WO1997012459A1 - A method for encryption of file - Google Patents

A method for encryption of file Download PDF

Info

Publication number
WO1997012459A1
WO1997012459A1 PCT/CN1995/000077 CN9500077W WO9712459A1 WO 1997012459 A1 WO1997012459 A1 WO 1997012459A1 CN 9500077 W CN9500077 W CN 9500077W WO 9712459 A1 WO9712459 A1 WO 9712459A1
Authority
WO
WIPO (PCT)
Prior art keywords
bit
key
source
noise source
byte
Prior art date
Application number
PCT/CN1995/000077
Other languages
French (fr)
Chinese (zh)
Inventor
Xian Kan Lin
Original Assignee
Xian Kan Lin
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Kan Lin filed Critical Xian Kan Lin
Priority to AU35608/95A priority Critical patent/AU3560895A/en
Priority to PCT/CN1995/000077 priority patent/WO1997012459A1/en
Publication of WO1997012459A1 publication Critical patent/WO1997012459A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/24Key scheduling, i.e. generating round keys or sub-keys for block encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction

Definitions

  • the present invention relates to a file encryption processing technique in cryptographic technology, and more particularly, to a file encryption (decryption) processing method suitable for data processing.
  • the object of the present invention is to provide a method for processing file encryption in data processing, so that in a computer storage system and a computer communication system, the separation software is shaped or solidified in various RO PROMs or as the content of an operation system.
  • One method that exists in the hard disk is to encrypt (or decrypt) a data file of a certain length and a certain format.
  • the technical solution of the present invention is as follows: In a system composed of a conventional computer and its peripheral devices, under the control of an operating system, encryption (or decryption) work is performed on a user-defined target file. as follows:
  • the working mode of encryption or decryption
  • the source file name and its path the target file name and its path; the user key.
  • the working mode (encryption or decryption) is recorded in the memory.
  • the user key is determined by the user, when it is acquired by a keyboard input, a total value of the ASCII code values 95 to 7 EH 20H is used as the user key, the byte length which can 1-- vary between 16 When the length is less than 16 bytes, it is complemented to 16 bytes, and then the pseudo-random number processing is performed on the upper 4 bits of each byte of the user key entered by the keyboard, so as to form a 16-byte long source key; When the user key determined by the user is obtained from the memory, the 16-byte user key is directly used as the source key.
  • a sub-key is obtained through transformation calculation such as compression permutation and logical shift.
  • the number of supplementary key bytes be the number of cycles, and use the first byte of the user key as the first noise source and the last byte as the second noise source.
  • the loop body first multiply the first noise source by the first For the two voice sources, the product is divided by 10. If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the supplementary key. If the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used. To supplement the key, and then use the supplementary key as the second noise source. If the loop does not end and then returns to the beginning of the loop body, perform the operation in the loop body. If the loop ends, the first byte of the supplementary key is logically Multiply by 1FH.
  • the upper 4 bits of the second noise source are equal to zero, the upper 4 bits of the key are XORed with the first The lower 4 bits of the second noise source. If the upper 4 bits of the second noise source are not equal to zero, the exclusive 4 bits of the key are XORed with the upper 4 bits of the second noise source.
  • the second noise source in the above result is used as the lower The input of a loop is looped. If the loop does not end, it returns to the beginning of the loop body, and performs the operation in the loop body until the end of the loop is formed. 16-byte long source key;
  • the 16-byte source key has 128 bits in total.
  • the function LMi represents a logical shift, as shown in Figure 8.
  • Compression substitution 1 is shown in Figure 7, and the 115th bit of the source key is taken as C. D.
  • the first bit is the C bit.
  • D. The second place, and so on, form a 112-bit long (:. D .;
  • Compression permutation 2 is shown in Figure 9 , with the 14th bit as the first bit, the 27th bit as the second bit, and so on, forming a 96-bit long sub-key K i; For a subkey ⁇ ( ⁇ 1,32), the compression permutations 2 are all the same, but the corresponding ones are different.
  • the source file is read into the memory, and they are slidingly grouped, the number of sliding grouping code blocks is calculated, and the fragments are processed.
  • the source file is slidingly grouped, and the processing method is to encrypt the (or decryption) result of the previous group of code blocks by M (M is an integer, one of 1 to 4) bytes before the next code block.
  • M is an integer, one of 1 to 4
  • M bytes in the forward sliding mode, such a set of code blocks is encrypted (or decrypted) to generate the same number of new code blocks, and then the aforementioned
  • the digital sequence composed of new code blocks is slidingly grouped, that is, sliding grouping is started from the tail of the new data series in the reverse sliding operation mode.
  • the processing method is to M words following the previous block of encryption (or decryption) results
  • the section is the first M bytes of the next code block. After such a group of code blocks is encrypted (or decrypted), an object file corresponding to the source file is generated, that is, a ciphertext (or plaintext).
  • the method of calculating the number of code blocks and the fragment length is to first take the byte length of the file and divide it by (16-M). For encryption, use (quotient + 1) as the quotient, and then take (U 6 -M)-the remainder) as the fragment.
  • the block byte length gives the number of code blocks; if it is not encrypted, it directly gives the number of code blocks.
  • Processing fragments means processing some remaining plaintext information of the sliding grouping. Add some information to make it a set of data, the added information must contain a special information, that is, the fragment length, so that when decrypted, the newly added information is truncated to restore the original plain text's appearance completely, and the rest
  • the newly added information is filled with a pseudo-random number.
  • the method is to take (fragment length-1) as the cycle number, and the cycle number is equal to zero, and directly send the fragment length to the fragment area. If the cycle number is not equal to zero, the source secret is sent.
  • the first byte of the key is used as the first noise source, and the last byte of the source key is used as the second noise source.
  • the first noise source is first multiplied by the second noise source, and the above multiplication is divided by 10 If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the second noise source, and if the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used as the second noise source;
  • the noise source is sent to the fragment area. If the end of the cycle ends, it returns to the beginning of the cycle body and performs the operation in the cycle body. At the end of the cycle, the fragment length is sent to the fragment area.
  • the code blocks of the obtained source file are encrypted (or decrypted).
  • the encryption (or decryption) is performed in a reciprocating manner.
  • the method is to start from the source file header for the first time. Sliding block code blocks for encryption (or decryption), the second time starts from the end of the file and proceeds in the reverse direction; the first is to use the number of code blocks as the cycle number, and point the source data address pointer and the target data address pointer to the beginning of the file buffer Address, in the loop body, first execute the encryption algorithm, and then increase the source data address pointer and target data address pointer (16 -M), the end of the loop returns to the beginning of the loop body, and execute the Operation, a new sequence of numbers is obtained at the end of the loop.
  • the encryption algorithm is composed of initial permutation, multiplication, and inverse initial permutation. Input 28 plain text (cipher text) and 32 subkeys with a length of 12 bytes. The output is 128-bit cipher text (plain text);
  • the first embodiment shown in FIG. 16 is a 122 bit input data as a result of the initial permutation, the bit 2 of II 4-bit input data as a result of the initial permutation, and so on, obtained by the initial permutation 128-bit output data.
  • the product transformation is a process of continuous iteration, performed a total of 32 times, the output of the initial replacement is used as the input of the first iteration, and the subsequent operation is to use the output of the previous iteration as the input of the next iteration, and the result of the 32nd iteration As the input of the inverse initial permutation;
  • 0 is used to represent the odd number of data in each iteration of the output (or input)
  • E is an even number of data
  • F is the table. Shows the encryption function.
  • the scheme of the inverse initial permutation is shown in FIG. 17.
  • the 80th bit of the final result of the product transformation is used as the first bit of the inverse initial permutation result, and the 16th bit of the final result of the product transformation is used as the second bit of the inverse initial permutation result.
  • 128 bits of output data after inverse initial permutation are obtained.
  • the encryption function F is the core of the algorithm. It consists of extended transformation, XOR sub-key operation, replacement of a secret box, and transformation E. For input 64-bit data, it is first extended and transformed into 96-bit data. The result of the extended transformation is XORed with the 96-bit sub-key, and the XOR result is 96-bit data, which is replaced by the secret box into 64-bit data, and finally transformed E to output 64-bit data;
  • FIG. 19 shows the rules of the extended transformation, which converts 64-bit input data into 96-bit output data, uses the 64th bit of the input sequence as the first bit of the output sequence, and the first bit of the input sequence As the second bit of the output sequence, we can do the same by analogy.
  • the secret box replacement is a compression replacement.
  • the input 96-bit data is divided into 16 groups in sequence, each group is 6 bits, and the replacement of each group corresponds to a secret table.
  • the first 2 and the last 2 bits form the row number
  • the middle 4 bits form the column number.
  • the row number and column number are extracted from the corresponding secret table as element output, and the output of each group is combined together in order to become the 64-bit replacement output data of the secret box;
  • the 16 secret tables that can have a secret box are shown in Fig. 20 and Fig. 21. If the positions of any two secret tables in the 16 secret tables shown in Fig. 20 and Fig. 2 (i ) are reversed, another one is formed. A new secret box; if the positions of any two columns with the same column numbers shown in FIG. 20 and FIG. 21 are reversed at the same time (or the positions of any two columns with the same column numbers of the new new secret box are reversed at the same time) ), It also forms a new secret box.
  • the present invention proposes a 3 ⁇ 4 box group with a total of (16!) 2 secret boxes.
  • the transformation E is a kind of scrambling. It uses a pseudo-random number and another number (called RA) to perform an exclusive OR operation. The number obtained is still a pseudo-random number. The generation of the pseudo-random number and RA should be as far as possible with the transformation.
  • the input data of E is related to the generation of the pseudo-random number sequence according to the formula
  • ⁇ ⁇ > 2 ( ⁇ ⁇ ⁇ X i ) M0D M at that time
  • the transformation E can also be as follows: As shown in FIG. 22, the 64-bit incoming data is sequentially assigned to SX i ⁇ ), and the length of 5) ⁇ is one word, corresponding to the above-mentioned operation of transformation E,
  • the corresponding changes can be based on the following facts: (1) in an unsigned integer, the maximum value of a byte is 255, the maximum value of a word is 65535; (2) in the range of one byte, the prime number The order from big to small is: 251, 241, 239, 233, and within a word range, the corresponding row '1 is: 65521, 65519, 65497, 65479,.... Drawing description
  • FIG. 1 Schematic diagram of the overall hardware of the present invention
  • FIG. 18 Logic Diagram of Encryption Function
  • the file encryption processing method of the present invention is applied to a hardware environment such as: a computer storage system, a computer communication system, a central processing unit, an internal memory, a keyboard, a display, a disk drive, a printer, a communication interface, and a floppy disk.
  • a hardware environment such as: a computer storage system, a computer communication system, a central processing unit, an internal memory, a keyboard, a display, a disk drive, a printer, a communication interface, and a floppy disk.
  • the inter-control bus, address bus, and data bus are connected together, as shown in Figure 1, where:
  • Memory block A ( Figure 1) stores encrypted command files
  • memory block B ( Figure 1) stores encrypted (or decrypted) objects, that is, source files and target files.
  • the starting address of memory block A is determined by the operating system.
  • Memory block B Located at the high end of the computer memory, after the encryption command completes the encryption (or decryption) operation, the memory block B is controlled by the operation system;
  • Memory block A is provided with a one-byte physical unit that stores encryption (or decryption) operation mode information.
  • the user's encryption (or decryption) request determines the content of the physical unit (not shown in Figure 1);
  • the physical unit of the word is used to store the system information. It indicates whether the system is a Chinese operating system, an English operating system, or an operating system in another language (not shown in Figure 1);
  • the logical relationship of completing the encryption (or decryption) work is shown in Figure 2.
  • the user answers the following four questions: Encryption (or decryption) work Mode, source file name and its path, target file name and its path, using the user key; after the user determines the encryption (or decryption) mode on the keyboard, the memory block A stores the encryption (or decryption) The content of the physical unit of the pattern information is determined accordingly.
  • the size and starting address of memory block B can be determined according to the length of the source file and the use of memory resources, and the source file is read into memory block B ; Slidingly group the source files in the memory block B, calculate the number of sliding block code blocks and process the fragments, and then execute the encryption algorithm on each code block of the source file back and forth; when the entire content of the source file in the memory block B is After encrypting (or decrypting), write the ciphertext (or plaintext) in the target file;
  • the source key is obtained from the user key.
  • the key When the user key length is less than 16 bytes, the key must be supplemented to a length of 16 bytes, and each byte of the user key obtained from the keyboard is supplemented.
  • the upper 4 bits are used for pseudo-random number processing. After the above process, a 16-byte long source key is formed (see Figure 3 above);
  • the supplementary key byte amount as the number of cycles, the first byte of the user key as the first noise source, and the last byte as the second noise source.
  • the source of the noise is divided by 10. If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the supplementary key. If the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used as the supplementary secret. Key, and then use the supplementary key as the second noise source. If the loop does not end and returns to the beginning of the loop body, perform the operation in the loop body. If the loop ends, multiply the first byte of the supplementary key by 1FH logically. (The above is shown in Figure 4);
  • the byte length of the user key is used as the number of cycles, the first byte of the user key is used as the first noise source, and the last byte is used as the second noise source. If a supplementary key is available, the last word of the supplementary key is used Section as a second noise source. In the loop body, first multiply the first noise source by the second noise source, and divide the above product by 10. If the lower 8 bits of the quotient are equal to zero, use the upper 8 bits of the quotient as the second noise source.
  • the lower 8 bits of the key are not equal to zero, then use the lower 8 bits of the quotient as the second noise source; then perform the following operation, and if the upper 4 bits of the second noise source are equal to zero, XOR the second upper 4 bits of the key The lower 4 bits of the noise source. If the upper 4 bits of the second noise source are not equal to zero, the exclusive 4 bits of the key are XORed with the upper 4 bits of the second noise source. The second noise source in the above result is used as the next one.
  • the input of the loop is looped. If the loop does not end, it returns to the beginning of the loop body, and executes the operation in the loop body. If the loop ends, it enters the step of calculating the subkey (see Figure 5 above). As shown);
  • the 16-byte user key is directly used as the source key
  • the subkey is calculated from the source key.
  • the 16-byte source key has a total of 128 bits.
  • Compression substitution 1 is shown in Fig. 7, and the 115th bit of the source key is taken as C. D.
  • the first bit is the C bit. D.
  • Compression permutation 2 is shown in Figure 9, with the 14th bit as the first bit of 27, the 27th bit as the second bit of K, and so on, forming a 96-bit long subkey K i;
  • the compression permutation 2 is the same, but the corresponding ones are different;
  • the source file is slidingly grouped.
  • the last two bytes of the encryption (or decryption) result of the previous group of code blocks are used as the first two bytes of the next code block.
  • the forward sliding operation mode is shown in Figure 10.
  • N is a natural number; such a set of code blocks is encrypted (or decrypted) to generate a new set of code blocks of the same set-number, and then the aforementioned new code blocks are formed in a reverse manner.
  • the digital sequence is slidingly grouped, that is, starting from the tail of the new data series, as shown in Figure 11, where N is a natural number; the processing method is to encrypt (or decrypt) the last two words of the result of the previous group of code blocks.
  • the section is the first two bytes of the next code block.
  • the method of calculating the number of code blocks and the fragment length is to first divide the byte length of the file by 14. For encryption, use (quotient + 1) as the quotient, and then (1. the remainder) as the fragment byte length. Number of code blocks; if it is not encrypted, directly give the number of code blocks, as shown in Figure 12,
  • Processing fragments means processing the remaining plaintext information of the sliding packet.
  • the method is to add some information to make up a set of data.
  • the added information must contain a special information, namely the fragment length, so that it can be decrypted when decrypted. Based on this, the newly added information is truncated to completely restore the original plain text appearance, and the remaining new information is filled with pseudo-random numbers.
  • the method is to divide the (fragment length- 1) As the cycle number, the cycle number is equal to zero, and the fragment length is directly sent to the fragment area.
  • the first byte of the source key is used as the first noise source, and the last byte of the source key is used as The second noise source, in the loop body, first multiply the first noise source by the second noise source, and divide the above product by 10. If the lower 8 bits of the quotient are equal to zero, use the upper 8 bits of the quotient as the second noise.
  • the encryption takes the form of reciprocating, which is the first time from the source file header
  • the first time is to encrypt (or decrypt) each sliding block code block.
  • the second time is to start from the end of the file and proceed in the reverse direction.
  • the first is to count the number of code blocks as the number of cycles, and refer to the source data address pointer and the target data address.
  • Point to the head of the file buffer In the loop body, first execute the encryption algorithm, and then increase the source data address pointer and the target data address pointer by 14, and return to the beginning of the loop body at the end of the loop. Perform the operation in the loop body and get the end of the loop. A new sequence of numbers. Then encrypt (or decrypt) the new digital sequence in the reverse manner, using the number of code blocks as the cycle number, and pointing the source data address pointer and destination data address pointer to the 16th byte at the end of the new digital sequence.
  • first execute the encryption algorithm and then reduce the source data address pointer and the target data address pointer by 14. If the loop is not ended, return to the beginning of the loop body, and execute the ⁇ ⁇ in the loop body.
  • the ciphertext (or plaintext) corresponding to the source file. After the task is completed, return to the operation system, as shown in Figure 14;
  • the ladder diagram of the data encryption algorithm is shown in Figure 15. It consists of initial permutation, multiplication, and inverse initial permutation.
  • Input 128-bit plaintext (ciphertext) and 32 subkeys with a length of 12 bytes.
  • the output is 128.
  • Bit ciphertext plaintext
  • the initial replacement scheme is shown in Figure 16.
  • the 122nd bit of the input data is the first bit of the initial replacement result
  • the 114th bit of the input data is the second bit of the initial replacement result
  • 128-bit output data is shown in Figure 16.
  • Product transformation is a process of continuous iteration, which is performed a total of 32 times.
  • the output of the initial replacement is the input of the first iteration.
  • the subsequent work is to use the output of the previous iteration as the input of the next iteration.
  • the result ⁇ is the input of the inverse initial permutation.
  • 0 is used to represent the odd-numbered sections of the output (or input) data for each iteration
  • E is an even-numbered section
  • F is an encryption function.
  • the subkey ⁇ 33 was used for the i-th iteration.
  • the encryption function F is the core of the algorithm. It consists of extended transformation, XOR sub-key operation, key box replacement, and transformation E. As shown in Figure 18, for inputting 64-bit data, it is first transformed into 96- bit data. Data, and then XOR the result of the extended transformation with the 96-bit subkey to get the XOR result of 96-bit data, which is replaced by the secret box to 64-bit data, and finally transformed E, and output 64-bit data;
  • Figure I 9 shows the rules of extended transformation. It converts 64-bit input data into 96-bit output data, uses the 64th bit of the input sequence as the first bit of the output sequence, and the first bit of the input sequence as the output. The second position of the sequence, and so on, operates.
  • the secret box replacement is a compression replacement.
  • the 16 secret tables with a secret box are shown in Fig. 20 and Fig. 21. If the positions of any two secret tables in the 16 secret tables shown in Fig. 20 and Fig. 21 are reversed, a new one is formed.
  • the present invention proposes a secret box group with a total of (16!) 2 secret box groups.
  • the input 96-bit data is divided into 16 groups in sequence, each group is 6 bits, and the replacement of each group corresponds to a secret table.
  • the first and last 2 bits form the row number
  • the middle 4 bits form the column.
  • Number, according to this row number, column number in the corresponding secret table to extract the element value as output, the output of each group is combined together in turn.
  • the output data of the secret box is 64 bits;
  • the transformation E is a kind of scrambling. It uses a pseudo-random number and another number (called RA) to perform an exclusive OR operation. The number obtained is still a pseudo-random number. The generation of the pseudo-random number and RA should be as far as possible with the transformation.
  • the input data of E is related to the generation of the pseudo-random number sequence according to the formula
  • x i ⁇ 2 (x, ⁇ x ..,) M0D M when x ,. 2 ⁇ l
  • M is a prime number
  • x c 0, M
  • ⁇ , ⁇ 0, 1, ⁇ ; ⁇ 0, 1, ⁇ , (n-2)
  • is a natural number
  • the 64-bit data obtained by substituting the secret box is used as the input of this process.
  • the operation on the transformation E can be as follows: First, the 64-bit input data is sequentially assigned to SX ;
  • the first stage operation is to multiply the first noise source by the second noise source, divide the product by 251, and get the remainder R, and (RS ®SX,) to SX ⁇
  • the operation of transforming E can also be as follows: As shown in FIG. 22, the 64-bit input data is sequentially assigned to SX i-0, 3) 'The length of SXi is one word, corresponding to the above-mentioned operation of transforming E, correspondingly
  • the value of the change can be based on the following facts: (1) in an unsigned integer, the maximum value of a byte is 255, the maximum value of a word is 65535; (2) within the range of one byte, The order of the prime numbers from big to small is: 251, 241, 239, 233, and within a word range, the corresponding arrangement is: 65521, 65519, 65497, 65479,....
  • an external encryption command file in the form of a software system (for example, through programming, compilation, linking, etc.), Or an executable file with the suffix "EXE") or solidified in various ROMs, PROMs are made into LSI chips. It is also preferable that in the operation of the computer, it is not necessary to open a special data area for the data file in the program, but to apply to the operating system for an internal memory located at a high-end address, such as the memory block B shown in FIG.
  • the target file generated by the first encryption can also be used as the source file of the second encryption, and so on. It can be encrypted multiple times, how many times the encryption is performed, and the same decryption. The number of times you can restore the previous plaintext. Encryption commands can be used in Chinese operating systems, English operating systems, or operating systems in other languages.
  • the present invention can be applied to include text files, form files, graphic files, image files, library function files, and even executable files.
  • the data encryption method proposed by the present invention can also be used in real-time communication systems, including encryption and decryption for digital image signals and digital audio signals. Can also be used in radio communications.
  • the data file encryption processing method provided by the present invention includes that it can be used on a microcomputer, and can also be used on a small computer.
  • the data file encryption processing method provided by the present invention includes a single-user operation system and a multi-user operation system. Beneficial effect
  • the present invention Compared with the current domestic and foreign DES algorithms and their variants, the present invention has the following beneficial technical effects:
  • the key amount is 2 11 ⁇ , and the key length obtained from the disk is variable.
  • the present invention proposes a secret box group with a total of (16!) 2 secret boxes.
  • each alternative secret box there are 16 secret tables; the elements of the same row number and column number in the 16 secret tables are different; in the 16 secret tables, the values of the elements on the same column are different and the same The elements on the line are also different. Therefore, every time the replacement of the secret box is implemented the "one time one secret" system.
  • the operation object that is, the data file
  • the memory can be fully utilized to encrypt (or decrypt) a data file of a certain length, and can also form an operation
  • the external encryption command of the system enhances the function of the file management type command and enriches the content of the operating system. 7.
  • the length of each encrypted code block of the present invention is 16 bytes, it is easy to make the distribution of official text values between 0 and 255 more ideal.

Abstract

A method for encryption of file, comprising the steps of performing slide partition on source file block-by-block, each block being 128 bits; generating source key from user key by complementing the user key or by subjecting the user key to pseudo-random number processing; generating subkey from the source key through the use of compression permutation and logic shift; enciphering the blocks through the use of initial permutation, multiplicative conversion and inverse initial permutation, the multiplicative conversion using a cryptographic function including operations of extended conversion, exclusive OR of the subkey, box substitution and E conversion. The method is suitable for generating such digital information as voice and image etc... The executable file thus generated is provided to user in the form of software or being stored in memory, such as ROM and PROM, or being integrated into chips of various specifications, and is highly security and easy to use.

Description

一种文件加密处理方法 所属技术领域  File encryption processing method
本发明涉及密码技术中的文件加密处理枝术, 更确切的涉及一种适 用于数据处理中的文件加密(解密)处理方法。 背景枝术  The present invention relates to a file encryption processing technique in cryptographic technology, and more particularly, to a file encryption (decryption) processing method suitable for data processing. Background branch
由于信息是一种资源, 所以她就存在着安全保护的必要性。 在计算 机存 ϋ和计算机通讯系统中, 信息是用 " 0" 和 " Γ 的不同组合耒构成 的, 也就是说, 所有的信息在计算机中都是用数据耒表示的。 为了数据 的安全, 产生了许多数据加密的技术方案。 其中,数据加密标准 DES (Data Encryption Standard) 算法是目前通用的数据加密法。 然而这种算法 有以下几个缺点: (1)它的密钥量为 2M。 在出现了高速计算机的今天, 这个密钥量显得小了些.。 因为破译者可以运用穷举法在高速计算机上耒 取得密钥。 这对于那些比较重要的信息, 需要保存校长时间的密文和对 不同的加密对象采用同样的密钥是很不利的。 (2)它的基础之一是由称 为5_80 的替代密盒完成的压缩替换。 替代密盒中有 8个替代表, 在某些 替代表中, 在相同的列号而行号不同的位置上有着相同的元素值; 而且 相同的行号、 列号在不同的替代表中却有着相同的元素值。 这样的元素 多于 76对。 (3 )它的变换 E是一种对称型的替代, 这就使得 DES的研究者 可以把 S_Box和变换 E分割开耒进行分析, 这就便于破译密文。 Because information is a resource, there is a need for security protection. In computer storage and computer communication systems, information is composed of different combinations of "0" and "Γ", that is, all information is represented by data in the computer. For the security of data, Many data encryption technology schemes are available. Among them, the Data Encryption Standard (DES) algorithm is the current general data encryption method. However, this algorithm has the following disadvantages: (1) The amount of keys is 2 M. With the emergence of high-speed computers today, the amount of keys appears to be smaller ... Because the decipherer can use the exhaustive method to obtain the keys on the high-speed computers. This is for those more important information, which needs to keep the ciphertext for a long time. It is disadvantageous to use the same key for different encryption objects. (2) One of its foundations is the compressed replacement performed by a replacement secret box called 5_80. There are 8 replacement tables in the replacement secret box. In some alternative tables, the same element number exists in the same column number but different row number; and the same row number and column number have similar values in different alternative tables. Element value is more than 76 pairs of such elements. (3) which transform E is an alternative symmetrical, which makes DES researchers and can transform E S_Box divided Lei analysis, this easy to decipher Ciphertext.
在 DES算法的实际应用中, 曾经采用了密码块编链法 CBC (Cipher Block Chaining) , 这种方法有二个缺点: (1 )当改变源文件的任意一比 特时, 并不能使目标文件的每一比特都有变化的可能。 (2)需要对初始 变量 IV (Initial Variable)进行加密传送。 发明目的  In the practical application of the DES algorithm, the CBC (Cipher Block Chaining) method has been used. This method has two disadvantages: (1) When any bit of the source file is changed, the target file cannot be changed. Every bit has the potential to change. (2) The initial variable IV (Initial Variable) needs to be encrypted for transmission. Object of the invention
本发明的目的是要提供一种数据处理中的文件加密的处理方法, 使 得在计算机存贮系统和计算机通讯系统中, 实^以分离软件形似或固化 于各类 R0 PROM或作为搡作系统内容之一存在于硬盘之中的该方法对 任意格式一定长度的数据文件进行加密(或解密)。 技术方案 为实现上述本发明的目的, 本发明技术方案如下: 在常规的计算机及其外围设备所构成的系统中, 在操作系统控制下, 针对用户栺定的目标文件进行加密 (或解密) 工作, 步骤如下: The object of the present invention is to provide a method for processing file encryption in data processing, so that in a computer storage system and a computer communication system, the separation software is shaped or solidified in various RO PROMs or as the content of an operation system. One method that exists in the hard disk is to encrypt (or decrypt) a data file of a certain length and a certain format. Technical solutions In order to achieve the above-mentioned object of the present invention, the technical solution of the present invention is as follows: In a system composed of a conventional computer and its peripheral devices, under the control of an operating system, encryption (or decryption) work is performed on a user-defined target file. as follows:
首先由用户确定: 加密 (或解密) 的工作模式; 源文件名及其路径; 目标文件名及其路径; 用户密钥。  First determined by the user: the working mode of encryption (or decryption); the source file name and its path; the target file name and its path; the user key.
根据用户上述输入, 在内存中记录工作模式 (加密或解密) 。  According to the user's input above, the working mode (encryption or decryption) is recorded in the memory.
根据用户确定的用户密钥, 当其由键盘输入取得时, 共有 ASCII码 值由 20H到 7EH的 95个码值被用作用户密钥, 其字节长度可在 1 - 16之间变 化, 当其长度小于 16字节时, 把其补足到 16字节, 继而对键盘输入的用 户密钥每字节的高 4位进行伪随机数处理, 如此形成 16字节长的源密钥; 而当用户确定的用户密钥是从内存中取得时, 就直接把 16字节长的用户 密钥作为源密钥。 The user key is determined by the user, when it is acquired by a keyboard input, a total value of the ASCII code values 95 to 7 EH 20H is used as the user key, the byte length which can 1-- vary between 16 When the length is less than 16 bytes, it is complemented to 16 bytes, and then the pseudo-random number processing is performed on the upper 4 bits of each byte of the user key entered by the keyboard, so as to form a 16-byte long source key; When the user key determined by the user is obtained from the memory, the 16-byte user key is directly used as the source key.
根据所得到的源密钥通过压缩置换及逻辑移位等变换计算而得到子 密钥。  According to the obtained source key, a sub-key is obtained through transformation calculation such as compression permutation and logical shift.
上述由键盘键入的用户密钥补足为 16字节长的步骤为:  The above steps to make up the 16-byte user key entered by the keyboard are:
把补充的密钥字节量怍为循环数, 把用户密钥的首字节作为第一噪 声源, 末字节作为第二噪声源, 在循环体中, 先将第一噪声源乘以第二 嗓声源, 其乘积除以 10, 如果其商的低 8位等于零, 则把商的高 8位作为 补充密钥, 如果其商的低 8位不等于零, 则把商的低 8位怍为补充密钥, 然后把补充密钥作为第二噪声源, 如果循环没结束又回到循环体的开始, 执行循环体中的搡作, 如循环结束, 则把补充密钥的首字节逻辑乘 1FH。  Let the number of supplementary key bytes be the number of cycles, and use the first byte of the user key as the first noise source and the last byte as the second noise source. In the loop body, first multiply the first noise source by the first For the two voice sources, the product is divided by 10. If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the supplementary key. If the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used. To supplement the key, and then use the supplementary key as the second noise source. If the loop does not end and then returns to the beginning of the loop body, perform the operation in the loop body. If the loop ends, the first byte of the supplementary key is logically Multiply by 1FH.
上述吋由键盘输入的用户密钥每字节的高 4位进行伪随机数处理的 步骤如下:  The steps above to perform pseudo-random number processing on the upper 4 bits of each byte of the user key entered by the keyboard are as follows:
把键盘输入的用户密钥的字节长度作为循环数, 把键盘输入的用户 密钥的首字节作为第一噪声源, 末字节作为第二噪声源, (如果有补充 密钥的话, 则把补充密钥的末字节作为第二噪声源) 。 在循环体中, 先 将第一噪声源乘以第二噪声源, 上述的乘积除以 10, 如果其商的低 8位 等于零, 则把商的高 8位作为第二噪声源, 如果其商的低 8位不等于零, 则把商的低 8位怍为第二噪声源; 然后执行下面的搡作, 如果第二噪声 源的高 4位等于零, 则把密钥的高 4位异或第二噪声源的低 4位, 如果第 二噪声源的高 4位不等于零, 则把密钥的高 4位异或第二噪声源的高 4位; 将上述结果中的第二噪声源作为下一个循环的输入进行循环, 如循环没 结束, 又回到循环体的开始, 执行循环体中的搡作, 直至循环结束形成 16字节长的源密钥; Take the byte length of the user key entered by the keyboard as the cycle number, the first byte of the user key entered by the keyboard as the first noise source, and the last byte as the second noise source, (if there is a supplementary key, then Use the last byte of the supplementary key as the second noise source). In the loop body, first multiply the first noise source by the second noise source, and divide the above product by 10. If the lower 8 bits of the quotient are equal to zero, use the upper 8 bits of the quotient as the second noise source. If the lower 8 bits of the key are not equal to zero, the lower 8 bits of the quotient are used as the second noise source; then the following operation is performed. If the upper 4 bits of the second noise source are equal to zero, the upper 4 bits of the key are XORed with the first The lower 4 bits of the second noise source. If the upper 4 bits of the second noise source are not equal to zero, the exclusive 4 bits of the key are XORed with the upper 4 bits of the second noise source. The second noise source in the above result is used as the lower The input of a loop is looped. If the loop does not end, it returns to the beginning of the loop body, and performs the operation in the loop body until the end of the loop is formed. 16-byte long source key;
上迷由源密钥通过压缩置换及逻辑移位等变换而计算子密钥的步骤 如下:  The steps for calculating the sub-key from the source key through compression permutation and logical shift are as follows:
由源密钥计算子密钥, 16字节的源密钥共有 128比特, 先将这 128比 特从首部开始侬位置顺序编号为 1,2, 3, ... ,127,128, 经过压缩置换 1成 为 C。D。, 再经逻辑移位成为 (:Α(Ϊ = 1,32), 经压缩置换 2后输出, 其中  Calculate the sub-key from the source key. The 16-byte source key has 128 bits in total. The 128 bits are numbered sequentially from the beginning. The positions are numbered 1, 2, 3, ..., 127, 128. C. D. , And then logically shift to (: Α (Ϊ = 1,32), and output after compression and replacement of 2, where
C , (i = l, 32)的产生由函数 与 ς.ρ Di t分别决定即由下式所示:The generation of C, (i = l, 32) is determined by the function and ς. Ρ D it respectively as shown in the following formula:
D^LM^D^) (i = l,32)  D ^ LM ^ D ^) (i = l, 32)
其中函数 LMi表示逻辑移位, 见图 8。  The function LMi represents a logical shift, as shown in Figure 8.
压缩置换 1见图 7所示, 把源密钥的第 115位作为 C。D。的第 1位, 把源 密钥的第 99位作为 C。D。的第 2位, 侬此类推, 形成了 112比特长的 (:。 D。;  Compression substitution 1 is shown in Figure 7, and the 115th bit of the source key is taken as C. D. The first bit is the C bit. D. The second place, and so on, form a 112-bit long (:. D .;
压缩置换 2见图 9所示, 把 的第 14位作为 的第 1位, 把 的第 27 位作为 的第 2位, 侬此类推, 形成了 96比特长的子密钥 Ki; 在形成每一 个子密钥^(^1,32)时, 压缩置换 2都是相同的, 只是对应的 各不相 同。 Compression permutation 2 is shown in Figure 9 , with the 14th bit as the first bit, the 27th bit as the second bit, and so on, forming a 96-bit long sub-key K i; For a subkey ^ (^ 1,32), the compression permutations 2 are all the same, but the corresponding ones are different.
根据用户所确定的源文件及路径名, 将源文件读入内存, 分别对其 进行滑动分组、 计算滑动分组码块数量、 处理碎块。  According to the source file and path name determined by the user, the source file is read into the memory, and they are slidingly grouped, the number of sliding grouping code blocks is calculated, and the fragments are processed.
上述滑动分组步骤如下:  The above sliding grouping steps are as follows:
对源文件进行滑动分組, 处理方法是把前一组码块的加密(或解密) 结果的后面 M个(M为整数, 可馭 1至 4之一)字节怍为后一码块的前 M个字 节, 在正向滑动橾怍模式下, 这样的一组一组的码块经加密(或解密)后, 产生了同样组数的新的码块, 然后又以逆向方式对前述的新的码块組成 的数字序列进行滑动分組, 即从新的数据系列的尾部以逆向滑动操作模 式开始进行滑动分組, 处理方法是把前一组码块的加密(或解密)结果的 后面 M个字节作为后一码块的前 M个字节, 这样的一組一组的码块经加密 (或解密)后, 就产生了对应于源文件的目标文件, 即密文 (或明文) 。  The source file is slidingly grouped, and the processing method is to encrypt the (or decryption) result of the previous group of code blocks by M (M is an integer, one of 1 to 4) bytes before the next code block. M bytes, in the forward sliding mode, such a set of code blocks is encrypted (or decrypted) to generate the same number of new code blocks, and then the aforementioned The digital sequence composed of new code blocks is slidingly grouped, that is, sliding grouping is started from the tail of the new data series in the reverse sliding operation mode. The processing method is to M words following the previous block of encryption (or decryption) results The section is the first M bytes of the next code block. After such a group of code blocks is encrypted (or decrypted), an object file corresponding to the source file is generated, that is, a ciphertext (or plaintext).
上述计算滑动分组码块数量的步骤如下:  The above steps for calculating the number of sliding block code blocks are as follows:
计算码块数量和碎块长度的方法是先取文件的字节长度除以(16-M), 如加密则把(商 + 1)作为商, 然后把 (U6-M) -余数) 作为碎块字节长度, 把商给码块数量;如不加密, 则直接把商给码块数量。 The method of calculating the number of code blocks and the fragment length is to first take the byte length of the file and divide it by (16-M). For encryption, use (quotient + 1) as the quotient, and then take (U 6 -M)-the remainder) as the fragment. The block byte length gives the number of code blocks; if it is not encrypted, it directly gives the number of code blocks.
上述处理碎块步骤如下:  The above steps for processing fragments are as follows:
处理碎块即把滑动分组剩下的一些明文信息进行处理, 其方法是增 加一些信息使之凑齐一组数据, 所增加的信息必须包含有一个特殊信息 即碎块长度, 使之在解密时, 据此把新增加的信息截断, 完整地恢复原 明文的面貌, 其余的新增信息用伪随机数填充, 其做法是把(碎块长度- 1 )怍为循环数, 循环数等于零, 直接将碎块长度送至碎块区; 循环数不 等于零, 则把源密钥的首字节作为第一噪声源, 把源密钥的末字节作为 第二噪声源, 在循环体中, 先将第一噪声源乘以第二噪声源, 上述的乘 枳除以 10, 如果其商的低 8位等于零, 则把商的高 8位作为第二噪声源, 如果其商的低 8位不等于零, 则把商的低 8位作为第二噪声源; 然后把第 二噪声源送到碎块区, 如循环末结束, 则又返回到循环体的开始, 执行 循环体中的搡作, 循环结束则把碎块长度送至碎块区; Processing fragments means processing some remaining plaintext information of the sliding grouping. Add some information to make it a set of data, the added information must contain a special information, that is, the fragment length, so that when decrypted, the newly added information is truncated to restore the original plain text's appearance completely, and the rest The newly added information is filled with a pseudo-random number. The method is to take (fragment length-1) as the cycle number, and the cycle number is equal to zero, and directly send the fragment length to the fragment area. If the cycle number is not equal to zero, the source secret is sent. The first byte of the key is used as the first noise source, and the last byte of the source key is used as the second noise source. In the loop body, the first noise source is first multiplied by the second noise source, and the above multiplication is divided by 10 If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the second noise source, and if the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used as the second noise source; The noise source is sent to the fragment area. If the end of the cycle ends, it returns to the beginning of the cycle body and performs the operation in the cycle body. At the end of the cycle, the fragment length is sent to the fragment area.
经上迷处理后, 对所得的源文件各码块进行加密 (或解密) 处理, 对加密(或解密)采取了往复进行的形式, 其方法是第一次由源文件 头开始侬次对各滑动分组码块进行加密(或解密), 第二次则从文件尾部 开始, 逆向进行; 首先是把码块数量作为循环数, 把源数据地址指针和 目标数据地址指针均指向文件緩冲区首地址, 在循环体中, 先执行加密 算法, 然后把源数据地址指针、 目标数据地址擂针均增加(16 -M) , 循环 末结束则又返回到循环体的开始, 执行循环体中的搡作, 循环结束就得 到了一个新的数字序列。 然后对这个新的数字序列进行逆向方式的加密 (或解密) , 把码块数量作为循环数,. 把源数据地址指针和目标数据地 址栺针均指向新的数字序列末第 16字节处, 在循环体中, 先执行加密算 法, 然后把源数据地址指针、 目标数椐地址指针均减少(16 -M) , 如循环 未结束则回到循环体的开始, 执行循环体中的搡怍, 如循环已经结束就 得到了源文件所对应的密文 (或明文) 。 任务完成后, 返回搡作系统; 所述加密算法由初始置换, 乘枳变换, 逆初始置换所组成, 输入 I28 比特的明文(密文)和长度为 12字节的子密钥 32个, 其输出是 128比特的 密文(明文); After the above processing, the code blocks of the obtained source file are encrypted (or decrypted). The encryption (or decryption) is performed in a reciprocating manner. The method is to start from the source file header for the first time. Sliding block code blocks for encryption (or decryption), the second time starts from the end of the file and proceeds in the reverse direction; the first is to use the number of code blocks as the cycle number, and point the source data address pointer and the target data address pointer to the beginning of the file buffer Address, in the loop body, first execute the encryption algorithm, and then increase the source data address pointer and target data address pointer (16 -M), the end of the loop returns to the beginning of the loop body, and execute the Operation, a new sequence of numbers is obtained at the end of the loop. Then perform reverse encryption (or decryption) on this new number sequence, and use the number of code blocks as the cycle number. Point the source data address pointer and the destination data address pointer to the 16th byte at the end of the new number sequence. In the loop body, first execute the encryption algorithm, and then reduce the source data address pointer, destination number and address pointer (16 -M), if the loop is not over, return to the beginning of the loop body, execute the 搡 怍 in the loop body, If the cycle has ended, the ciphertext (or plaintext) corresponding to the source file is obtained. After the task is completed, the system returns to the operation system. The encryption algorithm is composed of initial permutation, multiplication, and inverse initial permutation. Input 28 plain text (cipher text) and 32 subkeys with a length of 12 bytes. The output is 128-bit cipher text (plain text);
初始置换的方案如图 16是把输入数据的第 122位作为初始置换结果 的第 1位, 把输入数据的第 II4位作为初始置换结果的第 2位, 依此类推, 获得经初始置换后的 128比特的输出数据。 After the initial permutation the first embodiment shown in FIG. 16 is a 122 bit input data as a result of the initial permutation, the bit 2 of II 4-bit input data as a result of the initial permutation, and so on, obtained by the initial permutation 128-bit output data.
乘积变换是一个不断迭代的过程, 共进行 32次, 初始置换的输出作 为第一次迭代的输入, 以后的搡作就是把前一次迭代的输出作为后一次 迭代的输入, 第 32次迭代的结果作为逆初始置换的输入; 在图 15中, 用 0表示每一次迭代输出(或输入)数据的奇数字节, E表示偶数字节, F表 示加密函数, 加密时, 对第 i次的迭代使用了子密钥 K 并且 0ι = Εί 1,32), 解密时, 对第 i次的迭代使用了子密钥 Κ33., 并且 Ε^Ο,.,, 0,^(0^) © ., (i = l,32); The product transformation is a process of continuous iteration, performed a total of 32 times, the output of the initial replacement is used as the input of the first iteration, and the subsequent operation is to use the output of the previous iteration as the input of the next iteration, and the result of the 32nd iteration As the input of the inverse initial permutation; In FIG. 15, 0 is used to represent the odd number of data in each iteration of the output (or input), E is an even number of data, and F is the table. Shows the encryption function. During encryption, the sub-key K is used for the i-th iteration and 0 ι = Ε ί 1,32), decryption of the i-th iteration of the sub-key Κ 33, and Ε ^ Ο, ,, 0, ^ (0 ^) ©, (i = l, 32)...;
逆初始置换的方案如图 17, 把乘积变换的最后结果的第 80位作为逆 初始置换结果的第 1位, 把乘积变换的最后结果的第 16位作为逆初始置 换结果的第 2位, 侬此类推, 获得逆初始置 换后的 128比特的输出数据。  The scheme of the inverse initial permutation is shown in FIG. 17. The 80th bit of the final result of the product transformation is used as the first bit of the inverse initial permutation result, and the 16th bit of the final result of the product transformation is used as the second bit of the inverse initial permutation result. By analogy, 128 bits of output data after inverse initial permutation are obtained.
所述加密函数 F是算法的核心, 它是由扩展变换, 异或子密钥运算, 密盒替代, 变换 E所組成对于输入 64比特的数据, 先经过扩展变换成 96 比特的数据, 再把扩展变换的结果和 96比特的子密钥进行异或作用, 得 到异或的结果为 96比特的数据, 又经密盒替代成 64比特的数据, 最后经 过变换 E, 输出 64比特数据;  The encryption function F is the core of the algorithm. It consists of extended transformation, XOR sub-key operation, replacement of a secret box, and transformation E. For input 64-bit data, it is first extended and transformed into 96-bit data. The result of the extended transformation is XORed with the 96-bit sub-key, and the XOR result is 96-bit data, which is replaced by the secret box into 64-bit data, and finally transformed E to output 64-bit data;
所述扩展变换图 19表示了扩展变换的规则, 它将 64比特的输入数据 变成 96比特的输出数据, 将输入序列的第 64位作为输出序列的第 1位, 将输入序列的第 1位作为输出序列的第 2位, 侬此类推, 进行操作。  The extended transformation FIG. 19 shows the rules of the extended transformation, which converts 64-bit input data into 96-bit output data, uses the 64th bit of the input sequence as the first bit of the output sequence, and the first bit of the input sequence As the second bit of the output sequence, we can do the same by analogy.
所述密盒替代是一种压缩替换, 本发明的每一个密盒中有 16个密表, 每一个密表分成为 4行 X 16列。 把输 的 96比特数据依次平均分成 16組, 每组 6比特, 每一組的替代依次对应一个密表, 在 6比特的输入数据中, 头尾 2比特组成行号, 中间 4比特組成列号, 侬此行号、 列号在对应的密 表中提取出元素值作为输出, 各組的输出依次组合在一起, 成为密盒替 代的输出数据 64比特;  The secret box replacement is a compression replacement. There are 16 secret tables in each secret box of the present invention, and each secret table is divided into 4 rows × 16 columns. The input 96-bit data is divided into 16 groups in sequence, each group is 6 bits, and the replacement of each group corresponds to a secret table. In the 6-bit input data, the first 2 and the last 2 bits form the row number, and the middle 4 bits form the column number. , The row number and column number are extracted from the corresponding secret table as element output, and the output of each group is combined together in order to become the 64-bit replacement output data of the secret box;
可以有一个密盒的 16个密表如图 20, 图 21所示, 如果把图 20, 图 2丄 所示的 16个密表中的任意 2个密表的位置对调, 则又组成了一个新的密 盒; 如果把图 20, 图 21所示的列号相同的任意 2个列的位置同时对调(或 是把前述的新的密盒的列号相同的任意 2个列的位置同时对调), 则也组 成了一个新的密盒。 侬此类推, 可以知道本发明提出了一个 ¾盒群, 共 有(16! )2个密盒。 The 16 secret tables that can have a secret box are shown in Fig. 20 and Fig. 21. If the positions of any two secret tables in the 16 secret tables shown in Fig. 20 and Fig. 2 (i ) are reversed, another one is formed. A new secret box; if the positions of any two columns with the same column numbers shown in FIG. 20 and FIG. 21 are reversed at the same time (or the positions of any two columns with the same column numbers of the new new secret box are reversed at the same time) ), It also forms a new secret box. By analogy, we can know that the present invention proposes a ¾ box group with a total of (16!) 2 secret boxes.
所述变换 E是一种置乱, 它利用了伪随机数和另一数 (称为 RA) 进 行异或作用得到的数仍是伪随机数, 伪随机数与 RA的产生都应尽量与变 换 E的输入数据有关, 伪随机数序列的产生依公式  The transformation E is a kind of scrambling. It uses a pseudo-random number and another number (called RA) to perform an exclusive OR operation. The number obtained is still a pseudo-random number. The generation of the pseudo-random number and RA should be as far as possible with the transformation. The input data of E is related to the generation of the pseudo-random number sequence according to the formula
χι>2= (χι · Xi )M0D M 当 时 χ ι> 2 = (χ ι · X i ) M0D M at that time
X ^小于 Μ的最大素数 当 Χ.2= 1时 The largest prime number where X ^ is smaller than Μ when X. 2 = 1
其中, M为素数, Χ。≠0,Μ; Χ^Ο,Ι,Μ; ΐ = 0,1,···, (η-2), η为自然数 由密盒替代所得到的 64比特的数据作为本过程的输入, 对变换 Ε的 搡作可以是这样的: 首先把 64比特的输入数据依次賦予 SXi(i = 0,7), SX, Where M is a prime number and X. ≠ 0, Μ; χ ^ Ο, Ι, Μ; ΐ = 0,1, ..., (η-2), where η is the 64-bit data obtained by replacing the natural box with a secret box as the input of this process. Transform E The operation can be like this: First, the 64-bit input data is assigned to SXi (i = 0,7), SX,
7  7
的长度是一个字节; 令变量 S为一个字节长, 据公式 S=( SX)MOD 256, i = 0 The length is one byte; let the variable S be one byte long, according to the formula S = (SX) MOD 256, i = 0
7  7
求出 S; 如果 则令 SX。=241, SX1 = 239。 然后从 SX;的首部开始依次 i = 0 Find S; if Let SX. = 241, SX 1 = 239. Then starting from the head of SX ; i = 0
搜索第一次出现的非 0、 非 251值的字节, 如果找到了, 就把该字节作为 第一噪声源, 如未找到, 则把 241怍为第一噪声源; 再从 SXi的尾部开始 序搜索第一次出现的非 0, 非 1, 非 251值的字节, 如找到了, 就把该 字节作为第二噪声源, 如未找到, 则把 239作为第二噪声源。 把 8作为循 环数, 且令变量 i = 0, 在循环体中, 第一阶段搡作是把第一噪声源乘以 第二噪声源, 把其乘枳除以 251, 得到余数 R, 把 (R®S@SXi) 的 值给 SXi, 第二阶段是把本次循环的第二噪声源作为下一个循环的第一 噪声源, 把余数 R作为下一个循环的第二噪声源, (如果 R=l, 则把 239作 为第二噪声源)。 接着把变量 i增加 1, 如循环未结束, 则又回到循环体 的开始, 执行循环体中的搡怍、 如果循环结束, 则把 SX i-0,7)作为加 密函数 F的结果输出。 Search for the first non-zero, non-251-valued byte. If found, use the byte as the first noise source. If not found, use 241 as the first noise source. Then start from the tail of SXi. At the beginning, it searches for the non-zero, non-one, and non-251 bytes that appear for the first time. If found, the byte is used as the second noise source. If it is not found, then 239 is used as the second noise source. Let 8 be the number of loops, and let the variable i = 0. In the loop body, the first stage operation is to multiply the first noise source by the second noise source, divide it by 251, and get the remainder R, The value of R®S @ SXi) is given to SXi. The second stage is to use the second noise source of this cycle as the first noise source of the next cycle and the remainder R as the second noise source of the next cycle. (If R = l, then use 239 as the second noise source). Then increase the variable i by 1, if the loop is not over, then return to the beginning of the loop body, execute 搡 怍 in the loop body, and if the loop ends, output SX i-0,7) as the result of the encryption function F.
变换 E的搡怍还可以是这样的: 如图 22所示, 把 64比特的揄入数据 依次賦予 SX i^ ) ,5)^的长度是一个字, 相应于上述的变换 E的搡作, 相应的改动之处可以根据以下的事实: (1)在无符号的整数中, 一个字 节的最大值为 255, 一个字的最大值为 65535; (2)在一个字节的范围内, 素数从大到小的排列依次是: 251, 241, 239, 233, 在一个字的 范围内, 相应的排歹 '1是: 65521, 65519, 65497, 65479, …。 图面说明  The transformation E can also be as follows: As shown in FIG. 22, the 64-bit incoming data is sequentially assigned to SX i ^), and the length of 5) ^ is one word, corresponding to the above-mentioned operation of transformation E, The corresponding changes can be based on the following facts: (1) in an unsigned integer, the maximum value of a byte is 255, the maximum value of a word is 65535; (2) in the range of one byte, the prime number The order from big to small is: 251, 241, 239, 233, and within a word range, the corresponding row '1 is: 65521, 65519, 65497, 65479,…. Drawing description
下面结合附图通过实施例以清楚地说明本发明的具体内容。  The specific content of the present invention will be clearly explained through the embodiments with reference to the accompanying drawings.
图 1. 本发明的总体硬件示意图  Figure 1. Schematic diagram of the overall hardware of the present invention
图 2. 文件加密处理方法概图  Figure 2. Overview of file encryption processing method
图 3. 由用户密钥获得源密钥的程序图  Figure 3. Procedure for obtaining source key from user key
图 4. 补充密钥的方法程序图 .  Figure 4.Method procedure diagram of supplementary key.
图 5. 对用户密钥的高 4位进行处理的方法程序图  Figure 5. Method diagram for processing the upper 4 bits of the user key
图 6. 由源密钥产生子密钥的方法程序图 图 7. 压缩置换 1的方法图 Figure 6. Method diagram for generating a subkey from a source key Figure 7. Method diagram of compression permutation 1
图 8. 逻辑移位函数构图  Figure 8. Logic shift function composition
图 9 . 压缩置换 2的方法图  Figure 9. Method diagram of compression permutation 2
图 10.正向滑动分组示意图  Figure 10.Schematic diagram of forward sliding grouping
图 11 .逆向滑动分组示意图  Figure 11 Schematic diagram of reverse sliding grouping
图 12.计算码块数量和碎块长度的程序图  Figure 12.Procedure diagram for calculating the number of code blocks and the fragment length
图 13 .处理碎块的方法程序图  Figure 13.Procedure diagram of a method for processing fragments
图: .对源文件进行加密(或解密)的程序图  Figure:. Procedure for encrypting (or decrypting) the source file
图 15.数据加密算法的阶梯图  Figure 15: Ladder diagram of data encryption algorithm
图 16.初始置换方法图  Figure 16.Initial replacement method diagram
图 17.逆初始置换方法图  Figure 17.Inverse initial permutation method diagram
图 18 .加密函数的逻辑图  Figure 18: Logic Diagram of Encryption Function
图 19.扩展变换方法图  Figure 19.Extended transformation method diagram
图 20.密盒中的前 8个密表图  Figure 20.The first 8 secret tables in the secret box
图 21.密盒中的后 8个密表图  Figure 21.The last 8 secret tables in the secret box
图 22.变换 E的程序图 实现发明的优选实施例  Figure 22.Procedure diagram for transforming E
本发明的文件加密处理方法应用 f这样的硬件环境: 包括计算机存 贮系统, 计算机通讯系统, 中央处理器、 内存贮器、 键盘、 显示器、 磁 盘驱动器、 打印机、. 通讯接口、 软盘, 它们之间用控制总线、 地址总线、 数据总线连接起耒, 如图 1所示, 其中:  The file encryption processing method of the present invention is applied to a hardware environment such as: a computer storage system, a computer communication system, a central processing unit, an internal memory, a keyboard, a display, a disk drive, a printer, a communication interface, and a floppy disk. The inter-control bus, address bus, and data bus are connected together, as shown in Figure 1, where:
内存块 A (图 1 )存放加密命令文件, 内存块 B (图 1)存放加密(或解密) 对象, 即源文件和目标文件, 内存块 A的起始地址由搡作系统决定, 内 存块 B位于计算机内存的高端, 在加密命令完成加密(或解密)工怍后, 内存块 B受搡作系统控制;  Memory block A (Figure 1) stores encrypted command files, and memory block B (Figure 1) stores encrypted (or decrypted) objects, that is, source files and target files. The starting address of memory block A is determined by the operating system. Memory block B Located at the high end of the computer memory, after the encryption command completes the encryption (or decryption) operation, the memory block B is controlled by the operation system;
内存块 A设有存放加密(或解密)搡作模式信息的一个字节物理单元, 用户的加密 (或解密) 请求决定了该物理单元的内容(图 1中未标出); 又设有一个字的物理单元, 用于存放搡怍系统信息, 它表明系统是属于 中文操作系统, 还是英文搡作系统, 还是别的语言的搡作系统(图 1中未 标出);  Memory block A is provided with a one-byte physical unit that stores encryption (or decryption) operation mode information. The user's encryption (or decryption) request determines the content of the physical unit (not shown in Figure 1); The physical unit of the word is used to store the system information. It indicates whether the system is a Chinese operating system, an English operating system, or an operating system in another language (not shown in Figure 1);
根据本发明的实施例中完成加密(或解密)工作的逻辑关系如图 2所 示. 根据屏幂提示, 用户分别回答如下四个问题: 加密(或解密)的工作 模式, 源文件名及其路径, 目标文件名及其路径, 使用用户密钥的方式; 当用户由鍵盘上确定了加密(或解密)的模式之后, 内存块 A中存放 加密(或解密)模式信息的物理单元的内容也就跟着确定下耒了; According to the embodiment of the present invention, the logical relationship of completing the encryption (or decryption) work is shown in Figure 2. According to the screen power prompt, the user answers the following four questions: Encryption (or decryption) work Mode, source file name and its path, target file name and its path, using the user key; after the user determines the encryption (or decryption) mode on the keyboard, the memory block A stores the encryption (or decryption) The content of the physical unit of the pattern information is determined accordingly.
当用户输入正确的源文件名及其路径之后, 即可侬据该源文件的长 度和内存资源的使用情况决定内存块 B的大小和起始地址, 然后把源文 件读至内存块 B中去; 对内存块 B中的源文件进行滑动分组, 计算出滑动 分组码块数量和处理碎块, 然后往复对源文件的各码块执行加密算法; 当把内存块 B中的源文件的全部内容进行加密(或解密)之后, 就把 其中的密文(或明文)写入目标文件中;  After the user enters the correct source file name and path, the size and starting address of memory block B can be determined according to the length of the source file and the use of memory resources, and the source file is read into memory block B ; Slidingly group the source files in the memory block B, calculate the number of sliding block code blocks and process the fragments, and then execute the encryption algorithm on each code block of the source file back and forth; when the entire content of the source file in the memory block B is After encrypting (or decrypting), write the ciphertext (or plaintext) in the target file;
当用户密钥由键盘取得时, 可以有 95个码值被用作用户密钥, 其 ASCII码值由 20H到 7EH; 用户密钥的字节长度可在 1 ~ 16之间变化, 然后 由用户密钥荻得源密钥;  When the user key is obtained from the keyboard, 95 code values can be used as the user key, and its ASCII code value is from 20H to 7EH; the byte length of the user key can be changed between 1 ~ 16, and then by the user The key obtained the source key;
由用户密钥荻得源密钥, 当用户密钥长度小于 16字节时, 要把密钥 进行补充, 补足到 16字节长, 而且对由鍵盘上得到的用户密钥每字节的 高 4位进行伪随机数处理; 经过上述的过程, 形成了 16字节长的源密钥 (上述如图 3 所示);  The source key is obtained from the user key. When the user key length is less than 16 bytes, the key must be supplemented to a length of 16 bytes, and each byte of the user key obtained from the keyboard is supplemented. The upper 4 bits are used for pseudo-random number processing. After the above process, a 16-byte long source key is formed (see Figure 3 above);
把补充的密钥字节量作为循环数, 把用户密钥的首字节作为第一噪 声源, 末字节作为第二噪声源, 在循环体中, 先将第一噪声源乘以第二 噪声源, 其乘积除以 10, 如果其商的低 8位等于零, 则把商的高 8位作为 补充密钥, 如果其商的低 8位不等于零, 则把商的低 8位作为补充密钥, 然后把补充密钥怍为第二噪声源, 如果循环没结束又回到循环体的开始, 执行循环体中的搡作, 如循环结束, 则把补充密钥的首字节逻辑乘 1FH, (上述如图 4所示);  Take the supplementary key byte amount as the number of cycles, the first byte of the user key as the first noise source, and the last byte as the second noise source. In the loop body, first multiply the first noise source by the second The source of the noise is divided by 10. If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the supplementary key. If the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are used as the supplementary secret. Key, and then use the supplementary key as the second noise source. If the loop does not end and returns to the beginning of the loop body, perform the operation in the loop body. If the loop ends, multiply the first byte of the supplementary key by 1FH logically. (The above is shown in Figure 4);
把用户密钥的字节长度作为循环数, 把用户密钥的首字节作为第一 噪声源, 末字节作为第二噪声源, 如果有补充密钥的话, 则把补充密钥 的末字节作为第二噪声源。 在循环体中, 先将第一噪声源乘以第二噪声 源, 上述的乘积除以 10, 如果其商的低 8位等于零, 则把商的高 8位作为 第二噪声源, 如果其商的低 8位不等于零, 则把商的低 8位作为第二噪声 源; 然后执行下面的搡作, 如果第二噪声源的高 4位等于零, 则把密钥 的高 4位异或第二噪声源的低 4位, 如果第二噪声源的高 4位不等于零, 则把密钥的高 4位异或第二噪声源的高 4位; 将上述结果中的第二噪声源 作为下一个循环的输入进行循环, 如循环没结束, 又回到循环体的开始, 执行循环体中的搡作, 如循环结東则进入计算子密钥的步骤(上述如图 5 所示); The byte length of the user key is used as the number of cycles, the first byte of the user key is used as the first noise source, and the last byte is used as the second noise source. If a supplementary key is available, the last word of the supplementary key is used Section as a second noise source. In the loop body, first multiply the first noise source by the second noise source, and divide the above product by 10. If the lower 8 bits of the quotient are equal to zero, use the upper 8 bits of the quotient as the second noise source. If the lower 8 bits of the key are not equal to zero, then use the lower 8 bits of the quotient as the second noise source; then perform the following operation, and if the upper 4 bits of the second noise source are equal to zero, XOR the second upper 4 bits of the key The lower 4 bits of the noise source. If the upper 4 bits of the second noise source are not equal to zero, the exclusive 4 bits of the key are XORed with the upper 4 bits of the second noise source. The second noise source in the above result is used as the next one. The input of the loop is looped. If the loop does not end, it returns to the beginning of the loop body, and executes the operation in the loop body. If the loop ends, it enters the step of calculating the subkey (see Figure 5 above). As shown);
当用户密钥是从内存中取得时, 就直接把 16字节长的用户密钥作为 源密钥;  When the user key is obtained from the memory, the 16-byte user key is directly used as the source key;
由源密钥计算子密钥, 16字节的源密钥共有 128比特, 先将这 128比 特从首部开始侬位置顺序编号为 1,2,3, ... ,127,128, 经过压缩置换 1成 为 C。D。, 再经逻辑移位成为 (: = 1,32), 压缩置换 2后输出, (如图 6所 示), 其中图 6所示的 (: (1 = 1,32)的产生由函数!^^与 ^ Dw分别决定即 由下式所示: The subkey is calculated from the source key. The 16-byte source key has a total of 128 bits. The 128 bits are numbered sequentially from the beginning. The positions are numbered 1, 2, 3, ..., 127, 128. C. D. , And then logically shift to (: = 1,32), and output after compressing and replacing 2 (as shown in Fig. 6), where (: (1 = 1, 32) shown in Fig. 6 is generated by a function! ^ ^ And ^ D w are determined separately as shown by the following formula:
C =LMi(C..1 N) (i = l,32) C = LM i (C .. 1 N ) (i = l, 32)
D.=L . (D.^ ) (i = l,32)  D. = L. (D. ^) (i = l, 32)
其中函数 表示逻辑移位, 见图 8;  Where function represents a logical shift, see Figure 8;
压缩置换 1见图 7所示, 把源密钥的第 115位作为 C。D。的第 1位, 把源 密钥的第 99位作为 C。D。的第 2位, 依此类推, 形成了 112比特长的 C。D。; 压缩置换 2见图 9所示, 把 的第 14位作为 ΐ 的第 1位把 的第 27 位作为 K,的第 2位, 侬此类推, 形成了 96比特长的子密钥 Ki; 在形成每一 个子密钥 Ki(i = l,32)时, 压缩置换 2都是相同的, 只是对应的 各不相 同; Compression substitution 1 is shown in Fig. 7, and the 115th bit of the source key is taken as C. D. The first bit is the C bit. D. The second bit, and so on, forms C, which is 112 bits long. D. ; Compression permutation 2 is shown in Figure 9, with the 14th bit as the first bit of 27, the 27th bit as the second bit of K, and so on, forming a 96-bit long subkey K i; When forming each sub-key Ki (i = 1, 32), the compression permutation 2 is the same, but the corresponding ones are different;
对源文件进行滑动分組, 优选地, 把前一組码块的加密(或解密)结 果的后面二个字节作为后一码块的前二个字节, 其正向滑动操作模式如 图 10所示, N为自然数; 这样的一組一组的码块经加密(或解密)后, 产 生了同样組-数的新的码块, 然后又以逆向方式对前述的新的码块组成的 数字序列进行滑动分組, 即从新的数据系列的尾部开始进行滑动分組, 如图 11所示, 其中 N为自然数;处理方法是把前一组码块的加密 (或解密) 结果的后面二个字节作为后一码块的前二个字节, 这样的一组一组的码 块经加密(或解密)后, 就产生了对应于源文件的目标文件, 即密文 (或 明文) 。  The source file is slidingly grouped. Preferably, the last two bytes of the encryption (or decryption) result of the previous group of code blocks are used as the first two bytes of the next code block. The forward sliding operation mode is shown in Figure 10. As shown, N is a natural number; such a set of code blocks is encrypted (or decrypted) to generate a new set of code blocks of the same set-number, and then the aforementioned new code blocks are formed in a reverse manner. The digital sequence is slidingly grouped, that is, starting from the tail of the new data series, as shown in Figure 11, where N is a natural number; the processing method is to encrypt (or decrypt) the last two words of the result of the previous group of code blocks. The section is the first two bytes of the next code block. After such a group of code blocks is encrypted (or decrypted), an object file corresponding to the source file is generated, that is, a ciphertext (or plaintext).
计算码块数量和碎块长度的方法是先取文件的字节长度除以 14, 如 加密则把(商 + 1)作为商, 然后把(1. 余数)作为碎块字节长度, 把商给 码块数量; 如不加密., 则直接把商给码块数量, 见图 12,  The method of calculating the number of code blocks and the fragment length is to first divide the byte length of the file by 14. For encryption, use (quotient + 1) as the quotient, and then (1. the remainder) as the fragment byte length. Number of code blocks; if it is not encrypted, directly give the number of code blocks, as shown in Figure 12,
处理碎块即把滑动分组剩下的一些明文信息进行处理, 其方法是增 加一些信息使之凑齐一组数据, 所增加的信息必须包含有一个特殊信息 即碎块长度, 使之在解密时, 据此把新增加的信息截断, 完整地恢复原 明文的面貌, 其余的新增信息用伪随机数填充, 其做法是把(碎块长度- 1 )作为循环数, 循环数等于零, 直接将碎块长度送至碎块区; 循环数不 等于零, 则把源密钥的首字节作为第一噪声源, 把源密钥的末字节作为 第二噪声源, 在循环体中, 先将第一噪声源乘以第二噪声源, 上述的乘 积除以 10, 如果其商的低 8位等于零, 则把商的高 8位作为第二噪声源, 如果其商的低 8位不等于零, 则把商的低 8位作为第二噪声源; 然后把第 二噪声源送到碎块区, 如循环末结束, 则又返回到循环体的开始, 执行 循环体中的操作, 循环结束则把碎块长度送至碎块区, 如图 13所示; 对加密(或解密)采取了往复进行的形式, 其方法是第一次由源文件 头开始侬次对各滑动分組码块进行加密(或解密), 第二次则从文件尾部 开始, 逆向进行; 首先是把码块数量怍为循环数, 把源数据地址指针和 目标数据地址指计均指向文件緩冲区首地址, 在循环体中, 先执行加密 算法, 然后把源数据地址指针、 目标数据地址指针均增加 14, 循环末结 束则又返回到循环体的开始, 执行循环体中的搡作, 循环结束就得到了 一个新的数字序列。 然后对这个新的数字序列进行逆向方式的加密 (或 解密) , 把码块数量作为循环数, 把源数据地址指针和目标数据地址指 针均指向新的数字序列末第 16字节处, 在循环体中, 先执行加密算法, 然后把源数据地址指针、 目标数据地址指针均减少 14, 如循环未结束则 回到循环体的开始, 执行循环体中的搡怍, 如循环已经结束就得到了源 文件所对应的密文 (或明文) 。 任务完成后, 返回搡作系统, 具体见图 14所示; Processing fragments means processing the remaining plaintext information of the sliding packet. The method is to add some information to make up a set of data. The added information must contain a special information, namely the fragment length, so that it can be decrypted when decrypted. Based on this, the newly added information is truncated to completely restore the original plain text appearance, and the remaining new information is filled with pseudo-random numbers. The method is to divide the (fragment length- 1) As the cycle number, the cycle number is equal to zero, and the fragment length is directly sent to the fragment area. If the cycle number is not equal to zero, the first byte of the source key is used as the first noise source, and the last byte of the source key is used as The second noise source, in the loop body, first multiply the first noise source by the second noise source, and divide the above product by 10. If the lower 8 bits of the quotient are equal to zero, use the upper 8 bits of the quotient as the second noise. Source, if the lower 8 bits of the quotient are not equal to zero, then use the lower 8 bits of the quotient as the second noise source; then send the second noise source to the fragment area, and if the end of the loop ends, return to the beginning of the loop body To perform the operations in the loop body, and send the fragment length to the fragment area at the end of the cycle, as shown in Figure 13; the encryption (or decryption) takes the form of reciprocating, which is the first time from the source file header The first time is to encrypt (or decrypt) each sliding block code block. The second time is to start from the end of the file and proceed in the reverse direction. The first is to count the number of code blocks as the number of cycles, and refer to the source data address pointer and the target data address. Point to the head of the file buffer In the loop body, first execute the encryption algorithm, and then increase the source data address pointer and the target data address pointer by 14, and return to the beginning of the loop body at the end of the loop. Perform the operation in the loop body and get the end of the loop. A new sequence of numbers. Then encrypt (or decrypt) the new digital sequence in the reverse manner, using the number of code blocks as the cycle number, and pointing the source data address pointer and destination data address pointer to the 16th byte at the end of the new digital sequence. In the body, first execute the encryption algorithm, and then reduce the source data address pointer and the target data address pointer by 14. If the loop is not ended, return to the beginning of the loop body, and execute the 搡 怍 in the loop body. The ciphertext (or plaintext) corresponding to the source file. After the task is completed, return to the operation system, as shown in Figure 14;
数据加密算法的阶梯图如图 15, 由初始置换, 乘枳变换, 逆初始置 换所组成, 输入 128比特的明文(密文)和长度为 12字节的子密钥 32个, 其输出是 128比特的密文(明文), 如图 15所示;  The ladder diagram of the data encryption algorithm is shown in Figure 15. It consists of initial permutation, multiplication, and inverse initial permutation. Input 128-bit plaintext (ciphertext) and 32 subkeys with a length of 12 bytes. The output is 128. Bit ciphertext (plaintext), as shown in Figure 15;
初始置换的方案如图 16, 把输入数据的第 122位怍为初始置换结果 的第 1位, 把输入数据的第 114位作为初始置换结果的第 2位, 依此类推, 获得经初始置换后的 128比特的输出数据。  The initial replacement scheme is shown in Figure 16. The 122nd bit of the input data is the first bit of the initial replacement result, the 114th bit of the input data is the second bit of the initial replacement result, and so on. 128-bit output data.
乘积变换是一个不断迭代的过程, 共进行 32次, 初始置换的输出怍 为第一次迭代的输入, 以后的搡作就是把前一次迭代的输出作为后一次 迭代的输入, 第 32次迭代的结果怍为逆初始置换的输入; 在图 15中, 用 0表示每一次迭代输出(或输入)数据的奇数字节, E表示偶数字节, F表 示加密函数, 加密时, 对第 i次的迭代使用了子密钥 Κ,, 并且 Ο^Ε^, £^? (£^) ©0^ , ( 1 = 1 , 32) , 解密时, 对第 i次的迭代使用了子密钥 Κ33 ι 并且 Ε Ο^, 0: = F (Oi.1) ©Ei.1 ( i = l , 32 ) ; 逆初始置换的方案如图 17, 把乘积变换的最后结果的第 80位作为逆 初始置换结果的第 1位把乘积变换的最后结果的第 16位作为逆初始置换 结果的第 2位, 依此类推, 获得逆初始置换后的 128比特的输出数据。 Product transformation is a process of continuous iteration, which is performed a total of 32 times. The output of the initial replacement is the input of the first iteration. The subsequent work is to use the output of the previous iteration as the input of the next iteration. The result 怍 is the input of the inverse initial permutation. In FIG. 15, 0 is used to represent the odd-numbered sections of the output (or input) data for each iteration, E is an even-numbered section, and F is an encryption function. The subkey κ was used for iteration, and 〇 ^ Ε ^, £ ^? (£ ^) © 0 ^, (1 = 1, 32). When decrypting, the subkey κ 33 was used for the i-th iteration. ι and Ε Ο ^, 0 : = F (O i . 1 ) © E i . 1 (i = l, 32); Inverse initial permutation scheme in FIG. 17, the first 16-bit result of the inverse initial permutation the first two final results of the inverse initial permutation 80 as a result of the final result of the conversion product of the transformation product, so By analogy, 128-bit output data after inverse initial permutation is obtained.
加密函数 F是算法的核心, 它是由扩展变换, 异或子密钥运算, 密 盒替代, 变换 E所组成, 如图 18所示, 对于输入 64比特的数据, 先经过 扩展变换成 96比特的数据, 再把扩展变换的结果和 96比特的子密钥进行 异或怍用, 得到异或的结果为 96比特的数据, 又经密盒替代成 64比特的 数据, 最后经过变换 E, 输出 64比特数据; The encryption function F is the core of the algorithm. It consists of extended transformation, XOR sub-key operation, key box replacement, and transformation E. As shown in Figure 18, for inputting 64-bit data, it is first transformed into 96- bit data. Data, and then XOR the result of the extended transformation with the 96-bit subkey to get the XOR result of 96-bit data, which is replaced by the secret box to 64-bit data, and finally transformed E, and output 64-bit data;
图 I9表示了扩展变换的规则, 它将 64比特的输入数据变成 96比特的 输出数据, 将榆入序列的第 64位作为输出序列的第 1位, 将输入序列的 第 1位作为输出序列的第 2位, 依此类推, 进行搡作。 Figure I 9 shows the rules of extended transformation. It converts 64-bit input data into 96-bit output data, uses the 64th bit of the input sequence as the first bit of the output sequence, and the first bit of the input sequence as the output. The second position of the sequence, and so on, operates.
密盒替代是一种压缩替换, 本实施例的每一个密盒中有 16个密表, 每一个密表分成为 4行 X 16列。 有一个密盒的 16个密表如图 20, 图 21所 示, 如果把图 20, 图 21所示的 16个密表中的任意 2个密表的位置对调, 则又组成了一个新的密盒; 如果把图 20, 图 21所示的列号相同的任意 2 个列的位置同时对调, (或是把前述的新的密盒做到号相同的任意 2个列 的位置同时对调)则也组成了一个新的密盒。 依此类推, 可以知道本发 明提出了一个密盒群, 共有(16! ) 2个密盒群。 把输入的 96比特数据依 次平均分成 16组, 每組 6比特, 每一組的替代侬次对应一个密表, 在 6比 特的输入数据中, 头尾 2比特組成行号, 中间 4比特组成列号, 依此行号、 列号在对应的密表中提取出元素值作为输出, 各组的输出依次组合在一 起. 成为密盒替代的输出数据 64比特; The secret box replacement is a compression replacement. There are 16 secret tables in each secret box in this embodiment, and each secret table is divided into 4 rows × 16 columns. The 16 secret tables with a secret box are shown in Fig. 20 and Fig. 21. If the positions of any two secret tables in the 16 secret tables shown in Fig. 20 and Fig. 21 are reversed, a new one is formed. Secret box; if the positions of any two columns with the same column numbers shown in FIG. 20 and FIG. 21 are reversed at the same time, or the positions of any two columns with the same numbers of the new new secret box are reversed at the same time. It also forms a new secret box. By analogy, it can be known that the present invention proposes a secret box group with a total of (16!) 2 secret box groups. The input 96-bit data is divided into 16 groups in sequence, each group is 6 bits, and the replacement of each group corresponds to a secret table. In the 6-bit input data, the first and last 2 bits form the row number, and the middle 4 bits form the column. Number, according to this row number, column number in the corresponding secret table to extract the element value as output, the output of each group is combined together in turn. The output data of the secret box is 64 bits;
所述变换 E是一种置乱, 它利用了伪随机数和另一数 (称为 RA) 进 行异或作用得到的数仍是伪随机数, 伪随机数与 RA的产生都应尽量与变 换 E的输入数据有关, 伪随机数序列的产生依公式  The transformation E is a kind of scrambling. It uses a pseudo-random number and another number (called RA) to perform an exclusive OR operation. The number obtained is still a pseudo-random number. The generation of the pseudo-random number and RA should be as far as possible with the transformation. The input data of E is related to the generation of the pseudo-random number sequence according to the formula
xi<2= (x, · x..,) M0D M 当 x,.2≠l时 x i <2 = (x, · x ..,) M0D M when x ,. 2 ≠ l
X -小于 M的最大素数 当 1时  X-the largest prime number less than M when 1
其中, M为素数, xc≠0 , M; χ,≠0 , 1 , Μ; ί = 0 , 1 , ·· · , (n - 2 ) , η为自然数。 Among them, M is a prime number, x c ≠ 0, M; χ, ≠ 0, 1, Μ; ί = 0, 1, ··, (n-2), η is a natural number.
由密盒替代所得到的 64比特的数据作为本过程的输入, 对变换 Ε的 操怍可以是这样的: 首先把 64比特的输入数据依次赋予 SX; The 64-bit data obtained by substituting the secret box is used as the input of this process. The operation on the transformation E can be as follows: First, the 64-bit input data is sequentially assigned to SX ;
7  7
的长度是一个字节; 令变量 S为一个字节长, 据公式 S= (∑ SX^ OD 256, i = 0 7 The length is one byte; let the variable S be one byte long, according to the formula S = (∑ SX ^ OD 256, i = 0 7
求出 S; 如果 0, 则令 SX。= 241, SX 239。 然后从 的首部开始依 i = 0 Find S; if 0, then SX. = 241, SX 239. Then from the beginning, i = 0
次搜索第一次出现的非 0非 251值的字节, 如果找到了, 就把该字节作为 第一噪声源, 如未找到, 则把 241作为第一噪声源; 再从 的尾部开始 逆序搜索第一次出现的非 0, 非 1, 非 251值的字节, 如找到了, 就把该 字节作为第二噪声源, 如未找到, 则把 239作为第二噪声源。 把 8作为循 环数, 且令变量 i = 0, 在循环体中, 第一阶段操怍是把第一噪声源乘以 第二噪声源, 把其乘积除以 251, 得到余数 R, 把(R S®SX,)的值给 SX^ 第二阶段是把本次循环的第二噪声源作为下一个循环的第一噪声源, 把 余数 R作为下一个循环的第二噪声源, (如果 R= l, 则把 239作为第二噪声 源)。 接着把变量 i增加 1, 如循环未结束, 则又回到循环体的开始, 执 行循环体中的操作, 如果循环结束, 则把 SXi ( i = 0 , 7 )怍为加密函数 F的 结果输出。 Search for the first non-zero non-251-valued byte. If found, use the byte as the first noise source. If it is not found, use 241 as the first noise source. Then start from the tail and reverse the order. Search for the first non-zero, non-one, and non-251-valued bytes. If found, use the byte as the second noise source. If not, use 239 as the second noise source. Let 8 be the number of loops, and let the variable i = 0. In the loop body, the first stage operation is to multiply the first noise source by the second noise source, divide the product by 251, and get the remainder R, and (RS ®SX,) to SX ^ The second stage is to use the second noise source in this cycle as the first noise source in the next cycle, and the remainder R as the second noise source in the next cycle, (if R = l , Then use 239 as the second noise source). Then increase the variable i by 1, if the loop is not over, then return to the beginning of the loop body, execute the operations in the loop body, and if the loop ends, output SXi (i = 0, 7) as the result of the encryption function F .
变换 E的搡作还可以是这样的: 如图 22所示, 把 64比特的输入数据 依次赋予 SX i - 0 , 3 ) ' SXi的长度是一个字, 相应于上述的变换 E的操作, 相应的改动值之处可以根据以下的事实: (1 )在无符号的整数中, 一个 字节的最大值为 255, —个字的最大值为 65535; ( 2)在一个字节的范围 内, 素数从大到小的排列依次是: 251, 241, 239, 233, 在一个 字的范围内, 相应的排列是: 65521, 65519, 65497, 65479, . . .。  The operation of transforming E can also be as follows: As shown in FIG. 22, the 64-bit input data is sequentially assigned to SX i-0, 3) 'The length of SXi is one word, corresponding to the above-mentioned operation of transforming E, correspondingly The value of the change can be based on the following facts: (1) in an unsigned integer, the maximum value of a byte is 255, the maximum value of a word is 65535; (2) within the range of one byte, The order of the prime numbers from big to small is: 251, 241, 239, 233, and within a word range, the corresponding arrangement is: 65521, 65519, 65497, 65479,....
根据以上所说明的文件加密处理方法, 在以上所迷本发明的实施 中, 还可以优选地 : 以软件形式(如经编程、 编译、 连接等工序而形成 为搡作系统的外部加密命令文件, 或带有后缀 " EXE" 的可执行文件)或 固化于各类 ROM, PROM做成 LSI芯片中。 同样优选地, 在计算机运行中, 可以不必在程序中为数据文件开辟一个专门的数据区, 而向搡作系统申 请一块位于高端地址的内存贮器, 如图 1中所示的内存块 B, 用来放置数 据文件, 以能够充分使用硬件条件下最大有效内存 (按照目前搡作系统 提供的枝术, 一次可以加密 1兆字节长度的数据文件, 即可以加密近 50 万字的一本中文书籍) 。 反之, 解密亦然。 在编程时, 可优选地使用汇 编语言。 According to the file encryption processing method described above, in the implementation of the present invention described above, it may also be preferable to: form an external encryption command file in the form of a software system (for example, through programming, compilation, linking, etc.), Or an executable file with the suffix "EXE") or solidified in various ROMs, PROMs are made into LSI chips. It is also preferable that in the operation of the computer, it is not necessary to open a special data area for the data file in the program, but to apply to the operating system for an internal memory located at a high-end address, such as the memory block B shown in FIG. 1 , to place the data file to be sufficiently effective maximum memory hardware under conditions (in accordance with the present sticks for shoving system provides, one can encrypt data length of 1 megabyte file, i.e. can encrypt a nearly 50 million words Chinese books). Conversely, decryption is no different. When programming, assembly language may be preferably used.
如果用户认为必要的话, 还可以把第一次加密所产生的目标文件作 为第二次加密的源文件, 依此类推, 可以进行多次的加密, 加密进行了 多少次, 解密也要进行相同的次数, 就可以恢复早先的明文。 加密命令包括可以用在中文搡怍系统, 也可以用在英文操作系统中, 或其他语言的搡作系统中。 If the user considers it necessary, the target file generated by the first encryption can also be used as the source file of the second encryption, and so on. It can be encrypted multiple times, how many times the encryption is performed, and the same decryption. The number of times you can restore the previous plaintext. Encryption commands can be used in Chinese operating systems, English operating systems, or operating systems in other languages.
在计算机存贮系统和计算机通讯系统中, 本发明可以适用于包括文 本文件、 表格文件、 图形文件、 图像文件、 库函数文件乃至可执行文件 等。  In computer storage systems and computer communication systems, the present invention can be applied to include text files, form files, graphic files, image files, library function files, and even executable files.
本发明提出的数据加密法还可以用在实时的通讯系统中, 包括用于 图像数字讯号, 声音数字讯号的加密与解密。 也可以用在无线电通讯中。  The data encryption method proposed by the present invention can also be used in real-time communication systems, including encryption and decryption for digital image signals and digital audio signals. Can also be used in radio communications.
本发明提出的数据文件加密处理方法包括可以用在微型计算机上, 也可以用在小型计算机上。  The data file encryption processing method provided by the present invention includes that it can be used on a microcomputer, and can also be used on a small computer.
本发明提出的数据文件加密处理方法包括适用于单用户搡作系统, 也适用于多用户搡作系统。 有益效果  The data file encryption processing method provided by the present invention includes a single-user operation system and a multi-user operation system. Beneficial effect
本发明与目前国内、 外的 DES 算法及其变种相比,有以下几个有益 的技术效果:  Compared with the current domestic and foreign DES algorithms and their variants, the present invention has the following beneficial technical effects:
1 .密钥量大为 211∑, 且由健盘取得的密钥长度可变。 1. The key amount is 2 11∑ , and the key length obtained from the disk is variable.
2 .本发明提出了一个密盒群, 共有(16! ) 2个密盒。 在每一个替代 密盒中, 有 16个密表; 相同的行号、 列号在 16个密表中的元素各不相同; 在 16个密表中, 同一列上的各元素值不同, 同一行上的各元素也不相同。 所以, 每一次的密盒替代是贯彻了 "一次一密" 体制的。 2. The present invention proposes a secret box group with a total of (16!) 2 secret boxes. In each alternative secret box, there are 16 secret tables; the elements of the same row number and column number in the 16 secret tables are different; in the 16 secret tables, the values of the elements on the same column are different and the same The elements on the line are also different. Therefore, every time the replacement of the secret box is implemented the "one time one secret" system.
3 .把变换 E与伪随机数联系起耒, 使变换 E成了 "黑盒子" 。 在加密 函教中. 它与替代密盒连接而成为一体。 采用这种技术方案, 使用本算 法在理论上是不可破译的。  3. Associate the transformation E with a pseudo-random number, making the transformation E a "black box". In encrypted correspondence, it is connected with the replacement secret box to become one. With this technical solution, the use of this algorithm is theoretically indecipherable.
4 .对数据文件使用了往复式的滑动分组编链法。 它有二个好处: U ) 改变源文件中的任一比特值, 都会使目标文件中的任一比特都有发生变 化的可能。 (2 :>不需要密码块编链法 CBC中的初始变量 IV, 使得本发明便 于和公开密钥体制进行衔接。 (3 )更难破译。  4. Use a reciprocating sliding grouping method for data files. It has two benefits: U) Changing any bit value in the source file will make any bit in the target file changeable. (2:> The initial variable IV in the CBC is not required for the cipher block chaining method, which makes the invention easier to connect with the public key system. (3) It is more difficult to decipher.
5 .对用户密钥码值的高 4位分别进行与伪随机数字序列的异或运算, 可以使人的行为习惯不会在密文中表现出耒, 增加了破译困难。  5. Perform XOR operation on the upper 4 digits of the user key code value with the pseudo-random number sequence separately, which can prevent people's behavior habits from showing up in the cipher text, which increases the difficulty of deciphering.
6 .在本发明中, 可优选地把搡作对象即数据文件放置在计算机内存 的高端. 这样就可充分利用内存, 对一定长度的数据文件进行加密 (或 解密) , 而且还能形成搡作系统的外部加密命令, 增强了文件管理类型 命令的功能, 丰富了操作系统的内容。 7.相对于那些码块校短的算法来说, 本发明由于加密的各个码块的 长度为 16字节, 就容易使官文值在 0~ 255上的分布得更理想。 6. In the present invention, it may be preferable to place the operation object, that is, the data file, at the high end of the computer memory. In this way, the memory can be fully utilized to encrypt (or decrypt) a data file of a certain length, and can also form an operation The external encryption command of the system enhances the function of the file management type command and enriches the content of the operating system. 7. Compared to those algorithms for shortening code blocks, since the length of each encrypted code block of the present invention is 16 bytes, it is easy to make the distribution of official text values between 0 and 255 more ideal.
上面以本发明优选实施例对本发明给予了说明, 可以理解在不脱离 本发明后附权利要求的精神下, 本领域的技术人员可以做出多种改进与 变形。  The present invention has been described above with reference to the preferred embodiments of the present invention. It can be understood that those skilled in the art can make various improvements and modifications without departing from the spirit of the appended claims.

Claims

权利要求书 1 . 一种文件加密处理方法, 在常规的计算机及其外围设备所构成的系 统中 (包括计算机存贮系统, 计算机通讯系统, 中央处理器、 内存 器、 键盘、 显示器、 磁盘驱动器、 打印机、 通讯接口、 软盘, 它们之间用控 制总线、 地址总线、 数据总线连接起来) , 在搡作系统控制下, 针对用 户指定的目标文件进行加密 (或解密) 工怍, 步骤如下: Claim 1. A file encryption processing method in a system composed of a conventional computer and its peripheral devices (including a computer storage system, a computer communication system, a central processing unit, a memory, a keyboard, a display, a disk drive, The printer, communication interface, and floppy disk are connected by control bus, address bus, and data bus.) Under the control of the operating system, the encryption (or decryption) of the target file specified by the user is performed as follows:
( 1 ) 由用户确定: 加密 (或解密) 的工作模式; 源文件名及其路径; 目标文件名及其路径; 用户密钥;  (1) Determined by the user: working mode of encryption (or decryption); source file name and path; target file name and path; user key;
( 2 ) 根据用户上述输入, 在内存中记录工作模式 (加密或解密) ; (2) recording the working mode (encryption or decryption) in the memory according to the above input by the user;
( 3) 根据用户确定的用户密钥, 当其是从内存中取得时, 就直接把 16字节长的用户密钥作为源密钥; (3) According to the user key determined by the user, when it is obtained from the memory, the 16-byte user key is directly used as the source key;
( 4 ) 根据用户确定的用户密钥, 当其由键盘输入取得时, 共有 ASCII 码值由 2 OH到 7EH的 95个码值被用作用户密钥, 其字节长度可在 1 - 16之间 变化, 当其长度小于 16字节时, 把其补足到 16字节其过程为:  (4) According to the user key determined by the user, when it is obtained by keyboard input, a total of 95 ASCII code values from 2 OH to 7EH are used as the user key, and its byte length can be between 1-16 If the length is less than 16 bytes, the process to make it up to 16 bytes is:
把补充的密钥字节量作为循环数, 把用户密钥的首字节作为第一噪 声源, 末字节怍为第二噪声源, 在循环体中, 先将第一噪声源乘以第二 噪声源, 其乘积除以 10, 如果其商的 8位等于零, 则把商的高 8位作为 补充密钥, 如果其商的低 8位不等于零, 则把商的低 8位作为补充密钥, 然后把补充密钥作为第二噪声源, 如果循环没结束又回到循环体的开始, 执行循环体中的搡作, 如循环结束, 则把补充¾钥的首字节逻辑乘 1FH;  Take the supplementary key byte amount as the number of cycles, the first byte of the user key as the first noise source, and the last byte as the second noise source. In the loop body, first multiply the first noise source by the first Two noise sources, the product of which is divided by 10. If the 8 digits of the quotient are equal to zero, the upper 8 digits of the quotient are used as the supplementary key. Key, and then use the supplementary key as the second noise source. If the loop does not end and then returns to the beginning of the loop body, perform the operation in the loop body. If the loop ends, multiply the first byte of the supplementary key by 1FH logically;
继而对键盘输入的用户密钥每字节的高 4位进行伪随机数处理, 其 过程为:  Then the pseudo-random number processing is performed on the upper 4 bits of each byte of the user key entered by the keyboard. The process is:
把键盘输入的用户密钥的字节长度作为循环数, 把键盘输入的用户 密钥的首字节作为第一噪声源, 末字节作为第二噪声源, (如果有补充 密钥的话, 则把补充密钥的末字节作为第二噪声源) , 在循环体中, 先 将第一噪声源乘以第二噪声源, 上述的乘积除以 10 , 如果其商的低 8位 等于零, 则把商的高 8位作为第二噪声源, 如果其商的低 8位不等于零, 则把商的低 8位怍为第二噪声源; 然后执行下面的搡怍, 如果第二噪声 源的高 4位等于零, 则把密钥的高 4位异或第二噪声源的低 4位, 如果第 二噪声源的高 4位不等于零,则把密钥的高 4位异或第二噪声源的高 4位; 将上述结果中的第二噪声源作为下一个循环的输入进行循环, 如循环没 结束, 又回到循环体的开始, 执行循环体中的橾怍, 直至循环结束, 如 此形成 16字节长的源密钥; Take the byte length of the user key entered by the keyboard as the cycle number, the first byte of the user key entered by the keyboard as the first noise source, and the last byte as the second noise source, (if there is a supplementary key, then The last byte of the supplementary key is used as the second noise source), in the loop body, the first noise source is first multiplied by the second noise source, the above product is divided by 10, and if the lower 8 bits of the quotient are equal to zero, then The high 8 bits of the quotient are used as the second noise source. If the low 8 bits of the quotient are not equal to zero, the low 8 bits of the quotient are used as the second noise source. Then the following 搡 怍 is performed. If 4 bits are equal to zero, the high 4 bits of the key are XORed with the lower 4 bits of the second noise source. If the high 4 bits of the second noise source are not equal to zero, the high 4 bits of the key are XORed with the second noise source. Upper 4 bits; loop through the second noise source in the above result as the input of the next loop, if the loop does not end, return to the beginning of the loop body, execute the 橾 怍 in the loop body until the end of the loop, such as This forms a 16-byte long source key;
(5) 根据所得到的源密钥通过压缩置换及逻辑移位等变换计算而得 到子密钥, 其过程如下:  (5) According to the obtained source key, a sub-key is obtained through transformation calculation such as compression permutation and logical shift. The process is as follows:
由源密钥计算子密钥, I6字节的源密钥共有 128比特, 先将这 128比 特从首部开始依位置顺序编号为 I,2,3,... ,127,128, 经过压缩置换 1成 为 C。D。, 再经逻辑移位成为 CA -1,32), 经压缩置换 2后输出, 其中 εΑ(ί = 1,32)的产生由函数 1^与(^, 分别决定, 即由下式所示: Calculate the sub-key from the source key. The 6- byte source key has 128 bits in total. The 128 bits are numbered I, 2 , 3 , ..., 127, 128 in sequence from the beginning. Become C. D. , And then logically shift to CA -1, 32 ), and output after compression and replacement 2, where εΑ (ί = 1, 3 2) is generated by the functions 1 ^ and (^, respectively, as shown by the following formula :
D^LM, (D^J (i=l,32)  D ^ LM, (D ^ J (i = l, 32)
其中函数 1^表示逻辑移位, 如下表所示:  The function 1 ^ represents a logical shift, as shown in the following table:
压缩置换 1如下表所示, 把源密钥的第 115位作为 C。D。的第 1位, 把源 密钥的第 99位作为 C。D。的第 2位, 依此类推, 形成了 112比特长的 C。D。; Compression substitution 1 is shown in the following table, and the 115th bit of the source key is taken as C. D. The first bit is the C bit. D. The second bit, and so on, forms C, which is 112 bits long. D. ;
替换 ¾(铽则第 26条) 1 15 99 83 67 5 1 35 19 3 Replace ¾ (Article 26 ) 1 15 99 83 67 5 1 35 19 3
1 17 101 85 69 53 37 21 5  1 17 101 85 69 53 37 21 5
1 19 103 87 71 55 39 23 7  1 19 103 87 71 55 39 23 7
123 107 91 75 59 43 27 1 1  123 107 91 75 59 43 27 1 1
125 109 93 77 61 45 29 13  125 109 93 77 61 45 29 13
127 111 95 79 63 47 31 15  127 111 95 79 63 47 31 15
1 14 98 82 66 50 34 18 2  1 14 98 82 66 50 34 18 2
128 1 12 96 80 64 48 32 16  128 1 12 96 80 64 48 32 16
126 1 10 94 78 62 46 30 14  126 1 10 94 78 62 46 30 14
124 108 92 76 60 44 28 12  124 108 92 76 60 44 28 12
122 106 90 74 58 42 26 10  122 106 90 74 58 42 26 10
120 104 88 72 56 40 24 8  120 104 88 72 56 40 24 8
118 102 86 70 54 38 22 6  118 102 86 70 54 38 22 6
1 16 100 84 68 52 36 20 4  1 16 100 84 68 52 36 20 4
压缩置换 2如下表所示, 把 的第 14位作为 K,的第 1位, 把 的第 27 位作为 K,的第 2位, 依此类推, 形成了 96比特长的子密钥 Κ,; 在形成每一 个子密钥 K, ( i = l , 32)时, 压缩置换 2都是相同的, 只是对应的 各不相 同; Compression permutation 2 is shown in the following table, with the 14th bit as the first bit of K, the 27th bit as the second bit of K, and so on, forming a 96-bit long subkey K, When forming each sub-key K, (i = l, 32), the compression permutation 2 is the same, but the corresponding ones are different;
14 27 31 1 6 101 93 80 14 27 31 1 6 101 93 80
4 94 43 26 67 59 15 97  4 94 43 26 67 59 15 97
23 57 36 75 50 109 39 9  23 57 36 75 50 109 39 9
49 106 69 7 32 72 86 52  49 106 69 7 32 72 86 52
102 66 28 78 112 11 38 60  102 66 28 78 112 11 38 60
91 8 87 47 81 62 17 103  91 8 87 47 81 62 17 103
54 96 16 88 34 110 84 42  54 96 16 88 34 110 84 42
73 58 85 21 99 51 2 79  73 58 85 21 99 51 2 79
45 111 46 89 56 10 74 68  45 111 46 89 56 10 74 68
55 5 】06 37 70 95 48 22  55 5] 06 37 70 95 48 22
13 19 77 104 24 40 90 63  13 19 77 104 24 40 90 63
30 108 33 64 20 98 41 82  30 108 33 64 20 98 41 82
替换页(铀則第 26条) ( 6 ) 根据用户所确定的源文件及路径名, 将源文件读入内存; Replacement page (Article 26 of the Uranium Code) (6) reading the source file into the memory according to the source file and the path name determined by the user;
( 7 ) 对源文件进行滑动分组, 步骤如下:  (7) Sliding grouping the source files, the steps are as follows:
把前一组码块的加密(或解密)  Encrypt (or decrypt) the previous set of code blocks
结果的后面二个字节作为后一码块的前二个字节, 在正向滑动搡作模式 下, 这样的一組一組的码块经加密(或解密)后, 产生了同样组数的新的 码块, 然后又以逆向方式对前述的新的码块组成的数字序列进行滑动分 組, 即从新的数据系列的尾部开始进行滑动分組, 处理方法是把前一组 码块的加密(或解密)结果的后面二个字节作为后一码块的前二个字节, 这样的一组一組的码块经加密(或解密)后, 就产生了对应于源文件的目 标文件, 即密文 (或明文) ; The last two bytes of the result are the first two bytes of the next code block. In the forward sliding operation mode, such a set of code blocks are encrypted (or decrypted) to produce the same number of groups. The new code block of the new code block is then slidingly grouped in a reverse manner to the digital sequence composed of the foregoing new code block, that is, sliding grouping is started from the end of the new data series. The processing method is to encrypt the previous set of code blocks (Or decryption) The last two bytes of the result are used as the first two bytes of the next code block. After such a set of code blocks are encrypted (or decrypted), a target file corresponding to the source file is generated. Ie ciphertext (or plaintext);
( 8 ) 对源文件计算滑动分组码块数量和碎块长度, 其步骤如下: 先取文件的字节长度除以 14, 如加密, 则把(商 + 1 )作为商, 然后把 (8) Calculate the number of sliding block code blocks and the fragment length for the source file. The steps are as follows: first divide the byte length of the file by 14;
( 14 -余数)作为碎块字节长度, 把商给码块数量;如不加密, 则直接把 商给码块数量; (14-remainder) as the length of the fragmented byte, the number of code blocks is given to the quotient; if it is not encrypted, the number of code blocks is given directly to the quotient;
( 9 ) 对源文件处理碎块, 其步骤如下:  (9) Process the fragmentation of the source file, the steps are as follows:
对于滑动分組剩下的一些明文信息增加一些信息使之凑齐一组数据, 所增加的信息必须包含有一个特殊信息即碎块长度, 使之在解密时, 据 此把新增加的信息截断, 完整地恢复原明文的面貌, 其余的新增信息用 伪随机数填充, 其做法是把(碎块长度 - 1)作为循环数, 循环数等于零, 直接将碎块长度送至碎块区; 循环数不等于零, 则把源密钥的首字节作 为第一噪声源, 把源密钥的末字节作为第二噪声源, 在循环体中, 先将 第一噪声源乘以第二噪声源, 上述的乘积除以 10, 如果其商的低 8位等 于零, 则把商的高 8位作为第二噪声源, 如果其商的低 8位不等于零, 则 把商的低 8位怍为第二噪声源; 然后把第二噪声源送到碎块区, 如循环 末结束, 则又返回到循环体的开始, 执行循环体中的搡作, 循环结束则 把碎块长度送至碎块区;  For some remaining plaintext information of the sliding packet, add some information to make it a set of data. The added information must contain a special information, that is, the fragment length, so that when decrypted, the newly added information is truncated accordingly. The original plain text is completely restored, and the remaining new information is filled with pseudo-random numbers. The method is to use (fragment length-1) as the number of cycles, and the number of cycles is equal to zero, and directly send the length of the fragment to the fragment area; If the number is not equal to zero, the first byte of the source key is used as the first noise source, and the last byte of the source key is used as the second noise source. In the loop body, the first noise source is first multiplied by the second noise source. The above product is divided by 10. If the lower 8 bits of the quotient are equal to zero, the upper 8 bits of the quotient are used as the second noise source. If the lower 8 bits of the quotient are not equal to zero, the lower 8 bits of the quotient are counted as the first noise source. Two noise sources; then send the second noise source to the fragment area, if the end of the cycle ends, return to the beginning of the cycle body, perform the operation in the cycle body, and send the fragment length to the fragment area at the end of the cycle ;
( 10 )对所得的源文件各码块进行加密 (或解密) 处理, 采取了往复 进行的形式, 其步骤如下: 第一次由源文件头开始侬次对各滑动分組码 块进行加密(或解密), 第二次则从文件尾部开始, 逆向进行; 首先是把 码块数量作为循环数, 把源数据地址指针和目标数据地址指针均指向文 件緩冲区首地址, 在循环体中, 先执行加密算法, 然后把源数据地址指 针、 目标数据地址指针均增加 14, 循环末结束则又返回到循环体的开始, 执行循环体中的搡作, 循环结束就得到了一个新的数字序列, 然后对这 个新的数字序列进行逆向方式的加密 (或解密) , 把码块数量作为循环 数, 把源数据地址指针和目标数据地址指针均栺向新的数字序列末第 16 字节处, 在循环体中, 先执行加密算法, 然后把源数据地址指针、 目标 数据地址指计均减少 14, 如循环未结束则回到循环体的开始, 执行循环 体中的搡作, 如循环已经结束就得到了源文件所对应的密文 (或明文) , 任务完成后, 返回操作系统; (10) Encrypting (or decrypting) each code block of the obtained source file, which takes the form of reciprocating, the steps are as follows: The first time the source file header is used to encrypt (or Decryption), the second time starts from the end of the file and proceeds in the reverse direction; the first is to use the number of code blocks as the number of loops, and the source data address pointer and the target data address pointer both point to the first address of the file buffer. In the loop body, first Execute the encryption algorithm, and then increase the source data address pointer and the destination data address pointer by 14, return to the beginning of the loop body at the end of the loop, execute the operation in the loop body, and obtain a new sequence of numbers at the end of the loop. Then for this A new digital sequence is encrypted (or decrypted) in a reverse manner. The number of code blocks is used as the cycle number. Both the source data address pointer and the destination data address pointer are directed to the end of the new digital sequence at the 16th byte. In the encryption algorithm, the source data address pointer and the target data address pointer are both reduced by 14. If the loop is not ended, the loop body is returned to the beginning of the loop body, and the operation in the loop body is executed. The ciphertext (or plaintext) corresponding to the source file is returned to the operating system after the task is completed;
所述加密算法由初始置换, 乘积变换, 逆初始置换所组成, 输入 128 比特的明文(密文)和长度为 12字节的子密钥 32个, 其输出是 128比特的密 文(明文);  The encryption algorithm consists of an initial permutation, a product transform, and an inverse initial permutation. A 128-bit plaintext (ciphertext) and 32 subkeys with a length of 12 bytes are input, and the output is a 128-bit ciphertext (plaintext). ;
初始置换的方案如下表所示, 把输入数据的第 122位作为初始置换 结果的第 1位, 把输入数据的第 114位怍为初始置换结果的第 2位, 依此 类推, 获得经初始置换后的 128比特的输出数据;  The initial replacement scheme is shown in the following table. The 122nd bit of the input data is the first bit of the initial replacement result, the 114th bit of the input data is the second bit of the initial replacement result, and so on. The next 128 bits of output data;
122 1H 106 98 90 82 74 66 58 50 34 26 18 ]0 2 122 1H 106 98 90 82 74 66 58 50 34 26 18] 0 2
116 108 100 92 &i 76 68 60 62 36 28 20 12  116 108 100 92 & i 76 68 60 62 36 28 20 12
126 118 110 102 Si 86 78 70 62 bi 46 38 30 22 M 6  126 118 110 102 Si 86 78 70 62 bi 46 38 30 22 M 6
128 120 112 104 96 88 80 72 64 ,66 <8 40 32 IK 16 6  128 120 112 104 96 88 80 72 64, 66 <8 40 32 IK 16 6
121 113 105 97 89 81 73 65 67 A 9 < 1 33 25 )7 9 1  121 113 105 97 89 81 73 65 67 A 9 <1 33 25) 7 9 1
123 116 107 99 91 83 75 67 69 51 36 27 19 11 3  123 116 107 99 91 83 75 67 69 51 36 27 19 11 3
125 117 109 101 93 85 77 69 61 53 u 37 29 Ί 1 i 3 i>  125 117 109 101 93 85 77 69 61 53 u 37 29 Ί 1 i 3 i>
127 119 1 I 1 103 95 87 79 71 63 55 39 3! 23 1 7  127 119 1 I 1 103 95 87 79 71 63 55 39 3! 23 1 7
乘积变换是一个不断迭代的过程, 共进行 32次, 初始置换的输出作 为第一次迭代的输入, 以后的搡作就是把前一次迭代的输出怍为后一次 迭代的输入, 第 32次迭代的结果作为逆初始置换的输入; 在图 15中, 用 0表示每一次迭代綸出(或输入)数据的奇数字节, E表示偶数字节, F表 示加密函数, 加密时, 对第 i次的迭代使用了子密钥 Κ,, 并且 Ο,-Ε^, E^FiE, ,)©0^ ( 1 = 1,32), 解密时, 对第 i次的迭代使用了子密钥 Κ33 ι 并且 E, =。, ^O^FiO, (i = l,32); Product transformation is a process of continuous iteration, which is performed a total of 32 times. The output of the initial replacement is used as the input of the first iteration. The subsequent operation is to use the output of the previous iteration as the input of the next iteration. The result is used as the input of the inverse initial permutation. In FIG. 15, 0 is used to represent the odd-numbered sections of data in each iteration, E is an even-numbered section, and F is an encryption function. Iteratively used sub-keys K ,, and Ο, -Ε ^, E ^ FiE,,) © 0 ^ (1 = 1,32), when decrypting, the sub-key κ 33 and E, = were used for the i-th iteration. , ^ O ^ FiO, (i = l, 32);
逆初始置换的方案如下表所示, 把乘枳变换的最后结果的第 80位作为逆 初始置换结果的第 1位把乘积变换的最后结果的第 16位作为逆初始置换 结果的第 2位, 侬此类推, 获得逆初始置 换后的 128比特的输出数据。  The scheme of the inverse initial permutation is shown in the following table. The 80th bit of the final result of the multiplicative transformation is the first bit of the inverse initial permutation result. The 16th bit of the final result of the product transformation is the second bit of the inverse initial permutation result. By analogy, the 128-bit output data after inverse initial permutation is obtained.
80 16 96 32 112 128 64 79 15 95 3] 111 127 6380 16 96 32 112 128 64 79 15 95 3] 111 127 63
78 M 94 30 110 126 62 77 13 93 29 109 125 6178 M 94 30 110 126 62 77 13 93 29 109 125 61
76 12 92 28 108 a 124 60 75" 11 9) 27 107 i2 123 69 76 12 92 28 108 a 124 60 75 "11 9) 27 107 i2 123 69
U 10 90 26 ]06 <2 122 58 73 9 89 25 105 1 121 i)7 U 10 90 26] 06 <2 122 58 73 9 89 25 105 1 121 i) 7
72 8 88 H I(M AO 120 56 71 7 87 23 103 39 119 bi>72 8 88 H I (M AO 120 56 71 7 87 23 103 39 119 bi>
70 6 86 11 \U2 38 118 54 69 b 85 21 101 3V i n 6370 6 86 11 \ U2 38 118 54 69 b 85 21 101 3V i n 63
68 4 84 20 100 36 116 52 67 3 83 19 99 35 115 5168 4 84 20 100 36 116 52 67 3 83 19 99 35 115 51
66 2 82 18 98 34 1 H 50 6S 1 81 17 97 33 113 49 66 2 82 18 98 34 1 H 50 6S 1 81 17 97 33 113 49
所迷加密函数 F是算法的核心, 它是由扩展变换, 异或子密钥运算, 密盒替代, 变换 E所组成, 对于输入 64比特的数据,先经过扩展变换成 96比特的数据, 再把扩展变换的结果和 96比特的子密钥进行异或怍用, 得到异或的结果为 96比特的数据, 又经密盒替代成 64比特的数据, 最后 经过变换 E, 输出 64比特数据; The encryption function F is the core of the algorithm. It consists of extended transformation, XOR sub-key operation, replacement of the secret box, and transformation E. For the input 64-bit data, it is first extended and transformed into 96-bit data. XOR the result of the extended transformation with the 96-bit sub-key to obtain the XOR result of 96-bit data, and then replace the 64-bit data with the secret box. Finally, transform E to output 64-bit data;
所迷扩展变换如下表所示, 表示了扩展变换的规则, 它将 64比特的 输入数据变成 96比特的输出数据, 将输入序列的第 64位作为输出序列的 第 1位, 将输入序列的第 1位怍为输出序列的第 2位, 依此类推, 进行搡 怍; I 2 3 4 5 < b The extended transformation is shown in the following table, which shows the rules of extended transformation. It converts 64-bit input data into 96-bit output data, uses the 64th bit of the input sequence as the first bit of the output sequence, and The first bit 怍 is the second bit of the output sequence, and so on; I 2 3 4 5 <b
6 7 8 9 8 9 10 11  6 7 8 9 8 9 10 11
12 13 12 13 M 15 16 17  12 13 12 13 M 15 16 17
16 17 18 19 20 21 20 21  16 17 18 19 20 21 20 21
22 23 24 26 H 26 26 27  22 23 24 26 H 26 26 27
28 29 28 29 30 31 32 33  28 29 28 29 30 31 32 33
32 33 " 36 36 37 36 37  32 33 "36 36 37 36 37
38 39 40 a 40 41 i2 43  38 39 40 a 40 41 i2 43
" <7 iS "  "<7 iS"
60 61 62 63 62 63  60 61 62 63 62 63
56 57 & 6 67 58 69  56 57 & 6 67 58 69
60 61 60 61 62 63 Si 1  60 61 60 61 62 63 Si 1
所述密盒替代是一种压缩替换, 本发明的每一个密盒中有 16个密表, 每一个密表分成为 4行 X 16列, 把输入的 96比特数据依次平均分成 16 組, 每组 6比特, 每一组的替代依次对应一个密表, 在 6比特的输入数据 中, 头尾 2比特组成行号, 中间 4比特组成列号, 侬此行号、 列号在吋应 的密表中提取出元素值作为输出, 各组的输出依次组合在一起, 成为密 盒替代的输出数据 64比特; The secret box replacement is a compression replacement. Each secret box of the present invention has 16 secret tables, each of which is divided into 4 rows and 16 columns, and the input 96-bit data is divided into 16 groups in order. Group of 6 bits, each group of substitutions corresponds to a secret table in turn. In the 6-bit input data, the first 2 bits form the row number, and the middle 4 bits form the column number. This row number and column number are in the appropriate secret. The element values are extracted from the table as output, and the output of each group is combined together in order to become the 64-bit output data replaced by the secret box;
所述变换 E是一种置乱, 它利用了伪随机数和另一数进行异或怍用 得到的数仍是伪随机数。  The transformation E is a kind of scrambling, and it uses a pseudo-random number and another number to perform an exclusive OR operation. The number obtained is still a pseudo-random number.
2. 如权利要求 1所述的文件加密处理方法, 其中所述的密盒替代中可 以有一个密盒的 16个密表如下表 A、 表 B所示; 2. The file encryption processing method according to claim 1, wherein the secret box replacement may include one secret box and 16 secret tables as shown in Table A and Table B below;
如果把表 表 B所示的 I6个密表中的任意 2个 表的位置对调. 则 組成了一个新的密盒; 如果把表 、 表 B所示的列号相同的任意 2个 ' 1的 位置同时对调 (或是把前述的新的 盒的列号相同的任意二个列的 ϋ置 同时对调) , 则也组成了一个新的密盒, 依此类推, 可以知道本发明提 出了一个密盒群, 共有 (16! ) 2个密盒; 列 号 If any of the positions shown in exemplar cryptograms B I 6 Table 2 table is reversed to form a new secret cartridge; if the table, the table number of the same as shown in any column B 2 '1 The positions of the two are reversed at the same time (or the arrangement of any two columns with the same column number of the new box is reversed at the same time), then a new secret box is also formed, and so on. It can be known that the present invention proposes a Secret box group, a total of (16!) 2 secret boxes; Column number
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 so 行 0 15 1 5 6 10 9 4 12 8 11 2 7 3 0 13 14 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 so row 0 15 1 5 6 10 9 4 12 8 11 2 7 3 0 13 14
1 6 5 15 10 9 4 1 2 0 7 13 12 11 14 8 3 号 2 8 6 14 1 3 7 9 0 12 10 5 4 2 11 15 131 6 5 15 10 9 4 1 2 0 7 13 12 11 14 8 3 No. 2 8 6 14 1 3 7 9 0 12 10 5 4 2 11 15 13
3 1 2 0 8 11 5 10 13 9 14 6 15 4 7 3 12 3 1 2 0 8 11 5 10 13 9 14 6 15 4 7 3 12
SI 10 2 7 8 4 6 15 5 9 0 1 13 14 12 3 11 SI 10 2 7 8 4 6 15 5 9 0 1 13 14 12 3 11
15 6 2 9 12 3 0 8 7 5 11 10 4 13 14 ] 15 6 2 9 12 3 0 8 7 5 11 10 4 13 14]
9 0 15 4 2 10 1 3 13 11 6 5 7 14 8 129 0 15 4 2 10 1 3 13 11 6 5 7 14 8 12
0 14 6 7 15 】3 9 10 8 ) 3 4 11 2 12 5 0 14 6 7 15】 3 9 10 8) 3 4 11 2 12 5
S2 14 10 8 7 3 5 2 6 15 9 0 4 12 11 1 13 S2 14 10 8 7 3 5 2 6 15 9 0 4 12 11 1 13
7 4 1 8 15 0 5 10 3 6 12 11 9 2 13 14 7 4 1 8 15 0 5 10 3 6 12 11 9 2 13 14
1 7 6 12 5 9 11 8 10 2 14 τ, 4 13 0 151 7 6 12 5 9 11 8 10 2 14 τ, 4 13 0 15
10 15 2 0 12 】4 1 ] ] 7 8 13 6 5 4 9 3 10 15 2 0 12】 4 1]] 7 8 13 6 5 4 9 3
S3 13 0 10 5 9 8 14 3 11 1 15 12 6 7 2 4 S3 13 0 10 5 9 8 14 3 11 1 15 12 6 7 2 4
8 7 0 1 11 15 4 9 5 13 10 14 3 12 6 2 8 7 0 1 11 15 4 9 5 13 10 14 3 12 6 2
2 1 5 3 4 11 12 7 15 9 13 10 8 0 14 62 1 5 3 4 11 12 7 15 9 13 10 8 0 14 6
11 5 4 2 3 】2 0 )4 6 15 8 13 10 9 7 1 11 5 4 2 3】 2 0) 4 6 15 8 13 10 9 7 1
S 7 9 6 4 2 13 5 11 12 10 14 ] 15 3 0 8 S 7 9 6 4 2 13 5 11 12 10 14] 15 3 0 8
3 2 5 7 ]4 1 8 0 6 4 15 9 13 10 11 12 3 2 5 7] 4 1 8 0 6 4 15 9 13 10 11 12
10 15 4 2 7 12 0 5. ]4 8 9 n 6 1 13 310 15 4 2 7 12 0 5.] 4 8 9 n 6 1 13 3
9 6 15 5 13 !0 4 I 3 11 7 14 2 12 8 0 9 6 15 5 13! 0 4 I 3 11 7 14 2 12 8 0
S5 3 11 9 2 8 12 13 4 7 5 10 6 1 15 14 0 S5 3 11 9 2 8 12 13 4 7 5 10 6 1 15 14 0
9 8 6 3 10 14 7 1 4 2 0 15 12 11 5 13 9 8 6 3 10 14 7 1 4 2 0 15 12 11 5 13
11 14 7 0 1 13 10 2 5 6 9 15 4 3 811 14 7 0 1 13 10 2 5 6 9 15 4 3 8
8 7 14 4 0 11 3 15 !2 10 5 2 6 1 13 9 8 7 14 4 0 11 3 15! 2 10 5 2 6 1 13 9
S6 8 4 15 9 5 10 3 1 2 12 13 0 11 14 7 6 S6 8 4 15 9 5 10 3 1 2 12 13 0 11 14 7 6
5 14 9 12 8 11 6 π 1 10 4 7 2 0 3 15 5 14 9 12 8 11 6 π 1 10 4 7 2 0 3 15
14 10 3 13 12 8 5 6 11 4 7 15 9 2 1 014 10 3 13 12 8 5 6 11 4 7 15 9 2 1 0
4 3 10 15 1 9 11 12 5 2 14 8 13 6 0 7 4 3 10 15 1 9 11 12 5 2 14 8 13 6 0 7
S7 4 3 2 10 12 15 6 9 1 8 7 14 0 13 11 5 S7 4 3 2 10 12 15 6 9 1 8 7 14 0 13 11 5
14 12 8 11 1 13 9 3 10 0 6 5 7 15 2 4 14 12 8 11 1 13 9 3 10 0 6 5 7 15 2 4
0 9 13 6 Π 】4 8 15 4 3 I 7 12 10 5 20 9 13 6 Π】 4 8 15 4 3 I 7 12 10 5 2
3 13 1 9 6 0 7 8 2 12 10 Π 14 5 A 15 表 A 替換页(细则第 26条) 列 号 3 13 1 9 6 0 7 8 2 12 10 Π 14 5 A 15 Form A replacement page (Article 26) Column number
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 行 0 6 5 14 0 15 11 8 7 10 13 12 2 4 1 9 3 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 rows 0 6 5 14 0 15 11 8 7 10 13 12 2 4 1 9 3
1 0 11 7 6 3 5 14 12 15 9 2 13 1 4 10 8 号 2 13 2 1 5 6 15 3 14 9 7 10 8 0 12 4 111 0 11 7 6 3 5 14 12 15 9 2 13 1 4 10 8 No. 2 13 2 1 5 6 15 3 14 9 7 10 8 0 12 4 11
3 2 4 3 I 10 7 12 5 13 0 11 9 15 8 6 14 3 2 4 3 I 10 7 12 5 13 0 11 9 15 8 6 14
S9 0 13 12 11 6 7 1 8 14 3 9 15 2 5 4 10 S9 0 13 12 11 6 7 1 8 14 3 9 15 2 5 4 10
11 3 14 5 2 12 10 4 13 1 8 6 15 9 0 7 11 3 14 5 2 12 10 4 13 1 8 6 15 9 0 7
5 8 0 14 10 6 15 9 3 12 2 1 13 7 1 I 45 8 0 14 10 6 15 9 3 12 2 1 13 7 1 I 4
13 0 11 10 14 4 8 2 1 9 12 7 3 15 5 6 13 0 11 10 14 4 8 2 1 9 12 7 3 15 5 6
S10 2 8 4 12 7 14 0 13 5 15 11 3 9 6 10 1 S10 2 8 4 12 7 14 0 13 5 15 11 3 9 6 10 1
1 10 3 4 13 6 11 15 12 8 9 2 14 5 7 0 1 10 3 4 13 6 11 15 12 8 9 2 14 5 7 0
12 5 9 11 8 0 2 4 1 14 15 13 ]0 3 6 712 5 9 11 8 0 2 4 1 14 15 13] 0 3 6 7
7 9 12 3 5 15 13 0 10 6 4 ] 8 14 2 11 7 9 12 3 5 15 13 0 10 6 4] 8 14 2 11
Sll 5 12 n 3 14 1 7 0 13 2 8 9 10 4 6 15 Sll 5 12 n 3 14 1 7 0 13 2 8 9 10 4 6 15
10 9 4 15 0 2 13 14 8 3 5 1 6 7 12 11 10 9 4 15 0 2 13 14 8 3 5 1 6 7 12 11
3 13 8 10 9 5 4 1 2 15 0 12 11 6 7 143 13 8 10 9 5 4 1 2 15 0 12 11 6 7 14
12 8 13 !1 2 6 5 9 4 7 15 0 1 3 14 10 12 8 13! 1 2 6 5 9 4 7 15 0 1 3 14 10
SI2 12 15 0 ] 11 4 9 2 3 14 6 5 13 10 8 7 SI2 12 15 0] 11 4 9 2 3 14 6 5 13 10 8 7
4 13 10 0 7 9 12 6 2 11 14 3 8 1 15 5 4 13 10 0 7 9 12 6 2 11 14 3 8 1 15 5
7 3 12 15 13 1 6 11 8 0 4 2 】4 5 9 107 3 12 15 13 1 6 11 8 0 4 2] 4 5 9 10
15 1 9 6 4 8 14 3 11 5 2 12 7 0 10 13 15 1 9 6 4 8 14 3 11 5 2 12 7 0 10 13
S13 9 6 ] 15 13 2 10 14 0 4 3 11 7 8 5 12 S13 9 6] 15 13 2 10 14 0 4 3 11 7 8 5 12
2 0 11 13 6 10 15 7 14 12 1 8 5 3 4 9 2 0 11 13 6 10 15 7 14 12 1 8 5 3 4 9
15 11 2 7 0 4 13 10 6 1 8 14 3 9 12 515 11 2 7 0 4 13 10 6 1 8 14 3 9 12 5
5 12 8 14 7 3 6 4 15 13 0 】0 9 11 1 2 5 12 8 14 7 3 6 4 15 13 0] 0 9 11 1 2
S14 1 7 13 14 0 3 11 15 4 6 5 10 8 2 12 9 S14 1 7 13 14 0 3 11 15 4 6 5 10 8 2 12 9
13 15 12 2 5 8 3 11 9 14 7 4 0 6 1 10 13 15 12 2 5 8 3 11 9 14 7 4 0 6 1 10
6 4 11 9 15 2 14 12 7 13 3 0 5 8 10 16 4 11 9 15 2 14 12 7 13 3 0 5 8 10 1
14 11 7 13 8 1 2 6 0 3 9 5 12 10 15 4 14 11 7 13 8 1 2 6 0 3 9 5 12 10 15 4
S15 11 14 3 13 1 0 12 10 6 7 4 8 5 9 15 2 S15 11 14 3 13 1 0 12 10 6 7 4 8 5 9 15 2
12 1 13 14 4 7 2 5 11 15 3 0 10 8 9 6 12 1 13 14 4 7 2 5 11 15 3 0 10 8 9 6
4 12 10 8 14 3 7 13 0 5 11 6 1 15 2 94 12 10 8 14 3 7 13 0 5 11 6 1 15 2 9
6 10 5 12 9 2 15 7 14 4 I 3 0 13 11 8 表 B 6 10 5 12 9 2 15 7 14 4 I 3 0 13 11 8 Table B
替換页(细则第 26条) Replacement page (Article 26)
3.如权利要求 1所述的文件加密处理方法, 其中所述的伪随机数序列的 产生依公式: 3. The file encryption processing method according to claim 1, wherein the pseudo-random number sequence is generated according to a formula:
xi>2= (x; · Xi )MOD M 当 x,.2≠l时 x i> 2 = (x ; X i ) MOD M when x ,. 2 ≠ l
xif2=小于 M的最大素数 当 xw= l时 x if2 = maximum prime less than M when x w = l
其中, M为素数, χ。^=0,Μ; χ,^Ο,Ι,Μ; i = 0,l,— , (η-2), η为自然数  Where M is a prime number and χ. ^ = 0, Μ; χ, ^ Ο, Ι, Μ; i = 0, l, —, (η-2), η is a natural number
4.如权利要求 3所述的文件加密处理方法, 其中由密盒替代所得到的 64 比特的数据作为本过程的输入, 对变换 Ε的搡怍可以是这榉的: 4. The file encryption processing method according to claim 3 , wherein the 64-bit data obtained by substituting the secret box is used as an input of this process, and the 对 for transforming E can be:
首先 4巴 64比特的输入数据侬次斌予 SX. (i = 0,7), 3 ,的  First 4 bar 64 bit input data Nong Cibin to SX. (I = 0,7), 3
7  7
长度是一个字节; 令变量 S为一个字节长, 据公式 256, 求 i = 0 The length is one byte; let the variable S be one byte long, according to the formula 256, find i = 0
7  7
出 S; 如果 SXi = 0, 则令 SX。 = 241, SX. = 239。 然后从 的首部开始依次搜 i = 0 Out S; if SXi = 0, let SX. = 241, SX. = 239. Then search from the head of i = 0
索第一次出现的非 0, 非 251值的字节, 如果找到了, 就把该字节作为第 一噪声源, 如未找到, 则把 241作为第一噪声源; 再从 SXi的尾部开始逆 序搜索第一次出现的非 0, 非 1, 非 251值的字节, 如找到了, 就把该字 节作为第二噪声源, 如未找到, 则把 239怍为第二噪声源。 把 8作为循环 数, 且令变量 i二 0, 在循环体中. 第一阶段搡怍是把第一噪声源乘以第 二噪声源, 把其乘积除以 251, 得到余数 R, 把 (R㊉ S㊉ SX 的值给 第二阶段是把本次循环的第二噪声源怍为下一个循环的第一噪声源, 把 余数 R作为下一个循环的第二噪声源, (如果 R=l, 则把 239作为第二噪声 源)。 接着把变量 i增加 1, 如循环未结束, 则又回到循环体的开始, 执 行循环体中的搡作, 如果循环结束, 则把 SX (:i = 0,7)作为加密函数 F的结 果输出; Search for the first non-zero, non-251-valued byte. If found, use the byte as the first noise source. If it is not found, use 241 as the first noise source. Then start from the tail of SXi. Reverse search the first occurrence of non-zero, non-one, and non-251-valued bytes. If found, the byte is used as the second noise source. If it is not found, 239 is used as the second noise source. Let 8 be the number of loops, and let the variable i be 0, in the loop body. The first stage 搡 怍 is to multiply the first noise source by the second noise source, divide its product by 251, to get the remainder R, and (R㊉ The value of S㊉ SX for the second stage is to use the second noise source of the current cycle as the first noise source of the next cycle, and use the remainder R as the second noise source of the next cycle. (If R = 1, then 239 as the second noise source). Then increase the variable i by 1. If the loop does not end, then return to the beginning of the loop body and perform the operation in the loop body. 7) Output as the result of the encryption function F;
变换 E的搡怍还可以是这样的: 把 64比特的输入数据依次赋予 SX, (i = 0,3) ,SX,的长度是一个字, 相应于上述的变换 E的搡作, 相应的 改动之处可以根据以下的事实: U)在无符号的整数中, 一个字节的 最大值为 255, 一个字的最大值为 65535; (2)在一个字节的范围内, 素 数从大到小的排列依次是: 251, 241, 239, 233, 在一个字的范 围内, 相应的排列是: 65521, 65519, 65497, 65479, The transformation of E can also be as follows: The 64-bit input data is sequentially assigned to SX, (i = 0,3), and the length of SX, is a word, corresponding to the operation of transformation E described above, and corresponding changes The place can be based on the following facts: U) In an unsigned integer, the maximum value of a byte is 255, and the maximum value of a word is 65535; (2) In the range of one byte, the prime number is from large to small The permutations are: 251, 241, 239, 233, and within a word range, the corresponding permutations are: 65521, 65519, 65497, 65479,
5 . 如权利要求 1所述的文件加密处理方法, 其中所述将用户确定的源 文件读入内存时, 可以向操作系统中申请一块位于高端地址的内存来放 置源文件和目标文件。 5. The file encryption processing method according to claim 1, wherein, when the source file determined by the user is read into the memory, a memory located at a high-end address can be applied to the operating system to place the source file and the target file.
6. 一种文件加密处理方法及其软盘, 其特征在于它的应用范围, 有6. A file encryption processing method and its floppy disk, characterized in that its application range is:
( 1 ) .由该方法形成的加密(或解密)命令文件(或带后綴 "EXE" 型的 可执行文件)可以写在包括软盘,硬盘上, 也可以形成具有加密功能的指 令组, 将其写在只读存 1±器 ROM或程序只读存贮器 PRO ^形成的 LSI芯片 上; , (1). The encrypted (or decrypted) command file (or executable file with the suffix "EXE" type) formed by this method can be written on a floppy disk or hard disk, or an instruction group with encryption function can be formed. Written on a read-only memory ROM or program read-only memory PRO ^;
(2 ) .这样的产品适用于包括文本文件, 图像文件等的加密(或解密) 也可以用在实时系统中, 包括图像数字讯号, 或声音数字讯号的实时通 讯;  (2). Such products are suitable for encryption (or decryption) of text files, image files, etc. They can also be used in real-time systems, including real-time communication of digital image signals or digital audio signals;
( 3) .它适用于单用户操作系统,或多用户操作系统,或小型计算机, 或微型计算机。 ( 3 ). It applies to single-user operating system, or multi-user operating system, or small computer, or microcomputer.
PCT/CN1995/000077 1995-09-26 1995-09-26 A method for encryption of file WO1997012459A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU35608/95A AU3560895A (en) 1995-09-26 1995-09-26 A method for encryption of file
PCT/CN1995/000077 WO1997012459A1 (en) 1995-09-26 1995-09-26 A method for encryption of file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN1995/000077 WO1997012459A1 (en) 1995-09-26 1995-09-26 A method for encryption of file

Publications (1)

Publication Number Publication Date
WO1997012459A1 true WO1997012459A1 (en) 1997-04-03

Family

ID=4574943

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN1995/000077 WO1997012459A1 (en) 1995-09-26 1995-09-26 A method for encryption of file

Country Status (2)

Country Link
AU (1) AU3560895A (en)
WO (1) WO1997012459A1 (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999044330A1 (en) * 1998-02-24 1999-09-02 Otkrytoe Aktsionernoe Obschestvo 'moskovskaya Gorodskaya Telefonnaya Set' Method for the block-encryption of discrete data
CN100350430C (en) * 2005-12-05 2007-11-21 徐原能 Method for encrypting digital image by random subsequence
CN100461211C (en) * 2005-07-28 2009-02-11 刘畅 Encryption method for army fighting
CN102073972A (en) * 2009-11-20 2011-05-25 深圳英飞拓科技股份有限公司 Anti-counterfeiting method for digital video products
CN108718235A (en) * 2018-04-28 2018-10-30 王萍 A kind of stream encryption and decryption method
CN111159721A (en) * 2018-11-08 2020-05-15 陈麟华 Code control type data encryption method of variable secret key
CN113382004A (en) * 2021-06-10 2021-09-10 浪潮卓数大数据产业发展有限公司 File encryption method
CN115842621A (en) * 2023-02-21 2023-03-24 安徽汇迈信息科技有限公司 Intelligent medical system based on big data and cloud edge cooperation
CN116015981A (en) * 2023-03-21 2023-04-25 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN117014208A (en) * 2023-08-09 2023-11-07 海光信息技术股份有限公司 Data encryption method, device, system, electronic equipment and storage medium
CN117014208B (en) * 2023-08-09 2024-04-09 海光信息技术股份有限公司 Data encryption method, device, system, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0421754A2 (en) * 1989-10-04 1991-04-10 Teledyne Industries, Inc. Block substitution based encryption by a modulo 2 addition method and apparatus
US5103479A (en) * 1988-04-28 1992-04-07 Hitachi Ltd. Encipher method and decipher method
US5231662A (en) * 1989-08-01 1993-07-27 Tulip Computers International B.V. Method and device for enciphering data to be transferred and for deciphering the enciphered data, and a computer system comprising such a device
US5432848A (en) * 1994-04-15 1995-07-11 International Business Machines Corporation DES encryption and decryption unit with error checking

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5103479A (en) * 1988-04-28 1992-04-07 Hitachi Ltd. Encipher method and decipher method
US5231662A (en) * 1989-08-01 1993-07-27 Tulip Computers International B.V. Method and device for enciphering data to be transferred and for deciphering the enciphered data, and a computer system comprising such a device
EP0421754A2 (en) * 1989-10-04 1991-04-10 Teledyne Industries, Inc. Block substitution based encryption by a modulo 2 addition method and apparatus
US5432848A (en) * 1994-04-15 1995-07-11 International Business Machines Corporation DES encryption and decryption unit with error checking

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999044330A1 (en) * 1998-02-24 1999-09-02 Otkrytoe Aktsionernoe Obschestvo 'moskovskaya Gorodskaya Telefonnaya Set' Method for the block-encryption of discrete data
CN100461211C (en) * 2005-07-28 2009-02-11 刘畅 Encryption method for army fighting
CN100350430C (en) * 2005-12-05 2007-11-21 徐原能 Method for encrypting digital image by random subsequence
CN102073972A (en) * 2009-11-20 2011-05-25 深圳英飞拓科技股份有限公司 Anti-counterfeiting method for digital video products
CN108718235A (en) * 2018-04-28 2018-10-30 王萍 A kind of stream encryption and decryption method
CN111159721B (en) * 2018-11-08 2024-03-01 陈麟华 Code control type data encryption method for variable key
CN111159721A (en) * 2018-11-08 2020-05-15 陈麟华 Code control type data encryption method of variable secret key
CN113382004A (en) * 2021-06-10 2021-09-10 浪潮卓数大数据产业发展有限公司 File encryption method
CN115842621B (en) * 2023-02-21 2023-04-18 安徽汇迈信息科技有限公司 Intelligent medical system based on big data and cloud edge cooperation
CN115842621A (en) * 2023-02-21 2023-03-24 安徽汇迈信息科技有限公司 Intelligent medical system based on big data and cloud edge cooperation
CN116015981A (en) * 2023-03-21 2023-04-25 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN116015981B (en) * 2023-03-21 2023-06-23 深圳市星火数控技术有限公司 Sewing numerical control file data encryption method
CN117014208A (en) * 2023-08-09 2023-11-07 海光信息技术股份有限公司 Data encryption method, device, system, electronic equipment and storage medium
CN117014208B (en) * 2023-08-09 2024-04-09 海光信息技术股份有限公司 Data encryption method, device, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
AU3560895A (en) 1997-04-17

Similar Documents

Publication Publication Date Title
US8050401B2 (en) High speed configurable cryptographic architecture
JP3229148B2 (en) Encryption method and system
US6259789B1 (en) Computer implemented secret object key block cipher encryption and digital signature device and method
US5745577A (en) Symmetric cryptographic system for data encryption
JP5055993B2 (en) Cryptographic processing apparatus, cryptographic processing method, and computer program
JP3992742B2 (en) Encryption method and apparatus for nonlinearly combining data blocks and keys
DK1686722T3 (en) Block encryption device and block encryption method comprising rotation key programming
JP2005531023A (en) Round key generation for AES (Rijndael) block ciphers
JP2005505069A (en) Memory encryption
KR20100031717A (en) Cryptographic methods and devices for the pseudo-random generation of data encryption and cryptographic hashing of a message
Knudsen et al. Truncated differentials and Skipjack
WO1997012459A1 (en) A method for encryption of file
US11057193B2 (en) Enhanced randomness for digital systems
Charnes et al. Comments on Soviet encryption algorithm
US20240097880A1 (en) High-speed circuit combining aes and sm4 encryption and decryption
EP1629626B1 (en) Method and apparatus for a low memory hardware implementation of the key expansion function
Mohan et al. Revised aes and its modes of operation
CN114826558A (en) Mass data rapid encryption method and system
KR20050002103A (en) Portable storing apparatus having encryption processor
Islam et al. Data encryption standard
KR100494560B1 (en) Real time block data encryption/decryption processor using Rijndael block cipher and method therefor
KR200279546Y1 (en) Device for coding/decoding document
Goswami Study and analysis of symmetric key-cryptograph DES, data encryption standard
JP2001509608A (en) Method for cryptographically converting an L-bit input block of digital data into an L-bit output block
JP2008046151A (en) Encryption processing method

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AM AT AU BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU IS JP KE KG KP KR KZ LK LR LT LU LV MD MG MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 95197965.5

Country of ref document: CN

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA