WO2022012162A1 - Matrix operation-based data encryption method and apparatus, electronic device, and storage medium - Google Patents

Matrix operation-based data encryption method and apparatus, electronic device, and storage medium Download PDF

Info

Publication number
WO2022012162A1
WO2022012162A1 PCT/CN2021/095008 CN2021095008W WO2022012162A1 WO 2022012162 A1 WO2022012162 A1 WO 2022012162A1 CN 2021095008 W CN2021095008 W CN 2021095008W WO 2022012162 A1 WO2022012162 A1 WO 2022012162A1
Authority
WO
WIPO (PCT)
Prior art keywords
matrix
data
key
encrypted signal
mapping dictionary
Prior art date
Application number
PCT/CN2021/095008
Other languages
French (fr)
Chinese (zh)
Inventor
曹帅
伍志强
刘君操
Original Assignee
平安国际智慧城市科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安国际智慧城市科技股份有限公司 filed Critical 平安国际智慧城市科技股份有限公司
Publication of WO2022012162A1 publication Critical patent/WO2022012162A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • the present application relates to big data processing, and in particular, to a data encryption method, device, electronic device and computer-readable storage medium based on matrix operation.
  • the monitoring program is implemented in the background of the server. By counting the statistical indicators within a unit time (such as accessing ip, accessing session, accessing User_Agent), a risk alarm is realized when the preset threshold is exceeded, thereby blocking the follow-up of the access terminal corresponding to the statistical indicator. ask.
  • the important data on the server side can only be obtained after the account registration and login of the access side.
  • the dynamic effects of js and AJAX are used to allow only normal login users to access, so that the crawler cannot read the important data normally.
  • the existing data encryption methods based on matrix operations are mainly implemented by symmetric encryption AES and asymmetric encryption RSA algorithms.
  • the general usage scenario is simple information such as login password encryption.
  • Encrypting the data is quite performance-intensive and not practical.
  • AES can be deciphered in essence. Even if salt is added, additional transmission and storage are required for salt. Direct original transmission will also face the risk of being crawled.
  • RSA is safe, it also requires two transmissions to obtain, encryption efficiency Lower, how to securely store the private key generated by the front-end is also a problem.
  • the data encryption method based on matrix operation provided by this application is applied to the server, including:
  • Randomly generating a third matrix generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • a first matrix converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  • the application also provides a data encryption method based on matrix operation, applied to the front end, including:
  • the second matrix and the third matrix generate an encrypted signal
  • the first matrix is obtained, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
  • the present application also provides an electronic device, the electronic device includes: a memory and a processor, where the memory stores a matrix operation-based data encryption program that can run on the processor, the matrix operation-based data encryption program When the program is executed by the processor, the following steps are implemented:
  • Randomly generating a third matrix generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • a first matrix converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  • the present application also provides a computer-readable storage medium, comprising a storage data area and a storage program area, the storage data area stores data created according to the use of blockchain nodes, and the storage program area stores a data encryption program based on matrix operations; Wherein, the data encryption program based on matrix operation can be executed by one or more processors to realize the following steps:
  • Randomly generating a third matrix generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • a first matrix converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  • FIG. 1 is a schematic diagram of a first embodiment of an electronic device of the present application
  • Fig. 2 is the block diagram of the first embodiment of the data encryption device based on matrix operation of the application
  • FIG. 3 is a flowchart of the first embodiment of the data encryption method based on matrix operation of the present application
  • FIG. 4 is a flowchart of a second embodiment of a data encryption method based on matrix operation of the present application.
  • FIG. 1 it is a schematic diagram of a first embodiment of an electronic device 1 of the present application.
  • the electronic device 1 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions.
  • the electronic device 1 may be a computer, a single network server, a server group composed of multiple network servers, or a cloud composed of a large number of hosts or network servers based on cloud computing, where cloud computing is a type of distributed computing, A super virtual computer consisting of a collection of loosely coupled computers.
  • the electronic device 1 includes, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can be communicatively connected to each other through a system bus.
  • the memory 11 stores a data encryption program 10 based on matrix operations, so The matrix operation-based data encryption program 10 can be executed by the processor 12 .
  • FIG. 1 only shows an electronic device 1 having components 11-13 and a data encryption program 10 based on matrix operations. Those skilled in the art can understand that the structure shown in FIG. 1 does not constitute a limitation on the electronic device 1. Fewer or more components than shown may be included, or some components may be combined, or a different arrangement of components.
  • the memory 11 includes a memory and at least one type of readable storage medium.
  • the memory provides a cache for the operation of the electronic device 1;
  • the readable storage medium may be, for example, flash memory, hard disk, multimedia card, card-type memory (eg, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM) ), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk and other non-volatile storage media.
  • the readable storage medium may be an internal storage unit of the electronic device 1, such as a hard disk of the electronic device 1; in other embodiments, the non-volatile storage medium may also be an external storage unit of the electronic device 1
  • a storage device such as a plug-in hard disk, a smart memory card (SmartMediaCard, SMC), a secure digital (SecureDigital, SD) card, a flash memory card (FlashCard), etc. equipped on the electronic device 1 .
  • the readable storage medium of the memory 11 mainly includes a storage program area and a storage data area, wherein the storage program area is usually used to store the operating system and various application software installed in the electronic device 1, such as storing the The code of the data encryption program 10 based on matrix operation in one embodiment; the storage data area can store data created according to the use of blockchain nodes, such as various types of data that have been output or will be output.
  • the processor 12 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments.
  • the processor 12 is generally used to control the overall operation of the electronic device 1, such as performing control and processing related to data interaction or communication with other devices.
  • the processor 12 is configured to run the program code or process data stored in the memory 11, for example, run the data encryption program 10 based on matrix operation and the like.
  • the network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is used to establish a communication connection between the electronic device 1 and a client (not shown in the figure).
  • the electronic device 1 may further include a user interface, and the user interface may include a display (Display), an input unit such as a keyboard (Keyboard), and an optional user interface may also include a standard wired interface and a wireless interface.
  • the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an organic light-emitting diode (Organic Light-Emitting Diode, OLED) touch device, and the like.
  • the display may also be appropriately called a display screen or a display unit, which is used for displaying information processed in the electronic device 1 and for displaying a visualized user interface.
  • the matrix operation-based data encryption program 10 implements the following steps when executed by the processor 12 .
  • a data request sent by the front end is received, and the corresponding source data is converted into a first matrix according to the request content of the data request.
  • the server parses the request content of the data request sent by the front end, obtains source data corresponding to the data requested in the request content, and converts the source data into binary stream data;
  • the first matrix (n*16 matrix) is obtained by calculation according to the binary stream data, and the calculation formula is as follows:
  • P is the binary stream data
  • S is the first matrix
  • a key and a second matrix corresponding to the key are randomly obtained from a preset first mapping dictionary.
  • the server generates and stores a first mapping dictionary
  • the first mapping dictionary includes m pairs of arrays, each pair of arrays includes a key and an operation matrix (16*16 Invertible square matrix, and the corresponding inverse matrix is unique), for example:
  • dict1 is the first mapping dictionary
  • key1 to keym are keys
  • X1 to Xm are operation matrices.
  • the server randomly obtains a pair of arrays ⁇ key:X ⁇ from the first mapping dictionary, and the operation matrix X is the second matrix corresponding to the key.
  • Randomly generating a third matrix generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • a first matrix converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  • the third matrix is an n*16 matrix
  • the server generates an encrypted signal by the following calculation formula:
  • S is the first matrix
  • X is the second matrix
  • Y is the third matrix
  • T is the encrypted signal.
  • the problem of linear calculation when calculating the encrypted signal is eliminated by randomly generating the third matrix, which increases the difficulty and cost of cracking the encrypted signal.
  • the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary includes m pairs of arrays, and each pair of arrays includes a key and a value corresponding to the operation matrix.
  • Inverse matrix for example:
  • dict2 is the second mapping dictionary
  • key1 ⁇ keym are keys
  • X1' ⁇ Xm' are inverse matrices.
  • the first mapping dictionary and the second mapping dictionary may be updated synchronously at regular intervals to ensure the security of the encryption policy.
  • the front end of the sending request after receiving the encrypted signal, the third matrix and the key, obtains the inverse corresponding to the key from a preset second mapping dictionary.
  • matrix that is, the inverse matrix of the second matrix
  • the first matrix is calculated according to the encrypted signal, the third matrix and the inverse matrix, and the calculation formula is as follows:
  • S is the first matrix
  • X' is the inverse matrix
  • Y is the third matrix
  • T is the encrypted signal.
  • the front end renders the obtained binary stream data and displays it on the display page.
  • the server converts the source data into a first matrix, obtains a key and a corresponding second matrix from a preset first mapping dictionary, and randomly generates a third matrix
  • An encrypted signal is generated according to the first matrix, the second matrix and the third matrix, and the encrypted signal, the third matrix and the key are returned to the front end that sends the data request for the front end
  • the first matrix is obtained according to the encrypted signal, the third matrix and the key, and the binary stream data converted from the first matrix is rendered and displayed on a display page.
  • This application encrypts the server-side source data based on matrix operations.
  • the crawler cannot crawl Encryption strategy and the second matrix, even if the crawler knows the format of the encryption matrix, it is basically impractical to obtain the encryption matrix by the exhaustive method, which increases the difficulty and cost of cracking encrypted data, making it difficult to crack the encrypted data and preventing data leakage. The resulting economic losses and unknown risks effectively achieve the purpose of data protection.
  • FIG. 2 it is a block diagram of the first embodiment of the data encryption apparatus based on matrix operation of the present application.
  • the data encryption device 100 based on matrix operation is applied to the server, including a data conversion module 110, a key matrix module 120 and a signal encryption module 130, exemplarily:
  • the data conversion module 110 is configured to receive a data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
  • the key matrix module 120 is used to randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
  • the signal encryption module 130 is configured to randomly generate a third matrix, generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and combine the encrypted signal, the third matrix and the The key is fed back to the front end, so that the front end can obtain the inverse matrix of the second matrix from a preset second mapping dictionary according to the key, and according to the encrypted signal, the third matrix and calculating the inverse matrix to obtain the first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  • the functions or operation steps implemented by the data conversion module 110 , the key matrix module 120 , and the signal encryption module 130 when they are executed are substantially the same as those in the above-mentioned embodiment, and are not repeated here.
  • FIG. 3 it is a flowchart of the first embodiment of the data encryption method based on matrix operation of the present application.
  • the data encryption method based on matrix operation is applied to the server and includes steps S11-S13.
  • the server parses the request content of the data request sent by the front end, obtains source data corresponding to the data requested in the request content, and converts the source data into binary stream data;
  • the first matrix (n*16 matrix) is obtained by calculation according to the binary stream data, and the calculation formula is as follows:
  • P is the binary stream data
  • S is the first matrix
  • S12 Randomly acquire a key and a second matrix corresponding to the key from a preset first mapping dictionary.
  • the server generates and stores a first mapping dictionary
  • the first mapping dictionary includes m pairs of arrays, each pair of arrays includes a key and an operation matrix (16*16 Invertible square matrix, and the corresponding inverse matrix is unique), for example:
  • dict1 is the first mapping dictionary
  • key1 to key m are keys
  • X1 to Xm are operation matrices.
  • the server randomly obtains a pair of arrays ⁇ key:X ⁇ from the first mapping dictionary, and the operation matrix X is the second matrix corresponding to the key.
  • the front-end is used for the front-end to obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
  • the third matrix is an n*16 matrix
  • the server generates an encrypted signal by the following calculation formula:
  • S is the first matrix
  • X is the second matrix
  • Y is the third matrix
  • T is the encrypted signal.
  • the problem of linear calculation when calculating the encrypted signal is eliminated by randomly generating the third matrix, which increases the difficulty and cost of cracking the encrypted signal.
  • the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary includes m pairs of arrays, and each pair of arrays includes a key and a value corresponding to the operation matrix.
  • Inverse matrix for example:
  • dict2 is the second mapping dictionary
  • key1 ⁇ keym is the key
  • X1' ⁇ Xm' is the inverse matrix
  • the first mapping dictionary and the second mapping dictionary may be updated synchronously at regular intervals to ensure the security of the encryption policy.
  • the front end of the sending request after receiving the encrypted signal, the third matrix and the key, obtains the inverse corresponding to the key from a preset second mapping dictionary.
  • matrix that is, the inverse matrix of the second matrix
  • the first matrix is calculated according to the encrypted signal, the third matrix and the inverse matrix, and the calculation formula is as follows:
  • S is the first matrix
  • X' is the inverse matrix
  • Y is the third matrix
  • T is the encrypted signal.
  • the front end renders the obtained binary stream data and displays it on the display page.
  • the server converts the source data into a first matrix, obtains the key and the corresponding second matrix from the preset first mapping dictionary, and randomly generates the data encryption method. a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and returning the encrypted signal, the third matrix and the key to the front end that sends the data request , so that the front end obtains the first matrix according to the encrypted signal, the third matrix and the key, and renders the binary stream data converted from the first matrix and displays it on the display page.
  • This application encrypts the server-side source data based on matrix operations.
  • the crawler cannot crawl Encryption strategy and the second matrix, even if the crawler knows the format of the encryption matrix, it is basically impractical to obtain the encryption matrix by the exhaustive method, which increases the difficulty and cost of cracking encrypted data, making it difficult to crack the encrypted data and preventing data leakage. The resulting economic losses and unknown risks effectively achieve the purpose of data protection.
  • FIG. 4 it is a flowchart of the second embodiment of the data encryption method based on matrix operation of the present application.
  • the data encryption method based on matrix operation is applied to the front end, and includes steps S21-S22.
  • S21 Send a data request to the server, and the server responds to the data request to generate a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix.
  • the second matrix and the third matrix generate encrypted signals.
  • the server generates a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix in response to the data request, and the third matrix includes:
  • the server converts the corresponding source data into a first matrix according to the request content of the data request
  • a key and a second matrix corresponding to the key are randomly obtained from a preset first mapping dictionary, so that the front end can obtain the second key from a preset second mapping dictionary according to the key the inverse of the matrix;
  • a third matrix is randomly generated, and an encrypted signal is generated according to the first matrix, the second matrix and the third matrix.
  • an embodiment of the present application also proposes a computer-readable storage medium
  • the computer-readable storage medium may be volatile or non-volatile
  • the computer-readable storage medium may be a hard disk, a multimedia card, a Any one or several of SD card, flash memory card, SMC, read only memory (ROM), erasable programmable read only memory (EPROM), portable compact disk read only memory (CD-ROM), USB memory, etc. any combination of species.
  • the computer-readable storage medium includes a matrix operation-based data encryption program 10, and the matrix operation-based data encryption program 10 implements the following operations when executed by a processor:
  • A1 Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
  • Randomly generate a third matrix generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and feed back the encrypted signal, the third matrix and the key to the
  • the front-end is used for the front-end to obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix.
  • the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
  • the specific implementation of the computer-readable storage medium of the present application is substantially the same as the specific implementation of the above-mentioned matrix operation-based data encryption method and the first embodiment of the electronic device, and will not be repeated here.
  • the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation.
  • the technical solution of the present application can be embodied in the form of a software product in essence or the part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of this application.
  • a storage medium such as ROM/RAM, magnetic disk, CD-ROM
  • the blockchain referred to in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A matrix operation-based data encryption method, applied to a server end, comprising: receiving a data request sent from a front end and converting corresponding source data into a first matrix according to the request content (S11); randomly obtaining, from a preset first mapping dictionary, a key and a second matrix corresponding to the key (S12); and randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix, and the third matrix, and feeding back the encrypted signal, the third matrix, and the key to the front end to allow the front end to obtain an inverse matrix of the second matrix from a preset second mapping dictionary according to the key, calculate the first matrix according to the encrypted signal, the third matrix, and the inverse matrix, convert the first matrix into binary stream data, and render the binary stream data and display same on a display page of the front end (S13). The present method also relates to blockchain technology, and the source data is stored in a blockchain. In the present method, encryption calculation is carried out on the source data of the server end on the basis of matrix operations to prevent losses and risks caused by data leakage, thus effectively protecting data.

Description

基于矩阵运算的数据加密方法、装置、电子设备及存储介质Data encryption method, device, electronic device and storage medium based on matrix operation
本申请要求于2020年7月15日提交中国专利局、申请号为CN202010677638.4、名称为“基于矩阵运算的数据加密方法、装置及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number CN202010677638.4 and the title of "Data Encryption Method, Device and Storage Medium Based on Matrix Operation" filed with the Chinese Patent Office on July 15, 2020, the entire content of which is approved by Reference is incorporated in this application.
技术领域technical field
本申请涉及大数据处理,尤其涉及一种基于矩阵运算的数据加密方法、装置、电子设备及计算机可读存储介质。The present application relates to big data processing, and in particular, to a data encryption method, device, electronic device and computer-readable storage medium based on matrix operation.
背景技术Background technique
目前很多公司或者团体会通过爬虫程序抓取网络数据,从而获取所需要的信息,因此我们在进行网络资讯交流的同时,要避免重要的数据被第三方爬取导致经济损失或未知风险。也就是说,面对众多的爬取工具以及数据保护的破解措施,如何保护有价值的信息和数据不被爬虫窃取也变得更加重要。目前比较常用的反爬虫工具和方法主要有:At present, many companies or groups will crawl network data through crawler programs to obtain the required information. Therefore, while we exchange network information, we must avoid important data being crawled by third parties, resulting in economic losses or unknown risks. That is to say, in the face of numerous crawling tools and data protection cracking measures, how to protect valuable information and data from being stolen by crawlers has become more important. The most commonly used anti-crawling tools and methods are:
1、服务端后台实现监控程序,通过统计单位时间内的统计指标(例如访问ip、访问session、访问User_Agent),当超过预设阀值后就实现风险报警,从而封锁该统计指标对应访问端的后续请求。1. The monitoring program is implemented in the background of the server. By counting the statistical indicators within a unit time (such as accessing ip, accessing session, accessing User_Agent), a risk alarm is realized when the preset threshold is exceeded, thereby blocking the follow-up of the access terminal corresponding to the statistical indicator. ask.
2、服务端的重要数据需访问端进行账号注册登录后方可获得,同时利用js和AJAX的动态效果,只让正常登录者访问,让爬虫无法正常读取重要数据。2. The important data on the server side can only be obtained after the account registration and login of the access side. At the same time, the dynamic effects of js and AJAX are used to allow only normal login users to access, so that the crawler cannot read the important data normally.
技术问题technical problem
发明人意识到上述方法主要有以下几个弊端:爬虫使用者较容易通过伪造痕迹的方式绕过反爬虫规则,且部分监控方法(例如统计访问User_Agent)误伤大,很容易对普通使用者造成误拦截,造成正常用户体验不佳。当爬虫使用者绕过反爬虫规则时,服务端原始的真实数据会完全暴露在爬虫使用者的面前,数据安全性不够高。此外,现有基于矩阵运算的数据加密方法主要是通过对称加密AES和非对称加密RSA算法实现,一般使用场景是登陆密码加密等简略信息,对于较大的数据,比如几十KB甚至几百KB的数据进行加密是相当消耗性能的,并不实用。而且,AES本质上是可以反解密出来的,即使加salt,对于salt也需要另外传输保存,直接原文传输同样会面临被爬取的风险,RSA虽然安全,但同样需要两次传输获取,加密效率较低,如何安全存储前端生成的私钥也是个问题。The inventor realizes that the above method mainly has the following drawbacks: it is easier for crawler users to bypass the anti-crawling rules by forging traces, and some monitoring methods (such as statistical access to User_Agent) cause serious accidental damage, which is easy to cause errors to ordinary users. Interception, resulting in poor normal user experience. When the crawler user bypasses the anti-crawler rules, the original real data on the server side will be completely exposed to the crawler user, and the data security is not high enough. In addition, the existing data encryption methods based on matrix operations are mainly implemented by symmetric encryption AES and asymmetric encryption RSA algorithms. The general usage scenario is simple information such as login password encryption. For larger data, such as tens of KB or even hundreds of KB Encrypting the data is quite performance-intensive and not practical. Moreover, AES can be deciphered in essence. Even if salt is added, additional transmission and storage are required for salt. Direct original transmission will also face the risk of being crawled. Although RSA is safe, it also requires two transmissions to obtain, encryption efficiency Lower, how to securely store the private key generated by the front-end is also a problem.
技术解决方案technical solutions
本申请提供的基于矩阵运算的数据加密方法,应用于服务端,包括:The data encryption method based on matrix operation provided by this application is applied to the server, including:
接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
本申请还提供一种基于矩阵运算的数据加密方法,应用于前端,包括:The application also provides a data encryption method based on matrix operation, applied to the front end, including:
向服务端发送数据请求,所述服务端响应所述数据请求生成第一矩阵、秘钥、与所述秘钥对应的第二矩阵,以及第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号;Send a data request to the server, and the server responds to the data request to generate a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix. The second matrix and the third matrix generate an encrypted signal;
接收所述服务端返回的所述加密信号、第三矩阵以及密钥,获取所述密钥对应的第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Receive the encrypted signal, the third matrix and the key returned by the server, obtain the inverse matrix of the second matrix corresponding to the key, and calculate according to the encrypted signal, the third matrix and the inverse matrix The first matrix is obtained, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
本申请还提供一种电子设备,该电子设备包括:存储器、处理器,所述存储器上存储有可在所述处理器上运行的基于矩阵运算的数据加密程序,所述基于矩阵运算的数据加密程序被所述处理器执行时实现如下步骤:The present application also provides an electronic device, the electronic device includes: a memory and a processor, where the memory stores a matrix operation-based data encryption program that can run on the processor, the matrix operation-based data encryption program When the program is executed by the processor, the following steps are implemented:
接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
本申请还提供一种计算机可读存储介质,包括存储数据区和存储程序区,存储数据区存储根据区块链节点的使用所创建的数据,存储程序区存储有基于矩阵运算的数据加密程序;其中,所述基于矩阵运算的数据加密程序可被一个或者多个处理器执行,以实现如下步骤:The present application also provides a computer-readable storage medium, comprising a storage data area and a storage program area, the storage data area stores data created according to the use of blockchain nodes, and the storage program area stores a data encryption program based on matrix operations; Wherein, the data encryption program based on matrix operation can be executed by one or more processors to realize the following steps:
接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
附图说明Description of drawings
图1为本申请电子设备第一实施例的示意图;1 is a schematic diagram of a first embodiment of an electronic device of the present application;
图2为本申请基于矩阵运算的数据加密装置第一实施例的模块图;Fig. 2 is the block diagram of the first embodiment of the data encryption device based on matrix operation of the application;
图3为本申请基于矩阵运算的数据加密方法第一实施例的流程图;3 is a flowchart of the first embodiment of the data encryption method based on matrix operation of the present application;
图4为本申请基于矩阵运算的数据加密方法第二实施例的流程图。FIG. 4 is a flowchart of a second embodiment of a data encryption method based on matrix operation of the present application.
本发明的实施方式Embodiments of the present invention
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本申请,并不用于限定本申请。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
需要说明的是,在本申请中涉及“第一”、“第二”等的描述仅用于描述目的,而不能理解为指示或暗示其相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括至少一个该特征。另外,各个实施例之间的技术方案可以相互结合,但是必须是以本领域普通技术人员能够实现为基础,当技术方案的结合出现相互矛盾或无法实现时应当认为这种技术方案的结合不存在,也不在本申请要求的保护范围之内。It should be noted that the descriptions involving "first", "second", etc. in this application are only for the purpose of description, and should not be construed as indicating or implying their relative importance or implying the number of indicated technical features . Thus, a feature delimited with "first", "second" may expressly or implicitly include at least one of that feature. In addition, the technical solutions between the various embodiments can be combined with each other, but must be based on the realization by those of ordinary skill in the art. When the combination of technical solutions is contradictory or cannot be realized, it should be considered that the combination of such technical solutions does not exist. , is not within the scope of protection claimed in this application.
如图1所示,为本申请电子设备1第一实施例的示意图。电子设备1是一种能够按照事先设定或者存储的指令,自动进行数值计算和/或信息处理的设备。所述电子设备1可以是计算机、也可以是单个网络服务器、多个网络服务器组成的服务器组或者基于云计算的由大量主机或者网络服务器构成的云,其中云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个超级虚拟计算机。As shown in FIG. 1 , it is a schematic diagram of a first embodiment of an electronic device 1 of the present application. The electronic device 1 is a device that can automatically perform numerical calculation and/or information processing according to pre-set or stored instructions. The electronic device 1 may be a computer, a single network server, a server group composed of multiple network servers, or a cloud composed of a large number of hosts or network servers based on cloud computing, where cloud computing is a type of distributed computing, A super virtual computer consisting of a collection of loosely coupled computers.
在本实施例中,电子设备1包括,但不仅限于,可通过系统总线相互通信连接的存储器11、处理器12、网络接口13,该存储器11中存储有基于矩阵运算的数据加密程序10,所述基于矩阵运算的数据加密程序10可被所述处理器12执行。图1仅示出了具有组件11-13以及基于矩阵运算的数据加密程序10的电子设备1,本领域技术人员可以理解的是,图1示出的结构并不构成对电子设备1的限定,可以包括比图示更少或者更多的部件,或者组合某些部件,或者不同的部件布置。In this embodiment, the electronic device 1 includes, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can be communicatively connected to each other through a system bus. The memory 11 stores a data encryption program 10 based on matrix operations, so The matrix operation-based data encryption program 10 can be executed by the processor 12 . FIG. 1 only shows an electronic device 1 having components 11-13 and a data encryption program 10 based on matrix operations. Those skilled in the art can understand that the structure shown in FIG. 1 does not constitute a limitation on the electronic device 1. Fewer or more components than shown may be included, or some components may be combined, or a different arrangement of components.
其中,存储器11包括内存及至少一种类型的可读存储介质。内存为电子设备1的运行提供缓存;可读存储介质可为如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等的非易失性存储介质。在一些实施例中,可读存储介质可以是电子设备1的内部存储单元,例如该电子设备1的硬盘;在另一些实施例中,该非易失性存储介质也可以是电子设备1的外部存储设备,例如电子设备1上配备的插接式硬盘,智能存储卡(SmartMediaCard,SMC),安全数字(SecureDigital,SD)卡,闪存卡(FlashCard)等。本实施例中,存储器11的可读存储介质主要包括存储程序区和存储数据区,其中,存储程序区通常用于存储安装于电子设备1的操作系统和各类应用软件,例如存储本申请第一实施例中的基于矩阵运算的数据加密程序10的代码等;存储数据区可存储根据区块链节点的使用所创建的数据等,例如已经输出或者将要输出的各类数据。The memory 11 includes a memory and at least one type of readable storage medium. The memory provides a cache for the operation of the electronic device 1; the readable storage medium may be, for example, flash memory, hard disk, multimedia card, card-type memory (eg, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM) ), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read-only memory (PROM), magnetic memory, magnetic disk, optical disk and other non-volatile storage media. In some embodiments, the readable storage medium may be an internal storage unit of the electronic device 1, such as a hard disk of the electronic device 1; in other embodiments, the non-volatile storage medium may also be an external storage unit of the electronic device 1 A storage device, such as a plug-in hard disk, a smart memory card (SmartMediaCard, SMC), a secure digital (SecureDigital, SD) card, a flash memory card (FlashCard), etc. equipped on the electronic device 1 . In this embodiment, the readable storage medium of the memory 11 mainly includes a storage program area and a storage data area, wherein the storage program area is usually used to store the operating system and various application software installed in the electronic device 1, such as storing the The code of the data encryption program 10 based on matrix operation in one embodiment; the storage data area can store data created according to the use of blockchain nodes, such as various types of data that have been output or will be output.
处理器12在一些实施例中可以是中央处理器(CentralProcessingUnit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器12通常用于控制所述电子设备1的总体操作,例如执行与其他设备进行数据交互或者通信相关的控制和处理等。本实施例中,所述处理器12用于运行所述存储器11中存储的程序代码或者处理数据,例如运行基于矩阵运算的数据加密程序10等。The processor 12 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments. The processor 12 is generally used to control the overall operation of the electronic device 1, such as performing control and processing related to data interaction or communication with other devices. In this embodiment, the processor 12 is configured to run the program code or process data stored in the memory 11, for example, run the data encryption program 10 based on matrix operation and the like.
网络接口13可包括无线网络接口或有线网络接口,该网络接口13用于在所述电子设备1与客户端(图中未画出)之间建立通信连接。The network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is used to establish a communication connection between the electronic device 1 and a client (not shown in the figure).
可选的,所述电子设备1还可以包括用户接口,用户接口可以包括显示器(Display)、输入单元比如键盘(Keyboard),可选的用户接口还可以包括标准的有线接口、无线接口。可选的,在一些实施例中,显示器可以是LED显示器、液晶显示器、触控式液晶显示器以及有机发光二极管(OrganicLight-EmittingDiode,OLED)触摸器等。其中,显示器也可以适当的称为显示屏或显示单元,用于显示在电子设备1中处理的信息以及用于显示可视化的用户界面。Optionally, the electronic device 1 may further include a user interface, and the user interface may include a display (Display), an input unit such as a keyboard (Keyboard), and an optional user interface may also include a standard wired interface and a wireless interface. Optionally, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an organic light-emitting diode (Organic Light-Emitting Diode, OLED) touch device, and the like. The display may also be appropriately called a display screen or a display unit, which is used for displaying information processed in the electronic device 1 and for displaying a visualized user interface.
在本申请的第一实施例中,所述基于矩阵运算的数据加密程序10被所述处理器12执行时实现如下步骤。In the first embodiment of the present application, the matrix operation-based data encryption program 10 implements the following steps when executed by the processor 12 .
接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵。A data request sent by the front end is received, and the corresponding source data is converted into a first matrix according to the request content of the data request.
在一实施方式中,所述服务端解析所述前端发送的数据请求的请求内容,获取与所述请求内容中所请求的数据对应的源数据,将所述源数据转化为二进制流数据;In one embodiment, the server parses the request content of the data request sent by the front end, obtains source data corresponding to the data requested in the request content, and converts the source data into binary stream data;
根据所述二进制流数据计算获得第一矩阵(n*16的矩阵),计算公式如下:The first matrix (n*16 matrix) is obtained by calculation according to the binary stream data, and the calculation formula is as follows:
S=radix(zip(P),10)S=radix(zip(P), 10)
其中,P为二进制流数据,S为第一矩阵。Among them, P is the binary stream data, and S is the first matrix.
从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵。A key and a second matrix corresponding to the key are randomly obtained from a preset first mapping dictionary.
在一实施方式中,所述服务端生成并存储第一映射字典,所述第一映射字典包括m对数组,每对数组包括一个密钥和与该密钥对应的运算矩阵(16*16的可逆方阵,且对应的逆矩阵唯一),例如:In one embodiment, the server generates and stores a first mapping dictionary, the first mapping dictionary includes m pairs of arrays, each pair of arrays includes a key and an operation matrix (16*16 Invertible square matrix, and the corresponding inverse matrix is unique), for example:
dict1: [{key1:X1},{key2:X2},...,{keym:Xm}]dict1: [{key1:X1}, {key2:X2}, ..., {keym:Xm}]
其中,dict1为第一映射字典,key1~keym为密钥,X1~Xm为运算矩阵。Among them, dict1 is the first mapping dictionary, key1 to keym are keys, and X1 to Xm are operation matrices.
所述服务端从所述第一映射字典中随机获取一对数组{密钥:X},所述运算矩阵X即为与所述密钥对应的第二矩阵。The server randomly obtains a pair of arrays {key:X} from the first mapping dictionary, and the operation matrix X is the second matrix corresponding to the key.
随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
在一实施方式中,所述第三矩阵为n*16的矩阵,所述服务端通过如下计算公式生成加密信号:In one embodiment, the third matrix is an n*16 matrix, and the server generates an encrypted signal by the following calculation formula:
T=S*X+YT=S*X+Y
其中,S为第一矩阵,X为第二矩阵,Y为第三矩阵,T为加密信号。本实施例中通过随机生成第三矩阵消除计算加密信号时的线性计算的问题,增加了加密信号的破解的难度和成本。Wherein, S is the first matrix, X is the second matrix, Y is the third matrix, and T is the encrypted signal. In this embodiment, the problem of linear calculation when calculating the encrypted signal is eliminated by randomly generating the third matrix, which increases the difficulty and cost of cracking the encrypted signal.
在一实施方式中,所述前端根据所述第一映射字典生成并存储第二映射字典,所述第二映射字典包括m对数组,每对数组包括一个密钥和与所述运算矩阵对应的逆矩阵,例如:In one embodiment, the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary includes m pairs of arrays, and each pair of arrays includes a key and a value corresponding to the operation matrix. Inverse matrix, for example:
dict2:[{key1:X1’},{key2:X2’},...,{keym:Xm’}]dict2:[{key1:X1'},{key2:X2'},...,{keym:Xm'}]
其中,dict2为第二映射字典,key1~keym为密钥,X1’~Xm’为逆矩阵。Among them, dict2 is the second mapping dictionary, key1~keym are keys, and X1'~Xm' are inverse matrices.
所述第一映射字典与所述第二映射字典可定时同步更新,以保证加密策略的安全性。The first mapping dictionary and the second mapping dictionary may be updated synchronously at regular intervals to ensure the security of the encryption policy.
在一实施方式中,所述发送请求的前端在接收到所述加密信号、所述第三矩阵以及所述密钥后,从预设的第二映射字典中获取与所述密钥对应的逆矩阵(即所述第二矩阵的逆矩阵),根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到第一矩阵,计算公式如下:In one embodiment, after receiving the encrypted signal, the third matrix and the key, the front end of the sending request obtains the inverse corresponding to the key from a preset second mapping dictionary. matrix (that is, the inverse matrix of the second matrix), the first matrix is calculated according to the encrypted signal, the third matrix and the inverse matrix, and the calculation formula is as follows:
S=(T-Y)*X’S=(T-Y)*X’
其中,S为第一矩阵,X’为逆矩阵,Y为第三矩阵,T为加密信号。然后根据所述第一矩阵S计算得到二进制流数据P,计算公式如下:Wherein, S is the first matrix, X' is the inverse matrix, Y is the third matrix, and T is the encrypted signal. Then, the binary stream data P is obtained by calculating according to the first matrix S, and the calculation formula is as follows:
P=unzip(radix(S,2))P=unzip(radix(S, 2))
最后所述前端将得到的二进制流数据进行渲染并展示到显示页面上。Finally, the front end renders the obtained binary stream data and displays it on the display page.
由上述实施例可知,本申请提出的电子设备1,服务端将源数据转化为第一矩阵,从预设的第一映射字典中获取密钥以及对应的第二矩阵,随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥返回到发送数据请求的前端,以供前端根据所述加密信号、所述第三矩阵以及所述密钥获取所述第一矩阵,并将所述第一矩阵转化的二进制流数据渲染后展示到显示页面上。本申请基于矩阵运算对服务端源数据进行加密计算,若被爬取了第三矩阵,因为服务端从第一映射字典随机获取秘钥对应的第二矩阵进行加密,爬取者也无法爬取加密策略和第二矩阵,即使爬取者知道加密矩阵的格式,利用穷举法获取加密矩阵也基本不实际,增加了加密数据破解的难度和成本,使加密数据难以被破解,以防止数据泄露导致的经济损失和未知风险,有效地达到了保护数据的目的。It can be seen from the above embodiments that in the electronic device 1 proposed in this application, the server converts the source data into a first matrix, obtains a key and a corresponding second matrix from a preset first mapping dictionary, and randomly generates a third matrix, An encrypted signal is generated according to the first matrix, the second matrix and the third matrix, and the encrypted signal, the third matrix and the key are returned to the front end that sends the data request for the front end The first matrix is obtained according to the encrypted signal, the third matrix and the key, and the binary stream data converted from the first matrix is rendered and displayed on a display page. This application encrypts the server-side source data based on matrix operations. If the third matrix is crawled, because the server randomly obtains the second matrix corresponding to the secret key from the first mapping dictionary for encryption, the crawler cannot crawl Encryption strategy and the second matrix, even if the crawler knows the format of the encryption matrix, it is basically impractical to obtain the encryption matrix by the exhaustive method, which increases the difficulty and cost of cracking encrypted data, making it difficult to crack the encrypted data and preventing data leakage. The resulting economic losses and unknown risks effectively achieve the purpose of data protection.
如图2所示,为本申请基于矩阵运算的数据加密装置第一实施例的模块图。As shown in FIG. 2 , it is a block diagram of the first embodiment of the data encryption apparatus based on matrix operation of the present application.
在本申请的第一实施例中,基于矩阵运算的数据加密装置100应用于服务端,包括数据转化模块110、密钥矩阵模块120及信号加密模块130,示例性地:In the first embodiment of the present application, the data encryption device 100 based on matrix operation is applied to the server, including a data conversion module 110, a key matrix module 120 and a signal encryption module 130, exemplarily:
所述数据转化模块110,用于接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;The data conversion module 110 is configured to receive a data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
所述密钥矩阵模块120,用于从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;The key matrix module 120 is used to randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
所述信号加密模块130,用于随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。The signal encryption module 130 is configured to randomly generate a third matrix, generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and combine the encrypted signal, the third matrix and the The key is fed back to the front end, so that the front end can obtain the inverse matrix of the second matrix from a preset second mapping dictionary according to the key, and according to the encrypted signal, the third matrix and calculating the inverse matrix to obtain the first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
上述数据转化模块110、密钥矩阵模块120及信号加密模块130等模块被执行时所实现的功能或操作步骤与上述实施例大体相同,在此不再赘述。The functions or operation steps implemented by the data conversion module 110 , the key matrix module 120 , and the signal encryption module 130 when they are executed are substantially the same as those in the above-mentioned embodiment, and are not repeated here.
如图3所示,为本申请基于矩阵运算的数据加密方法第一实施例的流程图,该基于矩阵运算的数据加密方法应用于服务端,包括步骤S11-S13。As shown in FIG. 3 , it is a flowchart of the first embodiment of the data encryption method based on matrix operation of the present application. The data encryption method based on matrix operation is applied to the server and includes steps S11-S13.
S11、接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵。S11. Receive a data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request.
在一实施方式中,所述服务端解析所述前端发送的数据请求的请求内容,获取与所述请求内容中所请求的数据对应的源数据,将所述源数据转化为二进制流数据;In one embodiment, the server parses the request content of the data request sent by the front end, obtains source data corresponding to the data requested in the request content, and converts the source data into binary stream data;
根据所述二进制流数据计算获得第一矩阵(n*16的矩阵),计算公式如下:The first matrix (n*16 matrix) is obtained by calculation according to the binary stream data, and the calculation formula is as follows:
S=radix(zip(P),10)S=radix(zip(P), 10)
其中,P为二进制流数据,S为第一矩阵。Among them, P is the binary stream data, and S is the first matrix.
S12、从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵。S12: Randomly acquire a key and a second matrix corresponding to the key from a preset first mapping dictionary.
在一实施方式中,所述服务端生成并存储第一映射字典,所述第一映射字典包括m对数组,每对数组包括一个密钥和与该密钥对应的运算矩阵(16*16的可逆方阵,且对应的逆矩阵唯一),例如:In one embodiment, the server generates and stores a first mapping dictionary, the first mapping dictionary includes m pairs of arrays, each pair of arrays includes a key and an operation matrix (16*16 Invertible square matrix, and the corresponding inverse matrix is unique), for example:
dict1: [{key1:X1},{key2:X2},...,{key m:Xm}]dict1: [{key1:X1}, {key2:X2}, ..., {key m:Xm}]
其中,dict1为第一映射字典,key1~key m为密钥,X1~Xm为运算矩阵。Among them, dict1 is the first mapping dictionary, key1 to key m are keys, and X1 to Xm are operation matrices.
所述服务端从所述第一映射字典中随机获取一对数组{密钥:X},所述运算矩阵X即为与所述密钥对应的第二矩阵。The server randomly obtains a pair of arrays {key:X} from the first mapping dictionary, and the operation matrix X is the second matrix corresponding to the key.
S13、随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。S13. Randomly generate a third matrix, generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and feed back the encrypted signal, the third matrix and the key to the The front-end is used for the front-end to obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. For the first matrix, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
在一实施方式中,所述第三矩阵为n*16的矩阵,所述服务端通过如下计算公式生成加密信号:In one embodiment, the third matrix is an n*16 matrix, and the server generates an encrypted signal by the following calculation formula:
T=S*X+YT=S*X+Y
其中,S为第一矩阵,X为第二矩阵,Y为第三矩阵,T为加密信号。本实施例中通过随机生成第三矩阵消除计算加密信号时的线性计算的问题,增加了加密信号的破解的难度和成本。Wherein, S is the first matrix, X is the second matrix, Y is the third matrix, and T is the encrypted signal. In this embodiment, the problem of linear calculation when calculating the encrypted signal is eliminated by randomly generating the third matrix, which increases the difficulty and cost of cracking the encrypted signal.
在一实施方式中,所述前端根据所述第一映射字典生成并存储第二映射字典,所述第二映射字典包括m对数组,每对数组包括一个密钥和与所述运算矩阵对应的逆矩阵,例如:In one embodiment, the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary includes m pairs of arrays, and each pair of arrays includes a key and a value corresponding to the operation matrix. Inverse matrix, for example:
dict2:[{key1:X1’},{key2:X2’},...,{key m:Xm’}]dict2: [{key1:X1'}, {key2:X2'}, ..., {key m:Xm'}]
其中,dict2为第二映射字典,key1~key m为密钥,X1’~Xm’为逆矩阵。Among them, dict2 is the second mapping dictionary, key1~keym is the key, and X1'~Xm' is the inverse matrix.
所述第一映射字典与所述第二映射字典可定时同步更新,以保证加密策略的安全性。The first mapping dictionary and the second mapping dictionary may be updated synchronously at regular intervals to ensure the security of the encryption policy.
在一实施方式中,所述发送请求的前端在接收到所述加密信号、所述第三矩阵以及所述密钥后,从预设的第二映射字典中获取与所述密钥对应的逆矩阵(即所述第二矩阵的逆矩阵),根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到第一矩阵,计算公式如下:In one embodiment, after receiving the encrypted signal, the third matrix and the key, the front end of the sending request obtains the inverse corresponding to the key from a preset second mapping dictionary. matrix (that is, the inverse matrix of the second matrix), the first matrix is calculated according to the encrypted signal, the third matrix and the inverse matrix, and the calculation formula is as follows:
S=(T-Y)*X’S=(T-Y)*X’
其中,S为第一矩阵,X’为逆矩阵,Y为第三矩阵,T为加密信号。然后根据所述第一矩阵S计算得到二进制流数据P,计算公式如下:Wherein, S is the first matrix, X' is the inverse matrix, Y is the third matrix, and T is the encrypted signal. Then, the binary stream data P is obtained by calculating according to the first matrix S, and the calculation formula is as follows:
P=unzip(radix(S,2))P=unzip(radix(S, 2))
最后所述前端将得到的二进制流数据进行渲染并展示到显示页面上。Finally, the front end renders the obtained binary stream data and displays it on the display page.
由上述实施例可知,本申请提出的基于矩阵运算的数据加密方法,服务端将源数据转化为第一矩阵,从预设的第一映射字典中获取密钥以及对应的第二矩阵,随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥返回到发送数据请求的前端,以供前端根据所述加密信号、所述第三矩阵以及所述密钥获取所述第一矩阵,并将所述第一矩阵转化的二进制流数据渲染后展示到显示页面上。本申请基于矩阵运算对服务端源数据进行加密计算,若被爬取了第三矩阵,因为服务端从第一映射字典随机获取秘钥对应的第二矩阵进行加密,爬取者也无法爬取加密策略和第二矩阵,即使爬取者知道加密矩阵的格式,利用穷举法获取加密矩阵也基本不实际,增加了加密数据破解的难度和成本,使加密数据难以被破解,以防止数据泄露导致的经济损失和未知风险,有效地达到了保护数据的目的。It can be seen from the above embodiments that in the data encryption method based on matrix operation proposed in this application, the server converts the source data into a first matrix, obtains the key and the corresponding second matrix from the preset first mapping dictionary, and randomly generates the data encryption method. a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and returning the encrypted signal, the third matrix and the key to the front end that sends the data request , so that the front end obtains the first matrix according to the encrypted signal, the third matrix and the key, and renders the binary stream data converted from the first matrix and displays it on the display page. This application encrypts the server-side source data based on matrix operations. If the third matrix is crawled, because the server randomly obtains the second matrix corresponding to the secret key from the first mapping dictionary for encryption, the crawler cannot crawl Encryption strategy and the second matrix, even if the crawler knows the format of the encryption matrix, it is basically impractical to obtain the encryption matrix by the exhaustive method, which increases the difficulty and cost of cracking encrypted data, making it difficult to crack the encrypted data and preventing data leakage. The resulting economic losses and unknown risks effectively achieve the purpose of data protection.
如图4所示,为本申请基于矩阵运算的数据加密方法第二实施例的流程图,该基于矩阵运算的数据加密方法应用于前端,包括步骤S21-S22。As shown in FIG. 4 , it is a flowchart of the second embodiment of the data encryption method based on matrix operation of the present application. The data encryption method based on matrix operation is applied to the front end, and includes steps S21-S22.
S21、向服务端发送数据请求,所述服务端响应所述数据请求生成第一矩阵、秘钥、与所述秘钥对应的第二矩阵,以及第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号。S21. Send a data request to the server, and the server responds to the data request to generate a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix. The second matrix and the third matrix generate encrypted signals.
在一实施方式中,所述服务端响应所述数据请求生成第一矩阵、秘钥、与所述秘钥对应的第二矩阵,以及第三矩阵包括:In one embodiment, the server generates a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix in response to the data request, and the third matrix includes:
所述服务端根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;The server converts the corresponding source data into a first matrix according to the request content of the data request;
从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵;A key and a second matrix corresponding to the key are randomly obtained from a preset first mapping dictionary, so that the front end can obtain the second key from a preset second mapping dictionary according to the key the inverse of the matrix;
随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号。A third matrix is randomly generated, and an encrypted signal is generated according to the first matrix, the second matrix and the third matrix.
S22、接收所述服务端返回的所述加密信号、第三矩阵以及密钥,获取所述密钥对应的第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。S22. Receive the encrypted signal, the third matrix and the key returned by the server, obtain the inverse matrix of the second matrix corresponding to the key, and obtain the inverse of the second matrix according to the encrypted signal, the third matrix and the inverse The first matrix is obtained by matrix calculation, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
此外,本申请实施例还提出一种计算机可读存储介质,所述计算机可读存储介质可以是易失性的,也可以是非易失性的,计算机可读存储介质可以是硬盘、多媒体卡、SD卡、闪存卡、SMC、只读存储器(ROM)、可擦除可编程只读存储器(EPROM)、便携式紧致盘只读存储器(CD-ROM)、USB存储器等中的任意一种或者几种的任意组合。计算机可读存储介质中包括基于矩阵运算的数据加密程序10,所述基于矩阵运算的数据加密程序10被处理器执行时实现如下操作:In addition, an embodiment of the present application also proposes a computer-readable storage medium, the computer-readable storage medium may be volatile or non-volatile, and the computer-readable storage medium may be a hard disk, a multimedia card, a Any one or several of SD card, flash memory card, SMC, read only memory (ROM), erasable programmable read only memory (EPROM), portable compact disk read only memory (CD-ROM), USB memory, etc. any combination of species. The computer-readable storage medium includes a matrix operation-based data encryption program 10, and the matrix operation-based data encryption program 10 implements the following operations when executed by a processor:
A1、接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;A1. Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
A2、从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;A2. Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
A3、随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。A3. Randomly generate a third matrix, generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and feed back the encrypted signal, the third matrix and the key to the The front-end is used for the front-end to obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. For the first matrix, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
本申请之计算机可读存储介质的具体实施方式与上述基于矩阵运算的数据加密方法以及电子设备的第一实施例的具体实施方式大致相同,在此不再赘述。The specific implementation of the computer-readable storage medium of the present application is substantially the same as the specific implementation of the above-mentioned matrix operation-based data encryption method and the first embodiment of the electronic device, and will not be repeated here.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present application are only for description, and do not represent the advantages or disadvantages of the embodiments.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、装置、物品或者方法不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、装置、物品或者方法所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、装置、物品或者方法中还存在另外的相同要素。It should be noted that, herein, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion, such that a process, device, article or method comprising a series of elements includes not only those elements, It also includes other elements not expressly listed or inherent to such a process, apparatus, article or method. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in the process, apparatus, article, or method that includes the element.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation. Based on this understanding, the technical solution of the present application can be embodied in the form of a software product in essence or the part that contributes to the prior art, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, CD-ROM), including several instructions to make a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the methods described in the various embodiments of this application.
本申请所指区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链(Blockchain),本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层等。The blockchain referred to in this application is a new application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Blockchain, essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of the present application, and are not intended to limit the patent scope of the present application. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present application, or directly or indirectly applied in other related technical fields , are similarly included within the scope of patent protection of this application.

Claims (20)

  1. 一种基于矩阵运算的数据加密方法,应用于服务端,其中,包括:A data encryption method based on matrix operation, applied to a server, including:
    接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
    从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
    随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  2. 如权利要求1所述的基于矩阵运算的数据加密方法,其中,所述源数据转化为第一矩阵包括:The data encryption method based on matrix operation according to claim 1, wherein, converting the source data into the first matrix comprises:
    将所述源数据转化为二进制流数据;converting the source data into binary stream data;
    根据所述二进制流数据计算获得第一矩阵,所述第一矩阵的特征描述为:S=radix(zip(P),10),其中,P为二进制流数据,S为第一矩阵。The first matrix is obtained by calculation according to the binary stream data, and the characteristic description of the first matrix is: S=radix(zip(P), 10), where P is the binary stream data, and S is the first matrix.
  3. 如权利要求1所述的基于矩阵运算的数据加密方法,其中,所述接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵之前还包括:The data encryption method based on matrix operation according to claim 1, wherein, before the receiving the data request sent by the front end, before converting the corresponding source data into the first matrix according to the request content of the data request, further comprising:
    生成并存储所述第一映射字典,其中,所述第一映射字典包括一对以上数组,每对数组包括一个密钥和与该密钥对应的运算矩阵。The first mapping dictionary is generated and stored, wherein the first mapping dictionary includes more than one pair of arrays, and each pair of arrays includes a key and an operation matrix corresponding to the key.
  4. 如权利要求3所述的基于矩阵运算的数据加密方法,其中,所述前端根据所述第一映射字典生成并存储第二映射字典,所述第二映射字典包括与所述第一映射字典数组数量对应的数组,每对数组包括一个密钥和与所述第一映射字典数组中该密钥对应的运算矩阵的逆矩阵。The data encryption method based on matrix operation according to claim 3, wherein the front-end generates and stores a second mapping dictionary according to the first mapping dictionary, and the second mapping dictionary includes an array with the first mapping dictionary Arrays corresponding to the number, each pair of arrays includes a key and the inverse matrix of the operation matrix corresponding to the key in the first mapping dictionary array.
  5. 如权利要求1所述的基于矩阵运算的数据加密方法,其中,所述服务端通过如下计算公式生成加密信号:T=S*X+Y;其中,S为第一矩阵,X为第二矩阵,Y为第三矩阵,T为加密信号。The data encryption method based on matrix operation according to claim 1, wherein the server generates the encrypted signal by the following calculation formula: T=S*X+Y; wherein, S is the first matrix, and X is the second matrix , Y is the third matrix, and T is the encrypted signal.
  6. 如权利要求1所述的基于矩阵运算的数据加密方法,其中,所述前端根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据包括:The data encryption method based on matrix operation according to claim 1, wherein the front end calculates the first matrix according to the encrypted signal, the third matrix and the inverse matrix, and converts the first matrix into Converting to binary stream data includes:
    所述前端通过S=(T-Y)*X’计算得到所述第一矩阵,然后通过P=unzip(radix(S,2))计算得到二进制流数据;其中,S为第一矩阵,X’为逆矩阵,Y为第三矩阵,T为加密信号,P为二进制流数据。The front end obtains the first matrix through S=(TY)*X' calculation, and then obtains binary stream data through P=unzip(radix(S, 2)) calculation; wherein, S is the first matrix, and X' is the Inverse matrix, Y is the third matrix, T is the encrypted signal, and P is the binary stream data.
  7. 一种基于矩阵运算的数据加密方法,应用于前端,其中,该方法包括:A data encryption method based on matrix operation, applied to the front end, wherein the method includes:
    向服务端发送数据请求,所述服务端响应所述数据请求生成第一矩阵、秘钥、与所述秘钥对应的第二矩阵,以及第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号;Send a data request to the server, and the server responds to the data request to generate a first matrix, a secret key, a second matrix corresponding to the secret key, and a third matrix. The second matrix and the third matrix generate an encrypted signal;
    接收所述服务端返回的所述加密信号、第三矩阵以及密钥,获取所述密钥对应的第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Receive the encrypted signal, the third matrix and the key returned by the server, obtain the inverse matrix of the second matrix corresponding to the key, and calculate according to the encrypted signal, the third matrix and the inverse matrix The first matrix is obtained, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
  8. 如权利要求7所述的基于矩阵运算的数据加密方法,其中,所述服务端响应所述数据请求生成第一矩阵、秘钥、与所述秘钥对应的第二矩阵,以及第三矩阵包括:The data encryption method based on matrix operation according to claim 7, wherein the server generates a first matrix, a secret key, a second matrix corresponding to the secret key in response to the data request, and the third matrix comprises :
    所述服务端根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;The server converts the corresponding source data into a first matrix according to the request content of the data request;
    从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary, so that the front end can obtain the second key from a preset second mapping dictionary according to the key the inverse of the matrix;
    随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号。A third matrix is randomly generated, and an encrypted signal is generated according to the first matrix, the second matrix and the third matrix.
  9. 一种基于矩阵运算的数据加密装置,其中,所述装置包括:A data encryption device based on matrix operation, wherein the device comprises:
    数据转换模块,用于接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;a data conversion module, configured to receive a data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
    密钥矩阵模块,用于从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;a key matrix module for randomly acquiring a key and a second matrix corresponding to the key from a preset first mapping dictionary;
    信号加密模块,用于随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。A signal encryption module, configured to randomly generate a third matrix, generate an encrypted signal according to the first matrix, the second matrix and the third matrix, and convert the encrypted signal, the third matrix and the encrypted signal The key is fed back to the front end, so that the front end can obtain the inverse matrix of the second matrix from a preset second mapping dictionary according to the key, and according to the encrypted signal, the third matrix and the The inverse matrix is calculated to obtain the first matrix, the first matrix is converted into binary stream data, and the binary stream data is rendered and displayed on the front-end display page.
  10. 一种电子设备,其中,该电子设备包括:存储器、处理器,所述存储器上存储有可在所述处理器上运行的基于矩阵运算的数据加密程序,所述基于矩阵运算的数据加密程序被所述处理器执行时实现如下步骤:An electronic device, wherein the electronic device includes: a memory and a processor, the memory stores a matrix operation-based data encryption program that can run on the processor, and the matrix operation-based data encryption program is The processor implements the following steps when executing:
    接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
    从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
    随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  11. 如权利要求10所述的电子设备,其中,所述源数据转化为第一矩阵包括:The electronic device of claim 10, wherein converting the source data into the first matrix comprises:
    将所述源数据转化为二进制流数据;converting the source data into binary stream data;
    根据所述二进制流数据计算获得第一矩阵,所述第一矩阵的特征描述为:S=radix(zip(P),10),其中,P为二进制流数据,S为第一矩阵。The first matrix is obtained by calculation according to the binary stream data, and the characteristic description of the first matrix is: S=radix(zip(P), 10), where P is the binary stream data, and S is the first matrix.
  12. 如权利要求10所述的电子设备,其中,在所述接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵之前,所述基于矩阵运算的数据加密程序被所述处理器执行时还实现如下步骤:The electronic device according to claim 10, wherein, before the data request sent by the front end is received, and the corresponding source data is converted into the first matrix according to the request content of the data request, the data encryption based on the matrix operation is performed. When the program is executed by the processor, the following steps are also implemented:
    生成并存储所述第一映射字典,其中,所述第一映射字典包括一对以上数组,每对数组包括一个密钥和与该密钥对应的运算矩阵。The first mapping dictionary is generated and stored, wherein the first mapping dictionary includes more than one pair of arrays, and each pair of arrays includes a key and an operation matrix corresponding to the key.
  13. 如权利要求12所述的电子设备,其中,所述前端根据所述第一映射字典生成并存储第二映射字典,所述第二映射字典包括与所述第一映射字典数组数量对应的数组,每对数组包括一个密钥和与所述第一映射字典数组中该密钥对应的运算矩阵的逆矩阵。The electronic device of claim 12, wherein the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary comprising an array corresponding to the number of the first mapping dictionary arrays, Each pair of arrays includes a key and an inverse matrix of an operation matrix corresponding to the key in the first mapping dictionary array.
  14. 如权利要求10所述的电子设备,其中,所述服务端通过如下计算公式生成加密信号:T=S*X+Y;其中,S为第一矩阵,X为第二矩阵,Y为第三矩阵,T为加密信号。The electronic device according to claim 10, wherein the server generates the encrypted signal by the following calculation formula: T=S*X+Y; wherein, S is the first matrix, X is the second matrix, and Y is the third matrix matrix, T is the encrypted signal.
  15. 如权利要求10所述的电子设备,其中,所述前端根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据包括:The electronic device of claim 10, wherein the front end calculates the first matrix according to the encrypted signal, the third matrix and the inverse matrix, and converts the first matrix into binary stream data include:
    所述前端通过S=(T-Y)*X’计算得到所述第一矩阵,然后通过P=unzip(radix(S,2))计算得到二进制流数据;其中,S为第一矩阵,X’为逆矩阵,Y为第三矩阵,T为加密信号,P为二进制流数据。The front end obtains the first matrix through S=(TY)*X' calculation, and then obtains binary stream data through P=unzip(radix(S, 2)) calculation; wherein, S is the first matrix, and X' is the Inverse matrix, Y is the third matrix, T is the encrypted signal, and P is the binary stream data.
  16. 一种计算机可读存储介质,其中,包括存储数据区和存储程序区,存储数据区存储根据区块链节点的使用所创建的数据,存储程序区存储有基于矩阵运算的数据加密程序;其中,所述基于矩阵运算的数据加密程序可被一个或者多个处理器执行,以实现如下步骤:A computer-readable storage medium, comprising a storage data area and a storage program area, the storage data area stores data created according to the use of blockchain nodes, and the storage program area stores a data encryption program based on matrix operations; wherein, The matrix operation-based data encryption program can be executed by one or more processors to achieve the following steps:
    接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵;Receive the data request sent by the front end, and convert the corresponding source data into a first matrix according to the request content of the data request;
    从预设的第一映射字典中随机获取一个密钥以及与所述密钥对应的第二矩阵;Randomly obtain a key and a second matrix corresponding to the key from a preset first mapping dictionary;
    随机生成第三矩阵,根据所述第一矩阵、所述第二矩阵和所述第三矩阵生成加密信号,并将所述加密信号、所述第三矩阵以及所述密钥反馈至所述前端,以供所述前端根据所述密钥从预设的第二映射字典中获取所述第二矩阵的逆矩阵,根据所述加密信号、所述第三矩阵以及所述逆矩阵计算得到所述第一矩阵,将所述第一矩阵转化为二进制流数据,并将所述二进制流数据渲染后展示到所述前端的显示页面上。Randomly generating a third matrix, generating an encrypted signal according to the first matrix, the second matrix and the third matrix, and feeding back the encrypted signal, the third matrix and the key to the front end , so that the front end can obtain the inverse matrix of the second matrix from the preset second mapping dictionary according to the key, and obtain the inverse matrix according to the encrypted signal, the third matrix and the inverse matrix. A first matrix, converting the first matrix into binary stream data, and rendering the binary stream data and displaying it on the front-end display page.
  17. 如权利要求16所述的计算机可读存储介质,其中,所述源数据转化为第一矩阵包括:The computer-readable storage medium of claim 16, wherein converting the source data into the first matrix comprises:
    将所述源数据转化为二进制流数据;converting the source data into binary stream data;
    根据所述二进制流数据计算获得第一矩阵,所述第一矩阵的特征描述为:S=radix(zip(P),10),其中,P为二进制流数据,S为第一矩阵。The first matrix is obtained by calculation according to the binary stream data, and the characteristic description of the first matrix is: S=radix(zip(P), 10), where P is the binary stream data, and S is the first matrix.
  18. 如权利要求16所述的计算机可读存储介质,其中,在所述接收前端发送的数据请求,根据所述数据请求的请求内容将对应的源数据转化为第一矩阵之前,所述基于矩阵运算的数据加密程序被一个或者多个处理器执行时还实现如下步骤:The computer-readable storage medium according to claim 16, wherein before the data request sent by the receiving front end is converted into the first matrix according to the request content of the data request, the matrix-based operation is performed. When the data encryption program is executed by one or more processors, the following steps are also implemented:
    生成并存储所述第一映射字典,其中,所述第一映射字典包括一对以上数组,每对数组包括一个密钥和与该密钥对应的运算矩阵。The first mapping dictionary is generated and stored, wherein the first mapping dictionary includes more than one pair of arrays, and each pair of arrays includes a key and an operation matrix corresponding to the key.
  19. 如权利要求18所述的计算机可读存储介质,其中,所述前端根据所述第一映射字典生成并存储第二映射字典,所述第二映射字典包括与所述第一映射字典数组数量对应的数组,每对数组包括一个密钥和与所述第一映射字典数组中该密钥对应的运算矩阵的逆矩阵。The computer-readable storage medium of claim 18, wherein the front end generates and stores a second mapping dictionary according to the first mapping dictionary, the second mapping dictionary including a number corresponding to the first mapping dictionary array Each pair of arrays includes a key and the inverse matrix of the operation matrix corresponding to the key in the first mapping dictionary array.
  20. 如权利要求16所述的计算机可读存储介质,其中,所述服务端通过如下计算公式生成加密信号:T=S*X+Y;其中,S为第一矩阵,X为第二矩阵,Y为第三矩阵,T为加密信号。The computer-readable storage medium according to claim 16, wherein the server generates the encrypted signal by the following calculation formula: T=S*X+Y; wherein, S is the first matrix, X is the second matrix, and Y is the third matrix, and T is the encrypted signal.
PCT/CN2021/095008 2020-07-15 2021-05-21 Matrix operation-based data encryption method and apparatus, electronic device, and storage medium WO2022012162A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010677638.4 2020-07-15
CN202010677638.4A CN111563268B (en) 2020-07-15 2020-07-15 Data encryption method and device based on matrix operation and storage medium

Publications (1)

Publication Number Publication Date
WO2022012162A1 true WO2022012162A1 (en) 2022-01-20

Family

ID=72075477

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/095008 WO2022012162A1 (en) 2020-07-15 2021-05-21 Matrix operation-based data encryption method and apparatus, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN111563268B (en)
WO (1) WO2022012162A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242485A (en) * 2022-07-19 2022-10-25 核工业四一六医院 Data encryption or decryption method, system, electronic equipment and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111563268B (en) * 2020-07-15 2021-01-15 平安国际智慧城市科技股份有限公司 Data encryption method and device based on matrix operation and storage medium
CN113779554A (en) * 2021-09-01 2021-12-10 中国银行股份有限公司 Information encryption transmission method, device and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103684742A (en) * 2013-11-29 2014-03-26 西安交通大学 Circulant matrix transformation based and ciphertext computation supportive encryption method
CN106921485A (en) * 2015-12-24 2017-07-04 航天信息股份有限公司 Encrypting and decrypting method based on matrix operation
US20170195117A1 (en) * 2014-09-18 2017-07-06 Huawei International Pte. Ltd. Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
CN110489989A (en) * 2019-08-27 2019-11-22 深圳市道通智能航空技术有限公司 Data encrypting/de-encrypling method, its encryption/deciphering chip and its unmanned plane
CN111563268A (en) * 2020-07-15 2020-08-21 平安国际智慧城市科技股份有限公司 Data encryption method and device based on matrix operation and storage medium

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003302899A (en) * 2002-04-11 2003-10-24 Sony Corp Method and apparatus for encryption and decryption messages based on boolean matrix
US20040202326A1 (en) * 2003-04-10 2004-10-14 Guanrong Chen System and methods for real-time encryption of digital images based on 2D and 3D multi-parametric chaotic maps
CN102314580A (en) * 2011-09-20 2012-01-11 西安交通大学 Vector and matrix operation-based calculation-supported encryption method
CN103259643B (en) * 2012-08-14 2016-06-15 苏州大学 A kind of full homomorphic cryptography method of matrix
CN105471575B (en) * 2014-09-05 2020-11-03 创新先进技术有限公司 Information encryption and decryption method and device
CN108985082B (en) * 2018-07-11 2020-02-07 上海海事大学 Medical image encryption method based on digital watermark

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103684742A (en) * 2013-11-29 2014-03-26 西安交通大学 Circulant matrix transformation based and ciphertext computation supportive encryption method
US20170195117A1 (en) * 2014-09-18 2017-07-06 Huawei International Pte. Ltd. Encryption function and decryption function generating method, encryption and decryption method and related apparatuses
CN106921485A (en) * 2015-12-24 2017-07-04 航天信息股份有限公司 Encrypting and decrypting method based on matrix operation
CN110489989A (en) * 2019-08-27 2019-11-22 深圳市道通智能航空技术有限公司 Data encrypting/de-encrypling method, its encryption/deciphering chip and its unmanned plane
CN111563268A (en) * 2020-07-15 2020-08-21 平安国际智慧城市科技股份有限公司 Data encryption method and device based on matrix operation and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115242485A (en) * 2022-07-19 2022-10-25 核工业四一六医院 Data encryption or decryption method, system, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN111563268B (en) 2021-01-15
CN111563268A (en) 2020-08-21

Similar Documents

Publication Publication Date Title
US11669637B2 (en) Decentralized token table generation
CN112751852B (en) Data transmission method and related equipment
WO2022012162A1 (en) Matrix operation-based data encryption method and apparatus, electronic device, and storage medium
Liu et al. DivORAM: Towards a practical oblivious RAM with variable block size
Yuan et al. Secure cloud data deduplication with efficient re-encryption
US10284372B2 (en) Method and system for secure management of computer applications
WO2021012548A1 (en) Blockchain-based data processing method and system, and electronic apparatus and storage medium
US11507683B2 (en) Query processing with adaptive risk decisioning
US9596263B1 (en) Obfuscation and de-obfuscation of identifiers
WO2022179115A1 (en) User authentication method and apparatus, server and storage medium
US11381381B2 (en) Privacy preserving oracle
US20210344500A1 (en) Computer-implemented system and method for transferring access to digital resource
US9298942B1 (en) Encrypted augmentation storage
CN113094334B (en) Digital service method, device, equipment and storage medium based on distributed storage
CN113127915A (en) Data encryption desensitization method and device, electronic equipment and storage medium
CN113610526A (en) Data trust method and device, electronic equipment and storage medium
CN114826553A (en) Cloud storage data security protection method and device based on group signature and homomorphic encryption
CN114884697A (en) Data encryption and decryption method based on state cryptographic algorithm and related equipment
CN114760052A (en) Bank Internet of things platform key generation method and device, electronic equipment and medium
CN113221154A (en) Service password obtaining method and device, electronic equipment and storage medium
JP5669204B2 (en) Distributed information management system, distributed information management method, and distributed information management program
CN110660450A (en) Safety counting query and integrity verification device and method based on encrypted genome data
WO2019178981A1 (en) Password management method and device employing customized rules, terminal apparatus, and storage medium
CN111934882B (en) Identity authentication method and device based on block chain, electronic equipment and storage medium
CN114978664A (en) Data sharing method and device and electronic equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21843140

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25/04/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21843140

Country of ref document: EP

Kind code of ref document: A1