CN112861144B - Data encryption and decryption method, device and computer readable storage medium - Google Patents

Data encryption and decryption method, device and computer readable storage medium Download PDF

Info

Publication number
CN112861144B
CN112861144B CN201911194777.5A CN201911194777A CN112861144B CN 112861144 B CN112861144 B CN 112861144B CN 201911194777 A CN201911194777 A CN 201911194777A CN 112861144 B CN112861144 B CN 112861144B
Authority
CN
China
Prior art keywords
codes
document
data
secret
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911194777.5A
Other languages
Chinese (zh)
Other versions
CN112861144A (en
Inventor
黎丽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute of Information Technology
Original Assignee
Shenzhen Institute of Information Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute of Information Technology filed Critical Shenzhen Institute of Information Technology
Priority to CN201911194777.5A priority Critical patent/CN112861144B/en
Publication of CN112861144A publication Critical patent/CN112861144A/en
Application granted granted Critical
Publication of CN112861144B publication Critical patent/CN112861144B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The present disclosure relates to data encryption and decryption methods, apparatuses, and computer-readable storage media. The data encryption method comprises the following steps: acquiring a secret document recording data to be encrypted and a carrier document used for transmitting the secret document; transforming data in the secret document into first codes, processing the first codes to generate a first set of processed first codes; transforming the content in the carrier document into second codes, processing the second codes to generate a second set based on the processed second codes; galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer greater than or equal to 1; subjecting the first and third sets to a Galois field GF (2)m) Generating a fourth set by the multiplication operations; generating one or more sub-secret documents corresponding to the secret document according to each element in the generated fourth set; and transmitting the carrier document and the one or more child secret documents.

Description

Data encryption and decryption method, device and computer readable storage medium
Technical Field
The present disclosure relates to the field of information security, and in particular, to a method and an apparatus for encrypting and decrypting data, and a computer-readable storage medium.
Background
Secret sharing technology is an important research content of cryptography and information security, and is widely applied to the fields of key management and digital signature. The basic idea of the sharir secret sharing algorithm, which is one of the classical secret sharing algorithms, is that the secret S is divided into n sub-secrets by the sharir (k, n) secret sharing algorithm, and any k or more sub-secrets can recover S, while any k-1 or less sub-secrets cannot recover S, where k and n are integers greater than or equal to 1. However, all operations of Shamir's (k, n) secret sharing algorithm are performed in the finite field gf (p), where p is a prime number. That is, the classical Shamir secret sharing algorithm is performed in the finite field gf (p), and in the secret distribution phase, the following operation is performed using a Shamir polynomial: (x) ═ a0+a1x+a2x2+…+ak-1xk-1) mod p, where p is a large prime number, p>s,s=f(0)=a0
Disclosure of Invention
In view of this, the present disclosure provides a data encryption method, including: acquiring a secret document recording data to be encrypted and a carrier document used for transmitting the secret document; will be provided withTransforming data in the secret document into first codes, processing the first codes to generate a first set of processed first codes; transforming content in the carrier document into second codes, processing the second codes to generate a second set based on the processed second codes; galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer greater than or equal to 1; galois field GF (2) of the first and third setsm) Generating a fourth set by the multiplication operations; generating one or more sub-secret documents corresponding to the secret document according to each element in the generated fourth set; and transmitting the carrier document and the one or more child secret documents.
In one possible implementation, processing the first codes to generate a first set of processed first codes includes: grouping every k first codes into a group according to the sequence to generate a first set of grouped first codes, wherein k is an integer greater than or equal to 1.
In one possible implementation, processing the second codes to generate a second set based on the processed second codes includes: and arranging the second codes in an ascending order according to the numerical value of each byte by taking the byte as a processing unit to generate an intermediate document of the carrier document, and grouping different n numbers in the intermediate document according to the sequence until the n different numbers cannot be taken out, and generating a second set of grouped second codes, wherein n is an integer greater than or equal to 1.
In one possible implementation, the data to be encrypted is text, an image, or video.
In one possible implementation, the first code and the second code are inner codes, and m is 8. Because each Chinese character or character occupies one to two bytes in the range of 0-255 according to the GB2312 coding of the Chinese characters, the data encryption method and the data decryption method can be used with the space size of 28Is perfectly matched with the Galois field, and the methodAiming at the coding characteristics of Chinese characters, the encryption algorithm which is more suitable for processing text data than the traditional encryption algorithm is realized.
According to another aspect of the present disclosure, there is provided a data decryption method including: receiving a carrier document and one or more child secret documents; transforming data in the carrier document into first codes, processing the first codes to generate a first set based on the processed first codes; taking out corresponding elements from the first set according to the one or more sub-secret documents to form a second set; galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer greater than or equal to 1; subjecting the second and third sets to Galois fields GF (2)m) The multiplication operation above to obtain a fourth set; generating a second code based on the fourth set, converting the second code into corresponding data for saving into a secret document; and outputting the secret document.
In one possible implementation, processing the first codes to generate a first set based on the processed first codes includes: and arranging the first codes in an ascending order according to the numerical value of each byte by taking the byte as a processing unit to generate an intermediate document of the carrier document, and grouping different n numbers in the intermediate document according to the sequence until the n different numbers cannot be taken out, so as to generate a first set of the coded first codes, wherein n is an integer greater than or equal to 1.
According to another aspect of the present disclosure, there is provided a data encryption apparatus including: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to perform the above method.
According to another aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the above-described method.
Data encryption method/device and data decryption method/deviceCan use Shamir polynomials in Galois field GF (2)m) And encrypting and decrypting the data, wherein m is an integer greater than or equal to 1.
By the data encryption method/device and the data decryption method/device, collusion attack can be resisted and certain damage can be tolerated when the secret document is transmitted.
Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features, and aspects of the disclosure and, together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a block diagram illustrating a data encryption apparatus according to an example embodiment.
Fig. 2 is a flow chart illustrating a method of data encryption according to an example embodiment.
FIG. 3 is a diagram illustrating an example of a secret document, according to an example embodiment.
FIG. 4 is a diagram illustrating an example of a carrier document, according to an example embodiment.
Fig. 5 is a diagram illustrating an example of encrypted data according to an example embodiment.
Fig. 6 is a diagram illustrating an example of a plurality of child secret documents holding encrypted data according to an example embodiment.
Fig. 7 is a block diagram illustrating a data decryption apparatus according to an example embodiment.
Fig. 8 is a flow chart illustrating a method of data decryption in accordance with an exemplary embodiment.
Fig. 9 is a diagram illustrating the contents of a recovered secret document obtained from a carrier document and a plurality of child secret documents, according to an example embodiment.
10-1, 10-2 … FIGS. 10-8 are diagrams illustrating the values and arrangements of elements in the various sets involved, according to an example embodiment.
Detailed Description
Various exemplary embodiments, features and aspects of the present disclosure will be described in detail below with reference to the accompanying drawings. In the drawings, like reference numbers can indicate functionally identical or similar elements. While the various aspects of the embodiments are presented in drawings, the drawings are not necessarily drawn to scale unless specifically indicated.
The word "exemplary" is used exclusively herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, methods, means, elements and circuits that are well known to those skilled in the art have not been described in detail so as not to obscure the present disclosure.
Hereinafter, the data encryption device, the data encryption method, the data decryption device, and the data decryption method according to the present application will be described in detail with reference to the drawings.
First, a data encryption device and a data encryption method according to an exemplary embodiment are described in detail with reference to fig. 1 to 6.
Fig. 1 shows a block diagram of a data encryption apparatus according to an embodiment of the present disclosure. As shown in fig. 1, the data encryption apparatus includes: a processor and a memory for storing processor-executable instructions. The processor, when executing the executable instructions, is capable of implementing a data encryption method in accordance with various embodiments of the present invention. Optionally, the data encryption apparatus as described in fig. 1 may further include a display for displaying data received from an external apparatus and data stored in the memory.
The steps of an exemplary data encryption method of the present application are described in detail below with reference to fig. 2.
Fig. 2 is a flow chart illustrating a method of data encryption according to an example embodiment. Although the present application provides method steps as shown in the following examples or figures, more or fewer steps may be included in the method based on conventional or non-inventive efforts. In the case of steps where no necessary causal relationship exists logically, the order of execution of the steps is not limited to that provided by the embodiments of the present application. The method can be executed in the order of the method shown in the embodiment or the figures or in parallel (for example, in the context of parallel processors or multi-thread processing) when the method is executed in an actual data encryption step or decryption step or device.
Specifically, an embodiment of a data encryption method provided in the present application is shown in fig. 2, where the method may include:
step 201: acquiring a secret document recording data to be encrypted and a carrier document used for transmitting the secret document;
step 202: transforming data in the secret document into first codes, processing the first codes to generate a first set of processed first codes;
step 203: transforming content in the carrier document into second codes, processing the second codes to generate a second set based on the processed second codes;
step 204: galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer which is more than or equal to 1;
step 205: galois field GF (2) of the first and third setsm) Generating a fourth set by the multiplication operations;
step 206: generating one or more sub-secret documents corresponding to the secret document according to each element in the generated fourth set; and
step 207: transmitting the carrier document and the one or more child secret documents.
In one possible implementation, in step 201, the inputs of the data encryption method of the present application are a secret document S and a carrier document C. The secret document S has data to be encrypted recorded therein, and the carrier document C is a carrier document for transmitting the secret document. The carrier document C is transmitted together with the generated n (n is an integer of 1 or more) sub secret documents shadow _1, shadow _2 … shadow _ n.
In step 202, transforming the data in the secret document into first codes, processing the first codes to generate a first set of processed first codes comprises:
converting the secret document S into inner codes (for example, the inner codes adopted in matlab) S ', the length of which is h (h is an integer greater than or equal to 1), grouping the S ' into a group according to the precedence order of the inner codes, wherein each k (k is an integer greater than or equal to 1) of the S ' is used as a group (function secret _ group _ sort), and generating a set
Figure BDA0002294413760000061
S_groupiA group containing k data. The last group, less than k, was filled with 0. Set A can be regarded as one
Figure BDA0002294413760000062
Matrix M ofA,S_groupiFor each column.
Figure BDA0002294413760000063
In step 203, transforming the content in the carrier document into second codes, processing the second codes to generate a second set based on the processed second codes, the step 203 comprising:
converting a carrier document C into an inner code, arranging the inner code by taking bytes as a processing unit according to the numerical value of each byte in an ascending order to generate C _ temp, removing all front 0 in the C _ temp to generate C ' (the operation of removing 0 is required in mathematical calculation to avoid the condition that the inverse of a matrix generated in the subsequent step does not exist so as to cause decryption error), sequentially taking out n (n is an integer more than or equal to 1) different numbers from C ' in sequence, compiling into a group, taking out n, and repeating the process on the residual C ' after taking out n different numbers from C ' until the C ' cannot be taken outN different numbers are obtained (function cover _ group _ sort), wherein n is an integer greater than or equal to 1. Assuming that a group t (t is an integer of 1 or more) is extracted in total, a set B is generated as { C _ group {j|j=1,2,…,t},C_groupjIs a group containing n data. The set B can be regarded as a matrix M of n x tB,C_groupjFor each column.
Figure BDA0002294413760000071
In step 204, Galois field GF (2) is performed on the data in the second set using Shamir polynomialsm) The above iterative operations result in a third set, where m is an integer greater than or equal to 1, and the step 204 includes:
get matrix M in turnBIterate n-1 times under the Galois field using the Shamir polynomial to generate a n x n dimensional matrix Mtemp
Figure BDA0002294413760000072
(function matrix _ and _ cometrix), take MtempFirst n rows and k columns to generate n x k dimensional matrix MC
Figure BDA0002294413760000073
In step 205, the first and third sets are Galois field GF (2)m) The fourth set is generated, this step 205 comprises:
get matrix M in turnAOne column of (1), denoted as S _ e,
Figure BDA0002294413760000074
and is associated with the matrix M under the Galois fieldCMultiplication (function mul _ matrix) generates the vector S _ shadow _ temp.
Figure BDA0002294413760000075
In step 206, generating one or more sub-secret documents corresponding to the secret document according to the elements in the generated fourth set comprises:
n number d in S _ shadow _ temp1,i,d2,i…dn,iAdded to the shadow _1, shadow _2, …, shadow _ n, respectively, to generate n sub-secret documents.
In step 207, the carrier document C and the one or more sub-secret documents shadow _1, shadow _2, …, shadow _ n are transmitted.
FIG. 3 is a diagram illustrating an example of a secret document, according to an example embodiment. As shown in fig. 3, the secret document S is expressed by secret. txt, and its content is "world first class, beautiful chinese stamina" small red fruit forever ", east wind broke". Note that the expression form of the secret document is not limited to the ". txt" document, and may be a. doc,. docx,. xls, or the like, as long as it can record content that can be intracoded.
FIG. 4 is a diagram illustrating an example of a carrier document, according to an example embodiment. As shown in fig. 4, the carrier document C is denoted by cover.txt, and the contents thereof are "pan-shot, east wind, and spring footage close. All looked like just sleeping, and the eyes were opened with euphoria. The mountain is moist, the water rises and the face of the sun is red. The careless pilgrimage burrows from the land, tender and green. What is what is what is what is what is what is what is what is what is what is what is what is what is what is what is what is. Sit, lie, play two rolls, kick the football, race several times, catch several times and get hidden. Quietly breeze, soft and lingering grass. Peach, apricot, pear, you do not let me, I do not let you, all are full of flowers to catch up with. It should be noted that the expression form of the carrier document is not limited to the ". txt" document, and may be a. doc,. docx,. xls, or the like, as long as it can record the content that can be intra-coded.
According to an exemplary implementation, the secret document S (secret. txt) is received and then the secret document is encrypted according to the data encryption method shown in fig. 2The gear S is converted into an inner code (for example, the inner code used in matlab), and is grouped into a group (function secret _ group _ sort) according to the precedence order of the inner codes, so as to generate a set a, which may be represented by a matrix MARepresents, matrix MAThe arrangement layout of the respective elements in (1) is shown in fig. 10-1. In addition, the present application does not limit the type of internal code as long as it can be processed by a corresponding computer system and/or application. In other implementations, the inner code may be an inner code used by a DOS system or a Windows system. The numbers "1", "2" and "3" at the upper side of FIG. 10-1 indicate the matrix MAThe column numbers of (1), the numbers "1", "2" … "17" on the left side of FIG. 10-1 indicate the matrix MAThe row number of (c). The elements "202", "192", "189" … "198", "0" in fig. 10-1 represent the matrix MAThe element in (1), e.g. element "202", is a matrix MAThe element in row 1, column 1, element "236" is the matrix MARow 10, column 3, and so on. That is, the 17 × 3 elements shown in fig. 10-1 constitute a 17 × 3 matrix M arranged in the layout shown in fig. 10-1A
According to an exemplary implementation, in the data encryption method shown in fig. 2, cover.txt is converted into an inner code (e.g., the inner code used in matlab), the inner code is arranged in an ascending order of the value size of each byte with the byte as a processing unit, all the front-end 0 s are removed to generate a set C ', and then the set C' is sequentially extracted 5 different numbers in sequence and is encoded into a set of generated sets C ", as shown in fig. 10-2 (including fig. 10-2 (continuation)). In fig. 10-2 (including fig. 10-2 (continuation)), the upper numbers "1", "2", "3", "4" and "5" indicate the column numbers of the set C ", and the left numbers" 1 "," 2 "…" and "68" of fig. 10-2 (including fig. 10-2 (continuation)) indicate the row numbers of the set C ". Elements "161", "163", "165", "168", "170" … "246", "247", "249", "250", "251" in fig. 10-2 (including fig. 10-2 (continuation)) represent elements in set C ", e.g., element" 165 "is a row 1, column 3 element in set C", element "247" is a row 66, column 4, row 67, column 2, and row 68, column 2 element in set C ", respectively, and so on. That is, the 68 × 5 elements in fig. 10-2 (including fig. 10-2 (continuation)) constitute a set C ″ of 68 × 5 arranged in accordance with the layout shown in fig. 10-2 (including fig. 10-2 (continuation)).
According to one exemplary implementation, following the data encryption method illustrated in FIG. 2, a row in set C' is taken in sequence, and Shamir polynomials are used to perform operations over Galois field GF (2)8) The next iteration is 4 ═ (5-1), generating a 5 × 5 dimensional matrix MtempIn the former two-line example, Shamir polynomials are used over Galois field GF (2)8) The next 4 iterations yield two 5 x 5 matrices M with elements shown in fig. 10-3 and 10-4, respectivelytemp
Similar to FIGS. 10-1 and 10-2, the numbers "1", "2", "3", "4", and "5" above FIG. 10-3 represent the matrices M generated for row 1 in the set C ″tempThe column numbers "1", "2", "3", "4" and "5" on the left side of fig. 10-3 indicate the matrix MtempThe row number of (c). The elements "161", "163", "165", "168", "170" … "185", "28", "255", "89", and "233" in fig. 10-3 represent the matrix MtempIs the matrix M, e.g. element "161" is the matrix MtempThe element in row 1, column 1, the element "113" being the matrix MtempRow 4, column 5, and so on. That is, the 5 × 5 elements shown in fig. 10-3 constitute a 5 × 5 matrix M arranged in accordance with the layout shown in fig. 10-3temp
Similarly, the numbers "1", "2", "3", "4", and "5" above FIGS. 10-4 represent the matrices M generated for row 2 in the set C ″tempThe column numbers of (1), the column numbers of (2), the column numbers of (3), the column numbers of (4), and the column numbers of (5) in FIGS. 10 to 4 indicate the matrix MtempThe row number of (c). The elements "161", "163", "170", "171", "172" … "185", "28", "233", "51" and "253" in fig. 10-4 represent the matrix MtempIs the matrix M, e.g. element "161" is the matrix MtempElements of row 1, column 1The element "113" is the matrix MtempRow 4, column 3, and so on. That is, the 5 × 5 elements shown in fig. 10-4 constitute a 5 × 5 matrix M arranged in accordance with the layout shown in fig. 10-4temp
Take two M in turntempFirst 3 rows and 5 columns of the array to generate a 3 x 5 matrix MC. Again taking the first two rows of the set C' as an example, two 3 × 5 matrices M are obtained, the layouts of the elements of which are respectively the layouts of the elements shown in FIGS. 10-5 and 10-6C
Similarly, the numbers "1", "2", "3", "4", and "5" above FIGS. 10-5 indicate taking the matrix M generated for row 1 in the set C ″tempThe matrix M obtained from the first 3 rows and 5 columnsCThe left side numbers "1", "2" and "3" of FIGS. 10-5 indicate the matrix MCThe row number of (c). The elements "161", "163", "165", "168", "170" … "87", "45", "80", "219" and "7" in fig. 10-5 represent the matrix MCIs the matrix M, e.g. element "161" is the matrix MCThe element in row 1, column 1, the element "45" being the matrix MCRow 3, column 2, and so on. That is, the 3 × 5 elements shown in fig. 10-5 constitute a 3 × 5 matrix M arranged in accordance with the layout shown in fig. 10-5C
Similarly, the numbers "1", "2", "3", "4", and "5" above FIGS. 10-6 indicate that the matrix M generated for row 2 in the set C "is takentempThe matrix M obtained from the first 3 rows and 5 columnsCThe left side numbers "1", "2" and "3" of FIGS. 10-5 indicate the matrix MCThe row number of (c). The elements "161", "163", "170", "171", "172" … "87", "45", "7", "143" and "85" in fig. 10-6 represent the matrix MCIs the matrix M, e.g. element "161" is the matrix MCThe element in row 1, column 1, element "45" being the matrix MCRow 3, column 2, and so on. That is, the 3 × 5 elements shown in fig. 10-6 constitute the cloth according to fig. 10-6Locally arranged 3 x 5 matrix MC
One row in the set A is taken in turn, denoted as S _ e, and is in the Galois field GF (2)8) Lower AND matrix MCMultiplication (function mul _ matrix), again taking the first two rows of set C "and the first two rows of set a as examples, generates two vectors S _ shadow _ temp. For example, for row 1 of set C "and row 1 of set a, a first vector S _ shadow _ temp is generated; a second vector S _ shadow _ temp is generated for row 2 of set C "and row 2 of set a. The elements of the two vectors S _ shadow _ temp are 5 elements shown by fig. 10-7 and 10-8, respectively. The number "1" on the left side of fig. 10-7 indicates the dimension of the generated vector, and "237", "248", "106", "4" and "126" in fig. 10-7 are 5 elements of the 1 st vector S _ shadow _ temp generated for the 1 st line of the set C "and the 1 st line of the set a. The number "1" on the left side of fig. 10-8 indicates the dimension of the generated vector S _ shadow _ temp, "and" 205 "," 32 "," 42 "," 243 ", and" 63 "in fig. 10-8 are 5 elements of the 2 nd vector S _ shadow _ temp generated for the 2 nd line of set C" and the 2 nd line of set a.
And sequentially adding 5 elements in the 1 st vector S _ show _ temp and the 2 nd vector S _ show _ temp into show _1, show _2, … and show _5 respectively. In the same way, for the 3 rd to 17 th rows of the set C "(although the carrier document generates the set C" of 68 rows in total), it is sufficient to use only 17 rows according to the transmission requirement of the secret document (for example, the set a has 17 rows), where the first 17 rows may be selected to generate the vector S _ show _ temp, and in other embodiments, the other 17 rows may be selected according to any other criteria) and the 3 rd to 17 th rows of the set a, generate the corresponding vector S _ show _ temp, and add 5 elements of the vectors to show _1, show _2, …, and show _5, respectively, thereby obtaining show _1, show _2, …, and show _5 each containing 17 digital elements. The shadow _1, the shadow _2, …, and the shadow _5 are the generated 5-piece child secret documents. Fig. 6 shows 5 sub secret documents shadow _1, shadow _2, …, shadow _5 that hold the generated 17 digital elements, respectively. Fig. 5 is a diagram illustrating an example of encrypted data according to an example embodiment. Fig. 6 is a diagram illustrating an example of 5 sub-secret documents holding encrypted data according to an exemplary embodiment.
Next, a data decryption apparatus and a data decryption method according to an exemplary embodiment will be described in detail with reference to fig. 7, 8, and 9.
Fig. 7 is a block diagram illustrating a data decryption apparatus according to an example embodiment. As shown in fig. 7, the data encryption apparatus includes: a processor and a memory for storing processor-executable instructions. The processor, when executing the executable instructions, is capable of implementing the data decryption method according to various embodiments of the present invention. Optionally, the data encryption apparatus as illustrated in fig. 7 may further include a display for displaying data received from an external apparatus and data stored in the memory.
The steps of an exemplary data decryption method of the present application are described in detail below with reference to fig. 8. Fig. 8 is a flow chart illustrating a method of data decryption in accordance with an exemplary embodiment. Specifically, an embodiment of the data decryption method provided in the present application is described in fig. 8, and the method may include:
step 801: receiving a carrier document and one or more child secret documents;
step 802: transforming data in the carrier document into first codes, processing the first codes to generate a first set based on the processed first codes;
step 803: extracting corresponding elements from the first set according to the one or more child secret documents to form a second set;
step 804: galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer which is more than or equal to 1;
step 805: performing multiplication operation on the second set and the third set to obtain a fourth set;
step 806: generating a second code based on the fourth set, converting the second code into corresponding data for saving into a secret document; and
step 807: and outputting the secret document.
In one possible implementation, in step 801, the input of the data decryption method of the present application is a carrier document C and k child secret documents, where k is an integer greater than or equal to 1. The carrier document C is transmitted together with the k child secret documents for decryption of the corresponding secret documents.
In step 802, data in the carrier document is transformed into first codes, the first codes are processed to generate a first set based on the processed first codes, the step 802 includes:
converting the carrier document C into an inner code, arranging the inner code in ascending order according to the numerical value of each byte by taking the byte as a processing unit to generate C _ temp, removing all 0 at the front end in the C _ temp to generate C '(the operation of removing 0 is required in mathematical calculation to avoid the condition that the inverse of a matrix generated in the subsequent step does not exist so as to cause decryption error), sequentially taking out n (n is an integer greater than or equal to 1) different numbers from C' in sequence and compiling into a group, and repeating the process for the residual C 'after taking out the n different numbers from C' until the n different numbers cannot be taken out (function cover _ group _ sort). Assuming that a group t (t is an integer of 1 or more) is extracted in total, a set B is generated as { C _ group {j|j=1,2,…,t},C_groupjIs a group containing n data. The set B can be regarded as a matrix M of n x tB,C_groupjFor each column.
Figure BDA0002294413760000141
In step 803, extracting corresponding elements from the first set according to the one or more child secret documents to form a second set, wherein the step 803 comprises:
k shares of sub secret documents (identified as s)1,s2,…,skEach vector of 1 x p) constitutes a matrix M _ group of k x p,
Figure BDA0002294413760000142
and analyzing the identity of the k sub-secret documents from MBTake out corresponding k rows to form new matrix MD
Figure BDA0002294413760000143
In step 804, Galois field GF (2) is applied to the data in the second set using Shamir polynomialsm) The above iterative operations obtain a third set, where m is an integer greater than or equal to 1, and the step 804 includes:
1) d is defined as an empty matrix of k x t, the value of t depends on the size of the recovered secret, k and t are both integers greater than or equal to 1.
2) Slave matrix MDTake one column and iterate n-1 times under the galois field using Shamir polynomials to generate the matrix M' of k x k (function matrix _ and _ cometrix).
3) Inverting the matrix M 'to generate M',
Figure BDA0002294413760000151
(function com _ matrix).
In step 805, performing a multiplication operation on the second set and the third set to obtain a fourth set, including:
in turn, take a column from the matrix M _ group, denoted as S _ v,
Figure BDA0002294413760000152
and multiplied by M "under the galois field (mul _ matrix), generating a column vector D _ t,
Figure BDA0002294413760000153
and adds D _ t as a column to the matrix D.
Steps 804 and 805 are repeated until all columns in M _ group are processed. The matrix D is a matrix of k × p.
In step 806, a second code is generated based on the fourth set, the second code is transformed into corresponding data to be saved in a secret document, the step 806 includes:
and converting the matrix D into a one-dimensional vector according to the row sequence to generate a vector D ', namely the one-dimensional vector of the internal code of the secret document, and converting the D' into a character through coding, namely the secret document S.
In step 807, the secret document is output.
Fig. 9 is a diagram illustrating the contents of a recovered secret document obtained from a carrier document and a plurality of child secret documents, according to an example embodiment. As shown in fig. 9, by the data decryption method shown in fig. 8, data "world first class, beautiful chinese" small red fruit forever ", east wind broke" encrypted in the secret document is generated.
This method is applicable not only to the above-described document in which text data is described, but also to a document in which an 8-bit BMP gray scale image and a 24-bit BMP color image are described, and when processing an 8-bit BMP gray scale image and a 24-bit BMP color image as data to be encrypted, a plurality of sub-secret documents are generated and distributed to different holders, as in the processing method of encrypting text content.
Alternatively, when encrypting image data, the image data is converted from a two-dimensional (gray BMP image) or a three-dimensional (color BMP image) into one-dimensional data in a certain arrangement (for example, from left to right, from top to bottom, from red, green to blue, and the like), and then the encryption is performed in a method of processing text data. Similarly, the original image is restored by the decrypted one-dimensional data in the same arrangement mode during decryption.
In terms of safety, for the same Chinese character A in different positions in the carrier document, the same ciphertext can be obtained only when the Chinese character to be encrypted in the secret document is the same Chinese character B (independent of the Chinese character A in the carrier document), otherwise, the same ciphertext is irrelevant data, and therefore encryption analysis based on statistics can be effectively resisted. Meanwhile, as can be seen from the basic nature of Shamir (k, n) secret sharing algorithm, the original secret can be decrypted only when the carrier document and at least k videos are obtained at the same time, otherwise, the original information cannot be recovered.
The data encryption method/device and the data decryption method/device of the present application can utilize Shamir polynomial to implement Galois field GF (2)m) And encrypting and decrypting the data, wherein m is an integer greater than or equal to 1.
The present disclosure may be systems, methods, and/or computer program products. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the present disclosure.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, the electronic circuitry that can execute the computer-readable program instructions implements aspects of the present disclosure by utilizing the state information of the computer-readable program instructions to personalize the electronic circuitry, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA).
Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terms used herein were chosen in order to best explain the principles of the embodiments, the practical application, or technical improvements to the techniques in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A method of data encryption, comprising:
acquiring a secret document recording data to be encrypted and a carrier document used for transmitting the secret document;
transforming data in the secret document into first codes, processing the first codes to generate a first set of processed first codes;
transforming content in the carrier document into second codes, processing the second codes to generate a second set based on the processed second codes;
galois field GF (2) using Shamir polynomials on data in the second setm) Obtaining a third set by the iterative operation, wherein m is an integer greater than or equal to 1;
galois field GF (2) of the first and third setsm) Generating a fourth set by the multiplication operations;
generating one or more sub-secret documents corresponding to the secret document according to each element in the generated fourth set; and
transmitting the carrier document and the one or more child secret documents.
2. The encryption method according to claim 1,
processing the first codes to generate a first set of processed first codes comprises:
grouping every k first codes into a group according to the precedence order, and generating a first set of grouped first codes, wherein k is an integer greater than or equal to 1.
3. The encryption method according to claim 1,
processing the second codes to generate a second set based on the processed second codes comprises:
and arranging the second codes in an ascending order according to the numerical value of each byte by taking the byte as a processing unit to generate an intermediate document of the carrier document, grouping different n numbers from the intermediate document according to the sequence until the n different numbers cannot be taken out, and generating a second set of grouped second codes, wherein n is an integer greater than or equal to 1.
4. The encryption method of claim 1,
the data to be encrypted is text, images or video.
5. The encryption method according to claim 1,
the first code and the second code are inner codes, and m is 8.
6. A data decryption method, comprising:
receiving a carrier document and one or more child secret documents;
transforming data in the carrier document into first codes, processing the first codes to generate a first set based on the processed first codes;
taking out corresponding elements from the first set according to the one or more sub-secret documents to form a second set;
galois field GF (2) using Shamir polynomials on data in the second setm) Iteration onOperating to obtain a third set, wherein m is an integer greater than or equal to 1;
subjecting the second and third sets to Galois fields GF (2)m) Performing multiplication operation to obtain a fourth set;
generating a second code based on the fourth set, converting the second code into corresponding data for saving into a secret document; and
and outputting the secret document.
7. The data decryption method of claim 6,
processing the first codes to generate a first set based on the processed first codes comprises:
and arranging the first codes in an ascending order according to the numerical value of each byte by taking the byte as a processing unit to generate an intermediate document of the carrier document, and grouping n different numbers in the intermediate document according to the sequence until the n different numbers cannot be taken out, so as to generate a first set of the coded first codes, wherein n is an integer greater than or equal to 1.
8. A data encryption apparatus, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the data encryption method of any one of claims 1-5.
9. A data decryption apparatus, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the data decryption method of claim 6 or 7.
10. A non-transitory computer readable storage medium having computer program instructions stored thereon, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1 to 7.
CN201911194777.5A 2019-11-28 2019-11-28 Data encryption and decryption method, device and computer readable storage medium Active CN112861144B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911194777.5A CN112861144B (en) 2019-11-28 2019-11-28 Data encryption and decryption method, device and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911194777.5A CN112861144B (en) 2019-11-28 2019-11-28 Data encryption and decryption method, device and computer readable storage medium

Publications (2)

Publication Number Publication Date
CN112861144A CN112861144A (en) 2021-05-28
CN112861144B true CN112861144B (en) 2022-06-07

Family

ID=75995906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911194777.5A Active CN112861144B (en) 2019-11-28 2019-11-28 Data encryption and decryption method, device and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112861144B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268588A (en) * 2013-05-24 2013-08-28 上海大学 Encrypted domain lossless reversible information concealing method based on carrier image check code

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1179912A1 (en) * 2000-08-09 2002-02-13 STMicroelectronics S.r.l. Chaotic encryption
US20080263363A1 (en) * 2007-01-22 2008-10-23 Spyrus, Inc. Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption
GB2549981B (en) * 2016-05-05 2018-10-10 Jung Tjhai Cen A public key cryptosystem based on the partitioning of elements of vectors

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268588A (en) * 2013-05-24 2013-08-28 上海大学 Encrypted domain lossless reversible information concealing method based on carrier image check code

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于PE文件的信息隐藏模型;赵健;《科技传播》;20110523(第10期);全文 *
基于字的流密码的分布式解密;刘志高等;《电子与信息学报》;20060720(第07期);全文 *

Also Published As

Publication number Publication date
CN112861144A (en) 2021-05-28

Similar Documents

Publication Publication Date Title
Liu et al. Threshold changeable secret image sharing scheme based on interpolation polynomial
US7945784B1 (en) Method and system to perform secret sharing
Li et al. An image encryption scheme based on chaotic tent map
CN107147616B (en) Data ciphering method and device
Chen et al. Novel SCAN-CA-based image security system using SCAN and 2-D von Neumann cellular automata
US7912212B2 (en) Symmetric cryptosystem using cascaded chaotic maps
JP2009010531A (en) Security distribution device, method, and program
CN112906043B (en) Image encryption method based on chaotic mapping and chaotic S-box substitution
US7995764B2 (en) Sharing a secret using hyperplanes over GF(2m)
CN109635580B (en) Image encryption method and device, electronic equipment and computer storage medium
Amalarethinam et al. Image encryption and decryption in public key cryptography based on MR
CN111832035A (en) Image encryption storage method and device
US10476661B2 (en) Polynomial-based homomorphic encryption
US3657476A (en) Cryptography
JP2023063430A (en) Encryption system, key generation apparatus, encryption apparatus, decryption apparatus, method, and program
Jana et al. A novel time-stamp-based audio encryption scheme using sudoku puzzle
CN112861144B (en) Data encryption and decryption method, device and computer readable storage medium
CN112529974A (en) Color visual password sharing method and device for binary image
CN112740618A (en) Signature device, verification device, signature system, signature method, signature program, verification method, and verification program
Kandar et al. Variable length key based visual cryptography scheme for color image using random number
CN114826560B (en) Lightweight block cipher CREF implementation method and system
CN112399027A (en) Picture encryption and decryption method and device, storage medium and electronic equipment
KR102541388B1 (en) Apparatus and method for ring-lwe cryptoprocessor using mdf based ntt
CN106452726B (en) S-shaped box and construction method thereof
Koppu et al. 2D Chaotic Map Based on 2D Adaptive Grey Wolf Algorithm for Ultra Sound Medical Image Security.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant