CN116484443B - Trusted security storage method and device based on hong Monte-go system - Google Patents
Trusted security storage method and device based on hong Monte-go system Download PDFInfo
- Publication number
- CN116484443B CN116484443B CN202310723735.6A CN202310723735A CN116484443B CN 116484443 B CN116484443 B CN 116484443B CN 202310723735 A CN202310723735 A CN 202310723735A CN 116484443 B CN116484443 B CN 116484443B
- Authority
- CN
- China
- Prior art keywords
- prime number
- prime
- verified
- storage
- user data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003860 storage Methods 0.000 title claims abstract description 96
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012795 verification Methods 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 12
- 230000008030 elimination Effects 0.000 claims description 8
- 238000003379 elimination reaction Methods 0.000 claims description 8
- 238000000605 extraction Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000013500 data storage Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000007480 spreading Effects 0.000 description 3
- 238000003892 spreading Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a trusted secure storage method and a trusted secure storage device based on a hong system, which are characterized in that user data are encrypted through a secret key of a block encryption algorithm to obtain user data ciphertext, the user data ciphertext is uploaded to a storage system of the hong system, a prime number data table is generated according to a preset range, prime numbers in the prime number data table are extracted to form an initial prime number data space, residual prime numbers in the prime number data table and prime numbers in the initial prime number data space are replaced according to preset probability, the prime number data space is determined, an odd number is generated, the odd number is calculated according to the prime number data table and the prime number data space to obtain a number to be verified, after the number to be verified passes prime number verification, the number to be verified is used as a first random prime number, a second random prime number is generated by repeating the steps, a storage public key is obtained through the first random prime number and the second random prime number, and the secret key ciphertext is obtained by encrypting a secret key of a fractional encryption algorithm according to the storage public key, and the technical problem of high exposure rate is solved.
Description
Technical Field
The application relates to the technical field of data storage security, in particular to a trusted security storage method and device based on a hong Monte-go system.
Background
Along with rapid development of information technologies such as cloud computing, big data, internet of things and artificial intelligence and transformation of traditional industry digitization, the user data volume presents geometric grade growth, traditional user data storage modes cannot meet storage and safety requirements of massive data more and more, in order to solve the safety storage requirements of massive data, a plurality of distributed big data storage schemes are presented, and the safety of data cannot be guaranteed by the distributed big data storage schemes in the prior art.
In the prior art, a method for protecting files and data stored in a cloud by storing and encrypting is a commonly used scheme, however, the conventional encryption method has some defects, such as the same encryption key and decryption key belonging to the symmetric encryption data encryption standard (Data Encryption Standard, DES) and the like, so that the difficulty of key management is greatly increased, the exposure rate of the keys is high, and the security of the stored data cannot be ensured.
Disclosure of Invention
The embodiment of the application provides a trusted security storage method and device based on a hong Mongolian system, which are used for solving the technical problem of high key exposure rate in the prior art and realizing the trusted security storage of data.
In order to solve the technical problems, the application adopts the following technical scheme:
in a first aspect, the present application provides a trusted security storage method based on a hong Monte-go system, comprising the steps of:
when the user data is uploaded to the hong Monte system, a secret key of a block encryption algorithm is generated;
processing the secret key and the user data to obtain a secret key to be mixed and spread and user data to be mixed and spread, and performing mixed and spread processing on the secret key to be mixed and spread and the user data to be mixed and spread to obtain a user data ciphertext;
generating a prime number data table according to a preset prime number range, extracting a preset number of prime numbers in the prime number data table to construct an initial prime number data space, traversing the prime number data table after prime number extraction to obtain residual prime numbers in the prime number data table, replacing the residual prime numbers with prime numbers in the initial prime number data space according to a preset replacement probability, and determining a prime number data space;
randomly generating a first odd number of a corresponding bit number according to a preset bit number, determining a first to-be-verified number according to the prime number data table, the prime number data space and the first odd number, and taking the first to-be-verified number as a first random large prime number after the first to-be-verified number passes prime number verification;
randomly generating a second odd number of a corresponding digit according to a preset digit, determining a second number to be verified according to the prime number data table, the prime number data space and the second odd number, and taking the second number to be verified as a second random large prime number after the second number to be verified passes prime number verification;
and determining a storage public key according to the first random large prime number and the second random large prime number, encrypting the secret key of the block encryption algorithm according to the storage public key to obtain a secret key ciphertext, and uploading the secret key ciphertext and the user data ciphertext to a storage system of the hong and Monte-Menu system for storage.
In some embodiments, determining the stored public key from the first random large prime number and the second random large prime number specifically includes:
determining a storage modulus according to the first random large prime number and the second random large prime number;
determining a least common multiple according to the first random large prime number and the second random large prime number;
and determining a storage public key according to the least common multiple, the storage modulus and a random integer.
In some embodiments, the key ciphertext is determined according to the following formula:
wherein ,representing key ciphertext,/->Key representing a block encryption algorithm +.>Representing a random number generated for auxiliary encryption, +.>Representing the storage modulus>Representation pair->Encryption process->Representing a random number.
In some embodiments, the method further comprises, prior to uploading the user data to the hong Monte System:
and extracting different characters in the user data, dynamically creating a compiling table based on the different characters, and replacing corresponding characters in the user data according to indexes of the characters in the compiling table.
In some embodiments, the user data includes personal identity information, login credentials, and device information.
In some embodiments, the first odd number and the second odd number are odd integers obtained by eliminating the integer of a predetermined number of bits generated randomly from the even integer according to a characteristic that the binary number last bit of the odd integer must be 1.
In some embodiments, the key ciphertext and the user data ciphertext are uploaded to a storage system of the hong system for storage using a transport layer security protocol.
In a second aspect, the present application provides a trusted security storage device based on a hong Monte-go system, comprising:
the user data encryption module is used for generating a secret key of a block encryption algorithm when the user data is uploaded to the hong system, processing the secret key and the user data to obtain a secret key to be mixed and spread and user data to be mixed and spread, and performing mixed and spread processing on the secret key to be mixed and the user data to be mixed and spread according to a mixed and spread function to obtain a user data ciphertext;
the prime number data space determining module is used for generating a prime number data table according to a preset prime number range, extracting a preset number of prime numbers in the prime number data table to construct an initial prime number data space, traversing the prime number data table after prime number extraction to obtain residual prime numbers in the prime number data table, replacing the residual prime numbers with prime numbers in the initial prime number data space according to a preset replacement probability, and determining a prime number data space;
the first random large prime number generation module is used for generating a first odd number corresponding to the bit number according to a preset bit number, determining a first to-be-verified number according to the prime number data table, the prime number data space and the first odd number, and taking the first to-be-verified number as a first random large prime number after the first to-be-verified number passes prime number verification;
the second random large prime number generation module is used for generating a second odd number corresponding to the bit number according to a preset bit number, determining a second to-be-verified number according to the prime number data table, the prime number data space and the second odd number, and taking the second to-be-verified number as a second random large prime number after the second to-be-verified number passes prime number verification;
and the storage module is used for determining a storage public key according to the first random large prime number and the second random large prime number, encrypting the secret key of the block encryption algorithm according to the storage public key to obtain a secret key ciphertext, and uploading the secret key ciphertext and the user data ciphertext to a storage system of the hong and Monte-Meng system for storage.
In a third aspect, the present application provides a computer device comprising a memory and a processor; the memory stores code and the processor is configured to obtain the code and perform the trusted secure storage method based on the hong system described above.
In a fourth aspect, the present application provides a computer readable storage medium storing a computer program which when executed by a processor implements the trusted security storage method based on the hong system described above.
The technical scheme provided by the embodiment of the application has the following beneficial effects:
in the trusted secure storage method and device based on the hong system, when user data is uploaded into the hong system, the user data is encrypted according to a secret key of a block encryption algorithm to obtain a user data ciphertext, the user data ciphertext is uploaded into a storage system of the hong system, a prime number data table is generated according to a preset prime number range, prime numbers in the prime number data table are extracted to form an initial prime number data space, residual prime numbers in the prime number data table and prime numbers in the initial prime number data space are replaced according to preset probability, the prime number data space is determined, an odd number is generated, the odd number is calculated according to the prime number data table and the prime number data space to obtain a to-be-verified number, after the to-be-verified number passes through prime number verification, the to-be-verified number is used as a first random large prime number, the steps are repeated to generate a second random large prime number, a storage public key is obtained through the first random large prime number, encryption algorithm is encrypted according to the secret key of the storage public key, so that secret key encryption is obtained, and the secret key encryption is carried out, so that secret storage is easier, and secret key attack is prevented from being carried out on the system based on the secret key.
Drawings
FIG. 1 is an exemplary flow chart of a trusted security storage method based on a hong system according to some embodiments of the present application;
FIG. 2 is a schematic diagram of exemplary hardware and/or software of a trusted security memory device based on a hong system, according to some embodiments of the application;
FIG. 3 is a schematic diagram of an exemplary architecture of a computer device employing a trusted secure storage method based on a hong system, according to some embodiments of the application.
Detailed Description
In order to better understand the above technical solutions, the following detailed description will refer to the accompanying drawings and specific embodiments.
Referring to FIG. 1, which is an exemplary flow chart of a trusted security storage method based on a hong system 100 according to some embodiments of the present application, the trusted security storage method based on a hong system mainly comprises the steps of:
in step 101, when uploading user data to the hong Monte-Menu system, a key of a block encryption algorithm is generated, the key and the user data are processed to obtain a key to be mixed and spread and user data to be mixed and spread, and the key to be mixed and spread and the user data to be mixed and spread are mixed and spread to obtain a user data ciphertext.
In some embodiments, the user data includes personal identity information, login credentials, and device information, the personal identity information including personal identity information of a user's name, address, email address, phone number, date of birth, gender, etc.; the login credentials comprise a user name, a password, a security question, an answer, a token and the like of the user, and are used for verifying the identity of the user and logging in; the device information includes a device type used by the user, a device identifier, an operating system version, hardware specifications, and the like.
In some embodiments, before uploading the user data to the hong system, different characters in the user data can be extracted first, a compiling table is dynamically created based on the different characters, corresponding characters in the user data are replaced according to indexes of the characters in the compiling table, so that the storage and transmission quantity of the data are reduced, the user data replaced by the characters are uploaded to the hong system for processing, reverse operation is performed according to the compiling table when the user data are required, and the data are restored.
In addition, the application adopts a buffer character stream mode for reading and writing the user data, adopts a buffer character stream mode for increasing the data processing speed by reducing Input/Output (I/O) operation, and can read and write 8k bytes of data for one I/O operation, while a conventional physical stream can only read and write 1 byte of data, namely, process the data with the same scale, and can obviously reduce the times of the I/O operation by using the buffer character stream mode, thereby increasing the data processing speed.
In some embodiments, the key of the above-described block encryption algorithm may be generated in such a way that:
the first N words of the key of the block encryption algorithm are filled by the seed key, the information of the last word of the seed key is taken, four bits of the word are taken successively from the low order to carry out expansion number operation, and the expansion number is defined as:
wherein ,representing the expansion number->Four bits in the last word representing the seed key, +.>To calculate the function of the nearest odd integer +.>Is the circumference ratio.
Thus, 8 16-bit arrays were obtained, denoted asAnd performing exclusive or on the N words of the seed key and the first N expansion number groups, and assigning the result to the first N words of the key to finally obtain the key of the block encryption algorithm.
It should be noted that, in some embodiments, before performing the mixing and spreading process in this step, the user data and the key need to be preprocessed, for example, in the first step of the packet encryption algorithm, the user data is grouped according to a specified length, and is divided into m words, so as to obtain the user data to be mixed and spread, the key is divided into n words, so as to obtain the key to be mixed and spread, the user data to be mixed and spread is grouped and stored in a state, generally, the state refers to that in a certain process or task, the generated intermediate result is grouped and classified, so as to better track and manage the progress, the state may describe different stages or progress situations of the task or project, and help determine a next action plan, in this embodiment, the intermediate result of each round is grouped in the packet encryption algorithm, the grouping of the intermediate result is referred to as a state, all operations of the packet encryption algorithm are performed in the state, the state may be represented by a matrix of 4 rows and n columns, and the key is a matrix of 4 rows and n columns.
In some embodiments, the user data ciphertext may be obtained by performing a mixing and spreading process on the key to be mixed and spread and the user data to be mixed and spread, and in specific implementation, the mixing and spreading process on the key to be mixed and spread and the user data to be mixed and spread in this embodiment may be performed in the following manner, that is:
creating a mixed spread data object;
opening an input stream of a key to be mixed and spread and user data to be mixed and spread through the mixed and spread data object, and reading the data from the input stream;
re-confusion arrangement is carried out on the secret key to be mixed and expanded and the user data to be mixed and expanded according to columns;
opening an output stream of the user data ciphertext through the mixed and expanded data object, and preparing to write data, wherein in the specific implementation, for example, the mixed and expanded data object can input data by calling a getData () method;
writing the data which are rearranged by columns into a designated position through an output stream of the mixed and spread data object to obtain a user data ciphertext, wherein the mixed and spread data object can output data through a setdata () method when the user data ciphertext is concretely realized.
It should be noted that, in this embodiment, the key to be mixed and the user data to be mixed and spread are rearranged according to columns, so that randomness and complexity of the data can be increased, and thus, safety of the data can be improved.
In step 102, a prime number data table is generated according to a preset prime number range, a preset number of prime numbers in the prime number data table are extracted to construct an initial prime number data space, the prime number data table after prime number extraction is traversed to obtain residual prime numbers in the prime number data table, the residual prime numbers and prime numbers in the initial prime number data space are replaced according to a preset replacement probability, and the prime number data space is determined.
In some embodiments, for example, a prime number data table may be generated by using Java parallel streaming according to a preset prime number range, where the prime number data table may include all small prime numbers within a range, which is not limited herein.
In some embodiments, for example, if a prime number data table contains n prime numbers, a prime number data space capable of storing m prime numbers is constructed, the first m prime numbers in the prime number data table are extracted and stored in the prime number data space to obtain an initial prime number data space, then prime numbers starting from the m+1th prime number in the prime number data table are traversed, whether the prime numbers are replaced in the initial prime number data space is determined according to m/n replacement probability, and when all prime numbers in the prime number data table are traversed, m randomly selected elements are in the prime number data space obtained.
In step 103, a first odd number of corresponding digits is randomly generated according to the preset digits, a first number to be verified is determined according to the prime number data table, the prime number data space and the first odd number, and after the first number to be verified passes prime number verification, the first number to be verified is used as a first random large prime number.
In some embodiments, based on the Java running environment, the preset number of bits, for example 1024 bits, is determined by inputting the number of bits of the large prime number to be generated, and the system randomly generates a large integer corresponding to 1024 bits according to the input preset number of bits 1024 by a random () method.
In some embodiments, the first odd number and the second odd number are odd integers obtained by eliminating the integer with the predetermined number of bits generated randomly by the even integer according to the characteristic that the last bit of the binary number of the odd integer is necessarily 1, because the even number is certainly divisible by 2, the even number is necessarily not prime number, and according to the characteristic that the last bit of the binary number of the odd integer is necessarily 1 and the even number is necessarily 0, the integer and the 1 are subjected to OR operation to judge whether the integer is odd or even, so that the even integer can be eliminated, and the obtained integer is ensured to be odd as the first odd number.
In some embodiments, the determining the first to-be-verified number according to the prime number data table, the prime number data space and the first odd number may be implemented by:
firstly traversing the prime number data table, carrying out remainder operation on each prime number in the first odd number and the prime number data table, randomly extracting one prime number from the prime number data space and adding the prime number to the prime number data space to be used as a number to be eliminated when the remainder is 0, then eliminating an even number, carrying out prime number verification on the first odd number as a first number to be verified when the remainder is 1, determining the first number to be verified as a first random large prime number when the verification is passed, randomly extracting one prime number from the prime number data space again and adding the prime number to be used as the number to be eliminated when the verification is not passed, and further executing the elimination of the even number again, which is not repeated here.
In step 104, a second odd number of the corresponding digit is randomly generated according to the preset digit, a second number to be verified is determined according to the prime number data table, the prime number data space and the second odd number, and after the second number to be verified passes prime number verification, the second number to be verified is used as a second random large prime number.
In some embodiments, based on the number of bits of a large prime number to be generated, for example 1024 bits, in a Java running environment, the system randomly generates a large integer of the corresponding number of bits by using a random () method according to the number of input bits.
In some embodiments, since the even number must be divisible by 2, the even number must not be a prime number, and the integer is ored with 1 to eliminate the even integer, thereby ensuring that the resulting integer must be an odd number, which is the second odd number, based on the characteristic that the last bit of the binary number of the odd integer must be 1 and the even number must be 0.
Traversing the prime number data table, carrying out remainder operation on each prime number in the second odd number and the prime number data table, randomly extracting one prime number from the prime number data space and adding the prime number to the prime number data space when the remainder is 0, returning the prime number to the even number elimination step as a prime number to be eliminated, carrying out prime number verification on the second odd number as a second prime number to be verified when the remainder is 1, regarding the second prime number to be verified as a large prime number when the verification passes, taking the second prime number to be verified as a second random large prime number, randomly extracting one prime number from the prime number data space and adding the prime number to be eliminated, and returning the prime number to the even number elimination step as a prime number to be eliminated when the verification fails.
In some embodiments, when the second random large prime number is generated, the obtained large prime number is compared with the first random large prime number, when the generated prime numbers are different, the large prime number is used as the second random large prime number, when the generated prime numbers are identical, one prime number is randomly extracted from the prime number data space, added with the prime number and then used as the number to be eliminated, and the even number elimination step is carried out.
It should be noted that, in the present application, prime verification is performed on the first to-be-verified number and the second to-be-verified number, which may be performed in the following manner, that is:
firstly, for the number n to be judged (the number n is a first number to be verified or a second number to be verified in the embodiment), judging whether the number is 2 or not, if yes, directly returning to true, otherwise, continuing judging whether the number is less than 2 or even, and if yes, returning to false;
order theSolving a positive integer m and a cycle number t, and finding a random number a by using a random () method, wherein a is +.>;
Order theThen, t cycles are performed, each time an intermediate variable is performed in the cycle,/>The operation of (2) will eventually become +.>;
Since x is necessarily smaller than n during the cycle, the quadratic detection theorem can be used if during the operationI.e. +.>If n is prime, then +.>Or->Otherwise, n is not necessarily prime number, and the false is directly returned;
after the whole cycle is finished, if x is not equal to 1, the number is certainly not prime, and false is directly returned.
In step 105, a storage public key is determined according to the first random prime number and the second random prime number, a key of the block encryption algorithm is encrypted according to the storage public key to obtain a key ciphertext, and the key ciphertext and the user data ciphertext are uploaded to a storage system of the hong and Monte-Sum system for storage.
In some embodiments, determining the stored public key from the first random large prime number and the second random large prime number may be performed by:
firstly, determining a storage modulus according to a first random large prime number and a second random large prime number;
secondly, determining the least common multiple according to the first random large prime number and the second random large prime number;
and finally, obtaining a storage public key according to the least common multiple, the storage modulus and a random integer.
In particular, for example, if the first random large prime number isAnd the second random prime number is +.>Taking->Andis>The method is specifically expressed as follows:
wherein ,representing the least common multiple.
Randomly obtaining an integer satisfying the order of the stored modulus by which the random number can be divided, determining the greatest common divisor based on the least common divisor and the randomly obtained integer, e.g. selecting a random integerNeeds to meet->Can remove->Is specifically expressed as:
wherein ,representing the greatest common divisor +_>Representing the storage modulus>Representing the least common multiple, whereby a stored public key is obtained as +.>。
It should be noted that, in some embodiments, the key ciphertext may be determined according to the following formula:
wherein ,representing key ciphertext,/->Key representing a block encryption algorithm +.>Representing a random number generated for auxiliary encryption, +.>Representing the storage modulus>Representation pair->Encryption process->A random number is represented, and it is noted that,can remove->Is a step of (a).
It should be noted that, in the above-mentioned obtaining the stored private key according to the first random large prime number and the second random large prime number, in particular implementation, the stored private key may be further decomposed into a plurality of private key components, the private key components may be subjected to a mixing operation to obtain a mixed private key component, and the mixed private key component may be stored in the hong-and-Monte system, and in some embodiments, the stored private key may be storedBreak down into->Personal private key component->Only any +.>Individual or->The combination of more than one private key component can restore the stored private key +.>, wherein />Otherwise, no information of the stored private key is available, e.g. there is a stored private key +.>Random number->Let->A polynomial is constructed as follows:
wherein ,to store the private key component, will +.>The components of the storage private key are respectively substituted into polynomials to obtainThe private key component is then stored in a hybrid mannerRespectively uploading the data to the HongMong system for storage.
In some embodiments of the present application, a transport layer security protocol may be used to upload the key ciphertext and the user data ciphertext to a storage system of the hong system for storage, where confidentiality and integrity of ciphertext data transmission may be ensured by the transport layer security protocol, which is not described herein.
Additionally, in some embodiments, reference is made to FIG. 2, which is a schematic diagram of exemplary hardware and/or software of a trusted security memory device based on a hong system 200 according to some embodiments of the application, which may include: the user data encryption module 201, the prime number data space determination module 202, the first random large prime number generation module 203, the second random large prime number generation module 204, and the storage module 205 are respectively described as follows:
the user data encryption module 201 in this embodiment is mainly configured to generate a key of a block encryption algorithm when user data is uploaded to a hong and Monte-rime system, process the key and the user data to obtain a key to be mixed and spread and user data to be mixed and spread, and perform mixed and spread processing on the key to be mixed and spread and the user data to be mixed and spread according to a mixed and spread function to obtain a user data ciphertext;
the prime number data space determining module 202 in this embodiment is mainly configured to generate a prime number data table according to a preset prime number range, extract a predetermined number of prime numbers in the prime number data table to construct an initial prime number data space, traverse the prime number data table after prime number extraction to obtain a remaining prime number in the prime number data table, replace the remaining prime number with the prime number in the initial prime number data space according to a preset replacement probability, and determine a prime number data space;
the first random large prime number generating module 203 in this embodiment is mainly configured to generate a first odd number of a corresponding bit number according to a preset bit number, determine a first to-be-verified number according to the prime number data table, the prime number data space and the first odd number, and use the first to-be-verified number as a first random large prime number after the first to-be-verified number passes prime number verification;
the second random large prime number generating module 204 in this embodiment is mainly configured to generate a second odd number of a corresponding bit number according to a preset bit number, determine a second number to be verified according to the prime number data table, the prime number data space and the second odd number, and use the second number to be verified as a second random large prime number after the second number to be verified passes prime number verification;
the storage module 205, in this embodiment, the storage module 205 is configured to determine a storage public key according to the first random large prime number and the second random large prime number, encrypt a key of the block encryption algorithm according to the storage public key to obtain a key ciphertext, and upload the key ciphertext and the user data ciphertext to a storage system of the hong-and-Monte system for storage.
In some embodiments, the present application also provides a computer device comprising a memory and a processor; the memory stores code and the processor is configured to obtain the code and perform the trusted security storage method based on the hong system described above.
Referring to FIG. 3, a schematic diagram of a computer device employing a trusted security memory method based on a hong system according to some embodiments of the present application is shown. The trusted security storage method based on the hong system in the above embodiment may be implemented by a computer device shown in fig. 3, which includes at least one processor 301, a communication bus 302, a memory 303, and at least one communication interface 304.
Processor 301 may be a general purpose central processing unit (central processing unit, CPU), application-specific integrated circuit (ASIC) or one or more trusted secure storage methods for controlling the implementation of the hong-prone system of the present application.
Communication bus 302 may include a path to transfer information between the above components.
The Memory 303 may be, but is not limited to, a read-only Memory (ROM) or other type of static storage device that can store static information and instructions, a random access Memory (random access Memory, RAM) or other type of dynamic storage device that can store information and instructions, an electrically erasable programmable read-only Memory (electrically erasable programmable read-only Memory, EEPROM), a compact disc (compact disc read-only Memory) or other optical disk storage, a compact disc storage (including compact disc, laser disc, optical disc, digital versatile disc, blu-ray disc, etc.), a magnetic disk or other magnetic storage device, or any other medium that can be used to carry or store the desired program code in the form of instructions or data structures and that can be accessed by a computer. The memory 303 may be stand alone and be coupled to the processor 301 via the communication bus 302. Memory 303 may also be integrated with processor 301.
The memory 303 is used for storing program codes for executing the scheme of the present application, and the processor 301 controls the execution. The processor 301 is configured to execute program code stored in the memory 303. One or more software modules may be included in the program code. The trusted security storage method based on the hong system in the above-described embodiments may be implemented by one or more software modules in the program code in the processor 301 and the memory 303.
Communication interface 304, using any transceiver-like device for communicating with other devices or communication networks, such as ethernet, radio access network (radio access network, RAN), wireless local area network (wireless local area networks, WLAN), etc.
In a specific implementation, as an embodiment, a computer device may include a plurality of processors, where each of the processors may be a single-core (single-CPU) processor or may be a multi-core (multi-CPU) processor. A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
The computer device may be a general purpose computer device or a special purpose computer device. In particular implementations, the computer device may be a desktop, laptop, web server, palmtop (personal digital assistant, PDA), mobile handset, tablet, wireless terminal device, communication device, or embedded device. Embodiments of the application are not limited to the type of computer device.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
For example, in some embodiments, the present application also provides a computer readable storage medium storing a computer program which when executed by a processor implements the trusted security storage method based on the hong system described above.
The present application is described in terms of flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A trusted security storage method based on a hong Monte-go system is characterized by comprising the following steps:
when the user data is uploaded to the hong Monte system, a secret key of a block encryption algorithm is generated;
processing the secret key and the user data to obtain a secret key to be mixed and spread and user data to be mixed and spread, and performing mixed and spread processing on the secret key to be mixed and spread and the user data to be mixed and spread to obtain a user data ciphertext;
generating a prime number data table according to a preset prime number range, extracting a preset number of prime numbers in the prime number data table to construct an initial prime number data space, traversing the prime number data table after prime number extraction to obtain residual prime numbers in the prime number data table, replacing the residual prime numbers with prime numbers in the initial prime number data space according to a preset replacement probability, and determining a prime number data space;
randomly generating a first odd number of a corresponding bit number according to a preset bit number, determining a first to-be-verified number according to the prime number data table, the prime number data space and the first odd number, and taking the first to-be-verified number as a first random large prime number after the first to-be-verified number passes prime number verification;
randomly generating a second odd number of a corresponding digit according to a preset digit, determining a second number to be verified according to the prime number data table, the prime number data space and the second odd number, and taking the second number to be verified as a second random large prime number after the second number to be verified passes prime number verification;
determining a storage public key according to the first random large prime number and the second random large prime number, encrypting a secret key of the block encryption algorithm according to the storage public key to obtain a secret key ciphertext, and uploading the secret key ciphertext and the user data ciphertext to a storage system of a hong and Monte-Meng system for storage;
when the verification fails, one prime number is extracted again randomly from the prime number data space and added with the first prime number to be used as a number to be eliminated for even elimination;
and when the two random prime numbers are the same, randomly extracting one prime number from the prime number data space, adding the prime number with the second to-be-verified number, and then carrying out even elimination as a to-be-eliminated number.
2. The method of claim 1, wherein determining a stored public key from the first random large prime number and the second random large prime number comprises:
determining a storage modulus according to the first random large prime number and the second random large prime number;
determining a least common multiple according to the first random large prime number and the second random large prime number;
and determining a storage public key according to the least common multiple, the storage modulus and a random integer.
3. The method of claim 1, wherein the key ciphertext is determined according to the following formula:
wherein ,representing key ciphertext,/->Key representing a block encryption algorithm +.>Representing a random number generated for auxiliary encryption, +.>Representing the storage modulus>Representation pair->Encryption process->Representing a random number.
4. The method of claim 1, further comprising, prior to uploading the user data to the hong system:
and extracting different characters in the user data, dynamically creating a compiling table based on the different characters, and replacing corresponding characters in the user data according to indexes of the characters in the compiling table.
5. The method of claim 1, wherein the user data includes personal identity information, login credentials, and device information.
6. The method of claim 1, wherein the first odd number and the second odd number are odd integers obtained by eliminating an integer of a predetermined number of bits generated randomly from an even integer according to a characteristic that binary digits of the odd integers are necessarily 1.
7. The method of claim 1 wherein the key ciphertext and the user data ciphertext are uploaded to a storage system of a hong system for storage using a transport layer security protocol.
8. A trusted secure storage device based on a hong-and-Monte system, comprising:
the user data encryption module is used for generating a secret key of a block encryption algorithm when the user data is uploaded to the hong Mongolian system, processing the secret key and the user data to obtain a secret key to be mixed and spread and user data to be mixed and spread, and performing mixed and spread processing on the secret key to be mixed and the user data to be mixed and spread to obtain a user data ciphertext;
the prime number data space determining module is used for generating a prime number data table according to a preset prime number range, extracting a preset number of prime numbers in the prime number data table to construct an initial prime number data space, traversing the prime number data table after prime number extraction to obtain residual prime numbers in the prime number data table, replacing the residual prime numbers with prime numbers in the initial prime number data space according to a preset replacement probability, and determining a prime number data space;
the first random large prime number generation module is used for generating a first odd number of a corresponding bit number according to a preset bit number, determining a first to-be-verified number according to the prime number data table, the prime number data space and the first odd number, taking the first to-be-verified number as a first random large prime number after the first to-be-verified number passes prime number verification, carrying out prime number verification on the obtained first to-be-verified number when the first random large prime number is generated, determining the first to-be-verified number as the first random large prime number when verification passes, and carrying out even number elimination as a to-be-eliminated number after adding one prime number to the first to-be-verified number in the prime number data space again when verification fails;
the second random large prime number generation module is used for generating a second odd number of a corresponding bit number according to a preset bit number, determining a second to-be-verified number according to the prime number data table, the prime number data space and the second odd number, taking the second to-be-verified number as a second random large prime number after the second to-be-verified number passes prime number verification, comparing the obtained second to-be-verified number with the first random large prime number when the second random large prime number is generated, taking the second to-be-verified number as the second random large prime number when the second to-be-verified number is different, randomly extracting one prime number in the prime number data space and adding the second to-be-verified number to be the to-be-eliminated number when the second to-be-verified number is the same, and carrying out even elimination;
and the storage module is used for determining a storage public key according to the first random large prime number and the second random large prime number, encrypting the secret key of the block encryption algorithm according to the storage public key to obtain a secret key ciphertext, and uploading the secret key ciphertext and the user data ciphertext to a storage system of the hong and Monte-Meng system for storage.
9. A computer device comprising a memory storing code and a processor configured to obtain the code and to perform the method of trusted security storage based on the hong system of any one of claims 1 to 7.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the hong system-based trusted security storage method of any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310723735.6A CN116484443B (en) | 2023-06-19 | 2023-06-19 | Trusted security storage method and device based on hong Monte-go system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310723735.6A CN116484443B (en) | 2023-06-19 | 2023-06-19 | Trusted security storage method and device based on hong Monte-go system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116484443A CN116484443A (en) | 2023-07-25 |
CN116484443B true CN116484443B (en) | 2023-09-15 |
Family
ID=87223531
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310723735.6A Active CN116484443B (en) | 2023-06-19 | 2023-06-19 | Trusted security storage method and device based on hong Monte-go system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116484443B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH03203430A (en) * | 1989-12-29 | 1991-09-05 | Fujitsu Ltd | Cryptographic communication system having cryptographic key in common |
CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
CN103401678A (en) * | 2013-07-30 | 2013-11-20 | 成都卫士通信息产业股份有限公司 | Method for ensuring data transmission safety of Internet of things |
CN108270564A (en) * | 2016-12-30 | 2018-07-10 | 广东精点数据科技股份有限公司 | A kind of generation of large prime method and device in RSA cryptographic algorithms |
CN111726346A (en) * | 2020-06-15 | 2020-09-29 | 哈工大机器人(合肥)国际创新研究院 | Data secure transmission method, device and system |
CN115499250A (en) * | 2022-11-17 | 2022-12-20 | 北京搜狐新动力信息技术有限公司 | Data encryption method and device |
CN115632880A (en) * | 2022-12-07 | 2023-01-20 | 国网信息通信产业集团有限公司 | Reliable data transmission and storage method and system based on state cryptographic algorithm |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10277395B2 (en) * | 2017-05-19 | 2019-04-30 | International Business Machines Corporation | Cryptographic key-generation with application to data deduplication |
-
2023
- 2023-06-19 CN CN202310723735.6A patent/CN116484443B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH03203430A (en) * | 1989-12-29 | 1991-09-05 | Fujitsu Ltd | Cryptographic communication system having cryptographic key in common |
CN101964793A (en) * | 2010-10-08 | 2011-02-02 | 上海银联电子支付服务有限公司 | Method and system for transmitting data between terminal and server and sign-in and payment method |
CN103401678A (en) * | 2013-07-30 | 2013-11-20 | 成都卫士通信息产业股份有限公司 | Method for ensuring data transmission safety of Internet of things |
CN108270564A (en) * | 2016-12-30 | 2018-07-10 | 广东精点数据科技股份有限公司 | A kind of generation of large prime method and device in RSA cryptographic algorithms |
CN111726346A (en) * | 2020-06-15 | 2020-09-29 | 哈工大机器人(合肥)国际创新研究院 | Data secure transmission method, device and system |
CN115499250A (en) * | 2022-11-17 | 2022-12-20 | 北京搜狐新动力信息技术有限公司 | Data encryption method and device |
CN115632880A (en) * | 2022-12-07 | 2023-01-20 | 国网信息通信产业集团有限公司 | Reliable data transmission and storage method and system based on state cryptographic algorithm |
Non-Patent Citations (1)
Title |
---|
公钥算法中大素数生成方法的研究改进;龙建超;《中国优秀硕士学位论文全文数据库信息科技辑》(第11期);I136-313 * |
Also Published As
Publication number | Publication date |
---|---|
CN116484443A (en) | 2023-07-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11159305B2 (en) | Homomorphic data decryption method and apparatus for implementing privacy protection | |
CN107819569B (en) | The encryption method and terminal device of log-on message | |
US8340295B2 (en) | High-speed cryptographic system using chaotic sequences | |
TWI386005B (en) | Data transformer, data security device, method for generating data transform and method for enhancing security of data | |
WO2019237550A1 (en) | Encryption method and apparatus, terminal device, and storage medium | |
US20140298038A1 (en) | Generation of randomized messages for cryptographic hash functions | |
CN111325535A (en) | Block chain private key management method, system and storage medium based on elliptic curve migration | |
CN114221766B (en) | Data encryption method, data decryption method and data encryption device | |
JP2008513811A (en) | Calculation conversion method and system | |
CN116318660B (en) | Message expansion and compression method and related device | |
CN111404892B (en) | Data supervision method and device and server | |
CN116488814A (en) | FPGA-based data encryption secure computing method | |
CN110213050B (en) | Key generation method, device and storage medium | |
CN116527235A (en) | Data encryption method and device based on key rotation and electronic equipment | |
CN112100144A (en) | Block chain file sharing method and device, storage medium and electronic equipment | |
CN111967026A (en) | Method and device for encrypting and decrypting redemption code and computer equipment | |
CN116484443B (en) | Trusted security storage method and device based on hong Monte-go system | |
CN117135291A (en) | Image encryption method, system, equipment and medium | |
CN112202555A (en) | Information processing method, device and equipment for generating random number based on attribute of information | |
CN115632782B (en) | Random number generation method, system and equipment based on SM4 counter mode | |
CN109951275B (en) | Key generation method and device, computer equipment and storage medium | |
CN111798236A (en) | Transaction data encryption and decryption method, device and equipment | |
US20220321322A1 (en) | Encryption device, decryption device, encryption method, decryption method, and computer readable medium | |
CN113821381B (en) | Block chain node resource backup and off-line node resource transfer method and storage medium | |
CN115473649A (en) | Method, device, equipment and storage medium for attacking elliptic curve signature algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |