CN115766190B - Encryption method, decryption method and electronic equipment for arbitrary set elements - Google Patents

Encryption method, decryption method and electronic equipment for arbitrary set elements Download PDF

Info

Publication number
CN115766190B
CN115766190B CN202211408430.8A CN202211408430A CN115766190B CN 115766190 B CN115766190 B CN 115766190B CN 202211408430 A CN202211408430 A CN 202211408430A CN 115766190 B CN115766190 B CN 115766190B
Authority
CN
China
Prior art keywords
encryption
data
parameters
encrypted
taking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211408430.8A
Other languages
Chinese (zh)
Other versions
CN115766190A (en
Inventor
张玉安
胡伯良
蒋红宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Haitai Fangyuan High Technology Co Ltd
Original Assignee
Beijing Haitai Fangyuan High Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Haitai Fangyuan High Technology Co Ltd filed Critical Beijing Haitai Fangyuan High Technology Co Ltd
Priority to CN202211408430.8A priority Critical patent/CN115766190B/en
Publication of CN115766190A publication Critical patent/CN115766190A/en
Application granted granted Critical
Publication of CN115766190B publication Critical patent/CN115766190B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

An arbitrary set element encryption method, a decryption method and electronic equipment relate to the technical field of information protection, solve the problem that the encrypted set element cannot pass the database compliance test because the encrypted set element does not meet the format requirement, and adopt the following technical scheme: receiving all data to be encrypted; determining a data set containing X data elements according to the quantity X of data to be encrypted; for each data element in the data set, performing encryption processing: splitting the current data element into a random number and a regular number according to a splitting rule; performing iterative operation on the random number to obtain a random encryption number; dividing the rule into N-dimensional vector representation forms with M as a base, and obtaining N parameters of the N-dimensional vector; performing iterative operation on the N parameters to obtain N encryption parameters; and combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule, and taking data corresponding to the data elements with the same combination value in the data set as an encryption result.

Description

Encryption method, decryption method and electronic equipment for arbitrary set elements
Technical Field
The present invention relates to the field of information protection technologies, and in particular, to an encryption method, a decryption method, and an electronic device for any set element.
Background
For a set, for example, a set is formed by all N compliant identification numbers, a set is formed by all mobile phone numbers, or a set is formed by all bank accounts, if elements in the set are encrypted, a common encryption mode can cause that data in the set is deformed not in line with rules of the set, for example, the birth date on the identification number can generate deformation not in line with rules of the mobile phone number, for example, the 1 st bit of the mobile phone number is not number 1, or the first few bits of the bank account is not in line with the account format of the bank, and for the encrypted data, in the process of storing the encrypted data, certain databases need to carry out validity check on the compliance of the stored data, if the rule of the current set is not in line with rules of the stored data, reporting errors can occur, in order to avoid the occurrence of the conditions, a certain element in the set is generally adopted to replace the encrypted element in the current set, and because the selected element in the set is in line with rules of the mobile phone number, the first few bits of the mobile phone number are not in line with rules of the encrypted data, the first few bits of the bank account is in line with rules of the stored encrypted data, and the error can be prevented from generating the error-proof in the process of the encrypted data.
The method is equivalent to constructing an isomorphic mapping in the current set, if M elements exist in a certain set, the elements in the set need to be encrypted, and the encrypted ciphertext is required to be still in the set, namely, encryption with a reserved format is required to be realized, then the technical problem can be solved by adopting a block cipher algorithm in the prior art.
However, the current block cipher algorithm can only solve the problem that M is 2 32 、2 64 、2 128 And 2 256 The encryption and decryption conversion problems of elements in a set under the condition of special modulus are solved, when the number of elements in the set is not the square power of 2, the corresponding grouping encryption is usually carried out after the M elements are expanded to the corresponding square power of 2, but the encrypted elements are easy to fall into the M elements of the set to lose effectiveness after expansion, so that the technical problem to be solved is how to ensure that any set which is not the square power of 2 is encrypted, namely after isomorphic mapping is realized, the ciphertext is still in the set.
Disclosure of Invention
The embodiment of the invention discloses an encryption method, a decryption method and electronic equipment for any set, which are used for solving the technical problem that isomorphic mapping can be constructed in the set even if the number of any set is not 2 square power, and encrypting a certain numerical value from 0 to X-1 to a certain numerical value from 0 to X-1 is realized, namely, the problem that one element in the set to be encrypted is replaced by another element in the same set to be encrypted is realized, and further, the problem that the database compliance test cannot be passed due to the fact that the format requirement of the set is not met after encryption is solved.
In a first aspect, an embodiment of the present invention provides an arbitrary set encryption method, including:
receiving all data to be encrypted;
determining a data set containing X data elements according to the number X of the data to be encrypted, wherein the X data elements are integers from 0 to X-1; and each piece of data to be encrypted corresponds to a unique data element in the data set one by one;
for each data element in the data set, performing the following encryption process:
dividing the current data element into a random number and a regular number according to a dividing rule; wherein the nonce is the data element divided by M N The integer quotient is the data element and M N Taking the remainder after the remainder; the M, N is a positive integer greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting reserved format encryption to obtain the random encrypted number after the random number encryption, wherein the reserved format ranges from 0 to X-1 divided by M N The quotient range of the integer;
splitting the rule into N-dimensional vector representation forms taking M as a base, and obtaining N parameters of the N-dimensional vector;
the N parameters are used as format reservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, the corresponding N encrypted parameters after encryption are obtained, and the range of the reservation format is an integer range from 0 to M-1;
Combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
Optionally, in some embodiments, the method further comprises: and taking the corresponding encryption parameter determined by one of the parameters in the N-dimensional vector as one of scrambling parameters for iterative operation of the messy part by adopting a reserved format encryption algorithm.
Optionally, in some embodiments, one of the parameters in the N-dimensional vector is a corresponding encryption parameter determined for a parameter of a highest-dimensional vector in the N-dimensional vector.
Optionally, in some embodiments, the method further comprises:
dividing said data element X-1 by said M N The integer quotient after that, determining the element number of a first S box and determining a substitution table of the first S box;
the method for obtaining the random encryption number after random encryption by adopting a reserved format encryption algorithm for the random number comprises the following steps:
and the random number performs iterative permutation calculation according to the permutation table of the first S box to obtain the encrypted random encryption number.
Optionally, in some embodiments, the first S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving the data to be encrypted.
Optionally, in some embodiments, the method further comprises:
according to the division of the data element X-1 in the data set by the M N Determining a first data range, deriving a sufficient number of round keys based on the first data range, a predicted iteration round number and a key, the key being determined/obtained in advance/agreed upon receipt of data to be encrypted, the round keys being series key parameters used during each round of iterations of the key derivation;
before the performing an iterative operation on the nonce according to the substitution table of the first S-box, the method further includes:
scrambling the reserved format encryption algorithm of the random number according to the round key to obtain a second encrypted number;
and taking the second encrypted number as the new random number.
Optionally, in some embodiments, the method further comprises:
determining a second S box of M elements according to the M;
and performing iterative operation by taking the N parameters as format preservation encryption algorithm input in a block encryption algorithm to obtain N encrypted parameters corresponding to the encrypted parameters, wherein the scope of the preservation format is an integer scope from 0 to M-1, and the method specifically comprises the following steps:
And respectively taking the N parameters as input parameters of the same round of block encryption algorithm, carrying out displacement calculation on the input parameters through a displacement table of the second S box to obtain N encrypted numbers after encryption, wherein the N encrypted numbers are taken as input parameters of iterative operation of the next round of block encryption algorithm.
Optionally, in some embodiments, the second S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving the data to be encrypted.
Optionally, in some embodiments, the method further comprises:
determining a second data range according to the M, and determining a derivative sufficient round key according to the second data range, the expected iteration round number and a key, wherein the key is determined when receiving data to be encrypted/obtained in advance/agreed, and the round key is a series key parameter used in each round of iteration process of key derivative;
after the N parameters are respectively used as input parameters of the same round of packet encryption algorithm, before the input parameters are subjected to permutation calculation through the permutation table of the second S-box, the method further comprises:
respectively encrypting the N parameters according to the round keys of each dimension of each round to respectively obtain N third encryption numbers;
And taking the N third encryption numbers as new input parameters.
Optionally, in some embodiments, the rule is split into N-dimensional vector representations based on the M, and N parameters of the N-dimensional vector are obtained, including:
and (3) performing iteration: taking the integer obtained by taking the integer and the N-i power of the M base as parameters of an N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer and the N-i power of the M base as the integer of the N-i power of the M base in the next round;
wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer more than or equal to 1.
Optionally, in some embodiments, the corresponding merging rule specifically includes:
taking the N encryption numbers as N corresponding parameters in an N-dimensional vector representation form based on the M, and calculating a first result according to the N parameters and the N-dimensional vector based on the M;
multiplying the hash encryption number by M N The obtained result is taken as a second result;
the first result is added to the second result.
Optionally, in some embodiments, when it is determined that the first result and the second result are greater than the data element X-1, the encryption process is performed again by adding the first result and the second result as an element in the data set.
In a second aspect, an embodiment of the present invention further provides a method for decrypting any set element, where the encrypting method according to the first aspect is used to encrypt the set, and the decrypting method includes:
receiving encrypted data to be decrypted;
obtaining data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data and the data elements in the data set;
and executing the following decryption processing on the received encrypted data:
splitting into a scattered encryption number and a regular encryption number according to the splitting rule according to the data elements;
the hash number is the data element divided by M N The latter integer quotient, the rule number modulo the data element the M N The remainder after;
performing iterative inverse operation on the scattered encrypted number by adopting the reserved format encryption algorithm to obtain a scattered decrypted number after the scattered encrypted number is decrypted;
the regular encryption number is split into N-dimensional vector representation forms taking M as a base number, and N encryption parameters of the N-dimensional vector are obtained;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
Combining the scattered decryption number and the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
Optionally, in some embodiments, the method further comprises: and taking the corresponding decryption parameter determined by one of the encryption parameters in the N-dimensional vector as one of the descrambling parameters of the random section which is subjected to iterative operation by adopting a reserved format encryption algorithm.
Optionally, in some embodiments, one of the encryption parameters in the N-dimensional vector is a corresponding decryption parameter determined for an encryption parameter of a highest-dimensional vector in the N-dimensional vector.
Optionally, in some embodiments, the method further comprises:
dividing said data element X-1 by said M N The integer quotient, determining the element number of the first S box, determining a substitution table of the first S box and determining the inverse transformation of the first S box;
the method for obtaining the scattered decryption number after the scattered encryption number is decrypted comprises the following steps of:
And the random encryption number is subjected to iterative replacement calculation according to the inverse transformation of the first S box, and the decrypted random decryption number is obtained.
Optionally, in some embodiments, the first S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving encrypted data.
Optionally, in some embodiments, the method further comprises:
according to the division of the data element X-1 in the data set by the M N Determining a first data range, deriving a sufficient number of round keys based on the first data range, a predicted iteration round number, and a key, the key being determined/obtained in advance/agreed upon receipt of the encrypted data;
after the performing iterative permutation calculation of the hash encryption number according to the inverse transformation of the permutation table of the first S-box, further comprising:
decrypting the random encryption number according to the round key to obtain a second decryption number;
and taking the second decryption number as the new random encryption number.
Optionally, in some embodiments, the method further comprises:
determining a second S box of M elements according to the M, and determining the inverse transformation of the second S box;
performing iterative inverse operation by taking the N encryption parameters as input of a block encryption algorithm to obtain decrypted corresponding N decryption parameters, wherein the method specifically comprises the following steps:
And respectively taking the N encryption parameters as encryption input parameters of the same round of packet decryption algorithm, carrying out replacement calculation on the encryption input parameters through inverse transformation of the second S box to obtain N decrypted parameters, and taking the N decrypted parameters as encryption input parameters of iterative operation of the next round of packet decryption algorithm.
Optionally, in some embodiments, the second S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving encrypted data.
Optionally, in some embodiments, the method further comprises:
determining a second data range according to the M, and determining a derivative sufficient round key according to the second data range and a key, wherein the key is determined when receiving data to be encrypted/obtained in advance/agreed;
after the N encryption parameters are respectively used as the encryption input parameters of the same round of packet decryption algorithm, after the substitution calculation is performed on the encryption input parameters through the inverse transformation of the second S-box, the method further comprises:
respectively decrypting the N encryption parameters according to the round key of each round to obtain N decryption numbers;
and taking the N decryption numbers as the new encryption input parameters.
Optionally, in some embodiments, the regular encryption number is split into N-dimensional vector representations based on the M, and N encryption parameters of the N-dimensional vector are obtained, including:
and (3) performing iteration: taking the integer obtained by taking the integer encryption number and the N-i power of the M base as encryption parameters of an N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer encryption number and the N-i power of the M base as the integer encryption number of the N-i power of the M base in the next round;
wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer more than or equal to 1.
Optionally, in some embodiments, the corresponding merging rule specifically includes:
taking the N decryption parameters as N parameters corresponding to an N-dimensional vector representation form taking M as a base, and calculating a first result according to the N parameters and the N-dimensional vector taking M as the base;
multiplying the random decryption number by M N As a second result;
the first result is added to the second result.
Optionally, in some embodiments, when it is determined that the first result and the second result are greater than the data element X-1, the decryption process is performed again by adding the first result and the second result as an element in the data set.
In a third aspect, an embodiment of the present invention further provides an encryption apparatus, including:
the receiving module is used for receiving all data to be encrypted;
the mapping module is used for determining a data set containing X data elements according to the number X of the data to be encrypted, wherein the X data elements are integers from 0 to X-1; and each piece of data to be encrypted corresponds to a unique one of different data elements in the data set one by one;
a generation module for executing encryption processing on each data element in the data set;
the encryption processing specifically comprises the following steps: dividing the current data element into a random number and a regular number according to a dividing rule; wherein the zero nonce is the numberDividing the data element by M N The integer quotient is the data element and M N Taking the remainder after the remainder; the M, N is a positive integer greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting a reserved format encryption algorithm to obtain the random encrypted number after the random number is encrypted, wherein the reserved format ranges from 0 to X-1 divided by M N The quotient range of the integer;
splitting the rule into N-dimensional vector representation forms taking M as a base, and obtaining N parameters of the N-dimensional vector;
The N parameters are used as format reservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, the corresponding N encrypted parameters after encryption are obtained, and the range of the reservation format is an integer range from 0 to M-1;
combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
In a fourth aspect, an embodiment of the present invention further provides a decryption device, which is encrypted by using the encryption device, including:
the receiving module is used for receiving the encrypted data to be decrypted;
the mapping decryption module is used for obtaining the data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data in the mapping module and the data elements in the data set;
the decryption module is used for executing decryption processing on the received encrypted data;
the decryption process specifically includes:
splitting into a scattered encryption number and a regular encryption number according to the splitting rule according to the data elements;
The hash number is the data element divided by M N The integer quotient is the following integer is theData element and M N Taking the remainder after the remainder;
the scattered encryption number adopts the reserved format encryption algorithm to carry out iterative inverse operation to obtain the scattered decryption number after the scattered encryption number is decrypted, and the reserved format ranges from 0 to X-1 and M N Taking the remaining integer range;
the regular encryption number is split into N-dimensional vector representation forms taking M as a base number, N encryption parameters of the N-dimensional vector are obtained, and the range of the reserved format is an integer range from 0 to M-1;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
combining the scattered decryption number and the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including: a memory and a processor, wherein the memory is configured to store,
The memory is used for storing computer instructions;
the processor is configured to execute the computer instructions to implement the method according to any of the first aspects and/or the method according to any of the second aspects.
In a sixth aspect, embodiments of the present invention also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements a method according to any of the first aspects and/or a method according to any of the second aspects.
The embodiment of the invention has the beneficial effects that: according to the technical scheme provided by the embodiment of the invention, even if the data set has a certain scale, each group can be operated in parallel due to reasonable splitting of the data elements in the data set, so that the encryption speed is high, and the data set is formedIsomorphic mapping in one data set can realize encryption and decryption of elements in the set in a symmetric key encryption mode, and has the characteristics of simple method, high operation efficiency and easiness in realization of software and hardware; the technical scheme solves the technical problem of encrypting a certain numerical value from 0 to X-1 into a certain numerical value from 0 to X-1, and can be understood as the function expansion of a common block cipher, and the common block cipher algorithm can only solve the problem that the modulus is 2 32 、2 64 、2 128 、2 256 The encryption transformation problem is integrated by special modes, and the technical scheme of the application can solve the general modulus problem without being limited by the square power of 2. The encryption problem on the collection is solved, the encryption problem of the data retention format is also solved, the data retention format is solved by replacing the data to be encrypted corresponding to the corresponding data elements with the data to be encrypted represented by the corresponding data elements mapped isomorphically in the same data collection, the common requirements of the current collection are met, and even if the encrypted data can pass the compliance test of the database, the problem that the data cannot be stored due to the fact that the data cannot meet the requirements of the database caused by the encryption problem is avoided.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of an encryption process according to an embodiment of the present invention;
FIG. 2 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 3 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 4 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 5 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 6 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 7 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 8 is a flowchart of another encryption process according to an embodiment of the present invention;
FIG. 9 is a flowchart of a decryption process according to an embodiment of the present invention;
FIG. 10 is a schematic block diagram of an encryption device according to an embodiment of the present invention;
fig. 11 is a schematic block diagram of a decryption device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be appreciated that in the description of embodiments of the invention, the words "first," "second," and the like are used merely for distinguishing between the descriptions and not for indicating or implying any relative importance or order.
The term "and/or" in the embodiment of the present invention is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B may indicate: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
At present, in the field of information technology, a large amount of information data needs to be transmitted and stored, and data encryption is the most reliable method for protecting information by a computer system, and the encryption technology is used for encrypting the information, so that the safety and confidentiality of the information system and the data are improved, secret data are prevented from being externally deciphered, information concealment is realized, and the effect of protecting the safety of the information is achieved.
The block cipher algorithm generally has better mixed diffusion effect and better key participation form, and the security of the block encryption method is already demonstrated, the strength of the encryption security is enough, but the block encryption method can only solve the problem that M is 2 32 、2 64 、2 128 And 2 256 And 2 256 Encryption and decryption conversion problems of elements in a set of special modulus situations, such as a DES encryption method, an AES encryption method, an SM4 encryption method and the like. When the number of elements in the set is not the square power of 2, the algorithm of the corresponding block cipher is usually performed after the M elements are expanded to the corresponding square power of 2, but after expansion, the encrypted elements are easily caused to be unable to fall in the M elements of the set and lose effectiveness.
Therefore, for any set which is not a square power of 2, how to ensure that the encrypted ciphertext of the element in the set is still in the set after the isomorphic mapping is realized is a technical problem to be solved.
For a better understanding of the technical solution of the present invention, the present invention will be described with reference to what may be referred to as an understanding of the present invention.
For any set, if the number of elements in the set is M, a one-to-one correspondence can be established between the elements in the set and the numerical values in the M-class set {0,1,2, … …, M-1 }. If there are M elements in a set, the elements in the set need to be encrypted, and the ciphertext after encryption is required to be still in the set, this can be equivalent to encrypting the elements in the modulo M class set {0,1,2, … …, M-1}, and the ciphertext required to be in {0,1,2, …, M-1 }. For example, a Set of 13 elements total = {7,8,9, a, b, c, d, e, f, +.! "at @, $,% }, it can be mapped one-to-one with the modulo 13 class set n= {0,1,2,3, … …,12}, e.g. 0 represents 7,1 represents 8, … …,11 represents $,12 represents%. Encrypting "a" in the Set corresponds to encrypting "3" in Set N. If "3" is encrypted as "11", it can be mapped as "A" in the Set is encrypted as "$".
Therefore, the encryption problem of isomorphic mapping on the same set is solved, and the reserved format encryption problem with M elements is essentially solved. The encryption transformation from the model M class set to the model M class set is constructed, namely, isomorphic mapping based on the key is constructed in the model M class set.
In order to solve the above technical problems, an embodiment of the present invention provides an arbitrary set encryption method, including:
an arbitrary set encryption method, comprising:
receiving all data to be encrypted;
determining a data set containing X data elements according to the quantity X of data to be encrypted, wherein the X data elements are integers from 0 to X-1; each piece of data to be encrypted corresponds to a unique one of different data elements in the data set one by one;
for each data element in the data set, the following encryption process is performed:
splitting the current data element into a random number and a regular number according to a splitting rule; wherein the null data is data element and M N Dividing the integer quotient to form a rule number as a data element and M N Taking the remainder after the remainder; m, N are positive integers greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting a reserved format encryption algorithm to obtain the random encrypted number after the random number is encrypted, wherein the reserved format ranges from 0 to X-1 and M N Taking the remaining integer range;
dividing the rule into N-dimensional vector representation forms with M as a base, and obtaining N parameters of the N-dimensional vector;
the N parameters are used as format preservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, the N encrypted parameters are obtained, and the scope of the preservation format is an integer scope from 0 to M-1;
combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same combined value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
The following is a description of a specific embodiment, as shown in fig. 1.
S101: receiving all data to be encrypted;
since a data set corresponding to all the data to be encrypted needs to be constructed, the size of the current data set needs to be determined and corresponds to the current data set, all the data to be encrypted needs to be received, and the quantity of the data to be encrypted needs to be determined.
S102: determining a data set containing X data elements according to the quantity X of data to be encrypted, wherein the X data elements are integers from 0 to X-1; each piece of data to be encrypted corresponds to a unique one of different data elements in the data set one by one;
When all data are received, the data quantity X of the data to be encrypted can be determined, so that a data set with the same data quantity as the data quantity X can be constructed, the elements in the data set are sequence numbers from 0 to X-1, and 0 element is one element, therefore, the number of the elements in the data set is 0- (X-1), the total X elements are all integers, each data to be encrypted corresponds to one unique data element in the data set one by one, the data to be encrypted can be ordered and corresponds to the element in the data set, the data to be encrypted can also directly correspond to the element in the data set without ordering the data to be encrypted, and only the data to be encrypted needs to be determined only correspond to the unique element in the current data set, namely the corresponding data to be encrypted needs to be determined through the unique element in the current data set.
S103: determine if encryption is complete for all elements within the collection?
If yes, go to step S104, if no, go to step S105.
I.e. it is equivalent to performing encryption processing on each data element in the data set, and ensuring that the elements in each data set have been encrypted. If the encryption is not completed, the encryption is continued, and if the encryption is completed, the encryption step can be exited.
S104: and (5) ending.
And (3) indicating that all elements in the current data set are encrypted, forming isomorphic mapping in the set, and ending the current encryption flow.
S105: splitting the current data element into a random number and a regular number according to a splitting rule; wherein the null data is data element and M N Dividing integer quotient, providing integer as data element and M N Taking the remainder after the remainder; m, N are positive integers greater than or equal to 2 respectively;
the foregoing has said that, in the block encryption method, it is impossible to encrypt the data set when the number of elements is not 2 to the power of square, so the technical solution of the present invention splits each element in the data set into a zero-order number and a regular number according to a splitting rule, where the zero-order number is an integer obtained by taking the remainder of the data element and the N-th power based on M, the regular number is a remainder obtained by taking the remainder of the data element and the N-th power based on M, and M, N is a positive integer greater than or equal to 2, respectively.
S106: performing iterative operation on the random number by adopting a reserved format encryption algorithm to obtain the random encrypted number after the random number is encrypted, wherein the reserved format is in the range of 0 to X-1 divided by M N The quotient range of the integer;
the number of the zero-order is usually smaller than the regular integer, however, the number of the zero-order may be larger than the regular integer, and the zero-order is not limited to this, and the data elements and the integer after the N-th power of the base number of M are the whole numbers, so that the range of the zero-order reservation format is 0 to X-1 and the integer after the N-th power of the base number of M are the whole numbers, otherwise, the range of the current data set is easily exceeded.
The mode of the reserved format encryption algorithm is not limited, the random number can be in the form of a secret key, can be in the form of scrambling other data, can also be reserved format encryption algorithms such as FF1, FF2, FF3 and the like, and is not limited, so long as the reserved format encryption algorithm of the random data is ensured, and the reserved format range falls between 0 and X-1 and M N The whole range after the remainder is taken.
Namely:
wherein the symbols areAnd the symbol "" means rounding down.
The encryption algorithm of the reserved format of the random number is iterated for at least one round through multiple rounds, otherwise, the original random number is equivalent to the fact that encryption is not carried out, or the result after encryption is self, so that the encryption strength is insufficient and the encryption safety problem is caused.
The number of specific iterations of the reserved format encryption algorithm is set according to actual needs, the number is not limited here, and the encryption strength of the security can be achieved.
S107: dividing the rule into N-dimensional vector representation forms with M as a base, and obtaining N parameters of the N-dimensional vector;
for the rule, the data is relatively large, so that reasonable splitting is still needed, therefore, according to the technical scheme of the application, the rule is split into N-dimensional vector representation forms taking M as a base, N parameters of the N-dimensional vector are obtained, namely, one rule is split into N-parameter representation forms, the N-dimensional vector representation forms can uniquely determine the current rule, the current rule and the N-dimensional vector representation forms are mutually inverse operation, and the unique rule can be obtained through the N parameters and the N-dimensional vector taking M as the base; and the rule number can uniquely determine N parameters of the N-dimensional vector through an N-dimensional vector representation form based on M.
S108: performing iterative operation by taking the N parameters as the input of a block encryption algorithm to obtain N encrypted parameters corresponding to the encrypted parameters, wherein the range of a reserved format is an integer range from 0 to M-1;
The packet encryption algorithm is verified by the security, and the probability of being cracked is extremely low, so the technical scheme of the invention utilizes the characteristic of high security of the packet encryption algorithm, and ensures the encryption effect of the invention.
Since the rule is an integer range in which the M-base N power is found, when the rule is split into M-base N-dimensional vector representations for the N parameters of the N-dimensional vector, namely
Rule integer fraction=k1×m N-1 +K2*M N-2 …+KN*M N-N
Wherein K1 and K2 … KN are N parameters, and the rule is that the data element mod M N The latter data, therefore N1, is not greater than M, if greater than M, will carry into a random number, and similarly N2 is also not greater than M, otherwise will carry into N1, therefore, the N parameters of the obtained N-dimensional vector are located at 0.ltoreq.N<M, so that N parameters are used as inputs of a block encryption algorithm, the block encryption algorithm is also an encryption algorithm with a reserved format, and N parameters are still in the range of 0- (M-1) even though the N parameters undergo multiple rounds of iterative operation, so that N encrypted parameters are obtained, and the N parameters are still in the range of 0- (M-1).
The number of specific iteration rounds is set according to actual needs, and is not limited herein, so that the encryption strength of the security is achieved.
The number of iteration turns may be the same as or different from the number of iteration turns of the regular number, and the two may be two completely independent processes, may not interfere with each other, may have interference, and is not limited herein.
S109: combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same combined value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
According to the splitting rule, the method is split into two parts of a random number and a regular number, so that after multiple iterations, the obtained result is still in the data set due to the adoption of a format-preserving mode.
After merging according to the merging rules corresponding to the splitting rules to obtain merging values, taking the data to be encrypted corresponding to the data elements with the same merging values in the data set as the encryption result of the data to be encrypted which is currently encrypted, and completing the encryption process.
According to the technical scheme, even if the data set has a certain scale, as the data elements in the data set are reasonably split and each group can run in parallel, the encryption speed is high, isomorphic mapping in one data set is formed, encryption and decryption of the elements in the set can be realized in a symmetric key encryption mode, and the method has the characteristics of simplicity, high operation efficiency and easiness in realization of software and hardware; the technical scheme solves the technical problem of encrypting a certain numerical value from 0 to X-1 into a certain numerical value from 0 to X-1, and can be understood as the function expansion of a common block cipher, and the common block cipher algorithm can only solve the problem that the modulus is 2 32 、2 64 、2 128 、2 256 The encryption transformation problem is integrated on the other class of special modes, and the technical scheme of the application can solve the general modulus problem without being limited by the square power of 2. The encryption problem on the specific set is solved, the encryption problem of the data retention format is also solved on the side, the data retention format is solved by replacing the data to be encrypted corresponding to the corresponding data elements with the data to be encrypted represented by the corresponding data elements in the same data set, the common requirements of the current set are met, and even if the encrypted data can pass the compliance test of the database, the problem that the data cannot be stored due to the fact that the data does not meet the requirements of the database caused by the encryption problem is avoided.
Optionally, as one embodiment, the method further includes: and taking the corresponding encryption parameter determined by one of the parameters in the N-dimensional vector as one of scrambling parameters of which the scrambling part adopts a reserved format encryption algorithm to carry out iterative operation.
One of the parameters in the N-dimensional vector is a corresponding encryption parameter determined by the parameter of the highest-dimensional vector in the N-dimensional vector.
The following is a description of specific examples.
Specifically, the following embodiment is described by taking an example of an id number set, and assuming that the number that can accommodate reasonable id cards is 3900×150×366×1000= 214110000000 in theory in the whole country at present, where 3900 represents about 3900 partitions in the whole country, 150 represents id numbers within 150 years in time span (according to the longest 366 days of a year), 366 represents days (1000 represents at most 1000 people in the same area on the same day), and therefore, theoretically, the number of compliant id cards can reach 214110000000 at most, and encryption of the 214110000000 id card number needs to be implemented in a reserved format, that is, a mode that one id card number is used to replace another id card number as encrypted data, the encryption process may be as follows:
A data set is generated having 214110000000 digits, i.e., {0,1,2, … …,214109999999}, where 0,1,2, … … each represent an identification number and 0 is calculated as a number, so that the total amount X of elements in the set to be encrypted is 214110000000.
Let m=256, n=4.
214110000000 it can be split into 49×256 4 +3656602496。
For any element X in the collection, X is more than or equal to 0 and less than X, according to X 0 =x/256 4 (rule number) and x 1 =x mod256 4 (nonce), each element x in the set is represented as (x) 0 ,x 1 ) Then 0.ltoreq.x 0 ≤49,0≤x 1 <256 4 . The x is 1 A regular number, x, called the data set 0 Referred to as the nonce of the data set. The rule is based on an ASCII character set of 256 elements, which can be composed of 4 characters or can be understood as 256 4 For representing an 8-bit 16-ary number, i.e. M is a kind of system.
Of course, M can be freely adjusted according to practical needs.
Let m=23 be the number, then x= 214110000000 =1446×23 6 +50104506, x is expressed as a regular number x 1 And a messy part x 0 When x is 0.ltoreq.x 1 < 148035889 (i.e., 23) 6 ),0≤x 0 1446. The rule number may be defined by 529 (23 2 ) The 3-character (6-bit 23-ary number) of the element. Similarly, if 100-ary is used, the decimal number is used as a base number, and the decimal number can be represented by x= 214110000000 =21×100 5 +4110000000, x can also be expressed as a regular number x 1 And a messy part x 0 Two parts, wherein 0.ltoreq.x 1 <4110000000,0≤x 0 And is less than or equal to 21. In this case, the rule is composed of 5 hundred-element characters (10-digit decimal number).
Therefore, the division of the regular number and the random number can reasonably divide the range according to the size of the data set and the actual requirement, so that the data set is located in a reasonable section, and optionally, the regular number and the random number are recommended to be not smaller than 10, so that the nonlinear effect is poor due to the fact that the regular number and the random number are too small, and the safety performance and the encryption effect are influenced.
Continuing with the example of the data set of the identification card number in the above embodiment, a certain element X in the data set, for example, x= 200000000000, needs to be encrypted, and the encrypted ciphertext is required to be smaller than X (i.e., 214110000000). The encryption divides the element x into two parts, namely a regular number and a random number, and when the regular number is based on m=256, the regular number can be divided into 4 regular characters (8 bits), and the random part can be divided into one random character (0 to 49).
The calculation process is as follows:
(random number)
x 1 =200000000000mod 256 4 = 2431504384 (regular integer)
The regular number is split into N-dimensional vector representation forms (namely M=256 and N=4) based on M, N parameters of the N-dimensional vector are obtained, and the decomposition process is as follows:
Regular number 2431504384 =144×256 3 +237×256 2 +208×256 1 +0×256 0
=144×256 3 +237×256 2 +208×256+0
Then, the parameter of the 1 st dimension vector is 0, the parameter of the 2 nd dimension vector is 208, the parameter of the 3 rd dimension vector is 237, and the parameter of the 4 th dimension vector is 144.
And carrying out iterative operation by taking the N parameters as the input of a block encryption algorithm to obtain N encrypted parameters corresponding to the encrypted parameters, wherein the process can be shown in figure 2.
For a better illustration of the embodiments of the present invention, a portion of this embodiment is described by taking the AES method in block encryption algorithm as an example, but it should be noted that this should not be construed as limiting the invention, and the example in fig. 2 is a description by taking one iteration as an example, and for multiple iterations, a similar manner to the first iteration is adopted.
LP in FIG. 2 0 Represents a random number, P 03 Representing the 4 th dimension parameter 144, P 02 Representing the 3 rd dimension parameter 237, P 01 Representing the 2 nd dimensional parameter 208, P 00 Representing the 1 st-dimensional parameter 0,representative Format Retention encryption Algorithm wherein the Retention encryption Range of regular integers is an integer range of 0 to M-1, for example, the encryption Range of Retention is 0-255, and the range of the Retention of zero numbers is 0 to +.>Integer in the range of 0-49.
Then, when the corresponding parameters adopt the format-preserving encryption algorithm in the packet encryption algorithm, the result is changed to P 00 For example, representing the 1 st dimension parameter 0, generally, the result after encryption will be different from the previous parameter, such as the 1 st dimension parameter is changed from 0 to the 1 st dimension encryption parameter 240 after the first iteration of encryption, which is, of course, affected by the packet encryption algorithm and the format-preserving encryption algorithm, which is only exemplified here.
After all 4 groups of encryption parameters adopt the format reserved encryption algorithm in the block encryption algorithm, as shown in fig. 2, the encryption parameters of the 3 rd group and the encryption parameters of the 4 th group can be used as one of scrambling parameters for performing iterative operation by adopting the reserved format encryption algorithm as a random number, of course, the 1 st and 2 nd dimension encrypted parameters can also be used as scrambling parameters of the random number, the encryption process of scrambling the random number by which group of dimension encryption parameters can be used, and the encryption process can be one group or multiple groups, so long as the encrypted encryption parameters generated by the regular number are used as the scrambling parameters of the random number, and the method belongs to the protection scope of the invention, and the method is not limited.
In the encryption process, the encryption parameters generated by the 1 st dimension parameter scramble the encryption parameters generated by the 2 nd dimension, the encryption parameters generated by the 2 nd dimension parameter scramble the encryption parameters generated by the 3 rd dimension, and the encryption parameters generated by the 3 rd dimension parameter scramble the encryption parameters generated by the 4 th dimension, so that a better encryption effect can be obtained.
Since the encryption parameters generated in the 1 st, 2 nd and 3 rd dimensions have been used, one of the parameters in the N-dimensional vector is the corresponding encryption parameter determined by the parameter of the highest-dimensional vector in the N-dimensional vector, and taking the embodiment of the present invention as an example, the encryption parameter generated in the 4 th dimension scrambles the encryption process of the nonce, as shown in fig. 3.
The method has the advantages that the used encryption parameters are not used any more, the difficulty of decoding is increased, the encryption security can be improved, and the encryption effect of random numbers is improved.
Continuing with the above embodiment, since the encryption parameters generated in the 1 st, 2 nd, 3 rd and 4 th dimensions have been used, the encryption parameters are subjected to a left shift operation again, as shown in fig. 2 and 3, and one 256-bit character may be represented by a two-bit 16-ary number, so that after the encryption parameters are generated in the first round, the generated encryption parameters are subjected to a left shift of the 16-ary number by one bit, and after the parameters after the encryption parameters are subjected to the encryption in the highest dimension are subjected to the left shift, the 16-ary number of the highest bit becomes the lowest bit of the lowest dimension, that is, the operation of a left shift of one bit is performed in one cycle, as shown in fig. 2 and 3.
For example, in the 1 st round of iterative encryption process, the 1 st dimension parameter is changed from 0 to the 1 st dimension encryption parameter 240, and the 2 nd dimension P 01 Representing the 2 nd dimension parameter 208, the encrypted parameter becomes 176, the 3 rd dimension P 02 The parameter representing the third dimension is 237, and becomes 048 after encryption, 4 th dimension P 04 The parameter representing the fourth dimension is 144, which becomes 159 after encryption.
Then 240 is represented as F0 with a two-bit 16 number, 176 is represented as B0 with a two-bit 16 number, 048 is represented as 30 with a two-bit 16 number, and 159 is represented as 9F with a two-bit 16 number.
When shifting one bit to the left in a 16-ary number cycle, according to the above embodiment, P 10 Is 09, P 11 0F, P 12 0B, P 13 F3.
Will P 10 09, P of (F) 11 0F, P of (F) 12 0B, P of (2) 13 And (3) repeating the steps as a different four-dimensional parameter of the next iteration, wherein the number of the iteration rounds is not limited here, and at least one round of the random number and the regular number is iterated.
Of course, it is also possible to use a cyclic shift of one bit to the right, which is not limited herein, and those skilled in the art will appreciate that the technical solutions to be expressed by the present invention are not listed herein.
The regular and random part sizes can be set by themselves when the size of the remaining class set is given. Similarly, m= 214110000000, where m=1000, n=3, and m= 214110000000 =214×1000 3 As can be seen from +110000000, this regular number has 3 characters, each being a 3-digit decimal number, again taking element 200000000000 as an example,
from X 0 =200000000000/10 3X3 =200。
X 1 =200000000000mod 10 3X3 =0=0×1000 2 +0×1000+0。
Thus, the obtained zero random number LP 0 200, and the three parameters of the rule are (P 02 ,P 01 ,P 00 )=(0,0,0)。
At this time, P 02 ,P 01 ,P 00 Is composed of three decimal numbers, and when moving left or right, the decimal numbers can be moved left/right by one to two decimal numbers, that is, the number of digits of displacement is not necessarily one, and can be according to actual requirementsA corresponding shift to the left/right by P bits is performed.
Typically, to ensure encryption security, the number of iterations may be set to 32, or even 64, iterations.
It should be noted that the number of iteration rounds of the random number may be the same as or different from the number of iteration rounds of the regular number, and if the number of iteration rounds of the random number and the number of iteration rounds of the regular number are different, only the definition is needed, and the number of dimension encryption parameters of the number of rounds in the regular number iteration are needed to be used for disturbing the random portion.
For example, the number of rounds of iteration of the nonce is 16, and the number of rounds of iteration of the regular number is 32 (is 2 times of the number of rounds of the nonce), then the corresponding encryption parameter determined by the parameter of the vector of the highest dimension of the even number of rounds of the regular number may be defined as one of the scrambling parameters of the nonce, of course, the corresponding encryption parameter determined by the parameter of the vector of the highest dimension of the odd number of rounds of the regular number may be one of the scrambling parameters of the nonce, or some specified rounds, such as the corresponding encryption parameter determined by the parameter of the vector of the highest dimension of the first 16 rounds of iteration of the regular number, may be used as the scrambling parameter of the nonce, which is not exemplified here, and those skilled in the art may flexibly set the scrambling parameter of the regular number according to actual needs.
Optionally, as one embodiment, the method further includes:
according to data elements X-1 and M N Dividing the integer quotient, determining the element number of the first S box, and determining a substitution table of the first S box;
the method comprises the steps of carrying out iterative operation on the random numbers by adopting a reserved format encryption algorithm to obtain random encrypted numbers after the random numbers are encrypted, and specifically comprises the following steps:
and executing iterative permutation calculation on the random numbers according to the permutation table of the first S box to obtain encrypted random encryption numbers.
The first S-box is derived from a key, which is determined when receiving data to be encrypted.
The following description is made by way of specific example, and is shown in fig. 4.
According to division of data element X-1 by M N Dividing the first integer quotient to determine a firstThe number of elements of the S-box determines the substitution table of the first S-box.
Taking the above embodiment as an example, when M is 256 and n is 4, the number of elements of the first S-box (S1 in fig. 4) can be determined to be 50 elements (0-49), that is:therefore, the process of calculating the number of elements of the first S-box is:
the maximum value corresponding to the zero order is only up to 49, then the element number of the first S-box is determined to be 50, (note: 0 is treated as a number) and therefore the content of the substitution table of the first S-box is a substitution between integer numbers between 0 and 49.
The manner of generating the S-boxes with the specified number of elements belongs to the prior art, and a person skilled in the relevant art can determine the corresponding first S-box according to the number of elements and the requirement determined by the S-boxes.
In some block cipher algorithms, the S-box is the only nonlinear device, and increasing the nonlinear strength or unpredictability of the S-box can improve the security of the algorithm.
After querying the S-box, a simple shift transformation is made, which is a simple linear transformation, with the aim of enhancing the hybrid diffusion effect. If a more complex linear transformation is used, such as the line shift plus column mixing used in AES, the mixing diffusion effect will be better, contributing to the security performance. The present invention is described by taking an S-box as an example.
The first S box may be pre-designated because after receiving all the data to be encrypted, the range of the regular number and the range of the random number split according to the split rule may be basically determined according to the split rule, no change occurs, but may be set by itself according to actual needs when generated, no change occurs after the setting is completed, and thus, after receiving all the data to be encrypted and determining M and N, the range corresponding to the regular number and the range of the random number have been completely determined, and thus the first S box may be pre-designated.
Of course, as one of the embodiments, the first S-box may be derived from a key, which is determined when receiving the data to be encrypted. That is, when receiving data to be encrypted, a key is determined in addition to receiving the data, the key can be designated when receiving the data, or can be determined from a plurality of keys which are originally agreed, and the transmission mode of the key can be different from that of the received data.
The key and the determined element number of the S box are used for generating a first S box by the key, the key scale can be equal to that of a common block cipher algorithm, the key is not limited, the specific generation mode is different according to different keys and requirements on the S boxes, but when the key is determined and the requirements of the S boxes are determined, the generated S box is fixed, so that an encryption party and a decryption party can generate the same S box when the same key is held.
After the first S box is determined, carrying out iterative operation on the random numbers by adopting a reserved format encryption algorithm to obtain random encryption numbers after random encryption, wherein the method specifically comprises the following steps of:
and executing iterative permutation calculation on the random numbers according to the permutation table of the first S box to obtain encrypted random encryption numbers.
As shown in fig. 4, after the random number is encrypted in the reserved format, the first S box performs a replacement calculation to obtain a random encrypted number after the random number is encrypted, so as to improve the security intensity of the random number.
Optionally, as one embodiment, the method further includes:
dividing data set element X-1 by M N The integer quotient after that determines a first data range, derives a sufficient number of round keys according to the first data range, the expected iteration round number and the key, wherein the key is determined/obtained in advance/agreed when receiving data to be encrypted, and the round keys are series key parameters used in each round of iteration process of key derivation;
before the zero-order number performs the iterative permutation calculation according to the permutation table of the first S-box, further comprising:
scrambling the random number reserved format encryption algorithm according to the round key to obtain a second encrypted number;
the second encrypted number is taken as a new nonce.
The following is a description of a specific embodiment, as shown in fig. 5.
According to the division of data element X-1 by M in the data set N To determine a first data range, which can be understood as a random range, for example, in the above embodiment, then the first data range isI.e. the generated round key ranges from an integer between 0 and 49 (LK 0 、LK 1 … …) may be the same as or different from the keys of the first S-box derived from the above embodiment, and if different, it is necessary to determine whether each key is used to generate the first S-box or the round key when receiving all the data to be encrypted and receiving different keys.
Many methods for deriving round keys are available, and a common method is to recursively obtain a long sequence from the key in a linear or nonlinear recursion mode, and intercept a plurality of round keys in a piecewise manner on the sequence. Of course, other ways of generating round keys may be used, the round keys not being identical to each other.
Thus, before the zero-nonce performs an iterative permutation calculation according to the permutation table of the first S-box, it further comprises:
scrambling the random number reserved format encryption algorithm according to the round key to obtain a second encrypted number;
the second encrypted number is taken as a new nonce.
Since the reserved format range of the nonce is different from that of the regular number, taking the above embodiment as an example, the range of the nonce is 0 to 49, and the reserved format range of the regular number is 0 to 255, it is necessary to execute the reserved format range of the nonce when the regular number is scrambled as a scrambling parameter.
Set LK to 0 45, LP 0 49, P 03 The resulting encrypted number is 159, which is then converted to a 16-ary numberAfter that, LK 0 2D, LP 0 Is 31, P 03 For 9F, the second encryption number may be obtained by adding the three, and then taking the remainder with the maximum number +1 of the reserved format, or it may be understood that the remainder is taken by the element number (50) of the first S-box, and 50 is converted into hexadecimal number 32, then this step may be understood as (2d+31+9f) mod 32=fd mod 32=03, and 03 is taken as the second encryption number, and then the substitution of the first S-box is performed to generate LP 1
Optionally, as one embodiment, the method further includes:
determining a second S box of M elements according to M;
performing iterative operation by taking the N parameters as the input of a block encryption algorithm to obtain N encrypted parameters corresponding to the encrypted parameters, wherein the method specifically comprises the following steps:
n parameters are respectively used as input parameters of the same round of block encryption algorithm, the input parameters are subjected to replacement calculation through a replacement table of a second S box, N encrypted numbers after encryption are obtained, and the N encrypted numbers are used as input parameters of the next round of block encryption algorithm iterative operation.
The second S-box is derived from a key, which is determined when receiving the data to be encrypted.
The following description is made by way of specific example, and is shown in fig. 6.
When performing the format-preserving encryption algorithm in the block encryption algorithm, the low-dimensional parameter can be used as a scrambling parameter with a smaller dimension, such as P 00 The generated encryption parameters as scrambling P 01 One of the scrambling parameters in the reserved format encryption process, therefore, a second S-box may be added after the reserved format encryption algorithm.
Continuing with the above embodiment as an example, when that M is 256, the number of elements of the second S box is 256, i.e., a numerical substitution table between 0 and 255 is generated.
The second S box may be pre-designated because after receiving all the data to be encrypted, the range of the regular number and the range of the random number split according to the split rule may be basically determined according to the split rule thereof, may not be changed, but may be set by itself according to actual needs when generated, and may not be changed after the setting is completed, and thus, after receiving all the data to be encrypted and determining M and N, the range corresponding to the regular number and the range of the random number have been completely determined, and thus the second S box may be pre-designated.
Of course, as an embodiment, the second S-box may be derived from a key, where the key is determined when receiving the data to be encrypted, and the determination manner of the key may be referred to the above embodiment, which is not described herein. The key and the determined number of elements of the S box are used to generate a second S box, the key size can be equal to that of a common block cipher algorithm, the key is not limited here, the specific generation mode is different according to different keys and requirements on the S box, but when the key is determined and the requirements on the S box are determined, the generated S box is fixed.
Of course, the second S boxes may be the same or different for each set of rule according to actual needs, and if they are different, different second S boxes may be generated by a pre-specified manner or according to different keys, which is not limited herein.
Alternatively, as one embodiment, the second data range is determined according to M, and a derivative sufficient number of round keys are determined according to the second data range, the expected iteration round number and the key, the key is determined when receiving the data to be encrypted/obtained in advance/agreed, and the round key is a series key parameter used in each round of iteration process of key derivation;
after the N parameters are respectively used as the input parameters of the same round of packet encryption algorithm, after the input parameters are subjected to permutation calculation through the permutation table of the second S box, the method further comprises:
respectively encrypting N parameters according to the round keys of each dimension of each round to respectively obtain N third encryption numbers;
the N third encryption numbers are used as new input parameters.
The following is a description of a specific embodiment, as shown in fig. 7.
Taking the above embodiment as an example, when m=256, the second data range is 0-255, and a derivative sufficient number of round key determinations are determined according to the second data range and the key.
The key may be the same as or different from the key described above, and is not limited thereto.
The method for deriving round keys is many, and a common method is that a long sequence is recursively obtained from the keys in a linear or nonlinear recursion mode, and a plurality of round keys are intercepted in a segmented mode on the sequence, so that the generated round keys are not identical.
Since the regular numbers are grouped, the generated round keys are often times the round keys of the random numbers, and the round keys required by the regular numbers are described by taking the regular numbers of the 4 dimensions as an example, if the round numbers of the random numbers are the same as the round numbers of the regular numbers as an example, the number of the round keys required by the regular numbers is: number of packets of regular number of rounds.
Taking the above embodiment as an example, the round keys generated by the first round of the regulating part are respectively K 00 、K 01 、K 02 、K 03 Respectively encrypting N (4) parameters according to the round key of each round to respectively obtain N (4) third encryption numbers;
and taking the N third encryption numbers as new input parameters, and performing permutation calculation on the input parameters through a permutation table of the second S box.
Optionally, as one embodiment, the rule is split into N-dimensional vector representations based on M, and N parameters of the N-dimensional vector are obtained, which specifically includes:
And (3) performing iteration: taking the integer obtained by taking the margin of the N-i power of the regular and the M base as the parameter of the N-i+1-th dimensional vector, and taking the remainder obtained by taking the margin of the N-i power of the regular and the M base as the integer of the N-i power of the next round of M base;
wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer greater than or equal to 1.
Taking the above embodiment as an example, when x=214110000000, m=256, and n=4, taking the element 200000000000 in the data set as an example, the rule is split into N-dimensional vector representations based on M, and N parameters of the N-dimensional vector are obtained, where the procedure is as follows:
(random number)
Then the rule number is x 1 =200000000000mod 256 4 =2431504384
Splitting the rule into N-dimensional vector representations based on M (i.e., m=256, n=4, i.e., 256) 4 ) And N parameters of the N-dimensional vector are obtained, and the decomposition process is as follows:
when i=1, taking the integer after the integer and the M base are N-i power, as the parameter of the N-i+1-th dimension vector, namely taking the integer 2431504384 and 256 as the base and the 3 power integer as the parameter of the 4 th dimension, and taking the remainder as the integer of the next round, the process is as follows:
regular number 2431504384 =144×256 3 +15585280
Then, N parameters of the N-dimensional vector are obtained, i.e., the 4-dimensional parameter of the 4-dimensional vector is 144, and the remainder is 15585280.
When i=2, the remainder is 15585280 as a regular integer, an integer after the remainder is raised to the power of 2 with the base of M (256) is used as a parameter of the 3 rd dimension vector, and the remainder is used as a regular integer of the next round, and the process is as follows:
regular number 15585280 =237×256 2 +53248
Then, N parameters of the N-dimensional vector are obtained, i.e., the 3 rd dimensional parameter of the 3 rd dimensional vector is 237 and the remainder is 53248.
When i=3 (i is less than or equal to 3), the remaining number 53248 is an integer obtained by taking the remainder of the standard integer and the 1 st power of 256 base numbers, namely, the parameter used as the 2 nd dimension vector is the remainder of taking the standard integer 53248 and 256 base numbers as the 1 st power, and the process is as follows:
regular number 53248 =208×256 1 +0
The 2 nd dimension parameter of that 2 nd dimension vector is 208 and the remainder is 0.
And any of the powers 0 based on non-0 is 1, thus, it can be understood that 0X 256 0 = 0*1 =0, and therefore the parameter in the first dimension is 0.
When i=4, the iteration condition is not satisfied, the current loop is exited, and therefore, for the current embodiment, the current loop is ended by i=3.
Optionally, as one embodiment, the corresponding merging rule specifically includes:
taking N encryption numbers as N parameters corresponding to an N-dimensional vector representation form taking M as a base, and calculating a first result according to the N parameters and the N-dimensional vector taking M as the base;
Multiplying the result obtained by multiplying the random encryption number by the nth power of the base number of M as a second result;
the first result is added to the second result.
The following description is made by way of specific example, and is shown in fig. 8.
Continuing with the description of the above embodiments, taking the data set x= 214110000000 as an example, taking the data element x= 200000000000 in the data set as an example, m=256, n=4, when the zero-order number and the regular integer iterate 32 rounds, the obtained zero-order number is 40, and for the fourth-dimensional vector P obtained by the regular integer 323 =14, third dimension vector P 322 =251, second dimension vector P 321 =139, first dimension vector P 320 =51。
Then, taking the N encrypted numbers as N parameters corresponding to the N-dimensional vector representation form based on M, and calculating a first result according to the N parameters and the N-dimensional vector based on M, wherein the first result is specifically:
first result=p 323 ×256 3 +P 322 ×256 2 +P 321 ×256+P 320
=14×256 3 +251×256 2 +139×256+51
=251366195
Second result = LP 32 ×256 4 =40×256 4 =171798691840
The first result and the second result are added to obtain a combined value, and thus the obtained combined value has a result of 172050058035.
The data to be encrypted corresponding to the data elements with equal combined values in the data set is taken as the encryption result of the data to be encrypted which is currently encrypted, namely the data to be encrypted corresponding to the data set element 172050058035 is taken as the encryption result of the data to be encrypted of the data element x= 200000000000.
It is also understood that the identification card number corresponding to the data set element= 172050058035 is used as the encryption result of the identification card number corresponding to the data element x= 200000000000.
Optionally, as one embodiment, when it is determined that the first result and the second result are greater than the data element X-1, the sum of the first result and the second result is added as an element in the data set, and the encryption process is performed again.
The following is a description of specific examples.
If the obtained random encryption number is smaller than the value obtained by taking the data elements X-1 and M as the integers of the base power of N, the sum of the first result and the second result is necessarily smaller than the maximum element X-1 in the data set, that is, the sum obtained at this time is necessarily in the data set.
If the obtained random encryption number and data element X-1 are divided by M N When the rounded values are equal, in this case, there is a certain probability that the sum value is larger than the data element X-1 after the sum of the first result of the rule number obtained according to the merging rule, and therefore, in this case, the sum of the first result obtained and the second result obtained needs to be added again as an element in the data set, and although the sum value obtained at this time is larger than the element in the data set, the value is not affected as an element in the data set and encryption processing is performed. After the encryption step is performed again, generally, the obtained sum value result will be located in the data set, and if the sum value is still greater than the maximum element X-1 in the data set, the encryption step is performed again until the obtained sum value is located in the data set.
Optionally, the embodiment of the present invention further provides an arbitrary set decryption method, where the encryption method of the above embodiment is used for encryption, including:
receiving encrypted data;
obtaining data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data and the data elements in the data set;
the received encrypted data is subjected to decryption processing as follows:
splitting into a scattered encryption number and a regular encryption number according to a splitting rule according to the data elements;
the hashed data element divided by M N The integer quotient is obtained by dividing the rule into data elements and M N Taking the remainder after the remainder;
performing iterative inverse operation on the scattered encrypted number by adopting a reserved format encryption algorithm to obtain a scattered decrypted number after the scattered encrypted number is decrypted;
the regular encryption number is split into N-dimensional vector representation forms taking M as a base number, and N encryption parameters of the N-dimensional vector are obtained;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
combining the scattered decryption number with the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
The following description is made by way of specific example, and is shown in fig. 9.
S901: receiving encrypted data;
the number of received encrypted data may be plural or one, and is not limited herein.
S902: obtaining data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data and the data elements in the data set;
in the encryption process, the one-to-one correspondence between each piece of data to be encrypted and a unique one of different data elements in the data set can be determined, and the encrypted data is only subjected to isomorphic mapping on the elements in the data set, and the encrypted data does not change and corresponds to a certain data element.
That is, in the decryption process, the corresponding relationship between the data set and the data to be encrypted needs to be determined according to the corresponding relationship between each data to be encrypted and one unique different data element in the data set, after the encrypted data to be decrypted is received, the isomorphic mapped data element of the current data element in the data set is determined according to the corresponding decryption process determined in the encryption process, that is, the data element in the data set corresponding to the encrypted data is determined according to the corresponding relationship between the encrypted data and the data element in the data set, and then the isomorphic mapped data element of the current data element is determined to determine the decryption result of the encrypted data.
S903: determine whether decryption of received encrypted data is complete?
If yes, step S904 is executed, if not, step S905 is executed, and the decryption process is executed on the received encrypted data.
S904: and (5) ending.
And (5) all the received encrypted data are decrypted, and the decryption flow is ended.
S905: splitting into a scattered encryption number and a regular encryption number according to a splitting rule according to the data elements;
the hashed data element divided by M N The integer quotient is obtained by dividing the rule into data elements and M N The remainder after the remainder is taken.
The splitting process of this step is the same as that of step S105, and will not be described here again.
S906: performing iterative inverse operation on the scattered encrypted number by adopting a reserved format encryption algorithm to obtain a scattered decrypted number after the scattered encrypted number is decrypted;
that is, the inverse operation of step S106 is performed, after the encryption operation of the hash encryption algorithm is performed on the hash encryption number, the operation is performed by using a corresponding hash decryption algorithm, so as to obtain a hash decryption number after decryption of the hash encryption number.
S907: the regular encryption number is split into N-dimensional vector representation forms taking M as a base number, and N encryption parameters of the N-dimensional vector are obtained;
the steps are the same as the steps of S107, and will not be described in detail herein, and those skilled in the art may obtain the technical solution to be expressed in the steps according to the above embodiment.
S908: performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
the step is the inverse operation of step S108, i.e. the inverse operation of the iteration of the block encryption algorithm, and is opposite to the encryption process, because the encryption transformation adopted in the present invention is a reversible transformation, the corresponding N decryption parameters after decryption can be obtained by the inverse transformation of the encryption transformation.
S909: combining the scattered decryption number with the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
The step S109 is the same operation method as that of the step S, and will not be described herein again, and a person skilled in the art may obtain the technical solution to be expressed in the step S according to the above embodiment.
Optionally, as one embodiment, the method further includes: and taking the corresponding decryption parameter determined by one of the encryption parameters in the N-dimensional vector as one of the descrambling parameters of the random portion which is subjected to iterative operation by adopting a reserved format encryption algorithm.
One of the encryption parameters in the N-dimensional vector is a corresponding decryption parameter determined for the encryption parameter of the highest-dimensional vector in the N-dimensional vector.
The following description is given.
As shown in fig. 2 and 3, in order to increase the encryption difficulty of the random number, the encrypted number generated by the regular number is used as a scrambling parameter in the encryption process of the random number, so that in the decryption process, the corresponding encryption parameter determined by one of the parameters in the N-dimensional vector is used as one of descrambling parameters in the iterative operation of the random portion by adopting a reserved format encryption algorithm, and the correct decryption can be achieved.
If, during encryption, as shown in fig. 3, one of the parameters in the N-dimensional vector is the corresponding encryption parameter determined by the parameter of the highest-dimensional vector in the N-dimensional vector, accordingly, during decryption, one of the encryption parameters in the N-dimensional vector is the corresponding decryption parameter determined by the encryption parameter of the highest-dimensional vector in the N-dimensional vector.
In the encryption process, the format in the adopted block encryption algorithm keeps the inverse operation of the encryption algorithm, in the decryption process, corresponding reverse displacement operations such as shifting one bit/two bits leftwards/rightwards and the like are needed, and correspondingly, in the decryption process, displacement operations opposite to the encryption process, namely shifting one bit/two bits rightwards/leftwards, are executed, so that it is clear how to realize the method for those skilled in the art, and therefore, the description is not repeated here.
Alternatively, as one embodiment, the data element X-1 is divided by M N The integer quotient after that, the element number of the first S box is determined, the substitution table of the first S box is determined, and the inverse transformation of the first S box is determined;
the method for obtaining the scattered decryption number after the scattered encryption number is decrypted by adopting the iterative inverse operation of a reserved format encryption algorithm comprises the following steps:
and performing iterative permutation calculation on the scrambled numbers according to the inverse transformation of the first S box to obtain decrypted scrambled decrypted numbers.
The first S-box is derived from a key, which is determined/obtained in advance/agreed upon receipt of the encrypted data.
The following description will be given with reference to fig. 4.
If the first S-box is adopted to perform encryption replacement during encryption, the first S-box is required to perform decryption during decryption, and if the first S-box is predetermined, the inverse transform S1 corresponding to the first S-box can be derived from the predetermined first S-box -1
When determining the inverse transform S1 of the first S box -1 After that, the random encryption number can be decrypted according to the inverse transformation of the first S boxObtaining the decrypted random decryption number.
If the first S-box is derived from the key, the key is determined when receiving the encrypted data, and the determination method of the key can be referred to the above embodiment, which is not described herein. Then, after determining the range of X, M, N and the reserved format, the first S box can be determined according to the key if the key is fixed, so that if the first S box is derived from the key, the corresponding inverse transform S1 of the first S box is derived from the first S box derived from the key -1 And (3) obtaining the product.
Alternatively, as one embodiment, the element X-1 in the data set is divided by M N The latter integer quotient, determining a first data range, deriving a sufficient number of round keys based on the first data range, the expected iteration round number and the key, the key being determined/obtained in advance/agreed upon receipt of the encrypted data;
after performing the iterative permutation calculation of the hashed encryption number according to the inverse of the permutation table of the first S-box, further comprising:
decrypting the random encryption number according to the round key to obtain a second decryption number;
the second decrypted number is taken as a new hash encryption number.
The following description will be given with reference to fig. 5.
In the decryption process, the corresponding relation between the data set and the data to be encrypted is determined according to the corresponding relation between each data to be encrypted and a unique one of different data elements in the data set, the encrypted data to be decrypted is received, and isomorphic mapping in the data set is determined according to the corresponding decryption process determined in the encryption process. But in order to improve the security of the encrypted data, in the process of encrypting the isomorphic map of the data elements forming the data set, a corresponding round key is added for disturbing the encryption process of the nonce.
Therefore, if the round key participates in the encryption process of the random number during encryption, the round key is divided by M according to the data element X-1 in the data set during decryption N Determining a first data range based on the integer quotient of (1) and the secretThe round key is generated when the key is fixed after the key and the data sets X-1 and M, N are determined, and the round key is generated when the key is fixed.
After the round key is determined, decrypting the random encryption number by adopting a corresponding decryption method according to the round key to obtain a second decryption number; and taking the second decryption number as a new random encryption number, and performing an iterative calculation process to complete a corresponding decryption process.
Optionally, as one embodiment, the method further includes:
determining a second S box of the M element according to the M, and determining the inverse transformation of the second S box;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain decrypted corresponding N decryption parameters, wherein the method specifically comprises the following steps:
and respectively taking the N encryption parameters as encryption input parameters of the same round of packet decryption algorithm, and carrying out replacement calculation on the encryption input parameters through inverse transformation of a second S box to obtain N decrypted parameters after decryption, wherein the N decrypted parameters are taken as encryption input parameters of iterative operation of the next round of packet decryption algorithm.
The second S-box is derived from a key, which is determined when the encrypted data is received.
The following description is given with reference to fig. 6.
The second S box belongs to the S box similar to the first S box, and the generation mode of the S box belongs to the prior art. In the encryption process of the regular number, if the second S box is used to perform nonlinear transformation on the regular number, the decryption process still needs the second S box to participate in the decryption process.
Thus, from M, a second S-box of M-ary is determined, and an inverse transform S2 of the second S-box is determined -1
The decryption process corresponds to the encryption process, N encryption parameters are respectively used as encryption input parameters of the same round of packet decryption algorithm, and the encryption input parameters pass through the inverse transformation S2 of the second S box -1 Performing substitution calculation to obtain N decrypted parameters, NThe decryption parameters are used as encryption input parameters for the iterative operation of the next round of packet decryption algorithm.
The second S-box may be pre-generated from M, then the inverse transform S2 of the second S-box may be directly derived -1 If the second S-box is derived from a key that is determined/obtained in advance/agreed upon receipt of the encrypted data, then, likewise, after the second S-box is derived from the key, the inverse S2 of the second S-box is derived -1 For the decryption process corresponding to the encryption process.
Optionally, as one embodiment, the method includes splitting the regular encryption number into N-dimensional vector representations based on M, and obtaining N encryption parameters of the N-dimensional vector, which specifically includes:
and (3) performing iteration: taking the integer obtained by taking the integer encryption number and the N-i power of the M base as encryption parameters of the N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer encryption number and the N-i power of the M base as the integer encryption number of the N-i power of the M base of the next round;
wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer greater than or equal to 1.
The process is the same as the encryption process described above, and is used to determine the N-dimensional parameters of the N-dimensional vector, and the above embodiment is specifically seen, which is not described herein.
Optionally, as one embodiment, the corresponding merging rule specifically includes:
taking the N decryption parameters as N parameters corresponding to an N-dimensional vector representation form taking M as a base, and calculating a first result according to the N parameters and the N-dimensional vector taking M as the base;
a result obtained by multiplying the random decryption number by the power of N of the base number of M is used as a second result;
the first result is added to the second result.
The process is the same as the encryption process described above, and is used for determining the isomorphic mapped data elements corresponding to the data elements in the current data set, which can be seen in the above embodiment specifically, so that the description is omitted.
Optionally, as one embodiment, when it is determined that the first result and the second result are greater than the data element X-1, the sum of the first result and the second result is added as an element in the data set, and the decryption process is performed again.
In the encryption process, a certain small probability event exists, namely, after a certain element in the data set is subjected to encryption operation, the obtained isomorphic mapping is outside the current data set element (namely, the first result and the second result are larger than the data element X-1), so that the data element is subjected to encryption again in the encryption process, and the obtained sum value is outside the current data set element in the decryption process because the process is a reversible process, at the moment, the sum of the first result and the second result is taken as the element in the data set again, decryption processing is carried out again, generally, the obtained sum value is located in the data set, and if the result is still larger than the maximum element X-1 in the data set, the decryption processing step is carried out again until the obtained sum value is located in the data set.
Optionally, an embodiment of the present invention further provides an encryption device 1000, as shown in fig. 10, including:
A receiving module 1001, configured to receive all data to be encrypted;
a mapping module 1002, configured to determine, according to the number X of data to be encrypted, a data set containing X data elements, where the X data elements are integers from 0 to X-1; each piece of data to be encrypted corresponds to a unique one of different data elements in the data set one by one;
a generation module 1003, configured to perform encryption processing on each data element in the data set;
the encryption processing specifically comprises: splitting the current data element into a random number and a regular number according to a splitting rule; wherein the nonce is the data element divided by M N The integer quotient is obtained by dividing the rule into data elements and M N Taking the remainder after the remainder; m, N are positive integers greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting a reserved format encryption algorithm to obtain the random encryption number after the random number is encrypted, and preservingThe range of the reserved format is 0 to X-1 divided by M N The quotient range of the integer;
dividing the rule into N-dimensional vector representation forms with M as a base, and obtaining N parameters of the N-dimensional vector;
the N parameters are used as format preservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, the N encrypted parameters are obtained, and the scope of the preservation format is an integer scope from 0 to M-1;
Combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same combined value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
Optionally, an embodiment of the present invention further provides a decryption device, as shown in fig. 11, including:
a receiving module 1101 for receiving encrypted data to be decrypted;
the mapping decryption module 1102 is configured to obtain a data element in the data set corresponding to the encrypted data according to the correspondence between the encrypted data in the mapping module 1002 and the data element in the data set;
a decryption module 1103 for performing decryption processing on the received encrypted data;
the decryption process specifically comprises the following steps:
splitting into a scattered encryption number and a regular encryption number according to the splitting rule according to the data elements;
the hash number is the data element divided by M N The integer quotient is the data element and M N Taking the remainder after the remainder;
the scattered encryption number adopts the reserved format encryption algorithm to carry out iterative inverse operation to obtain the scattered decryption number after the scattered encryption number is decrypted, and the reserved format ranges from 0 to X-1 and M N Taking the remaining integer range;
the regular encryption number is split into N-dimensional vector representation forms taking M as a base number, N encryption parameters of the N-dimensional vector are obtained, and the range of the reserved format is an integer range from 0 to M-1;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
combining the scattered decryption number and the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
Optionally, an embodiment of the present invention further provides an electronic device, including: a memory and a processor, wherein the memory is configured to store,
a memory for storing computer instructions;
a processor configured to execute computer instructions to implement an encryption method according to any of the embodiments described above and/or a decryption method according to any of the embodiments described above.
Optionally, an embodiment of the present invention further provides a computer readable storage medium, where a computer program is stored, where the computer program when executed by a processor implements a method according to any of the above embodiments, and/or a method according to any of the above embodiments.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made in the present application without departing from the spirit or scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to cover such modifications and variations.

Claims (26)

1. An arbitrary set element encryption method, comprising:
receiving all data to be encrypted;
determining a data set containing X data elements according to the number X of the data to be encrypted, wherein the X data elements are integers from 0 to X-1; and each piece of data to be encrypted corresponds to a unique data element in the data set one by one;
for each data element in the data set, performing the following encryption process:
dividing the current data element into a random number and a regular number according to a dividing rule; wherein the nonce is the data element divided by M N The integer quotient is the data element and M N Taking the remainder after the remainder; the M, N is a positive integer greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting reserved format encryption to obtain the random encrypted number after the random number encryption, wherein the reserved format of the random encrypted number ranges from 0 to (X-1)/M N Integer quotient range of (2);
taking the integer obtained by taking the integer and the N-i power of the M base as parameters of an N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer and the N-i power of the M base as N parameters for obtaining the N-dimensional vector, wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer which is more than or equal to 1;
The N parameters are used as format preservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, and corresponding N encrypted parameters after encryption are obtained, wherein the format range of the N encrypted parameters is an integer range from 0 to M-1;
combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
2. The method as recited in claim 1, further comprising: and taking the corresponding encryption parameter determined by one of the parameters in the N-dimensional vector as one of scrambling parameters for iterative operation of the messy part by adopting a reserved format encryption algorithm.
3. The method of claim 2, wherein one of the parameters in the N-dimensional vector is a corresponding encryption parameter determined by a parameter of a highest one of the N-dimensional vectors.
4. The method as recited in claim 1, further comprising:
dividing said data element X-1 by said M N The integer quotient after that determines the element number of a first S box and determines the first S box;
The method for obtaining the random encryption number after random encryption by adopting a reserved format encryption algorithm for the random number comprises the following steps:
and the random number performs iterative transformation according to the first S box to obtain the encrypted random encryption number.
5. The method of claim 4, wherein the first S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving data to be encrypted.
6. The method as recited in claim 4, further comprising:
according to the division of the data element X-1 in the data set by the M N Determining a first data range, deriving a sufficient number of round keys based on the first data range, a predicted iteration round number and a key, the key being determined/obtained in advance/agreed upon receipt of data to be encrypted, the round keys being series key parameters used during each round of iterations of the key derivation;
before the random number performs an iterative operation according to the first S-box, the method further includes:
scrambling the reserved format encryption algorithm of the random number according to the round key to obtain a second encrypted number;
and taking the second encrypted number as the new random number.
7. The method as recited in claim 1, further comprising:
determining a second S box of M elements according to the M;
and taking the N parameters as format preservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, so as to obtain N encrypted parameters corresponding to the encrypted parameters, wherein the numerical range of the N encrypted parameters is an integer range from 0 to M-1, and the method specifically comprises the following steps:
and respectively taking the N parameters as input parameters of the same round of block encryption algorithm, transforming the input parameters through the second S box to obtain N encrypted numbers after encryption, and taking the N encrypted numbers as input parameters of the next round of block encryption algorithm iterative operation.
8. The method of claim 7, wherein the second S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving data to be encrypted.
9. The method as recited in claim 7, further comprising:
determining a second data range according to the M, and determining a derivative sufficient round key according to the second data range, the expected iteration round number and a key, wherein the key is determined when receiving data to be encrypted/obtained in advance/agreed, and the round key is a series key parameter used in each round of iteration process of key derivative;
After the N parameters are respectively used as the input parameters of the same round of packet encryption algorithm, before the input parameters are transformed by the second S-box, the method further comprises:
respectively encrypting the N parameters according to the round keys of each dimension of each round to respectively obtain N third encryption numbers;
and taking the N third encryption numbers as new input parameters.
10. The method according to claim 1, wherein the corresponding merge rule specifically comprises:
taking the N encryption numbers as N corresponding parameters in an N-dimensional vector representation form based on the M, and calculating a first result according to the N parameters and the N-dimensional vector based on the M;
multiplying the hash encryption number by M N The obtained result is taken as a second result;
the first result is added to the second result.
11. The method of claim 10, wherein the step of determining the position of the first electrode is performed,
and when the first result and the second result are determined to be larger than the data element X-1, adding the sum of the first result and the second result as an element in a data set, and executing the encryption process again.
12. A method of decrypting any collection element, the collection being encrypted using the encryption method of claim 1, the decryption method comprising:
Receiving encrypted data to be decrypted;
obtaining data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data and the data elements in the data set;
and executing the following decryption processing on the received encrypted data:
splitting into a scattered encryption number and a regular encryption number according to the splitting rule according to the data elements;
the hash number is the data element divided by M N The latter integer quotient, the rule number modulo the data element the M N The remainder after;
performing iterative inverse operation on the scattered encrypted number by adopting the reserved format encryption algorithm to obtain a scattered decrypted number after the scattered encrypted number is decrypted;
taking the integer obtained by taking the integer encryption number and the N-i power of the M base as encryption parameters of an N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer encryption number and the N-i power of the M base as N encryption parameters for obtaining the N-dimensional vector, wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer which is more than or equal to 1;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
Combining the scattered decryption number and the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
13. The method as recited in claim 12, further comprising: and taking the corresponding decryption parameter determined by one of the encryption parameters in the N-dimensional vector as one of the descrambling parameters of the random section which is subjected to iterative operation by adopting a reserved format encryption algorithm.
14. The method of claim 13, wherein one of the encryption parameters in the N-dimensional vector is a corresponding decryption parameter determined for the encryption parameter of the highest-dimensional vector in the N-dimensional vector.
15. The method as recited in claim 12, further comprising:
dividing said data element X-1 by said M N The integer quotient after that, determining the element number of the first S box, determining the first S box and determining the inverse transformation of the first S box;
the method for obtaining the scattered decryption number after the scattered encryption number is decrypted comprises the following steps of:
And the random encryption number is subjected to iterative replacement calculation according to the inverse transformation of the first S box, and the decrypted random decryption number is obtained.
16. The method of claim 15, wherein the first S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving encrypted data.
17. The method as recited in claim 15, further comprising:
according to the division of the data element X-1 in the data set by the M N Determining a first data range, deriving a sufficient number of round keys based on the first data range, a predicted iteration round number, and a key, the key being determined/obtained in advance/agreed upon receipt of the encrypted data;
after the performing iterative transformation of the scrambled number according to the inverse transformation of the first S-box, further comprising:
decrypting the random encryption number according to the round key to obtain a second decryption number;
and taking the second decryption number as the new random encryption number.
18. The decryption method of claim 12, further comprising:
determining a second S box of M elements according to the M, and determining the inverse transformation of the second S box;
Performing iterative inverse operation by taking the N encryption parameters as input of a block encryption algorithm to obtain decrypted corresponding N decryption parameters, wherein the method specifically comprises the following steps:
and respectively taking the N encryption parameters as encryption input parameters of the same round of packet decryption algorithm, carrying out replacement calculation on the encryption input parameters through inverse transformation of the second S box to obtain N decrypted parameters, and taking the N decrypted parameters as encryption input parameters of iterative operation of the next round of packet decryption algorithm.
19. The method of claim 18, wherein the second S-box is derived from a key that is determined/obtained in advance/agreed upon when receiving encrypted data.
20. The decryption method of claim 18, further comprising:
determining a second data range according to the M, and determining a derivative sufficient round key according to the second data range and a key, wherein the key is determined when receiving data to be encrypted/obtained in advance/agreed;
after the N encryption parameters are respectively used as the encryption input parameters of the same round of packet decryption algorithm, after the substitution calculation is performed on the encryption input parameters through the inverse transformation of the second S-box, the method further comprises:
Respectively decrypting the N encryption parameters according to the round key of each round to obtain N decryption numbers;
and taking the N decryption numbers as the new encryption input parameters.
21. The method according to claim 12, wherein the corresponding merge rule specifically comprises:
taking the N decryption parameters as N parameters corresponding to an N-dimensional vector representation form taking M as a base, and calculating a first result according to the N parameters and the N-dimensional vector taking M as the base;
multiplying the random decryption number by M N As a second result;
the first result is added to the second result.
22. The method of claim 21, wherein the step of determining the position of the probe is performed,
and when the first result and the second result are determined to be larger than the data element X-1, adding the sum of the first result and the second result as an element in a data set, and executing the decryption process again.
23. An encryption apparatus, comprising:
the receiving module is used for receiving all data to be encrypted;
the mapping module is used for determining a data set containing X data elements according to the number X of the data to be encrypted, wherein the X data elements are integers from 0 to X-1; and each piece of data to be encrypted corresponds to a unique one of different data elements in the data set one by one;
A generation module for executing encryption processing on each data element in the data set;
the encryption processing specifically comprises the following steps: dividing the current data element into a random number and a regular number according to a dividing rule; wherein the nonce is the data element divided by M N The integer quotient is the data element and M N Taking the remainder after the remainder; the M, N is a positive integer greater than or equal to 2 respectively;
performing iterative operation on the random number by adopting a reserved format encryption algorithm to obtain the random encrypted number after the random number is encrypted, wherein the reserved format of the random encrypted number ranges from 0 to (X-1)/M N Integer quotient range of (2);
taking the integer obtained by taking the integer encryption number and the N-i power of the M base as encryption parameters of an N-i+1-th dimensional vector, and taking the remainder obtained by taking the integer encryption number and the N-i power of the M base as N encryption parameters for obtaining the N-dimensional vector, wherein i is more than or equal to 1 and less than or equal to N-1, and i is a positive integer which is more than or equal to 1;
the N parameters are used as format preservation encryption algorithm input in a block encryption algorithm to carry out iterative operation, and corresponding N encrypted parameters after encryption are obtained, wherein the numerical range of the N encrypted parameters is an integer range from 0 to M-1;
Combining the scattered encryption number and the N encryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the encryption result of the data to be encrypted which is currently encrypted.
24. A decryption apparatus that encrypts using the encryption apparatus according to claim 23, comprising:
the receiving module is used for receiving the encrypted data to be decrypted;
the mapping decryption module is used for obtaining the data elements in the data set corresponding to the encrypted data according to the corresponding relation between the encrypted data in the mapping module and the data elements in the data set;
the decryption module is used for executing decryption processing on the received encrypted data;
the decryption process specifically includes:
splitting into a scattered encryption number and a regular encryption number according to the splitting rule according to the data elements;
the hash number is the data element divided by M N The integer quotient is the data element and M N Taking the remainder after the remainder;
the scattered encryption number adopts the reserved format encryption algorithm to carry out iterative inverse operation to obtain the scattered decryption number after the scattered encryption number is decrypted, and the reserved format range of the scattered decryption number is 0 to the X-1 and the M N Taking the remaining integer range;
taking the integer obtained by taking the integer encryption number and the N-i power of the M base as encryption parameters of an N-i+1 th dimensional vector, and taking the remainder obtained by taking the integer encryption number and the N-i power of the M base as N encryption parameters for obtaining the N dimensional vector, wherein i is equal to or more than 1 and is equal to or less than N-1, i is a positive integer greater than or equal to 1, and the numerical range of the N encryption parameters is an integer range from 0 to M-1;
performing iterative inverse operation by taking the N encryption parameters as the input of a block encryption algorithm to obtain N decrypted corresponding decryption parameters;
combining the scattered decryption number and the N decryption parameters according to a combination rule corresponding to the splitting rule to obtain a combination value; and taking the data to be encrypted corresponding to the data elements with the same merging value in the data set as the decryption result of the encrypted data to be decrypted currently.
25. An electronic device, comprising: a memory and a processor, wherein the memory is configured to store,
the memory is used for storing computer instructions;
the processor being configured to execute the computer instructions to implement the method of any one of claims 1-11 and/or the method of any one of claims 12-22.
26. A computer readable storage medium, characterized in that the computer readable storage medium stores a computer program which, when executed by a processor, implements the method according to any one of claims 1-11 and/or the method according to any one of claims 12-22.
CN202211408430.8A 2022-11-10 2022-11-10 Encryption method, decryption method and electronic equipment for arbitrary set elements Active CN115766190B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211408430.8A CN115766190B (en) 2022-11-10 2022-11-10 Encryption method, decryption method and electronic equipment for arbitrary set elements

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211408430.8A CN115766190B (en) 2022-11-10 2022-11-10 Encryption method, decryption method and electronic equipment for arbitrary set elements

Publications (2)

Publication Number Publication Date
CN115766190A CN115766190A (en) 2023-03-07
CN115766190B true CN115766190B (en) 2023-07-21

Family

ID=85369277

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211408430.8A Active CN115766190B (en) 2022-11-10 2022-11-10 Encryption method, decryption method and electronic equipment for arbitrary set elements

Country Status (1)

Country Link
CN (1) CN115766190B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117240585B (en) * 2023-10-18 2024-05-17 北京海泰方圆科技股份有限公司 Data encryption method, device and medium
CN117240620B (en) * 2023-11-13 2024-02-06 杭州金智塔科技有限公司 Privacy set union system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2428536A1 (en) * 2000-11-13 2002-05-23 Visual Key, Inc. Digital media recognition apparatus and methods
WO2016172259A1 (en) * 2015-04-20 2016-10-27 Microsemi Corp. - Security Solutions High-speed aes with transformed keys
WO2017086828A1 (en) * 2015-11-20 2017-05-26 Huawei Technologies Co., Ltd. Generating a vector based representation of a program for execution in a distributed processing system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1467514B1 (en) * 2003-04-07 2006-06-14 STMicroelectronics S.r.l. Encryption process employing modified chaotic maps and relative digital signature process
DE60322338D1 (en) * 2003-04-07 2008-09-04 St Microelectronics Srl Encryption method using chaotic mappings and digital signature methods
US8345876B1 (en) * 2012-03-06 2013-01-01 Robert Samuel Sinn Encryption/decryption system and method
WO2018153317A1 (en) * 2017-02-24 2018-08-30 陈伟 Chaotic map-based digital chaotic encryption method
IT201700051944A1 (en) * 2017-05-12 2018-11-12 Thales Alenia Space Italia Spa Con Unico Socio PROPAGATION NETWORK OF THE MINIMUM SIZE OF CREDENCE FOR FEC CODIFICATORS AND ITERATIVE DECODERS AND ITS ROUTING METHOD
US10491373B2 (en) * 2017-06-12 2019-11-26 Microsoft Technology Licensing, Llc Homomorphic data analysis

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2428536A1 (en) * 2000-11-13 2002-05-23 Visual Key, Inc. Digital media recognition apparatus and methods
WO2016172259A1 (en) * 2015-04-20 2016-10-27 Microsemi Corp. - Security Solutions High-speed aes with transformed keys
WO2017086828A1 (en) * 2015-11-20 2017-05-26 Huawei Technologies Co., Ltd. Generating a vector based representation of a program for execution in a distributed processing system

Also Published As

Publication number Publication date
CN115766190A (en) 2023-03-07

Similar Documents

Publication Publication Date Title
CN115766190B (en) Encryption method, decryption method and electronic equipment for arbitrary set elements
CN109918923A (en) A kind of multichannel color image chaos encrypting method based on DNA encoding
US10009168B2 (en) System and method for secure communications and data storage using multidimensional encryption
CN107147487B (en) Symmetric key random block cipher
US20080304664A1 (en) System and a method for securing information
WO2012132623A1 (en) Encryption processing device, encryption processing method, and programme
US10148425B2 (en) System and method for secure communications and data storage using multidimensional encryption
Laiphrakpam et al. Encrypting multiple images with an enhanced chaotic map
CN110071794B (en) AES algorithm-based information encryption method, system and related components
Chattopadhyay et al. A verifiable multi-secret image sharing scheme using XOR operation and hash function
US20220382521A1 (en) System and method for encryption and decryption using logic synthesis
CN116418481A (en) Text privacy data double encryption protection method, device and equipment
KR101095386B1 (en) A Cryptosystem with a Discretized Chaotic Map
CN105763322B (en) A kind of encryption key isolation digital signature method and system obscured
Iovane et al. An Information Fusion approach based on prime numbers coming from RSA algorithm and Fractals for secure coding
CN105718978B (en) QR code generation method and device, and decoding method and device
CN113259089A (en) Image encryption method based on combination of chaos principle and genetic algorithm
CN113098676A (en) Vector map two-position random scrambling encryption method based on four-dimensional chaos
Chapaneri et al. Chaos based image encryption using latin rectangle scrambling
Goumidi et al. Hybrid chaos-based image encryption approach using block and stream ciphers
CN114430549A (en) White box encryption and decryption method and device suitable for wireless communication
PONNAMBALAM A New Cryptography Scheme Based on Laplace Transform and a Substitution-Permutation Network
Chapman Using Graphic Based Systems to Improve Cryptographic Algorithms
Yassir et al. Hybrid Image Encryption Technique for Securing Color Images Transmitted Over Cloud Networks.
CN111342951B (en) Method and device for generating stream cipher system and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant