CN112511304A - Power data privacy communication method based on hybrid encryption algorithm - Google Patents
Power data privacy communication method based on hybrid encryption algorithm Download PDFInfo
- Publication number
- CN112511304A CN112511304A CN202011344414.8A CN202011344414A CN112511304A CN 112511304 A CN112511304 A CN 112511304A CN 202011344414 A CN202011344414 A CN 202011344414A CN 112511304 A CN112511304 A CN 112511304A
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- data
- power data
- transformation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 36
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000006854 communication Effects 0.000 title claims abstract description 19
- 238000004891 communication Methods 0.000 title claims abstract description 19
- 238000012795 verification Methods 0.000 claims abstract description 24
- 230000009466 transformation Effects 0.000 claims description 46
- 238000004364 calculation method Methods 0.000 claims description 3
- 239000011159 matrix material Substances 0.000 claims description 3
- 238000007781 pre-processing Methods 0.000 claims description 3
- 238000009826 distribution Methods 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000010248 power generation Methods 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- SQKUFYLUXROIFM-UHFFFAOYSA-N 2-[2-[carboxymethyl-[[3-hydroxy-2-methyl-5-(phosphonooxymethyl)pyridin-4-yl]methyl]amino]ethyl-[[3-hydroxy-2-methyl-5-(phosphonooxymethyl)pyridin-4-yl]methyl]amino]acetic acid Chemical compound CC1=NC=C(COP(O)(O)=O)C(CN(CCN(CC(O)=O)CC=2C(=C(C)N=CC=2COP(O)(O)=O)O)CC(O)=O)=C1O SQKUFYLUXROIFM-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention relates to the technical field of communication data security, in particular to a power data privacy communication method based on a hybrid encryption algorithm, which comprises the following steps: a sender randomly generates an AES session key, and encrypts a plaintext M of power data to be transmitted by using the session key to obtain a ciphertext M; the sender encrypts a session key by adopting an elliptic encryption algorithm to obtain an encrypted key and uses a digital signature; sending the ciphertext M, the encrypted key and the digital signature to a receiver; the receiver decrypts the session key by using an ECC decryption algorithm and performs signature verification; if the signature passes the verification, decrypting the ciphertext M by using the session key to obtain the original electric power data M; and if the signature does not pass, returning error information. The invention ensures the confidentiality and the integrity of data through mixed encryption, improves the encryption and decryption speed, solves the problems of key management and distribution of an AES encryption algorithm and optimizes the electric power data communication flow.
Description
Technical Field
The invention relates to the technical field of communication data security, in particular to a power data privacy communication method based on a hybrid encryption algorithm.
Background
In recent years, with the global energy problem becoming more severe, research work on smart grids is being carried out in all countries around the world. The intelligent power grid is a panoramic real-time system covering the whole production process of a power system (comprising multiple links of power generation, power transmission, power transformation, power distribution, power utilization, scheduling and the like), is intelligent, is established on the basis of an integrated high-speed bidirectional communication network, and realizes the purposes of reliability, safety, economy, high efficiency, environmental friendliness and safe use of the power grid through the application of a sensing and measuring technology, an equipment technology, a control method and a decision support technology. Due to the access of a large number of intelligent devices in the intelligent power grid, the connection between power users and the information world is tighter and tighter, and the safety problem of the user side is increasingly obvious.
In the security problem of the smart grid, the confidentiality of data transmission is very important for protecting the privacy information of power users, and the confidentiality is a problem which must be considered in data transmission. The smart grid data elements having an effect on user privacy include: address, account number, meter reading, real-time bill, billing history, home lan, etc. When the smart grid real-time communication and data interaction are performed, the data of the user is at risk of being stolen or tampered by an untrusted third party. If the publisher publishes the original data directly without taking appropriate data protection measures, it is likely that the sensitive information of the individual will be revealed, and the owner of the data will be harmed. Therefore, in order to secure personal sensitive information, privacy protection should be performed while data is being distributed.
Data encryption is a common means for solving the problem of privacy protection, and methods such as homomorphic encryption technology, hybrid encryption technology, POR model based on BLS short signature, DPDP, Knox and the like are common methods for preventing privacy disclosure during data storage. However, operations such as query, statistics, analysis, and calculation of big data also need to be performed in the cloud, which brings new challenges to the conventional encryption technology.
Disclosure of Invention
In order to solve the problem of data leakage possibly encountered in data transmission, the invention provides a power data privacy communication method based on a hybrid encryption algorithm.
A power data privacy communication method based on a hybrid encryption algorithm comprises the following steps:
s1, the sender randomly generates an AES session Key for AES encryption, and encrypts the plaintext M of the power data to be transmitted by using the session Key to obtain a ciphertext M;
s2, the sender encrypts the session Key Key generated in the step S1 by adopting an elliptic cryptography algorithm (ECC) to obtain an encrypted Key, and uses a digital signature for the ciphertext M;
s3, sending the ciphertext M generated in the step S1, the encrypted key generated in the step S2 and the digital signature of the ciphertext M to a receiver;
s4, the receiver decrypts the AES session key by using an ECC decryption algorithm and performs signature verification;
s5, if the signature passes the verification, decrypting the electric power data ciphertext M by using the AES session key to obtain the original electric power data M; and if the signature does not pass, returning error information.
Further, encrypting the plaintext M of the power data to be transmitted to obtain a ciphertext M, specifically comprising:
s11, preprocessing the plaintext m of the power data to be transmitted: grouping the plaintext m of the power data to be transmitted, wherein the length of each group of data is 128 bits, complementing the plaintext by using a blank when the length of each group of data is less than 128 bits, 4 bytes in each row of each group are arranged into 4 rows, the 4 rows are called as a state matrix, and the writing and reading of the data are operated according to the column priority sequence and by taking the bytes as units;
s12, encoding the preprocessed electric power plaintext data m: and performing S-box transformation ByteSub, row shift transformation ShiftRow, column confusion transformation MixColumn and round key plus transformation AddRoundKey on the preprocessed data M, repeating the 9 rounds of operations, and sequentially performing S-box transformation ByteSub, row shift transformation ShiftRow and round key plus transformation AddRoundKey operations in the 10 th round of data coding to obtain and output a ciphertext M.
Further, encrypting the session Key generated in step S1 by using an elliptic encryption algorithm ECC algorithm to obtain an encrypted Key, and using a digital signature for the ciphertext M, specifically including:
s21, the receiving party selects an elliptic curve Ep(a,b),Ep(a, b) are elliptic curves over the finite field GF (p), where p, a, b are the three parameters defining the elliptic curve and are in elliptic curve Ep(a, b) taking a base point G; the receiving party determines a first key pair (K, K): selecting a first private key K and generating a first public key K ═ kG; elliptic curve E of receiver handlep(a, b), the first public key K and the base point G are transmitted to the sender;
s22, the sender receives the message (elliptic curve E)p(a, b), the first public Key K and the base point G), and then the AES session Key Key is coded to an elliptic curve Ep(a, b) and generating a random integer l, calculating a first temporary variable C1T + lK, second temporary variable C2Is ═ lG, and a first temporary variable C1And a second temporary variable C2Sending the data to a receiver;
s23, the sender generates a second public key and a second private key: elliptic curve Ep(a, b) where P is the order of P and n is the safety requirement, O is the infinity point, a random number d is selected, d is the [1, n-1]]Calculating Q ═ dP, and determining a second key pair (d, Q), wherein the second public key is Q and the second private key is d;
s24, carrying out digital signature on the ciphertext M by adopting a secure hash algorithm: randomly selecting an integer k, k belonging to [1, n-1]]Calculating kG ═ x, y, and r ═ xmodn, where (x, y) is an elliptic curve EpCoordinates on (a, b), G is the elliptic curve E in step S21p(a, b) selecting a base point, n being a selected large prime number satisfying the safety requirement, calculating a third temporary variableH (m), where h (m) is a secure hash function SHA-1, and s (e + rd) k is calculated-1modn, the digital signature of the ciphertext M is (r, s), r is a first digital signature parameter, and s is a second digital signature parameter; if r is 0 or s is 0, the random number k is alternatively taken to re-execute this step.
Further, the receiving party decrypts the session key by using an ECC decryption algorithm and performs signature verification, including:
s41, the receiving party receives the data (ciphertext M generated in step S1, encrypted key and digital signature generated in step S2, elliptic curve Ep(a, b) and a temporary variable C1、C2) And then, calculating T, wherein T is a point on an elliptic curve for coding the AES session key, and the calculation formula is as follows:
C1-kC2=T+rK-k(rG)=T+rK-r(kG)=T
s42, decoding the T to obtain an AES session key;
s43, signature verification is carried out on the message:
knowing that the number signature of the ciphertext M is (r, s), first a third temporary variable e ═ h (M) is calculated, and second u ═ s is calculated- 1emodn,v=s-1rmodn, (x ', y') ═ uG + vQ, r '═ x' modn; wherein h (M) is a secure hash function SHA-1, u, v, x ', y ' are temporary variables, G is a selected base point, Q is a second public key, r ' is a calculated first digital signature parameter, and r is a first digital signature parameter in the digital signature;
comparing the r' with the r to see whether the values are consistent, if so, the signature verification is passed, and executing the step S5; if not, the signature verification fails and an error message is returned.
Further, decrypting the electric power data ciphertext M by using the AES session key to obtain the original electric power data plaintext M, which specifically includes: after signature verification passes, after a decrypted AES session key is obtained, grouping the electric power data ciphertext M, wherein each 128 bits are a group, then sequentially performing round key addition transformation, reverse column transformation, reverse row transformation and reverse S box transformation on the grouped data, repeating the operation for 9 rounds, and sequentially performing round key addition transformation, reverse row transformation and reverse S box transformation in the 10 th round of data decoding; and finally, the receiving party obtains the plaintext m of the power data.
The invention has the beneficial effects that:
1. the invention uses the signature verification technology to digitally sign the ciphertext before and after transmission, and directly jumps out of the decryption process when data tampering occurs through digital signature comparison, thereby simplifying the overhead of the system to the decryption process.
2. The invention uses ECC to encrypt the AES session key, thereby ensuring the security of the key, increasing the complexity of encryption and decryption and ensuring the security of power data transmission.
By the method and the system, the worry of power customers about data privacy safety is eliminated, and the popularization and application of the intelligent power distribution network are promoted. Meanwhile, aiming at the service requirements of the power industry, the construction system of the smart power grid is perfected, the collaborative innovation and the application deployment of the power grid service data sharing technology are promoted, and the construction of the smart power grid in Chongqing areas is facilitated; meanwhile, on the premise that the application of the technology can protect the data privacy of the power customers, the value of the power grid service data is deeply mined, the transformation and the upgrade of the power grid industry can be promoted, and a modern economic system is built.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a block diagram of a power data privacy communication method based on a hybrid encryption algorithm according to an embodiment of the present invention;
fig. 2 is a timing chart of communication between two power data receivers according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
A power data privacy communication method based on a hybrid encryption algorithm is shown in figure 1 as a main data encryption and decryption communication flow of a power data sending party and a power data receiving party, and is mainly divided into four steps:
1) and the sender generates an AES session key and encrypts the power data to obtain a ciphertext.
2) And the sender encrypts the key generated in the last step by using an ECC algorithm and generates a digital signature for the ciphertext.
3) And sending the ciphertext, the encrypted key, the encrypted digital signature and the necessary parameters to a receiver.
4) And performing signature verification, decrypting the session key by using an ECC (error correction code) decryption algorithm after the signature verification is passed, and decrypting the electric power data ciphertext.
Specifically, the following embodiments are included, but not limited to:
s1, the sender randomly generates a session Key Key for AES encryption, the session Key Key is 128 bits, and the session Key Key is used for encrypting the plaintext M of the power data to be transmitted to obtain the ciphertext M. Wherein, electric power data plaintext m to be transmitted includes: scheduling operation data, distribution network planning data, power distribution, power generation, power utilization, power transmission and other basic data.
Further, in some embodiments, encrypting the plaintext M of the power data to be transmitted to obtain the ciphertext M specifically includes the following steps:
s11, preprocessing the plaintext m of the power data to be transmitted: the method comprises the steps of grouping plain texts m of power data to be transmitted, wherein the length of each group of data is 128 bits, complementing the plain texts with blanks when the length of each group of data is less than 128 bits, each group comprises 4 rows and 4 bytes, each group is called a state matrix, and writing and reading of the data are performed according to the column priority order and are performed by taking the bytes as units.
S12, encoding the preprocessed electric power plaintext data m: and sequentially carrying out S-box transformation ByteSub, row shift transformation ShiftRow, column confusion transformation MixColumn and round key plus transformation AddRoundKey on the preprocessed data M, repeating the 9 rounds of operation, not carrying out the column confusion transformation MixColumn in the 10 th round, namely only sequentially carrying out the operations of S-box transformation ByteSub, row shift transformation ShiftRow and round key plus transformation AddRoundKey in the 10 th round of data coding, and outputting the ciphertext M through the series of coding processes.
S2, the sender encrypts the session Key Key generated in the step S1 by adopting an elliptic cryptography algorithm (ECC) to obtain an encrypted Key, and uses a digital signature for the ciphertext M.
Further, in some embodiments, an elliptic curve cryptography algorithm ECC algorithm is used to encrypt the session Key generated in step S1 to obtain an encrypted Key, and a digital signature is used for the ciphertext M, which specifically includes the following steps:
s21, the receiving party selects an elliptic curve Ep(a,b),Ep(a, b) are elliptic curves over the finite field GF (p), where p, a, b are the three parameters defining the elliptic curve and are in elliptic curve Ep(a, b) taking a base point G, G being an elliptic curve Ep(a, b) a point above; the receiving party determines a first key pair (K, K): randomly selecting a first private key K and generating a first public key K which is kG; elliptic curve of handle of receiver Ep(a, b), the first public key K and the base point G are transmitted to the sender;
s22, the sender receives the message (elliptic curve E)p(a, b), the first public Key K and the base point G), and then the AES session Key Key is coded to an elliptic curve Ep(a, b) and generating a random integer l, calculating a first temporary variable C1T + lK, second temporary variable C2And transmits the first temporary variable C1 and the second temporary variable C2 to the receiving party. The temporary variables C1 and C2 are defined to avoid exposing T (T is a point on an elliptic curve encoding an AES session key) during data transmission, ensure the data confidentiality, increase the complexity of the encryption and decryption process, perform inverse computation decryption in the subsequent decryption step by using the temporary variables C1 and C2, and the receiver can calculate T by using the private key k.
S23 the sender generates a second public key and a second private key: a point P on the elliptic curve E belongs to E, the order of P is a prime number n meeting the safety requirement, namely nP equals O, wherein O is an infinite point, a random number d is selected, d belongs to [1, n-1], Q is calculated, Q equals dP, and thus a second key pair (d, Q) is determined, wherein the second public key is Q, and the second private key is d;
s24, carrying out digital signature on the ciphertext M by adopting a secure hash algorithm: randomly selecting an integer k, k belonging to [1, n-1]]Calculating kG ═ x, y, r ═ xmodn, where n is the selected large prime number, and (x, y) is the elliptic curve EpCoordinates on (a, b), G is the elliptic curve E in step S21p(a, b) selecting a base point, calculating a third temporary variable e ═ h (M), wherein h (M) is a secure hash function SHA-1, M is a ciphertext, and calculating s ═ e + rd) k-1modn, the digital signature of the ciphertext M is (r, s), r is a first digital signature parameter, and s is a second digital signature parameter; if the first digital signature parameter r is 0 or the second digital signature parameter s is 0, the random number k is selected to perform this step again.
The encryption process of the AES key using the elliptic encryption algorithm ECC is shown in fig. 2 as a timing diagram.
S3, generating the cipher text M generated in the step S1, the encrypted key generated in the step S2, the digital signature of the cipher text M and the elliptic curve Ep(a, b) and other necessary parameters to the recipient.
And S4, the receiver decrypts the AES session key by using an ECC decryption algorithm and verifies the signature. Specifically, the method comprises the following steps:
s41, the receiving side receives the data (the ciphertext M generated in step S1, the encrypted key generated in step S2, the digital signature of the ciphertext M, and other necessary parameters), and calculates the elliptic curve EpThe point T with the session key encoded on (a, b) is calculated by the following formula:
C1-kC2=T+rK-k(rG)=T+rK-r(kG)=T
s42, decoding the T to obtain an AES session key;
s43, signature verification is carried out on the message:
first, e ═ h (M) is calculated, where e denotes a third temporary variable, h (M) is a secure hash function SHA-1, and the digital signature of the ciphertext M is known as (r, s),
then calculating u as s-1emodn,v=s-1rmodn, (x ', y') ═ uG + vQ, r '═ x' modn, where u, v, x ', y' are all temporary variables, and G is the elliptic function Ep(a, b) selectingTaking a base point, wherein Q is the second public key calculated in the step S23, r' is the calculated first digital signature parameter, and r is the first digital signature parameter in the digital signature.
Comparing the r' with the r to see whether the values are consistent, if so, the signature verification is passed, and executing the step S5; if not, the signature verification fails and an error message is returned.
Wherein r is a real public key, and r' is a calculated public key.
S5, if the signature passes the verification, decrypting the electric power data ciphertext M by using the AES session key to obtain the original electric power data M; and if the signature does not pass, returning error information.
Further, in some embodiments, decrypting the power data ciphertext M by using the AES session key to obtain the original power data M includes: after signature verification passes, after a decrypted AES session key is obtained, grouping the electric power data ciphertext M, wherein each 128 bits are a group, then sequentially performing round key addition transformation, reverse column transformation, reverse row transformation and reverse S box transformation on the grouped data, repeating the operation for 9 rounds, then performing round key addition transformation, reverse row transformation and reverse S box transformation sequentially without performing reverse column transformation when data is decoded in the 10 th round; and finally, the receiving party obtains the plaintext m of the power data through the series of decryption processes. At this point, the two transmission parties complete data interaction.
It should be noted that, as one of ordinary skill in the art would understand, all or part of the processes of the above method embodiments may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when executed, the computer program may include the processes of the above method embodiments. The storage medium may be a magnetic disk, an optical disk, a Read-0nly Memory (ROM), a Random Access Memory (RAM), or the like.
The foregoing is directed to embodiments of the present invention and it will be appreciated by those skilled in the art that changes may be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (5)
1. A power data privacy communication method based on a hybrid encryption algorithm is characterized by comprising the following steps:
s1, the sender randomly generates an AES session Key for AES encryption, and encrypts the plaintext M of the power data to be transmitted by using the session Key to obtain a ciphertext M;
s2, the sender encrypts the session Key Key generated in the step S1 by adopting an elliptic cryptography algorithm (ECC) to obtain an encrypted Key, and uses a digital signature for the ciphertext M;
s3, sending the ciphertext M generated in the step S1, the encrypted key generated in the step S2 and the digital signature of the ciphertext M to a receiver;
s4, the receiver decrypts the AES session key by using an ECC decryption algorithm and performs signature verification;
s5, if the signature passes the verification, decrypting the electric power data ciphertext M by using the AES session key to obtain the original electric power data M; and if the signature does not pass, returning error information.
2. The electric power data privacy communication method based on the hybrid encryption algorithm according to claim 1, wherein the method for encrypting the plaintext M of the electric power data to be transmitted to obtain the ciphertext M specifically comprises:
s11, preprocessing the plaintext m of the power data to be transmitted: grouping the plaintext m of the power data to be transmitted, wherein the length of each group of data is 128 bits, complementing the plaintext by using a blank when the length of each group of data is less than 128 bits, 4 bytes in each row of each group are arranged into 4 rows, the 4 rows are called as a state matrix, and the writing and reading of the data are operated according to the column priority sequence and by taking the bytes as units;
s12, encoding the preprocessed electric power plaintext data m: and performing S-box transformation ByteSub, row shift transformation ShiftRow, column confusion transformation MixColumn and round key plus transformation AddRoundKey on the preprocessed data M, repeating the 9 rounds of operations, and sequentially performing S-box transformation ByteSub, row shift transformation ShiftRow and round key plus transformation AddRoundKey operations in the 10 th round of data coding to obtain and output a ciphertext M.
3. The electric power data privacy communication method based on the hybrid encryption algorithm according to claim 1, wherein the session Key generated in step S1 is encrypted by using an elliptic encryption algorithm ECC algorithm to obtain an encrypted Key, and a digital signature is used for a ciphertext M, and specifically includes:
s21, the receiving party selects an elliptic curve Ep(a,b),Ep(a, b) are elliptic curves over the finite field GF (p), where p, a, b are the three parameters defining the elliptic curve and are in elliptic curve Ep(a, b) taking a base point G; the receiving party determines a first key pair (K, K): selecting a first private key K and generating a first public key K ═ kG; elliptic curve E of receiver handlep(a, b), the first public key K and the base point G are transmitted to the sender;
s22, the sender receives the message (elliptic curve E)p(a, b), the first public Key K and the base point G), and then the AES session Key Key is coded to an elliptic curve Ep(a, b) and generating a random integer l, calculating a first temporary variable C1T + lK, second temporary variable C2Is ═ lG, and a first temporary variable C1And a second temporary variable C2Sending the data to a receiver;
s23, the sender generates a second public key and a second private key: elliptic curve Ep(a, b) where P is the order of P and n is the safety requirement, O is the infinity point, a random number d is selected, d is the [1, n-1]]Calculating Q ═ dP, and determining a second key pair (d, Q), wherein the second public key is Q and the second private key is d;
s24, carrying out digital signature on the ciphertext M by adopting a secure hash algorithm: randomly selecting an integer k, k belonging to [1, n-1]]Calculating kG ═ x, y, and r ═ xmodn, where (x, y) is an elliptic curve EpCoordinates on (a, b), G is the elliptic curve E in step S21p(a, b) selecting a base point, wherein n is a selected large prime number meeting the safety requirement, and calculating a third temporary variable e ═ h (M), wherein h (M) is safety dispersionColumn function SHA-1, calculate s ═ e + rd) k-1modn, the digital signature of the ciphertext M is (r, s), r is a first digital signature parameter, and s is a second digital signature parameter; if r is 0 or s is 0, the random number k is alternatively taken to re-execute this step.
4. The power data privacy communication method based on the hybrid encryption algorithm, as claimed in claim 1, wherein the step of decrypting the session key and performing signature verification by the receiver using the ECC decryption algorithm includes:
s41, the receiving party receives the data (ciphertext M generated in step S1, encrypted key and digital signature generated in step S2, elliptic curve Ep(a, b) and a temporary variable C1、C2) And then, calculating T, wherein T is a point on an elliptic curve for coding the AES session key, and the calculation formula is as follows:
C1-kC2=T+rK-k(rG)=T+rK-r(kG)=T
s42, decoding the T to obtain an AES session key;
s43, signature verification is carried out on the message:
knowing that the number signature of the ciphertext M is (r, s), first a third temporary variable e ═ h (M) is calculated, and second u ═ s is calculated- 1emodn,v=s-1rmodn, (x ', y') ═ uG + vQ, r '═ x' modn; wherein h (M) is a secure hash function SHA-1, u, v, x ', y ' are temporary variables, G is a selected base point, Q is a second public key, r ' is a calculated first digital signature parameter, and r is a first digital signature parameter in the digital signature;
comparing the r' with the r to see whether the values are consistent, if so, the signature verification is passed, and executing the step S5; if not, the signature verification fails and an error message is returned.
5. The electric power data privacy communication method based on the hybrid encryption algorithm as claimed in claim 1, wherein the electric power data ciphertext M is decrypted by using an AES session key to obtain an original electric power data plaintext M, and the method specifically comprises: after signature verification passes, after a decrypted AES session key is obtained, grouping the electric power data ciphertext M, wherein each 128 bits are a group, then sequentially performing round key addition transformation, reverse column transformation, reverse row transformation and reverse S box transformation on the grouped data, repeating the operation for 9 rounds, and sequentially performing round key addition transformation, reverse row transformation and reverse S box transformation in the 10 th round of data decoding; and finally, the receiving party obtains the plaintext m of the power data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011344414.8A CN112511304A (en) | 2020-11-26 | 2020-11-26 | Power data privacy communication method based on hybrid encryption algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011344414.8A CN112511304A (en) | 2020-11-26 | 2020-11-26 | Power data privacy communication method based on hybrid encryption algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112511304A true CN112511304A (en) | 2021-03-16 |
Family
ID=74966098
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011344414.8A Pending CN112511304A (en) | 2020-11-26 | 2020-11-26 | Power data privacy communication method based on hybrid encryption algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112511304A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113746631A (en) * | 2021-07-12 | 2021-12-03 | 浙江众合科技股份有限公司 | Safety communication method based on safety code |
| CN113777983A (en) * | 2021-08-30 | 2021-12-10 | 武汉海昌信息技术有限公司 | Method and device for synchronizing high-speed data of Internet of things equipment and data center |
| CN113810195A (en) * | 2021-06-04 | 2021-12-17 | 国网山东省电力公司 | Safe transmission method and device for power training simulation examination data |
| CN114785530A (en) * | 2022-06-22 | 2022-07-22 | 浙江地芯引力科技有限公司 | Chip authentication method, device, equipment and storage medium |
| CN115022102A (en) * | 2022-08-10 | 2022-09-06 | 广东电网有限责任公司佛山供电局 | Transmission line monitoring data transmission method and device, computer equipment and storage medium |
| CN115103357A (en) * | 2022-08-26 | 2022-09-23 | 汉仪科技(深圳)有限公司 | 5G communication encryption system based on FPGA |
| CN115549987A (en) * | 2022-09-19 | 2022-12-30 | 广州图灵科技有限公司 | Hybrid encryption method based on data security and privacy protection |
| CN115643103A (en) * | 2022-11-03 | 2023-01-24 | 浪潮云信息技术股份公司 | Big data encryption method using redundancy elimination technology |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012026A (en) * | 2019-04-18 | 2019-07-12 | 大连海事大学 | Unmanned ships and light boats intelligent gateway and data transmission method based on mixed cipher |
| CN110166224A (en) * | 2019-06-20 | 2019-08-23 | 大连海事大学 | A kind of VDES electronic chart data online updating and guard method |
-
2020
- 2020-11-26 CN CN202011344414.8A patent/CN112511304A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110012026A (en) * | 2019-04-18 | 2019-07-12 | 大连海事大学 | Unmanned ships and light boats intelligent gateway and data transmission method based on mixed cipher |
| CN110166224A (en) * | 2019-06-20 | 2019-08-23 | 大连海事大学 | A kind of VDES electronic chart data online updating and guard method |
Non-Patent Citations (4)
| Title |
|---|
| 丁邢涛等: "基于混合加密的无线医疗传感网数据安全与隐私保护", 《医疗卫生装备》, no. 12, 15 December 2017 (2017-12-15) * |
| 网垠科技: "《万能钥匙传奇 加密与解密实例教程》", pages: 1 * |
| 闫茂德等: "AES与ECC混合加密算法的无线数据通信系统设计", 《微电子学与计算机》 * |
| 闫茂德等: "AES与ECC混合加密算法的无线数据通信系统设计", 《微电子学与计算机》, no. 07, 5 July 2007 (2007-07-05), pages 2 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113810195A (en) * | 2021-06-04 | 2021-12-17 | 国网山东省电力公司 | Safe transmission method and device for power training simulation examination data |
| CN113810195B (en) * | 2021-06-04 | 2023-08-15 | 国网山东省电力公司 | Safe transmission method and device for electric power training simulation assessment data |
| CN113746631A (en) * | 2021-07-12 | 2021-12-03 | 浙江众合科技股份有限公司 | Safety communication method based on safety code |
| CN113777983A (en) * | 2021-08-30 | 2021-12-10 | 武汉海昌信息技术有限公司 | Method and device for synchronizing high-speed data of Internet of things equipment and data center |
| CN114785530A (en) * | 2022-06-22 | 2022-07-22 | 浙江地芯引力科技有限公司 | Chip authentication method, device, equipment and storage medium |
| CN115022102A (en) * | 2022-08-10 | 2022-09-06 | 广东电网有限责任公司佛山供电局 | Transmission line monitoring data transmission method and device, computer equipment and storage medium |
| CN115022102B (en) * | 2022-08-10 | 2023-02-21 | 广东电网有限责任公司佛山供电局 | Transmission line monitoring data transmission method and device, computer equipment and storage medium |
| CN115103357A (en) * | 2022-08-26 | 2022-09-23 | 汉仪科技(深圳)有限公司 | 5G communication encryption system based on FPGA |
| CN115103357B (en) * | 2022-08-26 | 2022-11-25 | 汉仪科技(深圳)有限公司 | 5G communication encryption system based on FPGA |
| CN115549987A (en) * | 2022-09-19 | 2022-12-30 | 广州图灵科技有限公司 | Hybrid encryption method based on data security and privacy protection |
| CN115643103A (en) * | 2022-11-03 | 2023-01-24 | 浪潮云信息技术股份公司 | Big data encryption method using redundancy elimination technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112511304A (en) | Power data privacy communication method based on hybrid encryption algorithm | |
| CN109584978B (en) | Information processing method and system based on signature aggregation medical health monitoring network model | |
| CN103795533B (en) | Encryption based on identifier, the method and its performs device of decryption | |
| CN107395368B (en) | Digital signature method, decapsulation method and decryption method in media-free environment | |
| CN104301108B (en) | It is a kind of from identity-based environment to the label decryption method without certificate environment | |
| CN111131148A (en) | Aggregation method and system capable of protecting privacy data and facing smart power grid | |
| CN110505050A (en) | A kind of Android information encryption system and method based on national secret algorithm | |
| CN101262341A (en) | A mixed encryption method in session system | |
| CN103733564A (en) | Digital signatures with implicit certificate chains | |
| CN103716157A (en) | Grouped multiple-key encryption method and grouped multiple-key encryption device | |
| CN106533656B (en) | A kind of key multilayer mixing method for encryption/decryption based on WSN | |
| Koko et al. | Comparison of Various Encryption Algorithms and Techniques for improving secured data Communication | |
| CA2819211C (en) | Data encryption | |
| CN113312608B (en) | Electric power metering terminal identity authentication method and system based on time stamp | |
| CN113141247B (en) | Homomorphic encryption method, homomorphic encryption device, homomorphic encryption system and readable storage medium | |
| CN102469173A (en) | IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm | |
| CN113779645A (en) | Quantum digital signature and quantum digital signature encryption method | |
| CN111049738B (en) | E-mail data security protection method based on hybrid encryption | |
| CN101964039B (en) | Encryption protection method and system of copyright object | |
| CN104113543A (en) | Block cipher based message authentication method | |
| Yoo et al. | A method for secure and efficient block cipher using white-box cryptography | |
| CN110932863A (en) | Generalized signcryption method based on coding | |
| CN110048852A (en) | Quantum communications service station Signcryption method and system based on unsymmetrical key pond | |
| CN112423295B (en) | Lightweight security authentication method and system based on block chain technology | |
| KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210316 |