronic device 1500 via bus 1503. It should be understood that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 1500, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In some possible embodiments, various aspects of an encryption method and/or a decryption method provided by the present application may also be implemented in the form of a program product, which includes program code for causing a computer device to perform the steps of the encryption method and/or the decryption method according to various exemplary embodiments of the present application described above in this specification when the program product is run on the computer device. For example, the computer device may perform step 201 of the encryption method as shown in FIG. 2 and/or perform step 701 of the decryption method as described in FIG. 7 and 703.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (30)

1. A method of encryption, the method comprising:
the encryption equipment sends the storage space and the performance parameters of the encryption equipment to the server, so that the server can determine the encryption equipment serving as the main equipment according to the storage space and the performance parameters of each encryption equipment;
if the encryption equipment receives an instruction which is sent by the server and is used as main equipment, determining that the encryption equipment is the main equipment;
the encryption equipment serving as the main equipment generates a first encryption intermediate value by using a first random number and generates a second encryption intermediate value according to the first random number and a first public key;
the encryption device receives at least one of the third encrypted intermediate value and the fourth encrypted intermediate value transmitted as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption devices by using the second random number and a second public key, wherein the encryption device corresponds to the first public key, and each of the other encryption devices corresponds to a respective second public key;
the encryption device determines a first portion of ciphertext from the first encrypted intermediate value and the third encrypted intermediate value, and specifically determines the first portion of ciphertext C from the following equation1
C1=Q1+Q3 (1)+Q3 (2)+…+Q3 (i)+…Q3 (n)
Wherein Q is1For said first encrypted intermediate value, Q3 (i)A third encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices;
determining a second part of ciphertext and a third part of ciphertext by using the second encrypted intermediate value, the fourth encrypted intermediate value and the plaintext, which specifically comprises:
the encryption equipment performs addition operation on the second encryption intermediate value and the fourth encryption intermediate value to obtain position coordinates of elliptic curve points; determining the second part of ciphertext and the third part of ciphertext according to the coordinates of the elliptic curve points and the plaintext;
wherein the position coordinates of the elliptic curve points are determined by the following formula:
(x2,y2)=Q2+Q4 (1)+Q4 (2)+…+Q4 (i)+…Q4 (n)
wherein the content of the first and second substances,
Figure 879060DEST_PATH_IMAGE001
the abscissa which is the position coordinate of the elliptic curve point;
Figure 605707DEST_PATH_IMAGE002
is the ordinate of the position coordinate of the elliptic curve point; q2For said second encrypted intermediate value, Q4 (i)A fourth encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices;
and the encryption equipment generates an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sends the encrypted ciphertext to decryption equipment.
2. The method according to claim 1, wherein the encryption device as the master device generates a first encrypted intermediate value using a first random number, comprising:
the encryption device multiplies the first random number by a base point on an elliptic curve point to obtain the first encrypted intermediate value.
3. The method of claim 1, wherein the encryption device generates a second encrypted intermediate value from the first random number and a first public key, comprising:
and the encryption equipment multiplies the first random number and the first public key to obtain the second encrypted intermediate value.
4. The method of claim 1, wherein the encryption device determines the first portion of the ciphertext from the first encrypted intermediate value and the third encrypted intermediate value, comprising:
the encryption device adds the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext.
5. The method of claim 1, wherein the encryption device determines a second portion of ciphertext and a third portion of ciphertext using the second encrypted intermediate value, the fourth encrypted intermediate value, and plaintext, comprising:
the encryption equipment performs addition operation on the second encryption intermediate value and the fourth encryption intermediate value to obtain position coordinates of elliptic curve points;
the encryption equipment converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
and the encryption equipment performs exclusive OR operation on the key stream and the plaintext to obtain the second part of ciphertext, and processes the position coordinates of the elliptic curve point and the plaintext through a hash function to obtain the third part of ciphertext.
6. A method of encryption, the method comprising:
the other encryption equipment sends the storage space and the performance parameters of the other encryption equipment to the server, so that the server can determine the encryption equipment serving as the main equipment according to the storage space and the performance parameters of each encryption equipment;
if the other encryption equipment receives an instruction of the encryption equipment as the main equipment, which is sent by the server, the encryption equipment is determined to be the main equipment;
generating a third encrypted intermediate value by using the second random number by other encryption equipment as slave equipment; generating a fourth encrypted intermediate value according to the second random number and the second public key, wherein other encryption devices serving as slave devices respectively correspond to the respective second public keys;
the other encryption equipment sends the third encrypted intermediate value and the fourth encrypted intermediate value to encryption equipment serving as main equipment, so that the encryption equipment determines a first part of ciphertext through the first encrypted intermediate value and the third encrypted intermediate value of the encryption equipment, and adds the second encrypted intermediate value and the fourth encrypted intermediate value to obtain position coordinates of elliptic curve points; after a second part of ciphertext and a third part of ciphertext are determined through the coordinates and the plain text of the elliptic curve points, generating an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext, and sending the encrypted ciphertext to a decryption device; the encryption equipment as the main equipment corresponds to a first public key; the first encryption intermediate value is generated by the encryption equipment serving as the master equipment by using a first random number, and the second encryption intermediate value is generated by the encryption equipment serving as the master equipment according to the first random number and a first public key; wherein the encryption device determines the first portion of ciphertext C using the following equation1
C1=Q1+Q3 (1)+Q3 (2)+…+Q3 (i)+…Q3 (n)
Wherein Q is1For said first encrypted intermediate value, Q3 (i)A third encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices;
and determining the position coordinates of the elliptic curve points by the following formula:
(x2,y2)=Q2+Q4 (1)+Q4 (2)+…+Q4 (i)+…Q4 (n)
wherein the content of the first and second substances,
Figure 301131DEST_PATH_IMAGE001
the abscissa which is the position coordinate of the elliptic curve point;
Figure 949281DEST_PATH_IMAGE002
is the ordinate of the position coordinate of the elliptic curve point; q2For said second encrypted intermediate value, Q4 (i)A fourth encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices.
7. The method according to claim 6, wherein the other encryption device as the slave device generates a third encrypted intermediate value using the second random number, including:
the other encryption device multiplies the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value.
8. The method of claim 6, wherein the other encryption device generates a fourth encrypted intermediate value from the second random number and the second public key, comprising:
and the other encryption equipment multiplies the second random number and the second public key to obtain the fourth encrypted intermediate value.
9. A method of decryption, the method comprising:
the decryption device sends the storage space and the performance parameters of the decryption device to the server, so that the server can determine the decryption device serving as the main device according to the storage space and the performance parameters of each decryption device;
if the decryption device receives an instruction which is sent by the server and is used as a main device, determining that the decryption device is the main device;
after receiving an encrypted ciphertext sent by an encryption device serving as a main device, a decryption device serving as the main device determines a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device;
the decryption device receiving at least one second decrypted intermediate value transmitted as a slave to other decryption devices; the second decryption intermediate value is determined by the other decryption devices by using the first part of ciphertext in the encrypted ciphertext and the second private keys of the other decryption devices, and each other decryption device has a corresponding second private key;
the decrypting device decrypts through the first decrypted intermediate value and the second decrypted intermediate value to obtain a plaintext, and specifically includes:
the decryption device carries out addition operation on the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinates of the elliptic curve points, and carries out decryption through the position coordinates of the elliptic curve points to obtain a plaintext;
wherein the position coordinates (x) of the elliptic curve points are determined by the following formula2,y2):
(x2,y2)=D1+D2 (1)+D2 (2)+…+D2 (i)+…+D2 (n);
Wherein D is1For the first decrypted intermediate value, D2 (i)Second decrypted intermediate values sent for the ith other decryption device, and i =1,2, … n; n is the number of other decryption devices.
10. The method of claim 9, wherein the decrypting device determining a first intermediate decryption value using the first portion of the ciphertext and a first private key of the decrypting device, comprises:
and the decryption equipment multiplies the first part of ciphertext by the first private key to obtain the first decrypted intermediate value.
11. The method according to claim 9, wherein said decrypting device decrypts through said first decrypted intermediate value and said second decrypted intermediate value to obtain a plaintext, comprising:
the decryption device obtains the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
the decryption device converts the data type of the position coordinates of the elliptic curve points into a bit string, and then processes the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
the decryption device carries out XOR operation on the key stream and the second part of ciphertext in the encrypted ciphertext to obtain decryption information, and carries out processing on the position coordinates of the elliptic curve point and the decryption information through a hash function to obtain a decryption abstract value;
the decryption device compares the decryption abstract value with a third part of ciphertext in the encrypted ciphertext;
and if so, the decryption equipment determines the decryption message as the plaintext and outputs the plaintext.
12. The method according to claim 11, wherein the decrypting device obtains the position coordinates of the elliptic curve point from the first decrypted intermediate value and the second decrypted intermediate value, and includes:
and the decryption device adds the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinates of the elliptic curve point.
13. A method of decryption, the method comprising:
the other decryption devices send the storage space and the performance parameters of the other decryption devices to the server, so that the server can determine the decryption device serving as the main device according to the storage space and the performance parameters of each decryption device;
if the other decryption devices receive the instruction, sent by the server, of the decryption device serving as the master device, determining that the decryption device is the master device;
after other decryption devices serving as slave devices receive the encrypted ciphertext sent by the encryption device serving as the master device, determining a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and second private keys of the other decryption devices, wherein each other decryption device has a respective second private key;
the other decryption devices send the second decrypted intermediate value to a decryption device serving as a master device, so that the decryption device decrypts the plaintext according to the first decrypted intermediate value and the second decrypted intermediate value in the decryption device, and specifically includes:
the other decryption device sends the second decryption intermediate value to a decryption device serving as a main device, so that the decryption device adds the first decryption intermediate value and the second decryption intermediate value to obtain a position coordinate of an elliptic curve point, and decrypts through the position coordinate of the elliptic curve point to obtain a plaintext;
wherein the position coordinates (x) of the elliptic curve points are determined by the following formula2,y2):
(x2,y2)=D1+D2 (1)+D2 (2)+…+D2 (i)+…+D2 (n);
Wherein D is1For the first decrypted intermediate value, D2 (i)Second decrypted intermediate values sent for the ith other decryption device, and i =1,2, … n; n is the number of other decryption devices.
14. The method of claim 13, wherein the other decryption device determining a second decrypted intermediate value using the first portion of the ciphertext and a second private key of the other decryption device, comprising:
and the other decryption equipment multiplies the first part of ciphertext and the second private key to obtain a second decryption intermediate value.
15. An encryption device as a master device, characterized in that the encryption device comprises:
the first sending module is used for sending the storage space and the performance parameters of the equipment to a server before generating a first encryption intermediate value by using a first random number, so that the server can determine the encryption equipment serving as main equipment according to the storage space and the performance parameters of each encryption equipment;
the first encryption main equipment determining module is used for determining that the encryption equipment is the main equipment if the encryption equipment receives an instruction which is sent by the server and is used as the main equipment;
a first encrypted intermediate value generation module for generating a first encrypted intermediate value using a first random number;
the second encrypted intermediate value generating module is used for generating a second encrypted intermediate value according to the first random number and the first public key;
a first receiving module, configured to receive at least one of the third encrypted intermediate value and the fourth encrypted intermediate value sent as slave devices from other encryption devices; wherein the third encrypted intermediate value is generated by the other encryption device using a second random number; the fourth encrypted intermediate value is generated by the other encryption devices by using the second random number and a second public key, wherein the encryption device corresponds to the first public key, and each of the other encryption devices corresponds to a respective second public key;
a first part ciphertext determining module, configured to determine a first part ciphertext according to the first encrypted intermediate value and the third encrypted intermediate value, and specifically determine the first part ciphertext C according to the following formula1
C1=Q1+Q3 (1)+Q3 (2)+…+Q3 (i)+…Q3 (n)
Wherein Q is1For said first encrypted intermediate value, Q3 (i)For the ith other deviceA third encrypted intermediate value to be transmitted, and i =1,2, … n; n equals the number of other encryption devices;
the other part ciphertext determining module is used for determining a second part ciphertext and a third part ciphertext by using the second encrypted intermediate value, the fourth encrypted intermediate value and the plaintext; the method specifically comprises the following steps:
the encryption equipment performs addition operation on the second encryption intermediate value and the fourth encryption intermediate value to obtain position coordinates of elliptic curve points; determining the second part of ciphertext and the third part of ciphertext according to the coordinates of the elliptic curve points and the plaintext;
wherein the position coordinates of the elliptic curve points are determined by the following formula:
(x2,y2)=Q2+Q4 (1)+Q4 (2)+…+Q4 (i)+…Q4 (n)
wherein the content of the first and second substances,
Figure 958825DEST_PATH_IMAGE004
the abscissa which is the position coordinate of the elliptic curve point;
Figure 8821DEST_PATH_IMAGE005
is the ordinate of the position coordinate of the elliptic curve point; q2For said second encrypted intermediate value, Q4 (i)A fourth encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices;
and the ciphertext sending module is used for generating an encrypted ciphertext by the encryption equipment according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext and sending the encrypted ciphertext to the decryption equipment.
16. The encryption device according to claim 15, wherein the first encrypted intermediate value generation module is specifically configured to:
and multiplying the first random number by a base point on an elliptic curve point to obtain the first encryption intermediate value.
17. The encryption device according to claim 15, wherein the second encrypted intermediate value generation module is specifically configured to:
and multiplying the first random number and the first public key to obtain the second encrypted intermediate value.
18. The encryption device of claim 15, wherein the first partial ciphertext determination module is specifically configured to:
adding the first encrypted intermediate value and the third encrypted intermediate value to obtain the first partial ciphertext.
19. The encryption device of claim 15, wherein the other-portion ciphertext determination module is specifically configured to:
performing addition operation on the second encrypted intermediate value and the fourth encrypted intermediate value to obtain position coordinates of elliptic curve points;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
and carrying out XOR operation on the key stream and the plaintext to obtain the second part of ciphertext, and processing the position coordinates of the elliptic curve point and the plaintext through a hash function to obtain the third part of ciphertext.
20. An encryption device as a slave device, characterized in that the encryption device comprises:
the third sending module is used for sending the storage space and the performance parameters of the third sending module to the server so that the server can determine the encryption equipment serving as the main equipment according to the storage space and the performance parameters of each encryption equipment;
a second encryption master device determining module, configured to determine that the encryption device is the master device if other encryption devices receive an instruction, sent by the server, of the encryption device serving as the master device;
a third encrypted intermediate value generation module for generating a third encrypted intermediate value using the second random number;
a fourth encrypted intermediate value generating module, configured to generate a fourth encrypted intermediate value according to the second random number and the second public key, where each of the other encryption devices serving as the slave device corresponds to its respective second public key;
a second sending module, configured to send the third encrypted intermediate value and the fourth encrypted intermediate value to an encryption device serving as a master device, so that the encryption device determines a first part of ciphertext through a first encrypted intermediate value and the third encrypted intermediate value of the encryption device, and performs an addition operation on the second encrypted intermediate value and the fourth encrypted intermediate value to obtain a position coordinate of an elliptic curve point; after a second part of ciphertext and a third part of ciphertext are determined through the coordinates and the plain text of the elliptic curve points, generating an encrypted ciphertext according to the first part of ciphertext, the second part of ciphertext and the third part of ciphertext, and sending the encrypted ciphertext to a decryption device; the encryption equipment as the main equipment corresponds to a first public key; the first encryption intermediate value is generated by the encryption equipment serving as the master equipment by using a first random number, and the second encryption intermediate value is generated by the encryption equipment serving as the master equipment according to the first random number and a first public key; wherein the encryption device determines the first portion of ciphertext C using the following equation1
C1=Q1+Q3 (1)+Q3 (2)+…+Q3 (i)+…Q3 (n)
Wherein Q is1For said first encrypted intermediate value, Q3 (i)A third encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices;
and determining the position coordinates of the elliptic curve points by the following formula:
(x2,y2)=Q2+Q4 (1)+Q4 (2)+…+Q4 (i)+…Q4 (n)
wherein the content of the first and second substances,
Figure 875146DEST_PATH_IMAGE004
the abscissa which is the position coordinate of the elliptic curve point;
Figure 10592DEST_PATH_IMAGE005
is the ordinate of the position coordinate of the elliptic curve point; q2For said second encrypted intermediate value, Q4 (i)A fourth encrypted intermediate value sent for the ith other device, and i =1,2, … n; n equals the number of other encryption devices.
21. The encryption device according to claim 20, wherein the third encrypted intermediate value generation module is specifically configured to:
and multiplying the second random number by a base point on an elliptic curve point to obtain the third encrypted intermediate value.
22. The encryption device according to claim 20, wherein the fourth encrypted intermediate value generation module is specifically configured to:
and multiplying the second random number and the second public key to obtain the fourth encrypted intermediate value.
23. A decryption device that is a master device, characterized in that the decryption device comprises:
the fourth sending module is configured to send, by using the decryption device, the storage space and the performance parameter of the decryption device to the server before determining the first decryption intermediate value by using the first part of the ciphertext in the encrypted text and the first private key of the decryption device, so that the server determines the decryption device serving as the main device according to the storage space and the performance parameter of each decryption device;
the first decryption main device determining module is used for determining that the decryption device is the main device if the decryption device receives an instruction which is sent by the server and is used as the main device;
the first decryption intermediate value determining module is used for determining a first decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and a first private key of the decryption device after receiving the encrypted ciphertext sent by the encryption device serving as the main device;
a second receiving module, configured to receive at least one second decrypted intermediate value sent as a slave device from another decryption device; the second decryption intermediate value is determined by the other decryption devices by using the first part of ciphertext in the encrypted ciphertext and the second private keys of the other decryption devices, and each other decryption device has a corresponding second private key;
the decryption module is configured to decrypt the first decrypted intermediate value and the second decrypted intermediate value to obtain a plaintext, and specifically includes:
the decryption device carries out addition operation on the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinates of the elliptic curve points, and carries out decryption through the position coordinates of the elliptic curve points to obtain a plaintext;
wherein the position coordinates (x) of the elliptic curve points are determined by the following formula2,y2):
(x2,y2)=D1+D2 (1)+D2 (2)+…+D2 (i)+…+D2 (n);
Wherein D is1For the first decrypted intermediate value, D2 (i)Second decrypted intermediate values sent for the ith other decryption device, and i =1,2, … n; n is the number of other decryption devices.
24. The decryption device according to claim 23, wherein the first decryption intermediate value determining module is specifically configured to:
and multiplying the first part of ciphertext by the first private key to obtain the first decrypted intermediate value.
25. The decryption device according to claim 23, wherein the decryption module is specifically configured to:
obtaining the position coordinates of the elliptic curve points according to the first decryption intermediate value and the second decryption intermediate value;
after the data type of the position coordinates of the elliptic curve points is converted into a bit string, processing the position coordinates of the elliptic curve points by using a key derivation function to obtain a key stream;
performing exclusive-or operation on the key stream and a second part of ciphertext in the encrypted ciphertext to obtain a decrypted message, and processing the position coordinates of the elliptic curve point and the decrypted message through a hash function to obtain a decrypted digest value;
comparing the decryption abstract value with a third part of ciphertext in the encrypted text;
and if so, determining the decryption message as the plaintext and outputting the plaintext.
26. The decryption device according to claim 25, wherein the decryption module is specifically configured to:
and adding the first decryption intermediate value and the second decryption intermediate value to obtain the position coordinate of the elliptic curve point.
27. A decryption device as a slave device, characterized in that the decryption device comprises:
a sixth sending module, configured to send a storage space and performance parameters of the server to the server before determining a second decryption intermediate value by using a first part of ciphertext in the encrypted text and a second private key of another decryption device, so that the server determines, according to the storage space and the performance parameters of each decryption device, the decryption device serving as the main device;
a second decryption master determining module, configured to determine that the decryption device is the master device if the other decryption devices receive an instruction, sent by the server, of the decryption device serving as the master device;
a second decryption intermediate value determining module, configured to determine a second decryption intermediate value by using a first part of ciphertext in the encrypted ciphertext and second private keys of the other decryption devices after receiving an encrypted ciphertext sent by an encryption device serving as a master device, where each of the other decryption devices has a respective second private key;
a fifth sending module, configured to send the second decrypted intermediate value to a decryption device serving as a master device, so that the decryption device performs decryption according to the first decrypted intermediate value and the second decrypted intermediate value in the decryption device, to obtain a plaintext, where the fifth sending module specifically includes:
the other decryption device sends the second decryption intermediate value to a decryption device serving as a main device, so that the decryption device adds the first decryption intermediate value and the second decryption intermediate value to obtain a position coordinate of an elliptic curve point, and decrypts through the position coordinate of the elliptic curve point to obtain a plaintext;
wherein the position coordinates (x) of the elliptic curve points are determined by the following formula2,y2):
(x2,y2)=D1+D2 (1)+D2 (2)+…+D2 (i)+…+D2 (n);
Wherein D is1For the first decrypted intermediate value, D2 (i)Second decrypted intermediate values sent for the ith other decryption device, and i =1,2, … n; n is the number of other decryption devices.
28. The decryption device according to claim 27, wherein the second decryption intermediate value determining module is specifically configured to:
and the other decryption equipment multiplies the first part of ciphertext and the second private key to obtain a second decryption intermediate value.
29. An electronic device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor; the instructions are executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-14.
30. A computer storage medium, characterized in that the computer storage medium stores a computer program for performing the method according to any one of claims 1-14.
CN202011065850.1A 2020-09-30 2020-09-30 Encryption and decryption method, equipment and storage medium Active CN112131596B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011065850.1A CN112131596B (en) 2020-09-30 2020-09-30 Encryption and decryption method, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011065850.1A CN112131596B (en) 2020-09-30 2020-09-30 Encryption and decryption method, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112131596A CN112131596A (en) 2020-12-25
CN112131596B true CN112131596B (en) 2021-11-09

Family

ID=73843634

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011065850.1A Active CN112131596B (en) 2020-09-30 2020-09-30 Encryption and decryption method, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112131596B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107707358A (en) * 2017-10-30 2018-02-16 武汉大学 A kind of EC KCDSA digital signature generation method and system
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109818741B (en) * 2017-11-22 2022-06-07 航天信息股份有限公司 Decryption calculation method and device based on elliptic curve
CN110138772B (en) * 2019-05-13 2022-02-25 上海英恒电子有限公司 Communication method, device, system, equipment and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107196763A (en) * 2017-07-06 2017-09-22 数安时代科技股份有限公司 SM2 algorithms collaboration signature and decryption method, device and system
CN107707358A (en) * 2017-10-30 2018-02-16 武汉大学 A kind of EC KCDSA digital signature generation method and system
CN109088726A (en) * 2018-07-19 2018-12-25 郑州信大捷安信息技术股份有限公司 Communicating pair collaboration signature and decryption method and system based on SM2 algorithm

Also Published As

Publication number Publication date
CN112131596A (en) 2020-12-25

Similar Documents

Publication Publication Date Title
CN108768607B (en) Voting method, device, equipment and medium based on block chain
CN110214433B (en) Terminal device for homomorphic encryption, encryption method thereof and ciphertext processing method of server device
KR101965628B1 (en) Terminal device for performing homomorphic encryption, server device for calculating encrypted messages, and methods thereof
US11784801B2 (en) Key management method and related device
US11233659B2 (en) Method of RSA signature or decryption protected using a homomorphic encryption
US7978851B2 (en) Keystream encryption device, method, and program
CN109246098B (en) Method for supporting comparison of synchronous ciphertext of backup server
US20210243005A1 (en) Fully homomorphic encryption method and device and computer readable storage medium
US7894608B2 (en) Secure approach to send data from one system to another
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN113711564A (en) Computer-implemented method and system for encrypting data
Sengupta et al. Message mapping and reverse mapping in elliptic curve cryptosystem
WO2021129470A1 (en) Polynomial-based system and method for fully homomorphic encryption of binary data
CN111314050A (en) Encryption and decryption method and device
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
EP3854052A1 (en) Computer implemented system and method for sharing a common secret
CN114443718A (en) Data query method and system
CN116170142B (en) Distributed collaborative decryption method, device and storage medium
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN112131596B (en) Encryption and decryption method, equipment and storage medium
CN110321722B (en) DNA sequence similarity safe calculation method and system
US6839839B1 (en) Public key distribution using an approximate linear function
WO2021041676A1 (en) Multi-party cryptographic systems and methods
CN115378588B (en) Method, apparatus and storage medium for inadvertent transmission
CN115065470B (en) Data transmission method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant