TW202213961A - Adjustable five-stage encryption system, transmitting device and receiving device - Google Patents

Adjustable five-stage encryption system, transmitting device and receiving device Download PDF

Info

Publication number
TW202213961A
TW202213961A TW109132771A TW109132771A TW202213961A TW 202213961 A TW202213961 A TW 202213961A TW 109132771 A TW109132771 A TW 109132771A TW 109132771 A TW109132771 A TW 109132771A TW 202213961 A TW202213961 A TW 202213961A
Authority
TW
Taiwan
Prior art keywords
encryption
decryption
decryptor
bit
level
Prior art date
Application number
TW109132771A
Other languages
Chinese (zh)
Inventor
林義雄
陳浩銘
Original Assignee
香港商吉達物聯科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 香港商吉達物聯科技股份有限公司 filed Critical 香港商吉達物聯科技股份有限公司
Priority to TW109132771A priority Critical patent/TW202213961A/en
Priority to CN202110997430.5A priority patent/CN114257369A/en
Publication of TW202213961A publication Critical patent/TW202213961A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3

Abstract

The present invention provides an adjustable 5-stage encryption and decryption system, which comprises a transmitting device and a receiving device. The transmitting device comprises a data generating module and a data encryption module. The data encryption module receives a data packet from the data generating module. According to a preset encryption hierarchy, the data encryption module encrypts the data packet via a 5-stage encoder to output an encrypted sequence. The receiving device comprises a data destination module and a data decryption module. The data decryption module obtains the encrypted sequence from the transmitting device. According to a preset decryption hierarchy, the data decryption module decrypts the encrypted sequence via a 5-stage decoder to obtain the original data packet and outputs to the data destination module.

Description

可調式五階加密系統、發送端裝置及接收端裝置Adjustable fifth-level encryption system, transmitter device and receiver device

本發明提供一種加密系統,尤其指一種能切換加密層級的可調式五階加密系統及其發送端裝置和接收端裝置。The present invention provides an encryption system, in particular, an adjustable fifth-order encryption system capable of switching encryption levels and a transmitter device and a receiver device thereof.

進階加密標準(Advanced Encryption Standard, AES),在密碼學中又稱Rijndael加密法,是美國聯邦政府採用的一種區段加密標準。這個標準用來替代原先的DES,已經被多方分析且廣為全世界所使用。截至2006年,針對AES唯一的成功攻擊是旁道攻擊或社會工程學攻擊。美國國家安全局稽核了所有的參與競選AES的最終入圍者,認為他們均能夠滿足美國政府傳遞非機密檔案的安全需要。Advanced Encryption Standard (AES), also known as Rijndael encryption in cryptography, is a segment encryption standard adopted by the US federal government. This standard is used to replace the original DES, which has been analyzed by many parties and is widely used all over the world. As of 2006, the only successful attack against AES was a side-channel or social engineering attack. The NSA audited all the finalists for the AES campaign and believed they could meet the U.S. government's security needs for delivering unclassified files.

進階加密標準屆今已有過多次破解經歷,AES中128位元密鑰版本有10個加密迴圈,192位元密鑰版本有12個加密迴圈,256位元密鑰版本則有14個加密迴圈。至2006年為止,最著名的攻擊是針對AES的7次加密迴圈的128位元密鑰版本,8次加密迴圈的192位元密鑰版本、和9次加密迴圈的256位元密鑰版本所作的攻擊。隨著硬體設備的效率增加,估計以暴力攻擊法完全破解AES的日子已相去不遠。The Advanced Encryption Standard has been cracked many times so far. In AES, the 128-bit key version has 10 encryption loops, the 192-bit key version has 12 encryption loops, and the 256-bit key version has 14 encryption loops. encryption loop. As of 2006, the most famous attacks were against the 128-bit key version of AES with 7 encryption loops, the 192-bit key version with 8 encryption loops, and the 256-bit key version with 9 encryption loops. key version attack. As the efficiency of hardware equipment increases, it is estimated that the days of completely breaking AES with brute force attacks are not far away.

此外,隨著硬體設備的持續升級,人工智慧現已足以達到商用化層級的階段。透過硬體設備的處理效能以及人工智慧的強大計算能力,現今廣泛使用的加密標準很有可能經由人工智慧透過大量運算的方式破解。基於上述的原因,有必要針對現有的加密技術進行改良。In addition, with the continuous upgrading of hardware equipment, artificial intelligence is now sufficient to reach the stage of commercialization. Through the processing performance of hardware devices and the powerful computing power of artificial intelligence, the encryption standards widely used today are likely to be cracked by artificial intelligence through a large number of calculations. For the above reasons, it is necessary to improve the existing encryption technology.

本發明的主要目的,在於提供一種可調式五階加密系統包括一發送端裝置以及一接收端裝置。該發送端裝置包含一資料生成模組以及一資料加密模組。該資料加密模組包含一加密層級設定器以及一五階加密器。該加密層級設定器用以設定該五階加密器的一加密層級,該資料加密模組自該資料生成模組取得至少一數據封包,經由該五階加密器所選定的該加密層級對該數據封包進行加密後輸出一加密序列。該接收端裝置包含一資料目的模組以及一資料解密模組。該資料解密模組包含一解密層級設定器以及一五階解密器。該解密層級設定器用以依據該加密層級設定該五階解密器的一解密層級,該資料解密模組自該發送端裝置取得該加密序列,經由該解密該五階解密器所選定的該解密層級對該加密序列進行解密後輸出還原後的該數據封包至該資料目的模組。The main purpose of the present invention is to provide an adjustable fifth-level encryption system including a transmitter device and a receiver device. The sender device includes a data generation module and a data encryption module. The data encryption module includes an encryption level setting device and a fifth-level encryption device. The encryption level setter is used for setting an encryption level of the fifth-level encryptor, the data encryption module obtains at least one data packet from the data generation module, and the encryption level selected by the fifth-level encryptor is used for the data packet. After encryption, an encrypted sequence is output. The receiver device includes a data destination module and a data decryption module. The data decryption module includes a decryption level setter and a fifth-order decryptor. The decryption level setter is used for setting a decryption level of the fifth-order decryptor according to the encryption level. The data decryption module obtains the encryption sequence from the sender device, and decrypts the decryption level selected by the fifth-order decryptor. After decrypting the encrypted sequence, the restored data packet is output to the data destination module.

本發明的另一目的,在於提供一種發送端裝置,包括一資料生成模組以及一資料加密模組。該資料加密模組包含一加密層級設定器、以及一五階加密器,該加密層級設定器用以設定該五階加密器的一加密層級,該資料加密模組自該資料生成模組取得至少一數據封包,經由該五階加密器所選定的該加密層級對該數據封包進行加密後輸出一加密序列。Another object of the present invention is to provide a transmitter device, which includes a data generation module and a data encryption module. The data encryption module includes an encryption level setter and a fifth-level encryption device. The encryption level setter is used to set an encryption level of the fifth-level encryption device. The data encryption module obtains at least one encryption level from the data generation module. The data packet is encrypted by the encryption level selected by the fifth-order encryptor, and an encryption sequence is outputted.

本發明的另一目的,在於提供一種接收端裝置,包含一資料目的模組以及一資料解密模組。該資料解密模組包含一解密層級設定器以及一五階解密器。該解密層級設定器用以依據該加密層級設定該五階解密器的一解密層級,該資料解密模組自該發送端裝置取得該加密序列,經由該解密該五階解密器所選定的該解密層級對該加密序列進行解密後輸出還原後的該數據封包至該資料目的模組。Another object of the present invention is to provide a receiver device including a data destination module and a data decryption module. The data decryption module includes a decryption level setter and a fifth-order decryptor. The decryption level setter is used for setting a decryption level of the fifth-order decryptor according to the encryption level. The data decryption module obtains the encryption sequence from the sender device, and decrypts the decryption level selected by the fifth-order decryptor. After decrypting the encrypted sequence, the restored data packet is output to the data destination module.

是以,比起習知技術,本發明可依據需要的加密程度切換加密層級,並且能經由一套硬體實現不同的加密層級防護。Therefore, compared with the prior art, the present invention can switch the encryption level according to the required encryption level, and can realize the protection of different encryption levels through a set of hardware.

有關本發明之詳細說明及技術內容,現就配合圖式說明如下。以下針對本發明的其中一較佳實施例進行說明,請參閱「圖1」,為本發明可調式五階加密系統的方塊示意圖(一),如圖所示:The detailed description and technical content of the present invention are described below with reference to the drawings. One of the preferred embodiments of the present invention will be described below. Please refer to FIG. 1 , which is a block diagram (1) of the adjustable fifth-order encryption system of the present invention, as shown in the figure:

本實施態樣主要揭示一種可調式五階加密系統100,用於複數個裝置間相互傳輸資料時,對該等裝置所傳輸的資料分別進行加密及解密。該等產生資料或接收資料的裝置係可以為電腦(Computer)、伺服器(Server)、行動裝置(Mobile Device)、物聯網裝置(例如:監視器、電視、雲端硬碟、燈具等)、大量製造設備或機台等,於本發明中不予以限制。於本發明中依據訊號的收發關係將該等裝置定義為作為資料發送源的發送端裝置10、以及對應於該發送端裝置10用以接收該發送端裝置10資料的接收端裝置20。須特別注意的是,本發明並不以發送端裝置10僅執行資料加密功能、接收端裝置20僅執行資料解密功能為限,具體而言,在此所述的發送端裝置10及接收端裝置20一般均同時具有加密及解密的功能,以確保資料於雙向傳輸的過程中以彼此的金鑰進行加密或解密,在此必須先行敘明。This embodiment mainly discloses an adjustable fifth-level encryption system 100 , which is used for encrypting and decrypting data transmitted by a plurality of devices respectively when data is transmitted between multiple devices. The devices that generate or receive data can be computers, servers, mobile devices, IoT devices (such as monitors, TVs, cloud drives, lamps, etc.), a large number of Manufacturing equipment or machines, etc., are not limited in the present invention. In the present invention, these devices are defined as the transmitting end device 10 serving as the data transmission source and the receiving end device 20 corresponding to the transmitting end device 10 for receiving the data of the transmitting end device 10 according to the signal transmission and reception relationship. It should be noted that the present invention is not limited to the transmitting end device 10 only performing the data encryption function and the receiving end device 20 only performing the data decryption function. Specifically, the transmitting end device 10 and the receiving end device described herein are not limited. 20 generally have both encryption and decryption functions to ensure that the data is encrypted or decrypted with each other's key in the process of bidirectional transmission, which must be explained here.

該發送端裝置10及該接收端裝置20之間係可以透過有線或無線網路傳輸資料。於其中一較佳實施態樣中,該發送端裝置10及該接收端裝置20之間係可以透過網際網路(Internet)、區域網路、或於任意有線或無線通訊埠之間傳輸資料,於本發明中不予以限制。為了完成資料加密、解密及傳輸的功能,該發送端裝置10及該接收端裝置20至少應包括處理器(Processor)、儲存單元、通訊單元彼此協同完成相應功能的工作,例如實體線路網卡、無線網卡、藍芽模組(Bluetooth)、紫蜂模組(Zigbee)等,該等訊號的傳輸方式及傳輸介面非屬本發明所欲限制的範圍。Data can be transmitted between the sender device 10 and the receiver device 20 through a wired or wireless network. In one of the preferred embodiments, the sender device 10 and the receiver device 20 can transmit data through the Internet, a local area network, or between any wired or wireless communication ports, Not limited in the present invention. In order to complete the functions of data encryption, decryption and transmission, the sender device 10 and the receiver device 20 should at least include a processor, a storage unit, and a communication unit to cooperate with each other to complete the corresponding functions, such as physical line network card, wireless Network card, Bluetooth module (Bluetooth), Zigbee module (Zigbee), etc., the transmission method and transmission interface of these signals are not within the scope of the present invention.

於一實施例中,本發明可調式五階加密系統100中所述的「模組」、「器」、或單元的組合及其對應執行的功能,可以由單一晶片或複數個晶片的組合協同執行,該等晶片配置的數量非屬本發明所欲限定的範圍。此外,所述的晶片可以為但不限定於處理器、中央處理器(Central Processing Unit, CPU)、微處理器(Microprocessor)、數位訊號處理器(Digital Signal Processor, DSP)、特殊應用積體電路(Application Specific Integrated Circuits, ASIC) 、可程式化邏輯裝置(Programmable Logic Device, PLD)等可將資訊或訊號做處理、轉換用途或特殊用途的其他類似裝置或這些裝置的組合,於本發明中不予以限制。In one embodiment, the combination of "module", "device", or unit described in the adjustable fifth-level encryption system 100 of the present invention and their corresponding functions may be coordinated by a single chip or a combination of multiple chips. In practice, the number of these chip configurations is not within the scope of the present invention. In addition, the chip can be, but is not limited to, a processor, a central processing unit (CPU), a microprocessor (Microprocessor), a digital signal processor (DSP), a special application integrated circuit (Application Specific Integrated Circuits, ASIC), Programmable Logic Device (Programmable Logic Device, PLD) and other similar devices that can process, convert or special use information or signals or other similar devices or combinations of these devices are not included in the present invention. be restricted.

於一實施例中,所述的發送端裝置10主要包括資料生成模組12以及資料加密模組14。該資料生成模組12例如可以為快取記憶體(Cache memory)、動態隨機存取記憶體(DRAM)、持續性記憶體(Persistent Memory)用以儲存及管理預備傳送及加密的資料。該資料加密模組14自該資料生成模組12取得至少一數據封包,資料加密模組14可以為執行加密計算處理用的處理器或微處理器,於本發明中不予以限制。最後,資料加密模組14將加密後的數據封包輸出至接收端裝置20,於此定義由資料加密模組14所輸出的加密後的數據封包為加密序列。In one embodiment, the sending end device 10 mainly includes a data generation module 12 and a data encryption module 14 . The data generation module 12 may be, for example, a cache memory, a dynamic random access memory (DRAM), or a persistent memory (Persistent Memory) for storing and managing data to be transmitted and encrypted. The data encryption module 14 obtains at least one data packet from the data generation module 12. The data encryption module 14 may be a processor or a microprocessor for performing encryption calculation processing, which is not limited in the present invention. Finally, the data encryption module 14 outputs the encrypted data packet to the receiving end device 20, where the encrypted data packet output by the data encryption module 14 is defined as an encryption sequence.

於一實施例中,所述的資料加密模組14包含加密層級設定器142以及輸入端連接至該加密層級設定器142的五階加密器144,請一併參酌「圖2」以及「圖3」,為本發明可調式五階加密系統的方塊示意圖(二)、五階加密器的方塊示意圖,如圖所示:加密層級設定器142用以依據用戶設定/自動配置去設定五階加密器144的加密層級。所述的五階加密器144的輸入端連接至資料生成模組12的輸出端取得至少一數據封包PK,五階加密器144包含依序連接的第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、三十二位元串流加密器1444、以及六十四位元串流加密器1445(於此定義第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、三十二位元串流加密器1444、以及六十四位元串流加密器1445的上位統稱為「串流加密器」)。In one embodiment, the data encryption module 14 includes an encryption level setter 142 and a fifth-level encryptor 144 whose input terminal is connected to the encryption level setter 142. Please refer to “FIG. 2” and “FIG. 3” together. ", is the block diagram (2) of the adjustable fifth-level encryption system of the present invention, and the block diagram of the fifth-level encryption device. As shown in the figure: the encryption level setting device 142 is used for setting the fifth-level encryption device according to user setting/automatic configuration. 144 encryption level. The input end of the fifth-order encryptor 144 is connected to the output end of the data generating module 12 to obtain at least one data packet PK. 28-bit stream cipher 1442, 16-bit stream cipher 1443, 32-bit stream cipher 1444, and 64-bit stream cipher 1445 (the first eight bits are defined here stream cipher 1441, second octet stream cipher 1442, 16-bit stream cipher 1443, 32-bit stream cipher 1444, and 64-bit stream cipher 1445 The upper-level is collectively referred to as "stream encryptor").

具體而言,第一八位元串流加密器1441的輸入端連接至加密層級設定器142的輸出端、另一輸入端連接至該資料生成模組12用以接收數據封包PK;第二八位元串流加密器1442輸入端連接至加密層級設定器142的輸出端、另一輸入端連接至第一八位元串流加密器1441的輸出端;十六位元串流加密器1443的輸入端連接至加密層級設定器142的輸出端、另一輸入端連接至第二八位元串流加密器1442的輸出端;三十二位元串流加密器1444的輸入端連接至加密層級設定器142的輸出端、另一輸入端連接至十六位元串流加密器1443的輸出端;六十四位元串流加密器1445的輸入端連接至加密層級設定器142的輸出端、另一輸入端連接至三十二位元串流加密器1444的輸出端。於此實施例中,加密層級設定器142依據加密層級(共五階加密層級)選擇要將第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、三十二位元串流加密器1444、六十四位元串流加密器1445中何者進行啟動、以及由何者輸出加密後的數據封包PK,並且當位於序列後方的串流加密器被啟動時,該串流加密器前方的串流加密器也須啟動。例如:加密層級設定器142設定二階加密層級時,加密層級設定器142會啟動第第二八位元串流加密器1442並一併啟動一八位元串流加密器1441,使數據封包PK依序經由第一八位元串流加密器1441、以及第二八位元串流加密器1442進行加密,並由第二八位元串流加密器1442將加密後的數據封包PK輸出,藉此進行二階加密層級(相當於十六位元加密裝置)的加密;其餘未使用到的十六位元串流加密器1443、三十二位元串流加密器1444、以及六十四位元串流加密器1445則不啟動。當第一階加密層級僅啟動第一八位元串流加密器1441時,加密系統將可以構成一八位元加密裝置;當第二階加密層級僅啟動第一八位元串流加密器1441、以及第二八位元串流加密器1442時,加密系統將可以構成一十六位元加密裝置;當第三階加密層級僅啟動第一八位元串流加密器1441、第二八位元串流加密器1442、以及十六位元串流加密器1443時,加密系統將可以構成一三十二位元加密裝置;當第四階加密層級僅啟動第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、以及三十二位元串流加密器1444時,加密系統將可以構成一六十四位元加密裝置;當第五階加密層級為啟動全部的串流加密器時,加密系統將可以構成一一百二十八位元加密裝置。Specifically, the input end of the first octet stream encryptor 1441 is connected to the output end of the encryption level setter 142, and the other input end is connected to the data generating module 12 for receiving the data packet PK; the second eighth The input end of the bit stream encryptor 1442 is connected to the output end of the encryption level setter 142, and the other input end is connected to the output end of the first octet stream encryptor 1441; The input terminal is connected to the output terminal of the encryption level setter 142, and the other input terminal is connected to the output terminal of the second octet stream encryptor 1442; the input terminal of the thirty-two-bit stream encryptor 1444 is connected to the encryption level The output terminal and the other input terminal of the setter 142 are connected to the output terminal of the sixteen-bit stream encryptor 1443; the input terminal of the sixty-four-bit stream encryptor 1445 is connected to the output terminal of the encryption level setter 142, The other input terminal is connected to the output terminal of the thirty-two-bit stream encryptor 1444 . In this embodiment, the encryption level setter 142 selects the first octet stream cipher 1441, the second octet stream cipher 1442, the 16-bit Which of the stream encryptor 1443, the thirty-two-bit stream encryptor 1444, and the sixty-four-bit stream encryptor 1445 is activated, and which one outputs the encrypted data packet PK, and when the string at the back of the sequence When a stream cipher is enabled, the stream ciphers preceding the stream cipher must also be enabled. For example, when the encryption level setter 142 sets the second-level encryption level, the encryption level setter 142 will activate the second octet stream cipher 1442 and activate the first octet stream cipher 1441 at the same time, so that the data packet PK The sequence is encrypted by the first octet stream encryptor 1441 and the second octet stream encryptor 1442, and the encrypted data packet PK is output by the second octet stream encryptor 1442, thereby Encrypt the second-order encryption level (equivalent to a 16-bit encryption device); the remaining unused 16-bit stream encryptor 1443, 32-bit stream encryptor 1444, and 64-bit string The stream cipher 1445 is not activated. When only the first octet stream encryptor 1441 is activated at the first level of encryption, the encryption system can form an octet encryption device; when the second level of encryption only activates the first octet stream cipher 1441 , and the second octet stream encryptor 1442, the encryption system can form a sixteen-bit encryption device; when the third-level encryption level only activates the first octet stream encryptor 1441, the second octet When the crypter 1442 and the 16-bit stream cipher 1443 are used, the encryption system can form a 32-bit encryption device; when the fourth-level encryption level only activates the first octet stream cipher 1441, the second 8-bit stream encryptor 1442, the 16-bit stream encryptor 1443, and the 32-bit stream encryptor 1444, the encryption system will constitute a 164-bit encryption device; When the fifth level of encryption is enabled for all stream ciphers, the encryption system will be able to form a 128-bit encryption device.

在僅啟動第一八位元串流加密器1441的情況,該第一八位元串流加密器1441的輸出為第一加密序列ES1;在僅啟動第一八位元串流加密器1441、以及第二八位元串流加密器1442的情況,該第二八位元串流加密器1442的輸出為第二加密序列ES2;在僅啟動第一八位元串流加密器1441、第二八位元串流加密器1442、以及十六位元串流加密器1443的情況,該十六位元串流加密器1443的輸出為第三加密序列ES3;在僅啟動第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、以及三十二位元串流加密器1444的情況,該三十二位元串流加密器1444的輸出為第四加密序列ES4;在串流加密器皆啟動的情況,六十四位元串流加密器1445的輸出為第五加密序列ES5。最後,加密層級設定器142所選定的加密層級控制五階加密器144將對應該加密層級的第一加密序列ES1、第二加密序列ES2、第三加密序列ES3、第四加密序列ES4或第五加密序列ES5經由資料傳輸層DA輸出至接收端裝置20。具體而言,在任一種加密層級僅會生成前述其中一種對應該加密層級的加密序列。When only the first octet stream cipher 1441 is activated, the output of the first octet stream cipher 1441 is the first encryption sequence ES1; when only the first octet stream cipher 1441, and the case of the second octet stream encryptor 1442, the output of which is the second encryption sequence ES2; when only the first octet stream encryptor 1441 is activated, the second In the case of the octet stream encryptor 1442 and the 16-bit stream cipher 1443, the output of the 16-bit stream cipher 1443 is the third encryption sequence ES3; when only the first octet string is enabled In the case of stream cipher 1441, second octet stream cipher 1442, 16-bit stream cipher 1443, and thirty-two-bit stream cipher 1444, the 32-bit stream cipher The output of 1444 is the fourth encryption sequence ES4; the output of the 64-bit stream encryptor 1445 is the fifth encryption sequence ES5 when all the stream encryptors are enabled. Finally, the encryption level selected by the encryption level setter 142 controls the fifth-level encryption device 144 to encrypt the first encryption sequence ES1, the second encryption sequence ES2, the third encryption sequence ES3, the fourth encryption sequence ES4 or the fifth encryption sequence of the corresponding encryption level. The encrypted sequence ES5 is output to the receiving end device 20 via the data transport layer DA. Specifically, at any encryption level, only one of the foregoing encryption sequences corresponding to the encryption level will be generated.

於一實施例中,前述的五階加密器144中第一八位元串流加密器1441、第二八位元串流加密器1442、十六位元串流加密器1443、三十二位元串流加密器1444、以及六十四位元串流加密器1445分別包含有加密線性反饋移位暫存器(Linear Feedback Shift Register, LFSR)以及一或複數個加密邏輯閘(Logic Gate),該加密線性反饋移位暫存器具有一加密金鑰,該加密金鑰可以由其他裝置輸入至加密線性反饋移位暫存器作為一預設金鑰,所述的裝置非屬本發明所欲限制的內容,於此先行敘明。該加密線性反饋移位暫存器將該加密金鑰的複數個加密位元抽頭進行邏輯運算後獲得一加密運算元,該加密運算元與該數據封包PK經由該加密邏輯閘進行運算後獲得加密序列,並且該加密運算元將反饋至加密線性反饋移位暫存器的第一位元作為加密金鑰的更新,所述的更新指該加密運算元會輸入至該加密線性反饋移位暫存器的加密金鑰的第一位元,使原先該加密金鑰的第一位元移動至第二位元、原先該加密金鑰的第二位元移動至第三位元,依此類推,原先該加密金鑰的最末位元會被前一位元覆蓋,藉此達到該加密金鑰的更新。In one embodiment, the first octet stream cipher 1441, the second octet stream cipher 1442, the 16-bit stream cipher 1443, the thirty-two The meta-stream encryptor 1444 and the 64-bit stream encryptor 1445 respectively include an encrypted Linear Feedback Shift Register (LFSR) and one or more encrypted logic gates (Logic Gate), The encrypted linear feedback shift register has an encryption key, and the encryption key can be input to the encrypted linear feedback shift register by other devices as a default key, and the device is not intended to be limited by the present invention The content is described in advance here. The encrypted linear feedback shift register performs a logical operation on a plurality of encrypted bit taps of the encryption key to obtain an encryption operation element, and the encryption operation element and the data packet PK are operated through the encryption logic gate to obtain encryption sequence, and the encryption operator will feed back the first bit of the encryption linear feedback shift register as the update of the encryption key, the update means that the encryption operator will be input to the encryption linear feedback shift register The first bit of the encryption key of the device, so that the first bit of the encryption key is moved to the second bit, the second bit of the encryption key is moved to the third bit, and so on, The last bit of the original encryption key will be overwritten by the previous bit, thereby achieving the update of the encryption key.

於一實施態樣中,請參酌「圖4」,為本發明五階加密器的邏輯運算示意圖,如圖所示:第一八位元串流加密器1441包含有加密線性反饋移位暫存器1441L(存有第一加密金鑰a[1]至a[8] ,a[n]為該第一加密金鑰的第n位元)、以及加密邏輯閘1441G;第二八位元串流加密器1442包含有加密線性反饋移位暫存器1442L(存有第二加密金鑰b[1]至b[8] ,b[n]為該第二加密金鑰的第n位元)、以及加密邏輯閘1442G;十六位元串流加密器1443包含有加密線性反饋移位暫存器1443L(存有第三加密金鑰c[1]至c[16] ,c[n]為該第三加密金鑰的第n位元)、以及加密邏輯閘1443G;三十二位元串流加密器1444包含有加密線性反饋移位暫存器1444L(存有第四加密金鑰d[1]至d[32] ,d[n]為該第四加密金鑰的第n位元)、以及加密邏輯閘1444G;六十四位元串流加密器1445包含有加密線性反饋移位暫存器1445L(存有第五加密金鑰e[1]至e[64] ,e[n]為該第五加密金鑰的第n位元)、以及加密邏輯閘1445G。於一實施例中,所述的加密邏輯閘1441G、1442G、1443G、1444G、1445G以及邏輯運算皆使用互斥或閘(Exclusive Or, XOR)作為運算。於其他實施例中,所述的邏輯閘1441G、1442G、1443G、1444G、1445G以及邏輯運算可以用AND閘、OR閘、其他邏輯閘或複數個邏輯閘的組合實現運算,於本發明中不予以限制。In one embodiment, please refer to FIG. 4 , which is a schematic diagram of the logic operation of the fifth-order cipher of the present invention. As shown in the figure: the first octet stream cipher 1441 includes an encrypted linear feedback shift register. device 1441L (stores the first encryption keys a[1] to a[8], a[n] is the nth bit of the first encryption key), and the encryption logic gate 1441G; the second octet string The stream cipher 1442 includes an encryption linear feedback shift register 1442L (which stores the second encryption keys b[1] to b[8], where b[n] is the nth bit of the second encryption key) , and the encryption logic gate 1442G; the 16-bit stream encryption device 1443 includes an encryption linear feedback shift register 1443L (there are third encryption keys c[1] to c[16], c[n] is The nth bit of the third encryption key), and the encryption logic gate 1443G; the thirty-two-bit stream encryptor 1444 includes an encryption linear feedback shift register 1444L (which stores the fourth encryption key d[ 1] to d[32], d[n] is the nth bit of the fourth encryption key), and the encryption logic gate 1444G; the 64-bit stream encryptor 1445 includes an encryption linear feedback shift temporary Register 1445L (stores fifth encryption keys e[1] to e[64], e[n] is the nth bit of the fifth encryption key), and encryption logic gate 1445G. In one embodiment, the encryption logic gates 1441G, 1442G, 1443G, 1444G, 1445G and the logic operations all use exclusive OR (XOR) as operations. In other embodiments, the logic gates 1441G, 1442G, 1443G, 1444G, 1445G and the logic operations can be implemented by AND gates, OR gates, other logic gates or a combination of a plurality of logic gates, which are not used in the present invention. limit.

於其他實施例中,前述的五階加密器144亦可以於後端設置一多路復用器(Multiplexer, MUX)決定輸出的加密序列,或是於五階加密器144前端搭配設置一個控制模組(Control Module)用以取代加密層級設定器142決定啟動的串流加密器及邏輯閘的部分功能,該等實施方式的變化非屬本發明所欲限制的範圍。In other embodiments, the aforementioned fifth-order encryptor 144 may also be provided with a multiplexer (MUX) at the back end to determine the output encryption sequence, or a control mode may be configured at the front end of the fifth-order encryptor 144 . The control module is used to replace part of the functions of the stream encryptor and the logic gate that are determined by the encryption level setter 142 to be activated. The changes of these implementations are not intended to be limited by the present invention.

於一實施例中,請復參閱「圖1」,所述的接收端裝置20包括資料目的模組22以及資料解密模組24。該資料目的模組22相同可以為快取記憶體(Cache memory)、動態隨機存取記憶體(DRAM)、持續性記憶體(Persistent Memory)用以儲存及管理所接收到的資料。該資料解密模組22係可以為執行解密計算處理用的處理器或微處理器,於本發明中不予以限制。最後,該資料解密模組24用以將所接收到的加密序列經由對應的加密層級進行解密處理後將還原的原始數據封包輸出至該資料目的模組22以儲存。In an embodiment, please refer to FIG. 1 again, the receiving end device 20 includes a data destination module 22 and a data decryption module 24 . The data destination module 22 can also be a cache memory, a dynamic random access memory (DRAM), or a persistent memory (Persistent Memory) for storing and managing the received data. The data decryption module 22 can be a processor or a microprocessor for performing decryption calculation processing, which is not limited in the present invention. Finally, the data decryption module 24 is used for decrypting the received encrypted sequence through the corresponding encryption level, and then outputting the restored original data packet to the data destination module 22 for storage.

於一實施例中,所述的資料解密模組24包含解密層級設定器242以及輸入端連接至該解密層級設定器242的五階解密器244,請一併參酌「圖2」以及「圖5」,為本發明可調式五階加密系統的方塊示意圖(二)、五階解密器的方塊示意圖,如圖所示:解密層級設定器242用以設定五階解密器244的解密層級,所述的解密層級的數量對應加密層級的數量。所述的五階解密器244經由資料傳輸層DA自發送端裝置10取得至少一加密序列,五階解密器244包含依序連接的第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、三十二位元串流解密器2444、以及六十四位元串流解密器2445(於此定義第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、三十二位元串流解密器2444、六十四位元串流解密器2445的上位統稱為「串流解密器」)。具體而言,六十四位元串流解密器2445的輸入端連接至解密層級設定器242的輸出端、六十四位元串流解密器2445的輸出端連接至三十二位元串流解密器2444的輸入端;三十二位元串流解密器2444的另一輸入端連接至解密層級設定器242的輸出端、三十二位元串流解密器2444的輸出端連接至十六位元串流解密器2443的輸入端;十六位元串流解密器2443的另一輸入端連接至解密層級設定器242的輸出端、十六位元串流解密器2443的輸出端連接至第二八位元串流解密器2442的輸入端;第二八位元串流解密器2442的另一輸入端連接至解密層級設定器242的輸出端、第二八位元串流解密器2442的輸出端連接至第一八位元串流解密器2441的輸入端;第一八位元串流解密器2441的另一輸入端連接至解密層級設定器242的輸出端、第一八位元串流解密器2441的輸出端連接至資料目的模組22的輸入端。於本實施例中,解密層級設定器242依據解密層級選擇要啟動的串流解密器、以及依據解密層級選擇加密序列要輸入的串流解密器,藉此將加密序列依序解密,並且當位於序列前方的串流解密器被啟動時,該串流解密器後方的串流解密器也須啟動。例如:解密層級設定器242設定對應二階加密層級的二階解密層級時,解密層級設定器242會啟動第二八位元串流解密器2442並一併啟動第一八位元串流解密器2441,解密層級設定器242會依據二階解密層級將加密序列輸入第二八位元串流解密器2442後,加密序列經由第二八位元串流解密器2442、第一八位元串流解密器2441進行解密,由第一八位元串流解密器2441將解密後的加密序列輸出,藉此進行二階解密層級的解密(相當於十六位元解密裝置);其餘未使用到的十六位元串流解密器2443、三十二位元串流解密器2444、以及六十四位元串流解密器2445則不啟動。於此定義最後由五階解密器244所輸出的解密後加密序列為還原數據封包。當第一階解密層級(對應第一階加密層級)僅啟動第一八位元串流解密器1441時,該解密系統將可以構成一八位元解密裝置;當第二階解密層級(對應第二階加密層級)僅啟動第一八位元串流解密器2441、以及第二八位元串流解密器2442時,該解密系統將可以構成一十六位元解密裝置;當第三階解密層級(對應第三階加密層級)為啟動第一八位元串流解密器2441、第二八位元串流解密器2442、以及十六位元串流解密器2443時,該解密系統將可以構成一三十二位元解密裝置;當第四階解密層級(對應第四階加密層級)僅啟動第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、以及三十二位元串流解密器2444時,該解密系統將可以構成一六十四位元解密裝置;當第五階解密層級(對應第五階加密層級)啟動全部的串流解密器時,該解密系統將可以構成一一百二十八位元解密裝置。具體而言,在任一種解密層級僅會接收到一種對應該解密層級的加密序列。In one embodiment, the data decryption module 24 includes a decryption level setter 242 and a fifth-order decryptor 244 whose input end is connected to the decryption level setter 242. Please refer to "FIG. 2" and "FIG. 5" together. ", is the block diagram (2) of the adjustable fifth-order encryption system of the present invention, and the block diagram of the fifth-order decryptor. As shown in the figure: the decryption level setting device 242 is used to set the decryption level of the fifth-order decryptor 244. The number of decryption levels corresponds to the number of encryption levels. The fifth-order decryptor 244 obtains at least one encrypted sequence from the sender device 10 via the data transport layer DA. The fifth-order decryptor 244 includes a first octet stream decryptor 2441 and a second octet that are connected in sequence. Stream decryptor 2442, sixteen-bit stream decryptor 2443, thirty-two-bit stream decryptor 2444, and sixty-four-bit stream decryptor 2445 (the first octet stream decryption is defined here The upper level of the device 2441, the second octet stream decryptor 2442, the 16-bit stream decryptor 2443, the 32-bit stream decryptor 2444, and the 64-bit stream decryptor 2445 are collectively referred to as " Streaming Decryptor"). Specifically, the input terminal of the 64-bit stream decryptor 2445 is connected to the output terminal of the decryption level setter 242, and the output terminal of the 64-bit stream decryptor 2445 is connected to the 32-bit stream The input of the decryptor 2444; the other input of the thirty-two-bit stream decryptor 2444 is connected to the output of the decryption level setter 242, and the output of the thirty-two-bit stream decryptor 2444 is connected to the sixteen The input terminal of the bit stream decryptor 2443; the other input terminal of the sixteen bit stream decryptor 2443 is connected to the output terminal of the decryption level setter 242, and the output terminal of the sixteen bit stream decryptor 2443 is connected to The input terminal of the second octet stream decryptor 2442; the other input terminal of the second octet stream decryptor 2442 is connected to the output terminal of the decryption level setter 242, the second octet stream decryptor 2442 The output end of the first octet stream decryptor 2441 is connected to the input end; the other input end of the first octet stream decryptor 2441 is connected to the output end of the decryption level setter 242, the first octet The output terminal of the stream decryptor 2441 is connected to the input terminal of the data destination module 22 . In this embodiment, the decryption level setter 242 selects the stream decryptor to be activated according to the decryption level, and selects the stream decryptor to which the encrypted sequence is to be input according to the decryption level, thereby sequentially decrypting the encrypted sequence, and when the When the stream decryptor at the front of the sequence is activated, the stream decryptor after the stream decryptor must also be activated. For example, when the decryption level setter 242 sets the second-level decryption level corresponding to the second-level encryption level, the decryption level setter 242 activates the second octet stream decryptor 2442 and simultaneously activates the first octet stream decryptor 2441, After the decryption level setter 242 inputs the encrypted sequence into the second octet stream decryptor 2442 according to the second-order decryption level, the encrypted sequence passes through the second octet stream decryptor 2442 and the first octet stream decryptor 2441 Decryption is performed, and the decrypted encrypted sequence is output by the first octet stream decryptor 2441, thereby performing second-order decryption level decryption (equivalent to a 16-bit decryption device); the remaining unused 16-bit The stream decryptor 2443, the 32-bit stream decryptor 2444, and the 64-bit stream decryptor 2445 are not activated. Herein, the decrypted encrypted sequence output by the fifth-order decryptor 244 is defined as the restored data packet. When the first-level decryption level (corresponding to the first-level encryption level) only activates the first octet stream decryptor 1441, the decryption system can constitute an octet decryption device; when the second-level decryption level (corresponding to the first-level encryption level) Second-order encryption level) When only the first octet stream decryptor 2441 and the second octet stream decryptor 2442 are activated, the decryption system will form a sixteen-bit decryption device; when the third-order decryption When the level (corresponding to the third level of encryption) is to activate the first octet stream decryptor 2441, the second octet stream decryptor 2442, and the 16-bit stream decryptor 2443, the decryption system will be able to A 32-bit decryption device is formed; when the fourth-level decryption level (corresponding to the fourth-level encryption level) only activates the first octet stream decryptor 2441, the second octet stream decryptor 2442, and the sixteenth When the bit stream decryptor 2443 and the 32-bit stream decryptor 2444 are used, the decryption system can form a sixty-four-bit decryption device; when the fifth-level decryption level (corresponding to the fifth-level encryption level) When all stream decryptors are activated, the decryption system will be able to constitute a one hundred and twenty-eight-bit decryption device. Specifically, at any decryption level, only one encrypted sequence corresponding to that decryption level is received.

於此定義第一八位元串流解密器2441的輸出為第一數據封包PK1;第二八位元串流解密器2442的輸出為第二數據封包PK2;十六位元串流解密器2443的輸出為第三數據封包PK3;三十二位元串流解密器2444的輸出為第四數據封包PK4;六十四位元串流解密器2445的輸出為第五數據封包PK5。具體而言,五階解密器244所輸出的還原數據封包為第一數據封包PK1,一併敘明於此。Here, the output of the first octet stream decryptor 2441 is defined as the first data packet PK1; the output of the second octet stream decryptor 2442 is the second data packet PK2; the 16-bit stream decryptor 2443 The output of the 32-bit stream decryptor 2444 is the fourth data packet PK4; the output of the 64-bit stream decryptor 2445 is the fifth data packet PK5. Specifically, the restored data packet output by the fifth-order decryptor 244 is the first data packet PK1, which is described here.

於一實施例中,前述的五階解密器244中第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、三十二位元串流解密器2444、以及六十四位元串流解密器2445分別包含有解密線性反饋移位暫存器(Linear Feedback Shift Register, LFSR)以及一或複數個解密邏輯閘(Logic Gate),該解密線性反饋移位暫存器具有一解密金鑰,該解密金鑰對應於加密金鑰並且可以由其他裝置輸入至解密線性反饋移位暫存器作為一預設解密金鑰,所述的裝置非屬本發明所欲限制的內容,於此先行敘明。該解密線性反饋移位暫存器將該解密金鑰的複數個解密位元抽頭進行邏輯運算後獲得一解密運算元,該解密運算元與接收到的加密序列經由該解密邏輯閘進行運算後獲得解密序列,其中,該加密序列將反饋至解密線性反饋移位暫存器的第一位元作為解密金鑰的更新,所述的更新指該加密序列會輸入至將該解密線性反饋移位暫存器的解密金鑰的第一位元,使原先該解密金鑰的第一位元移動至第二位元、原先該解密金鑰的第二位元移動至第三位元,依此類推,原先該解密金鑰的最末位元會被前一位元覆蓋,藉此更新該解密金鑰。In one embodiment, the first octet stream decryptor 2441, the second octet stream decryptor 2442, the sixteen-bit stream decryptor 2443, the thirty-two The meta-stream decryptor 2444 and the 64-bit meta-stream decryptor 2445 respectively include a decryption Linear Feedback Shift Register (LFSR) and one or more decryption logic gates (Logic Gate), The decryption linear feedback shift register has a decryption key, the decryption key corresponds to the encryption key and can be input into the decryption linear feedback shift register by other devices as a preset decryption key, the device Contents that are not intended to be limited by the present invention are described in advance here. The decryption linear feedback shift register performs a logical operation on a plurality of decryption bit taps of the decryption key to obtain a decryption operation element, and the decryption operation element and the received encrypted sequence are obtained after operation through the decryption logic gate Decryption sequence, wherein the encryption sequence will be fed back to the first bit of the decryption linear feedback shift register as the update of the decryption key, and the update means that the encryption sequence will be input to the decryption linear feedback shift register. The first bit of the decryption key in the storage, so that the first bit of the decryption key is moved to the second bit, the second bit of the decryption key is moved to the third bit, and so on , the last bit of the original decryption key will be overwritten by the previous bit, thereby updating the decryption key.

具體而言,請參酌「圖6」,為本發明五階解密器的邏輯運算示意圖,如圖所示:第一八位元串流解密器2441包含有解密線性反饋移位暫存器2441L(存有與第一加密金鑰a[1]至a[8]相同的第一解密金鑰,於此標號相同於第一加密金鑰)、以及解密邏輯閘2441G;第二八位元串流解密器2442包含有解密線性反饋移位暫存器2442L(存有與第二加密金鑰b[1]至b[8]相同的第二解密金鑰,於此標號相同於第二加密金鑰)、以及解密邏輯閘2442G;十六位元串流解密器2443包含有解密線性反饋移位暫存器2443L(存有與第三加密金鑰c[1]至c[16]相同的第三解密金鑰,於此標號相同於第三加密金鑰)、以及解密邏輯閘2443G;三十二位元串流解密器2444包含有解密線性反饋移位暫存器2444L(存有與第四加密金鑰d[1]至d[32]相同的第四解密金鑰,於此標號相同於第四加密金鑰)、以及解密邏輯閘2444G;六十四位元串流解密器2445包含有解密線性反饋移位暫存器2445L(存有與第五加密金鑰e[1]至e[64]相同的第五解密金鑰,於此標號相同於第五加密金鑰)、以及解密邏輯閘2445G。原則上,所述的五階解密器244中的邏輯閘與邏輯運算必須與五階加密器144執行反向邏輯運算(例如五階加密器144為AND,則五階解密器244為NAND)。Specifically, please refer to FIG. 6 , which is a schematic diagram of the logic operation of the fifth-order decryptor of the present invention. As shown in the figure: the first octet stream decryptor 2441 includes a decryption linear feedback shift register 2441L ( Stores the same first decryption keys as the first encryption keys a[1] to a[8], where the label is the same as the first encryption key), and the decryption logic gate 2441G; the second octet stream The decryptor 2442 includes a decryption linear feedback shift register 2442L (stores the same second decryption keys as the second encryption keys b[1] to b[8], and the label is the same as the second encryption key ), and decryption logic gate 2442G; the sixteen-bit stream decryptor 2443 includes a decryption linear feedback shift register 2443L (which stores the same third encryption key c[1] to c[16] as the third encryption key c[1] to c[16]). The decryption key, which is labeled the same as the third encryption key, and the decryption logic gate 2443G; the thirty-two-bit stream decryptor 2444 includes a decryption linear feedback shift register 2444L (stored with the fourth encryption key) The fourth decryption key is the same as the keys d[1] to d[32], and the reference number is the same as the fourth encryption key), and the decryption logic gate 2444G; the 64-bit stream decryptor 2445 includes decryption The linear feedback shift register 2445L (stores the same fifth decryption keys as the fifth encryption keys e[1] to e[64], and the label is the same as the fifth encryption key), and the decryption logic gate 2445G. In principle, the logic gates and logic operations in the fifth-order decryptor 244 must perform inverse logic operations with the fifth-order encryptor 144 (eg, if the fifth-order encryptor 144 is AND, then the fifth-order decryptor 244 is NAND).

於其他實施例中,前述的五階解密器244亦可以於前端設置一多路復用器(Multiplexer, MUX)決定加密序列欲輸入之串流解密器,或是於五階解密器244前端搭配設置一個控制模組(Control Module)用以取代解密層級設定器242決定啟動的串流解密器及邏輯閘的部分功能,該等實施方式的變化非屬本發明所欲限制的範圍。In other embodiments, the aforementioned fifth-order decryptor 244 may also be provided with a multiplexer (MUX) at the front end to determine the stream decryptor to which the encrypted sequence is to be input, or the fifth-order decryptor 244 may be matched at the front end. A control module is provided to replace part of the functions of the stream decryptor and the logic gate determined to be activated by the decryption level setter 242, and the changes of these implementations are not within the scope of the present invention.

於其他實施例中,前述的資料生成模組12與資料加密模組14之間具有一進階加密器時(圖未示),資料目的模組22以及資料解密模組24之間具有一對應該進階加密器的進階解密器(圖未示),該進階加密器對資料生成模組12的數據封包PK進行加密處理後輸出至資料加密模組14;該進階解密器用對應該進階加密器的解密處理還原該數據封包PK至資料目的模組22。前述的加密處理例如:進階加密標準(Advanced Encryption Standard, AES),於本發明中不予以限制。In other embodiments, when there is an advanced encryptor (not shown) between the aforementioned data generation module 12 and the data encryption module 14, a pair of data destination module 22 and data decryption module 24 are provided. The advanced decryptor (not shown) should be an advanced encryptor, the advanced encryptor encrypts the data packet PK of the data generation module 12 and outputs it to the data encryption module 14; the advanced decryptor uses the corresponding The decryption process of the advanced encryptor restores the data packet PK to the data destination module 22 . The aforementioned encryption process, such as Advanced Encryption Standard (AES), is not limited in the present invention.

以上針對本發明硬體架構的一具體實施例進行說明,有關於本發明的工作程式將於下面進行更進一步的說明,請參閱「圖7」,為本發明可調式五階加密方法的流程示意圖:A specific embodiment of the hardware structure of the present invention is described above. The working program of the present invention will be further described below. Please refer to FIG. 7 , which is a schematic flowchart of the adjustable fifth-level encryption method of the present invention. :

於進行數據傳輸前,加密層級設定器142與解密層級設定器242將依據用戶設定/自動配置去設定相同的加密/解密層級(例如:當加密層級設定器142選定五階加密器144加密層級為五階時,解密層級設定器242將選定五階解密器244解密層級為五階),先行敘明於此。Before data transmission, the encryption level setter 142 and the decryption level setter 242 will set the same encryption/decryption level according to the user setting/automatic configuration (for example, when the encryption level setter 142 selects the fifth-level encryptor 144 to set the encryption level as In the case of the fifth level, the decryption level setter 242 will select the decryption level of the fifth level decryptor 244 as the fifth level), which will be described here first.

首先,於發送端裝置10中,數據封包PK由資料生成模組12輸出至資料加密模組14(步驟S201)。First, in the sender device 10, the data packet PK is output from the data generation module 12 to the data encryption module 14 (step S201).

數據封包PK由資料加密模組14的五階加密器144接收並依照加密層級設定器142所設定的加密層級對該數據封包PK進行加密(步驟S202)。The data packet PK is received by the fifth-level encryptor 144 of the data encryption module 14 and encrypted according to the encryption level set by the encryption level setter 142 (step S202 ).

加密後的數據封包PK由該五階加密器144輸出加密序列至接收端裝置20(步驟S203)。The encrypted data packet PK is outputted by the fifth-order encryptor 144 to the receiving end device 20 (step S203 ).

加密序列經由資料解密模組24中的五階解密器244依照解密層級設定器242對應加密層級的解密層級將該加密序列進行解密(步驟S204)。The encrypted sequence is decrypted by the fifth-order decryptor 244 in the data decryption module 24 according to the decryption level of the decryption level setter 242 corresponding to the encryption level (step S204 ).

解密後的加密序列由該五階解密器244輸出還原數據封包至資料目的模組22儲存(步驟S205)。The decrypted encrypted sequence is output by the fifth-order decryptor 244 to restore the data packet to the data destination module 22 for storage (step S205 ).

於一實施例中,所述五階加密器144具有第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、三十二位元串流解密器2444、以及六十四位元串流解密器2445的五階加密器144進行加密;所述五階解密器244具有第一八位元串流解密器2441、第二八位元串流解密器2442、十六位元串流解密器2443、三十二位元串流解密器2444、以及六十四位元串流解密器2445的情況下,請參酌「圖8」、「圖9」,為本發明五階加密器144的加密流程示意圖與五階解密器244的解密流程示意圖。前述步驟S202依據加密層級可以由步驟S2021-S2025之中的一或複數個步驟替換,且該複數個步驟必須依序存在(例如:第四階加密層級的情況下,步驟S202需替換成對應的步驟S2024,此時步驟S2021-S2023也必須一併納入,因此,步驟S202在第四階加密層級的情況下能替換成步驟S2021-S2024);步驟S204依據解密層級可以由步驟S2041-S2045之中的一或複數個步驟替換,且該複數個步驟必須反向依序存在(例如:在第四階層解密層級的情況下,步驟S204需替換成對應的步驟S2042,此時步驟S2043-S2045也必須一併納入,因此,步驟S204能替換成步驟S2042-S2045),先前已描述過的步驟內容將不再贅述,先行敘明於此。於此實施例中,五階加密器144所述的邏輯運算皆為XOR;五階解密器244所述的邏輯運算都為OR(對應五階加密器的邏輯運算)。於其他實施例中,前述的邏輯運算可以由AND、NAND等其他邏輯運算,於本發明中不予以限制;於此實施例中,加密線性反饋移位暫存器所選用的複數個加密抽頭位元、與解密反饋移位暫存器所選用的複數個解密抽頭位元及數量僅為一實施例,該加密/解密抽頭位元能根據實際需求進行不同的選擇、數量變化(例如:選擇第一位元、第七位元做為加密/解密抽頭位元;選擇第四位元、第五位元、第六位元、第八位元做為加密/解密抽頭位元;於位元數更多的情況下可以選擇第二位元、第三十七位元等),該加密/解密抽頭位元的選擇非屬本發明所欲限制的範圍。前述的解密抽頭位元將對應加密抽頭位元進行選擇,以搭配進行解密。於本實施例中,該第一八位元串流加密器1441、該十六位元串流加密器1443、該三十二位元串流加密器1444的該加密位元抽頭數量為兩個;該第二八位元串流加密器1442、該六十四位元串流加密器1445的該加密位元抽頭數量為四個;該第一八位元串流解密器2441、該十六位元串流解密器2443、該三十二位元串流解密器2444的該解密位元抽頭數量為兩個;該第二八位元串流解密器2442、該六十四位元串流解密器2445的該解密位元抽頭數量為四個,先行敘明於此。於一實施例中,前述的加密位元抽頭與解密位元抽頭的位元數量為偶數個。In one embodiment, the fifth-order encryptor 144 has a first octet stream decryptor 2441, a second octet stream decryptor 2442, a sixteen-bit stream decryptor 2443, a thirty-two Metastream decryptor 2444 and fifth-order encryptor 144 of sixty-four-bit stream decryptor 2445 perform encryption; the fifth-order decryptor 244 has a first octet stream decryptor 2441, a second octet In the case of the meta stream decryptor 2442, the 16-bit stream decryptor 2443, the 32-bit stream decryptor 2444, and the 64-bit stream decryptor 2445, please refer to "Fig. 8", FIG. 9 is a schematic diagram of an encryption process of the fifth-order encryptor 144 and a schematic diagram of a decryption process of the fifth-order decryptor 244 of the present invention. The aforementioned step S202 can be replaced by one or more steps in the steps S2021-S2025 according to the encryption level, and the multiple steps must exist in sequence (for example: in the case of the fourth-level encryption level, step S202 needs to be replaced with the corresponding Step S2024, at this time, steps S2021-S2023 must also be included together, therefore, step S202 can be replaced with steps S2021-S2024 in the case of the fourth-level encryption level); Step S204 can be determined from steps S2041-S2045 according to the decryption level. One or more steps are replaced, and the multiple steps must exist in reverse order (for example: in the case of the fourth-level decryption level, step S204 needs to be replaced with corresponding step S2042, and steps S2043-S2045 must also be replaced at this time. Therefore, step S204 can be replaced with steps S2042-S2045), and the content of the previously described steps will not be repeated, and will be described here first. In this embodiment, the logical operations described by the fifth-order encryptor 144 are all XORs; the logic operations described by the fifth-order decryptor 244 are all ORs (corresponding to the logical operations of the fifth-order encryptor). In other embodiments, the aforementioned logical operations may be other logical operations such as AND, NAND, etc., which are not limited in the present invention; in this embodiment, a plurality of encrypted tap bits selected by the linear feedback shift register are encrypted. The number and number of decryption taps selected by the decryption feedback shift register and the decryption feedback shift register are only an example, and the encryption/decryption taps can be selected according to actual needs, and the number of them can be changed (for example: selecting the first One bit and the seventh bit are used as the encryption/decryption tap bit; the fourth bit, the fifth bit, the sixth bit, and the eighth bit are selected as the encryption/decryption tap bit; In more cases, the second bit, the thirty-seventh bit, etc. can be selected), and the selection of the encryption/decryption tap bit is not within the scope of the present invention. The aforementioned decryption tap bits are selected corresponding to the encryption tap bits for decryption. In this embodiment, the number of encrypted bit taps of the first 8-bit stream encryptor 1441, the 16-bit stream encryptor 1443, and the 32-bit stream encryptor 1444 is two ; the number of encrypted bit taps of the second octet stream encryptor 1442, the sixty-four-bit stream encryptor 1445 is four; the first octet stream decryptor 2441, the sixteen The number of the decrypted bit taps of the bit stream decryptor 2443, the thirty-two-bit stream decryptor 2444 is two; the second octet stream decryptor 2442, the sixty-four-bit stream The number of the decrypted bit taps of the decryptor 2445 is four, which is described here in advance. In one embodiment, the number of bits of the aforementioned encrypted bit taps and decrypted bit taps is an even number.

以下說明步驟S2021-S2025,請一併參酌「圖4」、「圖8」,為本發明五階加密器的邏輯運算示意圖、加密流程示意圖。數據封包PK由五階加密器144的第一八位元串流加密器1441接收,該數據封包PK經由第一八位元串流加密器1441加密並輸出(步驟S2021)。於一實施例中,第一八位元串流加密器1441中的加密線性反饋移位暫存器1441L擷取第二位元a[2]與第七位元a[7]進行邏輯運算後取得第一加密運算元,將該數據封包PK與該第一加密運算元經由加密邏輯閘1441G進行邏輯運算依序進行加密並由第一八位元串流加密器1441輸出;當加密層級設定器142設定為一階加密時,此時第一八位元串流加密器1441輸出的為第一加密序列ES1。Steps S2021-S2025 are described below. Please refer to FIG. 4 and FIG. 8 together, which are schematic diagrams of logical operations and encryption flow diagrams of the fifth-order encryptor of the present invention. The data packet PK is received by the first octet stream encryptor 1441 of the fifth-order encryptor 144, and the data packet PK is encrypted and output by the first octet stream encryptor 1441 (step S2021). In one embodiment, the encrypted linear feedback shift register 1441L in the first octet stream encryptor 1441 extracts the second bit a[2] and the seventh bit a[7] for logical operation The first encryption operator is obtained, the data packet PK and the first encryption operator are sequentially encrypted by logical operation through the encryption logic gate 1441G and output by the first octet stream encryptor 1441; when the encryption level setter When 142 is set to first-order encryption, the output of the first octet stream encryptor 1441 is the first encryption sequence ES1.

經由第一八位元串流加密器1441加密並輸出的數據封包PK由第二八位元串流加密器1442接收,第二八位元串流加密器1442將接收到的該數據封包PK加密並輸出(步驟S2022)。於一實施例中,第二八位元串流加密器1442中的加密線性反饋移位暫存器1442L擷取第二位元b[2]、第五位元b[5]、第六位元b[6]、第七位元b[7]進行邏輯運算後取得第二加密運算元,將該數據封包PK與該第二加密運算元經由加密邏輯閘1442G進行邏輯運算依序進行加密並由第二八位元串流加密器1442輸出;當加密層級設定器142設定為二階加密時,此時第二八位元串流加密器1442輸出的為第二加密序列ES2。The data packet PK encrypted and output by the first octet stream encryptor 1441 is received by the second octet stream encryptor 1442, and the second octet stream encryptor 1442 encrypts the received data packet PK and output (step S2022). In one embodiment, the encrypted linear feedback shift register 1442L in the second octet stream encryptor 1442 retrieves the second bit b[2], the fifth bit b[5], the sixth bit Element b[6] and the seventh bit b[7] perform logical operations to obtain the second encryption operation element, and the data packet PK and the second encryption operation element are sequentially encrypted by logical operation through the encryption logic gate 1442G and then encrypted. It is output by the second octet stream encryptor 1442; when the encryption level setter 142 is set to second-level encryption, the second octet stream encryptor 1442 outputs the second encryption sequence ES2.

經由第二八位元串流加密器1442加密並輸出的數據封包PK由十六位元串流加密器1443接收,十六位元串流加密器1443將接收到的該數據封包PK加密並輸出(步驟S2023)。於一實施例中,十六位元串流加密器1443中的加密線性反饋移位暫存器1443L擷取第十四位元c[14]、第十六位元c[16]進行邏輯運算後取得第三加密運算元,將該數據封包PK與該第三加密運算元經由加密邏輯閘1443G進行邏輯運算依序進行加密並由十六位元串流加密器1443輸出;當加密層級設定器142設定為三階加密時,此時十六位元串流加密器1443輸出的為第三加密序列ES3。The data packet PK encrypted and output by the second octet stream encryptor 1442 is received by the 16-bit stream encryptor 1443, and the 16-bit stream encryptor 1443 encrypts and outputs the received data packet PK (step S2023). In one embodiment, the encrypted linear feedback shift register 1443L in the sixteen-bit stream encryptor 1443 extracts the fourteenth bit c[14] and the sixteenth bit c[16] for logical operation After that, the third encryption operator is obtained, the data packet PK and the third encryption operator are sequentially encrypted by logical operation through the encryption logic gate 1443G and output by the 16-bit stream encryption device 1443; when the encryption level setting device When 142 is set to third-level encryption, the output of the 16-bit stream encryptor 1443 is the third encryption sequence ES3.

經由十六位元串流加密器1443加密並輸出的數據封包PK由三十二位元串流加密器1444接收,三十二位元串流加密器1444將接收到的該數據封包PK加密並輸出(步驟S2024)。於一實施例中,三十二位元串流加密器1444中的加密線性反饋移位暫存器1444L擷取第三十位元d[30]、第三十二位元d[32]進行邏輯運算後取得第四加密運算元,將該數據封包PK與該第四加密運算元經由加密邏輯閘1444G進行邏輯運算依序進行加密並輸出;當加密層級設定器142設定為四階加密時,此時三十二位元串流加密器1444輸出的為第四加密序列ES4。The data packet PK encrypted and output by the sixteen-bit stream encryptor 1443 is received by the thirty-two-bit stream encryptor 1444. output (step S2024). In one embodiment, the encrypted linear feedback shift register 1444L in the thirty-two-bit stream encryptor 1444 extracts the thirtieth bit d[30] and the thirty-second bit d[32] for processing After the logical operation, the fourth encryption operation element is obtained, and the data packet PK and the fourth encryption operation element are sequentially encrypted and output through the logic operation of the encryption logic gate 1444G; when the encryption level setter 142 is set to fourth-level encryption, At this time, the output of the thirty-two-bit stream encryptor 1444 is the fourth encryption sequence ES4.

經由三十二位元串流加密器1444加密並輸出的數據封包PK由六十四位元串流加密器1445接收,六十四位元串流加密器1445將接收到的該數據封包PK加密並輸出(步驟S2025)。於一實施例中,加密層級設定器142設定為五階加密時,所述六十四位元串流加密器1445中的加密線性反饋移位暫存器1445L擷取第二位元e[2]、第六十一位元e[61]、第六十二位元e[62]、以及第六十四e[64]位元進行邏輯運算後取得第五加密運算元,將該數據封包PK與該第五加密運算元經由加密邏輯閘1445G進行邏輯運算依序進行加密並輸出,此時六十四位元串流加密器1445輸出的為第五加密序列ES5。The data packet PK encrypted and output by the 32-bit stream encryptor 1444 is received by the 64-bit stream encryptor 1445, and the 64-bit stream encryptor 1445 encrypts the received data packet PK and output (step S2025). In one embodiment, when the encryption level setter 142 is set to fifth-level encryption, the encryption linear feedback shift register 1445L in the 64-bit stream encryptor 1445 retrieves the second bit e[2 ], the sixth bit e[61], the sixty-second bit e[62], and the sixty-fourth e[64] bit are logically operated to obtain the fifth encryption operand, and the data is packaged The PK and the fifth encryption operation element are sequentially encrypted and output by performing logical operations through the encryption logic gate 1445G. At this time, the output of the 64-bit stream encryptor 1445 is the fifth encryption sequence ES5.

以下說明步驟S2041-S2045,請一併參酌「圖6」、「圖9」,為本發明五階解密器的邏輯運算示意圖、解密流程示意圖。第五加密序列ES5由五階解密器244的六十四位元串流解密器2445接收,六十四位元串流解密器2445解密該第五加密序列ES5並輸出第五數據封包PK5(步驟S2041)。於一實施例中,當解密層級為五階時,六十四位元串流解密器2445中的解密線性反饋移位暫存器2445L擷取第二位元e[2]、第六十一位元e[61]、第六十二位元e[62]、以及第六十四位元e[64]進行邏輯運算後取得第五解密運算元,將該第五加密序列ES5與該第五解密運算元經由解密邏輯閘2445G進行邏輯運算依序轉換成第五數據封包PK5並輸出至三十二位元串流解密器2444。Steps S2041-S2045 are described below. Please refer to FIG. 6 and FIG. 9 together, which are schematic diagrams of logical operations and decryption flow diagrams of the fifth-order decryptor of the present invention. The fifth encrypted sequence ES5 is received by the sixty-four-bit stream decryptor 2445 of the fifth-order decryptor 244, and the sixty-four-bit stream decryptor 2445 decrypts the fifth encrypted sequence ES5 and outputs the fifth data packet PK5 (step S2041). In one embodiment, when the decryption level is fifth, the decryption linear feedback shift register 2445L in the sixty-four-bit stream decryptor 2445 retrieves the second bit e[2], the sixty-first The bit e[61], the sixty-second bit e[62], and the sixty-fourth bit e[64] are logically operated to obtain a fifth decryption operand, and the fifth encryption sequence ES5 is combined with the sixth encryption sequence ES5. The five decryption operands are sequentially converted into the fifth data packet PK5 through the logic operation of the decryption logic gate 2445G and output to the 32-bit stream decryptor 2444 .

第五數據封包PK5由五階解密器244的三十二位元串流解密器2444接收,三十二位元串流解密器2444解密該第五數據封包PK5並輸出第四數據封包PK4(步驟S2042)。於一實施例中,當解密層級為五階時,三十二位元串流解密器2444中的解密線性反饋移位暫存器2444L擷取第三十位元d[30]、以及第三十二位元d[32]進行邏輯運算後取得第四解密運算元,將該第五數據封包PK5與該第四解密運算元經由解密邏輯閘2444G進行邏輯運算依序轉換成第四數據封包PK4並輸出至十六位元串流解密器2443;當解密層級為四階時,三十二位元串流解密器2444所接收的為發送端裝置10所輸出的第四加密序列ES4,此時三十二位元串流解密器2444中的解密線性反饋移位暫存器2444L擷取第三十位元d[30]、以及第三十二位元d[32]進行邏輯運算後取得第四解密運算元,將該第四加密序列ES4與該第四解密運算元經由解密邏輯閘2444G進行邏輯運算依序轉換成第四數據封PK4包並輸出至十六位元串流解密器2443。The fifth data packet PK5 is received by the thirty-two-bit stream decryptor 2444 of the fifth-order decryptor 244, and the thirty-two-bit stream decryptor 2444 decrypts the fifth data packet PK5 and outputs the fourth data packet PK4 (step S2042). In one embodiment, when the decryption level is fifth, the decryption linear feedback shift register 2444L in the thirty-two-bit stream decryptor 2444 retrieves the thirtieth bit d[30], and the third Twelve bits d[32] are logically operated to obtain the fourth decryption operand, and the fifth data packet PK5 and the fourth decryption operand are sequentially converted into the fourth data packet PK4 by logical operation through the decryption logic gate 2444G and output it to the 16-bit stream decryptor 2443; when the decryption level is the fourth level, what the 32-bit stream decryptor 2444 receives is the fourth encrypted sequence ES4 output by the sender device 10, at this time The decryption linear feedback shift register 2444L in the thirty-two-bit stream decryptor 2444 extracts the thirtieth bit d[30] and the thirty-second bit d[32] and performs a logical operation to obtain the first Four decryption operands, the fourth encryption sequence ES4 and the fourth decryption operand are sequentially converted into a fourth data packet PK4 by logical operation through the decryption logic gate 2444G and output to the 16-bit stream decryptor 2443 .

第四數據封PK4包由五階解密器244的十六位元串流解密器2443接收,十六位元串流解密器2443解密該第四數據封包PK4並輸出第三數據封包PK3(步驟S2043)。於一實施例中,當解密層級為五階或四階時,十六位元串流解密器2443中的解密線性反饋移位暫存器2443L擷取第十四位元c[14]、第十六位元c[16]進行邏輯運算後取得第三解密運算元,將該第四數據封包PK4與該第三解密運算元經由解密邏輯閘2443G進行邏輯運算依序轉換成第三數據封包PK3並輸出至第二八位元串流解密器2442;當解密層級為三階時,十六位元串流解密器2443所接收的為發送端裝置10所輸出的第三加密序列ES3,此時十六位元串流解密器2443中的解密線性反饋移位暫存器2443L擷取第十四位元c[14]、以及第十六位元c[16]進行邏輯運算後取得第三解密運算元,將該第三加密序列ES3與該第三解密運算元經由解密邏輯閘2443G進行邏輯運算依序轉換成第三數據封包PK3並輸出至第二八位元串流解密器2442。The fourth data packet PK4 is received by the 16-bit stream decryptor 2443 of the fifth-order decryptor 244, and the 16-bit stream decryptor 2443 decrypts the fourth data packet PK4 and outputs the third data packet PK3 (step S2043 ). In one embodiment, when the decryption level is fifth or fourth, the decryption linear feedback shift register 2443L in the sixteen-bit stream decryptor 2443 extracts the fourteenth bit c[14], the first The 16-bit c[16] is subjected to logical operation to obtain the third decryption operand, and the fourth data packet PK4 and the third decryption operand are sequentially converted into the third data packet PK3 by logical operation through the decryption logic gate 2443G and output to the second octet stream decryptor 2442; when the decryption level is the third order, what the 16-bit stream decryptor 2443 receives is the third encrypted sequence ES3 output by the sender device 10, at this time The decryption linear feedback shift register 2443L in the sixteen-bit stream decryptor 2443 extracts the fourteenth bit c[14] and the sixteenth bit c[16] and performs a logical operation to obtain the third decryption The operation unit, the third encryption sequence ES3 and the third decryption operation unit are sequentially converted into a third data packet PK3 through the logic operation of the decryption logic gate 2443G and output to the second octet stream decryptor 2442 .

第三數據封包PK3由五階解密器244的第二八位元串流解密器2442接收,第二八位元串流解密器2442解密該第三數據封包PK3並輸出第二數據封包PK2(步驟S2044)。於一實施例中,當解密層級為五階、四階或三階時,第二八位元串流解密器2442中的解密線性反饋移位暫存器2442L擷取第二位元b[2]、第十三位元b[13]、第十四位元b[14]、以及第十六位元b[16]進行邏輯運算後取得第二解密運算元,將該第三數據封包PK3與該第二解密運算元經由解密邏輯閘2442G進行邏輯運算依序轉換成第二數據封包PK2並輸出至第一八位元串流解密器2441;當解密層級為二階時,第二八位元串流解密器2442所接收的為發送端裝置10所輸出的第二加密序列ES2,此時第二八位元串流解密器2442中的解密線性反饋移位暫存器2442L擷取第二位元b[2]、第十三位元b[13]、第十四位元b[14]、以及第十六位元b[16]進行邏輯運算後取得第二解密運算元,將該第二加密序列ES2與該第二解密運算元經由解密邏輯閘2442G進行邏輯運算依序轉換成第二數據封包PK2並輸出至第一八位元串流解密器2441。The third data packet PK3 is received by the second octet stream decryptor 2442 of the fifth-order decryptor 244, and the second octet stream decryptor 2442 decrypts the third data packet PK3 and outputs the second data packet PK2 (step S2044). In one embodiment, when the decryption level is fifth-order, fourth-order or third-order, the decryption linear feedback shift register 2442L in the second octet stream decryptor 2442 retrieves the second bit b[2 ], the thirteenth bit b[13], the fourteenth bit b[14], and the sixteenth bit b[16] are logically operated to obtain the second decryption operator, and the third data packet PK3 The second data packet PK2 is sequentially converted into a second data packet PK2 by logical operation with the second decryption operator through the decryption logic gate 2442G and output to the first octet stream decryptor 2441; when the decryption level is the second order, the second octet What the stream decryptor 2442 receives is the second encrypted sequence ES2 output by the sender device 10. At this time, the decryption linear feedback shift register 2442L in the second octet stream decryptor 2442 extracts the second bit Element b[2], the thirteenth element b[13], the fourteenth element b[14], and the sixteenth element b[16] are logically operated to obtain the second decryption operand, and the second decryption operand is obtained. The two encrypted sequences ES2 and the second decryption operand are sequentially converted into a second data packet PK2 by performing logical operations through the decryption logic gate 2442G and output to the first octet stream decryptor 2441 .

第二數據封包PK2由五階解密器244的第一八位元串流解密器2441接收,第一八位元串流解密器2441解密該第二數據封包PK2並輸出第一數據封包PK1(步驟S2045)。具體而言,當解密層級為五階、四階、三階或二階時,第一八位元串流解密器2441中的解密線性反饋移位暫存器2441L擷取第二位元a[2]、以及第七位元a[7]進行邏輯運算後取得第一解密運算元,將該第二數據封包PK2與該第一解密運算元經由解密邏輯閘2441G進行邏輯運算依序轉換成第一數據封包PK1並輸出至資料目的模組22,此時定義該第一數據封包PK1為該五階解密器244輸出的還原數據封包;當解密層級為一階時,第一八位元串流解密器2441所接收的為發送端裝置10所輸出的第一加密序列ES1,此時第一八位元串流解密器2441中的解密線性反饋移位暫存器2441L擷取第二位元a[2]、以及第七位元a[7]進行邏輯運算後取得第一解密運算元,將該第一加密序列ES1與該第一解密運算元經由解密邏輯閘2441G進行邏輯運算依序轉換成第一數據封包PK1並輸出至資料目的模組22,此時定義該第一數據封包PK1為該五階解密器244輸出的還原數據封包。The second data packet PK2 is received by the first octet stream decryptor 2441 of the fifth-order decryptor 244, and the first octet stream decryptor 2441 decrypts the second data packet PK2 and outputs the first data packet PK1 (step S2045). Specifically, when the decryption level is fifth-order, fourth-order, third-order or second-order, the decryption linear feedback shift register 2441L in the first octet stream decryptor 2441 retrieves the second bit a[2 ], and the seventh bit a[7] is subjected to logical operation to obtain the first decryption operation element, and the second data packet PK2 and the first decryption operation element are sequentially converted into the first decryption operation element through the logic operation of the decryption logic gate 2441G The data packet PK1 is output to the data destination module 22, and the first data packet PK1 is defined as the restored data packet output by the fifth-order decryptor 244; when the decryption level is first-order, the first octet stream is decrypted What the device 2441 receives is the first encrypted sequence ES1 output by the sender device 10, at this time, the decryption linear feedback shift register 2441L in the first octet stream decryptor 2441 extracts the second bit a[ 2], and the seventh bit a[7] performs logical operation to obtain the first decryption operand, and the first encryption sequence ES1 and the first decryption operand are sequentially converted into the first decryption operand through the decryption logic gate 2441G for logical operation. A data packet PK1 is output to the data destination module 22 . At this time, the first data packet PK1 is defined as the restored data packet output by the fifth-order decryptor 244 .

綜上所述,比起習知技術,本發明可依據需要的加密程度切換加密層級,並且能經由一套硬體實現不同的加密層級防護。To sum up, compared with the prior art, the present invention can switch the encryption level according to the required level of encryption, and can realize the protection of different encryption levels through a set of hardware.

以上已將本發明做一詳細說明,惟,以上所述者,僅為本發明之一較佳實施例而已,當不能以此限定本發明實施之範圍,即凡依本發明申請專利範圍所作之均等變化與修飾,皆應仍屬本發明之專利涵蓋範圍內。The present invention has been described in detail above, however, the above-mentioned is only a preferred embodiment of the present invention, and should not limit the scope of the present invention by this Equivalent changes and modifications should still fall within the scope of the patent of the present invention.

100:可調式五階加密系統 10:發送端裝置 12:資料生成模組 14:資料加密模組 142:加密層級設定器 144:五階加密器 1441:第一八位元串流加密器 1441L:加密線性反饋移位暫存器 1441G:加密邏輯閘 1442:第二八位元串流加密器 1442L:加密線性反饋移位暫存器 1442G:加密邏輯閘 1443:十六位元串流加密器 1443L:加密線性反饋移位暫存器 1443G:加密邏輯閘 1444:三十二位元串流加密器 1444L:加密線性反饋移位暫存器 1444G:加密邏輯閘 1445:六十四位元串流加密器 1445L:加密線性反饋移位暫存器 1445G:加密邏輯閘 20:接收端裝置 22:資料目的模組 24:資料解密模組 242:解密層級設定器 244:五階解密器 2441:第一八位元串流解密器 2441L:解密線性反饋移位暫存器 2441G:解密邏輯閘 2442:第二八位元串流解密器 2442L:解密線性反饋移位暫存器 2442G:解密邏輯閘 2443:十六位元串流解密器 2443L:解密線性反饋移位暫存器 2443G:解密邏輯閘 2444:三十二位元串流解密器 2444L:解密線性反饋移位暫存器 2444G:解密邏輯閘 2445:六十四位元串流解密器 2445L:解密線性反饋移位暫存器 2445G:解密邏輯閘 DA:資料傳輸層 ES1:第一加密序列 ES2:第二加密序列 ES3:第三加密序列 ES4:第四加密序列 ES5:第五加密序列 PK:數據封包 PK1:第一數據封包 PK2:第二數據封包 PK3:第三數據封包 PK4:第四數據封包 PK5:第五數據封包 S201-205:步驟 S2021-2025:步驟 S2041-2045:步驟 100: Adjustable fifth-order encryption system 10: Sender device 12: Data generation module 14: Data encryption module 142: Encryption level setter 144: Fifth Order Encryptor 1441: First octet stream encryptor 1441L: Encrypted Linear Feedback Shift Register 1441G: Encryption logic gate 1442: Second octet stream encryptor 1442L: Encrypted Linear Feedback Shift Register 1442G: Encryption logic gate 1443: 16-bit stream encryptor 1443L: Encrypted Linear Feedback Shift Register 1443G: Encryption logic gate 1444: Thirty-two-bit stream cipher 1444L: Encrypted Linear Feedback Shift Register 1444G: Encryption logic gate 1445: Sixty-four bit stream cipher 1445L: Encrypted Linear Feedback Shift Register 1445G: Encryption logic gate 20: Receiver device 22: Data Purpose Module 24: Data decryption module 242: Decrypt level setter 244: Fifth Order Decryptor 2441: First octet stream decryptor 2441L: Decrypt Linear Feedback Shift Register 2441G: Decryption logic gate 2442: Second octet stream decryptor 2442L: Decrypt Linear Feedback Shift Register 2442G: Decryption logic gate 2443: 16-bit stream decryptor 2443L: Decrypt Linear Feedback Shift Register 2443G: Decryption logic gate 2444: Thirty-two-bit stream decryptor 2444L: Decrypt Linear Feedback Shift Register 2444G: Decryption logic gate 2445: Sixty-four bit stream decryptor 2445L: Decrypt Linear Feedback Shift Register 2445G: Decryption logic gate DA: Data Transport Layer ES1: First encryption sequence ES2: Second Encrypted Sequence ES3: Third Encrypted Sequence ES4: Fourth Encrypted Sequence ES5: Fifth Encrypted Sequence PK: data packet PK1: The first data packet PK2: The second data packet PK3: The third data packet PK4: Fourth data packet PK5: Fifth data packet S201-205: Steps S2021-2025: Steps S2041-2045: Steps

圖1,本發明可調式五階加密系統的方塊示意圖(一)。FIG. 1 is a block diagram (1) of the adjustable fifth-order encryption system of the present invention.

圖2,本發明可調式五階加密系統的方塊示意圖(二)。FIG. 2 is a block diagram (2) of the adjustable fifth-order encryption system of the present invention.

圖3,本發明五階加密器的方塊示意圖。FIG. 3 is a block diagram of a fifth-order cipher of the present invention.

圖4,本發明五階加密器的邏輯運算示意圖。FIG. 4 is a schematic diagram of the logical operation of the fifth-order cipher of the present invention.

圖5,本發明五階解密器的方塊示意圖。FIG. 5 is a block diagram of the fifth-order decryptor of the present invention.

圖6,本發明五階解密器的邏輯運算示意圖。FIG. 6 is a schematic diagram of the logical operation of the fifth-order decryptor of the present invention.

圖7,本發明可調式五階加密方法的流程示意圖。FIG. 7 is a schematic flowchart of the adjustable fifth-order encryption method of the present invention.

圖8,本發明五階加密器的加密流程示意圖。FIG. 8 is a schematic diagram of the encryption flow of the fifth-order encryption device of the present invention.

圖9,本發明五階解密器的解密流程示意圖。FIG. 9 is a schematic diagram of the decryption flow of the fifth-order decryptor of the present invention.

100:可調式五階加密系統 100: Adjustable fifth-order encryption system

10:發送端裝置 10: Sender device

12:資料生成模組 12: Data generation module

14:資料加密模組 14: Data encryption module

20:接收端裝置 20: Receiver device

22:資料目的模組 22: Data Purpose Module

24:資料解密模組 24: Data decryption module

DA:資料傳輸層 DA: Data Transport Layer

Claims (15)

一種可調式五階加密系統,包括: 一發送端裝置,包含一資料生成模組、以及一資料加密模組,該資料加密模組包含一加密層級設定器、以及一五階加密器,該加密層級設定器用以設定該五階加密器的一加密層級,該資料加密模組自該資料生成模組取得至少一數據封包,經由該五階加密器所選定的該加密層級對該數據封包進行加密後輸出一加密序列;以及 一接收端裝置,包含一資料目的模組、以及一資料解密模組,該資料解密模組包含一解密層級設定器、以及一五階解密器,該解密層級設定器用以依據該加密層級設定該五階解密器的一解密層級,該資料解密模組自該發送端裝置取得該加密序列,經由解密該五階解密器所選定的該解密層級對該加密序列進行解密後輸出還原後的該數據封包至該資料目的模組。 An adjustable fifth-order encryption system, comprising: A sender device includes a data generation module and a data encryption module. The data encryption module includes an encryption level setter and a fifth-level encryptor, and the encryption level setter is used for setting the fifth-level encryptor an encryption level, the data encryption module obtains at least one data packet from the data generation module, encrypts the data packet through the encryption level selected by the fifth-level encryptor and outputs an encryption sequence; and A receiver device includes a data destination module and a data decryption module. The data decryption module includes a decryption level setter and a fifth-order decryptor, and the decryption level setter is used for setting the encryption level according to the encryption level. A decryption level of the fifth-order decryptor, the data decryption module obtains the encrypted sequence from the sender device, decrypts the encrypted sequence by decrypting the decryption level selected by the fifth-order decryptor, and outputs the restored data Packet to the data destination module. 如請求項1所述的可調式五階加密系統,其中,該五階加密器包含依序連接的一第一八位元串流加密器、一第二八位元串流加密器、一十六位元串流加密器、一三十二位元串流加密器、以及一六十四位元串流加密器;該五階解密器包含依序連接的一第一八位元串流解密器、一第二八位元串流解密器、一十六位元串流解密器、一三十二位元串流解密器、以及一六十四位元串流解密器。The adjustable fifth-order encryption system of claim 1, wherein the fifth-order encryptor comprises a first octet stream cipher, a second octet stream cipher, ten a six-bit stream encryptor, a thirty-two-bit stream encryptor, and a sixty-four-bit stream encryptor; the fifth-order decryptor includes a first octet stream decryption concatenated sequentially decoder, a second octet stream decryptor, a sixteen-bit stream decryptor, a thirty-two-bit stream decryptor, and a sixty-four-bit stream decryptor. 如請求項2所述的可調式五階加密系統,其中,該第一八位元串流加密器、該第二八位元串流加密器、該十六位元串流加密器、該三十二位元串流加密器、以及該六十四位元串流加密器分別包含有一加密線性反饋移位暫存器以及一或複數個加密邏輯閘,該加密線性反饋移位暫存器具有一加密金鑰,該加密線性反饋移位暫存器將該加密金鑰的複數個加密位元抽頭進行邏輯運算後獲得一加密運算元,該加密運算元與該數據封包經由該加密邏輯閘進行運算後獲得對應階層的該加密序列;該第一八位元串流解密器、該第二八位元串流解密器、該十六位元串流解密器、該三十二位元串流解密器、以及該六十四位元串流解密器分別包含有一解密線性反饋移位暫存器以及一或複數個解密邏輯閘,該解密線性反饋移位暫存器具有一解密金鑰,該解密線性反饋移位暫存器將該解密金鑰的複數個解密位元抽頭進行邏輯運算後獲得一解密運算元,該解密運算元與該加密序列經由該解密邏輯閘進行運算後還原對應階層的該數據封包。The adjustable fifth-level encryption system of claim 2, wherein the first octet stream cipher, the second octet stream cipher, the 16-bit stream cipher, the three The 12-bit stream cipher and the 64-bit stream cipher respectively comprise an encrypted linear feedback shift register and one or a plurality of encrypted logic gates, the encrypted linear feedback shift register has a an encryption key, the encryption linear feedback shift register performs a logical operation on a plurality of encryption bit taps of the encryption key to obtain an encryption operation element, and the encryption operation element and the data packet are operated through the encryption logic gate Then obtain the encrypted sequence of the corresponding level; the first octet stream decryptor, the second octet stream decryptor, the 16-bit stream decryptor, the 32-bit stream decryption and the 64-bit stream decryptor respectively include a decryption linear feedback shift register and one or more decryption logic gates, the decryption linear feedback shift register has a decryption key, the decryption linear The feedback shift register performs a logical operation on a plurality of decryption bit taps of the decryption key to obtain a decryption operation element, and the decryption operation element and the encryption sequence are operated through the decryption logic gate to restore the data of the corresponding level packet. 如請求項3所述的可調式五階加密系統,其中,該加密位元抽頭與該解密位元抽頭的位元數量為偶數個。The adjustable fifth-order encryption system according to claim 3, wherein the number of bits of the encryption bit tap and the decryption bit tap is an even number. 如請求項4所述的可調式五階加密系統,其中,該第一八位元串流加密器、該十六位元串流加密器、該三十二位元串流加密器的該加密位元抽頭數量為兩個;該第二八位元串流加密器、該六十四位元串流加密器的該加密位元抽頭數量為四個;該第一八位元串流解密器、該十六位元串流解密器、該三十二位元串流解密器的該解密位元抽頭數量為兩個;該第二八位元串流解密器、該六十四位元串流解密器的該解密位元抽頭數量為四個。The adjustable fifth-order encryption system of claim 4, wherein the encryption of the first octet stream cipher, the 16-bit stream cipher, and the 32-bit stream cipher The number of bit taps is two; the number of encrypted bit taps of the second octet stream encryptor and the 64-bit stream encryptor is four; the first octet stream decryptor , the number of the decrypted bit taps of the sixteen-bit stream decryptor and the thirty-two-bit stream decryptor is two; the second eight-bit stream decryptor, the sixty-four-bit string The number of decrypted bit taps for the stream decryptor is four. 一種發送端裝置,包括: 一資料生成模組;以及 一資料加密模組,該資料加密模組包含一加密層級設定器、以及一五階加密器,該加密層級設定器用以設定該五階加密器的一加密層級,該資料加密模組自該資料生成模組取得至少一數據封包,經由該五階加密器所選定的該加密層級對該數據封包進行加密後輸出一加密序列。 A transmitter device, comprising: a data generation module; and a data encryption module, the data encryption module includes an encryption level setter and a fifth-level encryptor, the encryption level setter is used to set an encryption level of the fifth-level encryptor, the data encryption module is derived from the data The generating module obtains at least one data packet, encrypts the data packet through the encryption level selected by the fifth-order encryptor, and outputs an encryption sequence. 如請求項6所述的發送端裝置,其中,該五階加密器包含依序連接的一第一八位元串流加密器、一第二八位元串流加密器、一十六位元串流加密器、一三十二位元串流加密器、以及一六十四位元串流加密器。The sender device of claim 6, wherein the fifth-order cipher comprises a first octet stream cipher, a second octet stream cipher, and a 16-bit cipher that are connected in sequence A stream encryptor, a thirty-two-bit stream encryptor, and a sixty-four-bit stream encryptor. 如請求項7所述的發送端裝置,其中,該第一八位元串流加密器、該第二八位元串流加密器、該十六位元串流加密器、該三十二位元串流加密器、以及該六十四位元串流加密器分別包含有一加密線性反饋移位暫存器以及一或複數個加密邏輯閘,該加密線性反饋移位暫存器具有一加密金鑰,該加密線性反饋移位暫存器將該加密金鑰的複數個加密位元抽頭進行邏輯運算後獲得一加密運算元,該加密運算元與該數據封包經由該加密邏輯閘進行運算後獲得對應該加密層級的該加密序列。The sender device of claim 7, wherein the first octet stream cipher, the second octet stream cipher, the 16-bit stream cipher, the 32-bit stream cipher The meta-stream encryptor and the 64-bit stream encrypter respectively comprise an encrypted linear feedback shift register and one or more encryption logic gates, the encrypted linear feedback shift register has an encryption key , the encryption linear feedback shift register performs a logical operation on a plurality of encryption bit taps of the encryption key to obtain an encryption operation element, and the encryption operation element and the data packet are obtained after operation through the encryption logic gate. This encrypted sequence of layers should be encrypted. 如請求項8所述的發送端裝置,其中,該加密位元抽頭的位元數量為偶數個。The sender device according to claim 8, wherein the number of bits of the encrypted bit tap is an even number. 如請求項9所述的發送端裝置,其中,該第一八位元串流加密器、該十六位元串流加密器、該三十二位元串流加密器的該加密位元抽頭數量為兩個;該第二八位元串流加密器、該六十四位元串流加密器的該加密位元抽頭數量為四個。The sender device of claim 9, wherein the encrypted bit taps of the first octet stream cipher, the 16-bit stream cipher, and the 32-bit stream cipher The number is two; the number of the encryption bit taps of the second octet stream cipher and the 64-bit stream cipher is four. 一種接收端裝置,包括 一資料目的模組;以及 一資料解密模組,該資料解密模組包含一解密層級設定器、以及一五階解密器,該解密層級設定器用以依據一加密層級設定該五階解密器的一解密層級,該資料解密模組自一發送端裝置取得一加密序列,經由解密該五階解密器所選定的該解密層級對該加密序列進行解密後輸出還原後的一數據封包至該資料目的模組。 A receiver device, comprising a data purpose module; and A data decryption module, the data decryption module includes a decryption level setter and a fifth-order decryptor, the decryption level setter is used for setting a decryption level of the fifth-order decryptor according to an encryption level, and the data decryption module The group obtains an encrypted sequence from a sender device, decrypts the encrypted sequence through the decryption level selected by the fifth-order decryptor, and outputs a restored data packet to the data destination module. 如請求項11所述的接收端裝置,其中,該五階解密器包含依序連接的一第一八位元串流解密器、一第二八位元串流解密器、一十六位元串流解密器、一三十二位元串流解密器、以及一六十四位元串流解密器。The receiver device of claim 11, wherein the fifth-order decryptor comprises a first octet stream decryptor, a second octet stream decryptor, and a sixteen-bit stream decryptor connected in sequence A stream decryptor, a thirty-two-bit stream decryptor, and a sixty-four-bit stream decryptor. 如請求項12所述的接收端裝置,其中,該第一八位元串流解密器、該第二八位元串流解密器、該十六位元串流解密器、該三十二位元串流解密器、以及該六十四位元串流解密器分別包含有一解密線性反饋移位暫存器以及一或複數個解密邏輯閘,該解密線性反饋移位暫存器具有一解密金鑰,該解密線性反饋移位暫存器將該解密金鑰的複數個解密位元抽頭進行邏輯運算後獲得一解密運算元,該解密運算元與該加密序列經由該解密邏輯閘進行運算後還原對應該加密層級的該數據封包。The receiver device of claim 12, wherein the first octet stream decryptor, the second octet stream decryptor, the 16-bit stream decryptor, the 32-bit stream decryptor The metastream decryptor and the 64-bit stream decryptor respectively comprise a decryption linear feedback shift register and one or more decryption logic gates, the decryption linear feedback shift register has a decryption key , the decryption linear feedback shift register performs a logical operation on a plurality of decryption bit taps of the decryption key to obtain a decryption operator, and the decryption operator and the encryption sequence are operated through the decryption logic gate. This data packet should be encrypted at the level. 如請求項13所述的接收端裝置,其中,該解密位元抽頭的位元數量為偶數個。The receiving end device according to claim 13, wherein the number of bits of the decrypted bit tap is an even number. 如請求項14所述的接收端裝置,其中,該第一八位元串流解密器、該十六位元串流解密器、該三十二位元串流解密器的該解密位元抽頭數量為兩個;該第二八位元串流解密器、該六十四位元串流解密器的該解密位元抽頭數量為四個。The receiver device of claim 14, wherein the decryption bit taps of the first octet stream decryptor, the 16-bit stream decryptor, and the 32-bit stream decryptor The number is two; the number of the decrypted bit taps of the second octet stream decryptor and the 64-bit stream decryptor is four.
TW109132771A 2020-09-22 2020-09-22 Adjustable five-stage encryption system, transmitting device and receiving device TW202213961A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW109132771A TW202213961A (en) 2020-09-22 2020-09-22 Adjustable five-stage encryption system, transmitting device and receiving device
CN202110997430.5A CN114257369A (en) 2020-09-22 2021-08-27 Adjustable five-order encryption system, transmitting terminal device and receiving terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109132771A TW202213961A (en) 2020-09-22 2020-09-22 Adjustable five-stage encryption system, transmitting device and receiving device

Publications (1)

Publication Number Publication Date
TW202213961A true TW202213961A (en) 2022-04-01

Family

ID=80791323

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109132771A TW202213961A (en) 2020-09-22 2020-09-22 Adjustable five-stage encryption system, transmitting device and receiving device

Country Status (2)

Country Link
CN (1) CN114257369A (en)
TW (1) TW202213961A (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100353765C (en) * 2004-11-04 2007-12-05 上海交通大学 Encrypting/decrypting method adapted for movie and television program content data
CN101656583B (en) * 2008-08-21 2012-07-04 中兴通讯股份有限公司 Key management system and key management method
FR3079989B1 (en) * 2018-04-10 2020-05-01 Youssef Ben-Naser METHODS, DEVICES AND COMPUTER PROGRAMS FOR DATA ENCRYPTION AND DECRYPTION FOR DATA TRANSMISSION OR STORAGE
US11140139B2 (en) * 2018-11-21 2021-10-05 Microsoft Technology Licensing, Llc Adaptive decoder selection for cryptographic key generation
TWI700915B (en) * 2019-02-01 2020-08-01 益力半導體股份有限公司 A mixing double encryption and decryption system

Also Published As

Publication number Publication date
CN114257369A (en) 2022-03-29

Similar Documents

Publication Publication Date Title
US8983063B1 (en) Method and system for high throughput blockwise independent encryption/decryption
US8127130B2 (en) Method and system for securing data utilizing reconfigurable logic
Almuhammadi et al. A comparative analysis of AES common modes of operation
US20090220083A1 (en) Stream cipher using multiplication over a finite field of even characteristic
CN111034115B (en) Encryption system and method for expanding apparent size of true random number pool
JP2001007800A (en) Ciphering device and ciphering method
US20090304180A1 (en) Key evolution method and system of block ciphering
US9059838B2 (en) Encryption algorithm with randomized buffer
US8122075B2 (en) Pseudorandom number generator and encryption device using the same
TWI700915B (en) A mixing double encryption and decryption system
El_Deen Design and implementation of hybrid encryption algorithm
TWI728933B (en) Hybrid multistage algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
Yewale Minal et al. Implementation of AES on FPGA
TW202213961A (en) Adjustable five-stage encryption system, transmitting device and receiving device
TWI705685B (en) A double encryption and decryption system
CN106973061B (en) AES outgoing file encryption method based on reversible logic circuit
Pethe et al. A survey on different secret key cryptographic algorithms
TW202218372A (en) Hybrid parallel algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
KR101566416B1 (en) Method and device of data encription with increased security
TW202218371A (en) Parallel algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
TWI803050B (en) Multi-stage parallel and serial operation encryption and decryption system
TWI809545B (en) Hybrid tree encryption and decrytion system
CN110278206B (en) BWE encryption algorithm based on double private keys
Kumar et al. A Symmetric Multiple Random Keys (SMRK) Model Cryptographic Algorithm
Abdulsamad et al. Analysis of the Cryptography Methods for Design of Crypto-Processor