CN116781265A - Data encryption method and device - Google Patents
Data encryption method and device Download PDFInfo
- Publication number
- CN116781265A CN116781265A CN202210222684.4A CN202210222684A CN116781265A CN 116781265 A CN116781265 A CN 116781265A CN 202210222684 A CN202210222684 A CN 202210222684A CN 116781265 A CN116781265 A CN 116781265A
- Authority
- CN
- China
- Prior art keywords
- data
- target
- encryption
- encrypted
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 335
- 238000012545 processing Methods 0.000 claims abstract description 95
- 238000004364 calculation method Methods 0.000 claims description 61
- 230000009466 transformation Effects 0.000 claims description 36
- 238000001514 detection method Methods 0.000 claims description 27
- 238000013144 data compression Methods 0.000 claims description 19
- 230000008569 process Effects 0.000 abstract description 23
- 238000012795 verification Methods 0.000 description 13
- 230000001186 cumulative effect Effects 0.000 description 8
- 238000006243 chemical reaction Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 230000035508 accumulation Effects 0.000 description 6
- 238000009825 accumulation Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000000638 solvent extraction Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000012886 linear function Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008521 reorganization Effects 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0872—Generation of secret information including derivation or calculation of cryptographic keys or passwords using geo-location information, e.g. location data, time, relative position or proximity to other entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data encryption method and a device, wherein the method comprises the following steps: acquiring data to be encrypted, determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted; determining a target address and an encryption key of data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data; and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, confuse the process of encrypting the data, increase the difficulty of side channel attack, reduce the situation that the data is leaked, and improve the security of the data.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and an apparatus for encrypting data.
Background
With the continuous development of computer technology and big data technology, the hidden danger of data is also existed while the information convenience is brought to people, and the data security has become a close concern for people, especially the confidential data such as private sensitive data, technology, finance, military industry, etc.
At present, in order to prevent data leakage or malicious tampering, a data encryption technology is generally adopted to encrypt data and perform validity verification on the data, however, in the prior art, side channel attack is performed to steal the data in a power consumption analysis mode and the like, injection attack is performed to tamper the encrypted data in an electromagnetic attack mode and the like based on the stolen data, namely, the current method for encrypting the data based on the data encryption technology has the potential safety hazard of data leakage caused by the side channel attack, further, the encrypted data is easy to tamper, and the data security is lower.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a data encryption method and device, which can reduce the occurrence of data leakage and data tampering, increase the difficulty of side channel attack by means of power consumption analysis and the like, and improve the safety of data.
To solve the above technical problem, a first aspect of the present invention discloses a method for encrypting data, the method comprising:
acquiring data to be encrypted, and determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted;
determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain first ciphertext data;
and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted, wherein the other encryption algorithms are encryption algorithms except the target encryption algorithm in all the encryption algorithms.
As an optional implementation manner, in the first aspect of the present invention, the obtaining data to be encrypted includes:
acquiring target plaintext data, and determining a check code corresponding to the target plaintext data based on a preset discrete algorithm, wherein the check code is used for checking whether the target plaintext data is tampered or not;
Dividing the target plaintext data into at least two first sub-data according to a preset data dividing strategy;
and inserting the check code between every two adjacent first sub-data to generate data to be encrypted.
In a first aspect of the present invention, the inserting the check code between every two adjacent first sub-data generates data to be encrypted, including:
inserting the check code between every two adjacent first sub-data to obtain middle spliced data;
dividing the intermediate spliced data into at least two second sub-data according to a preset data scrambling strategy, and determining target second sub-data from all the second sub-data;
and carrying out exclusive OR processing on other second sub data except the target second sub data in all the second sub data and the target second sub data in sequence to generate data to be encrypted.
In an optional implementation manner, in a first aspect of the present invention, encrypting the data to be encrypted based on the target address, the encryption key, and the target encryption algorithm to obtain first ciphertext data includes:
Respectively carrying out corresponding data processing operation on the target address and the encryption key based on the target encryption algorithm to obtain an intermediate target address of the target address and an intermediate encryption key of the encryption key;
the data processing operation comprises a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm, and the corresponding data processing operation comprises a data replacement operation, a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm;
performing exclusive OR processing on the intermediate target address and the intermediate encryption key to obtain a target encryption key;
and encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data.
In a first aspect of the present invention, when the target encryption algorithm is the first encryption algorithm, encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data, where the encrypting includes:
Performing byte transformation on the target encryption key according to the target encryption algorithm to obtain a sub-target encryption key;
dividing the sub-target encryption key after byte transformation into a first sub-key and a second sub-key according to byte sequence, wherein the first sub-key comprises at least one high-order byte in the sub-target encryption key, the second sub-key comprises at least one low-order byte in the sub-target encryption key, and the byte sequence of each high-order byte is larger than that of each low-order byte;
performing data replacement operation on the second sub-key to obtain a third sub-key, and performing exclusive-or processing on the first sub-key and the third sub-key to obtain an intermediate sub-key;
and performing byte transformation on the intermediate subkey to obtain a target subkey, and performing exclusive-or processing on the target subkey after byte transformation and the data to be encrypted to obtain first ciphertext data.
In a first aspect of the present invention, when the target encryption algorithm is the second encryption algorithm, encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data, where the first ciphertext data includes:
According to the target encryption algorithm, performing linear transformation on the target encryption key to obtain a target subkey;
performing byte line transformation and data replacement operation on the data to be encrypted according to the target encryption algorithm to obtain intermediate plaintext data;
and carrying out exclusive or processing on the target subkey and the intermediate plaintext data to obtain first ciphertext data.
In an optional implementation manner, in the first aspect of the present invention, the performing redundancy processing based on the other encryption algorithm to obtain second ciphertext data includes:
determining a random number, and performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data, wherein the random number is randomly generated;
determining and executing the steps of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data;
comparing the accumulated times with a preset accumulated times threshold value, and repeatedly executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the accumulated times are smaller than the accumulated times threshold value;
When the accumulated times is larger than the accumulated times threshold, detecting whether the step of encrypting the data to be encrypted is finished, obtaining a detection result, and generating second ciphertext data according to the detection result and the redundant ciphertext data;
and generating second ciphertext data according to the detection result and the redundant ciphertext data, including:
when the detection result shows that the step of encrypting the data to be encrypted is not finished, setting zero for the accumulated times, and suspending the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data, and the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the redundant ciphertext data, so as to re-execute the step of executing the redundancy calculation on the random number based on other encryption algorithms after suspending the preset time, and executing the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of redundant ciphertext data;
And stopping executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the detection result indicates that the step of encrypting the data to be encrypted is finished, and determining all the redundancy ciphertext data as second ciphertext data.
The second aspect of the present invention discloses a data encryption device, the device comprising:
the acquisition module is used for acquiring data to be encrypted, determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted;
the encryption module is used for determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain first ciphertext data;
and the redundancy module is used for carrying out redundancy processing based on other encryption algorithms to obtain second ciphertext data, determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted, wherein the other encryption algorithms are encryption algorithms except the target encryption algorithm in all the encryption algorithms.
In a second aspect of the present invention, as an optional implementation manner, the specific manner of acquiring the data to be encrypted by the acquiring module is:
acquiring target plaintext data, and determining a check code corresponding to the target plaintext data based on a preset discrete algorithm, wherein the check code is used for checking whether the target plaintext data is tampered or not; dividing the target plaintext data into at least two first sub-data according to a preset data dividing strategy; and inserting the check code between every two adjacent first sub-data to generate data to be encrypted.
In a second aspect of the present invention, the obtaining module inserts the check code between every two adjacent first sub-data, and the specific manner of generating the data to be encrypted is:
inserting the check code between every two adjacent first sub-data to obtain middle spliced data; dividing the intermediate spliced data into at least two second sub-data according to a preset data scrambling strategy, and determining target second sub-data from all the second sub-data; and carrying out exclusive OR processing on other second sub data except the target second sub data in all the second sub data and the target second sub data in sequence to generate data to be encrypted.
In a second aspect of the present invention, the specific manner of encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm in the encryption module to obtain the first ciphertext data is as follows:
respectively carrying out corresponding data processing operation on the target address and the encryption key based on the target encryption algorithm to obtain an intermediate target address of the target address and an intermediate encryption key of the encryption key; the data processing operation comprises a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm, and the corresponding data processing operation comprises a data replacement operation, a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm; performing exclusive OR processing on the intermediate target address and the intermediate encryption key to obtain a target encryption key; and encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data.
In a second aspect of the present invention, the specific manner of encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm in the encryption module to obtain the first ciphertext data is as follows:
when the target encryption algorithm is the first encryption algorithm, performing byte transformation on the target encryption key according to the target encryption algorithm to obtain a sub-target encryption key; dividing the sub-target encryption key after byte transformation into a first sub-key and a second sub-key according to byte sequence, wherein the first sub-key comprises at least one high-order byte in the sub-target encryption key, the second sub-key comprises at least one low-order byte in the sub-target encryption key, and the byte sequence of each high-order byte is larger than that of each low-order byte; performing data replacement operation on the second sub-key to obtain a third sub-key, and performing exclusive-or processing on the first sub-key and the third sub-key to obtain an intermediate sub-key; and performing byte transformation on the intermediate subkey to obtain a target subkey, and performing exclusive-or processing on the target subkey after byte transformation and the data to be encrypted to obtain first ciphertext data.
In a second aspect of the present invention, the specific manner of encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm in the encryption module to obtain the first ciphertext data is as follows:
when the target encryption algorithm is the second encryption algorithm, performing linear transformation on the target encryption key according to the target encryption algorithm to obtain a target subkey; performing byte line transformation and data replacement operation on the data to be encrypted according to the target encryption algorithm to obtain intermediate plaintext data; and carrying out exclusive or processing on the target subkey and the intermediate plaintext data to obtain first ciphertext data.
In a second aspect of the present invention, the redundancy module performs redundancy processing based on other encryption algorithms, and the specific manner of obtaining the second ciphertext data is as follows:
determining a random number, and performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data, wherein the random number is randomly generated; determining and executing the steps of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data; comparing the accumulated times with a preset accumulated times threshold value, and repeatedly executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the accumulated times are smaller than the accumulated times threshold value; when the accumulated times is larger than the accumulated times threshold, detecting whether the step of encrypting the data to be encrypted is finished, obtaining a detection result, and generating second ciphertext data according to the detection result and the redundant ciphertext data;
And the specific mode for generating the second ciphertext data in the redundancy module according to the detection result and the redundancy ciphertext data is as follows:
when the detection result shows that the step of encrypting the data to be encrypted is not finished, setting zero for the accumulated times, and suspending the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data, and the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the redundant ciphertext data, so as to re-execute the step of executing the redundancy calculation on the random number based on other encryption algorithms after suspending the preset time, and executing the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of redundant ciphertext data; and stopping executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the detection result indicates that the step of encrypting the data to be encrypted is finished, and determining all the redundancy ciphertext data as second ciphertext data.
In a third aspect, the present invention discloses another data encryption device, which includes:
a memory storing executable program code;
a processor coupled to the memory;
the processor invokes the executable program code stored in the memory to perform the method of encrypting data disclosed in the first aspect of the present invention.
A fourth aspect of the invention discloses a computer-readable storage medium storing computer instructions which, when invoked, are adapted to perform the method of data encryption disclosed in the first aspect of the invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
in the embodiment of the invention, data to be encrypted is obtained, and a target encryption algorithm corresponding to the data to be encrypted is determined from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted; determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain first ciphertext data; and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted, wherein the other encryption algorithms are encryption algorithms except the target encryption algorithm in all the encryption algorithms. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, so as to confuse the data encryption process, and the encryption result comprises ciphertext data based on the data encryption and ciphertext data obtained based on the redundant processing, thereby increasing the difficulty of carrying out side channel attack by means of power consumption analysis and the like, reducing the situation that the data is leaked, and improving the safety of the data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for encrypting data according to an embodiment of the present invention;
FIG. 2a is a schematic diagram of a redundancy process based on other encryption algorithms disclosed in an embodiment of the present invention;
FIG. 2b is a schematic diagram of an encryption algorithm data selection based on an enable signal according to an embodiment of the present invention;
FIG. 3 is a flow chart of another method for encrypting data according to an embodiment of the present invention;
FIG. 4a is an encryption flow chart for a first encryption algorithm disclosed in an embodiment of the present invention;
FIG. 4b is an encryption flow chart for a second encryption algorithm disclosed in an embodiment of the present invention;
FIG. 5 is a flow chart of yet another data encryption method disclosed in an embodiment of the present invention;
FIG. 6 is a schematic diagram of a device for encrypting data according to an embodiment of the present invention;
Fig. 7 is a schematic structural diagram of another apparatus for encrypting data according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms first, second and the like in the description and in the claims and in the above-described figures are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order. Furthermore, the terms "comprise" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, apparatus, article, or article that comprises a list of steps or elements is not limited to only those listed but may optionally include other steps or elements not listed or inherent to such process, method, article, or article.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the invention. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
The invention discloses a data encryption method and device, which can reduce the situations of data leakage and data tampering, increase the difficulty of side channel attack by means of power consumption analysis and the like, and improve the safety of data. The following will describe in detail.
Example 1
Referring to fig. 1, fig. 1 is a flow chart of a data encryption method according to an embodiment of the invention. The method for encrypting data described in fig. 1 may be applied to an apparatus for encrypting data, where the apparatus may be a storage device or a communication device, and embodiments of the present invention are not limited. As shown in fig. 1, the data encryption method may include the following operations:
Step 101, obtaining data to be encrypted, and determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms.
The target encryption algorithm can encrypt data to be encrypted, the data to be encrypted can be data which is required to be encrypted according to user requirements, the data to be encrypted can comprise an identifier, and the identifier can comprise an address identifier, an algorithm identifier and an encryption/decryption identifier.
Before data encryption is needed, at least two encryption algorithms for encrypting the data can be preset in a server or terminal equipment, so that when the data encryption is needed, the data to be encrypted can be obtained, and a target encryption algorithm for encrypting the data to be encrypted, which corresponds to the identification of the data to be encrypted, is determined from all preset encryption algorithms.
In an alternative embodiment, step 101 may comprise the following sub-steps:
and step 11, acquiring target plaintext data, and determining a check code corresponding to the target plaintext data based on a preset discrete algorithm.
The target plaintext data may be plaintext data to be encrypted provided by a user, or plaintext data to be encrypted in a process of storing data or transmitting data, or plaintext data may be unencrypted data, the discrete algorithm may be a check code for generating a corresponding check code of the target plaintext data, and the check code may be used for checking whether the target plaintext data is tampered or not.
When data encryption is needed, plaintext data to be encrypted can be obtained, and a preset discrete algorithm is adopted to calculate the plaintext data to be encrypted, so that a check code corresponding to the plaintext data is generated.
And a sub-step 12 of dividing the target plaintext data into at least two first sub-data according to a preset data dividing policy.
The data dividing policy may be a policy for dividing the target plaintext data, the data dividing policy may include a policy for dividing the target plaintext data by bytes, a policy for dividing the target plaintext data by bits, and the first sub data may be data after dividing the target plaintext data.
After the check code corresponding to the target plaintext data is obtained, the target plaintext data may be divided into at least two first sub-data according to a preset data division policy.
In practical application, when the data partitioning policy is set as a policy of partitioning the target plaintext data by bytes, the target plaintext data may be partitioned according to a preset number of bytes, for example, when the target plaintext data includes at least 8 bytes, the number of bytes in the data partitioning policy may be set to be 4, the target plaintext data may be partitioned every 4 bytes, and thus at least two first sub-data with the number of bytes of 4 may be obtained, when the data partitioning policy is set as a policy of partitioning the target plaintext data by bits, the target plaintext data may be partitioned according to a preset number of bits, for example, when the target plaintext data includes at least 8 bytes, the number of bits in the data partitioning policy may be set to be 4, and then the target plaintext data may be partitioned every 4 bits, and thus at least two first sub-data with the number of bits of 4 may be obtained.
And step 13, inserting a check code between every two adjacent first sub-data to generate data to be encrypted.
After the first sub data are obtained, check codes can be inserted between every two adjacent first sub data, and then all the first sub data inserted with the check codes can be combined in sequence, and the combined data are determined to be the data to be encrypted.
In practical application, in order to check whether data is tampered maliciously, verification is generally performed on the data, however, when a large amount of data needs to be verified, a large amount of operation is needed, the calculation amount is large, the verification efficiency is low, hash operation is performed on the digest of the data, and a mode of checking whether the data is tampered or not through verifying the digest of the data is adopted, so that the situation that the data is tampered and the digest of the data is unchanged exists, and further whether the data is tampered or not cannot be checked timely, and potential safety hazards of the data exist.
In this way, check codes can be inserted into the data to be encrypted, whether the data to be encrypted is tampered or not is checked in a verification check code mode, a large amount of data is not required to be verified, the calculation amount is small, the verification efficiency is high, whether the data is tampered or not can also be checked timely, hash operation on the abstract of the data is reduced, the situation that the data is tampered and the abstract of the data is unchanged exists in a data tampering checking mode through verifying the abstract of the data is reduced, the potential safety hazard of the data is reduced, and the safety of the data is improved.
In specific implementation, the data to be encrypted containing the check code can be encrypted and stored or transmitted, the encrypted data to be encrypted containing the check code can be decrypted, the check code in the plaintext data obtained after decryption can be checked, the check code obtained after decryption can be matched with the pre-stored check code, further, when the check code obtained after decryption is not matched with the pre-stored check code, the plaintext data is determined to be tampered, potential safety hazards exist, or when the check code obtained after decryption is matched with the pre-stored check code, the plaintext data is determined to be trusted data, and the subsequent operation is continuously performed, so that the fact that the check code is inserted between every two adjacent first sub-data can be used for checking whether the target plaintext data is tampered can be indicated, further, the integrity and the authenticity of the data can be verified, and the safety of the data can be improved.
In an alternative embodiment, the check code in the encrypted data to be encrypted containing the check code may be determined in a manner opposite to the process of inserting the check code.
As an alternative embodiment, the specific implementation of sub-step 13 may be:
And inserting a check code between every two adjacent first sub-data to obtain middle spliced data, dividing the middle spliced data into at least two second sub-data according to a preset data scrambling strategy, determining target second sub-data from all the second sub-data, and carrying out exclusive or processing on other second sub-data except the target second sub-data in all the second sub-data and the target second sub-data in sequence to generate data to be encrypted.
The data scrambling policy may be a policy for scrambling the intermediate spliced data, the data scrambling policy may determine a scrambling code for scrambling the intermediate spliced data, the second sub-data may be data divided by the intermediate spliced data, and the target second sub-data may be a scrambling code for scrambling the intermediate spliced data determined based on the data scrambling policy.
After the first sub-data is obtained, a check code can be inserted between every two adjacent first sub-data, all the first sub-data inserted with the check code are combined in sequence to obtain combined intermediate spliced data, and the intermediate spliced data can be further divided into at least two second sub-data according to a preset data scrambling strategy.
In practical applications, the process of dividing the intermediate spliced data into at least two second sub-data may adopt the above-mentioned manner of dividing by bytes or the manner of dividing by bits.
After obtaining at least two second sub-data, all the second sub-data may be scrambled according to a preset data scrambling policy, and specifically, the scrambling manner may be: determining target second sub-data from all second sub-data according to a preset data scrambling strategy, sequentially carrying out exclusive-or processing on other second sub-data except the target second sub-data in all second sub-data and the target second sub-data, merging all second sub-data after the exclusive-or processing, and determining that the merged data is data to be encrypted.
In practical application, any one second sub-data can be determined as target second sub-data from all second sub-data according to a data scrambling strategy, or second sub-data meeting user requirements in all second sub-data can be designated as target second sub-data, for example, the user requirements can be the second sub-data with the last byte order or bit order in all second sub-data, after the target second sub-data is determined, the target second sub-data can be determined as scrambling code, and further, exclusive-or processing can be sequentially carried out on the target second sub-data and all second sub-data to obtain scrambled data to be encrypted.
The byte sequence may be an arrangement sequence among a plurality of bytes, and the bit sequence may be an arrangement sequence among a plurality of bits contained in each byte.
In an optional embodiment, a scrambling code corresponding to the target second sub-data may also be generated according to the data scrambling policy, and then the scrambling code corresponding to the target second sub-data may be sequentially xored with all the second sub-data.
In practical application, the scrambling code is determined according to the data scrambling strategy, and the intermediate spliced data containing the check code is scrambled according to the determined scrambling code, so that the difficulty of acquiring a mode of inserting the check code through side channel attack can be improved, the mode of inserting the check code and/or the occurrence of the condition that the data is leaked are further reduced, and the authenticity and the integrity of the data are further ensured.
In a specific implementation, the scrambled data to be encrypted may be descrambled in a manner opposite to the scrambling process.
Step 102, determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data.
The destination address may be a storage address of the data to be encrypted in the storage device or a destination IP (Internet Protocol Address ) of the data to be encrypted when the data to be encrypted is transmitted, the encryption key may be a key for encrypting the data to be encrypted, the encryption key may correspond to the data to be encrypted, or may correspond to a module currently executing encryption of the data to be encrypted, and the ciphertext data may be encrypted data to be encrypted.
After the data to be encrypted and the target encryption algorithm are obtained, the target address of the data to be encrypted can be determined according to the address identification in the data to be encrypted, the encryption key corresponding to the data to be encrypted is determined, and the data to be encrypted can be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain the first ciphertext data.
And 103, performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted.
The other encryption algorithms may be encryption algorithms other than the target encryption algorithm in all the encryption algorithms, the redundancy processing may be processing unrelated to encrypting the data to be encrypted, the redundancy processing may be used for improving confusion of encrypting the data to be encrypted, and the encryption result may be a result obtained after encrypting the data to be encrypted.
After the data to be encrypted and the target encryption algorithm are obtained, redundancy processing can be performed based on encryption algorithms except the target encryption algorithm in all the encryption algorithms to obtain second ciphertext data, and the first ciphertext data and the second ciphertext data are determined to be encryption results of the data to be encrypted.
In practical application, by adopting at least two encryption algorithms to operate, and only one encryption algorithm is the encryption algorithm used for encrypting the data to be encrypted, the difficulty of other malicious users in determining the encryption algorithm used for encrypting the data to be encrypted in the at least two encryption algorithms, namely, the difficulty of obtaining the encryption algorithm of the correct encrypted data through side channel attack, in addition, the difficulty of deducing the data obtained by the correct encryption algorithm from the data obtained by at least two encryption algorithms by the malicious users can be further improved by obtaining the data obtained by different encryption algorithms, namely, the process of encrypting the data to be encrypted can be confused by carrying out redundancy processing based on the other encryption algorithms while encrypting the data to be encrypted, thereby improving the capability of preventing side channel attack, reducing the data encryption mode and/or the occurrence of leakage of the data to be encrypted, and further improving the security of the data.
Specifically, the malicious user may be an illegal user, such as a hacker, or the like.
In an alternative embodiment, step 103 may comprise the following sub-steps:
and step 21, determining the random number, and performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data.
The random number may be randomly generated, the random number may include a random key, a random address, and random data, the redundant ciphertext data may be ciphertext data obtained by performing redundancy processing on the random number based on other encryption algorithms, and specifically may be ciphertext data obtained by encrypting the random number based on other encryption algorithms, where the redundant ciphertext data is used to improve confusion of obtaining the first ciphertext data.
After the data to be encrypted and the target encryption algorithm are obtained, a random key, a random address and random data can be randomly generated, namely the random data, other encryption algorithms except the target encryption algorithm in all the encryption algorithms can be determined, and further redundancy calculation can be carried out on the random data based on the other encryption algorithms, namely the random data in the random data are encrypted based on the random key and the random address in the other encryption algorithms, so that redundant ciphertext data are obtained.
In practical application, the target encryption algorithm can be determined according to the algorithm identification in the data to be encrypted, so that other encryption algorithms except the target encryption algorithm in all the encryption algorithms can be determined after the target encryption algorithm is determined, and the random number generated randomly is determined as the input of the other encryption algorithms.
In practical application, the algorithm module 1 may send the algorithm state including the identification of the target encryption algorithm to the enabling module 2 after determining the target encryption algorithm, so that the enabling module 2 may generate an enabling signal red_en2 for other encryption algorithms according to the received identification of the target encryption algorithm, and the value of red_en2 is 1, and generate an enabling signal red_en1 for the target encryption algorithm, and the value of red_en1 is 0, and send the enabling signal red_en1 to the data module 4 corresponding to the target encryption algorithm, and send the enabling signal red_en2 to the data module 5 corresponding to the other encryption algorithm, and the data module 4 may select data input to the target encryption algorithm according to the value of the enabling signal red_en1, and similarly, the data module 5 may select data input to the other encryption algorithm according to the value of the enabling signal red_en1.
Specifically, fig. 2b may be a schematic diagram of encryption algorithm data selection based on an enabling signal, as shown in fig. 2b, when the value of the enabling signal received by any data module is 1, the data input into the encryption algorithm may be selected to be a random number, including a random key rand_key, a random address rand_dir, and random data rand_data, and when the value of the enabling signal received by any data module is 0, the data input into the encryption algorithm may be selected to be a target address src_dir of the data to be encrypted, an encryption key src_key of the data to be encrypted, and src_data to be encrypted.
And a sub-step 22 of determining the number of times of performing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data.
The accumulated number of times may be the number of times redundancy calculation is performed.
After the redundant ciphertext data is obtained, the number of times of the step of performing redundancy calculation on the random number based on other encryption algorithms currently executed can be determined to obtain the redundant ciphertext data.
In practical applications, the value of the cumulative number of times may be preset, for example, the cumulative number of times is set to be 0, and then the cumulative number of times may be accumulated when the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain the redundant ciphertext data is first executed, that is, the cumulative number of times is 1, and after each subsequent step of performing redundancy calculation on the random number based on other encryption algorithms to obtain the redundant ciphertext data, the cumulative number of times may be accumulated.
For example, after the previous step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data, the cumulative number of times is 3, and then after the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data, the cumulative number of times may be accumulated, that is, the cumulative number of times is 4.
And step 23, comparing the accumulated times with a preset accumulated times threshold, and repeatedly executing redundancy calculation on the random numbers based on other encryption algorithms when the accumulated times are smaller than the accumulated times threshold to obtain redundancy ciphertext data.
The threshold value of the accumulated times can be set manually or can be determined according to the quantity of the data to be encrypted.
After the obtained number of times of the step of obtaining the redundant ciphertext data is counted by performing redundancy calculation on the random number based on other encryption algorithms, the number of times of the accumulation and a preset threshold value of the number of times of accumulation can be compared, and then when the number of times of accumulation is smaller than the threshold value of the number of times of accumulation, the step of obtaining the redundant ciphertext data can be obtained by repeatedly performing redundancy calculation on the random number based on other encryption algorithms.
In practical application, the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data may be repeatedly performed, until the number of accumulations after the execution is greater than or equal to the threshold value of the number of accumulations, the sub-step 24 is performed, and the generated random number may be different or the same when the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data is performed each time.
And a sub-step 24 of detecting whether the step of encrypting the data to be encrypted is finished when the accumulated times are larger than the accumulated times threshold value, obtaining a detection result, and generating second ciphertext data according to the detection result and the redundant ciphertext data.
The detection result may include that the step of encrypting the data to be encrypted is not ended and the step of encrypting the data to be encrypted is ended.
After the obtained number of times of the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data is counted, the counted number of times can be compared with a preset counted number threshold value, and then whether the step of encrypting the data to be encrypted is finished can be detected when the counted number of times is larger than the counted number threshold value, a detection result is obtained, and second ciphertext data is generated according to the detection result and the redundant ciphertext data.
In an alternative embodiment, the step of generating the second ciphertext data in step 24 according to the detection result and the redundant ciphertext data may specifically be:
when the detection result shows that the step of encrypting the data to be encrypted is not finished, the accumulated times can be set to zero, and the random numbers are subjected to redundancy calculation based on other encryption algorithms, which are suspended, so as to obtain redundant ciphertext data, and the step of determining the accumulated times of the step of performing redundancy calculation on the random numbers based on other encryption algorithms, which are suspended for a preset time, so as to perform redundancy calculation on the random numbers based on other encryption algorithms, which are re-performed after the suspension is finished, so as to obtain the redundant ciphertext data, and the step of performing redundancy calculation on the random numbers based on other encryption algorithms, which are determined to be performed, so as to obtain the accumulated times of the step of redundant ciphertext data; and stopping executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data when the detection result indicates that the step of encrypting the data to be encrypted is finished, and determining all the redundant ciphertext data as second ciphertext data.
The preset duration may be set manually, or may be determined according to the amount of data to be encrypted.
When the accumulated number of times is greater than the threshold value of the accumulated number of times and the step of encrypting the data to be encrypted is not finished, the step of performing redundancy processing based on other encryption algorithms can be suspended, the value of the accumulated number of times is set to be zero, and then the step of performing redundancy processing based on other encryption algorithms can be re-performed after the step of performing redundancy processing based on other encryption algorithms is suspended for a certain period of time, namely after the step of suspending the execution of a preset period of time, and the step of determining to perform redundancy calculation on the random number based on other encryption algorithms based on the accumulated number of times after the zero setting is re-performed, so that the accumulated number of times of the step of performing redundancy calculation on the random number based on other encryption algorithms is obtained.
In the process of encrypting the data to be encrypted, by suspending the execution of the step of performing redundancy processing based on other encryption algorithms and re-executing the step of performing redundancy processing based on other encryption algorithms after suspending for a certain period of time, the confusion of the encryption process for the data to be encrypted can be further improved, the difficulty of side channel attack can be further increased, and the safety of the data is improved.
And when the accumulated times are larger than the accumulated times threshold and the step of encrypting the data to be encrypted is finished, the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data can be stopped, and all the redundancy ciphertext data are determined to be second ciphertext data.
In practical application, after the step of encrypting the data to be encrypted is finished, the completion of the encryption of the data to be encrypted can be described, further, the step of performing redundancy calculation on the random number based on other encryption algorithms can be stopped to obtain redundant ciphertext data, so that the waste of computer resources can be reduced, and further, the redundant ciphertext data obtained by performing redundancy calculation on the random number based on other encryption algorithms each time can be determined to be the second ciphertext data by determining that all the redundant ciphertext data are the second ciphertext data, further, the confusion of the result obtained by encrypting the data to be encrypted can be further improved, the difficulty of side channel attack can be increased, and the safety of the data can be improved.
In the embodiment of the invention, the data to be encrypted can be obtained, and the target encryption algorithm corresponding to the data to be encrypted is determined from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted; determining a target address and an encryption key of data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data; and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, confuse the process of encrypting the data, increase the difficulty of side channel attack, reduce the situation that the data is leaked, and improve the security of the data.
Example two
Referring to fig. 3, fig. 3 is a flow chart illustrating another data encryption method according to an embodiment of the invention. The method for encrypting data described in fig. 3 may be applied to an apparatus for encrypting data, where the apparatus may be a storage device or a communication device, and embodiments of the present invention are not limited. As shown in fig. 3, the data encryption method may include the following operations:
step 201, obtaining data to be encrypted, and determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms.
Step 202, determining a destination address and an encryption key of data to be encrypted.
And 203, respectively performing corresponding data processing operation on the target address and the encryption key based on the target encryption algorithm to obtain an intermediate target address of the target address and an intermediate encryption key of the encryption key.
The data processing operation may include a data replacement operation, a data compression operation, a data expansion operation, and the like, where the data replacement operation may be an operation of replacing a specific byte or bit in data, such as an S-box (S-box) replacement operation, a P-replacement operation, and the like, the data compression operation may be a reorganization of data to reduce redundancy of the data, the data expansion operation may be a data conversion operation of converting data into higher-order data, such as a data conversion operation of converting 16-order data into 32-order data, an intermediate destination address may be obtained after the data processing operation is performed on the destination address, and an intermediate encryption key may be obtained after the data processing operation is performed on the encryption key.
Specifically, when the target encryption algorithm is the first encryption algorithm, the corresponding data processing operation may include a data compression operation and a data expansion operation, and when the target encryption algorithm is the second encryption algorithm, the corresponding data processing operation may include a data replacement operation, a data compression operation and a data expansion operation.
After the target address and the encryption key of the data to be encrypted are obtained, data processing operation corresponding to the target encryption algorithm can be performed on the target address and the encryption key respectively, and then an intermediate target address of the target address and an intermediate encryption key of the encryption key can be obtained.
In practical application, the redundancy of the obtained intermediate target address and the intermediate encryption key can be reduced by performing data compression operation on the target address and the encryption key; the data expansion operation is carried out on the target address and the encryption key, so that the byte numbers of the obtained intermediate target address and the intermediate encryption key can be unified, the expansibility of an encryption algorithm can be improved, the efficiency of exclusive-or processing can be improved during subsequent exclusive-or processing, and the efficiency of encrypting data to be encrypted by adopting the target encryption key can be improved; by performing data expansion operation on the target address and the encryption key, the nonlinearity of the encryption algorithm can be improved, the confusion of the encryption algorithm can be further improved, the difficulty of acquiring the accurate process of the encryption algorithm through side channel attack is increased, and the security of encrypting the data based on the encryption algorithm is improved.
Fig. 4a may be an encryption flow chart for a first encryption algorithm, as shown in fig. 4a, when the target encryption algorithm is the first encryption algorithm, data compression operation may be performed on the target address and the encryption key respectively, so that the byte numbers of the target address and the encryption key are compressed into 4 bits, and after the data compression operation, data expansion operation may be performed on the target address and the encryption key respectively, so that the byte numbers of the target address and the encryption key are expanded into 128 bits, so that an intermediate target address of the target address and an intermediate encryption key of the encryption key may be obtained.
Fig. 4b may be an encryption flow chart for a second encryption algorithm, as shown in fig. 4b, when the target encryption algorithm is the second encryption algorithm, S-box replacement may be performed on the target address, and data compression operation may be performed on the target address obtained after the S-box replacement, so that the number of bytes of the target address is compressed into 4 bits, and further, after the data compression operation, data expansion operation may be performed on the target address, so that the number of bytes of the target address is expanded into 32 bits, and further, an intermediate target address of the target address may be obtained; the encryption key can be subjected to S-box replacement, the encryption key obtained after the S-box replacement is subjected to P-box replacement, the encryption key obtained after the P-box replacement can be subjected to data compression operation, so that the byte number of the encryption key is compressed into 4 bits, further, after the data compression operation, the encryption key can be subjected to data expansion operation, so that the byte number of the encryption key is expanded into 32 bits, further, an intermediate encryption key of the encryption key can be obtained, and in addition, before the encryption key is subjected to S-box replacement, the preset constant Z and the encryption key can be subjected to exclusive OR processing, so that the nonlinearity of an encryption algorithm and the confusion of the encryption algorithm are further improved.
And 204, performing exclusive OR processing on the intermediate target address and the intermediate encryption key to obtain the target encryption key.
Wherein the target encryption key may be generated based on the target address and the encryption key, and the target encryption key may be used to encrypt the data to be encrypted.
After the intermediate target address and the intermediate encryption key are obtained, exclusive or processing can be performed on the intermediate target address and the intermediate encryption key to obtain the target encryption key.
Step 205, encrypt the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain the first ciphertext data.
After the target encryption key is obtained, the data to be encrypted can be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data.
In a specific implementation, the process of decrypting the encrypted data to be encrypted may be opposite to the process of encrypting based on the target encryption key and the target encryption algorithm, for example, when the first ciphertext data needs to be decrypted, the target encryption key corresponding to the first ciphertext data may be obtained, where the target encryption key may be stored or transmitted simultaneously with the first ciphertext data, or may be generated based on the target address corresponding to the first ciphertext data and the encryption key, and further after the target encryption key is obtained, the first ciphertext data may be decrypted according to the process opposite to the process of encrypting based on the target encryption key and the target encryption algorithm.
In an alternative embodiment, when the target encryption algorithm is the first encryption algorithm, as shown in fig. 4a, step 205 may include the following sub-steps:
and step 31, performing byte transformation on the target encryption key according to the target encryption algorithm to obtain a sub-target encryption key.
The byte conversion may be an operation of changing the byte sequence or changing the bit sequence, for example, each byte in the data is circularly shifted to the right according to the byte sequence, the byte conversion may include byte C conversion, the byte C conversion may be that all bytes in the data are ordered in a mode of using a preset bit number as a group according to a preset division strategy, and the byte sequence or the bit sequence in each group of bytes is respectively changed, for example, the data containing 128 bytes may be ordered in a mode of using 16 bits as a group, so that 8 groups of bytes can be obtained, each group of bytes can be circularly shifted to the right by one bit according to the byte sequence, and all the shifted bytes are spliced again according to the shifted byte sequence, so as to obtain the data after the byte C conversion.
After the target encryption key is obtained, byte transformation can be performed on the target encryption key according to the target encryption algorithm to obtain the sub-target encryption key.
In the sub-step 32, the sub-target encryption key after byte transformation is divided into a first sub-key and a second sub-key according to byte order.
The first sub-key may include at least one high byte in the sub-target encryption key, the second sub-key may include at least one low byte in the sub-target encryption key, each high byte may include a byte order greater than that of each low byte, for example, the sub-target encryption key may include 16 bytes, and further the first to eighth bytes may be divided into the second sub-key according to the byte order, the ninth to sixteenth bytes may be divided into the first sub-key, and the byte order of all bytes in the first sub-key may be greater than that of all bytes in the second sub-key, i.e., the high byte may be the ninth to sixteenth byte, and the low byte may be the first to eighth byte.
After obtaining the sub-target encryption key, the byte-transformed sub-target encryption key may be divided into a first sub-key and a second sub-key according to a byte order.
In an alternative embodiment, when the sub-target encryption key includes only one byte, the sub-target encryption key after the byte transformation may be further divided into a first sub-key and a second sub-key according to bit sequences, where the first sub-key may include at least one higher bit in the sub-target encryption key, the second sub-key may include at least one lower bit in the sub-target encryption key, each higher bit may have a bit sequence greater than that of each bit byte, for example, the sub-target encryption key may include 8 bits, and further the first to fourth bits may be divided into the second sub-key according to bit sequences, the fifth to eighth bits may be divided into the first sub-key, and the bit sequences of all bits in the first sub-key may be greater than that of all bits in the second sub-key, i.e., the higher bits may be the fifth to eighth bits, and the lower bits may be the first to fourth bits.
And step 33, performing data replacement operation on the second sub-key to obtain a third sub-key, and performing exclusive-or processing on the first sub-key and the third sub-key to obtain an intermediate sub-key.
After the first sub-key and the second sub-key are obtained, the second sub-key can be subjected to S-box replacement to obtain a third sub-key, the first sub-key and the third sub-key can be subjected to exclusive-or processing, and data obtained after the exclusive-or processing is combined with the first sub-key to obtain an intermediate sub-key.
In fig. 4a, cry_mid_h may be data obtained after the exclusive-or processing, and cry_mid_l may be the first subkey.
In practical application, the third subkey is obtained by performing S-box substitution on all bytes in the second subkey, so that the nonlinearity of the encryption algorithm can be further improved, and the confusion of the encryption algorithm can be improved.
And a sub-step 34 of performing byte transformation on the intermediate sub-key to obtain a target sub-key, and performing exclusive-or processing on the target sub-key subjected to byte transformation and the data to be encrypted to obtain first ciphertext data.
After the intermediate subkey is obtained, byte C transformation can be performed on the intermediate subkey to obtain a target subkey, and exclusive-or processing is performed on the target subkey after byte transformation and the data to be encrypted to obtain first ciphertext data.
In practical application, by performing byte C transformation on the intermediate subkey, the nonlinearity of the encryption algorithm can be further improved, and the confusion of the encryption algorithm can be improved.
Specifically, the reliability of encryption by adopting the first encryption algorithm can be tested through multiple training, and the test result can be shown in the following table:
/>
the number may be a number tested based on different input values, the input value may be represented as data to be encrypted, the average value of the number of bits changed between the ciphertext obtained based on the input value and the ciphertext obtained based on the data of a certain bit in the inverted input value may be an average value of the number of bits changed between the ciphertext obtained based on the data of a 1 st bit in the inverted input value and the ciphertext obtained based on the input value may be 53, the number of bits changed between the ciphertext obtained based on the data of a 2 nd bit in the inverted input value and the ciphertext obtained based on the input value may be 51, further it may be determined that the average value of the number of bits changed between the ciphertext obtained based on the data of a certain bit in the inverted input value and the ciphertext obtained based on the input value is 52.94, the obtained ciphertext may be 128 bits, the average duty may be the average of the number of bits of the total bits of the ciphertext obtained based on the ciphertext obtained by inverting the data of a certain bit in the inverted input value, the average duty may be the average value of the number of bits obtained based on the first encryption algorithm after the data of a certain bit in the inverted input value is tested may be 43.34% of the average value obtained based on the average value of the ciphertext obtained after a certain bit in the data of the input value is subjected to a certain number of times of the encryption algorithm is obtained after a certain bit in the average value is subjected to a test.
Therefore, when ciphertext data or data encryption is obtained through side channel attack, if any bit in the obtained data is wrong, the ciphertext data cannot be decrypted based on the obtained data, even if the ciphertext data can be decrypted, the obtained decryption result is different from the original plaintext data (data to be encrypted), that is, the data to be encrypted is encrypted based on a first encryption algorithm, the avalanche effect is met, the difficulty of obtaining the data through side channel attack can be improved, and the safety of the data can be further improved.
In an alternative embodiment, when the target encryption algorithm is the second encryption algorithm, step 205 may include the following sub-steps:
and a sub-step 41 of linearly transforming the target encryption key according to the target encryption algorithm to obtain a target sub-key.
The linear transformation may be an operation of outputting data corresponding to the inputted data according to a mapping relation of a preset linear function.
After the target encryption key is obtained, the target encryption key can be input into a linear function in a target encryption algorithm, and the target encryption key is subjected to linear transformation through the linear function, so that a target sub-key corresponding to the target encryption key can be output according to a mapping relation in the linear function.
And a sub-step 42 of performing byte-line transformation and data replacement operation on the data to be encrypted according to the target encryption algorithm to obtain intermediate plaintext data.
Where the byte line transformation may be an operation to adjust the byte order of the data.
After the data to be encrypted is obtained and the target encryption algorithm is determined, dividing all bytes in the data to be encrypted into a plurality of groups of bytes by taking a preset bit number as a group according to the target encryption algorithm, generating a matrix according to the plurality of groups of bytes, further adjusting the sequence of all bytes in the obtained matrix in a row unit, splicing the plurality of groups of adjusted bytes again to obtain adjusted data to be encrypted, and performing data replacement operation on the data to be encrypted after the adjusted data to be encrypted is obtained to obtain intermediate plaintext data.
And step 43, performing exclusive or processing on the target subkey and the intermediate plaintext data to obtain first ciphertext data.
After the intermediate plaintext data is obtained, the target subkey and the intermediate plaintext data may be subjected to exclusive-or processing to obtain first ciphertext data.
Specifically, the reliability of encryption by using the second encryption algorithm can be tested through multiple training, and the test results can be shown in the following table:
The table above shows that the encryption of the data to be encrypted based on the second encryption algorithm also satisfies the avalanche effect, and further can improve the difficulty of acquiring the data through side channel attack and improve the security of the data.
And 206, performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted.
In the embodiment of the invention, the data to be encrypted can be obtained, a target encryption algorithm corresponding to the data to be encrypted is determined from at least two preset encryption algorithms, a target address and an encryption key of the data to be encrypted are determined, corresponding data processing operations are respectively carried out on the target address and the encryption key based on the target encryption algorithm, an intermediate target address of the target address and an intermediate encryption key of the encryption key are obtained, exclusive-or processing is carried out on the intermediate target address and the intermediate encryption key to obtain the target encryption key, the data to be encrypted is encrypted based on the target encryption key and the target encryption algorithm, the first ciphertext data is obtained, redundant processing is carried out based on other encryption algorithms to obtain the second ciphertext data, and the first ciphertext data and the second ciphertext data are determined as encryption results of the data to be encrypted. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, confuse the process of encrypting the data, increase the difficulty of side channel attack, reduce the situation that the data is leaked, and improve the security of the data.
Example III
Referring to fig. 5, fig. 5 is a flowchart illustrating a method for encrypting data according to another embodiment of the present invention.
1. When encryption is needed, plaintext data (namely data to be encrypted) can be obtained, a verification module (namely the obtaining module) can generate a verification code crc_code corresponding to the data to be encrypted according to the identification in the data to be encrypted, and then the verification code and the data to be encrypted can be spliced, and data processing operation is carried out on the spliced data to be encrypted to obtain intermediate plaintext data;
2. after the intermediate plaintext data is obtained, the data to be encrypted can be encrypted according to a target encryption algorithm, a target address and an encryption key corresponding to the data to be encrypted to obtain first ciphertext data, in the process of encrypting the data to be encrypted, redundancy processing can be performed on the basis of other encryption algorithms to obtain second ciphertext data, the obtained first ciphertext data and second ciphertext data are determined to be encryption results of encrypting the data to be encrypted, and then the encryption results can be stored or transmitted according to the target address after the encryption results are obtained;
in practical application, the second ciphertext data may be used in a process of encrypting the data to be encrypted and confusion of a result obtained by encrypting the data to be encrypted, so as to increase difficulty of side channel attack, that is, the second ciphertext data is not an encryption result of encrypting the data to be encrypted, but is used for confusion of the data of the encryption result, and further when the encryption result is stored or transmitted according to the target address, the second ciphertext data in the encryption result needs to be removed so as to store or transmit the first ciphertext data, thereby avoiding storing or transmitting data which is not related to the encryption result of encrypting the data to be encrypted;
In an alternative embodiment, when decryption is required,
1. when decryption is needed, the first ciphertext data transmitted by other equipment can be received, or the first ciphertext data can be obtained from the storage equipment, and then the first ciphertext data can be decrypted according to the target address of the other equipment or according to the storage address of the first ciphertext data stored in the storage equipment, the encryption key corresponding to the first ciphertext data and the target encryption algorithm corresponding to the first ciphertext data, so that intermediate plaintext data corresponding to the first ciphertext data can be obtained;
2. after the intermediate plaintext data corresponding to the first ciphertext data is obtained, the verification module can divide the intermediate plaintext data into a verification code and plaintext data (namely data to be encrypted), and can verify whether the verification code is tampered or not, and then can determine that the data to be encrypted is a decryption result of the first ciphertext data when the verification code is verified to be tampered, and when the verification code is verified to be tampered, the data to be encrypted is determined to be tampered, and potential safety hazards such as data leakage exist.
In the embodiment of the invention, the data to be encrypted can be obtained, and the target encryption algorithm corresponding to the data to be encrypted is determined from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted; determining a target address and an encryption key of data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data; and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, confuse the process of encrypting the data, increase the difficulty of side channel attack, reduce the situation that the data is leaked, and improve the security of the data.
Example IV
Referring to fig. 6, fig. 6 is a schematic structural diagram of a data encryption device according to an embodiment of the invention. As shown in fig. 6, the data encryption apparatus may be applied to a storage device or a communication device, and the data encryption apparatus may include:
the obtaining module 401 is configured to obtain data to be encrypted, and determine a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, where the target encryption algorithm is used to encrypt the data to be encrypted;
the encryption module 402 is configured to determine a target address and an encryption key of data to be encrypted, and encrypt the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data;
the redundancy module 403 is configured to perform redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determine that the first ciphertext data and the second ciphertext data are encryption results of data to be encrypted, where the other encryption algorithms are encryption algorithms of all the encryption algorithms except the target encryption algorithm.
As an optional implementation manner, the specific manner of acquiring the data to be encrypted in the acquiring module 401 is:
acquiring target plaintext data, and determining a check code corresponding to the target plaintext data based on a preset discrete algorithm, wherein the check code is used for checking whether the target plaintext data is tampered; dividing target plaintext data into at least two first sub-data according to a preset data dividing strategy; and inserting a check code between every two adjacent first sub-data to generate data to be encrypted.
As an optional implementation manner, the check code is inserted between every two adjacent first sub-data in the obtaining module 401, and the specific manner of generating the data to be encrypted is as follows:
inserting a check code between every two adjacent first sub-data to obtain middle spliced data; dividing the middle spliced data into at least two second sub-data according to a preset data scrambling strategy, and determining target second sub-data from all the second sub-data; and performing exclusive OR processing on other second sub data except the target second sub data in all the second sub data and the target second sub data in sequence to generate data to be encrypted.
As an optional implementation manner, the encrypting module 402 encrypts the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain the first ciphertext data in the following specific manner:
respectively carrying out corresponding data processing operation on the target address and the encryption key based on the target encryption algorithm to obtain an intermediate target address of the target address and an intermediate encryption key of the encryption key; the data processing operation comprises data compression operation and data expansion operation when the target encryption algorithm is the second encryption algorithm, and the corresponding data processing operation comprises data replacement operation, data compression operation and data expansion operation when the target encryption algorithm is the second encryption algorithm; performing exclusive OR processing on the intermediate target address and the intermediate encryption key to obtain a target encryption key; and encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data.
As an optional implementation manner, the encrypting module 402 encrypts the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain the first ciphertext data in the following specific manner:
when the target encryption algorithm is the first encryption algorithm, performing byte transformation on the target encryption key according to the target encryption algorithm to obtain a sub-target encryption key; dividing the byte-transformed sub-target encryption key into a first sub-key and a second sub-key according to byte sequences, wherein the first sub-key comprises at least one high-order byte in the sub-target encryption key, the second sub-key comprises at least one low-order byte in the sub-target encryption key, and the byte sequence of each high-order byte is larger than that of each low-order byte; performing data replacement operation on the second sub-key to obtain a third sub-key, and performing exclusive-or processing on the first sub-key and the third sub-key to obtain an intermediate sub-key; and performing byte transformation on the intermediate subkey to obtain a target subkey, and performing exclusive-or processing on the target subkey subjected to byte transformation and the data to be encrypted to obtain first ciphertext data.
As an optional implementation manner, the encrypting module 402 encrypts the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain the first ciphertext data in the following specific manner:
When the target encryption algorithm is the second encryption algorithm, performing linear transformation on the target encryption key according to the target encryption algorithm to obtain a target subkey; performing byte line transformation and data replacement operation on data to be encrypted according to a target encryption algorithm to obtain intermediate plaintext data; and carrying out exclusive or processing on the target subkey and the intermediate plaintext data to obtain first ciphertext data.
As an alternative implementation manner, the redundancy module 403 performs redundancy processing based on other encryption algorithms, and the specific manner of obtaining the second ciphertext data is:
determining a random number, and performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data, wherein the random number is randomly generated; determining the number of times of the step of performing redundant calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data; comparing the accumulated times with a preset accumulated times threshold, and performing redundancy calculation on the random number based on other encryption algorithms repeatedly executed when the accumulated times are smaller than the accumulated times threshold to obtain redundancy ciphertext data; when the accumulated times are larger than the accumulated times threshold, detecting whether the step of encrypting the data to be encrypted is finished, obtaining a detection result, and generating second ciphertext data according to the detection result and the redundant ciphertext data;
And, the specific manner of generating the second ciphertext data in the redundancy module 403 according to the detection result and the redundant ciphertext data is:
when the detection result shows that the step of encrypting the data to be encrypted is not finished, setting the accumulated number of times to zero, and suspending the step of executing the redundant calculation on the random number based on other encryption algorithms, and the step of executing the determination on the redundant ciphertext data and the step of executing the determination on the random number based on other encryption algorithms, and obtaining the accumulated number of the step of executing the redundant ciphertext data, so that the step of executing the random number based on other encryption algorithms again after suspending the preset time length is used for executing the redundant calculation on the random number, and the step of executing the determination on the redundant ciphertext data and the step of executing the determination on the random number based on other encryption algorithms are used for executing the redundant calculation, so as to obtain the accumulated number of the step of redundant ciphertext data; and (3) performing redundancy calculation on the random number based on other encryption algorithms, stopping execution, obtaining redundant ciphertext data, and determining all the redundant ciphertext data as second ciphertext data.
In the embodiment of the invention, the data to be encrypted can be obtained, and the target encryption algorithm corresponding to the data to be encrypted is determined from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted; determining a target address and an encryption key of data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and a target encryption algorithm to obtain first ciphertext data; and performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted. Therefore, the invention can encrypt the data based on the address and the secret key, reduce the situation that the data is tampered, and carry out redundant processing based on other encryption algorithms while encrypting the data, confuse the process of encrypting the data, increase the difficulty of side channel attack, reduce the situation that the data is leaked, and improve the security of the data.
Example five
Referring to fig. 7, fig. 7 is a schematic structural diagram of another data encryption device according to an embodiment of the invention. As shown in fig. 7, the data encryption apparatus may include:
a memory 501 in which executable program codes are stored;
a processor 502 coupled to the memory 501;
the processor 502 invokes executable program codes stored in the memory 501 to execute the steps in the data encryption method described in the first embodiment of the present invention or the second embodiment of the present invention or the third embodiment of the present invention.
Example six
The embodiment of the invention discloses a computer storage medium which stores computer instructions for executing the steps in the data encryption method described in the first embodiment of the invention or the second embodiment of the invention or the third embodiment of the invention when the computer instructions are called.
Example seven
An embodiment of the present invention discloses a computer program product, which includes a non-transitory computer-readable storage medium storing a computer program, and the computer program is operable to cause a computer to perform the steps in the data encryption method described in the first embodiment, the second embodiment, or the third embodiment.
The apparatus embodiments described above are merely illustrative, wherein the modules illustrated as separate components may or may not be physically separate, and the components shown as modules may or may not be physical, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above detailed description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course by means of hardware. Based on such understanding, the foregoing technical solutions may be embodied essentially or in part in the form of a software product that may be stored in a computer-readable storage medium including Read-Only Memory (ROM), random-access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disc Memory, magnetic disc Memory, tape Memory, or any other medium that can be used for computer-readable carrying or storing data.
Finally, it should be noted that: the disclosed method and device for encrypting data are only preferred embodiments of the present invention, and are only used for illustrating the technical scheme of the present invention, but not limiting the technical scheme; although the invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art will understand that; the technical scheme recorded in the various embodiments can be modified or part of technical features in the technical scheme can be replaced equivalently; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.
Claims (10)
1. A method of data encryption, the method comprising:
acquiring data to be encrypted, and determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted;
determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain first ciphertext data;
And performing redundancy processing based on other encryption algorithms to obtain second ciphertext data, and determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted, wherein the other encryption algorithms are encryption algorithms except the target encryption algorithm in all the encryption algorithms.
2. The method for encrypting data according to claim 1, wherein said obtaining data to be encrypted comprises:
acquiring target plaintext data, and determining a check code corresponding to the target plaintext data based on a preset discrete algorithm, wherein the check code is used for checking whether the target plaintext data is tampered or not;
dividing the target plaintext data into at least two first sub-data according to a preset data dividing strategy;
and inserting the check code between every two adjacent first sub-data to generate data to be encrypted.
3. The method for encrypting data according to claim 2, wherein said inserting the check code between each two adjacent first sub-data generates data to be encrypted, comprising:
inserting the check code between every two adjacent first sub-data to obtain middle spliced data;
Dividing the intermediate spliced data into at least two second sub-data according to a preset data scrambling strategy, and determining target second sub-data from all the second sub-data;
and carrying out exclusive OR processing on other second sub data except the target second sub data in all the second sub data and the target second sub data in sequence to generate data to be encrypted.
4. A method according to any one of claims 1 to 3, wherein encrypting the data to be encrypted based on the destination address, the encryption key and the destination encryption algorithm to obtain first ciphertext data comprises:
respectively carrying out corresponding data processing operation on the target address and the encryption key based on the target encryption algorithm to obtain an intermediate target address of the target address and an intermediate encryption key of the encryption key;
the data processing operation comprises a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm, and the corresponding data processing operation comprises a data replacement operation, a data compression operation and a data expansion operation when the target encryption algorithm is the second encryption algorithm;
Performing exclusive OR processing on the intermediate target address and the intermediate encryption key to obtain a target encryption key;
and encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data.
5. The method according to claim 4, wherein when the target encryption algorithm is the first encryption algorithm, the encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data includes:
performing byte transformation on the target encryption key according to the target encryption algorithm to obtain a sub-target encryption key;
dividing the sub-target encryption key after byte transformation into a first sub-key and a second sub-key according to byte sequence, wherein the first sub-key comprises at least one high-order byte in the sub-target encryption key, the second sub-key comprises at least one low-order byte in the sub-target encryption key, and the byte sequence of each high-order byte is larger than that of each low-order byte;
performing data replacement operation on the second sub-key to obtain a third sub-key, and performing exclusive-or processing on the first sub-key and the third sub-key to obtain an intermediate sub-key;
And performing byte transformation on the intermediate subkey to obtain a target subkey, and performing exclusive-or processing on the target subkey after byte transformation and the data to be encrypted to obtain first ciphertext data.
6. The method according to claim 4, wherein when the target encryption algorithm is the second encryption algorithm, the encrypting the data to be encrypted based on the target encryption key and the target encryption algorithm to obtain first ciphertext data includes:
according to the target encryption algorithm, performing linear transformation on the target encryption key to obtain a target subkey;
performing byte line transformation and data replacement operation on the data to be encrypted according to the target encryption algorithm to obtain intermediate plaintext data;
and carrying out exclusive or processing on the target subkey and the intermediate plaintext data to obtain first ciphertext data.
7. The method for encrypting data according to claim 1, wherein said performing redundancy processing based on the other encryption algorithm to obtain second ciphertext data comprises:
determining a random number, and performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data, wherein the random number is randomly generated;
Determining and executing the steps of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data;
comparing the accumulated times with a preset accumulated times threshold value, and repeatedly executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the accumulated times are smaller than the accumulated times threshold value;
when the accumulated times is larger than the accumulated times threshold, detecting whether the step of encrypting the data to be encrypted is finished, obtaining a detection result, and generating second ciphertext data according to the detection result and the redundant ciphertext data;
and generating second ciphertext data according to the detection result and the redundant ciphertext data, including:
when the detection result shows that the step of encrypting the data to be encrypted is not finished, setting zero for the accumulated times, and suspending the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain redundant ciphertext data, and the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the redundant ciphertext data, so as to re-execute the step of executing the redundancy calculation on the random number based on other encryption algorithms after suspending the preset time, and executing the step of executing the redundancy calculation on the random number based on other encryption algorithms to obtain the accumulated times of the step of redundant ciphertext data;
And stopping executing the step of performing redundancy calculation on the random number based on other encryption algorithms to obtain redundancy ciphertext data when the detection result indicates that the step of encrypting the data to be encrypted is finished, and determining all the redundancy ciphertext data as second ciphertext data.
8. An apparatus for encrypting data, the apparatus comprising:
the acquisition module is used for acquiring data to be encrypted, determining a target encryption algorithm corresponding to the data to be encrypted from at least two preset encryption algorithms, wherein the target encryption algorithm is used for encrypting the data to be encrypted;
the encryption module is used for determining a target address and an encryption key of the data to be encrypted, and encrypting the data to be encrypted based on the target address, the encryption key and the target encryption algorithm to obtain first ciphertext data;
and the redundancy module is used for carrying out redundancy processing based on other encryption algorithms to obtain second ciphertext data, determining the first ciphertext data and the second ciphertext data as encryption results of the data to be encrypted, wherein the other encryption algorithms are encryption algorithms except the target encryption algorithm in all the encryption algorithms.
9. An apparatus for encrypting data, the apparatus comprising:
a memory storing executable program code;
a processor coupled to the memory;
the processor invokes the executable program code stored in the memory to perform the method of data encryption as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing computer instructions that, when invoked, perform the method of data encryption of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210222684.4A CN116781265A (en) | 2022-03-07 | 2022-03-07 | Data encryption method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210222684.4A CN116781265A (en) | 2022-03-07 | 2022-03-07 | Data encryption method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116781265A true CN116781265A (en) | 2023-09-19 |
Family
ID=87990074
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210222684.4A Pending CN116781265A (en) | 2022-03-07 | 2022-03-07 | Data encryption method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116781265A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278324A (en) * | 2023-11-17 | 2023-12-22 | 北京亚康万玮信息技术股份有限公司 | Message encryption transmission method and system |
-
2022
- 2022-03-07 CN CN202210222684.4A patent/CN116781265A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117278324A (en) * | 2023-11-17 | 2023-12-22 | 北京亚康万玮信息技术股份有限公司 | Message encryption transmission method and system |
| CN117278324B (en) * | 2023-11-17 | 2024-01-19 | 北京亚康万玮信息技术股份有限公司 | Message encryption transmission method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109194466B (en) | Block chain-based cloud data integrity detection method and system | |
| CN109429222B (en) | Method for encrypting wireless network equipment upgrading program and communication data | |
| US9537657B1 (en) | Multipart authenticated encryption | |
| US10097342B2 (en) | Encoding values by pseudo-random mask | |
| US9455833B2 (en) | Behavioral fingerprint in a white-box implementation | |
| KR100702499B1 (en) | System and method for guaranteeing software integrity | |
| CN110289946B (en) | Block chain wallet localized file generation method and block chain node point equipment | |
| US20150270950A1 (en) | Splitting s-boxes in a white-box implementation to resist attacks | |
| JP2001514834A (en) | Secure deterministic cryptographic key generation system and method | |
| CN112469036B (en) | Message encryption and decryption method and device, mobile terminal and storage medium | |
| US20160350520A1 (en) | Diversifying Control Flow of White-Box Implementation | |
| CN113872770A (en) | Security verification method, system, electronic device and storage medium | |
| CN113114654B (en) | Terminal equipment access security authentication method, device and system | |
| US9641337B2 (en) | Interface compatible approach for gluing white-box implementation to surrounding program | |
| US9515989B1 (en) | Methods and apparatus for silent alarm channels using one-time passcode authentication tokens | |
| CN105978680B (en) | Encryption operation method for encryption key | |
| EP2960891B1 (en) | Method for introducing dependence of white-box implementationon a set of strings | |
| US20120311338A1 (en) | Secure authentication of identification for computing devices | |
| CN113722741A (en) | Data encryption method and device and data decryption method and device | |
| CN116781265A (en) | Data encryption method and device | |
| US20150372989A1 (en) | Method for introducing dependence of white-box implementation on a set of strings | |
| CN113784342B (en) | Encryption communication method and system based on Internet of things terminal | |
| EP2940917A1 (en) | Behavioral fingerprint in a white-box implementation | |
| US20210143978A1 (en) | Method to secure a software code performing accesses to look-up tables | |
| CN115766244A (en) | Internet of vehicles information encryption method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |