CN113079010B - Security enhancement method and device based on reserved format algorithm - Google Patents
Security enhancement method and device based on reserved format algorithm Download PDFInfo
- Publication number
- CN113079010B CN113079010B CN202110628812.0A CN202110628812A CN113079010B CN 113079010 B CN113079010 B CN 113079010B CN 202110628812 A CN202110628812 A CN 202110628812A CN 113079010 B CN113079010 B CN 113079010B
- Authority
- CN
- China
- Prior art keywords
- value
- key
- torsion
- reserved format
- format algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure relates to the technical field of computers, and provides a security enhancement method and device based on a reserved format algorithm. The security enhancement method based on the reserved format algorithm provided by the disclosure comprises the following steps: generating a configuration value based on the first torsion value; performing an encryption operation on the constructed value based on the first key to obtain an intermediate value; and generating a second torsion value based on the intermediate value, and taking the second torsion value and the first key as input parameters of the reserved format algorithm. The possibility of brute force cracking is greatly reduced, and an attacker cannot control the torsion value in the disclosure and cannot launch numerous attacks. The present disclosure can thus enhance security without modifying the reserved format algorithm.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a security enhancing method based on a format-preserving algorithm, a security enhancing apparatus based on a format-preserving algorithm, an electronic device, a computer-readable storage medium, and a computer program product.
Background
The format-preserving algorithm, also called format-preserving encryption algorithm, can be applied to many scenes, and can keep the ciphertext and the plaintext to have the same or similar format.
Disclosure of Invention
The present disclosure provides a security enhancement method, apparatus, electronic device, computer-readable storage medium, and computer program product based on a reserved format algorithm.
According to an aspect of the present disclosure, a security enhancement method based on a reserved format algorithm is provided, including: generating a configuration value based on the first torsion value; performing an encryption operation on the constructed value based on the first key to obtain an intermediate value; and generating a second torsion value based on the intermediate value, and taking the second torsion value and the first key as input parameters of the reserved format algorithm.
According to a second aspect of the present disclosure, a security enhancing apparatus based on a reserved format algorithm is provided, including: a configuration value generation module to generate a configuration value based on the first torsion value; the intermediate value generation module is used for carrying out encryption operation on the constructed value based on the first secret key to obtain an intermediate value; the device comprises a first torsion value generating module and a processing module, wherein the first torsion value generating module generates a first torsion value based on the intermediate value, and the processing module is used for taking the first torsion value and the first secret key as input parameters of a reserved format algorithm.
According to a third aspect of the present disclosure, an electronic device is provided, comprising: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to execute the instructions to implement the method.
According to a fourth aspect of the present disclosure, a computer-readable storage medium is presented, having stored thereon computer instructions, which, when executed by a processor, implement the above-described method.
According to a fifth aspect of the present disclosure, a computer program product is presented, which, when being executed by a processor, implements the method as described above.
Compared with the prior art, this disclosure has beneficial effect: to substantially reduce the possibility of brute force cracking, an attacker cannot control the torsion values in the present disclosure and cannot launch numerous attacks. The present disclosure can thus enhance security without modifying the reserved format algorithm.
Drawings
Fig. 1A and fig. 1B exemplarily disclose application scenario diagrams of a security enhancement method based on a reserved format algorithm in an embodiment of the present disclosure.
Fig. 2 is a flowchart illustrating a security enhancement method based on the reserved format algorithm according to the present disclosure.
Fig. 3A to 3E are schematic diagrams illustrating a security enhancement method based on a reserved format algorithm according to the present disclosure.
Fig. 4 exemplarily discloses a block diagram of a security enhancing apparatus based on a reserved format algorithm in the embodiment of the present disclosure.
Fig. 5 discloses a block diagram of an electronic device, a computer readable storage medium, and a computer program product in an embodiment of the disclosure.
Detailed Description
The following examples are further illustrative of the present disclosure and are not intended to be limiting thereof.
The reserved Format Encryption algorithms mainly include 5 algorithms, specifically NIST Special Publication 800-38G, Recommendation for Block Cipher models of Operation, Methods for Format-Preserving Encryption Standard, FF1, FF3, and FF3-1 described in Special Publication 800-38G, and Korean standards FEA-1 and FEA-3. The secure construction of these reserved format algorithms is very challenging.
The encryption process for these algorithms has as input: symmetric key, twisted value and plaintext; and (3) outputting: the ciphertext. The decryption process has the inputs: a symmetric key, a twist value and a ciphertext; and (3) outputting: in plain text. The algorithm requires that the plaintext M be encoded with a specified base before execution. These algorithms all adopt a Feistel structure and are composed of a plurality of round functions. Each round is processed by a key, a partial twist value, and an input or front round result.
In an embodiment of the present disclosure, a security enhancing method based on a reserved format algorithm is provided, including: generating a configuration value based on a first torsion value, wherein the first torsion value is a torsion value parameter in a reserved format algorithm; performing an encryption operation on the constructed value based on the first key to obtain an intermediate value; and generating a second torsion value based on the intermediate value, calling a reserved format algorithm, and obtaining a ciphertext or a plaintext according to the plaintext or the ciphertext, the second torsion value and the first key.
Fig. 1A and fig. 1B exemplarily disclose application scenario diagrams of a security enhancement method based on a reserved format algorithm in an embodiment of the present disclosure.
Fig. 1A exemplarily discloses a schematic diagram of a security enhancement method based on a reserved format algorithm applied in an encryption scenario in the embodiment of the present disclosure.
The format-preserving encryption algorithm needs to perform an encryption operation based on the key K, the twist value T, and the plaintext M.
As shown in fig. 1A, in an embodiment of the present disclosure, security enhancing device 101 generates a second twist value T2 based on a first twist value T1 and a first key K1. The second twist value T2 is used as a twist value required for the reserved format processing apparatus 102 to perform an encryption operation. The preserved format processing device 102 performs a preserved format encryption operation according to the second key K2, the plaintext M, and the second twist value T2, and generates a ciphertext EM.
When the security enhancing apparatus 101 generates the second twisted value T2 from the first twisted value T1 and the first key K1, T1 may be directly set as T2, or the first twisted value T1 or a value obtained by transforming the first twisted value T1 may be encrypted based on the first key K1. For example, the transformed values of the first distorted value T1 or the first distorted value T1 are encrypted using a symmetric encryption algorithm based on the first key K1.
Further, it should be noted that the value T1P obtained by transformation based on the first distortion value T1 may be obtained by splicing the first distortion value with the security parameter.
And, it should be noted that, when the second twist value T2 is generated according to the first twist value T1 and the first key K1, the first key K1 may be transformed into the second key K2 to generate the second twist value T2. For example, the second key K2 is obtained by performing an encryption operation on the first key K1, and any key other than the first key K1 may be used as the second key K2.
Fig. 1B exemplarily discloses a schematic diagram of a security enhancement method based on a reserved format algorithm applied in a decryption scenario in the embodiment of the present disclosure.
The format-preserving encryption algorithm needs to perform decryption operations based on the key K, the twist value T, and the ciphertext EM.
As shown in fig. 1B, in the embodiment of the present disclosure, the security enhancing device 101 generates a second twist value T2 according to the first twist value T1 and the first key K1. The second twist value T2 is used as a twist value required for the reserved format processing apparatus 102 to perform the decryption operation. The preserved format processing device 102 performs a preserved format decryption operation according to the second key K2, the ciphertext EM, and the second twist value T2, and generates a plaintext M.
When the security enhancing apparatus 101 generates the second torsion value T2 from the first torsion value T1 and the first key K1, the first torsion value T1 may be directly used as the second torsion value T2, or the first torsion value T1 or a value obtained by conversion based on the first torsion value T1 may be encrypted based on the first key K1. For example, the transformed values of the first distorted value T1 or the first distorted value T1 are encrypted using a symmetric encryption algorithm based on the first key K1.
Further, it should be noted that the value T1P obtained by transformation based on the first distortion value T1 may be obtained by splicing the first distortion value with the security parameter.
And, it should be noted that, when the second twist value T2 is generated according to the first twist value T1 and the first key K1, the first key K1 may be transformed into the second key K2 to generate the second twist value T2. For example, the second key K2 is obtained by performing an encryption operation on the first key K1, and any key other than the first key K1 may be used as the second key K2.
Fig. 2 is a flowchart illustrating a security enhancement method based on the reserved format algorithm according to the present disclosure.
In an embodiment of the present disclosure, a security enhancement method based on a reserved format algorithm may include operations S210-S240.
In operation S210, a configuration value is generated based on the first torsion value.
In operation S220, an encryption operation is performed on the above-mentioned structure value based on the first key, resulting in an intermediate value.
In operation S230, a second torsion value is generated based on the intermediate value.
In operation S240, the second twist value and the first key are used as input parameters of a reserved format algorithm.
In the disclosed embodiments, a reserved format encryption algorithm requires a key, a twist value, plaintext, or ciphertext to perform an encryption or decryption algorithm. The security performance of the reserved format encryption algorithm can be improved by transforming the first distortion value.
In operation S210, when the configuration value is generated based on the first distortion value, the first distortion value may be directly used as the configuration value, or the first distortion value may be transformed to generate the configuration value.
For example, the first warped value may be concatenated with a security parameter to generate a constructed value, and the security parameter may be a null value, for example, 0, or may be an attribute in plaintext.
It should be noted that, in operation S220, when the encryption operation is performed on the above-mentioned structure value based on the first key, the encryption operation may be performed directly with the first key based on the first key, or the encryption operation may be performed on the obtained value obtained by transforming the first key.
For example, the first key may be encrypted first, and the subsequent encryption operation may be performed on the encrypted value. Other values than the first key may also be used as the second key.
In operation S230, when the second torsion value is generated based on the intermediate value, the intermediate value may be directly used as the second torsion value, or the intermediate value may be transformed to generate the second torsion value.
Illustratively, a portion of the intermediate value may be taken as the second twist value.
In operation S240, the second twist value and the first key are used as input parameters of a reserved format algorithm, and the input of the reserved format algorithm further includes plaintext or ciphertext.
Illustratively, the plaintext, the second twist value and the first key are used as input of the reserved format encryption algorithm, and the ciphertext can be obtained.
Illustratively, the plaintext may be obtained by taking the ciphertext, the second twist value, and the first key as inputs of a format-preserving encryption algorithm.
Through the embodiment of the disclosure, the possibility of brute force cracking is greatly reduced, and an attacker cannot control the second torsion value in the disclosure and cannot launch numerous attacks. The present disclosure can thus enhance security without modifying the reserved format algorithm.
As an alternative embodiment of the present disclosure, generating the configuration value based on the first torsion value comprises:
splicing one or more of the base number, the length value and the occupation value of the plaintext with the first torsion value to generate the structural value;
alternatively, the first torsion value is taken as the configuration value.
It should be understood that the first torsion value may be directly used as the configuration value without being transformed.
It should also be understood that one or more of the properties of the plaintext, such as the base of the plaintext, the length value of the plaintext, etc., may be concatenated with the first torsion value. Null values, e.g., 0, may also be concatenated with the first torsion value.
For example, the base number of the plaintext M, the length value of the plaintext M, and the null value may be concatenated with the first torsion value T1 to obtain a length value of the base number of T1| | | M with a certain number of digits 0 as the structural value TP.
For example, the null value may be concatenated with the first distortion value T1 to obtain a certain number of digits 0 of T1| |, which is used as the structural value TP.
For example, the radix and null values of the plaintext M may be concatenated with the first distorted value T1 to obtain 0 with a certain number of digits of the radix of T1| | | M as the structural value TP.
As an optional embodiment of the present disclosure, encrypting the above-mentioned configuration value based on the first key includes: generating a second key based on the first key, and performing an encryption operation on the constructed value based on the second key.
It should be appreciated that a symmetric encryption operation may be performed on the constructed value based on the second key, e.g., performing an AES or SM4 operation.
For example, AES or SM4 encryption operations may be performed on the construct value TP based on the second key K2, resulting in an intermediate value X.
Further, as an optional embodiment of the present disclosure, the second key is: a first key; or, a ciphertext obtained by performing an encryption operation on the first key; or, a ciphertext resulting from performing an encryption operation on the determined value using the first key as a key.
For example, the second key K2= the first key K1, i.e. the key of the reserved format algorithm (the first key K1) may be used as the key of the subsequent symmetric encryption algorithm.
Illustratively, a symmetric encryption operation may be performed on the first key K1, such as an AES or SM4 encryption operation, resulting in the ciphertext EK1 being the second key K2.
For example, a symmetric encryption operation, such as AES or SM4 encryption operation, may be performed on a certain value (e.g., 16 bytes all 0) using the first key K1, resulting in the ciphertext EK 1' as the second key K2.
It should be understood that a value other than the first key may be used as the second key K2.
As an alternative embodiment of the present disclosure, generating the second torsion value based on the intermediate value includes:
taking out a part of the intermediate value as a second torsion value; alternatively, the intermediate value is set as the second torsion value.
It should be understood that all or a portion of the intermediate values may be used as the second twist value.
Illustratively, the intermediate value X is 128 bits, and the lower 56 bits of the intermediate value may be taken as the second torsion value T2.
For example, the second torsion value T2 can be directly made = the intermediate value X.
Further, as an alternative embodiment of the present disclosure, taking a part of the above-mentioned intermediate value as the second torsion value includes:
separating the intermediate value into a first intermediate value and a second intermediate value, an
And performing an exclusive-or operation on the first intermediate value and the second intermediate value to obtain the second torsion value with a lower number of bits.
Illustratively, the intermediate value X is separated into a first intermediate value XH and a second intermediate value XL;
the first intermediate value XH and the second intermediate value XL are XOR-ed to the second torsion value T2, for example, the second torsion value at the lower 56 bits or the second torsion value at the lower 64 bits.
As an optional embodiment of the present disclosure, the reserved format algorithm is:
NIST.SP.800-38G-FF1;
or, NIST.SP.800-38G-FF 3;
or, NIST.SP.800-38G-2019-FF 3-1;
or, a variation based on NIST.SP.800-38G-FF 3;
or, a variant based on NIST.SP.800-38G-2019-FF 3-1;
alternatively, FEA-1;
alternatively, FEA-3.
Illustratively, FF3 in the NIST.SP.800-38G standard is the reserved format algorithm.
Illustratively, FF3-1 in the 2019 revised version of the NIST.SP.800-38G standard is the reserved format algorithm.
Illustratively, the format-preserving algorithm is a variant of FF3 in the NIST.SP.800-38G standard.
Illustratively, the format-preserving algorithm is a variant of FF3-1 in the 2019 revised version of the NIST.SP.800-38G standard.
Illustratively, FF1 in the NIST.SP.800-38G standard is the reserved format algorithm.
Further, as an alternative embodiment of the present disclosure, a variation based on nist.sp.800-38G-FF3 or a variation based on nist.sp.800-38G-2019-FF3-1 includes: and establishing an inverse proportional relation between the length of the second torsion value and the space capacity of the plaintext domain.
In the embodiment of the present disclosure, establishing an inverse proportional relationship between the length of the second torsion value and the spatial capacity of the plaintext domain may be: when the space capacity of the plaintext domain is small, the length of the second torsion value T2 is increased. For example, when the space of the plain text domain is small, the length of the second torsion value is increased, for example, when the space capacity of the plain text domain is less than or equal to 2128Then, the second twist value length is increased to not less than 120 bits.
Illustratively, the first torsion value T1 exceeds 64 bits, e.g., 88 bits. The first distortion value T1 is transformed into a structure value, i.e. the first distortion value is concatenated with the security parameter to obtain a 128-bit structure value TP, for example, a length value of a certain number of bits of a cardinal number M of TP = T1.
The structure value TP is encrypted and output as the intermediate value X.
And establishing an inverse proportional relation between the length of the second torsion value and the space capacity of the plaintext domain. For example, the field of plaintext M is less than or equal to 2128120 bits of the intermediate value X may be taken as the second torsion value T2.
Fig. 3A to 3E are schematic diagrams illustrating a security enhancement method based on a reserved format algorithm according to the present disclosure.
Illustratively, as shown in fig. 3A, the length of the first warped value T11 is 64 bits, and the first warped value T11 is concatenated with the base number of the plaintext, the length of the plaintext, and optionally 0, i.e., the base number M of T11| | | M is of length | | and optionally 0, to obtain a 128-bit structural value T11P.
Symmetric encryption, e.g., encryption selected from AES or SM4 algorithms, is performed on T11P using the first key K11, resulting in an intermediate value of X1.
The intermediate value X1 is divided into XH1 and XL1, and exclusive or operation is performed on XH1 and XL1, taking the lower 64 bits as the second torsion value T21.
The first key K11, the second twist value T21 and the plaintext M are used as input parameters of the reserved format algorithm. FF3-1 in the revised version of NIST.SP.800-38G standard 2019 is selected as a reserved format algorithm, namely FF3-1-ENC (K11, T21, M) operation is executed.
For example, as shown in fig. 3B, the length of the first warped value T12 is 56 bits, and the first warped value T12 is concatenated with the base number of the plaintext, the length of the plaintext, and optionally 0, that is, the base number of T12| | | M is the length | | | of T M and optionally 0, to obtain the 128-bit structural value T12P.
Symmetric encryption, e.g., encryption using the AES or SM4 algorithm, is performed on the first key K12 using the first key K12 as a symmetric key, resulting in the second key EK 12.
Symmetric encryption, e.g., encryption selected from AES or SM4 algorithms, is performed on T12P using the second key EK12 for the symmetric key, resulting in an intermediate value of X2.
The intermediate value X2 is divided into XH2 and XL2, and exclusive or operation is performed on XH2 and XL2, taking the lower 56 bits as the second twist value T22.
The first key K12, the second twist value T22 and the plaintext M are used as input parameters of the reserved format algorithm. FF3-1 in the revised version of NIST.SP.800-38G standard 2019 is selected as a reserved format algorithm, namely FF3-1-ENC (K12, T22, M) operation is executed.
For example, as shown in fig. 3C, the length of the first warped value T13 is 56 bits, and the first warped value T13 is concatenated with the base number of the plaintext, the length of the plaintext, and optionally 0, that is, the length of the base number M of T13 and optionally 0, to obtain a 128-bit structural value T13P.
Symmetric encryption, e.g., encryption with the AES or SM4 algorithm selected, is performed on T13P with a key other than the first key K13, resulting in an intermediate value of X3.
The lower 64 bits of the middle value X3 are taken as the second torsion value T23.
The first key K13, the second twist value T23 and the plaintext M are used as input parameters of the reserved format algorithm. FF3-1 in the revised version of NIST.SP.800-38G standard 2019 is selected as a reserved format algorithm, namely FF3-1-ENC (K13, T23, M) operation is executed.
Illustratively, as shown in fig. 3D, the length of the first warped value T14 is 88 bits, and the first warped value T14 is concatenated with the base of the plaintext, the length of the plaintext, and optionally 0, i.e., the base of T14| | | M is the length | | | of M and optionally 0, to obtain the 128-bit structural value T14P.
Symmetric encryption, e.g., encryption selected from AES or SM4 algorithms, is performed on T14P with other keys than the first key K14, resulting in an intermediate value of X4.
If the field of plaintext M is smaller than 2128And 120 bits of the intermediate value are taken as a second torsion value T24.
The first key K14, the second twist value T24 and the plaintext M are used as input parameters of the reserved format algorithm.
The FF3 variant in NIST.SP.800-38G standard 2 is selected as a reserved format algorithm, namely, the FF3-ENC (K14, T24, M) variant operation is executed.
For example,
a) let u = ⌈n/2⌉;v=n–u.
b) Let A = X [1.. u ]. and B = X [ u + 1.. n ].
c) Let TL = T [0..59 ]] ||04 and TR = T[60, 119] ||04.
d) For i from 0 to 7:
1. If i is an even number, let m = u and W = TR, or let m = v and W = TL.
2. Let P = W [ i ]]4 || [NUMradix (REV(B))]8.
3. Let S = REVB (ciphrevb (k) REVB (p)).
4. Let y = num(s).
5. Let c = (NUM)radix (REV(A)) + y) mod radixm.
6. Let C = REV (STR)m radix (c)).
7. Let a = B.
8. Let B = C.
Wherein n is the length value of the plaintext. ⌈x⌉ denotes rounding up. X [ i.. j ]]And represents the sub-strings from the ith bit to the jth bit of the string X. And X | | Y represents the splicing of the character string X and the character string Y. X ≦ Y indicates that the character string X and the character string Y perform an exclusive or operation. 0sRepresenting a string of s 0 s. [ x ] of]sThe representation x is a character string consisting of s bytes. NUMradix(X) a numeral representing a base number representation of the character string X. Rev (X) represents the string after the reverse order of the numeric string X. Revb (x) represents a string of bytes after the string is in reverse order. Num (X) represents an integer represented by the character string X. STRm radix(x) Given one less than radixmIs expressed in descending order of importance with m as the base. For a related definition, reference may be made to NIST Special Publication 800-38G.
In the disclosed embodiments, the domain of M is equal to 2 or less128In the step d.1 of encrypting the FF3-ENC (K14, T24, M) transform, the length of the transformed value of B is 8 bytes, and W is 60 bits. The corresponding lengths in NIST Special Publication 800-38G are 12 bytes and 32 bits, respectively. The corresponding lengths in NIST Special Publication 800-38G-2019 are 12 bytes and 28 bits, respectively.
Illustratively, as shown in fig. 3E, the length of the first distorted value T15 is 88 bits, and the first distorted value T15 is spliced with 0, i.e., T15| |0, to obtain a constructed value T15P with a bit length of 128 times.
Symmetric encryption is performed on T15P using the first key K15, e.g., selecting the PRF (K15, T15P) specified in NIST Special Publication 800-38G, resulting in an intermediate value of X5. According to the size of the plaintext space, a part or all of X5 is determined as a second torsion value T25. For example, the bits of the intermediate value X5 with the same length as T15 are truncated, or the byte number of the longest plaintext segment in the FF1 round function is B, the bit length of the first torsion value T15 is L, and the bit length of the intermediate value X5 is Y. Then if L%128=0, let the bit length of T25 be L; otherwise, the bit length of T25 is set to Y- (B%16) × 8-8.
The first key K15, the second twist value T25 and the plaintext M are used as input parameters of the reserved format algorithm. For example, NIST.SP.800-38G-FF1 is selected as a reserved format algorithm, namely, FF1-ENC (K15, T25, M) operation is executed.
Fig. 4 exemplarily discloses a block diagram of a security enhancing apparatus based on a reserved format algorithm in the embodiment of the present disclosure.
As shown in fig. 4, the security enhancing apparatus based on the reserved format algorithm in the embodiment of the present disclosure includes a structure value generating module 410, an intermediate value generating module 420, a second torsion value generating module 430, and a processing module 440.
A configuration value generation module 410 for generating a configuration value based on the first torsion value;
an intermediate value generating module 420, configured to perform an encryption operation on the above-mentioned structure value based on the first key to obtain an intermediate value;
a second torsion value generating module 430 that generates a second torsion value based on the intermediate value, an
The processing module 440 uses the second twist value and the first key as input parameters of a reserved format algorithm.
As an optional embodiment of the present disclosure, the configuration value generation module includes: the first structure value generating module is used for splicing one or more of a base number of a plaintext, a length value of the plaintext and a place occupying value with the first torsion value to generate the structure value; and the second configuration value generation module is used for taking the first torsion value as a configuration value.
As an optional embodiment of the present disclosure, the intermediate value generating module includes: and the second key generation module is used for generating a second key based on the first key. And the encryption module is used for executing encryption operation on the constructed value based on the second key.
Further, as an optional embodiment of the present disclosure, the second key is: a first key. Or, a ciphertext resulting from performing an encryption operation on the first key. Or, any ciphertext that is not the first key.
As an alternative embodiment of the present disclosure, the second torsion value generating module includes: and the first generation submodule is used for taking out a part of the intermediate value as a second torsion value. Or, the second generating submodule is used for taking the intermediate value as a second torsion value.
Further, as an optional embodiment of the present disclosure, the first generating module includes: and a separation unit for separating the intermediate value into a first intermediate value and a second intermediate value. And an arithmetic unit configured to perform an exclusive or operation on the first intermediate value and the second intermediate value, and to obtain the second torsion value having a lower bit number.
As an optional embodiment of the present disclosure, the reserved format algorithm is: NIST.800-38G-FF 1. Or NIST.SP.800-38G-FF 3. Or NIST.SP.800-38G-2019-FF 3-1. Or, a variant based on NIST.SP.800-38G-FF 3. Or, based on NIST.SP.800-38G-2019-FF 3-1.
Further, as an alternative embodiment of the present disclosure, a variation based on nist.sp.800-38G-FF3 or a variation based on nist.sp.800-38G-2019-FF3-1 includes:
and establishing an inverse proportional relation between the length of the second torsion value and the space capacity of the plaintext domain.
Fig. 5 discloses a block diagram of an electronic device, a computer readable storage medium, and a computer program product in an embodiment of the disclosure.
As shown in fig. 5, a block diagram of an electronic device applied to a security enhancement method based on a reserved format algorithm according to an embodiment of the present disclosure is shown. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 5, the electronic apparatus includes: one or more processors 501, memory 502, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components may be mounted on a common motherboard or in other manners as desired, and interconnected using different buses. The processor may process instructions for execution within the electronic device, including informational instructions stored in or on the memory to display a graphical interface on an external input/output device (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, one or more sets of blade servers, or a multi-processor system). In fig. 5, one processor 501 is taken as an example.
The memory 502 is a computer-readable storage medium provided by the present disclosure. Wherein the memory stores instructions executable by the at least one processor to cause the at least one processor to perform the security enhancement method based on the reserved format algorithm provided by the present disclosure. The computer-readable storage medium of the present disclosure stores computer instructions that may be used to cause a computer to perform the security enhancement method based on the reserved format algorithm provided by the present disclosure.
The memory 502, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the security enhancement method based on the retention format algorithm in the embodiments of the present disclosure (e.g., the structure value generation module 410, the intermediate value generation module 420, the second torsion value generation module 430, and the processing module 440 shown in fig. 4). The processor 501 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 502 to implement the security enhancement method based on the reserved format algorithm in the above-described method embodiments.
The memory 502 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device presenting the information, and the like. Further, the memory 502 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 502 may comprise a memory remotely located from the processor 501, and these remote memories may be connected to the electronic devices described above via a network to implement the security enhancement methods based on the reserved format algorithm described above. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device implementing the security enhancement method based on the reserved format algorithm may further include: an input device 503 and an output device 504. The processor 501, the memory 502, the input device 503 and the output device 504 may be connected by a bus or other means, and fig. 5 illustrates the connection by a bus as an example.
The input device 503 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus exhibiting the information, such as an input device of a touch screen, a keyboard, a mouse, etc. The output devices 504 may include a display device, auxiliary lighting devices (e.g., LEDs), and haptic feedback devices (e.g., vibrating motors), among others. The display device may include: liquid Crystal Displays (LCDs), Light Emitting Diode (LED) displays, plasma displays, and the like. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using a high-level procedural and/or object-oriented programming language (e.g., C language), and/or assembly/machine language. As used herein, "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, or/and device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., an OLED (organic electroluminescent display) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse) through which a user may provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
The above detailed description is specific to possible embodiments of the present disclosure, and the embodiments are not intended to limit the scope of the present disclosure, and all equivalent implementations or modifications that do not depart from the scope of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (11)
1. A security enhancement method based on a reserved format algorithm comprises the following steps:
generating a configuration value based on the first torsion value;
performing an encryption operation on the constructed value based on the first key to obtain an intermediate value;
generating a second torsion value based on the intermediate value, an
Taking the second torsion value and the first key as input parameters of a reserved format algorithm;
wherein encrypting the configuration value based on the first key comprises:
generating a second key based on the first key, an
Performing an encryption operation on the configuration value based on the second key.
2. The reserved format algorithm-based security enhancement method of claim 1, wherein generating a configuration value based on the first torsion value comprises:
splicing one or more of a base number, a length value and a place occupation value of the plaintext with the first torsion value to generate the structural value;
alternatively, the first torsion value is taken as the configuration value.
3. The security enhancement method based on the reserved format algorithm according to claim 1, wherein the second key is:
a first key;
or, a ciphertext obtained by performing an encryption operation on the first key;
or, a ciphertext resulting from performing an encryption operation on the determined value using the first key as a key.
4. The security enhancement method based on the reserved format algorithm of claim 1, wherein the second key is a ciphertext that is not the first key.
5. The reserved format algorithm-based security enhancement method of claim 1, wherein generating the second torsion value based on the intermediate value comprises:
taking a portion of said intermediate value as a second torque value;
or, the intermediate value is taken as a second torsion value.
6. The reserved format algorithm-based security enhancement method of claim 5, wherein taking a portion of the intermediate values as a second torsion value comprises:
separating the intermediate value into a first intermediate value and a second intermediate value, an
And carrying out exclusive OR operation on the first intermediate value and the second intermediate value, and taking the lower digit as the second torsion value.
7. The reserved format algorithm-based security enhancement method of claim 2, wherein the reserved format algorithm is:
NIST.SP.800-38G-FF1
or, NIST.SP.800-38G-FF 3;
or, NIST.SP.800-38G-2019-FF 3-1;
or, a variation based on NIST.SP.800-38G-FF 3;
or, a variant based on NIST.SP.800-38G-2019-FF 3-1;
alternatively, FEA-1;
alternatively, FEA-3.
8. The reserved format algorithm-based security enhancement method of claim 7, wherein the nist.sp.800-38G-FF 3-based variant or the nist.sp.800-38G-2019-FF 3-1-based variant comprises:
and establishing an inverse proportional relation between the length of the second torsion value and the space capacity of the plaintext domain.
9. A security enhancing apparatus based on a reserved format algorithm, comprising:
a configuration value generation module to generate a configuration value based on the first torsion value;
the intermediate value generation module is used for carrying out encryption operation on the constructed value based on the first secret key to obtain an intermediate value;
a second torsion value generation module that generates a second torsion value based on the intermediate value, an
The processing module is used for taking the second torsion value and the first key as input parameters of a reserved format algorithm;
wherein encrypting the configuration value based on the first key comprises:
generating a second key based on the first key, an
Performing an encryption operation on the configuration value based on the second key.
10. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the instructions to implement the method of any one of claims 1 to 8.
11. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110628812.0A CN113079010B (en) | 2021-06-07 | 2021-06-07 | Security enhancement method and device based on reserved format algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110628812.0A CN113079010B (en) | 2021-06-07 | 2021-06-07 | Security enhancement method and device based on reserved format algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113079010A CN113079010A (en) | 2021-07-06 |
| CN113079010B true CN113079010B (en) | 2022-01-04 |
Family
ID=76617085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110628812.0A Active CN113079010B (en) | 2021-06-07 | 2021-06-07 | Security enhancement method and device based on reserved format algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113079010B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114036550A (en) * | 2022-01-10 | 2022-02-11 | 深圳奥联信息安全技术有限公司 | Encryption method and device for reserving floating-point number format |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959098A (en) * | 2016-04-28 | 2016-09-21 | 东港股份有限公司 | Format-reserved encryption algorithm based on multi-segmented Feistel network |
| CN110795762A (en) * | 2019-10-30 | 2020-02-14 | 贵州大学 | Reserved format encryption method based on stream cipher |
| CN111224778A (en) * | 2019-12-25 | 2020-06-02 | 广东飞企互联科技股份有限公司 | Data reserved format encryption method |
| CN111783112A (en) * | 2020-06-09 | 2020-10-16 | 北京三未信安科技发展有限公司 | Method, system, medium and device for quickly realizing reserved format encryption |
| US20210056221A1 (en) * | 2016-09-26 | 2021-02-25 | Bank Of America Corporation | Progressive Key Rotation for Format Preserving Encryption (FPE) |
| CN112597480A (en) * | 2020-12-28 | 2021-04-02 | 北京炼石网络技术有限公司 | Implementation mode of extensible format reservation encryption method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11488134B2 (en) * | 2008-05-02 | 2022-11-01 | Micro Focus Llc | Format-preserving cryptographic systems |
| EP3082291B1 (en) * | 2013-12-15 | 2022-05-25 | Samsung Electronics Co., Ltd. | Secure communication method and apparatus and multimedia device employing same |
-
2021
- 2021-06-07 CN CN202110628812.0A patent/CN113079010B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105959098A (en) * | 2016-04-28 | 2016-09-21 | 东港股份有限公司 | Format-reserved encryption algorithm based on multi-segmented Feistel network |
| US20210056221A1 (en) * | 2016-09-26 | 2021-02-25 | Bank Of America Corporation | Progressive Key Rotation for Format Preserving Encryption (FPE) |
| CN110795762A (en) * | 2019-10-30 | 2020-02-14 | 贵州大学 | Reserved format encryption method based on stream cipher |
| CN111224778A (en) * | 2019-12-25 | 2020-06-02 | 广东飞企互联科技股份有限公司 | Data reserved format encryption method |
| CN111783112A (en) * | 2020-06-09 | 2020-10-16 | 北京三未信安科技发展有限公司 | Method, system, medium and device for quickly realizing reserved format encryption |
| CN112597480A (en) * | 2020-12-28 | 2021-04-02 | 北京炼石网络技术有限公司 | Implementation mode of extensible format reservation encryption method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113079010A (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11509474B2 (en) | Method and apparatus for obtaining privacy set intersection, device and storage medium | |
| JP7064682B2 (en) | Privacy protection based on homomorphic encryption Multi-institutional data classification method | |
| US10277391B2 (en) | Encryption device, encryption method, decryption device, and decryption method | |
| EP3934295A2 (en) | Key protection processing method, apparatus, device and storage medium | |
| US11438172B2 (en) | Robust state synchronization for stateful hash-based signatures | |
| AU2021204543A1 (en) | Digital signature method, signature information verification method, related apparatus and electronic device | |
| US20170353299A1 (en) | Information processing apparatus, method for processing information, and medium | |
| EP3447963A1 (en) | Method for protecting data | |
| WO2021129470A1 (en) | Polynomial-based system and method for fully homomorphic encryption of binary data | |
| CN115051798A (en) | Random number generation method and device, electronic equipment and storage medium | |
| WO2019043921A1 (en) | Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program | |
| CN113079010B (en) | Security enhancement method and device based on reserved format algorithm | |
| CN105814833B (en) | Method and system for secure data transformation | |
| US20060269055A1 (en) | Method and apparatus for improving performance and security of DES-CBC encryption algorithm | |
| Chen et al. | Image encryption using progressive cellular automata substitution and SCAN | |
| CN114785524A (en) | Electronic seal generation method, device, equipment and medium | |
| CN107342855B (en) | Signature method based on SM2 algorithm | |
| JP7383985B2 (en) | Information processing device, information processing method and program | |
| CN113824546B (en) | Method and device for generating information | |
| CN114036550A (en) | Encryption method and device for reserving floating-point number format | |
| Rajashekarappa et al. | Study on cryptanalysis of the tiny encryption algorithm | |
| CN115333868B (en) | Symmetric encryption method, symmetric decryption method, symmetric encryption device, symmetric decryption device and symmetric encryption device based on odd-even round robin | |
| KR100260534B1 (en) | Des-like cryptographic method and apparatus | |
| KR20190041900A (en) | Encryption device and decryption device, and method of operation thereof | |
| CN117743384A (en) | Data query method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |