CN114124364B - Key security processing method, device, equipment and computer readable storage medium - Google Patents
Key security processing method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN114124364B CN114124364B CN202010881393.7A CN202010881393A CN114124364B CN 114124364 B CN114124364 B CN 114124364B CN 202010881393 A CN202010881393 A CN 202010881393A CN 114124364 B CN114124364 B CN 114124364B
- Authority
- CN
- China
- Prior art keywords
- key
- plaintext
- gpu
- ciphertext
- white
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 29
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000013478 data encryption standard Methods 0.000 description 2
- HPTJABJPZMULFH-UHFFFAOYSA-N 12-[(Cyclohexylcarbamoyl)amino]dodecanoic acid Chemical compound OC(=O)CCCCCCCCCCCNC(=O)NC1CCCCC1 HPTJABJPZMULFH-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 235000000332 black box Nutrition 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/16—Obfuscation or hiding, e.g. involving white box
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a key security processing method, a device, equipment and a computer readable storage medium, wherein the method comprises the following steps: acquiring a plaintext key to be processed currently; encrypting the plaintext key in the GPU by adopting a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU; and storing the ciphertext key and deleting the plaintext key, so that the leakage of the key is prevented, and the security of the key is improved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, a device, and a computer readable storage medium for key security processing.
Background
In conventional encryption algorithms, performing encryption operations requires the participation of a key, typically, key information is stored in code or memory. When the program of the encryption operation runs in a trusted execution environment, an attacker cannot acquire the intermediate execution state of the program, so that key information cannot be acquired, and the encryption process is safe.
However, in practical applications, the program is often executed in a white box environment, and cannot be run in a completely trusted execution environment, so that an attacker can control the execution of the program, obtain memory information, register state information and the like, and analyze and obtain key information. Thus, there is a risk of leakage of key information for conventional encryption algorithms.
Disclosure of Invention
The embodiment of the application provides a key security processing method, device and equipment and a computer readable storage medium, which can improve the security of keys.
In a first aspect, an embodiment of the present application provides a key security processing method, including:
Acquiring a plaintext key to be processed currently;
encrypting the plaintext key in the GPU by adopting a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU;
and storing the ciphertext key and deleting the plaintext key.
In a second aspect, an embodiment of the present application further provides a key security processing apparatus, including a processor and a memory, where the memory stores a computer program, and the processor executes the key security processing method when calling the computer program in the memory.
In a third aspect, an embodiment of the present application further provides a computer device, where the computer device includes a CPU, a GPU communicatively connected to the CPU, and a key security processing apparatus as described above.
In a fourth aspect, an embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium is used to store a computer program, where the computer program when executed by a processor causes the processor to implement the above-mentioned key security processing method.
The embodiment of the application provides a key security processing method, a device, equipment and a computer readable storage medium, which are used for encrypting a plaintext key by adopting a white-box cryptographic algorithm in a GPU (graphics processing unit) by acquiring the plaintext key to be processed, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to execute the white-box cryptographic algorithm in the GPU, obtain a ciphertext key corresponding to the encrypted plaintext key, then store the generated ciphertext key, delete the plaintext key, thereby preventing the leakage of the key and improving the security of the key.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of the steps of a key security processing method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of key generation and storage according to an embodiment of the present application;
FIG. 3 is a schematic flow chart of steps of another key security processing method according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of steps of another key security processing method according to an embodiment of the present application;
FIG. 5 is a flow chart of key usage provided by an embodiment of the present application;
Fig. 6 is a schematic block diagram of a key security processing apparatus according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The flow diagrams depicted in the figures are merely illustrative and not necessarily all of the elements and operations/steps are included or performed in the order described. For example, some operations/steps may be further divided, combined, or partially combined, so that the order of actual execution may be changed according to actual situations.
It is to be understood that the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Some embodiments of the present application are described in detail below with reference to the accompanying drawings. The following embodiments and features of the embodiments may be combined with each other without conflict.
In conventional encryption algorithms, performing encryption operations requires the participation of a key, typically, key information is stored in code or memory. When the program of the encryption operation runs in a trusted execution environment, an attacker cannot acquire the intermediate execution state of the program, so that key information cannot be acquired, and the encryption process is safe.
However, in practical applications, the program is often executed in a white box environment, and cannot be run in a completely trusted execution environment, so that an attacker can control the execution of the program, obtain memory information, register state information and the like, and analyze and obtain key information. Thus, there is a risk of leakage of key information for conventional encryption algorithms.
In order to solve the above problems, embodiments of the present application provide a key security processing method, apparatus, device, and computer readable storage medium for implementing the improvement of security of a key.
The key security processing method can be applied to devices such as a PC (Personal Computer ), a server, a tablet personal computer, a palm computer and the like. The following will describe in detail an example in which the key security processing method is applied to a PC.
Referring to fig. 1, fig. 1 is a flowchart of a key security processing method according to an embodiment of the application. As shown in fig. 1, the key security processing method specifically includes steps S101 to S103.
S101, acquiring a plaintext key to be processed currently.
In general, the main program of the PC runs in a CPU (central processing unit ), which is a white-box environment, and the GPU (Graphics Processing Unit, graphics processor) is a black-box environment, and the process and intermediate results of the GPU processing data are not directly accessible, so that the GPU is a safer execution environment than the CPU. In order to improve the security of the secret key, corresponding processing operation is performed on the plaintext secret key in the GPU. Specifically, a plaintext key to be currently processed is first acquired. Illustratively, the current plaintext key to be processed is transmitted to the GPU by the CPU, and the GPU receives the plaintext key transmitted by the CPU. Or the current plaintext key to be processed is encrypted by the CPU and then is transmitted into the GPU, and the GPU decrypts the received encrypted plaintext key to obtain the plaintext key.
In an embodiment, obtaining the plaintext key currently to be processed may include: and generating a random value in the GPU by adopting a key generation algorithm, and determining the random value as the plaintext key to be processed currently.
In order to prevent the leakage risk of the secret key, a plaintext secret key to be processed currently is directly generated in the GPU. Optionally, a key generation algorithm is used to generate a random value in the GPU and determine the random value as the plaintext key to be currently processed. Wherein the key generation algorithm is implemented in a GPGPU (General-purpose computing on graphics processing units, general-purpose graphics processor) programming language to enable execution in the GPU. GPGPU technology is a technology that utilizes a graphics processor that processes graphics tasks to compute general purpose computing tasks that would otherwise be processed by a central processing unit. Because of the powerful parallel processing capability and programmable pipeline of modern graphics processors, instruction stream processors can process non-graphics data, especially when the operand of data processing is far greater than the need for data scheduling and transmission, GPGPU is far beyond traditional CPU applications in performance. Existing GPGPU programming languages include OpenGL, CUDA, openCL, and the like. Key generation algorithms include, but are not limited to NewHope cryptographic algorithms, DES (Data Encryption Standard ) algorithms, AES (Advanced Encryption Standard, advanced encryption standard) algorithms, and the like.
S102, encrypting the plaintext secret key by adopting a white-box cryptographic algorithm in the GPU to obtain a ciphertext secret key corresponding to the plaintext secret key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU.
After obtaining the plaintext key, in order to effectively prevent the leakage of the plaintext key, the plaintext key is further encrypted. Illustratively, the plaintext key is encrypted in the GPU by adopting a white-box cryptographic algorithm, and a ciphertext key corresponding to the encrypted plaintext key is obtained. The white-box cryptographic algorithm is also implemented in a GPGPU programming language, so that the white-box cryptographic algorithm can be executed in the GPU, and the plaintext key is encrypted by using the white-box cryptographic algorithm, thereby obtaining the ciphertext key. The white-box encryption algorithm comprises a white-box encryption algorithm and a white-box decryption algorithm, wherein the white-box encryption algorithm is adopted to encrypt a plaintext key in the GPU, so as to obtain a corresponding ciphertext key.
Illustratively, encrypting the plaintext key in the GPU by using a white-box cryptographic algorithm, and obtaining the ciphertext key corresponding to the plaintext key may include: and encrypting the plaintext key based on the encryption key corresponding to the white-box encryption algorithm to obtain the ciphertext key, wherein the encryption key corresponding to the white-box encryption algorithm is hidden in algorithm implementation.
The white-box cryptographic algorithm is implemented by hiding an encryption key corresponding to the white-box cryptographic algorithm in the implementation of the algorithm under the white-box environment, such as a GPU, and the encryption key does not appear in the whole encryption process. In the processing operation of encrypting the plaintext key and obtaining the ciphertext key based on the encryption key corresponding to the white-box cryptographic algorithm, even if an attacker can see the execution process of the program, the information such as the encryption key, the ciphertext key after encryption processing and the like cannot be obtained from the information, and the leakage risk is avoided.
S103, storing the ciphertext key, and deleting the plaintext key.
After the encryption processing is performed on the plaintext key in the GPU to obtain the corresponding ciphertext key, in order to prevent the leakage of the plaintext key, the plaintext key is deleted, and the ciphertext key corresponding to the encrypted plaintext key is stored. Thus, even if an attacker obtains the ciphertext key, the ciphertext key cannot be decrypted to obtain the plaintext key.
In some embodiments, maintaining the ciphertext key and deleting the plaintext key may comprise: outputting the ciphertext key from the GPU to a CPU, storing the ciphertext key in a storage device through the CPU, and deleting the plaintext key in the GPU.
After a plaintext key is generated in the GPU and encrypted to obtain a ciphertext key, the plaintext key in the GPU is deleted, and the ciphertext key is output from the GPU to the CPU. After the CPU receives the ciphertext key, the CPU saves the ciphertext key in a corresponding storage device, for example, a local memory of the PC. The storage device for storing the ciphertext key may be a local storage device of a PC, or may be a storage device other than the PC, such as a cloud server storage device, and the like, and is not particularly limited herein.
The following describes a specific flow of the key security processing method of the present invention by taking NewHope cryptographic algorithm and SM4 algorithm as examples.
NewHope the cryptographic algorithm is an alternative post quantum cryptographic algorithm, which is a new generation of cryptographic algorithm capable of resisting the attack of a quantum computer on the existing cryptographic algorithm. Compared with the traditional cryptographic algorithm, the NewHope cryptographic algorithm has higher operand, and the traditional implementation is mostly accelerated by adopting FPGA (Field Programmable GATE ARRAY ) hardware or GPU. NewHope the cryptographic algorithm comprises a key generation algorithm, an encryption algorithm and a decryption algorithm, newHope the key generation algorithm is used to generate a pair of public and private keys pk and sk, newHope the encryption algorithm uses pk to encrypt data, newHope the decryption algorithm uses sk to decrypt data.
The SM4 algorithm is a national symmetric cryptographic algorithm, and is realized by adopting a white-box cryptographic mode, namely, encryption and decryption keys of the SM4 algorithm are hidden in algorithm realization, and an attacker cannot acquire the encryption and decryption keys even if analyzing realization codes of the SM4 algorithm.
Also, both NewHope cryptographic algorithms and SM4 algorithms are implemented in GPGPU programming language so that NewHope cryptographic algorithms and SM4 algorithms can run in the GPU.
Referring to fig. 2, the specific operation steps of key generation and storage are as shown in fig. 2:
step1: executing NewHope a key generation algorithm in the GPU to generate a public key pk and a private key sk;
Step2: executing SM4 algorithm encryption sk in the GPU to obtain ciphertext enc (sk);
Step3: outputting pk and enc (sk) from the GPU to the CPU, and storing the pk and enc (sk) in the PC for local storage, wherein the pk can be stored in a plaintext form;
step4: and deleting pk and sk in the GPU.
In some embodiments, as shown in fig. 3, the key security processing method may further include steps S104 to S107.
S104, receiving the ciphertext key transmitted by the CPU to the GPU.
When various operations such as encryption, decryption, signature verification and the like are required to be performed by using the key, firstly, a ciphertext key stored in the storage device through the CPU is acquired. Optionally, the ciphertext key stored in the storage device is transmitted to the GPU by the CPU, and the GPU receives the ciphertext key transmitted by the CPU.
For example, when the key is needed, a key acquisition request is sent to the CPU through the GPU, and when the CPU receives the request, the ciphertext key stored in the storage device is transferred to the GPU, so that the GPU receives and acquires the ciphertext key.
S105, decrypting the ciphertext key by adopting the white box cryptographic algorithm in the GPU to obtain the plaintext key.
After obtaining the ciphertext key, further decrypting the ciphertext key. Illustratively, a white-box cryptographic algorithm is adopted in the GPU to decrypt the ciphertext key, and a plaintext key corresponding to the ciphertext key after decryption is obtained.
Illustratively, decrypting the ciphertext key in the GPU using the white-box cryptographic algorithm may include: and decrypting the ciphertext key based on the decryption key corresponding to the white-box cryptographic algorithm to obtain the plaintext key.
Wherein, the decryption key corresponding to the white-box cryptographic algorithm is hidden in the algorithm implementation, and the decryption key does not appear in the whole decryption process. In the processing operation of decrypting the ciphertext key based on the decryption key corresponding to the white-box cryptographic algorithm to obtain the plaintext key, even if an attacker can see the execution process of the program, the decryption key cannot be obtained from the ciphertext key, and the risk of leakage is avoided.
S106, adopting the plaintext key to perform corresponding data processing operation, wherein the data processing operation comprises at least one of encryption, decryption, signature and verification signature.
After the plaintext key is decrypted in the GPU, a corresponding data processing operation is performed in the GPU based on the plaintext key, wherein the data processing operation includes, but is not limited to, encryption, decryption, signing, signature verification, and the like. For example, the plaintext key is used in the GPU to perform a data encryption operation.
In an embodiment, the method may further comprise, before performing the corresponding data processing operation using the plaintext key: receiving data to be processed, which are transmitted into the GPU by the CPU; the performing a corresponding data processing operation using the plaintext key may include: and carrying out the data processing operation on the data to be processed based on the plaintext key.
The data to be processed is an operation object corresponding to the data processing operation by adopting the plaintext key, and can be plaintext data or ciphertext data after encryption processing. For example, the data to be processed may be ciphertext data encrypted by the CPU using NewHope cryptographic algorithms.
The data to be processed is transmitted into the GPU through the CPU, the GPU receives the data to be processed transmitted by the CPU, and based on a plaintext key obtained through decryption, the data to be processed is subjected to corresponding data processing operations such as encryption, decryption, signature verification and the like in the GPU.
And S107, deleting the plaintext key in the GPU when the data processing operation is completed.
After the data processing operation is completed in the GPU based on the plaintext key obtained by decryption, in order to prevent the leakage of the key, the plaintext key obtained by decryption in the GPU is deleted, so that an attacker is prevented from obtaining the plaintext key from the GPU.
In some embodiments, as shown in fig. 4, step S107 may further include step S108.
S108, outputting the data result obtained by processing to the CPU.
After the data processing operation is completed in the GPU based on the plaintext key obtained by decryption, for example, after the encryption operation is completed in the GPU based on the plaintext key obtained by decryption, the data result obtained by encrypting the data to be processed is output to the CPU, and the CPU executes a corresponding response operation according to the received data result. For example, the CPU controls the PC display screen to display the data result after receiving the data result output by the GPU.
The following still takes NewHope cryptographic algorithm and SM4 algorithm as examples, and describes the specific flow of the key security processing method in the key use process.
Referring to fig. 5, the specific operation steps of key usage are shown in fig. 5:
Step1: encrypting the original data plaintext by using an encryption algorithm corresponding to NewHope cryptographic algorithm in the CPU, wherein an encryption key corresponding to encryption processing is pk, so as to obtain data to be processed cipherertext;
step2: the data to be processed cipherert and the ciphertext key enc (sk) are transmitted to the GPU by the CPU;
Step3: decrypting the ciphertext key enc (sk) in the GPU by using an SM4 algorithm to obtain a plaintext key sk;
step4: decrypting the data to be processed cipheret by using a decryption algorithm corresponding to NewHope cryptographic algorithm in the GPU, wherein a decryption key corresponding to decryption processing is a plaintext key sk obtained in Step3, and original data plaintext is obtained;
step5: outputting raw data plaintext from the GPU to the CPU;
step6: the plaintext key sk in the GPU is deleted.
The corresponding plaintext key is obtained by decrypting the ciphertext key in the GPU by adopting a white-box cryptographic algorithm, then corresponding data processing operation is carried out based on the plaintext key, and the plaintext key obtained by decryption in the GPU is deleted, so that an attacker is prevented from obtaining the plaintext key from the GPU, and the leakage of the key is prevented.
According to the embodiment, the plaintext key to be processed is obtained, and the plaintext key is encrypted in the GPU by adopting the white-box cryptographic algorithm, wherein the white-box cryptographic algorithm is generated based on the GPGPU programming language so as to be capable of executing the white-box cryptographic algorithm in the GPU, obtaining the ciphertext key corresponding to the encrypted plaintext key, then storing the generated ciphertext key, deleting the plaintext key, and therefore leakage of the key is prevented, and the security of the key is improved.
Referring to fig. 6, fig. 6 is a schematic block diagram of a key security processing apparatus according to an embodiment of the present application. As shown in fig. 6, the key security processing device 600 may include a processor 610 and a memory 620. The processor 610 and the memory 620 are connected by a bus, such as an I2C (Inter-INTEGRATED CIRCUIT) bus.
Specifically, the Processor 610 may be a Micro-controller Unit (MCU), a central processing Unit (Central Processing Unit, CPU), a digital signal Processor (DIGITAL SIGNAL Processor, DSP), or the like.
Specifically, the Memory 620 may be a Flash chip, a Read-Only Memory (ROM) disk, an optical disk, a U-disk, a removable hard disk, or the like.
Wherein the processor is configured to run a computer program stored in the memory and to implement the following steps when the computer program is executed:
Acquiring a plaintext key to be processed currently;
encrypting the plaintext key in the GPU by adopting a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU;
and storing the ciphertext key and deleting the plaintext key.
In some embodiments, when the processor implements the saving the ciphertext key and deleting the plaintext key, the processor implements:
outputting the ciphertext key from the GPU to a CPU, storing the ciphertext key in a storage device through the CPU, and deleting the plaintext key in the GPU.
In some embodiments, when implementing the obtaining the plaintext key to be currently processed, the processor specifically implements:
and generating a random value in the GPU by adopting a key generation algorithm, and determining the random value as the plaintext key to be processed currently.
In some embodiments, when the processor encrypts the plaintext key by using a white-box cryptographic algorithm in the GPU to obtain a ciphertext key corresponding to the plaintext key, the method specifically includes:
And encrypting the plaintext key based on the encryption key corresponding to the white-box encryption algorithm to obtain the ciphertext key, wherein the encryption key corresponding to the white-box encryption algorithm is hidden in algorithm implementation.
In some embodiments, the processor, when executing the computer program, further implements:
receiving the ciphertext key transmitted by the CPU to the GPU;
Decrypting the ciphertext key by adopting the white-box cryptographic algorithm in the GPU to obtain the plaintext key;
Performing corresponding data processing operation by adopting the plaintext key, wherein the data processing operation comprises at least one of encryption, decryption, signature and verification;
and deleting the plaintext key in the GPU when the data processing operation is completed.
In some embodiments, the processor, after implementing the corresponding data processing operation with the plaintext key, further implements:
And outputting the data result obtained by processing to the CPU.
In some embodiments, the processor, prior to performing the corresponding data processing operation with the plaintext key, further performs:
Receiving data to be processed, which are transmitted into the GPU by the CPU;
The adopting the plaintext key to perform corresponding data processing operation comprises the following steps:
And carrying out the data processing operation on the data to be processed based on the plaintext key.
According to the embodiment of the application, the plaintext key to be processed is obtained, and the plaintext key is encrypted in the GPU by adopting the white-box cryptographic algorithm, wherein the white-box cryptographic algorithm is generated based on the GPGPU programming language, so that the white-box cryptographic algorithm can be executed in the GPU, the ciphertext key corresponding to the encrypted plaintext key is obtained, the generated ciphertext key is stored, and the plaintext key is deleted, so that the leakage of the key is prevented, and the safety of the key is improved.
Also provided in an embodiment of the present application is a computer apparatus including a CPU, a GPU communicatively connected to the CPU, and the key security processing device 600 in the above embodiment. The computer device encrypts the plaintext key by acquiring the plaintext key to be processed currently and adopting a white-box cryptographic algorithm in the GPU, wherein the white-box cryptographic algorithm is generated based on the GPGPU programming language so as to be capable of executing the white-box cryptographic algorithm in the GPU to obtain a ciphertext key corresponding to the encrypted plaintext key, and then storing the generated ciphertext key and deleting the plaintext key.
An embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program includes program instructions, and the processor executes the program instructions to implement the steps of the key security processing method provided in the foregoing embodiment. For example, the computer program is loaded by a processor, the following steps may be performed:
Acquiring a plaintext key to be processed currently;
encrypting the plaintext key in the GPU by adopting a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU;
and storing the ciphertext key and deleting the plaintext key.
The specific implementation of each operation above may be referred to the previous embodiments, and will not be described herein.
The computer readable storage medium may be the key security processing apparatus of the foregoing embodiment or an internal storage unit of the computer device, for example, a hard disk or a memory of the key security processing apparatus or the computer device. The computer readable storage medium may also be an external storage device of the key security processing apparatus or the computer device, such as a plug-in hard disk provided on the key security processing apparatus or the computer device, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD), or the like.
Because the computer program stored in the computer readable storage medium can execute any key security processing method provided by the embodiment of the present application, the beneficial effects that any key security processing method provided by the embodiment of the present application can achieve can be achieved, which are detailed in the previous embodiments and are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments. While the application has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (9)
1. A key security processing method, comprising:
Acquiring a plaintext key to be processed currently;
encrypting the plaintext key in the GPU by adopting a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, wherein the white-box cryptographic algorithm is generated based on a GPGPU programming language so as to realize execution of the white-box cryptographic algorithm in the GPU;
storing the ciphertext key and deleting the plaintext key;
The obtaining the plaintext key to be processed currently comprises the following steps:
and generating a random value in the GPU by adopting a key generation algorithm, and determining the random value as the plaintext key to be processed currently.
2. The key security processing method according to claim 1, wherein said saving the ciphertext key and deleting the plaintext key comprises:
outputting the ciphertext key from the GPU to a CPU, storing the ciphertext key in a storage device through the CPU, and deleting the plaintext key in the GPU.
3. The method for secure processing of a key according to claim 1, wherein encrypting the plaintext key in the GPU by using a white-box cryptographic algorithm to obtain a ciphertext key corresponding to the plaintext key, comprises:
And encrypting the plaintext key based on the encryption key corresponding to the white-box encryption algorithm to obtain the ciphertext key, wherein the encryption key corresponding to the white-box encryption algorithm is hidden in algorithm implementation.
4. A key security processing method according to any one of claims 1 to 3, wherein the method further comprises:
receiving the ciphertext key transmitted by the CPU to the GPU;
Decrypting the ciphertext key by adopting the white-box cryptographic algorithm in the GPU to obtain the plaintext key;
Performing corresponding data processing operation by adopting the plaintext key, wherein the data processing operation comprises at least one of encryption, decryption, signature and verification;
and deleting the plaintext key in the GPU when the data processing operation is completed.
5. The key security processing method according to claim 4, wherein said performing a corresponding data processing operation using said plaintext key comprises:
And outputting the data result obtained by processing to the CPU.
6. The key security processing method according to claim 4, wherein before said performing a corresponding data processing operation using said plaintext key, comprising:
Receiving data to be processed, which are transmitted into the GPU by the CPU;
The adopting the plaintext key to perform corresponding data processing operation comprises the following steps:
And carrying out the data processing operation on the data to be processed based on the plaintext key.
7. A key security processing apparatus, characterized in that the key security processing apparatus comprises a processor and a memory, the memory storing a computer program, the processor executing the key security processing method according to any one of claims 1 to 6 when calling the computer program in the memory.
8. A computer device comprising a CPU, a GPU communicatively coupled to the CPU, and a key security processing apparatus according to claim 7.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, causes the processor to implement the key security processing method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010881393.7A CN114124364B (en) | 2020-08-27 | 2020-08-27 | Key security processing method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010881393.7A CN114124364B (en) | 2020-08-27 | 2020-08-27 | Key security processing method, device, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114124364A CN114124364A (en) | 2022-03-01 |
| CN114124364B true CN114124364B (en) | 2024-05-24 |
Family
ID=80374793
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010881393.7A Active CN114124364B (en) | 2020-08-27 | 2020-08-27 | Key security processing method, device, equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124364B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115459898A (en) * | 2022-08-23 | 2022-12-09 | 西安电子科技大学 | Paillier homomorphic encryption and decryption calculation method and system based on GPU |
| CN115766006A (en) * | 2022-11-17 | 2023-03-07 | 上海芷锐电子科技有限公司 | Key agreement method, device, electronic equipment and computer readable storage medium |
| CN115987483B (en) * | 2022-12-19 | 2024-01-30 | 豪符密码检测技术(成都)有限责任公司 | Method for detecting white box password |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008967A (en) * | 2001-12-04 | 2007-08-01 | 微软公司 | Methods and systems for cryptographically protecting secure content |
| CN101017557A (en) * | 2006-02-08 | 2007-08-15 | 辉达公司 | Graphics processing unit used for cryptographic processing |
| CN103401677A (en) * | 2007-11-28 | 2013-11-20 | 辉达公司 | Secure information storage system and method |
| CN105490802A (en) * | 2015-11-27 | 2016-04-13 | 桂林电子科技大学 | Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit) |
| FR3038420A1 (en) * | 2015-06-30 | 2017-01-06 | Oberthur Technologies | DEVICE AND METHOD FOR CRYPTOGRAPHIC DATA PROCESSING |
| CN106549754A (en) * | 2016-11-24 | 2017-03-29 | 北京爱接力科技发展有限公司 | The method and apparatus of management key |
| CN107437999A (en) * | 2016-05-27 | 2017-12-05 | 三星Sds株式会社 | Utilize the device and method for public key encryption of whitepack cryptographic algorithm |
| CN108123794A (en) * | 2017-12-20 | 2018-06-05 | 上海众人网络安全技术有限公司 | The generation method and encryption method of whitepack key, apparatus and system |
| CN108880791A (en) * | 2018-05-30 | 2018-11-23 | 招商银行股份有限公司 | Cryptographic key protection method, terminal and computer readable storage medium |
| CN109257162A (en) * | 2018-11-02 | 2019-01-22 | 北京京东金融科技控股有限公司 | The method and apparatus of Encryption Algorithm whitepack |
| CN110971398A (en) * | 2018-09-28 | 2020-04-07 | 阿里巴巴集团控股有限公司 | Data processing method, device and system |
| CN111538977A (en) * | 2020-06-23 | 2020-08-14 | 腾讯科技(深圳)有限公司 | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6934389B2 (en) * | 2001-03-02 | 2005-08-23 | Ati International Srl | Method and apparatus for providing bus-encrypted copy protection key to an unsecured bus |
| US7890750B2 (en) * | 2006-07-06 | 2011-02-15 | Accenture Global Services Limited | Encryption and decryption on a graphics processing unit |
| US20110161675A1 (en) * | 2009-12-30 | 2011-06-30 | Nvidia Corporation | System and method for gpu based encrypted storage access |
| US10673622B2 (en) * | 2014-11-14 | 2020-06-02 | Square, Inc. | Cryptographic shader in display hardware |
| US10367639B2 (en) * | 2016-12-29 | 2019-07-30 | Intel Corporation | Graphics processor with encrypted kernels |
-
2020
- 2020-08-27 CN CN202010881393.7A patent/CN114124364B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008967A (en) * | 2001-12-04 | 2007-08-01 | 微软公司 | Methods and systems for cryptographically protecting secure content |
| CN101017557A (en) * | 2006-02-08 | 2007-08-15 | 辉达公司 | Graphics processing unit used for cryptographic processing |
| CN103401677A (en) * | 2007-11-28 | 2013-11-20 | 辉达公司 | Secure information storage system and method |
| FR3038420A1 (en) * | 2015-06-30 | 2017-01-06 | Oberthur Technologies | DEVICE AND METHOD FOR CRYPTOGRAPHIC DATA PROCESSING |
| CN105490802A (en) * | 2015-11-27 | 2016-04-13 | 桂林电子科技大学 | Improved SM4 parallel encryption and decryption communication method based on GPU (Graphics Processing Unit) |
| CN107437999A (en) * | 2016-05-27 | 2017-12-05 | 三星Sds株式会社 | Utilize the device and method for public key encryption of whitepack cryptographic algorithm |
| CN106549754A (en) * | 2016-11-24 | 2017-03-29 | 北京爱接力科技发展有限公司 | The method and apparatus of management key |
| CN108123794A (en) * | 2017-12-20 | 2018-06-05 | 上海众人网络安全技术有限公司 | The generation method and encryption method of whitepack key, apparatus and system |
| CN108880791A (en) * | 2018-05-30 | 2018-11-23 | 招商银行股份有限公司 | Cryptographic key protection method, terminal and computer readable storage medium |
| CN110971398A (en) * | 2018-09-28 | 2020-04-07 | 阿里巴巴集团控股有限公司 | Data processing method, device and system |
| CN109257162A (en) * | 2018-11-02 | 2019-01-22 | 北京京东金融科技控股有限公司 | The method and apparatus of Encryption Algorithm whitepack |
| CN111538977A (en) * | 2020-06-23 | 2020-08-14 | 腾讯科技(深圳)有限公司 | Cloud API key management method, cloud platform access method, cloud API key management device, cloud platform access device and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114124364A (en) | 2022-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9584311B2 (en) | Decrypting data | |
| CN114124364B (en) | Key security processing method, device, equipment and computer readable storage medium | |
| EP3192207B1 (en) | Apparatus and method for data encryption | |
| US8036379B2 (en) | Cryptographic processing | |
| US10027640B2 (en) | Secure data re-encryption | |
| EP3424175A1 (en) | Converting a boolean masked value to an arithmetically masked value for cryptographic operations | |
| US8010587B2 (en) | Random number generator | |
| JP6575532B2 (en) | Encryption device, decryption device, encryption processing system, encryption method, decryption method, encryption program, and decryption program | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN110737905A (en) | Data authorization method, data authorization device and computer storage medium | |
| US8774402B2 (en) | Encryption/decryption apparatus and method using AES rijndael algorithm | |
| CN111125788B (en) | Encryption calculation method, computer equipment and storage medium | |
| JP5964460B2 (en) | Data encryption storage system | |
| CN114615087B (en) | Data sharing method, device, equipment and medium | |
| JP6194136B2 (en) | Pseudorandom number generation device and pseudorandom number generation program | |
| CN116204903A (en) | Financial data security management method and device, electronic equipment and storage medium | |
| US20190109828A1 (en) | Data processing method, device and system, and storage medium | |
| CN115442046A (en) | Signature method, signature device, electronic equipment and storage medium | |
| US11924320B2 (en) | Devices and methods for protecting cryptographic programs | |
| JP6631989B2 (en) | Encryption device, control method, and program | |
| Liu et al. | A parallel encryption algorithm for dual-core processor based on chaotic map | |
| CN114254335A (en) | Encryption method and device based on GPU, encryption equipment and storage medium | |
| KR101677138B1 (en) | Method of on-line/off-line electronic signature system for security of off-line token | |
| US20190012469A1 (en) | Data processing method and data processing system | |
| US10469258B2 (en) | Apparatus and method for encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |