CN112367159B - Mixed encryption and decryption method and system for medical data secure storage - Google Patents

Mixed encryption and decryption method and system for medical data secure storage Download PDF

Info

Publication number
CN112367159B
CN112367159B CN202011236546.9A CN202011236546A CN112367159B CN 112367159 B CN112367159 B CN 112367159B CN 202011236546 A CN202011236546 A CN 202011236546A CN 112367159 B CN112367159 B CN 112367159B
Authority
CN
China
Prior art keywords
key
encryption
plaintext
ciphertext
rsa
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011236546.9A
Other languages
Chinese (zh)
Other versions
CN112367159A (en
Inventor
康海燕
邓婕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Information Science and Technology University
Original Assignee
Beijing Information Science and Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Information Science and Technology University filed Critical Beijing Information Science and Technology University
Priority to CN202011236546.9A priority Critical patent/CN112367159B/en
Publication of CN112367159A publication Critical patent/CN112367159A/en
Application granted granted Critical
Publication of CN112367159B publication Critical patent/CN112367159B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G16INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
    • G16HHEALTHCARE INFORMATICS, i.e. INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR THE HANDLING OR PROCESSING OF MEDICAL OR HEALTHCARE DATA
    • G16H10/00ICT specially adapted for the handling or processing of patient-related medical or healthcare data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to a mixed encryption and decryption method for medical data security storage, which comprises the steps that a sender encrypts a key for DES encryption by utilizing RSA to form a ciphertext CK, a digital signature is formed by utilizing an RSA decryption key and a public encryption key together, a plaintext is encrypted by utilizing DES, the digital signature is combined with the encrypted plaintext and the encrypted digital signature to form a ciphertext C, and then the ciphertext C is sent; the receiving party receives the ciphertext C, decrypts the key K in the ciphertext C by using the RSA decryption key Kdb, and then decrypts the plaintext and the digital signature MA by using the key K. The invention carries out double encryption on the encrypted information, strengthens the safety intensity of the algorithm, inherits the characteristics of a public key encryption system, does not need to worry about related problems of key management, and is an ideal scheme for the safety storage of medical data.

Description

Mixed encryption and decryption method and system for medical data secure storage
Technical Field
The invention relates to the field of data encryption, in particular to a hybrid encryption and decryption method and system for medical data security storage.
Background
The data encryption technology is the most commonly used and important technology for ensuring the security of network information, and is also the most important research direction in cryptography. Cryptography is an emerging interdisciplinary in studying data information encryption, decryption, and transformation. Much practical encryption algorithms have been proposed, such as DES (Data Encryption Standard), RSA (Rivest-Shamir-Adleman), AES (Advanced Encryption Standard) and ECC (Elliptic Curves Cryptography) algorithms, etc., since the study of cryptography was earlier abroad. Domestic well known is the Liu's encryption algorithm. The various performances of the cipher system are mainly determined by cipher algorithms, different algorithms determine different cipher systems, and different cipher systems have different advantages and disadvantages. Some algorithms are high-speed and simple, but encryption and decryption keys are the same, and key management is difficult; some algorithms are convenient and safe in key management, but have large calculation cost and low processing speed.
The data encryption technology is known as a core technology of information security, and is mainly divided into symmetric encryption and asymmetric encryption, which are typically represented by a DES algorithm and an RSA algorithm respectively. The DES algorithm is a block encryption algorithm, has high calculation efficiency and high encryption speed, but the security of the algorithm depends on a secret key, the RSA algorithm is an algorithm based on large number decomposition, and adopts a double-secret key system of a public key and a private key, so that the cracking difficulty is equal to the product of two large prime numbers, and the RSA algorithm has high security, but has high calculation cost and low encryption speed. Although there is no effective way to break them in a short time, these traditional data encryption algorithms are no longer secure as the performance of computers is changing with the continued development of hardware and software.
The data encryption technology processes data (also called plaintext) to be protected according to a certain encryption transformation method (encryption algorithm) to transform the data into data (ciphertext) which is difficult to identify. The reverse process of data encryption, i.e. the process of restoring the ciphertext into the plaintext according to the corresponding decryption transformation method (decryption algorithm), is called data decryption. In encryption technology, key-based encryption algorithms can be classified into two different types: symmetric encryption techniques and asymmetric encryption techniques, the most influential of which are the data encryption DES algorithm and the RSA algorithm.
At present, the research on the DES and RSA algorithms is more at home and abroad, the DES algorithm and the RSA algorithm are improved independently, and the mixed research on the DES and the RSA algorithms is also carried out, for example: encryption algorithm based on triple DES, rapid encryption algorithm based on RSA, and mixed data encryption algorithm based on DES and RSA, etc., but these algorithms only pay attention to security and ignore computational complexity, or quicken computational efficiency but security is not guaranteed, even if security and computational complexity are compatible but implementation difficulty is great, practicality is low, so a mixed encryption scheme with high security performance and high operation speed is needed in the field.
Disclosure of Invention
The invention aims to provide a hybrid encryption and decryption method and system for medical data secure storage, which solve the problems of insufficient security, low calculation speed and poor practicability of the important algorithms DES and RSA in the current symmetric encryption technology and asymmetric encryption technology, thereby providing a hybrid encryption scheme with high security, high calculation speed and good practicability.
In order to achieve the above object, the present invention provides the following solutions:
a hybrid encryption method for secure storage of medical data, the method comprising:
generating a key K for DES encryption;
encrypting the key K by using RSA to form a ciphertext CK;
acquiring an RSA public encryption key Keb;
forming a digital signature MA with the RSA decryption key and the public encryption key Keb;
encrypting plaintext and the digital signature MA using the key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
and sending the ciphertext C.
Optionally, the specific form of the ciphertext CK is: ck.keb (K) =ck.
Optionally, the specific form of the ciphertext C is: c=k (plaintext, MA) +ck.
A hybrid encryption system for secure storage of medical data, the system comprising:
A DES key generation unit for generating a key K for DES encryption;
a first encrypting unit for encrypting the key K by RSA to form a ciphertext CK;
a public encryption key acquisition unit configured to acquire an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA together with the public encryption key Keb using an RSA decryption key;
a second encryption unit for encrypting the plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
and the sending unit is used for sending the ciphertext C.
A hybrid decryption method for secure storage of medical data, the method comprising:
receiving ciphertext C;
decrypting a key K in the ciphertext C by using an RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the key K.
Optionally, after decrypting the plaintext and the digital signature MA using the key K, the method further includes:
obtaining a public key Kea;
identity verification of the signature information is performed by using the public key Kea and the decryption key Kdb;
performing digital processing on the signature information to form receiver signature information;
And sending the signature information of the receiver to a sender to confirm the received information.
Optionally, after sending the signature information of the receiving party to the sending party to confirm the received information, the method further includes:
both the sender and the receiver delete the key K.
A hybrid decryption system for secure storage of medical data, the system comprising:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
Optionally, a receiver processing unit is also included for
Acquiring a public key Kea of a sender;
identity verification of the signature information is performed by using the public key Kea and the decryption key Kdb;
performing digital processing on the signature information to form receiver signature information;
and sending the signature information of the receiver to a sender to confirm the received information.
A medical data security storage-oriented hybrid encryption and decryption method comprises the following steps:
the sender generates a key K for DES encryption;
encrypting the key K by using RSA to form a ciphertext CK;
acquiring an RSA public encryption key Keb;
forming a digital signature MA with the RSA decryption key and the public encryption key Keb;
Encrypting plaintext and the digital signature MA using the key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending the ciphertext C to a receiver;
the receiving side decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the key K.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention carries out double encryption on the encrypted information, strengthens the safety intensity of the algorithm, realizes local independence, avoids the threat of violent cracking of the secret key, complements the secret key, and has higher operation efficiency because of only double encryption.
The mixed encryption scheme provided by the invention inherits the characteristics of the public key encryption system, so that the key management related problem is not needed to be worried about, and the mixed encryption scheme is an ideal scheme for the safe storage of medical data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a control flow chart of a hybrid encryption method for secure storage of medical data according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a hybrid encryption system for secure storage of medical data according to an embodiment of the present invention.
Fig. 3 is a control flow chart of a hybrid decryption method for secure storage of medical data according to a second embodiment of the present invention.
Fig. 4 is a schematic diagram of a hybrid decryption system for secure storage of medical data according to a second embodiment of the present invention.
Fig. 5 is a control flow chart of a hybrid encryption and decryption method for secure storage of medical data provided in the third embodiment of the present invention.
Fig. 6 is a schematic diagram of a TDEA encryption and decryption process of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 7 is a schematic diagram of an encryption and decryption process of an HDDES algorithm of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 8 is a DES and RSA algorithm encryption time comparison chart of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 9 is a schematic diagram of a hybrid encryption scheme based on HDDES and IPNRSA for a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Fig. 10 is a comparison diagram of the encryption and the decryption of medical electronic medical record data of the hybrid encryption and decryption method for the secure storage of medical data according to the third embodiment of the present invention.
Fig. 11 is a comparison diagram of before and after decryption of medical electronic medical record data of a hybrid encryption and decryption method for secure storage of medical data according to a third embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide a hybrid encryption and decryption method and system for medical data secure storage, which solve the problems of insufficient security, low calculation speed and poor practicability of the important algorithms DES and RSA in the current symmetric encryption technology and asymmetric encryption technology.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Embodiment one:
as shown in FIG. 1, a hybrid encryption method for secure storage of medical data is provided, wherein the sender is A (the encryption key is Kea, the decryption key is Kda), the receiver is B (the encryption key is Keb, and the decryption key is Kdb), and the implementation steps of the encryption scheme are as follows
A1, generating a secret key K for DES encryption;
the sender generates keys K for DES encryption, each key K being used only once in order to improve the security of the data. The DES key may be an arbitrary 56-bit number, so that the user can randomly generate the DES key, and the processing efficiency is extremely high because the DES key has a length of only 56 bits.
A2, encrypting the key K by using RSA to form a ciphertext CK;
the sender acquires the public encryption key Keb of RSA of the receiver from the key server, and encrypts the key K of DES with Keb to form ciphertext ck.kerb (K) =ck. The public encryption key has the advantage that the key does not need to be transferred via a secure channel, which greatly simplifies key management, but the encryption and decryption of the actually transmitted data requires a private key.
A3, acquiring an RSA public encryption key Keb;
a4, forming a digital signature MA by utilizing an RSA decryption key and the public encryption key Keb together;
The sender generates the information to be signed and forms the digital signature MA together with its own RSA decryption key Kda and Keb. The initial idea and goal of RSA algorithm development is to make the Internet safe and reliable, and to solve the problem of DES algorithm key transmission with public channel, it not only solves the problem well, but also can be used to complete digital signature of telegraph text.
A5, encrypting the plaintext and the digital signature MA by using the secret key K;
a6, combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
after encrypting the plaintext and signed information with K, the sender then forms ciphertext C along with Ck to the receiver. C=k (plaintext, MA) +ck.
A7, sending the ciphertext C.
The DES algorithm and the RSA algorithm are superior algorithms which have long been examined in data encryption, but have shortcomings in processing efficiency, key management and the like, and the two algorithms are respectively described below.
The data encryption standard (Data Encryption Standard, DES) algorithm is a block encryption algorithm that encrypts data in 64bit (byte) packets, with 8bit parity, and an effective key length of 56 bits. The encryption and decryption of the DES algorithm uses the same algorithm (different key sequences), the security of which depends on the key used.
The specific process of DES encryption algorithm is to divide 64bit data into two parts (L, R) of 32bit each, use exclusive OR operation and signAnd (3) representing. The encryption process can be summarized as follows:
the 64bit plaintext is initially transformed and denoted as IP.
The plaintext after the initial transformation is overlapped for 16 timesSubstitution operations, respectively denoted as T 1 ,T 2 ,…,T 16 . Each iteration is divided into left and right parts, each 32 bits, denoted as (L n ,R n ). The relationship of adjacent secondary iterations is as follows:
L n =R n-1 (1)
wherein K is n Representing 16 sub-keys of 48bit length used in 16 iterations. They are all generated from 56bit keys by transformation, each subkey being different.
After iterative operation, through a final transformation IP -1 And (5) processing. The final transformation and the initial transformation are inverse transformation, namely, the conditions are satisfied:
IPIP -1 =1 (3)
the DES encryption process can be expressed simply by the following formula (4):
DES(m)=IP -1 (T 16 (…(T 2 (T 1 IP(m))))) (4)
the DES decryption process can be expressed simply by the following equation (5):
DES(m)=IP -1 (T 1 (···(T 15 (T 16 IP(m))))) (5)
the RSA algorithm is mainly based on the principle of difficulty in large-number decomposition, because it is very easy to find the product of two large prime numbers, but it is very difficult to factor the product. Therefore, the product of two large prime numbers can be disclosed as a public key and prime numbers as private key generation factors. It is very difficult to break the plaintext by using the public key and the ciphertext, which is equivalent to decomposing the product of two large prime numbers, that is, the security of the RSA algorithm is based on the difficulty of decomposing the factor by the product of large prime numbers.
The specific encryption and decryption method of the RSA algorithm is summarized as follows:
two large prime numbers p and q with similar digits are selected, but the values of the two numbers p and q cannot be close.
The product n=p×q and Φ (n) = (p-1) × (q-1) is calculated, where n represents the product of two large prime numbers.
Optionally selecting an encryption key e 1 So that e 1 And (p-1) × (q-1) mutually, i.e. gcd (e, Φ (n))=1.
Calculating decryption key e 2 So that e 1 e 2 =1 mod φ (n), i.e 1 And e 2 Reciprocal, e 2 Is of a mutual quality with n.
The encryption function is:the decryption function is: />Where m is plaintext and c is ciphertext. { e 1 N is a public key e 2 As a private key, n is typically 1024 bits or more in length.
When RSA encrypts data plaintext M, first, the plaintext M is divided into data packets with a suitable size, and then each packet is encrypted separately, and the length of each packet should be smaller than n bits.
In terms of the processing efficiency of encryption and decryption, the DES algorithm is superior to the RSA algorithm, and the processing speed of the RSA algorithm is obviously slower than that of the DES algorithm when the multiple word length is processed because the length of the DES key is only 56 bits.
In the aspect of key management, the RSA algorithm is more superior than the DES algorithm, because the RSA algorithm can distribute the encryption key in a public form, the encryption key can be updated easily, and the RSA algorithm only needs to keep secret for the decryption key of the RSA algorithm for different communication objects; the DES algorithm requires secret distribution of the key before communication, and the key replacement is difficult, and the DES algorithm needs to generate and store different keys for different communication objects.
The security of both the DES algorithm and the RSA algorithm is good, and there is no effective way to decipher them in a short time. The DES algorithm is not possible to implement digital signature and identity authentication in principle, but the RSA algorithm can be easily performed.
In general, the DES algorithm and the RSA algorithm are short and long, and the invention designs a comprehensive DES and RSA advantage according to the short and long algorithm, and simultaneously avoids the respective insufficient encryption schemes. The basic principle is as follows: before data communication, the message is encrypted by a DES algorithm, and meanwhile, a DES key is encrypted by an RSA algorithm and digital signature is realized. In the network users transmitting confidential information, if symmetric cryptosystem DES is used and RSA asymmetric key cryptosystem is used to transmit the key of DES, the high-speed simplicity of DES and the convenience and security of RSA key management can be comprehensively exerted. Meanwhile, aiming at the method, the invention also provides a hybrid encryption system for safely storing medical data, as shown in fig. 2, the system comprises:
a DES key generation unit for generating a key K for DES encryption;
a first encrypting unit for encrypting the key K by RSA to form a ciphertext CK;
A public encryption key acquisition unit configured to acquire an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA together with the public encryption key Keb using an RSA decryption key;
a second encryption unit for encrypting the plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
and the sending unit is used for sending the ciphertext C.
The hybrid encryption method and system for medical data security storage provided by the embodiment of the invention are characterized in that on the basis of the traditional DES and RSA algorithms, firstly, analysis is carried out aiming at the advantages and the disadvantages of the DES, and the advantages of triple DES encryption algorithm (Triple Data Encryption Algorithm, TDEA) and independent subkey DES encryption algorithm (Independent Sub Key DES Algorithm, ISKDES) are combined, the DES algorithm is improved, a hybrid double DES encryption algorithm (Hybrid double DES encryption algorithm, HDDES) is provided, then, the prime number judgment method affecting the modular exponentiation operation speed of the RSA algorithm is studied in detail, on the basis of not affecting the RSA security, the original prime number judgment method is improved, an RSA algorithm (RSA algorithm based on improved prime number decision, IPNRSA) based on the improved prime number judgment is provided, and finally, the HDDES encryption algorithm and the IPNRSA encryption algorithm are combined to form a hybrid encryption scheme based on the HDDES and the IPNRSA, so that the medical data can be effectively and safely stored.
Embodiment two:
as shown in fig. 3, a hybrid decryption method for secure storage of medical data, the method comprising:
b1, receiving ciphertext C; the receiving side receives the ciphertext C transmitted from the transmitting side.
B2, decrypting the key K in the ciphertext C by using the RSA decryption key Kdb;
after receiving the ciphertext C, the receiver decrypts the DES key K in C by using the decryption key Kdb.
And B3, decrypting the plaintext and the digital signature MA by using the key K.
B4, obtaining a public key Kea;
b5, utilizing the public key Kea and the decryption key Kdb to carry out identity confirmation on signature information; the receiving side performs identity authentication on the signature information by using the public key Kea of the transmitting side and the decryption key Kdb of the receiving side.
B6, carrying out digital processing on the signature information to form receiver signature information;
and B7, sending the signature information of the receiver to a sender to confirm the receipt of the information.
B8, the sender and the receiver delete the secret key K.
The DES algorithm key is too short in length, the encryption unit is only 64 bits binary, and 8 bits are applied to parity or other communication overhead, so its effective key is only 56 bits. This will inevitably reduce the security of DES. As computer performance has evolved, methods have been discovered to brute force cracking DES keys, and as computers have become more powerful, the DES of 56-bit keys has failed to support security-critical applications at all.
And DES algorithms exist with weak keys. There are 12 semi-weak keys and 4 weak keys in the DES algorithm. Because the key is split into two parts in the process of generating the subkey, if the two parts are split into all 0 s or all 1 s, the subkey generated in each round is identical. When the keys are all 0 or all l, or each half of l or 0, weak keys or semi-weak keys will be generated, which will reduce the security of DES.
The current attack mode aiming at RSA algorithm mainly comprises the following modes:
forced cracking: attempting all private keys; mathematical attack: factoring the product of the two prime numbers; timing attack: depending on the execution time of the decryption algorithm. In order to prevent forced cracking of the RSA algorithm, an ultra-long key must be used, so that the more and better the total number of bits of the two large prime numbers p and q are chosen, but this also makes the key generation speed, the encryption and decryption speed slower and slower. For the remaining two attacks, because the security of RSA is based on the difficulty of multiplying and integrating large prime numbers, cracking or cracking is almost impossible at present and is very costly.
But the RSA algorithm key generation is cumbersome. Since two large prime numbers p, q must be employed to generate the RSA key, it is almost difficult to use one-time-pad limited to prime number generation techniques. And its encryption speed is slow. The RSA algorithm not only has high security not found in DES, but also has quite popular and easy-to-understand algorithm process. The encryption speed is sacrificed, the p, q and other large prime numbers of RSA are randomly generated by using a deterministic prime number judgment algorithm, and the encryption time of RSA and DES is almost hundreds of times different.
Therefore, the invention combines two encryption algorithms to make up for the shortages, and forms a hybrid encryption scheme based on the HDDES and the IPNRSA, so that the hybrid encryption scheme can effectively store medical data safely. In addition, the hybrid encryption scheme based on the HDDES and the IPNRS inherits the characteristics of a public key encryption system, so that the key management related problem does not need to be worried, and the hybrid encryption scheme is an ideal scheme for the safe storage of medical data. Meanwhile, the embodiment of the invention also provides a hybrid decryption system for safely storing medical data, as shown in fig. 4, the system comprises:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
A receiver processing unit, configured to obtain a public key Kea of the sender;
identity verification of the signature information is performed by using the public key Kea and the decryption key Kdb;
performing digital processing on the signature information to form receiver signature information;
and sending the signature information of the receiver to a sender to confirm the received information.
The mixed decryption method and the system for the medical data security storage provided by the embodiment of the invention firstly expand the original 64-bit secret key to 128 bits, reduce the risk of exhaustive attack caused by too short secret key, then double encrypt the encrypted information by referring to the multiple encryption advantages of the TDEA algorithm, strengthen the security intensity of the algorithm, finally map the 12-bit secret key by referring to the special points of the ISKDES algorithm, realize local independence, avoid the threat of the secret key being violently cracked, complement each other, and have higher operation efficiency than the TDEA algorithm due to only double encryption.
Embodiment III:
as shown in fig. 5, a hybrid encryption and decryption method for secure storage of medical data, the method includes:
the sender generates a key K for DES encryption;
encrypting the key K by using RSA to form a ciphertext CK;
acquiring an RSA public encryption key Keb;
forming a digital signature MA with the RSA decryption key and the public encryption key Keb;
encrypting plaintext and the digital signature MA using the key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending ciphertext C;
the receiving party receives the ciphertext C and decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the key K.
The invention firstly analyzes the defects of the symmetric encryption algorithm DES, and the defect analysis of the DES is specifically as follows:
1. the key length is too short. The encryption unit of the DES algorithm is only 64 bits binary and 8 bits are applied to parity or other communication overhead so its effective key is only 56 bits. This will inevitably reduce the security of the DES algorithm. As computer performance has evolved, methods have been discovered to brute force cracking DES keys, and as computers have become more powerful, the DES of 56-bit keys has failed to support security-critical applications at all. Due to these obvious deficiencies of DES, the national institute of standards and technology in 1997 no longer investigated DES, but instead an alternative approach, the advanced encryption standard (Advanced Encryption Standard, AES).
2. There is a weak key. There are 12 semi-weak keys and 4 weak keys in the DES algorithm. Because the key is split into two parts in the process of generating the subkey, if the two parts are split into all 0 s or all 1 s, the subkey generated in each round is identical. When the keys are all 0 or all l, or each half of l or 0, weak keys or semi-weak keys will be generated, which will reduce the security of DES.
Then, the improved DES algorithm for improving the defects of the DES algorithm at home and abroad is researched and analyzed, and the method specifically comprises the following steps:
the improved DES algorithm still has many disadvantages, such as small data transmission rate, unsuitable for long-term data protection, and easy cracking of differential keys. Therefore, scholars at home and abroad have made many attempts to improve the DES algorithm, and in this context, triple DES algorithm (TDEA) and independent subkey DES algorithm (ISKDES) having more influence are sequentially proposed.
Triple DES algorithm: since the conventional DES algorithm has a short key length and is easily broken, in order to compensate for the deficiency, researchers have proposed a Triple DES Encryption Algorithm (TDEA) in which the key length of DES is increased by three times and three different keys are used for triple encryption and decryption. The encryption process is as follows: first using a first rekey k 1 Encryption and then use a second rekey k 2 Decrypting, finally using the third re-key k 3 Re-encryption, i.e. c=ek 3 (DK 2 (Ek 1 M)). Whereas decryption is in reverse order, i.e. m=dk 1 (EK 2 (Dk 3 C) A kind of electronic device. The core of TDEA is to use k 1 、k 2 、k 3 Encryption is performed on the plaintext multiple times, the key length being three times DES. The specific implementation process of the TDEA algorithm is shown in fig. 6, fig. 6 (a) is a TDEA algorithm encryption process, and fig. 6 (b) is a TDEA algorithm decryption process, although the method increases the length of a secret key, improves the security strength of the algorithm, and effectively avoids violent cracking, the calculation time is increased by f-1 times, f represents the number of weights, for example, the triple encryption time complexity is increased by 3-1=2 times, and the decryption time complexity is increased by 3-1=2 times, so that the operation efficiency is very low. In addition, although the number of key bits in TDEA is 168 bits, the threat of brute force cracking is unavoidable for current computer computing power.
DES algorithm of independent subkey: the key to the ISKDES algorithm depends on encryption with different randomly generated subkeys, that is, the subkeys in each iteration are not generated with the same 56-bit binary key. Since each round in 16 iterations uses a 48-bit key, the ISKDES modified DES key length becomes 768 bits. The method can greatly increase the difficulty of exhaustive decryption, thereby improving the encryption strength of DES, but the key length is too long and the cost is also increased.
By taking the two excellent algorithm ideas (triple DES algorithm and independent subkey DES algorithm) into consideration, a hybrid double DES encryption algorithm (HDDES) is designed, and the method specifically comprises the following steps:
based on TDEA algorithm and ISKDES algorithm, a mixed double DES encryption algorithm (Hybrid Double DES Encryption Algorithm, HDDES) is provided. The algorithm expands the key of DES from 64 bits to 128 bits, maps the key into two sub-keys (64 bits of each sub-key) through a mapping table (shown in table 1), respectively shows the sub-keys as key1 and key2, encrypts plaintext by using 16 sub-keys generated by key1 to generate ciphertext 1, and then encrypts ciphertext 1 by using 16 sub-keys generated by key2 to generate ciphertext 2, thus enhancing the security strength through double encryption. The specific process of the HDDES algorithm is shown in fig. 7, where fig. 7 (a) is the process of encrypting the HDDES algorithm and fig. 7 (b) is the process of decrypting the HDDES algorithm.
97 98 52 21 101 86 103 54 105 3 107 23 109 83 89 112
17 18 19 20 100 22 108 24 25 26 27 28 29 30 31 32
49 50 51 9 53 104 55 56 57 123 59 60 61 62 63 64
81 82 110 84 85 102 87 88 111 90 91 92 93 94 95 96
65 35 67 68 69 37 71 72 40 74 75 76 117 127 79 80
43 116 106 4 114 6 125 8 9 10 121 12 13 118 15 16
113 5 115 2 77 14 119 41 11 122 58 124 7 126 78 128
33 34 66 36 70 38 39 73 120 42 1 44 45 46 47 48
TABLE 1 128 bit key map for TDEA
The HDDES algorithm specifically comprises the following steps:
input: plaintext M, 128-bit key mapping table
And (3) outputting: double-encrypted ciphertext C and double-decrypted plaintext M
1. Extending key length: expanding the 64-bit key of the original DES to 128-bit length;
2. Key mapping processing: inputting a 128-bit key and mapping according to a mapping table of FIG. 5 to obtain two sub-keys key1 and key2, wherein each sub-key is 64 bits;
3. generating a subkey: performing key processing on the two sub-keys key1 and key2 to respectively obtain 16 sub-keys;
4. plaintext double encryption: after inputting a plaintext, encrypting the plaintext by using key1 once, and then encrypting the plaintext by using key2 twice to generate ciphertext C;
5. outputting a double-encrypted ciphertext C;
6. double decryption of plaintext: after inputting the ciphertext, decrypting once by using the key2, and then decrypting for the second time by using the key1 to restore to a plaintext M;
7. outputting a double decrypted plaintext M;
then, analysis is carried out on an asymmetric encryption algorithm RSA, and the defect analysis of the RSA is specifically as follows:
at present, the modes aiming at RSA attacks mainly comprise the following modes: (1) forced cracking: attempting all private keys; (2) mathematical attack: factoring the product of the two prime numbers; (3) timing attack: depending on the execution time of the decryption algorithm. In order to prevent forced cracking of the RSA algorithm, an ultra-long key must be used, so that the more and better the total number of bits of the two large prime numbers p and q are chosen, but this also makes the key generation speed, the encryption and decryption speed slower and slower. For the remaining two attacks, because the security of RSA is based on the difficulty of multiplying and integrating large prime numbers, cracking or cracking is almost impossible at present and is very costly.
1. The key generation is cumbersome. Since two large prime numbers p, q must be employed to generate the RSA key, it is almost difficult to use one-time-pad limited to prime number generation techniques.
2. The encryption speed is slow. The RSA algorithm not only has high security not found in DES, but also has quite popular and easy-to-understand algorithm process. The encryption speed difference is further illustrated by comparing the time for encrypting a set of simple data (2 KB data amount) by DES algorithm and RSA algorithm, without the need for excessively high security, at the cost of encryption speed, as shown in fig. 8. Wherein, p, q and other large prime numbers of RSA are randomly generated by using a deterministic prime number judgment algorithm, and it can be seen that encryption time of RSA and DES is almost different by hundred times.
The RSA algorithm for improving the RSA defects at home and abroad is researched and analyzed, and the latest research and analysis of RSA are specifically as follows:
the RSA algorithm is an algorithm based on large number decomposition, and the RSA has high safety because large number decomposition is a recognized mathematical problem. Although the hardware of the computer is updated rapidly, the performance of the computer is broken through the limit continuously, a great amount of time is still required for decomposing a large number of data to be broken. In addition, in order to cope with the rapid development of computer power, the RSA algorithm gradually increases the length of the key, but the encryption speed of the RSA algorithm is limited by the generation speed of the key. In order to solve the encryption speed problem of RSA algorithm, researchers at home and abroad commonly adopt two methods. The first method is to improve the implementation of the key algorithm and take some measures to increase the operation speed, and the invention starts from this aspect and researches how to improve the generation of the RSA key and improve the operation speed. The second approach is to find a new public key encryption algorithm that replaces RSA, for example, a public key encryption algorithm based on elliptic curve (ECC), the advent of which realizes a significant breakthrough in efficiency, but since it has not yet been widely used, much research is still theoretically based.
Since the core algorithm of RSA is modular exponentiation of large prime numbers, namely large number multiplication and modular exponentiation, to improve the efficiency of RSA algorithm, the problem of the operation speed of modular exponentiation in RSA must be solved, the core complexity in modular exponentiation depends on the modular exponentiation, the modular exponentiation further comprises division operation, and for a computer, it is quite time-consuming to perform a division operation for several times, so that the RSA algorithm can be greatly reduced and even avoided, and the performance of RSA algorithm can be remarkably improved. Based on the method, the invention carries out detailed research on a prime number judging method affecting the modular exponentiation speed of the RSA algorithm on the premise of ensuring the safety of the RSA algorithm, carefully compares the advantages and disadvantages of two prime number judging algorithms, adopts a Montgomery rapid exponentiation algorithm to optimize a classical probabilistic prime number judging algorithm-Miller-Rabin algorithm, provides an improved rapid prime number judging algorithm (Improved fast prime number judgment algorithm, IFPNJA), and finally applies the IFPNJA to the RSA algorithm to form an RSA algorithm (RSA algorithm based on improved prime number decision, IPNRSA) based on improved prime number judgment.
The prime number judging method comprises the following steps: the prime number judgment methods are generally divided into two types: the method comprises a deterministic prime number judgment algorithm and a probabilistic prime number judgment algorithm. The deterministic prime number judgment algorithm is named as it is that the percentage of the numbers generated by it are prime numbers, but with certain limitations. While the probability prime number judgment algorithm cannot guarantee that the percentile generates prime numbers, the probability prime number judgment algorithm has no big limit and generates prime numbers faster than the deterministic judgment algorithm. In general, most of practical life uses a probabilistic prime number judgment algorithm, although the prime number can not be generated in a hundred percent, the non-prime number is generated as a small probability event, and the probabilistic prime number judgment algorithm can quickly and irregularly generate the pseudo prime number so as to meet most of demands.
The most common of deterministic prime number judgment algorithms is the integer divisor algorithm, i.e. the integer divisor test, which is based on the principle that all integers used as divisors are smaller than n, which represents the product of two large prime numbers, and if any of these numbers can be divided by n, then n is a complex number. The integer divisibility algorithm is very inefficient and its bit operation complexity grows exponentially.
The more well-known algorithms among the probabilistic prime number judgment algorithms are: the Miller-Rabin algorithm, solovay-Strassen algorithm, lehman algorithm, etc., and since the invention is improved and limited in terms of the Miller-Rabin probabilistic prime number judgment algorithm, only the Miller-Rabin algorithm will be described in detail, and several other well-known algorithms will not be described in detail.
Introduction to Miller-Rabin algorithm: if n is an odd prime number, then n-1 = 2 r m, r is a non-negative integer, m is a positive odd number, a is any positive integer with n, then a m Identical to 1 (mod n) or for a certain h (0.ltoreq.h.ltoreq.r-1), equation a w Identical to-1 (mod n) holds, where w=2 h m. It can be demonstrated that the error probability of the Miller-Rabin algorithm is at most 4 -1 . If n passes the t-test, the probability that n is not prime will be 4 -t While the error probability of the Solovay-Strassen algorithm and the Lehman algorithm is 2 -t
The invention directly adopts the probabilistic prime number judgment algorithm to improve the modular exponentiation of the RSA algorithm because the deterministic prime number judgment algorithm has very low efficiency and high complexity and is not suitable for the modular exponentiation of the RSA algorithm. The principle of each probabilistic prime number judgment algorithm shows that the probability of judging prime numbers by the Miller-Rabin algorithm is far higher than that of other two main stream algorithms, so the Miller-Rabin algorithm is selected for improvement, and the Miller-Rabin algorithm is optimized by introducing an algorithm capable of greatly reducing modular exponentiation, namely a Montgomery rapid power algorithm, so that an improved rapid prime number judgment algorithm (IFPNJA) is formed, and the specific process is as follows:
Input: large number A, B, miller-Rabin algorithm, modulus N.
And (3) outputting: a fast modular multiplication of a large number A, B.
Initial input: two large numbers A, B and a modulus N are input.
Selection base: selecting a positive integer R which is compatible with N as a base number, and simultaneously requiring that when R is 2 k When N is needed, the following steps are satisfied: 2 k-1 ≤N≤2 k And GCD (R, N) =1, where R may be any base, the power of 2 is used in the present invention for convenience of processing.
Montgomery's fast power: the large number A, B is subjected to modular multiplication operation by using Montgomery fast power algorithm to simplify Miller-Rabin algorithm, namely Montgomery (A, B, N) =ABR -1 (modN)。
And outputting a fast modular multiplication result of a large number A, B.
The main benefit of the IFPNJA adopting the Montgomery rapid power algorithm is that division is converted into shift operation, so that the calculation process is simplified, and the efficiency of great number power operation is improved.
In order to improve the judging efficiency of the IFPNJA applied to the RSA algorithm, all even numbers and numbers divided by 5 are directly removed in the prime number generation initial stage, 53 small prime numbers are selected to form a screening array for deep screening, and then the IFPNJA is applied to modular exponentiation operation of the RSA algorithm for rapid screening. All screening methods complement each other to form an RSA algorithm (IPNRSA) based on improved prime number judgment, and the specific improvement steps of the IPNRSA are as follows:
Input: plaintext M, miller-Rabin algorithm, random large array N.
And (3) outputting: encrypted ciphertext C, decrypted plaintext M.
Random large number generation: a large array N is randomly generated except for even numbers and numbers divisible by 5.
Large array screening: and selecting 53 small prime numbers and screening the large array N by using a remainder method.
Optimization of Miller-Rabin algorithm: the Miller-Rabin algorithm was optimized using the Montgomery fast power algorithm.
Generating large prime numbers p, q: the steps described above are combined with IFPNJA to generate two large prime numbers p, q.
RSA encrypts plaintext: and inputting a plaintext M, generating an RSA key by using two large prime numbers p and q, and encrypting the plaintext to generate a ciphertext C.
The encrypted ciphertext C is output.
RSA decrypts plaintext: and inputting a ciphertext C, generating an RSA key by using two large prime numbers p and q, and decrypting the ciphertext to generate a plaintext M.
The decrypted plaintext M is output.
Based on the advantages of the two improved algorithms of the HDDES and the IPNRSA, the two improved algorithms utilize different stages of medical electronic case EMR data (namely, carry out mixed encryption), thereby forming a mixed encryption scheme oriented to the safe storage of medical data, and the method is specifically as follows:
since the encryption and decryption process (such as DES) of the symmetric encryption algorithm is very fast, the encryption efficiency is very high, the encryption method is very suitable for encrypting medical electronic medical record data EMR with fast update frequency and huge data volume, but the security is not high because the encryption and decryption (such as RSA) of the asymmetric encryption algorithm is very slow, the encryption efficiency is very low, the encryption method is not suitable for encrypting medical record data, but the encryption method is extremely high in security because the encryption is difficult and the secret key is not afraid of being stolen, in order to solve the problem, the invention adopts a mixed encryption scheme combining symmetric encryption and asymmetric encryption, namely adopts HDDES and IPNRSA to carry out selective mixed encryption on the medical data, and the specific process is as shown in fig. 9, and the summary is as follows:
The sender encrypts the medical data plaintext by using an HDDES key to obtain an encrypted ciphertext.
The sender encrypts the HDDES key information with the public key of the IPNRSA to obtain an encryption key.
The sender sends out the encrypted ciphertext and the encryption key mixed information.
After receiving the mixed information, the receiver decrypts the encryption key by using the private key of the IPNRSA to obtain the HDDES key.
And the receiver decrypts the encrypted ciphertext by using the HDDES key obtained by decryption to obtain the medical data plaintext.
The hybrid encryption strategy based on the HDDES and the IPNRSA not only improves the efficiency of encrypting the medical data EMR, but also ensures the safety of transmitting the medical data EMR.
The invention adopts the real medical electronic medical record data picture (EMR picture) to encrypt and decrypt, the experimental result is shown in fig. 10 and 11, and the experimental analysis is as follows.
The medical data picture has obvious plaintext encryption effect. The left half of fig. 10 shows that the text part of the medical data picture before encryption is clearly visible, then the medical data picture ciphertext is obtained after the encryption operation is performed (see the right half of fig. 10), and the right half of fig. 10 shows that almost all text parts cannot be identified by human eyes and are shown in a messy code form when the operation of viewing the source file is performed again in the background, which fully indicates the encryption effectiveness of the hybrid encryption scheme provided by the invention.
The medical data picture ciphertext decryption effect is obvious. The left half of fig. 11 shows that the whole image of the medical data before decryption is blurred and can be hardly identified, then the ciphertext of the image of the medical data is obtained after decryption operation is carried out (see the right half of fig. 11), and compared with the original image of the left half of fig. 10, the image is obviously almost lossless before and after encryption, which fully shows the decryption effectiveness of the hybrid encryption scheme provided by the invention.
The invention discusses the advantages and disadvantages of a triple DES encryption algorithm (Triple Data Encryption Algorithm, TDEA) and an independent subkey DES encryption algorithm (Independent Sub Key DES Algorithm, ISKDES), and provides a mixed double DES encryption algorithm (Hybrid Double DES Encryption Algorithm, HDDES) based on the TDEA algorithm and the ISKDES algorithm, wherein the HDDES algorithm integrates the advantages of the TDEA and the ISKDES, the HDDES firstly expands an original 64-bit key to 128 bits, reduces the risk of the too short key being attacked by exhaustion, then double encrypts encryption information by referring to the advantages of multiple encryption of the TDEA algorithm, strengthens the safety intensity of the algorithm, finally maps a 12-bit key by referring to the characteristics of the ISKDES algorithm, realizes local independence, avoids the threat of violent cracking of the key, and has higher operation efficiency than the TDEA algorithm due to double encryption.
Meanwhile, the invention also discusses the advantages and disadvantages of the deterministic and probabilistic prime number judgment algorithms, and provides an Improved Fast Prime Number Judgment Algorithm (IFPNJA) based on the Miller-Rabin probabilistic prime number judgment algorithm, and the main benefit of the IFPNJA adopting the Montgomery fast power algorithm is that division is changed into shift operation, so that the calculation process is simplified, and the efficiency of large number power multiplication operation is improved. And finally, applying the IFPNJA to an RSA algorithm to form an RSA algorithm (RSA algorithm based on improved prime number decision, IPNRSA) based on improved prime number judgment.
Because the symmetric encryption algorithm and the asymmetric encryption algorithm are faced with the advantages and the disadvantages of quick updating frequency and huge data volume of medical electronic medical record data EMR, the invention combines the HDDES encryption algorithm and the IPNRSA encryption algorithm to make up for the advantages and the disadvantages, and forms a hybrid encryption scheme based on the HDDES and the IPNRSA, so that the hybrid encryption scheme can effectively store medical data safely. In addition, the hybrid encryption scheme based on the HDDES and the IPNRSA inherits the characteristics of a public key encryption system, so that the key management related problem does not need to be worried, and the hybrid encryption scheme is an ideal scheme for the safe storage of medical data.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.

Claims (10)

1. A hybrid encryption method for secure storage of medical data, the method comprising:
generating a key K for DES encryption;
encrypting the key K by using RSA to form a ciphertext CK;
acquiring an RSA public encryption key Keb;
forming a digital signature MA with the RSA decryption key and the public encryption key Keb;
Encrypting plaintext and the digital signature MA using the key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending ciphertext C;
the DES specifically comprises the following steps:
(1) extending key length: expanding the 64-bit key of the original DES to 128-bit length;
(2) key mapping processing: inputting a 128-bit key and mapping according to a mapping table to obtain two sub-keys key1 and key2, wherein each sub-key is 64 bits;
(3) generating a subkey: performing key processing on the two sub-keys key1 and key2 to respectively obtain 16 sub-keys;
(4) plaintext double encryption: after inputting a plaintext, encrypting the plaintext by using key1 once, and then encrypting the plaintext by using key2 twice to generate a DES ciphertext;
the RSA specifically comprises the following steps:
random large number generation: randomly generating a large array N except for even numbers and numbers divisible by 5;
large array screening: selecting 53 small prime numbers and screening a large array N by a remainder method;
optimization of Miller-Rabin algorithm: fast power algorithm using MontgomeryThe simplified Miller-Rabin algorithm performs a modular multiplication operation on the large number A, B, i.e., montgomery (A, B, N) =ABR -1 (modN);
Generating large prime numbers p, q: combining the above steps and IFPNJA to generate two large prime numbers p, q;
RSA encrypts plaintext: and inputting a plaintext M, generating an RSA key by using two large prime numbers p and q, and encrypting the plaintext to generate an RSA ciphertext.
2. The hybrid encryption method for secure storage of medical data as set forth in claim 1, wherein,
the specific form of the ciphertext CK is as follows: ck.keb (K) =ck.
3. The hybrid encryption method for secure storage of medical data as set forth in claim 1, wherein,
the specific form of the ciphertext C is as follows: c=k (plaintext, MA) +ck.
4. A hybrid encryption system for secure storage of medical data, the system comprising:
a DES key generation unit for generating a key K for DES encryption;
a first encrypting unit for encrypting the key K by RSA to form a ciphertext CK;
a public encryption key acquisition unit configured to acquire an RSA public encryption key Keb;
a first digital signature generation unit for forming a digital signature MA together with the public encryption key Keb using an RSA decryption key;
a second encryption unit for encrypting the plaintext and the digital signature MA using the key K;
the ciphertext generating unit is used for combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
A transmitting unit for transmitting the ciphertext C;
the DES specifically comprises the following steps:
(1) extending key length: expanding the 64-bit key of the original DES to 128-bit length;
(2) key mapping processing: inputting a 128-bit key and mapping according to a mapping table to obtain two sub-keys key1 and key2, wherein each sub-key is 64 bits;
(3) generating a subkey: performing key processing on the two sub-keys key1 and key2 to respectively obtain 16 sub-keys;
(4) plaintext double encryption: after inputting a plaintext, encrypting the plaintext by using key1 once, and then encrypting the plaintext by using key2 twice to generate a DES ciphertext;
the RSA specifically comprises the following steps:
random large number generation: randomly generating a large array N except for even numbers and numbers divisible by 5;
large array screening: selecting 53 small prime numbers and screening a large array N by a remainder method;
optimization of Miller-Rabin algorithm: the large number A, B is subjected to modular multiplication operation by using Montgomery fast power algorithm to simplify Miller-Rabin algorithm, namely Montgomery (A, B, N) =ABR -1 (modN);
Generating large prime numbers p, q: combining the above steps and IFPNJA to generate two large prime numbers p, q;
RSA encrypts plaintext: and inputting a plaintext M, generating an RSA key by using two large prime numbers p and q, and encrypting the plaintext to generate an RSA ciphertext.
5. A hybrid decryption method for medical data security oriented storage according to the hybrid encryption method for medical data security oriented storage of claim 1, characterized in that the method comprises:
receiving ciphertext C;
decrypting a key K in the ciphertext C by using an RSA decryption key Kdb;
and decrypting the plaintext and the digital signature MA by using the key K.
6. The hybrid decryption method for secure storage of medical data according to claim 5, wherein after decrypting the plaintext and the digital signature MA using the key K, further comprising:
obtaining a public key Kea;
identity verification of the signature information is performed by using the public key Kea and the decryption key Kdb;
performing digital processing on the signature information to form receiver signature information;
and sending the signature information of the receiver to a sender to confirm the received information.
7. The hybrid decryption method for secure storage of medical data according to claim 6, wherein after sending the signature information of the receiving party to the transmitting party to confirm receipt of the information, further comprising:
both the sender and the receiver delete the key K.
8. A hybrid decryption system for medical data security-oriented storage according to the hybrid decryption method for medical data security-oriented storage of claim 5, wherein the system comprises:
a receiving unit, configured to decrypt the key K in the ciphertext C using a decryption key Kdb;
and the decryption unit decrypts the plaintext and the digital signature MA by using the key K.
9. The hybrid decryption system for secure storage of medical data as recited in claim 8, wherein,
the device also comprises a receiver processing unit, a receiver processing unit and a receiver processing unit, wherein the receiver processing unit is used for acquiring a public key Kea of a sender;
identity verification of the signature information is performed by using the public key Kea and the decryption key Kdb;
performing digital processing on the signature information to form receiver signature information;
and sending the signature information of the receiver to a sender to confirm the received information.
10. The method for the mixed encryption and decryption of the medical data security storage is characterized by comprising the following steps:
the sender generates a key K for DES encryption;
encrypting the key K by using RSA to form a ciphertext CK;
acquiring an RSA public encryption key Keb;
forming a digital signature MA with the RSA decryption key and the public encryption key Keb;
Encrypting plaintext and the digital signature MA using the key K;
combining the encrypted plaintext and the encrypted digital signature MA with the ciphertext CK to form a ciphertext C;
sending the ciphertext C;
the receiving party receives the ciphertext C and decrypts the key K in the ciphertext C by using the RSA decryption key Kdb;
decrypting the plaintext and the digital signature MA using the key K;
the DES specifically comprises the following steps:
(1) extending key length: expanding the 64-bit key of the original DES to 128-bit length;
(2) key mapping processing: inputting a 128-bit key and mapping according to a mapping table to obtain two sub-keys key1 and key2, wherein each sub-key is 64 bits;
(3) generating a subkey: performing key processing on the two sub-keys key1 and key2 to respectively obtain 16 sub-keys;
(4) plaintext double encryption: after inputting a plaintext, encrypting the plaintext by using key1 once, and then encrypting the plaintext by using key2 twice to generate a DES ciphertext;
the RSA specifically comprises the following steps:
random large number generation: randomly generating a large array N except for even numbers and numbers divisible by 5;
large array screening: selecting 53 small prime numbers and screening a large array N by a remainder method;
optimization of Miller-Rabin algorithm: the large number A, B is subjected to modular multiplication operation by using Montgomery fast power algorithm to simplify Miller-Rabin algorithm, namely Montgomery (A, B, N) =ABR -1 (modN);
Generating large prime numbers p, q: combining the above steps and IFPNJA to generate two large prime numbers p, q;
RSA encrypts plaintext: and inputting a plaintext M, generating an RSA key by using two large prime numbers p and q, and encrypting the plaintext to generate an RSA ciphertext.
CN202011236546.9A 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage Active CN112367159B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011236546.9A CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011236546.9A CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Publications (2)

Publication Number Publication Date
CN112367159A CN112367159A (en) 2021-02-12
CN112367159B true CN112367159B (en) 2023-08-29

Family

ID=74509335

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011236546.9A Active CN112367159B (en) 2020-11-09 2020-11-09 Mixed encryption and decryption method and system for medical data secure storage

Country Status (1)

Country Link
CN (1) CN112367159B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112863676A (en) * 2021-04-23 2021-05-28 攀枝花市妇幼保健院(攀枝花市妇幼保健服务中心) Doctor advice push management system based on multiple signature technology

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system
WO2012152956A1 (en) * 2011-05-09 2012-11-15 PÉREZ I GIL, Antoni Shannon security double symmetrical cryptogram method by coding information for telematic and electronic transmission
CN110113340A (en) * 2019-05-09 2019-08-09 程丁 Based on distribution RSA in Hadoop platform and DES mixed encryption method
CN110535868A (en) * 2019-09-05 2019-12-03 山东浪潮商用系统有限公司 Data transmission method and system based on Hybrid Encryption algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10333696B2 (en) * 2015-01-12 2019-06-25 X-Prime, Inc. Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101262341A (en) * 2008-02-22 2008-09-10 北京航空航天大学 A mixed encryption method in session system
WO2012152956A1 (en) * 2011-05-09 2012-11-15 PÉREZ I GIL, Antoni Shannon security double symmetrical cryptogram method by coding information for telematic and electronic transmission
CN110113340A (en) * 2019-05-09 2019-08-09 程丁 Based on distribution RSA in Hadoop platform and DES mixed encryption method
CN110535868A (en) * 2019-09-05 2019-12-03 山东浪潮商用系统有限公司 Data transmission method and system based on Hybrid Encryption algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
改进的RSA加密算法在智能药箱数据存储中的应用;陈菲;李少轩;;网络安全技术与应用(第04期);全文 *

Also Published As

Publication number Publication date
CN112367159A (en) 2021-02-12

Similar Documents

Publication Publication Date Title
Orobosade et al. Cloud application security using hybrid encryption
US6697488B1 (en) Practical non-malleable public-key cryptosystem
Mahesh et al. Design of new security algorithm: Using hybrid Cryptography architecture
CN113078997B (en) Terminal protection method based on lightweight cryptographic algorithm
CN107534558B (en) Method for protecting the information security of data transmitted via a data bus and data bus system
CN116321129B (en) Lightweight dynamic key-based power transaction private network communication encryption method
Bhatele et al. A novel approach to the design of a new hybrid security protocol architecture
CN115567308A (en) Data encryption transmission method based on key expansion
Hoobi Efficient hybrid cryptography algorithm
Alemami et al. Advanced approach for encryption using advanced encryption standard with chaotic map
CN107147626B (en) Encrypted file transmission method combining AES algorithm and ElGamal algorithm
CN112367159B (en) Mixed encryption and decryption method and system for medical data secure storage
Sood et al. A literature review on rsa, des and aes encryption algorithms
Kuppuswamy et al. A hybrid encryption system for communication and financial transactions using RSA and a novel symmetric key algorithm
CN109981254B (en) Micro public key encryption and decryption method based on finite lie type group decomposition problem
US20060251248A1 (en) Public key cryptographic methods and systems with preprocessing
JP3517663B2 (en) Encryption communication method and encryption communication system
CN106973061B (en) AES outgoing file encryption method based on reversible logic circuit
Mansour et al. AMOUN: Asymmetric lightweight cryptographic scheme for wireless group communication
Shimal et al. Extended of TEA: A 256 bits block cipher algorithm for image encryption
CN115361109A (en) Homomorphic encryption method supporting bidirectional proxy re-encryption
Hussein et al. An enhanced ElGamal cryptosystem for image encryption and decryption
Siva et al. Hybrid cryptography security in public cloud using TwoFish and ECC algorithm
WO2018011825A1 (en) Encryption and decryption of messages
EP1529390B1 (en) Method and system for accelerated data encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant