WO2020168627A1 - Encryption and decryption method and device employing zipper-type dynamic hashing and nlfsr techniques - Google Patents

Encryption and decryption method and device employing zipper-type dynamic hashing and nlfsr techniques Download PDF

Info

Publication number
WO2020168627A1
WO2020168627A1 PCT/CN2019/083404 CN2019083404W WO2020168627A1 WO 2020168627 A1 WO2020168627 A1 WO 2020168627A1 CN 2019083404 W CN2019083404 W CN 2019083404W WO 2020168627 A1 WO2020168627 A1 WO 2020168627A1
Authority
WO
WIPO (PCT)
Prior art keywords
sequence
plaintext
pseudo
bit
key
Prior art date
Application number
PCT/CN2019/083404
Other languages
French (fr)
Chinese (zh)
Inventor
冯广慧
司玉娟
郎六琪
傅晓阳
Original Assignee
吉林大学珠海学院
吉林大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 吉林大学珠海学院, 吉林大学 filed Critical 吉林大学珠海学院
Publication of WO2020168627A1 publication Critical patent/WO2020168627A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • H04L9/0668Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator producing a non-linear pseudorandom sequence

Definitions

  • This application relates to the field of information security, and in particular to an encryption and decryption method and device based on zipper dynamic hashing and NLFSR (Nonlinear Feedback Shift Register).
  • NLFSR Near dynamic Feedback Shift Register
  • This application can generally be used for network communication information encryption, aerospace digital remote control commands and data encryption, drone digital remote control communication data encryption, early warning aircraft digital communication command system information encryption, GPS satellite digital communication data encryption, mobile communication encryption, big data encryption , Graphic image encryption and email encryption, etc.
  • After encryption, military, political, and diplomatic documents can be transmitted using civil communication networks to save file transmission costs.
  • Stream cipher is usually a symmetric key technology. Because of its simple implementation and fast encryption speed, errors in ciphertext transmission will not spread in plaintext and other benefits, so it has become an important type of cryptosystem. Stream cipher is the mainstream cipher system used in the world's military and diplomatic fields. The design of the key stream generator is the key to the security of the stream cipher. At present, the more famous stream cipher algorithms include the A5 algorithm used in the European digital cellular mobile phone system GSM and the RC4 algorithm developed by the American RSA Data Security Company. Because stream cipher has many advantages that other ciphers cannot match, it is still one of the most common cipher systems today.
  • the design of the key stream generator for stream ciphers is the key to stream cipher technology. Its essence is to generate a key stream composed of 0 and 1 data streams through a given algorithm, usually based on a mathematical model that can generate pseudo-random sequences. Such as: algebraic operations, linear feedback shift register (LFSR, Linear Feedback Shift Register), clock control sequence, combined network sequence, cellular automata and chaos theory, etc.
  • LFSR linear feedback shift register
  • the sender encrypts the plaintext sequence with a key stream to generate a ciphertext and sends it to the receiver; the receiver uses the same key stream to decrypt the ciphertext to recover the plaintext sequence.
  • LFSR linear feedback shift register
  • the sender encrypts the plaintext sequence with a key stream to generate a ciphertext and sends it to the receiver; the receiver uses the same key stream to decrypt the ciphertext to recover the plaintext sequence.
  • many scholars have mastered the means to attack and decipher the above encryption
  • the purpose of this application is to solve the shortcomings of the prior art, and provide an encryption and decryption method based on zipper dynamic hash and nonlinear feedback shift register and corresponding encryption and decryption device, so that the ciphertext has strong randomness and indispensability. Predictability, so as to obtain the technical effect of increasing the difficulty of deciphering the ciphertext.
  • this application proposes an encryption and decryption method based on zipper dynamic hashing and NLFSR.
  • the method can include the following steps:
  • the key stream generator is constructed based on the nonlinear feedback shift register and bit transformation rules, and the nonlinear feedback shift register as a pseudo-random sequence generator with high security can effectively resist related attacks and algebraic attacks; so The above encryption method can effectively increase the difficulty of deciphering the ciphertext.
  • step S100 further includes the following sub-steps:
  • the starting position of the circular filling is any legal position in the first output sequence.
  • step S300 further includes the following sub-steps:
  • the pseudo-plaintext sequence is decomposed into multiple pseudo-plaintext sub-sequences according to the true value bits and false value bits of the key stream sequence;
  • the multi-path pseudo-plaintext sub-sequence and the key stream sequence are respectively scanned bidirectionally to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered manner.
  • the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt the data structure of a circular queue, and encryption and decryption are performed from any legal data in the corresponding circular queue. The position starts.
  • bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
  • the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
  • this application also proposes an encryption and decryption device based on zipper dynamic hashing and NLFSR.
  • the device may include the following modules: a first key stream generation module for preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence; a pseudo-plaintext generation module for generating The bit transformation Boolean function of the key stream sequence changes the bit value of the plain text sequence to form a pseudo-plain text sequence; the pseudo-plain text division module is used to divide the pseudo-plain text sequence into multiple pseudo-plain text sub-sequences according to the key stream sequence; the first dynamic dispersal The column module is used to calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence according to the hash mapping rules that depend on the key stream sequence, and hash the pseudo-plaintext sub-sequences divided into multiple paths to the cipher In the text space to form a ciphertext stream sequence.
  • the second key stream generation module obtains the ciphertext stream sequence, and uses the same nonlinear feedback function and the bit transformation Boolean function Preprocess the pre-appointed seed key to form a key stream sequence;
  • the second dynamic hash module is used to calculate the corresponding binary bits of each ciphertext sequence according to the inverse hash mapping rule dependent on the key stream sequence Hash the address and map the ciphertext sequence to the plaintext storage space to form multiple pseudo-plaintext subsequences; pseudo-plaintext merge module, used to merge multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence; pseudo-plaintext
  • the restoration module is used to change the bit value of the pseudo plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
  • the key stream generation module further includes the following sub-modules: a first output module for inputting a seed key to a nonlinear feedback function to generate a first output sequence; a second output The module is used to loop the first output sequence to fill the second output sequence formed into the key stream sequence space; the displacement module is used to input the second output sequence to transform the Boolean function to form the key stream sequence.
  • the starting position of the circular filling is any legal position in the first output sequence.
  • the first dynamic hash module further includes the following sub-modules: a decomposition module for decomposing the pseudo-plaintext sequence into true value bits and false value bits of the key stream sequence A multi-path pseudo-plaintext sub-sequence; a hash module for scanning the multi-path pseudo-plain-text sub-sequence and the key stream sequence in a bidirectional cycle respectively to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered fashion.
  • a decomposition module for decomposing the pseudo-plaintext sequence into true value bits and false value bits of the key stream sequence A multi-path pseudo-plaintext sub-sequence
  • a hash module for scanning the multi-path pseudo-plain-text sub-sequence and the key stream sequence in a bidirectional cycle respectively to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered fashion.
  • the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt the data structure of a circular queue, and encryption and decryption are performed from any legal data in the corresponding circular queue. The position starts.
  • bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
  • the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
  • this application also proposes a computer-readable storage medium on which computer instructions are stored. When the above instructions are executed by the processor, the following steps are performed:
  • the key stream generator is constructed based on the nonlinear feedback shift register and bit transformation rules, and the nonlinear feedback shift register as a pseudo-random sequence generator with high security can effectively resist related attacks and algebraic attacks; so The above encryption method can effectively increase the difficulty of deciphering the ciphertext.
  • step S100 further includes the following sub-steps:
  • the starting position of the loop filling is any legal position in the first output sequence.
  • step S300 further includes the following sub-steps:
  • the multi-path pseudo-plaintext sub-sequence and the key stream sequence are respectively scanned bidirectionally to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered manner.
  • the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt a circular queue data structure, and encryption and decryption are performed from the corresponding Start at any legal position in the circular queue.
  • the bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
  • the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
  • the beneficial effect of this application is: by introducing a bit transformation rule in the key stream generator to change the bit value of the output sequence of the nonlinear feedback shift register, a key with longer period and better randomness is obtained.
  • Streaming makes the uniformity of the ciphertext higher than that of the traditional stream cipher method, thereby obtaining the technical effect of increasing the difficulty of deciphering the ciphertext stream sequence.
  • the encryption and decryption process can be easily implemented by encoding, and the time and space complexity of related algorithms is not higher than that of traditional methods;
  • the generated ciphertext stream sequence has strong randomness and unpredictability, and it is extremely difficult to decipher;
  • the relationship between the plaintext stream sequence and the ciphertext stream sequence is not the traditional one-to-one, one-to-many relationship, but disordered encryption, that is, the relationship between the plaintext stream sequence and the ciphertext stream sequence is the most complicated Many-to-many relationship;
  • the uniformity of the ciphertext stream sequence is higher than the uniformity of the ciphertext stream sequence encrypted by the traditional stream cipher method
  • the encrypted ciphertext stream sequence can be transmitted in the existing and open communication channel
  • the corresponding security system can adopt the three separate principles of plaintext encryption, sending, and decryption to make the communication process more secure.
  • Figure 1 shows a flowchart of the encryption method based on zipper dynamic hashing and NLFSR disclosed in this application
  • Figure 2 shows a schematic diagram of a communication process for implementing the method shown in Figure 1;
  • Figure 3 shows a flowchart of a sub-method of forming a key stream sequence in an embodiment of the present application
  • FIG. 4 is a schematic diagram of the formation process of the key stream sequence shown in FIG. 3;
  • FIG. 5 shows a logical structure diagram of a non-linear feedback registration function in an embodiment of the application
  • Figure 6 shows a schematic diagram of the generated key stream sequence
  • Figure 7 shows a schematic diagram of the bit transformation process of a plaintext stream sequence
  • FIG. 8 shows a flowchart of a sub-method of forming a ciphertext stream sequence in an embodiment of the present application
  • FIG. 9 shows a schematic diagram of dynamic zippered hashing of multiple pseudo-plaintext subsequences into ciphertext space
  • Figure 10 shows a schematic diagram of zipper-type dynamic hashing of a plaintext stream sequence
  • Figure 11 shows a flow chart of a decryption method for a ciphertext stream sequence
  • Figure 12 shows a schematic diagram of the reverse hashing of the ciphertext stream sequence into two paths for storage in the plaintext space
  • Figure 13 is a schematic diagram of the bit transformation process of the pseudo-plaintext sequence
  • Fig. 14 shows a block diagram of the encryption and decryption module based on zipper dynamic hashing and NLFSR disclosed in this application.
  • first, second, third, etc. may be used in this application to describe various elements, these elements should not be limited to these terms. These terms are only used to distinguish elements of the same type from each other.
  • first element may also be referred to as the second element, and similarly, the second element may also be referred to as the first element.
  • word "if” as used herein can be interpreted as "when” or "when”.
  • M is a set of plaintext symbols
  • C is a set of cryptographic symbols
  • K is a set of reference byte symbols (also called a key set)
  • E is a set of encryption algorithms
  • D is a set of decryption algorithms .
  • len(M) is the number of bytes in the plaintext sequence.
  • 8 ⁇ len(M) is the binary number of the plaintext sequence.
  • M i (i ⁇ [0,len(M)-1]) is a byte of the plaintext sequence.
  • m j ⁇ 0,1 ⁇ , j ⁇ [0,8 ⁇ len(M)-1] is a binary bit of the plaintext sequence.
  • len(K) is the number of bytes in the key stream sequence.
  • 8 ⁇ len(K) is the binary number of the key stream sequence.
  • K i (i ⁇ [0,len(K)-1]) is a byte of the key stream sequence.
  • key j ⁇ 0,1 ⁇ , j ⁇ [0,8 ⁇ len(K)-1] is a binary bit of the key stream sequence.
  • len(C) is the number of bytes in the ciphertext stream sequence.
  • len(C) len(M), that is, the length of the plaintext sequence is equal to the length of the ciphertext stream sequence.
  • 8 ⁇ len(C) is the binary number of the ciphertext stream sequence.
  • C i (i ⁇ [0,len(C)-1]) is a byte of the ciphertext stream sequence;
  • c j ⁇ 0,1 ⁇ , j ⁇ [0,8 ⁇ len(C)- 1] is a binary bit (bit) of the ciphertext stream sequence.
  • the information in the M, K, and C sets is a byte symbol set composed of binary symbols ⁇ 0, 1 ⁇ . Among them, the number of symbol ⁇ 1 ⁇ in each set is denoted as sum(M), sum(K) and sum(C), and sum(M) is not necessarily equal to sum(C).
  • the elements of the encryption algorithm set E are a set of zipper hashing and bit transformation rules for encryption operations.
  • the element of the decryption algorithm set D is a set of zipper hash and bit transformation rules used for decryption operations, where the rules in set E should correspond to unique rules in set D, and the encryption rules and decryption rules are Reciprocal.
  • the above encryption method is mainly based on the following principles:
  • the key stream generator is constructed based on a nonlinear feedback shift register and a bit-transformed Boolean function.
  • the nonlinear feedback shift register can effectively resist related attacks and algebraic attacks.
  • the introduction of the bit transformation Boolean function is used to change the bit value of the key stream, thereby obtaining a longer cycle and better random key; in addition, the complexity of the nonlinear feedback shift register is high, so far there is no universally applicable Means of algebraic attacks against it;
  • the output sequence of the non-linear feedback shift register is periodic.
  • the period of the output sequence can be as long as 2 n -1.
  • This method can also use multi-key encryption, and the initial ciphertext is used as a parameter to perform multiple encryptions to obtain the final ciphertext, which further improves the security of information and better meets the ever-increasing demand for information encryption.
  • the key can be placed in the hands of different people to ensure that the plaintext is more secure.
  • the output sequence obtained by preprocessing the seed key by the nonlinear feedback shift register and the bit transformation Boolean function is used as the key stream.
  • the bit value of the plaintext is changed according to the bit conversion rule that depends on the key stream sequence.
  • the zipper-type hash mapping rule that depends on the key stream calculate the hash address of each plaintext binary bit, and map it to the ciphertext space according to the hash address In, so as to get the ciphertext stream sequence.
  • step S100 further includes the following sub-steps:
  • nonlinear feedback shift register NLFSR
  • linear feedback shift register LFSR
  • the exclusive OR gate is represented as binary addition
  • the AND gate is represented as binary multiplication
  • the difference between NLFSR and LFSR is that the feedback logic of NLFSR is composed of XOR gates and AND gates, while the feedback logic of LFSR is only composed of XOR gates.
  • the output sequence of the nonlinear feedback shift register is periodic. For a seed key of length n, the period of the output sequence can be as long as 2 n -1.
  • the above method changes the bit value of the key stream by introducing a bit transformation Boolean function, thereby obtaining a key stream with longer period and better randomness. Therefore, the above method does not need to design an optimal nonlinear feedback shift register, and achieves better average performance.
  • the key stream sequence K is obtained. Perform bit transformation on the plaintext sequence M with reference to the key stream sequence K to obtain M', and then perform zipper dynamic hashing on the transformed plaintext sequence M'according to the key stream sequence K, and finally obtain the ciphertext stream sequence C.
  • Seed_Key ⁇ 1000 ⁇ 2
  • the seed key is processed by the F 1 function Then get the first output sequence S.
  • the starting position of the cyclic filling can be any legal position in the first output sequence S. In this example, the starting position of the cyclic filling is set as the first item of the first output sequence S.
  • j is called the "bit order", which is the number of the binary bits of the key stream, starting from 0 in this example.
  • C 1 , X 1 , Y 1 , Z 1 , C 2 , X 2 , Y 2 , Z 2 are predetermined integers, in this example the value is 0,1,4,0,0,1,7 , 0.
  • Its extended ASCII code (hexadecimal) is ⁇ 0X34,0XBB,0XF6,0XEA ⁇ 16 , convert it to binary to get ⁇ 00110100,10111011,11110110,11101010 ⁇ 2 , as shown in Figure 6.
  • M "aaaa” represents a plaintext sequence, which is an encrypted input sequence.
  • ⁇ 0X61,0X61,0X61,0X61 ⁇ 16 is the extended ASCII code (hexadecimal) of the plaintext sequence "aaaa”, convert it to binary to get ⁇ 01100001,01100001,01100001,01100001 ⁇ 2 , as shown in Figure 7.
  • ⁇ 0XAA,0X25,0X68,0X74 ⁇ 16 is the extended ASCII code (hexadecimal) of the pseudo-plaintext sequence M', which is converted to binary to obtain ⁇ 10101010,00100101,01101000,01110100 ⁇ 2 , as shown in Figure 7.
  • ⁇ 0X94,0XD0,0XDB,0X0C ⁇ 16 is the ciphertext stream sequence
  • the plaintext sequence, key stream sequence, and ciphertext stream sequence all adopt a logical structure shaped like a circular queue, which can be calculated at any position in the queue.
  • the working pointers p1 and p2 point to the plaintext binary bits M[0], M[31], q1 and q2 point to key binary bits K[0], K[31], and road points to ciphertext binary bit C[0].
  • the bit conversion rule applied to the plaintext is: according to the specific bit of the key K, the bit-wise inversion, in this example, the "false" value binary bit.
  • Figure 7 shows that according to the "false" bit of the key K, the corresponding bit of the plaintext M is reversed to obtain the pseudo-plaintext sequence M'.
  • Zipper hashing uses the idea of n-way merging. Randomly merge the binary bits that meet the conditions, thereby disturbing the sequence of the binary code of the pseudo-plaintext sequence.
  • n 2
  • the pseudo-plaintext sequence M' is divided into two paths according to the key stream sequence K
  • the pointers p1 and p2 whose initial value can take any legal position in the circular queue, the pointer p1 looks for the "true" value bit in the key stream sequence, and the road1 is formed by M'[p1]; the pointer p2 looks for the key stream sequence
  • the "false" value bit is composed of M'[p2] road2, as shown in Figure 9.
  • the ciphertext space C is the road shown in FIG. 9.
  • the binary codes of road1 and road2 in Fig. 7 are mapped to the ciphertext space C according to the zipper-type dynamic hash method, and the finally obtained ciphertext stream sequence is shown in Fig. 10.
  • Decryption is the inverse operation of the encryption process. By scanning the key stream sequence and the ciphertext stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext stream sequence, and map the ciphertext stream sequence hash to the plaintext storage space , To form multiple pseudo-plaintext subsequences; merge multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence; change the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a plaintext sequence. Referring to the method flowchart shown in FIG. 11, in one or more embodiments of the present application, the following steps for decryption are further included:
  • the seed key Seed_Key the non-linear feedback function F 1 (x 0 , x 1 , x 2 , x 3 ), the bit transformation Boolean function F 2 (j), and
  • the initial values of each item are the same as those during encryption, and the resulting key stream is also the same, as shown in Figure 6.
  • ⁇ 0XAA,0X25,0X68,0X74 ⁇ 16 is the extended ASCII code (hexadecimal) of M', convert it to binary to get ⁇ 10101010,00100101,01101000,01110100 ⁇ 2 .
  • ⁇ 0X61,0X61,0X61,0X61 ⁇ 16 is the extended ASCII code (hexadecimal) of the plaintext "aaaa”, convert it to binary to get ⁇ 01100001,01100001,01100001,01100001 ⁇ 2 .
  • the plaintext sequence, the key stream sequence and the ciphertext stream sequence all adopt a logical structure like a circular queue, which can be calculated at any position in the queue.
  • the working pointers p1 and p2 point to the plaintext sequence binary bits M[0], M[31] , Q1, q2 point to key binary bits K[0], K[31], road points to ciphertext binary bit C[0].
  • bit transformation rule applied to the pseudo-plaintext sequence M' is: according to the specific bit of the key stream sequence K, the bit-wise inversion, in this example, it is a binary bit with a "false" value.
  • Figure 13 shows that the plaintext sequence M is obtained by bit-inverting the corresponding bits of the pseudo-plaintext sequence M'according to the "false" value bits of the key K.
  • the encryption and decryption method based on zipper dynamic hashing and NLFSR disclosed in this application includes the following modules: a key stream generation module, which is used to use nonlinear The feedback function and the bit transformation Boolean function preprocess the seed key to form a key stream sequence; the pseudo-plaintext generation module is used to change the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence ; Pseudo-plaintext division module, used to divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence; ciphertext stream generation module, used to calculate each The binary bits of the pseudo-plaintext sequence correspond to a dynamic hash address, and the multiplexed pseudo-plaintext subsequences are hashed into the ciphertext space to form a ciphertext stream sequence.
  • a key stream generation module which is used to use nonlinear The feedback function and the bit transformation Boolean function
  • Plaintext storage space M new char[M_bytes+1];
  • Ciphertext storage space C new char[M_bytes+1]
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • Function return value return the value 0 or 1 of the nth bit of the string pointed to by p
  • str is the seed key
  • Seq is the first output sequence character string generated by the non-linear feedback function of the seed key, consisting of two characters: ‘0’ and ‘1’;
  • Function function Convert the output sequence Seq of the nonlinear feedback function into a character string, and store it in the key space K in a circular filling method
  • the bit conversion rule of the plaintext is: according to the false value bit of the key stream K, the corresponding binary bit of the plaintext is inverted
  • road1 and road1 are the initial values of the working pointers, which are also the starting positions for splitting the plaintext into 2-way
  • the ciphertext storage space C new char[C_bytes+1];
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • p_str is a pointer to a character string
  • n represents a binary bit with a subscript of n
  • Function return value return the value 0 or 1 of the nth bit of the string pointed to by p
  • str is the seed key
  • a, b, c, d are non-linear feedback functions
  • Seq is the first output sequence character string generated by the non-linear feedback function of the seed key, consisting of two characters: ‘0’ and ‘1’;
  • Function function Convert the output sequence Seq of the non-linear feedback function into a character string, and store it in the key space K by means of circular filling.
  • road1 and road1 are the initial value of the working pointer, and also the starting position of the 2-way merged ciphertext
  • the bit conversion rule of the plaintext is: according to the false value bit of the key stream K, the corresponding binary bit of the plaintext is inverted
  • the disclosed device and method may be implemented in other ways.
  • the system embodiment described above is merely illustrative.
  • the division of the modules or units is only a logical function division.
  • there may be other division methods for example, multiple units or components may be Combined or can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • the functional units in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the present invention implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments can be implemented.
  • the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
  • the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signal telecommunications signal
  • software distribution media etc.
  • the content contained in the computer-readable medium can be appropriately added or deleted in accordance with the requirements of the legislation and patent practice in the jurisdiction.
  • the computer-readable medium Does not include electrical carrier signals and telecommunication signals.

Abstract

An encryption and decryption method and device employing zipper-type dynamic hashing and NLFSR techniques. An encryption process comprises the following steps: using a nonlinear feedback function and a bit-manipulation Boolean function to pre-process a seed key, so as to form a keystream sequence; changing, according to the bit-manipulation Boolean function employing the keystream sequence, a bit value of a plaintext sequence, so as to form a pseudo-plaintext sequence; dividing, according to the keystream sequence, the pseudo-plaintext sequence into multiple pseudo-plaintext subsequences; and calculating, according to a hash mapping rule depending on the keystream sequence, a dynamic hash address corresponding to a binary bit of each respective pseudo-plaintext sequence, and mapping, by means of a hash function, the multiple pseudo-plaintext subsequences to a ciphertext space, so as to form a ciphertext stream sequence. The present application has the following beneficial effects: keystream generators, beside using nonlinear feedback shift registers, also use a bit-manipulation Boolean function so as to obtain keystreams having a longer period and improved randomness; moreover, bit-manipulation rules for plaintexts and mapping rules employing zipper-type dynamic hashing are used to increase the difficulty of decoding ciphertext stream sequences.

Description

基于拉链式动态散列和NLFSR的加密解密方法及装置Encryption and decryption method and device based on zipper type dynamic hash and NLFSR 技术领域Technical field
本申请涉及信息安全领域,尤其涉及一种基于拉链式动态散列和NLFSR(Nonlinear Feedback Shift Register,非线性反馈移位寄存器)的加密解密方法及装置。本申请一般可以用于网络通信信息加密、航天数字遥控指令与数据加密、无人机数字遥控通信数据加密、预警机数字通信指挥系统信息加密、GPS卫星数字通信数据加密、移动通信加密、大数据加密、图形影像加密和电子邮件加密等。加密后,军事、政治和外交文件可利用民用通信网络传输,以节省文件传送成本。This application relates to the field of information security, and in particular to an encryption and decryption method and device based on zipper dynamic hashing and NLFSR (Nonlinear Feedback Shift Register). This application can generally be used for network communication information encryption, aerospace digital remote control commands and data encryption, drone digital remote control communication data encryption, early warning aircraft digital communication command system information encryption, GPS satellite digital communication data encryption, mobile communication encryption, big data encryption , Graphic image encryption and email encryption, etc. After encryption, military, political, and diplomatic documents can be transmitted using civil communication networks to save file transmission costs.
背景技术Background technique
流密码(stream cipher)通常是一种对称密钥技术。因为其实施简单、加密速度快,密文传输中的错误不会在明文中产生扩散等好处,所以它成为一类重要的密码体制。流密码是世界军事、外交等领域应用的主流密码体制。密钥流生成器的设计是流密码安全的关键,目前,比较著名的流密码算法如:欧洲数字蜂窝移动电话系统GSM中采用的A5算法和美国RSA数据安全公司开发的RC4算法。由于流密码具有许多其他密码不可比拟的优点,所以,它仍然是当今最为通用的密码体系之一。Stream cipher is usually a symmetric key technology. Because of its simple implementation and fast encryption speed, errors in ciphertext transmission will not spread in plaintext and other benefits, so it has become an important type of cryptosystem. Stream cipher is the mainstream cipher system used in the world's military and diplomatic fields. The design of the key stream generator is the key to the security of the stream cipher. At present, the more famous stream cipher algorithms include the A5 algorithm used in the European digital cellular mobile phone system GSM and the RC4 algorithm developed by the American RSA Data Security Company. Because stream cipher has many advantages that other ciphers cannot match, it is still one of the most common cipher systems today.
流密码的密钥流生成器的设计是流密码技术的关键,其本质是通过给定算法产生由0、1数据流构成的密钥流,通常以能够产生伪随机序列的数学模型为基础,如:代数运算、线性反馈移位寄存器(LFSR,Linear Feedback Shift Register)、钟控序列、组合网络序列、元胞自动机和混沌理论等。发送者将明文序列用密钥流加密生成密文并发送给接收者;接收者用相同的密钥流对密文解密恢复出明文序列。目前,很多学者已经掌握了攻击和破译上述加密方法的手段。例如,Courtois和Meier在2003年的欧洲密码学年会上提出将代数攻击应用于基于线性反馈移位寄存器的流密码算法。“代数攻击”作为流密码领域研究的新热点,从新的角度来分析密码体制的安全性,将其转化到求解超定的多元方程组的问题上。这对传统的流密码体系的设计产生了巨大的冲击。The design of the key stream generator for stream ciphers is the key to stream cipher technology. Its essence is to generate a key stream composed of 0 and 1 data streams through a given algorithm, usually based on a mathematical model that can generate pseudo-random sequences. Such as: algebraic operations, linear feedback shift register (LFSR, Linear Feedback Shift Register), clock control sequence, combined network sequence, cellular automata and chaos theory, etc. The sender encrypts the plaintext sequence with a key stream to generate a ciphertext and sends it to the receiver; the receiver uses the same key stream to decrypt the ciphertext to recover the plaintext sequence. At present, many scholars have mastered the means to attack and decipher the above encryption methods. For example, Courtois and Meier proposed to apply algebraic attacks to stream cipher algorithms based on linear feedback shift registers at the European Cryptography Annual Conference in 2003. As a new hot spot in the field of stream cipher research, "algebraic attack" analyzes the security of cryptosystems from a new perspective and transforms it into the problem of solving overdetermined multi-element systems. This has had a huge impact on the design of the traditional stream cipher system.
为了抵抗相关攻击和代数攻击,采用线性反馈移位寄存器的流密码算法需要使用较为复杂的前馈函数,而非线性反馈移位寄存器作为一种安全性较高的伪随机序列生成器能够有效抵抗相关攻击和代数攻击。2004年以后,基于非线性移位寄存器技术设计的密钥流生成器开始兴起。例如,eSTREAM项目最终推荐的算法Grain、Trivium和MICKEY等都采用非线性反馈移位寄存器作为密钥流生成器。In order to resist related attacks and algebraic attacks, the stream cipher algorithm using linear feedback shift registers needs to use a more complex feedforward function, and nonlinear feedback shift registers as a pseudo-random sequence generator with high security can effectively resist Related attacks and algebraic attacks. After 2004, key stream generators based on nonlinear shift register technology began to emerge. For example, the algorithms Grain, Trivium, and MICKEY finally recommended by the eSTREAM project all use nonlinear feedback shift registers as key stream generators.
由于常规流密码技术的关键是构造各种各样的密钥流生成器,从而产生(伪)随机序列作为密钥流序列,因此对流密码的攻击也都集中在对密钥流生成器的攻击上。然而,常规的流密码加解密方法是基于二进制位异或运算的。换言之,加密时,明文序列与密钥流序列间的位异或运算随机地将明文序列中的1变成0、将0变成1,从而产生密文流序列;解密时,密文流序列与密钥流序列间相应位的位异或运算生成明文序列。因此,这种机制的一个缺陷是流密码的安全强度完全取决于密钥流序列的安全强度,然而目前已经出现了诸多对密钥流生成器的攻击技术。这种机制的另一个缺陷是加密解密方法单一,这就导致对于较短的密钥流序列,单纯依靠异或运算不能得到随机性和码分布均匀性较好的密文。Since the key to conventional stream cipher technology is to construct a variety of key stream generators to generate (pseudo) random sequences as key stream sequences, attacks on stream ciphers are also concentrated on attacks on key stream generators. on. However, conventional stream cipher encryption and decryption methods are based on binary bit XOR operation. In other words, during encryption, the bit XOR operation between the plaintext sequence and the key stream sequence randomly turns 1 in the plaintext sequence into 0 and 0 into 1 to generate a ciphertext stream sequence; when decrypting, the ciphertext stream sequence The bitwise exclusive OR operation of the corresponding bits with the key stream sequence generates a plaintext sequence. Therefore, one of the drawbacks of this mechanism is that the security strength of the stream cipher depends entirely on the security strength of the key stream sequence, but there have been many attacks on the key stream generator. Another defect of this mechanism is that the encryption and decryption method is single, which leads to the fact that for a shorter key stream sequence, the ciphertext with better randomness and uniformity of code distribution cannot be obtained by relying solely on the exclusive OR operation.
发明内容Summary of the invention
本申请的目的是解决现有技术的不足,提供一种基于拉链式动态散列和非线性反馈移位寄存器的加密解密方法及相应的加密解密装置,使得密文具有很强的随机性和不可预测性,从而获得提高破译密文难度的技术效果。The purpose of this application is to solve the shortcomings of the prior art, and provide an encryption and decryption method based on zipper dynamic hash and nonlinear feedback shift register and corresponding encryption and decryption device, so that the ciphertext has strong randomness and indispensability. Predictability, so as to obtain the technical effect of increasing the difficulty of deciphering the ciphertext.
为了实现上述目的,本申请采用以下的技术方案。In order to achieve the above objective, this application adopts the following technical solutions.
首先,本申请提出一种基于拉链式动态散列和NLFSR的加密解密方法。该方法可以包括以下步骤:First, this application proposes an encryption and decryption method based on zipper dynamic hashing and NLFSR. The method can include the following steps:
S100)利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;S100) Preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence;
S200)按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;S200) Changing the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence;
S300)按照密钥流序列将伪明文序列划分为多路伪明文子序列;S300) Divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
S400)按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分 为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。S400) According to the hash mapping rule that depends on the key stream sequence, calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence, and hash the pseudo-plaintext subsequences divided into multiple paths into the ciphertext space To form a sequence of ciphertext streams.
因为密钥流生成器是基于非线性反馈移位寄存器和位变换规则构造,而非线性反馈移位寄存器作为一种安全性较高的伪随机序列生成器能够有效抵抗相关攻击和代数攻击;所以上述加密方法能有效提高破译密文的难度。Because the key stream generator is constructed based on the nonlinear feedback shift register and bit transformation rules, and the nonlinear feedback shift register as a pseudo-random sequence generator with high security can effectively resist related attacks and algebraic attacks; so The above encryption method can effectively increase the difficulty of deciphering the ciphertext.
进一步地,在本申请的上述方法中,还包括以下用于解密的步骤:Further, in the above-mentioned method of the present application, it further includes the following steps for decryption:
S500)获取密文流序列,并利用相同的所述非线性反馈函数和所述位变换布尔函数预处理预先约定的种子密钥,以形成密钥流序列;S500) Obtain a ciphertext stream sequence, and use the same non-linear feedback function and the bit transformation Boolean function to preprocess a predetermined seed key to form a key stream sequence;
S600)按照依赖于密钥流序列的逆散列映射规则,计算每个密文序列的二进制位所对应散列地址,并将密文序列散列映射到明文存储空间中,以形成多路伪明文子序列;S600) According to the inverse hash mapping rule that depends on the key stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext sequence, and map the ciphertext sequence hash to the plaintext storage space to form a multi-path pseudo Plaintext subsequence;
S700)合并多路伪明文子序列,以形成伪明文序列;S700) Combine multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence;
S800)按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。S800) Changing the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
进一步地,在本申请的上述方法中,所述步骤S100还包括以下子步骤:Further, in the above method of the present application, the step S100 further includes the following sub-steps:
S101)输入种子密钥到非线性反馈函数以生成第一输出序列;S101) Input the seed key to the nonlinear feedback function to generate the first output sequence;
S102)循环第一输出序列以填充形成为密钥流序列空间的第二输出序列;S102) Loop the first output sequence to fill the second output sequence formed into the key stream sequence space;
S103)输入第二输出序列到位变换布尔函数以形成密钥流序列。S103) Input the second output sequence to transform the Boolean function in place to form a key stream sequence.
再进一步地,在本申请的上述方法中,在所述步骤S102中,循环填充的起始位置是第一输出序列中的任意合法位置。Still further, in the above method of the present application, in the step S102, the starting position of the circular filling is any legal position in the first output sequence.
进一步地,在本申请的上述方法中,所述步骤S300还包括以下的子步骤:Further, in the above method of the present application, the step S300 further includes the following sub-steps:
S301)将伪明文序列按照密钥流序列的真值位和假值位分解为多路伪明文子序列;S301) The pseudo-plaintext sequence is decomposed into multiple pseudo-plaintext sub-sequences according to the true value bits and false value bits of the key stream sequence;
S302)分别双向循环扫描所述多路伪明文子序列和密钥流序列,以将多路伪明文子序列拉链式动态散列到密文空间。S302) The multi-path pseudo-plaintext sub-sequence and the key stream sequence are respectively scanned bidirectionally to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered manner.
可替代地,在本申请的上述方法中,所述明文序列、所述密钥流序列和所述密文流序列都采用循环队列的数据结构,并且加密解密是从相应循环队列中的任意合法位置开始。Alternatively, in the above-mentioned method of the present application, the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt the data structure of a circular queue, and encryption and decryption are performed from any legal data in the corresponding circular queue. The position starts.
进一步地,在本申请的上述方法中,所述位变换布尔函数是根据密钥流序列的特定位按位取反函数。Further, in the above method of the present application, the bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
可替代地,在本申请的上述方法中,所述非线性反馈函数是代数阶数为4以上的反馈函数。Alternatively, in the above method of the present application, the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
其次,本申请还提出一种基于拉链式动态散列和NLFSR的加密解密装置。该装置可以包括以下模块:第一密钥流生成模块,用于利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;伪明文生成模块,用于按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;伪明文划分模块,用于按照密钥流序列将伪明文序列划分为多路伪明文子序列;第一动态散列模块,用于按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。Secondly, this application also proposes an encryption and decryption device based on zipper dynamic hashing and NLFSR. The device may include the following modules: a first key stream generation module for preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence; a pseudo-plaintext generation module for generating The bit transformation Boolean function of the key stream sequence changes the bit value of the plain text sequence to form a pseudo-plain text sequence; the pseudo-plain text division module is used to divide the pseudo-plain text sequence into multiple pseudo-plain text sub-sequences according to the key stream sequence; the first dynamic dispersal The column module is used to calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence according to the hash mapping rules that depend on the key stream sequence, and hash the pseudo-plaintext sub-sequences divided into multiple paths to the cipher In the text space to form a ciphertext stream sequence.
进一步地,在本申请的上述装置中,还包括以下用于解密的模块:第二密钥流生成模块获取密文流序列,并利用相同的所述非线性反馈函数和所述位变换布尔函数预处理预先约定的种子密钥,以形成密钥流序列;第二动态散列模块,用于按照依赖于密钥流序列的逆散列映射规则,计算每个密文序列的二进制位所对应散列地址,并将密文序列散列映射到明文存储空间中,以形成多路伪明文子序列;伪明文合并模块,用于合并多路伪明文子序列,以形成伪明文序列;伪明文还原模块,用于按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。Further, in the above-mentioned device of the present application, it further includes the following modules for decryption: the second key stream generation module obtains the ciphertext stream sequence, and uses the same nonlinear feedback function and the bit transformation Boolean function Preprocess the pre-appointed seed key to form a key stream sequence; the second dynamic hash module is used to calculate the corresponding binary bits of each ciphertext sequence according to the inverse hash mapping rule dependent on the key stream sequence Hash the address and map the ciphertext sequence to the plaintext storage space to form multiple pseudo-plaintext subsequences; pseudo-plaintext merge module, used to merge multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence; pseudo-plaintext The restoration module is used to change the bit value of the pseudo plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
进一步地,在本申请的上述装置中,所述密钥流生成模块还包括以下子模块:第一输出模块,用于输入种子密钥到非线性反馈函数以生成第一输出序列;第二输出模块,用于循环第一输出序列以填充形成为密钥流序列空间的第二输出序列;变位模块,用于输入第二输出序列到位变换布尔函数以形成密钥流序列。Further, in the above-mentioned device of the present application, the key stream generation module further includes the following sub-modules: a first output module for inputting a seed key to a nonlinear feedback function to generate a first output sequence; a second output The module is used to loop the first output sequence to fill the second output sequence formed into the key stream sequence space; the displacement module is used to input the second output sequence to transform the Boolean function to form the key stream sequence.
再进一步地,在本申请的上述装置中,在所述第二输出模块中,循环填充的起始位置是第一输出序列中的任意 合法位置。Still further, in the above device of the present application, in the second output module, the starting position of the circular filling is any legal position in the first output sequence.
进一步地,在本申请的上述装置中,所述第一动态散列模块还包括以下的子模块:分解模块,用于将伪明文序列按照密钥流序列的真值位和假值位分解为多路伪明文子序列;散列模块,用于分别双向循环扫描所述多路伪明文子序列和密钥流序列,以将多路伪明文子序列拉链式动态散列到密文空间。Further, in the above-mentioned device of the present application, the first dynamic hash module further includes the following sub-modules: a decomposition module for decomposing the pseudo-plaintext sequence into true value bits and false value bits of the key stream sequence A multi-path pseudo-plaintext sub-sequence; a hash module for scanning the multi-path pseudo-plain-text sub-sequence and the key stream sequence in a bidirectional cycle respectively to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered fashion.
可替代地,在本申请的上述装置中,所述明文序列、所述密钥流序列和所述密文流序列都采用循环队列的数据结构,并且加密解密是从相应循环队列中的任意合法位置开始。Alternatively, in the above-mentioned device of the present application, the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt the data structure of a circular queue, and encryption and decryption are performed from any legal data in the corresponding circular queue. The position starts.
进一步地,在本申请的上述装置中,所述位变换布尔函数是根据密钥流序列的特定位按位取反函数。Further, in the above device of the present application, the bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
可替代地,在本申请的上述装置中,所述非线性反馈函数是代数阶数为4以上的反馈函数。Alternatively, in the above-mentioned device of the present application, the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
最后,本申请还提出一种计算机可读存储介质,其上存储有计算机指令。上述指令被处理器执行时,执行如下步骤:Finally, this application also proposes a computer-readable storage medium on which computer instructions are stored. When the above instructions are executed by the processor, the following steps are performed:
S100)利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;S100) Preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence;
S200)按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;S200) Changing the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence;
S300)按照密钥流序列将伪明文序列划分为多路伪明文子序列;S300) Divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
S400)按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。S400) According to the hash mapping rule that depends on the key stream sequence, calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence, and hash the pseudo-plaintext subsequences divided into multiple paths into the ciphertext space To form a sequence of ciphertext streams.
因为密钥流生成器是基于非线性反馈移位寄存器和位变换规则构造,而非线性反馈移位寄存器作为一种安全性较高的伪随机序列生成器能够有效抵抗相关攻击和代数攻击;所以上述加密方法能有效提高破译密文的难度。Because the key stream generator is constructed based on the nonlinear feedback shift register and bit transformation rules, and the nonlinear feedback shift register as a pseudo-random sequence generator with high security can effectively resist related attacks and algebraic attacks; so The above encryption method can effectively increase the difficulty of deciphering the ciphertext.
进一步地,在本申请的上述指令被处理器执行的过程中,还包括以下用于解密的步骤:Further, in the process in which the above-mentioned instructions of the present application are executed by the processor, the following steps for decryption are further included:
S500)获取密文流序列,并利用相同的所述非线性反馈函数和所述位变换布尔函数预处理预先约定的种子密钥,以形成密钥流序列;S500) Obtain a ciphertext stream sequence, and use the same non-linear feedback function and the bit transformation Boolean function to preprocess a predetermined seed key to form a key stream sequence;
S600)按照依赖于密钥流序列的逆散列映射规则,计算每个密文序列的二进制位所对应散列地址,并将密文序列散列映射到明文存储空间中,以形成多路伪明文子序列;S600) According to the inverse hash mapping rule that depends on the key stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext sequence, and map the ciphertext sequence hash to the plaintext storage space to form a multi-path pseudo Plaintext subsequence;
S700)合并多路伪明文子序列,以形成伪明文序列;S700) Combine multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence;
S800)按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。S800) Changing the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
进一步地,在本申请的上述指令被处理器执行的过程中,所述步骤S100还包括以下子步骤:Further, in the process in which the above-mentioned instructions of the present application are executed by the processor, the step S100 further includes the following sub-steps:
S101)输入种子密钥到非线性反馈函数以生成第一输出序列;S101) Input the seed key to the nonlinear feedback function to generate the first output sequence;
S102)循环第一输出序列以填充形成为密钥流序列空间的第二输出序列;S102) Loop the first output sequence to fill the second output sequence formed into the key stream sequence space;
S103)输入第二输出序列到位变换布尔函数以形成密钥流序列。S103) Input the second output sequence to transform the Boolean function in place to form a key stream sequence.
再进一步地,在本申请的上述指令被处理器执行的过程中,在所述步骤S102中,循环填充的起始位置是第一输出序列中的任意合法位置。Still further, during the execution of the above-mentioned instructions of the present application by the processor, in the step S102, the starting position of the loop filling is any legal position in the first output sequence.
进一步地,在本申请的上述指令被处理器执行的过程中,所述步骤S300还包括以下的子步骤:Further, in the process in which the above-mentioned instructions of the present application are executed by the processor, the step S300 further includes the following sub-steps:
S301)将伪明文序列按照密钥流序列分解为多路伪明文子序列;S301) Decomposing the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
S302)分别双向循环扫描所述多路伪明文子序列和密钥流序列,以将多路伪明文子序列拉链式动态散列到密文空间。S302) The multi-path pseudo-plaintext sub-sequence and the key stream sequence are respectively scanned bidirectionally to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered manner.
可替代地,在本申请的上述指令被处理器执行的过程中,所述明文序列、所述密钥流序列和所述密文流序列都采用循环队列的数据结构,并且加密解密是从相应循环队列中的任意合法位置开始。Alternatively, during the execution of the above-mentioned instructions of the present application by the processor, the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt a circular queue data structure, and encryption and decryption are performed from the corresponding Start at any legal position in the circular queue.
进一步地,在本申请的上述指令被处理器执行的过程中,所述位变换布尔函数是根据密钥流序列的特定位按位取反函数。Further, during the execution of the above-mentioned instructions of the present application by the processor, the bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
可替代地,在本申请的上述指令被处理器执行的过程中,所述非线性反馈函数是代数阶数为4以上的反馈函数。Alternatively, during the execution of the above-mentioned instructions of the present application by the processor, the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
本申请所公开的各技术方案与传统流密码加解密技术的主要不同点在于其不依赖于明文与密钥的异或运算,而 是明文在二进制位上的一种依赖于密钥流的拉链式动态散列与位变换规则。这就克服了传统的流密码加解密方法单一,且流密码体制的安全强度完全取决于密钥流的安全性的缺陷。现有的对流密码的攻击技术将不再适用于本申请所公开的各个技术方案。因此,本申请的有益效果为:通过在密钥流生成器中引入位变换规则来改变非线性反馈移位寄存器的输出序列位值的方法,而得到周期更长且随机性更好的密钥流,使得密文的均匀度高于传统的流密码方法加密的密码均匀度,从而获得了提高密文流序列的破译难度的技术效果。The main difference between the technical solutions disclosed in this application and the traditional stream cipher encryption and decryption technology is that they do not rely on the exclusive OR operation of the plaintext and the key, but a zipper that relies on the key stream on the binary bit of the plaintext. Type dynamic hashing and bit transformation rules. This overcomes the traditional stream cipher encryption and decryption method is single, and the security strength of the stream cipher system completely depends on the security of the key stream. The existing attack technology on stream ciphers will no longer be applicable to the various technical solutions disclosed in this application. Therefore, the beneficial effect of this application is: by introducing a bit transformation rule in the key stream generator to change the bit value of the output sequence of the nonlinear feedback shift register, a key with longer period and better randomness is obtained. Streaming makes the uniformity of the ciphertext higher than that of the traditional stream cipher method, thereby obtaining the technical effect of increasing the difficulty of deciphering the ciphertext stream sequence.
进一步地,本申请所公开的各个技术方案还具有以下特点:Further, each technical solution disclosed in this application also has the following characteristics:
1.加密和解密过程可以方便地编码实现,且相关算法的时间和空间复杂度不高于传统方法;1. The encryption and decryption process can be easily implemented by encoding, and the time and space complexity of related algorithms is not higher than that of traditional methods;
2.所生成的密文流序列具有很强的随机性和不可预测性,破译极难;2. The generated ciphertext stream sequence has strong randomness and unpredictability, and it is extremely difficult to decipher;
3.本加密方法中明文流序列与密文流序列间不是传统的一对一、一对多的关系,而是无序加密,即明文流序列与密文流序列间的关系是最复杂的多对多的关系;3. In this encryption method, the relationship between the plaintext stream sequence and the ciphertext stream sequence is not the traditional one-to-one, one-to-many relationship, but disordered encryption, that is, the relationship between the plaintext stream sequence and the ciphertext stream sequence is the most complicated Many-to-many relationship;
4.密文流序列的均匀度高于传统的流密码方法加密后的密文流序列均匀度;4. The uniformity of the ciphertext stream sequence is higher than the uniformity of the ciphertext stream sequence encrypted by the traditional stream cipher method;
5.各个加密解密技术方案分别遵循了Shannon提出的一次一密的密码体制;5. Each encryption and decryption technology scheme respectively follows Shannon's one-time-one-pass cryptosystem;
6.加密后的密文流序列可在现有的、公开的通信信道进行传输;6. The encrypted ciphertext stream sequence can be transmitted in the existing and open communication channel;
7.相应的保密系统可采用明文加密、发送、解密三分离原则,使通信过程更加安全。7. The corresponding security system can adopt the three separate principles of plaintext encryption, sending, and decryption to make the communication process more secure.
附图说明Description of the drawings
图1所示为本申请所公开的、基于拉链式动态散列和NLFSR的加密的方法流程图;Figure 1 shows a flowchart of the encryption method based on zipper dynamic hashing and NLFSR disclosed in this application;
图2所示为实现图1所示方法的通信过程示意图;Figure 2 shows a schematic diagram of a communication process for implementing the method shown in Figure 1;
图3所示为在本申请的一个实施例中,形成密钥流序列的子方法流程图;Figure 3 shows a flowchart of a sub-method of forming a key stream sequence in an embodiment of the present application;
图4所示为图3所示的密钥流序列形成过程的示意图;FIG. 4 is a schematic diagram of the formation process of the key stream sequence shown in FIG. 3;
图5所示为本申请的一个实施例中,非线性反馈寄存函数的逻辑结构图;FIG. 5 shows a logical structure diagram of a non-linear feedback registration function in an embodiment of the application;
图6所示为生成的密钥流序列示意图;Figure 6 shows a schematic diagram of the generated key stream sequence;
图7所示为明文流序列的位变换过程示意图;Figure 7 shows a schematic diagram of the bit transformation process of a plaintext stream sequence;
图8所示为在本申请的一个实施例中,形成密文流序列的子方法流程图;FIG. 8 shows a flowchart of a sub-method of forming a ciphertext stream sequence in an embodiment of the present application;
图9所示为多路伪明文子序列拉链式动态散列到密文空间的示意图;FIG. 9 shows a schematic diagram of dynamic zippered hashing of multiple pseudo-plaintext subsequences into ciphertext space;
图10所示为明文流序列的拉链式动态散列示意图;Figure 10 shows a schematic diagram of zipper-type dynamic hashing of a plaintext stream sequence;
图11所示为密文流序列的解密方法流程图;Figure 11 shows a flow chart of a decryption method for a ciphertext stream sequence;
图12所示为密文流序列逆向散列为两路以存入明文空间的示意图;Figure 12 shows a schematic diagram of the reverse hashing of the ciphertext stream sequence into two paths for storage in the plaintext space;
图13所示为伪明文序列的位变换过程示意图;Figure 13 is a schematic diagram of the bit transformation process of the pseudo-plaintext sequence;
图14所示为本申请所公开的、基于拉链式动态散列和NLFSR的加密解密的模块结构图。Fig. 14 shows a block diagram of the encryption and decryption module based on zipper dynamic hashing and NLFSR disclosed in this application.
具体实施方式detailed description
以下将结合实施例和附图对本申请的构思、具体结构及产生的技术效果进行清楚、完整的描述,以充分地理解本申请的目的、方案和效果。需要说明的是,在不冲突的情况下,本申请中的实施例及实施例中的特征可以相互组合。The following is a clear and complete description of the concept, specific structure, and technical effects of the application in conjunction with the embodiments and drawings, so as to fully understand the purpose, solution, and effects of the application. It should be noted that the embodiments in this application and the features in the embodiments can be combined with each other if there is no conflict.
需要说明的是,如无特殊说明,当某一特征被称为“固定”、“连接”在另一个特征,它可以直接固定、连接在另一个特征上,也可以间接地固定、连接在另一个特征上。此外,本申请中所使用的上、下、左、右等描述仅仅是相对于附图中本申请各组成部分的相互位置关系来说的。在本申请和所附权利要求书中所使用的单数形式的“一种”、“该”和“所述”也旨在包括多数形式,除非上下文清楚地表示其他含义。It should be noted that, unless otherwise specified, when a feature is called "fixed" or "connected" to another feature, it can be directly fixed and connected to another feature, or indirectly fixed or connected to another feature. One feature. In addition, the top, bottom, left, right and other descriptions used in this application are only relative to the mutual positional relationship of the various components of this application in the drawings. The singular forms "a", "the" and "said" used in this application and the appended claims are also intended to include plural forms, unless the context clearly indicates other meanings.
此外,除非另有定义,本文所使用的所有的技术和科学术语与本技术领域的技术人员通常理解的含义相同。本文说明书中所使用的术语只是为了描述具体的实施例,而不是为了限制本申请。本文所使用的术语“和/或”包括一个或多个相关的所列项目的任意的组合。In addition, unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art. The terminology used in this specification is only for describing specific embodiments, not for limiting the application. The term "and/or" as used herein includes any combination of one or more related listed items.
应当理解,尽管在本申请中可能采用术语第一、第二、第三等来描述各种元件,但这些元件不应限于这些术语。这些术语仅用来将同一类型的元件彼此区分开。例如,在不脱离本申请范围的情况下,第一元件也可以被称为第二元件,类似地,第二元件也可以被称为第一元件。取决于语境,如在此所使用的词语“如果”可以被解释成为“在……时”或“当……时”。It should be understood that although the terms first, second, third, etc. may be used in this application to describe various elements, these elements should not be limited to these terms. These terms are only used to distinguish elements of the same type from each other. For example, without departing from the scope of the present application, the first element may also be referred to as the second element, and similarly, the second element may also be referred to as the first element. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when".
此外,为方便讨论,本申请所提及加密解密方法及装置涉及到五元组(M,C,K,E,D)。在该五元组中,M为明文码元集合,C为密码码元集合,K为参照字节码元集合(也可称为密钥集合),E为加密算法集合,D为解密算法集合。这些集合具有如下特性:In addition, for the convenience of discussion, the encryption and decryption methods and devices mentioned in this application involve five-tuples (M, C, K, E, D). In the five-tuple, M is a set of plaintext symbols, C is a set of cryptographic symbols, K is a set of reference byte symbols (also called a key set), E is a set of encryption algorithms, and D is a set of decryption algorithms . These collections have the following characteristics:
1.M={M 0,M 1,…,M len(M)-1}={m 0,m 1,…,m 8len(M)-2,m 8×len(M)-1}。其中,len(M)为明文序列的字节数。8×len(M)为明文序列的二进制位数。M i(i∈[0,len(M)-1])为明文序列的一个字节(byte)。m j∈{0,1},j∈[0,8×len(M)-1]为明文序列的一个二进制位(bit)。 1. M={M 0 ,M 1 ,...,M len(M)-1 }={m 0 ,m 1 ,...,m 8len(M)-2 ,m 8×len(M)-1 }. Among them, len(M) is the number of bytes in the plaintext sequence. 8×len(M) is the binary number of the plaintext sequence. M i (i∈[0,len(M)-1]) is a byte of the plaintext sequence. m j ∈{0,1}, j∈[0,8×len(M)-1] is a binary bit of the plaintext sequence.
2.K={K 0,K 1,…,K len(K)-1}={key 0,key 1,…,key 8len(K)-2,key 8×len(K)-1}。其中,len(K)为密钥流序列的字节数。8×len(K)为密钥流序列的二进制位数。K i(i∈[0,len(K)-1])为密钥流序列的一个字节(byte)。key j∈{0,1},j∈[0,8×len(K)-1]为密钥流序列的一个二进制位(bit)。 2. K={K 0 ,K 1 ,...,K len(K)-1 }={key 0 ,key 1 ,...,key 8len(K)-2 ,key 8×len(K)-1 }. Among them, len(K) is the number of bytes in the key stream sequence. 8×len(K) is the binary number of the key stream sequence. K i (i∈[0,len(K)-1]) is a byte of the key stream sequence. key j ∈{0,1}, j∈[0,8×len(K)-1] is a binary bit of the key stream sequence.
3.C={C 0,C 1,…,C len(C)-1}={c 0,c 1,…,c 8len(C)-2,c 8×len(C)-1}。其中,len(C)为密文流序列的字节数。len(C)=len(M),即明文序列的长度与密文流序列的长度相等。8×len(C)为密文流序列的二进制位数。C i(i∈[0,len(C)-1])为密文流序列的一个字节(byte);c j∈{0,1},j∈[0,8×len(C)-1]为密文流序列的一个二进制位(bit)。 3. C={C 0 ,C 1 ,...,C len(C)-1 }={c 0 ,c 1 ,...,c 8len(C)-2 ,c 8×len(C)-1 }. Among them, len(C) is the number of bytes in the ciphertext stream sequence. len(C)=len(M), that is, the length of the plaintext sequence is equal to the length of the ciphertext stream sequence. 8×len(C) is the binary number of the ciphertext stream sequence. C i (i∈[0,len(C)-1]) is a byte of the ciphertext stream sequence; c j ∈{0,1}, j∈[0,8×len(C)- 1] is a binary bit (bit) of the ciphertext stream sequence.
4.M,K和C集合内的信息是由二进制码元{0,1}组成的字节符集。其中,码元{1}在各集合中的数量分别记作sum(M),sum(K)和sum(C),且其中sum(M)未必等于sum(C)。4. The information in the M, K, and C sets is a byte symbol set composed of binary symbols {0, 1}. Among them, the number of symbol {1} in each set is denoted as sum(M), sum(K) and sum(C), and sum(M) is not necessarily equal to sum(C).
5.加密算法集合E的元素为用于加密运算的拉链式散列与位变换规则集合。5. The elements of the encryption algorithm set E are a set of zipper hashing and bit transformation rules for encryption operations.
6.解密算法集合D的元素为用于解密运算的拉链式散列与位变换规则集合,其中集合E中的规则应在集合D中存在唯一的规则与之对应,并且加密规则与解密规则是互逆的。6. The element of the decryption algorithm set D is a set of zipper hash and bit transformation rules used for decryption operations, where the rules in set E should correspond to unique rules in set D, and the encryption rules and decryption rules are Reciprocal.
传统流密码方法的一个明显缺陷是加解密方法单一,流密码体制的安全强度完全取决于密钥流的安全性,现在已经出现了诸多对密钥流生成器的攻击技术。另一个缺陷是对于较短的密钥流,单纯依靠异或运算并不能得到随机性和码分布均匀性较好的密文。An obvious shortcoming of the traditional stream cipher method is that the encryption and decryption method is single, and the security strength of the stream cipher system depends entirely on the security of the key stream. There have been many attacks on the key stream generator. Another drawback is that for a short key stream, relying solely on the exclusive OR operation cannot obtain a ciphertext with better randomness and uniform code distribution.
本方法与传统流密码加解密技术的不同点在于不依赖于明文与密钥的异或运算,而是明文在二进制位上的一种依赖于密钥流的“拉链式”散列与位变换规则,这就克服了传统的流密码加解密方法单一,且流密码体制的安全强度完全取决于密钥流的安全性的缺陷,现有的对流密码的攻击技术将不适用于本方法。另外,位变换布尔函数结合非线性反馈函数能够提高密钥流的周期与随机性。具体地,参照图1所示的方法流程图及图2所示的应用场景示意图,本申请所公开的基于拉链式动态散列和NLFSR的加密解密方法包括以下步骤:The difference between this method and the traditional stream cipher encryption and decryption technology is that it does not rely on the exclusive OR operation of the plaintext and the key, but a kind of "zipper-style" hash and bit transformation of the plaintext on the binary bits that depends on the key stream. Rules, this overcomes the traditional stream cipher encryption and decryption method is single, and the security strength of the stream cipher system completely depends on the security of the key stream, the existing attack technology on the stream cipher will not be suitable for this method. In addition, bit transformation Boolean function combined with nonlinear feedback function can improve the period and randomness of the key stream. Specifically, referring to the method flowchart shown in FIG. 1 and the application scenario schematic diagram shown in FIG. 2, the encryption and decryption method based on zipper dynamic hashing and NLFSR disclosed in this application includes the following steps:
S100)利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;S100) Preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence;
S200)按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;S200) Changing the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence;
S300)按照密钥流序列将伪明文序列划分为多路伪明文子序列;S300) Divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
S400)按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。S400) According to the hash mapping rule that depends on the key stream sequence, calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence, and hash the pseudo-plaintext subsequences divided into multiple paths into the ciphertext space To form a sequence of ciphertext streams.
上述加密方法主要基于以下原理:The above encryption method is mainly based on the following principles:
1、密钥流生成器基于非线性反馈移位寄存器和位变换布尔函数构造,其中非线性反馈移位寄存器作为一种安全性较高的伪随机序列生成器能够有效抵抗相关攻击和代数攻击,位变换布尔函数的引入用于改变密钥流的位值,从而得到周期更长随机性更好的密钥;另外,非线性反馈移位寄存器的复杂性较高,目前为止还没有普遍适用的针对它的代数攻击手段;1. The key stream generator is constructed based on a nonlinear feedback shift register and a bit-transformed Boolean function. As a pseudo-random sequence generator with high security, the nonlinear feedback shift register can effectively resist related attacks and algebraic attacks. The introduction of the bit transformation Boolean function is used to change the bit value of the key stream, thereby obtaining a longer cycle and better random key; in addition, the complexity of the nonlinear feedback shift register is high, so far there is no universally applicable Means of algebraic attacks against it;
2、非线性反馈移位寄存器的输出序列是周期性的,对于长度为n的种子密钥,输出序列的周期最长能达到2 n-1,我们引入位变换布尔函数改变密钥流的位值,从而得到周期更长随机性更好的密钥流,因此,本方法并不要求设计最优的非线性反馈移位寄存器,而达到较好的平均性能。 2. The output sequence of the non-linear feedback shift register is periodic. For a seed key of length n, the period of the output sequence can be as long as 2 n -1. We introduce a bit transformation Boolean function to change the bit of the key stream. Therefore, this method does not require the design of an optimal nonlinear feedback shift register to achieve a better average performance.
3、按照依赖于密钥流的位运算规则改变明文的位值;在已经得到的经过位变换的明文流的基础上,按照依赖于密钥流的拉链式散列映射规则,将其映射在密文空间中从而得到密文;拉链式动态散列采用n路归并的思想,随机归并满足条件的二进制位,从而扰乱经过位变换后的明文流的二进制码的排列顺序,散列映射规则的设计方法灵活多样,不同于以往流密码方法基于单一的异或运算;3. Change the bit value of the plaintext according to the bit operation rules that depend on the key stream; on the basis of the bit-transformed plaintext stream that has been obtained, map it to the zipper-type hash mapping rule that depends on the key stream. The ciphertext is obtained in the ciphertext space; zipper-type dynamic hashing adopts the idea of n-way merging, randomly merging the binary bits that meet the conditions, thereby disturbing the sequence of the binary code of the plaintext stream after bit conversion, and the hash mapping rules are The design method is flexible and diverse, which is different from the previous stream cipher method based on a single XOR operation;
4、使用本项技术得到的密文与明文之间没有特定的对应关系。明文字符与密文字符间存在最复杂的网状关系(多对多的关系),这将有效地提高破译密文的难度。本加密方法打破了传统加密方法中明文与密文存在一对一,一对多的对照关系,而是无序加密;4. There is no specific correspondence between ciphertext and plaintext obtained by using this technology. There is the most complex network relationship (many-to-many relationship) between plaintext characters and ciphertext characters, which will effectively increase the difficulty of deciphering the ciphertext. This encryption method breaks the one-to-one and one-to-many relationship between plaintext and ciphertext in the traditional encryption method, but is disordered encryption;
5、本方法还可以采用多密钥加密,初始密文作为参数进行多次加密得到最终的密文,进一步提高信息的安全性,以更好的满足日益高涨的信息加密需求。另外密钥可放在不同人手中,保证明文更加的安全。5. This method can also use multi-key encryption, and the initial ciphertext is used as a parameter to perform multiple encryptions to obtain the final ciphertext, which further improves the security of information and better meets the ever-increasing demand for information encryption. In addition, the key can be placed in the hands of different people to ensure that the plaintext is more secure.
因此,正如前面所讨论,本方法中不存在明文集合M和密文集合C之间的字节上的对应关系。要想破解使用本方法加密的文件,必须满足的四个充分必要条件是:Therefore, as discussed above, there is no byte correspondence between the plaintext set M and the ciphertext set C in this method. To crack a file encrypted using this method, the four necessary and sufficient conditions that must be met are:
(1)已知由非线性反馈移位寄存器和位变换布尔函数产生的密钥;(1) The secret key generated by the nonlinear feedback shift register and the bit transformation Boolean function is known;
(2)已知用于解密的位变换规则;(2) Known bit transformation rules for decryption;
(3)已知用于解密的拉链式动态散列规则;(3) Known zipper-type dynamic hashing rules for decryption;
(4)已知密文文件。(4) Known ciphertext files.
而同时获得上述四个条件是很难的,实验结果证明我们的方法简单易行且具有很高的安全性。It is difficult to obtain the above four conditions at the same time. The experimental results prove that our method is simple and easy to implement and has high security.
参照图2所示的意图,首先,种子密钥经过由非线性反馈移位寄存器和位变换布尔函数预处理后得到的输出序列作为密钥流。然后,按照依赖于密钥流序列的位变换规则改变明文的位值。在已经得到的经过位变换的明文流的基础上,按照依赖于密钥流的拉链式散列映射规则,计算每个明文二进制位的散列地址,将其按照散列地址映射到密文空间中,从而得到密文流序列。还可以尝试以初始密文流序列C为参数进行多次分组散列,得到多次加密后的密文流序列C n,进一步提高信息的随机性和不可预测性。应用本加解密系统若仅依靠散列规则加密,在传输特殊信号,如:全0值或全1值时容易被破译,对明文序列的位变换规则的引入可以避免这种情况的发生。使用该方法,不但能得到离散分布的密文流序列,而且散列函数和位变换布尔函数的使用使得密文流序列的码均匀度远远高于明文序列的码均匀度。 Referring to the intention shown in Figure 2, first, the output sequence obtained by preprocessing the seed key by the nonlinear feedback shift register and the bit transformation Boolean function is used as the key stream. Then, the bit value of the plaintext is changed according to the bit conversion rule that depends on the key stream sequence. On the basis of the bit-transformed plaintext stream that has been obtained, according to the zipper-type hash mapping rule that depends on the key stream, calculate the hash address of each plaintext binary bit, and map it to the ciphertext space according to the hash address In, so as to get the ciphertext stream sequence. It is also possible to try to perform multiple grouping hashes with the initial ciphertext stream sequence C as a parameter to obtain the ciphertext stream sequence C n after multiple encryptions, which further improves the randomness and unpredictability of the information. If the encryption and decryption system only relies on hash rules for encryption, it is easy to decipher when transmitting special signals, such as all 0 values or all 1 values. The introduction of bit transformation rules for plaintext sequences can prevent this from happening. Using this method, not only can the discretely distributed ciphertext stream sequence be obtained, but the use of hash function and bit transformation Boolean function makes the code uniformity of the ciphertext stream sequence much higher than that of the plaintext sequence.
在本申请的上述一个或多个实施例中,参照图3所示的子方法流程图,所述步骤S100还包括以下子步骤:In the foregoing one or more embodiments of the present application, referring to the sub-method flowchart shown in FIG. 3, the step S100 further includes the following sub-steps:
S101)输入种子密钥到非线性反馈函数以生成第一输出序列;S101) Input the seed key to the nonlinear feedback function to generate the first output sequence;
S102)循环第一输出序列以填充形成为密钥流序列空间的第二输出序列;S102) Loop the first output sequence to fill the second output sequence formed into the key stream sequence space;
S103)输入第二输出序列到位变换布尔函数以形成密钥流序列。S103) Input the second output sequence to transform the Boolean function in place to form a key stream sequence.
虽然非线性反馈移位寄存器(NLFSR)与线性反馈移位寄存器(LFSR)都是基于门电路的(从代数表达式角度来看,异或门表示为二进制加法,而与门表示为二进制乘法);但是,NLFSR与LFSR的差别在于NLFSR的反馈逻辑是由异或门和与门构成的,而LFSR的反馈逻辑仅由异或门构成。这就导致非线性反馈移位寄存器的复杂性更高,到目前还没有针对非线性反馈移位寄存器的普遍适用的代数攻击手段。此外,非线性反馈移位寄存器的输出序列是周期性的,对于长度为n的种子密钥,输出序列的周期最长能达到2 n-1。上述方法通过引入位变换布尔函数改变密钥流的位值,从而得到周期更长随机性更好的密钥流。因此,上述方法并不需要设计最优的非线性反馈移位寄存器,而达到较好的平均性能。 Although the nonlinear feedback shift register (NLFSR) and linear feedback shift register (LFSR) are based on gate circuits (from the perspective of algebraic expression, the exclusive OR gate is represented as binary addition, and the AND gate is represented as binary multiplication) ; However, the difference between NLFSR and LFSR is that the feedback logic of NLFSR is composed of XOR gates and AND gates, while the feedback logic of LFSR is only composed of XOR gates. This leads to higher complexity of the nonlinear feedback shift register, and there is no universally applicable algebraic attack method for the nonlinear feedback shift register. In addition, the output sequence of the nonlinear feedback shift register is periodic. For a seed key of length n, the period of the output sequence can be as long as 2 n -1. The above method changes the bit value of the key stream by introducing a bit transformation Boolean function, thereby obtaining a key stream with longer period and better randomness. Therefore, the above method does not need to design an optimal nonlinear feedback shift register, and achieves better average performance.
具体地,参照图4所示的示意图,假设文件均采用扩展的ASCII码(IBM扩展字符集)作为编码方式,种子密钥Seed_Key={1000} 2经过非线性反馈函数F 1(x 0,x 1,x 2,x 3)生成第一输出序列S,第一输出序列S循环填充到密钥流流序列得到第二输出序列S’,第二输出序列S’经位变换布尔函数F 2(j)处理后(该位变换布尔函数所对应的4阶非线性反馈寄存器如图5所示,其中
Figure PCTCN2019083404-appb-000001
表示异或运算,而“·”表示乘法运算种子),得到密钥流序列K。对明文序列M参照密钥流序列K进行位变换得到M’,再对变换后的明文序列M’按照密钥流序列K进行拉链式动态散列,最终求得密文流序列C。 Specifically, referring to the schematic diagram shown in FIG. 4, assuming that the files all use the extended ASCII code (IBM extended character set) as the encoding method, the seed key Seed_Key={1000} 2 goes through the nonlinear feedback function F 1 (x 0 ,x 1 , x 2 , x 3 ) generate the first output sequence S, the first output sequence S is cyclically filled into the key stream sequence to obtain the second output sequence S', and the second output sequence S'is bit transformed by the Boolean function F 2 ( j) After processing (the 4th-order nonlinear feedback register corresponding to the bit transformation Boolean function is shown in Figure 5, where
Figure PCTCN2019083404-appb-000001
Represents the exclusive OR operation, and "·" represents the seed of the multiplication operation), the key stream sequence K is obtained. Perform bit transformation on the plaintext sequence M with reference to the key stream sequence K to obtain M', and then perform zipper dynamic hashing on the transformed plaintext sequence M'according to the key stream sequence K, and finally obtain the ciphertext stream sequence C.
Seed_Key={1000} 2 Seed_Key={1000} 2
Figure PCTCN2019083404-appb-000002
Figure PCTCN2019083404-appb-000002
F 2(j)=((C 1+X 1×j)MOD Y 1==Z 1||(C 2+X 2×j)MOD Y 2==Z 2) F 2 (j)=((C 1 +X 1 ×j)MOD Y 1 ==Z 1 ||(C 2 +X 2 ×j)MOD Y 2 ==Z 2 )
S={101111010011000}S={101111010011000}
Figure PCTCN2019083404-appb-000003
Figure PCTCN2019083404-appb-000003
Figure PCTCN2019083404-appb-000004
Figure PCTCN2019083404-appb-000004
M="aaaa"={0X61,0X61,0X61,0X61} 16={01100001,01100001,01100001,01100001} 2M="aaaa"={0X61,0X61,0X61,0X61} 16 = {01100001,01100001,01100001,01100001} 2 .
Figure PCTCN2019083404-appb-000005
Figure PCTCN2019083404-appb-000005
Figure PCTCN2019083404-appb-000006
Figure PCTCN2019083404-appb-000006
参照图6所示的密钥流序列示意图、图7所示为明文流序列的位变换过程示意图以及图8所示的形成密文流序列的子方法流程图,种子密钥经F 1函数处理后得到第一输出序列S。S={101111010011000} 2是非线性反馈函数F 1的第一输出序列,其周期长度为2 4-1=15。
Figure PCTCN2019083404-appb-000007
是第一输出序列S循环填充到密钥流序列空间的中间结果,即第二输出序列S’,S’的扩展ASCII码(十六进制)为{0XBD,0X31,0X7A,0X62} 16,将其转换为二进制得到{10111101,00110001,01111010,01100010} 2。循环填充的起始位置可以选择第一输出序列S中的任意合法位置,在本例中循环填充的起始位置设为第一输出序列S的第一项。F 2(j)是布尔函数,本例中F 2(j)=((C 1+X 1×j)MOD Y 1==Z 1||(C 2+X 2×j)MOD Y 2==Z 2),其中“MOD”表示求余运算,“==”表示判断相等运算,“||”表示逻辑或运算。j称为“位序”,是密钥流二进制位的编号,在本例中从0开始。C 1、X 1、Y 1、Z 1、C 2、X 2、Y 2、Z 2为事先确定的整数,在本例中的取值为0,1,4,0,0,1,7,0。
Figure PCTCN2019083404-appb-000008
表示密钥流序列,是第二输出序列S’经F 2函数处理后得到输出序列。其扩展ASCII码(十六进制)为{0X34,0XBB,0XF6,0XEA} 16,将其转换为二进制得到{00110100,10111011,11110110,11101010} 2,如图6所示。M="aaaa"表示明文序列,为加密输入序列。{0X61,0X61,0X61,0X61} 16是明文序列“aaaa”的扩展ASCII码(十六进制),将其转换为二进制得到{01100001,01100001,01100001,01100001} 2,如图7所示。
Figure PCTCN2019083404-appb-000009
表示明文的部分二进制位根据密钥流序列的特定位(“假”值二进制位)按位取反后产生的伪明文序列。{0XAA,0X25,0X68,0X74} 16是伪明文序列M’的扩展ASCII码(十六进制),将其转换为二进制得到{10101010,00100101,01101000,01110100} 2,如图7所示。
Figure PCTCN2019083404-appb-000010
Figure PCTCN2019083404-appb-000011
表示密文流序列,为加密输出序列。{0X94,0XD0,0XDB,0X0C} 16是密文流序列
Figure PCTCN2019083404-appb-000012
的扩展ASCII码(十六进制),将其转换为二进制得到{10010100,11010000,11011011,00001100} 2,如图10所示。 Referring to the schematic diagram of the key stream sequence shown in Figure 6, the schematic diagram of the bit transformation process of the plaintext stream sequence shown in Figure 7 and the flowchart of the sub-method forming the ciphertext stream sequence shown in Figure 8, the seed key is processed by the F 1 function Then get the first output sequence S. S={101111010011000} 2 is the first output sequence of the nonlinear feedback function F 1 , and its period length is 2 4 -1=15.
Figure PCTCN2019083404-appb-000007
Is the intermediate result of the first output sequence S cyclically filling the key stream sequence space, that is, the extended ASCII code (hexadecimal) of the second output sequence S', S'is {0XBD,0X31,0X7A,0X62} 16 , Convert it to binary to get {10111101,00110001,01111010,01100010} 2 . The starting position of the cyclic filling can be any legal position in the first output sequence S. In this example, the starting position of the cyclic filling is set as the first item of the first output sequence S. F 2 (j) is a Boolean function, in this example F 2 (j)=((C 1 +X 1 ×j)MOD Y 1 ==Z 1 ||(C 2 +X 2 ×j)MOD Y 2 = =Z 2 ), where "MOD" means remainder operation, "==" means judgment equal operation, and "||" means logical OR operation. j is called the "bit order", which is the number of the binary bits of the key stream, starting from 0 in this example. C 1 , X 1 , Y 1 , Z 1 , C 2 , X 2 , Y 2 , Z 2 are predetermined integers, in this example the value is 0,1,4,0,0,1,7 , 0.
Figure PCTCN2019083404-appb-000008
Represents the key stream sequence, which is the second output sequence S'processed by the F 2 function to obtain the output sequence. Its extended ASCII code (hexadecimal) is {0X34,0XBB,0XF6,0XEA} 16 , convert it to binary to get {00110100,10111011,11110110,11101010} 2 , as shown in Figure 6. M="aaaa" represents a plaintext sequence, which is an encrypted input sequence. {0X61,0X61,0X61,0X61} 16 is the extended ASCII code (hexadecimal) of the plaintext sequence "aaaa", convert it to binary to get {01100001,01100001,01100001,01100001} 2 , as shown in Figure 7.
Figure PCTCN2019083404-appb-000009
Represents the pseudo-plaintext sequence generated by bit-inverting part of the binary bits of the plaintext according to the specific bits of the key stream sequence ("false" value binary bits). {0XAA,0X25,0X68,0X74} 16 is the extended ASCII code (hexadecimal) of the pseudo-plaintext sequence M', which is converted to binary to obtain {10101010,00100101,01101000,01110100} 2 , as shown in Figure 7.
Figure PCTCN2019083404-appb-000010
Figure PCTCN2019083404-appb-000011
Represents the ciphertext stream sequence, which is the encrypted output sequence. {0X94,0XD0,0XDB,0X0C} 16 is the ciphertext stream sequence
Figure PCTCN2019083404-appb-000012
The extended ASCII code (hexadecimal) of, convert it to binary to get {10010100,11010000,11011011,00001100} 2 , as shown in Figure 10.
明文序列、密钥流序列和密文流序列均采用形如循环队列的逻辑结构,可在队列任意位置开始计算,现工作指针p1、p2指向明文二进制位M[0]、M[31],q1、q2指向密钥二进制位K[0]、K[31],road指向密文二进制位C[0]。本例中对明文应用的位变换规则为:根据密钥K的特定位按位取反,在本例中为“假”值二进制位。图7显示了按照密钥K的“假”位,对明文M的对应位取反得到伪明文序列M’。The plaintext sequence, key stream sequence, and ciphertext stream sequence all adopt a logical structure shaped like a circular queue, which can be calculated at any position in the queue. Now the working pointers p1 and p2 point to the plaintext binary bits M[0], M[31], q1 and q2 point to key binary bits K[0], K[31], and road points to ciphertext binary bit C[0]. In this example, the bit conversion rule applied to the plaintext is: according to the specific bit of the key K, the bit-wise inversion, in this example, the "false" value binary bit. Figure 7 shows that according to the "false" bit of the key K, the corresponding bit of the plaintext M is reversed to obtain the pseudo-plaintext sequence M'.
拉链式散列采用n路归并的思想。随机归并满足条件的二进制位,从而扰乱伪明文序列的二进制码的排列顺序。为方便讨论和展示,在本例中n=2,将伪明文序列M’按照密钥流序列K分为二路,同时双向循环扫描伪明文序列M’、密钥流序列K’,设置工作指针p1、p2,其初始值可以取循环队列的任意合法位置,指针p1寻找密钥流序列中的“真”值位,由M’[p1]构成road1;指针p2寻找密钥流序列中的“假”值位,由M’[p2]构成road2,如图9所示。密文空间C即为图9所示的road。将图7中road1和road2的二进制码按照拉链式动态散列方式映射到密文空间C,最终得到的密文流序列如图10所示。Zipper hashing uses the idea of n-way merging. Randomly merge the binary bits that meet the conditions, thereby disturbing the sequence of the binary code of the pseudo-plaintext sequence. For the convenience of discussion and display, in this example, n=2, the pseudo-plaintext sequence M'is divided into two paths according to the key stream sequence K, and the pseudo-plaintext sequence M'and the key stream sequence K'are scanned cyclically in both directions to set the work The pointers p1 and p2, whose initial value can take any legal position in the circular queue, the pointer p1 looks for the "true" value bit in the key stream sequence, and the road1 is formed by M'[p1]; the pointer p2 looks for the key stream sequence The "false" value bit is composed of M'[p2] road2, as shown in Figure 9. The ciphertext space C is the road shown in FIG. 9. The binary codes of road1 and road2 in Fig. 7 are mapped to the ciphertext space C according to the zipper-type dynamic hash method, and the finally obtained ciphertext stream sequence is shown in Fig. 10.
解密为加密过程的逆运算,通过扫描密钥流序列和密文流序列,计算每个密文流序列的二进制位所对应散列地址,并将密文流序列散列映射到明文存储空间中,以形成多路伪明文子序列;合并多路伪明文子序列,以形成伪明文序列;按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。参照图11所示的方法流程图,在本申请的上述一个或多个实施例中,还包括以下用于解密的步骤:Decryption is the inverse operation of the encryption process. By scanning the key stream sequence and the ciphertext stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext stream sequence, and map the ciphertext stream sequence hash to the plaintext storage space , To form multiple pseudo-plaintext subsequences; merge multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence; change the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a plaintext sequence. Referring to the method flowchart shown in FIG. 11, in one or more embodiments of the present application, the following steps for decryption are further included:
S500)获取密文流序列,并利用相同的所述非线性反馈函数和所述位变换布尔函数预处理预先约定的种子密钥,以形成密钥流序列;S500) Obtain a ciphertext stream sequence, and use the same non-linear feedback function and the bit transformation Boolean function to preprocess a predetermined seed key to form a key stream sequence;
S600)按照依赖于密钥流序列的逆散列映射规则,计算每个密文序列的二进制位所对应散列地址,并将密文序 列散列映射到明文存储空间中,以形成多路伪明文子序列;S600) According to the inverse hash mapping rule that depends on the key stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext sequence, and map the ciphertext sequence hash to the plaintext storage space to form a multi-path pseudo Plaintext subsequence;
S700)合并多路伪明文子序列,以形成伪明文序列;S700) Combine multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence;
S800)按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。S800) Changing the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
具体地,参照图12和图13所示的示意图,种子密钥Seed_Key,非线性反馈函数F 1(x 0,x 1,x 2,x 3),位变换布尔函数F 2(j),以及各项初始值与加密时相同,得到的密钥流也相同,如图6所示。
Figure PCTCN2019083404-appb-000013
表示密钥流,是序列S’经F 2函数处理后得到输出序列。其扩展ASCII码(十六进制)为{0X34,0XBB,0XF6,0XEA} 16,将其转换为二进制得到{00110100,10111011,11110110,11101010} 2,如图12所示。
Figure PCTCN2019083404-appb-000014
表示密文,为解密输入序列。{0X94,0XD0,0XDB,0X0C} 16是将密文
Figure PCTCN2019083404-appb-000015
的扩展ASCII码(十六进制),将其转换为二进制得到{10010100,11010000,11011011,00001100} 2,如图12所示。
Figure PCTCN2019083404-appb-000016
是密文C按照位置换规则得到的伪明文序列。{0XAA,0X25,0X68,0X74} 16是M’的扩展ASCII码(十六进制),将其转换为二进制得到{10101010,00100101,01101000,01110100} 2。M="aaaa"表示明文序列,为解密输出序列。{0X61,0X61,0X61,0X61} 16是明文“aaaa”的扩展ASCII码(十六进制),将其转换为二进制得到{01100001,01100001,01100001,01100001} 2。明文序列、密钥流序列和密文流序列均采用形如循环队列的逻辑结构,可在队列任意位置开始计算,现工作指针p1、p2指向明文序列二进制位M[0]、M[31],q1、q2指向密钥二进制位K[0]、K[31],road指向密文二进制位C[0]。拉链式散列采用n路归并的思想。为方便讨论,在本例中n=2,将密文流序列C按照密钥流序列K分为二路存入明文空间。单向扫描密文空间C,设置工作指针road,双向循环扫描伪明文序列M’、密钥流序列K’设置工作指针p1、p2,各指针的初始值与加密时相同,指针p1寻找密钥流序列中的真值位,C[road]存入M’[p1],移动road指针和p1指针;指针p2寻找密钥流序列中的假值位,C[road]存入M’[p2],移动road指针和p2指针,最终求得的伪明文序列M’如图12所示。本例中对伪明文序列M’应用的位变换规则为:根据密钥流序列K的特定位按位取反,在本例中为“假”值二进制位。图13显示了按照密钥K的“假”值位,对伪明文序列M’的对应位按位取反后求得明文序列M。 Specifically, referring to the schematic diagrams shown in FIGS. 12 and 13, the seed key Seed_Key, the non-linear feedback function F 1 (x 0 , x 1 , x 2 , x 3 ), the bit transformation Boolean function F 2 (j), and The initial values of each item are the same as those during encryption, and the resulting key stream is also the same, as shown in Figure 6.
Figure PCTCN2019083404-appb-000013
Represents the key stream, which is the output sequence obtained after the sequence S'is processed by the F 2 function. Its extended ASCII code (hexadecimal) is {0X34,0XBB,0XF6,0XEA} 16 , convert it to binary to get {00110100,10111011,11110110,11101010} 2 , as shown in Figure 12.
Figure PCTCN2019083404-appb-000014
Represents ciphertext, which is the decryption input sequence. {0X94,0XD0,0XDB,0X0C} 16 is the ciphertext
Figure PCTCN2019083404-appb-000015
The extended ASCII code (hexadecimal) of, convert it to binary to get {10010100,11010000,11011011,00001100} 2 , as shown in Figure 12.
Figure PCTCN2019083404-appb-000016
It is a pseudo-plaintext sequence obtained by ciphertext C according to the position swap rule. {0XAA,0X25,0X68,0X74} 16 is the extended ASCII code (hexadecimal) of M', convert it to binary to get {10101010,00100101,01101000,01110100} 2 . M="aaaa" represents the plaintext sequence, which is the decrypted output sequence. {0X61,0X61,0X61,0X61} 16 is the extended ASCII code (hexadecimal) of the plaintext "aaaa", convert it to binary to get {01100001,01100001,01100001,01100001} 2 . The plaintext sequence, the key stream sequence and the ciphertext stream sequence all adopt a logical structure like a circular queue, which can be calculated at any position in the queue. Now the working pointers p1 and p2 point to the plaintext sequence binary bits M[0], M[31] , Q1, q2 point to key binary bits K[0], K[31], road points to ciphertext binary bit C[0]. Zipper hashing uses the idea of n-way merging. To facilitate discussion, in this example n=2, the ciphertext stream sequence C is divided into two paths according to the key stream sequence K and stored in the plaintext space. One-way scanning of ciphertext space C, setting of working pointer road, two-way circular scanning of pseudo-plaintext sequence M', key stream sequence K', setting working pointers p1 and p2, the initial value of each pointer is the same as that of encryption, pointer p1 looks for the key For the truth bits in the stream sequence, C[road] is stored in M'[p1], and the road pointer and p1 pointer are moved; the pointer p2 looks for false value bits in the key stream sequence, and C[road] is stored in M'[p2 ], move the road pointer and the p2 pointer, and the final pseudo-plaintext sequence M'is shown in Figure 12. In this example, the bit transformation rule applied to the pseudo-plaintext sequence M'is: according to the specific bit of the key stream sequence K, the bit-wise inversion, in this example, it is a binary bit with a "false" value. Figure 13 shows that the plaintext sequence M is obtained by bit-inverting the corresponding bits of the pseudo-plaintext sequence M'according to the "false" value bits of the key K.
参照图14所示模块结构图及图2所示的应用场景示意图,本申请所公开的基于拉链式动态散列和NLFSR的加密解密方法包括以下模块:密钥流生成模块,用于利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;伪明文生成模块,用于按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;伪明文划分模块,用于按照密钥流序列将伪明文序列划分为多路伪明文子序列;密文流生成模块,用于按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。Referring to the module structure diagram shown in Figure 14 and the application scenario diagram shown in Figure 2, the encryption and decryption method based on zipper dynamic hashing and NLFSR disclosed in this application includes the following modules: a key stream generation module, which is used to use nonlinear The feedback function and the bit transformation Boolean function preprocess the seed key to form a key stream sequence; the pseudo-plaintext generation module is used to change the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence ; Pseudo-plaintext division module, used to divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence; ciphertext stream generation module, used to calculate each The binary bits of the pseudo-plaintext sequence correspond to a dynamic hash address, and the multiplexed pseudo-plaintext subsequences are hashed into the ciphertext space to form a ciphertext stream sequence.
基于上述加解密方法,加密和解密方法的算法实现方式具体如下:Based on the above encryption and decryption methods, the algorithm implementation of the encryption and decryption methods is as follows:
1加密系统的算法实施过程1 The algorithm implementation process of the encryption system
(1)读入的明文文件并设置种子密钥(1) Read the plaintext file and set the seed key
(2)建立字符指针(2) Establish character pointer
明文字符串数组动态指针:char*M;Dynamic pointer to plaintext string array: char*M;
密钥字符串数组动态指针:char*K;Dynamic pointer to key string array: char*K;
密文字符串数组动态指针:char*C;Dynamic pointer to ciphertext string array: char*C;
(3)打开明文文件M,统计明文文件M的字节数,并存放到M_bytes中(3) Open the plaintext file M, count the bytes of the plaintext file M, and store it in M_bytes
(4)分配存储空间(4) Allocate storage space
明文存储空间M=new char[M_bytes+1];Plaintext storage space M=new char[M_bytes+1];
密钥存储空间K=new char[M_bytes+1];Key storage space K=new char[M_bytes+1];
密文存储空间C=new char[M_bytes+1];Ciphertext storage space C=new char[M_bytes+1];
(5)将明文文件的内容,读入到指针M所指存储空间(5) Read the content of the plaintext file into the storage space pointed by pointer M
(6)实现向字符串的第n个二进制位写0的功能(6) Realize the function of writing 0 to the nth binary bit of the string
建立函数:void write_bit_0(char*p_str,int n)Create function: void write_bit_0(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:将p_str所指的字符串第n位(bit)写入0Function: Write 0 to the nth bit (bit) of the string pointed to by p_str
函数返回值:空Function return value: empty
(7)实现向字符串的第n个二进制位写1的功能(7) Realize the function of writing 1 to the nth binary bit of the string
建立函数:void write_bit_1(char*p_str,int n)Create function: void write_bit_1(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:将p_str所指的字符串第n位(bit)写入1Function: Write the nth bit (bit) of the string pointed to by p_str into 1
函数返回值:空Function return value: empty
(8)实现读取字符串的第n个二进制位功能(8) Realize the function of reading the nth binary bit of the string
建立函数:int read_bit(char*p_str,int n)Establishment function: int read_bit(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:查找并返回p所指的字符串中第n位(bit)的值0或1Function: Find and return the value of the nth bit (bit) in the string pointed to by p, 0 or 1
函数返回值:返回p所指的字符串第n位(bit)的值0或1Function return value: return the value 0 or 1 of the nth bit of the string pointed to by p
(9)计算种子密钥经过非线性反馈函数的第一输出序列(9) Calculate the first output sequence of the seed key through the nonlinear feedback function
建立函数:void get_NLFSR_sequence(string str,int a,int b,int c,int d)Create function: void get_NLFSR_sequence(string str, int a, int b, int c, int d)
函数参数:str为种子密钥,a、b、c、d为非线性反馈函数F 1(x 0,x 1,…,x n-1)=x 0⊕x a⊕x b⊕x c·x d的系数 Function parameters: str is the seed key, a, b, c, d are the non-linear feedback function F 1 (x 0 ,x 1 ,...,x n-1 )=x 0 ⊕x a ⊕x b ⊕x c · coefficient of x d
函数功能:计算种子密钥经过非线性反馈函数的第一输出序列,并存储于字符串NlfsrSequence中Function: Calculate the first output sequence of the seed key through the nonlinear feedback function, and store it in the string NlfsrSequence
函数返回值:无Function return value: None
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000017
Figure PCTCN2019083404-appb-000017
(10)初始化密钥流K,循环第一输出序列以填充形成为密钥流序列空间的第二输出序列(10) Initialize the key stream K, loop the first output sequence to fill the second output sequence formed into the key stream sequence space
建立函数:void get_key_stream(string Seq)Create function: void get_key_stream(string Seq)
函数参数:Seq为种子密钥经过非线性反馈函数生成的第一输出序列字符串,由‘0’,‘1’两种字符构成;Function parameter: Seq is the first output sequence character string generated by the non-linear feedback function of the seed key, consisting of two characters: ‘0’ and ‘1’;
函数功能:将非线性反馈函数的输出序列Seq转换为字符串,采用循环填充的方式将其存于密钥空间KFunction function: Convert the output sequence Seq of the nonlinear feedback function into a character string, and store it in the key space K in a circular filling method
数返回值:无Number return value: none
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000018
Figure PCTCN2019083404-appb-000018
(11)同时对第二输出序列明文流进行位变换,求得密钥流序列和伪明文序列(11) Simultaneously perform bit transformation on the plaintext stream of the second output sequence to obtain the key stream sequence and the pseudo-plaintext sequence
建立函数void en_bit_transfor()Create function void en_bit_transfor()
函数参数:无Function parameters: none
函数功能:同时完成对第二输出序列和明文流M的位变换,得到密钥流K和伪明文流M’。Function: simultaneously complete the bit transformation of the second output sequence and the plaintext stream M to obtain the key stream K and the pseudo-plaintext stream M'.
密钥流的位变换布尔函数为:F 2(j)=((C 1+X 1×j)MOD Y 1==Z 1||(C 2+X 2×j)MOD Y 2==Z 2)。明文的位变换规则为:根据密钥流K的假值位,对明文的对应二进制位取反 The bit transformation Boolean function of the key stream is: F 2 (j)=((C 1 +X 1 ×j)MOD Y 1 ==Z 1 ||(C 2 +X 2 ×j)MOD Y 2 ==Z 2 ). The bit conversion rule of the plaintext is: according to the false value bit of the key stream K, the corresponding binary bit of the plaintext is inverted
函数返回值:无Function return value: None
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000019
Figure PCTCN2019083404-appb-000019
(12)一趟遍历伪明文和密钥流,将伪明文按照拉链式动态散列规则映射到密文空间(12) Traverse the pseudo-plaintext and the key stream in one pass, and map the pseudo-plaintext to the ciphertext space according to the zipper-type dynamic hash rule
建立函数:void en_zipper_hash(int road1,int road1)Create function: void en_zipper_hash(int road1,int road1)
函数参数:road1和road1是工作指针的初值,也是开始拆分明文为2路的起始位置Function parameters: road1 and road1 are the initial values of the working pointers, which are also the starting positions for splitting the plaintext into 2-way
函数功能:按照密钥流K将伪明文M’分为两路,然后将两路伪明文归并到密文空间C,从而得到密文Function: Divide the pseudo-plaintext M’ into two paths according to the key stream K, then merge the two-path pseudo-plaintext into the ciphertext space C to obtain the ciphertext
函数返回值:无Function return value: None
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000020
Figure PCTCN2019083404-appb-000020
Figure PCTCN2019083404-appb-000021
Figure PCTCN2019083404-appb-000021
(13)完成加密,将密文数组C的内容写入密文文件并保存(13) Complete the encryption, write the contents of the ciphertext array C into the ciphertext file and save
2解密系统的算法实施过程2 The algorithm implementation process of the decryption system
(1)读入密文文件和初始密钥文件(1) Read in the ciphertext file and the initial key file
(2)建立字符指针(2) Establish character pointer
明文字符串数组动态指针:char*M_decrypt;Dynamic pointer to plaintext string array: char*M_decrypt;
密钥字符串数组动态指针:char*K;Dynamic pointer to key string array: char*K;
密文字符串数组动态指针:char*C;Dynamic pointer to ciphertext string array: char*C;
(3)打开密文文件C,统计密文文件C的字节数,并存放到C_bytes中(3) Open the ciphertext file C, count the bytes of the ciphertext file C, and store it in C_bytes
(4)分配存储空间(4) Allocate storage space
解密的明文存储空间M_decrypt=new char[C_bytes+1];Decrypted plaintext storage space M_decrypt=new char[C_bytes+1];
密钥存储空间K=new char[C_bytes+1];Key storage space K=new char[C_bytes+1];
密文存储空间C=new char[C_bytes+1];The ciphertext storage space C=new char[C_bytes+1];
(5)将密文文件的内容,读入到指针C所指存储空间(5) Read the content of the ciphertext file into the storage space pointed to by pointer C
(6)实现向字符串的第n个二进制位写0的功能(6) Realize the function of writing 0 to the nth binary bit of the string
建立函数:void write_bit_0(char*p_str,int n)Create function: void write_bit_0(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:将p_str所指的字符串第n位(bit)写入0Function: Write 0 to the nth bit (bit) of the string pointed to by p_str
函数返回值:空Function return value: empty
(7)实现向字符串的第n个二进制位写1的功能(7) Realize the function of writing 1 to the nth binary bit of the string
建立函数:void write_bit_1(char*p_str,int n)Create function: void write_bit_1(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:将p_str所指的字符串第n位(bit)写入1Function: Write the nth bit (bit) of the string pointed to by p_str into 1
函数返回值:空Function return value: empty
(8)实现读取字符串的第n个二进制位功能(8) Realize the function of reading the nth binary bit of the string
建立函数:int read_bit(char*p_str,int n)Establishment function: int read_bit(char*p_str,int n)
函数参数:p_str为指向字符串的指针,参数n表示下标为n的二进制位Function parameters: p_str is a pointer to a character string, and the parameter n represents a binary bit with a subscript of n
函数功能:查找并返回p所指的字符串中第n位(bit)的值0或1Function: Find and return the value of the nth bit (bit) in the string pointed to by p, 0 or 1
函数返回值:返回p所指的字符串第n位(bit)的值0或1Function return value: return the value 0 or 1 of the nth bit of the string pointed to by p
(9)计算种子密钥经过非线性反馈函数的第一输出序列(9) Calculate the first output sequence of the seed key through the nonlinear feedback function
建立函数:void get_NLFSR_sequence(string str,int a,int b,int c,int d)Create function: void get_NLFSR_sequence(string str, int a, int b, int c, int d)
函数参数:str为种子密钥,a、b、c、d为非线性反馈函数
Figure PCTCN2019083404-appb-000022
的系数; Function parameters: str is the seed key, a, b, c, d are non-linear feedback functions
Figure PCTCN2019083404-appb-000022
Coefficient of
函数功能:计算种子密钥经过非线性反馈函数的第一输出序列,并存储于字符串NlfsrSequence中Function: Calculate the first output sequence of the seed key through the nonlinear feedback function, and store it in the string NlfsrSequence
函数返回值:无。Function return value: None.
关键语句序列:同加密过程的void get_NLFSR_sequence(string str,int a,int b,int c,int d)函数,不再赘述Key sentence sequence: void get_NLFSR_sequence(string str, int a, int b, int c, int d) function of the same encryption process, no more details
(10)初始化密钥流K,循环第一输出序列以填充形成为密钥流序列空间的第二输出序列(10) Initialize the key stream K, loop the first output sequence to fill the second output sequence formed into the key stream sequence space
建立函数:void get_key_stream(string Seq)Create function: void get_key_stream(string Seq)
函数参数:Seq为种子密钥经过非线性反馈函数生成的第一输出序列字符串,由‘0’,‘1’两种字符构成;Function parameter: Seq is the first output sequence character string generated by the non-linear feedback function of the seed key, consisting of two characters: ‘0’ and ‘1’;
函数功能:将非线性反馈函数的输出序列Seq转换为字符串,采用循环填充的方式将其存于密钥空间K。Function function: Convert the output sequence Seq of the non-linear feedback function into a character string, and store it in the key space K by means of circular filling.
数返回值:无。Number return value: None.
关键语句序列:同加密过程的void get_key_stream(string Seq)函数,不再赘述Key sentence sequence: void get_key_stream(string Seq) function in the same encryption process, no more details
(11)一趟遍历密文和密钥流,将密文按照逆向拉链式动态散列映射到明文空间(11) Traverse the ciphertext and key stream in one pass, and map the ciphertext to the plaintext space according to the reverse zipper dynamic hash
建立函数:void de_zipper_hash(int road1,int road2)Create function: void de_zipper_hash(int road1,int road2)
函数参数:road1和road1是工作指针的初值,也是2路归并密文的起始位置Function parameters: road1 and road1 are the initial value of the working pointer, and also the starting position of the 2-way merged ciphertext
函数功能:按照密钥流K将密文C归并到明文空间M,从而得到伪明文序列M’Function function: merge the ciphertext C into the plaintext space M according to the key stream K, thereby obtaining the pseudo-plaintext sequence M’
函数返回值:无Function return value: None
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000023
Figure PCTCN2019083404-appb-000023
Figure PCTCN2019083404-appb-000024
Figure PCTCN2019083404-appb-000024
(12)对伪明文序列进行逆向位变换(12) Inverse bit transformation of pseudo-plaintext sequence
建立函数void de_bit_transfor()Create function void de_bit_transfor()
函数参数:无Function parameters: none
函数功能:完成伪明文序列M’的位变换,得到明文序列MFunction: complete the bit transformation of the pseudo-plaintext sequence M’ to obtain the plaintext sequence M
明文的位变换规则为:根据密钥流K的假值位,对明文的对应二进制位取反The bit conversion rule of the plaintext is: according to the false value bit of the key stream K, the corresponding binary bit of the plaintext is inverted
函数返回值:无Function return value: None
关键语句序列:Key sentence sequence:
Figure PCTCN2019083404-appb-000025
Figure PCTCN2019083404-appb-000025
(13)完成解密,明文数组M_decrypt的内容写入明文文件并保存(13) Decryption is completed, and the content of the plaintext array M_decrypt is written into the plaintext file and saved
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定 应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。A person of ordinary skill in the art may be aware that the units and algorithm steps of the examples described in combination with the embodiments disclosed herein can be implemented by electronic hardware or a combination of computer software and electronic hardware. Whether these functions are executed by hardware or software depends on the specific application and design constraints of the technical solution. Professionals and technicians can use different methods for each specific application to implement the described functions, but such implementation should not be considered as going beyond the scope of the present invention.
在本发明所提供的实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,所述模块或单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。In the embodiments provided by the present invention, it should be understood that the disclosed device and method may be implemented in other ways. For example, the system embodiment described above is merely illustrative. For example, the division of the modules or units is only a logical function division. In actual implementation, there may be other division methods, for example, multiple units or components may be Combined or can be integrated into another system, or some features can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, the functional units in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括是电载波信号和电信信号。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the present invention implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program. The computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments can be implemented. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (ROM, Read-Only Memory) , Random Access Memory (RAM, Random Access Memory), electrical carrier signal, telecommunications signal, and software distribution media, etc. It should be noted that the content contained in the computer-readable medium can be appropriately added or deleted in accordance with the requirements of the legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to the legislation and patent practice, the computer-readable medium Does not include electrical carrier signals and telecommunication signals.
以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。The above-mentioned embodiments are only used to illustrate the technical solutions of the present invention, not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that it can still implement the foregoing The technical solutions recorded in the examples are modified, or some of the technical features are equivalently replaced; these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention, and should be included in Within the protection scope of the present invention.

Claims (10)

  1. 一种基于拉链式动态散列和NLFSR的加密解密方法,其特征在于,包括以下步骤:An encryption and decryption method based on zipper dynamic hashing and NLFSR, which is characterized in that it includes the following steps:
    S100)利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;S100) Preprocessing the seed key using a non-linear feedback function and a bit transformation Boolean function to form a key stream sequence;
    S200)按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;S200) Changing the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence;
    S300)按照密钥流序列将伪明文序列划分为多路伪明文子序列;S300) Divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
    S400)按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。S400) According to the hash mapping rule that depends on the key stream sequence, calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence, and hash the pseudo-plaintext subsequences divided into multiple paths into the ciphertext space To form a sequence of ciphertext streams.
  2. 根据权利要求1所述的加密解密方法,其特征在于,还包括以下用于解密的步骤:The encryption and decryption method according to claim 1, characterized in that it further comprises the following steps for decryption:
    S500)获取密文流序列,并利用相同的所述非线性反馈函数和所述位变换布尔函数预处理预先约定的种子密钥,以形成密钥流序列;S500) Obtain a ciphertext stream sequence, and use the same non-linear feedback function and the bit transformation Boolean function to preprocess a predetermined seed key to form a key stream sequence;
    S600)按照依赖于密钥流序列的逆散列映射规则,计算每个密文序列的二进制位所对应散列地址,并将密文序列散列映射到明文存储空间中,以形成多路伪明文子序列;S600) According to the inverse hash mapping rule that depends on the key stream sequence, calculate the hash address corresponding to the binary bit of each ciphertext sequence, and map the ciphertext sequence hash to the plaintext storage space to form a multi-path pseudo Plaintext subsequence;
    S700)合并多路伪明文子序列,以形成伪明文序列;S700) Combine multiple pseudo-plaintext subsequences to form a pseudo-plaintext sequence;
    S800)按照基于密钥流序列的位变换布尔函数改变伪明文序列的位值,以形成明文序列。S800) Changing the bit value of the pseudo-plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form the plaintext sequence.
  3. 根据权利要求1或2所述的加密解密方法,其特征在于,所述步骤S100还包括以下子步骤:The encryption and decryption method according to claim 1 or 2, wherein the step S100 further comprises the following sub-steps:
    S101)输入种子密钥到非线性反馈函数以生成第一输出序列;S101) Input the seed key to the nonlinear feedback function to generate the first output sequence;
    S102)循环第一输出序列以填充形成为密钥流序列空间的第二输出序列;S102) Loop the first output sequence to fill the second output sequence formed into the key stream sequence space;
    S103)输入第二输出序列到位变换布尔函数以形成密钥流序列。S103) Input the second output sequence to transform the Boolean function in place to form a key stream sequence.
  4. 根据权利要求3所述的加密解密方法,其特征在于,在所述步骤S102中,循环填充的起始位置是第一输出序列中的任意合法位置。The encryption and decryption method according to claim 3, characterized in that, in the step S102, the starting position of the cyclic filling is any legal position in the first output sequence.
  5. 根据权利要求4所述的加密解密方法,其特征在于,所述步骤S300还包括以下的子步骤:The encryption and decryption method according to claim 4, wherein the step S300 further comprises the following sub-steps:
    S301)将伪明文序列按照密钥流序列的真值位和假值位分解为多路伪明文子序列;S301) The pseudo-plaintext sequence is decomposed into multiple pseudo-plaintext sub-sequences according to the true value bits and false value bits of the key stream sequence;
    S302)分别双向循环扫描所述多路伪明文子序列和密钥流序列,以将多路伪明文子序列拉链式动态散列到密文空间。S302) The multi-path pseudo-plaintext sub-sequence and the key stream sequence are respectively scanned bidirectionally to dynamically hash the multi-path pseudo-plaintext sub-sequence into the ciphertext space in a zippered manner.
  6. 根据权利要求1或2所述的加密解密方法,其特征在于,所述明文序列、所述密钥流序列和所述密文流序列都采用循环队列的数据结构,并且加密解密是从相应循环队列中的任意合法位置开始。The encryption and decryption method according to claim 1 or 2, wherein the plaintext sequence, the key stream sequence, and the ciphertext stream sequence all adopt the data structure of a circular queue, and the encryption and decryption is performed from the corresponding circular sequence. Start at any legal position in the queue.
  7. 根据权利要求1或2所述的加密解密方法,其特征在于,所述位变换布尔函数是根据密钥流序列的特定位按位取反函数。The encryption and decryption method according to claim 1 or 2, wherein the bit transformation Boolean function is a bitwise inverse function according to a specific bit of the key stream sequence.
  8. 根据权利要求1或2所述的加密解密方法,其特征在于,所述非线性反馈函数是代数阶数为4以上的反馈函数。The encryption and decryption method according to claim 1 or 2, wherein the nonlinear feedback function is a feedback function with an algebraic order of 4 or more.
  9. 一种基于拉链式动态散列和NLFSR的加密解密装置,其特征在于,包括以下模块:An encryption and decryption device based on zipper dynamic hashing and NLFSR, which is characterized in that it includes the following modules:
    第一密钥流生成模块,用于利用非线性反馈函数和位变换布尔函数预处理种子密钥,以形成密钥流序列;The first key stream generation module is used to preprocess the seed key using a nonlinear feedback function and a bit transformation Boolean function to form a key stream sequence;
    伪明文生成模块,用于按照基于密钥流序列的位变换布尔函数改变明文序列的位值,以形成伪明文序列;The pseudo-plaintext generation module is used to change the bit value of the plaintext sequence according to the bit transformation Boolean function based on the key stream sequence to form a pseudo-plaintext sequence;
    伪明文划分模块,用于按照密钥流序列将伪明文序列划分为多路伪明文子序列;The pseudo-plaintext division module is used to divide the pseudo-plaintext sequence into multiple pseudo-plaintext sub-sequences according to the key stream sequence;
    第一动态散列模块,用于按照依赖于密钥流序列的散列映射规则,计算每个伪明文序列的二进制位所对应动态散列地址,并将分为多路的伪明文子序列散列映射到密文空间中以形成密文流序列。The first dynamic hash module is used to calculate the dynamic hash address corresponding to the binary bit of each pseudo-plaintext sequence according to the hash mapping rules that depend on the key stream sequence, and hash the pseudo-plaintext sub-sequences divided into multiple paths The columns are mapped into the ciphertext space to form a ciphertext stream sequence.
  10. 一种计算机可读存储介质,其上存储有计算机指令,其特征在于该指令被处理器执行时实现如权利要求1至8中任一项所述的方法的步骤。A computer-readable storage medium with computer instructions stored thereon, characterized in that the instructions implement the steps of the method according to any one of claims 1 to 8 when the instructions are executed by a processor.
PCT/CN2019/083404 2019-02-19 2019-04-19 Encryption and decryption method and device employing zipper-type dynamic hashing and nlfsr techniques WO2020168627A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910121128.6 2019-02-19
CN201910121128.6A CN109981249B (en) 2019-02-19 2019-02-19 Encryption and decryption method and device based on zipper type dynamic hash and NLFSR

Publications (1)

Publication Number Publication Date
WO2020168627A1 true WO2020168627A1 (en) 2020-08-27

Family

ID=67077032

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/083404 WO2020168627A1 (en) 2019-02-19 2019-04-19 Encryption and decryption method and device employing zipper-type dynamic hashing and nlfsr techniques

Country Status (2)

Country Link
CN (1) CN109981249B (en)
WO (1) WO2020168627A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113271202B (en) * 2020-02-14 2022-05-31 中移(苏州)软件技术有限公司 Data encryption method and device
CN111258549B (en) * 2020-04-30 2020-08-11 江苏亨通问天量子信息研究院有限公司 Quantum random number post-processing device based on nonlinear feedback shift register
CN111669269B (en) * 2020-06-08 2023-08-15 晋商博创(北京)科技有限公司 BLK data encryption method, device and storage medium
CN112260828A (en) * 2020-10-19 2021-01-22 黑龙江大学 Light-weight key sequence generator based on chaotic system and FPGA
CN117315808B (en) * 2023-11-28 2024-02-13 成都博瑞科传科技有限公司 Portable water quality inspection instrument based on data integrity verification and acquisition method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1425987A (en) * 2001-12-10 2003-06-25 中国科学院软件研究所 Encrypting method for reinforcing disordered block cipher
CN1852088A (en) * 2005-10-13 2006-10-25 华为技术有限公司 Enciphering-deciphering method for flow medium transmission code flow and module
CN104486068A (en) * 2014-12-12 2015-04-01 苏州中科启慧软件技术有限公司 Stream cipher algorithm SNRR based on nonlinear circulating shift register
CN106953875A (en) * 2017-04-26 2017-07-14 吉林大学珠海学院 Ordered encryption method based on multi-key cipher stream cipher

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040086117A1 (en) * 2002-06-06 2004-05-06 Petersen Mette Vesterager Methods for improving unpredictability of output of pseudo-random number generators
US8861725B2 (en) * 2012-07-10 2014-10-14 Infineon Technologies Ag Random bit stream generator with enhanced backward secrecy
CN102983972B (en) * 2012-10-18 2015-06-10 吉林大学珠海学院 Dynamic encryption and decryption method based on stream cipher
CN103095449B (en) * 2013-01-16 2015-11-04 吉林大学 A kind of dynamic encryption decryption method based on stream cipher
US8983068B2 (en) * 2013-03-06 2015-03-17 Infineon Technologies Ag Masked nonlinear feedback shift register
CN103338104B (en) * 2013-06-05 2016-02-24 中北大学 The encryption method of recorder real-time data collection
EP3235162B1 (en) * 2014-12-17 2021-02-17 Telefonaktiebolaget LM Ericsson (publ) Stream ciphering technique
CN105141413B (en) * 2015-08-06 2018-05-15 吉林大学 Circular linked list exclusive or encryption method and decryption method based on stream cipher
CN105897403A (en) * 2016-04-01 2016-08-24 苏州中科启慧软件技术有限公司 Stream cipher technology SPRR based on parallel cyclic shift register
CN105959118A (en) * 2016-04-28 2016-09-21 吉林大学 Double-bit unidirectional circular linked list encryption and decryption method based on stream ciphers
CN106254062B (en) * 2016-10-12 2019-03-26 中国人民解放军信息工程大学 Stream cipher realization device and its sequential cipher realization method
CN113411805A (en) * 2017-04-27 2021-09-17 华为技术有限公司 Authentication method, authentication equipment and user equipment for realizing network access
CN108777622B (en) * 2018-05-11 2021-03-26 吉林大学 Binary stream hash modular encryption and decryption method
CN108777611B (en) * 2018-05-11 2021-06-18 吉林大学 Bidirectional linked list sequential encryption and decryption method based on double-key stream cipher
CN109194461B (en) * 2018-05-11 2022-02-22 吉林大学 Single-direction linked list sequence encryption and decryption method based on double-key stream cipher

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1425987A (en) * 2001-12-10 2003-06-25 中国科学院软件研究所 Encrypting method for reinforcing disordered block cipher
CN1852088A (en) * 2005-10-13 2006-10-25 华为技术有限公司 Enciphering-deciphering method for flow medium transmission code flow and module
CN104486068A (en) * 2014-12-12 2015-04-01 苏州中科启慧软件技术有限公司 Stream cipher algorithm SNRR based on nonlinear circulating shift register
CN106953875A (en) * 2017-04-26 2017-07-14 吉林大学珠海学院 Ordered encryption method based on multi-key cipher stream cipher

Also Published As

Publication number Publication date
CN109981249A (en) 2019-07-05
CN109981249B (en) 2020-09-08

Similar Documents

Publication Publication Date Title
WO2020168627A1 (en) Encryption and decryption method and device employing zipper-type dynamic hashing and nlfsr techniques
Kumar et al. Development of modified AES algorithm for data security
WO2018196634A1 (en) Sequential encryption method based on multiple key stream passwords
US7657033B2 (en) Cryptography related to keys
EP0725511B1 (en) Method for data encryption/decryption using cipher block chaining (CBC) and message authentication codes (MAC)
WO2020168628A1 (en) Encryption and decryption method and device based on random hash and bit operation
CN109194461B (en) Single-direction linked list sequence encryption and decryption method based on double-key stream cipher
CN103825723A (en) Encryption method and device
US10148425B2 (en) System and method for secure communications and data storage using multidimensional encryption
WO2020168629A1 (en) Encryption and decryption method employing bit permutation and bit manipulation, and device
JP2008513811A (en) Calculation conversion method and system
US8122075B2 (en) Pseudorandom number generator and encryption device using the same
Pisarchik et al. Chaotic map cryptography and security
Joshy et al. Text to image encryption technique using RGB substitution and AES
Mahboob et al. A novel construction of substitution box based on polynomial mapped and finite field with image encryption application
JPWO2006019152A1 (en) Message authenticator generation device, message authenticator verification device, and message authenticator generation method
Masoodi et al. Symmetric Algorithms I
Patel et al. Hybrid security algorithms for data transmission using AES-DES
Buell Modern symmetric ciphers—Des and Aes
CN108777611B (en) Bidirectional linked list sequential encryption and decryption method based on double-key stream cipher
CN106973061B (en) AES outgoing file encryption method based on reversible logic circuit
TWI728933B (en) Hybrid multistage algorithm encryption and decryption system, transmitting device thereof, and receiving device thereof
Tarawneh Cryptography: Recent Advances and Research Perspectives
US20230216659A1 (en) Method for processing encrypted data
Hwang et al. RT-OCFB: real-time based optimized cipher feedback mode

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19915756

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19915756

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/01/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 19915756

Country of ref document: EP

Kind code of ref document: A1