CN117176351B - Data transmission processing method, system, computer equipment and storage medium - Google Patents
Data transmission processing method, system, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117176351B CN117176351B CN202311444983.3A CN202311444983A CN117176351B CN 117176351 B CN117176351 B CN 117176351B CN 202311444983 A CN202311444983 A CN 202311444983A CN 117176351 B CN117176351 B CN 117176351B
- Authority
- CN
- China
- Prior art keywords
- information
- elliptic curve
- ciphertext
- processing
- generate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 48
- 238000003672 processing method Methods 0.000 title claims abstract description 22
- 238000000034 method Methods 0.000 claims abstract description 50
- 238000009795 derivation Methods 0.000 claims abstract description 24
- 230000008569 process Effects 0.000 claims description 25
- 238000004590 computer program Methods 0.000 claims description 20
- 238000007726 management method Methods 0.000 description 15
- 230000006870 function Effects 0.000 description 10
- 238000004364 calculation method Methods 0.000 description 9
- 101100191375 Xenopus laevis prkra-b gene Proteins 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000006872 improvement Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data encryption and decryption, in particular to a data transmission processing method, a system, computer equipment and a storage medium, wherein the method comprises the following steps: processing the obtained decryption end identification information and the platform declaration public key as well as preset elliptic curve parameter information to generate a decryption end actual public key; processing the obtained random parameters, elliptic curve parameter information and the decrypting end actual public key to generate elliptic curve point information; performing key derivation processing on elliptic curve point information to generate a first derived key; processing plaintext data based on the first derivative key to generate ciphertext data; the method and the device are convenient for improving the safety and efficiency of the data encryption and decryption transmission process.
Description
Technical Field
The present invention relates to the field of data encryption and decryption technologies, and in particular, to a data transmission processing method, a data transmission processing system, a computer device, and a storage medium.
Background
In order to ensure the safety of data transmission, a data transmission party needs to encrypt original data to obtain encrypted data before transmitting the data, then transmit the encrypted data to a data receiving party to decrypt, so as to obtain the original data, and in the data transmission process, the data is encrypted and decrypted, so that the safety of data transmission is realized.
The current encryption and decryption process for data in the data transmission process is as follows: the data receiver generates a public key and a private key for encrypting and decrypting the data in advance, then generates a public key certificate based on the public key, the data receiver identification, the data receiver address, a certificate issuing mechanism and other information, then sends the public key certificate to the data sender for storage, the data sender encrypts the original data according to the public key certificate to generate encrypted data, and then sends the encrypted data to the data receiver for decryption, so that the original data is obtained.
However, bilinear operation is involved in the process of encrypting and decrypting the data, and the calculation mode of the bilinear operation is complex, so that the efficiency of encrypting and decrypting the data is low; in addition, the transmission of the public key certificate is affected by the transmission path, so that the public key certificate is at risk of disclosure and falsification, and the security of the encrypted data encrypted according to the public key certificate is low; in summary, in the prior art, the security and efficiency of the data encryption/decryption transmission process are improved.
Disclosure of Invention
In order to facilitate the improvement of the security and efficiency of the data encryption and decryption transmission process, the embodiment of the invention provides a data transmission processing method, a data transmission processing system, computer equipment and a storage medium.
In a first aspect, an embodiment of the present invention provides a data transmission processing method, including:
processing the obtained decryption end identification information and the platform declaration public key as well as preset elliptic curve parameter information to generate a decryption end actual public key;
processing the obtained random parameters, elliptic curve parameter information and the decrypting end actual public key to generate elliptic curve point information;
performing key derivation processing on elliptic curve point information to generate a first derived key; processing plaintext data based on the first derivative key to generate ciphertext data;
generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, sending the ciphertext information to a decryption end, and decrypting the ciphertext information by the decryption end to generate plaintext data.
In a second aspect, an embodiment of the present invention further provides a data transmission processing method, including:
receiving ciphertext information sent by an encryption terminal, and processing the ciphertext information based on the obtained actual private key of the decryption terminal to generate multiple point coordinate information; the encryption end is used for generating ciphertext information;
Processing the multiple point coordinate information and the ciphertext information to generate a second check code;
judging whether the second check code is equal to the first check code in the ciphertext information, and if not, outputting decryption error information;
if yes, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
In a third aspect, an embodiment of the present invention provides a data transmission processing system, including:
the key generation and management platform is used for generating and managing the platform declaration public key and the decryption end identification information of the decryption end;
the encryption end is used for processing the acquired decryption end identification information, the platform statement public key and preset elliptic curve parameter information to generate a decryption end actual public key; acquiring random parameters, processing the random parameters, elliptic curve parameter information and an actual public key of a decryption end to generate elliptic curve point information; performing key derivation processing on elliptic curve point information to generate a first derived key; processing plaintext data based on the derived key to generate ciphertext data; generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, and transmitting the ciphertext information to a decryption end;
The decryption end is used for receiving the ciphertext information sent by the encryption end and generating multiple point coordinate information based on the obtained ciphertext information processed by the actual private key of the decryption end; the encryption end is used for generating ciphertext information; processing the multiple point coordinate information and the ciphertext information to generate a second check code; judging whether the second check code is equal to the first check code in the ciphertext information, and if not, outputting decryption error information; if yes, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
In a fourth aspect, an embodiment of the present invention provides a computer device, where the computer device includes a memory and a processor, where the memory stores a computer program, and where the processor implements the steps of the method described above when executing the computer program.
In a fifth aspect, embodiments of the present invention provide a computer readable storage medium having stored thereon a computer program which when executed by a processor performs steps in the above-described method.
In a sixth aspect, embodiments of the present invention also provide a computer program product. Computer program product comprising a computer program which, when executed by a processor, implements the steps of any of the method embodiments described above.
The data transmission processing method, the system, the computer equipment, the storage medium and the computer program product are characterized in that a decryption terminal obtains a decryption terminal user identifier and a platform statement public key from a key generation and management platform, then calculates a corresponding decryption terminal actual public key, further calculates a first derivative key according to the decryption terminal actual public key to encrypt plaintext data into ciphertext information, and sends the ciphertext information to the decryption terminal; in the encryption process, firstly, the encryption end does not need to receive the public key certificate from the decryption end, so that public key certificate leakage and counterfeiting risks possibly occurring when the decryption end sends the public key certificate to the encryption end are avoided, the security of the decryption end for acquiring the actual public key of the decryption end is improved, and the security of the whole data transmission processing process is improved; in addition, in the encryption and decryption processes, bilinear pairing operation is not adopted any more, so that the calculation complexity is reduced, and the efficiency of the whole data transmission processing process is improved.
Drawings
FIG. 1 is a diagram of an application environment of a data transmission processing method according to an embodiment of the present invention;
fig. 2 is a flowchart of a data transmission processing method according to an embodiment of the present invention;
fig. 3 is a flowchart of a data transmission processing method according to another embodiment of the present invention;
Fig. 4 is a schematic structural diagram of a data transmission processing system according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a computer device according to an embodiment of the present invention;
fig. 6 is an internal structural diagram of a computer-readable storage medium provided in one embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more apparent, the present disclosure will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present disclosure.
It should be noted that the terms "first," "second," and the like in the description and claims herein and in the foregoing figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, apparatus, article, or device that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or device.
In this document, the term "and/or" is merely one association relationship describing the associated object, meaning that three relationships may exist. For example, a and/or B may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In order to solve the technical problems in the prior art, the embodiment of the present disclosure provides a data transmission processing method, which can be applied to an application environment as shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The data storage system may store data that the server 104 needs to process. The data storage system may be integrated on the server 104 or may be located on a cloud or other network server. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices, and portable wearable devices, where the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart vehicle devices, and the like. The portable wearable device may be a smart watch, smart bracelet, headset, or the like. The server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
Fig. 2 is a flowchart of a data transmission processing method according to an embodiment of the present invention, and referring to fig. 2, the method may be performed by a system for executing the method, where the system may be implemented by software and/or hardware, and the method includes:
s100, processing the obtained decryption end identification information and the platform statement public key and preset elliptic curve parameter information to generate a decryption end actual public key.
It should be noted that, the system for executing a data transmission processing method in this embodiment includes: the system comprises a key generation and management platform, an encryption end and a decryption end; the key generation and management platform is constructed by at least one server and is used for generating and managing a platform statement public key, encryption end identification information of an encryption end, encryption end statement public keys corresponding to the encryption end identification information one by one, decryption end identification information of a decryption end and decryption end statement public keys corresponding to the decryption end identification information one by one, and the platform statement public key is a statement public key of the key generation and management platform; the key generation and management platform is also used for generating a decryption terminal actual private key of the decryption terminal and sending the generated decryption terminal actual private key to the corresponding decryption terminal; the encryption end is in communication connection with the key generation and management platform and the decryption end, and is used for encrypting the plaintext data to generate corresponding ciphertext information and transmitting the ciphertext information to the decryption end; the decryption end is in communication connection with the key generation and management platform and is used for receiving ciphertext information sent by the encryption end and decrypting the ciphertext information into plaintext data.
It should be noted that, the encryption end and the decryption end are both provided with elliptic curve models for encrypting plaintext data and decrypting ciphertext information, and parameters of the elliptic curve models are recorded as elliptic curve parameter information.
In the implementation, when the encryption end needs to send the encrypted data to the decryption end, the encryption end acquires the identification information of the decryption end and the public key of the platform statement from the key generation and management platform, and also acquires the elliptic curve parameter information; and then, calculating the identification information of the decryption end, the public key of the platform statement and the elliptic curve parameter information, thereby obtaining the actual public key of the decryption end.
S200, processing the acquired random parameters, elliptic curve parameter information and the decrypting end actual public key to generate elliptic curve point information.
In order to improve the security of encrypted ciphertext information, in the implementation, a random parameter is randomly acquired, and then corresponding elliptic curve point information is calculated based on the random parameter, the elliptic curve parameter information and the obtained practical public key of the decryption end, wherein the elliptic curve point information is a set of a plurality of random elliptic curve points on an elliptic curve corresponding to the elliptic curve model, and the elliptic curve point information has randomness because the elliptic curve point information is calculated based on the random parameter; the elliptic curve point information is used for encrypting the plaintext data to obtain corresponding ciphertext information, so that the obtained ciphertext information also has randomness, and the ciphertext information is difficult to be decrypted in the process of being transmitted to a decryption end, thereby improving the safety of the encrypted ciphertext information.
S300, carrying out key derivation processing on elliptic curve point information to generate a first derived key; plaintext data is processed based on the first derivative key to generate ciphertext data.
In order to obtain a key with the same data length as the plaintext data conveniently, encrypting the plaintext data, in the implementation, after elliptic curve point information is obtained, performing key derivation processing on the elliptic curve point information to generate a first derived key, and then performing operation processing on the first derived key and the plaintext data to obtain ciphertext data corresponding to the plaintext data.
S400, generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, sending the ciphertext information to a decryption end, and decrypting the ciphertext information by the decryption end to generate plaintext data.
In order to facilitate the decryption party to verify the received ciphertext data, it is determined that the ciphertext data is ciphertext data sent by the encryption party; in implementation, the elliptic curve point information and the ciphertext data are operated to generate a first check code, then the first check code, the elliptic curve point information and the ciphertext data are processed into ciphertext information, and finally the ciphertext information is sent to a decryption party by an encryption party so that the decryption party can decrypt the ciphertext information next, and plaintext data sent by the decryption party can be obtained.
It should be noted that, in this embodiment, the decryption terminal obtains the user identifier of the decryption terminal and the platform declaration public key from the key generation and management platform, then calculates the corresponding actual public key of the decryption terminal, further calculates the first derivative key according to the actual public key of the decryption terminal, encrypts the plaintext data into ciphertext information, and sends the ciphertext information to the decryption terminal; in the encryption process, firstly, the encryption end does not need to receive the public key certificate from the decryption end, so that the public key certificate leakage and counterfeiting risk which can occur when the decryption end sends the public key certificate to the encryption end are avoided, the security of the decryption end for acquiring the actual public key of the decryption end is improved, and the security of the whole data transmission processing process is improved; in addition, in the encryption process, bilinear pairing operation is not adopted any more, so that the calculation complexity is reduced, and the efficiency of the whole data transmission processing process is improved.
In one embodiment, processing the obtained decryption end identification information and the platform declaration public key, and preset elliptic curve parameter information, to generate a decryption end actual public key includes:
s110, carrying out hash operation on the identification information of the decryption end, the public key of the platform statement and the elliptic curve parameter information to obtain a first hash value.
In this embodiment, the encryption end is used as the data sender, the decryption end is used as the data receiver, the encryption end and the decryption end may be one of a computer, a server, an intelligent mobile terminal, etc., and decryption end identification information of the decryption end is preset in the encryption end.
In the implementation, when the encryption end needs to send encrypted plaintext data to the decryption end, the encryption end determines decryption end identification information IDA corresponding to the decryption end, and the data type ENTLA of the decryption end identification information IDA; meanwhile, elliptic curve parameter information corresponding to the elliptic curve model is also acquired; specifically, the elliptic curve parameter information comprises a first elliptic curve parameter a, a second elliptic curve parameter b and a third elliptic curve parameter G, wherein the third elliptic curve parameter G comprises a third elliptic curve parameter abscissa xG and a third elliptic curve parameter abscissa yG; meanwhile, a platform declaration public key Pub of a key generation and management platform is obtained, wherein the platform declaration public key Pub comprises a platform declaration public key abscissa xPub and a platform declaration public key ordinate yPub.
Further, the data type encla of the decryption end identification information, the decryption end identification information IDA, the first elliptic curve parameter a, the second elliptic curve parameter b, the third elliptic curve parameter abscissa xG, the third elliptic curve parameter abscissa yG, the platform declaration public key abscissa xPub and the platform declaration public key ordinate yPub are all converted into corresponding bit strings, then the bit strings are spliced to obtain a first spliced type encla iida iib iixg iiyg iixpub, and then hash operation is performed on the first spliced type to obtain a first hash value HA, wherein the calculation mode is as follows:
HA1=HASH(ENTLA‖IDA‖a‖b‖xG‖yG‖xPub‖yPub);
S120, carrying out hash operation on the first hash value, the acquired public key of the decryption end statement and preset custom parameters to obtain a second hash value; and carrying out residual processing on the second hash value to obtain a residual result.
When the encryption end needs to send encrypted plaintext data to the decryption end, the encryption end determines decryption end identification information of the decryption end which needs to receive the encrypted plaintext data through a key generation and management platform, and then obtains a decryption end declaration public key WA corresponding to the decryption end identification information, wherein the decryption end declaration public key WA comprises a decryption end declaration public key abscissa xWA and a decryption end declaration public key ordinate yWA; the system is also preset with a custom parameter KA and a number 2.
Further, after the decrypting-end declaration public key WA is obtained, the decrypting-end declaration public key abscissa xWA and the decrypting-end declaration public key ordinate yWA of the decrypting-end declaration public key WA are converted into corresponding bit strings, then the decrypting-end declaration public key abscissa xWA, the decrypting-end declaration public key ordinate yWA, the first hash value HA1, the custom parameter KA and the number 2 are spliced to obtain a second spliced formula, then hash operation is performed on the second spliced formula to obtain a second hash value HA2, and the calculating mode is as follows:
HA2=HASH(xWA‖yWA‖HA1||KA||2);
Further, the second hash value HA2 is subjected to a remainder processing to obtain a remainder result λ, where the divisor of the remainder processing is set to n, where the value of n depends on the number of bits of the actual private key at the decryption end, and in this embodiment, n is 256, which is calculated as follows:
λ=HASH(xWA‖yWA‖HA1||KA||2)mod n=HA2 mod n;
after generating the remainder result λ, the data type of the remainder result λ is also converted into an integer.
S130, processing the remainder result, the public key of the decryption end statement and the public key of the platform statement to obtain the actual public key of the decryption end.
In the implementation, after obtaining the residual result lambda, the public key WA of the decrypting end and the public key Pub of the platform, further, calculating the product [ lambda ] Pub of the residual result lambda and the public key Pub of the platform, and then calculating the sum of [ lambda ] Pub and the public key WA of the decrypting end, so as to calculate the actual public key PA of the decrypting end corresponding to the actual private key of the decrypting end; specifically, the calculation formula of the actual public key PA at the decryption end is as follows:
PA=WA+[λ]Pub;
in this embodiment, the actual public key PA of the decryption end is not directly sent to the encryption end by the key generation and management platform, but is obtained by the encryption end through the processing calculation of the steps, so that the problem that in the prior art, in the process of sending the actual public key of the decryption end to the encryption end, the pain point that the actual public key of the decryption end may be accidentally leaked occurs is solved, thereby facilitating the improvement of the security of the process that the encryption end obtains the actual public key PA of the decryption end, and further facilitating the improvement of the security of the whole data transmission processing process.
In one embodiment, processing the obtained random parameter, elliptic curve parameter information, and the decrypting-side actual public key to generate elliptic curve point information includes:
s210, processing the acquired random parameters and elliptic curve parameter information to generate a first elliptic curve point.
It should be noted that, a random number generator is preset in the data transmission processing system, and the random number generator is used for randomly generating a number rB within the range of [1, n-1], and marking rB as a random parameter, rB epsilon [1, n-1]; the value of n depends on the number of bits of the actual private key of the decryption end, and in this embodiment, n is 256.
In practice, the random parameter rB is calculated by calculating the product of the random parameter rB and the third elliptic curve parameter G in the elliptic curve parameter information]G, calculating a random elliptic curve point on the elliptic curve, and marking the random elliptic curve point as a first elliptic curve point:
=[rB]G=(,)。
S220, processing the random parameters and the decryption end actual public key to generate a second elliptic curve point.
After a random parameter rB is randomly generated in step S210, further, the product [ rB ] PA of the random parameter rB and the actual public key PA at the decryption end is also calculated, so that another random elliptic curve point on the elliptic curve can be calculated and recorded as a second elliptic curve point RBPA:
RBPA=[rB]PA=(,)。
S230, generating elliptic curve point information based on the first elliptic curve point and the second elliptic curve point.
In practice, a first elliptic curve point is obtained by step S210=(,) Second elliptic curve point rbpa= = ("a",) Then, the first elliptic curve point=(,) And a second elliptic curve point RBPA= ("the second elliptic curve point RBPA,) Collectively referred to as elliptic curve point information.
In this embodiment, the first elliptic curve point and the second elliptic curve point are used for encrypting the plaintext data subsequently, and then ciphertext data is obtained, and the generation of the first elliptic curve point and the second elliptic curve point are related to random parameters generated randomly, and because the random parameters are random, the first elliptic curve point and the second elliptic curve point also have randomness, so that the obtained ciphertext data also has randomness, thereby being convenient for enhancing the difficulty of leaking and decrypting the ciphertext data in the process of transmitting the ciphertext data to the decryption end, and further improving the security of the ciphertext data when transmitting the ciphertext data to the decryption end.
In one embodiment, performing key derivation processing on elliptic curve point information to generate a first derived key includes:
s310, acquiring an abscissa of a first elliptic curve point, and marking the abscissa as a first abscissa; and acquiring the abscissa of the second elliptic curve point and marking the abscissa as a second abscissa.
In an implementation, a first elliptic curve point in elliptic curve point information is obtainedIs the abscissa of (2)The first abscissa is marked; also obtain the abscissa of a second elliptic curve point RBPA in elliptic curve point informationAnd is marked as the second abscissa.
S320, deriving the first abscissa, the second abscissa and the custom parameter to generate a first derived key.
In the implementation, the first abscissa and the second abscissa are respectively converted into corresponding bit strings, and are spliced to obtain a third spliced bit string typeThe method comprises the steps of carrying out a first treatment on the surface of the Further, the custom parameter KA is converted into a custom parameter KA of the bit string type, and then the custom parameter KA of the bit string type is spliced with the third custom parameter KA of the bit string typePerforming bit string splicing to obtain a fourth spliced typeKA。
It should be noted that, the encryption end is preset with a key derivation function, the key derivation function is used for processing the fourth concatenation type so as to generate a first derived key, and the data length of the first derived key output by the key derivation function is consistent with the data length of the plaintext data, so that binary numbers in the first derived key are in one-to-one correspondence with binary numbers in the plaintext data; this facilitates subsequent encryption of the plaintext data by the first derivative key.
In practice, a fourth splice is obtainedAfter KA, further, the fourth splicing typeThe KA is input into a key derivation function preset in the encryption end, and then the key derivation function outputs a corresponding first derivation key KB1, and specifically, the calculation mode of the first derivation key KB1 is as follows:
KB1=KDF(KA)。
in one embodiment, after the first derivative key is generated, plaintext data is processed based on the first derivative key to generate ciphertext data.
In the implementation, after a first derivative key with the data length consistent with the plaintext data length is obtained, each binary number in the first derivative key and the corresponding binary number in the plaintext data are subjected to exclusive-or operation one by one, so as to obtain ciphertext data composed of a plurality of exclusive-or operation results. It should be noted that, the operation between the first derivative key and the plaintext data is not limited to the exclusive-or operation described above,other types of binary operation may be used.
In one embodiment, generating a first check code based on elliptic curve point information and ciphertext data includes:
s410, splicing the first elliptic curve point and the ciphertext data to obtain splicing information.
Ciphertext data generated by the above steps Then the encrypted data is required to be sent to the decryption end, and in the process of transmitting the encrypted data to the decryption endIn order to facilitate the decryption end to judge whether the ciphertext data is tampered after receiving the ciphertext data, the decryption end needs to generate a corresponding check code based on the ciphertext data, splice the check code with the ciphertext data, and then send the check code to a decryption party, specifically:
in practice, the first elliptic curve point=(,) Converting into corresponding bit string, and then pointing the first elliptic curve of the bit string typeBit string splicing is carried out on the ciphertext data to obtain splicing information。
S420, processing the spliced information to generate a first check code.
In practice, splice information is obtainedThen, further, the information is spliced by a message authentication function HMAC preset by the encryption endCalculating to obtain a first check codeSpecific:
=HMAC();
in other embodiments, in addition to employing the message authentication function HMAC pair splice information described aboveBesides processing, the spliced information can be also processedPerforming hash operation to obtain a first check codeSpecific:
=HASH()。
in one embodiment, after the first check code is generated, ciphertext information is generated based on the first check code, elliptic curve point information, and ciphertext data, and the ciphertext information is sent to the decryption end.
Specifically, the first check code is obtained through the stepsFirst elliptic curve point of bit string type in elliptic curve point informationAnd ciphertext dataFurther, the first elliptic curve point of the bit string typeCiphertext dataFirst check codeSplicing to obtain ciphertext information; and finally, the encryption end sends the generated ciphertext information to the decryption end.
In one embodiment, referring to fig. 3, a data transmission processing method after ciphertext information is sent to a decryption end includes:
s500, receiving ciphertext information sent by an encryption terminal, and processing the ciphertext information based on the obtained actual private key of the decryption terminal to generate multiple point coordinate information; the encryption end is used for generating ciphertext information.
In the implementation, after receiving ciphertext information sent by a decryption end, the decryption end decrypts the ciphertext information to obtain a first elliptic curve point in the ciphertext informationIt should be noted that, the decryption end pre-stores the decryption end actual private key dA sent by the key generation and management platform in advance, and the decryption end generates a first elliptic curve pointFurther, based on the first elliptic curve pointAnd performing multiple point operation on the decryption end actual private key dA so as to obtain ciphertext data in ciphertext information Corresponding multiple pointsSpecific:
=[dA]=(,) The method comprises the steps of carrying out a first treatment on the surface of the Will be%,) And recording as multiple point coordinate information.
S600, processing the multiple point coordinate information and the ciphertext information to generate a second check code.
In practice, for the first elliptic curve point obtainedAnd multiple pointProceeding to step S420 for the first elliptic curve pointCiphertext dataAnd (5) performing operation.
In the present embodiment, if the message authentication function HMAC is passed to the first elliptic curve point in step S420Ciphertext dataProcessing is performed, also in this stepMessage authentication function HMAC preset at decryption end for first elliptic curve pointMultiple pointsProcessing to obtain a second check codeSpecific:
=HMAC(‖)。
in other embodiments, if the first elliptic curve point is in step S420Ciphertext dataHash operation is performed, and the first elliptic curve point is also subjected to the stepMultiple pointsPerforming hash operation to obtain a second check codeSpecific:
=HASH(‖)。
s700, judging whether the second check code is identical to the first check code in the ciphertext information, and if not, outputting decryption error information.
If the second check codeEquivalent to a first check codeDescription ofIs equivalent to,Is equivalent toThe method comprises the steps of carrying out a first treatment on the surface of the That is, the ciphertext data The original ciphertext data sent by the encryption end is unchanged in the process of being transmitted to the decryption end, so that the accuracy of the ciphertext data is proved; if the second check codeIs not equivalent to the first check codeDescription ofIs not equivalent to,Is not equivalent toThat is, it means that the ciphertext data received by the decryption end is not the original ciphertext data sent by the encryption end.
In the implementation, after receiving the ciphertext information, the decryption device analyzes the ciphertext information to obtain a first check code in the ciphertext informationThe method comprises the steps of carrying out a first treatment on the surface of the Then, the decryption end calculates a second check codeThen, the second check code is judgedWhether or not it is identical to the first check codeIf not, the ciphertext data received by the decrypting end is not the original ciphertext data sent by the encrypting end, and the decrypting end outputs decryption error information at the moment, so that personnel at the decrypting end are informed of the error in the decryption process.
And S800, if so, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
In the implementation, after receiving the ciphertext information, the decryption device analyzes the ciphertext information to obtain a first check code in the ciphertext information The method comprises the steps of carrying out a first treatment on the surface of the Then, the decryption end calculates a second check codeThen, the second check code is judgedWhether or not it is identical to the first check codeIf it isAcquiring a first elliptic curve point in the ciphertext information=(,) Is the abscissa of (2)Information of coordinates of multiple points,) Abscissa of (2)And preset custom parameters KA; next, the first elliptic curve point=(,) Is the abscissa of (2)Information of coordinates of multiple points,) Abscissa of (2)And converting the preset custom parameters KA into corresponding bit strings; then processing a first elliptic curve point of the bit string type through a key derivation function preset at a decryption end=(,) Is the abscissa of (2)Information of coordinates of multiple points,) Abscissa of (2)And obtaining a second derivative key KB2 by a preset custom parameter KA, wherein the calculation formula of the second derivative key KB2 is as follows:
KB2=KDF( || ||KA);
in practice, each bit of binary number in the second derivative key KB2 is combined with ciphertext dataPerforming exclusive-or operation on the binary numbers corresponding to the binary numbers one by one, so as to obtain plaintext data M consisting of a plurality of exclusive-or operation results, wherein the calculation formula of the plaintext data M is as follows:
M=KB2⊕。
it should be noted that, compared with bilinear pairing operation, the double point operation used in the process of decrypting ciphertext information greatly reduces the computational complexity and the computational load, thereby improving the efficiency of the decryption process and further improving the efficiency of the whole data transmission processing process.
Fig. 2 is a flow chart of a data transmission processing method in one embodiment. It should be understood that, although the steps in the flowchart of fig. 2 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows; the steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders; and at least some of the steps in fig. 2 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the other steps or sub-steps of other steps.
Fig. 3 is a flow chart of a data transmission processing method in another embodiment. It should be understood that, although the steps in the flowchart of fig. 3 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows; the steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders; and at least some of the steps in fig. 3 may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the other steps or sub-steps of other steps.
Based on the same inventive concept, the embodiment of the present disclosure further provides a data transmission processing system for implementing the above-mentioned related data transmission processing method. The implementation of the solution provided by the system is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the data transmission processing system provided below may refer to the limitation of the data transmission processing method hereinabove, and will not be repeated herein.
In one embodiment, as shown in fig. 4, there is provided a data transmission processing system including:
the key generation and management platform is used for generating and managing the platform declaration public key and the decryption end identification information of the decryption end;
the encryption end is used for processing the acquired decryption end identification information, the platform statement public key and preset elliptic curve parameter information to generate a decryption end actual public key; acquiring random parameters, processing the random parameters, elliptic curve parameter information and an actual public key of a decryption end to generate elliptic curve point information; performing key derivation processing on elliptic curve point information to generate a first derived key; processing plaintext data based on the derived key to generate ciphertext data; generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, and transmitting the ciphertext information to a decryption end;
The decryption end is used for receiving the ciphertext information sent by the encryption end and generating multiple point coordinate information based on the obtained ciphertext information processed by the actual private key of the decryption end; the encryption end is used for generating ciphertext information; processing the multiple point coordinate information and the ciphertext information to generate a second check code; judging whether the second check code is equal to the first check code in the ciphertext information, and if not, outputting decryption error information; if yes, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
The various modules in the data transmission processing system described above may be implemented in whole or in part by software, hardware, or a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer equipment is used for storing data such as decryption terminal identification information, a platform statement public key, elliptic curve parameter information, a decryption terminal actual public key, elliptic curve point information, a first derivative key, ciphertext data, a first check code, ciphertext information and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data transmission processing method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of a portion of the architecture associated with the disclosed aspects and is not limiting of the computer device to which the disclosed aspects apply, and that a particular computer device may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.
In one embodiment, a computer readable storage medium is provided, as shown in fig. 6, having a computer program stored thereon, which when executed by a processor, implements the steps of the method embodiments described above.
In an embodiment, a computer program product is provided, comprising a computer program which, when executed by a processor, implements the steps of the method embodiments described above.
It should be noted that, the user information (including, but not limited to, user equipment information, user personal information, etc.) and the data (including, but not limited to, data for analysis, stored data, presented data, etc.) related to the present disclosure are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in accordance with the embodiments may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided by the present disclosure may include at least one of non-volatile and volatile memory, among others. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided by the present disclosure may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors involved in the embodiments provided by the present disclosure may be general-purpose processors, central processing units, graphics processors, digital signal processors, programmable logic, quantum computing-based data processing logic, etc., without limitation thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples merely represent several embodiments of the present disclosure, which are described in more detail and are not to be construed as limiting the scope of the present disclosure. It should be noted that variations and modifications can be made by those skilled in the art without departing from the spirit of the disclosure, which are within the scope of the disclosure. Accordingly, the scope of the present disclosure should be determined from the following claims.
Claims (7)
1. A data transmission processing method, characterized by comprising:
processing the obtained decryption end identification information and the platform declaration public key as well as preset elliptic curve parameter information to generate a decryption end actual public key;
processing the obtained random parameters, the elliptic curve parameter information and the decrypting end actual public key to generate elliptic curve point information;
performing key derivation processing on the elliptic curve point information to generate a first derived key; processing plaintext data based on the first derivative key to generate ciphertext data;
Generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, and sending the ciphertext information to a decryption end, wherein the decryption end is used for decrypting the ciphertext information to generate the plaintext data;
wherein the generating elliptic curve point information by the random parameters, the elliptic curve parameter information and the decrypting end actual public key obtained by the processing comprises: processing the acquired random parameters and the elliptic curve parameter information to generate a first elliptic curve point; processing the random parameters and the decryption end actual public key to generate a second elliptic curve point; generating elliptic curve point information based on the first elliptic curve point and the second elliptic curve point;
wherein generating a first check code based on the elliptic curve point information and the ciphertext data comprises: splicing the first elliptic curve point and the ciphertext data to obtain splicing information; and processing the spliced information to generate the first check code.
2. The method of claim 1, wherein the processing the obtained decryption-side identification information and the platform declaration public key, and the preset elliptic curve parameter information, to generate the decryption-side actual public key, includes:
Carrying out hash operation on the decryption end identification information, the platform declaration public key and the elliptic curve parameter information to obtain a first hash value;
carrying out hash operation on the first hash value, the acquired public key of the decryption end statement and preset custom parameters to obtain a second hash value; performing residual processing on the second hash value to obtain a residual result; the step of obtaining the public key of the decrypting-end statement comprises the following steps: determining decryption end identification information of the decryption end which needs to receive the encrypted plaintext data through a key generation and management platform, and then acquiring the decryption end statement public key corresponding to the decryption end identification information;
and processing the remainder result, the decrypting-end statement public key and the platform statement public key to obtain the decrypting-end actual public key.
3. A method according to claim 1, wherein said performing a key derivation process on said elliptic curve point information to generate a first derived key comprises:
acquiring an abscissa of the first elliptic curve point and marking the abscissa as a first abscissa; acquiring the abscissa of the second elliptic curve point and marking the abscissa as a second abscissa;
and carrying out deriving processing on the first abscissa, the second abscissa and the custom parameters to generate the first derived key.
4. A data transmission processing method, characterized by comprising:
receiving ciphertext information sent by an encryption terminal, and processing the ciphertext information based on an obtained actual private key of the decryption terminal to generate double-point coordinate information; the encryption end is used for generating the ciphertext information;
processing the multiple point coordinate information and the ciphertext information to generate a second check code;
judging whether the second check code is identical to the first check code in the ciphertext information, and if not, outputting decryption error information; the first check code is generated based on elliptic curve point information and ciphertext data; wherein generating the first check code based on the elliptic curve point information and the ciphertext data comprises: splicing the first elliptic curve point with the ciphertext data to obtain splicing information; processing the spliced information to generate the first check code; the first elliptic curve point is generated by processing the acquired random parameters and elliptic curve parameter information;
if yes, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
5. A data transmission processing system, comprising:
the key generation and management platform is used for generating and managing the platform declaration public key and the decryption end identification information of the decryption end;
the encryption end is used for processing the acquired identification information of the decryption end, the platform declaration public key and preset elliptic curve parameter information to generate an actual public key of the decryption end; acquiring random parameters, processing the random parameters, the elliptic curve parameter information and the decrypting end actual public key to generate elliptic curve point information; performing key derivation processing on the elliptic curve point information to generate a first derived key; processing plaintext data based on the derived key to generate ciphertext data; generating a first check code based on the elliptic curve point information and the ciphertext data, generating ciphertext information based on the first check code, the elliptic curve point information and the ciphertext data, and transmitting the ciphertext information to a decryption end; wherein the generating elliptic curve point information by the random parameters, the elliptic curve parameter information and the decrypting end actual public key obtained by the processing comprises: processing the acquired random parameters and the elliptic curve parameter information to generate a first elliptic curve point; processing the random parameters and the decryption end actual public key to generate a second elliptic curve point; generating elliptic curve point information based on the first elliptic curve point and the second elliptic curve point; wherein generating a first check code based on the elliptic curve point information and the ciphertext data comprises: splicing the first elliptic curve point and the ciphertext data to obtain splicing information; processing the spliced information to generate the first check code;
The decryption end is used for receiving the ciphertext information sent by the encryption end and generating double-point coordinate information based on the obtained ciphertext information processed by the actual private key of the decryption end; the encryption end is used for generating the ciphertext information; processing the multiple point coordinate information and the ciphertext information to generate a second check code; judging whether the second check code is identical to the first check code in the ciphertext information, and if not, outputting decryption error information; if yes, carrying out key derivation processing on the ciphertext information, the multiple point coordinate information and preset user-defined parameters to generate a second derived key, and processing ciphertext data in the ciphertext information based on the second derived key to generate plaintext data.
6. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 4 when the computer program is executed.
7. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311444983.3A CN117176351B (en) | 2023-11-02 | 2023-11-02 | Data transmission processing method, system, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311444983.3A CN117176351B (en) | 2023-11-02 | 2023-11-02 | Data transmission processing method, system, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN117176351A CN117176351A (en) | 2023-12-05 |
CN117176351B true CN117176351B (en) | 2024-02-06 |
Family
ID=88930083
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311444983.3A Active CN117176351B (en) | 2023-11-02 | 2023-11-02 | Data transmission processing method, system, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117176351B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003124919A (en) * | 2001-10-10 | 2003-04-25 | Sharp Corp | Cipher communicating apparatus |
CN101079701A (en) * | 2006-05-22 | 2007-11-28 | 北京华大信安科技有限公司 | Highly secure ellipse curve encryption and decryption method and device |
CN109818741A (en) * | 2017-11-22 | 2019-05-28 | 航天信息股份有限公司 | A kind of decryption calculation method and device based on elliptic curve |
CN113259329A (en) * | 2021-04-26 | 2021-08-13 | 北京信安世纪科技股份有限公司 | Method and device for data inadvertent transmission, electronic equipment and storage medium |
CN113821807A (en) * | 2021-08-18 | 2021-12-21 | 北京中电飞华通信有限公司 | Encryption method and device, decryption method and device and security system of RFID asset information |
-
2023
- 2023-11-02 CN CN202311444983.3A patent/CN117176351B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003124919A (en) * | 2001-10-10 | 2003-04-25 | Sharp Corp | Cipher communicating apparatus |
CN101079701A (en) * | 2006-05-22 | 2007-11-28 | 北京华大信安科技有限公司 | Highly secure ellipse curve encryption and decryption method and device |
CN109818741A (en) * | 2017-11-22 | 2019-05-28 | 航天信息股份有限公司 | A kind of decryption calculation method and device based on elliptic curve |
CN113259329A (en) * | 2021-04-26 | 2021-08-13 | 北京信安世纪科技股份有限公司 | Method and device for data inadvertent transmission, electronic equipment and storage medium |
CN113821807A (en) * | 2021-08-18 | 2021-12-21 | 北京中电飞华通信有限公司 | Encryption method and device, decryption method and device and security system of RFID asset information |
Also Published As
Publication number | Publication date |
---|---|
CN117176351A (en) | 2023-12-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP2020502856A5 (en) | ||
CN107425971B (en) | Certificateless data encryption/decryption method and device and terminal | |
US20170005792A1 (en) | Key agreement device and method | |
US7894608B2 (en) | Secure approach to send data from one system to another | |
CN109005184A (en) | File encrypting method and device, storage medium, terminal | |
CN115865531B (en) | Proxy re-encryption digital asset authorization method | |
CN113162751B (en) | Encryption method and system with homomorphism and readable storage medium | |
CN112738051A (en) | Data information encryption method, system and computer readable storage medium | |
CN112118113A (en) | Multi-party cooperative group signature method, device, system and medium based on SM2 algorithm | |
CN115499126A (en) | SM2 key distributed storage-based key pair generation method, collaborative signature method, decryption method, device and medium | |
CN117155549A (en) | Key distribution method, key distribution device, computer equipment and storage medium | |
CN115203749A (en) | Data transaction method and system based on block chain | |
TW202232913A (en) | Generating shared keys | |
CN116232639A (en) | Data transmission method, device, computer equipment and storage medium | |
CN117560150A (en) | Key determination method, device, electronic equipment and computer readable storage medium | |
CN112737783B (en) | Decryption method and device based on SM2 elliptic curve | |
CN116318696B (en) | Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties | |
CN116318784B (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
CN117176351B (en) | Data transmission processing method, system, computer equipment and storage medium | |
CN115834058A (en) | Communication encryption method and device and computer equipment | |
CN112019335B (en) | SM2 algorithm-based multiparty collaborative encryption and decryption method, device, system and medium | |
CN115664651A (en) | SM 9-based online and offline encryption and decryption method, system, equipment and medium | |
CN114697001B (en) | Information encryption transmission method, equipment and medium based on blockchain | |
CN110601841B (en) | SM2 collaborative signature and decryption method and device | |
CN113141249B (en) | Threshold decryption method, system and readable storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |