WO2023284036A1

WO2023284036A1 - Encryption and decryption method and apparatus, and communication system

Info

Publication number: WO2023284036A1
Application number: PCT/CN2021/110681
Authority: WO
Inventors: 金杉; 王宏健; 金翊; 王颖
Original assignee: 金杉
Priority date: 2021-07-15
Filing date: 2021-08-04
Publication date: 2023-01-19
Also published as: CN113630386A; CN113630386B

Abstract

The present invention relates to the field of information encryption and decryption, and in particular to an encryption and decryption method and apparatus implemented using reconfigurable many-valued logic operation components. The encryption and decryption method may comprise encryption and decryption processes, processes of presetting an encryption component reconfiguration code, a decryption component reconfiguration code, and a key derivation component reconfiguration code, a preset key presetting process, and a process of generating a reservation code. The encryption and decryption apparatus may comprise an encryption component, a decryption component, and a read-only storage component consisting of hardware, and may further comprise an encryption module, a decryption module, and a configuration file consisting of software. An application scenario may be an autonomous communication encryption system or an assisted communication encryption system using encryption and decryption components, or may be a static information encryption system using encryption and decryption modules. The beneficial effects of the present invention are: a large number of optional keys obvious in random features and not shorter than plaintext can be derived, and according to the massive optional keys, an automatic execution capability of a computer, and a small number of storage units, a practical and feasible one-time pad technology is realized.

Description

An encryption and decryption method, device and communication system thereof

technical field

The present invention relates to the field of information encryption and decryption, in particular to an encryption and decryption method, device and application scene constructed with reconfigurable multi-valued logic operation components.

Background technique

With the popularization of technologies such as e-commerce, online transactions, battlefield data links, and cloud storage, and the fact that large-scale automation, remote control, and data-dependent facilities are frequently attacked by network hackers, people encrypt communication data and storage data. Technology has attracted much attention; with the continuous improvement of computer capabilities, modern encryption methods based on algorithm complexity are seriously threatened, and new encryption technologies for various electronic files need to be developed. Therefore, in 1940, the "one-time note encryption (also known as 'one-time pad' technology)" that was theoretically proved to be unbreakable by Shannon became a new goal pursued by people.

There are 3 previous patents directly related to the present invention, all of which are patents of reconfigurable multi-valued logic operator technology. The patent of the present invention is based on the technology and equipment provided by these 3 patents, and this structure is used for encryption and decryption The sign changer for the operation. These 3 patents are: [1], n-value arithmetic unit without carry and borrow, Chinese patent: ZL200710041144.1, authorized date: 2009-10-28. The gist of this invention is to disclose a general method for constructing a multi-valued processor, the main technology of which is implemented in the optical processor and does not involve encryption technology; [2], reconfigurable three-valued optical processor, Chinese invention patent : ZL201010584129.3, date of authorization: 2012-05-02, the main patent discloses a technical scheme for constructing a ternary optical processor, which does not involve encryption technology; [3], a multi-digit, groupable, repeatable Structured multi-valued electronic calculator and method, Chinese invention patent application number: 201811567284.7, application date: 2018-12-20, PCT number: PCT/CN2019/070318, mainly discloses a reconfigurable multi-valued logic electronic processing The technical solution of the device does not involve encryption technology.

Contents of the invention

Aiming at the problems in the prior art, an encryption and decryption method, device and application scenarios based on reconfigurable multi-valued logical operation components are now provided.

1. The present invention provides an encryption and decryption method

The method includes an encryption process, a decryption process, a process of presetting encryption part reconfiguration code and decryption part reconfiguration code, a presetting key deriving part reconfiguration code process, a presetting presetting key process and a The process of generating a reservation code. Preferably: the encryption unit, the decryption unit and the key derivation unit all use a reconfigurable multi-valued logical operation unit as a symbol transformation unit, and correspondingly, the encryption unit reconstruction code, the decryption unit reconstruction code and the key derivation unit reconstruction The codes are reconfigurable codes of the reconfigurable multi-valued logical operation unit, and each reconfigured code sets the current operation rule of the corresponding multi-valued logical operation unit.

The concrete steps of described encryption process include:

Step A1: Set the encryption rule used this time in advance according to the reconstruction code of the encryption component, and according to the encryption rule, use the encryption key corresponding to the current plaintext segment to encrypt the current plaintext segment to obtain the corresponding the ciphertext segment;

Step A2: Set the encryption key derivation rule used this time in advance according to the reconfiguration code of the key derivation component, and process the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule , generating an encryption key that encrypts the next said plaintext segment.

The execution order of A1 and A2 is not in particular order, and they can also be executed in parallel.

The specific steps of the decryption process include:

Step B1: Set the decryption rule used this time in advance according to the decryption component reconstruction code paired with the reconstruction code of the encryption component at the opposite end, and according to the decryption rule, use the current ciphertext segment corresponding The decryption key is used to decrypt the current ciphertext segment to obtain the decrypted plaintext segment;

Step B2: Pre-set the decryption key derivation rule used this time with the key derivation component reconstruction code that sets the current encryption key derivation rule, and according to the decryption key derivation rule, decrypt the decrypted plaintext segment and the corresponding decryption key to generate a decryption key for decrypting the next ciphertext segment.

B1 and B2 are executed in no particular order, and can also be executed in parallel.

The decryption component reconstruction code paired with the encryption component reconstruction code refers to: use one of the encryption rules set by the reconstruction code to generate ciphertext from plaintext, and the ciphertext can use the decryption rule set by another reconstruction code To decrypt, generate plaintext from ciphertext.

The process of presetting the reconfiguration code of the encryption part and the reconfiguration code of the decryption part specifically includes:

Step C1: Before a specific implementation of the encryption and decryption method is put into use, that is: before the encryptor and decryptor are put into use, the encryption process and the decryption process are executed; and before the encryption unit and the decryption unit are put into use, the encryption process and Before the decryption process, from the reconstruction code sequence, randomly select and save a plurality of reconstruction codes composed of the encryption component reconstruction code and the corresponding decryption component reconstruction code pairing, as a specific implementation of the encryption component and Decryption component reconstruction code pairing group;

Step C2: Obtain the first reservation number corresponding to the current encryption and decryption process, and extract and preset this encryption and decryption from the paired group of the encryption component and the decryption component reconstruction code according to the first reservation number Encrypted component reconstruction codes and decrypted component reconstruction codes used by the process.

The process of reconstructing the code of the preset key derivation component specifically includes:

Step D1: Before a specific implementation of this encryption and decryption method is put into use, that is: before the encryption key derivation device and the decryption key derivation device are put into use, and before the encryption process and decryption process are performed; and before the encryption key derivation unit, The decryption key derivation unit is put into use, and before the encryption process and the decryption process are performed, a plurality of reconstruction codes of the key derivation unit are randomly selected from the reconstruction code sequence as the key used by the specific implementation Derived component reconstruction code group;

Step D2: Obtain the second reserved number corresponding to the current encryption and decryption process, and extract and preset the key derivation used this time from the reconfigured code group of the key derivation component according to the second reserved number The refactoring code for the part.

The process of presetting the preset key specifically includes:

The preset key is used to encrypt the first plaintext segment and decrypt the first ciphertext segment.

Step E1: Before a specific realization of this encryption and decryption method is put into use, that is: before the use of the read-only storage component or the configuration file, randomly select a plurality of the preset keys from the preset key sequence, as the preset key set used by the concrete implementation;

Step E2: Obtain the third reservation number corresponding to the current encryption and decryption process, and extract and set the preset key used this time from the preset key group according to the third reservation number.

Steps C1, D1 and E1 must be performed once before the concrete implementation is put into use, and not performed a second time. However, C2, D2, and E2 must be executed once each time the encryption and decryption operations are executed in the specific implementation.

The process of generating the reservation code specifically includes:

Taking the multiple reservation numbers contained in the reservation code used in this encryption and decryption process as the initial value, count the various symbol arrangements in the plaintext to be encrypted in this encryption and decryption process, and the counting result is a new multiple Reservation numbers, all new reservation numbers are connected in order to form the reservation code to be used in the next encryption and decryption process.

2. The present invention provides an electronic device for implementing the encryption and decryption method

The electronic device uses hardware equipment as the main body to implement the encryption and decryption method described above. Its characteristic hardware includes: an encryption unit, a decryption unit, a read-only storage unit, a non-volatile read-write memory, a group of cycle counters and a unique supporting writing device unique to the factory. A common form of such an electronic device is an integrated circuit chip, also known as an encryption and decryption chip. Preferably, the symbol transformation components used by the encryption component and the decryption component are both reconfigurable multi-valued logic operation components.

(1) Encryption components include:

Encryptor f: Before each encryption process starts, use a random encrypted encryption reconstruction code to set the encryption f, so that f has specific encryption rules; Segment p(i) performs multi-valued logic operations to generate the current ciphertext segment p'(i) to complete encryption.

Encryption key derivation F: before the start of each encryption, set F with a randomly extracted key derivation reconstruction code, so that F has specific key derivation rules; Perform multi-valued logic operations with the current plaintext segment p(i) to generate an encryption key Y(i+1) for encrypting the next plaintext segment.

Preferably: both the encryptor f and the encryption key derivation unit F use a reconfigurable multi-valued logical operation unit as a symbol transformation unit. Correspondingly, both the reconfiguration codes of the encryptor and the reconfiguration codes of the encryption key derivation are reconfigurable codes of the multi-valued logical operation unit. Since the reconstruction codes of each encryption device are different from those of each key derivation device, it is determined that f and F must be configured with different reconstruction codes, so the two must be multi-valued logic operators with different operation rules. It is further determined that the current ciphertext segment p'(i) must be different from the derived encryption key Y(i+1).

⑵Decryption components include:

Decryptor f': Before each decryption starts, use the decryptor reconstruction code paired with the peer's encryption reconstruction code to set the decryptor f', so that f' has specific decryption rules; f' uses the current decryption code The key Y'(i) decrypts the current ciphertext segment p'(i) to obtain the decrypted plaintext segment p(i).

Decryption key derivation F': Before starting each decryption, set F' with the key derivation code selected by the peer encryptor, so that F' has the same key derivation rules as F; F' has the same key derivation rules as F; The decrypted current plaintext segment p(i) and the current decryption key Y'(i) are processed to generate the decryption key Y'(i+1) for decrypting the next ciphertext segment.

Preferably: both the decryptor f' and the decryption key derivation device F' use the reconfigurable multi-valued logical operation unit as the symbol transformation unit. Correspondingly, both the decryptor reconstruction code and the decryption key derivation reconstruction code are reconstruction codes of the reconfigurable multi-valued logical operation unit. In the paired encryptor and decryptor, F is the same as F', Y(0) is the same as Y'(0), the encrypted plaintext segment and the decrypted plaintext segment are the same, both are p(i), which determines the derived key Y(i+1) is the same as Y'(i+1).

(3) The working registers attached to the encryption part and the decryption part

The encryption part comes with a number of working registers, including: Encryptor f comes with: a first encrypted input register (Rfy) for storing the current key; a second encrypted input register (Rfm) for storing the current plaintext segment; an encrypted output register (CRf), used to store and output the current ciphertext segment. The encryption key derivation device F is attached with: the first encryption key derivation input register (RFY), used to store the current key; the second encryption key derivation input register (RFm), used to store the current plaintext segment; the encryption key The derived output register (CRF) is used to store and output the encryption key for the next plaintext segment.

Correspondingly, the decryption part also has some working registers, including: the decryptor f' is attached with: a first decryption input register (Rf'y), which is used to store the current key; a second decryption input register (Rf'm), which is used to for storing the current ciphertext segment; the decryption output register (CRf') is used to store the current plaintext segment after decryption; the decryption key derivation device F' is attached with: the first decryption derivation input register (RF'Y) is used for storing Current key; the second decryption derived input register (RF'm), used to store the plaintext segment after decryption of the current ciphertext segment; decryption derived output register (CRF'), used to store the key for decrypting the next ciphertext segment .

⑷Reconfiguration registers of encryption components and decryption components

Each bit of the encryptor f, each bit of the decryptor f', each bit of the key derivation F and F' is equipped with a reconfiguration register, and the reconfiguration registers of their i-th bits are respectively marked as: Cgf (i), Cgf'(i), CgF(i), and CgF'(i). Writing reconfiguration codes to these reconfiguration registers can modify the multi-valued logic operation rules corresponding to the sign converter bits.

⑸Read-only storage components:

It is used to save a few KB control program and about 10MB generalized key source data GYY. GYY is a plurality of pairs of encryptor reconfiguration codes and decryptor reconfiguration codes, a plurality of key derivation reconfiguration codes and a plurality of preset keys Y(0) stored in the encryption and decryption electronic device. The read-only storage unit can only write data once with a special device by the manufacturer. The read-only storage unit does not have a channel for reading data from the electronic device, so the program and GYY stored in it can never be read out of the electronic device, but the program and GYY can be used indefinitely inside the electronic device. The read-only storage part contains multiple storage areas, including: control program storage area, encryption device reconstruction code storage area, decryptor reconstruction code storage area, key derivation device reconstruction code storage area and preset key storage area Area.

⑹Generalized key source data GYY:

Each encryption and decryption electronic device is written in a set of generalized key source data GYY by the manufacturer with a special writing device before leaving the factory. Each GYY value is a combination of an encryption code and a corresponding decoder reconstruction code pair, a key derivation code and a preset key, so each GYY value determines an encryption The rules and keys used for decryption operations. Since the GYY used by the encryption end and the decryption end must be the same, at least two electronic devices must have the same GYY and their sequence numbers to form an information encrypted communication system. If you write GYY with the same serial number and content to multiple encryption and decryption chips, these chips will decrypt the transmitted ciphertext at the same time, forming a communication system with open information within the group.

The special writing device is only installed in the chip factory and is not an accessory of the chip. Each encryption and decryption chip must be written with a special program by the manufacturer using the writing device, and after writing a group of GYY selected from all possible GYY values in a random manner, it can become a usable product. The writing device includes: a first burner, used to write a plurality of randomly selected encryptor reconstruction codes into the encryptor reconstruction code storage area of the read-only storage unit; a second burner, used for Write the decryptor reconfiguration code paired with each encryptor reconfiguration code into the decryptor reconfiguration code storage area of the read-only storage unit; the third burner is used to reconfigure a plurality of randomly selected key derivations The code is written into the derivation reconstruction code storage area of the read-only storage unit; the fourth burner is used to write a plurality of preset keys randomly selected into the preset key storage area of the read-only storage unit.

⑺The encryption component and the decryption component are peers

The peer relationship here refers to: the pairing technology and components for encrypting and processing the plaintext to be encrypted and decrypting and processing the ciphertext corresponding to the plaintext. When the encryption and decryption chip is applied to both ends of the channel for information encryption and decryption communication, the encryption component here is the component used to encrypt plaintext to generate ciphertext in the encryption and decryption chip at one end, and the decryption component at the opposite end is the encryption and decryption component at the other end. The components in the decryption chip are used to decrypt the ciphertext. Specifically, as shown in FIG. 7, the encryption component a in the encryption and decryption chip A and the decryption component b in the encryption and decryption chip B are peers, and the encryption and decryption component a' in the encryption and decryption chip A and the encryption and decryption chip B Components b' are opposite to each other.

⑻ Reservation number and reservation code

Three independent cycle counters are set in the encryption part to count the different symbol arrangements specified in plaintext or ciphertext respectively. The statistical values obtained at the end of this communication are the first reservation number, the second reservation number and the third reservation number , the three reservation numbers are sequentially connected to form a code that is convenient for storage and transmission, called the reservation code. Since the appearance of a certain symbol sequence in plaintext or ciphertext has uniform probability randomness, the three reservation numbers are all random, so the reservation code is also a random number.

The role of the reservation number: to create conditions for the random selection of the generalized key source data GYY in the next communication process, specifically: after the end of this communication, the encryption unit immediately extracts an encryption key from the read-only storage unit according to the first reservation number code, and use this reconfiguration code to set the multi-valued logical operation function of the encoder f; the decryption part also extracts the decryptor reconfiguration code paired with the encryption device reconfiguration code from the read-only storage part according to the first reserved number , and use this decoder reconstruction code to set the multi-valued logic operation function of the decryptor f'; both the encryption unit and the decryption unit extract the same key derivation reconstruction code from the read-only storage unit according to the second reservation number, and use This reconstruction code sets the multi-valued logical operation function of the encryption key derivation device F and the decryption key derivation device F'; both the encryption part and the decryption part extract the same preset key from the read-only memory according to the third reserved number Y(0). In this way, it is ready for the next communication, and at the same time, the GYY used in this communication is washed away, and the possibility of obtaining the generalized key of this communication afterwards is eliminated.

Reservation process: When the encryptor receives the command to complete the communication information, it immediately forms the reservation code with three reservation numbers, and saves the reservation code in the reservation code register and sends it to the decryption terminal; the decryption terminal saves the received reservation code to the The reservation code register at the end, and send it back to the encryption end; the encryption end compares the received reservation code with the saved reservation code, if the two are the same, the reservation is successful, and an instruction to terminate the communication process is issued to complete the communication; If the two are not the same, then re-send the reservation code, wait for the return reservation code to be received again, if the reservation is unsuccessful for many times in a row, then send a line failure alarm.

The reservation code can also be generated by the decryptor, and the decryptor initiates the reservation process; the reservation code can also be generated separately by the encryptor and the decryptor, and the order terminal that receives the communication information first initiates the reservation process.

3. The present invention provides a computer software structure for realizing the encryption and decryption method

The encryption and decryption computer software structure includes: an encryption software module, a decryption software module, a configuration file, a plurality of cycle counting variables and a special writing program owned by the manufacturer. Preferably: the symbol transformation rules used in the encryption software module and the decryption software module are reconfigurable multi-valued logic operation rules.

⑴ Encryption software module:

Including: Encryption program segment Rf: Before each encryption process starts, use a randomly extracted encryptor reconstruction code to set the encryption rule of the encryption program segment Rf, and the encryption program segment uses the current encryption key to The plaintext segment P(i) is encrypted to obtain the corresponding current ciphertext segment P'(i).

Encryption key derivation program segment RF: Before each encryption process starts, use a randomly extracted key derivation reconstruction code to set the key derivation rules of the encryption key derivation program segment RF, the encryption key derivation program segment The current plaintext segment P(i) and the current encryption key Y(i) are processed to generate the encryption key Y(i+1) for encrypting the next plaintext segment.

Preferably: both the encryption program segment rf and the encryption key derivation program segment rF use reconfigurable multi-valued logic operation rules as symbol transformation rules. Correspondingly, both the encryption code and the encryption key derivation code are reconstruction codes that can reconfigure multi-valued logic operation rules.

⑵ Decryption software module:

Including: decryption program segment Rf': before each decryption process starts, use the decryptor reconstruction code paired with the encryption device reconstruction code to set the decryption rule of the decryption program segment Rf', Rf' is encrypted with the current decryption code The key Y'(i) decrypts the current ciphertext segment P'(i) to obtain the corresponding decrypted plaintext segment P(i).

Decryption key derivation program section RF': Before each decryption process starts, use the selected encryption key derivation reconstruction code to set the current key derivation rule of the decryption key derivation program section RF', RF' is to the current key derivation rule The decrypted plaintext segment P(i) and the current decryption key Y'(i) are processed to generate the decryption key Y'(i+1) for decrypting the next ciphertext segment.

Preferably: both the decryption program segment rf' and the decryption key derivation program segment rF' use reconfigurable multi-valued logic operation rules as symbol transformation rules. Correspondingly, both the decryptor reconfiguration code and the decryption key derivation reconfiguration code are reconfigurable multi-valued logic operation rules.

⑶ configuration file:

The configuration file saves the generalized key source data GYY and reservation code preset by the corresponding encryption and decryption software. Each encryption and decryption software has an exclusive configuration file, and any two different encryption and decryption software have different configuration files. The configuration file is divided into multiple file sections, including: the section of the encryptor reconstruction code file, the section of the decryptor reconstruction code file, the section of the key derivation reconstruction code file, the section of the preset key file and the reservation code storage unit. The reservation code storage unit is read and rewritten by the encryption software module, and the rest of the file paragraphs are assigned by the manufacturer with a special writing device to write the preset GYY to the configuration file, and then the encryption and decryption software There are encryption and decryption functions for various electronic documents.

⑷Special writing software owned by the manufacturer

Including: a first writing module, used to write a plurality of encrypted reconstruction codes randomly selected into the paragraphs of the encrypted reconstruction code file; a second writing module, used to write The decryptor reconstruction code is written into the section of the decryptor reconstruction code file; the third writing section is used to write the randomly selected multiple key derivation reconstruction codes into the section of the derivation reconstruction code file; the fourth writing section, used to write multiple randomly selected preset keys into the section of the preset key file.

⑸Multiple cycle count variables and reservation code storage unit:

Before each encryption process starts, the encryption software module reads out the reservation code used for this encryption from the reservation code storage unit of the configuration file. Each cycle counting variable takes the corresponding reservation number in the reservation code used this time as the initial value, and each cycle counting variable counts a symbol arrangement in the encrypted plaintext this time, and different cycle counting variables count different Arrangement of symbols; the final result of each cycle counting variable is the corresponding new reservation number, all new reservation numbers form a new reservation code, and the new reservation code is stored in the reservation code storage unit, waiting for the encryption software module to read when it works next time.

(6) Encryption software module setting process: first read the reservation code used for this encryption from the reservation code storage unit of the configuration file, and separate the first reservation number, the second reservation number and the third reservation number from the reservation code; The reservation code used this time is written into the starting position of the ciphertext file; each reservation number is set as the initial value of the corresponding cycle count variable; then according to the first reservation number, extract the corresponding paragraph from the encryption device reconstruction code file Encryptor reconfiguration code, write the cipher reconfiguration code into the reconfiguration register RCgf(i) of the cipher, thereby setting the current symbol transformation rule of the encrypted program segment Rf; according to the second reservation number used this time, from the Extract the corresponding key derivation reconstruction code from the section of the key derivation reconstruction code file described above, and write the key derivation reconstruction code into the encryption key derivation reconstruction code register RCgF(i), thereby setting the encryption key The current symbol transformation rule of the key derivation program segment RF; according to the third reservation number used this time, extract the corresponding preset key from the paragraph of the preset key file, and set the preset key as the current use The encrypted default key Y(0).

⑺Decryption software module setting process: first read the reservation code used for this decryption from the beginning position of the ciphertext file, and separate the first reservation number, the second reservation number and the third reservation number from the reservation code; then according to the first Reservation number, extract the corresponding decryptor reconstruction code from the decryptor reconstruction code file paragraph, write the decryptor reconstruction code into the decryptor reconstruction code register RCgf'(i), so as to set the decryption program segment Rf' Current symbol transformation rule; according to the second reservation number, extract the corresponding key derivation reconstruction code from the key derivation reconstruction code file paragraph, and write the key derivation reconstruction code into the decryption key derivation Reconfigure the code register RCgF'(i), thereby setting the current symbol transformation rule of the decryption key derivation program segment RF'; according to the third reservation number, extract the corresponding preset from the preset key file paragraph of the configuration file key, and set the default key as the decryption default key Y'(0) used this time.

The beneficial effects of the technical solution of the present invention are: the reconfigurable multi-valued logic operation unit can be used to derive a large number of optional keys with obvious random characteristics, no shorter than plaintext, and a large number of optional keys based on the automatic execution of the computer. capacity and fewer storage units, and realizes a practical one-time secret stream cipher technology. Specifically, the use of reconfigurable multi-valued logic operation components not only enables the preset key to derive many different actual keys, but also expands the dependence of the randomness of the actual key on the randomness of the preset key to simultaneously Relying on the randomness of the preset key and the randomness of the function of the multi-valued logic operator, the reconfigurable multi-valued logic operator can also be used to form an encryptor, a decryptor, and a key-derived device, so that the same key pair can be used at the same time. A plaintext can generate many ciphertexts, and its effect is equivalent to further increasing the randomness of the actual key.

The application scenario provided by the technology of the present invention may be an encryption system for real-time communication, or an encryption system for storing or transmitting electronic files. The method and application scenario for realizing the technology of the present invention will be described in conjunction with embodiments.

Description of drawings

Fig. 1 is the schematic flow chart of encryption process;

Fig. 2 is a schematic flow chart of the decryption process;

Fig. 3 is the schematic flow diagram of setting the reconfiguration code of the encryptor and the reconfiguration code of the decryptor;

Fig. 4 is the schematic flow chart of setting key derivation device reconstruction code;

FIG. 5 is a schematic diagram of the flow of setting a default key;

6 is a schematic structural diagram of an encryption and decryption device;

Fig. 7 is a schematic structural diagram of an encrypted communication system.

detailed description

The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention, but this is not intended to limit the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts fall within the protection scope of the present invention.

It should be noted that, in the case of no conflict, the embodiments of the present invention and the features in the embodiments can be combined with each other.

Embodiment 1. An encryption and decryption method provided by the present invention

Combining with Figure 1, Figure 2, Figure 3, Figure 4 and Figure 5, a detailed description of an encryption and decryption method described in the Summary of the Invention is given:

As shown in FIG. 1 , the encryption process includes Step A1 and Step A2 described in the Summary of the Invention. As shown in FIG. 2 , the decryption process includes step B1 and step B2 described in the summary of the invention.

The specific description of the encryption process and decryption process is as follows: assume that the final length of the plaintext is n symbols, the length of the plaintext can be given in advance, or can be continuously added; the obtained plaintext is divided in order by using m symbols as a unit into multiple plaintext segments, expressed as p(i), i=0, 1, 2, 3...(n/m-1), if the last plaintext segment is less than m bits, then use 0 to make up the plaintext segment; Before starting to encrypt the plaintext, randomly select a preset key Y(0) used for this encryption from the preset multiple preset keys; at the same time, randomly select the reconstructed code from the preset multiple encryption components An encryption component reconstruction code used in this encryption, the encryption component f is set with the selected encryption component reconstruction code to form a specific encryption rule used in this plaintext encryption process, in this time for all plaintext segments p(i) When encrypting, f remains unchanged; at the same time, randomly select the reconstruction code of a key derivation component used in this encryption from the reconstruction codes of multiple preset key derivation components, and use the selected key derivation component reconstruction code to set The encryption key derivation component F forms the specific encryption key derivation rules used in this encryption process, and F remains unchanged in this encryption process; f uses the current encryption key Y(i) to generate the current plaintext segment p(i) Encrypt to obtain the ciphertext segment p'(i); F processes the current plaintext segment p(i) and the current encryption key Y(i) to generate an encryption key Y(i+i) for encrypting the next plaintext segment 1); Use f and Y(i+1) to encrypt the next plaintext segment p(i+1) to obtain the ciphertext segment p'(i+1). Obviously, there are as many ciphertext segments as there are plaintext segments.

Correspondingly, before the decryption process starts, use the encryption preset key Y(0) as the decryption preset key Y'(0); meanwhile, use the decryption component reconstruction code paired with the encryption component reconstruction code to Set the decryption component f' to form the specific decryption rules used in this decryption process, and f' remains unchanged when decrypting all ciphertext segments p'(i) this time; The component reconstruction code is used to set the decryption key derivation component F' to form the decryption key derivation rule used in this decryption process, and F' remains unchanged in this decryption process; f' is based on the current decryption key Y'( i), decrypt the current ciphertext segment p'(i) to obtain the decrypted current plaintext segment p(i); F' decrypts the decrypted current plaintext segment p(i) and the current decryption key Y'( i) Process to generate the decryption key Y'(i+1) for decrypting the next ciphertext segment; use f' and Y'(i+1) to decrypt the next ciphertext segment p'(i+1) , get the next decrypted plaintext segment p(i+1).

Since F is the same as F', Y(0) is the same as Y'(0), and the plaintext segment is the same as the corresponding decrypted plaintext segment, then each encrypted derived key Y(i) and the corresponding decrypted derived key Y'( i) is also the same.

That is to say, for a complete encryption and decryption process, no matter how long the plaintext is, only one encryption component reconstruction code, one decryption component reconstruction code, one preset key, and one key derivation component reconstruction code are selected, correspondingly Using one encryption rule, one decryption rule and one key derivation rule, the encryption of all plaintext segments and the decryption of all ciphertext segments can be completed.

In a preferred embodiment of the present invention, as shown in Figure 3, it also includes a process of randomly selecting a reconstruction code of an encryption component (f) and a reconstruction code of a corresponding decryption component (f') for an encryption and decryption process, specifically It is divided into two steps: the first step is step C1 described in the summary of the invention, and the second step is step C2 described in the summary of the invention; as shown in Figure 4, it also includes randomly selecting a key for an encryption and decryption process The process of reconstructing the code of the derived components (F and F') is specifically divided into two steps: the first step is step D1 described in the summary of the invention, and the second step is step D2 described in the summary of the invention; As shown in 5, it also includes the process of randomly selecting a preset key Y(0) for an encryption and decryption process, which is specifically divided into two steps: the first step is the step E1 described in the summary of the invention, and the second step is the invention Step E2 as described in the Contents section.

It should be noted that: step C1, step D1 and step E1 are only executed once by the manufacturer before each specific object (such as: encryption and decryption chip, encryption and decryption computer software) that realizes the encryption and decryption method is put into use, and not Execute the 2nd time. Step C2, step D2 and step E2 are automatically executed once by the encryption and decryption object each time an encryption and decryption object is used.

When step C1 is executed, according to the first random number randomly generated, a pair is selected from the massive encryption component reconstruction code and its paired decryption component reconstruction code, and the selected pair is deleted from the massive reconstruction code sequence. The reconfiguration codes of the encrypted components and the reconfigured codes of the decrypted components are repeatedly executed multiple times to obtain multiple pairs of the reconfigured codes of the encrypted components and the reconfigured codes of the decrypted components. When executing step D1, select a key derivation component reconstruction code from the massive key derivation component reconstruction code sequence according to the randomly generated second random number, and delete the key derivation component reconstruction code sequence from the key derivation component reconstruction code sequence The reconfiguration code of the selected key derivation component is repeatedly executed multiple times to obtain a plurality of reconfiguration codes of the key derivation component. Execute step E1, select a preset key from a large number of key sequences according to the randomly generated third random number, delete the selected preset key from the key sequence, and repeat the execution for many times , you can get multiple preset keys.

When step C2 is executed, according to the first reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the middle digits of the reservation code, and the multiple encryption components selected in step C1 reconstruct the code and decrypt An encryption component reconstruction code and a decryption component reconstruction code pair used this time are extracted from the component reconstruction code pairing; the encryption component is configured with the encryption component reconstruction code in the pair, and the decryption component is configured with the decryption component reconstruction code . When step D2 is executed, according to the second reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the lower digits of the reservation code, and the code is reconstructed from a plurality of key derivation components selected in step D1 Extract the reconfiguration code of the key derivation component used this time; use the reconfiguration code of the key derivation component to configure the key derivation component. When executing step E2, according to the third reservation number in the reservation code used for encryption and decryption this time, for example, the reservation number can be the upper digits of the reservation code, extracted from the multiple preset keys selected in step E1 The preset key Y(0) used this time.

There is no sequence among Step C, Step D and Step E.

In the preferred embodiment of the present invention, it also includes a process of generating a reservation code, which specifically includes: taking the reservation code used this time as the initial value, counting various symbol sequences in the plaintext to be encrypted or decrypted this time , each count value is a reservation number; all reservation numbers are connected into the next reservation code.

Embodiment 2. An integrated circuit chip structure for implementing the encryption and decryption method

For convenience of description, in embodiment 2, 64-bit binary data is used as the length of the plaintext segment and the ciphertext segment. Since two-bit binary data is exactly one bit of four-value data, 64-bit binary data is also 32-bit four-value data. In embodiment 2, all use 32-bit four-valued logic operator as encryptor f, decryptor and f'key derivation device F and F', but this should not prevent this patent from covering the interception of binary data lengths with other digits The plaintext segment and the ciphertext segment shall not prevent this patent from covering the use of other multi-valued logical operators, including the mixed use of multiple multi-valued logical operators, as the exclusive use of the same encryption and decryption technology as the encryptor, decryptor and key derivation device. right.

The internal logic structure of the chip in this embodiment is shown in Figure 6, including three parts: an encryption component, a decryption component, and a read-only storage component. The setting process is described as follows.

⑴Chip pin setting

The chip of this embodiment can be provided with 12 pins, and the function and label name are respectively: plaintext serial input pin Xmin, ciphertext serial output pin XMout, ciphertext serial input pin XMin, plaintext serial output pin Pin Xmout, send control pin Ksend, send status pin Ssend, receive control pin Krece, receive status pin Srece, clock input pin Clock, pre-write pin Yin, power supply Vcc and ground level pin.

When Yin is at a high level, Xmin constitutes the generalized key source data GYY and microprogram serial write port, the XMin pin is applied with the 64 frequency division clock of Clock, XMin and Clock constitute the chip operation control clock, and the Ksend and Krece pins constitute The control command input ports for the internal operation of the chip are used to write the preset generalized key source data GYY and microprograms to the read-only memory inside the chip; when Yin is low, each pin resumes the marking function.

⑵Symbol converter settings

Set a 32-bit 4-value logic operator as an encryptor f, with two 64-bit input registers RfY and Rfm, and a 64-bit output register CRf. Put the key Y(i) into RfY, and after Rfm puts the current plaintext segment p(i), f outputs the current segment p'(i) of the ciphertext M and stores it in CRf.

Set a 32-bit 4-valued logic device as an operation decryptor f', f' is opposite to the sign transformation function of f, f' has two 64-bit input registers Rf'Y and Rf'm, and a 64-bit output register CRf' . Put the current key Y(i) into Rf'Y, put the current ciphertext segment p'(i) into Rf'm, and f' output the current segment p(i) of the decrypted plaintext m, and save it into CRf'.

Set a 32-bit 4-value logical operator as an encryption key derivation F, with two 64-bit input registers RFY and RFm, and a 64-bit output register CRF. After putting the current key Y(i) into RFY and RFm into the current plaintext segment p(i), F outputs the next derived key Y(i+1) of the encryption component and stores it in its CRF.

A 32-bit 4-value logic operator is set as the decryption key derivation F', F' has the same function as F, with two 64-bit input registers RF'Y and RF'm, and a 64-bit output register CRF'. Put the current key Y(i) into RF'Y, put the current decrypted plaintext segment p(i) into RF'm, and F' output the next derived key Y'(i+1) of the decryption component, and deposit it into its CRF'.

(3) Reconfiguration register settings

Each bit of F(i) and F'(i) is assigned a 32-bit reconfiguration register, labeled: Rf(i), Rf'(i), RF(i) and RF'(i) . Writing reconfiguration codes to these 4 registers can modify the 4-valued logic operation rules corresponding to the sign converter bits.

⑷Generalized key source data GYY storage area setting

Set 1024 64-bit Y(0) memory areas. Each storage unit hides a 64-bit preset key Y(0). Y(0) can only be input to RfY, Rf’Y, RFY and RF’Y through the internal data bus.

Two storage areas are set: f-f' storage area and F-F' storage area, each storage area has 1024 rows, and each row has 32 64-bit storage units. Among them, the first 32 bits of the f-f' storage unit store a f(i) reconstruction code, and the last 32 bits store a f'(i) reconstruction code, and the 32 64-bit storage units in each row can only pass The internal data bus of the chip is sent to Rf(i) and Rf'(i) sequentially as a whole, i=1, 2,...,32; the first 32 bits of the F-F' storage unit save a heavy value of F(i) Code construction, the last 32 bits save a reconstructed code of F'(i), and the 32 64-bit storage units in each row can only be transmitted to RF(i) and RF'(i) sequentially through the internal data bus of the chip as a whole ), i=1,2,...,32.

⑸Reservation number counter and reservation code register setting

Set up three 10-digit reservation number cycle counters Jm1, Jm01 and Jm11 to count the number of values such as 100, 01 and 101 in the plaintext data input by the Xmin pin respectively to form three reservation numbers.

Set up a 30-bit reservation code register Rm. After each encryption operation, Jm1 is connected to Jm01 and then Jm11 to form a random reservation code and store it in Rm.

⑹Other register settings

Each pin is provided with a pin data register whose value is the real-time status of the corresponding pin to resist the influence of external high-frequency interference on the pin signal.

The Xmin and XMin pins each have a "1-bit input 64-bit output" serial-to-parallel data shift register. The serial input end of the shift register in the encryption part is connected to the Xmin pin, and the parallel output end is connected to the registers Rfm and RFm; the serial input end of the shift register in the decryption part is connected to the XMin pin, and the parallel output end is connected to the register Rf'm.

The Xmout and XMout pins each have a "64-bit input 1-bit output" parallel-to-serial data shift register. The parallel input end of the shift register in the encryption part is connected to the register CRf, and the serial output end is connected to the XMout pin; the parallel input end of the shift register in the decryption part is connected to the register CRf', and the serial output end is connected to the Xmout pin.

⑺ Chip internal data bus settings:

A 64-bit bus buffer is used to control the read and write operations of the internal memory; a 17-bit address decoder is used to control the addressing of the internal 128M memory address.

⑻Microprogram running settings:

64-bit micro-instruction decoder, 64-bit micro-instruction register and 11-bit micro-program counter PC.

⑼ Pre-write generalized key source data GYY and microinstruction program:

Insert a pair of encryption and decryption chips into the socket of the dedicated writing device, the Yin pin of the pair of chips will be connected to a high level, and the chip will be set to write the generalized key source data GYY or the microprogram state. At this time, the counters Jm1 and Jm01 are connected to form a 20-bit counter to count the clock signal of the XMin pin. The XMin pin clock is divided by 64 of the Clock pin clock, and the real-time value of the lower 17 bits of the 20-bit counter is output to 17 bits. The internal memory address decoder forms an automatic addressing mechanism for the internal memory; the Xmin pin and its serial-to-parallel shift register are controlled by the Clock clock to form a write data channel; the Ksend and Krece pins form a write target control : when Ksend:Krece=00, the data written into the data channel is assigned to 20-bit counters to form the initial address of the memory, and when Ksend:Krece=11, the data written into the data channel is assigned to the 64-bit bus buffer, Ksend : Other codes of Krece are reserved; when the initial value of the 20-bit counter is set to 00000H, the microinstruction program should be written from the first microinstruction; when the initial value of the 20-bit counter is set to 00800H, it should be written into Y (0) value; when the initial value of the 20-bit counter is set to 00C00H, write the reconstruction codes of 1024 f and f' each bit f(i) and f'(i) one by one, and the reconstruction code of f(i) The construction code is at 0-31 bits, and the reconstruction code of f'(i) is at 32-63 bits; the reconstruction codes of 32 consecutive addresses constitute a reconstruction code of 32-bit f and paired 32-bit f'. When the initial value of the 20-bit counter is set to 09000H, write the reconstruction codes of 1024 F and F' each bit F(i) and F'(i) one by one, and the reconstruction code of F(i) is between 0- 31 bits, the reconstruction code of F'(i) is in 32-63 bits, and the data of 0-31 bits and 32-63 bits are the same, and the reconstruction codes of 32 consecutive addresses constitute a 32-bit F and 32-bit F' The refactored code.

⑽Uniform probability true random number generation example

The special writing device of the encryption and decryption chip is equipped with a uniform probability true random number generator, and the writing device selects the reconstruction codes of f(i), f'(i), and F(i) according to the true random number sent by the generator and Y(0), so that the generalized key source data GYY hidden in each pair of encryption and decryption chips has uniform probability random characteristics. True random number generators have a variety of structures, for example: 64 discs with uniform weight, 1 cm in diameter, 1 mm in thickness, one side is insulated, and the other side is metal, falling freely from a height of 2 meters, passing through the random collision of the nail plate , falling onto a plate with 64 dimples, the plate vibrates slightly, and each dimple falls into a disc. When the metal side of the disc is facing down, the circuit in the dimple is connected, and the dimple outputs a low level. When the insulating face of the disc is down, the circuit in the dimple is disconnected, and the dimple outputs a high level. . Therefore, every time a wafer is thrown, a 64-bit true random number is obtained. A 64-bit true random number can be obtained in about 5 seconds, and no less than 17,000 64-bit true random numbers can be obtained every day.

⑾1024 preset keys Y(0) are randomly selected and preset into the chip

In the dedicated writing device, the 64-bit random number sent by the random number generator is compared with the random number sent in the past one by one. The random numbers are different, and the newly sent 64-bit random number is used as a selected preset key Y(0) to be written into the Y(0) storage area of the GYY storage area of the chip, and the dedicated writing device writes the newly received The 64-bit random number is stored in the first random number memory of itself according to its size order; if the new random number sent is the same as the random number sent in the past, the dedicated writing device abandons the newly sent random number and receives The next 64-bit random number; until 1024 preset keys Y(0) are written to the current chip pair, then the next pair of chips is processed.

⑿1024 encryption/decryptor paired reconstruction codes are randomly selected and preset into the chip

The reconstruction code of the multi-valued logic operator is determined by the structure of the multi-value logic operator, when using "a kind of multi-valued electronic operator and method with many digits, groupable and reconfigurable" (Chinese invention patent application number: 201811567284.7, PCT No.: PCT/CN2019/070318) for the four-valued logic operator given in the embodiment, the reconstruction code of each four-valued logic operator is 4 sequential 8-bit row reconstruction codes, That is, the reconstruction code of each four-valued logic operator is 32 bits, so a 32-bit encryptor, a 32-bit decryptor, and a 32-bit key derivation device all need 32 32-bit memories to store one of their reconfiguration codes. build code.

Considering that the reconfiguration code of the encryptor and the reconfiguration code of the decryptor are always used in pairs, this embodiment uses a 64-bit storage unit to place the reconfiguration code of the same bit of the paired encryptor and decryptor, and the reconfiguration code of the encryptor Placed in bits 0-31, and the reconstruction code of the paired decryptor is placed in bits 32-63. Therefore, the reconstruction codes of a pair of 32-bit encryptor and decryptor are placed in consecutive 32 64-bit memories.

In the dedicated writing device, 16 consecutive 64-bit random numbers sent by the random number generator are connected together to form a 1024-bit random number, and the 1024-bit random number is from the highest bit to the lowest in units of 4 bits Bit scanning, replace the reconstruction code that is not suitable for the cipher with a specific reconstruction code suitable for the cipher to form a sorted 1024-bit random number, the replacement rule of the reconstruction code during the sorting process and the four-valued logic used It is related to the structure of the arithmetic unit and does not belong to the scope of discussion of this patent. The new 1024-bit random number after sorting is compared with all the 1024-bit random numbers that have been sent in the past and stored in the second random number memory; Not the same, the newly sent 1024-bit random number can be regarded as the reconstructed code of each bit of a 32-bit encryptor, which is stored in the second random number memory of the dedicated writing device in order of size; The above 1024-bit random number is divided into 32 32-bit random numbers, and each 32-bit random number is temporarily placed in bits 0-31 of a 64-bit register in the first register group of the dedicated writing device, and the first register group has a total of 32 64-bit register; 0-7 bits, 8-15 bits, 16-23 bits and 24-31 bits of each register are a row reconstruction code of the encryptor; respectively decrypt the pairs of these 4 row reconstruction codes The reconfiguration code of the device line is found out, and correspondingly stored in the last 32 bits of the register. Then keep the reconstruction code of a paired 32-bit encryptor and decryptor in 32 64-bit registers of the 1st register group; use the content of 32 64-bit registers of the 1st register group as a selected encryptor /decryptor pairing, write to the f-f' storage area of the chip GYY storage area. If the newly sent 1024-bit random number is the same as the 1024-bit random number sent in the past in the second random number memory, the dedicated writing device abandons the newly sent random number. The dedicated writing device continues to receive the next 16 64-bit random numbers, and repeats the above operations until the current chip pair is filled with 1024 paired encryptor/decryptor reconstruction codes.

⒀1024 encryption/decryption key derivation reconstruction codes are randomly selected and preset into the chip

Considering that the reconstruction code of the encryption key derivation and the reconstruction code of the decryption key derivation are always used at the same time, this embodiment also uses a 64-bit storage unit to place the same key of the encryption key derivation and the corresponding decryption key derivation. bit reconstruction code, the reconstruction code of the encryption key derivation is placed in 0-31 bits, and the reconstruction code of the corresponding decryption key derivation is placed in 32-63 bits, in view of the reconstruction of the two key derivations The coding is the same, so the contents of the first 32 bits and the last 32 bits of this storage unit are the same. Thus, a pair of 32-bit key derivation reconstruction codes are placed in 32 consecutive 64-bit memories.

In the dedicated writing device, 16 consecutive 64-bit random numbers sent by the random number generator are connected together to form a 1024-bit random number, because all four-valued logic operators are suitable for use as a key derivation device , no need to tidy up said 1024-bit random number. This new 1024-bit random number is compared with all 1024-bit random numbers sent in the past stored in the third random number memory; if the newly sent 1024-bit random number is not the same as the random number sent in the past, the new The 1024-bit random number sent can be regarded as the reconstruction code of each bit of a 32-bit key derivation device, which is stored in the 3rd random number memory of the dedicated writing device in order of size; The bit random number is divided into 32 32-bit random numbers, and each 32-bit random number is temporarily placed in bits 0-31 of a 64-bit register in the second register group of the dedicated writing device, and the second register group has a total of 32 64-bit registers; bits 0-7, bits 8-15, bits 16-23 and bits 24-31 of each register are a row reconstruction code of the key derivation device; copy these 4 row reconstruction codes to the The last 32 bits of the register. Then the 32 64-bit registers of the 2nd register group retain the reconstruction codes of the same two 32-bit key derivators; The key derivation device/decryption key derivation device is written into the FF' storage area of the GYY storage area of the chip. If the newly sent 1024-bit random number is identical to the 1024-bit random number sent in the past in the 3rd random number memory, the dedicated writing device abandons the newly sent random number. The dedicated writing device continues to receive the next 16 64-bit random numbers, and repeats the above operations until the chip pair is filled with 1024 encryption key derivation/decryption key derivation reconstruction codes.

⒁ Encryption and decryption chip area estimation

According to the existing integrated circuit manufacturing technology, the approximate number of transistors required to construct the encryption and decryption chip given in Embodiment 2 can be estimated.

Constructing a reconfigurable 4-value logic operator requires 44 binary logic gates, 8 8-to-1 devices, and 4 8-bit reconfigurable registers (Rf(i) or Rf'(i) or RF(i) or RF'(i)), about 500 transistors are needed; therefore, about 16,000 transistors are needed to construct a 32-bit 4-valued logic operator; so four 32-bit 4-valued logic operators (that is, f , f', F, and F') require approximately 64,000 transistors.

f, f', F, and F' each have three 64-bit I/O registers (RfY, Rfm, CRf, Rf'Y, Rf'm, CRf', RFY, RFm, CRF, RF'Y, RF' m and CRF'), constructing the twelve 64-bit registers requires about 2500 transistors.

The encryption and decryption chip contains three 10-bit random counters (Jm1, Jm01 and Jm11), a 30-bit reservation code register (Rm), four 64-bit serial-to-parallel conversion registers, a 64-bit bus buffer, and a 17-bit Address decoder, a 64-bit micro-instruction decoder, a 64-bit micro-instruction register, an 11-bit micro-program counter PC and a ten-pin 1-bit data register, the construction of this part requires about 20,000 transistors.

The encryption and decryption chip contains a microprogram memory of 2048×64 bits, a Y(0) storage area of 1024 rows×64 bits, two two-dimensional storage areas of 1024 rows×32 columns×64 bits (f-f' and F-F'), about 1.8×10 ⁷ transistors are needed to construct this 67K 64-bit memory.

From this, it can be estimated that about 1.809×10 ⁷ transistors are needed to construct an encryption and decryption chip. To expand the margin of 200%, take 5.5×10 ⁷ transistors to construct an encryption and decryption chip.

At present, with 16-micron integrated circuit technology, 1.5×10 ¹¹ transistors can be produced per square centimeter chip, that is, more than 2,700 encryption and decryption chips can be produced on a 1 parallel centimeter chip.

Embodiment 3. A kind of computer software that realizes described encryption and decryption method

The computer software provided in Embodiment 3 is mainly used to encrypt various binary data files. For the convenience of discussion, this embodiment takes 128-bit binary data as the segment length, and the plaintext file to be encrypted or the ciphertext file to be decrypted Segmentation is performed, so the preset key rY(0) and derived key rY(i) in this embodiment are both 128-bit binary data. In order to reflect the mixed use of different multi-valued logic operation rules to construct encryption transformation, decryption transformation and key derivation transformation, and to facilitate discussion, the software of this embodiment is arranged to include three identical mixed multi-value logic operation units: 2 reusable Construct eight-valued logic operators and 61 reconfigurable four-valued logic operators. The positions of the 2 eight-valued logic operators are in the first 6 positions, namely: the first reconfigurable eight-valued logic operator processes the data of

bits

0, 1 and 2, and the second reconfigurable eight-valued logic operator Process the data of No. 3, No. 4 and No. 5 bits; the data sequence on the remaining bits is processed by 61 reconfigurable four-valued logic operators. Three mixed multi-valued logic operation units are respectively used as encryption transformation rf, decryption transformation rf' and key derivation transformation rF. But this should not prevent this patent from covering the interception of plaintext segments and ciphertext segments with binary data lengths of other digits, and should not prevent this patent from covering the use of other multi-valued logical operation modules, including the mixed use of multiple multi-valued logical operation modules as The exclusive right of the same kind of encryption and decryption computer software for encryption transformation, decryption transformation and key derivation transformation.

The software of embodiment 3 has three main modules: encryption module, decryption module and configuration file.

(1) Functions of the main modules of the software

Encryption module: corresponding to the encryption component in Embodiment 2, including an encryption unit f, a key derivation unit F and associated registers. The encryption module uses encryption transformation rf to transform plaintext m into ciphertext M according to software generalized key source data rGYY. rf has two 128-bit input variables rRfY and rRfm, and a 128-bit output variable rCRf. Put the current key rY(i) into rRfY. After rRfm is put into the current plaintext segment, rf outputs the current segment of the ciphertext M to rCRf. The key derivation transformation rF in this module has two 128-bit input variables rRFY and rRFm, and one 128-bit output variable rCRF. After putting the current key rY(i) into rRFY and rRFm into the current plaintext segment, rF outputs the next derived key rY(i+1) to rCRF.

Decryption module: corresponding to the decryption component in Embodiment 2, including: decryptor f', key derivation device F' and related registers. The decryption module uses the decryption transformation rf' to convert the ciphertext M into plaintext m according to the software generalized key source data rGYY. rf' has two 128-bit input variables rRf'Y and rRf'M, and a 128-bit output variable rCRf', which puts the current key rY(i) into rRf'Y, and rRf'M puts the current ciphertext segment After that, rf' outputs the current segment of the decrypted plaintext m to rCRf'. This module also uses rF to generate a new derived key, but the value placed in rRFm is the plaintext segment obtained by decrypting the current ciphertext.

Reconstruction code variables: each bit of rf, rf' and rF (rf(j), rf'(j) and rF(j), j=1, 2, 3,..., 63) is equipped with a bit The reconstruction variables rRfj, rRf'j and rRFj, the bit reconstruction variables of the two eight-valued logic operators are rRf0 and rRf1, rRf'0 and rRf'1, rRF0 and rRF1 respectively, and they all have 144 bits, while the rest The bit reconstruction variables of the four-valued logical operator are all 32 bits, so there are six 144-bit bit reconstruction variables and 3×61=183 32-bit bit reconstruction variables. Write reconstruction codes into rRfj, rRf'j and rRFj, and the corresponding mixed multi-valued logic unit has the operation rules set by this group of reconstruction codes.

Configuration file: corresponding to the read-only storage unit in Embodiment 2, including: Y(0) storage area, f-f' storage area, FF' storage area and reservation code register for hiding generalized key source data GYY. The configuration file uses a one-dimensional array rY0 to save 1024 128-bit preset keys rY(0), and each array element places a rY(0) value; the configuration file has three two-dimensional arrays with 1024 rows and 63 columns: rf, rf' and rF arrays, each array has 1024×63=64152 array units, the first two array units are 144 bits, the rest of the array units are 32 bits, the first two array units store a 8-value logic operation rule software The reconfiguration code, and the rest of the array units store a software reconfiguration code of a 4-value logic operation rule. Therefore, 1024 Y(0), 1024 rf/rf' and 1024 rF are stored in the configuration file, corresponding to 1024 ³ =1073741824 software generalized key source data rGYY.

Circulation counting variable: In order to realize the one-time pad, the key has true randomness, and correctly obtain rGYY when decrypting, three 10-bit cyclic counting variables rJm1, rJm01 and rJm11 are set in the encryption module, which respectively count the symbols in the plaintext (such as 001, 010 and 101), so the values of these three counters are random. Correspondingly, there are three 10-bit read-write storage units rRm1, rRm01 and rRm11 in the configuration file. After each encryption operation, the encryption module stores the current values of rJm1, rJm01 and rJm11 into rRm1, rRm01 and rRm11 respectively. At the beginning of each encryption operation, the encryption module reads the values of rRm1, rRm01, and rRm11 into the rJm1, rJm01, and rJm11 counters as the initial counting values of each counter, and selects the generalized value used in this encryption operation according to these three random numbers. The key source data rGYY, write these three random numbers into the head of the corresponding ciphertext, to ensure that the correct rGYY can be directly obtained when decrypting the ciphertext in the future.

(2) Write a group of software generalized key source data rGYY with true randomness into the configuration file.

Before the software is produced, use a special writing device to write 1024 rY(0), 1024 rf reconstruction codes, and rf' reconstruction codes selected according to true random numbers into the configuration file of the encryption and decryption software for each serial number. Construction codes and reconstruction codes of 1024 rFs. True random numbers are generated by random physical events or devices with uniform probability. An example of the write operation is the same as the method of preparing the generalized key source data for the encryption and decryption chip in Embodiment 2, and will not be repeated here.

(3) Encryption operation

Open the encryption module of the encryption and decryption software, give the plaintext file name according to the prompt (there is no restriction on the plaintext format), and the encryption module will work immediately. First read the current values of rRm1, rRm01 and rRm11 from the configuration file, and send them to the counters rJm1, rJm01 and rJm11 respectively as the initial counting values of each counter. Then do the following:

① Prepare rGYY: copy the preset key rY(0) stored in the rRm1 array unit of the rY0 array in the configuration file into the two input variables rRfY and rRFY, and prepare the currently used preset key rY(0); The value of rRm01 is used as the row sequence number of the rf array, and the encrypted transformation code rRf (ij) (the value of i=rRm01) of each unit stored in the array row is copied into the bit reconstruction variable rRfj of each of the rf, ready for use Now encrypt and transform rf; use the value of rRm11 as the row number of the rF array, and copy the key derivation transformation code rRF(ij) (the value of i=rRm11) of each member of the array row into each member of rF Bit reconstruction variable rRFj, prepared key derivation transformation rF.

② rRm1, rRm01 and rRm11 are written into the starting position of the ciphertext file to form a reservation code for selecting rGYY for decryption operation.

③ Send the current segment of plaintext m into variables rRfm and rRFm.

④rf generates the current segment of the ciphertext and sends it to the variable rCRf; rF generates a new derived key and sends it to the variable rCRF.

⑤ The content of rCRf is continued to the back of the ciphertext; the content of rCRF is sent to the variables rRfY and rRFY.

⑥ Repeat steps ③, ④ and ⑤ in sequence until the encryption of all plaintext is completed. If the last segment of the plaintext is less than 128 bits, add 0 to the back of the plaintext to make the segment reach 128 bits.

⑦ During the encryption process, the three counters rJm1, rJm01 and rJm11 respectively count the number of specific symbol sequences in the current plaintext segment until the plaintext is encrypted. Then write the last values of rJm1, rJm01 and rJm11 into the rRm1, rRm01 and rRm11 storage units of the configuration file.

⑧ store the ciphertext file in the same folder as the plaintext, the ciphertext file name is suffixed with .

⑨The encryption operation ends.

(4) Decryption operation

Open the decryption module of the encryption and decryption software, give the file name of the ciphertext according to the prompt, and the decryption module will work immediately. First read the rRm1, rRm01 and rRm11 values saved when generating the ciphertext from the beginning of the ciphertext, and then do the following:

① Prepare rGYY: Copy the preset key rY(0) saved in the rRm1 array unit of the rY0 array in the configuration file into the two input variables rRf'Y and rRFY, and prepare the currently used preset key rY(0 ); use the value of rRm01 as the row number of the rf' array, and copy the decrypted transformation code rRf' (ij) (the value of i=rRm01) that each unit saves in the array row into the bit weight of each bit of rf' Construct the variable rRf'j, prepare the current decryption transformation rf'; use the value of rRm11 as the row number of the rF array, derive and transform the reconstruction code rRF(ij)(i=rRm11 value) copy into the bit reconstruction variable rRFj of rF, and prepare the key derivation transformation rF;

② Send the current segment of the ciphertext M into the variable rRf'M;

③rf' generates the current segment of the plaintext m and sends it to the variable rCRf';

④ The content of rCRf' is continued to the end of the decrypted plaintext file and sent to the variable rRFm;

⑤ rF generates a new derived key and sends it to the variable rCRF;

⑥ The contents of rCRF are sent to variables rRf’Y and rRFY;

⑦ Repeat steps ② to ⑥ in order until the decryption of all ciphertexts is completed;

⑧Delete the 0 at the end of the plaintext to form a decrypted plaintext file;

⑨The plaintext file is stored in the same folder as the ciphertext, and the name of the plaintext file after decryption: add the JYM- (or jym-) logo in front of the ciphertext file name, and remove the .jym suffix;

⑩The decryption operation ends.

Embodiment 4. Use a pair of encryption and decryption chips to form an information encryption communication system

As shown in Figure 7, an information encryption communication system provided by the present invention includes two communication devices at the opposite end of communication, and is characterized in that the encryption and decryption chip described in Embodiment 2 is respectively set on each communication device; The transmitted information is encrypted and decrypted in real time, and the ciphertext information is transmitted between communication devices.

In actual operation, two identical encryption and decryption chips A and B can be placed between the digital equipment and the communication equipment at both ends of the common channel, so as to construct a pair of encrypted channels with opposite communication directions on the common public channel. . Encryption component a in encryption and decryption chip A and decryption component b in encryption and decryption chip B are opposite to each other, forming an encryption channel from A to B; decryption component a' in encryption and decryption chip A and encryption component b in encryption and decryption chip B 'They are peers and form an encrypted channel from B to A.

The information encryption communication system also adopts a reservation code mechanism to select the encrypted device reconstruction code, decryptor reconstruction code, key derivation device reconstruction code and preset key used this time; the reservation code mechanism includes:

A sending unit, used for sending out the reservation code when one of the communication devices ends the communication;

A receiving unit, used for receiving the callback reservation code returned by another communication device;

A judging unit, used to judge whether the reservation code and the callback reservation code are the same, and obtain a corresponding judgment result;

A first processing unit, connected to a judging unit, used to end the communication between the two communication devices when the judging result indicates that the reservation code and the callback reservation code are the same;

A second processing unit, connected to the judgment unit, used to control the sending unit to send the reservation code again when the judgment result indicates that the reservation code is different from the callback reservation code.

Specifically, when both communication parties call China Unicom, the plaintext m sent by the digital device of either party enters the encryption part of the encryption and decryption chip at the sending end, and the current encryptor f and the current key Y(i) replace the symbols of the plaintext m with the corresponding ciphertext The symbol of M, the ciphertext is sent to the communication device at the sending end, and then enters the public general channel; after the ciphertext reaches the receiving end, it enters the communication device at the receiving end, and then enters the decryption part of the encryption and decryption chip at the receiving end, the current decryptor f' and the current The key Y(i) replaces the ciphertext symbols with the corresponding plaintext symbols; the plaintext is sent to the digital device at the receiving end, and the communication process is completed.

And when either party sends out a long string of 0 or 1 values, such as not speaking for a long time, since the conversion rules of each bit of f(i) are different and the values of each bit of y(i) are different, for different positions of the

plaintext

0 or 1 above, f(i) and y(i) will generate different ciphertext symbols, so f(i) and y(i) will still generate ciphertexts with non-long strings of 0 and non-long strings of 1; the same The reason F(i) and y(i) will generate a derived key y(i+1) that is not a long string of 0 and a non-long string of 1. Since y(i+1) is different from y(i), for the plaintext Subsequent long strings of 0s or long strings of 1s will still generate ciphertexts that are not long strings of 0s and non-long strings of 1s and the next derived key. When the long string of 0 or long string of 1 in the plaintext ends, the encryption will return to normal immediately. That is, the long string of 0 or long string of 1 information in the plaintext is naturally hidden in the ciphertext, without affecting the normal operation of the encryption process. Even if a derived key Y(k) is all 0s or all 1s, the encrypted plaintext segment happens to be all 0s or all 1s, because the transformation function of each bit of f(i) is different, the generated ciphertext segment is also impossible is all 0s or all 1s; because the conversion function of each bit of F(i) is different, the next generated key Y(ki+1) will not be all 0s or all 1s.

When a digital device sends a command to end communication, the encryption and decryption chip at this end will connect the current values of Jm1, Jm01, and Jm11 into a reservation code (Rm) and store it in the reservation code register. The encryption and decryption chip at this end will send the session end command After that, continue to send the value of the reservation code (Rm) of the chip to the other party, and the other party receives the value of the reservation code (Rm), stores it in its own reservation code register, and returns a reservation code ( Rm'), the sender receives the callback reservation code (Rm'), if the value of the callback reservation code (Rm') is different from the sent reservation code (Rm), resend the reservation code (Rm) until the two are the same, If the same reservation code value cannot be obtained after 8 repetitions, a system failure will be reported; if the value of the received reservation code (Rm') is the same as the value of the sent reservation code (Rm), the reservation is successful, and both parties are offline. The communication is over.

After the appointment is successful, the encryption and decryption chips of both parties immediately select the new Y(0) and f(i)/f'(i) and F(i) reconstruction codes according to the Rm value just agreed and send them to the corresponding registers , ready for the next communication. At the same time, the selected generalized key source data GYY washes out the last derived key Y(i) and the reconstruction codes of f(i)/f'(i) and F(i) in this communication, so this time Even if the ciphertext of the communication is intercepted, no one can find the corresponding preset key and decryptor. Thus, while ensuring the one-time pad, the security of the existing ciphertext is guaranteed.

The reservation code only gives the serial number (namely: storage address) of the generalized key source data GYY to be used in the next communication in the read-only memory of the encryption and decryption chip, not the preset key Y(0), the encryptor f(i ) reconstruction code, decryptor f'(i) reconstruction code and derivative F(i) reconstruction code itself, and each pair of hidden preset key Y(0), encryption device f(i) reconstruction code The construction code, the reconstruction code of the decryptor f'(i) and the reconstruction code of the derivative F(i) are all different, so the reservation code is not afraid of being intercepted, and it can be transmitted in ciphertext or plaintext.

In the information encryption communication system given in this embodiment, different generalized key source data GYY are hidden in each pair of encryption and decryption chips, and six parties cooperate to ensure that these generalized key source data GYY cannot be stolen.

In the first aspect, the process of writing GYY to the encryption and decryption chip is completed by the chip manufacturer with a commercially dedicated writing device. The entire writing process does not allow human intervention, so that no one knows the specific content of GYY hidden in each pair of chips. It is only known which two chips are a pair.

In the second aspect, when the chips enter the market, the producer will not know which pair of chips is used by which user, so it is impossible to obtain the generalized key source data GYY of a certain information encrypted communication channel through the chip producer.

In the third aspect, the generalized key source data GYY hidden by each encryption and decryption chip cannot be read out, so the person who gets the encryption and decryption chip cannot know the hidden GYY of the chip.

In the fourth aspect, enough generalized key source data are hidden in each encryption and decryption chip, so that it is impossible to use "plaintext-ciphertext pairs" to deduce the generalized key source data within a meaningful time. meaningful information.

In the fifth aspect, the generalized key source data GYY hidden by each pair of encryption and decryption chips is different. Even if the generalized key source data hidden by one encryption and decryption chip is obtained by a special method, it is also difficult to crack other encryption and decryption chip pairs. The ciphertext doesn't help. Therefore, it is impossible to know the generalized key source data of a certain information encryption communication channel by owning some encryption and decryption chips.

In the sixth aspect, the ciphertext does not contain any information about the generalized key. The only way for the communication parties to communicate the characteristics of the next encryption is the reservation code. Therefore, it is impossible to directly obtain any content of the generalized key source data from the ciphertext. It is only possible to obtain reservation code. But the same reservation code corresponds to different generalized key source data in different encryption and decryption chip pairs, so it is impossible to know the generalized key source data of an encrypted channel from the transmitted ciphertext.

Embodiment 5. With the assistance of the server, an information encryption communication system composed of an encryption and decryption chip

An arbitrary call information encryption communication system realized with the assistance of a server, including a calling end, a server end, and a called end. The server end is arranged between the calling end and the called end, and between the calling end and the server end, between the called end and the server end, information encryption communication methods as described in embodiment 4 are respectively provided;

The server includes:

A generation unit, used to generate a plurality of generalized key source data, including a plurality of reservation keys, encryption device reconstruction codes, decryptor reconstruction codes and key derivation device reconstruction codes;

A calling unit, used to send a set of selected reservation keys, encryptor reconfiguration codes, decryptor reconfiguration codes and key derivation device reconfiguration codes to the called terminal according to the call request;

A ringback unit, used to send the selected reservation key, encryptor reconfiguration code, decryptor reconfiguration code and key derivation device reconfiguration code to the calling end;

The calling end and the called end use the reservation key, encryption device reconstruction code, decryptor reconstruction code, and key derivation device reconstruction code sent by the server to construct an information encryption channel for encrypted information communication.

Specifically, each phone or mobile phone or network endpoint must communicate with many phones or mobile phones or network endpoints. At this time, it is necessary to use the server-assisted information encryption communication, which corresponds to the information encryption communication system assisted by the server. Each of them Each mobile phone or phone or network node has a pair of encryption and decryption chips with the server, and each phone or mobile phone or network node can communicate with the service provider, such as: sending call requests and called party numbers, receiving calls and information, etc. . At this time, the server continuously generates multiple preset keys Y(0), key derivation reconstruction code F(i), encryption reconstruction code f(i) and decryption reconstruction code f'(i) (The following may be referred to as session generalized key source data HGYY for short). Its main operations are as follows: the calling end sends a call request and the called party number to the serving end in a private (information encryption communication method as described in embodiment 4) information encryption communication channel between him and the serving end; The private information encrypted communication channel between the calling end transmits the telephone number of the calling end and a selected session generalized key source data HGYY to the called end, and causes the called end to ring; the server end communicates with the calling end The private information encryption communication channel sends the same selected HGYY and ringback signal to the calling end; after the communication channel is established, the two communication parties use the selected HGYY given by the server to form an information encryption channel for information encryption communication.

When one party in the conversation pauses, a long string of 0 signals or a long string of 1 signals appears in the plaintext, at this time f and y(i) will still generate a ciphertext that is not a long string of 0s and a non-long string of 1s, while F and y(i ) will generate y(i+1) that is not a long string of 0s and a non-long string of 1s, so the ciphertext hides the characteristic information of pausing speech that helps to crack the ciphertext.

For the server-assisted information encryption communication system, after the calling end establishes communication with the called end, they use the session generalized key source data HGYY sent by the server to encrypt the session information. As long as the HGYY given by the service provider is for one-time use, then The session process still maintains the "one-time pad" method. The way the server generates HGYY is exactly the same as the way the encryption and decryption chip manufacturer generates the generalized key source data GYY given in Example 2, and considering the huge amount of generalized key source data, it can be guaranteed that the server only Generalized keys are used once and discarded. Therefore, the encryption of the communication information assisted by the service provider can be done as a one-time pad. That is to say, in the communication system, it is only necessary to ensure that the session generalized key source data HGYY cannot be obtained by others.

This embodiment can rely on the following four aspects to ensure that its generalized key source data cannot be stolen:

①The server uses the true random number generated by a dedicated machine to automatically generate the dedicated session generalized key source data. This process is not involved in the process, which is the same as the process of writing the preset generalized key source data to the encryption and decryption chip in Embodiment 2;

②The server uses autonomous communication encryption technology to send the session generalized key source data HGYY to each session participant;

③ The session is encrypted with the one-time session generalized key source data HGYY sent by the server;

④ With the change of the plaintext of the session, the generalized key of the session is constantly changing, and its inaccessibility is the same as the information encryption communication technology given in Embodiment 4.

The server is the only third party that can obtain HGYY, and then obtain the communication content, and it is also the only node that leaks session generalized key source data HGYY.

Embodiment 6. "One-to-many" information encryption communication method composed of encryption and decryption chips

The encryption and decryption chip described in Embodiment 2 can also be applied to "one-to-many" information encryption channels. Since the GYY written by an encryption and decryption chip does not occupy many storage units, an integrated circuit with an area of one square centimeter can accommodate more than a thousand sets of GYY. Therefore, an encryption center chip that hides thousands of sets of generalized key source data can be constructed. Each set of "generalized key source data" contained in the encryption center chip can form an information encryption private channel with a small encryption and decryption chip, and these chips generally form a "one-to-many" information encryption channel. For example: the encryption center chip is located at the ATM machine management node, and each small encryption and decryption chip is located in each ATM machine, so the communication confidentiality of the ATM machine reaches an unbreakable level. If the encryption center chip is located in the network transaction center, and each small encryption and decryption chip is located in the personal mobile phone, the security of network transaction communication will reach an unbreakable level.

Embodiment 7. "Intra-group broadcast" information encryption communication method composed of encryption and decryption chips

If a group of encryption and decryption chips provided in Embodiment 2 includes a group of identical GYYs in each chip, then the communication in the information encryption channel formed by this group of GYYs is all open information to the group of chips, so in this group of chips The information encryption channel can constitute a broadcast communication for this group of chips, while it is still an information encryption communication for other people outside the group. For example: if all the encryption and decryption chips inside a unit (such as a ship) set an information encryption channel with common generalized key source data, the channel will appear as "information without encryption" in the unit, but it will not be used outside the unit. The eavesdroppers are still in the state of information encryption.

Embodiment 8. "User-built" information encryption communication method composed of encryption and decryption chips

Set a storage area X0 for each chip that allows the user to write an appropriate amount of generalized key source data, and add a pin ZDY to the chip. When both ZDY and Yin are connected to high level, the user can write multiple Y(0), multiple f-f' reconstruction codes and multiple F-F' reconstruction codes to the Increased X0 memory area. When ZDY is connected to high level and Yin is connected to low level, the microprogram will use the GYY drawn up by this part of the user. When ZDY is connected to low level, the chip returns to normal state.

If there is an information encrypted private channel Z1 between user A and user B, and an information encrypted private channel Z2 between user B and user C, then users A, B and C can agree on their own presets through the information encrypted private channel Z1 and Z2 Key source data, and write it into X0, then a practical approximate one-time pad encryption group channel will be established among the three users.

Embodiment 9. The way of judging the security of the information encryption channel

The communication party asks the other party to enter the agreed identification code from time to time, so as to judge whether the information encryption channel is safe or not. When the encryption and decryption chip of the other party is stolen, damaged, or the normal user is separated from the encryption and decryption chip, etc., the party seeking the identification code cannot receive the correct identification code on time, thus judging that the channel is not safe.

Embodiment 10. An information security local area communication network composed of encryption and decryption chips

Install the information encryption center chip in the gateway or telephone exchange, and have the ability to generate random generalized key source data, that is, use the server to assist information encryption communication to establish a secure communication LAN, telephone and mobile communication network within the unit.

The above are only preferred embodiments of the present invention, and are not intended to limit the implementation and protection scope of the present invention. For those skilled in the art, they should be able to realize that all equivalent replacements made by using the description and illustrations of the present invention The solutions obtained with obvious changes shall all be included in the protection scope of the present invention.

Claims

An encryption and decryption method, characterized in that it includes an encryption process, a decryption process, a pre-configured encryption component reconfiguration code and decryption component re-configuration code process, a pre-set key derivation component re-configuration code process, a pre-set A process of setting a preset key and a process of generating a reservation code, the reconfiguration codes of the encryption part, the decryption part and the key derivation part are all reconfigurable codes of the reconfigurable multi-valued logic operation part.

The encryption process specifically includes:

Step A1: Set the encryption rule used this time in advance according to the encryption component reconstruction code, and according to the encryption rule, use the encryption key corresponding to the current plaintext segment to encrypt the current plaintext segment to obtain the corresponding ciphertext segment;

Step A2: Set the encryption key derivation rule used this time in advance according to the reconfiguration code of the key derivation component, and process the current plaintext segment and the corresponding encryption key according to the encryption key derivation rule, generate an encryption key for encrypting the next said plaintext segment;

The decryption process specifically includes:

Step B1: Set the decryption rule used this time in advance according to the decryption component reconstruction code corresponding to the encryption component reconstruction code of the opposite end, and according to the decryption rule, use the decryption code corresponding to the current ciphertext segment key to decrypt the current ciphertext segment to obtain the decrypted plaintext segment;

Step B2: Pre-set the decryption key derivation rule used this time with the key derivation component reconstruction code that sets the current encryption key derivation rule, and according to the decryption key derivation rule, decrypt the decrypted plaintext segment and the corresponding decryption key to generate a decryption key for decrypting the next ciphertext segment;

The process of presetting the reconfiguration code of the encryption component and the reconfiguration code of the decryption component specifically includes:

Step C1: before performing the encryption process and the decryption process, randomly select and save a plurality of reconstruction codes composed of the encryption component reconstruction codes and the corresponding decryption component reconstruction codes from the reconstruction code sequence Code pairing, as the encryption component and decryption component reconstruction code pairing group used in this encryption process and decryption process;

Step C2: Obtain the first reservation number corresponding to the current encryption process and decryption process, and extract and preset the encryption and decryption code pairing group of the encryption component and the decryption component according to the first reservation number Encrypted reconstruction code and decrypted reconstruction code used in the decryption process;

The process of presetting the reconfiguration code of the key derivation component specifically includes:

Step D1: Before performing the encryption process and the decryption process, randomly select a plurality of reconstruction codes of the key derivation components from the reconstruction code sequence, as the encryption and decryption process used in this time The key derivation component reconstructs the code group;

Step D2: Obtain the second reserved number corresponding to the current encryption and decryption process, and extract and preset the key derivation used this time from the reconfigured code group of the key derivation component according to the second reserved number refactoring code for the component;

The process of presetting the preset key specifically includes:

The preset key is used to encrypt the first plaintext segment and decrypt the first ciphertext segment.

Step E1: before performing the encryption process and the decryption process, randomly select a plurality of the preset keys from the preset key sequence as the preset key group used in the encryption process and the decryption process ;

Step E2: Obtain the third reservation number corresponding to the current encryption and decryption process, and extract and set the preset key used this time from the preset key group according to the third reservation number;

The process of generating the reservation code specifically includes:

Taking the multiple reservation numbers contained in the reservation code used this time as the initial value, count the various symbol arrangements of the plaintext to be encrypted this time, and the counting result is a new number of reservations, and calculate all the new reservation numbers according to sequence connection to form the reservation code used next time.
An encryption and decryption device, characterized in that the encryption and decryption device includes an encryption component, a decryption component and a read-only storage component composed of hardware;

The encryption components include:

Encryptor: set the encryption rule of the encryptor in advance with the encryption device reconstruction code, and according to the encryption rule, use the encryption key corresponding to the current plaintext segment in the plaintext to be encrypted to perform encryption on the current plaintext segment Encrypt to get the corresponding current ciphertext segment;

Encryption key derivation: set the encryption key derivation rules of the encryption key derivation with the key derivation reconstruction code in advance, and according to the encryption key derivation rules, the current plaintext segment and the corresponding The encryption key is processed to generate the encryption key for encrypting the next said plaintext segment;

The decryption components include:

Decryptor: set the decryption rules of the decryptor in advance with the decryptor reconstruction code paired with the encryption reconstruction code of the opposite end, and according to the decryption rules, correspond to the current ciphertext segment in the ciphertext to be decrypted The decryption key is used to decrypt the current ciphertext segment to obtain the decrypted plaintext segment;

Decryption key derivation device: set the decryption key derivation rule of the decryption key derivation device in advance by setting the key derivation code of the current encryption key derivation device, and according to the decryption key derivation rule , processing the decrypted plaintext segment and the corresponding decryption key to generate a decryption key for decrypting the next ciphertext segment.

The read-only storage component is used to save the generalized key source data composed of encryption device reconstruction code, decoder reconstruction code, key derivation device reconstruction code and preset key, specifically including:

Encryptor reconstruction code storage area, storing a plurality of randomly selected encryption reconstruction codes;

Decryptor reconstruction code storage area, storing the decryptor reconstruction code paired with each encrypted reconstruction code randomly selected;

The key derivation code storage area stores multiple randomly selected key derivation codes;

The preset key storage area stores multiple preset keys randomly selected.
A kind of encryption and decryption device according to claim 2, characterized in that: it is also equipped with a writing device, and each encryption and decryption device uses the writing device to burn the read-only storage part of the encryption and decryption device before it is put into use. Enter a set of generalized key source data, the writing device includes:

The first burner burns a plurality of said encryptor reconfiguration codes randomly selected from the reconfiguration code sequence into the encryptor reconfiguration code storage area of said read-only storage unit;

The second burner burns a plurality of decryptor reconfiguration codes selected from the reconfiguration code sequence corresponding to the encryptor reconfiguration code into the decryptor reconfiguration of the read-only storage unit code storage area;

The third burner burns a plurality of reconfiguration codes randomly selected from the reconfiguration code sequence into the key derivation reconfiguration code storage area of the read-only storage unit ;

The fourth burner randomly selects a plurality of preset keys from the preset key sequence, and burns them into the preset key storage area of the read-only storage unit.
The encryption and decryption device according to claim 2, wherein the encryption unit includes a plurality of cycle counters and a reservation code memory, and each time before the encryption and decryption process starts, the encryption unit starts from the reservation code Read out the reservation code used in this encryption and decryption from the memory;

Each cycle counter uses the corresponding reservation number contained in the reservation code used this time as an initial value to count the various symbol arrangements in the plaintext in this encryption process; the final count value of each cycle counter is The corresponding new reservation number; the new reservation number is used to select the generalized key source data to be used in the next encryption and decryption operation from the read-only storage unit;

The reservation code memory is connected to the output terminals of all the cycle counters, and is used to save the counting results of the plurality of cycle counters to form a new reservation code sequentially connected, and the new reservation code is used to provide each encryption and decryption operation for the next time. number of appointments;

According to the first reservation number used this time, the encryption part extracts and presets the encryption device reconstruction code used this time from the encryption device reconstruction code storage area of the read-only storage part; according to the second reservation number used this time Reservation number, extracting and presetting the encryption key derivation code used this time from the key derivation code storage area of the read-only storage part; according to the third reservation number used this time, from the The preset key storage area of the read-only storage part extracts and presets the encrypted preset key used this time;

The decryption component extracts and presets the decryptor reconstruction code used this time from the decryptor reconstruction code storage area of the read-only storage component according to the first reservation number used this time; The second reservation number is to extract and preset the decryption key derivation device reconstruction code used this time from the key derivation code storage area of the read-only storage part; according to the third reservation number used this time, from The preset key storage area of the read-only storage component extracts and presets the decryption preset key used this time.
An encryption and decryption device, characterized in that the encryption and decryption device includes an encryption module, a decryption module and a configuration file composed of software;

The encryption module includes:

Encryption unit: set the encryption rule of the encryption unit in advance with the encryption unit reconstruction code, and encrypt the current plaintext segment with the encryption key corresponding to the current plaintext segment in the plaintext to be encrypted according to the encryption rule , get the corresponding current ciphertext segment;

Encryption key derivation unit: set the encryption key derivation rules of the encryption key derivation unit in advance with the key derivation unit reconstruction code, and according to the encryption key derivation rules, the current plaintext segment and the corresponding The encryption key is processed to generate the key for encrypting the next said plaintext segment;

The decryption module includes:

Decryption unit: set the decryption rule of the decryption unit in advance with the decryption unit reconstruction code paired with the encryption unit reconstruction code of the opposite end, and according to the decryption rule, correspond to the current ciphertext segment in the ciphertext to be decrypted The decryption key is used to decrypt the current ciphertext segment to obtain the decrypted plaintext segment;

Decryption key derivation unit: set the decryption key derivation rule of the decryption key derivation unit with the reconfiguration code of the key derivation unit in advance, and according to the decryption key derivation rule, decrypt the decrypted plaintext segment and the corresponding decryption key to generate a decryption key for decrypting the next ciphertext segment;

The configuration file is used to save generalized key source data composed of encryption unit reconstruction code, decoding unit reconstruction code, key derivation unit reconstruction code and preset key, specifically including:

Encryption unit reconfiguration code file paragraph: save multiple encryption unit reconfiguration codes randomly selected;

Decryption unit reconstruction code file paragraph: save the decryption unit reconstruction code paired with each encryption unit reconstruction code randomly selected;

Key derivation unit reconfiguration code file paragraph: save multiple randomly selected key derivation unit reconfiguration codes;

Preset key file paragraph, save multiple preset keys randomly selected.
An encryption and decryption device according to claim 5, characterized in that it also includes a supporting writing device, and each encryption and decryption device uses the writing device to write to the configuration file of the encryption and decryption device before it is put into use. Entering a set of generalized key source data, the writing means includes:

The first writing unit: write a plurality of encryption unit reconstruction codes randomly selected from the reconstruction code sequence into the encryption unit reconstruction code file paragraph of the configuration file;

The second writing unit: write the multiple decryption unit reconstruction codes selected from the reconstruction code sequence corresponding to the encryption unit reconstruction codes into the decryption unit reconstruction code file paragraph of the configuration file ;

The third writing unit: write a plurality of key derivation unit reconstruction codes randomly selected from the reconstruction code sequence into the key derivation unit reconstruction code file paragraph of the configuration file;

The fourth writing unit: randomly select a plurality of preset keys from the preset key sequence, and write them into the preset key file paragraph of the configuration file.
The encryption and decryption device according to claim 5, wherein the encryption module includes a plurality of cycle count variables and the configuration file includes a reservation code variable;

When the encryption module starts working at every turn, it first reads the reservation code variable in the configuration file, obtains the reservation code used in this encryption process, and writes the reservation code used this time into the specified position of the ciphertext file; Each cycle count variable uses the corresponding reservation number contained in the reservation code used this time as an initial value to count the various symbol arrangements in the plaintext in this encryption process; the final count of each cycle count variable The value is the corresponding new reservation number; the new reservation number is used to select the generalized key source data that will be used for the next encryption operation from the configuration file;

The reservation code variable in the configuration file stores the reservation code formed by connecting the plurality of reservation numbers, and the new reservation code is used to provide each reservation number for the next encryption operation;

According to the first reservation number used this time, the encryption module extracts and presets the encryption unit reconstruction code used this time from the encryption unit reconstruction code file paragraph of the configuration file; according to the second reservation number used this time , extract and preset the encryption key derivation unit reconstruction code used this time from the key derivation unit reconstruction code file paragraph of the configuration file; according to the third reservation number used this time, from the preset configuration file Set the key file paragraph to extract and preset the encryption default key used this time;

When the decryption module starts to work each time, it first reads the reservation code used in the decryption process from the designated position of the ciphertext file. According to the first reservation number used this time, extract and preset the decryption unit reconstruction code used this time from the decryption unit reconstruction code file paragraph of the configuration file; according to the second reservation number used this time, from The key derivation unit reconstruction code file paragraph of the configuration file extracts and presets the decryption key derivation unit reconstruction code used this time; according to the third reservation number used this time, from the preset encryption code of the configuration file Extract the key file paragraph and preset the decryption default key used this time.
An autonomous communication encryption system includes two communication devices at communication peers. It is characterized in that: the encryption and decryption device described in any one of the above-mentioned claims 2-4 is respectively set on each of the communication devices;

A temporary encrypted channel is constructed between the communication devices for transmitting the ciphertext;

Using a reservation code to configure the encrypted device reconstruction code, the decryptor reconstruction code, the derived reconstruction code and the preset key used this time;

The autonomous communication encryption system includes:

A sending unit, configured to send out a reservation code when one of the communication devices ends communication;

a receiving unit, configured to receive a callback reservation code returned by another communication device;

A judging unit, used to judge whether the reservation code and the callback reservation code are the same, and obtain a corresponding judgment result;

A first processing unit, connected to the judging unit, used to terminate the communication between the two communication devices when the judging result indicates that the reservation code and the callback reservation code are the same;

A second processing unit, connected to the judging unit, for controlling the sending unit to send the reservation code again when the judgment result indicates that the reservation code is different from the callback reservation code.
An assisted communication encryption system, characterized in that it includes a calling end, a server end, and a called end, and the calling end and the called end respectively include the encryption and decryption described in any one of claims 2-4. device, the server is set between the calling end and the called end;

The server includes:

A generation unit, used to generate a plurality of reservation keys, encryption device reconstruction codes, decryptor reconstruction codes and key derivation device reconstruction codes;

A calling unit, configured to send a set of selected reservation keys, encryptor reconfiguration codes, decryptor reconfiguration codes, and key derivation device reconfiguration codes to the called terminal according to the call request;

a ringback unit, used to send the selected reservation key, encryptor reconfiguration code, decryptor reconfiguration code and key derivation device reconfiguration code to the calling end;

The calling terminal and the called terminal construct an encrypted channel according to the reservation key, the reconfiguration code of the encryptor, the reconfiguration code of the decryptor and the reconfiguration code of the key derivation device, so as to perform encrypted communication.
A static information encryption system, applied to the encryption and decryption device according to any one of claims 5-7, characterized in that it includes an encryption program, a decryption program and a configuration file.

The encryption program is used to obtain the plaintext to be encrypted and encrypt it to generate a ciphertext, and include the reservation code in the ciphertext for transmission and storage;

The decryption program is used to obtain ciphertext and decrypt the ciphertext according to the reservation code.