CN1694397A - Method and device for constructing sequential cipher - Google Patents
Method and device for constructing sequential cipher Download PDFInfo
- Publication number
- CN1694397A CN1694397A CN 200410023163 CN200410023163A CN1694397A CN 1694397 A CN1694397 A CN 1694397A CN 200410023163 CN200410023163 CN 200410023163 CN 200410023163 A CN200410023163 A CN 200410023163A CN 1694397 A CN1694397 A CN 1694397A
- Authority
- CN
- China
- Prior art keywords
- key
- seed
- root key
- present frame
- stepping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
This invention relates to a method for setting up sequence ciphers and a device, the main content is how to generate the cryptographic key sequence including the following steps: appointing a large enough root cryptographic key space to select seeds secretly and appointing steps to determine the current root cryptographic key as the new seed value. A single-way hash transformation is carried out to the current root cryptographic key to get the current frame cryptographic key, the process of generating said key is repeated to get the necessary key sequence and further enhance the randomness of said generated key sequence.
Description
Technical field
The present invention relates to password, particularly relate to a kind of method and apparatus of tectonic sequence password.
Background technology
Encryption is meant carries out conversion to data, makes it except to the target receiver, become can't or indigestion.A kind of method that digitized data are encrypted is to adopt stream cipher (or stream cipher, stream cipher).Stream cipher is with data and key sequence (or key stream, keystream; Or encrypted bitstream, encryption bit stream) combine; In conjunction with method normally adopt XOR (exclusive-or, XOR) computing.Deciphering then is the process of the same key sequence of generation and sender and removes key sequence from encrypted data.If xor operation is performed when sender's enciphered data, then same xor operation also is performed when recipient's data decryption.The data encryption of the safety of implementing for a stream cipher, the generation of key sequence must be difficult to predict on calculating.
Key sequence in the stream cipher is PRBS pseudo-random bit sequence (stream of pseudo-random bits) normally, or pseudo-random number sequence (stream of pseudo-random numbers).The method that many generation pseudo-random number sequences are arranged is such as based on linear feedback shift register (linear feedback shift register, method LFSR), perhaps other method.The fail safe of stream cipher depends on the quality that pseudo-random number sequence generates; Optimal state is to realize " one-time pad ", and different key sequences is all used in promptly each encryption.Reality should make the generation quality of key sequence approach this state as far as possible in realizing; That is, for the assailant, key sequence is disposable (or, unduplicated), at random as far as possible.
Stream cipher has a wide range of applications in the safe transmission of data and storage.Such as, the RC4 encryption technology that in computer system, adopts; Qualcomm (QUALCOMM, Incorporated) the stream cipher encryption technology that is used for code division multiple access (CDMA) radio telephone system of Ti Chuing (United States Patent (USP), the patent No. 6510228); Or the like.
Along with the continuous development of technology, stream cipher also needs constantly development could adapt to the demand of data encryption; Such as, obtain the higher key sequence of quality to satisfy higher Cipher Strength demand.
Summary of the invention
The objective of the invention is to provide the method and apparatus that can be used for the tectonic sequence password.
For realizing purpose of the present invention, the technical solution adopted in the present invention is:
Select a numerical space as the root key space; In the root key space, select a numerical value, as the initial value of seed; Select a function as stepping, its effect is that step-length is put on the seed, and determines a numerical value in the root key space; Based on the currency of seed, by the resulting numerical value of stepping as the current root key; With the current root key replace seed currency and as the new currency of seed; The current root key is carried out the uni-directional hash conversion, and the result of conversion is as the present frame key; Form key sequence by the present frame key, data that the key sequence XOR is to be encrypted and finish the stream cipher data encryption process.
In for the realization technical scheme that purpose of the present invention adopted: the root key space that sender and recipient arranged is enough big on calculating, and all numerical value in promptly exhaustive root key space are infeasible on calculating; The agreement in root key space can be taked the mode of secret or non-secret.The agreement process of the initial value of seed must be secret, and promptly sender and recipient select a concrete numerical value to be used as first numerical value of seed in the root key space by the mode of secret.Steplike function can be the secret or non-agreement in confidence of sender and recipient; Steplike function puts on a step-length currency of seed and select a concrete numerical value in the root key space; Used step-length can be the fixed numbers of appointment, also can be the numerical value (comprising the state value that process produced that is undertaken by institute's describing method) that changes with running status; When putting on the seed currency, step-length can use any arithmetic, logical operation mode (as addition, XOR, etc.), and other compute mode.
For realizing in the technical scheme that purpose of the present invention adopted: to the current root key implement the uni-directional hash conversion with the result of conversion as the present frame key; Used uni-directional hash conversion can be selected one-way hash function commonly used at present, perhaps uses other mapping algorithm with unidirectional characteristic, comprises self-defining mapping algorithm.
In for the realization technical scheme that purpose of the present invention adopted: constantly the currency to seed applies step-by-step action and replaces the currency of seed with the result of stepping, thereby constantly produces different current root keys; Constantly the current root key that is produced is implemented the uni-directional hash conversion and obtained different present frame keys continuously; These present frame keys that generate continuously are used to form key sequence.
In for the realization technical scheme that purpose of the present invention adopted, can repeat to use described technical scheme and make up the result who is obtained, and constituting " dual " or " multiple " key synthetic method, that is: (1) sender and recipient arrange two or more incoherent seed initial values in confidence; Perhaps arrange the combination in two groups or more incoherent seed initial value, stepping and root key space in confidence.(2) like this, based on two or more incoherent seed initial values, or, can obtain two or more current root keys or present frame key simultaneously based on the combination in two groups or more incoherent seed initial value, stepping and root key space.(3) generative process that will so obtain two or more current root keys or present frame key combines; That is,, go to influence another generative process, and obtain being actually used in the present frame key of forming key sequence based on the result of affected generative process with the result or the intermediateness of a generative process; Thereby make each present frame key of forming key sequence, all be based on two or more incoherent seed initial values, perhaps the combination in two groups or more incoherent seed initial value, stepping and root key space obtains.
By method and apparatus proposed by the invention, utilize root key space enough big characteristic and one-way hash function on calculating characteristic (as, one-way, avalanche, anti-collision etc.), can construct the stream cipher method and apparatus of high security intensity.
Description of drawings
Specification comprises 3 width of cloth accompanying drawings:
Fig. 1 uses the exemplary plot that the present invention generates key sequence;
Fig. 2 uses the present invention, generates the exemplary plot of key sequence with " dual " key synthetic method;
Fig. 3 is an exemplary plot of using the invention process data encryption.
Embodiment
What the present invention considered is the method and apparatus of tectonic sequence password; The method and apparatus of its key sequence generation to the effect that, perhaps more being broadly interpreted as is the method and apparatus that pseudo random number generates.In view of known reason, the present invention does not do explicit definition or explanation to employed some term, noun and expression way etc., such as: sender, recipient, encryption, deciphering, password, XOR, one-way hash function (One-way hash function), hash function (Hashfunction), the expression way of position, bit, number, or the like.Then defer to the implication that the present invention is illustrated or define for some specific noun, such as: root key space, current root key, present frame key, root key, frame key, seed, stepping, step-length, " dual " or " multiple " key synthetic method, or the like.
Among the present invention, the required basic step of method and apparatus that generates key sequence is:
1) sender and recipient secret or non-arrange in confidence one common, on calculating enough big root key space.Such as, sender and recipient arrange an enough big integer ring of numbers as the root key space.The starting point of this ring of numbers is 0; Terminal point is (2
1024-1).
2) sender and recipient arrange a seed in confidence.Seed is a numerical value in the root key space; Its agreement is meant that sender and recipient select a numerical value to be used as the initial value (or, first currency of seed) of seed jointly in the root key space.The agreement process of seed initial value must be secret, and promptly the initial value of seed only knows for legal sender and recipient; The secret that the process of agreement can be passed through public key cryptography, share in advance, perhaps additive method is realized.
3) sender and recipient are secret or non-arranges stepping (or claiming steplike function) in confidence.Stepping acts on the currency of seed with step-length, thereby determines a concrete numerical value in the root key space; Determined numerical value is used as the current root key, and this numerical value will replace seed currency and as the new currency of seed.Promptly
KEY
CURRENT=FUNC
STEP(SEED
CURRENT,LENGTH
STEP)
Wherein, SEED
CURRENTBe current numerical value as seed, or the currency of seed; LENGTH
STEPIt is the current step-length that is applied on the seed; FUNC
STEPBe steplike function, the decision step-length puts on the concrete mode of seed; KEY
CURRENTIt is currency resulting current root key after the steplike function effect by seed.
Then, the currency of seed is replaced by the value of current root key; Promptly
SEED
CURRENT=KEY
CURRENT
Wherein, SEED
CURRENTIt is the new currency of seed; KEY
CURRENTIt is the current root key.
Employed step-length in the steplike function can be the fixed numbers of an appointment; Such as, when the agreement steplike function, specify a certain constant as step-length.Step-length also can be the numerical value that changes with running status; Such as, when the agreement steplike function, indicate step-length and be (p*q), wherein, p is a constant, q is the count value of stepping number of times; For another example, step-length is used result's (that is, a last current root key) of stepping last time, or resulting numerical value after the conversion of the result of stepping last time process uni-directional hash.
When putting on the seed currency, step-length can use any arithmetic, logical operation mode; Such as, step-length and the addition of seed currency, step-length and seed currency XOR, etc.Also can use the combination of some kinds of arithmetic, logical operation mode, perhaps other compute mode.
For instance, select integer ring of numbers (0,2
1024-1) as the root key space, select numerical value " 0FFFFh " as the initial value of seed (or, first currency of seed), selecting " 01h " be step-length, selection step-length and the addition of seed currency are as the specific algorithm of steplike function; The result of stepping so, for the first time is (0FFFFh+01h=010000h); Like this, " 010000h " is exactly first current root key that is obtained, and " 010000h " will be as new seed currency so that generate second current root key; Follow-up person analogizes.This process makes seed along as the ring of numbers in root key space and rotate; The process that picture becomes " 010000h " by " 0FFFFh " make seed along as the ring of numbers in root key space to unit of right rotation.If the currency that seed is new is crossed the terminal point or the starting point of above-mentioned integer ring of numbers as the root key space, it will reenter the root key space by another end points.
In addition, hereinafter with noun root key general reference current root key with once as the current root key and used numerical value.
4) the current root key is carried out conversion by one-way hash function of feed-in (or, hash function).Result after the one-way hash function conversion is called the present frame key.Promptly
KEY
FRAME=HASH(KEY
CURRENT)
Wherein, KEY
FRAMEBe meant the present frame key, KEY
CURRENTBe meant the current root key, HASH is meant the one-way hash function as conversion.
Because the characteristic of one-way hash function, resulting present frame key can repeat hardly; That is to say that the present frame key is disposable.For instance, when using SHA1 (SHA1 Secure Hash Algorithm) as used one-way hash function (or, hash function), generating length by the current root key is 160 present frame key.The SHA1 algorithm has one-way and when input has a data bit map in the data, can cause that nearly half data bit changes in the SHA1 arithmetic result.Therefore, the present frame key is infeasible and draw corresponding current root key by the present frame key just as the random number of a continuous conversion on calculating.
When the current root key was applied the uni-directional hash conversion, the one-way hash function that can select to use always (or, hash function) was as present SHA1 algorithm, the MD5 algorithm (The MD5 Message-Digest Algorithm) that extensively adopts; Also can use other mapping algorithm, comprise self-defining mapping algorithm with unidirectional characteristic.Being obtained the one-way hash function that the present frame key adopted (or, hash function) needn't treat it in strict confidence by the current root key.
In addition, noun frame key general reference present frame key and hereinafter once as the present frame key and used numerical value.
5) the present frame key is used for the required key sequence of composition sequence password implementation data encrypt/decrypt.With step 3) and step 4), the process that is about to " is implemented stepping and is obtained the current root key the seed currency; the current root key with gained is replaced the seed currency; the current root key of gained is implemented the uni-directional hash conversion and obtained the present frame key ", notes by abridging to be " seed-stepping-conversion " process.If the required key sequence length of enciphered data is greater than the length of present frame key, can generate several frame keys (wherein by several times " seed-stepping-conversion " process, each frame key is for corresponding " seed-stepping-conversion " process, all be the present frame key), connect these frame keys then and obtain the key sequence of Len req.
6) in step 1) to step 5), by following measure, can strengthen the randomness of the key sequence that is obtained:
1. select bigger root key space, such as selecting ring of numbers (0,2
2048-1), thereby represents seed and current root key with longer data bit as the root key space.
2. select to say better one-way hash function from the password angle, better as the SHA1 algorithm than MD5 algorithm.
3. select more complicated step-length.Do not get similar " 01h " fixing or linear change like this deviation such as step-length, and get the numerical value that other presents the randomness feature.Such as, can get a frame key (promptly last " seed-stepping-conversion " present frame key that process obtained) as the used step-length of this stepping.
4. select more complicated steplike function.Such as, steplike function acts on kind of a period of the day from 11 p.m. to 1 a.m with step-length, can cause seed more data position, comprises that high data bit part and low bit part all change; For another example, steplike function acts on kind of a period of the day from 11 p.m. to 1 a.m with step-length, can make the direction of seed stepping in the root key space have variability.For instance, when the data bit length of step-length during less than the data bit length of seed, steplike function can at first repeat step-length k time with the extended length with step-length, k=(Iht (n/m)+1) wherein, be that k equals n and rounds divided by the result of m and add 1 (n is the data bit length of seed, and m is the data bit length of step-length) again; Make then after seed currency and the extension length step-length mutually XOR finish stepping (during XOR, can allow the step-length after seed currency and the extension length get the lowest order alignment, perhaps get the highest order alignment, and cast out the redundant bit of the step-length after the extension length); Such steplike function makes step distance that stepping showed and the step direction of seed in the root key space all present randomness, thereby makes that the randomness of key sequence is better.
7) adopt " dual " or " multiple " key synthetic method.Use step 1) to the described process of step 6), and adopt following measure:
Two or more incoherent seed initial values of secret agreement (the uncorrelated numerical value of being arranged that is meant is independently, and is not complementary); Perhaps, arrange the combination (wherein, seed initial value or the stepping or the agreement in root key space at least at least at least is secret with incoherent) in two groups or more incoherent seed initial value, stepping and root key space in confidence.Like this, based on two or more incoherent seed initial values (perhaps, combination based on two groups or more incoherent seed initial value, stepping and root key space), can obtain two or more current root keys simultaneously, and then also can obtain two or more present frame keys.The process that so obtains two or more current root keys or present frame key is combined; Promptly, use based on a seed initial value (or, use combination based on one group of seed initial value, stepping and root key space) generate the result or the intermediateness of the process of root key or delta frame key, go influence to generate the process of root key or delta frame key based on another seed initial value (or, go to influence combination) based on another group seed initial value, stepping and root key space; Thereby make each frame key of forming key sequence, all be based on two or more incoherent seed initial values (perhaps, all being based on the combination in two groups or more incoherent seed initial value, stepping and root key space) and obtain.
Such as, two incoherent seed initial values of the common agreement of sender and recipient, the currency of these two incoherent seeds is designated as seed 1 and seed 2 respectively; So, current root key 1 will be generated, current root key 2 will be generated based on seed 2 based on seed 1; Promptly
KEY
CURRENT1=FUNC
STEP(SEED
CURRENT1,LENGTH
STEP)
KEY
CURRENT2=FUNC
STEP(SEED
CURRENT2,LENGTH
STEP)
Wherein, FUNC
STEPBe steplike function, LENGTH
STEPIt is used step-length; SEED
CURRENT1Be seed 1, KEY
CURRENT1Be by seed 1 resulting current root key 1 after the steplike function effect; SEED
CURRENT2Be seed 2, KEY
CURRENT2Be by seed 2 resulting current root key 2 after the steplike function effect.
Then,
KEY
FRAME1=HASH(KEY
CURRENT1)
KEY
FRAME2=HASH(KEY
CURRENT2)
Wherein, present frame key 1 and present frame key 2 (that is KEYF,
RAME1And KE
YFRAME2) respectively by current root key 1 and current root key 2 (that is KEY,
CURRENT1And KEY
CURRENT2) (that is, HASH) implement conversion and obtain through one-way hash function.
And actual as the present frame key be
KEY
FRAME=KEY
FRAME1KEY
FRAME2
That is actual present frame key (that is KEY, that forms key sequence,
FRAME) be present frame key 1 (that is KEY,
FRAME1) XOR present frame key 2 (that is KEY,
FRAME2).
Can also be with based on seed 2 resulting present frame keys 2 (also can with before based on seed 2 resulting frame keys), employed step-length when seed 1 is implemented stepping.Just, send seed 1 with as the present frame key 2 of step-length into steplike function together; Then, resulting current root key 1 obtains being actually used in the present frame key of forming key sequence through the one-way hash function conversion.Promptly
KEY
CURRENT2=FUNC
STEP(SEED
CURRENT2,LENGTH
STEP)
KEY
FRAME2=HASH(KEY
CURRENT2)
KEY
CURRENT1=FUNC
STEP(SEED
CURRENT1,KEY
FRAME2)
KE
YFRAME1=HASH(KEY
CURRENT1)
KEY
FRAME=KE
YFRAME1
Wherein, KEY
CURRENT2Be based on seed 2 (that is SEED,
CURRENT2) through stepping (that is FUNC,
STEP) resulting current root key 2, LENGTH
STEPAs the step-length of seed 2 being implemented steppings (can be the constant of certain appointment or other); KEY
FRAME2Be by current root key 2 through the uni-directional hash conversion (that is, HASH) back resulting present frame key 2; KEY
CURRENT1Be based on seed 1 (that is SEED,
CURRENT1) resulting current root key 1, wherein, used step-length was a present frame key 2 when seed 1 was implemented stepping; KEY
FRAME1Be through the resulting present frame key 1 of uni-directional hash conversion, and as actual present frame key (that is KEY, that forms key sequence by current root key 1
FRAME).
Other method also can be used for the purpose of this " dual " or " multiple " key synthetic method.Such as, allow by seed 1 through the resulting current root key of stepping 1 with carry out XOR by seed 2 through the resulting current root key 2 of stepping; The result of XOR obtains being actually used in the present frame key of forming key sequence again through the uni-directional hash conversion.
Adopt " dual " or " multiple " key synthetic method, two or more seed initial values of being arranged are incoherent, or the combination in two groups or more seed initial value, stepping and the root key space of being arranged is incoherent.Therefore, based on a seed initial value (or, combination based on one group of seed initial value, stepping and root key space) correlation that may exist among the result of delta frame key, by another seed initial value (or, by the combination in another group seed initial value, stepping and root key space) destroy, thereby make the frame key that finally obtains have stronger randomness, also the key sequence of promptly forming has higher quality.The method of this enhancing fail safe is called " dual " key synthetic method or " multiple " key synthetic method, is called for short " dual " or " multiple " key synthetic method; Wherein, " multiple " is meant and arranges incoherent seed initial value more than three or three, or arrange the combination in three groups or three groups above incoherent seed initial values, stepping and root key spaces.
The key sequence and the be-encrypted data that are obtained combine, and as implementing XOR, can obtain ciphertext and finish the stream cipher ciphering process.
Can find out from foregoing description, rely on the agreement of being done, sender and recipient are in common root key space, identical seed initial value by secret agreement, obtain identical current root key through identical steplike function, and use identical uni-directional hash conversion and obtain identical present frame key, and then form the identical key sequence that is used for stream cipher implementation data encrypt/decrypt by the current root key.Because the sender is consistent with the step that the recipient takes with used parameter, so the key sequence that the two generated is consistent, and has the feature of (or near having) " one-time pad ".Therefore, the stream cipher method and apparatus based on the present invention constructed has the characteristic of (or near having) " disposal password book (Onetime pad) ".
Below to method and apparatus described in the invention example explanation in addition.These examples specifically describe and how to use content generation key sequence of the present invention, how implementation data is encrypted, and have high security feature why.
(giving an example one): use the example that the present invention generates key sequence
Among Fig. 1, root key space 100 is integer rings of numbers by sender and recipient's agreement; Wherein, starting point 101 is 0, and terminal point 102 is (2
1024-1).How seed 103 and stepping 104 decisions select next numerical value in the ring of numbers.The initial value of seed 103, and the concrete function expression of stepping 104 is arranged by sender and recipient.Wherein, the initial value of seed 103 is secret agreements; The process of secret agreement can by public key cryptography technology or in advance the means of shared secret finish.Like this, current root key 105 is obtained by the effect through stepping 104 of the currency of seed 103, and resulting current root key 105 will replace seed 103 former currency and as the new currency of seed 103.
Among Fig. 1, current root key 105 obtains present frame key 107 after uni-directional hash conversion 106.Get the SHA1 algorithm as uni-directional hash conversion 106; Like this, the length of present frame key 107 is 160.
Among Fig. 1, continuous repetitive process---seed 103 is carried out stepping and obtains current root key 105, with the currency of resulting current root key 105 replacement seeds 103, and to resulting current root key 105 enforcement uni-directional hash conversion 106 and generation present frame key 107.Connect these frame keys that generated and just formed key sequence.
(giving an example two): use the present invention, generate the example of key sequence with " dual " key synthetic method
Among Fig. 2, root key space 100 is integer rings of numbers by sender and recipient's agreement; Wherein, starting point 101 is 0, and terminal point 102 is (2
1024-1).The initial value of seed 103 and seed 203 is by sender and the secret agreement of recipient institute, and the agreement of being done is incoherent.How stepping 104 decisions select next numerical value in the ring of numbers based on the currency of seed.When stepping 104 acts on the currency of seed 103, obtain corresponding current root key 105, and resulting result is as the new currency of seed 103; When stepping 104 acts on the currency of seed 203, obtain corresponding current root key 205, and resulting result is as the new currency of seed 203.
Among Fig. 2, current root key 105 obtains present frame key 107 through uni-directional hash conversion 106.Get the SHA1 algorithm as uni-directional hash conversion 106; Like this, the length of corresponding seed 103 resulting present frame keys 107 is 160.Same uni-directional hash conversion 106 is also implemented conversion to current root key 205; Like this, also to obtain length be another present frame key 207 of 160 for corresponding seed 203.
Among Fig. 2, present frame key 107 and another present frame key 207 combine by action function 208.Getting action function 208 is to implement xor operation; Like this, the actual present frame key 209 that is used for forming key sequence is present frame keys 107 and another present frame key 207 result of XOR mutually.
Can see from the described example of Fig. 1 and Fig. 2, use the key sequence that the present invention generated, or the stream cipher that is constituted, implementation data is encrypted and can the protected data confidentiality.Its reason is:
(a) difficulty that at first faces of assailant is the frame key that how to obtain to constitute key sequence.
(b) the supposition assailant has obtained a certain correct frame key, and second difficulty is to release the root key that generates this frame key by the frame key.Because the characteristic of one-way hash function, this is infeasible on calculating.
(c) suppose that the assailant really finds a numerical value, its hashed value is identical with the frame key.The 3rd difficulty is that the assailant must determine in the root key space whether the numerical value that is found is correct root key.Because the effect of " compression " has been played in the uni-directional hash conversion here, as among Fig. 1 being one 160 frame key with one 1024 root key " compression "; Therefore, the assailant must search for whole root key space, and the result will find that too many possible position can access same hashed value.The assailant must judge which is correct in these positions.The judgement of mistake will make the assailant can't obtain being used to generate the correct root key position of next frame key, thereby also can't obtain correct next frame key.
(d) even the assailant can guess the tram of the root key of frame key correspondence right, if steplike function is secret agreement, perhaps root key space starting point and terminal point are secret agreements; So, by the steplike function of secret agreement, and even root key space starting point and terminal point also need to be cracked earlier, could make the assailant obtain the position of correct next root key.The more important thing is that sender and recipient can generate key sequence by new seed of secret agreement again and based on the seed of this new agreement, thereby address this problem.Because the root key space is so big, the distance between new seed and the former seed can obtain enough big and make the assailant to calculate, and also is difficult to once more victim and guesses right.
(e) in addition, " dual " or " multiple " key synthetic method makes that the stream cipher of attacking based on the present invention constructed is difficult more.Reason be based on a seed initial value (or, what the combination based on a seed initial value, stepping and root key space) may exist in the key sequence that is generated can be used to cryptanalytic correlation, disturbed by other incoherent seed initial value (or, by the combination in other seed initial value, stepping and root key space) or destroy.
(giving an example three): the example of using the invention process data encryption
Among Fig. 3, root key space 100 is integer rings of numbers by sender and recipient's agreement; Wherein, starting point 101 is 0, and terminal point 102 is (2
1024-1).How seed 103 and stepping 104 decisions select next numerical value in the ring of numbers.Determining of seed 103 initial values must be secret.Current root key 105 is to be obtained by the effect of the currency process stepping 104 of seed 103, and resulting result is as the new currency of seed 103.Current root key 105 obtains present frame key 107 after uni-directional hash conversion 106 conversion.Get the SHA1 algorithm as uni-directional hash conversion 106, then the length of present frame key 107 is 160-bit.
Among Fig. 3, to be transmitted is message 112, and getting its length is 480-bit.Be the verification integrality, message 112 can by completeness check module 111 generate corresponding message authentication code (message authentication code, MAC).Message authentication code, or MAC can obtain based on one-way hash function; Such as, selecting the SHA1 algorithm is the MAC that message 112 generates 160-bit as completeness check module 111.Packet 109 to be encrypted is made up of message 112 and corresponding MAC thereof; Like this, the length of packet 109 is (480b+160b=640bits).
Among Fig. 3, the length of the present frame key 107 that is generated by current root key 105 is 160-bit.By 4 times continuous " seed-stepping-conversion " processes frame key that can to obtain 4 continuous length be 160-bit; After 4 continuous frame keys are connected, obtain the key sequence 108 of length for (160b*4=640bits), and with current packet to be encrypted 109 equal in length.Current packet to be encrypted 109 is implemented XOR with key sequence 108 by XOR 110.So, the output result of XOR 110 promptly constitutes encrypted packet.
Among Fig. 3, the process of encrypting more message is similar to the ciphering process of message 112, and different is owing to continuous " seed-stepping-conversion " process uses the key sequence of continuous variation to encrypt different packets.
For the recipient of Fig. 3 correspondence, because the recipient will produce the key sequence identical with the sender, therefore, the recipient carries out XOR by ciphertext form packet and the key sequence that will receive, and ciphertext can be reduced to expressly.Recomputate corresponding MAC according to the clear-text message after the deciphering then, and resulting MAC value is compared with the MAC value that directly deciphering is come out from ciphertext form packet, can judgment data whether correctly receive.
Can see that from the described process of the example of Fig. 3 application the present invention can resist various forms of data integrity sexual assaults after packet (containing message and corresponding message authentication code thereof) is implemented to encrypt.Its reason is:
(a) data integrity can be by the direct verification of the accompanying MAC of message.Because the assailant do not know the pairing key sequence of packet, therefore, the assailant can not forge a pair of (cipher-text message, ciphertext MAC) pairing and make after the deciphering (message, MAC) pairing keeps coupling.
(b) in addition, to destroy integrality for recipient R1 be impossible to the packet that sends recipient R2 to by copy.Reason is that the different employed key sequences of (sender, recipient) pairing is different; Such as, the seed initial value difference that different (sender, recipient) pairings is arranged, thus different key sequences used.Like this, copy sends to (cipher-text message, ciphertext MAC) pairing of recipient R2 and gives recipient R1, can make to obtain that (message, MAC) pairing does not match after the recipient R1 deciphering.
(c) also have, sending to the recipient by the old packet that will copy, to implement Replay Attack also be impossible.Reason is the continuous variation of frame key, makes that pairing key sequence of old packet and the new pairing key sequence of packet are inequality.Therefore, old (cipher-text message, ciphertext MAC) pairing the recipient locate decrypted after, (message, MAC) pairing that can't obtain mating.
The present invention is not limited to described structure of above-mentioned concrete example or realization.Based on content described in the invention and given example, can release the form of multiple variation.Such as, realization can be form software, hardware and that software and hardware combines; Longer or shorter data bit length can be got in the root key space; Keep root key space starting point and end point values can adopt program variable, hardware register or core buffer; Keep seed, current root key, present frame key, key sequence, but service routine variable, hardware register or core buffer; The parameter of secret agreement can be a seed, or the combination in seed, stepping and root key space; Implement the monotonic transformation of uni-directional hash conversion or other form, can use software function module or hardware capability module; Concrete steplike function can be selected by the designer, comprises their implementation; " dual " or " multiple " key synthetic method can be based on the difference of seed, or different based on the combination in seed, stepping and root key space, and can adopt the multiple approach that combines when synthetic; " multiple " can adopt " triple " or other; Also have, in form with seed as step-length, and with step-length as seed; Or the like.In addition, the method and apparatus of described delta frame key or key sequence also can be used as other purposes; Such as: as randomizer, or the like.
The present invention is applicable to all foundations content of the present invention and the method and apparatus of constructing, and does not need other ability of creating character and obtainable version.Therefore, the present invention is applicable to principle as described herein and feature the widest corresponding to scope.
Claims (9)
1. the method for a tectonic sequence password is characterized in that:
Select a numerical space as the root key space;
In the root key space, select a numerical value, as the initial value of seed;
Select a stepping, its effect is that step-length is put on the seed, and determines a numerical value in the root key space;
Based on the currency of seed, the numerical value that obtains by stepping is as the current root key;
With the current root key replace seed currency and as the new currency of seed;
The current root key is carried out the uni-directional hash conversion, and the result of conversion is as the present frame key;
Form key sequence by the present frame key.
2. root key according to claim 1 space, this root key space is enough big on calculating, all numerical value in promptly exhaustive root key space are infeasible on calculating.
3. seed according to claim 1, its initial value, or its first currency are the mode selected concrete numerical value in the root key space by secret.
4. stepping according to claim 1, employed step-length can be the definite values of appointment, or the numerical value that changes with running status.
5. stepping according to claim 1, step-length put on and can be meant on the seed that step-length and seed carry out arithmetical operation, and perhaps step-length and seed carry out logical operation, and perhaps step-length and seed carry out other computing.
6. uni-directional hash conversion according to claim 1 can be used one-way hash function commonly used at present, perhaps uses other to have the mapping algorithm of unidirectional characteristic.
7. according to claim 1ly forming key sequence by the present frame key, is constantly with the currency of step-by-step action in seed, and replaces the currency of seed with the result of stepping, thereby obtains a series of current root keys; Each current root key in resulting a series of current root keys is implemented the uni-directional hash conversion, and obtain a series of present frame keys; Resulting a series of present frame key is formed key sequence.
8. method according to claim 1, adopt " dual " or " multiple " key synthetic method: select two or more incoherent seed initial values, perhaps select the combination in two groups or more incoherent seed initial value, stepping and root key space;
Based on two or more incoherent seed initial values, or, can obtain two or more current root keys simultaneously based on the combination in two groups or more incoherent seed initial value, stepping and root key space;
Two or more current root keys based on acquisition like this can obtain two or more present frame keys;
So obtaining in the process of two or more current root keys or present frame key, result or intermediateness with a current root key or present frame key generative process, go to influence the generative process of another current root key or present frame key, and obtain to be actually used in the present frame key of forming key sequence based on the result of affected generative process.
9. according to claim 1 described method of arbitrary claim to the claim 8, the device that adopts these methods to construct.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410023163 CN1694397A (en) | 2004-05-08 | 2004-05-08 | Method and device for constructing sequential cipher |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200410023163 CN1694397A (en) | 2004-05-08 | 2004-05-08 | Method and device for constructing sequential cipher |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1694397A true CN1694397A (en) | 2005-11-09 |
Family
ID=35353214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200410023163 Pending CN1694397A (en) | 2004-05-08 | 2004-05-08 | Method and device for constructing sequential cipher |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1694397A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1925398B (en) * | 2006-09-25 | 2011-02-16 | 上海林果科技有限公司 | Cipher card dynamic identification method and system based on pre-computation |
| CN102170350A (en) * | 2011-04-11 | 2011-08-31 | 桂林电子科技大学 | Multiple uncertainty encryption system with misleading function |
| US8156345B2 (en) | 2006-05-09 | 2012-04-10 | Broadcom Corporation | Method and system for memory attack protection to achieve a secure interface |
| CN101072104B (en) * | 2006-05-09 | 2012-08-15 | 美国博通公司 | Method and system for command authentication to achieve a secure interface |
| US8560829B2 (en) | 2006-05-09 | 2013-10-15 | Broadcom Corporation | Method and system for command interface protection to achieve a secure interface |
| CN105681036A (en) * | 2016-03-10 | 2016-06-15 | 上汽通用汽车有限公司 | Method and device for acquiring secret key |
| CN108390754A (en) * | 2018-01-24 | 2018-08-10 | 上海航天芯锐电子科技有限公司 | Chip interior bus scrambling apparatus based on variable element and method for scrambling |
| CN114553412A (en) * | 2022-02-28 | 2022-05-27 | 百果园技术(新加坡)有限公司 | Data transmission method, device, equipment and storage medium |
-
2004
- 2004-05-08 CN CN 200410023163 patent/CN1694397A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8762719B2 (en) | 2006-05-09 | 2014-06-24 | Broadcom Corporation | Method and system for command authentication to achieve a secure interface |
| US8156345B2 (en) | 2006-05-09 | 2012-04-10 | Broadcom Corporation | Method and system for memory attack protection to achieve a secure interface |
| CN101072104B (en) * | 2006-05-09 | 2012-08-15 | 美国博通公司 | Method and system for command authentication to achieve a secure interface |
| US8285988B2 (en) | 2006-05-09 | 2012-10-09 | Broadcom Corporation | Method and system for command authentication to achieve a secure interface |
| US8560829B2 (en) | 2006-05-09 | 2013-10-15 | Broadcom Corporation | Method and system for command interface protection to achieve a secure interface |
| CN1925398B (en) * | 2006-09-25 | 2011-02-16 | 上海林果科技有限公司 | Cipher card dynamic identification method and system based on pre-computation |
| CN102170350B (en) * | 2011-04-11 | 2014-03-26 | 桂林电子科技大学 | Multiple uncertainty encryption system with misleading function |
| CN102170350A (en) * | 2011-04-11 | 2011-08-31 | 桂林电子科技大学 | Multiple uncertainty encryption system with misleading function |
| CN105681036A (en) * | 2016-03-10 | 2016-06-15 | 上汽通用汽车有限公司 | Method and device for acquiring secret key |
| CN108390754A (en) * | 2018-01-24 | 2018-08-10 | 上海航天芯锐电子科技有限公司 | Chip interior bus scrambling apparatus based on variable element and method for scrambling |
| CN108390754B (en) * | 2018-01-24 | 2020-12-04 | 上海航天芯锐电子科技有限公司 | Scrambling method of chip internal bus scrambling device based on variable parameters |
| CN114553412A (en) * | 2022-02-28 | 2022-05-27 | 百果园技术(新加坡)有限公司 | Data transmission method, device, equipment and storage medium |
| CN114553412B (en) * | 2022-02-28 | 2024-02-23 | 百果园技术(新加坡)有限公司 | Data transmission method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8942371B2 (en) | Method and system for a symmetric block cipher using a plurality of symmetric algorithms | |
| US7907725B2 (en) | Simple universal hash for plaintext aware encryption | |
| US8712036B2 (en) | System for encrypting and decrypting a plaintext message with authentication | |
| KR100930577B1 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
| CN113206736A (en) | Encryption method based on AES encryption algorithm | |
| US10454681B1 (en) | Multi-use key encapsulation processes | |
| JP2008122967A (en) | Method of generating message authentication code using stream cipher, and authentication/encryption and authentication/decryption methods using stream cipher | |
| WO2002093809A2 (en) | A method and apparatus for improved pseudo-random number generation | |
| TW201721407A (en) | Hardware assisted fast pseudorandom number generation | |
| CN101040474A (en) | Permutation data transform to enhance security | |
| WO2014136386A1 (en) | Tag generation device, tag generation method, and tag generation program | |
| Singh et al. | A comprehensive survey on encryption techniques for digital images | |
| CN107196760A (en) | Syndrome with adjustable reconstructs the sequential encryption method of key at random | |
| CA2414261A1 (en) | Method of encryption using multi-key process to create a variable-length key | |
| TW202002564A (en) | Data encryption and decryption method and device | |
| CA2639649A1 (en) | Cryptography method and system | |
| CN1241352C (en) | Encryption method for information in binary code | |
| CN1518269A (en) | Data enciphering equipment and method | |
| JP2004325677A (en) | Encryption processing device, encryption processing method, and computer program | |
| Zin et al. | Implementation and analysis of three steganographic approaches | |
| CN113098675B (en) | Binary data encryption system and method based on polynomial complete homomorphism | |
| JP6468567B2 (en) | Key exchange method, key exchange system | |
| CN1694397A (en) | Method and device for constructing sequential cipher | |
| JPWO2016199507A1 (en) | KEY EXCHANGE METHOD, KEY EXCHANGE SYSTEM, KEY DISTRIBUTION DEVICE, COMMUNICATION DEVICE, AND PROGRAM | |
| AbuTaha et al. | Chaos-based cryptosystems using dependent diffusion: An overview |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |