CN113779614B - Encryption method based on improved AES algorithm and computer-readable storage medium - Google Patents
Encryption method based on improved AES algorithm and computer-readable storage medium Download PDFInfo
- Publication number
- CN113779614B CN113779614B CN202111317720.7A CN202111317720A CN113779614B CN 113779614 B CN113779614 B CN 113779614B CN 202111317720 A CN202111317720 A CN 202111317720A CN 113779614 B CN113779614 B CN 113779614B
- Authority
- CN
- China
- Prior art keywords
- random number
- aes algorithm
- encryption method
- mapping
- segment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an encryption method based on an improved AES algorithm, which comprises the following steps: carrying out key expansion; collecting system time; performing byte replacement; repeatedly executing round key addition until the set times are met, generating a random number SC based on the system time, and generating a random array with the length of SC; and obtaining a mapping ciphertext through a mapping function based on the random number SC and the character string to be encrypted which is input by the random number group in a segmented mode. The invention also relates to a computer-readable storage medium. By adding the segment mapping, the invention avoids the fixed corresponding relation from the plain text to the cipher text because the segment number of the segments and the bit number of each segment are randomly generated, thereby resisting enumeration attack.
Description
Technical Field
The present invention relates to the field of data encryption technologies, and in particular, to an encryption method and a computer-readable storage medium based on an improved AES algorithm.
Background
The AES (Advanced Encryption Standard) algorithm is a new generation of block symmetric cipher algorithm released by the national institute of standards and technology in 2001, and is used to replace the original DES (Data Encryption Standard), and its specific processes include byte replacement, line translation, column confusion, round key addition, and the like. In order to improve the encryption efficiency, the encryption process of the AES algorithm is improved, and the specific process of the improved AES algorithm may be: byte substitution and round key plus two processes.
However, for the improved AES algorithm, the plaintext directly obtains the ciphertext through the improved AES algorithm, so the plaintext has a fixed ciphertext corresponding to it, and thus cannot resist enumeration attack.
Disclosure of Invention
The technical problem to be solved by the present invention is to provide an encryption method based on an improved AES algorithm and a computer-readable storage medium, which can avoid a fixed correspondence relationship from plaintext to ciphertext by adding segment mapping, so as to resist enumeration attack.
The technical scheme adopted by the invention for solving the technical problems is as follows: an encryption method based on an improved AES algorithm is constructed, and the method comprises the following steps:
s1, carrying out key expansion;
s2, collecting system time;
s3, executing byte replacement;
s4, repeatedly executing round key addition until the set times are met, and then executing a step S5;
s5, generating a random number SC based on the system time and generating a random array with the length of SC;
S6, based on the random number SC and the random arrayAnd inputting the character string to be encrypted in a segmented mode to a mapping function to perform segmented mapping so as to obtain a mapping ciphertext.
In the encryption method based on the improved AES algorithm of the present invention, the step S6 further includes: inputting a character string C to be encrypted according to the random number SC1C2...CnIs divided into SC segments from right to left and is based on the random array through the mapping functionObtaining a segment mapped ciphertextWherein;
Wherein the random number SC is any integer from 8 to 16; n is 128, 192 or 256 and p is a positive integer greater than 2.
In the encryption method based on the improved AES algorithm of the present invention, the step S1 further includes:
expanding the original 8-bit-element 16 × 16 constant key matrix into 5 32-bit-element 16 × 16 expanded key matrices according to the following format:
2 × S (i, j) 3 × S (i, j), 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j), S (i, j), wherein S (i, j) represents an element in the original constant key matrix, and i takes on an integer of 0 to 15.
Another technical solution adopted by the present invention to solve the technical problem is to configure a computer-readable storage medium on which a computer program is stored, wherein the program is configured to implement the improved AES algorithm-based encryption method when executed by a processor.
The encryption method based on the improved AES algorithm and the computer readable storage medium increase the segment mapping, and because the segment number of the segments and the bit number of each segment are randomly generated, the fixed corresponding relation from the plain text to the cipher text is avoided, thereby being capable of resisting enumeration attack.
Drawings
The invention will be further described with reference to the accompanying drawings and examples, in which:
fig. 1 is a flow chart of the steps of an encryption method of the improved AES algorithm of the preferred embodiment of the present invention;
fig. 2 is a functional block diagram of an encryption process of the AES algorithm shown in fig. 1;
fig. 3 is a schematic diagram of a raw constant key matrix of a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention relates to an encryption method based on an improved AES algorithm, which comprises the following stepsThe method comprises the following steps: carrying out key expansion; collecting system time; performing byte replacement; repeatedly executing round key addition until set times are met, generating a random number SC based on the system time, and generating a random array with the length of SC(ii) a Based on the random number SC and the random arrayAnd inputting the character string to be encrypted in a segmented mode to a mapping function to perform segmented mapping so as to obtain a mapping ciphertext.
The invention is mainly characterized in that segment mapping is added on the basis of the improved AES algorithm, and because the number of segments and the number of bits of each segment are randomly generated, the fixed corresponding relation from the plain text to the cipher text is avoided, and the enumeration attack can be resisted. Therefore, the present invention mainly describes the application of the random number and the random array in the segment mapping, and other related steps, such as byte replacement, round key setting, round key addition, and encryption mapping steps, can be performed with reference to the AES specification, which is not specifically described in this document. Based on the teachings of the present application and the AES specification, one skilled in the art can implement the technical solution described in the present invention.
Fig. 1 is a flow chart of the steps of an encryption method of the improved AES algorithm of the preferred embodiment of the present invention. Fig. 2 is a functional block diagram of an encryption process of the AES algorithm shown in fig. 1. As shown in fig. 1-2, in step S1, key expansion is performed. AES is a block cipher that divides the plaintext into groups of equal length, and encrypts one set of data at a time until the entire plaintext is encrypted. In the AES standard specification, the packet length can only be 128 bits, that is, 16 bytes per packet (8 bits per byte). Thus, the length of the key may use 128 bits, 192 bits, or 256 bits. The recommended number of encryption rounds is different due to the different lengths of the keys. The keys are typically represented in a matrix. Thus, in the preferred embodiment, a matrix of 16 by 16 constants is used as shown in fig. 3. Thus, the key expansion step may be performed in such a way that the original 8-bit-wise 16 × 16 constant key matrix is expanded into a 32-bit-wise 5 × 16 expanded key matrix in the following format: 2 × S (i, j) 3 × S (i, j), 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j), S (i, j), wherein S (i, j) represents an element in the original constant key matrix, and i takes on an integer of 0 to 15. In the preferred embodiment, S (i, j) represents an element in the constant matrix shown in fig. 3.
In step S2, a system time is acquired. Here, any suitable timing software may be employed for system time acquisition.
In step S3, byte replacement is performed. It is known to those skilled in the art that the byte substitution of AES is a simple table lookup operation. AES defines one S-box and one inverse S-box. The elements in the state matrix are mapped to a new byte in the following way: the upper 4 bits of the byte are taken as the row value and the lower 4 bits as the column value, and the corresponding row element in the S-box or inverse S-box is taken out as the output. For example, in encryption, if the output byte S1 is 0x12, the 0x01 th row and 0x02 column of the S box are checked to obtain the value 0xc9, and then the original 0x12 of S1 is replaced with 0xc 9. Here, byte substitution may be performed in accordance with the AES specification, and a description thereof will not be repeated.
In step S4, step S5 is executed after the round key addition is repeatedly executed until the set number of times is satisfied. As mentioned above, the length of the key is different, and the number of recommended encryption rounds is also different. Here, a 256-bit key is used, and the number of encryption rounds is preferably 14 rounds. In this step, it is also proposed to perform round key addition according to the AES specification, which is not described again here.
In step S5, a random number SC is generated based on the system time, and a random array of length SC is generated. Here, the random number SC is any one of integers from 8 to 16. The random number SC and the random arrayMay be generated using any known random number generation method.
In step S6, based on the random number SC and the random number groupAnd inputting the character string to be encrypted in a segmented mode to a mapping function to perform segmented mapping so as to obtain a mapping ciphertext. Here, the random number SC determines the number of segments of the segment map, and the random number groupDetermining the number of bits per segment, thus based on the random number SC and the random number groupAnd segmenting the input character string to be encrypted to obtain a mapping ciphertext through a mapping function.
Specifically, the random number group is set according to the random number SC as the number of segmentsAs a bit vector of each segment, inputting a character string C to be encrypted1C2...Cn(n = 128/192/256) are divided into SC segments from right to left, and the coefficients for each segment are found as:(ii) a So thatWith P = 2/3/# being true,i.e., the mapped ciphertext.
At this time, because the segment mapping is added, the number of segments of the segment and the number of bits of each segment are randomly generated, so that the fixed corresponding relation from the plaintext to the ciphertext is avoided, and the enumeration attack can be resisted.
The encryption method based on the improved AES algorithm increases the segment mapping, and because the number of segments and the number of bits of each segment are randomly generated, the fixed corresponding relation from the plaintext to the ciphertext is avoided, and the enumeration attack can be resisted.
Accordingly, the present invention can be realized in hardware, software, or a combination of hardware and software. The present invention can be realized in a centralized fashion in at least one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system or other apparatus adapted for carrying out the methods of the present invention is suited. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
The invention may also be embodied in a computer program product containing all the features enabling the implementation of the method according to the invention, which when loaded in a computer system, is able to carry out the encryption method according to the invention based on the modified AES algorithm. The computer program in this document refers to: any expression, in any programming language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: a) conversion to other languages, codes or symbols; b) reproduced in a different format.
While the invention has been described with reference to specific embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted without departing from the scope of the invention. In addition, many modifications may be made to adapt a particular situation or material to the teachings of the invention without departing from its scope. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed, but that the invention will include all embodiments falling within the scope of the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (3)
1. An encryption method based on an improved AES algorithm is characterized by comprising the following steps:
s1, carrying out key expansion;
s2, collecting system time;
s3, executing byte replacement;
s4, repeatedly executing round key addition until the set times are met, and then executing a step S5;
s5, generating a random number SC based on the system time and generating a random array with the length of SC;
S6, based on the random number SC and the random arrayThe method comprises the steps that a character string to be encrypted which is input in a segmented mode is mapped to a mapping function in a segmented mode to obtain a mapping ciphertext; the step S6 further includes: inputting a character string C to be encrypted according to the random number SC1C2...CnIs divided into SC segments from right to left and is based on the random array through the mapping functionObtaining a segment mapped ciphertextWherein;
Wherein the random number SC is any integer from 8 to 16; n is 128, 192 or 256 and p is a positive integer greater than 2.
2. The improved AES algorithm-based encryption method according to claim 1, wherein the step S1 further includes:
expanding the original 8-bit-element 16 × 16 constant key matrix into 5 32-bit-element 16 × 16 expanded key matrices according to the following format:
2 × S (i, j) 3 × S (i, j), 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j) 2 × S (i, j), S (i, j) 3 × S (i, j), S (i, j), wherein S (i, j) represents an element in the original constant key matrix, and i takes on an integer of 0 to 15.
3. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the improved AES algorithm based encryption method according to claim 1 or 2.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111317720.7A CN113779614B (en) | 2021-11-09 | 2021-11-09 | Encryption method based on improved AES algorithm and computer-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111317720.7A CN113779614B (en) | 2021-11-09 | 2021-11-09 | Encryption method based on improved AES algorithm and computer-readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113779614A CN113779614A (en) | 2021-12-10 |
CN113779614B true CN113779614B (en) | 2022-03-15 |
Family
ID=78956836
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111317720.7A Active CN113779614B (en) | 2021-11-09 | 2021-11-09 | Encryption method based on improved AES algorithm and computer-readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113779614B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113206736A (en) * | 2021-04-21 | 2021-08-03 | 国网黑龙江省电力有限公司齐齐哈尔供电公司 | Encryption method based on AES encryption algorithm |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020048364A1 (en) * | 2000-08-24 | 2002-04-25 | Vdg, Inc. | Parallel block encryption method and modes for data confidentiality and integrity protection |
US7688976B2 (en) * | 2005-07-14 | 2010-03-30 | Tara Chand Singhal | Random wave envelope derived random numbers and their use in generating transient keys in communication security application part I |
US8522016B2 (en) * | 2010-06-18 | 2013-08-27 | Axis Technology Software, LLC | On-the-fly data masking |
-
2021
- 2021-11-09 CN CN202111317720.7A patent/CN113779614B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113206736A (en) * | 2021-04-21 | 2021-08-03 | 国网黑龙江省电力有限公司齐齐哈尔供电公司 | Encryption method based on AES encryption algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN113779614A (en) | 2021-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR100362458B1 (en) | Cryptographic processing apparatus, cryptographic processing method, and recording medium recording cryptographic processing program for realizing high-speed crypographic processing without impairing security | |
Wang et al. | Security analysis on a color image encryption based on DNA encoding and chaos map | |
Wei et al. | Cryptanalysis of a cryptosystem using multiple one-dimensional chaotic maps | |
JPWO2009020060A1 (en) | Common key block encryption apparatus, common key block encryption method, and program | |
Wong et al. | A more secure chaotic cryptographic scheme based on the dynamic look-up table | |
EA027214B1 (en) | Method of data encryption with chaotic changes of round key based on dynamic chaos | |
Bujari et al. | Comparative analysis of block cipher modes of operation | |
US20070277043A1 (en) | Methods for Generating Identification Values for Identifying Electronic Messages | |
CN114124359A (en) | Method and device for preserving format encrypted data, electronic equipment and storage medium | |
CN113779614B (en) | Encryption method based on improved AES algorithm and computer-readable storage medium | |
CN107493164B (en) | DES encryption method and system based on chaotic system | |
Jang et al. | A format-preserving encryption FF1, FF3-1 using lightweight block ciphers LEA and, SPECK | |
KR20080044150A (en) | Apparatus and method for mapping out compressed function of a hash mode of operation for block cipher | |
JP5113833B2 (en) | ENCRYPTION METHOD AND ENCRYPTION APPARATUS FOR IMPROVING OPERATION PERFORMANCE OF A CENTRAL PROCESSOR | |
KR20010034058A (en) | Method for the cryptographic conversion of binary data blocks | |
KR101807259B1 (en) | Apparatus and methdo for encoding | |
RU2738321C1 (en) | Cryptographic transformation method and device for its implementation | |
Patro et al. | Text-to-image encryption and decryption using piece wise linear chaotic maps | |
Gligoroski et al. | On the importance of the key separation principle for different modes of operation | |
Wang et al. | Attack to an image encryption based on chaotic Logistic map | |
CN110532763A (en) | A kind of cipher constructions method and system based on high-order orthomorphic permutation | |
Rishakani et al. | A Note on the Construction of Lightweight Cyclic MDS Matrices. | |
Xiang et al. | On the security of binary arithmetic coding based on interval shrinking | |
Chang et al. | A chaos-based joint compression and encryption scheme for streaming data | |
Ramesh et al. | A novel block-cipher mechanism for information security in cloud system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |