CN117395030A - Data encryption method, data decryption method, electronic device, and storage medium - Google Patents

Data encryption method, data decryption method, electronic device, and storage medium Download PDF

Info

Publication number
CN117395030A
CN117395030A CN202311214600.3A CN202311214600A CN117395030A CN 117395030 A CN117395030 A CN 117395030A CN 202311214600 A CN202311214600 A CN 202311214600A CN 117395030 A CN117395030 A CN 117395030A
Authority
CN
China
Prior art keywords
data
target
keys
symmetric
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311214600.3A
Other languages
Chinese (zh)
Inventor
李子阳
黎连文
张伟春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weway Shenzhen Network Technology Co ltd
Original Assignee
Weway Shenzhen Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weway Shenzhen Network Technology Co ltd filed Critical Weway Shenzhen Network Technology Co ltd
Priority to CN202311214600.3A priority Critical patent/CN117395030A/en
Publication of CN117395030A publication Critical patent/CN117395030A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a data encryption method, a data decryption method, an electronic device and a storage medium. The method comprises the following steps: obtaining a first number of symmetric keys, determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, calculating a plurality of target keys for encryption according to the symmetric keys of each combination, carrying out hash operation on each target key to obtain hash values of the plurality of target keys, encrypting data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data, and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data. According to the method and the device, the target key in encryption can be generated to decrypt the ciphertext data only when the decrypting party has the correct second number of symmetric keys, even if part of symmetric keys are leaked, the illegal decrypting party cannot decrypt the ciphertext data when the leaked number is smaller than the second number, and therefore the security of the data is improved.

Description

Data encryption method, data decryption method, electronic device, and storage medium
Technical Field
The present disclosure relates to the field of data processing technologies, and in particular, to a data encryption method, a data decryption method, an electronic device, and a storage medium.
Background
At present, in order to prevent the leakage of the plaintext information of the data, encryption processing is generally required to be performed on the plaintext information of the data, and the encryption is mainly performed by asymmetric key encryption or symmetric key encryption. Since the encryption speed of the symmetric key is high, when encrypting a large amount of data (for example, data to be backed up), it is common to encrypt in a symmetric encryption manner. However, the security of ciphertext data depends on the confidentiality of the symmetric key, and once the symmetric key is revealed or attacked by a malicious third party, the ciphertext data is easily decrypted, resulting in the disclosure of plaintext information.
Therefore, providing a method for improving the encryption and decryption security of data, preventing the leakage of plaintext information of the data, has become a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the foregoing, the present application provides a data encryption method, a data decryption method, an electronic device, and a storage medium, which aim to solve the above technical problems.
In a first aspect, the present application provides a symmetric key-based data encryption method, the method comprising:
acquiring a first number of symmetric keys which are generated in advance, and determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, wherein each combination comprises the second number of symmetric keys;
calculating a plurality of target keys for encrypting the data to be encrypted according to each combined symmetric key, wherein each target key is calculated by one combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
encrypting the data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data;
and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data.
In a second aspect, the present application provides a symmetric key-based data decryption method, the method comprising:
obtaining a third number of symmetric keys, and determining all combinations of the second number of symmetric keys selected from the third number of symmetric keys;
calculating a plurality of target keys for decrypting the data to be decrypted according to each combined symmetric key, wherein the data to be decrypted is ciphertext data in the threshold ciphertext data, and each target key is calculated by a combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
traversing the hash values in the threshold ciphertext data, and judging whether target hash values matched with the hash values in the threshold ciphertext data exist in the hash values of the plurality of target keys or not;
and if the target ciphertext data exists, reading the target ciphertext data with the mapping relation with the target hash value from the threshold ciphertext data, and decrypting the target ciphertext data by utilizing a target key corresponding to the target hash value to obtain decrypted data.
In a third aspect, the present application provides an electronic device, the electronic device including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
a processor, configured to implement the symmetric key-based data encryption method according to any one of the embodiments of the first aspect and/or implement the symmetric key-based data decryption method according to any one of the embodiments of the second aspect when executing a program stored in a memory.
In a fourth aspect, the present application provides a computer readable storage medium, on which a computer program is stored, the computer program implementing the symmetric key-based data encryption method according to any one of the embodiments of the first aspect and/or implementing the symmetric key-based data decryption method according to any one of the embodiments of the second aspect when executed by a processor.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
the encryption party acquires a first number of symmetric keys which are generated in advance, determines all combinations of a second number of symmetric keys selected from the first number of symmetric keys, calculates a plurality of target keys for encryption according to the symmetric keys of each combination, carries out hash operation on each target key to obtain hash values of the plurality of target keys, encrypts data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data, and generates threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data. Because the ciphertext data is obtained by encrypting the target key generated by the second number of symmetric keys, the target key generated during encryption can be generated to decrypt the ciphertext data only when the decryption party has the correct second number of symmetric keys, even if part of correct symmetric keys are leaked or acquired by a malicious third party, the illegal decryption party cannot decrypt the ciphertext data when the number of the leaked symmetric keys is smaller than the second number, thereby preventing the plaintext information of the data from being leaked and improving the safety of the data.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.
One or more embodiments are illustrated by way of example and not limitation in the figures of the accompanying drawings, in which like references indicate similar elements, and in which the figures of the drawings are not to be taken in a limiting sense, unless otherwise indicated.
FIG. 1 is a schematic flow chart of an embodiment of a symmetric key-based data encryption method of the present application;
FIG. 2 is a flow chart of a preferred embodiment of a symmetric key based data decryption method according to the present application;
fig. 3 is a schematic structural diagram of an electronic device for executing a symmetric key-based data encryption method and/or a symmetric key-based data decryption method according to the present application;
the realization, functional characteristics and advantages of the present application will be further described with reference to the embodiments, referring to the attached drawings.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present application based on the embodiments herein.
The following disclosure provides many different embodiments, or examples, for implementing different structures of the invention. In order to simplify the present disclosure, components and arrangements of specific examples are described below. They are, of course, merely examples and are not intended to limit the invention. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed.
The application provides a data encryption method based on a symmetric key. Referring to fig. 1, a method flow diagram of an embodiment of a symmetric key-based data encryption method of the present application is shown. The method may be performed by an electronic device, which may be implemented in software and/or hardware, the symmetric key based data encryption method comprising:
step S110: acquiring a first number of symmetric keys which are generated in advance, and determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, wherein each combination comprises the second number of symmetric keys;
step S120: calculating a plurality of target keys for encrypting the data to be encrypted according to each combined symmetric key, wherein each target key is calculated by one combined symmetric key;
step S130: carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
step S140: encrypting the data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data;
step S150: and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data.
In this embodiment, the scheme is described taking the data to be encrypted as the data to be backed up as an example, and in an actual application scenario, in order to ensure the security of the backup data and prevent the plaintext information of the backup data from leaking, encryption processing is generally required to be performed on the backup data, and when the data is recovered by using the backup data, the encrypted backup data is decrypted. It will be appreciated that the data to be encrypted may be private data that needs to be encrypted in other application scenarios, which is not specifically limited herein.
The data to be encrypted (plainText of the backup data) is denoted plainText, a first number of symmetric keys is provided by the encryptor, and a second number represents a threshold value (also called threshold value). For example, symmetric keys for encrypting the backup data by an enterprise are provided by responsible persons of 5 departments, namely k1, k2, k3, k4 and k5, and when the backup data is encrypted, 3 symmetric keys are selected from the 5 symmetric keys, the first number n is equal to 5, and the second number m is equal to 3. All combinations of 3 symmetric keys selected from the 5 symmetric keys were determined using the following formula:
wherein P represents the number of all combinations, C represents the combination of m symmetric keys selected from n symmetric keys, n represents the first number 5, m represents the second number 3, and it can be determined that all combinations are 10 groups, the symmetric keys of each combination are:
group 1: k1 K2, k3;
group 2: k1 K2, k4;
group 3: k1 K2, k5;
group 4: kl, k3, k4;
group 5: kl, k3, k5;
group 6: kl, k4, k5;
group 7: k2 K3, k4;
group 8: k2 K3, k5;
group 9: k2 K4, k5;
group 10: k3 K4, k5;
each combination includes 3 symmetric keys, and a plurality of target keys for encrypting the backup data are calculated according to the symmetric keys of each combination, wherein each target key is calculated by the symmetric key of one combination. Specifically, a plurality of target keys for encrypting data to be encrypted are calculated from each combined symmetric key, including:
and respectively carrying out exclusive OR operation on the symmetric keys in each combination to obtain a plurality of target keys for encrypting the data to be encrypted.
Since the lengths of the symmetric keys in each combination are the same, 10 target keys can be obtained by performing the exclusive-or operation on the symmetric keys in each combination, and the bits are not required to be complemented, and the 10 target keys are respectively:
Newkey1=k1^k2^k3;
Newkey2=k1^k2^k4;
Newkey3=k1^k2^k5;
Newkey4=k1^k3^k4;
Newkey5=k1^k3^k5;
Newkey6=k1^k4^k5;
Newkey7=k2^k3^k4;
Newkey8=k2^k3^k5;
Newkey9=k2^k4^k5;
Newkey10=k3^k4^k5;
carrying out hash operation on each target key by utilizing a hash algorithm (for example, SHA256 algorithm) to obtain hash values of a plurality of target keys, wherein the hash values of the target keys are respectively:
Hash1=Hash{Newkey1};
Hash2=Hash{Newkey2};
Hash3=Hash{Newkey3};
Hash4=Hash{Newkey4};
Hash5=Hash{Newkey5};
Hash6=Hash{Newkey6};
Hash7=Hash{Newkey7};
Hash8=Hash{Newkey8};
Hash9=Hash{Newkey9};
Hash10=Hash{Newkey10};
encrypting the data plainText to be encrypted by using each target key respectively to obtain a plurality of groups of ciphertext data, wherein the obtained ciphertext data are respectively:
cipherertext1=symmetric encryption algorithm { Newkey1, plainText };
cipherertext1=symmetric encryption algorithm { Newkey2, plainText };
ciphererText3=symmetric encryption algorithm { Newkey3, plainText };
ciphererText 4 = symmetric encryption algorithm { Newkey4, plainText };
cipherertext 5 = symmetric encryption algorithm { Newkey5, plainText };
ciphererText 6 = symmetric encryption algorithm { Newkey6, plainText };
cipherertext 7 = symmetric encryption algorithm { Newkey7, plainText };
ciphererText8=symmetric encryption algorithm { Newkey8, plainText };
cipherertext 9 = symmetric encryption algorithm { Newkey9, plainText };
ciphererText 10 = symmetric encryption algorithm { Newkey10, plainText };
and taking the hash values of the plurality of target keys and a plurality of groups of ciphertext data as threshold ciphertext data of the data to be encrypted. Specifically, generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of sets of ciphertext data includes:
the hash value of each target key and ciphertext data obtained by encrypting the data to be encrypted by the target key are constructed into a mapping relation;
and combining the data corresponding to each mapping relation to obtain the threshold ciphertext data.
And constructing a mapping relation between the target Hash value Hash1 and the ciphereText 1, and constructing a mapping relation between the target Hash value Hash2 and the ciphereText 1 until a mapping relation is constructed between the Hash10 and the ciphereText 10. And taking the target hash value and the ciphertext data corresponding to each mapping relation as one line of data to obtain a plurality of lines of data, and generating a data table as threshold ciphertext data.
Because the ciphertext data is obtained by encrypting the target key generated by the plurality of symmetric keys, the target key capable of decrypting the ciphertext data can be generated by the symmetric key only when the decrypting party has the plurality of symmetric keys of the generated target key, even if part (less than the second number) of correct symmetric keys are leaked or acquired by a malicious third party, the leakage of the target key can not be caused, and the illegal decrypting party still can not decrypt the ciphertext data, thereby improving the security of backup data.
Referring to fig. 2, a method flow diagram of an embodiment of a symmetric key-based data decryption method according to the present application is shown. The method can be executed by an electronic device, the electronic device can be realized by software and/or hardware, the data decryption method based on the symmetric key is a method for decompressing data after adopting the data encryption method based on the symmetric key, and the data decryption method based on the symmetric key comprises the following steps:
step S210: obtaining a third number of symmetric keys, and determining all combinations of the second number of symmetric keys selected from the third number of symmetric keys;
step S220: calculating a plurality of target keys for decrypting the data to be decrypted according to each combined symmetric key, wherein the data to be decrypted is ciphertext data in the threshold ciphertext data, and each target key is calculated by a combined symmetric key;
step S230: carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
step S240: traversing the hash values in the threshold ciphertext data, and judging whether target hash values matched with the hash values in the threshold ciphertext data exist in the hash values of the plurality of target keys or not;
step S250: and if the target ciphertext data exists, reading the target ciphertext data with the mapping relation with the target hash value from the threshold ciphertext data, and decrypting the target ciphertext data by utilizing a target key corresponding to the target hash value to obtain decrypted data.
Assuming that the decrypting party is one of the persons who the enterprise holds 5 symmetric keys, when the decrypting party decrypts the threshold ciphertext data, the decrypting party decrypts Fang Huoqu a third number x of symmetric keys, wherein the third number x is less than or equal to the first number 5 and is greater than or equal to the second number 3, and taking the third number x=4, and the 4 symmetric keys are k1, k2, k3 and BadKey as examples, namely only 3 of the 4 symmetric keys are correct symmetric keys. Determining all combinations of symmetric keys of 3 out of 4 symmetric keys, there are 4 combinations:
group 1: k1 K2, k3;
group 2: k1 K2, badKey;
group 3: k1 K3, badKey;
group 4: k2 K3, badKey;
according to the symmetric key of each combination, a plurality of target keys for decrypting the data to be decrypted are calculated, the calculation method of the target keys is consistent in encryption process, the symmetric keys in each combination are subjected to bit exclusive OR operation respectively, the plurality of target keys for decrypting the data to be decrypted are obtained, and the obtained target keys are respectively:
Newkey[1]=k1^k2^k3;
Newkey[2]=k1^k2^BadKey;
Newkey[3]=k1^k3^BadKey;
Newkey[4]=k2^k3^BadKey;
and carrying out hash operation on each target key by utilizing a hash algorithm to obtain hash values of a plurality of target keys. It will be appreciated that the hash algorithm herein is the same as the hash algorithm that performs the hash operation in the encryption process. The hash values of the target key are respectively:
Hash1=Hash{Newkey[1]};
Hash2=Hash{Newkey[2]};
Hash3=Hash{Newkey[3]};
Hash4=Hash{Newkey[4]};
the Hash value in the threshold ciphertext data is traversed, since the Newkey [1] is obtained by carrying out exclusive-or operation on k1, k2 and k3, and the Hash algorithm used in the encryption process is the same as the Hash algorithm used in the decryption process, so that the Hash { Newkey [1] and the Hash { Newkey [1] can be judged to be matched, and the Hash { Newkey [1] is taken as the target Hash value. And reading target cipherText data (namely, ciphereText 1) with a mapping relation with the target hash value from the threshold cipherText data, and decrypting the target cipherText data ciphereText 1 by using the target hash value according to a symmetric key algorithm to obtain plainText data plainText. Thus, the decryption is completed with the second number of correct keys.
In one embodiment, if 2 symmetric keys (kl, k 2) in the 5 correct keys are revealed and obtained by the illegal decryption party, that is, the illegal decryption party grasps symmetric keys smaller than the second number, the symmetric keys that can be provided when the illegal decryption party decrypts are kl, k2, badKeyl, badkey2, and 4 combinations are:
1 st: k1 K2, badKeyl;
2 nd: k1 K2, badKey2;
3 rd: k1, badKey2;
4 th: k2, badKey2;
obviously, the hash value obtained by performing exclusive or operation on the key in each case cannot find the matched hash value in the threshold ciphertext data, so that the ciphertext data cannot be decrypted. Even if the correct symmetric key leaks, when the number of the leaked symmetric keys is smaller than the second number, the illegal decryption party cannot decrypt the ciphertext data, so that the security of the data is improved. Therefore, if the hash values of the plurality of target keys are judged to not have the target hash value matched with the hash value in the threshold ciphertext data, determining that the data to be decrypted is failed to be decrypted.
Referring to fig. 3, the present application further provides an electronic device for executing the data encryption method based on the symmetric key and/or the data decryption method based on the symmetric key, and it should be noted that the electronic device executing the data encryption method based on the symmetric key and/or the data decryption method based on the symmetric key may be the same electronic device or different electronic devices.
The electronic device includes, but is not limited to: processor 111, communication interface 112, memory 113, and communication bus 114. The electronic device may be connected to a network through a communication interface 112. The processor 111, the communication interface 112 and the memory 113 perform communication with each other through the communication bus 114.
Processor 111 may be, among other things, a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 111 is typically used to control the overall operation of the electronic device, such as performing data interaction or communication related control and processing, etc. The processor 111 is configured to execute program codes stored in the memory 113 or process data, for example, program codes of a symmetric key-based data encryption program and/or a symmetric key-based data decryption program, etc.
The communication interface 112 may alternatively comprise a standard wired interface, a wireless interface (e.g., WI-FI interface), which communication interface 112 is typically used to establish communication connections between the electronic device and other electronic devices.
The memory 113 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 113 may be an internal storage unit of the electronic device, such as a hard disk or a memory of the electronic device. The memory 113 is generally used for storing an operating system and various application software installed on the electronic device, for example, a data encryption program based on a symmetric key and/or a program code of a data decryption program based on a symmetric key, etc., and the memory 113 may also store data to be compressed, data to be decompressed, and decompression results of the data to be decompressed.
Fig. 3 shows only an electronic device with components 111-114, but it is understood that not all shown components are required to be implemented, that more or fewer components may alternatively be implemented, e.g. the electronic device may also comprise tensor processing units/processors (Tensor Processing Unit, TPU), decoders, etc.
The processor 111 may implement the following steps when executing the symmetric key based data encryption program stored in the memory 113:
acquiring a first number of symmetric keys which are generated in advance, and determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, wherein each combination comprises the second number of symmetric keys;
calculating a plurality of target keys for encrypting the data to be encrypted according to each combined symmetric key, wherein each target key is calculated by one combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
encrypting the data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data;
and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data.
For a detailed description of the above steps, please refer to the above description of fig. 1 for a flowchart of an embodiment of a symmetric key based data encryption method.
The processor 111 may implement the following steps when executing the symmetric key-based data decryption program stored in the memory 113:
obtaining a third number of symmetric keys, and determining all combinations of the second number of symmetric keys selected from the third number of symmetric keys;
calculating a plurality of target keys for decrypting the data to be decrypted according to each combined symmetric key, wherein the data to be decrypted is ciphertext data in the threshold ciphertext data, and each target key is calculated by a combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
traversing the hash values in the threshold ciphertext data, and judging whether target hash values matched with the hash values in the threshold ciphertext data exist in the hash values of the plurality of target keys or not;
and if the target ciphertext data exists, reading the target ciphertext data with the mapping relation with the target hash value from the threshold ciphertext data, and decrypting the target ciphertext data by utilizing a target key corresponding to the target hash value to obtain decrypted data.
For a detailed description of the above steps, please refer to the above description of fig. 3 for a flowchart of an embodiment of a symmetric key based data decryption method.
Furthermore, the embodiments of the present application also propose a computer-readable storage medium, which may be non-volatile or volatile. The computer readable storage medium may be any one or any combination of several of a hard disk, a multimedia card, an SD card, a flash memory card, an SMC, a read-only memory (ROM), an erasable programmable read-only memory (EPROM), a portable compact disc read-only memory (CD-ROM), a USB memory, etc. The computer readable storage medium comprises a storage data area and a storage program area, wherein the storage program area stores a symmetric key-based data encryption program and/or a symmetric key-based data decryption program, and the symmetric key-based data encryption program realizes the following operations when being executed by a processor:
acquiring a first number of symmetric keys which are generated in advance, and determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, wherein each combination comprises the second number of symmetric keys;
calculating a plurality of target keys for encrypting the data to be encrypted according to each combined symmetric key, wherein each target key is calculated by one combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
encrypting the data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data;
and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data.
The embodiments of the computer readable storage medium of the present application are substantially the same as the embodiments of the symmetric key-based data encryption method described above, and will not be described herein.
The symmetric key-based data decryption program, when executed by a processor, performs the following operations:
obtaining a third number of symmetric keys, and determining all combinations of the second number of symmetric keys selected from the third number of symmetric keys;
calculating a plurality of target keys for decrypting the data to be decrypted according to each combined symmetric key, wherein the data to be decrypted is ciphertext data in the threshold ciphertext data, and each target key is calculated by a combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
traversing the hash values in the threshold ciphertext data, and judging whether target hash values matched with the hash values in the threshold ciphertext data exist in the hash values of the plurality of target keys or not;
and if the target ciphertext data exists, reading the target ciphertext data with the mapping relation with the target hash value from the threshold ciphertext data, and decrypting the target ciphertext data by utilizing a target key corresponding to the target hash value to obtain decrypted data.
The embodiments of the computer readable storage medium of the present application are substantially the same as the embodiments of the symmetric key-based data decryption method described above, and will not be described herein.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
From the above description of embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus a general purpose hardware platform, or may be implemented by hardware. Based on such understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the related art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the method described in the respective embodiments or some parts of the embodiments.
It is to be understood that the terminology used herein is for the purpose of describing particular example embodiments only, and is not intended to be limiting. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. The terms "comprises," "comprising," "includes," "including," and "having" are inclusive and therefore specify the presence of stated features, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, elements, components, and/or groups thereof. The method steps, processes, and operations described herein are not to be construed as necessarily requiring their performance in the particular order described or illustrated, unless an order of performance is explicitly stated. It should also be appreciated that additional or alternative steps may be used.
The foregoing is only a specific embodiment of the invention to enable those skilled in the art to understand or practice the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1. A symmetric key-based data encryption method, the method comprising:
acquiring a first number of symmetric keys which are generated in advance, and determining all combinations of a second number of symmetric keys selected from the first number of symmetric keys, wherein each combination comprises the second number of symmetric keys;
calculating a plurality of target keys for encrypting the data to be encrypted according to each combined symmetric key, wherein each target key is calculated by one combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
encrypting the data to be encrypted by using each target key to obtain a plurality of groups of ciphertext data;
and generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of groups of ciphertext data.
2. The symmetric key based data encryption method of claim 1, wherein the determining to select all combinations of the second number of symmetric keys from the first number of symmetric keys includes determining all combinations of the second number of symmetric keys using the formula:
where P represents the number of all combinations, n represents the first number, and m represents the second number.
3. The symmetric key-based data encryption method according to claim 1, wherein the calculating a plurality of target keys for encrypting the data to be encrypted based on each combined symmetric key comprises:
and respectively carrying out exclusive OR operation on the symmetric keys in each combination to obtain a plurality of target keys for encrypting the data to be encrypted.
4. The symmetric key-based data encryption method according to claim 1, wherein the generating threshold ciphertext data of the data to be encrypted based on the hash values of the plurality of target keys and the plurality of sets of ciphertext data comprises:
the hash value of each target key and ciphertext data obtained by encrypting the data to be encrypted by the target key are constructed into a mapping relation;
and combining the data corresponding to each mapping relation to obtain the threshold ciphertext data.
5. A symmetric key-based data decryption method, the method comprising:
obtaining a third number of symmetric keys, and determining all combinations of the second number of symmetric keys selected from the third number of symmetric keys;
calculating a plurality of target keys for decrypting the data to be decrypted according to each combined symmetric key, wherein the data to be decrypted is ciphertext data in the threshold ciphertext data of claim 1, and each target key is calculated by one combined symmetric key;
carrying out hash operation on each target key to obtain hash values of a plurality of target keys;
traversing the hash values in the threshold ciphertext data, and judging whether target hash values matched with the hash values in the threshold ciphertext data exist in the hash values of the plurality of target keys or not;
and if the target ciphertext data exists, reading the target ciphertext data with the mapping relation with the target hash value from the threshold ciphertext data, and decrypting the target ciphertext data by utilizing a target key corresponding to the target hash value to obtain decrypted data.
6. The symmetric key-based data decryption method as set forth in claim 5, wherein the determining whether a target hash value matching the hash value in the threshold ciphertext data exists among the hash values of the plurality of target keys includes:
and if the hash values of the plurality of target keys are judged to not have the target hash values matched with the hash values in the threshold ciphertext data, determining that the data to be decrypted fails to be decrypted.
7. The symmetric key-based data decrypting method as claimed in claim 5, wherein said calculating a plurality of target keys for decrypting the data to be decrypted based on each combined symmetric key, comprises:
and respectively carrying out exclusive OR operation on the symmetric keys in each combination to obtain a plurality of target keys for decrypting the data to be decrypted.
8. An electronic device, characterized in that the electronic device comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are in communication with each other through the communication bus;
a memory for storing a computer program;
a processor for implementing the symmetric key-based data encryption method according to any one of claims 1 to 4 and/or implementing the symmetric key-based data decryption method according to any one of claims 5 to 7 when executing a program stored on a memory.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the symmetric key based data encryption method of any one of claims 1 to 4 and/or implements the symmetric key based data decryption method of any one of claims 5 to 7.
CN202311214600.3A 2023-09-19 2023-09-19 Data encryption method, data decryption method, electronic device, and storage medium Pending CN117395030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311214600.3A CN117395030A (en) 2023-09-19 2023-09-19 Data encryption method, data decryption method, electronic device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311214600.3A CN117395030A (en) 2023-09-19 2023-09-19 Data encryption method, data decryption method, electronic device, and storage medium

Publications (1)

Publication Number Publication Date
CN117395030A true CN117395030A (en) 2024-01-12

Family

ID=89440002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311214600.3A Pending CN117395030A (en) 2023-09-19 2023-09-19 Data encryption method, data decryption method, electronic device, and storage medium

Country Status (1)

Country Link
CN (1) CN117395030A (en)

Similar Documents

Publication Publication Date Title
CN109583189B (en) Firmware secure loading method and device, computer equipment and storage medium
CN108809646B (en) Secure shared key sharing system
US10552588B2 (en) Enabling a software application to be executed on a hardware device
US9367701B2 (en) Systems and methods for maintaining integrity and secrecy in untrusted computing platforms
US20160094347A1 (en) Method and system for secure management of computer applications
US20180204004A1 (en) Authentication method and apparatus for reinforced software
SG171919A1 (en) Hardware encrypting storage device with physically separable key storage device
US20150256343A1 (en) Securely Generating and Storing Passwords in a Computer System
CN112507365A (en) Data matching method, terminal and storage medium
CN115859267A (en) Method for safely starting application program, storage control chip and electronic equipment
US9594918B1 (en) Computer data protection using tunable key derivation function
US20050132190A1 (en) Methods for supplying cryptographic algorithm constants to a storage-constrained target
CN109891823B (en) Method, system, and non-transitory computer readable medium for credential encryption
CN109784072B (en) Security file management method and system
US11601291B2 (en) Authentication method and device for matrix pattern authentication
JP6488954B2 (en) ENCRYPTED DATA PROCESSING METHOD, ENCRYPTED DATA PROCESSING SYSTEM, ENCRYPTED DATA PROCESSING DEVICE, AND ENCRYPTED DATA PROCESSING PROGRAM
CN117395030A (en) Data encryption method, data decryption method, electronic device, and storage medium
CN114297673A (en) Password verification method, solid state disk and upper computer
EP3881214B1 (en) Change-tolerant method of generating an identifier for a collection of assets in a computing environment
US9805205B2 (en) Adaptive system profile
CN114650175B (en) Verification method and device
CN109564615B (en) Method, device, equipment and storage medium for loading model data
US20230017265A1 (en) Method for performing cryptographic operations in a processing device, corresponding processing device and computer program product
CN115734215A (en) Key retrieving method, server and identification card
US20190065776A1 (en) Method and apparatus for securing data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination