CN113472766A - Data encryption system and method - Google Patents

Data encryption system and method Download PDF

Info

Publication number
CN113472766A
CN113472766A CN202110707297.5A CN202110707297A CN113472766A CN 113472766 A CN113472766 A CN 113472766A CN 202110707297 A CN202110707297 A CN 202110707297A CN 113472766 A CN113472766 A CN 113472766A
Authority
CN
China
Prior art keywords
prime number
key
prime
sender
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110707297.5A
Other languages
Chinese (zh)
Inventor
张长河
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Weida Information Technology Co ltd
Original Assignee
Beijing Weida Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Weida Information Technology Co ltd filed Critical Beijing Weida Information Technology Co ltd
Priority to CN202110707297.5A priority Critical patent/CN113472766A/en
Publication of CN113472766A publication Critical patent/CN113472766A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

A transmitting apparatus that encrypts data using a key calculates various parameters based on the key and a shared secret between the transmitting apparatus and a receiving apparatus remote from the transmitting apparatus. The calculated parameters are sent to the receiving device, which uses these parameters to calculate a key based on the shared secret. The receiving device then decrypts the data using the calculated key, which need not be transmitted from the transmitting device to the receiving device.

Description

Data encryption system and method
Technical Field
The application relates to the field of data encryption, in particular to a data encryption technology based on a secret key.
Background
In Data Encryption Standard (DES) encryption, a key is shared between a sender and a receiver. This key is referred to as a "shared secret" because it is "shared" between the sender and the recipient, but remains a "secret" for untrusted users. The sender encrypts data using the key before sending the data to the recipient, and the recipient uses the key to decrypt the encrypted data upon receiving the encrypted data. If an unauthorized user (sometimes referred to as a "hacker") gains access to the encrypted data, it is very difficult for such a user to extract any useful information from the data without the key.
In very good privacy (PGP) encryption, data is similarly encrypted between the sender and the recipient. However, the sender and the receiver each have a pair of keys, namely a private key and a public key. Public keys are exchanged between the sender and the receiver. These keys are "public" in the sense that they can be shared with untrusted users without compromising the security provided by the encryption. However, each private key is a "private secret". "at this point, the private key is" secret "because it is not shared with untrusted users, and it is" private "because it is not shared between the sender and the recipient. Ideally, only the sender knows his private key, and only the receiver knows his private key. When transmitting data via PGP encryption, a sender randomly generates a session key and encrypts data using the session key. Then, the sender encrypts the session key using the public key of the recipient, and transmits the encrypted data and the encrypted session key to the recipient. The recipient then uses his public key to decrypt the session key so that the session key can be used to decrypt the data. Although the public key may be shared and known by others, it is important for each user to keep his or her private key secret, since the private key may be used to decrypt the session key, and thus, ultimately, the encrypted data. Among these are various other key sharing encryption schemes that may be used to protect data communicated between a sender and a recipient. However, a weakness of many of these encryption schemes is that the secret key used to encrypt and/or decrypt the data is typically stored on the computer by the sender and/or recipient. It is therefore possible for a hacker to employ known hacking techniques to access data stored on such a computer and thereby discover the key. The hacker can then use the key to extract useful information from the encrypted data. In fact, in order to recover the message defined by the encrypted data, it is generally easier for a hacker to recover the message by finding the key needed to decrypt the data than for a hacker to crack the encryption scheme. Even with the vulnerabilities associated with hackers gaining access to the keys, users are typically encouraged to periodically obtain new encryption keys so that at least future messages can be protected from hackers who have discovered previously used keys. However, periodically obtaining a new encryption key can be burdensome. Furthermore, although the new encryption key may prevent a hacker from extracting useful information from future messages, obtaining the new encryption key has little effect on protecting data that has been previously compromised because the hacker found the previously used key. Preventing hackers from discovering secret keys in the first place is a more preferred solution. Improvements to data security products (e.g., firewalls) have been developed in an effort to prevent hackers from accessing sensitive data (e.g., secret keys) residing on user computers. However, hackers have shown the ability to develop new technologies to defeat the improvements to these data security products and the access to information residing on the user's computer. However, it is generally desirable to have better encryption techniques to enhance data security and reduce the likelihood of unauthorized useful information extracting useful information from encrypted messages.
Disclosure of Invention
The present disclosure relates generally to data encryption systems and methods. A system according to one exemplary embodiment of the present disclosure includes encryption logic usable by a sender to encrypt data to be sent to a recipient. In particular, the encryption logic randomly generates various numbers, including keys for encrypting data according to any known encryption scheme, such as Data Encryption Standard (DES), Advanced Encryption Standard (AES), or very good privacy (PGP). The encryption logic uses the key to encrypt data to be sent to the recipient. In addition, the encryption logic uses equations, referred to herein as "key equations," that define the relationships between a plurality of parameters, including the keys used to encrypt the data. The at least one parameter is a shared secret between the sender and the recipient. Using the key and the shared secret, the encryption logic calculates a value for at least one of the parameters defined by the key equation. The encryption logic sends the encrypted data to the recipient. In addition to transmitting encrypted data, the encryption logic transmits a sufficient number of calculated values to allow the recipient to calculate a key based on the key equation. However, to help prevent unauthorized users from gaining access to the key, the encryption logic does not send the key to the recipient, but rather destroys the key after it is used to encrypt data and calculate at least one of the values sent to the recipient. Based on the key equation, the shared secret, and the value received from the sender, the recipient calculates a key and decrypts the data using the calculated key. Thus, the receiver can calculate the key without transmitting the key to the receiver. By destroying the key, it is difficult for a hacker to discover the key. In this regard, as described above, once a key has been used to encrypt data and define at least one transmitted value, the key may be destroyed by the transmitter. Further, when the recipient wishes to decrypt the data, the recipient may calculate a key based on the shared secret and the sent value, decrypt the data using the calculated key, and then destroy the key. Thus, the key is only available for a short time on the sender's or receiver's device, which makes it difficult for a hacker to find the key by hacking into such a device.
Drawings
Fig. 1 is a block diagram illustrating an encryption system according to an exemplary embodiment of the present disclosure;
FIG. 2 is a block diagram showing a transmitter device such as depicted in FIG. 1;
fig. 3 is a block diagram illustrating a receiving apparatus such as that shown in fig. 1 according to an exemplary embodiment of the present disclosure;
FIG. 4 is a flow chart illustrating an exemplary method for encrypting data.
Detailed Description
Fig. 1 depicts a data encryption system 10 according to an exemplary embodiment of the present disclosure. As shown in fig. 1, the system 10 includes a sending device 12, such as a desktop or laptop computer or a Personal Digital Assistant (PDA), configured to transmit data 14 to a receiving device 15, such as a desktop or laptop computer or a Personal Digital Assistant (PDA). In the example shown in fig. 1, the sending device 12 is coupled to and communicates with the receiving device 15 via a communication network 18, such as the Public Switched Telephone Network (PSTN), a cellular network, and/or the internet. In one exemplary embodiment, the network 18 is a Wide Area Network (WAN), but other types of networks are possible in other embodiments. Furthermore, the transmitting device 12 may communicate directly (e.g., via wireless Radio Frequency (RF) signals) with the receiving device 15 without using any type of network. The sending device 12 preferably includes encryption logic 25 that encrypts the data 14 before sending it to the receiving device 15, and the receiving device 15 includes decryption logic 28 that decrypts the data 14 after receiving it in encrypted form from the sending device 12. Exemplary techniques for encrypting and decrypting the data 14 will be described in more detail below. It should be noted that the encryption logic 25 and decryption logic 28 may be implemented in software, hardware, or a combination thereof. In the exemplary embodiment shown in fig. 2, the encryption logic 25 is implemented in software and stored in the memory 32 of the transmitting device 12. Further, in the exemplary embodiment shown in FIG. 3, decryption logic 25 is implemented in software and stored in memory 35 of receiving device 15, it being noted that when implemented in software, encryption logic 25 and decryption logic 28 may be stored and transmitted on any computer-readable medium for use by or in connection with an instruction execution apparatus that may fetch and execute instructions. In the context of this document, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution apparatus. The computer readable medium can be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor device, or a propagation medium.
The exemplary embodiment of the transmitting device 12 shown in fig. 2 includes at least one conventional processing element 42, such as a Digital Signal Processor (DSP) or Central Processing Unit (CPU), that communicates with and drives other elements within the device 12 via a local interface 44, which may include at least one bus. In addition, an input interface 46 (e.g., a keyboard or mouse) may be used to input data from a user of the apparatus 12, and an output interface 49, such as a printer or a display device (e.g., a liquid crystal display or LCD), may be used to output data to the user. The transmitter device 12 further comprises a random number generator 52 and a transceiver 55. The random number generator 52 is shown as being implemented in software, but in other examples, the random number generator 52 may be implemented in hardware or a combination of software and hardware. The exemplary embodiment of the receiving apparatus 15 depicted in fig. 3, similar to the sending apparatus 12, includes at least one conventional processing element 62, such as a Digital Signal Processor (DSP) or Central Processing Unit (CPU), which communicates with and drives other elements within the apparatus 15 via a local interface 64, which may include at least one bus. In addition, an input interface 66, such as a keyboard or mouse, may be used to input data from a user of the apparatus 15, and an output interface 69, such as a printer or display device (e.g., a liquid crystal display or LCD), may be used to output data to the user. The receiving device 15 further comprises a random number generator 72 and a transceiver 75. The random number generator 72 is shown as being implemented in software, but in other examples the random number generator 72 may be implemented in hardware or a combination of software and hardware. Initially, a set of prime numbers, referred to herein as a "base", is generated and shared between the transmitting device 12 and the receiving device 15. The base number may be generated or otherwise obtained by the device 12 or 15, and for purposes of illustration, it is assumed that the base number is randomly generated by the random number generator 52 of the transmitting device 12 and transmitted to the receiving device 15. As an example, the base numbers may be included in an email message and sent over network 18 through transceiver 55 and received by transceiver 75. in one exemplary embodiment, three base numbers P, G and C are randomly generated and each of these numbers is 256 bits in length. However, in other embodiments, other numbers of cardinality and other bit lengths are possible. The encryption logic 25 receives another randomly generated prime number Ps from the random number generator 52 and treats Ps as private. Thus, the encryption logic 25 does not share P with the receiving device 15. In one exemplary embodiment, the private number P is 256 bits in length as each radix, but other bit lengths are possible in other embodiments. The encryption logic 25 combines the private number P with the basic numbers P and G to generate another number DPN, which is considered a public number. In one embodiment, the aforementioned numbers are combined according to Diffie-Hellman equations. For example, DPNs may be calculated from an equation, DPNs — GPs mod P. The DPNs are preferably sent by the encryption logic 25 to the receiving means 15 together with the base. Decryption logic 28 stores the transmitted cardinality P, G and C and DPNs in memory 35.
The decryption logic 28 receives the randomly generated prime number Pr from the random number generator 72 and treats Pr as a private secret. Thus, the decryption logic 28 does not share Pr with the sending device 12. In one exemplary embodiment, the private number Pr is 256 bits in length as each radix, but other bit lengths are possible in other embodiments. The decryption logic 28 combines the private number Pr with the basic numbers P and G to produce another number DPNr, which is considered a public number. In one embodiment, the aforementioned numbers are combined according to Diffie-Hellman equations. For example, DPNr may be calculated according to the formula DPNr ═ GPr mod P. DPNr is preferably sent by decryption logic 28 to sending device 12. The DPNr is stored in memory 32 by encryption logic 25, and three additional random numbers K, M and R are received by encryption logic 25 from random number generator 52. In one exemplary embodiment, each of these numbers is 256 bits, although other bit lengths are possible. In the exemplary embodiment described herein, K is a random prime number. M is not necessarily a prime number or greater than K, but M is preferably the same number of bits as K. The encryption logic 25 uses K as a key to encrypt the data 14 according to any desired encryption scheme (e.g., PGP, DES, or AES). However, to protect the key K used to encrypt the data 14, the encryption logic 25 does not share K with any other entity, or even with the decryption logic 28. Instead, encryption logic 25 provides decryption logic 28 with sufficient parameters to enable logic 28 to calculate K according to a predetermined algorithm, as will be described in more detail below.
In this regard, the encryption logic 25 utilizes a predetermined formula, also known to the decryption logic 28, to generate parameters that are provided to the decryption logic 28 to enable the logic 28 to calculate the key K. In an example of the present invention, the encryption logic 25 uses the following equation, referred to herein as a "key equation". Both equations (1) K and M are known to encryption logic 25 rather than decryption logic 28. Note that in other embodiments, other equations may be used as key equations.
In this example, the encryption logic 25 is configured to calculate the value of at least one parameter in the key equation using K and to provide the calculated parameter to the decryption logic 28 to enable the logic 28 to calculate K based on the key equation, as is known to the logic 28. As described above, K is not transmitted to the reception apparatus 15 so as to keep K from being clearly transmitted. Additionally, in this example, another parameter, M, helps to obfuscate the key equation from any hackers that might intercept the value being transmitted to the receiving device 15. Further, using M, K, and replacing x in the key equation with the shared value, the encryption logic 25 calculates y and sends y to the receiving device 15. In this example, the shared value instead of x is C, which is one of the cardinalities shared with the receiving device 15, as described above. Therefore, the calculated Y value, which will be referred to as "Y1" hereinafter, may be expressed as follows. However, y1 is MC + K equation (2), and since there are two unknowns (M and K) in the key equation for decryption logic 28, logic 28 does not have enough information to compute K. The encryption logic 25 thus calculates Y for another instance of x and provides the newly calculated Y value to the receiving means 15. To obfuscate the algorithm used to compute K, the value selected for x in this computation is preferably a shared secret S, which will be described in more detail below. Thus, the encryption logic 25 replaces x in the key equation with S and calculates y. The logic 25 then transmits Y to the receiving device 15. This calculated Y value, which will be referred to as "Y2" hereinafter, may be expressed as follows. y 2-MS + K equation (3) assuming that the shared secret S is known to the decryption logic 28, the decryption logic 28 now has enough information to calculate K. In this regard, in equations 2 and 3, decryption logic 28 knows all parameters except for M and K. Since there are two equations and two unknowns (M and K), decryption logic 28 may solve the two equations for M and K. Decryption logic 28 may then decrypt the encrypted data 14 received from the sender device 12 using K as a key.
To help obfuscate the encryption scheme, the shared secret is preferably based on a private number that is not communicated between the sending device 12 and the receiving device 15. In this example, the private numbers used to calculate the shared secret S are Ps and Pr. At this point, the encryption logic 25 calculates S according to the following equation: hash [ (DPNrPS mod P) + R ] equation (4), where "hash" refers to a hash function applied to values within the square brackets [ ]. Thus, the shared secret S is equal to the result of a hash function performed on DPNr, the power of which is raised to the modulo of P times P plus R. As mentioned above, DPNr, Ps, P and R are all known to the encryption logic 25. In an exemplary embodiment, the hash function "hash" is a Shaw256 hash function, although other hash algorithms may be used in other embodiments. Note that the value DPNr boosted to the power of Ps times the modulus of P refers to the Diffie-Hellman number of DPNr, Ps, and P, with Ps as the private secret. The hash function that connects R and takes expressions helps obfuscate the relationship between DPNr, Ps, and P, and the hash function also reduces the bit length of S, helping to facilitate the calculations set forth herein. Further, the following expression holds according to the Diffie-Hellman principle. DPNrPs mod P — PrDPNs mod P equation (5) thus, decryption logic 28, without being provided with Ps, may calculate the shared secret S according to the following equation: s ═ hash [ (PrDPNs mod P) + R ] equation (6), where "hash" refers to the hash function applied to the values within brackets [ ]. Thus, the shared secret S is equal to the result of a hash function performed on Pr raised to a power of DPNs multiplied by the modulo of P plus R. The hash function is preferably the same as the hash function applied by the encryption logic 25 in the calculation S, as described above. Furthermore, the encryption logic 25 preferably shares R with the decryption logic 28 by sending R to the receiving device 15. Knowing y1, y2, R, and S, decryption logic 28 may compute M and K and then use K to decrypt data 14. Thus, based on the values exchanged between the receiving device 15 and the sending device 12 and the shared secret S that can be calculated by the encryption logic 25 and the decryption logic 28, the decryption logic 28 is able to calculate the key K without transferring K from the sending device 12 to the receiving device 15. furthermore, both the encryption logic 25 and the decryption logic 28 use a private number when calculating the shared secret S, thereby enhancing the security of the encryption scheme.
Addition, after encrypting data 14 with key K and computing y1 and y2, encryption logic 25 preferably deletes K. In this case, the key K will no longer be present until the decryption logic 28 later calculates it for decrypting the data 14. Thus, during this time, a hacker cannot find the key by simply hacking into the sending device 12 or the receiving device 15 and locating the key. Hackers can feasibly discover various numbers used to compute keys, such as y1, y2, and R. However, in order to use these numbers to decrypt the data 14 without finding the key K, a hacker would first need to determine how the system 10 uses these numbers to calculate K, or in other words, how to crack the scheme used to protect the key. Thus, the encryption techniques described herein address and prevent the vulnerability of hackers attempting to locate keys that can be used to decrypt data. In fact, once decryption logic 28 decrypts data 14, logic 28 may similarly delete key K. Thus, the key K may only be present at the device 12 or 15 for a very short duration, making it extremely difficult for a hacker to find the key. It should be noted that each message communicated between the sender device 12 and the recipient device 15 may be encrypted using the encryption techniques described above. If desired, base numbers P, G and C can be transmitted at once. Thereafter, new values for K, M and R can be generated for each message, or alternatively, new values for K, M and R can be updated periodically. Many variations of the techniques described herein will be apparent to one of ordinary skill in the art upon reading this disclosure.
Different types of equations may be used for the key equations. Furthermore, different types of equations may produce different numbers of unknowns for decryption logic 28. In this regard, in the exemplary embodiment described above, the key equation includes two unknowns (M and K) for the decryption logic 28, and thus, at least two instances of the key equation are evaluated in order to provide the logic 28 with sufficient information for computing K. In other examples, the key equation may have other numbers of unknowns for the logic 28. In such an example, other numbers of instances of the key equation may need to be evaluated in order to provide the logic 28 with sufficient information for calculating K. An exemplary use and operation of the encryption system 10 will now be described with reference to fig. 4, initially randomly generating P, G, C, Ps and Pr values as indicated at block 111 of fig. 4. In this regard, encryption logic 25 requests four randomly generated numbers from random number generator 52, which provides cardinalities P, G and C to logic 25, as well as the sender's private number P, which is private to encryption logic 25. In addition, decryption logic 28 requests a randomly generated number from random number generator 72, which provides logic 28 with Pr that is specific to decryption logic 28. As shown in box 114, base numbers P, G and C were exchanged. Here, the encryption logic 25 sends P, G, C to the receiving device 15 and the decryption logic 28 stores P, G, C in the memory 35, calculated based on P, G.
The numbers DPNs and DPNr are added, as shown in block 117. Here, encryption logic 25 combines Ps, P, and G to produce DPNs, and decryption logic 28 combines Pr, P, and G to produce DPNr. DPNs are exchanged with DPNr; as indicated by block 121. At this point, encryption logic 25 sends the DPNs to receiving device 15, and decryption logic 28 stores the DPNs in memory 35. In addition, decryption logic 28 communicates DPNr to sender device 12, while encryption logic 25 stores DPNr in memory 32. Thus, at this point, both encryption logic 25 and decryption logic 28 are aware of P, G, C, DPNs and DPNr. In addition, Ps is a private number known only by the encryption logic 25, and Pr is a private number known only by the decryption logic 28.
The encryption logic 25 determines whether to send the encrypted data to the receiving device 15, as a private number known by block 125. As one example, a user of device 12 may submit input requesting that an email message or other type of message be encrypted and sent to recipient device 15. In response, the logic 25 makes a "yes" determination in block 125 and the rAs, K, M, and R indicated by block 129 are generated. In this regard, the encryption logic 25 requests three randomly generated numbers from the random number generator 52, which provides K, M and R to the logic 25. The encryption logic 25 encrypts the data 14 being transmitted to the receiving device 15 using K as a key, as shown in block 133. In addition, as shown in block 136, the encryption logic 25 calculates y based on equations 2 and K, C and the known values of M1. The encryption logic 25 also computes the shared secret S based on equation 4 and the known values of DPNr, Ps, P, and R, as shown in block 139. As shown in block 144, the encryption logic 25 also calculates y based on the known values of equations 3 and K, M and S2. After encrypting data 14 with K and computing y1 and y2 using K, encryption logic 25 deletes K, as shown in block 147. Thus, at this point, K is no longer present within system 10I as indicated by block 152, and encryption logic 25 transmits encrypted data 14, as well as y1, y2, and R, to receiving device 15. As an example, if the encrypted data 14 defines a text portion of an email message, the values of y1, y2, and R may be appended to the same email message that includes the encrypted data 14.
After device 15 receives the encrypted data 14 and y1, y2, and R, decryption logic 28 computes the shared secret S based on equation 6 and the known values of Pr, DPNs, P, and R, as shown in block 156. Decryption logic 28 then calculates M and K based on equations 2 and 3 and the known values of y1, y2, S, and C, as shown in block 163. Having now calculated the key K, the decryption logic 28 decrypts the data 14, as shown in block 166. At this point, K is no longer needed and the logic 28 deletes K, as shown in block 169. Note that if another message is to be communicated between the sending device 12 and the receiving device 15, the same method shown in fig. 4 may be used to send the message in either direction. However, if the same values of P, G, C, P, Pr, DPNs, and DPNr are to be used, the process may begin for future messages at block 129. As can be seen by the foregoing example, the key used to encrypt the data 14 may be deleted shortly after encryption. Further, before deleting the key, the transmitting device 12 may then calculate various numbers based on the key equation and then provide the numbers to the receiving device 15, which may use the numbers to calculate the key. Thus, the key need not be stored in device 12 or 15 except during the short duration that the key is actually used by (1) logic 25 to encrypt data 14 or to compute a number from a key formula or (2) logic 28 to decrypt data 14. Therefore, even if a hacker hacks and gains access to the device 12 or 15, the hacker is unlikely to find the key K.

Claims (10)

1. A transmitting apparatus, comprising: a processing element; a transceiver; and a memory for storing data, a first prime number (P), a second prime number (G), a third prime number (C), a first private prime number (Ps), a first random number (M), a second random number (R), wherein the processing element calculates a sender public number (DPN) according to the equation DPN-GPs mod P using the first private prime number (Ps), the first prime number (P), and the second prime number (G), wherein the sender public number (DPN) is provided to a recipient device that knows the first prime number (P), the second prime number (G), and the third prime number (C), wherein the processing element encrypts the data using encryption logic and a randomly generated key, wherein the processing element deletes the randomly generated key after encrypting the data, wherein the processing element uses the first prime number (P), the second prime number (G), and the second random number (R) The first private prime number (P), a recipient public number (DPNr) and the second random number (R) to calculate a public shared secret (S), wherein the processing element uses a key equation based on the key and the first random number (M) to calculate a plurality of parameters using simultaneous equations, wherein the third prime number (C) is used in the key equation to calculate a first parameter (Y1) of the plurality of parameters and the public shared secret (S) is used in the key equation to calculate a second parameter (Y2) of the plurality of parameters, wherein the encrypted data, the second random number (R) and the plurality of parameters (Y1, Y2) are transmitted by the transceiver to the receiving device, which uses the first prime number (P), a recipient private prime number (Pr), a recipient public prime number (Pr), and a public shared secret (S), A sender public number (DPN) and a second random number (R) to calculate the common shared secret according to a second shared secret equation, and to calculate the key using the common shared secret, a third prime number (C), a plurality of parameters (Y1, Y2), and the simultaneous equations without transmitting the key to the recipient device.
2. The transmitting apparatus according to claim 1, wherein the sender public number (DPN) is equal to a dividend modulo a divisor, wherein the dividend is a power of the first private prime number (P) of the second prime number (G) and the divisor is the first prime number (P).
3. The sender apparatus of claim 1, wherein the first one of the plurality of parameters (Y1) is equal to the key plus the second random number (M) multiplied by the third prime number (C).
4. The transmitting apparatus according to claim 1, wherein a second parameter (Y2) of the plurality of parameters is equal to the key plus the second random number (M) multiplied by the common shared secret (S).
5. A transmitting apparatus according to claim 1, wherein the common shared secret (S) is calculated using a hash function performed on a Diffie-Hellman number plus the second random number (R), wherein the Diffie-Hellman number is equal to a dividend modulo a divisor, wherein the dividend is the recipient public number (DPNr) raised to a power of the first private prime number (P) and the divisor is the first prime number (P).
6. The transmission apparatus according to claim 1, wherein the reception apparatus comprises: a recipient processing element; a receiver transceiver; and a specific memory for storing data, a first prime number (P), a second prime number (G), a third prime number (C), and a recipient private prime number (Pr), wherein the recipient private prime number (Pr), the first prime number (P), and the second prime number (G) are used by the recipient processing unit to calculate the recipient public number (DPNr) according to a formula DPNr ═ GPr mod P.
7. The transmitting apparatus according to claim 6, wherein the recipient public number (DPNr) is equal to a dividend modulo a divisor, wherein the dividend is a second prime number (G) raised to the power, a recipient private prime number (Pr) raised to the power, and the divisor is a first prime number (P).
8. Transmitter apparatus according to claim 1, wherein said second prime number (G) is the smallest quadratic remainder modulo said first prime number (P).
9. A method for communicating data between a sender device and a receiver device, comprising: a shared simultaneous equation and a first prime number (P), a second prime number (G) and a third prime number (C) between the transmitter device and the receiver device via a trusted relationship; generating, at the sender device, a first random number (M), a second random number (R) and a randomly generated key (K); calculating a plurality of parameters (Y1, Y2) using the first random number (M), the second random number (R), the first prime number (P), the second prime number (G), the third prime number (C), the randomly generated key (K), the calculated shared secret (S) and a simultaneous equation at the sender device defining a correspondence between the first random number (M), the second random number (R) and the randomly generated key (K); -encrypting data at the sender device using the key (K); -deleting the key (K) at the sender device after encrypting the data; -transmitting the encrypted data, the values of the plurality of parameters (Y1, Y2) and the second random number (R) without transmitting the key (K); generating, at the receiver device, the key (K), a third prime number (C) and a simultaneous equation using the plurality of received parameters (Y1, Y2), the calculated shared secret (S), the first random number (M), the received second random number (R), the first prime number (P), the second prime number (G); decrypting, at the receiver device, the encrypted data using the generated key (K); and deleting the generated key (K) at the receiver device after decrypting the data.
10. The method of claim 9, further comprising: exchanging a sender public number (DPN) and a receiver public number (DPNr) between the sender device and the receiver device, the sender public number (DPN) being calculated using the first prime number (P), the second prime number (G) and a sender private prime number (P) stored in the sender device, and the receiver public number (DPNr) being calculated using the first prime number (P), the second prime number (G) and a receiver private prime number (Pr) stored in the receiver device, the sender public number (DPN) used at the receiver device to generate the calculated shared secret and the receiver public number (DPNr) used at the sender device to generate the calculated shared secret.
CN202110707297.5A 2021-06-24 2021-06-24 Data encryption system and method Pending CN113472766A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110707297.5A CN113472766A (en) 2021-06-24 2021-06-24 Data encryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110707297.5A CN113472766A (en) 2021-06-24 2021-06-24 Data encryption system and method

Publications (1)

Publication Number Publication Date
CN113472766A true CN113472766A (en) 2021-10-01

Family

ID=77872837

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110707297.5A Pending CN113472766A (en) 2021-06-24 2021-06-24 Data encryption system and method

Country Status (1)

Country Link
CN (1) CN113472766A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140192980A1 (en) * 2006-08-14 2014-07-10 Key Holdings, LLC Data Encryption System and Method
CN106797311A (en) * 2014-08-29 2017-05-31 维萨国际服务协会 For the method for security password generation
US9800410B1 (en) * 2006-08-14 2017-10-24 Key Holdings, LLC Data encryption system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140192980A1 (en) * 2006-08-14 2014-07-10 Key Holdings, LLC Data Encryption System and Method
US9800410B1 (en) * 2006-08-14 2017-10-24 Key Holdings, LLC Data encryption system and method
CN106797311A (en) * 2014-08-29 2017-05-31 维萨国际服务协会 For the method for security password generation

Similar Documents

Publication Publication Date Title
US9065636B2 (en) Data encryption system and method
JP7011646B2 (en) Methods and systems for data security based on quantum communication and trusted computing
US8639928B2 (en) System and method for mounting encrypted data based on availability of a key on a network
US7688975B2 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
RU2371756C2 (en) Safety connection to keyboard or related device
KR100979576B1 (en) Methods for remotely changing a communications password
US8904195B1 (en) Methods and systems for secure communications between client applications and secure elements in mobile devices
JP2010220212A (en) Securing communications sent by first user to second user
GB2514428A (en) Enabling access to data
JP6556955B2 (en) Communication terminal, server device, program
CN113225186A (en) Private data intersection solving method and device, computer equipment and storage medium
JP2005252384A (en) Encrypted data storage server system, encrypted data storage method, and re-encryption method
EP3785409B1 (en) Data message sharing
US9800410B1 (en) Data encryption system and method
US20240063999A1 (en) Multi-party cryptographic systems and methods
US8085932B2 (en) Secure distribution of data or content using keyless transformation
US10699021B2 (en) Method and a device for secure storage of at least one element of digital information, and system comprising such device
Barukab et al. Secure communication using symmetric and asymmetric cryptographic techniques
CN113824713B (en) Key generation method, system and storage medium
CN113472766A (en) Data encryption system and method
JP2022522555A (en) Secure message delivery using semi-trusted relayers
EP2602955B1 (en) System and Method for Mounting Encrypted Data Based on Availability of a Key on a Network
Nithya et al. An Analysis on Cryptographic Algorithms for Handling Network Security Threats
TWI789115B (en) Encryption system and encryption method for cloud services
Tsai et al. Cloud encryption using distributed environmental keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20211001