CN114430549A - White box encryption and decryption method and device suitable for wireless communication - Google Patents

White box encryption and decryption method and device suitable for wireless communication Download PDF

Info

Publication number
CN114430549A
CN114430549A CN202011096868.8A CN202011096868A CN114430549A CN 114430549 A CN114430549 A CN 114430549A CN 202011096868 A CN202011096868 A CN 202011096868A CN 114430549 A CN114430549 A CN 114430549A
Authority
CN
China
Prior art keywords
white
library
key
ciphertext
time
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202011096868.8A
Other languages
Chinese (zh)
Inventor
黄双
王文漪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202011096868.8A priority Critical patent/CN114430549A/en
Publication of CN114430549A publication Critical patent/CN114430549A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]

Abstract

A white-box encryption and decryption method and apparatus suitable for wireless communication, S1: the equipment terminal A shares the confused shared key factor to the equipment terminal B; s2: the equipment terminal B receives the key information and then decodes and checks the key information to obtain a shared key factor; s3: the device terminals A and B use the same shared key factor and solid key factor, and generate a white box key by combining key generation and confusion rules; s4: the equipment terminal A combines the plaintext with the data encryption and confusion rule and the white box secret key to generate a ciphertext and sends the ciphertext to the equipment terminal B; s5: and the equipment terminal B receives the ciphertext, and restores the plaintext by using the corresponding data decryption and decoding rule. The invention overcomes the defects of the prior art, and perfects and enhances the security of the secret key and the communication data in the wireless communication process by taking the white box encryption technology as a core and through the generation and confusion method of the universal white box secret key; the data transmission safety between intelligent devices in a wireless communication mode is guaranteed through a white-box encryption and confusion method of data.

Description

White box encryption and decryption method and device suitable for wireless communication
Technical Field
The invention relates to the technical field of wireless communication safety, in particular to a white box encryption and decryption method and device suitable for wireless communication.
Background
In recent years, with the development and popularization of mobile payment technology, how to ensure the secure transmission of offline payment data and prevent the operation environment from being intercepted, attacked and tampered or even completely stolen in the communication process is an urgent issue to be considered.
In order to protect the data security of all intelligent devices including mobile devices and ensure other scenes involving data security transmission among the intelligent devices under the line except a mobile payment scene, the invention designs a universal white box encryption method and a device, which are suitable for the intelligent devices with a wireless communication function, and adopts a white box encryption technology as a core, designs a universal white box key generation and confusion method, and perfects and enhances the security of keys and communication data in the wireless communication process; a white-box encryption and confusion method for data guarantees data transmission safety between intelligent devices in a wireless communication mode.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a white-box encryption and decryption method and a white-box encryption and decryption device suitable for wireless communication, which overcome the defects of the prior art, use methods such as a white-box cryptographic algorithm technology, an obfuscation technology, an identity authentication technology, a tamper-proof technology, a multivariable technology and the like, combine a time function and an obfuscation mechanism, enhance the complexity and the ambiguity of a white-box secret key and data, ensure that the running environment, configuration files and business processes of equipment are maliciously intercepted or monitored even in a white-box environment, and the white-box secret key or ciphertext cannot be cracked in a short time, thereby achieving the effects of security enhancement and protection.
In order to achieve the purpose, the invention is realized by the following technical scheme:
a white-box encryption and decryption method suitable for wireless communication, comprising the steps of:
step S1: the device terminal A shares the confused shared key factor to the device terminal B in a sharing way;
step S2: the equipment terminal B receives the information, decodes and checks the information, and acquires a shared secret key factor;
step S3: the device terminals A and B use the same shared key factor and solid key factor, and generate a white box key by combining key generation and confusion rules;
step S4: the equipment terminal A combines the plaintext with the data encryption and confusion rule and the white box secret key to generate a ciphertext and sends the ciphertext to the equipment terminal B in a wireless communication mode;
step S5: and the equipment terminal B receives the ciphertext, and restores the plaintext by using the corresponding data decryption and decoding rule.
Further, the step S1 specifically includes the following steps:
step S11: the method comprises the steps that an equipment terminal A obtains a solid key factor and a shared key factor of the equipment;
step S12: the equipment terminal A combines the shared secret key factor and the check factor to generate a character string;
step S13: after the device terminal A codes and mixes the character strings, the character strings are shared to another device terminal B in a sharing mode;
further, the step S2 specifically includes the following steps:
step S21: the device terminal B decodes the received character string to restore the character string;
step S22: the device terminal B obtains the shared key factor and the check factor in the character string, and checks the check factor;
step S23: after passing the verification, the device terminal B obtains the shared key factor.
Further, the step S3 specifically includes the following steps:
step S31: the device terminals A and B use the same solid key factor, shared key factor and time function to prepare to generate a white box key;
step S32: selecting corresponding elements in the lookup table according to the time function to generate a salt-added secret key;
step S33: selecting an example in an example library according to a time function, and processing the key factor to form a character string;
step S34: selecting an algorithm in a hash algorithm library according to a time function, and generating a corresponding hash value after processing the character string in the previous step;
step S35: selecting a plurality of coding rules in a coding library according to a time function, and carrying out combined coding on the hash value to obtain an intermediate key;
step S36: and selecting a plurality of coding rules in a coding library according to the time function, and performing combined coding on the intermediate secret key to obtain the white box secret key.
Further, the step S4 specifically includes the following steps:
step S41: the equipment terminal A selects algorithms in a symmetric and asymmetric algorithm library according to a time function, and encrypts a plaintext by combining a white box secret key to generate a ciphertext;
step S42: the equipment terminal A selects a plurality of coding rules in a coding library according to a time function, and the ciphertext is mixed up to generate a ciphertext';
step S43: the equipment terminal a transmits the ciphertext' to the equipment terminal B in a wireless communication manner.
Further, the step S5 specifically includes the following steps:
step S51: the equipment terminal B receives the ciphertext ', selects various coding rules in the coding library according to the time function, decodes the ciphertext' and restores the ciphertext;
step S52: and the equipment terminal B selects the algorithms in the symmetric and asymmetric algorithm libraries according to the time function, and decrypts the ciphertext by combining the white box secret key to restore the plaintext.
The invention also discloses a universal white box encryption device, which comprises a time function, a calculation library, an algorithm library and a coding library;
the time function is used for setting different obfuscating method masksn(n is more than or equal to 0, and n represents the serial numbers of different confusion methods), and the serial numbers are transformed;
the Time function Valid Time Stamp ═ f (Unix Time Stamp, Time interval, Time mask)
The Unix timestamp is a Unix timestamp;
the time interval is a set time interval and is also the minimum effective duration of a time function;
the time slot is a set time scale and is used for defining the effective duration of a time function, and the effective duration is time interval time scale;
the time mask is a time mask and is used for confusion and time function generation;
the time parameters are generated after different obfuscating methods mask (n is more than or equal to 0) are adopted for the time functions, and are used for dynamically matching and selecting the contents in a key factor library, an algorithm library and a coding library, so that a shared key obfuscating rule, a key generation and obfuscating rule and a ciphertext obfuscating rule are formed;
the example library comprises operation, negation, system conversion and sequencing operation;
the algorithm library comprises a Hash algorithm library, a symmetric algorithm library and an asymmetric algorithm library;
the coding rules in the coding library comprise transposition, transcoding, interception, mask adding and binary conversion operations.
The invention provides a white-box encryption and decryption method and device suitable for wireless communication. The method has the following beneficial effects: in the wireless communication process, the method of a white-box cryptographic algorithm technology, an obfuscation technology, an identity authentication technology, an anti-tampering technology, a multivariable technology and the like is used, and a time function and an obfuscation mechanism are combined, so that the complexity and the ambiguity of a white-box secret key and data are enhanced, the running environment, configuration files and business processes of equipment are ensured to be intercepted or monitored maliciously even under the white-box environment, and the white-box secret key or ciphertext cannot be cracked in a short time, and the effects of security enhancement and protection are achieved. The method is suitable for intelligent equipment with a wireless communication function, adopts a white box encryption technology as a core, adopts a general generation and confusion method of a white box secret key, and perfects and enhances the safety of the secret key and communication data in the wireless communication process; the data transmission safety between intelligent devices in a wireless communication mode is guaranteed through a white-box encryption and confusion method of data.
Drawings
In order to more clearly illustrate the present invention or the prior art solutions, the drawings that are needed in the description of the prior art will be briefly described below.
FIG. 1 is a block diagram of a general white-box encryption apparatus according to the present invention;
FIG. 2 is a flow chart of a white-box encryption and decryption method for wireless communication according to the present invention;
FIG. 3 is a flowchart of step S1 of the white-box encryption/decryption method according to the present invention;
FIG. 4 is a flowchart of step S2 of the white-box encryption/decryption method according to the present invention;
FIG. 5 is a flowchart of step S3 of the white-box encryption/decryption method according to the present invention;
FIG. 6 is a flowchart of step S4 of the white-box encryption/decryption method according to the present invention;
FIG. 7 is a flowchart of step S5 of the white-box encryption/decryption method according to the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be described clearly and completely with reference to the accompanying drawings.
As shown in fig. 1, the present invention provides a universal white-box encryption apparatus, which includes a time function, an algorithm library and a coding library;
the time function is also called an effective timestamp, is unchanged in the set effective duration, and is refreshed when the effective duration is exceeded. The time function is used as a core element of a white-box encryption algorithm and is used for setting different obfuscating method masksn(n is more than or equal to 0, and n represents the serial numbers of different confusion methods), and the serial numbers are transformed;
the Time function Valid Time Stamp ═ f (Unix Time Stamp, Time interval, Time mask)
The Unix timestamp is a Unix timestamp;
the time interval is a set time interval and is also the minimum effective duration of a time function;
the time slot is a set time scale and is used for defining the effective duration of a time function, and the effective duration is time interval time scale;
the time mask is a time mask and is used for confusion and time function generation;
the time parameter is a mask adopting different confusion methods aiming at the time functionnThe parameters generated after (n is more than or equal to 0) are used for dynamically matching and selecting the contents in the key factor library, the algorithm library and the coding library so as to form a shared key confusion rule, a key generation and confusion rule and a ciphertext confusion rule;
the operation case library defines the preprocessing and splicing rules of key factors, and comprises operation, negation, binary conversion and sequencing operation;
the algorithm library comprises a Hash algorithm library, a symmetric algorithm library and an asymmetric algorithm library;
wherein the Hash algorithm library comprises a Hash algorithm library, a nested Hash library, an HMAC (Hash-based Message authentication code) library, and a RIPEMD (original Integrity verification Message Digest); the Hash Algorithm library includes but is not limited to a Message Digest Algorithm MD5(Message-Digest Algorithm), a single Hash Algorithm such as SHA-224, SHA-256, SHA-384, SHA-512, etc. in a Secure Hash Algorithm (SHA, Secure Hash Algorithm); the nested hash library comprises secondary nesting of hash algorithms in the hash algorithm library; the HMAC library comprises HMAC implementation of a hash algorithm in a hash algorithm library; the RIPEMD library comprises a RIPEMD realization of a hash algorithm in a hash algorithm library;
symmetric algorithm libraries include, but are not limited to, AES (Advanced Encryption Standard), RC4 (li witter Encryption, Rivest Cipher 4), BLOWFISH (brussels schnell block Encryption algorithm), 3DES (triple data Encryption algorithm), SM4(SM4 block Cipher algorithm, national Cipher symmetric algorithm, also known as commercial Cipher algorithm), etc., in different bit (e.g., 180, 224, 256, 384, 512, etc.) algorithms, in different block patterns, such as ECB (codebook), CBC (Cipher block chaining), CFB (Cipher feedback), OFB (output feedback), CTR (counter), etc. (such as ECB, CBC, CFB, OFB, CTR, etc.) and different Padding modes, (such as nopeading (no Padding), PKCS5Padding (Public Key Cryptography standard 5Padding, Public-Key Cryptography Standards #5, password-based Cryptography Standards), ISO10126Padding (text encryption Padding, based on ISO10126 standard));
asymmetric algorithm libraries include, but are not limited to, RSA (Algorithm inventor acronym, Rivest, Shami, Adleman), SM2 (elliptic curve public key cryptography), and the like; algorithm by its different bits (e.g. 1024, 2048, 4096, etc.), by different grouping modes (e.g. ECB (codebook of codes), CBC (cipher block chaining), CFB (cipher feedback), OFB (output feedback), ctrcttr (counter), etc.), and different PADDING modes (e.g. PKCS1_ PADDING (RSA cipher standard PADDING), PKCS1_ OAEP _ PADDING (optimal asymmetric cipher PADDING), NO _ PADDING (NO PADDING));
it should be noted that any supplement or change to the algorithms in the hash algorithm library, the symmetric algorithm library and the asymmetric algorithm library should not be created as a new invention, and still be regarded as the content of the present invention.
The coding rules in the coding library comprise transposition, transcoding, interception, mask adding and binary conversion operations. One obfuscation may be a combination of any number of encoding rules in an encoding library.
The device is suitable for intelligent equipment with a wireless communication function, and is used for transmitting the data which is safely encrypted and confused.
The device encrypts and confuses the input plaintext and outputs a ciphertext;
the device takes a time function as a core element of the whole white-box algorithm, and controls dynamic composition rules of a key factor library, a calculation example library, an algorithm library and a coding library so as to generate a white-box key;
the device takes the white box keys generated by the device as a common key between two parties or multiple parties of communication, and encrypts, decrypts, codes and decodes communication data, thereby ensuring data security.
As shown in fig. 2, the present invention further provides a white-box encryption/decryption method suitable for wireless communication, including the following steps:
step S1: the device terminal A shares the confused shared key factor to the device terminal B in a sharing way;
step S2: the equipment terminal B receives the information, decodes and checks the information, and acquires a shared secret key factor;
step S3: the device terminals A and B use the same shared key factor and solid key factor, and generate a white box key by combining key generation and confusion rules;
step S4: the equipment terminal A combines the plaintext with the data encryption and confusion rule and the white box secret key to generate a ciphertext and sends the ciphertext to the equipment terminal B in a wireless communication mode;
step S5: and the equipment terminal B receives the ciphertext, and restores the plaintext by using the corresponding data decryption and decoding rule.
Further, as shown in fig. 3, the step S1 specifically includes the following steps:
step S11: the method comprises the steps that an equipment terminal A obtains a solid key factor and a shared key factor of the equipment;
the solid key factor is equipment with the device and the function of the invention, the same key factor is generated under the same time function, and the equipment acquires or generates the key factor in real time when the equipment is used each time;
the shared key factor is a device with the device and the function of the invention, one party in communication shares the key factor to the other party or parties after being mixed up, and the key factor is a key factor necessary for generating a specific key in the communication process;
the solid key factor and the shared key factor are used as elements for generating the white box key and are composed of one or more factors in a key factor library;
preferably, the key factor library is roughly divided into the following five types: white box seeds, system factor groups, application factor groups, safety factor groups and others;
white-box Seed (White-box Seed) refers to a random number, or one-time password (OTP), generated by a True Random Number Generator (TRNG) or a trusted secure random number generator (CSPRNG) that is random and non-speculative. Specifically, the white-box seed is a shared key factor and is an essential element for generating the white-box key;
the System Element Group (System Element Group) refers to systematic information and setting values of a device having a wireless communication function, such as a device manufacturer, a model, a MAC Address (Media Access Control Address), an IMEI (International Mobile Equipment Identity), an ICCID (integrated circuit card Identity, i.e., SIM card number), a MEID (Mobile Equipment Identity), etc., for describing characteristics or uniqueness of the device and also for verifying the authentication and legitimacy of the device in a communication process;
the Business Element Group (Business Element Group) refers to a key factor Group related to an application scenario and a Business attribute. It should be noted that the present general method is applicable to different service application scenarios, and the factor group is strongly related to the service, and only the classification and definition thereof are described here. For convenience of understanding, taking a traditional offline consumption payment scenario as an example, the business factors can be business variables such as a payee account, a wallet address, a collection mode, a collection type, an order number and the like, and the business factors are used as generating elements of a secret key in a communication or data transmission process, so that the security of the secret key is effectively improved;
the Secure Element factor Group (Secure Element Group) refers to a factor stored in the device Secure Element or generated by running in the trusted execution environment, or a part of the Secure certificate Element, a lookup table, or the like; specifically, the lookup table is a solid key factor;
specifically, a plurality of different keys may exist in one communication process to meet different stages, functions or security requirements, each key corresponds to one white-box seed, and the same time function is used in one communication process. A communication as described herein refers to a complete communication process that identifies, connects, and completes all data transfers.
Step S12: the equipment terminal A combines the shared secret key factor and the check factor to generate a character string;
the set of common key factors includes the following necessary elements: white box seeds; and optional elements: system factors, business factors, security element factors, and other factors;
the check factor is irreversible summary information converted by a hash algorithm after a designated factor combination in a key factor library is received by the equipment terminal B and then checked, so that the authenticity and the legality of the information are verified;
the element for generating the check factor may be a shared key factor or a solid key factor;
the combination mode follows a time function through masknAnd (n is 0), and after confusion, corresponding to the examples in the example library. The process is the same as step S33.
Step S13: after the device terminal A codes and mixes the character strings, the character strings are shared to another device terminal B in a sharing mode;
the sharing mode may be any wireless communication mode, including but not limited to, for example, bluetooth broadcast and scan, bluetooth data transmission and reception, NFC, peer-to-peer communication of quantum and infrared communication, and the like; the two-dimensional code can also be generated by the confused shared secret key factor according to a certain coding rule through the two-dimensional code and displayed, and the two-dimensional code is acquired by a camera or code reading equipment;
the code obfuscation follows the time function mask (n is 1) and corresponds to the algorithm in the hash algorithm library after obfuscation. The process is the same as step S34.
Further, as shown in fig. 4, the step S2 specifically includes the following steps:
step S21: the device terminal B decodes the received character string to restore the character string;
the equipment terminal B acquires data in a wireless communication mode or a two-dimensional code identification mode of a camera and code reading equipment, decodes the data by using a corresponding decoding rule, and restores a character string consisting of a shared secret key factor and a check factor;
the decoding follows the corresponding decoding rule, and the decoding rule of the equipment terminal B is the same as the encoding rule of the equipment terminal A;
the coding and decoding rules are combined by selecting each coding rule in the coding library according to the time parameters. Under the same time node, the equipment terminal A and the equipment terminal B have the same time function, the same time function generates the same time parameter through the same confusion mode, the same time parameter is combined with the same coding rule in the coding library correspondingly, and the equipment terminal B performs decoding by using the same rule as the equipment terminal A, so that the character string consisting of the shared secret key factor and the check factor can be restored and obtained.
Step S22: the device terminal B obtains the shared key factor and the check factor in the character string, and checks the check factor;
the check factor is summary information generated by a shared key factor or a solid key factor according to a specified hash algorithm after combination;
the time functions generated by the equipment terminal A and the equipment terminal B under the same time node are the same, the time parameters generated by the same time functions through the same confusion method are the same, and the same time parameters are necessarily corresponding to the same hash algorithm and the same solid secret key factor in the hash algorithm library;
the device terminal B obtains the shared key factor after decoding, and obtains the solid key factor and the specified hash algorithm using the time function, and the generated check factor is checked and compared with the received check factor.
Step S23: after passing the verification, the device terminal B obtains the shared key factor.
In this step, when the check factor generated by the device terminal B is the same as the received check factor, the received shared key factor is considered to be valid through the check, and the subsequent operation is performed;
and when the verification factor generated by the equipment terminal B is different from the received verification factor, the verification is not passed, the received shared key factor is invalid, the subsequent operation is not carried out, and the current session or communication is ended.
Further, as shown in fig. 5, the step S3 specifically includes the following steps:
step S31: the device terminals A and B use the same solid key factor, shared key factor and time function to prepare to generate a white box key;
the shared key factor is a key factor group generated and mixed by the device terminal a according to the step S1, shared to the device terminal B, received, decoded and verified by the device terminal B according to the step S2;
specifically, the essential element of the shared secret key factor is a white-box seed;
the solid key factors are different devices with the device and the function of the invention, the same key factors are generated under the same time function, and the device acquires or generates the key factors in real time each time the key factors are used; under the same time node, the time functions of the equipment terminal A and the equipment terminal B are the same, and the solid key factors generated by the equipment terminal A and the equipment terminal B are the same;
step S32: selecting corresponding elements in the lookup table according to the time function to generate a salt-added secret key;
regarding the lookup table as a two-dimensional array a [ m ] [ n ] of m rows and n columns, wherein a [ i ] [ j ] is an element of the ith row and the jth column and is an 8-bit character string consisting of capital letters, lowercase letters or numbers; combining elements in different 5 rows and i columns to generate a 40-bit salt-added key (salted-key);
i=mask2(validTimestamp)%(m-1),(0≤i<m)
j1=mask3(validTimestamp)%(n-1),(0≤j<n)
j2=mask4(validTimestamp)%(n-1),(0≤j<n)
j3=mask5(validTimestamp)%(n-1),(0≤j<n)
j4=mask6(validTimestamp)%(n-1),(0≤j<n)
j5=mask7(validTimestamp)%(n-1),(0≤j<n)
salted-key=a[i][j1]+a[i][j2]+a[i][j3]+a[i][j4]+a[i][j5]
the row i and the column j are parameters generated by adopting different confusion methods mask (n is more than or equal to 0) for the time function and then taking the remainder, and the parameters are used for matching five groups of characters in the lookup table, so that the salt-added key (salted-key) is formed by splicing.
Step S33: selecting an example in an example library according to a time function, and processing the key factor to form a character string;
the key factor comprises a shared key factor and a solid key factor;
the method comprises the following steps that an example in an example library defines a preprocessing and splicing rule of a key factor, and the preprocessing and splicing rule comprises operations of operation, negation, system conversion, sequencing, remainder extraction and the like;
subjecting the time function to masknAfter confusion, (n ═ 8), the corresponding algorithm in the algorithm library is selected, and for easy understanding, it is assumed that the elements required for the key generation of this time are shared key factors E1, E2, E3 and solid key factors E4, E5, and one example of the expression form of the algorithm may be:
E1+E4+(3*E2)+Reverse(E1+E2)+E3
wherein the operation symbol "+" indicates that the front and back character strings are spliced in sequence;
wherein Reverse is to output the character string in Reverse order;
and processing the key factor according to the example formula to obtain a character string which is used as the input of a subsequent algorithm.
Step S34: selecting an algorithm in a hash algorithm library according to a time function, and generating a corresponding hash value after processing the character string in the previous step;
obfuscating the time function to a maskn(n-9), selecting a corresponding algorithm in the hash algorithm library for processing after obfuscation, wherein for the convenience of understanding, two of the expressions may be:
SHA512[ SHA384(salted-key + string) + salt ]
HMAC-SHA256[ salted-key + MD5 (string) ]
Wherein the operation symbol "+" indicates that the front and rear character strings are spliced in sequence;
wherein, the HMACS is a Hash-based Message Authentication Code (Hash-based Message Authentication Code) related to a key, and a SHA Secure Hash Algorithm (SHA, Secure Hash Algorithm);
in addition, in order to improve the security of the key in this step, a nested hash library in the hash algorithm library and an algorithm in the HMAC library are used, and a single hash algorithm in the hash algorithm library is not used.
Step S35: selecting a plurality of coding rules in a coding library according to a time function, and carrying out combined coding on the hash value to obtain an intermediate key;
obfuscating the time function to a maskn(n-10) after confusion, selecting a plurality of coding rules in a coding library for combined coding; for ease of understanding, assume that the pre-hash value is 256-bit 32-bit character c1c2c3…c31c32Then one example of an expression for this may be:
transposition of the shaft
Figure BDA0002724046040000141
{ transcoding
Figure BDA0002724046040000142
{
Intercepting40[ mask (c)5c12c31c8c10c24c5c4)+c1c2c3...c31c32+c1c2c3...c31c32]}}
Wherein the operation symbol "+" indicates that the front and rear character strings are spliced in sequence;
the coding rules in the coding library comprise operations such as transposition, transcoding, interception, mask adding, binary conversion and the like;
and generating a fixed bit number by the key mask through the effective timestamp, and generating the same dynamic character string among different devices.
Step S36: and selecting a plurality of coding rules in a coding library according to the time function, and performing combined coding on the intermediate secret key to obtain the white box secret key.
After the time function is confused by a confusion method mask (n is 11), selecting a plurality of coding rules in a coding library for combined coding; the obfuscating method mask11 is different from the aforementioned mask10 in that the encoding rule of S36 is different from the encoding rule of S37, and the complexity and ambiguity of the key can be increased by performing multiple obfuscating operations. In principle, the number of encodings in the key generation process is not less than 2.
Further, as shown in fig. 6, the step S4 specifically includes the following steps:
step S41: the equipment terminal A selects algorithms in a symmetric and asymmetric algorithm library according to a time function, and encrypts a plaintext by combining a white box secret key to generate a ciphertext;
in the step, after the time function is obfuscated by an obfuscating method mask (n is 12), an algorithm in a symmetric algorithm library or an asymmetric algorithm library is selected; and encrypting the plaintext by combining the white box secret key to generate a ciphertext.
Step S42: the equipment terminal A selects a plurality of coding rules in a coding library according to a time function, and the ciphertext is mixed to generate a ciphertext';
after the time function is confused by a confusion method mask (n is 13), selecting a plurality of coding rules in a coding library for combined coding; converting the ciphertext into a ciphertext;
the coding rules in the coding library comprise operations such as transposition, transcoding, interception, mask adding, binary conversion and the like; the ciphertext mask generates a random character according to the specified digit dynamically generated among different devices through the effective timestamp;
dynamically confirming the length of the current mask through an effective timestamp and a time confusion function;
generating a random number of a specified length, such as-1234123 to 23141231, by a True Random Number Generator (TRNG) or a trusted cryptographic secure random number generator (CSPRNG);
taking the generated random number with the designated length as a parameter, and putting the parameter into a character generation function; the function queries a 64-system character table to obtain corresponding characters, such as Mod (23141231,64) being 41, CharAt (Code _64,41) being "t"; at a valid timestamp of 712394819238123, the full dynamic mask is "sZ 21Dx1 pAfX".
Step S43: the equipment terminal a transmits the ciphertext' to the equipment terminal B in a wireless communication manner.
The wireless communication includes, but is not limited to, Bluetooth (BR/EDR/BLE), NFC, Wifi, WLAN, WPAN, and the like.
Further, as shown in fig. 7, the step S5 specifically includes the following steps:
step S51: the equipment terminal B receives the ciphertext ', selects various coding rules in the coding library according to the time function, decodes the ciphertext' and restores the ciphertext;
after the time function is confused by a confusion method mask (n is 13), selecting a plurality of coding rules in a coding library for decoding; the ciphertext' is reverted to ciphertext.
Step S52: the equipment terminal B selects algorithms in the symmetric and asymmetric algorithm libraries according to the time function, and decrypts the ciphertext by combining the white box secret key to restore the plaintext;
after the time function is obfuscated by an obfuscating method mask (n is 12), an algorithm in a symmetrical algorithm library or an algorithm in an asymmetrical algorithm library is selected; and decrypting the plaintext by combining the white box key to restore the plaintext.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1. A white-box encryption and decryption method suitable for wireless communication, comprising the steps of:
step S1: the device terminal A shares the confused shared key factor to the device terminal B in a sharing way;
step S2: the equipment terminal B receives the information, decodes and checks the information, and acquires a shared secret key factor;
step S3: the device terminals A and B use the same shared key factor and solid key factor, and generate a white box key by combining key generation and confusion rules;
step S4: the equipment terminal A combines the plaintext with the data encryption and confusion rule and the white box secret key to generate a ciphertext and sends the ciphertext to the equipment terminal B in a wireless communication mode;
step S5: and the equipment terminal B receives the ciphertext, and restores the plaintext by using the corresponding data decryption and decoding rule.
2. The white-box encryption and decryption method for wireless communication according to claim 1, wherein the step S1 specifically comprises the following steps:
step S11: the method comprises the steps that an equipment terminal A obtains a solid key factor and a shared key factor of the equipment;
step S12: the equipment terminal A combines the shared secret key factor and the check factor to generate a character string;
step S13: and after the device terminal A codes and mixes the character strings, the character strings are shared to another device terminal B in a sharing mode.
3. The white-box encryption and decryption method for wireless communication according to claim 1, wherein the step S2 specifically comprises the following steps:
step S21: the device terminal B decodes the received character string to restore the character string;
step S22: the device terminal B obtains the shared key factor and the check factor in the character string, and checks the check factor;
step S23: after passing the verification, the device terminal B obtains the shared key factor.
4. The white-box encryption and decryption method for wireless communication according to claim 1, wherein the step S3 specifically comprises the following steps:
step S31: the device terminals A and B use the same solid key factor, shared key factor and time function to prepare to generate a white box key;
step S32: selecting corresponding elements in the lookup table according to the time function to generate a salt-added secret key;
step S33: selecting an example in an example library according to a time function, and processing the key factor to form a character string;
step S34: selecting an algorithm in a hash algorithm library according to a time function, and generating a corresponding hash value after processing the character string in the previous step;
step S35: selecting a plurality of coding rules in a coding library according to a time function, and carrying out combined coding on the hash value to obtain an intermediate key;
step S36: and selecting a plurality of coding rules in a coding library according to the time function, and performing combined coding on the intermediate secret key to obtain the white box secret key.
5. The white-box encryption and decryption method for wireless communication according to claim 1, wherein the step S4 specifically comprises the following steps:
step S41: the equipment terminal A selects algorithms in a symmetric and asymmetric algorithm library according to a time function, and encrypts a plaintext by combining a white box secret key to generate a ciphertext;
step S42: the equipment terminal A selects a plurality of coding rules in a coding library according to a time function, and the ciphertext is mixed up to generate a ciphertext';
step S43: the equipment terminal a transmits the ciphertext' to the equipment terminal B in a wireless communication manner.
6. The white-box encryption and decryption method for wireless communication according to claim 1, wherein the step S5 specifically comprises the following steps:
step S51: the equipment terminal B receives the ciphertext ', selects various coding rules in the coding library according to the time function, decodes the ciphertext' and restores the ciphertext;
step S52: and the equipment terminal B selects the algorithms in the symmetric and asymmetric algorithm libraries according to the time function, and decrypts the ciphertext by combining the white box secret key to restore the plaintext.
7. A universal white-box encryption device is characterized by comprising a time function, a calculation library, an algorithm library and a coding library;
the time function is used for setting different obfuscating method masksn(n.gtoreq.0, n representing different obfuscation methodsNumber), and transforms it;
the Time function Valid Time Stamp ═ f (Unix Time Stamp, Time interval, Time mask)
The Unix timestamp is a Unix timestamp;
the time interval is a set time interval and is also the minimum effective duration of a time function;
the time slot is a set time scale and is used for defining the effective duration of a time function, and the effective duration is time interval time scale;
the time mask is a time mask and is used for confusion and time function generation;
the time parameters are generated after different obfuscating methods mask (n is more than or equal to 0) are adopted for the time functions, and are used for dynamically matching and selecting the contents in a key factor library, an algorithm library and a coding library, so that a shared key obfuscating rule, a key generation and obfuscating rule and a ciphertext obfuscating rule are formed;
the example library comprises operation, negation, system conversion and sequencing operation;
the algorithm library comprises a Hash algorithm library, a symmetric algorithm library and an asymmetric algorithm library;
the coding rules in the coding library comprise transposition, transcoding, interception, mask adding and binary conversion operations.
CN202011096868.8A 2020-10-14 2020-10-14 White box encryption and decryption method and device suitable for wireless communication Withdrawn CN114430549A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011096868.8A CN114430549A (en) 2020-10-14 2020-10-14 White box encryption and decryption method and device suitable for wireless communication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011096868.8A CN114430549A (en) 2020-10-14 2020-10-14 White box encryption and decryption method and device suitable for wireless communication

Publications (1)

Publication Number Publication Date
CN114430549A true CN114430549A (en) 2022-05-03

Family

ID=81310130

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011096868.8A Withdrawn CN114430549A (en) 2020-10-14 2020-10-14 White box encryption and decryption method and device suitable for wireless communication

Country Status (1)

Country Link
CN (1) CN114430549A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278986A (en) * 2023-11-23 2023-12-22 浙江小遛信息科技有限公司 Data processing method and data processing equipment for sharing travel

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117278986A (en) * 2023-11-23 2023-12-22 浙江小遛信息科技有限公司 Data processing method and data processing equipment for sharing travel
CN117278986B (en) * 2023-11-23 2024-03-15 浙江小遛信息科技有限公司 Data processing method and data processing equipment for sharing travel

Similar Documents

Publication Publication Date Title
CN108377189B (en) Block chain user communication encryption method and device, terminal equipment and storage medium
US10979221B2 (en) Generation of keys of variable length from cryptographic tables
US8121294B2 (en) System and method for a derivation function for key per page
CN112202754B (en) Data encryption method and device, electronic equipment and storage medium
KR20050073573A (en) Secure communications
CN112287377A (en) Model training method based on federal learning, computer equipment and storage medium
CN111314050B (en) Encryption and decryption method and device
JP2022537733A (en) Authenticated key agreement
CN113711564A (en) Computer-implemented method and system for encrypting data
WO2021114850A1 (en) Method and apparatus for encrypting and decrypting and reading and writing messages, computer device, and storage medium
CN105306194A (en) Multiple encryption method and multiple encryption system for encrypting file and/or communication protocol
Wu et al. JAMBU lightweight authenticated encryption mode and AES-JAMBU
US8804953B2 (en) Extensive ciphertext feedback
Joshy et al. Text to image encryption technique using RGB substitution and AES
CN114430549A (en) White box encryption and decryption method and device suitable for wireless communication
CN116248316A (en) File encryption method, file decryption method, device and storage medium
CN115499118A (en) Message key generation method, message key generation device, file encryption method, message key decryption method, file encryption device, file decryption device and medium
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
Erondu et al. An encryption and decryption model for data security using vigenere with advanced encryption standard
CN111314051B (en) Encryption and decryption method and device
Arora et al. Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm
Sri et al. Concealing the Data using Cryptography
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
KR20150103394A (en) Cryptography system and cryptographic communication method thereof
CN113923029B (en) Internet of things information encryption method based on ECC (error correction code) hybrid algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220503