CN116663038A - Data encryption method and device and electronic equipment - Google Patents

Data encryption method and device and electronic equipment Download PDF

Info

Publication number
CN116663038A
CN116663038A CN202310736590.3A CN202310736590A CN116663038A CN 116663038 A CN116663038 A CN 116663038A CN 202310736590 A CN202310736590 A CN 202310736590A CN 116663038 A CN116663038 A CN 116663038A
Authority
CN
China
Prior art keywords
key
data
sub
plaintext data
sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310736590.3A
Other languages
Chinese (zh)
Inventor
李国乐
徐喆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202310736590.3A priority Critical patent/CN116663038A/en
Publication of CN116663038A publication Critical patent/CN116663038A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption method, a data encryption device and electronic equipment. Wherein the method comprises the following steps: acquiring plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and encrypting the plaintext data according to the subkeys after the key sequence is replaced to obtain ciphertext data. The application solves the technical problems of short key length and poor safety performance of the traditional DES encryption algorithm.

Description

Data encryption method and device and electronic equipment
Technical Field
The present application relates to the field of data encryption, and in particular, to a method and an apparatus for encrypting data, and an electronic device.
Background
The data encryption technology is an important technical means for guaranteeing user information in the information interaction process, and can effectively prevent the user information from being revealed and stolen, so that enterprises and organizations are helped to realize safe and effective information transmission, the occurrence of security events caused by information disclosure is reduced, network security attacks are better dealt with, and the method has very important significance and effect for guaranteeing user privacy, enterprise business information and the like.
The traditional data encryption technology is mostly based on the cryptography theory, such as a symmetric encryption classical algorithm DES encryption algorithm, an asymmetric encryption classical algorithm RSA encryption algorithm and the like. However, although the DES encryption algorithm has a high encryption speed, it is suitable for encrypting large file data, but it has the problems of short key length, weak key, semi-weak key, and other security performance.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a data encryption method, a data encryption device and electronic equipment, which are used for at least solving the technical problems of short key length and poor security performance of the traditional DES encryption algorithm.
According to an aspect of an embodiment of the present application, there is provided a method of encrypting data, including: acquiring plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and encrypting the plaintext data according to the subkeys after the key sequence is replaced to obtain ciphertext data.
Optionally, the sub-keys of the key are determined by: replacing the secret key after deleting the parity check code according to a first secret key replacement rule table to obtain a first secret key, wherein the total number of positions in the first secret key replacement rule table is smaller than the number of bits of the secret key; dividing the first secret key into a first subsecret key and a second subsecret key, and determining the round number and the secret key shift number corresponding to the round number according to a cyclic shift table; performing left cyclic shift operation on the first subkey and the second subkey according to the round number and the key shift number to obtain a third subkey and a fourth subkey; combining the third subkey and the fourth subkey to obtain a second key; replacing the second key according to the second key replacement rule table to obtain a third key, wherein the number of bits in the second key replacement rule table is smaller than that in the first key replacement rule table; the third key is determined to be a sub-key of the key.
Optionally, determining the key mapping table according to the multiple sets of sub-results includes: grouping the first results according to preset digits to obtain a plurality of groups of sub-results, wherein the digits of each group of sub-results are the same, and each group of sub-results is represented by binary data; converting a plurality of groups of sub-results from binary data into decimal data to obtain a plurality of converted data sequences; a key map is determined from the plurality of data arrays.
Optionally, after determining the key mapping table, the method further comprises: acquiring a key sequence of a sub-key of a key and acquiring a plurality of data arrays in a key mapping table, wherein the number of the sub-keys is the same as the number of the plurality of data arrays in the key mapping table, and the key sequence is determined by a first sequence; determining a correspondence between the first sequence and the plurality of data arrays; and replacing the subscript of the first sequence with data indicated by a data sequence with a corresponding relation with the first sequence to obtain a second sequence, wherein the second sequence is used for representing a sub-key sequence obtained by reordering the key sequence of the sub-keys.
Optionally, before encrypting the plaintext data according to the subkey after the replacing key sequence, the method further comprises: acquiring an initial substitution table, wherein the initial substitution table is used for substituting data positions of plaintext data, and the total number of positions in the initial substitution table is the same as the number of digits of a secret key; and carrying out initial substitution on the plaintext data according to the numerical value in the initial substitution table to obtain substituted plaintext data, wherein the initial substitution is used for moving the data at the corresponding position of the plaintext data to the position indicated by the initial substitution table.
Optionally, encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data, including: equally dividing the permuted plaintext data into first plaintext data and second plaintext data; performing iterative transformation on the first plaintext data and the second plaintext data according to the transformation logic and the total iteration times to obtain third plaintext data and fourth plaintext data; combining the third plaintext data and the fourth plaintext data which are obtained by the last iterative transformation to obtain fifth plaintext data; and performing the reverse permutation operation of the initial permutation on the fifth plaintext data to obtain ciphertext data.
Optionally, iteratively transforming the first plaintext data and the second plaintext data according to the transformation logic and the total number of iterations, including: step 1: determining the second plaintext data as third plaintext data; step 2: determining fourth plaintext data according to the first plaintext data, the second plaintext data and a subkey corresponding to the current iteration number in the second sequence; step 3: updating the third plaintext data into the first plaintext data to obtain updated first plaintext data, updating the fourth plaintext data into the second plaintext data to obtain updated second plaintext data, and adding 1 to the current iteration number; step 4: and repeatedly executing the steps 1 to 3 until the current iteration number is greater than the total iteration number, and stopping iteration.
According to another aspect of the embodiment of the present application, there is also provided an apparatus for encrypting data, including: the acquisition module is used for acquiring plaintext data to be encrypted and a secret key, wherein the digits of the plaintext data are the same as the digits of the secret key; the operation module is used for carrying out exclusive-or operation on the plaintext data and the secret key to obtain a first result; the determining module is used for grouping the first results to obtain a plurality of groups of sub-results and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and the encryption module is used for encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data.
According to still another aspect of the embodiment of the present application, there is also provided an electronic device including: a memory for storing program instructions; a processor coupled to the memory for executing program instructions that perform the following functions: acquiring plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and encrypting the plaintext data according to the subkeys after the key sequence is replaced to obtain ciphertext data.
According to still another aspect of the embodiment of the present application, there is further provided a nonvolatile storage medium, where the nonvolatile storage medium includes a stored computer program, and a device where the nonvolatile storage medium is located performs the above-mentioned data encryption method by running the computer program.
In the embodiment of the application, the plaintext data and the secret key to be encrypted are obtained, wherein the digits of the plaintext data are the same as the digits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; the plaintext data is encrypted according to the subkeys after the key sequence is replaced to obtain ciphertext data, and the aim of encrypting the data is achieved, so that the technical effect of improving the safety of data encryption is achieved, and the technical problems that the key length of the traditional DES encryption algorithm is short and the safety performance is poor are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a computer terminal for implementing a method of data encryption according to an embodiment of the present application;
FIG. 2 is a flow chart of a method of data encryption according to an embodiment of the application;
fig. 3 is a block diagram of an apparatus for encrypting data according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The data encryption method provided by the embodiment of the application can be executed in a mobile terminal, a computer terminal or similar computing devices. Fig. 1 shows a block diagram of a hardware structure of a computer terminal for implementing a method of data encryption. As shown in fig. 1, the computer terminal 10 may include one or more processors (shown as 102a, 102b, … …,102n in the figures) which may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, a memory 104 for storing data, and a transmission module 106 for communication functions. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 1 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
It should be noted that the one or more processors and/or other data processing circuits described above may be referred to herein generally as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Furthermore, the data processing circuitry may be a single stand-alone processing module or incorporated, in whole or in part, into any of the other elements in the computer terminal 10. As referred to in embodiments of the application, the data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination connected to the interface).
The memory 104 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the data encryption method in the embodiments of the present application, and the processor executes the software programs and modules stored in the memory 104, thereby performing various functional applications and data processing, that is, implementing the data encryption method described above. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission module 106 is used to receive or transmit data via a network. The specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission module 106 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission module 106 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computer terminal 10.
It should be noted here that, in some alternative embodiments, the computer terminal shown in fig. 1 may include hardware elements (including circuits), software elements (including computer code stored on a computer readable medium), or a combination of both hardware and software elements. It should be noted that fig. 1 is only one example of a specific example, and is intended to illustrate the types of components that may be present in the computer terminals described above.
In the above operating environment, embodiments of the present application provide a method embodiment for data encryption, it should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
Fig. 2 is a flowchart of a method of encrypting data according to an embodiment of the present application, as shown in fig. 2, the method including the steps of:
Step S202, obtaining plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key;
step S204, performing exclusive OR operation on the plaintext data and the secret key to obtain a first result;
step S206, grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation;
step S208, encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data.
In the steps S202 to S208, the sub-key processing part in the conventional DES encryption algorithm is improved and optimized, the plaintext data and the key are used to create the key mapping table together, and then the original sub-key sequence (i.e. the key sequence of the sub-keys) is reordered according to the key mapping table, so that the one-time and one-time secure encryption mode is realized, and the potential safety hazard caused by the shorter key length in the conventional DES encryption algorithm is avoided. And the key mapping table is created by using the plaintext data and the secret key together, so that the use sequence of the subsecret keys can be changed along with the moment of the plaintext data, and the use sequence of the subsecret keys is not changed like the conventional DES encryption algorithm, thereby effectively resisting the attack of selecting the plaintext. The application not only maintains the advantage of high encryption speed of the DES algorithm, but also greatly enhances the encryption security of the DES algorithm.
The embodiment of the application obtains the plaintext data and the secret key to be encrypted, wherein the digits of the plaintext data are the same as the digits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; the plaintext data is encrypted according to the subkeys after the key sequence is replaced to obtain ciphertext data, and the aim of encrypting the data is achieved, so that the technical effect of improving the safety of data encryption is achieved, and the technical problems that the key length of the traditional DES encryption algorithm is short and the safety performance is poor are solved.
In the above data encryption method, the sub-keys of the key are determined by: replacing the secret key after deleting the parity check code according to a first secret key replacement rule table to obtain a first secret key, wherein the total number of positions in the first secret key replacement rule table is smaller than the number of bits of the secret key; dividing the first secret key into a first subsecret key and a second subsecret key, and determining the round number and the secret key shift number corresponding to the round number according to a cyclic shift table; performing left cyclic shift operation on the first subkey and the second subkey according to the round number and the key shift number to obtain a third subkey and a fourth subkey; combining the third subkey and the fourth subkey to obtain a second key; replacing the second key according to the second key replacement rule table to obtain a third key, wherein the number of bits in the second key replacement rule table is smaller than that in the first key replacement rule table; the third key is determined to be a sub-key of the key.
In the embodiment of the application, the bit number of the key K is 64 bits, wherein 8 bits are parity check bits, the effective key length is 56 bits, and the key is firstly subjected to first compression replacement, namely after deleting the parity check code in the key, the rest of the keys with 56 bits are reordered according to a first key replacement rule table, so that a first key is obtained. It should be noted that, the sorting criteria in the first key replacement rule table may be customized by the user, and is not limited herein, but the total number of the first key replacement rule table should be the same as the number of bits of the keys after the parity check code is deleted, that is, there are 56 positions in the first key replacement rule table, so that the reordering of all 56bit keys may be realized.
Dividing the ordered first key into a first sub-key and a second sub-key, for example, dividing the first key from the middle, taking the front 28 bits of the first key as the first sub-key, taking the rear 28 bits of the first key as the second sub-key, respectively carrying out left cyclic shift operation on the first sub-key and the second sub-key according to the number of key shifts corresponding to the number of rounds determined by a cyclic shift table, if the key is divided into 16 sub-keys, 16 rounds, for example, 1,2, … and 16, namely, the number of rounds in the cyclic shift table is the same as the number of rounds and the sub-keys, and taking the number of key shifts corresponding to each round as 1bit or 2 bits, for example, taking the number of rounds as 1,2 and 16 as the second sub-key, correspondingly taking the first sub-key and the second sub-key as 1bit, taking the number of rounds as the left shift when the number of rounds is between 3 and 15 (including endpoints), thereby determining the first sub-key after the shift operation as the third sub-key, taking the third sub-key after the shift operation as the third sub-key, taking the fourth sub-key as the fourth sub-key, combining the key after the fourth sub-key and the fourth sub-key, for example, and obtaining the fourth sub-key after the fourth sub-key. The second key is subjected to a second compression permutation according to a second key permutation rule table, the number of bits (total number of positions) in the second key permutation rule table being smaller than the number of bits in the first key permutation rule table, e.g. when the first key permutation rule table is 8 x 7, the second key permutation rule table is 8*6, resulting in a third key, i.e. the sub-key used by the round. For example, if the round is to divide the key for the first time, the number of rounds corresponding to the round shift table is 1, and the third sub-key finally obtained is the sub-key used in the first round of operation.
Starting from the second round, the sub-key in each round of operation is obtained by performing compression displacement twice on the sub-key obtained last time, and the difference is only that the number of key shifts is different. If the number of the sub-keys is 16, the above steps are repeated 16 times until 16 sub-keys K are generated 1 ,K 2 ,...,K 16
In step S206 in the above data encryption method, the key mapping table is determined according to the multiple sets of sub-results, and specifically includes the following steps: grouping the first results according to preset digits to obtain a plurality of groups of sub-results, wherein the digits of each group of sub-results are the same, and each group of sub-results is represented by binary data; converting a plurality of groups of sub-results from binary data into decimal data to obtain a plurality of converted data sequences; a key map is determined from the plurality of data arrays.
In the embodiment of the application, firstly, plaintext data M and a secret key K are obtained, the bit numbers of the plaintext data and the secret key can be 64 bits, and the M and the K are subjected to exclusive OR operation, and the corresponding formulas are as follows:obtaining a first result MK of 64 bits, and pre-setting MKGrouping the bits, e.g. every 4 bits into one group, to obtain 16 sub-results, respectively MK 1 ,MK 2 ,...,MK 16 As can be easily seen, MK is 0.ltoreq.MK i And not less than 15, wherein i is not less than 1 and not more than 16. By inserting binary data sequence MK 1 ,MK 2 ,...,MK 16 Converting into decimal data sequences to obtain multiple converted data sequences, namely B 1 ,B 2 ,...,B 16 It is easy to know that 0 is less than or equal to B i Not less than 15, wherein i is not less than 1 and not more than 16, B is 1 ,B 2 ,...,B 16 I.e. the key map.
In step S206 in the above-mentioned data encryption method, after determining the key mapping table, the method further includes the steps of: acquiring a key sequence of a sub-key of a key and acquiring a plurality of data arrays in a key mapping table, wherein the number of the sub-keys is the same as the number of the plurality of data arrays in the key mapping table, and the key sequence is determined by a first sequence; determining a correspondence between the first sequence and the plurality of data arrays; and replacing the subscript of the first sequence with data indicated by a data sequence with a corresponding relation with the first sequence to obtain a second sequence, wherein the second sequence is used for representing a sub-key sequence obtained by reordering the key sequence of the sub-keys.
In the embodiment of the application, the key sequence of the sub-keys of the key is obtained, and is the key sequence of the original sub-keys, namely K 1 ,K 2 ,...,K 16 The first sequence corresponding to the key sequence is 1,2, …,16, and the plurality of data sequences in the key mapping table is B 1 ,B 2 ,...,B 16 The correspondence between the first sequence and the plurality of data arrays may be determined by subscripts, e.g. K 1 And B is connected with 1 Correspondingly, K 2 And B is connected with 2 Correspondingly, etc., K is i Replaced byThe second sequence obtained is +.>Can be explained by the following examplesBright: the key sequence of the original subkey is K 1 ,K 2 ,...,K 16 The key map is 12,2, 7, then the second sequence KL is finally K 12 ,K 2 ,...,K 7
In step S208 in the above data encryption method, before encrypting the plaintext data according to the subkey after the sequence of replacing the key, the method further includes the following steps: acquiring an initial substitution table, wherein the initial substitution table is used for substituting data positions of plaintext data, and the total number of positions in the initial substitution table is the same as the number of digits of a secret key; and carrying out initial substitution on the plaintext data according to the numerical value in the initial substitution table to obtain substituted plaintext data, wherein the initial substitution is used for moving the data at the corresponding position of the plaintext data to the position indicated by the initial substitution table.
In the embodiment of the present application, the initial substitution table may be defined by the user, for example, different sequence numbers may be used to represent the initial substitution table, but it is required to ensure that the sequence number appearing in the initial substitution table is the sequence number bit existing in the plaintext data, when the bit number of the plaintext data is 64 bits, the initial substitution table may be 8×8, and according to the value in the initial substitution table, the data in the corresponding position of the plaintext data is moved to the position where the data is located, that is, the initial substitution operation is implemented, and the data after the initial substitution is determined as the substituted plaintext data.
In step S208 of the above data encryption method, encrypting plaintext data according to the subkeys after replacing the key sequence to obtain ciphertext data, including: equally dividing the permuted plaintext data into first plaintext data and second plaintext data; performing iterative transformation on the first plaintext data and the second plaintext data according to the transformation logic and the total iteration times to obtain third plaintext data and fourth plaintext data; combining the third plaintext data and the fourth plaintext data which are obtained by the last iterative transformation to obtain fifth plaintext data; and performing the reverse permutation operation of the initial permutation on the fifth plaintext data to obtain ciphertext data.
In the above step, performing iterative transformation on the first plaintext data and the second plaintext data according to the transformation logic and the total number of iterations, including: step 1: determining the second plaintext data as third plaintext data; step 2: determining fourth plaintext data according to the first plaintext data, the second plaintext data and a subkey corresponding to the current iteration number in the second sequence; step 3: updating the third plaintext data into the first plaintext data to obtain updated first plaintext data, updating the fourth plaintext data into the second plaintext data to obtain updated second plaintext data, and adding 1 to the current iteration number; step 4: and repeatedly executing the steps 1 to 3 until the current iteration number is greater than the total iteration number, and stopping iteration.
In the embodiment of the present application, after obtaining the substituted plaintext data, the substituted plaintext data is divided into the first plaintext data and the second plaintext data, for example, when the original plaintext data is 64 bits, the substituted plaintext data is also 64 bits, the first 32 bits of the substituted plaintext data are used as the first plaintext data, and L may be used 0 The representation uses the last 32 bits of the replaced plaintext data as the second plaintext data, R can be used 0 The method includes the steps that iterative transformation is carried out on first plaintext data and second plaintext data according to transformation logic and total iteration times, the total iteration times are consistent with the number of sub-keys, and when the number of the sub-keys is 16, the total iteration times are 16, and each transformation logic can be represented as follows:
wherein L is i Representing third plaintext data in each transformation, R i Representing fourth plaintext data in each transformation, R i-1 Representing second plaintext data in each transformation, L i-1 Representing the first plaintext data in each transformation,for bitwise modulo-2 addition, F is the transform function, K i Representing the i-th subkey.
And combining the third plaintext data and the fourth plaintext data obtained by the last iterative transformation to obtain fifth plaintext data, namely 64 bits of the fifth plaintext data, and performing the reverse substitution operation of initial substitution on the fifth plaintext data to obtain ciphertext data, wherein the ciphertext data is also 64 bits.
Because the embodiment of the application is an improved algorithm of the DES encryption algorithm, the DES encryption algorithm is a symmetric encryption algorithm, when decryption is performed, only a subkey is needed to be used according to the reverse order of the second sequence KL in the traditional DES decryption process, and the description is omitted here.
Fig. 3 is a block diagram of an apparatus for encrypting data according to an embodiment of the present application, as shown in fig. 3, the apparatus including:
an obtaining module 32, configured to obtain plaintext data and a secret key to be encrypted, where the number of bits of the plaintext data is the same as the number of bits of the secret key;
an operation module 34, configured to perform an exclusive-or operation on the plaintext data and the secret key, so as to obtain a first result;
the determining module 36 is configured to group the first results to obtain a plurality of groups of sub-results, and determine a key mapping table according to the plurality of groups of sub-results, where data in the key mapping table is used to replace a key sequence of sub-keys of the key, and the key sequence of the sub-keys is a sequence of sub-keys obtained by sequentially processing the keys according to the same operation;
the encryption module 38 is configured to encrypt the plaintext data according to the subkeys after the key replacement sequence, so as to obtain ciphertext data.
In the data encryption device, the sub-key processing part in the traditional DES encryption algorithm is improved and optimized, a key mapping table is created by using plaintext data and a key together, and then the original sub-key sequence (namely the key sequence of the sub-keys) is reordered according to the key mapping table, so that a one-time and one-time secure encryption mode is realized, and the potential safety hazard caused by the fact that the key length of the traditional DES encryption algorithm is shorter is avoided. And the key mapping table is created by using the plaintext data and the secret key together, so that the use sequence of the subsecret keys can be changed along with the moment of the plaintext data, and the use sequence of the subsecret keys is not changed like the conventional DES encryption algorithm, thereby effectively resisting the attack of selecting the plaintext. The application not only maintains the advantage of high encryption speed of the DES algorithm, but also greatly enhances the encryption security of the DES algorithm.
According to the embodiment of the application, the plaintext data and the secret key to be encrypted are obtained through the obtaining module, wherein the digits of the plaintext data are the same as the digits of the secret key; performing exclusive OR operation on the plaintext data and the secret key through an operation module to obtain a first result; grouping the first results through a determining module to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; the encryption module encrypts the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data, so that the aim of encrypting the data is fulfilled, the technical effect of improving the safety of data encryption is realized, and the technical problems of short key length and poor safety performance of the traditional DES encryption algorithm are solved.
In the above-described data encrypting apparatus, the sub-key of the key is determined by: replacing the secret key after deleting the parity check code according to a first secret key replacement rule table to obtain a first secret key, wherein the total number of positions in the first secret key replacement rule table is smaller than the number of bits of the secret key; dividing the first secret key into a first subsecret key and a second subsecret key, and determining the round number and the secret key shift number corresponding to the round number according to a cyclic shift table; performing left cyclic shift operation on the first subkey and the second subkey according to the round number and the key shift number to obtain a third subkey and a fourth subkey; combining the third subkey and the fourth subkey to obtain a second key; replacing the second key according to the second key replacement rule table to obtain a third key, wherein the number of bits in the second key replacement rule table is smaller than that in the first key replacement rule table; the third key is determined to be a sub-key of the key.
In the determining module in the data encryption device, the key mapping table is determined according to a plurality of groups of sub-results, and the method specifically comprises the following steps: grouping the first results according to preset digits to obtain a plurality of groups of sub-results, wherein the digits of each group of sub-results are the same, and each group of sub-results is represented by binary data; converting a plurality of groups of sub-results from binary data into decimal data to obtain a plurality of converted data sequences; a key map is determined from the plurality of data arrays.
In the determining module in the data encryption device, after determining the key mapping table, the determining module is further configured to obtain a key sequence of sub-keys of the key, and obtain a plurality of data arrays in the key mapping table, where the number of the sub-keys is the same as the number of the plurality of data arrays in the key mapping table, and the key sequence is determined by the first sequence; determining a correspondence between the first sequence and the plurality of data arrays; and replacing the subscript of the first sequence with data indicated by a data sequence with a corresponding relation with the first sequence to obtain a second sequence, wherein the second sequence is used for representing a sub-key sequence obtained by reordering the key sequence of the sub-keys.
In the encryption module in the data encryption device, before encrypting the plaintext data according to the subkeys after the sequence of replacing the keys, the encryption module is further configured to obtain an initial substitution table, where the initial substitution table is used for substituting the data position of the plaintext data, and the total number of positions in the initial substitution table is the same as the number of bits of the keys; and carrying out initial substitution on the plaintext data according to the numerical value in the initial substitution table to obtain substituted plaintext data, wherein the initial substitution is used for moving the data at the corresponding position of the plaintext data to the position indicated by the initial substitution table.
In the encryption module in the data encryption device, encrypting the plaintext data according to the subkeys after the sequence of replacing the keys to obtain ciphertext data, wherein the method specifically comprises the following steps: equally dividing the permuted plaintext data into first plaintext data and second plaintext data; performing iterative transformation on the first plaintext data and the second plaintext data according to the transformation logic and the total iteration times to obtain third plaintext data and fourth plaintext data; combining the third plaintext data and the fourth plaintext data which are obtained by the last iterative transformation to obtain fifth plaintext data; and performing the reverse permutation operation of the initial permutation on the fifth plaintext data to obtain ciphertext data.
In the encryption module in the data encryption device, performing iterative transformation on the first plaintext data and the second plaintext data according to the transformation logic and the total iteration number, including: step 1: determining the second plaintext data as third plaintext data; step 2: determining fourth plaintext data according to the first plaintext data, the second plaintext data and a subkey corresponding to the current iteration number in the second sequence; step 3: updating the third plaintext data into the first plaintext data to obtain updated first plaintext data, updating the fourth plaintext data into the second plaintext data to obtain updated second plaintext data, and adding 1 to the current iteration number; step 4: and repeatedly executing the steps 1 to 3 until the current iteration number is greater than the total iteration number, and stopping iteration.
It should be noted that, the data encryption device shown in fig. 3 is used to perform the data encryption method shown in fig. 2, so the explanation of the data encryption method is also applicable to the data encryption device, and will not be repeated here.
The embodiment of the application also provides electronic equipment, which comprises: a memory for storing program instructions; a processor coupled to the memory for executing program instructions that perform the following functions: acquiring plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and encrypting the plaintext data according to the subkeys after the key sequence is replaced to obtain ciphertext data.
It should be noted that, the electronic device is configured to execute the data encryption method shown in fig. 2, so the explanation of the data encryption method is also applicable to the electronic device, and will not be repeated here.
The embodiment of the application also provides a nonvolatile storage medium, which comprises a stored computer program, wherein the equipment of the nonvolatile storage medium executes the following data encryption method by running the computer program: acquiring plaintext data and a secret key to be encrypted, wherein the number of bits of the plaintext data is the same as the number of bits of the secret key; performing exclusive OR operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the keys according to the same operation; and encrypting the plaintext data according to the subkeys after the key sequence is replaced to obtain ciphertext data.
It should be noted that, the above-mentioned nonvolatile storage medium is used for executing the data encryption method shown in fig. 2, so the explanation of the above-mentioned data encryption method is also applicable to the nonvolatile storage medium, and will not be repeated here.
The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.

Claims (10)

1. A method of encrypting data, comprising:
acquiring plaintext data to be encrypted and a secret key, wherein the bit number of the plaintext data is the same as the bit number of the secret key;
performing exclusive-or operation on the plaintext data and the secret key to obtain a first result;
grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the key according to the same operation;
encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data.
2. The method of claim 1, wherein the subkeys of the key are determined by:
Replacing the secret key after deleting the parity check code according to a first secret key replacement rule table to obtain a first secret key, wherein the total number of positions in the first secret key replacement rule table is smaller than the number of bits of the secret key;
dividing the first key into a first sub-key and a second sub-key equally, and determining the number of rounds and the key shift number corresponding to the number of rounds according to a cyclic shift table;
according to the round number and the key shift number, performing left cyclic shift operation on the first sub-key and the second sub-key respectively to obtain a third sub-key and a fourth sub-key;
combining the third subkey and the fourth subkey to obtain a second key;
replacing the second key according to a second key replacement rule table to obtain a third key, wherein the number of bits in the second key replacement rule table is smaller than that in the first key replacement rule table;
and determining the third key as a sub-key of the key.
3. The method of claim 1, wherein determining a key map based on the plurality of sets of sub-results comprises:
grouping the first results according to preset digits to obtain multiple groups of sub-results, wherein the digits of each group of sub-results are the same, and each group of sub-results is represented by binary data;
Converting the multiple groups of sub-results from the binary data into decimal data to obtain multiple converted data arrays;
and determining the key mapping table according to the data arrays.
4. A method according to claim 3, wherein after determining the key map, the method further comprises:
acquiring a key sequence of sub-keys of the key, and acquiring a plurality of data arrays in the key mapping table, wherein the number of the sub-keys is the same as the number of the plurality of data arrays in the key mapping table, and the key sequence is determined by a first sequence;
determining correspondence between the first sequence and the plurality of data arrays;
and replacing the subscript of the first sequence with data indicated by a data sequence with a corresponding relation with the first sequence to obtain a second sequence, wherein the second sequence is used for representing a sub-key sequence obtained by reordering the key sequence of the sub-keys.
5. The method of claim 4, wherein prior to encrypting the plaintext data according to a subkey following a replacement key sequence, the method further comprises:
Obtaining an initial substitution table, wherein the initial substitution table is used for substituting data positions of the plaintext data, and the total number of positions in the initial substitution table is the same as the number of bits of the secret key;
and carrying out initial substitution on the plaintext data according to the numerical value in the initial substitution table to obtain substituted plaintext data, wherein the initial substitution is used for moving the data at the corresponding position of the plaintext data to the position indicated by the initial substitution table.
6. The method of claim 5, wherein encrypting the plaintext data according to the subkeys after the replacement key sequence to obtain ciphertext data comprises:
equally dividing the permuted plaintext data into first plaintext data and second plaintext data;
performing iterative transformation on the first plaintext data and the second plaintext data according to transformation logic and total iteration times to obtain third plaintext data and fourth plaintext data;
combining the third plaintext data and the fourth plaintext data which are obtained by the last iterative transformation to obtain fifth plaintext data;
and performing inverse permutation operation of the initial permutation on the fifth plaintext data to obtain ciphertext data.
7. The method of claim 6, wherein iteratively transforming the first plaintext data and the second plaintext data according to a transformation logic and a total number of iterations, comprises:
step 1: determining the second plaintext data as the third plaintext data;
step 2: determining the fourth plaintext data according to the first plaintext data, the second plaintext data and a subkey corresponding to the current iteration number in the second sequence;
step 3: updating the third plaintext data into first plaintext data to obtain updated first plaintext data, updating the fourth plaintext data into second plaintext data to obtain updated second plaintext data, and adding 1 to the current iteration number;
step 4: and repeatedly executing the steps 1 to 3 until the current iteration times are greater than the total iteration times, and stopping iteration.
8. An apparatus for encrypting data, comprising:
the acquisition module is used for acquiring plaintext data to be encrypted and a secret key, wherein the bit number of the plaintext data is the same as the bit number of the secret key;
the operation module is used for carrying out exclusive-or operation on the plaintext data and the secret key to obtain a first result;
The determining module is used for grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the key according to the same operation;
and the encryption module is used for encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data.
9. An electronic device, comprising:
a memory for storing program instructions;
a processor, coupled to the memory, for executing program instructions that perform the following functions: acquiring plaintext data to be encrypted and a secret key, wherein the bit number of the plaintext data is the same as the bit number of the secret key; performing exclusive-or operation on the plaintext data and the secret key to obtain a first result; grouping the first results to obtain a plurality of groups of sub-results, and determining a key mapping table according to the plurality of groups of sub-results, wherein data in the key mapping table is used for replacing the key sequence of sub-keys of the key, and the key sequence of the sub-keys is the sequence of the sub-keys obtained by sequentially processing the key according to the same operation; encrypting the plaintext data according to the subkeys after the key replacement sequence to obtain ciphertext data.
10. A non-volatile storage medium, characterized in that the non-volatile storage medium comprises a stored computer program, wherein the device in which the non-volatile storage medium is located performs the method of data encryption according to any one of claims 1 to 7 by running the computer program.
CN202310736590.3A 2023-06-20 2023-06-20 Data encryption method and device and electronic equipment Pending CN116663038A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310736590.3A CN116663038A (en) 2023-06-20 2023-06-20 Data encryption method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310736590.3A CN116663038A (en) 2023-06-20 2023-06-20 Data encryption method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN116663038A true CN116663038A (en) 2023-08-29

Family

ID=87717017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310736590.3A Pending CN116663038A (en) 2023-06-20 2023-06-20 Data encryption method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN116663038A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117499023A (en) * 2024-01-02 2024-02-02 深圳市玩视科技股份有限公司 Hardware security method, device and storage medium based on AES algorithm
CN118041702A (en) * 2024-04-12 2024-05-14 长江三峡集团实业发展(北京)有限公司 Lightweight industrial protocol message data safety transmission method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117499023A (en) * 2024-01-02 2024-02-02 深圳市玩视科技股份有限公司 Hardware security method, device and storage medium based on AES algorithm
CN117499023B (en) * 2024-01-02 2024-04-09 深圳市玩视科技股份有限公司 Hardware security method, device and storage medium based on AES algorithm
CN118041702A (en) * 2024-04-12 2024-05-14 长江三峡集团实业发展(北京)有限公司 Lightweight industrial protocol message data safety transmission method and device

Similar Documents

Publication Publication Date Title
CN106850221B (en) Information encryption and decryption method and device
US7564970B2 (en) Exponential data transform to enhance security
US8155310B2 (en) Key derivation functions to enhance security
KR101366185B1 (en) Permutation Data Transformation to Enhance Security
EP3468147B1 (en) Method for constructing secure hash functions from bit-mixers
KR101143041B1 (en) Stream cipher design with revolving buffers
CN116663038A (en) Data encryption method and device and electronic equipment
EP2460310B1 (en) Symmetric-key encryption method and cryptographic system employing the method
US8077861B2 (en) Permutation data transform to enhance security
Joshy et al. Text to image encryption technique using RGB substitution and AES
CN112636903A (en) Construction method, encryption method, decryption method, device, equipment and storage medium
CN115426111A (en) Data encryption method and device, electronic equipment and storage medium
Padhi et al. Modified version of XTS (XOR-Encrypt-XOR with Ciphertext Stealing) using tweakable enciphering scheme
Урбанович Information Protection, Part 7: BASIC CRYPTOGRAPHIC ALGORITHMS AND STANDARDS
Hughes Seven Steps to a Quantum-Resistant Cipher
Erosh et al. Fast encryption of various types of messages
CN117254899A (en) Method for replacing information position based on sequence of exponential integer pattern
JP2021047371A (en) Information processing device, information processing method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination