WO2012071714A1 - Data encryption and decryption method and device - Google Patents

Data encryption and decryption method and device Download PDF

Info

Publication number
WO2012071714A1
WO2012071714A1 PCT/CN2010/079315 CN2010079315W WO2012071714A1 WO 2012071714 A1 WO2012071714 A1 WO 2012071714A1 CN 2010079315 W CN2010079315 W CN 2010079315W WO 2012071714 A1 WO2012071714 A1 WO 2012071714A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
encryption
plaintext
module
encryption function
Prior art date
Application number
PCT/CN2010/079315
Other languages
French (fr)
Chinese (zh)
Inventor
刘慧�
Original Assignee
北京卓微天成科技咨询有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京卓微天成科技咨询有限公司 filed Critical 北京卓微天成科技咨询有限公司
Priority to US13/001,022 priority Critical patent/US8942373B2/en
Publication of WO2012071714A1 publication Critical patent/WO2012071714A1/en

Links

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Definitions

  • the invention belongs to the technical field of data encryption and decryption, and in particular relates to a data encryption and decryption method and device. Background technique
  • the present invention provides a data encryption method, the method comprising:
  • the encrypted data is arranged according to the corresponding plaintext position to form a ciphertext.
  • the present invention provides a data decryption method, the method comprising:
  • the data of each bit in the plaintext is arranged according to the ciphertext position corresponding thereto to form a plaintext.
  • the present invention also provides a data decryption apparatus, the apparatus comprising:
  • FIG. 3 is a flowchart of a method for performing repetitive verification on an encrypted string of an encryption function according to an embodiment of the present invention
  • an embodiment of the present invention provides a data encryption method, including the following steps: Step S101: grouping encrypted plaintext;
  • each bit (bit) of the plaintext to be encrypted is used as a packet, that is, each bit of the plaintext is randomly assigned an encryption function; in practical applications, each of the plaintext to be encrypted may also be Bit, every 3 bits, every 4 bits of data as a group;
  • the method of generating a true random number is already very mature.
  • the method of generating a true random number given in the "Applied Cryptography" published by the Machinery Industry Press on March 1, 2003 can be used. If random noise is used, use computer clock, CPU load or network packet arrival times to generate the required true random number, as a random seed, and store the generated random seed;
  • Step S203 Perform data collection on the random seed to generate an encrypted function index random string.
  • Step S204 Synchronize the traversal encryption function index random string and the plaintext to be encrypted.
  • Step S301 generating, by the information digest operation, the information digest value of the encrypted function index random string;
  • Step S302 comparing the information digest value of the concatenated encryption function index random string with the previously stored information digest value, if they are consistent, then the random seed is again Performing data collection, generating an encrypted function index random string, performing step S301, if not, performing step S303;
  • an embodiment of the present invention provides a data encryption apparatus.
  • the device comprises:
  • the grouping module 40 divides each bit of data in the plaintext to be encrypted into a group, and the encryption function random allocation module 41 randomly allocates an encryption function for each bit of data to be encrypted for encryption, and the encryption processing module 42 encrypts.
  • the encryption function assigned by the function random allocation module 41 encrypts each bit of the encrypted plaintext, and arranges each bit of the encrypted data according to the position of the corresponding plaintext to form a ciphertext output.
  • the information digest value generating module is configured to generate, by using the information digest operation, an information digest value of the encrypted function index random string generated by the index random string generating unit;
  • the encryption function index random string generation module 45 regenerates the encryption function index random string according to the comparison result of the information digest value sent by the comparison module, and repeatedly compares the information digest values through the comparison module until the non-repetition occurs.
  • the encryption function indexes a random string.
  • Step S502 Determine whether the possible conversion path is completely covered, and if yes, perform steps
  • Method B By selecting the following encryption function and key,
  • Encryption function 1 Non-operation (: ⁇ ).
  • the corresponding operation rules are:
  • the corresponding operation rules are:
  • the user can add other encryption functions and keys as needed to make the system more secure.
  • the final selected encryption function set will be called by the encryption method provided by the present invention. .
  • an embodiment of the present invention further provides a data decryption method.
  • the method includes the following steps:
  • Step S601 Acquire decryption information, and collect data from the saved random seed according to the decryption information, and generate an encrypted function index random string;
  • the obtained decryption information is formed in the encryption process of the data, including plaintext data packet information, a random seed stored when the data is encrypted, and the information of the encrypted function index random string corresponding to the encrypted plaintext is generated again, and the traversal encryption function index is randomly generated.
  • String start cursor position information including plaintext data packet information, a random seed stored when the data is encrypted, and the information of the encrypted function index random string corresponding to the encrypted plaintext is generated again, and the traversal encryption function index is randomly generated.
  • Step S604 Restore each ciphertext data into plaintext data by using a decryption function
  • Step S605 Arrange each data of the plaintext according to the ciphertext position corresponding thereto to form a plaintext.
  • the device includes:
  • the obtaining module 71 is configured to obtain decryption information.
  • a random seed storage module 76 configured to store a random seed generated when encrypting
  • the encryption function index random string generation module 72 is configured to generate an encryption function index random string from the random seed stored in the random seed storage module 76 according to the decryption information acquired by the acquisition module 71.
  • the synchronization traversal module 77 is configured to acquire the module according to the acquisition module. The obtained decryption information is determined, the traversal start position of the encrypted function index random string is determined, the traversal encryption function index random string and the ciphertext to be decrypted are synchronously traversed, and the encryption function determining module 73 is configured to determine the density according to the decryption information acquired by the obtaining module 71.
  • the traversal data is synchronized from the generated encryption function index random string and the head of the plaintext to be stored, and each time the traversal takes 1 (3 ⁇ 4 2 « or [1(3 ⁇ 4 2 «]+1 bits, where [log 2 «] is For the rounding operation of log 2 «, convert the log 2 « or [log 2 «] + l binary digits taken by each traversal to a decimal number, and modulate the converted value against n, modulo The value is used as an index of the encryption function corresponding to the plaintext data of the bit;
  • Cur e When Cur e is equal to Cur s , the number of bits of data acquisition is 0, then the data acquired by the ith is random to a predetermined length.
  • the data between Cur s and Cur e in the seed; further, the p-bit encryption function corresponding to the k-th plaintext index random string re k can be expressed as:
  • Re k [(Cur s , Cur e )i , (Cur s , Cur e ) 2 , .... (Cur s , Cur e )i , .... (Cur s , Cur e ) u ] k;
  • the true randomness/non-reproducibility of the encrypted function index random string generated by the method 1 is analyzed to ensure the true randomness and non-repetition of the random string of the encrypted function index by the comparison module.
  • the cryptographic algorithm index corresponding to each plaintext portion is generated by traversing the data from a random position, because the traversal There are p possibilities at the beginning position, so the probability of recurring the index corresponding to the plaintext partial encryption algorithm is: l/(p*w u ).
  • the minimum probability of generating re k repetition by this method is 1/(1.6*10 9 ⁇ 8 ), and it can be seen that the probability of repetition is already low enough to conform to the characteristics of random features.
  • the embodiment of the present invention randomly selects an encryption function, and uses an encryption function to randomly rotate each bit of the plaintext.
  • the data is encrypted, and the posterior probability of the ciphertext intercepted is equal to the prior probability of the ciphertext crack, which achieves the same encryption strength as the traditional OTP method, and relies on a large number of random secrets compared with the traditional OTP system security.
  • the key protects a part, and the data leakage risk is effectively dispersed, which can effectively reduce the risk of data leakage caused by accidental leakage of the password book.

Abstract

A data encryption and decryption method and device are provided, which relate to the technical field of data encryption and decryption. The data encryption method comprises the following steps: grouping plaintext to be encrypted; assigning an encryption function randomly to each group of the plaintext data; encrypting each group of the plaintext data respectively with the encryption function; and arranging the encrypted data to form ciphertext according to the position of the corresponding plaintext. The data encryption device comprises a grouping module, an encryption function random assignment module, and an encryption processing module. A data decryption method and device are also provided. By assigning the encryption function randomly to the plaintext to be encrypted when carrying out the encryption, encrypting the plaintext data using the assigned encryption function and arranging the encrypted data to form the ciphertext, the solution greatly improves the security of data storage and realizes the perfect encryption of data.

Description

一种数据加解密方法及装置  Data encryption and decryption method and device
技术领域 Technical field
本发明属于数据加密解密技术领域,尤其涉及一种数据加解密方法及装置。 背景技术  The invention belongs to the technical field of data encryption and decryption, and in particular relates to a data encryption and decryption method and device. Background technique
完美加密 (Perfect Secrecy ) 系统保护的数据, 无论密码分析者截获多少 密文,在无限的计算能力和时间条件下,都无法破解,具体内容见文献 Shannon, Claude (1949). Communication Theory of Secrecy Systems , Bell System Technical Journal 28 (4): 656— 715。  Perfect Secrecy system-protected data, no matter how many ciphertexts intercepted by cryptanalysts, can't be solved under unlimited computing power and time. See Shannon, Claude (1949) for details. Communication Theory of Secrecy Systems , Bell System Technical Journal 28 (4): 656-715.
一次一密乱码本(One-time-pad, 下称之为 OTP )就是其中的一个典型实现, 有关内容可参见下述文献, U.S patent 1,310,719. SECRET SIGNALING SYSTEM, S N Molotkov, "Quantum cryptography and V A Kotel'nikov's one-time key and sampling theorems", PHYS-USP, 2006, 49 (7), 750-761以及机才戒工业出 版社 2003年 3月 1 日出版的 《应用密码学 》第 6、 12页。  One-time-pad (hereinafter referred to as OTP) is one of the typical implementations. For details, see the following document, US patent 1,310,719. SECRET SIGNALING SYSTEM, SN Molotkov, "Quantum cryptography and VA Kotel 'nikov's one-time key and sampling theorems", PHYS-USP, 2006, 49 (7), 750-761, and the application of Cryptography, published on March 1, 2003. .
目前对完美加密系统的实现主要在于密钥部分, 即如何通过无限多真随机 密钥对明文每一位进行加密以达到完美加密系统的设计目的。 而所用加密算法 大多是较单一的异或运算, 或者说, 整个系统的安全性完全依赖于密钥的安全 保存和传输。 一旦密钥泄露, 则整个系统的安全性则变得非常脆弱。 发明内容  At present, the implementation of the perfect encryption system mainly lies in the key part, that is, how to encrypt each bit of the plaintext by an infinite number of true random keys to achieve the design purpose of the perfect encryption system. The encryption algorithms used are mostly single-OR operations, or the security of the entire system is completely dependent on the secure storage and transmission of keys. Once the key is compromised, the security of the entire system becomes very fragile. Summary of the invention
本发明的目的在于提供一种数据加解密方法及装置, 旨在解决现有完美加 密技术的安全性完全依赖于密钥的安全保存和传输, 一旦密钥泄露密文有可能 被破解的问题。  The object of the present invention is to provide a data encryption and decryption method and apparatus, which aims to solve the problem that the security of the existing perfect encryption technology completely depends on the secure preservation and transmission of the key, and the key ciphertext may be cracked once the key is leaked.
本发明提供了一种数据加密方法, 所述方法包括:  The present invention provides a data encryption method, the method comprising:
对待加密明文进行分组; 为每组明文数据随机分配加密函数; Grouping encrypted plaintext; Randomly assign an encryption function to each set of plaintext data;
用加密函数分别对所述每组明文数据进行加密;  Encrypting each set of plaintext data by using an encryption function;
将所述加密的数据按其对应的所述明文位置排列形成密文。  The encrypted data is arranged according to the corresponding plaintext position to form a ciphertext.
本发明提供了一种数据加密装置, 所述装置包括:  The present invention provides a data encryption device, the device comprising:
分组模块, 用于对待加密明文进行分组;  a grouping module, configured to group the encrypted plaintext;
加密函数随机分配模块, 用于为所述分组模块分组后的每组明文数据随机 分配加密函数;  An encryption function random allocation module, configured to randomly allocate an encryption function for each group of plaintext data grouped by the grouping module;
加密处理模块, 用于用所述加密函数随机分配模块分配的加密函数对所述 明文中的数据进行加密, 并将所述加密的数据按其对应的所述明文位置排列形 成密文。  And an encryption processing module, configured to encrypt data in the plaintext by using an encryption function assigned by the encryption function random allocation module, and arrange the encrypted data according to the corresponding plaintext position to form a ciphertext.
本发明提供了一种数据解密方法, 所述方法包括:  The present invention provides a data decryption method, the method comprising:
获取解密信息, 并根据所述解密信息从保存的随机种子中采集数据生成加 密函数索引随机串;  Obtaining decryption information, and collecting data from the saved random seed according to the decryption information to generate an encrypted function index random string;
根据所述解密信息, 确定所述加密函数索引随机串的遍历起始位置, 同步 遍历所述加密函数索引随机串及待解密密文;  Determining, according to the decryption information, a traversal start position of the encryption function index random string, and traversing the encryption function index random string and the ciphertext to be decrypted;
根据所述解密信息确定所述密文中各个比特位数据对应的加密函数; 根据所述加密函数, 确定所述密文中各个比特位数据对应的解密函数; 用所述解密函数将所述密文中各个比特位的数据还原成明文中的各个比特 位的数据;  Determining, according to the decryption information, an encryption function corresponding to each bit bit data in the ciphertext; determining, according to the encryption function, a decryption function corresponding to each bit bit data in the ciphertext; using the decryption function to The data of the bit is restored to the data of each bit in the plaintext;
将所述明文中各个比特位的数据按其所对应的密文位置排列, 形成明文。 本发明还提供了一种数据解密装置, 所述装置包括:  The data of each bit in the plaintext is arranged according to the ciphertext position corresponding thereto to form a plaintext. The present invention also provides a data decryption apparatus, the apparatus comprising:
获取模块, 用于获取解密信息;  An obtaining module, configured to obtain decryption information;
随机种子存储模块, 用于存储加密时产生的随机种子;  a random seed storage module, configured to store a random seed generated when encrypting;
加密函数索引随机串生成模块, 用于根据所述获取模块获取的解密信息, 从所述随机种子存储模块保存的随机种子中采集数据生成加密函数索引随机 同步遍历模块, 用于根据所述获取模块获取的解密信息, 确定所述加密函 数索引随机串的遍历起始位置, 同步遍历所述加密函数索引随机串及待解密密 文; The encryption function index random string generation module is configured to: according to the decryption information acquired by the acquisition module, collect data from the random seed saved by the random seed storage module to generate an encryption function index random a synchronization traversing module, configured to determine, according to the decryption information acquired by the acquiring module, a traversal start position of the encrypted function index random string, and traverse the encrypted function index random string and the ciphertext to be decrypted;
加密函数确定模块, 用于根据所述获取模块获取的解密信息, 确定所述密 文中各个比特位数据对应的加密函数;  An encryption function determining module, configured to determine an encryption function corresponding to each bit bit data in the ciphertext according to the decryption information acquired by the obtaining module;
解密函数获取模块, 用于根据所述加密函数确定模块确定的加密函数, 确 定所述密文中各个比特位数据对应的解密函数;  a decryption function obtaining module, configured to determine an encryption function determined by the module according to the encryption function, and determine a decryption function corresponding to each bit bit data in the ciphertext;
明文还原模块, 用于用所述解密函数将所述密文中各个比特位的数据还原 成明文中的各个比特位的数据, 并将所述明文中各个比特位的数据按其所对应 的密文位置排列, 形成明文。  a plaintext restoring module, configured to restore, by using the decryption function, data of each bit in the ciphertext to data of each bit in the plaintext, and press the data of each bit in the plaintext according to the ciphertext corresponding thereto The positions are arranged to form a clear text.
本发明通过在加密时为待加密的明文随机分配存储的加密函数, 用所分配 的加密函数对明文进行加密, 解密时再通过创建并根据加密函数索引随机串, 获得待解密密文的解密函数和解密密钥进行解密,极大地提高了数据的安全性, 实现了对数据的完美加密。 附图说明  The invention randomly allocates the stored encryption function for the plaintext to be encrypted when encrypting, encrypts the plaintext with the assigned encryption function, and obtains the decryption function of the ciphertext to be decrypted by creating and indexing the random string according to the encryption function. Decryption with the decryption key greatly improves the security of the data and achieves perfect encryption of the data. DRAWINGS
图 1是本发明实施例提供的数据加密方法的流程图;  1 is a flowchart of a data encryption method according to an embodiment of the present invention;
图 2是本发明实施例提供的为待加密明文随机分配加密函数之前的步骤流 程图;  2 is a flow chart showing the steps before the encryption function is randomly assigned to the plaintext to be encrypted according to the embodiment of the present invention;
图 3是本发明实施例提供的对加密函数索引随机串进行重复性校验的方法 流程图;  3 is a flowchart of a method for performing repetitive verification on an encrypted string of an encryption function according to an embodiment of the present invention;
图 4是本发明实施例提供的数据加密装置的结构示意图;  4 is a schematic structural diagram of a data encryption apparatus according to an embodiment of the present invention;
图 5是本发明实施例提供的建立最小加密函数集合的方法流程图; 图 6是本发明实施例提供的数据解密方法的流程图;  5 is a flowchart of a method for establishing a minimum encryption function set according to an embodiment of the present invention; FIG. 6 is a flowchart of a data decryption method according to an embodiment of the present invention;
图 7是本发明实施例提供的数据解密装置的结构示意图;  FIG. 7 is a schematic structural diagram of a data decryption apparatus according to an embodiment of the present invention;
图 8本发明实施例提供的加密函数索引随机串生成的原理示意图; 图 9是本发明实施例提供的数据加密过程的示意图; FIG. 8 is a schematic diagram of a principle of generating an encrypted function index random string according to an embodiment of the present invention; FIG. 9 is a schematic diagram of a data encryption process according to an embodiment of the present invention; FIG.
图 10是本发明实施例提供的数据解密过程的示意图。 具体实施方式  FIG. 10 is a schematic diagram of a data decryption process according to an embodiment of the present invention. detailed description
为了使本发明的目的、 技术方案及优点更加清楚明白, 以下结合附图及实 施例, 对本发明进行进一步详细说明。 应当理解, 此处所描述的具体实施例仅 仅用以解释本发明, 并不用于限定本发明。  The present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
本发明实施例在加密时通过为待加密的明文随机分配存储的加密函数, 用 所分配的加密函数对明文进行加密; 解密时通过生成并根据加密函数索引随机 串, 获得待解密密文的解密函数进行解密。  In the embodiment of the present invention, the encrypted function is randomly allocated by the stored encryption function for the plaintext to be encrypted during encryption, and the plaintext is encrypted by the assigned encryption function; when decrypting, the decryption of the ciphertext to be decrypted is obtained by generating and indexing the random string according to the encryption function. The function decrypts.
参见图 1和图 9, 本发明实施例提供了一种数据加密方法, 包括以下步骤: 步骤 S101 : 对待加密明文进行分组;  Referring to FIG. 1 and FIG. 9, an embodiment of the present invention provides a data encryption method, including the following steps: Step S101: grouping encrypted plaintext;
步骤 S102: 为每组明文数据随机分配加密函数;  Step S102: randomly assign an encryption function to each group of plaintext data;
本实施例预先选定一组加密函数存储, 该存储的加密函数可以覆盖从明文 中任意预定位 0、 1到密文中对应位置 0或 1的所有转换路径; 选定完成后, 在 进行加密时, 被随机分配给明文对明文进行加密;  In this embodiment, a set of encryption function storage is pre-selected, and the stored encryption function may cover all conversion paths from any predetermined bit 0, 1 in the plaintext to the corresponding position 0 or 1 in the ciphertext; after the selection is completed, when the encryption is performed , is randomly assigned to plaintext to encrypt the plaintext;
本实施例中, 将待加密明文的每位(比特位)数据作为一个分组, 即分别 对明文中的每位数据随机分配加密函数; 在实际应用中, 还可以将待加密明文 中的每 2位、 每 3位、 每 4位数据作为一个分组;  In this embodiment, each bit (bit) of the plaintext to be encrypted is used as a packet, that is, each bit of the plaintext is randomly assigned an encryption function; in practical applications, each of the plaintext to be encrypted may also be Bit, every 3 bits, every 4 bits of data as a group;
步骤 S103: 用所分配的加密函数对明文中的每位数据进行加密;  Step S103: encrypt each bit of data in the plaintext with the assigned encryption function;
步骤 S104: 将加密的每位数据按其对应的明文位置排列, 形成密文。  Step S104: Arranging each encrypted data according to its corresponding plaintext position to form a ciphertext.
参见图 2, 本发明实施例在步骤 S101和步骤 S102之间还包括以下步骤: 步骤 S201 : 生成预定长度的真随机数和由真随机数组成的预定长度的随机 种子;  Referring to FIG. 2, the embodiment of the present invention further includes the following steps between step S101 and step S102: Step S201: generating a true random number of a predetermined length and a random seed of a predetermined length consisting of a true random number;
生成真随机数的方法已经很成熟, 具体实现中可以采用机械工业出版社 2003年 3月 1 日出版的《应用密码学》第 301页中给出的产生真随机数的方法, 如使用随机噪声, 使用计算机时钟, CPU负载或网络数据包到达次数等方法来 产生需要的真随机数, 作为随机种子, 同时存储产生的随机种子; The method of generating a true random number is already very mature. In the specific implementation, the method of generating a true random number given in the "Applied Cryptography" published by the Machinery Industry Press on March 1, 2003 can be used. If random noise is used, use computer clock, CPU load or network packet arrival times to generate the required true random number, as a random seed, and store the generated random seed;
步骤 S202: 建立加密函数集合, 并对集合中的每个加密函数分配索引; 集合中的每个加密函数都有一个与之相对应的索引, 并且存储这些不同的 索引;  Step S202: Establish an encryption function set, and assign an index to each encryption function in the set; each encryption function in the set has an index corresponding thereto, and store the different indexes;
步骤 S203: 对随机种子进行数据采集, 生成加密函数索引随机串; 步骤 S204: 同步遍历加密函数索引随机串和待加密明文。  Step S203: Perform data collection on the random seed to generate an encrypted function index random string. Step S204: Synchronize the traversal encryption function index random string and the plaintext to be encrypted.
本发明实施例在对随机种子进行数据采集, 生成加密函数索引随机串后还 包括对加密函数索引随机串进行重复性校验的步骤, 其具体实现方式如图 3所 示, 包括以下步骤:  In the embodiment of the present invention, after the data collection of the random seed is generated, the step of generating the encrypted function index random string further includes the step of performing repetitive verification on the encrypted function index random string. The specific implementation manner is as shown in FIG. 3, and includes the following steps:
步骤 S301 : 通过信息摘要运算生成加密函数索引随机串的信息摘要值; 步骤 S302: 比对加密函数索引随机串的信息摘要值与先前存储的信息摘要 值是否一致, 如果一致, 则对随机种子再次进行数据采集, 生成加密函数索引 随机串, 执行步骤 S301 , 如果不一致, 则执行步骤 S303;  Step S301: generating, by the information digest operation, the information digest value of the encrypted function index random string; Step S302: comparing the information digest value of the concatenated encryption function index random string with the previously stored information digest value, if they are consistent, then the random seed is again Performing data collection, generating an encrypted function index random string, performing step S301, if not, performing step S303;
步骤 S303: 保存当前生成的加密函数索引随机串待用。  Step S303: Save the currently generated encryption function index random string to be used.
当有新生成的加密函数索引随机串时, 本发明通过运用信息摘要运算如 MD5 , SHA1 等, 生成加密函数索引随机串的信息摘要值, 将该信息摘要值与 先前存储的加密函数索引随机串的信息摘要值进行比对, 从而判断新生成的加 密函数索引随机串是否已使用过, 如果是, 则重新生成加密函数索引随机串, 否则保存所生成的加密函数索引随机串待用。 在保存待用的加密函数索引随机 串后, 保存所有加密函数索引随机串的信息摘要值。  When there is a newly generated encryption function index random string, the present invention generates a message digest value of the encryption function index random string by using information digest operations such as MD5, SHA1, etc., and the information digest value and the previously stored encryption function index random string. The information digest values are compared to determine whether the newly generated encryption function index random string has been used, and if so, the encryption function index random string is regenerated, otherwise the generated encryption function index random string is saved for use. After the random string of the encrypted function index to be used is saved, the information digest value of all the encrypted function index random strings is saved.
本发明中, 生成并存储数据加密过程中所使用和产生的如明文分组信息、 加密函数集合及被分配的每个加密函数索引、 每个加密函数对应的密钥、 数据 采集时所使用的随机种子、 再次生成所加密的明文对应的加密函数索引随机串 的信息以及遍历加密函数索引随机串起始的游标位置信息, 形成解密信息。  In the present invention, the plaintext grouping information, the encryption function set, the assigned encryption function index, the key corresponding to each encryption function, and the random data used in data collection are generated and generated in the data encryption process. The seed, the information of the encrypted function index random string corresponding to the encrypted plaintext is generated again, and the cursor position information of the start of the random string of the encryption function index is traversed to form decryption information.
参见图 4, 本发明实施例提供了一种数据加密装置, 为了便于说明, 仅示 出了与本发明有关部分, 该装置包括: Referring to FIG. 4, an embodiment of the present invention provides a data encryption apparatus. In connection with the invention, the device comprises:
分组模块 40、 加密函数随机分配模块 41和加密处理模块 42;  a grouping module 40, an encryption function random allocation module 41 and an encryption processing module 42;
在进行数据加密时,分组模块 40将待加密明文中的每位数据分成一组,加 密函数随机分配模块 41为待加密明文的每位数据随机分配加密函数用于加密, 加密处理模块 42用加密函数随机分配模块 41分配的加密函数对待加密明文的 每位数据进行加密, 并将加密的每位数据按其对应的明文的位置排列, 形成密 文输出。  When data encryption is performed, the grouping module 40 divides each bit of data in the plaintext to be encrypted into a group, and the encryption function random allocation module 41 randomly allocates an encryption function for each bit of data to be encrypted for encryption, and the encryption processing module 42 encrypts. The encryption function assigned by the function random allocation module 41 encrypts each bit of the encrypted plaintext, and arranges each bit of the encrypted data according to the position of the corresponding plaintext to form a ciphertext output.
进一步地, 该数据加密装置还包括:  Further, the data encryption device further includes:
加密函数建立模块 43、真随机数生成模块 44、加密函数索引随机串生成模 块 45、 分配模块 46和同步遍历模块 47;  The encryption function establishing module 43, the true random number generating module 44, the encryption function index random string generating module 45, the assigning module 46 and the synchronous traversing module 47;
真随机数生成模块 44 用于生成预定长度的真随机数和由真随机数组成的 预定长度的随机种子,加密函数索引随机串生成模块 45对该随机种子进行数据 采集, 生成加密函数索引随机串; 加密函数建立模块 43 , 用于建立并存储加密 函数集合; 分配模块 46, 用于对加密函数建立模块 43建立的加密函数集合中 的每个加密函数分配索引;同步遍历模块 47同步遍历加密函数索引随机串生成 模块 45生成的加密函数索引随机串和待加密明文。  The real random number generating module 44 is configured to generate a random length of a predetermined length and a random seed of a predetermined length composed of a true random number, and the encryption function index random string generating module 45 performs data collection on the random seed to generate an encrypted function index random string; An encryption function establishing module 43 is configured to establish and store an encryption function set; an allocation module 46 is configured to allocate an index to each encryption function in the encryption function set established by the encryption function establishing module 43; the synchronization traversal module 47 synchronously traverses the encryption function index The encryption function generated by the random string generation module 45 indexes the random string and the plaintext to be encrypted.
其中, 加密函数索引随机串生成模块 45包括:  The encryption function index random string generation module 45 includes:
数据采集单元, 用于对真随机数生成模块 44 生成的随机种子进行数据采 集, 并发送数据采集结果;  a data collection unit, configured to collect data from the random seed generated by the true random number generation module 44, and send the data collection result;
索引随机串生成单元,用于根据接收的数据采集单元发送的数据采集结果, 生成并保存加密函数索引随机串。  The index random string generating unit is configured to generate and save the encrypted function index random string according to the data collection result sent by the received data collecting unit.
进一步地, 加密函数索引随机串生成模块 45还包括:  Further, the encryption function index random string generation module 45 further includes:
信息摘要值生成模块, 用于通过信息摘要运算生成索引随机串生成单元生 成的加密函数索引随机串的信息摘要值;  The information digest value generating module is configured to generate, by using the information digest operation, an information digest value of the encrypted function index random string generated by the index random string generating unit;
存储模块, 用于存储信息摘要值生成模块生成的加密函数索引随机串的信 息摘要值; 比对模块, 用于将信息摘要值生成模块生成的信息摘要值与存储模块先前 存储的信息摘要值进行比对,并向加密函数索引随机串生成模块 45发送比对结 果。 a storage module, configured to store an information digest value of the encrypted function index random string generated by the information digest value generating module; The comparison module is configured to compare the information digest value generated by the information digest value generating module with the information digest value previously stored by the storage module, and send the comparison result to the encryption function index random string generation module 45.
加密函数索引随机串生成模块 45 根据比对模块发送的信息摘要值相同的 比对结果, 重新生成加密函数索引随机串, 并通过比对模块反复进行信息摘要 值的比对, 直至产生不重复的加密函数索引随机串。  The encryption function index random string generation module 45 regenerates the encryption function index random string according to the comparison result of the information digest value sent by the comparison module, and repeatedly compares the information digest values through the comparison module until the non-repetition occurs. The encryption function indexes a random string.
由于完美加密系统需要满足密文被截获后的后验概率等于其先验概率, 对 于任意确定的明文, 至少有一种方式可以被转换为任意的密文, 并且这些转换 方式是完全等概的(具体内容见文献 Shannon, Claude (1949). Communication Theory of Secrecy Systems , Bell System Technical Journal 28 (4): 656-715 )。 对 于存储在计算机中的二进制明文和密文而言, 因为所有明文和密文都是由一串 数量确定的二进制数 0或 1组成, 所以对明文任意确定的一位数据 0或 1 , 总 有至少一种方式使之转换为密文中对应位置的 0或 1 , 本发明称这种转换方式 为转换路径。  Since the perfect encryption system needs to satisfy the posterior probability that the ciphertext is intercepted is equal to its prior probability, at least one way can be converted into any ciphertext for any deterministic plaintext, and these conversion methods are completely equal ( For details, see Shannon, Claude (1949). Communication Theory of Secrecy Systems, Bell System Technical Journal 28 (4): 656-715). For binary plaintext and ciphertext stored in the computer, since all plaintext and ciphertext are composed of a series of binary numbers 0 or 1, the arbitrarily determined one-bit data 0 or 1 is always present. At least one way to convert it to 0 or 1 of the corresponding position in the ciphertext, the present invention refers to this conversion mode as a conversion path.
为实现本发明的完美加密需要, 需要找到一个最小的加密函数集合, 使之 能够覆盖从明文中任意预定位 0,1到密文中对应位置 0或 1的所有转换路径。  In order to achieve the perfect encryption of the present invention, it is necessary to find a minimum set of encryption functions that can cover all conversion paths from any predetermined bit 0,1 in the plaintext to the corresponding position 0 or 1 in the ciphertext.
参见图 5 , 本发明采用以下方法选择最小加密函数集合, 其实现步骤为: 步骤 S501 : 选择能覆盖最多明文到密文的可能转换路径的加密函数, 记录 加密函数覆盖的可能转换路径;  Referring to FIG. 5, the present invention adopts the following method to select a minimum encryption function set, and the implementation steps are as follows: Step S501: Select an encryption function that can cover a maximum possible plaintext to a ciphertext conversion path, and record a possible conversion path covered by the encryption function;
步骤 S502: 判断可能转换路径是否全被完全覆盖, 如果是, 则执行步骤 Step S502: Determine whether the possible conversion path is completely covered, and if yes, perform steps
S505 , 否则, 执行步骤 S503; S505, otherwise, performing step S503;
步骤 S503: 确定未被覆盖的可能转换路径, 选择另一能覆盖最多未覆盖的 可能转换路径的加密函数, 并记录当前加密函数覆盖的路径, 重新选择另一能 覆盖最多未覆盖的可能转换路径的加密函数, 执行步骤 S504;  Step S503: determining a possible conversion path that is not covered, selecting another encryption function that can cover the most uncovered possible conversion path, and recording the path covered by the current encryption function, and reselecting another possible conversion path that can cover the most uncovered. Encryption function, step S504;
步骤 S504: 判断是否未被覆盖的可能转换路径都被覆盖, 如果是, 则执行 步骤 S505 , 否则, 执行步骤 S503; 步骤 S505: 将所有选择的加密函数组成最小加密函数集合。 Step S504: determining whether the possible transition paths that are not covered are overwritten, if yes, proceeding to step S505, otherwise, performing step S503; Step S505: All selected encryption functions are composed into a minimum encryption function set.
为了验证该方法的可行性, 以下举出两例, 但是本发明的保护范围不限于 这两种实现。 记明文任意预定位置 X的数据 M(x) 到密文对应位置 x, 的数据 E(x,)的转换为 M(x)->E(x,), 其中 M(x), E(x,)=0或者 1。  In order to verify the feasibility of the method, two examples are given below, but the scope of protection of the present invention is not limited to these two implementations. It is recorded that the data E(x,) of any predetermined position X of the text to the position x of the ciphertext is converted into M(x)->E(x,), where M(x), E(x ,) = 0 or 1.
方法 A: 通过选择如下加密函数和密钥,  Method A: By selecting the following encryption function and key,
加密函数 1: 异或运算 (XOR)。 对应运算规则是:  Encryption function 1: XOR operation (XOR). The corresponding operation rules are:
0 θ 0 = 0  0 θ 0 = 0
0 © 1 = 1  0 © 1 = 1
1 θ 0 = 1  1 θ 0 = 1
1 © 1=0  1 © 1=0
加密函数 2:f(a) = a, a是输入也是输出。 对应运算规则是:  Encryption function 2: f(a) = a, a is the input and the output. The corresponding operation rules are:
f(0) = 0  f(0) = 0
f(l) = 1  f(l) = 1
覆盖以下转换路径  Overwrite the following conversion path
Figure imgf000010_0001
方法 B: 通过选择如下加密函数和密钥,
Figure imgf000010_0001
Method B: By selecting the following encryption function and key,
加密函数 1: 非运算 (: ~)。 对应运算规则是:  Encryption function 1: Non-operation (: ~). The corresponding operation rules are:
-0=1  -0=1
~ 1 = 0  ~ 1 = 0
加密函数 2:f(a) = a, a是输入也是输出。 对应运算规则是:  Encryption function 2: f(a) = a, a is the input and the output. The corresponding operation rules are:
f(0) = 0  f(0) = 0
f(l) = 1 覆盖以下转换路径 f(l) = 1 Overwrite the following conversion path
Figure imgf000011_0001
综上所述, 用户可以根据一定方法选定最小加密函数集合, 进而通过本发 明提出的加密函数随机分配的方法, 使从明文到密文的转换路径是完全等概的 和随机的。
Figure imgf000011_0001
In summary, the user can select the minimum set of encryption functions according to a certain method, and then the method for randomly assigning the encryption function proposed by the present invention makes the conversion path from plaintext to ciphertext completely and randomly.
在使用中, 用户在选定最小加密函数及密钥集合后, 可以根据需要增加其 他加密函数及密钥, 使系统更安全, 最终选定的加密函数集合, 将被本发明提 供的加密方法调用。  In use, after selecting the minimum encryption function and key set, the user can add other encryption functions and keys as needed to make the system more secure. The final selected encryption function set will be called by the encryption method provided by the present invention. .
针对上述加密方法, 本发明实施例还提供了一种数据解密方法, 参见图 6 和图 10, 该方法包括以下步骤:  For the above encryption method, an embodiment of the present invention further provides a data decryption method. Referring to FIG. 6 and FIG. 10, the method includes the following steps:
步骤 S601: 获取解密信息, 并根据解密信息从保存的随机种子中采集数据 生成加密函数索引随机串;  Step S601: Acquire decryption information, and collect data from the saved random seed according to the decryption information, and generate an encrypted function index random string;
所获取的解密信息是在数据的加密过程中形成的,包括明文数据分组信息, 数据加密时存储的随机种子, 再次生成所加密的明文对应的加密函数索引随机 串的信息以及遍历加密函数索引随机串起始的游标位置信息;  The obtained decryption information is formed in the encryption process of the data, including plaintext data packet information, a random seed stored when the data is encrypted, and the information of the encrypted function index random string corresponding to the encrypted plaintext is generated again, and the traversal encryption function index is randomly generated. String start cursor position information;
步骤 S602: 根据解密信息, 确定加密函数索引随机串的遍历起始位置, 同 步遍历加密函数索引随机串及待解密密文, 根据解密信息确定密文每位数据对 应的加密函数;  Step S602: Determine, according to the decryption information, a traversal start position of the random sequence of the encryption function index, synchronously traverse the encryption function index random string and the ciphertext to be decrypted, and determine an encryption function corresponding to each data of the ciphertext according to the decryption information;
步骤 S603: 根据加密函数确定密文每位数据对应的解密函数;  Step S603: Determine, according to the encryption function, a decryption function corresponding to each bit of the ciphertext data;
步骤 S604: 用解密函数将密文每位数据还原成明文每位数据; 步骤 S605: 将明文每位数据按其所对应的密文位置排列, 形成明文。 Step S604: Restore each ciphertext data into plaintext data by using a decryption function; Step S605: Arrange each data of the plaintext according to the ciphertext position corresponding thereto to form a plaintext.
本发明中, 每个解密函数都包括与其对应的解密密钥; 每个解密函数对应 一个加密函数, 解密时所需的解密密钥也对应其加密函数所使用的加密密钥。  In the present invention, each decryption function includes a decryption key corresponding thereto; each decryption function corresponds to an encryption function, and the decryption key required for decryption also corresponds to the encryption key used by the encryption function.
参见图 7, 本发明实施例还提供了一种数据解密装置, 为了便于说明, 仅 示出了与本发明有关的部分。 该装置包括:  Referring to Figure 7, an embodiment of the present invention further provides a data decryption apparatus. For ease of explanation, only parts related to the present invention are shown. The device includes:
获取模块 71 , 用于获取解密信息;  The obtaining module 71 is configured to obtain decryption information.
随机种子存储模块 76 , 用于存储加密时产生的随机种子;  a random seed storage module 76, configured to store a random seed generated when encrypting;
加密函数索引随机串生成模块 72, 用于根据获取模块 71获取的解密信息, 从随机种子存储模块 76保存的随机种子中采集数据生成加密函数索引随机串; 同步遍历模块 77, 用于根据获取模块 71获取的解密信息, 确定加密函数 索引随机串的遍历起始位置, 同步遍历加密函数索引随机串及待解密密文; 加密函数确定模块 73 , 用于根据获取模块 71获取的解密信息, 确定密文 中各个比特位数据对应的加密函数;  The encryption function index random string generation module 72 is configured to generate an encryption function index random string from the random seed stored in the random seed storage module 76 according to the decryption information acquired by the acquisition module 71. The synchronization traversal module 77 is configured to acquire the module according to the acquisition module. The obtained decryption information is determined, the traversal start position of the encrypted function index random string is determined, the traversal encryption function index random string and the ciphertext to be decrypted are synchronously traversed, and the encryption function determining module 73 is configured to determine the density according to the decryption information acquired by the obtaining module 71. An encryption function corresponding to each bit data in the text;
解密函数获取模块 74, 用于根据加密函数确定模块 73确定的加密函数, 确定密文中各个比特位数据对应的解密函数;  The decryption function obtaining module 74 is configured to determine, according to the encryption function determined by the encryption function determining module 73, a decryption function corresponding to each bit bit data in the ciphertext;
明文还原模块 75 , 用于用解密函数将密文中各个比特位的数据还原成明文 中的各个比特位的数据, 并将明文中各个比特位的数据按其所对应的密文位置 排列, 形成明文。  The plaintext restoring module 75 is configured to use the decryption function to restore the data of each bit in the ciphertext to the data of each bit in the plaintext, and arrange the data of each bit in the plaintext according to the ciphertext position corresponding thereto to form a plaintext. .
为了进一步证明本发明的可行性, 下面举例对上述加密实现方式进行全面 说明: ¾口下。  In order to further prove the feasibility of the present invention, the following exemplifies the above-mentioned encryption implementation: 3⁄4.
方法 1、 加密函数索引随机串固定位方法  Method 1. Encryption function index random string fixed bit method
设定有数个明文待加密, 其中第 k个明文的位数是 m位, 有 n种加密算法 待选, 这里 m、 n、 k都取自然数, 随机为第 k个明文的每个数据位分配加密函 数及对应密钥;  There are several plaintexts to be encrypted, where the number of digits of the kth plaintext is m bits, and there are n kinds of encryption algorithms to be selected, where m, n, and k all take natural numbers, and each data bit of the kth plaintext is randomly assigned. Encryption function and corresponding key;
首先, 生成预定长度 w位的真随机数 0、 1 串, 作为随机种子, 其中 w是 自然数, J. w > m; 对该随机种子做预定次数 u ( u是自然数)的随机数据采集, 每次数据采集 的起始游标位置和所采集的数据长度(可以大于等于 0 )都是随机的, 如果数 据采集至随机种子尾部, 则返回到头部继续数据采集; First, a true random number 0, 1 string of a predetermined length w bits is generated as a random seed, where w is a natural number, J.w >m; Random data acquisition of the random seed for a predetermined number of times u (u is a natural number), the starting cursor position of each data acquisition and the length of the collected data (may be greater than or equal to 0) are random, if the data is collected to a random seed At the end, return to the head to continue data collection;
将每次采集的数据级联成预定长度为 p位的加密函数索引随机串, p是自 然数, ^口果 log2«是整数贝1 J p> m x log2 n , ^口果 log2« 整数贝1 J p> m x [log2 w + 1]其 中, [log 2 η + 1]是对 \og2n + 1的取整运算。 The data collected each time is concatenated into an encrypted function index random string of predetermined length p, p is a natural number, ^ mouth fruit log 2 « is an integer shell 1 J p> mx log 2 n , ^ mouth fruit log 2 « integer Bay 1 J p> mx [log 2 w + 1] where [log 2 η + 1] is a rounding operation on \og 2 n + 1.
判断所生成的加密函数索引随机串是否曾经被使用过, 如果是, 则重新生 成加密函数索引随机串, 否则保留该加密函数索引随机串待用;  Determining whether the generated encrypted function index random string has been used, and if so, regenerating the encrypted function index random string, otherwise leaving the encrypted function index random string to be used;
为加密函数中每种加密算法分配十进制数字标识, 如第一种加密函数分配 0, 第二种加密函数分配 1 , 第三种加密函数分配 2, 第四种加密函数分配 3 , 依次类推;  Assigning a decimal number identifier to each encryption algorithm in the encryption function, such as the first encryption function assignment 0, the second encryption function assignment 1, the third encryption function assignment 2, the fourth encryption function assignment 3, and so on;
然后, 从产生的加密函数索引随机串和待存储明文的头部开始同步遍历数 据, 每次遍历先取 1(¾2«或[1(¾2«]+1位, 其中 [log2«]是对 log2«的取整运算, 将 每次遍历所取的 log2« 或 [log2«]+l位二进制数转换为十进制数, 并将转换所得 值对 n作取模运算, 取模的值作为该位明文数据对应的加密函数索引; Then, the traversal data is synchronized from the generated encryption function index random string and the head of the plaintext to be stored, and each time the traversal takes 1 (3⁄4 2 « or [1(3⁄4 2 «]+1 bits, where [log 2 «] is For the rounding operation of log 2 «, convert the log 2 « or [log 2 «] + l binary digits taken by each traversal to a decimal number, and modulate the converted value against n, modulo The value is used as an index of the encryption function corresponding to the plaintext data of the bit;
继续同步遍历加密函数索引随机串和明文, 直到所有明文位或部分都被随 机分配了加密函数;  Continue to synchronously traverse the encrypted function index random string and plaintext until all plaintext bits or parts are randomly assigned an encryption function;
每次数据采集前, 需要先产生两个随机值, 对其分别取模, 得到随机的起 始游标位置和所需采集的数据长度;  Before each data acquisition, it is necessary to generate two random values, and respectively modulate them to obtain a random starting cursor position and the required data length;
假定在数据采集前, 生成了两个真随机数 R1, R2, 那么需要产生两个分别 小于 w和 p-q的随机值 Tl, T2 (其中, q是小于等于 p的自然数, w是随机种 子的长度, p是所需产生明文加密位随机串的长度, q是已经产生数据的长度, p-q就是随机串剩余未采集数据的位数), 那么  Assuming that two true random numbers R1, R2 are generated before data acquisition, then two random values Tl, T2 smaller than w and pq, respectively, need to be generated (where q is a natural number less than or equal to p, and w is the length of the random seed , p is the length of the random string required to generate the plaintext encryption bit, q is the length of the data that has been generated, pq is the number of bits of the remaining uncollected data of the random string), then
Tl = Rl mod w  Tl = Rl mod w
T2 = R2 mod (p-q)  T2 = R2 mod (p-q)
其中, mod是取模运算。 加密函数索引随机串的产生方法, 如图 8所示。 Among them, mod is a modulo operation. The method of generating the random string of the encryption function index is as shown in FIG. 8.
记第 k个明文对应的 p位加密函数索引随机串为 rek, 那么 rek等于从预定 长度随机种子中 u次随机采集的数据的顺序组合, 记从随机种子中第 i次采集 的数据为 (Curs, Cure),, 其中 i是自然数, 且 i u, Curs为第 i次采集数据在随机 种子中起始游标位置, 相应地 Cure为第 i次采集数据的终止游标位置, 0^和 Cure都以从随机种子首位的偏移量标识, 可见 0 Curs Cure m, 当 Cure等于 Curs时, 数据采集的位数为 0, 那么第 i次采集的数据为预定长度随机种子中 Curs 到 Cure之间的数据; 进一步, 第 k个明文对应的 p位加密函数索引随机串 rek可以表达为: Record that the p-bit encryption function corresponding to the k-th plaintext index random string is re k , then re k is equal to the sequential combination of the data randomly collected from the random seed of the predetermined length u, and the data collected from the i-th time in the random seed is (Cur s , Cure), where i is a natural number, and iu, Cur s is the starting cursor position in the random seed for the ith acquisition data, and accordingly Cur e is the ending cursor position of the ith acquisition data, 0^ Both Cur and Cur e are identified by the offset from the first position of the random seed, and 0 Cur s Cur e m is visible. When Cur e is equal to Cur s , the number of bits of data acquisition is 0, then the data acquired by the ith is random to a predetermined length. The data between Cur s and Cur e in the seed; further, the p-bit encryption function corresponding to the k-th plaintext index random string re k can be expressed as:
rek =[(Curs, Cure)i , (Curs, Cure)2, .... (Curs, Cure)i , .... (Curs, Cure)u]k; Re k =[(Cur s , Cur e )i , (Cur s , Cur e ) 2 , .... (Cur s , Cur e )i , .... (Cur s , Cur e ) u ] k;
为说明本发明的可行性, 现对方法 1产生的加密函数索引随机串的真随机 性 /不可重现性进行分析,确保由比对模块比对的加密函数索引随机串的真随机 性及不重复使用, 对于整个系统不被密码分析者破解是至关重要的。  To illustrate the feasibility of the present invention, the true randomness/non-reproducibility of the encrypted function index random string generated by the method 1 is analyzed to ensure the true randomness and non-repetition of the random string of the encrypted function index by the comparison module. Use, it is crucial that the entire system is not cracked by the cryptanalyst.
需要重申的是, 只要作为随机串使用的字符是有限的, 那么随机串就可能 重现, 其随机性体现在重现的概率很小且无规律。 假设随机串的位数是 1024 位, 因为可以组成随机串的字符只有 0和 1 , 所以无论如何随机, 其重现概率 仍然大于等于 1/2 , 即 1/ ( 1.79*10308 It should be reiterated that as long as the characters used as random strings are finite, the random strings may be reproduced, and the randomness is reflected in the fact that the probability of reproduction is small and irregular. Assume that the number of bits in a random string is 1024 bits, because the characters that can form a random string are only 0 and 1, so no matter how random, the probability of reproduction is still greater than or equal to 1/2, that is, 1/( 1.79*10 308
本方法 1中为每个明文分配加密函数的真随机性体现在两个地方: 一是由 真随机数组成的随机种子, 另一是在随机种子中随机采集数据 (数据采集起始 位置和采集长度都来源于真随机数 ), 生成 p位加密函数索引随机串。  The true randomness of the encryption function assigned to each plaintext in this method 1 is embodied in two places: one is a random seed composed of true random numbers, and the other is random data acquisition in random seeds (data acquisition start position and acquisition length) Both are derived from true random numbers), generating a p-bit encryption function index random string.
进而从固定位置遍历 p位随机串(在本方法中是随机串的头部 ),产生每个 明文部分对应的加密函数索引 (需经过取模运算)。  Further, the p-bit random string (in the present method, the head of the random string) is traversed from a fixed position, and an encryption function index corresponding to each plaintext portion is generated (subjecting a modulo operation).
进一步可以算出该方法 1对相同位数明文产生同样加密函数分配索引的概 率依赖于 p位加密函数索引随机串重现的概率, 在这里仅考虑基于相同随机种 子 p位随机串重现的概率。  It can further be calculated that the probability that the method 1 generates the same encryption function allocation index for the same number of plaintexts depends on the probability of the p-bit encryption function index random string reproduction, and only the probability of random string reproduction based on the same random seed p-bit is considered here.
方法 2、 加密函数索引随机串不固定位方法 本方法 2类似于方法 1 , 不同的是: 该方法中从 p位算法索引生成随机串 中随机位置开始遍历产生加密算法的索引值, 通过遍历起始位置的不确定性, 增强整个方法的安全性。 具体详述如下 (变量设定同方法 1 ): Method 2, the encryption function index random string is not fixed bit method The method 2 is similar to the method 1. The difference is: in the method, the index value of the encryption algorithm is traversed from the random position in the random string generated by the p-bit algorithm index, and the security of the whole method is enhanced by traversing the uncertainty of the starting position. Sex. The details are as follows (variable setting is the same as method 1):
首先生成预定长度 w位的真随机 0,1串,作为随机种子,其中 w是自然数, 且 w > m;  First, a truly random 0,1 string of predetermined length w bits is generated as a random seed, where w is a natural number and w > m;
对该随机种子做预定次数 U ( U是自然数 )的随机数据采集, 每次数据采集 的起始位置和所采集的数据长度(可以是大于等于 0 )都是随机的, 如果数据 采集已至随机种子尾部, 则回到其头部继续数据采集;  Random data acquisition of the random seed for a predetermined number of times U (U is a natural number), the starting position of each data acquisition and the length of the collected data (which may be greater than or equal to 0) are random, if the data collection has been randomized At the end of the seed, return to its head to continue data collection;
将每次采集的数据级联成预定长度 p位的加密函数索引随机串, p是自然 数, ^口果 log2«是整数, p> m x log2 n , ^口果 log2« 整数贝1 J p> m x [log2 w + 1]; 其 中, [log 2 n + l]是对 \og2n + 1的取整运算; The data collected each time is cascaded into an encrypted function index random string of predetermined length p bits, p is a natural number, ^ mouth fruit log 2 «is an integer, p> mx log 2 n , ^ 口果 log 2 « integer shell 1 J p> mx [log 2 w + 1]; where [log 2 n + l] is a rounding operation on \og 2 n + 1;
判断所生成的加密函数索引随机串是否曾经被使用过, 如果是, 则重新生 成加密函数索引随机串, 否则保留该加密函数索引随机串待用;  Determining whether the generated encrypted function index random string has been used, and if so, regenerating the encrypted function index random string, otherwise leaving the encrypted function index random string to be used;
为加密函数集合中每种加密算法分配十进制数字标识, 如第一种加密函数 分配 0 , 第二种加密函数分配 1 , 第三种加密函数分配 2 , 第四种加密函数分配 3 , 依次类推;  Assigning a decimal number identifier to each encryption algorithm in the set of encryption functions, such as the first encryption function assignment 0, the second encryption function assignment 1, the third encryption function assignment 2, the fourth encryption function assignment 3, and so on;
在 p位随机串中预定一个随机起始位置, 从随机串该 p位置和明文的头部 开始同步遍历数据, 每次遍历先取 log2« (如果 log2«是整数)或 [log2«]+l (如 果 log2«非整数)位,其中 [log2«]是对 log2«的取整运算,将每次遍历所取的 log2« 或 [log2«]+l位二进制数转换为十进制数, 然后将转换所得值对 n作取模运算, 取模的值作为该位明文数据对应的加密函数索引; A random starting position is reserved in the p-bit random string, and the data is traversed synchronously from the p-position of the random string and the plaintext header, and each time the traversal takes the log 2 « (if log 2 «is an integer) or [log 2 «] +l (if log 2 «non-integer) bits, where [log 2 «] is a rounding operation on log 2 «, which will be converted each time by the log 2 « or [log 2 «] + l-bit binary number It is a decimal number, and then the converted value is subjected to a modulo operation on n, and the value of the modulo is used as an index of the encryption function corresponding to the plaintext data of the bit;
继续同步遍历加密函数索引随机串和明文, 当数据遍历到加密函数索引随 机串尾部时, 回到头部继续遍历, 直到所有明文位或部分都被随机分配了加密 函数。  Continue to traverse the cryptographic function index random string and plaintext. When the data traverses to the end of the encrypted function index, continue back to the head until all plaintext bits or parts are randomly assigned encryption functions.
每次数据采集前, 先产生两个随机值, 对其分别取模, 得到随机的起始游 标位置和所需采集的数据长度, 获得随机的起始游标位置和所需采集的数据长 度的方法同方法 1所述。 Before each data acquisition, two random values are generated, and the modulo is respectively obtained, and the random starting cursor position and the required data length are obtained, and the random starting cursor position and the required data length are obtained. The method of degree is as described in Method 1.
假定在数据遍历前, 生成了一个真随机数 R3 , 那么现在需要产生一个小于 p的随机值 T3 , T3就是 p位随机串遍历的起始位置, 那么  Assuming that a true random number R3 is generated before the data traversal, then it is now necessary to generate a random value T3 less than p, which is the starting position of the p-bit random string traversal, then
T3 = R3 mod p  T3 = R3 mod p
其中, mod是取模运算。  Among them, mod is a modulo operation.
为进一步说明本发明实施例可行性, 现对本方法 2下加密函数索引随机串 的真随机性 /不可重现性分析。  To further illustrate the feasibility of the embodiment of the present invention, the true randomness/non-reproducibility analysis of the random string of the encrypted function index in the present method 2 is now performed.
与方法 1相比, 方法 2中增加了一个影响整个方法随机性的因素, 即在 p 位随机串中, 从一个随机位置开始遍历数据产生每个明文部分对应的加密算法 索引, 因为遍历的起始位置有 p种可能, 所以对应明文部分加密算法索引重现 的概率为: l/(p*wu)。 Compared with the method 1, a factor affecting the randomness of the whole method is added in the method 2, that is, in the p-bit random string, the cryptographic algorithm index corresponding to each plaintext portion is generated by traversing the data from a random position, because the traversal There are p possibilities at the beginning position, so the probability of recurring the index corresponding to the plaintext partial encryption algorithm is: l/(p*w u ).
进一步以方法 1所设定数据为例, 这里 p> m x \og 2 n , 即 ρ> 160,000,000, 即 160M位。 那么, 通过该方法产生 rek重复的最小概率是 1/(1.6*109∞8), 可见 其重复的概率已经足够低, 符合随机特征的特性。 实际使用中, 还可以通过增 加 、 u和 w的数值继续提高其随机性, 降低其重复概率, 或者定期更换随机 种子, 以提高整个方法的安全性。 Taking the data set by Method 1 as an example, where p>mx \og 2 n , that is, ρ>160,000,000, that is, 160M bits. Then, the minimum probability of generating re k repetition by this method is 1/(1.6*10 9∞8 ), and it can be seen that the probability of repetition is already low enough to conform to the characteristics of random features. In actual use, it is also possible to increase the randomness of the values of u, w, reduce the probability of repetition, or periodically replace random seeds to improve the safety of the whole method.
总之, 通过以上实现可以证明加密函数随机分配方法在实际应用中可行。 本发明与传统完美加密系统典型实现 OTP方法相比, 具有以下优势: In summary, the above implementation can prove that the random assignment method of the encryption function is feasible in practical applications. Compared with the traditional OTP method, the traditional perfect encryption system has the following advantages:
1、 因为有加密函数本身的保护作用(在不知其密钥的情况下, 需要 4艮多计 算能力才能将密文还原成唯一明文), 可以有效降低在密码本(对本发明而言, 对应的是加密函数索引本)意外泄露后, 造成的数据泄漏的风险; 1, because there is a protection function of the encryption function itself (in the case of unknown key, it requires more than 4 计算 computing power to restore the ciphertext to a unique plaintext), which can effectively reduce the password book (for the present invention, corresponding Is the risk of data leakage caused by an accidental leak after the encrypted function index book;
2、整个系统的安全性保护被分散成三个部分一随机种子、加密函数索引随 机串和每个加密函数对应的密钥, 也就是说只有同时截获这三个部分的信息, 才能够较容易破解密文,相比于传统 OTP系统安全性仅依赖于大量随机密钥保 护一个部分, 数据泄漏风险被有效分散。  2. The security protection of the whole system is dispersed into three parts: a random seed, an encrypted function index random string and a key corresponding to each encryption function, which means that it is easier to intercept the information of the three parts at the same time. Cracking ciphertext, compared to the traditional OTP system security depends only on a large number of random keys to protect a part, the risk of data leakage is effectively dispersed.
本发明实施例通过合理选择加密函数, 运用加密函数随机轮转对明文每位 数据进行加密,实现密文被截获后破解的后验概率与密文破解的先验概率相等, 实现与传统 OTP方法具有相同加密强度, 同时相比于传统 OTP系统安全性仅 依赖于大量随机密钥保护一个部分, 数据泄漏风险被有效分散, 可以有效降低 在密码本意外泄露后, 造成的数据泄漏的风险。 The embodiment of the present invention randomly selects an encryption function, and uses an encryption function to randomly rotate each bit of the plaintext. The data is encrypted, and the posterior probability of the ciphertext intercepted is equal to the prior probability of the ciphertext crack, which achieves the same encryption strength as the traditional OTP method, and relies on a large number of random secrets compared with the traditional OTP system security. The key protects a part, and the data leakage risk is effectively dispersed, which can effectively reduce the risk of data leakage caused by accidental leakage of the password book.
以上所述仅为本发明的较佳实施例而已, 并不用以限制本发明, 凡在本发 明的精神和原则之内所作的任何修改、 等同替换和改进等, 均应包含在本发明 的保护范围之内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. Within the scope.

Claims

权 利 要 求 书 Claim
1、 一种数据加密方法, 其特征在于, 所述方法包括:  A data encryption method, the method comprising:
对待加密明文进行分组;  Grouping encrypted plaintext;
为每组明文数据随机分配加密函数;  Randomly assign an encryption function to each set of plaintext data;
用加密函数分别对所述每组明文数据进行加密;  Encrypting each set of plaintext data by using an encryption function;
将所述加密的数据按其对应的所述明文位置排列形成密文。  The encrypted data is arranged according to the corresponding plaintext position to form a ciphertext.
2、 如权利要求 1所述的数据加密方法, 其特征在于, 在所述对待加密明文 进行分组和为每组明文数据随机分配加密函数的步骤之间还包括:  2. The data encryption method according to claim 1, wherein the step of grouping the plaintext to be encrypted and randomly assigning an encryption function to each set of plaintext data further comprises:
生成预定长度的真随机数和由所述真随机数组成的预定长度的随机种子; 建立加密函数集合, 并对所述集合中的每个加密函数分配索引;  Generating a true random number of a predetermined length and a random seed of a predetermined length consisting of the true random number; establishing a set of encryption functions, and assigning an index to each of the encryption functions in the set;
对所述随机种子进行数据采集, 生成加密函数索引随机串;  Performing data collection on the random seed to generate an encrypted function index random string;
同步遍历所述加密函数索引随机串和待加密明文。  Synchronizing the cryptographic function index random string and the plaintext to be encrypted.
3、 如权利要求 2所述的数据加密方法, 其特征在于, 所述加密函数集合包 括覆盖从待加密明文中任意 0、 1到密文中对应位置 0或 1的所有转换路径的加 密函数, 相应地, 确定所述覆盖从待加密明文中任意 0、 1到密文中对应位置 0 或 1的所有转换路径的加密函数的步骤包括: 选择覆盖最多明文到密文可能转 换路径的加密函数, 并记录所述可能转换路径; 判断所述可能转换路径是否被 完全覆盖, 如果是, 则将所有选择的加密函数作为所述加密函数集合的元素; 否则, 选择另一覆盖最多未覆盖的可能转换路径的加密函数, 并记录当前加密 函数覆盖的路径, 重新选择覆盖最多未覆盖的可能转换路径的加密函数, 直至 所选择的加密函数能覆盖所有的可能转换路径, 将所有选择的加密函数作为所 述加密函数集合的元素。  The data encryption method according to claim 2, wherein the encryption function set includes an encryption function covering all conversion paths from any 0, 1 in the plaintext to be encrypted to a corresponding position 0 or 1 in the ciphertext, correspondingly The step of determining the encryption function covering all the conversion paths from any 0, 1 in the plaintext to be encrypted to the corresponding position 0 or 1 in the ciphertext comprises: selecting an encryption function covering the most plaintext to the ciphertext possible conversion path, and recording Determining whether the possible conversion path is completely covered, and if so, using all selected encryption functions as elements of the encryption function set; otherwise, selecting another possible conversion path that covers the most uncovered Encrypt the function, and record the path covered by the current encryption function, reselect the encryption function covering the most uncovered possible conversion path until the selected encryption function can cover all possible conversion paths, and use all selected encryption functions as the encryption The element of the function collection.
4、 如权利要求 2所述的数据加密方法, 其特征在于, 所述对所述随机种子 进行数据采集, 生成加密函数索引随机串的步骤还包括:  The data encryption method according to claim 2, wherein the step of performing data collection on the random seed to generate an encrypted function index random string further comprises:
通过信息摘要运算生成所述加密函数索引随机串的信息摘要值;  Generating, by the information digest operation, the information digest value of the encrypted function index random string;
将所述信息摘要值与先前存储的信息摘要值进行比对, 如果一致, 则对所 述随机种子再次进行数据采集, 生成新的加密函数索引随机串, 再进行信息摘 要值的比对, 直至确定不相同的加密函数索引随机串, 如果不一致, 则保存当 前所生成的加密函数索引随机串。 Comparing the information digest value with a previously stored information digest value, if they are consistent, then The random seed performs data collection again, generates a new encrypted function index random string, and then compares the information digest values until it determines different encrypted function index random strings. If not, saves the currently generated encryption function index randomly. string.
5、 如权利要求 1所述的数据加密方法, 其特征在于, 所述每组明文数据包 括至少一个明文比特位。  The data encryption method according to claim 1, wherein each of the sets of plaintext data includes at least one plaintext bit.
6、 一种数据加密装置, 其特征在于, 所述装置包括:  6. A data encryption device, the device comprising:
分组模块, 用于对待加密明文进行分组;  a grouping module, configured to group the encrypted plaintext;
加密函数随机分配模块, 用于为所述分组模块分组后的每组明文数据随机 分配加密函数;  An encryption function random allocation module, configured to randomly allocate an encryption function for each group of plaintext data grouped by the grouping module;
加密处理模块, 用于用所述加密函数随机分配模块分配的加密函数对所述 明文中的数据进行加密, 并将所述加密的数据按其对应的所述明文位置排列形 成密文。  And an encryption processing module, configured to encrypt data in the plaintext by using an encryption function assigned by the encryption function random allocation module, and arrange the encrypted data according to the corresponding plaintext position to form a ciphertext.
7、 如权利要求 6所述的数据加密装置, 其特征在于, 所述装置还包括: 真随机数生成模块, 用于生成预定长度的真随机数和由所述真随机数组成 的预定长度的随机种子;  The data encryption apparatus according to claim 6, wherein the apparatus further comprises: a true random number generating module, configured to generate a true random number of a predetermined length and a predetermined length consisting of the true random number Random seed
加密函数建立模块, 用于建立并存储加密函数集合;  An encryption function establishing module for establishing and storing a set of encryption functions;
分配模块, 用于对所述加密函数建立模块建立的加密函数集合中的每个加 密函数分配索引;  An allocating module, configured to allocate an index to each encryption function in the set of encryption functions established by the encryption function establishing module;
加密函数索引随机串生成模块, 用于对所述真随机数生成模块生成的随机 种子进行数据采集, 生成加密函数索引随机串;  The encryption function index random string generation module is configured to perform data collection on the random seed generated by the true random number generation module, and generate an encryption function index random string;
同步遍历模块, 用于同步遍历所述加密函数索引随机串生成模块生成的加 密函数索引随机串和待加密明文。  And a synchronization traversal module, configured to synchronously traverse the encryption function index random string generated by the encryption function index random string generation module and the plaintext to be encrypted.
8、 如权利要求 7所述的数据加密装置, 其特征在于, 所述加密函数索引随 机串生成模块包括:  8. The data encryption apparatus according to claim 7, wherein the encryption function index random string generation module comprises:
数据采集单元, 用于对所述真随机数生成模块生成的随机种子进行数据采 集, 并发送数据采集结果; 索引随机串生成单元, 用于根据接收的所述数据采集单元发送的数据采集 结果, 生成并保存加密函数索引随机串。 a data collection unit, configured to perform data collection on the random seed generated by the true random number generation module, and send the data collection result; And an index random string generating unit, configured to generate and save an encrypted function index random string according to the received data collection result sent by the data collecting unit.
9、 如权利要求 8所述的数据加密装置, 其特征在于, 所述加密函数索引随 机串生成模块还包括:  The data encryption device according to claim 8, wherein the encryption function index random string generation module further comprises:
信息摘要值生成模块, 用于通过信息摘要运算生成所述索引随机串生成单 元生成的加密函数索引随机串的信息摘要值;  An information digest value generating module, configured to generate, by using an information digest operation, an information digest value of an encrypted function index random string generated by the index random string generating unit;
存储模块, 用于存储所述信息摘要值生成模块生成的加密函数索引随机串 的信息摘要值;  a storage module, configured to store an information digest value of the encrypted function index random string generated by the information digest value generating module;
比对模块, 用于将所述信息摘要值生成模块生成的信息摘要值与所述存储 模块先前存储的信息摘要值进行比对, 并向所述加密函数索引随机串生成模块 发送比对结果。  And a comparison module, configured to compare the information digest value generated by the information digest value generating module with the information digest value previously stored by the storage module, and send a comparison result to the encryption function index random string generation module.
10、 一种数据解密方法, 其特征在于, 所述方法包括:  10. A data decryption method, the method comprising:
获取解密信息, 并根据所述解密信息从保存的随机种子中采集数据生成加 密函数索引随机串;  Obtaining decryption information, and collecting data from the saved random seed according to the decryption information to generate an encrypted function index random string;
根据所述解密信息, 确定所述加密函数索引随机串的遍历起始位置, 同步 遍历所述加密函数索引随机串及待解密密文;  Determining, according to the decryption information, a traversal start position of the encryption function index random string, and traversing the encryption function index random string and the ciphertext to be decrypted;
根据所述解密信息确定所述密文中各个比特位数据对应的加密函数; 根据所述加密函数, 确定所述密文中各个比特位数据对应的解密函数; 用所述解密函数将所述密文中各个比特位的数据还原成明文中的各个比特 位的数据;  Determining, according to the decryption information, an encryption function corresponding to each bit bit data in the ciphertext; determining, according to the encryption function, a decryption function corresponding to each bit bit data in the ciphertext; using the decryption function to The data of the bit is restored to the data of each bit in the plaintext;
将所述明文中各个比特位的数据按其所对应的密文位置排列, 形成明文。 The data of each bit in the plaintext is arranged according to the ciphertext position corresponding thereto to form a plaintext.
11、 一种数据解密装置, 其特征在于, 所述装置包括: 11. A data decryption apparatus, the apparatus comprising:
获取模块, 用于获取解密信息;  An obtaining module, configured to obtain decryption information;
随机种子存储模块, 用于存储加密时产生的随机种子;  a random seed storage module, configured to store a random seed generated when encrypting;
加密函数索引随机串生成模块, 用于根据所述获取模块获取的解密信息, 从所述随机种子存储模块保存的随机种子中采集数据生成加密函数索引随机 串; The encryption function index random string generation module is configured to: according to the decryption information acquired by the acquisition module, collect data from the random seed saved by the random seed storage module to generate an encryption function index random String
同步遍历模块, 用于根据所述获取模块获取的解密信息, 确定所述加密函 数索引随机串的遍历起始位置, 同步遍历所述加密函数索引随机串及待解密密 文;  a synchronization traversing module, configured to determine, according to the decryption information acquired by the acquiring module, a traversal start position of the encrypted function index random string, and traverse the encrypted function index random string and the to-be-decrypted ciphertext;
加密函数确定模块, 用于根据所述获取模块获取的解密信息, 确定所述密 文中各个比特位数据对应的加密函数;  An encryption function determining module, configured to determine an encryption function corresponding to each bit bit data in the ciphertext according to the decryption information acquired by the obtaining module;
解密函数获取模块, 用于根据所述加密函数确定模块确定的加密函数, 确 定所述密文中各个比特位数据对应的解密函数;  a decryption function obtaining module, configured to determine an encryption function determined by the module according to the encryption function, and determine a decryption function corresponding to each bit bit data in the ciphertext;
明文还原模块, 用于用所述解密函数将所述密文中各个比特位的数据还原 成明文中的各个比特位的数据, 并将所述明文中各个比特位的数据按其所对应 的密文位置排列, 形成明文。  a plaintext restoring module, configured to restore, by using the decryption function, data of each bit in the ciphertext to data of each bit in the plaintext, and press the data of each bit in the plaintext according to the ciphertext corresponding thereto The positions are arranged to form a clear text.
PCT/CN2010/079315 2010-11-29 2010-12-01 Data encryption and decryption method and device WO2012071714A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/001,022 US8942373B2 (en) 2010-11-29 2010-12-01 Data encryption and decryption method and apparatus

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010566289.5 2010-11-29
CN2010105662895A CN102064936B (en) 2010-11-29 2010-11-29 Data encryption and decryption methods and devices

Publications (1)

Publication Number Publication Date
WO2012071714A1 true WO2012071714A1 (en) 2012-06-07

Family

ID=44000049

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/079315 WO2012071714A1 (en) 2010-11-29 2010-12-01 Data encryption and decryption method and device

Country Status (2)

Country Link
CN (1) CN102064936B (en)
WO (1) WO2012071714A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556071A (en) * 2020-05-12 2020-08-18 深圳市汇智通咨询有限公司 Data encryption algorithm and system for computer

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102609643A (en) * 2012-01-10 2012-07-25 道里云信息技术(北京)有限公司 Dynamic cryptography protection for virtual machines and key management method thereof
CN103825885A (en) * 2014-01-23 2014-05-28 广东顺德中山大学卡内基梅隆大学国际联合研究院 Internet content encryption release method and system
CN104022865A (en) * 2014-04-29 2014-09-03 云南电网公司 Encrypted transmission method of network data
WO2017049222A1 (en) * 2015-09-18 2017-03-23 Olympus Sky Technologies, S.A. Secure communications using organically derived synchronized processes
CN105208038B (en) * 2015-10-10 2018-08-31 郑志超 A kind of encryption method and device
EP3286873A4 (en) 2016-03-24 2018-08-29 Hewlett-Packard Enterprise Development LP Text encryption
CN108028754B (en) * 2016-04-28 2020-12-01 华为技术有限公司 Encryption and decryption method, device and terminal
CN106656475B (en) * 2017-01-09 2020-01-21 李朋林 Novel symmetric key encryption method for high-speed encryption
CN108650269A (en) * 2018-05-16 2018-10-12 中国科学技术大学 A kind of graded encryption method and system based on intensified learning
CN109743592B (en) * 2019-01-09 2021-07-23 安徽睿极智能科技有限公司 Real-time code stream encryption method based on two-dimensional codebook
CN112685747B (en) * 2020-01-17 2022-02-01 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN111400738B (en) * 2020-03-19 2023-05-02 杭州小影创新科技股份有限公司 Data encryption method adopting multidimensional table look-up mode

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1645796A (en) * 2005-02-28 2005-07-27 胡祥义 Method for preventing user's pin from illegal use by double verification protocol
CN1924835A (en) * 2006-09-01 2007-03-07 西安交通大学 Dynamic key based hardware data enciphering method and device thereof
US20090214043A1 (en) * 2008-02-22 2009-08-27 Sungkyunkwan University Foundation For Corporate Collaboration Key distribution method and authentication server
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1697369A (en) * 2005-06-14 2005-11-16 河北工业大学 Method for enciphering and deciphering code of packet, and encipherer and decipherer
CN1878059A (en) * 2006-07-07 2006-12-13 北京财富投资有限公司 Grouping encryption and decryption algorithm
CN101013938B (en) * 2007-01-12 2010-04-07 广州市诚毅科技软件开发有限公司 Encryption method of block cipher

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1645796A (en) * 2005-02-28 2005-07-27 胡祥义 Method for preventing user's pin from illegal use by double verification protocol
CN1924835A (en) * 2006-09-01 2007-03-07 西安交通大学 Dynamic key based hardware data enciphering method and device thereof
US20090214043A1 (en) * 2008-02-22 2009-08-27 Sungkyunkwan University Foundation For Corporate Collaboration Key distribution method and authentication server
CN101692636A (en) * 2009-10-27 2010-04-07 中山爱科数字科技有限公司 Data element and coordinate algorithm-based method and device for encrypting mixed data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111556071A (en) * 2020-05-12 2020-08-18 深圳市汇智通咨询有限公司 Data encryption algorithm and system for computer
CN111556071B (en) * 2020-05-12 2020-12-04 深圳市汇智通咨询有限公司 Data encryption algorithm and system for computer

Also Published As

Publication number Publication date
CN102064936A (en) 2011-05-18
CN102064936B (en) 2012-08-22

Similar Documents

Publication Publication Date Title
WO2012071717A1 (en) Data encryption and decryption method and device
WO2012071714A1 (en) Data encryption and decryption method and device
US8401186B2 (en) Cloud storage data access method, apparatus and system based on OTP
US8942373B2 (en) Data encryption and decryption method and apparatus
WO2012071725A1 (en) Method and apparatus for data selective encryption and decryption
US10237248B2 (en) Encoder, decoder and method
WO2012071728A1 (en) Data encryption method, apparatus and system for cloud storage
WO2012071722A1 (en) Storage method, device and system for cloud storage data based on one-time pad (otp)
WO2016119625A1 (en) Limited one-way transformation and encryption/decryption application method, device and circuit for gibberish text
US11362813B2 (en) Cryptographic systems and methods for extending apparent size of pools of truly random numbers
US11296869B2 (en) Apparatus and method for unbreakable data encryption
CN108197484B (en) Method for realizing node data security in distributed storage environment
WO2012071718A1 (en) Method, apparatus and system for storing and retreving data of cloud storage
KR101899130B1 (en) Methods for encrypting data, decrypting data and apparatus using the same
WO2019225735A1 (en) Data processing device, method, and computer program
CN110995415A (en) Encryption algorithm based on MD5 algorithm
CN105959106A (en) Low-complexity digital encryption method
TW200418298A (en) Crypto-system with an inverse key evaluation circuit
CN116132016A (en) Method for realizing additive expansion of cipher algorithm
Meng et al. A multi-connection encryption algorithm applied in secure channel service system
JP5586758B1 (en) Dynamic encryption key generation system
KR20220137024A (en) Symmetric Asynchronous Generation Encryption Method
RU2775253C1 (en) Method for cryptographic transformation with simultaneous generation of a derived encryption key
Kumar et al. Enhanced cost effective symmetric key algorithm for small amount of data
Khalil et al. Modify PRESENT Algorithm by New technique and key Generator by External unit

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 13001022

Country of ref document: US

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10860261

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10860261

Country of ref document: EP

Kind code of ref document: A1